On Sun, May 10, 2009 at 06:59:05PM +0000, Fabian wrote:

Update of /cvsroot/monetdb/MonetDB5/src/modules/mal In directory 23jxhf1.ch3.sourceforge.com:/tmp/cvs-serv28294/src/modules/mal

Modified Files: mal_mapi.mx Log Message: refine protocol v9 to use the hash the server told the client

The hash algorithm can be chosen at configure time, defaulting to SHA512, mainly because conversion between hashes is impossible, and this way we are forward compatible for a long time, by allowing the DBA to keep on using an older/weaker hash algorithm in favour of dumping and restoring the database.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! TRUNK USERS, BEWARE: !!! !!! !!! !!! If you want to keep on using an existing trunk database, you !!! !!! have to configure MonetDB5 with --with-password-backend=SHA1 !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

U mal_mapi.mx Index: mal_mapi.mx =================================================================== RCS file: /cvsroot/monetdb/MonetDB5/src/modules/mal/mal_mapi.mx,v retrieving revision 1.27 retrieving revision 1.28 diff -u -d -r1.27 -r1.28 --- mal_mapi.mx 6 May 2009 19:59:51 -0000 1.27 +++ mal_mapi.mx 10 May 2009 18:59:03 -0000 1.28 @@ -440,16 +440,17 @@ /* generate the challenge string */ challenge = alloca(sizeof(char) * (12 + 1)); generateChallenge(challenge, 8, 12); - if (AUTHgetHashAlgorithms(&algos) != MAL_SUCCEED) assert (0); - /* note that we claim to speak proto 9 here for SHA-1 passwords */ - stream_printf(fdout, "%s:mserver:9:%s:%s", + assert(AUTHgetHashAlgorithms(&algos) == MAL_SUCCEED); ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This call will only be executed (and hence variable algos initialized, in case assertions are enabled.

Maybe, this is not was you intended... (Assertions are (by default) disabled in released binary distributions and source tarballs.) Stefan

+ /* note that we claim to speak proto 9 here for hashed passwords */ + stream_printf(fdout, "%s:mserver:9:%s:%s:%s:", challenge, algos, #ifdef WORDS_BIGENDIAN - "BIG" + "BIG", #else - "LIT" + "LIT", #endif + MONETDB5_PASSWDHASH ); GDKfree(algos); stream_flush(fdout);

------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com _______________________________________________ Monetdb-checkins mailing list Monetdb-checkins@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/monetdb-checkins

-- | Dr. Stefan Manegold | mailto:Stefan.Manegold@cwi.nl | | CWI, P.O.Box 94079 | http://www.cwi.nl/~manegold/ | | 1090 GB Amsterdam | Tel.: +31 (20) 592-4212 | | The Netherlands | Fax : +31 (20) 592-4312 |