World: r3wp
[MySQL]
| older newer | first last |
| Pekr 9-Jan-2006 [317] | well, I think now the first task is to extend parse rule ... |
| Volker 9-Jan-2006 [318] | the demo has a lot of 0 before the real password. maybe that helps adjusting. |
| Pekr 9-Jan-2006 [319] | hmm, read the handshake section in doc you posted - it gest pretty complicated :-) server sends 4.11, which means new password, client sends new password, but then server finds out, old password is stored in his user database for you, so it sends another one-byte reply for you to send password once again :-) |
| Volker 9-Jan-2006 [320] | Eeks. Forbid short passwords now.. |
| Pekr 9-Jan-2006 [321x3] | ok ... |
Doc has following comment for long-flag - "Get all columns flag" .... | |
still it does not make sense to me, how server indicates to me, what schema it uses ... | |
| Volker 9-Jan-2006 [324] | what happens if you simply expect it is a long password? For a first working version? At least people can connect. |
| Pekr 9-Jan-2006 [325] | I know, just thinking loud :-) |
| Volker 9-Jan-2006 [326x2] | Me too :) |
Do you need me here or can i prepare my lunch? | |
| Pekr 9-Jan-2006 [328x3] | btw - docs decodes and puts stuff into locals-class ... |
no, just go ahead, I have some good food for thought :-) | |
and thanks a lot .... | |
| Volker 9-Jan-2006 [331] | Ok, cu, good luck :) |
| Pekr 9-Jan-2006 [332x11] |
I have got the rest of the string which is currently ignored by handshake
process:
{^Z^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@I5oNx34IQ>~#^@}
|
so, I now got to state, where I have crypt-seed2 variable, holding the rest of the salt, I tried to join it to crypt-seed and got following reply: User error: ERROR 1045 : access denied for user ['root'-:-'localhost'] (using password: yes) | |
anyway - I regard handshake fixed at least to state, where you can obtain full protocol info, according to specs. Of course the handshake may be more complicated, but we don't care now, right? ;-) | |
Volker - what do you think Doc does in client-param after the handshake? It seems to me he is preparing for the answer, but long-password was strangerly set to 0 by the server ... | |
I implemented scramble-long function as follows:
scramble-long: func [pass port][
hash-stage1: checksum/method port/locals/long-seed 'sha1
hash-stage2: checksum/method hash-stage1 'sha1
to-string xor hash-stage1 (checksum/method/key port/locals/long-seed
'sha1 hash-stage2)
]
| |
I simply don't know how to rewrite in rebol using 'checksum following line: reply=xor(hash_stage1, sha1(public_seed, hash_stage2)) | |
uh, there is a bug on first line of my func above - hash-stage1: checksum/method pass 'sha1 .... but it does not work anyway ... | |
the C equivalent is in 'scramble(), posted on rebol.cz link earlier .... | |
if you look into scrambel(), they use sha1_reset, input, result function calls, which is imo equivalent of rebol using ports - opening, inserting, copying the result ... all this is also equivalent to checksum/secure "my-string" .... but, in one place, they call sha1_input two times, and I dunno what it does mean ... | |
I have rather bad feeling, that those two consecutive sha1_input calls will be show stopper for checksum to be used .... | |
I found sha1.c funcs in mySQL distro, I will post it in two hours to ftp, as I don't have account access here ... | |
| Will 9-Jan-2006 [343] | just to let you know, Doc is looking into mysql 5 issues 8) |
| Pekr 9-Jan-2006 [344x4] | ah, so ... I am so near :-) |
I fixed the protocol .... just latest bit is needed :-) | |
if you have contact to Doc, you can let him know that I can give him some pointers ... well, you can point his to this group discussion .... | |
(it is available also via web, in the case he does not have altme anymore) | |
| Dockimbel 9-Jan-2006 [348] | Hi, you did well by making this group web visible, I have no more time to chat on AltMe only checking sometime the web export of AltMe channels. |
| Pekr 9-Jan-2006 [349] | hi Doc! |
| Dockimbel 9-Jan-2006 [350] | I have a couple of hours to hack someething for MySQL v5 support. |
| Pekr 9-Jan-2006 [351x2] | I just felt ppl feel frustrated about not being able to connect ... |
can I sum for you? | |
| Dockimbel 9-Jan-2006 [353x2] | I'll try to reuse your code for scrambling, it will save me time looking in the sources of MySQL server. |
Yes, please :-). | |
| Pekr 9-Jan-2006 [355] | OK, so first - handshake is not complete parsing full headers ... |
| Dockimbel 9-Jan-2006 [356] | I'm currently adding code to process the remaing headers. I'm retrieving the second part of the seed. |
| Pekr 9-Jan-2006 [357] | I added read-byte (charset), read-int (server-status), 13 skip (not-used), read-string (the rest of seed) |
| Dockimbel 9-Jan-2006 [358] | We agree ;) |
| Pekr 9-Jan-2006 [359] | so I extended also locals-class by those variables ... |
| Dockimbel 9-Jan-2006 [360x2] | ok |
I'll do the same | |
| Pekr 9-Jan-2006 [362x5] | next things, which can/or does not need to be solved is read-packet port following send-packed after handshake - IF the server is new one, but it does not use new passwords, it will reply with Oxfe |
but - maybe we don't need to care to do it so automatically..... | |
ppl will be happy to connect to new versions .... | |
we also found out, that new shceme uses sha1 .... which is ok with checksum/secure ... | |
however: if you look into scramble(), they use sha1_reset, input, result function calls, which is imo equivalent of rebol using ports - opening, inserting, copying the result ... all this is also equivalent to checksum/secure "my-string" .... but, in one place, they call sha1_input two times, and I dunno what it does mean ... | |
| older newer | first last |