Documentation Home
MySQL Internals Manual
Download this Manual
EPUB - 0.8Mb


14.12.4.3 Not So Fast Path

If the servers default auth method doesn't match the clients or accounts auth method a extra round is needed as usual. The client indicates this by sending a empty password.

  • server uses mysql_native_password as default:

    4d 00 00 00 0a 35 2e 36    2e 37 2d 6c 6f 67 00 01    M....5.6.7-log..
    00 00 00 51 5f 5a 73 4c    21 3c 45 00 ff f7 08 02    ...Q_ZsL!<E.....
    00 3f 80 15 00 00 00 00    00 00 00 00 00 00 6e 2c    .?............n,
    6d 26 4a 50 5f 43 71 33    3b 6d 00 6d 79 73 71 6c    m&JP_Cq3;m.mysql
    5f 6e 61 74 69 76 65 5f    70 61 73 73 77 6f 72 64    _native_password
    00                                                    .
    
  • client wants to login with sha256_password, but doesn't have a matching scramble in the preceding initial packet and sends an empty password:

    9e 00 00 01 85 a6 3f 00    00 00 00 01 21 00 00 00    ......?.....!...
    00 00 00 00 00 00 00 00    00 00 00 00 00 00 00 00    ................
    00 00 00 00 73 68 61 32    35 36 00{00}73 68 61 32    ....sha256..sha2
    35 36 5f 70 61 73 73 77    6f 72 64 00 65 03 5f 6f    56_password.e._o
    73 05 4c 69 6e 75 78 0c    5f 63 6c 69 65 6e 74 5f    s.Linux._client_
    6e 61 6d 65 08 6c 69 62    6d 79 73 71 6c 04 5f 70    name.libmysql._p
    69 64 05 32 34 34 39 37    0f 5f 63 6c 69 65 6e 74    id.24497._client
    5f 76 65 72 73 69 6f 6e    05 35 2e 36 2e 37 09 5f    _version.5.6.7._
    70 6c 61 74 66 6f 72 6d    06 78 38 36 5f 36 34 0c    platform.x86_64.
    70 72 6f 67 72 61 6d 5f    6e 61 6d 65 05 6d 79 73    program_name.mys
    71 6c                                                 ql
    
  • server sends Protocol::AuthSwitchRequest with the proper scramble for sha256_password

    25 00 00 02 fe 73 68 61    32 35 36 5f 70 61 73 73    %....sha256_pass
    77 6f 72 64 00{4e 2c 65    5e 2f 13 3f 40 5f 25 26    word.N,e^/.?@_%&
    44 65 27 01 13 05 45 45    04}                        De'...EE.
    
  • client needs the public key and asks for it:

    01 00 00 03{01}                                       .....
    
  • server sends public key:

    a7 00 00 04 01 2d 2d 2d    2d 2d 42 45 47 49 4e 20    .....-----BEGIN
    50 55 42 4c 49 43 20 4b    45 59 2d 2d 2d 2d 2d 0a    PUBLIC KEY-----.
    4d 46 41 77 44 51 59 4a    4b 6f 5a 49 68 76 63 4e    MFAwDQYJKoZIhvcN
    41 51 45 42 42 51 41 44    50 77 41 77 50 41 49 31    AQEBBQADPwAwPAI1
    41 57 74 75 73 79 2b 6b    38 33 50 33 6f 6f 79 65    AWtusy+k83P3ooye
    42 59 6a 77 58 4b 55 66    57 47 42 72 4f 65 44 33    BYjwXKUfWGBrOeD3
    0a 76 4c 5a 62 68 58 4b    46 33 6c 67 53 66 75 2f    .vLZbhXKF3lgSfu/
    6b 34 2b 79 77 4c 43 6e    36 46 45 77 30 52 31 76    k4+ywLCn6FEw0R1v
    34 64 74 70 6e 34 58 38    43 41 77 45 41 41 51 3d    4dtpn4X8CAwEAAQ=
    3d 0a 2d 2d 2d 2d 2d 45    4e 44 20 50 55 42 4c 49    =.-----END PUBLI
    43 20 4b 45 59 2d 2d 2d    2d 2d 0a                   C KEY-----.
    
  • client XORs and RSA encrypts its password and sends it back:

    35 00 00 05 00 7e 54 3f    ae ca 70 a3 b0 2f b0 c2    5....~T?..p../..
    e7 8a 18 29 69 c1 86 8c    f8 e1 79 c3 45 4d d6 95    ...)i.....y.EM..
    fd 47 9c cb b3 f7 da 31    a3 c1 8d 22 fa e4 aa 7c    .G.....1..."...|
    a0 1c e6 8f e6 9e 9e 1a    31                         ........1
    
  • server sends back OK_Packet:

    07 00 00 06 00 00 00 02    00 00 00                   ...........
    

User Comments
Sign Up Login You must be logged in to post a comment.