History log of /PHP-8.2/ext/mysqlnd/mysqlnd_auth.c (Results 1 – 25 of 111)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# 509906b2 12-Jun-2023 Niels Dossche <7771979+nielsdos@users.noreply.github.com>

Fix GH-11438: mysqlnd fails to authenticate with sha256_password accounts using passwords longer than 19 characters

https://dev.mysql.com/doc/dev/mysql-server/latest/page_caching_sha2_authen

Fix GH-11438: mysqlnd fails to authenticate with sha256_password accounts using passwords longer than 19 characters

https://dev.mysql.com/doc/dev/mysql-server/latest/page_caching_sha2_authentication_exchanges.html
tells us that the nonce used in this authentication method is 20 bytes
long. However, we might receive additional scramble data in
php_mysqlnd_greet_read not used in this method.
On my test setup, I received 21 bytes (20 bytes + '\0'). This resulted
in the xor computation to incorrectly include the NUL byte. Every
password of at least 20 characters therefore failed to authenticate
using this method.

Looking at mysql-server source code also seems to reveal that it always
uses a fixed number of scramble bytes [1].

[1] https://github.com/mysql/mysql-server/blob/ea7087d885006918ad54458e7aad215b1650312c/sql/auth/sha2_password.cc#L1078-L1079

Closes GH-11445.

Co-authored-by: Kamil Tekiela <tekiela246@gmail.com>

show more ...


# 94127c53 12-Jun-2023 nielsdos <7771979+nielsdos@users.noreply.github.com>

Fix GH-11440: authentication to a sha256_password account fails over SSL

This is similar to bug #78680, but that bug wasn't really fixed in all
places. This is the only remaining place.

Fix GH-11440: authentication to a sha256_password account fails over SSL

This is similar to bug #78680, but that bug wasn't really fixed in all
places. This is the only remaining place.

Closes GH-11444.

show more ...


# a893a490 20-Aug-2021 Kamil Tekiela

Implement mysqlnd_set_persistent_string (#7371)


# d902b3a8 13-Aug-2021 Kamil Tekiela

Replace macro with inline function (#7365)


# 1c675b9d 10-Aug-2021 Nikita Popov

Switch mysqlnd auth to EVP_PKEY API


# aff36587 29-Jun-2021 Patrick Allaert

Fixed some spaces used instead of tabs


# 3acdab86 16-Jun-2021 Nikita Popov

Fix printf formats in mysql debug logging

Enable printf format verification and fix the reported errors.


# 01b3fc03 06-May-2021 KsaR

Update http->https in license (#6945)

1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as

Update http->https in license (#6945)

1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |

show more ...


# 36466042 05-Feb-2021 Daniel Black

Fix #78680: mysqlnd pam plugin missing terminating null

The PAM service requires the terminating null to be part
of the communication.

Tested with MariaDB-10.4(pam) and Percona

Fix #78680: mysqlnd pam plugin missing terminating null

The PAM service requires the terminating null to be part
of the communication.

Tested with MariaDB-10.4(pam) and Percona Server 5.7.32(auth_pam_compat).

Also changed MySQL Enterprise test to the server side plugin, authentication_pam
as opposed to the client plugin mysql_clear_password.

Add additional check for pamtest user and pam service file as
all are required for the test.

More importantly, test result should actually succeed.

Thanks Geoff Montee for bug report.

Closes GH-78680.

show more ...


# 3e01f5af 15-Jan-2021 Nikita Popov

Replace zend_bool uses with bool

We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.

Of course, zend_bool

Replace zend_bool uses with bool

We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.

Of course, zend_bool is retained as an alias.

show more ...


# 2f1d32d2 21-Dec-2020 Dharman

Avoid throwing warnings in mysqlnd

Instead report them as proper client errors.

Closes GH-6530.


# 5d9bd14c 14-Dec-2020 Nikita Popov

MySQLnd: Remove some unnecessary allocator failure checks

emalloc/pemalloc are infallible.


# 5a04796f 27-May-2020 Christoph M. Becker

Fix MSVC level 1 (severe) warnings

We fix (hopefully) all instances of:

* <https://docs.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-1-c4005>

Fix MSVC level 1 (severe) warnings

We fix (hopefully) all instances of:

* <https://docs.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-1-c4005>
* <https://docs.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-1-c4024>
* <https://docs.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-1-c4028>
* <https://docs.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-1-c4047>
* <https://docs.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-1-c4087>
* <https://docs.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-1-c4090>
* <https://docs.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-1-c4273>
* <https://docs.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-1-c4312>

`zend_llist_add_element()` and `zend_llist_prepend_element()` now
explicitly expect a *const* pointer.

We use the macro `ZEND_VOIDP()` instead of a `(void*)` cast to suppress
C4090; this should prevent accidential removal of the cast by
clarifying the intention, and makes it easier to remove the casts if
the issue[1] will be resolved sometime.

[1] <https://developercommunity.visualstudio.com/content/problem/390711/c-compiler-incorrect-propagation-of-const-qualifie.html>

show more ...


# ee21657a 03-Apr-2020 Qianqian Bu

Fix incorrect free for last_message

In commit a7305eb539596e175bd6c3ae9a20953358c5d677 the last_message
field of the connection object was changed to be always non-persistent.
But th

Fix incorrect free for last_message

In commit a7305eb539596e175bd6c3ae9a20953358c5d677 the last_message
field of the connection object was changed to be always non-persistent.
But there is a place on change_user path that still treats it
depending on conn->persistent flag. This will cause PHP crash after
com_change_user success when there is last_message set

show more ...


# 0afdf194 23-Mar-2020 Christoph M. Becker

Fix leak on Windows as well

Cf. <http://git.php.net/?p=php-src.git;a=commit;h=db08ef0d3274b239a6b9e68d71d02bb6acb71d82>


# db08ef0d 23-Mar-2020 Nikita Popov

Fix RSA memory leak in mysqlnd auth


# a0377021 26-Feb-2020 Christoph M. Becker

Native Windows support for mysqlnd sha256 authentification

We implement that on top of Cryptography API: Next Generation (CNG).


# a7400d5f 26-Feb-2020 Christoph M. Becker

Abstract over crypto operations


# 9d31a42a 18-Feb-2020 Nikita Popov

Don't use VLA in mysqlnd auth

We use alloca instead of VLA. This should also allow building
this code on Windows.


# bb5cdd9b 24-Jan-2020 Nikita Popov

Fixed bug #79011

auth_plugin_data_len here is 21, including the trailing null byte.
Directly use SCRAMBLE_LENGTH instead. Also add a sanity check that
the provided scramble is long e

Fixed bug #79011

auth_plugin_data_len here is 21, including the trailing null byte.
Directly use SCRAMBLE_LENGTH instead. Also add a sanity check that
the provided scramble is long enough.

show more ...


# 32cd373d 27-Dec-2019 Nikita Popov

Handle empty password fast path in caching_sha2_password

If an empty password is used, no additional packets are exchanged
during caching_sha2_password auth. We're only looking for an

Handle empty password fast path in caching_sha2_password

If an empty password is used, no additional packets are exchanged
during caching_sha2_password auth. We're only looking for an
OK/ERR response.

show more ...


# 813d4a00 27-Dec-2019 Nikita Popov

Handle error response during caching_sha2_password auth

In particular, this fixes handling of expired passwords.


# e7e1254f 27-Dec-2019 Nikita Popov

Add support for caching_sha2_password in change user authentication

Same as for connection handshakes.


# 03ee36d1 27-Dec-2019 Nikita Popov

Fix unix socket check during caching_sha2_password

The fact that conn->unix_socket is set does not mean that a Unix
socket is actually in use -- this member is set in a default
confi

Fix unix socket check during caching_sha2_password

The fact that conn->unix_socket is set does not mean that a Unix
socket is actually in use -- this member is set in a default
configuration.

Instead check whether a unix_socket stream ops is used.

show more ...


# 6225137b 27-Dec-2019 Nikita Popov

Support auth switch request during caching sha2 auth


12345