From 4f06e67ad2201390ed35a9ea6288a00c0b04782b Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Tue, 20 Nov 2018 20:54:24 +0100 Subject: [PATCH] Re-commit MySQL 8 cached SHA auth support With changes to (hopefully) correctly fall back if OpenSSL support is missing. Furthermore the hard-coded dependency on ext/hash is no longer an issue, as this extension is required in master. This reverts commit 63072e9c0ebbb676cd39d0f867d873737c676add, reversing changes made to 4cbabb6852d2a7d966fb78a53d9d4c1cac18f10b. --- ext/mysqlnd/mysqlnd_auth.c | 283 ++++++++++++++++++++++++++++- ext/mysqlnd/mysqlnd_auth.h | 23 +-- ext/mysqlnd/mysqlnd_connection.c | 4 + ext/mysqlnd/mysqlnd_enum_n_def.h | 1 + ext/mysqlnd/mysqlnd_structs.h | 10 + ext/mysqlnd/mysqlnd_wireprotocol.c | 90 ++++++++- ext/mysqlnd/mysqlnd_wireprotocol.h | 10 + 7 files changed, 392 insertions(+), 29 deletions(-) diff --git a/ext/mysqlnd/mysqlnd_auth.c b/ext/mysqlnd/mysqlnd_auth.c index e56ea2038081..fa04e1b83105 100644 --- a/ext/mysqlnd/mysqlnd_auth.c +++ b/ext/mysqlnd/mysqlnd_auth.c @@ -89,6 +89,7 @@ mysqlnd_run_authentication( } } + { zend_uchar * switch_to_auth_protocol_data = NULL; size_t switch_to_auth_protocol_data_len = 0; @@ -113,10 +114,11 @@ mysqlnd_run_authentication( DBG_INF_FMT("salt(%d)=[%.*s]", plugin_data_len, plugin_data_len, plugin_data); /* The data should be allocated with malloc() */ if (auth_plugin) { - scrambled_data = - auth_plugin->methods.get_auth_data(NULL, &scrambled_data_len, conn, user, passwd, passwd_len, - plugin_data, plugin_data_len, session_options, - conn->protocol_frame_codec->data, mysql_flags); + scrambled_data = auth_plugin->methods.get_auth_data( + NULL, &scrambled_data_len, conn, user, passwd, + passwd_len, plugin_data, plugin_data_len, + session_options, conn->protocol_frame_codec->data, + mysql_flags); } if (conn->error_info->error_no) { @@ -127,6 +129,7 @@ mysqlnd_run_authentication( charset_no, first_call, requested_protocol, + auth_plugin, plugin_data, plugin_data_len, scrambled_data, scrambled_data_len, &switch_to_auth_protocol, &switch_to_auth_protocol_len, &switch_to_auth_protocol_data, &switch_to_auth_protocol_data_len @@ -244,6 +247,9 @@ mysqlnd_auth_handshake(MYSQLND_CONN_DATA * conn, unsigned int server_charset_no, zend_bool use_full_blown_auth_packet, const char * const auth_protocol, + struct st_mysqlnd_authentication_plugin * auth_plugin, + const zend_uchar * const orig_auth_plugin_data, + const size_t orig_auth_plugin_data_len, const zend_uchar * const auth_plugin_data, const size_t auth_plugin_data_len, char ** switch_to_auth_protocol, @@ -313,6 +319,11 @@ mysqlnd_auth_handshake(MYSQLND_CONN_DATA * conn, PACKET_FREE(&auth_packet); } + if (auth_plugin && auth_plugin->methods.handle_server_response) { + auth_plugin->methods.handle_server_response(auth_plugin, conn, + orig_auth_plugin_data, orig_auth_plugin_data_len, passwd, passwd_len); + } + if (FAIL == PACKET_READ(conn, &auth_resp_packet) || auth_resp_packet.response_code >= 0xFE) { if (auth_resp_packet.response_code == 0xFE) { /* old authentication with new server !*/ @@ -596,7 +607,8 @@ static struct st_mysqlnd_authentication_plugin mysqlnd_native_auth_plugin = } }, {/* methods */ - mysqlnd_native_auth_get_auth_data + mysqlnd_native_auth_get_auth_data, + NULL } }; @@ -645,7 +657,8 @@ static struct st_mysqlnd_authentication_plugin mysqlnd_pam_authentication_plugin } }, {/* methods */ - mysqlnd_pam_auth_get_auth_data + mysqlnd_pam_auth_get_auth_data, + NULL } }; @@ -820,11 +833,266 @@ static struct st_mysqlnd_authentication_plugin mysqlnd_sha256_authentication_plu } }, {/* methods */ - mysqlnd_sha256_auth_get_auth_data + mysqlnd_sha256_auth_get_auth_data, + NULL + } +}; +#endif + +/*************************************** CACHING SHA2 Password *******************************/ +#ifdef MYSQLND_HAVE_SSL + +#undef L64 + +#include "ext/hash/php_hash.h" +#include "ext/hash/php_hash_sha.h" + +#define SHA256_LENGTH 32 + +/* {{{ php_mysqlnd_scramble_sha2 */ +void php_mysqlnd_scramble_sha2(zend_uchar * const buffer, const zend_uchar * const scramble, const zend_uchar * const password, const size_t password_len) +{ + PHP_SHA256_CTX context; + zend_uchar sha1[SHA256_LENGTH]; + zend_uchar sha2[SHA256_LENGTH]; + + /* Phase 1: hash password */ + PHP_SHA256Init(&context); + PHP_SHA256Update(&context, password, password_len); + PHP_SHA256Final(sha1, &context); + + /* Phase 2: hash sha1 */ + PHP_SHA256Init(&context); + PHP_SHA256Update(&context, (zend_uchar*)sha1, SHA256_LENGTH); + PHP_SHA256Final(sha2, &context); + + /* Phase 3: hash scramble + sha2 */ + PHP_SHA256Init(&context); + PHP_SHA256Update(&context, (zend_uchar*)sha2, SHA256_LENGTH); + PHP_SHA256Update(&context, scramble, SCRAMBLE_LENGTH); + PHP_SHA256Final(buffer, &context); + + /* let's crypt buffer now */ + php_mysqlnd_crypt(buffer, (const zend_uchar *)sha1, (const zend_uchar *)buffer, SHA256_LENGTH); +} +/* }}} */ + + +/* {{{ mysqlnd_native_auth_get_auth_data */ +static zend_uchar * +mysqlnd_caching_sha2_get_auth_data(struct st_mysqlnd_authentication_plugin * self, + size_t * auth_data_len, + MYSQLND_CONN_DATA * conn, const char * const user, const char * const passwd, + const size_t passwd_len, zend_uchar * auth_plugin_data, size_t auth_plugin_data_len, + const MYSQLND_SESSION_OPTIONS * const session_options, + const MYSQLND_PFC_DATA * const pfc_data, + zend_ulong mysql_flags + ) +{ + zend_uchar * ret = NULL; + DBG_ENTER("mysqlnd_caching_sha2_get_auth_data"); + DBG_INF_FMT("salt(%d)=[%.*s]", auth_plugin_data_len, auth_plugin_data_len, auth_plugin_data); + *auth_data_len = 0; + + DBG_INF("First auth step: send hashed password"); + /* copy scrambled pass*/ + if (passwd && passwd_len) { + ret = malloc(SHA256_LENGTH + 1); + *auth_data_len = SHA256_LENGTH; + php_mysqlnd_scramble_sha2((zend_uchar*)ret, auth_plugin_data, (zend_uchar*)passwd, passwd_len); + ret[SHA256_LENGTH] = '\0'; + DBG_INF_FMT("hash(%d)=[%.*s]", *auth_data_len, *auth_data_len, ret); + } + + DBG_RETURN(ret); +} +/* }}} */ + +static RSA * +mysqlnd_caching_sha2_get_key(MYSQLND_CONN_DATA *conn) +{ + RSA * ret = NULL; + const MYSQLND_PFC_DATA * const pfc_data = conn->protocol_frame_codec->data; + const char * fname = (pfc_data->sha256_server_public_key && pfc_data->sha256_server_public_key[0] != '\0')? + pfc_data->sha256_server_public_key: + MYSQLND_G(sha256_server_public_key); + php_stream * stream; + DBG_ENTER("mysqlnd_cached_sha2_get_key"); + DBG_INF_FMT("options_s256_pk=[%s] MYSQLND_G(sha256_server_public_key)=[%s]", + pfc_data->sha256_server_public_key? pfc_data->sha256_server_public_key:"n/a", + MYSQLND_G(sha256_server_public_key)? MYSQLND_G(sha256_server_public_key):"n/a"); + if (!fname || fname[0] == '\0') { + MYSQLND_PACKET_CACHED_SHA2_RESULT req_packet; + MYSQLND_PACKET_SHA256_PK_REQUEST_RESPONSE pk_resp_packet; + + do { + DBG_INF("requesting the public key from the server"); + conn->payload_decoder_factory->m.init_cached_sha2_result_packet(&req_packet); + conn->payload_decoder_factory->m.init_sha256_pk_request_response_packet(&pk_resp_packet); + req_packet.request = 1; + + if (! PACKET_WRITE(conn, &req_packet)) { + DBG_ERR_FMT("Error while sending public key request packet"); + php_error(E_WARNING, "Error while sending public key request packet. PID=%d", getpid()); + SET_CONNECTION_STATE(&conn->state, CONN_QUIT_SENT); + break; + } + if (FAIL == PACKET_READ(conn, &pk_resp_packet) || NULL == pk_resp_packet.public_key) { + DBG_ERR_FMT("Error while receiving public key"); + php_error(E_WARNING, "Error while receiving public key. PID=%d", getpid()); + SET_CONNECTION_STATE(&conn->state, CONN_QUIT_SENT); + break; + } + DBG_INF_FMT("Public key(%d):\n%s", pk_resp_packet.public_key_len, pk_resp_packet.public_key); + /* now extract the public key */ + { + BIO * bio = BIO_new_mem_buf(pk_resp_packet.public_key, pk_resp_packet.public_key_len); + ret = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL); + BIO_free(bio); + } + } while (0); + PACKET_FREE(&req_packet); + PACKET_FREE(&pk_resp_packet); + + DBG_INF_FMT("ret=%p", ret); + DBG_RETURN(ret); + + SET_CLIENT_ERROR(conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, + "caching_sha2_server_public_key is not set for the connection or as mysqlnd.sha256_server_public_key"); + DBG_ERR("server_public_key is not set"); + DBG_RETURN(NULL); + } else { + zend_string * key_str; + DBG_INF_FMT("Key in a file. [%s]", fname); + stream = php_stream_open_wrapper((char *) fname, "rb", REPORT_ERRORS, NULL); + + if (stream) { + if ((key_str = php_stream_copy_to_mem(stream, PHP_STREAM_COPY_ALL, 0)) != NULL) { + BIO * bio = BIO_new_mem_buf(ZSTR_VAL(key_str), ZSTR_LEN(key_str)); + ret = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL); + BIO_free(bio); + DBG_INF("Successfully loaded"); + DBG_INF_FMT("Public key:%*.s", ZSTR_LEN(key_str), ZSTR_VAL(key_str)); + zend_string_release(key_str); + } + php_stream_close(stream); + } + } + DBG_RETURN(ret); + +} + + +/* {{{ mysqlnd_caching_sha2_get_key */ +static size_t +mysqlnd_caching_sha2_get_and_use_key(MYSQLND_CONN_DATA *conn, + const zend_uchar * auth_plugin_data, size_t auth_plugin_data_len, + unsigned char **crypted, + const char * const passwd, + const size_t passwd_len) +{ + static RSA *server_public_key; + server_public_key = mysqlnd_caching_sha2_get_key(conn); + + DBG_ENTER("mysqlnd_caching_sha2_get_and_use_key("); + + if (server_public_key) { + int server_public_key_len; + char xor_str[passwd_len + 1]; + memcpy(xor_str, passwd, passwd_len); + xor_str[passwd_len] = '\0'; + mysqlnd_xor_string(xor_str, passwd_len, (char *) auth_plugin_data, auth_plugin_data_len); + + server_public_key_len = RSA_size(server_public_key); + /* + Because RSA_PKCS1_OAEP_PADDING is used there is a restriction on the passwd_len. + RSA_PKCS1_OAEP_PADDING is recommended for new applications. See more here: + http://www.openssl.org/docs/crypto/RSA_public_encrypt.html + */ + if ((size_t) server_public_key_len - 41 <= passwd_len) { + /* password message is to long */ + SET_CLIENT_ERROR(conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, "password is too long"); + DBG_ERR("password is too long"); + DBG_RETURN(0); + } + + *crypted = emalloc(server_public_key_len); + RSA_public_encrypt(passwd_len + 1, (zend_uchar *) xor_str, *crypted, server_public_key, RSA_PKCS1_OAEP_PADDING); + DBG_RETURN(server_public_key_len); + } + DBG_RETURN(0); +} +/* }}} */ + +/* {{{ mysqlnd_native_auth_get_auth_data */ +static void +mysqlnd_caching_sha2_handle_server_response(struct st_mysqlnd_authentication_plugin *self, + MYSQLND_CONN_DATA * conn, + const zend_uchar * auth_plugin_data, size_t auth_plugin_data_len, + const char * const passwd, + const size_t passwd_len) +{ + DBG_ENTER("mysqlnd_caching_sha2_handle_server_response"); + MYSQLND_PACKET_CACHED_SHA2_RESULT result_packet; + conn->payload_decoder_factory->m.init_cached_sha2_result_packet(&result_packet); + + if (FAIL == PACKET_READ(conn, &result_packet)) { + DBG_VOID_RETURN; + } + + switch (result_packet.response_code) { + case 3: + DBG_INF("fast path succeeded"); + DBG_VOID_RETURN; + case 4: + if (conn->vio->data->ssl || conn->unix_socket.s) { + DBG_INF("fast path failed, doing full auth via SSL"); + result_packet.password = (zend_uchar *)passwd; + result_packet.password_len = passwd_len + 1; + PACKET_WRITE(conn, &result_packet); + } else { + DBG_INF("fast path failed, doing full auth without SSL"); + result_packet.password_len = mysqlnd_caching_sha2_get_and_use_key(conn, auth_plugin_data, auth_plugin_data_len, &result_packet.password, passwd, passwd_len); + PACKET_WRITE(conn, &result_packet); + efree(result_packet.password); + } + DBG_VOID_RETURN; + case 2: + // The server tried to send a key, which we didn't expect + // fall-through + default: + php_error_docref(NULL, E_WARNING, "Unexpected server respose while doing caching_sha2 auth: %i", result_packet.response_code); + } + + DBG_VOID_RETURN; +} +/* }}} */ + +static struct st_mysqlnd_authentication_plugin mysqlnd_caching_sha2_auth_plugin = +{ + { + MYSQLND_PLUGIN_API_VERSION, + "auth_plugin_caching_sha2_password", + MYSQLND_VERSION_ID, + PHP_MYSQLND_VERSION, + "PHP License 3.01", + "Johannes Schlüter ", + { + NULL, /* no statistics , will be filled later if there are some */ + NULL, /* no statistics */ + }, + { + NULL /* plugin shutdown */ + } + }, + {/* methods */ + mysqlnd_caching_sha2_get_auth_data, + mysqlnd_caching_sha2_handle_server_response } }; #endif + /* {{{ mysqlnd_register_builtin_authentication_plugins */ void mysqlnd_register_builtin_authentication_plugins(void) @@ -832,6 +1100,7 @@ mysqlnd_register_builtin_authentication_plugins(void) mysqlnd_plugin_register_ex((struct st_mysqlnd_plugin_header *) &mysqlnd_native_auth_plugin); mysqlnd_plugin_register_ex((struct st_mysqlnd_plugin_header *) &mysqlnd_pam_authentication_plugin); #ifdef MYSQLND_HAVE_SSL + mysqlnd_plugin_register_ex((struct st_mysqlnd_plugin_header *) &mysqlnd_caching_sha2_auth_plugin); mysqlnd_plugin_register_ex((struct st_mysqlnd_plugin_header *) &mysqlnd_sha256_authentication_plugin); #endif } diff --git a/ext/mysqlnd/mysqlnd_auth.h b/ext/mysqlnd/mysqlnd_auth.h index 8fc369abca43..3ddb5a5f70fe 100644 --- a/ext/mysqlnd/mysqlnd_auth.h +++ b/ext/mysqlnd/mysqlnd_auth.h @@ -31,26 +31,9 @@ mysqlnd_auth_handshake(MYSQLND_CONN_DATA * conn, unsigned int server_charset_no, zend_bool use_full_blown_auth_packet, const char * const auth_protocol, - const zend_uchar * const auth_plugin_data, - const size_t auth_plugin_data_len, - char ** switch_to_auth_protocol, - size_t * switch_to_auth_protocol_len, - zend_uchar ** switch_to_auth_protocol_data, - size_t * switch_to_auth_protocol_data_len - ); - -enum_func_status -mysqlnd_auth_handshake(MYSQLND_CONN_DATA * conn, - const char * const user, - const char * const passwd, - const size_t passwd_len, - const char * const db, - const size_t db_len, - const MYSQLND_SESSION_OPTIONS * const session_options, - zend_ulong mysql_flags, - unsigned int server_charset_no, - zend_bool use_full_blown_auth_packet, - const char * const auth_protocol, + struct st_mysqlnd_authentication_plugin * auth_plugin, + const zend_uchar * const orig_auth_plugin_data, + const size_t orig_auth_plugin_data_len, const zend_uchar * const auth_plugin_data, const size_t auth_plugin_data_len, char ** switch_to_auth_protocol, diff --git a/ext/mysqlnd/mysqlnd_connection.c b/ext/mysqlnd/mysqlnd_connection.c index 826b47d7173d..8745cc4edc82 100644 --- a/ext/mysqlnd/mysqlnd_connection.c +++ b/ext/mysqlnd/mysqlnd_connection.c @@ -666,9 +666,13 @@ MYSQLND_METHOD(mysqlnd_conn_data, connect)(MYSQLND_CONN_DATA * conn, { const MYSQLND_CSTRING scheme = { transport.s, transport.l }; + /* This will be overwritten below with a copy, but we can use it during authentication */ + conn->unix_socket.s = (char *)socket_or_pipe.s; if (FAIL == conn->m->connect_handshake(conn, &scheme, &username, &password, &database, mysql_flags)) { + conn->unix_socket.s = NULL; goto err; } + conn->unix_socket.s = NULL; } { diff --git a/ext/mysqlnd/mysqlnd_enum_n_def.h b/ext/mysqlnd/mysqlnd_enum_n_def.h index 7630a0a98885..21b84ce71f92 100644 --- a/ext/mysqlnd/mysqlnd_enum_n_def.h +++ b/ext/mysqlnd/mysqlnd_enum_n_def.h @@ -631,6 +631,7 @@ enum mysqlnd_packet_type PROT_CHG_USER_RESP_PACKET, PROT_SHA256_PK_REQUEST_PACKET, PROT_SHA256_PK_REQUEST_RESPONSE_PACKET, + PROT_CACHED_SHA2_RESULT_PACKET, PROT_LAST /* should always be last */ }; diff --git a/ext/mysqlnd/mysqlnd_structs.h b/ext/mysqlnd/mysqlnd_structs.h index a7c892b48d75..858b6620089c 100644 --- a/ext/mysqlnd/mysqlnd_structs.h +++ b/ext/mysqlnd/mysqlnd_structs.h @@ -963,6 +963,7 @@ struct st_mysqlnd_packet_chg_user_resp; struct st_mysqlnd_packet_auth_pam; struct st_mysqlnd_packet_sha256_pk_request; struct st_mysqlnd_packet_sha256_pk_request_response; +struct st_mysqlnd_packet_cached_sha2_result; typedef void (*func_mysqlnd_protocol_payload_decoder_factory__init_greet_packet)(struct st_mysqlnd_packet_greet *packet); typedef void (*func_mysqlnd_protocol_payload_decoder_factory__init_auth_packet)(struct st_mysqlnd_packet_auth *packet); @@ -979,6 +980,7 @@ typedef void (*func_mysqlnd_protocol_payload_decoder_factory__init_prepare_respo typedef void (*func_mysqlnd_protocol_payload_decoder_factory__init_change_user_response_packet)(struct st_mysqlnd_packet_chg_user_resp *packet); typedef void (*func_mysqlnd_protocol_payload_decoder_factory__init_sha256_pk_request_packet)(struct st_mysqlnd_packet_sha256_pk_request *packet); typedef void (*func_mysqlnd_protocol_payload_decoder_factory__init_sha256_pk_request_response_packet)(struct st_mysqlnd_packet_sha256_pk_request_response *packet); +typedef void (*func_mysqlnd_protocol_payload_decoder_factory__init_cached_sha2_result_packet)(struct st_mysqlnd_packet_cached_sha2_result *packet); typedef enum_func_status (*func_mysqlnd_protocol_payload_decoder_factory__send_command)( MYSQLND_PROTOCOL_PAYLOAD_DECODER_FACTORY * payload_decoder_factory, @@ -1034,6 +1036,7 @@ MYSQLND_CLASS_METHODS_TYPE(mysqlnd_protocol_payload_decoder_factory) func_mysqlnd_protocol_payload_decoder_factory__init_change_user_response_packet init_change_user_response_packet; func_mysqlnd_protocol_payload_decoder_factory__init_sha256_pk_request_packet init_sha256_pk_request_packet; func_mysqlnd_protocol_payload_decoder_factory__init_sha256_pk_request_response_packet init_sha256_pk_request_response_packet; + func_mysqlnd_protocol_payload_decoder_factory__init_cached_sha2_result_packet init_cached_sha2_result_packet; func_mysqlnd_protocol_payload_decoder_factory__send_command send_command; func_mysqlnd_protocol_payload_decoder_factory__send_command_handle_response send_command_handle_response; @@ -1331,11 +1334,18 @@ typedef zend_uchar * (*func_auth_plugin__get_auth_data)(struct st_mysqlnd_authen const MYSQLND_PFC_DATA * const pfc_data, zend_ulong mysql_flags ); +typedef void (*func_auth_plugin__handle_server_response)(struct st_mysqlnd_authentication_plugin * self, + MYSQLND_CONN_DATA * conn, + const zend_uchar * auth_plugin_data, size_t auth_plugin_data_len, + const char * const passwd, + const size_t passwd_len); + struct st_mysqlnd_authentication_plugin { struct st_mysqlnd_plugin_header plugin_header; struct { func_auth_plugin__get_auth_data get_auth_data; + func_auth_plugin__handle_server_response handle_server_response; } methods; }; diff --git a/ext/mysqlnd/mysqlnd_wireprotocol.c b/ext/mysqlnd/mysqlnd_wireprotocol.c index 15b64d9f6de2..1b7f4a935e10 100644 --- a/ext/mysqlnd/mysqlnd_wireprotocol.c +++ b/ext/mysqlnd/mysqlnd_wireprotocol.c @@ -2123,6 +2123,75 @@ php_mysqlnd_sha256_pk_request_response_free_mem(void * _packet) } /* }}} */ +static +size_t php_mysqlnd_cached_sha2_result_write(MYSQLND_CONN_DATA * conn, void * _packet) +{ + MYSQLND_PACKET_CACHED_SHA2_RESULT * packet= (MYSQLND_PACKET_CACHED_SHA2_RESULT *) _packet; + MYSQLND_ERROR_INFO * error_info = conn->error_info; + MYSQLND_PFC * pfc = conn->protocol_frame_codec; + MYSQLND_VIO * vio = conn->vio; + MYSQLND_STATS * stats = conn->stats; +#if HAVE_COMPILER_C99_VLA + zend_uchar buffer[MYSQLND_HEADER_SIZE + packet->password_len + 1]; +#else + ALLOCA_FLAG(use_heap) + zend_uchar *buffer = do_alloca(MYSQLND_HEADER_SIZE + packet->password_len + 1, use_heap); +#endif + size_t sent; + + DBG_ENTER("php_mysqlnd_cached_sha2_result_write"); + + if (packet->request == 1) { + int1store(buffer + MYSQLND_HEADER_SIZE, '\2'); + sent = pfc->data->m.send(pfc, vio, buffer, 1, stats, error_info); + } else { + memcpy(buffer + MYSQLND_HEADER_SIZE, packet->password, packet->password_len); + sent = pfc->data->m.send(pfc, vio, buffer, packet->password_len, stats, error_info); + } + +#if !HAVE_COMPILER_C99_VLA + free_alloca(buffer, use_heap); +#endif + + DBG_RETURN(sent); +} + +static enum_func_status +php_mysqlnd_cached_sha2_result_read(MYSQLND_CONN_DATA * conn, void * _packet) +{ + MYSQLND_PACKET_CACHED_SHA2_RESULT * packet= (MYSQLND_PACKET_CACHED_SHA2_RESULT *) _packet; + MYSQLND_ERROR_INFO * error_info = conn->error_info; + MYSQLND_PFC * pfc = conn->protocol_frame_codec; + MYSQLND_VIO * vio = conn->vio; + MYSQLND_STATS * stats = conn->stats; + MYSQLND_CONNECTION_STATE * connection_state = &conn->state; + zend_uchar buf[SHA256_PK_REQUEST_RESP_BUFFER_SIZE]; + zend_uchar *p = buf; + const zend_uchar * const begin = buf; + + DBG_ENTER("php_mysqlnd_cached_sha2_result_read"); + if (FAIL == mysqlnd_read_packet_header_and_body(&(packet->header), pfc, vio, stats, error_info, connection_state, buf, sizeof(buf), "PROT_CACHED_SHA2_RESULT_PACKET", PROT_CACHED_SHA2_RESULT_PACKET)) { + DBG_RETURN(FAIL); + } + BAIL_IF_NO_MORE_DATA; + + p++; + packet->response_code = uint1korr(p); + BAIL_IF_NO_MORE_DATA; + + p++; + packet->result = uint1korr(p); + BAIL_IF_NO_MORE_DATA; + + DBG_RETURN(PASS); + +premature_end: + DBG_ERR_FMT("OK packet %d bytes shorter than expected", p - begin - packet->header.size); + php_error_docref(NULL, E_WARNING, "SHA256_PK_REQUEST_RESPONSE packet "MYSQLND_SZ_T_SPEC" bytes shorter than expected", + p - begin - packet->header.size); + DBG_RETURN(FAIL); +} + /* {{{ packet_methods */ static mysqlnd_packet_methods packet_methods[PROT_LAST] = @@ -2201,9 +2270,14 @@ mysqlnd_packet_methods packet_methods[PROT_LAST] = php_mysqlnd_sha256_pk_request_response_read, NULL, /* write */ php_mysqlnd_sha256_pk_request_response_free_mem, - } /* PROT_SHA256_PK_REQUEST_RESPONSE_PACKET */ + }, /* PROT_SHA256_PK_REQUEST_RESPONSE_PACKET */ + { + php_mysqlnd_cached_sha2_result_read, + php_mysqlnd_cached_sha2_result_write, + NULL + } /* PROT_CACHED_SHA2_RESULT_PACKET */ }; -/* }}} */ +/* }}} */ /* {{{ mysqlnd_protocol::init_greet_packet */ @@ -2385,6 +2459,17 @@ MYSQLND_METHOD(mysqlnd_protocol, init_sha256_pk_request_response_packet)(struct } /* }}} */ +/* {{{ mysqlnd_protocol::init_cached_sha2_result_packet */ +static void +MYSQLND_METHOD(mysqlnd_protocol, init_cached_sha2_result_packet)(struct st_mysqlnd_packet_cached_sha2_result *packet) +{ + DBG_ENTER("mysqlnd_protocol::init_cached_sha2_result_packet"); + memset(packet, 0, sizeof(*packet)); + packet->header.m = &packet_methods[PROT_CACHED_SHA2_RESULT_PACKET]; + DBG_VOID_RETURN; +} +/* }}} */ + /* {{{ mysqlnd_protocol::send_command */ static enum_func_status @@ -2603,6 +2688,7 @@ MYSQLND_CLASS_METHODS_START(mysqlnd_protocol_payload_decoder_factory) MYSQLND_METHOD(mysqlnd_protocol, init_change_user_response_packet), MYSQLND_METHOD(mysqlnd_protocol, init_sha256_pk_request_packet), MYSQLND_METHOD(mysqlnd_protocol, init_sha256_pk_request_response_packet), + MYSQLND_METHOD(mysqlnd_protocol, init_cached_sha2_result_packet), MYSQLND_METHOD(mysqlnd_protocol, send_command), MYSQLND_METHOD(mysqlnd_protocol, send_command_handle_response), diff --git a/ext/mysqlnd/mysqlnd_wireprotocol.h b/ext/mysqlnd/mysqlnd_wireprotocol.h index 6e531b0e5438..7dfb256eec41 100644 --- a/ext/mysqlnd/mysqlnd_wireprotocol.h +++ b/ext/mysqlnd/mysqlnd_wireprotocol.h @@ -281,6 +281,16 @@ typedef struct st_mysqlnd_packet_sha256_pk_request_response { size_t public_key_len; } MYSQLND_PACKET_SHA256_PK_REQUEST_RESPONSE; +typedef struct st_mysqlnd_packet_cached_sha2_result { + MYSQLND_PACKET_HEADER header; + uint8_t response_code; + uint8_t result; + uint8_t request; + zend_uchar * password; + size_t password_len; +} MYSQLND_PACKET_CACHED_SHA2_RESULT; + + zend_ulong php_mysqlnd_net_field_length(const zend_uchar **packet); zend_uchar * php_mysqlnd_net_store_length(zend_uchar *packet, const uint64_t length);