1 /*
2 +----------------------------------------------------------------------+
3 | PHP Version 7 |
4 +----------------------------------------------------------------------+
5 | Copyright (c) 2006-2017 The PHP Group |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 3.01 of the PHP license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | http://www.php.net/license/3_01.txt |
11 | If you did not receive a copy of the PHP license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@php.net so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Authors: Andrey Hristov <andrey@php.net> |
16 | Ulf Wendel <uw@php.net> |
17 | Georg Richter <georg@php.net> |
18 +----------------------------------------------------------------------+
19 */
20
21 /* $Id: mysqlnd.c 307377 2011-01-11 13:02:57Z andrey $ */
22 #include "php.h"
23 #include "mysqlnd.h"
24 #include "mysqlnd_structs.h"
25 #include "mysqlnd_wireprotocol.h"
26 #include "mysqlnd_priv.h"
27 #include "mysqlnd_result.h"
28 #include "mysqlnd_charset.h"
29 #include "mysqlnd_debug.h"
30
31 /* {{{ mysqlnd_auth_handshake */
32 enum_func_status
mysqlnd_auth_handshake(MYSQLND_CONN_DATA * conn,const char * const user,const char * const passwd,const size_t passwd_len,const char * const db,const size_t db_len,const MYSQLND_OPTIONS * const options,zend_ulong mysql_flags,unsigned int server_charset_no,zend_bool use_full_blown_auth_packet,const char * const auth_protocol,const zend_uchar * const auth_plugin_data,const size_t auth_plugin_data_len,char ** switch_to_auth_protocol,size_t * switch_to_auth_protocol_len,zend_uchar ** switch_to_auth_protocol_data,size_t * switch_to_auth_protocol_data_len)33 mysqlnd_auth_handshake(MYSQLND_CONN_DATA * conn,
34 const char * const user,
35 const char * const passwd,
36 const size_t passwd_len,
37 const char * const db,
38 const size_t db_len,
39 const MYSQLND_OPTIONS * const options,
40 zend_ulong mysql_flags,
41 unsigned int server_charset_no,
42 zend_bool use_full_blown_auth_packet,
43 const char * const auth_protocol,
44 const zend_uchar * const auth_plugin_data,
45 const size_t auth_plugin_data_len,
46 char ** switch_to_auth_protocol,
47 size_t * switch_to_auth_protocol_len,
48 zend_uchar ** switch_to_auth_protocol_data,
49 size_t * switch_to_auth_protocol_data_len
50 )
51 {
52 enum_func_status ret = FAIL;
53 const MYSQLND_CHARSET * charset = NULL;
54 MYSQLND_PACKET_CHANGE_AUTH_RESPONSE * change_auth_resp_packet = NULL;
55 MYSQLND_PACKET_AUTH_RESPONSE * auth_resp_packet = NULL;
56 MYSQLND_PACKET_AUTH * auth_packet = NULL;
57
58 DBG_ENTER("mysqlnd_auth_handshake");
59
60 auth_resp_packet = conn->protocol->m.get_auth_response_packet(conn->protocol, FALSE);
61
62 if (!auth_resp_packet) {
63 SET_OOM_ERROR(*conn->error_info);
64 goto end;
65 }
66
67 if (use_full_blown_auth_packet != TRUE) {
68 change_auth_resp_packet = conn->protocol->m.get_change_auth_response_packet(conn->protocol, FALSE);
69 if (!change_auth_resp_packet) {
70 SET_OOM_ERROR(*conn->error_info);
71 goto end;
72 }
73
74 change_auth_resp_packet->auth_data = auth_plugin_data;
75 change_auth_resp_packet->auth_data_len = auth_plugin_data_len;
76
77 if (!PACKET_WRITE(change_auth_resp_packet, conn)) {
78 CONN_SET_STATE(conn, CONN_QUIT_SENT);
79 SET_CLIENT_ERROR(*conn->error_info, CR_SERVER_GONE_ERROR, UNKNOWN_SQLSTATE, mysqlnd_server_gone);
80 goto end;
81 }
82 } else {
83 auth_packet = conn->protocol->m.get_auth_packet(conn->protocol, FALSE);
84
85 auth_packet->client_flags = mysql_flags;
86 auth_packet->max_packet_size = options->max_allowed_packet;
87 if (options->charset_name && (charset = mysqlnd_find_charset_name(options->charset_name))) {
88 auth_packet->charset_no = charset->nr;
89 } else {
90 auth_packet->charset_no = server_charset_no;
91 }
92
93 auth_packet->send_auth_data = TRUE;
94 auth_packet->user = user;
95 auth_packet->db = db;
96 auth_packet->db_len = db_len;
97
98 auth_packet->auth_data = auth_plugin_data;
99 auth_packet->auth_data_len = auth_plugin_data_len;
100 auth_packet->auth_plugin_name = auth_protocol;
101
102 if (conn->server_capabilities & CLIENT_CONNECT_ATTRS) {
103 auth_packet->connect_attr = conn->options->connect_attr;
104 }
105
106 if (!PACKET_WRITE(auth_packet, conn)) {
107 goto end;
108 }
109 }
110 if (use_full_blown_auth_packet == TRUE) {
111 conn->charset = mysqlnd_find_charset_nr(auth_packet->charset_no);
112 }
113
114 if (FAIL == PACKET_READ(auth_resp_packet, conn) || auth_resp_packet->response_code >= 0xFE) {
115 if (auth_resp_packet->response_code == 0xFE) {
116 /* old authentication with new server !*/
117 if (!auth_resp_packet->new_auth_protocol) {
118 DBG_ERR(mysqlnd_old_passwd);
119 SET_CLIENT_ERROR(*conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, mysqlnd_old_passwd);
120 } else {
121 *switch_to_auth_protocol = mnd_pestrndup(auth_resp_packet->new_auth_protocol, auth_resp_packet->new_auth_protocol_len, FALSE);
122 *switch_to_auth_protocol_len = auth_resp_packet->new_auth_protocol_len;
123 if (auth_resp_packet->new_auth_protocol_data) {
124 *switch_to_auth_protocol_data_len = auth_resp_packet->new_auth_protocol_data_len;
125 *switch_to_auth_protocol_data = mnd_emalloc(*switch_to_auth_protocol_data_len);
126 memcpy(*switch_to_auth_protocol_data, auth_resp_packet->new_auth_protocol_data, *switch_to_auth_protocol_data_len);
127 } else {
128 *switch_to_auth_protocol_data = NULL;
129 *switch_to_auth_protocol_data_len = 0;
130 }
131 }
132 } else if (auth_resp_packet->response_code == 0xFF) {
133 if (auth_resp_packet->sqlstate[0]) {
134 strlcpy(conn->error_info->sqlstate, auth_resp_packet->sqlstate, sizeof(conn->error_info->sqlstate));
135 DBG_ERR_FMT("ERROR:%u [SQLSTATE:%s] %s", auth_resp_packet->error_no, auth_resp_packet->sqlstate, auth_resp_packet->error);
136 }
137 SET_CLIENT_ERROR(*conn->error_info, auth_resp_packet->error_no, UNKNOWN_SQLSTATE, auth_resp_packet->error);
138 }
139 goto end;
140 }
141
142 SET_NEW_MESSAGE(conn->last_message, conn->last_message_len, auth_resp_packet->message, auth_resp_packet->message_len, conn->persistent);
143 ret = PASS;
144 end:
145 PACKET_FREE(change_auth_resp_packet);
146 PACKET_FREE(auth_packet);
147 PACKET_FREE(auth_resp_packet);
148 DBG_RETURN(ret);
149 }
150 /* }}} */
151
152
153 /* {{{ mysqlnd_auth_change_user */
154 enum_func_status
mysqlnd_auth_change_user(MYSQLND_CONN_DATA * const conn,const char * const user,const size_t user_len,const char * const passwd,const size_t passwd_len,const char * const db,const size_t db_len,const zend_bool silent,zend_bool use_full_blown_auth_packet,const char * const auth_protocol,zend_uchar * auth_plugin_data,size_t auth_plugin_data_len,char ** switch_to_auth_protocol,size_t * switch_to_auth_protocol_len,zend_uchar ** switch_to_auth_protocol_data,size_t * switch_to_auth_protocol_data_len)155 mysqlnd_auth_change_user(MYSQLND_CONN_DATA * const conn,
156 const char * const user,
157 const size_t user_len,
158 const char * const passwd,
159 const size_t passwd_len,
160 const char * const db,
161 const size_t db_len,
162 const zend_bool silent,
163 zend_bool use_full_blown_auth_packet,
164 const char * const auth_protocol,
165 zend_uchar * auth_plugin_data,
166 size_t auth_plugin_data_len,
167 char ** switch_to_auth_protocol,
168 size_t * switch_to_auth_protocol_len,
169 zend_uchar ** switch_to_auth_protocol_data,
170 size_t * switch_to_auth_protocol_data_len
171 )
172 {
173 enum_func_status ret = FAIL;
174 const MYSQLND_CHARSET * old_cs = conn->charset;
175 MYSQLND_PACKET_CHANGE_AUTH_RESPONSE * change_auth_resp_packet = NULL;
176 MYSQLND_PACKET_CHG_USER_RESPONSE * chg_user_resp = NULL;
177 MYSQLND_PACKET_AUTH * auth_packet = NULL;
178
179 DBG_ENTER("mysqlnd_auth_change_user");
180
181 chg_user_resp = conn->protocol->m.get_change_user_response_packet(conn->protocol, FALSE);
182
183 if (!chg_user_resp) {
184 SET_OOM_ERROR(*conn->error_info);
185 goto end;
186 }
187
188 if (use_full_blown_auth_packet != TRUE) {
189 change_auth_resp_packet = conn->protocol->m.get_change_auth_response_packet(conn->protocol, FALSE);
190 if (!change_auth_resp_packet) {
191 SET_OOM_ERROR(*conn->error_info);
192 goto end;
193 }
194
195 change_auth_resp_packet->auth_data = auth_plugin_data;
196 change_auth_resp_packet->auth_data_len = auth_plugin_data_len;
197
198 if (!PACKET_WRITE(change_auth_resp_packet, conn)) {
199 CONN_SET_STATE(conn, CONN_QUIT_SENT);
200 SET_CLIENT_ERROR(*conn->error_info, CR_SERVER_GONE_ERROR, UNKNOWN_SQLSTATE, mysqlnd_server_gone);
201 goto end;
202 }
203 } else {
204 auth_packet = conn->protocol->m.get_auth_packet(conn->protocol, FALSE);
205
206 if (!auth_packet) {
207 SET_OOM_ERROR(*conn->error_info);
208 goto end;
209 }
210
211 auth_packet->is_change_user_packet = TRUE;
212 auth_packet->user = user;
213 auth_packet->db = db;
214 auth_packet->db_len = db_len;
215 auth_packet->silent = silent;
216
217 auth_packet->auth_data = auth_plugin_data;
218 auth_packet->auth_data_len = auth_plugin_data_len;
219 auth_packet->auth_plugin_name = auth_protocol;
220
221
222 if (conn->m->get_server_version(conn) >= 50123) {
223 auth_packet->charset_no = conn->charset->nr;
224 }
225
226 if (!PACKET_WRITE(auth_packet, conn)) {
227 CONN_SET_STATE(conn, CONN_QUIT_SENT);
228 SET_CLIENT_ERROR(*conn->error_info, CR_SERVER_GONE_ERROR, UNKNOWN_SQLSTATE, mysqlnd_server_gone);
229 goto end;
230 }
231 }
232
233 ret = PACKET_READ(chg_user_resp, conn);
234 COPY_CLIENT_ERROR(*conn->error_info, chg_user_resp->error_info);
235
236 if (0xFE == chg_user_resp->response_code) {
237 ret = FAIL;
238 if (!chg_user_resp->new_auth_protocol) {
239 DBG_ERR(mysqlnd_old_passwd);
240 SET_CLIENT_ERROR(*conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, mysqlnd_old_passwd);
241 } else {
242 *switch_to_auth_protocol = mnd_pestrndup(chg_user_resp->new_auth_protocol, chg_user_resp->new_auth_protocol_len, FALSE);
243 *switch_to_auth_protocol_len = chg_user_resp->new_auth_protocol_len;
244 if (chg_user_resp->new_auth_protocol_data) {
245 *switch_to_auth_protocol_data_len = chg_user_resp->new_auth_protocol_data_len;
246 *switch_to_auth_protocol_data = mnd_emalloc(*switch_to_auth_protocol_data_len);
247 memcpy(*switch_to_auth_protocol_data, chg_user_resp->new_auth_protocol_data, *switch_to_auth_protocol_data_len);
248 } else {
249 *switch_to_auth_protocol_data = NULL;
250 *switch_to_auth_protocol_data_len = 0;
251 }
252 }
253 }
254
255 if (conn->error_info->error_no) {
256 ret = FAIL;
257 /*
258 COM_CHANGE_USER is broken in 5.1. At least in 5.1.15 and 5.1.14, 5.1.11 is immune.
259 bug#25371 mysql_change_user() triggers "packets out of sync"
260 When it gets fixed, there should be one more check here
261 */
262 if (conn->m->get_server_version(conn) > 50113L &&conn->m->get_server_version(conn) < 50118L) {
263 MYSQLND_PACKET_OK * redundant_error_packet = conn->protocol->m.get_ok_packet(conn->protocol, FALSE);
264 if (redundant_error_packet) {
265 PACKET_READ(redundant_error_packet, conn);
266 PACKET_FREE(redundant_error_packet);
267 DBG_INF_FMT("Server is %u, buggy, sends two ERR messages", conn->m->get_server_version(conn));
268 } else {
269 SET_OOM_ERROR(*conn->error_info);
270 }
271 }
272 }
273 if (ret == PASS) {
274 char * tmp = NULL;
275 /* if we get conn->user as parameter and then we first free it, then estrndup it, we will crash */
276 tmp = mnd_pestrndup(user, user_len, conn->persistent);
277 if (conn->user) {
278 mnd_pefree(conn->user, conn->persistent);
279 }
280 conn->user = tmp;
281
282 tmp = mnd_pestrdup(passwd, conn->persistent);
283 if (conn->passwd) {
284 mnd_pefree(conn->passwd, conn->persistent);
285 }
286 conn->passwd = tmp;
287
288 if (conn->last_message) {
289 mnd_pefree(conn->last_message, conn->persistent);
290 conn->last_message = NULL;
291 }
292 memset(conn->upsert_status, 0, sizeof(*conn->upsert_status));
293 /* set charset for old servers */
294 if (conn->m->get_server_version(conn) < 50123) {
295 ret = conn->m->set_charset(conn, old_cs->name);
296 }
297 } else if (ret == FAIL && chg_user_resp->server_asked_323_auth == TRUE) {
298 /* old authentication with new server !*/
299 DBG_ERR(mysqlnd_old_passwd);
300 SET_CLIENT_ERROR(*conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, mysqlnd_old_passwd);
301 }
302 end:
303 PACKET_FREE(change_auth_resp_packet);
304 PACKET_FREE(auth_packet);
305 PACKET_FREE(chg_user_resp);
306 DBG_RETURN(ret);
307 }
308 /* }}} */
309
310
311 /******************************************* MySQL Native Password ***********************************/
312
313 #include "ext/standard/sha1.h"
314
315 /* {{{ php_mysqlnd_crypt */
316 static void
php_mysqlnd_crypt(zend_uchar * buffer,const zend_uchar * s1,const zend_uchar * s2,size_t len)317 php_mysqlnd_crypt(zend_uchar *buffer, const zend_uchar *s1, const zend_uchar *s2, size_t len)
318 {
319 const zend_uchar *s1_end = s1 + len;
320 while (s1 < s1_end) {
321 *buffer++= *s1++ ^ *s2++;
322 }
323 }
324 /* }}} */
325
326
327 /* {{{ php_mysqlnd_scramble */
php_mysqlnd_scramble(zend_uchar * const buffer,const zend_uchar * const scramble,const zend_uchar * const password,size_t password_len)328 void php_mysqlnd_scramble(zend_uchar * const buffer, const zend_uchar * const scramble, const zend_uchar * const password, size_t password_len)
329 {
330 PHP_SHA1_CTX context;
331 zend_uchar sha1[SHA1_MAX_LENGTH];
332 zend_uchar sha2[SHA1_MAX_LENGTH];
333
334 /* Phase 1: hash password */
335 PHP_SHA1Init(&context);
336 PHP_SHA1Update(&context, password, password_len);
337 PHP_SHA1Final(sha1, &context);
338
339 /* Phase 2: hash sha1 */
340 PHP_SHA1Init(&context);
341 PHP_SHA1Update(&context, (zend_uchar*)sha1, SHA1_MAX_LENGTH);
342 PHP_SHA1Final(sha2, &context);
343
344 /* Phase 3: hash scramble + sha2 */
345 PHP_SHA1Init(&context);
346 PHP_SHA1Update(&context, scramble, SCRAMBLE_LENGTH);
347 PHP_SHA1Update(&context, (zend_uchar*)sha2, SHA1_MAX_LENGTH);
348 PHP_SHA1Final(buffer, &context);
349
350 /* let's crypt buffer now */
351 php_mysqlnd_crypt(buffer, (const zend_uchar *)buffer, (const zend_uchar *)sha1, SHA1_MAX_LENGTH);
352 }
353 /* }}} */
354
355
356 /* {{{ mysqlnd_native_auth_get_auth_data */
357 static zend_uchar *
mysqlnd_native_auth_get_auth_data(struct st_mysqlnd_authentication_plugin * self,size_t * auth_data_len,MYSQLND_CONN_DATA * conn,const char * const user,const char * const passwd,const size_t passwd_len,zend_uchar * auth_plugin_data,size_t auth_plugin_data_len,const MYSQLND_OPTIONS * const options,const MYSQLND_NET_OPTIONS * const net_options,zend_ulong mysql_flags)358 mysqlnd_native_auth_get_auth_data(struct st_mysqlnd_authentication_plugin * self,
359 size_t * auth_data_len,
360 MYSQLND_CONN_DATA * conn, const char * const user, const char * const passwd,
361 const size_t passwd_len, zend_uchar * auth_plugin_data, size_t auth_plugin_data_len,
362 const MYSQLND_OPTIONS * const options,
363 const MYSQLND_NET_OPTIONS * const net_options,
364 zend_ulong mysql_flags
365 )
366 {
367 zend_uchar * ret = NULL;
368 DBG_ENTER("mysqlnd_native_auth_get_auth_data");
369 *auth_data_len = 0;
370
371 /* 5.5.x reports 21 as scramble length because it needs to show the length of the data before the plugin name */
372 if (auth_plugin_data_len < SCRAMBLE_LENGTH) {
373 /* mysql_native_password only works with SCRAMBLE_LENGTH scramble */
374 SET_CLIENT_ERROR(*conn->error_info, CR_MALFORMED_PACKET, UNKNOWN_SQLSTATE, "The server sent wrong length for scramble");
375 DBG_ERR_FMT("The server sent wrong length for scramble %u. Expected %u", auth_plugin_data_len, SCRAMBLE_LENGTH);
376 DBG_RETURN(NULL);
377 }
378
379 /* copy scrambled pass*/
380 if (passwd && passwd_len) {
381 ret = malloc(SCRAMBLE_LENGTH);
382 *auth_data_len = SCRAMBLE_LENGTH;
383 /* In 4.1 we use CLIENT_SECURE_CONNECTION and thus the len of the buf should be passed */
384 php_mysqlnd_scramble((zend_uchar*)ret, auth_plugin_data, (zend_uchar*)passwd, passwd_len);
385 }
386 DBG_RETURN(ret);
387 }
388 /* }}} */
389
390
391 static struct st_mysqlnd_authentication_plugin mysqlnd_native_auth_plugin =
392 {
393 {
394 MYSQLND_PLUGIN_API_VERSION,
395 "auth_plugin_mysql_native_password",
396 MYSQLND_VERSION_ID,
397 PHP_MYSQLND_VERSION,
398 "PHP License 3.01",
399 "Andrey Hristov <andrey@php.net>, Ulf Wendel <uwendel@mysql.com>, Georg Richter <georg@mysql.com>",
400 {
401 NULL, /* no statistics , will be filled later if there are some */
402 NULL, /* no statistics */
403 },
404 {
405 NULL /* plugin shutdown */
406 }
407 },
408 {/* methods */
409 mysqlnd_native_auth_get_auth_data
410 }
411 };
412
413
414 /******************************************* PAM Authentication ***********************************/
415
416 /* {{{ mysqlnd_pam_auth_get_auth_data */
417 static zend_uchar *
mysqlnd_pam_auth_get_auth_data(struct st_mysqlnd_authentication_plugin * self,size_t * auth_data_len,MYSQLND_CONN_DATA * conn,const char * const user,const char * const passwd,const size_t passwd_len,zend_uchar * auth_plugin_data,size_t auth_plugin_data_len,const MYSQLND_OPTIONS * const options,const MYSQLND_NET_OPTIONS * const net_options,zend_ulong mysql_flags)418 mysqlnd_pam_auth_get_auth_data(struct st_mysqlnd_authentication_plugin * self,
419 size_t * auth_data_len,
420 MYSQLND_CONN_DATA * conn, const char * const user, const char * const passwd,
421 const size_t passwd_len, zend_uchar * auth_plugin_data, size_t auth_plugin_data_len,
422 const MYSQLND_OPTIONS * const options,
423 const MYSQLND_NET_OPTIONS * const net_options,
424 zend_ulong mysql_flags
425 )
426 {
427 zend_uchar * ret = NULL;
428
429 /* copy pass*/
430 if (passwd && passwd_len) {
431 ret = (zend_uchar*) zend_strndup(passwd, passwd_len);
432 }
433 *auth_data_len = passwd_len;
434
435 return ret;
436 }
437 /* }}} */
438
439
440 static struct st_mysqlnd_authentication_plugin mysqlnd_pam_authentication_plugin =
441 {
442 {
443 MYSQLND_PLUGIN_API_VERSION,
444 "auth_plugin_mysql_clear_password",
445 MYSQLND_VERSION_ID,
446 PHP_MYSQLND_VERSION,
447 "PHP License 3.01",
448 "Andrey Hristov <andrey@php.net>, Ulf Wendel <uw@php.net>, Georg Richter <georg@php.net>",
449 {
450 NULL, /* no statistics , will be filled later if there are some */
451 NULL, /* no statistics */
452 },
453 {
454 NULL /* plugin shutdown */
455 }
456 },
457 {/* methods */
458 mysqlnd_pam_auth_get_auth_data
459 }
460 };
461
462
463 /******************************************* SHA256 Password ***********************************/
464 #ifdef MYSQLND_HAVE_SSL
465 static void
mysqlnd_xor_string(char * dst,const size_t dst_len,const char * xor_str,const size_t xor_str_len)466 mysqlnd_xor_string(char * dst, const size_t dst_len, const char * xor_str, const size_t xor_str_len)
467 {
468 unsigned int i;
469 for (i = 0; i <= dst_len; ++i) {
470 dst[i] ^= xor_str[i % xor_str_len];
471 }
472 }
473
474
475 #include <openssl/rsa.h>
476 #include <openssl/pem.h>
477 #include <openssl/err.h>
478
479
480 /* {{{ mysqlnd_sha256_get_rsa_key */
481 static RSA *
mysqlnd_sha256_get_rsa_key(MYSQLND_CONN_DATA * conn,const MYSQLND_OPTIONS * const options,const MYSQLND_NET_OPTIONS * const net_options)482 mysqlnd_sha256_get_rsa_key(MYSQLND_CONN_DATA * conn,
483 const MYSQLND_OPTIONS * const options,
484 const MYSQLND_NET_OPTIONS * const net_options
485 )
486 {
487 RSA * ret = NULL;
488 const char * fname = (net_options->sha256_server_public_key && net_options->sha256_server_public_key[0] != '\0')?
489 net_options->sha256_server_public_key:
490 MYSQLND_G(sha256_server_public_key);
491 php_stream * stream;
492 DBG_ENTER("mysqlnd_sha256_get_rsa_key");
493 DBG_INF_FMT("options_s256_pk=[%s] MYSQLND_G(sha256_server_public_key)=[%s]",
494 net_options->sha256_server_public_key? net_options->sha256_server_public_key:"n/a",
495 MYSQLND_G(sha256_server_public_key)? MYSQLND_G(sha256_server_public_key):"n/a");
496 if (!fname || fname[0] == '\0') {
497 MYSQLND_PACKET_SHA256_PK_REQUEST * pk_req_packet = NULL;
498 MYSQLND_PACKET_SHA256_PK_REQUEST_RESPONSE * pk_resp_packet = NULL;
499
500 do {
501 DBG_INF("requesting the public key from the server");
502 pk_req_packet = conn->protocol->m.get_sha256_pk_request_packet(conn->protocol, FALSE);
503 if (!pk_req_packet) {
504 SET_OOM_ERROR(*conn->error_info);
505 break;
506 }
507 pk_resp_packet = conn->protocol->m.get_sha256_pk_request_response_packet(conn->protocol, FALSE);
508 if (!pk_resp_packet) {
509 SET_OOM_ERROR(*conn->error_info);
510 PACKET_FREE(pk_req_packet);
511 break;
512 }
513
514 if (! PACKET_WRITE(pk_req_packet, conn)) {
515 DBG_ERR_FMT("Error while sending public key request packet");
516 php_error(E_WARNING, "Error while sending public key request packet. PID=%d", getpid());
517 CONN_SET_STATE(conn, CONN_QUIT_SENT);
518 break;
519 }
520 if (FAIL == PACKET_READ(pk_resp_packet, conn) || NULL == pk_resp_packet->public_key) {
521 DBG_ERR_FMT("Error while receiving public key");
522 php_error(E_WARNING, "Error while receiving public key. PID=%d", getpid());
523 CONN_SET_STATE(conn, CONN_QUIT_SENT);
524 break;
525 }
526 DBG_INF_FMT("Public key(%d):\n%s", pk_resp_packet->public_key_len, pk_resp_packet->public_key);
527 /* now extract the public key */
528 {
529 BIO * bio = BIO_new_mem_buf(pk_resp_packet->public_key, pk_resp_packet->public_key_len);
530 ret = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL);
531 BIO_free(bio);
532 }
533 } while (0);
534 PACKET_FREE(pk_req_packet);
535 PACKET_FREE(pk_resp_packet);
536
537 DBG_INF_FMT("ret=%p", ret);
538 DBG_RETURN(ret);
539
540 SET_CLIENT_ERROR(*conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE,
541 "sha256_server_public_key is not set for the connection or as mysqlnd.sha256_server_public_key");
542 DBG_ERR("server_public_key is not set");
543 DBG_RETURN(NULL);
544 } else {
545 zend_string * key_str;
546 DBG_INF_FMT("Key in a file. [%s]", fname);
547 stream = php_stream_open_wrapper((char *) fname, "rb", REPORT_ERRORS, NULL);
548
549 if (stream) {
550 if ((key_str = php_stream_copy_to_mem(stream, PHP_STREAM_COPY_ALL, 0)) != NULL) {
551 BIO * bio = BIO_new_mem_buf(ZSTR_VAL(key_str), ZSTR_LEN(key_str));
552 ret = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL);
553 BIO_free(bio);
554 DBG_INF("Successfully loaded");
555 DBG_INF_FMT("Public key:%*.s", ZSTR_LEN(key_str), ZSTR_VAL(key_str));
556 zend_string_release(key_str);
557 }
558 php_stream_close(stream);
559 }
560 }
561 DBG_RETURN(ret);
562 }
563 /* }}} */
564
565
566 /* {{{ mysqlnd_sha256_auth_get_auth_data */
567 static zend_uchar *
mysqlnd_sha256_auth_get_auth_data(struct st_mysqlnd_authentication_plugin * self,size_t * auth_data_len,MYSQLND_CONN_DATA * conn,const char * const user,const char * const passwd,const size_t passwd_len,zend_uchar * auth_plugin_data,size_t auth_plugin_data_len,const MYSQLND_OPTIONS * const options,const MYSQLND_NET_OPTIONS * const net_options,zend_ulong mysql_flags)568 mysqlnd_sha256_auth_get_auth_data(struct st_mysqlnd_authentication_plugin * self,
569 size_t * auth_data_len,
570 MYSQLND_CONN_DATA * conn, const char * const user, const char * const passwd,
571 const size_t passwd_len, zend_uchar * auth_plugin_data, size_t auth_plugin_data_len,
572 const MYSQLND_OPTIONS * const options,
573 const MYSQLND_NET_OPTIONS * const net_options,
574 zend_ulong mysql_flags
575 )
576 {
577 RSA * server_public_key;
578 zend_uchar * ret = NULL;
579 DBG_ENTER("mysqlnd_sha256_auth_get_auth_data");
580 DBG_INF_FMT("salt(%d)=[%.*s]", auth_plugin_data_len, auth_plugin_data_len, auth_plugin_data);
581
582
583 if (conn->net->data->ssl) {
584 DBG_INF("simple clear text under SSL");
585 /* clear text under SSL */
586 *auth_data_len = passwd_len;
587 ret = malloc(passwd_len);
588 memcpy(ret, passwd, passwd_len);
589 } else {
590 *auth_data_len = 0;
591 server_public_key = mysqlnd_sha256_get_rsa_key(conn, options, net_options);
592
593 if (server_public_key) {
594 int server_public_key_len;
595 char xor_str[passwd_len + 1];
596 memcpy(xor_str, passwd, passwd_len);
597 xor_str[passwd_len] = '\0';
598 mysqlnd_xor_string(xor_str, passwd_len, (char *) auth_plugin_data, auth_plugin_data_len);
599
600 server_public_key_len = RSA_size(server_public_key);
601 /*
602 Because RSA_PKCS1_OAEP_PADDING is used there is a restriction on the passwd_len.
603 RSA_PKCS1_OAEP_PADDING is recommended for new applications. See more here:
604 http://www.openssl.org/docs/crypto/RSA_public_encrypt.html
605 */
606 if ((size_t) server_public_key_len - 41 <= passwd_len) {
607 /* password message is to long */
608 SET_CLIENT_ERROR(*conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, "password is too long");
609 DBG_ERR("password is too long");
610 DBG_RETURN(NULL);
611 }
612
613 *auth_data_len = server_public_key_len;
614 ret = malloc(*auth_data_len);
615 RSA_public_encrypt(passwd_len + 1, (zend_uchar *) xor_str, ret, server_public_key, RSA_PKCS1_OAEP_PADDING);
616 }
617 }
618
619 DBG_RETURN(ret);
620 }
621 /* }}} */
622
623
624 static struct st_mysqlnd_authentication_plugin mysqlnd_sha256_authentication_plugin =
625 {
626 {
627 MYSQLND_PLUGIN_API_VERSION,
628 "auth_plugin_sha256_password",
629 MYSQLND_VERSION_ID,
630 PHP_MYSQLND_VERSION,
631 "PHP License 3.01",
632 "Andrey Hristov <andrey@php.net>, Ulf Wendel <uwendel@mysql.com>",
633 {
634 NULL, /* no statistics , will be filled later if there are some */
635 NULL, /* no statistics */
636 },
637 {
638 NULL /* plugin shutdown */
639 }
640 },
641 {/* methods */
642 mysqlnd_sha256_auth_get_auth_data
643 }
644 };
645 #endif
646
647 /* {{{ mysqlnd_register_builtin_authentication_plugins */
648 void
mysqlnd_register_builtin_authentication_plugins(void)649 mysqlnd_register_builtin_authentication_plugins(void)
650 {
651 mysqlnd_plugin_register_ex((struct st_mysqlnd_plugin_header *) &mysqlnd_native_auth_plugin);
652 mysqlnd_plugin_register_ex((struct st_mysqlnd_plugin_header *) &mysqlnd_pam_authentication_plugin);
653 #ifdef MYSQLND_HAVE_SSL
654 mysqlnd_plugin_register_ex((struct st_mysqlnd_plugin_header *) &mysqlnd_sha256_authentication_plugin);
655 #endif
656 }
657 /* }}} */
658
659
660 /*
661 * Local variables:
662 * tab-width: 4
663 * c-basic-offset: 4
664 * End:
665 * vim600: noet sw=4 ts=4 fdm=marker
666 * vim<600: noet sw=4 ts=4
667 */
668