(mu_check_mysql_scrambled_password): New function.
Showing
1 changed file
with
30 additions
and
0 deletions
| ... | @@ -194,6 +194,36 @@ errstr (mu_sql_connection_t conn) | ... | @@ -194,6 +194,36 @@ errstr (mu_sql_connection_t conn) |
| 194 | return mysql_error (mp->mysql); | 194 | return mysql_error (mp->mysql); |
| 195 | } | 195 | } |
| 196 | 196 | ||
| 197 | /* Check whether a plaintext password MESSAGE matches MySQL scrambled password | ||
| 198 | PASSWORD */ | ||
| 199 | int | ||
| 200 | mu_check_mysql_scrambled_password (const char *scrambled, const char *message) | ||
| 201 | { | ||
| 202 | unsigned long hash_pass[2], hash_message[2]; | ||
| 203 | char buf[17]; | ||
| 204 | |||
| 205 | if (strlen (scrambled) < 16) | ||
| 206 | return 1; | ||
| 207 | if (strlen (scrambled) > 16) | ||
| 208 | { | ||
| 209 | const char *p; | ||
| 210 | /* Try to normalize it by cutting off trailing whitespace */ | ||
| 211 | for (p = scrambled + strlen (scrambled) - 1; | ||
| 212 | p > scrambled && isspace (*p); p--) | ||
| 213 | ; | ||
| 214 | if (p - scrambled != 15) | ||
| 215 | return 1; | ||
| 216 | memcpy (buf, scrambled, 16); | ||
| 217 | buf[17] = 0; | ||
| 218 | scrambled = buf; | ||
| 219 | } | ||
| 220 | |||
| 221 | get_salt_from_password (hash_pass, scrambled); | ||
| 222 | hash_password (hash_message, message); | ||
| 223 | return !(hash_message[0] == hash_pass[0] | ||
| 224 | && hash_message[1] == hash_pass[1]); | ||
| 225 | } | ||
| 226 | |||
| 197 | MU_DECL_SQL_DISPATCH_T(mysql) = { | 227 | MU_DECL_SQL_DISPATCH_T(mysql) = { |
| 198 | "mysql", | 228 | "mysql", |
| 199 | 3306, | 229 | 3306, | ... | ... |
-
Please register or sign in to post a comment