1,建立MySql連接
a) 服務端往客戶端發送握手初始化包(Handshake Initialization Packet)
b) 客戶端往服務端發送驗證包(Client Authentication Packet)
c) 服務端往客戶端發送成功包
2,校驗方法
在 a) 服務端往客戶端發送握手初始化包(Handshake Initialization Packet),會攜帶客戶端應該使用的authentication method.
每個用戶使用什麼樣的校驗方法是確定的,在mysql.user表中:Method used for authentication is tied to the user account and stored in the plugin column of mysql.user table.
mysql> select * from mysql.user where user = 'vddl' limit 10 \G;
*************************** 1. row ***************************
Host: localhost
User: vddl
Password: *57B4F32D94FF1EC6EC480F8F437B795BEE4A994F
Select_priv: Y
Insert_priv: Y
Update_priv: Y
Delete_priv: Y
Create_priv: Y
Drop_priv: Y
Reload_priv: N
Shutdown_priv: N
Process_priv: N
File_priv: N
Grant_priv: N
References_priv: Y
Index_priv: Y
Alter_priv: Y
Show_db_priv: N
Super_priv: N
Create_tmp_table_priv: N
Lock_tables_priv: N
Execute_priv: N
Repl_slave_priv: N
Repl_client_priv: N
Create_view_priv: N
Show_view_priv: N
Create_routine_priv: N
Alter_routine_priv: N
Create_user_priv: N
Event_priv: N
Trigger_priv: Y
Create_tablespace_priv: N
ssl_type:
ssl_cipher:
x509_issuer:
x509_subject:
max_questions: 0
max_updates: 0
max_connections: 0
max_user_connections: 0
plugin: mysql_native_password
authentication_string:
password_expired: N
其中,plugin: mysql_native_password字段指定了應該使用什麼校驗方法。
抓包工具也可以看到
0000 02 00 00 00 45 00 00 86 59 22 40 00 40 06 00 00 ....E...Y"@.@...
0010 7f 00 00 01 7f 00 00 01 0c ea f0 fe b7 3c 39 4c .............<9L
0020 2e ac 31 1f 80 18 31 d7 fe 7a 00 00 01 01 08 0a ..1...1..z......
0030 13 0f 4c 2f 13 0f 4c 2f 4e 00 00 00 0a 35 2e 36 ..L/..L/N....5.6
0040 2e 32 34 2d 6c 6f 67 00 03 00 00 00 2c 48 64 43 .24-log.....,HdC
0050 5e 33 22 4d 00 ff f7 08 02 00 7f 80 15 00 00 00 ^3"M............
0060 00 00 00 00 00 00 00 41 3a 42 7b 65 68 5d 75 57 .......A:B{eh]uW
0070 32 34 4f 00 6d 79 73 71 6c 5f 6e 61 74 69 76 65 24O.mysql_native
0080 5f 70 61 73 73 77 6f 72 64 00 _password.最後,也會有mysql_native_password.
具體協議格式:
https://dev.mysql.com/doc/internals/en/connection-phase-packets.html#packet-Protocol::HandshakeV10
3,客戶端上傳用戶名、密碼、當前數據庫
參考:http://www.jianshu.com/p/651fb39c0a51
4,超時時間
建立mysql連接時,有個超時時間的概念。
mysql> show variables like '%timeout%';
+-----------------------------+----------+
| Variable_name | Value |
+-----------------------------+----------+
| connect_timeout | 10 |connect_time 表明mysql握手連接協議中,校驗超時時間。默認是10秒;
通過telnet我們可以進行模擬:
首先我們使用telnet 127.0.0.1 3306命令進行建立tcp連接
yangyamin:~ yangyamin$ telnet 127.0.0.1 3306
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
N
5.6.24-loam!Y~/k�&o}I4d~m({Uwmysql_native_password
Connection closed by foreign host.
yangyamin:~ yangyamin$客戶端telnet不發送命令的話,我們發現連接會自動斷開。
其中NO14標示的是mysql服務器的Handshake Initialization Packet。而NO18比NO17的時間延遲正好是10秒,即connect_time。
5,連接過程中的狀態
mysql連接握手協議第二步驟:b) 客戶端往服務端發送驗證包(Client Authentication Packet)
在此之前,連接狀態爲 unauthenticated user。
mysql> show processlist;
+----+----------------------+-----------------+------+---------+------+------------------+------------------+
| Id | User | Host | db | Command | Time | State | Info |
+----+----------------------+-----------------+------+---------+------+------------------+------------------+
| 5 | root | localhost | NULL | Query | 0 | init | show processlist |
| 9 | unauthenticated user | localhost:65322 | NULL | Connect | NULL | Reading from net | NULL |
+----+----------------------+-----------------+------+---------+------+------------------+------------------+
2 rows in set (0.00 sec)
