SIMATIC

MySQL_v1\ SIMATIC 300(1)\CPU 315-2 PN/DP\...\MySQL_v5

12/14/2012 05:55:03 PM

1 2 3 4 5 6 7 8

// // // // //

define sybolic names to: one FBxy = MySQL one FCxy = SHA1 one DBxy = My one UDT created with Open Connection Wizard = ConnPara

// uses TCON, TSEND, TRRCV, TDISCON, BLKMOV, TON

Page 1 of 14

SIMATIC

MySQL_v1\ SIMATIC 300(1)\CPU 315-2 PN/DP\...\MySQL_v5

12/14/2012 05:55:03 PM

9 DATA_BLOCK My MySQL 10 BEGIN 11 END_DATA_BLOCK 12

Page 2 of 14

SIMATIC

MySQL_v1\ SIMATIC 300(1)\CPU 315-2 PN/DP\...\MySQL_v5

12/14/2012 05:55:03 PM

13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

FUNCTION_BLOCK MySQL TITLE = 'MYSQL' VERSION: '1.1' AUTHOR: Bursic NAME: MySQL FAMILY: MySQL VAR_INPUT Connect:BOOL; // start and hold connection / disconnect SQLExe:BOOL; // execute sql statemens in Send.Text (send buffer), do fill bufer and set on ly when status=STATUS_OK, otherwise send buffer is corrupted pUsername:ANY; //username for login: pointer to string type variable of arbitrary size pUsernameAny AT pUsername : STRUCT // Diassembled ANY pointer structure S7Code : BYTE; // Code for S7 (fixed at 16#10) DataType : BYTE; // Code for data type Length : INT; // Repetition factor = Send/receive length DBNumber : INT; // Data block Number Address : DINT; // Byte address END_STRUCT; pPassword:ANY; //password for login: pointer to string type variable of size less than 55 characters pPasswordAny AT pPassword: STRUCT // Diassembled ANY pointer structure S7Code : BYTE; // Code for S7 (fixed at 16#10) DataType : BYTE; // Code for data type Length : INT; // Repetition factor = Send/receive length DBNumber : INT; // Data block Number Address : DINT; // Byte address END_STRUCT; pDBase:ANY; //database name: pointer to string type variable of arbitrary size pDBaseAny AT pDBase: STRUCT // Diassembled ANY pointer structure S7Code : BYTE; // Code for S7 (fixed at 16#10) DataType : BYTE; // Code for data type Length : INT; // Repetition factor = Send/receive length DBNumber : INT; // Data block Number Address : DINT; // Byte address END_STRUCT; END_VAR

33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 VAR_IN_OUT 53 // I/O Parameters 54 END_VAR 55 56 VAR_OUTPUT 57 SQL_OK:BOOL; // client connected and executed SQL statements without errors 58 SQL_Err:BOOL; // SQL statement execution returned error - response from server, client sti ll running without problems 59 Busy:BOOL; // Client is processing data 60 Error:BOOL; // Error, client aborted and disconected 61 Status:INT; // status of connection / error code 62 Step:INT; // current step of algorithm 63 END_VAR 64 65 VAR_TEMP 66 pA : ANY; // DB address ANY pointer - used for accessing DB data 67 pAAny AT pA : 68 STRUCT // Diassembled ANY pointer structure 69 S7Code : BYTE; // Code for S7 (fixed at 16#10) 70 DataType : BYTE; // Code for data type 71 Length : INT; // Repetition factor = Send/receive length 72 DBNumber : INT; // Data block Number 73 Address : DINT; // Byte address 74 END_STRUCT; 75 pB : ANY; // DB address ANY pointer - used for accessing DB data 76 pBAny AT pB : 77 STRUCT // Diassembled ANY pointer structure 78 S7Code : BYTE; // Code for S7 (fixed at 16#10) 79 DataType : BYTE; // Code for data type 80 Length : INT; // Repetition factor = Send/receive length 81 DBNumber : INT; // Data block Number 82 Address : DINT; // Byte address

Page 3 of 14

SIMATIC

MySQL_v1\ SIMATIC 300(1)\CPU 315-2 PN/DP\...\MySQL_v5

12/14/2012 05:55:03 PM

83 END_STRUCT; 84 Conn_pos_pulse:BOOL; // positve edge pulse 85 Conn_neg_pulse:BOOL; // negative edge pulse 86 TempDint:DINT; // temp dint for splitting in bytes 87 TempDint_byte AT TempDint: ARRAY [0..3] OF BYTE; 88 null_pos_found:BOOL; // found null char string 89 i:INT; 90 j:INT; 91 Username_length:BYTE; 92 Password_length:BYTE; 93 DBase_length:BYTE; 94 res_sha:BOOL; 95 END_VAR 96 97 VAR 98 net_conn:TCON; // connect instance 99 net_rcv:TRCV; // receive instance 100 net_send:TSEND; // send instance 101 net_discon:TDISCON; // disconnect instance 102 Wdg:TON; // watchdog timer instance 103 rcv_buff: ARRAY [0..95] OF BYTE; //array[BUFF_SIZE], receive buffer 104 Send: // send buffer 105 STRUCT 106 dummy: ARRAY[0..2] OF BYTE; //3 bytes of header(4 byte), other 1 is allocated in strin g and encoded before xmit 107 Text: STRING[92]; // command text for querying sql server, firs two bytes are format, text begins at snd_buff[5], 4 byte is header(length+packId), 5-th byte is SQL cmd 108 END_STRUCT; 109 snd_buff AT Send: ARRAY[0..95] OF BYTE; // send buffer 110 scramble: ARRAY [0..39] OF BYTE; // can be alloacted in TEMP if HANDSHAKE is only single s tep 111 stage1_hash: ARRAY [0..19] OF BYTE; // can be alloacted in TEMP if HANDSHAKE is only singl e step 112 token: ARRAY [0..19] OF BYTE;// can be alloacted in TEMP if HANDSHAKE is only single step 113 null_pos:DINT; // position of null termination string, can be alloacted in TEMP if HANDSHA KE is only single step 114 net_settings: ConnPara; //UDT of connection parameters, derived from Open Communication Wi zard 115 Steps:INT:=0; // state machine, current step 116 PacketId:INT; // header packet id 117 rtx_len:DINT; // length of received/transmitted packet 118 net_con_req:BOOL; // connect request 119 net_rcv_req:BOOL; // receive request 120 net_wrt_req:BOOL; // write request 121 net_disc_req:BOOL; //disconnect request 122 Conn_temp:BOOL; // edge detection temp variable 123 port_closed:BOOL; // communication port closed 124 Wdg_reset:BOOL; // reset watchdog timer 125 Wdg_run:BOOL; // enable/disable watchdog timer 126 Run:BOOL; 127 Stop:BOOL; 128 129 CTRL_DONE : BOOL; 130 CTRL_ERROR : BOOL; 131 CTRL_STATUS : WORD; 132 CTRL_RESULT1 : DWORD; 133 CTRL_RESULT2 : DWORD; 134 RCV_NDR : BOOL; 135 RCV_ERROR : BOOL; 136 RCV_STATUS : WORD; 137 RCV_LEN : INT; 138 SND_DONE : BOOL; 139 SND_ERROR : BOOL; 140 SND_STATUS : WORD; 141 142 END_VAR 143 144 CONST 145 STATUS_TIMEOUT_MS:=T#14s500ms;; 146 BUF_SIZE:= 96; //must be same as receive buffer size 147 148 //CLIENT_LONG_PASSWORD | CLIENT_CONNECT_WITH_DB | CLIENT_PROTOCOL_41 | CLIENT_INTERACTIVE | CLIENT_SECURE_CONNECTION

Page 4 of 14

SIMATIC

MySQL_v1\ SIMATIC 300(1)\CPU 315-2 PN/DP\...\MySQL_v5

12/14/2012 05:55:03 PM

149 CLIENT_FLAG:=34313;//W#16#8609;// dec 34313 150 151 CMD_QUIT:= B#16#01; //Exit 152 CMD_QUERY:= B#16#03; //Execute an SQL query 153 154 STATUS_OK:=0; ///<Success 155 STATUS_PROCESSING:=1; // Processing 156 STATUS_PROTOCOL:=2; // Protocol error 157 STATUS_AUTHFAILED:=3; // Auth failure 158 STATUS_SQL:=4; // SQL Error 159 STATUS_TIMEOUT:=5; // Connection timeout 160 STATUS_CONN:=6; // Connection error 161 STATUS_PTR:=7; // input data pointer error 162 163 STEP_INIT:=0; 164 STEP_CONNECT:=1; 165 STEP_HANDSHAKE_1:=2; 166 STEP_HANDSHAKE_2:=3; 167 STEP_HANDSHAKE_3:=4; 168 STEP_HANDSHAKE_4:=5; 169 STEP_AUTH:=6; 170 STEP_COMMANDS:=7; 171 STEP_DISCON:=8; 172 STEP_CLOSED:=9; 173 END_CONST 174 175 BEGIN 176 177 Conn_pos_pulse:= Connect AND NOT Conn_temp; //positive edge detection 178 Conn_neg_pulse:= NOT Connect AND Conn_temp; //negative edge detection 179 Conn_temp:=Connect; 180 181 IF Conn_pos_pulse THEN //client start 182 Run:=true; 183 Stop:=false; 184 Steps:=STEP_INIT; 185 Status:=STATUS_PROCESSING; 186 Wdg.PT :=STATUS_TIMEOUT_MS; //initialize watchdog timer 187 Wdg_run:=true; 188 Wdg_reset:=true; 189 END_IF; 190 191 IF Conn_neg_pulse THEN //client shutdown 192 Stop:=true; 193 Wdg_run:=true; 194 //close request 195 END_IF; 196 197 198 199 200 IF Conn_pos_pulse OR Conn_neg_pulse THEN 201 net_con_req:=false; 202 Error:=false; 203 END_IF; 204 // call watchdog timer 205 Wdg(IN :=NOT(Wdg_reset OR Error) AND Wdg_run); 206 Wdg_reset:=false; 207 208 IF Run AND NOT Error THEN 209 210 IF Steps=STEP_INIT THEN 211 212 213 net_discon(REQ :=(Steps=STEP_INIT),ID :=net_settings.ID); 214 215 216 IF (net_discon.done OR net_discon.error) THEN //previous connection is closed or i t was yet closed (error) 217 218 Steps:=STEP_CONNECT; 219 port_closed:=true; 220 net_con_req:=false; //we call TCON with req=0 to make sure will generate an ed

Page 5 of 14

SIMATIC

MySQL_v1\ SIMATIC 300(1)\CPU 315-2 PN/DP\...\MySQL_v5

12/14/2012 05:55:03 PM

ge 221 222 223 224 225 226 227 228 229 e 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 // Status:=WORD_TO_INT(net_conn.status); IF net_conn.done AND port_closed THEN net_con_req:=false; port_closed:=false; Steps:=STEP_HANDSHAKE_1; Wdg_reset:=true; Wdg_run:=true; net_rcv_req:=true; // engage TRCV ASAP, to get greeting message from server ELSIF net_conn.error THEN net_con_req:=false; Error:=true; Status:=STATUS_CONN; // connection error END_IF; Wdg_run:=true; Wdg_reset:=true; END_IF; ELSE // if not init anymore we check connection status each scan net_conn(REQ := net_con_req,ID :=net_settings.ID,CONNECT :=net_settings); net_con_req:=port_closed; // if first exec of call was false next time will be tru

IF NOT port_closed THEN // when connection is established do receive all time; whe n packet is received set req=0 and next scan req=1 (edge), restart receive 249 net_rcv(EN_R :=net_rcv_req,ID :=net_settings.ID,LEN :=0,DATA :=rcv_buff); 250 net_rcv_req:=false; // 251 END_IF; 252 253 IF net_rcv.ndr THEN // on receive event 254 Wdg_run:=true; 255 Wdg_reset:=true; 256 rtx_len:=0; 257 IF (net_rcv.rcvd_len=0) THEN //null is not an error restart receive 258 net_rcv_req:=true; //create an edge->new read request 259 ELSIF (net_rcv.rcvd_len<4) THEN // decode header: first 4-bytes 260 Error:=true; 261 Status:=STATUS_PROTOCOL; 262 RETURN; 263 ELSE 264 TempDint_byte[3]:=rcv_buff[0]; //length of packet after header bytes 0 1 2 265 TempDint_byte[2]:=rcv_buff[1]; 266 TempDint_byte[1]:=rcv_buff[2]; 267 TempDint_byte[0]:=B#16#0; // convert to dint 268 rtx_len:=TempDint; 269 PacketId := BYTE_TO_INT(rcv_buff[3]); //packet id 4-th byte 270 PacketId:=PacketId+1; 271 IF ((rtx_len+4)>net_rcv.rcvd_len) THEN //check if declared length of packe t is bigger then received 272 Error:=true; 273 RETURN; 274 ELSE 275 rtx_len:=net_rcv.rcvd_len-4; 276 END_IF; 277 278 END_IF; //net_rcv.rcvd_len 279 280 net_rcv.error THEN ELSIF 281 Error:=true; 282 Status:=STATUS_CONN; 283 RETURN; 284 END_IF;//net_rcv.ndr 285 286 IF NOT net_rcv_req AND NOT port_closed THEN //this loop is computed over several scans and it should not receive new packet while is processing this one 287

Page 6 of 14

SIMATIC

MySQL_v1\ SIMATIC 300(1)\CPU 315-2 PN/DP\...\MySQL_v5

12/14/2012 05:55:03 PM

288 289 290 291 292 293 294

IF (Steps=STEP_HANDSHAKE_1) THEN ause of computing load of SHA1

//split handshake in more sub steps, bec

IF rtx_len>1 THEN null_pos_found:=false; i:=5; WHILE i<rtx_len AND NOT null_pos_found DO IF rcv_buff[i]=B#16#00 THEN //find first null-terminated string after server description 295 null_pos:=i+1; 296 null_pos_found:=true; 297 END_IF; 298 i:=i+1; 299 END_WHILE; 300 END_IF; 301 IF NOT(rtx_len>1 AND null_pos_found) THEN 302 Status:=STATUS_PROTOCOL; 303 Error:=true; 304 RETURN; 305 END_IF; 306 307 i:=0; 308 WHILE i<8 DO //copy first part of scramble from receive buffer 309 scramble[i]:=rcv_buff[null_pos+4+i]; 310 i:=i+1; 311 END_WHILE; 312 i:=0; 313 WHILE i<12 DO //copy second part of scramble from receive buffer 314 scramble[i+8]:=rcv_buff[null_pos+31+i]; 315 i:=i+1; 316 END_WHILE; 317 null_pos_found:=false; 318 i:=DINT_TO_INT(null_pos)+43;//find null terminating string and gar bage 319 WHILE i<rtx_len AND NOT null_pos_found DO 320 IF rcv_buff[i]=B#16#00 THEN //null-terminated string after sc ramble 321 null_pos:=i+1; //after is a garabge text, de fault 'mysql_native_password' 322 null_pos_found:=true; 323 END_IF; 324 i:=i+1; 325 END_WHILE; 326 327 pPasswordAny.DataType := B#16#02; // Code for data type byte, wh atever was its changed to byte(char) 328 pPasswordAny.Address:=pPasswordAny.Address+8; //first byte is maxi mal length of string, second byte is actual size 329 pPasswordAny.Length :=1; // length of string is 1 byte 330 331 IF BLKMOV(SRCBLK :=pPassword,DSTBLK :=Password_length)<>0 THEN // get password length from string pointed by pointer 332 Error:=true; 333 Status:=STATUS_PTR; // pointer error 334 RETURN; 335 END_IF; 336 337 pPasswordAny.Length :=BYTE_TO_INT(Password_length); // length of string 338 pPasswordAny.Address:=pPasswordAny.Address+8; // string without f ormat, only text 339 340 IF NOT SHA1(pIn := pPassword, length :=pPasswordAny.Length, pOut : = stage1_hash) THEN // copmute: stage1_hash = SHA1(password) 341 Error:=true; 342 Status:=STATUS_PTR; // pointer error 343 RETURN; 344 END_IF; 345 Steps:=STEP_HANDSHAKE_2; 346 347 348 ELSIF (Steps=STEP_HANDSHAKE_2) THEN //splitted step 349

Page 7 of 14

SIMATIC

MySQL_v1\ SIMATIC 300(1)\CPU 315-2 PN/DP\...\MySQL_v5

12/14/2012 05:55:03 PM

350 351 ytes) 352 [20..39] 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 en XOR stage1_hash 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410

pA:=scramble; // set pointer to beginning of scramble paAny.Length:=20; // set length of memory area to 20 data items (b pAAny.Address:=pAAny.Address+20*8;// store next result in scramble IF NOT SHA1(pIn := stage1_hash,length := 20,pOut := pA) THEN // co mpute scramble upper bytes from stage1_hash Error:=true; Status:=STATUS_PTR; // pointer error RETURN; END_IF; Steps:=STEP_HANDSHAKE_3; ELSIF (Steps=STEP_HANDSHAKE_3) THEN mpute token = SHA1(scramble) Error:=true; Status:=STATUS_PTR; // pointer error RETURN; END_IF; Steps:=STEP_HANDSHAKE_4; ELSIF (Steps=STEP_HANDSHAKE_4) THEN //splitted step //splitted step

IF NOT SHA1(pIn := scramble,length := 40,pOut := token) THEN // co

i:=0; WHILE i<20 DO token[i] := token[i] XOR stage1_hash[i]; // compute: token=tok i:=i+1; // token = SHA1(scram ble + SHA1(stage1_hash)) XOR stage1_hash END_WHILE; Send.Text:=''; //clear send buffer //reserve first 4 bytes for packet length and packet id TempDint := CLIENT_FLAG; snd_buff[4]:= TempDint_byte[3]; snd_buff[5]:= TempDint_byte[2]; snd_buff[6]:= TempDint_byte[1]; snd_buff[7]:= TempDint_byte[0]; TempDint := BUF_SIZE;//Max packets size snd_buff[8]:= TempDint_byte[3]; snd_buff[9]:= TempDint_byte[2]; snd_buff[10]:= TempDint_byte[1]; snd_buff[11]:= TempDint_byte[0]; snd_buff[12]:= 8;//latin1 charse i:=0; WHILE i<23 DO snd_buff[i+13]:=B#16#0; //make 23 nulls i:=i+1; END_WHILE; pUsernameAny.DataType := B#16#02; // Code for data type byte, wh atever was its changed to byte(char) pUsernameAny.Length :=1; // length of string is 1 byte pUsernameAny.Address:=pUsernameAny.Address+8; //point to length of stirng IF BLKMOV(SRCBLK :=pUsername,DSTBLK :=Username_length)<>0 THEN //g et username length from string pointed by pointer Error:=true; Status:=STATUS_PTR; // pointer error RETURN; END_IF; pUsernameAny.Length :=BYTE_TO_INT(Username_length); // length of string pUsernameAny.Address:=pUsernameAny.Address+8; // string without f ormat, only text pB:=snd_buff; // set pointer on beginning of snd_buffer pBAny.Address:=pBAny.Address+36*8; //in the snd_buff[36..] IF BLKMOV(SRCBLK :=pUsername,DSTBLK :=pB)<>0 THEN // send username into buffer Error:=true;

Page 8 of 14

SIMATIC

MySQL_v1\ SIMATIC 300(1)\CPU 315-2 PN/DP\...\MySQL_v5

Status:=STATUS_PTR; // pointer error RETURN; END_IF;

12/14/2012 05:55:03 PM

411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 only text 437 438 439 me into buffer 440 441 442 443 444 445 446 447 448 449

i:=pUsernameAny.Length+36; //just reset index snd_buff[i]:=B#16#0; //null terminated string i:=i+1; snd_buff[i]:=B#16#14; // termination char i:=i+1; j:=i; i:=0; WHILE i<20 DO snd_buff[i+j]:=token[i]; i:=i+1; END_WHILE; j:=j+i; pDBaseAny.DataType := B#16#02; // Code for data type byte, whate ver was its changed to byte(char) pDBaseAny.Length :=1; // length of string is 1 byte pDBaseAny.Address:=pDBaseAny.Address+8; // string without format, only text IF BLKMOV(SRCBLK :=pDBase,DSTBLK :=DBase_length)<>0 THEN //get dat abase name length from string Error:=true; Status:=STATUS_PTR; // pointer error RETURN; END_IF; pDBaseAny.Length :=BYTE_TO_INT(DBase_length); // length of string pDBaseAny.Address:=pDBaseAny.Address+8; // string without format,

pB:=snd_buff; pBAny.Address:=pBAny.Address+j*8; //in the snd_buff[j..] IF BLKMOV(SRCBLK :=pDBase,DSTBLK :=pB)<>0 THEN // send database na

Error:=true; Status:=STATUS_PTR; // pointer error RETURN; END_IF; i:=pDBaseAny.Length; snd_buff[i+j]:=B#16#0; //null terminated string j:=j+i+1; i:=0; WHILE i<=(rtx_len+4-null_pos) DO snd_buff[i+j]:=rcv_buff[i+null_pos]; //return garbage text t o the sender, as original client does 450 i:=i+1; 451 END_WHILE; 452 rtx_len := j+i-1; 453 Steps := STEP_AUTH; 454 455 456 net_wrt_req:=true; 457 net_rcv_req:=true; //create an edge->new read request 458 459 460 ELSIF (Steps=STEP_AUTH) THEN 461 462 IF (rtx_len=1 AND (rcv_buff[4]=B#16#FE)) THEN 463 // request 4.0 athentication, old we will not implem ent, >=4.1 only 464 Error:=true; 465 Status:=STATUS_PROTOCOL; // protocol error 466 RETURN; 467 END_IF; 468 469 Wdg_run:=false; //stop watchdog timer 470 471 IF(rtx_len<2) THEN 472 Status:=STATUS_PROTOCOL; // protocol error 473 Error:=true;

Page 9 of 14

SIMATIC

MySQL_v1\ SIMATIC 300(1)\CPU 315-2 PN/DP\...\MySQL_v5

RETURN; END_IF;

12/14/2012 05:55:03 PM

474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 s 507 508 509 510 511 512 513 514 515 516 517 518 519 520

IF(rcv_buff[4]<>0) THEN Status:=STATUS_AUTHFAILED; // authentication failed Error:=true; RETURN; END_IF; Status:=STATUS_OK; // status OK net_rcv_req:=true; //create an edge->new read request Steps := STEP_COMMANDS; ELSIF (Steps=STEP_COMMANDS) THEN IF (rtx_len<2) THEN Status:=STATUS_PROTOCOL; // protocol RETURN; END_IF; Wdg_run:=false; //stop watchdog timer IF (rcv_buff[4]<>0) THEN Status:=STATUS_SQL; // SQL Error, command script invalid ELSE Status:=STATUS_OK; // status OK END_IF; net_rcv_req:=true; //create an edge->new read request END_IF; //steps selection END_IF;//read new data IF (Status=STATUS_OK) OR (Status=STATUS_SQL) THEN // when client ready, do command error

IF Stop THEN // send exit to server PacketId:=0; // Reset packet ID (New sequence) snd_buff[4] := CMD_QUIT; // send quit command rtx_len := 5; // overall length with header Wdg_run:=true; // start watchdog net_wrt_req:=true; // send request net_rcv_req:=true; //receive request net_disc_req:=true; Run:=false; Stop:=false; ELSIF SQLExe THEN // execute SQL statements PacketId:=0;//Reset packet ID (New sequence) Send.Text:='INSERT INTO Test (Test) VALUES($27Simatic MySQL$27)' ; //only for test, otherwise Send.Text is filled outside of FB 521 rtx_len:=LEN(S := Send.Text)+5; 522 snd_buff[4] := B#16#03; //command COM_QUERY 523 Wdg_run:=false; 524 net_wrt_req:=true; 525 Status:=STATUS_PROCESSING; 526 END_IF; 527 528 END_IF; //Status=STATUS_OK 529 530 IF NOT port_closed THEN //if port open 531 IF net_wrt_req AND NOT net_send.busy AND net_rcv_req THEN //create message hea der 532 TempDint := rtx_len-4; 533 snd_buff[0]:= TempDint_byte[3]; 534 snd_buff[1]:= TempDint_byte[2]; 535 snd_buff[2]:= TempDint_byte[1]; 536 snd_buff[3]:= INT_TO_BYTE(PacketId); 537 538 539 540 END_IF; net_send(REQ :=net_wrt_req AND NOT net_send.busy AND net_rcv_req,ID :=net_sett

Page 10 of 14

SIMATIC

MySQL_v1\ SIMATIC 300(1)\CPU 315-2 PN/DP\...\MySQL_v5

12/14/2012 05:55:03 PM

541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580

ings.ID ,LEN :=DINT_TO_INT(rtx_len) , DATA := snd_buff ); IF net_send.error THEN Error:=true; Status:=STATUS_CONN; net_wrt_req:=false; ELSIF net_send.done THEN net_wrt_req:=false; rtx_len:=0; END_IF; END_IF; //port_closed

END_IF; //Steps=STEP_INIT END_IF;//Run IF Wdg.q THEN Run:=false; Stop:=false; Wdg_run:=false; Error:=true; Status:=STATUS_TIMEOUT; END_IF; IF NOT port_closed THEN //prevent calling yet closed port net_discon(REQ :=net_disc_req OR Error,ID :=net_settings.ID); IF (net_discon.done OR net_discon.error) THEN //previous connection is closed or it wa s yet closed (error) Steps:=STEP_CLOSED; port_closed:=true; net_disc_req:=false; Wdg_run:=false; //stop watchdog timer Run:=false; Stop:=false; END_IF; END_IF;

Busy:=(Status=STATUS_PROCESSING); // not ready to execute sql statements - consense for fi lling Send.Text 581 Step:=Steps; // step information for debugg 582 SQL_OK:=(Steps=STATUS_OK); // sql statement executed ok, client connected - ready to execu te sql statements 583 SQL_Err:=(Status=STATUS_SQL); // server response - error of executed sql statement, no pro blems on client side, no need to shutdown 584 585 END_FUNCTION_BLOCK 586 587 588

Page 11 of 14

SIMATIC

MySQL_v1\ SIMATIC 300(1)\CPU 315-2 PN/DP\...\MySQL_v5

12/14/2012 05:55:03 PM

589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661

FUNCTION SHA1 : BOOL TITLE = 'SHA1' VERSION: '1.1' AUTHOR: Bursic NAME: SHA1 FAMILY: MySQL VAR_IN_OUT pOut:ANY; END_VAR VAR_INPUT pIn:ANY; length:INT; END_VAR VAR_TEMP Message_Digest: ARRAY[0..4] OF DWORD; Length_Low: DINT; Message_Block: ARRAY[0..63] OF BYTE; Message_Block_Index: INT; K: ARRAY [0..4] OF DWORD; t: DINT;// Loop COUNTER temp:DWORD; // Temporary WORD value W: ARRAY [0..79] OF DWORD;// WORD sequence A, B, C, D, E:DWORD; // WORD buffers SwapDword:DWORD; SwapBytes AT SwapDword: ARRAY [0..3] OF BYTE; pA:ANY; END_VAR BEGIN sha1:=false; // Length_Low:=0; Message_Block_Index:= 0; Message_Digest[0]:= DW#16#6745_2301; Message_Digest[1]:= DW#16#EFCD_AB89; Message_Digest[2]:= DW#16#98BA_DCFE; Message_Digest[3]:= DW#16#1032_5476; Message_Digest[4]:= DW#16#C3D2_E1F0; IF (length=0) OR (length>55) THEN //different algorithm if greater RETURN; END_IF; pA:=Message_Block; IF BLKMOV(SRCBLK :=pIn,DSTBLK :=pA)<>0 THEN RETURN; END_IF; Message_Block_Index:=length; Length_Low := Message_Block_Index * 8; Message_Block[Message_Block_Index] := B#16#80; Message_Block_Index:=Message_Block_Index+1; WHILE (Message_Block_Index < 56) DO Message_Block[Message_Block_Index] := B#16#00; Message_Block_Index:=Message_Block_Index+1; END_WHILE; Message_Block[56] Message_Block[57] Message_Block[58] Message_Block[59] := := := := B#16#00; //Length_High=0 B#16#00; B#16#00; B#16#00;

SwapDword:=DINT_TO_DWORD(Length_Low); Message_Block[60] := SwapBytes[0]; Message_Block[61] := SwapBytes[1]; Message_Block[62] := SwapBytes[2]; Message_Block[63] := SwapBytes[3]; K[0]:=DW#16#5A82_7999;

Page 12 of 14

SIMATIC

MySQL_v1\ SIMATIC 300(1)\CPU 315-2 PN/DP\...\MySQL_v5

K[1]:=DW#16#6ED9_EBA1; K[2]:=DW#16#8F1B_BCDC; K[3]:=DW#16#CA62_C1D6; t:=0; // Loop COUNTER temp:=0; // Temporary WORD value A:=0; // WORD buffers B:=0; // WORD buffers C:=0; // WORD buffers D:=0; // WORD buffers E:=0; // WORD buffers FOR t:=0 TO 79 DO W[t]:=DW#16#0000_0000; END_FOR; // Initialize the first 16 words in the ARRAY W

12/14/2012 05:55:03 PM

662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706

FOR t:= 0 TO 15 DO SwapBytes[3]:=Message_Block[t*4+3]; SwapBytes[2]:=Message_Block[t*4+2]; SwapBytes[1]:=Message_Block[t*4+1]; SwapBytes[0]:=Message_Block[t*4]; W[t]:=SwapDword; END_FOR; FOR t := 16 TO 79 DO W[t] := ROL(N:=1,IN:=(W[t-3] XOR W[t-8] XOR W[t-14] XOR W[t-16])); END_FOR; A B C D E := := := := := Message_Digest[0]; Message_Digest[1]; Message_Digest[2]; Message_Digest[3]; Message_Digest[4];

FOR t := 0 TO 19 DO temp := DINT_TO_DWORD(DWORD_TO_DINT(ROL(N:=5,IN:=A)) + DWORD_TO_DINT(((B AND C) OR (NOT(B) AND D))) + DWORD_TO_DINT(E) + DWORD_TO_DINT(W[t]) + DWORD_TO_DINT(K[0])); E := D; D := C; C := ROL(N:=30,IN:=B); B := A; A := temp; END_FOR;

FOR t := 20 TO 39 DO temp := DINT_TO_DWORD(DWORD_TO_DINT(ROL(N:=5,IN:=A)) + DWORD_TO_DINT((B XOR C XOR D) ) + DWORD_TO_DINT(E) + DWORD_TO_DINT(W[t]) + DWORD_TO_DINT(K[1])); 707 E := D; 708 D := C; 709 C := ROL(N:=30,IN:=B); 710 B := A; 711 A := temp; 712 END_FOR; 713 714 FOR t := 40 TO 59 DO 715 temp := DINT_TO_DWORD(DWORD_TO_DINT(ROL(N:=5,IN:=A)) + DWORD_TO_DINT(((B AND C) OR ( B AND D) OR (C AND D))) + DWORD_TO_DINT(E) + DWORD_TO_DINT(W[t]) + DWORD_TO_DINT(K[2])); 716 E := D; 717 D := C; 718 C := ROL(N:=30,IN:=B); 719 B := A; 720 A := temp; 721 END_FOR; 722 723 FOR t := 60 TO 79 DO 724 temp := DINT_TO_DWORD(DWORD_TO_DINT(ROL(N:=5,IN:=A)) + DWORD_TO_DINT(B XOR C XOR D) + DWORD_TO_DINT(E) + DWORD_TO_DINT(W[t]) + DWORD_TO_DINT(K[3])); 725 E := D; 726 D := C; 727 C := ROL(N:=30,IN:=B); 728 B := A; 729 A := temp; 730 END_FOR;

Page 13 of 14

SIMATIC

MySQL_v1\ SIMATIC 300(1)\CPU 315-2 PN/DP\...\MySQL_v5

12/14/2012 05:55:03 PM

731 732 733 734 735 736

Message_Digest[0] Message_Digest[1] Message_Digest[2] Message_Digest[3] Message_Digest[4]

:=DINT_TO_DWORD(DWORD_TO_DINT(Message_Digest[0]) :=DINT_TO_DWORD(DWORD_TO_DINT(Message_Digest[1]) :=DINT_TO_DWORD(DWORD_TO_DINT(Message_Digest[2]) :=DINT_TO_DWORD(DWORD_TO_DINT(Message_Digest[3]) :=DINT_TO_DWORD(DWORD_TO_DINT(Message_Digest[4])

+ + + + +

DWORD_TO_DINT(A)); DWORD_TO_DINT(B)); DWORD_TO_DINT(C)); DWORD_TO_DINT(D)); DWORD_TO_DINT(E));

737 738 IF BLKMOV(SRCBLK :=Message_Digest,DSTBLK :=pOut)<>0 THEN 739 RETURN; 740 END_IF; 741 742 sha1:=true; 743 744 END_FUNCTION 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760

Page 14 of 14