- renamed "rnd" to "my_rnd" as the name was too generic (and is an exported

   symbol in libmysqlclient) (thanks to Dennis Haney for the initial patch)
 - cleanup: removed client/password.c (not used at all) and
   libmysql/password.c (should rather be a symlink to sql/password.c instead)
 - applied HPUX11 portability fix for char_val declaration to sql/password.c
   (taken from libmysql/password.c)


BitKeeper/deleted/.del-password.c~c036d4f8b3280843:
  Delete: client/password.c
BitKeeper/deleted/.del-password.c~76f30876e68eddb4:
  Delete: libmysql/password.c
include/mysql_com.h:
   - replaced "rnd" with "my_rnd"
libmysql/Makefile.am:
   - removed dead piece of code ($qs was not defined)
   - symlink password.c from the sql directory
libmysqld/Makefile.am:
   - use password.c from the sql directory instead
sql/item_func.cc:
   - replaced "rnd" with "my_rnd"
sql/mysqld.cc:
   - replaced "rnd" with "my_rnd"
sql/password.c:
   - replaced "rnd" with "my_rnd"
sql/sql_class.cc:
   - replaced "rnd" with "my_rnd"
sql/sql_crypt.cc:
   - replaced "rnd" with "my_rnd"

client/password.c

-/* Copyright (C) 2000 MySQL AB
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2 of the License, or
-   (at your option) any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA */
-
-/* password checking routines */
-/*****************************************************************************
-  The main idea is that no password are sent between client & server on
-  connection and that no password are saved in mysql in a decodable form.
-
-  On connection a random string is generated and sent to the client.
-  The client generates a new string with a random generator inited with
-  the hash values from the password and the sent string.
-  This 'check' string is sent to the server where it is compared with
-  a string generated from the stored hash_value of the password and the
-  random string.
-
-  The password is saved (in user.password) by using the PASSWORD() function in
-  mysql.
-
-  Example:
-    update user set password=PASSWORD("hello") where user="test"
-  This saves a hashed number as a string in the password field.
-*****************************************************************************/
-
-#include <my_global.h>
-#include <my_sys.h>
-#include <m_string.h>
-#include "mysql.h"
-
-
-void randominit(struct rand_struct *rand_st,ulong seed1, ulong seed2)
-{						/* For mysql 3.21.# */
-#ifdef HAVE_purify
-  bzero((char*) rand_st,sizeof(*rand_st));		/* Avoid UMC varnings */
-#endif
-  rand_st->max_value= 0x3FFFFFFFL;
-  rand_st->max_value_dbl=(double) rand_st->max_value;
-  rand_st->seed1=seed1%rand_st->max_value ;
-  rand_st->seed2=seed2%rand_st->max_value;
-}
-
-static void old_randominit(struct rand_struct *rand_st,ulong seed1)
-{						/* For mysql 3.20.# */
-  rand_st->max_value= 0x01FFFFFFL;
-  rand_st->max_value_dbl=(double) rand_st->max_value;
-  seed1%=rand_st->max_value;
-  rand_st->seed1=seed1 ; rand_st->seed2=seed1/2;
-}
-
-double rnd(struct rand_struct *rand_st)
-{
-  rand_st->seed1=(rand_st->seed1*3+rand_st->seed2) % rand_st->max_value;
-  rand_st->seed2=(rand_st->seed1+rand_st->seed2+33) % rand_st->max_value;
-  return (((double) rand_st->seed1)/rand_st->max_value_dbl);
-}
-
-void hash_password(ulong *result, const char *password)
-{
-  register ulong nr=1345345333L, add=7, nr2=0x12345671L;
-  ulong tmp;
-  for (; *password ; password++)
-  {
-    if (*password == ' ' || *password == '\t')
-      continue;			/* skipp space in password */
-    tmp= (ulong) (uchar) *password;
-    nr^= (((nr & 63)+add)*tmp)+ (nr << 8);
-    nr2+=(nr2 << 8) ^ nr;
-    add+=tmp;
-  }
-  result[0]=nr & (((ulong) 1L << 31) -1L); /* Don't use sign bit (str2int) */;
-  result[1]=nr2 & (((ulong) 1L << 31) -1L);
-  return;
-}
-
-void make_scrambled_password(char *to,const char *password)
-{
-  ulong hash_res[2];
-  hash_password(hash_res,password);
-  sprintf(to,"%08lx%08lx",hash_res[0],hash_res[1]);
-}
-
-static inline uint char_val(char X)
-{
-  return (uint) (X >= '0' && X <= '9' ? X-'0' :
-		 X >= 'A' && X <= 'Z' ? X-'A'+10 :
-		 X-'a'+10);
-}
-
-/*
-** This code assumes that len(password) is divideable with 8 and that
-** res is big enough (2 in mysql)
-*/
-
-void get_salt_from_password(ulong *res,const char *password)
-{
-  res[0]=res[1]=0;
-  if (password)
-  {
-    while (*password)
-    {
-      ulong val=0;
-      uint i;
-      for (i=0 ; i < 8 ; i++)
-	val=(val << 4)+char_val(*password++);
-      *res++=val;
-    }
-  }
-  return;
-}
-
-void make_password_from_salt(char *to, ulong *hash_res)
-{
-  sprintf(to,"%08lx%08lx",hash_res[0],hash_res[1]);
-}
-
-
-/*
- * Genererate a new message based on message and password
- * The same thing is done in client and server and the results are checked.
- */
-
-char *scramble(char *to,const char *message,const char *password,
-	       my_bool old_ver)
-{
-  struct rand_struct rand_st;
-  ulong hash_pass[2],hash_message[2];
-  if (password && password[0])
-  {
-    char *to_start=to;
-    hash_password(hash_pass,password);
-    hash_password(hash_message,message);
-    if (old_ver)
-      old_randominit(&rand_st,hash_pass[0] ^ hash_message[0]);
-    else
-      randominit(&rand_st,hash_pass[0] ^ hash_message[0],
-		 hash_pass[1] ^ hash_message[1]);
-    while (*message++)
-      *to++= (char) (floor(rnd(&rand_st)*31)+64);
-    if (!old_ver)
-    {						/* Make it harder to break */
-      char extra=(char) (floor(rnd(&rand_st)*31));
-      while (to_start != to)
-	*(to_start++)^=extra;
-    }
-  }
-  *to=0;
-  return to;
-}
-
-
-my_bool check_scramble(const char *scrambled, const char *message,
-		       ulong *hash_pass, my_bool old_ver)
-{
-  struct rand_struct rand_st;
-  ulong hash_message[2];
-  char buff[16],*to,extra;			/* Big enough for check */
-  const char *pos;
-
-  hash_password(hash_message,message);
-  if (old_ver)
-    old_randominit(&rand_st,hash_pass[0] ^ hash_message[0]);
-  else
-    randominit(&rand_st,hash_pass[0] ^ hash_message[0],
-	       hash_pass[1] ^ hash_message[1]);
-  to=buff;
-  for (pos=scrambled ; *pos ; pos++)
-    *to++=(char) (floor(rnd(&rand_st)*31)+64);
-  if (old_ver)
-    extra=0;
-  else
-    extra=(char) (floor(rnd(&rand_st)*31));
-  to=buff;
-  while (*scrambled)
-  {
-    if (*scrambled++ != (char) (*to++ ^ extra))
-      return 1;					/* Wrong password */
-  }
-  return 0;
-}

include/mysql_com.h

@@ -228,7 +228,7 @@ extern unsigned long net_buffer_length;
 
 void randominit(struct rand_struct *,unsigned long seed1,
 		unsigned long seed2);
-double rnd(struct rand_struct *);
+double my_rnd(struct rand_struct *);
 void make_scrambled_password(char *to,const char *password);
 void get_salt_from_password(unsigned long *res,const char *password);
 void make_password_from_salt(char *to, unsigned long *hash_res);

libmysql/Makefile.am

@@ -53,10 +53,6 @@ link_sources:
 	    rm -f $(srcdir)/$$f; \
 	    @LN_CP_F@ ../strings/$$f $(srcdir)/$$f; \
 	  done; \
-	  for f in $$qs; do \
-	    rm -f $(srcdir)/$$f; \
-	    @LN_CP_F@ $(srcdir)/../sql/$$f $(srcdir)/$$f; \
-	  done; \
 	  for f in $$ds; do \
 	    rm -f $(srcdir)/$$f; \
 	    @LN_CP_F@ $(srcdir)/../dbug/$$f $(srcdir)/$$f; \
@@ -66,7 +62,9 @@ link_sources:
 	    @LN_CP_F@ $(srcdir)/../mysys/$$f $(srcdir)/$$f; \
 	  done; \
 	  rm -f $(srcdir)/net.c; \
-	  @LN_CP_F@ $(srcdir)/../sql/net_serv.cc $(srcdir)/net.c
+	  @LN_CP_F@ $(srcdir)/../sql/net_serv.cc $(srcdir)/net.c ; \
+	  rm -f $(srcdir)/password.c; \
+	  @LN_CP_F@ $(srcdir)/../sql/password.c $(srcdir)/password.c
 
 # This part requires GNUmake
 #

libmysql/password.c

-/* Copyright (C) 2000 MySQL AB
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2 of the License, or
-   (at your option) any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA */
-
-/* password checking routines */
-/*****************************************************************************
-  The main idea is that no password are sent between client & server on
-  connection and that no password are saved in mysql in a decodable form.
-
-  On connection a random string is generated and sent to the client.
-  The client generates a new string with a random generator inited with
-  the hash values from the password and the sent string.
-  This 'check' string is sent to the server where it is compared with
-  a string generated from the stored hash_value of the password and the
-  random string.
-
-  The password is saved (in user.password) by using the PASSWORD() function in
-  mysql.
-
-  Example:
-    update user set password=PASSWORD("hello") where user="test"
-  This saves a hashed number as a string in the password field.
-*****************************************************************************/
-
-#include <my_global.h>
-#include <my_sys.h>
-#include <m_string.h>
-#include "mysql.h"
-
-
-void randominit(struct rand_struct *rand_st,ulong seed1, ulong seed2)
-{						/* For mysql 3.21.# */
-#ifdef HAVE_purify
-  bzero((char*) rand_st,sizeof(*rand_st));		/* Avoid UMC varnings */
-#endif
-  rand_st->max_value= 0x3FFFFFFFL;
-  rand_st->max_value_dbl=(double) rand_st->max_value;
-  rand_st->seed1=seed1%rand_st->max_value ;
-  rand_st->seed2=seed2%rand_st->max_value;
-}
-
-static void old_randominit(struct rand_struct *rand_st,ulong seed1)
-{						/* For mysql 3.20.# */
-  rand_st->max_value= 0x01FFFFFFL;
-  rand_st->max_value_dbl=(double) rand_st->max_value;
-  seed1%=rand_st->max_value;
-  rand_st->seed1=seed1 ; rand_st->seed2=seed1/2;
-}
-
-double rnd(struct rand_struct *rand_st)
-{
-  rand_st->seed1=(rand_st->seed1*3+rand_st->seed2) % rand_st->max_value;
-  rand_st->seed2=(rand_st->seed1+rand_st->seed2+33) % rand_st->max_value;
-  return (((double) rand_st->seed1)/rand_st->max_value_dbl);
-}
-
-void hash_password(ulong *result, const char *password)
-{
-  register ulong nr=1345345333L, add=7, nr2=0x12345671L;
-  ulong tmp;
-  for (; *password ; password++)
-  {
-    if (*password == ' ' || *password == '\t')
-      continue;			/* skipp space in password */
-    tmp= (ulong) (uchar) *password;
-    nr^= (((nr & 63)+add)*tmp)+ (nr << 8);
-    nr2+=(nr2 << 8) ^ nr;
-    add+=tmp;
-  }
-  result[0]=nr & (((ulong) 1L << 31) -1L); /* Don't use sign bit (str2int) */;
-  result[1]=nr2 & (((ulong) 1L << 31) -1L);
-  return;
-}
-
-void make_scrambled_password(char *to,const char *password)
-{
-  ulong hash_res[2];
-  hash_password(hash_res,password);
-  sprintf(to,"%08lx%08lx",hash_res[0],hash_res[1]);
-}
-
-static inline unsigned int char_val(char X)
-{
-  return (uint) (X >= '0' && X <= '9' ? X-'0' :
-		 X >= 'A' && X <= 'Z' ? X-'A'+10 :
-		 X-'a'+10);
-}
-
-/*
-** This code assumes that len(password) is divideable with 8 and that
-** res is big enough (2 in mysql)
-*/
-
-void get_salt_from_password(ulong *res,const char *password)
-{
-  res[0]=res[1]=0;
-  if (password)
-  {
-    while (*password)
-    {
-      ulong val=0;
-      uint i;
-      for (i=0 ; i < 8 ; i++)
-	val=(val << 4)+char_val(*password++);
-      *res++=val;
-    }
-  }
-  return;
-}
-
-void make_password_from_salt(char *to, ulong *hash_res)
-{
-  sprintf(to,"%08lx%08lx",hash_res[0],hash_res[1]);
-}
-
-
-/*
- * Genererate a new message based on message and password
- * The same thing is done in client and server and the results are checked.
- */
-
-char *scramble(char *to,const char *message,const char *password,
-	       my_bool old_ver)
-{
-  struct rand_struct rand_st;
-  ulong hash_pass[2],hash_message[2];
-  if (password && password[0])
-  {
-    char *to_start=to;
-    hash_password(hash_pass,password);
-    hash_password(hash_message,message);
-    if (old_ver)
-      old_randominit(&rand_st,hash_pass[0] ^ hash_message[0]);
-    else
-      randominit(&rand_st,hash_pass[0] ^ hash_message[0],
-		 hash_pass[1] ^ hash_message[1]);
-    while (*message++)
-      *to++= (char) (floor(rnd(&rand_st)*31)+64);
-    if (!old_ver)
-    {						/* Make it harder to break */
-      char extra=(char) (floor(rnd(&rand_st)*31));
-      while (to_start != to)
-	*(to_start++)^=extra;
-    }
-  }
-  *to=0;
-  return to;
-}
-
-
-my_bool check_scramble(const char *scrambled, const char *message,
-		       ulong *hash_pass, my_bool old_ver)
-{
-  struct rand_struct rand_st;
-  ulong hash_message[2];
-  char buff[16],*to,extra;			/* Big enough for check */
-  const char *pos;
-
-  hash_password(hash_message,message);
-  if (old_ver)
-    old_randominit(&rand_st,hash_pass[0] ^ hash_message[0]);
-  else
-    randominit(&rand_st,hash_pass[0] ^ hash_message[0],
-	       hash_pass[1] ^ hash_message[1]);
-  to=buff;
-  for (pos=scrambled ; *pos ; pos++)
-    *to++=(char) (floor(rnd(&rand_st)*31)+64);
-  if (old_ver)
-    extra=0;
-  else
-    extra=(char) (floor(rnd(&rand_st)*31));
-  to=buff;
-  while (*scrambled)
-  {
-    if (*scrambled++ != (char) (*to++ ^ extra))
-      return 1;					/* Wrong password */
-  }
-  return 0;
-}

libmysqld/Makefile.am

@@ -33,14 +33,14 @@ noinst_LIBRARIES =	libmysqld_int.a
 pkglib_LIBRARIES =	libmysqld.a
 SUBDIRS =		. examples
 libmysqld_sources=	libmysqld.c lib_sql.cc
-libmysqlsources =	errmsg.c get_password.c password.c
+libmysqlsources =	errmsg.c get_password.c
 
 noinst_HEADERS =	embedded_priv.h
 
 sqlsources = convert.cc derror.cc field.cc field_conv.cc filesort.cc \
 	ha_innodb.cc ha_berkeley.cc ha_heap.cc ha_isam.cc ha_isammrg.cc \
 	ha_myisam.cc ha_myisammrg.cc handler.cc sql_handler.cc \
-	hostname.cc init.cc \
+	hostname.cc init.cc password.c \
 	item.cc item_buff.cc item_cmpfunc.cc item_create.cc \
 	item_func.cc item_strfunc.cc item_sum.cc item_timefunc.cc \
 	item_uniq.cc key.cc lock.cc log.cc log_event.cc mf_iocache.cc\

sql/item_func.cc

@@ -736,7 +736,7 @@ void Item_func_rand::fix_length_and_dec()
 
 double Item_func_rand::val()
 {
-  return rnd(rand);
+  return my_rnd(rand);
 }
 
 longlong Item_func_sign::val_int()

sql/mysqld.cc

@@ -2668,7 +2668,7 @@ static void create_new_thread(THD *thd)
     max_used_connections=thread_count-delayed_insert_threads;
   thd->thread_id=thread_id++;
   for (uint i=0; i < 8 ; i++)			// Generate password teststring
-    thd->scramble[i]= (char) (rnd(&sql_rand)*94+33);
+    thd->scramble[i]= (char) (my_rnd(&sql_rand)*94+33);
   thd->scramble[8]=0;
 
   thd->real_id=pthread_self();			// Keep purify happy

sql/password.c

@@ -59,7 +59,7 @@ static void old_randominit(struct rand_struct *rand_st,ulong seed1)
   rand_st->seed1=seed1 ; rand_st->seed2=seed1/2;
 }
 
-double rnd(struct rand_struct *rand_st)
+double my_rnd(struct rand_struct *rand_st)
 {
   rand_st->seed1=(rand_st->seed1*3+rand_st->seed2) % rand_st->max_value;
   rand_st->seed2=(rand_st->seed1+rand_st->seed2+33) % rand_st->max_value;
@@ -91,7 +91,7 @@ void make_scrambled_password(char *to,const char *password)
   sprintf(to,"%08lx%08lx",hash_res[0],hash_res[1]);
 }
 
-inline uint char_val(char X)
+static inline unsigned int char_val(char X)
 {
   return (uint) (X >= '0' && X <= '9' ? X-'0' :
 		 X >= 'A' && X <= 'Z' ? X-'A'+10 :
@@ -147,10 +147,10 @@ char *scramble(char *to,const char *message,const char *password,
       randominit(&rand_st,hash_pass[0] ^ hash_message[0],
 		 hash_pass[1] ^ hash_message[1]);
     while (*message++)
-      *to++= (char) (floor(rnd(&rand_st)*31)+64);
+      *to++= (char) (floor(my_rnd(&rand_st)*31)+64);
     if (!old_ver)
     {						/* Make it harder to break */
-      char extra=(char) (floor(rnd(&rand_st)*31));
+      char extra=(char) (floor(my_rnd(&rand_st)*31));
       while (to_start != to)
 	*(to_start++)^=extra;
     }
@@ -176,11 +176,11 @@ my_bool check_scramble(const char *scrambled, const char *message,
 	       hash_pass[1] ^ hash_message[1]);
   to=buff;
   for (pos=scrambled ; *pos ; pos++)
-    *to++=(char) (floor(rnd(&rand_st)*31)+64);
+    *to++=(char) (floor(my_rnd(&rand_st)*31)+64);
   if (old_ver)
     extra=0;
   else
-    extra=(char) (floor(rnd(&rand_st)*31));
+    extra=(char) (floor(my_rnd(&rand_st)*31));
   to=buff;
   while (*scrambled)
   {

sql/sql_class.cc

@@ -156,7 +156,7 @@ THD::THD():user_time(0),fatal_error(0),last_insert_id_used(0),
   */
   {
     pthread_mutex_lock(&LOCK_thread_count);
-    ulong tmp=(ulong) (rnd(&sql_rand) * 0xffffffff); /* make all bits random */
+    ulong tmp=(ulong) (my_rnd(&sql_rand) * 0xffffffff); /* make all bits random */
     pthread_mutex_unlock(&LOCK_thread_count);
     randominit(&rand, tmp + (ulong) &rand, tmp + (ulong) ::query_id);
   }

sql/sql_crypt.cc

@@ -46,7 +46,7 @@ void SQL_CRYPT::crypt_init(ulong *rand_nr)
 
   for (i=0 ; i<= 255 ; i++)
   {
-    int idx= (uint) (rnd(&rand)*255.0);
+    int idx= (uint) (my_rnd(&rand)*255.0);
     char a= decode_buff[idx];
     decode_buff[idx]= decode_buff[i];
     decode_buff[+i]=a;
@@ -62,7 +62,7 @@ void SQL_CRYPT::encode(char *str,uint length)
 {
   for (uint i=0; i < length; i++)
   {
-    shift^=(uint) (rnd(&rand)*255.0);
+    shift^=(uint) (my_rnd(&rand)*255.0);
     uint idx= (uint) (uchar) str[0];
     *str++ = (char) ((uchar) encode_buff[idx] ^ shift);
     shift^= idx;
@@ -74,7 +74,7 @@ void SQL_CRYPT::decode(char *str,uint length)
 {
   for (uint i=0; i < length; i++)
   {
-    shift^=(uint) (rnd(&rand)*255.0);
+    shift^=(uint) (my_rnd(&rand)*255.0);
     uint idx= (uint) ((unsigned char) str[0] ^ shift);
     *str = decode_buff[idx];
     shift^= (uint) (uchar) *str++;