Add old password authentication support.

Signed-off-by: Xiaolan.Lee <[email protected]>

lib/Connection.cpp

@@ -63,6 +63,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #include "SHA1.h"
 #include <stdio.h>
 #include <time.h>
+#include "password.h"
 
 #ifdef _WIN32
 #define snprintf _snprintf
@@ -256,6 +257,7 @@ bool Connection::processHandshake()
     char *serverVersion = m_reader.readNTString();
     UINT32 threadId = m_reader.readLong();
     char *scrambleBuff = (char *) m_reader.readBytes(8);
+    strncpy(m_scramble, scrambleBuff, sizeof(m_scramble));
 
     UINT8 filler1 = m_reader.readByte();
     UINT16 serverCaps = m_reader.readShort();
@@ -523,9 +525,20 @@ bool Connection::connect(const char *_host, int _port, const char *_username, co
   }
   if (result == 0xfe)
   {
-    setError ("You are using old password, please update it use PASSWORD(), other than OLD_PASSWORD().", 4, UME_OTHER);
-    m_dbgMethodProgress --;
-    return false;
+    if (m_reader.getBytesLeft()==0)
+    {
+      if (!oldAuthSwitch())
+      {
+				m_dbgMethodProgress --;
+				return false;
+      }
+    }
+    else
+    {
+			m_dbgMethodProgress --;
+			setError ("Plugin authentication not supported.", 4, UME_OTHER);
+      return false;
+    }
   }
 
   m_reader.skip();
@@ -823,3 +836,32 @@ bool Connection::setTimeout(int timeout)
 
   return true;
 }
+
+bool Connection::oldAuthSwitch()
+{
+  char scrambled[SCRAMBLE_LENGTH_323+1];
+  scramble_323(scrambled, m_scramble, m_password.c_str());
+  m_writer.reset();
+  m_writer.writeNTString(scrambled);
+  m_writer.finalize(3);
+
+  if (!sendPacket())
+  {
+    return false;
+  }
+
+  m_reader.skip();
+  if (!recvPacket())
+  {
+    return false;
+  }
+
+  UINT8 result = m_reader.readByte();
+  if (result == 0xff)
+  {
+    handleErrorPacket();
+    return false;
+  }
+  return result == 0x00;
+}
+

lib/Connection.h

@@ -109,6 +109,8 @@ class Connection
 
   int m_dbgMethodProgress;
 
+  char m_scramble[8];
+
 public:
 
 
@@ -142,7 +144,9 @@ class Connection
   void *handleOKPacket();
   void setError (const char *_message, int _errno, UMErrorType _type);
 
+  bool oldAuthSwitch();
+
 protected:
 };
 
-#endif
+#endif

lib/password.c

@@ -0,0 +1,118 @@
+/*
+   Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 of the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
+
+#include <string.h>
+#include <math.h>
+#include "password.h"
+
+/*
+  New (MySQL 3.21+) random generation structure initialization
+  SYNOPSIS
+    randominit()
+    rand_st    OUT  Structure to initialize
+    seed1      IN   First initialization parameter
+    seed2      IN   Second initialization parameter
+*/
+
+void randominit(struct rand_struct *rand_st, ulong seed1, ulong seed2)
+{                                               /* For mysql 3.21.# */
+#ifdef HAVE_purify
+  bzero((char*) rand_st,sizeof(*rand_st));      /* Avoid UMC varnings */
+#endif
+  rand_st->max_value= 0x3FFFFFFFL;
+  rand_st->max_value_dbl=(double) rand_st->max_value;
+  rand_st->seed1=seed1%rand_st->max_value ;
+  rand_st->seed2=seed2%rand_st->max_value;
+}
+
+/*
+    Generate random number.
+  SYNOPSIS
+    my_rnd()
+    rand_st    INOUT  Structure used for number generation
+  RETURN VALUE
+    generated pseudo random number
+*/
+
+double my_rnd(struct rand_struct *rand_st)
+{
+  rand_st->seed1=(rand_st->seed1*3+rand_st->seed2) % rand_st->max_value;
+  rand_st->seed2=(rand_st->seed1+rand_st->seed2+33) % rand_st->max_value;
+  return (((double) rand_st->seed1)/rand_st->max_value_dbl);
+}
+
+/*
+    Generate binary hash from raw text string 
+    Used for Pre-4.1 password handling
+  SYNOPSIS
+    hash_password()
+    result       OUT store hash in this location
+    password     IN  plain text password to build hash
+    password_len IN  password length (password may be not null-terminated)
+*/
+
+void hash_password(ulong *result, const char *password, uint password_len)
+{
+  register ulong nr=1345345333L, add=7, nr2=0x12345671L;
+  ulong tmp;
+  const char *password_end= password + password_len;
+  for (; password < password_end; password++)
+  {
+    if (*password == ' ' || *password == '\t')
+      continue;                                 /* skip space in password */
+    tmp= (ulong) (uchar) *password;
+    nr^= (((nr & 63)+add)*tmp)+ (nr << 8);
+    nr2+=(nr2 << 8) ^ nr;
+    add+=tmp;
+  }
+  result[0]=nr & (((ulong) 1L << 31) -1L); /* Don't use sign bit (str2int) */;
+  result[1]=nr2 & (((ulong) 1L << 31) -1L);
+}
+
+/*
+    Scramble string with password.
+    Used in pre 4.1 authentication phase.
+  SYNOPSIS
+    scramble_323()
+    to       OUT Store scrambled message here. Buffer must be at least
+                 SCRAMBLE_LENGTH_323+1 bytes long
+    message  IN  Message to scramble. Message must be at least
+                 SRAMBLE_LENGTH_323 bytes long.
+    password IN  Password to use while scrambling
+*/
+
+void scramble_323(char *to, const char *message, const char *password)
+{
+  struct rand_struct rand_st;
+  ulong hash_pass[2], hash_message[2];
+
+  if (password && password[0])
+  {
+    char extra, *to_start=to;
+    const char *message_end= message + SCRAMBLE_LENGTH_323;
+    hash_password(hash_pass,password, (uint) strlen(password));
+    hash_password(hash_message, message, SCRAMBLE_LENGTH_323);
+    randominit(&rand_st,hash_pass[0] ^ hash_message[0],
+               hash_pass[1] ^ hash_message[1]);
+    for (; message < message_end; message++)
+      *to++= (char) (floor(my_rnd(&rand_st)*31)+64);
+    extra=(char) (floor(my_rnd(&rand_st)*31));
+    while (to_start != to)
+      *(to_start++)^=extra;
+  }
+  *to= 0;
+}
+

lib/password.h

@@ -0,0 +1,38 @@
+/* Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 of the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA */
+
+#ifndef PASSWORD_INCLUDED
+#define PASSWORD_INCLUDED
+
+#include <stddef.h>
+#define SCRAMBLE_LENGTH_323 8
+typedef unsigned char uchar;
+typedef unsigned int  uint;
+typedef unsigned long ulong;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+struct rand_struct {
+  unsigned long seed1,seed2,max_value;
+  double max_value_dbl;
+};
+
+void scramble_323(char *to, const char *message, const char *password);
+
+#ifdef __cplusplus
+}
+#endif
+#endif /* PASSWORD_INCLUDED */

setup.py

@@ -87,7 +87,9 @@
 
 
 module1 = Extension('umysql',
-                sources = ['./python/umysql.c', './python/io_cpython.c', './lib/capi.cpp', './lib/Connection.cpp', './lib/PacketReader.cpp', './lib/PacketWriter.cpp', './lib/SHA1.cpp'],
+                sources = ['./python/umysql.c', './python/io_cpython.c', './lib/capi.cpp', './lib/Connection.cpp', './lib/PacketReader.cpp', './lib/PacketWriter.cpp', './lib/SHA1.cpp',
+                    './lib/password.c',
+                ],
                 include_dirs = ['./python', './lib'],
                 library_dirs = [],
                 libraries=libs,