tuend/DirectAdmin-1.62.4
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first update

Browse Source
This commit is contained in:
tuend-work
2025-11-12 20:19:03 +07:00
commit ca56c8cfa5
76 changed files with 10082 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

630
services/custombuild/patches/php_mysqlnd_sha2_auth.patch Normal file
View File

@@ -0,0 +1,630 @@
From 4f06e67ad2201390ed35a9ea6288a00c0b04782b Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Tue, 20 Nov 2018 20:54:24 +0100
Subject: [PATCH] Re-commit MySQL 8 cached SHA auth support
With changes to (hopefully) correctly fall back if OpenSSL support
is missing. Furthermore the hard-coded dependency on ext/hash is
no longer an issue, as this extension is required in master.
This reverts commit 63072e9c0ebbb676cd39d0f867d873737c676add, reversing
changes made to 4cbabb6852d2a7d966fb78a53d9d4c1cac18f10b.
---
ext/mysqlnd/mysqlnd_auth.c | 283 ++++++++++++++++++++++++++++-
ext/mysqlnd/mysqlnd_auth.h | 23 +--
ext/mysqlnd/mysqlnd_connection.c | 4 +
ext/mysqlnd/mysqlnd_enum_n_def.h | 1 +
ext/mysqlnd/mysqlnd_structs.h | 10 +
ext/mysqlnd/mysqlnd_wireprotocol.c | 90 ++++++++-
ext/mysqlnd/mysqlnd_wireprotocol.h | 10 +
7 files changed, 392 insertions(+), 29 deletions(-)
diff --git a/ext/mysqlnd/mysqlnd_auth.c b/ext/mysqlnd/mysqlnd_auth.c
index e56ea2038081..fa04e1b83105 100644
--- a/ext/mysqlnd/mysqlnd_auth.c
+++ b/ext/mysqlnd/mysqlnd_auth.c
@@ -89,6 +89,7 @@ mysqlnd_run_authentication(
}
}
+
{
zend_uchar * switch_to_auth_protocol_data = NULL;
size_t switch_to_auth_protocol_data_len = 0;
@@ -113,10 +114,11 @@ mysqlnd_run_authentication(
DBG_INF_FMT("salt(%d)=[%.*s]", plugin_data_len, plugin_data_len, plugin_data);
/* The data should be allocated with malloc() */
if (auth_plugin) {
- scrambled_data =
- auth_plugin->methods.get_auth_data(NULL, &scrambled_data_len, conn, user, passwd, passwd_len,
- plugin_data, plugin_data_len, session_options,
- conn->protocol_frame_codec->data, mysql_flags);
+ scrambled_data = auth_plugin->methods.get_auth_data(
+ NULL, &scrambled_data_len, conn, user, passwd,
+ passwd_len, plugin_data, plugin_data_len,
+ session_options, conn->protocol_frame_codec->data,
+ mysql_flags);
}
if (conn->error_info->error_no) {
@@ -127,6 +129,7 @@ mysqlnd_run_authentication(
charset_no,
first_call,
requested_protocol,
+ auth_plugin, plugin_data, plugin_data_len,
scrambled_data, scrambled_data_len,
&switch_to_auth_protocol, &switch_to_auth_protocol_len,
&switch_to_auth_protocol_data, &switch_to_auth_protocol_data_len
@@ -244,6 +247,9 @@ mysqlnd_auth_handshake(MYSQLND_CONN_DATA * conn,
unsigned int server_charset_no,
zend_bool use_full_blown_auth_packet,
const char * const auth_protocol,
+ struct st_mysqlnd_authentication_plugin * auth_plugin,
+ const zend_uchar * const orig_auth_plugin_data,
+ const size_t orig_auth_plugin_data_len,
const zend_uchar * const auth_plugin_data,
const size_t auth_plugin_data_len,
char ** switch_to_auth_protocol,
@@ -313,6 +319,11 @@ mysqlnd_auth_handshake(MYSQLND_CONN_DATA * conn,
PACKET_FREE(&auth_packet);
}
+ if (auth_plugin && auth_plugin->methods.handle_server_response) {
+ auth_plugin->methods.handle_server_response(auth_plugin, conn,
+ orig_auth_plugin_data, orig_auth_plugin_data_len, passwd, passwd_len);
+ }
+
if (FAIL == PACKET_READ(conn, &auth_resp_packet) || auth_resp_packet.response_code >= 0xFE) {
if (auth_resp_packet.response_code == 0xFE) {
/* old authentication with new server !*/
@@ -596,7 +607,8 @@ static struct st_mysqlnd_authentication_plugin mysqlnd_native_auth_plugin =
}
},
{/* methods */
- mysqlnd_native_auth_get_auth_data
+ mysqlnd_native_auth_get_auth_data,
+ NULL
}
};
@@ -645,7 +657,8 @@ static struct st_mysqlnd_authentication_plugin mysqlnd_pam_authentication_plugin
}
},
{/* methods */
- mysqlnd_pam_auth_get_auth_data
+ mysqlnd_pam_auth_get_auth_data,
+ NULL
}
};
@@ -820,11 +833,266 @@ static struct st_mysqlnd_authentication_plugin mysqlnd_sha256_authentication_plu
}
},
{/* methods */
- mysqlnd_sha256_auth_get_auth_data
+ mysqlnd_sha256_auth_get_auth_data,
+ NULL
+ }
+};
+#endif
+
+/*************************************** CACHING SHA2 Password *******************************/
+#ifdef MYSQLND_HAVE_SSL
+
+#undef L64
+
+#include "ext/hash/php_hash.h"
+#include "ext/hash/php_hash_sha.h"
+
+#define SHA256_LENGTH 32
+
+/* {{{ php_mysqlnd_scramble_sha2 */
+void php_mysqlnd_scramble_sha2(zend_uchar * const buffer, const zend_uchar * const scramble, const zend_uchar * const password, const size_t password_len)
+{
+ PHP_SHA256_CTX context;
+ zend_uchar sha1[SHA256_LENGTH];
+ zend_uchar sha2[SHA256_LENGTH];
+
+ /* Phase 1: hash password */
+ PHP_SHA256Init(&context);
+ PHP_SHA256Update(&context, password, password_len);
+ PHP_SHA256Final(sha1, &context);
+
+ /* Phase 2: hash sha1 */
+ PHP_SHA256Init(&context);
+ PHP_SHA256Update(&context, (zend_uchar*)sha1, SHA256_LENGTH);
+ PHP_SHA256Final(sha2, &context);
+
+ /* Phase 3: hash scramble + sha2 */
+ PHP_SHA256Init(&context);
+ PHP_SHA256Update(&context, (zend_uchar*)sha2, SHA256_LENGTH);
+ PHP_SHA256Update(&context, scramble, SCRAMBLE_LENGTH);
+ PHP_SHA256Final(buffer, &context);
+
+ /* let's crypt buffer now */
+ php_mysqlnd_crypt(buffer, (const zend_uchar *)sha1, (const zend_uchar *)buffer, SHA256_LENGTH);
+}
+/* }}} */
+
+
+/* {{{ mysqlnd_native_auth_get_auth_data */
+static zend_uchar *
+mysqlnd_caching_sha2_get_auth_data(struct st_mysqlnd_authentication_plugin * self,
+ size_t * auth_data_len,
+ MYSQLND_CONN_DATA * conn, const char * const user, const char * const passwd,
+ const size_t passwd_len, zend_uchar * auth_plugin_data, size_t auth_plugin_data_len,
+ const MYSQLND_SESSION_OPTIONS * const session_options,
+ const MYSQLND_PFC_DATA * const pfc_data,
+ zend_ulong mysql_flags
+ )
+{
+ zend_uchar * ret = NULL;
+ DBG_ENTER("mysqlnd_caching_sha2_get_auth_data");
+ DBG_INF_FMT("salt(%d)=[%.*s]", auth_plugin_data_len, auth_plugin_data_len, auth_plugin_data);
+ *auth_data_len = 0;
+
+ DBG_INF("First auth step: send hashed password");
+ /* copy scrambled pass*/
+ if (passwd && passwd_len) {
+ ret = malloc(SHA256_LENGTH + 1);
+ *auth_data_len = SHA256_LENGTH;
+ php_mysqlnd_scramble_sha2((zend_uchar*)ret, auth_plugin_data, (zend_uchar*)passwd, passwd_len);
+ ret[SHA256_LENGTH] = '\0';
+ DBG_INF_FMT("hash(%d)=[%.*s]", *auth_data_len, *auth_data_len, ret);
+ }
+
+ DBG_RETURN(ret);
+}
+/* }}} */
+
+static RSA *
+mysqlnd_caching_sha2_get_key(MYSQLND_CONN_DATA *conn)
+{
+ RSA * ret = NULL;
+ const MYSQLND_PFC_DATA * const pfc_data = conn->protocol_frame_codec->data;
+ const char * fname = (pfc_data->sha256_server_public_key && pfc_data->sha256_server_public_key[0] != '\0')?
+ pfc_data->sha256_server_public_key:
+ MYSQLND_G(sha256_server_public_key);
+ php_stream * stream;
+ DBG_ENTER("mysqlnd_cached_sha2_get_key");
+ DBG_INF_FMT("options_s256_pk=[%s] MYSQLND_G(sha256_server_public_key)=[%s]",
+ pfc_data->sha256_server_public_key? pfc_data->sha256_server_public_key:"n/a",
+ MYSQLND_G(sha256_server_public_key)? MYSQLND_G(sha256_server_public_key):"n/a");
+ if (!fname || fname[0] == '\0') {
+ MYSQLND_PACKET_CACHED_SHA2_RESULT req_packet;
+ MYSQLND_PACKET_SHA256_PK_REQUEST_RESPONSE pk_resp_packet;
+
+ do {
+ DBG_INF("requesting the public key from the server");
+ conn->payload_decoder_factory->m.init_cached_sha2_result_packet(&req_packet);
+ conn->payload_decoder_factory->m.init_sha256_pk_request_response_packet(&pk_resp_packet);
+ req_packet.request = 1;
+
+ if (! PACKET_WRITE(conn, &req_packet)) {
+ DBG_ERR_FMT("Error while sending public key request packet");
+ php_error(E_WARNING, "Error while sending public key request packet. PID=%d", getpid());
+ SET_CONNECTION_STATE(&conn->state, CONN_QUIT_SENT);
+ break;
+ }
+ if (FAIL == PACKET_READ(conn, &pk_resp_packet) || NULL == pk_resp_packet.public_key) {
+ DBG_ERR_FMT("Error while receiving public key");
+ php_error(E_WARNING, "Error while receiving public key. PID=%d", getpid());
+ SET_CONNECTION_STATE(&conn->state, CONN_QUIT_SENT);
+ break;
+ }
+ DBG_INF_FMT("Public key(%d):\n%s", pk_resp_packet.public_key_len, pk_resp_packet.public_key);
+ /* now extract the public key */
+ {
+ BIO * bio = BIO_new_mem_buf(pk_resp_packet.public_key, pk_resp_packet.public_key_len);
+ ret = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL);
+ BIO_free(bio);
+ }
+ } while (0);
+ PACKET_FREE(&req_packet);
+ PACKET_FREE(&pk_resp_packet);
+
+ DBG_INF_FMT("ret=%p", ret);
+ DBG_RETURN(ret);
+
+ SET_CLIENT_ERROR(conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE,
+ "caching_sha2_server_public_key is not set for the connection or as mysqlnd.sha256_server_public_key");
+ DBG_ERR("server_public_key is not set");
+ DBG_RETURN(NULL);
+ } else {
+ zend_string * key_str;
+ DBG_INF_FMT("Key in a file. [%s]", fname);
+ stream = php_stream_open_wrapper((char *) fname, "rb", REPORT_ERRORS, NULL);
+
+ if (stream) {
+ if ((key_str = php_stream_copy_to_mem(stream, PHP_STREAM_COPY_ALL, 0)) != NULL) {
+ BIO * bio = BIO_new_mem_buf(ZSTR_VAL(key_str), ZSTR_LEN(key_str));
+ ret = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL);
+ BIO_free(bio);
+ DBG_INF("Successfully loaded");
+ DBG_INF_FMT("Public key:%*.s", ZSTR_LEN(key_str), ZSTR_VAL(key_str));
+ zend_string_release(key_str);
+ }
+ php_stream_close(stream);
+ }
+ }
+ DBG_RETURN(ret);
+
+}
+
+
+/* {{{ mysqlnd_caching_sha2_get_key */
+static size_t
+mysqlnd_caching_sha2_get_and_use_key(MYSQLND_CONN_DATA *conn,
+ const zend_uchar * auth_plugin_data, size_t auth_plugin_data_len,
+ unsigned char **crypted,
+ const char * const passwd,
+ const size_t passwd_len)
+{
+ static RSA *server_public_key;
+ server_public_key = mysqlnd_caching_sha2_get_key(conn);
+
+ DBG_ENTER("mysqlnd_caching_sha2_get_and_use_key(");
+
+ if (server_public_key) {
+ int server_public_key_len;
+ char xor_str[passwd_len + 1];
+ memcpy(xor_str, passwd, passwd_len);
+ xor_str[passwd_len] = '\0';
+ mysqlnd_xor_string(xor_str, passwd_len, (char *) auth_plugin_data, auth_plugin_data_len);
+
+ server_public_key_len = RSA_size(server_public_key);
+ /*
+ Because RSA_PKCS1_OAEP_PADDING is used there is a restriction on the passwd_len.
+ RSA_PKCS1_OAEP_PADDING is recommended for new applications. See more here:
+ http://www.openssl.org/docs/crypto/RSA_public_encrypt.html
+ */
+ if ((size_t) server_public_key_len - 41 <= passwd_len) {
+ /* password message is to long */
+ SET_CLIENT_ERROR(conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, "password is too long");
+ DBG_ERR("password is too long");
+ DBG_RETURN(0);
+ }
+
+ *crypted = emalloc(server_public_key_len);
+ RSA_public_encrypt(passwd_len + 1, (zend_uchar *) xor_str, *crypted, server_public_key, RSA_PKCS1_OAEP_PADDING);
+ DBG_RETURN(server_public_key_len);
+ }
+ DBG_RETURN(0);
+}
+/* }}} */
+
+/* {{{ mysqlnd_native_auth_get_auth_data */
+static void
+mysqlnd_caching_sha2_handle_server_response(struct st_mysqlnd_authentication_plugin *self,
+ MYSQLND_CONN_DATA * conn,
+ const zend_uchar * auth_plugin_data, size_t auth_plugin_data_len,
+ const char * const passwd,
+ const size_t passwd_len)
+{
+ DBG_ENTER("mysqlnd_caching_sha2_handle_server_response");
+ MYSQLND_PACKET_CACHED_SHA2_RESULT result_packet;
+ conn->payload_decoder_factory->m.init_cached_sha2_result_packet(&result_packet);
+
+ if (FAIL == PACKET_READ(conn, &result_packet)) {
+ DBG_VOID_RETURN;
+ }
+
+ switch (result_packet.response_code) {
+ case 3:
+ DBG_INF("fast path succeeded");
+ DBG_VOID_RETURN;
+ case 4:
+ if (conn->vio->data->ssl || conn->unix_socket.s) {
+ DBG_INF("fast path failed, doing full auth via SSL");
+ result_packet.password = (zend_uchar *)passwd;
+ result_packet.password_len = passwd_len + 1;
+ PACKET_WRITE(conn, &result_packet);
+ } else {
+ DBG_INF("fast path failed, doing full auth without SSL");
+ result_packet.password_len = mysqlnd_caching_sha2_get_and_use_key(conn, auth_plugin_data, auth_plugin_data_len, &result_packet.password, passwd, passwd_len);
+ PACKET_WRITE(conn, &result_packet);
+ efree(result_packet.password);
+ }
+ DBG_VOID_RETURN;
+ case 2:
+ // The server tried to send a key, which we didn't expect
+ // fall-through
+ default:
+ php_error_docref(NULL, E_WARNING, "Unexpected server respose while doing caching_sha2 auth: %i", result_packet.response_code);
+ }
+
+ DBG_VOID_RETURN;
+}
+/* }}} */
+
+static struct st_mysqlnd_authentication_plugin mysqlnd_caching_sha2_auth_plugin =
+{
+ {
+ MYSQLND_PLUGIN_API_VERSION,
+ "auth_plugin_caching_sha2_password",
+ MYSQLND_VERSION_ID,
+ PHP_MYSQLND_VERSION,
+ "PHP License 3.01",
+ "Johannes Schlüter <johannes.schlueter@php.net>",
+ {
+ NULL, /* no statistics , will be filled later if there are some */
+ NULL, /* no statistics */
+ },
+ {
+ NULL /* plugin shutdown */
+ }
+ },
+ {/* methods */
+ mysqlnd_caching_sha2_get_auth_data,
+ mysqlnd_caching_sha2_handle_server_response
}
};
#endif
+
/* {{{ mysqlnd_register_builtin_authentication_plugins */
void
mysqlnd_register_builtin_authentication_plugins(void)
@@ -832,6 +1100,7 @@ mysqlnd_register_builtin_authentication_plugins(void)
mysqlnd_plugin_register_ex((struct st_mysqlnd_plugin_header *) &mysqlnd_native_auth_plugin);
mysqlnd_plugin_register_ex((struct st_mysqlnd_plugin_header *) &mysqlnd_pam_authentication_plugin);
#ifdef MYSQLND_HAVE_SSL
+ mysqlnd_plugin_register_ex((struct st_mysqlnd_plugin_header *) &mysqlnd_caching_sha2_auth_plugin);
mysqlnd_plugin_register_ex((struct st_mysqlnd_plugin_header *) &mysqlnd_sha256_authentication_plugin);
#endif
}
diff --git a/ext/mysqlnd/mysqlnd_auth.h b/ext/mysqlnd/mysqlnd_auth.h
index 8fc369abca43..3ddb5a5f70fe 100644
--- a/ext/mysqlnd/mysqlnd_auth.h
+++ b/ext/mysqlnd/mysqlnd_auth.h
@@ -31,26 +31,9 @@ mysqlnd_auth_handshake(MYSQLND_CONN_DATA * conn,
unsigned int server_charset_no,
zend_bool use_full_blown_auth_packet,
const char * const auth_protocol,
- const zend_uchar * const auth_plugin_data,
- const size_t auth_plugin_data_len,
- char ** switch_to_auth_protocol,
- size_t * switch_to_auth_protocol_len,
- zend_uchar ** switch_to_auth_protocol_data,
- size_t * switch_to_auth_protocol_data_len
- );
-
-enum_func_status
-mysqlnd_auth_handshake(MYSQLND_CONN_DATA * conn,
- const char * const user,
- const char * const passwd,
- const size_t passwd_len,
- const char * const db,
- const size_t db_len,
- const MYSQLND_SESSION_OPTIONS * const session_options,
- zend_ulong mysql_flags,
- unsigned int server_charset_no,
- zend_bool use_full_blown_auth_packet,
- const char * const auth_protocol,
+ struct st_mysqlnd_authentication_plugin * auth_plugin,
+ const zend_uchar * const orig_auth_plugin_data,
+ const size_t orig_auth_plugin_data_len,
const zend_uchar * const auth_plugin_data,
const size_t auth_plugin_data_len,
char ** switch_to_auth_protocol,
diff --git a/ext/mysqlnd/mysqlnd_connection.c b/ext/mysqlnd/mysqlnd_connection.c
index 826b47d7173d..8745cc4edc82 100644
--- a/ext/mysqlnd/mysqlnd_connection.c
+++ b/ext/mysqlnd/mysqlnd_connection.c
@@ -666,9 +666,13 @@ MYSQLND_METHOD(mysqlnd_conn_data, connect)(MYSQLND_CONN_DATA * conn,
{
const MYSQLND_CSTRING scheme = { transport.s, transport.l };
+ /* This will be overwritten below with a copy, but we can use it during authentication */
+ conn->unix_socket.s = (char *)socket_or_pipe.s;
if (FAIL == conn->m->connect_handshake(conn, &scheme, &username, &password, &database, mysql_flags)) {
+ conn->unix_socket.s = NULL;
goto err;
}
+ conn->unix_socket.s = NULL;
}
{
diff --git a/ext/mysqlnd/mysqlnd_enum_n_def.h b/ext/mysqlnd/mysqlnd_enum_n_def.h
index 7630a0a98885..21b84ce71f92 100644
--- a/ext/mysqlnd/mysqlnd_enum_n_def.h
+++ b/ext/mysqlnd/mysqlnd_enum_n_def.h
@@ -631,6 +631,7 @@ enum mysqlnd_packet_type
PROT_CHG_USER_RESP_PACKET,
PROT_SHA256_PK_REQUEST_PACKET,
PROT_SHA256_PK_REQUEST_RESPONSE_PACKET,
+ PROT_CACHED_SHA2_RESULT_PACKET,
PROT_LAST /* should always be last */
};
diff --git a/ext/mysqlnd/mysqlnd_structs.h b/ext/mysqlnd/mysqlnd_structs.h
index a7c892b48d75..858b6620089c 100644
--- a/ext/mysqlnd/mysqlnd_structs.h
+++ b/ext/mysqlnd/mysqlnd_structs.h
@@ -963,6 +963,7 @@ struct st_mysqlnd_packet_chg_user_resp;
struct st_mysqlnd_packet_auth_pam;
struct st_mysqlnd_packet_sha256_pk_request;
struct st_mysqlnd_packet_sha256_pk_request_response;
+struct st_mysqlnd_packet_cached_sha2_result;
typedef void (*func_mysqlnd_protocol_payload_decoder_factory__init_greet_packet)(struct st_mysqlnd_packet_greet *packet);
typedef void (*func_mysqlnd_protocol_payload_decoder_factory__init_auth_packet)(struct st_mysqlnd_packet_auth *packet);
@@ -979,6 +980,7 @@ typedef void (*func_mysqlnd_protocol_payload_decoder_factory__init_prepare_respo
typedef void (*func_mysqlnd_protocol_payload_decoder_factory__init_change_user_response_packet)(struct st_mysqlnd_packet_chg_user_resp *packet);
typedef void (*func_mysqlnd_protocol_payload_decoder_factory__init_sha256_pk_request_packet)(struct st_mysqlnd_packet_sha256_pk_request *packet);
typedef void (*func_mysqlnd_protocol_payload_decoder_factory__init_sha256_pk_request_response_packet)(struct st_mysqlnd_packet_sha256_pk_request_response *packet);
+typedef void (*func_mysqlnd_protocol_payload_decoder_factory__init_cached_sha2_result_packet)(struct st_mysqlnd_packet_cached_sha2_result *packet);
typedef enum_func_status (*func_mysqlnd_protocol_payload_decoder_factory__send_command)(
MYSQLND_PROTOCOL_PAYLOAD_DECODER_FACTORY * payload_decoder_factory,
@@ -1034,6 +1036,7 @@ MYSQLND_CLASS_METHODS_TYPE(mysqlnd_protocol_payload_decoder_factory)
func_mysqlnd_protocol_payload_decoder_factory__init_change_user_response_packet init_change_user_response_packet;
func_mysqlnd_protocol_payload_decoder_factory__init_sha256_pk_request_packet init_sha256_pk_request_packet;
func_mysqlnd_protocol_payload_decoder_factory__init_sha256_pk_request_response_packet init_sha256_pk_request_response_packet;
+ func_mysqlnd_protocol_payload_decoder_factory__init_cached_sha2_result_packet init_cached_sha2_result_packet;
func_mysqlnd_protocol_payload_decoder_factory__send_command send_command;
func_mysqlnd_protocol_payload_decoder_factory__send_command_handle_response send_command_handle_response;
@@ -1331,11 +1334,18 @@ typedef zend_uchar * (*func_auth_plugin__get_auth_data)(struct st_mysqlnd_authen
const MYSQLND_PFC_DATA * const pfc_data, zend_ulong mysql_flags
);
+typedef void (*func_auth_plugin__handle_server_response)(struct st_mysqlnd_authentication_plugin * self,
+ MYSQLND_CONN_DATA * conn,
+ const zend_uchar * auth_plugin_data, size_t auth_plugin_data_len,
+ const char * const passwd,
+ const size_t passwd_len);
+
struct st_mysqlnd_authentication_plugin
{
struct st_mysqlnd_plugin_header plugin_header;
struct {
func_auth_plugin__get_auth_data get_auth_data;
+ func_auth_plugin__handle_server_response handle_server_response;
} methods;
};
diff --git a/ext/mysqlnd/mysqlnd_wireprotocol.c b/ext/mysqlnd/mysqlnd_wireprotocol.c
index 15b64d9f6de2..1b7f4a935e10 100644
--- a/ext/mysqlnd/mysqlnd_wireprotocol.c
+++ b/ext/mysqlnd/mysqlnd_wireprotocol.c
@@ -2123,6 +2123,75 @@ php_mysqlnd_sha256_pk_request_response_free_mem(void * _packet)
}
/* }}} */
+static
+size_t php_mysqlnd_cached_sha2_result_write(MYSQLND_CONN_DATA * conn, void * _packet)
+{
+ MYSQLND_PACKET_CACHED_SHA2_RESULT * packet= (MYSQLND_PACKET_CACHED_SHA2_RESULT *) _packet;
+ MYSQLND_ERROR_INFO * error_info = conn->error_info;
+ MYSQLND_PFC * pfc = conn->protocol_frame_codec;
+ MYSQLND_VIO * vio = conn->vio;
+ MYSQLND_STATS * stats = conn->stats;
+#if HAVE_COMPILER_C99_VLA
+ zend_uchar buffer[MYSQLND_HEADER_SIZE + packet->password_len + 1];
+#else
+ ALLOCA_FLAG(use_heap)
+ zend_uchar *buffer = do_alloca(MYSQLND_HEADER_SIZE + packet->password_len + 1, use_heap);
+#endif
+ size_t sent;
+
+ DBG_ENTER("php_mysqlnd_cached_sha2_result_write");
+
+ if (packet->request == 1) {
+ int1store(buffer + MYSQLND_HEADER_SIZE, '\2');
+ sent = pfc->data->m.send(pfc, vio, buffer, 1, stats, error_info);
+ } else {
+ memcpy(buffer + MYSQLND_HEADER_SIZE, packet->password, packet->password_len);
+ sent = pfc->data->m.send(pfc, vio, buffer, packet->password_len, stats, error_info);
+ }
+
+#if !HAVE_COMPILER_C99_VLA
+ free_alloca(buffer, use_heap);
+#endif
+
+ DBG_RETURN(sent);
+}
+
+static enum_func_status
+php_mysqlnd_cached_sha2_result_read(MYSQLND_CONN_DATA * conn, void * _packet)
+{
+ MYSQLND_PACKET_CACHED_SHA2_RESULT * packet= (MYSQLND_PACKET_CACHED_SHA2_RESULT *) _packet;
+ MYSQLND_ERROR_INFO * error_info = conn->error_info;
+ MYSQLND_PFC * pfc = conn->protocol_frame_codec;
+ MYSQLND_VIO * vio = conn->vio;
+ MYSQLND_STATS * stats = conn->stats;
+ MYSQLND_CONNECTION_STATE * connection_state = &conn->state;
+ zend_uchar buf[SHA256_PK_REQUEST_RESP_BUFFER_SIZE];
+ zend_uchar *p = buf;
+ const zend_uchar * const begin = buf;
+
+ DBG_ENTER("php_mysqlnd_cached_sha2_result_read");
+ if (FAIL == mysqlnd_read_packet_header_and_body(&(packet->header), pfc, vio, stats, error_info, connection_state, buf, sizeof(buf), "PROT_CACHED_SHA2_RESULT_PACKET", PROT_CACHED_SHA2_RESULT_PACKET)) {
+ DBG_RETURN(FAIL);
+ }
+ BAIL_IF_NO_MORE_DATA;
+
+ p++;
+ packet->response_code = uint1korr(p);
+ BAIL_IF_NO_MORE_DATA;
+
+ p++;
+ packet->result = uint1korr(p);
+ BAIL_IF_NO_MORE_DATA;
+
+ DBG_RETURN(PASS);
+
+premature_end:
+ DBG_ERR_FMT("OK packet %d bytes shorter than expected", p - begin - packet->header.size);
+ php_error_docref(NULL, E_WARNING, "SHA256_PK_REQUEST_RESPONSE packet "MYSQLND_SZ_T_SPEC" bytes shorter than expected",
+ p - begin - packet->header.size);
+ DBG_RETURN(FAIL);
+}
+
/* {{{ packet_methods */
static
mysqlnd_packet_methods packet_methods[PROT_LAST] =
@@ -2201,9 +2270,14 @@ mysqlnd_packet_methods packet_methods[PROT_LAST] =
php_mysqlnd_sha256_pk_request_response_read,
NULL, /* write */
php_mysqlnd_sha256_pk_request_response_free_mem,
- } /* PROT_SHA256_PK_REQUEST_RESPONSE_PACKET */
+ }, /* PROT_SHA256_PK_REQUEST_RESPONSE_PACKET */
+ {
+ php_mysqlnd_cached_sha2_result_read,
+ php_mysqlnd_cached_sha2_result_write,
+ NULL
+ } /* PROT_CACHED_SHA2_RESULT_PACKET */
};
-/* }}} */
+/* }}} */
/* {{{ mysqlnd_protocol::init_greet_packet */
@@ -2385,6 +2459,17 @@ MYSQLND_METHOD(mysqlnd_protocol, init_sha256_pk_request_response_packet)(struct
}
/* }}} */
+/* {{{ mysqlnd_protocol::init_cached_sha2_result_packet */
+static void
+MYSQLND_METHOD(mysqlnd_protocol, init_cached_sha2_result_packet)(struct st_mysqlnd_packet_cached_sha2_result *packet)
+{
+ DBG_ENTER("mysqlnd_protocol::init_cached_sha2_result_packet");
+ memset(packet, 0, sizeof(*packet));
+ packet->header.m = &packet_methods[PROT_CACHED_SHA2_RESULT_PACKET];
+ DBG_VOID_RETURN;
+}
+/* }}} */
+
/* {{{ mysqlnd_protocol::send_command */
static enum_func_status
@@ -2603,6 +2688,7 @@ MYSQLND_CLASS_METHODS_START(mysqlnd_protocol_payload_decoder_factory)
MYSQLND_METHOD(mysqlnd_protocol, init_change_user_response_packet),
MYSQLND_METHOD(mysqlnd_protocol, init_sha256_pk_request_packet),
MYSQLND_METHOD(mysqlnd_protocol, init_sha256_pk_request_response_packet),
+ MYSQLND_METHOD(mysqlnd_protocol, init_cached_sha2_result_packet),
MYSQLND_METHOD(mysqlnd_protocol, send_command),
MYSQLND_METHOD(mysqlnd_protocol, send_command_handle_response),
diff --git a/ext/mysqlnd/mysqlnd_wireprotocol.h b/ext/mysqlnd/mysqlnd_wireprotocol.h
index 6e531b0e5438..7dfb256eec41 100644
--- a/ext/mysqlnd/mysqlnd_wireprotocol.h
+++ b/ext/mysqlnd/mysqlnd_wireprotocol.h
@@ -281,6 +281,16 @@ typedef struct st_mysqlnd_packet_sha256_pk_request_response {
size_t public_key_len;
} MYSQLND_PACKET_SHA256_PK_REQUEST_RESPONSE;
+typedef struct st_mysqlnd_packet_cached_sha2_result {
+ MYSQLND_PACKET_HEADER header;
+ uint8_t response_code;
+ uint8_t result;
+ uint8_t request;
+ zend_uchar * password;
+ size_t password_len;
+} MYSQLND_PACKET_CACHED_SHA2_RESULT;
+
+
zend_ulong php_mysqlnd_net_field_length(const zend_uchar **packet);
zend_uchar * php_mysqlnd_net_store_length(zend_uchar *packet, const uint64_t length);