From e8bdf149f22099a9a9cc84faa1964c23ea795fd3 Mon Sep 17 00:00:00 2001 From: Fupeng Zhao Date: Sun, 30 Jun 2024 21:52:31 +0800 Subject: [PATCH] Add support for "auth switch" and "query attrs" Also fix the issue where Resultset could not correctly distinguish between EOF_Packet and OK_Packet. --- .../protocol/mysql/mysql-analyzer.pac | 4 +- .../protocol/mysql/mysql-protocol.pac | 164 ++++++++++++++---- .../mysql.log | 16 ++ .../out | 14 ++ .../mysql.log | 12 +- .../out | 12 +- .../mysql.log | 14 ++ .../out | 12 ++ ...ing_sha2_password-after-auth-switch.pcapng | Bin 0 -> 4412 bytes testing/btest/Traces/mysql/query-attr.pcapng | Bin 0 -> 7696 bytes ...ching_sha2_password-after-auth-switch.test | 35 ++++ .../base/protocols/mysql/query-attr.test | 35 ++++ 12 files changed, 272 insertions(+), 46 deletions(-) create mode 100644 testing/btest/Baseline/scripts.base.protocols.mysql.caching_sha2_password-after-auth-switch/mysql.log create mode 100644 testing/btest/Baseline/scripts.base.protocols.mysql.caching_sha2_password-after-auth-switch/out create mode 100644 testing/btest/Baseline/scripts.base.protocols.mysql.query-attr/mysql.log create mode 100644 testing/btest/Baseline/scripts.base.protocols.mysql.query-attr/out create mode 100644 testing/btest/Traces/mysql/caching_sha2_password-after-auth-switch.pcapng create mode 100644 testing/btest/Traces/mysql/query-attr.pcapng create mode 100644 testing/btest/scripts/base/protocols/mysql/caching_sha2_password-after-auth-switch.test create mode 100644 testing/btest/scripts/base/protocols/mysql/query-attr.test diff --git a/src/analyzer/protocol/mysql/mysql-analyzer.pac b/src/analyzer/protocol/mysql/mysql-analyzer.pac index ebc964a793..5f6782c4ff 100644 --- a/src/analyzer/protocol/mysql/mysql-analyzer.pac +++ b/src/analyzer/protocol/mysql/mysql-analyzer.pac @@ -83,8 +83,8 @@ refine flow MySQL_Flow += { function proc_resultset(msg: Resultset): bool %{ - if ( ${msg.is_eof} ) - return true; // Raised through proc_eof_packet() + if ( ${msg.is_eof_or_ok} ) + return true; // Raised through proc_eof_packet() or proc_ok_packet() if ( ! mysql_result_row ) return true; diff --git a/src/analyzer/protocol/mysql/mysql-protocol.pac b/src/analyzer/protocol/mysql/mysql-protocol.pac index ffc0c1fbc5..d482d23b10 100644 --- a/src/analyzer/protocol/mysql/mysql-protocol.pac +++ b/src/analyzer/protocol/mysql/mysql-protocol.pac @@ -96,11 +96,6 @@ type LengthEncodedStringArg(first_byte: uint8) = record { }; %} -%code{ - const char* PLUGIN_CACHING_SHA2_PASSWORD = "caching_sha2_password"; -%} - -extern type PLUGIN_CACHING_SHA2_PASSWORD; extern type to_int; # Enums @@ -141,11 +136,12 @@ enum command_consts { }; enum state { - CONNECTION_PHASE = 0, - COMMAND_PHASE = 1, - SHA2_AUTH_PHASE = 2, - PUB_KEY_PHASE = 3, - SHA2_AUTH_RESP_PHASE = 4, + CONNECTION_PHASE = 0, + COMMAND_PHASE = 1, + SHA2_AUTH_PHASE = 2, + PUB_KEY_PHASE = 3, + SHA2_AUTH_RESP_PHASE = 4, + AUTH_SWITCH_RESP_PHASE = 5, }; enum Expected { @@ -173,9 +169,10 @@ enum Client_Capabilities { # Expects an OK (instead of EOF) after the resultset rows of a Text Resultset. CLIENT_DEPRECATE_EOF = 0x01000000, CLIENT_ZSTD_COMPRESSION_ALGORITHM = 0x04000000, + CLIENT_QUERY_ATTRIBUTES = 0x08000000, }; -enum SHA2_Atuh_State { +enum SHA2_Auth_State { REQUEST_PUBLIC_KEY = 2, FAST_AUTH_SUCCESS = 3, PERFORM_FULL_AUTHENTICATION = 4, @@ -217,6 +214,7 @@ type Client_Message(state: int) = case state of { SHA2_AUTH_PHASE -> sha2_auth_phase : SHA2_Auth_Packet; PUB_KEY_PHASE -> pub_key_phase : Public_Key_Packet; SHA2_AUTH_RESP_PHASE -> sha2_auth_resp_phase : SHA2_Auth_Response_Packet; + AUTH_SWITCH_RESP_PHASE -> auth_switch_resp_phase : Auth_Switch_Response_Packet; }; # Handshake Request @@ -244,10 +242,14 @@ type Handshake_v10 = record { auth_plugin_data_len : uint8; reserved : padding[10]; auth_plugin_data_part_2: bytestring &length=13; - have_plugin : case ( ( capability_flags_2 << 4 ) & CLIENT_PLUGIN_AUTH ) of { - CLIENT_PLUGIN_AUTH -> auth_plugin_name: NUL_String; + have_plugin : case ( ( capability_flags_2 << 16 ) & CLIENT_PLUGIN_AUTH ) of { + CLIENT_PLUGIN_AUTH -> auth_plugin: NUL_String; 0x0 -> none : empty; }; +} &let { + update_auth_plugin: bool = $context.connection.set_auth_plugin(auth_plugin) + &if( ( capability_flags_2 << 16 ) & CLIENT_PLUGIN_AUTH ); + server_query_attrs: bool = $context.connection.set_server_query_attrs(( capability_flags_2 << 16 ) & CLIENT_QUERY_ATTRIBUTES); }; type Handshake_v9 = record { @@ -287,7 +289,7 @@ type Handshake_Plain_v10(cap_flags: uint32) = record { 0x0 -> none_1 : empty; }; have_plugin : case ( cap_flags & CLIENT_PLUGIN_AUTH ) of { - CLIENT_PLUGIN_AUTH -> auth_plugin_name: EmptyOrNUL_String; + CLIENT_PLUGIN_AUTH -> auth_plugin: EmptyOrNUL_String; 0x0 -> none_2 : empty; }; have_attrs : case ( cap_flags & CLIENT_CONNECT_ATTRS ) of { @@ -299,8 +301,10 @@ type Handshake_Plain_v10(cap_flags: uint32) = record { 0x0 -> none_4 : empty; }; } &let { - update_state: bool = $context.connection.update_state(SHA2_AUTH_PHASE) - &if(( cap_flags & CLIENT_PLUGIN_AUTH ) && auth_plugin_name==PLUGIN_CACHING_SHA2_PASSWORD); + update_auth_plugin: bool = $context.connection.set_auth_plugin(auth_plugin) + &if( cap_flags & CLIENT_PLUGIN_AUTH ); + update_state: bool = $context.connection.update_state_from_auth() + &if( cap_flags & CLIENT_PLUGIN_AUTH ); }; type Handshake_Response_Packet_v10 = record { @@ -314,6 +318,7 @@ type Handshake_Response_Packet_v10 = record { }; } &let { deprecate_eof: bool = $context.connection.set_deprecate_eof(cap_flags & CLIENT_DEPRECATE_EOF); + client_query_attrs: bool = $context.connection.set_client_query_attrs(cap_flags & CLIENT_QUERY_ATTRIBUTES); }; type Handshake_Response_Packet_v9 = record { @@ -352,10 +357,43 @@ type SHA2_Auth_Response_Packet = record { update_state: bool = $context.connection.update_state(COMMAND_PHASE); }; +# Auth Switch + +type Auth_Switch_Response_Packet = record { + data : bytestring &restofdata; +} &let { + update_state: bool = $context.connection.update_state_from_auth(); +}; + # Command Request +type AttributeTypeAndName = record { + type: uint16; + name: LengthEncodedString; +}; + +type Attributes(count: uint8) = record { + unused : uint8; + send_types_to_server: uint8; # Always 1. + names : AttributeTypeAndName[count]; + values : LengthEncodedString[count]; +}; + +type Query_Attributes = record { + count : uint8; + set_coun : uint8; + have_attr : case ( count > 0 ) of { + true -> attrs: Attributes(count); + false -> none: empty; + }; +}; + type Command_Request_Packet = record { command: uint8; + attrs : case ( command == COM_QUERY && $context.connection.get_client_query_attrs() && $context.connection.get_server_query_attrs() ) of { + true -> query_attrs: Query_Attributes; + false -> none: empty; + }; arg : bytestring &restofdata; } &let { update_expectation: bool = $context.connection.set_next_expected_from_command(command); @@ -413,22 +451,22 @@ type ColumnDefinition = record { }; # Only used to indicate the end of a result, no intermediate eofs here. -type EOFOrOK = case $context.connection.get_deprecate_eof() of { +# MySQL spec says "You must check whether the packet length is less than 9 +# to make sure that it is a EOF_Packet packet" so the value of 13 here +# comes from that 9, plus a 4-byte header. +type EOFOrOK(pkt_len: uint32) = case ( $context.connection.get_deprecate_eof() || pkt_len > 13 ) of { false -> eof: EOF_Packet(EOF_END); true -> ok: OK_Packet; }; type ColumnDefinitionOrEOF(pkt_len: uint32) = record { marker : uint8; - def_or_eof: case is_eof of { - true -> eof: EOFOrOK; + def_or_eof: case is_eof_or_ok of { + true -> eof: EOFOrOK(pkt_len); false -> def: ColumnDefinition41(marker); - } &requires(is_eof); + } &requires(is_eof_or_ok); } &let { - # MySQL spec says "You must check whether the packet length is less than 9 - # to make sure that it is a EOF_Packet packet" so the value of 13 here - # comes from that 9, plus a 4-byte header. - is_eof: bool = (marker == 0xfe && pkt_len < 13); + is_eof_or_ok: bool = (marker == 0xfe); }; @@ -442,17 +480,14 @@ type EOFIfLegacyThenResultset(pkt_len: uint32) = case $context.connection.get_de type Resultset(pkt_len: uint32) = record { marker : uint8; - row_or_eof: case is_eof of { - true -> eof: EOFOrOK; + row_or_eof: case is_eof_or_ok of { + true -> eof: EOFOrOK(pkt_len); false -> row: ResultsetRow(marker); - } &requires(is_eof); + } &requires(is_eof_or_ok); } &let { - # MySQL spec says "You must check whether the packet length is less than 9 - # to make sure that it is a EOF_Packet packet" so the value of 13 here - # comes from that 9, plus a 4-byte header. - is_eof : bool = (marker == 0xfe && pkt_len < 13); + is_eof_or_ok : bool = (marker == 0xfe); update_result_seen: bool = $context.connection.inc_results_seen(); - update_expectation: bool = $context.connection.set_next_expected(is_eof ? NO_EXPECTATION : EXPECT_RESULTSET); + update_expectation: bool = $context.connection.set_next_expected(is_eof_or_ok ? NO_EXPECTATION : EXPECT_RESULTSET); }; type ResultsetRow(first_byte: uint8) = record { @@ -480,6 +515,9 @@ type AuthSwitchRequest = record { status: uint8; name : NUL_String; data : bytestring &restofdata; +} &let { + update_auth_plugin: bool = $context.connection.set_auth_plugin(name); + update_state: bool = $context.connection.update_state(AUTH_SWITCH_RESP_PHASE); }; type ColumnDefinition320 = record { @@ -531,6 +569,9 @@ refine connection MySQL_Conn += { uint32 remaining_cols_; uint32 results_seen_; bool deprecate_eof_; + bool server_query_attrs_; + bool client_query_attrs_; + bytestring auth_plugin_; %} %init{ @@ -542,6 +583,13 @@ refine connection MySQL_Conn += { remaining_cols_ = 0; results_seen_ = 0; deprecate_eof_ = false; + server_query_attrs_ = false; + client_query_attrs_ = false; + auth_plugin_ = bytestring(); + %} + + %cleanup{ + auth_plugin_.free(); %} function get_version(): uint8 @@ -577,6 +625,18 @@ refine connection MySQL_Conn += { return true; %} + function update_state_from_auth(): bool + %{ + if ( auth_plugin_ == "caching_sha2_password" ) + { + state_ = SHA2_AUTH_PHASE; + if ( expected_ == EXPECT_AUTH_SWITCH ) + expected_ = EXPECT_STATUS; + } + + return true; + %} + function get_deprecate_eof(): bool %{ return deprecate_eof_; @@ -588,6 +648,46 @@ refine connection MySQL_Conn += { return true; %} + function get_server_query_attrs(): bool + %{ + return server_query_attrs_; + %} + + function set_server_query_attrs(q: bool): bool + %{ + server_query_attrs_ = q; + return true; + %} + + function get_client_query_attrs(): bool + %{ + return client_query_attrs_; + %} + + function set_client_query_attrs(q: bool): bool + %{ + client_query_attrs_ = q; + return true; + %} + + function get_auth_plugin(): bytestring + %{ + return auth_plugin_; + %} + + function set_auth_plugin(a: bytestring): bool + %{ + if ( auth_plugin_.length() > 0 && + strncmp(c_str(auth_plugin_), c_str(a), auth_plugin_.length()) != 0 ) + { + expected_ = EXPECT_AUTH_SWITCH; + } + + auth_plugin_.free(); + auth_plugin_.init(a.data(), a.length()); + return true; + %} + function get_expectation(): Expected %{ return expected_; diff --git a/testing/btest/Baseline/scripts.base.protocols.mysql.caching_sha2_password-after-auth-switch/mysql.log b/testing/btest/Baseline/scripts.base.protocols.mysql.caching_sha2_password-after-auth-switch/mysql.log new file mode 100644 index 0000000000..26e609fe2a --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.mysql.caching_sha2_password-after-auth-switch/mysql.log @@ -0,0 +1,16 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path mysql +#open XXXX-XX-XX-XX-XX-XX +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cmd arg success rows response +#types time string addr port addr port string string bool count string +XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 35928 127.0.0.1 3306 login root T 0 - +XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 35928 127.0.0.1 3306 query select @@version_comment limit 1 T 0 - +XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 35928 127.0.0.1 3306 query select DATABASE(), USER() limit 1 T 0 - +XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 35928 127.0.0.1 3306 query select @@character_set_client, @@character_set_connection, @@character_set_server, @@character_set_database limit 1 T 0 - +XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 35928 127.0.0.1 3306 statistics (empty) - - - +XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 35928 127.0.0.1 3306 quit (empty) - - - +#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline/scripts.base.protocols.mysql.caching_sha2_password-after-auth-switch/out b/testing/btest/Baseline/scripts.base.protocols.mysql.caching_sha2_password-after-auth-switch/out new file mode 100644 index 0000000000..e8ead41d58 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.mysql.caching_sha2_password-after-auth-switch/out @@ -0,0 +1,14 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +mysql handshake, root +mysql ok, 0 +mysql request, 3, select @@version_comment limit 1 +mysql result row, [MySQL Community Server - GPL] +mysql ok, 0 +mysql request, 3, select DATABASE(), USER() limit 1 +mysql result row, [, root@localhost] +mysql ok, 0 +mysql request, 3, select @@character_set_client, @@character_set_connection, @@character_set_server, @@character_set_database limit 1 +mysql result row, [utf8mb4, utf8mb4, utf8mb4, utf8mb4] +mysql ok, 0 +mysql request, 9, +mysql request, 1, diff --git a/testing/btest/Baseline/scripts.base.protocols.mysql.caching_sha2_password/mysql.log b/testing/btest/Baseline/scripts.base.protocols.mysql.caching_sha2_password/mysql.log index 53fb4143f2..bb46a96482 100644 --- a/testing/btest/Baseline/scripts.base.protocols.mysql.caching_sha2_password/mysql.log +++ b/testing/btest/Baseline/scripts.base.protocols.mysql.caching_sha2_password/mysql.log @@ -9,15 +9,15 @@ #types time string addr port addr port string string bool count string XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 56494 127.0.0.1 3306 login root F - Got an error reading communication packets XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 127.0.0.1 49352 127.0.0.1 3306 login root T 0 - -XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 127.0.0.1 49352 127.0.0.1 3306 query \x00\x01show databases T 0 - -XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 127.0.0.1 49352 127.0.0.1 3306 query \x00\x01show tables T 0 - +XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 127.0.0.1 49352 127.0.0.1 3306 query show databases T 0 - +XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 127.0.0.1 49352 127.0.0.1 3306 query show tables T 0 - XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 127.0.0.1 49352 127.0.0.1 3306 field_list t T 0 - -XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 127.0.0.1 49352 127.0.0.1 3306 query \x00\x01select @@version_comment limit 1 T 0 - +XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 127.0.0.1 49352 127.0.0.1 3306 query select @@version_comment limit 1 T 0 - XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 127.0.0.1 49352 127.0.0.1 3306 quit (empty) - - - XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 127.0.0.1 40950 127.0.0.1 3306 login root T 0 - -XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 127.0.0.1 40950 127.0.0.1 3306 query \x00\x01show databases T 0 - -XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 127.0.0.1 40950 127.0.0.1 3306 query \x00\x01show tables T 0 - +XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 127.0.0.1 40950 127.0.0.1 3306 query show databases T 0 - +XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 127.0.0.1 40950 127.0.0.1 3306 query show tables T 0 - XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 127.0.0.1 40950 127.0.0.1 3306 field_list t T 0 - -XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 127.0.0.1 40950 127.0.0.1 3306 query \x00\x01select @@version_comment limit 1 T 0 - +XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 127.0.0.1 40950 127.0.0.1 3306 query select @@version_comment limit 1 T 0 - XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 127.0.0.1 40950 127.0.0.1 3306 quit (empty) - - - #close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline/scripts.base.protocols.mysql.caching_sha2_password/out b/testing/btest/Baseline/scripts.base.protocols.mysql.caching_sha2_password/out index 6dd3801eba..f8855b38fc 100644 --- a/testing/btest/Baseline/scripts.base.protocols.mysql.caching_sha2_password/out +++ b/testing/btest/Baseline/scripts.base.protocols.mysql.caching_sha2_password/out @@ -3,37 +3,37 @@ mysql handshake, root mysql error, 1158, Got an error reading communication packets mysql handshake, root mysql ok, 0 -mysql request, 3, \x00\x01show databases +mysql request, 3, show databases mysql result row, [information_schema] mysql result row, [mysql] mysql result row, [performance_schema] mysql result row, [sys] mysql result row, [test] mysql ok, 0 -mysql request, 3, \x00\x01show tables +mysql request, 3, show tables mysql result row, [t] mysql ok, 0 mysql request, 4, t\x00 mysql ok, 0 -mysql request, 3, \x00\x01select @@version_comment limit 1 +mysql request, 3, select @@version_comment limit 1 mysql result row, [MySQL Community Server - GPL] mysql ok, 0 mysql request, 1, mysql handshake, root mysql ok, 0 -mysql request, 3, \x00\x01show databases +mysql request, 3, show databases mysql result row, [information_schema] mysql result row, [mysql] mysql result row, [performance_schema] mysql result row, [sys] mysql result row, [test] mysql ok, 0 -mysql request, 3, \x00\x01show tables +mysql request, 3, show tables mysql result row, [t] mysql ok, 0 mysql request, 4, t\x00 mysql ok, 0 -mysql request, 3, \x00\x01select @@version_comment limit 1 +mysql request, 3, select @@version_comment limit 1 mysql result row, [MySQL Community Server - GPL] mysql ok, 0 mysql request, 1, diff --git a/testing/btest/Baseline/scripts.base.protocols.mysql.query-attr/mysql.log b/testing/btest/Baseline/scripts.base.protocols.mysql.query-attr/mysql.log new file mode 100644 index 0000000000..3fd06ec55f --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.mysql.query-attr/mysql.log @@ -0,0 +1,14 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path mysql +#open XXXX-XX-XX-XX-XX-XX +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cmd arg success rows response +#types time string addr port addr port string string bool count string +XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 51682 127.0.0.1 3306 login ykg T 0 - +XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 51682 127.0.0.1 3306 query select @@version_comment limit 1 T 0 - +XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 51682 127.0.0.1 3306 query select now() T 0 - +XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 51682 127.0.0.1 3306 query select now() T 0 - +#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline/scripts.base.protocols.mysql.query-attr/out b/testing/btest/Baseline/scripts.base.protocols.mysql.query-attr/out new file mode 100644 index 0000000000..dce5524739 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.mysql.query-attr/out @@ -0,0 +1,12 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +mysql handshake, ykg +mysql ok, 0 +mysql request, 3, select @@version_comment limit 1 +mysql result row, [Source distribution] +mysql ok, 0 +mysql request, 3, select now() +mysql result row, [2022-07-13 10:45:41] +mysql ok, 0 +mysql request, 3, select now() +mysql result row, [2022-07-13 10:45:43] +mysql ok, 0 diff --git a/testing/btest/Traces/mysql/caching_sha2_password-after-auth-switch.pcapng b/testing/btest/Traces/mysql/caching_sha2_password-after-auth-switch.pcapng new file mode 100644 index 0000000000000000000000000000000000000000..3f4407eb49c93a38b29b4fc7fcbcf2235bd912ec GIT binary patch literal 4412 zcmbVQZ)_Xo8Gp}q{*tmbf;P}rdj*qlNNk;*i~mGb<|Yj-EFpiKuxQ127vH5muzlw4 z?2t}lUZqLZln?tbBoI*8R<)`q7){j#6+#GYn$%7Ea#ESlM7IgbD9hLfq;0UqJkRU9 z_|7p#;)&ke``*3x{GR9cd*1gwxp&vD-q#2rGlz!mRr{0oD0Qq^St z;>;jbqJa=U8seAebOA3b)G`qvaAOOwedAs8McUb3G|D}~Y%G!hI4QG0BV3c*m2r~Wd#Y8gHd4)LMDiIq@{ zk3@u(2tN`Xgb)eFi?K@9m4HVN{N+>v*xh7WRf{WP=CK}_)dO>GA-#kYRn4FyBYcFA zzORT6USYmF;hMt%*oXU<_U#?|EcyWSu{o`qOc8P@_3Z>nbY468BM1)L#&X|{_~t8J zIP*nM?VT;25Rb3+j?dHGd$l^{!TX%o3(paw8SA+x+hGxcScfj#SbaA(md|e9elOs4 zzt~^r-tSssASZu!bMhM){^VTk z4)Da)obDWbO;rs-^6UEJxpYA^l(O7lVcnN5DpF@?Bsvo1d(y?6XsoJQzO%k)y=hhN zV2iphoyjS3!2kz&xjUzh61XOjg~! z4QufNTPM@*m?&(B|B;esmgV1Gy>Om>K6$QKz4rXX@rla$$|rqKO-#n`K2^uZIIe>dwrI|a{t>5QIYgYoxF?o^F*c_$ zoLO^%?F*8fuZ2_H#+ls4@#5aIkB|=V;z_{2TRVEX)0X+zs;j_V#CNW9q2!58z&&hE zWB5Yq2;=*QHonF8b>RC-(>iDPjdNqea)voR^{ywTz!;m;7{>9`6vJ3*iGg)C>(23R zaN#AKF6ZQoK@$mUd8IRIJ`c;1=9Ii*&=AbR7%<;|LPNt?9{jy8_DASra~g}~O_SAE z_ES3+i|;G(&FU_u>#tq0c!5@qy9WsOO7beW+p{Aa(pMvkOB}gL$TtZ&2%#UCSx?SS z!#71fUn(fZI!($Ntc;aw!%0DbvBOLdT2x2-bOem>S;iz zi+TWJw)F3;hl$TCKKuD@(Dd_L@#sn9)Qp(Rs=5I>cYH0KG2dpLf2IG;Y@_orropkda~k9JmDK%+@!nQT4Al9TE^f!*bH<@_ zB9Va)U@>FJT3VM4>)afMwcT`IEfiqQ!&$oX863T^h<4tWL_=H=b=j^Q%nAA1U^`-c zPtb=xG9QI8Hm6~3+`}f@pR$W~ZdTpEw{5kGbyI89FyjyF#y8xko4q^IV4n}}je&2} z(49NxZ>Q~k2QYkA-R;1r)8U>EXHthXf1nw|rpf&V1+KbE#%e6TB7E5uD!J=xRdQVe z)B?{%G_11^7CttQLLZycSe?aF53pL+Y%Q!>uAbc-=x1v<;I19z;#I|2ZU}HcS4Ag=si?p@{vQ|j4u>(#V z4^4?flR}`=AC1QYlq3ZV2HM&ply)XGJPb@rnN008P$y0Ynm%Zg@Mw#B&eg88E9Cu= z{O$2vyeqHncfRkObNAju+PHCP#|R-y=goeMf#0K|X^53rtf2;W5$|Iwd?DUzsLo-_ zgaB_?wKRwI6d5hnBC~lhYuMs}r&g|9Xfs)J2+@)$q{`!KYGDgZmI9O6XtNmWc^@C} zxQLDvk@BWSzl-y;hBcl5A8g@ssO zF&O%ZK9-BW3CyU0AFn`2D*PoCK2KM{hd4egVL7^xIxFx#!IOXxro?b?sB1xbpy!Z6zd}X$7B3q?{O6#T~jE=+X*qI z0)~P|v2JCQ$B#vaQLE!GoEUfx?s3SC^6(0W5M$s&2}9KCW8hLxwR%>`!+!X$M873l zK9S;DQ$A_w`QLvs_j-t=JF6;IFLc^#s#Y#^5`sP<|87hOF!ar4_}M@k+~bfN`o;)d zQ_;6Ke3EaX#`W$wxtZ<2f7GS)Z3XphJahHU8)xA!FMc-o&dy_5!8VwgA+uaUqsfD1 z;q`1Z@h!ZoDdZ7+ra+^|RN>~iHC)Km;1=rrEderRBiGECyqvGz6yWQ;yenj~2ZWZ^ zKg}9s2QtboY6w$Bn1&GfMioAphfn5-Pv%wlngth!b1&w6ZZ990>u>P~1H?!tMYtdz zXyyZ^YQ9kj@yj=Cg!v!(lBkA8LkN15srKco+{s<(Tz-}opY?CClC&D1$HfIh)qEXE zg{n81;m1PAj!C-T&Pd9fF=M7&qIM0_0&p0Y`1~{$_NnBja2VrrX`&RLNbcljZkyb* z@8LQt)+Mg9<-61{x~9<@cvHfNf}ucBS&yNKEQ9|`l~OFJf=ZD>ngko?&{ z+NV12D|wBzMtxEfR>4SGh8TrG31i2ki!b5)fRmCaKC$&fzSeHq9#&ZgJI^NMkpeik z+cSX2nCsw9F%TG^@_&a1Ho-j(xzYHn@B9tL_?^T<)GC63T0vN2>v^$GT%!`_I=(Ge zcn*B=$3F8<2>O6=!~91>UtT|TYG5r~T>s(9}XTeM;#|!Zm3I z;>G97>Z_;JbbgO&a9_d|HLxs5{ybS-XL&5c`9)V$-f52^Mpt~T?T1>+jeDn=@ZA}E zr+G!8P`}*2&mXFUdmM73`pvUz5aZKdNIcFDr{7|a77XE&-I~$&AD9Wz=tkeyY3Td; zE`H8vwaJ7a25Kh9sx*|UU=e~?^THBV`mOWBSNk?C0lW{oA053Ij|H6WDzW6+&8{gO z8e2QNmh$?ggeCI&0Pw2fw7ZKqG41-0A{c77=H$~uKZI)>a--Vq=wJ{d?3FM?K2^wv zu7%s8xkoYVFhyE1EdACJqnqE*R8Qu@Cl$3Rh2?z11l%~nJM{Xb7?9bpBz3dCDW`Py z!fnLGxf(padM9l8tWG}{3~mtus0aERpS!7do>tRFN3}UE`7P6?TU{HQxGz9$cF(IA znh5tee`)|V7ptp%x0zn2Tu34z9>mf}KZ zp-t-)f_l2;PItPz9^Myn`nX0u#p~J7*c#mIO%{UACfFos!GZD86R=|l!k!{263=vh zK&TIJjr5Cp`YqHdJ}&!fD^%jrp`rP7M$$~or*8IWVNZJoGb&rV<8rn^R0-p9Zpo6N z#c+>9ZZv1-bZ99?UqTFwizynHdsr75D1Sza^T%_U+PXxAi#>_v*eMAol4FHEP=5#G zatv|q#p=&5I*nY?4pa>-g?k)wqg>{9&^!(wmoP-V4pP04OTL23Jy^70OGbba8sfxr z+J3Z3jZ-q^6kWe$oO;zc;d>1YIgMwQ4SC=ihukP9hdqU2?3OqwFp$%7C8sA~3N2xR zJno9w(o!)kov^!ZghXb&o<>iIg}r9<-6~&0|2Aov3f~S|!{K)%UqpR-LEmfYeC2EC z(v#IgdjTJZ+$i7gb!+~bfN)#gVh&LPH*y^=PEre7Q0Q?~2Qojb;L^!);971?L4JwBZKt?v`! zpp$?+gse_m^?bHtRYQR1+^o5!sIIP#&o8Ru3vFiBP_@R+mK0lTmK>IE@q~Ey`gOkS zv?oLKX=CK0T#x(7Y+H72eL!gP8}Y_t$xb5#{g>Ab@^HT8Iy3gW_$?Rm*z=6UBwPE*=|RB2Auy5avp1s$JT-!ln)_@ar?FY!FssIAvdbkckF2i>n0Kp%p+JrB3jk9 z;d(O@rqF5_!aN`vp9TN1YML#YW~*39K4FU?hai4D*GF#l501^XgRT+b=o%5J8Ltj% z=Dsp7(2rU;3u8SZ#$gy}$Tex`SA#FZH4eE^u3J0k8W9didMYrGD|B;WTx;<#&oGb2 zYDOO+mp-3NfXUNeL0CvRE8ZFP|M^3L$ z;nBrXjP8UO%37uvv09e;WT@4J@iikVeX?Gv744}bj#$fepw$hkRkTm$K#V+PpNxft zG`>%Un5UnwQPXZ_LS8pOyQT!%rcAa$J(|cFaPSIOY^x}|LqCO__=uW9s z!AP$JVdP`7>Zt;!;Crb<$H1H%g$DAWGy&>LvGZU%A^%k zQ-|b>sA&pl>Y$oNdvVkkbHcTCW(!OlzsKl4&8g{pk!tXTgez*`0G+eqbVd!Jqb1cd zVxhGGw|P_Cl{IjULvEDYB6~Vwd>UOd6#E#gXK3X__FUX$+}DkVDPrfc$c8J@*OYTZ z+_p}4<=Fdout +# @TEST-EXEC: btest-diff out +# @TEST-EXEC: btest-diff mysql.log + +@load base/protocols/mysql + +event mysql_ok(c: connection, affected_rows: count) + { + print "mysql ok", affected_rows; + } + +event mysql_eof(c: connection, is_intermediate: bool) + { + print "mysql eof", is_intermediate; + } + +event mysql_result_row(c: connection, row: string_vec) + { + print "mysql result row", row; + } + +event mysql_error(c: connection, code: count, msg: string) + { + print "mysql error", code, msg; + } + +event mysql_command_request(c: connection, command: count, arg: string) + { + print "mysql request", command, arg; + } + +event mysql_handshake(c: connection, username: string) + { + print "mysql handshake", username; + } diff --git a/testing/btest/scripts/base/protocols/mysql/query-attr.test b/testing/btest/scripts/base/protocols/mysql/query-attr.test new file mode 100644 index 0000000000..d827ea97c0 --- /dev/null +++ b/testing/btest/scripts/base/protocols/mysql/query-attr.test @@ -0,0 +1,35 @@ +# @TEST-EXEC: zeek -b -C -r $TRACES/mysql/query-attr.pcapng %INPUT >out +# @TEST-EXEC: btest-diff out +# @TEST-EXEC: btest-diff mysql.log + +@load base/protocols/mysql + +event mysql_ok(c: connection, affected_rows: count) + { + print "mysql ok", affected_rows; + } + +event mysql_eof(c: connection, is_intermediate: bool) + { + print "mysql eof", is_intermediate; + } + +event mysql_result_row(c: connection, row: string_vec) + { + print "mysql result row", row; + } + +event mysql_error(c: connection, code: count, msg: string) + { + print "mysql error", code, msg; + } + +event mysql_command_request(c: connection, command: count, arg: string) + { + print "mysql request", command, arg; + } + +event mysql_handshake(c: connection, username: string) + { + print "mysql handshake", username; + }