hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix problem of certain passwords (e.g. joomla1) being treated incorrectly as null MXS-202.

Browse Source
This commit is contained in:
Martin Brampton
2015-06-24 21:06:56 +01:00
parent ced5c67338
commit e4bde4402b
2 changed files with 5 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server/modules/include/mysql_client_server_protocol.h
View File

@ -134,6 +134,8 @@ typedef struct mysql_session {
#endif #endif
} MYSQL_session; } MYSQL_session;
/* The following can be compared using memcmp to detect a null password */
uint8_t null_client_sha1[MYSQL_SCRAMBLE_LEN]="";
/** Protocol packing macros. */ /** Protocol packing macros. */
#define gw_mysql_set_byte2(__buffer, __int) do { \ #define gw_mysql_set_byte2(__buffer, __int) do { \

11
server/modules/protocol/mysql_common.c
View File

@ -577,7 +577,7 @@ int gw_send_authentication_to_backend(
if (strlen(dbname)) if (strlen(dbname))
curr_db = dbname; curr_db = dbname;
if (strlen((char *)passwd)) if (memcmp(passwd, null_client_sha1, MYSQL_SCRAMBLE_LEN))
curr_passwd = passwd; curr_passwd = passwd;
dcb = conn->owner_dcb; dcb = conn->owner_dcb;
@ -1122,7 +1122,7 @@ GWBUF* gw_create_change_user_packet(
curr_db = db; curr_db = db;
} }
if (strlen((char *)pwd) > 0) if (memcmp(pwd, null_client_sha1, MYSQL_SCRAMBLE_LEN))
{ {
curr_passwd = pwd; curr_passwd = pwd;
} }
@ -1358,12 +1358,7 @@ int gw_check_mysql_scramble_data(DCB *dcb, uint8_t *token, unsigned int token_le
gw_bin2hex(hex_double_sha1, password, SHA_DIGEST_LENGTH); gw_bin2hex(hex_double_sha1, password, SHA_DIGEST_LENGTH);
} else { } else {
/* check if the password is not set in the user table */ /* check if the password is not set in the user table */
if (!strlen((char *)password)) { return memcmp(password, null_client_sha1, MYSQL_SCRAMBLE_LEN) ? 1 : 0;
/* Username without password */
return 0;
} else {
return 1;
}
} }
/*< /*<