Created
July 21, 2021 13:25
-
-
Save timb-machine/019e079fbff1e2402bae6529b65af3f3 to your computer and use it in GitHub Desktop.
dump-authentication-state.patch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Description: Dump the authentication state to understand the hashing algorithms | |
| Dump the authentication state to understand the hashing algorithms. | |
| Specifically, caching_sha2_password and mysql_native_password. | |
| . | |
| mysql-8.0 (8.0.23-0ubuntu0.20.04.1) focal-security; urgency=medium | |
| . | |
| * SECURITY UPDATE: Update to 8.0.23 to fix security issues | |
| - CVE-2021-2002, CVE-2021-2010, CVE-2021-2011, CVE-2021-2021, | |
| CVE-2021-2022, CVE-2021-2024, CVE-2021-2031, CVE-2021-2032, | |
| CVE-2021-2036, CVE-2021-2038, CVE-2021-2046, CVE-2021-2048, | |
| CVE-2021-2056, CVE-2021-2058, CVE-2021-2060, CVE-2021-2061, | |
| CVE-2021-2065, CVE-2021-2070, CVE-2021-2072, CVE-2021-2076, | |
| CVE-2021-2081, CVE-2021-2087, CVE-2021-2088, CVE-2021-2122 | |
| * debian/patches/atomic-test-words.patch: updated. | |
| * debian/patches/fix_test_year.patch: fix test with hardcoded date. | |
| * debian/libmysqlclient21.symbols: added new symbol. | |
| * debian/mysql-router.install: remove mysql_protocol.so, it has been | |
| removed from the new version. | |
| * debian/*.install: added some new files shipped in the new version. | |
| Author: Marc Deslauriers <[email protected]> | |
| --- | |
| The information above should follow the Patch Tagging Guidelines, please | |
| checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here | |
| are templates for supplementary fields that you might want to add: | |
| Origin: <vendor|upstream|other>, <url of original patch> | |
| Bug: <url in upstream bugtracker> | |
| Bug-Debian: https://bugs.debian.org/<bugnumber> | |
| Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber> | |
| Forwarded: <no|not-needed|url proving that it has been forwarded> | |
| Reviewed-By: <name and email of someone who approved the patch> | |
| Last-Update: 2021-02-20 | |
| --- mysql-8.0-8.0.23.orig/mysys/my_sha1.cc | |
| +++ mysql-8.0-8.0.23/mysys/my_sha1.cc | |
| @@ -46,6 +46,11 @@ | |
| void compute_sha1_hash(uint8 *digest, const char *buf, size_t len) { | |
| EVP_MD_CTX *sha1_context = EVP_MD_CTX_create(); | |
| EVP_DigestInit_ex(sha1_context, EVP_sha1(), nullptr); | |
| + printf("buffer:\n"); | |
| + for (size_t counter = 0; counter < len; counter ++) { | |
| + printf("%02x ", (unsigned char) buf[counter]); | |
| + } | |
| + printf("\n"); | |
| EVP_DigestUpdate(sha1_context, buf, len); | |
| EVP_DigestFinal_ex(sha1_context, digest, nullptr); | |
| EVP_MD_CTX_destroy(sha1_context); | |
| @@ -66,7 +71,17 @@ void compute_sha1_hash_multi(uint8 *dige | |
| const char *buf2, int len2) { | |
| EVP_MD_CTX *sha1_context = EVP_MD_CTX_create(); | |
| EVP_DigestInit_ex(sha1_context, EVP_sha1(), nullptr); | |
| + printf("buffer 1:\n"); | |
| + for (int counter = 0; counter < len1; counter ++) { | |
| + printf("%02x ", (unsigned char) buf1[counter]); | |
| + } | |
| + printf("\n"); | |
| EVP_DigestUpdate(sha1_context, buf1, len1); | |
| + printf("buffer 2:\n"); | |
| + for (int counter = 0; counter < len2; counter ++) { | |
| + printf("%02x ", (unsigned char) buf2[counter]); | |
| + } | |
| + printf("\n"); | |
| EVP_DigestUpdate(sha1_context, buf2, len2); | |
| EVP_DigestFinal_ex(sha1_context, digest, nullptr); | |
| EVP_MD_CTX_destroy(sha1_context); | |
| --- mysql-8.0-8.0.23.orig/sql-common/client.cc | |
| +++ mysql-8.0-8.0.23/sql-common/client.cc | |
| @@ -6090,6 +6090,7 @@ static mysql_state_machine_status csm_be | |
| ctx->port = port; | |
| ctx->unix_socket = unix_socket; | |
| ctx->client_flag = client_flag; | |
| + printf("connect\n"); | |
| return STATE_MACHINE_CONTINUE; | |
| } | |
| @@ -6216,6 +6217,7 @@ static mysql_state_machine_status csm_co | |
| return STATE_MACHINE_FAILED; | |
| } | |
| ctx->state_function = csm_read_greeting; | |
| + printf("connect completed\n"); | |
| return STATE_MACHINE_CONTINUE; | |
| } | |
| @@ -6244,6 +6246,7 @@ static mysql_state_machine_status csm_re | |
| return STATE_MACHINE_FAILED; | |
| } | |
| ctx->state_function = csm_parse_handshake; | |
| + printf("greeting\n"); | |
| return STATE_MACHINE_CONTINUE; | |
| } | |
| @@ -6358,6 +6361,7 @@ static mysql_state_machine_status csm_pa | |
| return STATE_MACHINE_FAILED; | |
| } | |
| ctx->state_function = csm_establish_ssl; | |
| + printf("handshake\n"); | |
| return STATE_MACHINE_CONTINUE; | |
| } | |
| @@ -6416,8 +6420,8 @@ static mysql_state_machine_status csm_es | |
| return STATE_MACHINE_FAILED; | |
| } | |
| } | |
| - | |
| ctx->state_function = csm_authenticate; | |
| + printf("ssl\n"); | |
| return STATE_MACHINE_CONTINUE; | |
| } | |
| @@ -6428,6 +6432,7 @@ static mysql_state_machine_status csm_es | |
| static mysql_state_machine_status csm_authenticate(mysql_async_connect *ctx) { | |
| DBUG_TRACE; | |
| MYSQL *mysql = ctx->mysql; | |
| + printf("authenticate\n"); | |
| if (ctx->non_blocking) { | |
| mysql_state_machine_status status = run_plugin_auth_nonblocking( | |
| ctx->mysql, ctx->scramble_data, ctx->scramble_data_len, | |
| @@ -8638,11 +8643,22 @@ static int native_password_auth_client(M | |
| /* save it in MYSQL */ | |
| memcpy(mysql->scramble, pkt, SCRAMBLE_LENGTH); | |
| mysql->scramble[SCRAMBLE_LENGTH] = 0; | |
| + printf("scramble:\n"); | |
| + for (int counter = 0; counter < SCRAMBLE_LENGTH; counter ++) { | |
| + printf("%02x ", (unsigned char) mysql->scramble[counter]); | |
| + } | |
| + printf("\n"); | |
| if (mysql->passwd[0]) { | |
| char scrambled[SCRAMBLE_LENGTH + 1]; | |
| DBUG_PRINT("info", ("sending scramble")); | |
| + printf("password: %s\n", mysql->passwd); | |
| scramble(scrambled, (char *)pkt, mysql->passwd); | |
| + printf("scrambled:\n"); | |
| + for (int counter = 0; counter < SCRAMBLE_LENGTH; counter ++) { | |
| + printf("%02x ", (unsigned char) scrambled[counter]); | |
| + } | |
| + printf("\n"); | |
| if (vio->write_packet(vio, (uchar *)scrambled, SCRAMBLE_LENGTH)) | |
| return CR_ERROR; | |
| } else { | |
| @@ -8700,6 +8716,11 @@ static net_async_status native_password_ | |
| /* save it in MYSQL */ | |
| memcpy(mysql->scramble, pkt, SCRAMBLE_LENGTH); | |
| mysql->scramble[SCRAMBLE_LENGTH] = 0; | |
| + printf("nb scramble:\n"); | |
| + for (int counter = 0; counter < SCRAMBLE_LENGTH; counter ++) { | |
| + printf("%02x ", (unsigned char) mysql->scramble[counter]); | |
| + } | |
| + printf("\n"); | |
| } | |
| ctx->client_auth_plugin_state = (int) | |
| client_auth_native_password_plugin_status::NATIVE_WRITING_RESPONSE; | |
| @@ -8710,7 +8731,13 @@ static net_async_status native_password_ | |
| if (mysql->passwd[0]) { | |
| char scrambled[SCRAMBLE_LENGTH + 1]; | |
| DBUG_PRINT("info", ("sending scramble")); | |
| + printf("nb password: %s\n", mysql->passwd); | |
| scramble(scrambled, (char *)pkt, mysql->passwd); | |
| + printf("nb scrambled:\n"); | |
| + for (int counter = 0; counter < SCRAMBLE_LENGTH; counter ++) { | |
| + printf("%02x ", (unsigned char) scrambled[counter]); | |
| + } | |
| + printf("\n"); | |
| net_async_status status = vio->write_packet_nonblocking( | |
| vio, (uchar *)scrambled, SCRAMBLE_LENGTH, &io_result); | |
| if (status == NET_ASYNC_NOT_READY) { | |
| --- mysql-8.0-8.0.23.orig/sql-common/client_authentication.cc | |
| +++ mysql-8.0-8.0.23/sql-common/client_authentication.cc | |
| @@ -489,6 +489,12 @@ int caching_sha2_password_auth_client(MY | |
| int pkt_len = 0; | |
| { | |
| /* First try with SHA2 scramble */ | |
| + printf("password: %s\n", mysql->passwd); | |
| + printf("scramble_pkt:\n"); | |
| + for (int counter = 0; counter < SCRAMBLE_LENGTH; counter ++) { | |
| + printf("%02x ", (unsigned char) scramble_pkt[counter]); | |
| + } | |
| + printf("\n"); | |
| unsigned char sha2_scramble[SHA2_SCRAMBLE_LENGTH]; | |
| if (generate_sha256_scramble(sha2_scramble, SHA2_SCRAMBLE_LENGTH, | |
| mysql->passwd, passwd_len - 1, | |
| @@ -499,6 +505,11 @@ int caching_sha2_password_auth_client(MY | |
| "Failed to generate scramble"); | |
| return CR_ERROR; | |
| } | |
| + printf("crypt string:\n"); | |
| + for (int counter = 0; counter < SHA2_SCRAMBLE_LENGTH; counter ++) { | |
| + printf("%02x ", (unsigned char) sha2_scramble[counter]); | |
| + } | |
| + printf("\n"); | |
| if (vio->write_packet(vio, sha2_scramble, SHA2_SCRAMBLE_LENGTH)) | |
| return CR_ERROR; | |
| --- mysql-8.0-8.0.23.orig/sql/auth/password.cc | |
| +++ mysql-8.0-8.0.23/sql/auth/password.cc | |
| @@ -177,7 +177,24 @@ static void hex2octet(uint8 *to, const c | |
| static void my_crypt(char *to, const uchar *s1, const uchar *s2, uint len) { | |
| const uint8 *s1_end = s1 + len; | |
| + printf("my_crypt before:\n"); | |
| + printf("s1:\n"); | |
| + for (int counter = 0; counter < len; counter ++) { | |
| + printf("%02x ", (unsigned char) s1[counter]); | |
| + } | |
| + printf("\n"); | |
| + printf("s2:\n"); | |
| + for (int counter = 0; counter < len; counter ++) { | |
| + printf("%02x ", (unsigned char) s2[counter]); | |
| + } | |
| + printf("\n"); | |
| + printf("xor'ing...\n"); | |
| while (s1 < s1_end) *to++ = *s1++ ^ *s2++; | |
| + printf("to:\n"); | |
| + for (int counter = 0; counter < len; counter ++) { | |
| + printf("%02x ", (unsigned char) to[counter]); | |
| + } | |
| + printf("\n"); | |
| } | |
| extern "C" void my_make_scrambled_password(char *to, const char *password, | |
| @@ -207,9 +224,19 @@ inline static void compute_two_stage_sha | |
| uint8 *hash_stage2) { | |
| /* Stage 1: hash password */ | |
| compute_sha1_hash(hash_stage1, password, pass_len); | |
| + printf("compute hash 1 (hash of password):\n"); | |
| + for (int counter = 0; counter < SHA1_HASH_SIZE; counter ++) { | |
| + printf("%02x ", (unsigned char) hash_stage1[counter]); | |
| + } | |
| + printf("\n"); | |
| /* Stage 2 : hash first stage's output. */ | |
| compute_sha1_hash(hash_stage2, (const char *)hash_stage1, SHA1_HASH_SIZE); | |
| + printf("compute hash 2 (hash of hash):\n"); | |
| + for (int counter = 0; counter < SHA1_HASH_SIZE; counter ++) { | |
| + printf("%02x ", (unsigned char) hash_stage2[counter]); | |
| + } | |
| + printf("\n"); | |
| } | |
| /* | |
| @@ -272,13 +299,39 @@ void scramble(char *to, const char *mess | |
| uint8 hash_stage2[SHA1_HASH_SIZE]; | |
| /* Two stage SHA1 hash of the password. */ | |
| + printf("scrambling:\n"); | |
| compute_two_stage_sha1_hash(password, strlen(password), hash_stage1, | |
| hash_stage2); | |
| - | |
| + printf("password: %s\n", password); | |
| + printf("hash 1:\n"); | |
| + for (int counter = 0; counter < SHA1_HASH_SIZE; counter ++) { | |
| + printf("%02x ", (unsigned char) hash_stage1[counter]); | |
| + } | |
| + printf("\n"); | |
| + printf("hash 2:\n"); | |
| + for (int counter = 0; counter < SHA1_HASH_SIZE; counter ++) { | |
| + printf("%02x ", (unsigned char) hash_stage2[counter]); | |
| + } | |
| + printf("\n"); | |
| + printf("message:\n"); | |
| + for (int counter = 0; counter < SCRAMBLE_LENGTH; counter ++) { | |
| + printf("%02x ", (unsigned char) message[counter]); | |
| + } | |
| + printf("\n"); | |
| /* create crypt string as sha1(message, hash_stage2) */; | |
| compute_sha1_hash_multi((uint8 *)to, message, SCRAMBLE_LENGTH, | |
| (const char *)hash_stage2, SHA1_HASH_SIZE); | |
| + printf("crypt string (to?):\n"); | |
| + for (int counter = 0; counter < SHA1_HASH_SIZE; counter ++) { | |
| + printf("%02x ", (unsigned char) to[counter]); | |
| + } | |
| + printf("\n"); | |
| my_crypt(to, (const uchar *)to, hash_stage1, SCRAMBLE_LENGTH); | |
| + printf("to:\n"); | |
| + for (int counter = 0; counter < SHA1_HASH_SIZE; counter ++) { | |
| + printf("%02x ", (unsigned char) to[counter]); | |
| + } | |
| + printf("\n"); | |
| } | |
| /** |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment