World: r3wp
[MySQL]
| older newer | first last |
| Pekr 9-Jan-2006 [301x2] | imo Doc found some C code and translated it to rebol back then, when checksum/secure was not available? dunno .... |
ehm, ehm .... :-) | |
| Volker 9-Jan-2006 [303] | Maybe its something custom? They mention no name, while they refer to sha1 in the new version. |
| Pekr 9-Jan-2006 [304x3] | I just put some probe [name int and value] into decode function to know capabilities, but: decode-integer: 41516 long-password 0 found-rows 0 long-flag 4 connect-with-db 8 no-schema 0 compress 32 odbc 0 locl-files 0 ignore-space 0 change-user 512 interactive 0 ssl 0 ignore-sigpipe 0 transactions 8196 |
how is that long-password, sent to me by server initial handshake sequence is 0? | |
that somehow does not make sense to me ... | |
| Volker 9-Jan-2006 [307] | me too. hmm. long-flags is set. |
| Pekr 9-Jan-2006 [308] | yes, curious what it means ... |
| Volker 9-Jan-2006 [309x2] | do you have a long password in the db? |
that example has also only long-flag | |
| Pekr 9-Jan-2006 [311] | yes .... |
| Volker 9-Jan-2006 [312x2] | long_password is in the clients response. |
The client now sends a request | |
| Pekr 9-Jan-2006 [314] | although - I just try to connect to /mysql table ... but passwd is user dependant, and as a root, I can see, it is long already :-) |
| Volker 9-Jan-2006 [315] | we get a little score for the first round? :) |
| Pekr 9-Jan-2006 [316x2] | what do you mean? :-) |
well, I think now the first task is to extend parse rule ... | |
| Volker 9-Jan-2006 [318] | the demo has a lot of 0 before the real password. maybe that helps adjusting. |
| Pekr 9-Jan-2006 [319] | hmm, read the handshake section in doc you posted - it gest pretty complicated :-) server sends 4.11, which means new password, client sends new password, but then server finds out, old password is stored in his user database for you, so it sends another one-byte reply for you to send password once again :-) |
| Volker 9-Jan-2006 [320] | Eeks. Forbid short passwords now.. |
| Pekr 9-Jan-2006 [321x3] | ok ... |
Doc has following comment for long-flag - "Get all columns flag" .... | |
still it does not make sense to me, how server indicates to me, what schema it uses ... | |
| Volker 9-Jan-2006 [324] | what happens if you simply expect it is a long password? For a first working version? At least people can connect. |
| Pekr 9-Jan-2006 [325] | I know, just thinking loud :-) |
| Volker 9-Jan-2006 [326x2] | Me too :) |
Do you need me here or can i prepare my lunch? | |
| Pekr 9-Jan-2006 [328x3] | btw - docs decodes and puts stuff into locals-class ... |
no, just go ahead, I have some good food for thought :-) | |
and thanks a lot .... | |
| Volker 9-Jan-2006 [331] | Ok, cu, good luck :) |
| Pekr 9-Jan-2006 [332x11] |
I have got the rest of the string which is currently ignored by handshake
process:
{^Z^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@I5oNx34IQ>~#^@}
|
so, I now got to state, where I have crypt-seed2 variable, holding the rest of the salt, I tried to join it to crypt-seed and got following reply: User error: ERROR 1045 : access denied for user ['root'-:-'localhost'] (using password: yes) | |
anyway - I regard handshake fixed at least to state, where you can obtain full protocol info, according to specs. Of course the handshake may be more complicated, but we don't care now, right? ;-) | |
Volker - what do you think Doc does in client-param after the handshake? It seems to me he is preparing for the answer, but long-password was strangerly set to 0 by the server ... | |
I implemented scramble-long function as follows:
scramble-long: func [pass port][
hash-stage1: checksum/method port/locals/long-seed 'sha1
hash-stage2: checksum/method hash-stage1 'sha1
to-string xor hash-stage1 (checksum/method/key port/locals/long-seed
'sha1 hash-stage2)
]
| |
I simply don't know how to rewrite in rebol using 'checksum following line: reply=xor(hash_stage1, sha1(public_seed, hash_stage2)) | |
uh, there is a bug on first line of my func above - hash-stage1: checksum/method pass 'sha1 .... but it does not work anyway ... | |
the C equivalent is in 'scramble(), posted on rebol.cz link earlier .... | |
if you look into scrambel(), they use sha1_reset, input, result function calls, which is imo equivalent of rebol using ports - opening, inserting, copying the result ... all this is also equivalent to checksum/secure "my-string" .... but, in one place, they call sha1_input two times, and I dunno what it does mean ... | |
I have rather bad feeling, that those two consecutive sha1_input calls will be show stopper for checksum to be used .... | |
I found sha1.c funcs in mySQL distro, I will post it in two hours to ftp, as I don't have account access here ... | |
| Will 9-Jan-2006 [343] | just to let you know, Doc is looking into mysql 5 issues 8) |
| Pekr 9-Jan-2006 [344x4] | ah, so ... I am so near :-) |
I fixed the protocol .... just latest bit is needed :-) | |
if you have contact to Doc, you can let him know that I can give him some pointers ... well, you can point his to this group discussion .... | |
(it is available also via web, in the case he does not have altme anymore) | |
| Dockimbel 9-Jan-2006 [348] | Hi, you did well by making this group web visible, I have no more time to chat on AltMe only checking sometime the web export of AltMe channels. |
| Pekr 9-Jan-2006 [349] | hi Doc! |
| Dockimbel 9-Jan-2006 [350] | I have a couple of hours to hack someething for MySQL v5 support. |
| older newer | first last |