From 4deb591fbd135acbbc18c83ae944f09ef0092afa Mon Sep 17 00:00:00 2001
From: shenli <shenli3514@gmail.com>
Date: Thu, 24 Sep 2015 16:03:48 +0800
Subject: [PATCH 1/4] tidb-server: Limit salt to ascii chars

Fix JDBC auth fail bug.
---
 tidb-server/server/server.go | 32 ++++++++++++++++++++++++--------
 1 file changed, 24 insertions(+), 8 deletions(-)

diff --git a/tidb-server/server/server.go b/tidb-server/server/server.go
index efd05bc70f..267e496914 100644
--- a/tidb-server/server/server.go
+++ b/tidb-server/server/server.go
@@ -29,11 +29,13 @@
 package server
 
 import (
-	"crypto/rand"
-	"io"
+	"fmt"
+	"math/rand"
 	"net"
+	"strings"
 	"sync"
 	"sync/atomic"
+	"time"
 
 	"github.com/juju/errors"
 	"github.com/ngaut/log"
@@ -63,6 +65,20 @@ func (s *Server) releaseToken(token *Token) {
 	s.concurrentLimiter.Put(token)
 }
 
+// Generate a random string using ASCII characters but avoid seperator character.
+// See: https://github.com/mysql/mysql-server/blob/5.7/mysys_ssl/crypt_genhash_impl.cc#L435
+func randomBuf(size int) ([]byte, error) {
+	buf := make([]byte, size)
+	rand.Seed(time.Now().UTC().UnixNano())
+	for i := 0; i < size; i++ {
+		buf[i] &= 0x7f
+		if buf[i] == 0 || buf[i] == byte('$') {
+			buf[i]++
+		}
+	}
+	return buf, nil
+}
+
 func (s *Server) newConn(conn net.Conn) (cc *clientConn, err error) {
 	log.Info("newConn", conn.RemoteAddr().String())
 	cc = &clientConn{
@@ -74,13 +90,13 @@ func (s *Server) newConn(conn net.Conn) (cc *clientConn, err error) {
 		charset:      mysql.DefaultCharset,
 		alloc:        arena.NewAllocator(32 * 1024),
 	}
-	cc.salt = make([]byte, 20)
-	io.ReadFull(rand.Reader, cc.salt)
-	for i, b := range cc.salt {
-		if b == 0 {
-			cc.salt[i] = '0'
-		}
+	cc.salt, err = randomBuf(20)
+	ss := make([]string, 0, 20)
+	for _, s := range cc.salt {
+		ss = append(ss, fmt.Sprintf("(byte)%d", s))
 	}
+	fmt.Printf("Salt: %x\n", cc.salt)
+	fmt.Printf("Salt: %s\n", strings.Join(ss, ", "))
 	return
 }
 

From e3b25651e6305ca3cdbf91a8b7f69607306d6016 Mon Sep 17 00:00:00 2001
From: shenli <shenli3514@gmail.com>
Date: Thu, 24 Sep 2015 16:08:57 +0800
Subject: [PATCH 2/4] tidb-server: Remove debug logs

---
 tidb-server/server/server.go | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/tidb-server/server/server.go b/tidb-server/server/server.go
index 267e496914..88a0b1a425 100644
--- a/tidb-server/server/server.go
+++ b/tidb-server/server/server.go
@@ -29,10 +29,8 @@
 package server
 
 import (
-	"fmt"
 	"math/rand"
 	"net"
-	"strings"
 	"sync"
 	"sync/atomic"
 	"time"
@@ -91,12 +89,6 @@ func (s *Server) newConn(conn net.Conn) (cc *clientConn, err error) {
 		alloc:        arena.NewAllocator(32 * 1024),
 	}
 	cc.salt, err = randomBuf(20)
-	ss := make([]string, 0, 20)
-	for _, s := range cc.salt {
-		ss = append(ss, fmt.Sprintf("(byte)%d", s))
-	}
-	fmt.Printf("Salt: %x\n", cc.salt)
-	fmt.Printf("Salt: %s\n", strings.Join(ss, ", "))
 	return
 }
 

From 7090091e1a10879e014373cb0a2ee1a7661412eb Mon Sep 17 00:00:00 2001
From: shenli <shenli3514@gmail.com>
Date: Thu, 24 Sep 2015 16:15:05 +0800
Subject: [PATCH 3/4] tidb-server: Remove useless error

---
 tidb-server/server/server.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tidb-server/server/server.go b/tidb-server/server/server.go
index 88a0b1a425..5229c7d882 100644
--- a/tidb-server/server/server.go
+++ b/tidb-server/server/server.go
@@ -65,16 +65,16 @@ func (s *Server) releaseToken(token *Token) {
 
 // Generate a random string using ASCII characters but avoid seperator character.
 // See: https://github.com/mysql/mysql-server/blob/5.7/mysys_ssl/crypt_genhash_impl.cc#L435
-func randomBuf(size int) ([]byte, error) {
+func randomBuf(size int) []byte {
 	buf := make([]byte, size)
 	rand.Seed(time.Now().UTC().UnixNano())
 	for i := 0; i < size; i++ {
-		buf[i] &= 0x7f
+		buf[i] = byte(rand.Intn(127))
 		if buf[i] == 0 || buf[i] == byte('$') {
 			buf[i]++
 		}
 	}
-	return buf, nil
+	return buf
 }
 
 func (s *Server) newConn(conn net.Conn) (cc *clientConn, err error) {
@@ -88,7 +88,7 @@ func (s *Server) newConn(conn net.Conn) (cc *clientConn, err error) {
 		charset:      mysql.DefaultCharset,
 		alloc:        arena.NewAllocator(32 * 1024),
 	}
-	cc.salt, err = randomBuf(20)
+	cc.salt = randomBuf(20)
 	return
 }
 

From 2762c4fd10fa08a5e760eb2bf5f18a2838a5c736 Mon Sep 17 00:00:00 2001
From: shenli <shenli3514@gmail.com>
Date: Thu, 24 Sep 2015 17:52:19 +0800
Subject: [PATCH 4/4] tidb-server: Address comment

---
 tidb-server/server/server.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tidb-server/server/server.go b/tidb-server/server/server.go
index 5229c7d882..49681e4da1 100644
--- a/tidb-server/server/server.go
+++ b/tidb-server/server/server.go
@@ -67,7 +67,6 @@ func (s *Server) releaseToken(token *Token) {
 // See: https://github.com/mysql/mysql-server/blob/5.7/mysys_ssl/crypt_genhash_impl.cc#L435
 func randomBuf(size int) []byte {
 	buf := make([]byte, size)
-	rand.Seed(time.Now().UTC().UnixNano())
 	for i := 0; i < size; i++ {
 		buf[i] = byte(rand.Intn(127))
 		if buf[i] == 0 || buf[i] == byte('$') {
@@ -112,6 +111,8 @@ func NewServer(cfg *Config, driver IDriver) (*Server, error) {
 		return nil, errors.Trace(err)
 	}
 
+	// Init rand seed for randomBuf()
+	rand.Seed(time.Now().UTC().UnixNano())
 	log.Infof("Server run MySql Protocol Listen at [%s]", s.cfg.Addr)
 	return s, nil
 }