mirror of
				https://github.com/go-gitea/gitea.git
				synced 2025-10-25 01:24:13 +02:00 
			
		
		
		
	Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
		
			
				
	
	
		
			423 lines
		
	
	
		
			10 KiB
		
	
	
	
		
			Go
		
	
	
	
		
			Vendored
		
	
	
	
			
		
		
	
	
			423 lines
		
	
	
		
			10 KiB
		
	
	
	
		
			Go
		
	
	
	
		
			Vendored
		
	
	
	
| // Go MySQL Driver - A MySQL-Driver for Go's database/sql package
 | |
| //
 | |
| // Copyright 2018 The Go-MySQL-Driver Authors. All rights reserved.
 | |
| //
 | |
| // This Source Code Form is subject to the terms of the Mozilla Public
 | |
| // License, v. 2.0. If a copy of the MPL was not distributed with this file,
 | |
| // You can obtain one at http://mozilla.org/MPL/2.0/.
 | |
| 
 | |
| package mysql
 | |
| 
 | |
| import (
 | |
| 	"crypto/rand"
 | |
| 	"crypto/rsa"
 | |
| 	"crypto/sha1"
 | |
| 	"crypto/sha256"
 | |
| 	"crypto/x509"
 | |
| 	"encoding/pem"
 | |
| 	"sync"
 | |
| )
 | |
| 
 | |
| // server pub keys registry
 | |
| var (
 | |
| 	serverPubKeyLock     sync.RWMutex
 | |
| 	serverPubKeyRegistry map[string]*rsa.PublicKey
 | |
| )
 | |
| 
 | |
| // RegisterServerPubKey registers a server RSA public key which can be used to
 | |
| // send data in a secure manner to the server without receiving the public key
 | |
| // in a potentially insecure way from the server first.
 | |
| // Registered keys can afterwards be used adding serverPubKey=<name> to the DSN.
 | |
| //
 | |
| // Note: The provided rsa.PublicKey instance is exclusively owned by the driver
 | |
| // after registering it and may not be modified.
 | |
| //
 | |
| //  data, err := ioutil.ReadFile("mykey.pem")
 | |
| //  if err != nil {
 | |
| //  	log.Fatal(err)
 | |
| //  }
 | |
| //
 | |
| //  block, _ := pem.Decode(data)
 | |
| //  if block == nil || block.Type != "PUBLIC KEY" {
 | |
| //  	log.Fatal("failed to decode PEM block containing public key")
 | |
| //  }
 | |
| //
 | |
| //  pub, err := x509.ParsePKIXPublicKey(block.Bytes)
 | |
| //  if err != nil {
 | |
| //  	log.Fatal(err)
 | |
| //  }
 | |
| //
 | |
| //  if rsaPubKey, ok := pub.(*rsa.PublicKey); ok {
 | |
| //  	mysql.RegisterServerPubKey("mykey", rsaPubKey)
 | |
| //  } else {
 | |
| //  	log.Fatal("not a RSA public key")
 | |
| //  }
 | |
| //
 | |
| func RegisterServerPubKey(name string, pubKey *rsa.PublicKey) {
 | |
| 	serverPubKeyLock.Lock()
 | |
| 	if serverPubKeyRegistry == nil {
 | |
| 		serverPubKeyRegistry = make(map[string]*rsa.PublicKey)
 | |
| 	}
 | |
| 
 | |
| 	serverPubKeyRegistry[name] = pubKey
 | |
| 	serverPubKeyLock.Unlock()
 | |
| }
 | |
| 
 | |
| // DeregisterServerPubKey removes the public key registered with the given name.
 | |
| func DeregisterServerPubKey(name string) {
 | |
| 	serverPubKeyLock.Lock()
 | |
| 	if serverPubKeyRegistry != nil {
 | |
| 		delete(serverPubKeyRegistry, name)
 | |
| 	}
 | |
| 	serverPubKeyLock.Unlock()
 | |
| }
 | |
| 
 | |
| func getServerPubKey(name string) (pubKey *rsa.PublicKey) {
 | |
| 	serverPubKeyLock.RLock()
 | |
| 	if v, ok := serverPubKeyRegistry[name]; ok {
 | |
| 		pubKey = v
 | |
| 	}
 | |
| 	serverPubKeyLock.RUnlock()
 | |
| 	return
 | |
| }
 | |
| 
 | |
| // Hash password using pre 4.1 (old password) method
 | |
| // https://github.com/atcurtis/mariadb/blob/master/mysys/my_rnd.c
 | |
| type myRnd struct {
 | |
| 	seed1, seed2 uint32
 | |
| }
 | |
| 
 | |
| const myRndMaxVal = 0x3FFFFFFF
 | |
| 
 | |
| // Pseudo random number generator
 | |
| func newMyRnd(seed1, seed2 uint32) *myRnd {
 | |
| 	return &myRnd{
 | |
| 		seed1: seed1 % myRndMaxVal,
 | |
| 		seed2: seed2 % myRndMaxVal,
 | |
| 	}
 | |
| }
 | |
| 
 | |
| // Tested to be equivalent to MariaDB's floating point variant
 | |
| // http://play.golang.org/p/QHvhd4qved
 | |
| // http://play.golang.org/p/RG0q4ElWDx
 | |
| func (r *myRnd) NextByte() byte {
 | |
| 	r.seed1 = (r.seed1*3 + r.seed2) % myRndMaxVal
 | |
| 	r.seed2 = (r.seed1 + r.seed2 + 33) % myRndMaxVal
 | |
| 
 | |
| 	return byte(uint64(r.seed1) * 31 / myRndMaxVal)
 | |
| }
 | |
| 
 | |
| // Generate binary hash from byte string using insecure pre 4.1 method
 | |
| func pwHash(password []byte) (result [2]uint32) {
 | |
| 	var add uint32 = 7
 | |
| 	var tmp uint32
 | |
| 
 | |
| 	result[0] = 1345345333
 | |
| 	result[1] = 0x12345671
 | |
| 
 | |
| 	for _, c := range password {
 | |
| 		// skip spaces and tabs in password
 | |
| 		if c == ' ' || c == '\t' {
 | |
| 			continue
 | |
| 		}
 | |
| 
 | |
| 		tmp = uint32(c)
 | |
| 		result[0] ^= (((result[0] & 63) + add) * tmp) + (result[0] << 8)
 | |
| 		result[1] += (result[1] << 8) ^ result[0]
 | |
| 		add += tmp
 | |
| 	}
 | |
| 
 | |
| 	// Remove sign bit (1<<31)-1)
 | |
| 	result[0] &= 0x7FFFFFFF
 | |
| 	result[1] &= 0x7FFFFFFF
 | |
| 
 | |
| 	return
 | |
| }
 | |
| 
 | |
| // Hash password using insecure pre 4.1 method
 | |
| func scrambleOldPassword(scramble []byte, password string) []byte {
 | |
| 	if len(password) == 0 {
 | |
| 		return nil
 | |
| 	}
 | |
| 
 | |
| 	scramble = scramble[:8]
 | |
| 
 | |
| 	hashPw := pwHash([]byte(password))
 | |
| 	hashSc := pwHash(scramble)
 | |
| 
 | |
| 	r := newMyRnd(hashPw[0]^hashSc[0], hashPw[1]^hashSc[1])
 | |
| 
 | |
| 	var out [8]byte
 | |
| 	for i := range out {
 | |
| 		out[i] = r.NextByte() + 64
 | |
| 	}
 | |
| 
 | |
| 	mask := r.NextByte()
 | |
| 	for i := range out {
 | |
| 		out[i] ^= mask
 | |
| 	}
 | |
| 
 | |
| 	return out[:]
 | |
| }
 | |
| 
 | |
| // Hash password using 4.1+ method (SHA1)
 | |
| func scramblePassword(scramble []byte, password string) []byte {
 | |
| 	if len(password) == 0 {
 | |
| 		return nil
 | |
| 	}
 | |
| 
 | |
| 	// stage1Hash = SHA1(password)
 | |
| 	crypt := sha1.New()
 | |
| 	crypt.Write([]byte(password))
 | |
| 	stage1 := crypt.Sum(nil)
 | |
| 
 | |
| 	// scrambleHash = SHA1(scramble + SHA1(stage1Hash))
 | |
| 	// inner Hash
 | |
| 	crypt.Reset()
 | |
| 	crypt.Write(stage1)
 | |
| 	hash := crypt.Sum(nil)
 | |
| 
 | |
| 	// outer Hash
 | |
| 	crypt.Reset()
 | |
| 	crypt.Write(scramble)
 | |
| 	crypt.Write(hash)
 | |
| 	scramble = crypt.Sum(nil)
 | |
| 
 | |
| 	// token = scrambleHash XOR stage1Hash
 | |
| 	for i := range scramble {
 | |
| 		scramble[i] ^= stage1[i]
 | |
| 	}
 | |
| 	return scramble
 | |
| }
 | |
| 
 | |
| // Hash password using MySQL 8+ method (SHA256)
 | |
| func scrambleSHA256Password(scramble []byte, password string) []byte {
 | |
| 	if len(password) == 0 {
 | |
| 		return nil
 | |
| 	}
 | |
| 
 | |
| 	// XOR(SHA256(password), SHA256(SHA256(SHA256(password)), scramble))
 | |
| 
 | |
| 	crypt := sha256.New()
 | |
| 	crypt.Write([]byte(password))
 | |
| 	message1 := crypt.Sum(nil)
 | |
| 
 | |
| 	crypt.Reset()
 | |
| 	crypt.Write(message1)
 | |
| 	message1Hash := crypt.Sum(nil)
 | |
| 
 | |
| 	crypt.Reset()
 | |
| 	crypt.Write(message1Hash)
 | |
| 	crypt.Write(scramble)
 | |
| 	message2 := crypt.Sum(nil)
 | |
| 
 | |
| 	for i := range message1 {
 | |
| 		message1[i] ^= message2[i]
 | |
| 	}
 | |
| 
 | |
| 	return message1
 | |
| }
 | |
| 
 | |
| func encryptPassword(password string, seed []byte, pub *rsa.PublicKey) ([]byte, error) {
 | |
| 	plain := make([]byte, len(password)+1)
 | |
| 	copy(plain, password)
 | |
| 	for i := range plain {
 | |
| 		j := i % len(seed)
 | |
| 		plain[i] ^= seed[j]
 | |
| 	}
 | |
| 	sha1 := sha1.New()
 | |
| 	return rsa.EncryptOAEP(sha1, rand.Reader, pub, plain, nil)
 | |
| }
 | |
| 
 | |
| func (mc *mysqlConn) sendEncryptedPassword(seed []byte, pub *rsa.PublicKey) error {
 | |
| 	enc, err := encryptPassword(mc.cfg.Passwd, seed, pub)
 | |
| 	if err != nil {
 | |
| 		return err
 | |
| 	}
 | |
| 	return mc.writeAuthSwitchPacket(enc)
 | |
| }
 | |
| 
 | |
| func (mc *mysqlConn) auth(authData []byte, plugin string) ([]byte, error) {
 | |
| 	switch plugin {
 | |
| 	case "caching_sha2_password":
 | |
| 		authResp := scrambleSHA256Password(authData, mc.cfg.Passwd)
 | |
| 		return authResp, nil
 | |
| 
 | |
| 	case "mysql_old_password":
 | |
| 		if !mc.cfg.AllowOldPasswords {
 | |
| 			return nil, ErrOldPassword
 | |
| 		}
 | |
| 		// Note: there are edge cases where this should work but doesn't;
 | |
| 		// this is currently "wontfix":
 | |
| 		// https://github.com/go-sql-driver/mysql/issues/184
 | |
| 		authResp := append(scrambleOldPassword(authData[:8], mc.cfg.Passwd), 0)
 | |
| 		return authResp, nil
 | |
| 
 | |
| 	case "mysql_clear_password":
 | |
| 		if !mc.cfg.AllowCleartextPasswords {
 | |
| 			return nil, ErrCleartextPassword
 | |
| 		}
 | |
| 		// http://dev.mysql.com/doc/refman/5.7/en/cleartext-authentication-plugin.html
 | |
| 		// http://dev.mysql.com/doc/refman/5.7/en/pam-authentication-plugin.html
 | |
| 		return append([]byte(mc.cfg.Passwd), 0), nil
 | |
| 
 | |
| 	case "mysql_native_password":
 | |
| 		if !mc.cfg.AllowNativePasswords {
 | |
| 			return nil, ErrNativePassword
 | |
| 		}
 | |
| 		// https://dev.mysql.com/doc/internals/en/secure-password-authentication.html
 | |
| 		// Native password authentication only need and will need 20-byte challenge.
 | |
| 		authResp := scramblePassword(authData[:20], mc.cfg.Passwd)
 | |
| 		return authResp, nil
 | |
| 
 | |
| 	case "sha256_password":
 | |
| 		if len(mc.cfg.Passwd) == 0 {
 | |
| 			return []byte{0}, nil
 | |
| 		}
 | |
| 		if mc.cfg.tls != nil || mc.cfg.Net == "unix" {
 | |
| 			// write cleartext auth packet
 | |
| 			return append([]byte(mc.cfg.Passwd), 0), nil
 | |
| 		}
 | |
| 
 | |
| 		pubKey := mc.cfg.pubKey
 | |
| 		if pubKey == nil {
 | |
| 			// request public key from server
 | |
| 			return []byte{1}, nil
 | |
| 		}
 | |
| 
 | |
| 		// encrypted password
 | |
| 		enc, err := encryptPassword(mc.cfg.Passwd, authData, pubKey)
 | |
| 		return enc, err
 | |
| 
 | |
| 	default:
 | |
| 		errLog.Print("unknown auth plugin:", plugin)
 | |
| 		return nil, ErrUnknownPlugin
 | |
| 	}
 | |
| }
 | |
| 
 | |
| func (mc *mysqlConn) handleAuthResult(oldAuthData []byte, plugin string) error {
 | |
| 	// Read Result Packet
 | |
| 	authData, newPlugin, err := mc.readAuthResult()
 | |
| 	if err != nil {
 | |
| 		return err
 | |
| 	}
 | |
| 
 | |
| 	// handle auth plugin switch, if requested
 | |
| 	if newPlugin != "" {
 | |
| 		// If CLIENT_PLUGIN_AUTH capability is not supported, no new cipher is
 | |
| 		// sent and we have to keep using the cipher sent in the init packet.
 | |
| 		if authData == nil {
 | |
| 			authData = oldAuthData
 | |
| 		} else {
 | |
| 			// copy data from read buffer to owned slice
 | |
| 			copy(oldAuthData, authData)
 | |
| 		}
 | |
| 
 | |
| 		plugin = newPlugin
 | |
| 
 | |
| 		authResp, err := mc.auth(authData, plugin)
 | |
| 		if err != nil {
 | |
| 			return err
 | |
| 		}
 | |
| 		if err = mc.writeAuthSwitchPacket(authResp); err != nil {
 | |
| 			return err
 | |
| 		}
 | |
| 
 | |
| 		// Read Result Packet
 | |
| 		authData, newPlugin, err = mc.readAuthResult()
 | |
| 		if err != nil {
 | |
| 			return err
 | |
| 		}
 | |
| 
 | |
| 		// Do not allow to change the auth plugin more than once
 | |
| 		if newPlugin != "" {
 | |
| 			return ErrMalformPkt
 | |
| 		}
 | |
| 	}
 | |
| 
 | |
| 	switch plugin {
 | |
| 
 | |
| 	// https://insidemysql.com/preparing-your-community-connector-for-mysql-8-part-2-sha256/
 | |
| 	case "caching_sha2_password":
 | |
| 		switch len(authData) {
 | |
| 		case 0:
 | |
| 			return nil // auth successful
 | |
| 		case 1:
 | |
| 			switch authData[0] {
 | |
| 			case cachingSha2PasswordFastAuthSuccess:
 | |
| 				if err = mc.readResultOK(); err == nil {
 | |
| 					return nil // auth successful
 | |
| 				}
 | |
| 
 | |
| 			case cachingSha2PasswordPerformFullAuthentication:
 | |
| 				if mc.cfg.tls != nil || mc.cfg.Net == "unix" {
 | |
| 					// write cleartext auth packet
 | |
| 					err = mc.writeAuthSwitchPacket(append([]byte(mc.cfg.Passwd), 0))
 | |
| 					if err != nil {
 | |
| 						return err
 | |
| 					}
 | |
| 				} else {
 | |
| 					pubKey := mc.cfg.pubKey
 | |
| 					if pubKey == nil {
 | |
| 						// request public key from server
 | |
| 						data, err := mc.buf.takeSmallBuffer(4 + 1)
 | |
| 						if err != nil {
 | |
| 							return err
 | |
| 						}
 | |
| 						data[4] = cachingSha2PasswordRequestPublicKey
 | |
| 						mc.writePacket(data)
 | |
| 
 | |
| 						// parse public key
 | |
| 						if data, err = mc.readPacket(); err != nil {
 | |
| 							return err
 | |
| 						}
 | |
| 
 | |
| 						block, _ := pem.Decode(data[1:])
 | |
| 						pkix, err := x509.ParsePKIXPublicKey(block.Bytes)
 | |
| 						if err != nil {
 | |
| 							return err
 | |
| 						}
 | |
| 						pubKey = pkix.(*rsa.PublicKey)
 | |
| 					}
 | |
| 
 | |
| 					// send encrypted password
 | |
| 					err = mc.sendEncryptedPassword(oldAuthData, pubKey)
 | |
| 					if err != nil {
 | |
| 						return err
 | |
| 					}
 | |
| 				}
 | |
| 				return mc.readResultOK()
 | |
| 
 | |
| 			default:
 | |
| 				return ErrMalformPkt
 | |
| 			}
 | |
| 		default:
 | |
| 			return ErrMalformPkt
 | |
| 		}
 | |
| 
 | |
| 	case "sha256_password":
 | |
| 		switch len(authData) {
 | |
| 		case 0:
 | |
| 			return nil // auth successful
 | |
| 		default:
 | |
| 			block, _ := pem.Decode(authData)
 | |
| 			pub, err := x509.ParsePKIXPublicKey(block.Bytes)
 | |
| 			if err != nil {
 | |
| 				return err
 | |
| 			}
 | |
| 
 | |
| 			// send encrypted password
 | |
| 			err = mc.sendEncryptedPassword(oldAuthData, pub.(*rsa.PublicKey))
 | |
| 			if err != nil {
 | |
| 				return err
 | |
| 			}
 | |
| 			return mc.readResultOK()
 | |
| 		}
 | |
| 
 | |
| 	default:
 | |
| 		return nil // auth successful
 | |
| 	}
 | |
| 
 | |
| 	return err
 | |
| }
 |