/* {{{ mysqlnd_vio::set_client_option */
static enum_func_status
MYSQLND_METHOD(mysqlnd_vio, set_client_option)(MYSQLND_VIO * const net, enum_mysqlnd_client_option option, const char * const value)
{
DBG_ENTER("mysqlnd_vio::set_client_option");
DBG_INF_FMT("option=%u", option);
switch (option) {
case MYSQLND_OPT_NET_CMD_BUFFER_SIZE:
DBG_INF("MYSQLND_OPT_NET_CMD_BUFFER_SIZE");
if (*(unsigned int*) value < MYSQLND_NET_CMD_BUFFER_MIN_SIZE) {
DBG_RETURN(FAIL);
}
net->cmd_buffer.length = *(unsigned int*) value;
DBG_INF_FMT("new_length="MYSQLND_SZ_T_SPEC, net->cmd_buffer.length);
if (!net->cmd_buffer.buffer) {
net->cmd_buffer.buffer = mnd_pemalloc(net->cmd_buffer.length, net->persistent);
} else {
net->cmd_buffer.buffer = mnd_perealloc(net->cmd_buffer.buffer, net->cmd_buffer.length, net->persistent);
}
break;
case MYSQLND_OPT_NET_READ_BUFFER_SIZE:
DBG_INF("MYSQLND_OPT_NET_READ_BUFFER_SIZE");
net->data->options.net_read_buffer_size = *(unsigned int*) value;
DBG_INF_FMT("new_length="MYSQLND_SZ_T_SPEC, net->data->options.net_read_buffer_size);
break;
case MYSQL_OPT_CONNECT_TIMEOUT:
DBG_INF("MYSQL_OPT_CONNECT_TIMEOUT");
net->data->options.timeout_connect = *(unsigned int*) value;
break;
case MYSQLND_OPT_SSL_KEY:
{
zend_bool pers = net->persistent;
if (net->data->options.ssl_key) {
mnd_pefree(net->data->options.ssl_key, pers);
}
net->data->options.ssl_key = value? mnd_pestrdup(value, pers) : NULL;
break;
}
case MYSQLND_OPT_SSL_CERT:
{
zend_bool pers = net->persistent;
if (net->data->options.ssl_cert) {
mnd_pefree(net->data->options.ssl_cert, pers);
}
net->data->options.ssl_cert = value? mnd_pestrdup(value, pers) : NULL;
break;
}
case MYSQLND_OPT_SSL_CA:
{
zend_bool pers = net->persistent;
if (net->data->options.ssl_ca) {
mnd_pefree(net->data->options.ssl_ca, pers);
}
net->data->options.ssl_ca = value? mnd_pestrdup(value, pers) : NULL;
break;
}
case MYSQLND_OPT_SSL_CAPATH:
{
zend_bool pers = net->persistent;
if (net->data->options.ssl_capath) {
mnd_pefree(net->data->options.ssl_capath, pers);
}
net->data->options.ssl_capath = value? mnd_pestrdup(value, pers) : NULL;
break;
}
case MYSQLND_OPT_SSL_CIPHER:
{
zend_bool pers = net->persistent;
if (net->data->options.ssl_cipher) {
mnd_pefree(net->data->options.ssl_cipher, pers);
}
net->data->options.ssl_cipher = value? mnd_pestrdup(value, pers) : NULL;
break;
}
case MYSQLND_OPT_SSL_PASSPHRASE:
{
zend_bool pers = net->persistent;
if (net->data->options.ssl_passphrase) {
mnd_pefree(net->data->options.ssl_passphrase, pers);
}
net->data->options.ssl_passphrase = value? mnd_pestrdup(value, pers) : NULL;
break;
}
case MYSQL_OPT_SSL_VERIFY_SERVER_CERT:
{
enum mysqlnd_ssl_peer val = *((enum mysqlnd_ssl_peer *)value);
switch (val) {
case MYSQLND_SSL_PEER_VERIFY:
DBG_INF("MYSQLND_SSL_PEER_VERIFY");
break;
case MYSQLND_SSL_PEER_DONT_VERIFY:
DBG_INF("MYSQLND_SSL_PEER_DONT_VERIFY");
break;
case MYSQLND_SSL_PEER_DEFAULT:
DBG_INF("MYSQLND_SSL_PEER_DEFAULT");
val = MYSQLND_SSL_PEER_DEFAULT;
break;
default:
DBG_INF("default = MYSQLND_SSL_PEER_DEFAULT_ACTION");
val = MYSQLND_SSL_PEER_DEFAULT;
break;
}
net->data->options.ssl_verify_peer = val;
break;
}
case MYSQL_OPT_READ_TIMEOUT:
net->data->options.timeout_read = *(unsigned int*) value;
break;
#ifdef WHEN_SUPPORTED_BY_MYSQLI
case MYSQL_OPT_WRITE_TIMEOUT:
net->data->options.timeout_write = *(unsigned int*) value;
break;
#endif
default:
DBG_RETURN(FAIL);
}
DBG_RETURN(PASS);
}
/* {{{ mysqlnd_command::handshake */
static enum_func_status
MYSQLND_METHOD(mysqlnd_command, handshake)(MYSQLND_CONN_DATA * const conn, const MYSQLND_CSTRING username, const MYSQLND_CSTRING password, const MYSQLND_CSTRING database, const size_t client_flags)
{
const char * const user = username.s;
const char * const passwd = password.s;
const size_t passwd_len = password.l;
const char * const db = database.s;
const size_t db_len = database.l;
const size_t mysql_flags = client_flags;
MYSQLND_PACKET_GREET greet_packet;
DBG_ENTER("mysqlnd_command::handshake");
DBG_INF_FMT("stream=%p", conn->vio->data->m.get_stream(conn->vio));
DBG_INF_FMT("[user=%s] [db=%s:%d] [flags=%llu]", user, db, db_len, mysql_flags);
conn->payload_decoder_factory->m.init_greet_packet(&greet_packet);
if (FAIL == PACKET_READ(conn, &greet_packet)) {
DBG_ERR("Error while reading greeting packet");
php_error_docref(NULL, E_WARNING, "Error while reading greeting packet. PID=%d", getpid());
goto err;
} else if (greet_packet.error_no) {
DBG_ERR_FMT("errorno=%u error=%s", greet_packet.error_no, greet_packet.error);
SET_CLIENT_ERROR(conn->error_info, greet_packet.error_no, greet_packet.sqlstate, greet_packet.error);
goto err;
} else if (greet_packet.pre41) {
DBG_ERR_FMT("Connecting to 3.22, 3.23 & 4.0 is not supported. Server is %-.32s", greet_packet.server_version);
php_error_docref(NULL, E_WARNING, "Connecting to 3.22, 3.23 & 4.0 "
" is not supported. Server is %-.32s", greet_packet.server_version);
SET_CLIENT_ERROR(conn->error_info, CR_NOT_IMPLEMENTED, UNKNOWN_SQLSTATE,
"Connecting to 3.22, 3.23 & 4.0 servers is not supported");
goto err;
}
conn->thread_id = greet_packet.thread_id;
conn->protocol_version = greet_packet.protocol_version;
conn->server_version = mnd_pestrdup(greet_packet.server_version, conn->persistent);
conn->greet_charset = mysqlnd_find_charset_nr(greet_packet.charset_no);
if (!conn->greet_charset) {
php_error_docref(NULL, E_WARNING,
"Server sent charset (%d) unknown to the client. Please, report to the developers", greet_packet.charset_no);
SET_CLIENT_ERROR(conn->error_info, CR_NOT_IMPLEMENTED, UNKNOWN_SQLSTATE,
"Server sent charset unknown to the client. Please, report to the developers");
goto err;
}
conn->server_capabilities = greet_packet.server_capabilities;
if (FAIL == mysqlnd_connect_run_authentication(conn, user, passwd, db, db_len, (size_t) passwd_len,
greet_packet.authentication_plugin_data, greet_packet.auth_protocol,
greet_packet.charset_no, greet_packet.server_capabilities,
conn->options, mysql_flags))
{
goto err;
}
UPSERT_STATUS_RESET(conn->upsert_status);
UPSERT_STATUS_SET_SERVER_STATUS(conn->upsert_status, greet_packet.server_status);
PACKET_FREE(&greet_packet);
DBG_RETURN(PASS);
err:
conn->server_capabilities = 0;
PACKET_FREE(&greet_packet);
DBG_RETURN(FAIL);
}
/* {{{ mysqlnd_run_authentication */
enum_func_status
mysqlnd_run_authentication(
MYSQLND_CONN_DATA * conn,
const char * const user,
const char * const passwd,
const size_t passwd_len,
const char * const db,
const size_t db_len,
const MYSQLND_STRING auth_plugin_data,
const char * const auth_protocol,
unsigned int charset_no,
const MYSQLND_SESSION_OPTIONS * const session_options,
zend_ulong mysql_flags,
zend_bool silent,
zend_bool is_change_user
)
{
enum_func_status ret = FAIL;
zend_bool first_call = TRUE;
char * switch_to_auth_protocol = NULL;
size_t switch_to_auth_protocol_len = 0;
char * requested_protocol = NULL;
zend_uchar * plugin_data;
size_t plugin_data_len;
DBG_ENTER("mysqlnd_run_authentication");
plugin_data_len = auth_plugin_data.l;
plugin_data = mnd_emalloc(plugin_data_len + 1);
if (!plugin_data) {
goto end;
}
memcpy(plugin_data, auth_plugin_data.s, plugin_data_len);
plugin_data[plugin_data_len] = '\0';
requested_protocol = mnd_pestrdup(auth_protocol? auth_protocol : MYSQLND_DEFAULT_AUTH_PROTOCOL, FALSE);
if (!requested_protocol) {
goto end;
}
do {
struct st_mysqlnd_authentication_plugin * auth_plugin = conn->m->fetch_auth_plugin_by_name(requested_protocol);
if (!auth_plugin) {
php_error_docref(NULL, E_WARNING, "The server requested authentication method unknown to the client [%s]", requested_protocol);
SET_CLIENT_ERROR(conn->error_info, CR_NOT_IMPLEMENTED, UNKNOWN_SQLSTATE, "The server requested authentication method unknown to the client");
goto end;
}
DBG_INF("plugin found");
{
zend_uchar * switch_to_auth_protocol_data = NULL;
size_t switch_to_auth_protocol_data_len = 0;
zend_uchar * scrambled_data = NULL;
size_t scrambled_data_len = 0;
switch_to_auth_protocol = NULL;
switch_to_auth_protocol_len = 0;
if (conn->authentication_plugin_data.s) {
mnd_pefree(conn->authentication_plugin_data.s, conn->persistent);
conn->authentication_plugin_data.s = NULL;
}
conn->authentication_plugin_data.l = plugin_data_len;
conn->authentication_plugin_data.s = mnd_pemalloc(conn->authentication_plugin_data.l, conn->persistent);
if (!conn->authentication_plugin_data.s) {
SET_OOM_ERROR(conn->error_info);
goto end;
}
memcpy(conn->authentication_plugin_data.s, plugin_data, plugin_data_len);
DBG_INF_FMT("salt(%d)=[%.*s]", plugin_data_len, plugin_data_len, plugin_data);
/* The data should be allocated with malloc() */
scrambled_data =
auth_plugin->methods.get_auth_data(NULL, &scrambled_data_len, conn, user, passwd, passwd_len,
plugin_data, plugin_data_len, session_options,
conn->protocol_frame_codec->data, mysql_flags);
if (conn->error_info->error_no) {
goto end;
}
if (FALSE == is_change_user) {
ret = mysqlnd_auth_handshake(conn, user, passwd, passwd_len, db, db_len, session_options, mysql_flags,
charset_no,
first_call,
requested_protocol,
scrambled_data, scrambled_data_len,
&switch_to_auth_protocol, &switch_to_auth_protocol_len,
&switch_to_auth_protocol_data, &switch_to_auth_protocol_data_len
);
} else {
ret = mysqlnd_auth_change_user(conn, user, strlen(user), passwd, passwd_len, db, db_len, silent,
first_call,
requested_protocol,
scrambled_data, scrambled_data_len,
&switch_to_auth_protocol, &switch_to_auth_protocol_len,
&switch_to_auth_protocol_data, &switch_to_auth_protocol_data_len
);
}
first_call = FALSE;
free(scrambled_data);
DBG_INF_FMT("switch_to_auth_protocol=%s", switch_to_auth_protocol? switch_to_auth_protocol:"n/a");
if (requested_protocol && switch_to_auth_protocol) {
mnd_efree(requested_protocol);
requested_protocol = switch_to_auth_protocol;
}
if (plugin_data) {
mnd_efree(plugin_data);
}
plugin_data_len = switch_to_auth_protocol_data_len;
plugin_data = switch_to_auth_protocol_data;
}
DBG_INF_FMT("conn->error_info->error_no = %d", conn->error_info->error_no);
} while (ret == FAIL && conn->error_info->error_no == 0 && switch_to_auth_protocol != NULL);
if (ret == PASS) {
DBG_INF_FMT("saving requested_protocol=%s", requested_protocol);
conn->m->set_client_option(conn, MYSQLND_OPT_AUTH_PROTOCOL, requested_protocol);
}
end:
if (plugin_data) {
mnd_efree(plugin_data);
}
if (requested_protocol) {
mnd_efree(requested_protocol);
}
DBG_RETURN(ret);
}
/* {{{ mysqlnd_auth_change_user */
enum_func_status
mysqlnd_auth_change_user(MYSQLND_CONN_DATA * const conn,
const char * const user,
const size_t user_len,
const char * const passwd,
const size_t passwd_len,
const char * const db,
const size_t db_len,
const zend_bool silent,
zend_bool use_full_blown_auth_packet,
const char * const auth_protocol,
zend_uchar * auth_plugin_data,
size_t auth_plugin_data_len,
char ** switch_to_auth_protocol,
size_t * switch_to_auth_protocol_len,
zend_uchar ** switch_to_auth_protocol_data,
size_t * switch_to_auth_protocol_data_len
)
{
enum_func_status ret = FAIL;
const MYSQLND_CHARSET * old_cs = conn->charset;
MYSQLND_PACKET_CHANGE_AUTH_RESPONSE * change_auth_resp_packet = NULL;
MYSQLND_PACKET_CHG_USER_RESPONSE * chg_user_resp = NULL;
MYSQLND_PACKET_AUTH * auth_packet = NULL;
DBG_ENTER("mysqlnd_auth_change_user");
chg_user_resp = conn->protocol->m.get_change_user_response_packet(conn->protocol, FALSE);
if (!chg_user_resp) {
SET_OOM_ERROR(*conn->error_info);
goto end;
}
if (use_full_blown_auth_packet != TRUE) {
change_auth_resp_packet = conn->protocol->m.get_change_auth_response_packet(conn->protocol, FALSE);
if (!change_auth_resp_packet) {
SET_OOM_ERROR(*conn->error_info);
goto end;
}
change_auth_resp_packet->auth_data = auth_plugin_data;
change_auth_resp_packet->auth_data_len = auth_plugin_data_len;
if (!PACKET_WRITE(change_auth_resp_packet, conn)) {
CONN_SET_STATE(conn, CONN_QUIT_SENT);
SET_CLIENT_ERROR(*conn->error_info, CR_SERVER_GONE_ERROR, UNKNOWN_SQLSTATE, mysqlnd_server_gone);
goto end;
}
} else {
auth_packet = conn->protocol->m.get_auth_packet(conn->protocol, FALSE);
if (!auth_packet) {
SET_OOM_ERROR(*conn->error_info);
goto end;
}
auth_packet->is_change_user_packet = TRUE;
auth_packet->user = user;
auth_packet->db = db;
auth_packet->db_len = db_len;
auth_packet->silent = silent;
auth_packet->auth_data = auth_plugin_data;
auth_packet->auth_data_len = auth_plugin_data_len;
auth_packet->auth_plugin_name = auth_protocol;
if (conn->m->get_server_version(conn) >= 50123) {
auth_packet->charset_no = conn->charset->nr;
}
if (!PACKET_WRITE(auth_packet, conn)) {
CONN_SET_STATE(conn, CONN_QUIT_SENT);
SET_CLIENT_ERROR(*conn->error_info, CR_SERVER_GONE_ERROR, UNKNOWN_SQLSTATE, mysqlnd_server_gone);
goto end;
}
}
ret = PACKET_READ(chg_user_resp, conn);
COPY_CLIENT_ERROR(*conn->error_info, chg_user_resp->error_info);
if (0xFE == chg_user_resp->response_code) {
ret = FAIL;
if (!chg_user_resp->new_auth_protocol) {
DBG_ERR(mysqlnd_old_passwd);
SET_CLIENT_ERROR(*conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, mysqlnd_old_passwd);
} else {
*switch_to_auth_protocol = mnd_pestrndup(chg_user_resp->new_auth_protocol, chg_user_resp->new_auth_protocol_len, FALSE);
*switch_to_auth_protocol_len = chg_user_resp->new_auth_protocol_len;
if (chg_user_resp->new_auth_protocol_data) {
*switch_to_auth_protocol_data_len = chg_user_resp->new_auth_protocol_data_len;
*switch_to_auth_protocol_data = mnd_emalloc(*switch_to_auth_protocol_data_len);
memcpy(*switch_to_auth_protocol_data, chg_user_resp->new_auth_protocol_data, *switch_to_auth_protocol_data_len);
} else {
*switch_to_auth_protocol_data = NULL;
*switch_to_auth_protocol_data_len = 0;
}
}
}
if (conn->error_info->error_no) {
ret = FAIL;
/*
COM_CHANGE_USER is broken in 5.1. At least in 5.1.15 and 5.1.14, 5.1.11 is immune.
bug#25371 mysql_change_user() triggers "packets out of sync"
When it gets fixed, there should be one more check here
*/
if (conn->m->get_server_version(conn) > 50113L &&conn->m->get_server_version(conn) < 50118L) {
MYSQLND_PACKET_OK * redundant_error_packet = conn->protocol->m.get_ok_packet(conn->protocol, FALSE);
if (redundant_error_packet) {
PACKET_READ(redundant_error_packet, conn);
PACKET_FREE(redundant_error_packet);
DBG_INF_FMT("Server is %u, buggy, sends two ERR messages", conn->m->get_server_version(conn));
} else {
SET_OOM_ERROR(*conn->error_info);
}
}
}
if (ret == PASS) {
char * tmp = NULL;
/* if we get conn->user as parameter and then we first free it, then estrndup it, we will crash */
tmp = mnd_pestrndup(user, user_len, conn->persistent);
if (conn->user) {
mnd_pefree(conn->user, conn->persistent);
}
conn->user = tmp;
tmp = mnd_pestrdup(passwd, conn->persistent);
if (conn->passwd) {
mnd_pefree(conn->passwd, conn->persistent);
}
conn->passwd = tmp;
if (conn->last_message) {
mnd_pefree(conn->last_message, conn->persistent);
conn->last_message = NULL;
}
memset(conn->upsert_status, 0, sizeof(*conn->upsert_status));
/* set charset for old servers */
if (conn->m->get_server_version(conn) < 50123) {
ret = conn->m->set_charset(conn, old_cs->name);
}
} else if (ret == FAIL && chg_user_resp->server_asked_323_auth == TRUE) {
/* old authentication with new server !*/
DBG_ERR(mysqlnd_old_passwd);
SET_CLIENT_ERROR(*conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, mysqlnd_old_passwd);
}
end:
PACKET_FREE(change_auth_resp_packet);
PACKET_FREE(auth_packet);
PACKET_FREE(chg_user_resp);
DBG_RETURN(ret);
}
/* {{{ mysqlnd_com_handshake_run */
static enum_func_status
mysqlnd_com_handshake_run(void *cmd)
{
struct st_mysqlnd_protocol_com_handshake_command * command = (struct st_mysqlnd_protocol_com_handshake_command *) cmd;
const char * user = command->context.user.s;
const char * passwd = command->context.passwd.s;
size_t passwd_len = command->context.passwd.l;
const char * db = command->context.database.s;
size_t db_len = command->context.database.l;
size_t mysql_flags = command->context.client_flags;
MYSQLND_CONN_DATA * conn = command->context.conn;
MYSQLND_PACKET_GREET * greet_packet;
DBG_ENTER("mysqlnd_conn_data::connect_handshake");
DBG_INF_FMT("stream=%p", conn->vio->data->m.get_stream(conn->vio));
DBG_INF_FMT("[user=%s] [db=%s:%d] [flags=%llu]", user, db, db_len, mysql_flags);
greet_packet = conn->payload_decoder_factory->m.get_greet_packet(conn->payload_decoder_factory, FALSE);
if (!greet_packet) {
SET_OOM_ERROR(conn->error_info);
DBG_RETURN(FAIL); /* OOM */
}
if (FAIL == PACKET_READ(greet_packet)) {
DBG_ERR("Error while reading greeting packet");
php_error_docref(NULL, E_WARNING, "Error while reading greeting packet. PID=%d", getpid());
goto err;
} else if (greet_packet->error_no) {
DBG_ERR_FMT("errorno=%u error=%s", greet_packet->error_no, greet_packet->error);
SET_CLIENT_ERROR(conn->error_info, greet_packet->error_no, greet_packet->sqlstate, greet_packet->error);
goto err;
} else if (greet_packet->pre41) {
DBG_ERR_FMT("Connecting to 3.22, 3.23 & 4.0 is not supported. Server is %-.32s", greet_packet->server_version);
php_error_docref(NULL, E_WARNING, "Connecting to 3.22, 3.23 & 4.0 "
" is not supported. Server is %-.32s", greet_packet->server_version);
SET_CLIENT_ERROR(conn->error_info, CR_NOT_IMPLEMENTED, UNKNOWN_SQLSTATE,
"Connecting to 3.22, 3.23 & 4.0 servers is not supported");
goto err;
}
conn->thread_id = greet_packet->thread_id;
conn->protocol_version = greet_packet->protocol_version;
conn->server_version = mnd_pestrdup(greet_packet->server_version, conn->persistent);
conn->greet_charset = mysqlnd_find_charset_nr(greet_packet->charset_no);
if (!conn->greet_charset) {
php_error_docref(NULL, E_WARNING,
"Server sent charset (%d) unknown to the client. Please, report to the developers", greet_packet->charset_no);
SET_CLIENT_ERROR(conn->error_info, CR_NOT_IMPLEMENTED, UNKNOWN_SQLSTATE,
"Server sent charset unknown to the client. Please, report to the developers");
goto err;
}
conn->server_capabilities = greet_packet->server_capabilities;
if (FAIL == mysqlnd_connect_run_authentication(conn, user, passwd, db, db_len, (size_t) passwd_len,
greet_packet->authentication_plugin_data, greet_packet->auth_protocol,
greet_packet->charset_no, greet_packet->server_capabilities,
conn->options, mysql_flags))
{
goto err;
}
UPSERT_STATUS_RESET(conn->upsert_status);
UPSERT_STATUS_SET_SERVER_STATUS(conn->upsert_status, greet_packet->server_status);
PACKET_FREE(greet_packet);
DBG_RETURN(PASS);
err:
conn->server_capabilities = 0;
PACKET_FREE(greet_packet);
DBG_RETURN(FAIL);
}
