You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

740 lines
18 KiB

  1. // Go MySQL Driver - A MySQL-Driver for Go's database/sql package
  2. //
  3. // Copyright 2012 The Go-MySQL-Driver Authors. All rights reserved.
  4. //
  5. // This Source Code Form is subject to the terms of the Mozilla Public
  6. // License, v. 2.0. If a copy of the MPL was not distributed with this file,
  7. // You can obtain one at http://mozilla.org/MPL/2.0/.
  8. package mysql
  9. import (
  10. "crypto/sha1"
  11. "crypto/tls"
  12. "database/sql/driver"
  13. "encoding/binary"
  14. "fmt"
  15. "io"
  16. "strings"
  17. "time"
  18. )
  19. var (
  20. tlsConfigRegister map[string]*tls.Config // Register for custom tls.Configs
  21. )
  22. // RegisterTLSConfig registers a custom tls.Config to be used with sql.Open.
  23. // Use the key as a value in the DSN where tls=value.
  24. //
  25. // rootCertPool := x509.NewCertPool()
  26. // pem, err := ioutil.ReadFile("/path/ca-cert.pem")
  27. // if err != nil {
  28. // log.Fatal(err)
  29. // }
  30. // if ok := rootCertPool.AppendCertsFromPEM(pem); !ok {
  31. // log.Fatal("Failed to append PEM.")
  32. // }
  33. // clientCert := make([]tls.Certificate, 0, 1)
  34. // certs, err := tls.LoadX509KeyPair("/path/client-cert.pem", "/path/client-key.pem")
  35. // if err != nil {
  36. // log.Fatal(err)
  37. // }
  38. // clientCert = append(clientCert, certs)
  39. // mysql.RegisterTLSConfig("custom", &tls.Config{
  40. // RootCAs: rootCertPool,
  41. // Certificates: clientCert,
  42. // })
  43. // db, err := sql.Open("mysql", "user@tcp(localhost:3306)/test?tls=custom")
  44. //
  45. func RegisterTLSConfig(key string, config *tls.Config) error {
  46. if _, isBool := readBool(key); isBool || strings.ToLower(key) == "skip-verify" {
  47. return fmt.Errorf("key '%s' is reserved", key)
  48. }
  49. if tlsConfigRegister == nil {
  50. tlsConfigRegister = make(map[string]*tls.Config)
  51. }
  52. tlsConfigRegister[key] = config
  53. return nil
  54. }
  55. // DeregisterTLSConfig removes the tls.Config associated with key.
  56. func DeregisterTLSConfig(key string) {
  57. if tlsConfigRegister != nil {
  58. delete(tlsConfigRegister, key)
  59. }
  60. }
  61. // Returns the bool value of the input.
  62. // The 2nd return value indicates if the input was a valid bool value
  63. func readBool(input string) (value bool, valid bool) {
  64. switch input {
  65. case "1", "true", "TRUE", "True":
  66. return true, true
  67. case "0", "false", "FALSE", "False":
  68. return false, true
  69. }
  70. // Not a valid bool value
  71. return
  72. }
  73. /******************************************************************************
  74. * Authentication *
  75. ******************************************************************************/
  76. // Encrypt password using 4.1+ method
  77. func scramblePassword(scramble, password []byte) []byte {
  78. if len(password) == 0 {
  79. return nil
  80. }
  81. // stage1Hash = SHA1(password)
  82. crypt := sha1.New()
  83. crypt.Write(password)
  84. stage1 := crypt.Sum(nil)
  85. // scrambleHash = SHA1(scramble + SHA1(stage1Hash))
  86. // inner Hash
  87. crypt.Reset()
  88. crypt.Write(stage1)
  89. hash := crypt.Sum(nil)
  90. // outer Hash
  91. crypt.Reset()
  92. crypt.Write(scramble)
  93. crypt.Write(hash)
  94. scramble = crypt.Sum(nil)
  95. // token = scrambleHash XOR stage1Hash
  96. for i := range scramble {
  97. scramble[i] ^= stage1[i]
  98. }
  99. return scramble
  100. }
  101. // Encrypt password using pre 4.1 (old password) method
  102. // https://github.com/atcurtis/mariadb/blob/master/mysys/my_rnd.c
  103. type myRnd struct {
  104. seed1, seed2 uint32
  105. }
  106. const myRndMaxVal = 0x3FFFFFFF
  107. // Pseudo random number generator
  108. func newMyRnd(seed1, seed2 uint32) *myRnd {
  109. return &myRnd{
  110. seed1: seed1 % myRndMaxVal,
  111. seed2: seed2 % myRndMaxVal,
  112. }
  113. }
  114. // Tested to be equivalent to MariaDB's floating point variant
  115. // http://play.golang.org/p/QHvhd4qved
  116. // http://play.golang.org/p/RG0q4ElWDx
  117. func (r *myRnd) NextByte() byte {
  118. r.seed1 = (r.seed1*3 + r.seed2) % myRndMaxVal
  119. r.seed2 = (r.seed1 + r.seed2 + 33) % myRndMaxVal
  120. return byte(uint64(r.seed1) * 31 / myRndMaxVal)
  121. }
  122. // Generate binary hash from byte string using insecure pre 4.1 method
  123. func pwHash(password []byte) (result [2]uint32) {
  124. var add uint32 = 7
  125. var tmp uint32
  126. result[0] = 1345345333
  127. result[1] = 0x12345671
  128. for _, c := range password {
  129. // skip spaces and tabs in password
  130. if c == ' ' || c == '\t' {
  131. continue
  132. }
  133. tmp = uint32(c)
  134. result[0] ^= (((result[0] & 63) + add) * tmp) + (result[0] << 8)
  135. result[1] += (result[1] << 8) ^ result[0]
  136. add += tmp
  137. }
  138. // Remove sign bit (1<<31)-1)
  139. result[0] &= 0x7FFFFFFF
  140. result[1] &= 0x7FFFFFFF
  141. return
  142. }
  143. // Encrypt password using insecure pre 4.1 method
  144. func scrambleOldPassword(scramble, password []byte) []byte {
  145. if len(password) == 0 {
  146. return nil
  147. }
  148. scramble = scramble[:8]
  149. hashPw := pwHash(password)
  150. hashSc := pwHash(scramble)
  151. r := newMyRnd(hashPw[0]^hashSc[0], hashPw[1]^hashSc[1])
  152. var out [8]byte
  153. for i := range out {
  154. out[i] = r.NextByte() + 64
  155. }
  156. mask := r.NextByte()
  157. for i := range out {
  158. out[i] ^= mask
  159. }
  160. return out[:]
  161. }
  162. /******************************************************************************
  163. * Time related utils *
  164. ******************************************************************************/
  165. // NullTime represents a time.Time that may be NULL.
  166. // NullTime implements the Scanner interface so
  167. // it can be used as a scan destination:
  168. //
  169. // var nt NullTime
  170. // err := db.QueryRow("SELECT time FROM foo WHERE id=?", id).Scan(&nt)
  171. // ...
  172. // if nt.Valid {
  173. // // use nt.Time
  174. // } else {
  175. // // NULL value
  176. // }
  177. //
  178. // This NullTime implementation is not driver-specific
  179. type NullTime struct {
  180. Time time.Time
  181. Valid bool // Valid is true if Time is not NULL
  182. }
  183. // Scan implements the Scanner interface.
  184. // The value type must be time.Time or string / []byte (formatted time-string),
  185. // otherwise Scan fails.
  186. func (nt *NullTime) Scan(value interface{}) (err error) {
  187. if value == nil {
  188. nt.Time, nt.Valid = time.Time{}, false
  189. return
  190. }
  191. switch v := value.(type) {
  192. case time.Time:
  193. nt.Time, nt.Valid = v, true
  194. return
  195. case []byte:
  196. nt.Time, err = parseDateTime(string(v), time.UTC)
  197. nt.Valid = (err == nil)
  198. return
  199. case string:
  200. nt.Time, err = parseDateTime(v, time.UTC)
  201. nt.Valid = (err == nil)
  202. return
  203. }
  204. nt.Valid = false
  205. return fmt.Errorf("Can't convert %T to time.Time", value)
  206. }
  207. // Value implements the driver Valuer interface.
  208. func (nt NullTime) Value() (driver.Value, error) {
  209. if !nt.Valid {
  210. return nil, nil
  211. }
  212. return nt.Time, nil
  213. }
  214. func parseDateTime(str string, loc *time.Location) (t time.Time, err error) {
  215. base := "0000-00-00 00:00:00.0000000"
  216. switch len(str) {
  217. case 10, 19, 21, 22, 23, 24, 25, 26: // up to "YYYY-MM-DD HH:MM:SS.MMMMMM"
  218. if str == base[:len(str)] {
  219. return
  220. }
  221. t, err = time.Parse(timeFormat[:len(str)], str)
  222. default:
  223. err = fmt.Errorf("invalid time string: %s", str)
  224. return
  225. }
  226. // Adjust location
  227. if err == nil && loc != time.UTC {
  228. y, mo, d := t.Date()
  229. h, mi, s := t.Clock()
  230. t, err = time.Date(y, mo, d, h, mi, s, t.Nanosecond(), loc), nil
  231. }
  232. return
  233. }
  234. func parseBinaryDateTime(num uint64, data []byte, loc *time.Location) (driver.Value, error) {
  235. switch num {
  236. case 0:
  237. return time.Time{}, nil
  238. case 4:
  239. return time.Date(
  240. int(binary.LittleEndian.Uint16(data[:2])), // year
  241. time.Month(data[2]), // month
  242. int(data[3]), // day
  243. 0, 0, 0, 0,
  244. loc,
  245. ), nil
  246. case 7:
  247. return time.Date(
  248. int(binary.LittleEndian.Uint16(data[:2])), // year
  249. time.Month(data[2]), // month
  250. int(data[3]), // day
  251. int(data[4]), // hour
  252. int(data[5]), // minutes
  253. int(data[6]), // seconds
  254. 0,
  255. loc,
  256. ), nil
  257. case 11:
  258. return time.Date(
  259. int(binary.LittleEndian.Uint16(data[:2])), // year
  260. time.Month(data[2]), // month
  261. int(data[3]), // day
  262. int(data[4]), // hour
  263. int(data[5]), // minutes
  264. int(data[6]), // seconds
  265. int(binary.LittleEndian.Uint32(data[7:11]))*1000, // nanoseconds
  266. loc,
  267. ), nil
  268. }
  269. return nil, fmt.Errorf("invalid DATETIME packet length %d", num)
  270. }
  271. // zeroDateTime is used in formatBinaryDateTime to avoid an allocation
  272. // if the DATE or DATETIME has the zero value.
  273. // It must never be changed.
  274. // The current behavior depends on database/sql copying the result.
  275. var zeroDateTime = []byte("0000-00-00 00:00:00.000000")
  276. const digits01 = "0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789"
  277. const digits10 = "0000000000111111111122222222223333333333444444444455555555556666666666777777777788888888889999999999"
  278. func formatBinaryDateTime(src []byte, length uint8, justTime bool) (driver.Value, error) {
  279. // length expects the deterministic length of the zero value,
  280. // negative time and 100+ hours are automatically added if needed
  281. if len(src) == 0 {
  282. if justTime {
  283. return zeroDateTime[11 : 11+length], nil
  284. }
  285. return zeroDateTime[:length], nil
  286. }
  287. var dst []byte // return value
  288. var pt, p1, p2, p3 byte // current digit pair
  289. var zOffs byte // offset of value in zeroDateTime
  290. if justTime {
  291. switch length {
  292. case
  293. 8, // time (can be up to 10 when negative and 100+ hours)
  294. 10, 11, 12, 13, 14, 15: // time with fractional seconds
  295. default:
  296. return nil, fmt.Errorf("illegal TIME length %d", length)
  297. }
  298. switch len(src) {
  299. case 8, 12:
  300. default:
  301. return nil, fmt.Errorf("invalid TIME packet length %d", len(src))
  302. }
  303. // +2 to enable negative time and 100+ hours
  304. dst = make([]byte, 0, length+2)
  305. if src[0] == 1 {
  306. dst = append(dst, '-')
  307. }
  308. if src[1] != 0 {
  309. hour := uint16(src[1])*24 + uint16(src[5])
  310. pt = byte(hour / 100)
  311. p1 = byte(hour - 100*uint16(pt))
  312. dst = append(dst, digits01[pt])
  313. } else {
  314. p1 = src[5]
  315. }
  316. zOffs = 11
  317. src = src[6:]
  318. } else {
  319. switch length {
  320. case 10, 19, 21, 22, 23, 24, 25, 26:
  321. default:
  322. t := "DATE"
  323. if length > 10 {
  324. t += "TIME"
  325. }
  326. return nil, fmt.Errorf("illegal %s length %d", t, length)
  327. }
  328. switch len(src) {
  329. case 4, 7, 11:
  330. default:
  331. t := "DATE"
  332. if length > 10 {
  333. t += "TIME"
  334. }
  335. return nil, fmt.Errorf("illegal %s packet length %d", t, len(src))
  336. }
  337. dst = make([]byte, 0, length)
  338. // start with the date
  339. year := binary.LittleEndian.Uint16(src[:2])
  340. pt = byte(year / 100)
  341. p1 = byte(year - 100*uint16(pt))
  342. p2, p3 = src[2], src[3]
  343. dst = append(dst,
  344. digits10[pt], digits01[pt],
  345. digits10[p1], digits01[p1], '-',
  346. digits10[p2], digits01[p2], '-',
  347. digits10[p3], digits01[p3],
  348. )
  349. if length == 10 {
  350. return dst, nil
  351. }
  352. if len(src) == 4 {
  353. return append(dst, zeroDateTime[10:length]...), nil
  354. }
  355. dst = append(dst, ' ')
  356. p1 = src[4] // hour
  357. src = src[5:]
  358. }
  359. // p1 is 2-digit hour, src is after hour
  360. p2, p3 = src[0], src[1]
  361. dst = append(dst,
  362. digits10[p1], digits01[p1], ':',
  363. digits10[p2], digits01[p2], ':',
  364. digits10[p3], digits01[p3],
  365. )
  366. if length <= byte(len(dst)) {
  367. return dst, nil
  368. }
  369. src = src[2:]
  370. if len(src) == 0 {
  371. return append(dst, zeroDateTime[19:zOffs+length]...), nil
  372. }
  373. microsecs := binary.LittleEndian.Uint32(src[:4])
  374. p1 = byte(microsecs / 10000)
  375. microsecs -= 10000 * uint32(p1)
  376. p2 = byte(microsecs / 100)
  377. microsecs -= 100 * uint32(p2)
  378. p3 = byte(microsecs)
  379. switch decimals := zOffs + length - 20; decimals {
  380. default:
  381. return append(dst, '.',
  382. digits10[p1], digits01[p1],
  383. digits10[p2], digits01[p2],
  384. digits10[p3], digits01[p3],
  385. ), nil
  386. case 1:
  387. return append(dst, '.',
  388. digits10[p1],
  389. ), nil
  390. case 2:
  391. return append(dst, '.',
  392. digits10[p1], digits01[p1],
  393. ), nil
  394. case 3:
  395. return append(dst, '.',
  396. digits10[p1], digits01[p1],
  397. digits10[p2],
  398. ), nil
  399. case 4:
  400. return append(dst, '.',
  401. digits10[p1], digits01[p1],
  402. digits10[p2], digits01[p2],
  403. ), nil
  404. case 5:
  405. return append(dst, '.',
  406. digits10[p1], digits01[p1],
  407. digits10[p2], digits01[p2],
  408. digits10[p3],
  409. ), nil
  410. }
  411. }
  412. /******************************************************************************
  413. * Convert from and to bytes *
  414. ******************************************************************************/
  415. func uint64ToBytes(n uint64) []byte {
  416. return []byte{
  417. byte(n),
  418. byte(n >> 8),
  419. byte(n >> 16),
  420. byte(n >> 24),
  421. byte(n >> 32),
  422. byte(n >> 40),
  423. byte(n >> 48),
  424. byte(n >> 56),
  425. }
  426. }
  427. func uint64ToString(n uint64) []byte {
  428. var a [20]byte
  429. i := 20
  430. // U+0030 = 0
  431. // ...
  432. // U+0039 = 9
  433. var q uint64
  434. for n >= 10 {
  435. i--
  436. q = n / 10
  437. a[i] = uint8(n-q*10) + 0x30
  438. n = q
  439. }
  440. i--
  441. a[i] = uint8(n) + 0x30
  442. return a[i:]
  443. }
  444. // treats string value as unsigned integer representation
  445. func stringToInt(b []byte) int {
  446. val := 0
  447. for i := range b {
  448. val *= 10
  449. val += int(b[i] - 0x30)
  450. }
  451. return val
  452. }
  453. // returns the string read as a bytes slice, wheter the value is NULL,
  454. // the number of bytes read and an error, in case the string is longer than
  455. // the input slice
  456. func readLengthEncodedString(b []byte) ([]byte, bool, int, error) {
  457. // Get length
  458. num, isNull, n := readLengthEncodedInteger(b)
  459. if num < 1 {
  460. return b[n:n], isNull, n, nil
  461. }
  462. n += int(num)
  463. // Check data length
  464. if len(b) >= n {
  465. return b[n-int(num) : n], false, n, nil
  466. }
  467. return nil, false, n, io.EOF
  468. }
  469. // returns the number of bytes skipped and an error, in case the string is
  470. // longer than the input slice
  471. func skipLengthEncodedString(b []byte) (int, error) {
  472. // Get length
  473. num, _, n := readLengthEncodedInteger(b)
  474. if num < 1 {
  475. return n, nil
  476. }
  477. n += int(num)
  478. // Check data length
  479. if len(b) >= n {
  480. return n, nil
  481. }
  482. return n, io.EOF
  483. }
  484. // returns the number read, whether the value is NULL and the number of bytes read
  485. func readLengthEncodedInteger(b []byte) (uint64, bool, int) {
  486. // See issue #349
  487. if len(b) == 0 {
  488. return 0, true, 1
  489. }
  490. switch b[0] {
  491. // 251: NULL
  492. case 0xfb:
  493. return 0, true, 1
  494. // 252: value of following 2
  495. case 0xfc:
  496. return uint64(b[1]) | uint64(b[2])<<8, false, 3
  497. // 253: value of following 3
  498. case 0xfd:
  499. return uint64(b[1]) | uint64(b[2])<<8 | uint64(b[3])<<16, false, 4
  500. // 254: value of following 8
  501. case 0xfe:
  502. return uint64(b[1]) | uint64(b[2])<<8 | uint64(b[3])<<16 |
  503. uint64(b[4])<<24 | uint64(b[5])<<32 | uint64(b[6])<<40 |
  504. uint64(b[7])<<48 | uint64(b[8])<<56,
  505. false, 9
  506. }
  507. // 0-250: value of first byte
  508. return uint64(b[0]), false, 1
  509. }
  510. // encodes a uint64 value and appends it to the given bytes slice
  511. func appendLengthEncodedInteger(b []byte, n uint64) []byte {
  512. switch {
  513. case n <= 250:
  514. return append(b, byte(n))
  515. case n <= 0xffff:
  516. return append(b, 0xfc, byte(n), byte(n>>8))
  517. case n <= 0xffffff:
  518. return append(b, 0xfd, byte(n), byte(n>>8), byte(n>>16))
  519. }
  520. return append(b, 0xfe, byte(n), byte(n>>8), byte(n>>16), byte(n>>24),
  521. byte(n>>32), byte(n>>40), byte(n>>48), byte(n>>56))
  522. }
  523. // reserveBuffer checks cap(buf) and expand buffer to len(buf) + appendSize.
  524. // If cap(buf) is not enough, reallocate new buffer.
  525. func reserveBuffer(buf []byte, appendSize int) []byte {
  526. newSize := len(buf) + appendSize
  527. if cap(buf) < newSize {
  528. // Grow buffer exponentially
  529. newBuf := make([]byte, len(buf)*2+appendSize)
  530. copy(newBuf, buf)
  531. buf = newBuf
  532. }
  533. return buf[:newSize]
  534. }
  535. // escapeBytesBackslash escapes []byte with backslashes (\)
  536. // This escapes the contents of a string (provided as []byte) by adding backslashes before special
  537. // characters, and turning others into specific escape sequences, such as
  538. // turning newlines into \n and null bytes into \0.
  539. // https://github.com/mysql/mysql-server/blob/mysql-5.7.5/mysys/charset.c#L823-L932
  540. func escapeBytesBackslash(buf, v []byte) []byte {
  541. pos := len(buf)
  542. buf = reserveBuffer(buf, len(v)*2)
  543. for _, c := range v {
  544. switch c {
  545. case '\x00':
  546. buf[pos] = '\\'
  547. buf[pos+1] = '0'
  548. pos += 2
  549. case '\n':
  550. buf[pos] = '\\'
  551. buf[pos+1] = 'n'
  552. pos += 2
  553. case '\r':
  554. buf[pos] = '\\'
  555. buf[pos+1] = 'r'
  556. pos += 2
  557. case '\x1a':
  558. buf[pos] = '\\'
  559. buf[pos+1] = 'Z'
  560. pos += 2
  561. case '\'':
  562. buf[pos] = '\\'
  563. buf[pos+1] = '\''
  564. pos += 2
  565. case '"':
  566. buf[pos] = '\\'
  567. buf[pos+1] = '"'
  568. pos += 2
  569. case '\\':
  570. buf[pos] = '\\'
  571. buf[pos+1] = '\\'
  572. pos += 2
  573. default:
  574. buf[pos] = c
  575. pos++
  576. }
  577. }
  578. return buf[:pos]
  579. }
  580. // escapeStringBackslash is similar to escapeBytesBackslash but for string.
  581. func escapeStringBackslash(buf []byte, v string) []byte {
  582. pos := len(buf)
  583. buf = reserveBuffer(buf, len(v)*2)
  584. for i := 0; i < len(v); i++ {
  585. c := v[i]
  586. switch c {
  587. case '\x00':
  588. buf[pos] = '\\'
  589. buf[pos+1] = '0'
  590. pos += 2
  591. case '\n':
  592. buf[pos] = '\\'
  593. buf[pos+1] = 'n'
  594. pos += 2
  595. case '\r':
  596. buf[pos] = '\\'
  597. buf[pos+1] = 'r'
  598. pos += 2
  599. case '\x1a':
  600. buf[pos] = '\\'
  601. buf[pos+1] = 'Z'
  602. pos += 2
  603. case '\'':
  604. buf[pos] = '\\'
  605. buf[pos+1] = '\''
  606. pos += 2
  607. case '"':
  608. buf[pos] = '\\'
  609. buf[pos+1] = '"'
  610. pos += 2
  611. case '\\':
  612. buf[pos] = '\\'
  613. buf[pos+1] = '\\'
  614. pos += 2
  615. default:
  616. buf[pos] = c
  617. pos++
  618. }
  619. }
  620. return buf[:pos]
  621. }
  622. // escapeBytesQuotes escapes apostrophes in []byte by doubling them up.
  623. // This escapes the contents of a string by doubling up any apostrophes that
  624. // it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
  625. // effect on the server.
  626. // https://github.com/mysql/mysql-server/blob/mysql-5.7.5/mysys/charset.c#L963-L1038
  627. func escapeBytesQuotes(buf, v []byte) []byte {
  628. pos := len(buf)
  629. buf = reserveBuffer(buf, len(v)*2)
  630. for _, c := range v {
  631. if c == '\'' {
  632. buf[pos] = '\''
  633. buf[pos+1] = '\''
  634. pos += 2
  635. } else {
  636. buf[pos] = c
  637. pos++
  638. }
  639. }
  640. return buf[:pos]
  641. }
  642. // escapeStringQuotes is similar to escapeBytesQuotes but for string.
  643. func escapeStringQuotes(buf []byte, v string) []byte {
  644. pos := len(buf)
  645. buf = reserveBuffer(buf, len(v)*2)
  646. for i := 0; i < len(v); i++ {
  647. c := v[i]
  648. if c == '\'' {
  649. buf[pos] = '\''
  650. buf[pos+1] = '\''
  651. pos += 2
  652. } else {
  653. buf[pos] = c
  654. pos++
  655. }
  656. }
  657. return buf[:pos]
  658. }