644
#ifndef EMBEDDED_LIBRARY
646
/** Get a string according to the protocol of the underlying buffer. */
647
typedef char * (*get_proto_string_func_t) (char **, size_t *, size_t *);
650
Get a string formatted according to the 4.1 version of the MySQL protocol.
652
@param buffer[in, out] Pointer to the user-supplied buffer to be scanned.
653
@param max_bytes_available[in, out] Limit the bytes to scan.
654
@param string_length[out] The number of characters scanned not including
657
@remark Strings are always null character terminated in this version of the
660
@remark The string_length does not include the terminating null character.
661
However, after the call, the buffer is increased by string_length+1
662
bytes, beyond the null character if there still available bytes to
665
@return pointer to beginning of the string scanned.
666
@retval NULL The buffer content is malformed
670
char *get_41_protocol_string(char **buffer,
671
size_t *max_bytes_available,
672
size_t *string_length)
674
char *str= (char *)memchr(*buffer, '\0', *max_bytes_available);
679
*string_length= (size_t)(str - *buffer);
680
*max_bytes_available-= *string_length + 1;
682
*buffer += *string_length + 1;
689
Get a string formatted according to the 4.0 version of the MySQL protocol.
691
@param buffer[in, out] Pointer to the user-supplied buffer to be scanned.
692
@param max_bytes_available[in, out] Limit the bytes to scan.
693
@param string_length[out] The number of characters scanned not including
696
@remark If there are not enough bytes left after the current position of
697
the buffer to satisfy the current string, the string is considered
698
to be empty and a pointer to empty_c_string is returned.
700
@remark A string at the end of the packet is not null terminated.
702
@return Pointer to beginning of the string scanned, or a pointer to a empty
706
char *get_40_protocol_string(char **buffer,
707
size_t *max_bytes_available,
708
size_t *string_length)
713
/* No bytes to scan left, treat string as empty. */
714
if ((*max_bytes_available) == 0)
717
return empty_c_string;
720
str= (char *) memchr(*buffer, '\0', *max_bytes_available);
723
If the string was not null terminated by the client,
724
the remainder of the packet is the string. Otherwise,
725
advance the buffer past the end of the null terminated
729
len= *string_length= *max_bytes_available;
731
len= (*string_length= (size_t)(str - *buffer)) + 1;
735
*max_bytes_available-= len;
742
Get a length encoded string from a user-supplied buffer.
744
@param buffer[in, out] The buffer to scan; updates position after scan.
745
@param max_bytes_available[in, out] Limit the number of bytes to scan
746
@param string_length[out] Number of characters scanned
748
@remark In case the length is zero, then the total size of the string is
749
considered to be 1 byte; the size byte.
751
@return pointer to first byte after the header in buffer.
752
@retval NULL The buffer content is malformed
756
char *get_length_encoded_string(char **buffer,
757
size_t *max_bytes_available,
758
size_t *string_length)
760
if (*max_bytes_available == 0)
763
/* Do double cast to prevent overflow from signed / unsigned conversion */
764
size_t str_len= (size_t)(unsigned char)**buffer;
767
If the length encoded string has the length 0
768
the total size of the string is only one byte long (the size byte)
775
Return a pointer to the 0 character so the return value will be
781
if (str_len >= *max_bytes_available)
784
char *str= *buffer+1;
785
*string_length= str_len;
786
*max_bytes_available-= *string_length + 1;
787
*buffer+= *string_length + 1;
625
793
Perform handshake, authorize client and update thd ACL variables.
767
940
if (thd->packet.alloc(thd->variables.net_buffer_length))
768
941
return 1; /* The error is set by alloc(). */
770
thd->client_capabilities= uint2korr(net->read_pos);
771
if (thd->client_capabilities & CLIENT_PROTOCOL_41)
773
thd->client_capabilities|= ((ulong) uint2korr(net->read_pos+2)) << 16;
774
thd->max_client_packet_length= uint4korr(net->read_pos+4);
775
DBUG_PRINT("info", ("client_character_set: %d", (uint) net->read_pos[8]));
776
thd_init_client_charset(thd, (uint) net->read_pos[8]);
777
thd->update_charset();
778
end= (char*) net->read_pos+32;
782
thd->max_client_packet_length= uint3korr(net->read_pos+2);
783
end= (char*) net->read_pos+5;
943
uint charset_code= 0;
944
end= (char *)net->read_pos;
946
In order to safely scan a head for '\0' string terminators
947
we must keep track of how many bytes remain in the allocated
948
buffer or we might read past the end of the buffer.
950
size_t bytes_remaining_in_packet= pkt_len;
953
Peek ahead on the client capability packet and determine which version of
954
the protocol should be used.
956
if (bytes_remaining_in_packet < 2)
959
thd->client_capabilities= uint2korr(end);
962
Connector/J only sends client capabilities (4 bytes) before starting SSL
963
negotiation so we don't have char_set and other information for client in
964
packet read. In that case, skip reading those information. The below code
967
if(bytes_remaining_in_packet == AUTH_PACKET_HEADER_SIZE_CONNJ_SSL &&
968
(thd->client_capabilities & CLIENT_SSL))
970
thd->client_capabilities= uint4korr(end);
971
thd->max_client_packet_length= global_system_variables.max_allowed_packet;
972
charset_code= default_charset_info->number;
973
end+= AUTH_PACKET_HEADER_SIZE_CONNJ_SSL;
974
bytes_remaining_in_packet-= AUTH_PACKET_HEADER_SIZE_CONNJ_SSL;
978
if (thd->client_capabilities & CLIENT_PROTOCOL_41)
979
packet_has_required_size= bytes_remaining_in_packet >=
980
AUTH_PACKET_HEADER_SIZE_PROTO_41;
982
packet_has_required_size= bytes_remaining_in_packet >=
983
AUTH_PACKET_HEADER_SIZE_PROTO_40;
985
if (!packet_has_required_size)
988
if (thd->client_capabilities & CLIENT_PROTOCOL_41)
990
thd->client_capabilities= uint4korr(end);
991
thd->max_client_packet_length= uint4korr(end + 4);
992
charset_code= (uint)(uchar)*(end + 8);
994
Skip 23 remaining filler bytes which have no particular meaning.
996
end+= AUTH_PACKET_HEADER_SIZE_PROTO_41;
997
bytes_remaining_in_packet-= AUTH_PACKET_HEADER_SIZE_PROTO_41;
1001
thd->client_capabilities= uint2korr(end);
1002
thd->max_client_packet_length= uint3korr(end + 2);
1003
end+= AUTH_PACKET_HEADER_SIZE_PROTO_40;
1004
bytes_remaining_in_packet-= AUTH_PACKET_HEADER_SIZE_PROTO_40;
1006
Old clients didn't have their own charset. Instead the assumption
1007
was that they used what ever the server used.
1009
charset_code= default_charset_info->number;
1014
DBUG_PRINT("info", ("client_character_set: %u", charset_code));
1015
if (thd_init_client_charset(thd, charset_code))
1017
thd->update_charset();
786
1020
Disable those bits which are not supported by the server.
787
1021
This is a precautionary measure, if the client lies. See Bug#27944.
792
1026
thd->variables.sql_mode|= MODE_IGNORE_SPACE;
793
1027
#ifdef HAVE_OPENSSL
794
1028
DBUG_PRINT("info", ("client capabilities: %lu", thd->client_capabilities));
1031
If client requested SSL then we must stop parsing, try to switch to SSL,
1032
and wait for the client to send a new handshake packet.
1033
The client isn't expected to send any more bytes until SSL is initialized.
795
1035
if (thd->client_capabilities & CLIENT_SSL)
797
1037
/* Do the SSL layering. */
798
1038
if (!ssl_acceptor_fd)
800
inc_host_errors(&thd->remote.sin_addr);
801
my_error(ER_HANDSHAKE_ERROR, MYF(0), thd->main_security_ctx.host_or_ip);
804
1041
DBUG_PRINT("info", ("IO layer change in progress..."));
805
1042
if (sslaccept(ssl_acceptor_fd, net->vio, net->read_timeout))
807
1044
DBUG_PRINT("error", ("Failed to accept new SSL connection"));
808
inc_host_errors(&thd->remote.sin_addr);
809
my_error(ER_HANDSHAKE_ERROR, MYF(0), thd->main_security_ctx.host_or_ip);
812
1048
DBUG_PRINT("info", ("Reading user information over SSL layer"));
813
if ((pkt_len= my_net_read(net)) == packet_error ||
814
pkt_len < NORMAL_HANDSHAKE_SIZE)
1049
if ((pkt_len= my_net_read(net)) == packet_error)
816
1051
DBUG_PRINT("error", ("Failed to read user information (pkt_len= %lu)",
818
inc_host_errors(&thd->remote.sin_addr);
819
my_error(ER_HANDSHAKE_ERROR, MYF(0), thd->main_security_ctx.host_or_ip);
1056
A new packet was read and the statistics reflecting the remaining bytes
1057
in the packet must be updated.
1059
bytes_remaining_in_packet= pkt_len;
1062
After the SSL handshake is performed the client resends the handshake
1063
packet but because of legacy reasons we chose not to parse the packet
1064
fields a second time and instead only assert the length of the packet.
1066
if (thd->client_capabilities & CLIENT_PROTOCOL_41)
1069
packet_has_required_size= bytes_remaining_in_packet >=
1070
AUTH_PACKET_HEADER_SIZE_PROTO_41;
1071
end= (char *)net->read_pos + AUTH_PACKET_HEADER_SIZE_PROTO_41;
1072
bytes_remaining_in_packet -= AUTH_PACKET_HEADER_SIZE_PROTO_41;
1076
packet_has_required_size= bytes_remaining_in_packet >=
1077
AUTH_PACKET_HEADER_SIZE_PROTO_40;
1078
end= (char *)net->read_pos + AUTH_PACKET_HEADER_SIZE_PROTO_40;
1079
bytes_remaining_in_packet -= AUTH_PACKET_HEADER_SIZE_PROTO_40;
1082
if (!packet_has_required_size)
823
1085
#endif /* HAVE_OPENSSL */
825
if (end >= (char*) net->read_pos+ pkt_len +2)
827
inc_host_errors(&thd->remote.sin_addr);
828
my_error(ER_HANDSHAKE_ERROR, MYF(0), thd->main_security_ctx.host_or_ip);
832
1087
if (thd->client_capabilities & CLIENT_INTERACTIVE)
833
1088
thd->variables.net_wait_timeout= thd->variables.net_interactive_timeout;
834
1089
if ((thd->client_capabilities & CLIENT_TRANSACTIONS) &&
835
1090
opt_using_transactions)
836
1091
net->return_status= &thd->server_status;
839
char *passwd= strend(user)+1;
840
uint user_len= passwd - user - 1;
1094
The 4.0 and 4.1 versions of the protocol differ on how strings
1095
are terminated. In the 4.0 version, if a string is at the end
1096
of the packet, the string is not null terminated. Do not assume
1097
that the returned string is always null terminated.
1099
get_proto_string_func_t get_string;
1101
if (thd->client_capabilities & CLIENT_PROTOCOL_41)
1102
get_string= get_41_protocol_string;
1104
get_string= get_40_protocol_string;
1106
user= get_string(&end, &bytes_remaining_in_packet, &user_len);
1111
Old clients send a null-terminated string as password; new clients send
1112
the size (1 byte) + string (not null-terminated). Hence in case of empty
1113
password both send '\0'.
1118
if (thd->client_capabilities & CLIENT_SECURE_CONNECTION)
1121
4.1+ password. First byte is password length.
1123
passwd= get_length_encoded_string(&end, &bytes_remaining_in_packet,
1129
Old passwords are zero terminated strings.
1131
passwd= get_string(&end, &bytes_remaining_in_packet, &passwd_len);
1140
if (thd->client_capabilities & CLIENT_CONNECT_WITH_DB)
1142
db= get_string(&end, &bytes_remaining_in_packet, &db_len);
842
1147
char db_buff[NAME_LEN + 1]; // buffer to store db in utf8
843
1148
char user_buff[USERNAME_LENGTH + 1]; // buffer to store user in utf8
844
1149
uint dummy_errors;
847
Old clients send null-terminated string as password; new clients send
848
the size (1 byte) + string (not null-terminated). Hence in case of empty
849
password both send '\0'.
851
This strlen() can't be easily deleted without changing protocol.
853
Cast *passwd to an unsigned char, so that it doesn't extend the sign for
854
*passwd > 127 and become 2**32-127+ after casting to uint.
1152
Copy and convert the user and database names to the character set used
1153
by the server. Since 4.1 all database names are stored in UTF-8. Also,
1154
ensure that the names are properly null-terminated as this is relied
856
uint passwd_len= thd->client_capabilities & CLIENT_SECURE_CONNECTION ?
857
(uchar)(*passwd++) : strlen(passwd);
858
db= thd->client_capabilities & CLIENT_CONNECT_WITH_DB ?
859
db + passwd_len + 1 : 0;
860
/* strlen() can't be easily deleted without changing protocol */
861
uint db_len= db ? strlen(db) : 0;
863
if (passwd + passwd_len + db_len > (char *)net->read_pos + pkt_len)
865
inc_host_errors(&thd->remote.sin_addr);
866
my_error(ER_HANDSHAKE_ERROR, MYF(0), thd->main_security_ctx.host_or_ip);
870
/* Since 4.1 all database names are stored in utf8 */
873
db_buff[copy_and_convert(db_buff, sizeof(db_buff)-1,
876
thd->charset(), &dummy_errors)]= 0;
1159
db_len= copy_and_convert(db_buff, sizeof(db_buff)-1, system_charset_info,
1160
db, db_len, thd->charset(), &dummy_errors);
1161
db_buff[db_len]= '\0';
880
user_buff[user_len= copy_and_convert(user_buff, sizeof(user_buff)-1,
881
system_charset_info, user, user_len,
882
thd->charset(), &dummy_errors)]= '\0';
1165
user_len= copy_and_convert(user_buff, sizeof(user_buff)-1,
1166
system_charset_info, user, user_len,
1167
thd->charset(), &dummy_errors);
1168
user_buff[user_len]= '\0';
883
1169
user= user_buff;
885
1171
/* If username starts and ends in "'", chop them off */