Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fixed the Ruby/MySQL adapter we ship with Active Record to work with …

…the new authentication handshake that was introduced in MySQL 4.1, along with the other protocol changes made at that time (closes #5723) [jimw@mysql.com]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@4990 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
  • Loading branch information...
commit 68b909726b25255437f4f7500bcb16d29cb924f6 1 parent 17f7eaa
@dhh dhh authored
View
2  activerecord/CHANGELOG
@@ -1,5 +1,7 @@
*SVN*
+* Fixed the Ruby/MySQL adapter we ship with Active Record to work with the new authentication handshake that was introduced in MySQL 4.1, along with the other protocol changes made at that time #5723 [jimw@mysql.com]
+
* Deprecation: use :dependent => :delete_all rather than :exclusively_dependent => true. #6024 [Josh Susser]
* Document validates_presences_of behavior with booleans: you probably want validates_inclusion_of :attr, :in => [true, false]. #2253 [Bob Silva]
View
25 activerecord/lib/active_record/vendor/mysql.rb
@@ -6,7 +6,7 @@
class Mysql
- VERSION = "4.0-ruby-0.2.5"
+ VERSION = "4.0-ruby-0.2.6-plus-changes"
require "socket"
require "digest/sha1"
@@ -18,6 +18,9 @@ class Mysql
MYSQL_PORT = 3306
PROTOCOL_VERSION = 10
+ SCRAMBLE_LENGTH = 20
+ SCRAMBLE_LENGTH_323 = 8
+
# Command
COM_SLEEP = 0
COM_QUIT = 1
@@ -147,12 +150,23 @@ def real_connect(host=nil, user=nil, passwd=nil, db=nil, port=nil, socket=nil, f
@db = db.dup
end
write data
- read
+ pkt = read
+ handle_auth_fallback(pkt, passwd)
ObjectSpace.define_finalizer(self, Mysql.finalizer(@net))
self
end
alias :connect :real_connect
+ def handle_auth_fallback(pkt, passwd)
+ # A packet like this means that we need to send an old-format password
+ if pkt.size == 1 and pkt[0] == 254 and
+ @server_capabilities & CLIENT_SECURE_CONNECTION != 0 then
+ data = scramble(passwd, @scramble_buff, @protocol_version == 9)
+ write data + "\0"
+ read
+ end
+ end
+
def escape_string(str)
Mysql::escape_string str
end
@@ -208,7 +222,8 @@ def change_user(user="", passwd="", db="")
else
data = user+"\0"+scramble41(passwd, @scramble_buff)+db
end
- command COM_CHANGE_USER, data
+ pkt = command COM_CHANGE_USER, data
+ handle_auth_fallback(pkt, passwd)
@user = user
@passwd = passwd
@db = db
@@ -534,10 +549,10 @@ def scramble(password, message, old_ver)
return "" if password == nil or password == ""
raise "old version password is not implemented" if old_ver
hash_pass = hash_password password
- hash_message = hash_password message
+ hash_message = hash_password message.slice(0,SCRAMBLE_LENGTH_323)
rnd = Random::new hash_pass[0] ^ hash_message[0], hash_pass[1] ^ hash_message[1]
to = []
- 1.upto(message.length) do
+ 1.upto(SCRAMBLE_LENGTH_323) do
to << ((rnd.rnd*31)+64).floor
end
extra = (rnd.rnd*31).floor
Please sign in to comment.
Something went wrong with that request. Please try again.