Get MySQL to compile and add basic v9 support.

2025-10-09 10:08:20 +00:00 · 2014-08-05 21:31:12 -05:00 · 2014-08-05 21:31:12 -05:00 · 5929b635ab
commit 5929b635ab
parent 101d340b18
3 changed files with 88 additions and 67 deletions
--- a/src/analyzer/protocol/CMakeLists.txt
+++ b/src/analyzer/protocol/CMakeLists.txt
@ -21,6 +21,7 @@ add_subdirectory(irc)
 add_subdirectory(login)
 add_subdirectory(mime)
 add_subdirectory(modbus)
+add_subdirectory(mysql)
 add_subdirectory(ncp)
 add_subdirectory(netbios)
 add_subdirectory(netflow)
--- a/src/analyzer/protocol/mysql/mysql-analyzer.pac
+++ b/src/analyzer/protocol/mysql/mysql-analyzer.pac
@ -11,8 +11,16 @@ refine flow MySQL_Flow += {
 	function proc_mysql_handshake_response_packet(msg: Handshake_Response_Packet): bool
 		%{
 		if ( mysql_handshake_response )
-			BifEvent::generate_mysql_handshake_response(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(),
-								    bytestring_to_val(${msg.username}));
+			{
+			if ( ${msg.version} == 10 )
+				BifEvent::generate_mysql_handshake_response(connection()->bro_analyzer(), 
+									    connection()->bro_analyzer()->Conn(),
+								    	    bytestring_to_val(${msg.v10_response.username}));
+			if ( ${msg.version} == 9 )
+				BifEvent::generate_mysql_handshake_response(connection()->bro_analyzer(), 
+									    connection()->bro_analyzer()->Conn(),
+								    	    bytestring_to_val(${msg.v9_response.username}));
+			}
 		return true;
 		%}

--- a/src/analyzer/protocol/mysql/mysql-protocol.pac
+++ b/src/analyzer/protocol/mysql/mysql-protocol.pac
@ -115,14 +115,10 @@ type Header = record {

 type MySQL_PDU(is_orig: bool) = record {
 	hdr: Header;
-#	todo: bytestring &length=56;
 	msg: case is_orig of {
 		false -> server_msg: Server_Message(hdr.seq_id);
 		true  -> client_msg: Client_Message(state);
 	} &requires(state);
-
-	# In case there is trash left over from not parsing something completely.
-	#blah: bytestring &restofdata;
 } &let {
 	state = $context.connection.get_state();
 } &length=hdr.len &byteorder=bigendian;
@ -144,6 +140,8 @@ type Initial_Handshake_Packet = record {
 		9       -> handshake9  : Handshake_v9;
 		default -> error       : ERR_Packet;
 	};
+} &let {
+	set_version: bool = $context.connection.set_version(protocol_version);
 };

 type Handshake_v10 = record {
@ -160,17 +158,38 @@ type Handshake_v10 = record {
 };

 type Handshake_v9 = record {
-	todo: bytestring &restofdata;
+	server_version		: NUL_String;
+	connection_id		: uint32;
+	scramble		: NUL_String;
 };

-type Handshake_Response_Packet = record {
+type Handshake_Response_Packet = case $context.connection.get_version() of {
+	10	-> v10_response	: Handshake_Response_Packet_v10;
+	9	-> v9_response	: Handshake_Response_Packet_v9;
+} &let {
+	version : uint8 = $context.connection.get_version();
+} &byteorder=bigendian;
+
+type Handshake_Response_Packet_v10 = record {
 	cap_flags    : uint32;
 	max_pkt_size : uint32;
 	char_set     : uint8;
 	pad          : padding[23];
 	username     : NUL_String;
 	password     : bytestring &restofdata;
-} &byteorder=bigendian;
+};
+
+type Handshake_Response_Packet_v9 = record {
+	cap_flags	: uint16;
+	max_pkt_size 	: uint24le;
+	username     	: NUL_String;
+	auth_response	: NUL_String;
+	have_db		: case ( cap_flags & 0x8 ) of {
+		0x8	-> database : NUL_String;
+		0x0	-> none	    : empty;
+	};
+	password     	: bytestring &restofdata;
+};

 type Command_Request_Packet = record {
 	command: uint8;
@ -183,7 +202,6 @@ type Command_Response = case $context.connection.get_expectation() of {
 	EXPECT_COLUMN_COUNT		-> col_count	: ColumnCount;
 	EXPECT_COLUMN_DEFINITION	-> col_defs	: ColumnDefinitions;
 	EXPECT_RESULTSET		-> resultset    : Resultset;
-#	EXPECT_RESULTSETROW		-> resultsetrow : ResultsetRow;
 	EXPECT_STATUS			-> status       : Command_Response_Status;
 	EXPECT_EOF1			-> eof1		: EOF1;
 	EXPECT_EOF2			-> eof2		: EOF2;
@ -209,7 +227,6 @@ type ColumnCount = record {
 };

 type ColumnDefinitions = record {
-#	defs: ColumnDefinition41[$context.connection.get_col_count()];
 	defs: ColumnDefinition41[1];
 } &let {
 	update_expectation: bool = $context.connection.set_next_expected(EXPECT_EOF1);
@ -239,7 +256,6 @@ type ResultsetRow = record {

 type ColumnDefinition41 = record {
 	catalog  : LengthEncodedString;
-#	todo: bytestring &length=2;
 	schema   : LengthEncodedString;
 	table    : LengthEncodedString;
 	org_table: LengthEncodedString;
@ -252,10 +268,6 @@ type ColumnDefinition41 = record {
 	flags    : uint16;
 	decimals : uint8;
 	filler   : padding[2];
-	#if command was COM_FIELD_LIST {
-	#  lenenc_int     length of default-values
-	#  string[$len]   default values
-	#}
 };

 type ColumnDefinition320 = record {
@ -265,19 +277,6 @@ type ColumnDefinition320 = record {
 	col_len          : uint24le;
 	type_len         : LengthEncodedInteger;
 	type             : uint8;
-	#if capabilities & CLIENT_LONG_FLAG {
-	#lenenc_int     [03] length of flags+decimals fields
-	#2              flags
-	#1              decimals
-	#  } else {
-	#1              [02] length of flags+decimals fields
-	#1              flags
-	#1              decimals
-	#  }
-	#  if command was COM_FIELD_LIST {
-	#lenenc_int     length of default-values
-	#string[$len]   default values
-	#  }
 };

 type OK_Packet = record {
@ -302,17 +301,30 @@ type EOF_Packet = record {

 refine connection MySQL_Conn += {
 	%member{
+		uint8 version_;
 		int state_;
 		Expected expected_;
 		uint32 col_count_;
 	%}

 	%init{
+		version_ = 0;
 		state_ = CONNECTION_PHASE;
 		expected_ = EXPECT_STATUS;
 		col_count_ = 0;
 	%}

+	function get_version(): uint8
+		%{ 
+		return version_; 
+		%}
+
+	function set_version(v: uint8): bool
+		%{
+		version_ = v;
+		return true;
+		%}
+
 	function get_state(): int
 		%{ 
 		return state_;