{"id":11456,"date":"2014-10-31T16:13:54","date_gmt":"2014-10-31T07:13:54","guid":{"rendered":"http:\/\/labs.gree.jp\/blog\/?p=11456"},"modified":"2014-10-31T16:16:45","modified_gmt":"2014-10-31T07:16:45","slug":"mysql%e3%83%a6%e3%83%bc%e3%82%b6%e3%83%bc%e3%81%ae%e3%81%9f%e3%82%81%e3%81%aemysql%e3%83%97%e3%83%ad%e3%83%88%e3%82%b3%e3%83%ab%e5%85%a5%e9%96%802","status":"publish","type":"post","link":"https:\/\/labs.gree.jp\/blog\/2014\/10\/11456\/","title":{"rendered":"MySQL\u30e6\u30fc\u30b6\u30fc\u306e\u305f\u3081\u306eMySQL\u30d7\u30ed\u30c8\u30b3\u30eb\u5165\u9580#2"},"content":{"rendered":"

\u524d\u56de\u306e\u8a18\u4e8b\u3067\u306fInitial Packet\u307e\u3067Parse\u3057\u307e\u3057\u305f\u3002\u4eca\u56de\u306fAuth Response Packet\u3092\u4f5c\u3063\u3066\u8a8d\u8a3c\u307e\u3067\u3084\u3063\u3066\u307f\u307e\u3057\u3087\u3046<\/p>\n

Handshake Response Packet<\/h3>\n

\u8a8d\u8a3c\u306e\u4e00\u9023\u306e\u6d41\u308c\u306fhttp:\/\/dev.mysql.com\/doc\/internals\/en\/connection-phase.html<\/a>\u306b\u66f8\u3044\u3066\u3042\u308b\u306e\u3067\u56f3\u3092\u3055\u3089\u3063\u3068\u773a\u3081\u3064\u3064\u884c\u304d\u307e\u3059\u3002
\n<\/p>\n

Server\u304b\u3089Initial Packet\u3092\u53d7\u3051\u53d6\u3063\u305f\u5f8c\u306b\u3001Client\u304cHandshake Response Packet\u3092\u4f5c\u3063\u3066Server\u306b\u9001\u4fe1\u3059\u308c\u3070\u8a8d\u8a3c\u7d50\u679c\u304c\u8fd4\u3055\u308c\u307e\u3059\u3002
\n<\/p>\n

\u6bce\u5ea6\u306e\u3054\u3068\u304fdev.mysql.com<\/a>\u304b\u3089\u30c7\u30fc\u30bf\u306e\u5b9a\u7fa9\u306e\u8aac\u660e\u3092\u53c2\u7167\u3059\u308b\u3093\u3067\u3059\u304c\u3001if\u6587\u304c\u5165\u3063\u3066\u3044\u3066\u5206\u304b\u308a\u3065\u3089\u3044\u306e\u3067\u8a8d\u8a3c\u3092\u901a\u3059\u305f\u3081\u306b\u5fc5\u8981\u306a\u90e8\u5206\u3060\u3051\u3092\u629c\u7c8b\u3057\u3066\u307f\u307e\u3057\u305f:<\/p>\n

\n4              capability flags, CLIENT_PROTOCOL_41 always set\n4              max-packet size\n1              character set\nstring[23]     reserved (all [0])\nstring[NUL]    username\n1              length of auth-response\nstring[n]      auth-response\nstring[NUL]    auth plugin name<\/pre>\n
\u8a8d\u8a3c\u3055\u3048\u3068\u304a\u305b\u308c\u3070\u3044\u3044\u306e\u3067\u3053\u308c\u3060\u3051\u3002Capability Flags<\/a>\u306fCLIENT_PROTOCOL_41, CLIENT_SECURE_CONNECTION, CLIENT_LONG_PASSWORD, CLIENT_TRANSACTIONS, CLIENT_LONG_FLAG\u3042\u305f\u308a\u3092\u30bb\u30c3\u30c8\u3057\u3001\u305d\u306e\u4ed6\u306eFlag\u306f\u3068\u308a\u3042\u3048\u305a\u6a2a\u306b\u304a\u3044\u3066\u304a\u304d\u307e\u3057\u3087\u3046\u3002<\/p>\n
Capability Flags\u304c\u6c7a\u307e\u308c\u3070HandShake Packet\u306e\u30c7\u30fc\u30bf\u30b5\u30a4\u30ba\u304c\u6c7a\u307e\u308b\u306e\u3067\u3001buffer\u3092\u78ba\u4fdd\u3057\u3066\u30c7\u30fc\u30bf\u3092\u7a4d\u3093\u3067\u884c\u304d\u307e\u3059\u3002\u304c\u3001\u305d\u3082\u305d\u3082auth-response\u3063\u3066\u306e\u304c\u30c7\u30fc\u30bf\u30b5\u30a4\u30ba\u3088\u304f\u308f\u304b\u308a\u307e\u305b\u3093\u306d\u3002\u4f55\u3067\u3057\u3087\u3046\u3001\u30b3\u30ec\uff1f<\/p>\n
\n1              length of auth-response\nstring[n]      auth-response<\/pre>\n
<\/p>\n
auth-response\u3092\u3069\u3046\u3059\u308c\u3070\u3088\u3044\u304b\u306f\u5b9f\u306fServer\u304b\u3089\u6700\u521d\u306b\u9001\u3089\u308c\u3066\u304f\u308bConnection Phase Packet\u4e2d\u306ecapability flags\u3068Plugin\u540d\u306e\u6307\u5b9a\u304c\u3042\u308b\u306e\u3067\u305d\u308c\u3092\u53c2\u7167\u3057\u307e\u3059\u3002
\n\u901a\u5e38\u306e\u5834\u5408mysql_native_password\u3068CLIENT_SECURE_CONNECTION\u3092\u4f7f\u3048\u3001\u3068\u6307\u793a\u304c\u3055\u308c\u3066\u3044\u308b\u306e\u3067
\nCLIENT_SECURE_CONNECTION<\/a>\u3092\u8abf\u3079\u3066\u307f\u305f\u3068\u3053\u308d\u3001Secure Password Authentication<\/a>\u3092\u4f7f\u3048\u3001\u3068\u3044\u3046\u3053\u3068\u306a\u306e\u3067\u3068\u308a\u3042\u3048\u305a\u3084\u3063\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n
 Secure Connection<\/h3>\n
Secure Password Authentication\u306e\u5834\u5408random data\u306fInitial Packet\u4e2d\u306eauth-plugin-data-part-1\u3068auth-plugin-data-part-2\u306e12byte\u3092\u9023\u7d50\u3057\u305f\u5024\u3068\u306a\u308b\u306e\u3067\u524d\u56deparse\u3057\u305f\u90e8\u5206\u304b\u3089\u30c7\u30fc\u30bf\u3092\u6301\u3063\u3066\u304d\u307e\u3059\u3002\uff08auth_plugin_data_part2\u306e\u6700\u5f8c\u306e\u30c7\u30fc\u30bf\u306f\u30b4\u30df\u30c7\u30fc\u30bf\u306a\u306e\u306712byte\u5206\u3060\u3051\u9023\u7d50\u3055\u305b\u307e\u3059\uff09<\/p>\n
\n  random_data := append(auth_plugin_data_part1, auth_plugin_data_part2[0:12]...)<\/pre>\n
<\/p>\n
\u751f\u6210\u3059\u308bhash\u5024\u306f\u4e0b\u8a18\u306e\u901a\u308a\u3067\u751f\u6210\u3067\u304d\u307e\u3059\u3002password\u306esha1 hash\u30c7\u30fc\u30bf\u306e\u5404\u5024\u306b\u5bfe\u3057\u3066sha1(random_data + sha1(sha1(password)))\u3057\u3066\u751f\u6210\u3057\u305f\u30c7\u30fc\u30bf\u3092XOR\u3057\u3066\u3044\u3051\u3070\u51fa\u6765\u4e0a\u304c\u308a\u3067\u3059\u3002<\/p>\n
\nsha1(password) XOR sha1(random_data + sha1(sha1(password)))<\/pre>\n
\u3053\u308c\u3067auth-response-data\u306b\u3064\u3063\u3053\u3080hash\u5024\u3082\u3067\u304d\u307e\u3057\u305f\u3002\u3042\u3068\u306fbuffer\u306e\u78ba\u4fdd\u3092\u3057\u3066\u305f\u3093\u305f\u3093\u3068\u30c7\u30fc\u30bf\u3092\u7a4d\u3093\u3067\u3044\u304f\u3060\u3051\u3067\u3059\u3002<\/p>\n
 MySQL Packet\u306e\u66f8\u304d\u8fbc\u307f\u304b\u3089\u901a\u4fe1\u307e\u3067<\/h3>\n
MySQL Packet\u306eHeader\u306f4byte(uint24 length, uint8 sequence_id)\u3068\u3044\u3046\u306e\u306f\u524d\u56de\u8aac\u660e\u3057\u307e\u3057\u305f\u3002\u66f8\u304d\u8fbc\u307f\u6642\u306f\u8aad\u307f\u8fbc\u307f\u6642\u3068\u540c\u3058\u3088\u3046\u306bpayload\u306e\u5148\u982d\u306b\u30d8\u30c3\u30c0\u3092\u7f6e\u3051\u3070OK\u3067\u3059\u3002
\n<\/p>\n
\u65ad\u7247\u7684\u306a\u30b3\u30fc\u30c9\u3067\u8aac\u660e\u3057\u3066\u3082\u5206\u304b\u308a\u3065\u3089\u3044\u306e\u3067\u3001Go\u3067\u4e00\u9023\u306e\u6d41\u308c\u3092\u66f8\u3044\u3066\u3042\u308b\u306e\u3067\u3053\u308c\u3067\u8a8d\u8a3c\u304c\u6210\u529f\u3059\u308b\u304b\u3084\u3063\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n
package main\n\nimport (\n  \"fmt\"\n  \"encoding\/hex\"\n  \"encoding\/binary\"\n  \"bytes\"\n  \"net\"\n  \"bufio\"\n  \"io\"\n  \"crypto\/sha1\"\n)\n\nvar username = \"chobie\"\nvar password = \"chobie\"\n\ntype CapabilityFlag int\n\nvar (\n  CLIENT_LONG_PASSWORD CapabilityFlag = 0x0001\n  CLIENT_FOUND_ROWS CapabilityFlag = 0x0002\n  CLIENT_LONG_FLAG CapabilityFlag = 0x0004\n  CLIENT_CONNECT_WITH_DB CapabilityFlag = 0x0008\n  CLIENT_NO_SCHEMA CapabilityFlag = 0x0010\n  CLIENT_COMPRESS CapabilityFlag = 0x0020\n  CLIENT_ODBC CapabilityFlag = 0x0040\n  CLIENT_LOCAL_FILES CapabilityFlag = 0x0080\n  CLIENT_IGNORE_SPACE CapabilityFlag = 0x0100\n  CLIENT_PROTOCOL_41 CapabilityFlag = 0x0200\n  CLIENT_INTERACTIVE CapabilityFlag = 0x0400\n  CLIENT_SSL CapabilityFlag = 0x0800\n  CLIENT_IGNORE_SIGPIPE CapabilityFlag = 0x1000\n  CLIENT_TRANSACTIONS CapabilityFlag = 0x2000\n  CLIENT_RESERVED CapabilityFlag = 0x4000\n  CLIENT_SECURE_CONNECTION CapabilityFlag = 0x8000\n  CLIENT_PLUGIN_AUTH CapabilityFlag   = 0x00080000\n  CLIENT_SESSION_TRACK CapabilityFlag = 0x00800000\n)\n
\n\nfunc read_packet(reader io.Reader) (byte, byte) {\n  header := make([]byte, 4)\n  reader.Read(header)\n\n  payload_size := uint32(header[0])\n  payload_size += uint32(header[1] >> 8)\n  payload_size += uint32(header[2] >> 16)\n  payload := make([]byte, payload_size)\n\n  reader.Read(payload)\n  return header, payload\n}\n\nfunc sha1_sum(data byte) byte{\n  h := sha1.New()\n  io.Copy(h, bytes.NewReader(data))\n\n  return h.Sum(nil)\n}\n\nfunc main() {\n  \/\/READ INITIAL PACKET\n  conn, err := net.Dial(\"tcp\", \"localhost:3306\")\n  reader := bufio.NewReader(conn)\n  if err != nil {\n    panic(err)\n  }\n  header, payload := read_packet(reader)\n  fmt.Printf(\"[header]:\\n%s\\n[payload]:\\n%s\\n\", hex.Dump(header), hex.Dump(payload))\n\n  \/\/ INITIAL Packet\u306eparse\u3002\u524d\u56de\u3068\u5185\u5bb9\u540c\u3058\u306a\u306e\u3067\u3088\u307e\u306a\u304f\u3066\u5927\u4e08\u592b\n  offset := 0\n  protocol_version := int(payload[offset])\n  fmt.Printf(\"  [protocol_version]: %d\\n\", protocol_version)\n  offset++\n\n  fmt.Printf(\"  [Initial Handshake Packet]:\\n\")\n  idx := bytes.IndexByte(payload[offset:], 0x00)\n  version := payload[offset:offset+idx]\n  fmt.Printf(\"    [version]: %s\\n\", version)\n  offset += idx+1\n\n  connectionId := binary.LittleEndian.Uint32(payload[offset:offset+4])\n  fmt.Printf(\"    [connectionId]: %d\\n\", connectionId)\n  offset += 4\n\n  auth_plugin_data_part1 := payload[offset:offset+8]\n  fmt.Printf(\"    [auth_plugin_data_part1]: \\n\")\n  fmt.Printf(\"    %s\", hex.Dump(auth_plugin_data_part1))\n  offset += 8\n\n  filter1 := payload[offset:offset+1]\n  fmt.Printf(\"    [filter1]: %s\\n\", filter1)\n  offset += 1\n\n  capability_lower := payload[offset:offset+2]\n  offset += 2\n\n  charset := uint8(payload[offset])\n  fmt.Printf(\"    [charset]: %d\\n\", charset)\n  offset++\n\n  status := binary.LittleEndian.Uint16(payload[offset:offset+2])\n  fmt.Printf(\"    [status]: %d\\n\", status)\n  offset += 2\n\n  capability_upper := payload[offset:offset+2]\n  offset += 2\n  capabilities := binary.LittleEndian.Uint32(append(capability_lower, capability_upper...))\n\n  var auth_plugin_data_part2 []byte\n  var auth_plugin_name []byte\n  if capabilities & 0x00080000 > 0{ \/\/CLIENT_PLUGIN_AUTH\n    length_of_plugin_auth_data := int(payload[offset])\n    offset++\n\n    \/\/ skips reserved 10bytes\n    offset += 10\n    if capabilities & 0x8000 > 0 { \/\/CLIENT_SECURE_CONNECTION\n      auth_plugin_data_part2 = payload[offset:offset+(length_of_plugin_auth_data - 8)]\n      offset += length_of_plugin_auth_data - 8\n      fmt.Printf(\"    [auth_plugin_data_part2]: \\n\")\n      fmt.Printf(\"    %s\", hex.Dump(auth_plugin_data_part2))\n    } \n\n    idx = bytes.IndexByte(payload[offset:], 0x00)\n    auth_plugin_name = payload[offset:offset+idx]\n    fmt.Printf(\"    [auth_plugin_name]: %s\\n\", auth_plugin_name)\n  } else {\n    panic(\"not supported\")\n  }\n  \n  \/\/ \u4eca\u56de\u306e\u30c6\u30fc\u30de\u306eINITIAL RESPONSE PACKET\n  \/\/\n  \/\/ \u3068\u308a\u3042\u3048\u305a\u5148\u306bscrambled password\u3092\u4f5c\u3063\u3066\u304a\u304f\n  \/\/ SHA1( password ) XOR SHA1( challenge + SHA1( SHA1( password ) ) )\n  auth_response := sha1_sum([]byte(password))\n\n  \/\/ XOR\u7528\u306e\u30c7\u30fc\u30bf\u3092\u4f5c\u308b\n  key2 := sha1_sum(auth_response)\n  challenge := append(auth_plugin_data_part1, auth_plugin_data_part2[0:12]...)\n\n  \/\/ SHA1(challenge + SHA1(SHA1(password)))\u306e\u90e8\u5206\n  challenge  = append(challenge, key2...)\n  challenge_key := sha1_sum(challenge)\n  for i := 0; i < 20; i++ {\n    \/\/ XOR\u3057\u3066\u304f\n    auth_response[i] ^= challenge_key[i]\n  }\n\n  \/\/ initial response packet\u306ebuffer size\u3092\u78ba\u4fdd\u3059\u308b\n  buffer_size := 4 + 4 + 4 + 1 + 23\n  buffer_size += len(username) + 1\n  buffer_size += 1\n  buffer_size += len(auth_response)\n  buffer_size += len(auth_plugin_name) + 1\n  buffer := make([]byte, buffer_size)\n\n  offset = 0\n  \/\/ header\u306b\u8a18\u8f09\u3059\u308b\u306e\u306fpayload\u306e\u30b5\u30a4\u30ba\u306a\u306e\u3067-4\u3057\u3068\u304f\n  size := buffer_size - 4 \n  buffer[0] = byte(size)\n  buffer[1] = byte(size >> 8)\n  buffer[2] = byte(size >> 16)\n  \/\/ initial response packet\u306finitial packet\u306e\u8fd4\u7b54\u306a\u306e\u3067sequence id\u30921\u306b\u3057\u3068\u304f\n  buffer[3] = 0x01\n  offset = 4\n\n  \/\/ \u5fc5\u8981\u306a\u30c7\u30fc\u30bf\u3092\u3069\u3093\u3069\u3093\u7a4d\u3093\u3067\u3044\u304f\n  capability_flags := uint32(CLIENT_PROTOCOL_41 |\n      CLIENT_SECURE_CONNECTION | CLIENT_LONG_PASSWORD |\n      CLIENT_TRANSACTIONS | CLIENT_LONG_FLAG)\n  charset = 0x21\n  buffer[offset] = byte(capability_flags)\n  buffer[offset+1] = byte(capability_flags >> 8)\n  buffer[offset+2] = byte(capability_flags >> 16)\n  buffer[offset+3] = byte(capability_flags >> 24)\n  offset += 4\n  \/\/ max packet size\u306f0\u3067\u3044\u3044\u306e\u3067skip\u3059\u308b\n  offset += 4\n  buffer[offset] = byte(charset)\n  offset += 1\n  \/\/reserved 23 bytes\u6587\u3092skip\u3059\u308b\n  offset += 23\n\n  \/\/ username (null terminated string)\n  copy(buffer[offset:], username)\n  offset += len(username) +1\n  buffer[offset] = byte(len(auth_response))\n  offset += 1\n  \/\/ \u3055\u3063\u304d\u4f5c\u3063\u305fauth response\u306e\u30c7\u30fc\u30bf\u3092\u30b3\u30d4\u30fc\n  copy(buffer[offset:], auth_response)\n  offset += len(auth_response)\n  \/\/ \u6700\u5f8c\u306bauth plugin name\u3092\u30b3\u30d4\u30fc\u3057\u3066\u304a\u3057\u307e\u3044\n  copy(buffer[offset:], auth_plugin_name)\n
\n\n  fmt.Printf(\"\\n[write_packet:%d bytes]:\\n%s\", len(buffer), hex.Dump(buffer))\n  conn.Write(buffer)\n\n  \/\/ payload\u306e\u5148\u982d\u304c0x00\u306a\u3089\u8a8d\u8a3c\u6210\u529f\u306b\u306a\u308b\u3002\n  header, payload = read_packet(conn)\n  fmt.Printf(\"[header]:\\n%s\\n[payload]:\\n%s\\n\", hex.Dump(header), hex.Dump(payload))\n}<\/pre>\n
<\/p>\n
\u5b9f\u969b\u306e\u30b3\u30de\u30f3\u30c9\u306e\u5b9f\u884c\u7d50\u679c\u306f\u3053\u3093\u306a\u611f\u3058\u306b\u306a\u308b\u306f\u305a\u3067\u3059\u3002\u6700\u5f8c\u306epayload\u304c00\u3067\u59cb\u307e\u3063\u3066\u308c\u3070\u8a8d\u8a3c\u6210\u529f\u3067\u3059\u3002<\/p>\n
chobie% go run main.go\n00000000  4a 00 00 00                                       |J...|\n\n[header]:\n00000000  4a 00 00 00                                       |J...|\n\n[payload]:\n00000000  0a 35 2e 36 2e 32 30 00  62 00 00 00 5c 45 24 25  |.5.6.20.b...\\E$%|\n00000010  2a 43 52 54 00 ff f7 21  02 00 7f 80 15 00 00 00  |*CRT...!........|\n00000020  00 00 00 00 00 00 00 2d  24 69 69 53 45 3d 41 6e  |.......-$iiSE=An|\n00000030  27 75 3a 00 6d 79 73 71  6c 5f 6e 61 74 69 76 65  |'u:.mysql_native|\n00000040  5f 70 61 73 73 77 6f 72  64 00                    |_password.|\n\n  [protocol_version]: 10\n  [Initial Handshake Packet]:\n    [version]: 5.6.20\n    [connectionId]: 98\n    [auth_plugin_data_part1]: \n    00000000  5c 45 24 25 2a 43 52 54                           |\\E$%*CRT|\n    [filter1]: \n    [charset]: 33\n    [status]: 2\n    [auth_plugin_data_part2]: \n    00000000  2d 24 69 69 53 45 3d 41  6e 27 75 3a 00           |-$iiSE=An'u:.|\n    [auth_plugin_name]: mysql_native_password\n\n[write_packet:86 bytes]:\n00000000  52 00 00 01 05 a2 00 00  00 00 00 00 21 00 00 00  |R...........!...|\n00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|\n00000020  00 00 00 00 63 68 6f 62  69 65 00 14 76 8f 90 c4  |....chobie..v...|\n00000030  38 08 a0 2d 6d 22 f0 ae  c9 7a c4 19 10 eb c2 3e  |8..-m\"...z.....>|\n00000040  6d 79 73 71 6c 5f 6e 61  74 69 76 65 5f 70 61 73  |mysql_native_pas|\n00000050  73 77 6f 72 64 00                                 |sword.|\n00000000  07 00 00 02                                       |....|\n\n[header]:\n00000000  07 00 00 02                                       |....|\n\n[payload]:\n00000000  00 00 00 02 00 00 00                              |.......|<\/pre>\n
<\/p>\n
OK Packet<\/a>\u304c\u6765\u305f\u306e\u3067\u8a8d\u8a3c\u304c\u6210\u529f\u3057\u307e\u3057\u305f\u306d\uff01<\/p>\n
\u3068\u306f\u3044\u3048\u3001\u3053\u308c\u3060\u3068\u307e\u3060\u4f55\u3082\u3067\u304d\u306a\u3044\u306e\u3067\u6b21\u56de\u306fCOM_QUERY\u3092\u901a\u3057\u3066\u30af\u30a8\u30ea\u306e\u5b9f\u884c\u304b\u3089\u7d50\u679c\u306e\u53d6\u5f97\u307e\u3067\u3084\u3063\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n
\u305d\u308c\u3067\u306f\u3001\u3088\u3044\u30b3\u30fc\u30c7\u30a3\u30f3\u30b0\u3092<\/p>\n
\u53c2\u8003<\/p>\n