MySQL Client Hash Authentication Patch | The Database Hackers Handbook: Defending Database Servers

Previous chapters have alluded to the possibility of patching your MySQL command-line client to allow authentication using the password hash, rather than the password. This section describes how to apply a quick and dirty patch to the MySQL client source code to achieve this.

Note that following these directions will result in a MySQL client utility that can use only password hashes to authenticateyou won't be able to use the password!

These directions relate to the MySQL 4.0.x source tree, but should work with other, pre-4.1 versions. The client that ships with version 4.1 can be modified to allow this kind of authentication in a similar way, although the legacy and current authentication protocol code is split.

To apply the patch, in the file password.c in ibmysql, add the following function (save a backup of the file first!):

 void get_hash(ulong *result, const char *password) {    if( strlen( password ) != 16 )    return;    sscanf( password, "%08lx%08lx", &(result[0]), &(result[1]) );    return; }

Now alter the scramble function by commenting out the line

 hash_password(hash_pass,password);

Insert after the (now commented out) line

 get_hash(hash_pass,password);

The start of your scramble function should now look like this:

 char *scramble(char *to,const char *message,const char *password,              my_bool old_ver) {   struct rand_struct rand_st;   ulong hash_pass[2],hash_message[2];   if (password && password[0])   {     char *to_start=to; //    hash_password(hash_pass,password);       get_hash(hash_pass,password);       hash_password(hash_message,message);

When you recompile the mysql utility, you will be able to authenticate by using the password hash instead of the password. When you previously would connect like this (if you were connecting as root with the password, "password"):

 mysql -u root -ppassword

you can now connect like this:

 mysql -u root -p5d2e19393cc5ef67

(5d2e19393cc5ef67 is the mysql hash of password.)

Once you have your modified binary, save it as (say) mysqlh, and then comment out the get_hash call and uncomment hash_password, in order to put things back as they were.