1 /*
2 +----------------------------------------------------------------------+
3 | PHP Version 7 |
4 +----------------------------------------------------------------------+
5 | Copyright (c) 2006-2018 The PHP Group |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 3.01 of the PHP license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | http://www.php.net/license/3_01.txt |
11 | If you did not receive a copy of the PHP license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@php.net so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Authors: Andrey Hristov <andrey@php.net> |
16 | Ulf Wendel <uw@php.net> |
17 +----------------------------------------------------------------------+
18 */
19
20 #include "php.h"
21 #include "mysqlnd.h"
22 #include "mysqlnd_structs.h"
23 #include "mysqlnd_auth.h"
24 #include "mysqlnd_wireprotocol.h"
25 #include "mysqlnd_connection.h"
26 #include "mysqlnd_priv.h"
27 #include "mysqlnd_charset.h"
28 #include "mysqlnd_debug.h"
29
30 static const char * const mysqlnd_old_passwd = "mysqlnd cannot connect to MySQL 4.1+ using the old insecure authentication. "
31 "Please use an administration tool to reset your password with the command SET PASSWORD = PASSWORD('your_existing_password'). This will "
32 "store a new, and more secure, hash value in mysql.user. If this user is used in other scripts executed by PHP 5.2 or earlier you might need to remove the old-passwords "
33 "flag from your my.cnf file";
34
35
36 /* {{{ mysqlnd_run_authentication */
37 enum_func_status
mysqlnd_run_authentication(MYSQLND_CONN_DATA * conn,const char * const user,const char * const passwd,const size_t passwd_len,const char * const db,const size_t db_len,const MYSQLND_STRING auth_plugin_data,const char * const auth_protocol,unsigned int charset_no,const MYSQLND_SESSION_OPTIONS * const session_options,zend_ulong mysql_flags,zend_bool silent,zend_bool is_change_user)38 mysqlnd_run_authentication(
39 MYSQLND_CONN_DATA * conn,
40 const char * const user,
41 const char * const passwd,
42 const size_t passwd_len,
43 const char * const db,
44 const size_t db_len,
45 const MYSQLND_STRING auth_plugin_data,
46 const char * const auth_protocol,
47 unsigned int charset_no,
48 const MYSQLND_SESSION_OPTIONS * const session_options,
49 zend_ulong mysql_flags,
50 zend_bool silent,
51 zend_bool is_change_user
52 )
53 {
54 enum_func_status ret = FAIL;
55 zend_bool first_call = TRUE;
56
57 char * switch_to_auth_protocol = NULL;
58 size_t switch_to_auth_protocol_len = 0;
59 char * requested_protocol = NULL;
60 zend_uchar * plugin_data;
61 size_t plugin_data_len;
62
63 DBG_ENTER("mysqlnd_run_authentication");
64
65 plugin_data_len = auth_plugin_data.l;
66 plugin_data = mnd_emalloc(plugin_data_len + 1);
67 if (!plugin_data) {
68 goto end;
69 }
70 memcpy(plugin_data, auth_plugin_data.s, plugin_data_len);
71 plugin_data[plugin_data_len] = '\0';
72
73 requested_protocol = mnd_pestrdup(auth_protocol? auth_protocol : MYSQLND_DEFAULT_AUTH_PROTOCOL, FALSE);
74 if (!requested_protocol) {
75 goto end;
76 }
77
78 do {
79 struct st_mysqlnd_authentication_plugin * auth_plugin = conn->m->fetch_auth_plugin_by_name(requested_protocol);
80
81 if (!auth_plugin) {
82 if (first_call) {
83 mnd_pefree(requested_protocol, FALSE);
84 requested_protocol = mnd_pestrdup(MYSQLND_DEFAULT_AUTH_PROTOCOL, FALSE);
85 } else {
86 php_error_docref(NULL, E_WARNING, "The server requested authentication method unknown to the client [%s]", requested_protocol);
87 SET_CLIENT_ERROR(conn->error_info, CR_NOT_IMPLEMENTED, UNKNOWN_SQLSTATE, "The server requested authentication method unknown to the client");
88 goto end;
89 }
90 }
91
92 {
93 zend_uchar * switch_to_auth_protocol_data = NULL;
94 size_t switch_to_auth_protocol_data_len = 0;
95 zend_uchar * scrambled_data = NULL;
96 size_t scrambled_data_len = 0;
97
98 switch_to_auth_protocol = NULL;
99 switch_to_auth_protocol_len = 0;
100
101 if (conn->authentication_plugin_data.s) {
102 mnd_pefree(conn->authentication_plugin_data.s, conn->persistent);
103 conn->authentication_plugin_data.s = NULL;
104 }
105 conn->authentication_plugin_data.l = plugin_data_len;
106 conn->authentication_plugin_data.s = mnd_pemalloc(conn->authentication_plugin_data.l, conn->persistent);
107 if (!conn->authentication_plugin_data.s) {
108 SET_OOM_ERROR(conn->error_info);
109 goto end;
110 }
111 memcpy(conn->authentication_plugin_data.s, plugin_data, plugin_data_len);
112
113 DBG_INF_FMT("salt(%d)=[%.*s]", plugin_data_len, plugin_data_len, plugin_data);
114 /* The data should be allocated with malloc() */
115 if (auth_plugin) {
116 scrambled_data =
117 auth_plugin->methods.get_auth_data(NULL, &scrambled_data_len, conn, user, passwd, passwd_len,
118 plugin_data, plugin_data_len, session_options,
119 conn->protocol_frame_codec->data, mysql_flags);
120 }
121
122 if (conn->error_info->error_no) {
123 goto end;
124 }
125 if (FALSE == is_change_user) {
126 ret = mysqlnd_auth_handshake(conn, user, passwd, passwd_len, db, db_len, session_options, mysql_flags,
127 charset_no,
128 first_call,
129 requested_protocol,
130 scrambled_data, scrambled_data_len,
131 &switch_to_auth_protocol, &switch_to_auth_protocol_len,
132 &switch_to_auth_protocol_data, &switch_to_auth_protocol_data_len
133 );
134 } else {
135 ret = mysqlnd_auth_change_user(conn, user, strlen(user), passwd, passwd_len, db, db_len, silent,
136 first_call,
137 requested_protocol,
138 scrambled_data, scrambled_data_len,
139 &switch_to_auth_protocol, &switch_to_auth_protocol_len,
140 &switch_to_auth_protocol_data, &switch_to_auth_protocol_data_len
141 );
142 }
143 first_call = FALSE;
144 free(scrambled_data);
145
146 DBG_INF_FMT("switch_to_auth_protocol=%s", switch_to_auth_protocol? switch_to_auth_protocol:"n/a");
147 if (requested_protocol && switch_to_auth_protocol) {
148 mnd_efree(requested_protocol);
149 requested_protocol = switch_to_auth_protocol;
150 }
151
152 if (plugin_data) {
153 mnd_efree(plugin_data);
154 }
155 plugin_data_len = switch_to_auth_protocol_data_len;
156 plugin_data = switch_to_auth_protocol_data;
157 }
158 DBG_INF_FMT("conn->error_info->error_no = %d", conn->error_info->error_no);
159 } while (ret == FAIL && conn->error_info->error_no == 0 && switch_to_auth_protocol != NULL);
160
161 if (ret == PASS) {
162 DBG_INF_FMT("saving requested_protocol=%s", requested_protocol);
163 conn->m->set_client_option(conn, MYSQLND_OPT_AUTH_PROTOCOL, requested_protocol);
164 }
165 end:
166 if (plugin_data) {
167 mnd_efree(plugin_data);
168 }
169 if (requested_protocol) {
170 mnd_efree(requested_protocol);
171 }
172
173 DBG_RETURN(ret);
174 }
175 /* }}} */
176
177
178 /* {{{ mysqlnd_switch_to_ssl_if_needed */
179 static enum_func_status
mysqlnd_switch_to_ssl_if_needed(MYSQLND_CONN_DATA * conn,unsigned int charset_no,size_t server_capabilities,const MYSQLND_SESSION_OPTIONS * const session_options,zend_ulong mysql_flags)180 mysqlnd_switch_to_ssl_if_needed(MYSQLND_CONN_DATA * conn,
181 unsigned int charset_no,
182 size_t server_capabilities,
183 const MYSQLND_SESSION_OPTIONS * const session_options,
184 zend_ulong mysql_flags)
185 {
186 enum_func_status ret = FAIL;
187 const MYSQLND_CHARSET * charset;
188 DBG_ENTER("mysqlnd_switch_to_ssl_if_needed");
189
190 if (session_options->charset_name && (charset = mysqlnd_find_charset_name(session_options->charset_name))) {
191 charset_no = charset->nr;
192 }
193
194 {
195 size_t client_capabilities = mysql_flags;
196 struct st_mysqlnd_protocol_command * command = conn->command_factory(COM_ENABLE_SSL, conn, client_capabilities, server_capabilities, charset_no);
197 if (command) {
198 ret = command->run(command);
199 command->free_command(command);
200 }
201 }
202 DBG_RETURN(ret);
203 }
204 /* }}} */
205
206
207 /* {{{ mysqlnd_connect_run_authentication */
208 enum_func_status
mysqlnd_connect_run_authentication(MYSQLND_CONN_DATA * conn,const char * const user,const char * const passwd,const char * const db,size_t db_len,size_t passwd_len,MYSQLND_STRING authentication_plugin_data,const char * const authentication_protocol,const unsigned int charset_no,size_t server_capabilities,const MYSQLND_SESSION_OPTIONS * const session_options,zend_ulong mysql_flags)209 mysqlnd_connect_run_authentication(
210 MYSQLND_CONN_DATA * conn,
211 const char * const user,
212 const char * const passwd,
213 const char * const db,
214 size_t db_len,
215 size_t passwd_len,
216 MYSQLND_STRING authentication_plugin_data,
217 const char * const authentication_protocol,
218 const unsigned int charset_no,
219 size_t server_capabilities,
220 const MYSQLND_SESSION_OPTIONS * const session_options,
221 zend_ulong mysql_flags
222 )
223 {
224 enum_func_status ret = FAIL;
225 DBG_ENTER("mysqlnd_connect_run_authentication");
226
227 ret = mysqlnd_switch_to_ssl_if_needed(conn, charset_no, server_capabilities, session_options, mysql_flags);
228 if (PASS == ret) {
229 ret = mysqlnd_run_authentication(conn, user, passwd, passwd_len, db, db_len,
230 authentication_plugin_data, authentication_protocol,
231 charset_no, session_options, mysql_flags, FALSE /*silent*/, FALSE/*is_change*/);
232 }
233 DBG_RETURN(ret);
234 }
235 /* }}} */
236
237
238 /* {{{ mysqlnd_auth_handshake */
239 enum_func_status
mysqlnd_auth_handshake(MYSQLND_CONN_DATA * conn,const char * const user,const char * const passwd,const size_t passwd_len,const char * const db,const size_t db_len,const MYSQLND_SESSION_OPTIONS * const session_options,zend_ulong mysql_flags,unsigned int server_charset_no,zend_bool use_full_blown_auth_packet,const char * const auth_protocol,const zend_uchar * const auth_plugin_data,const size_t auth_plugin_data_len,char ** switch_to_auth_protocol,size_t * switch_to_auth_protocol_len,zend_uchar ** switch_to_auth_protocol_data,size_t * switch_to_auth_protocol_data_len)240 mysqlnd_auth_handshake(MYSQLND_CONN_DATA * conn,
241 const char * const user,
242 const char * const passwd,
243 const size_t passwd_len,
244 const char * const db,
245 const size_t db_len,
246 const MYSQLND_SESSION_OPTIONS * const session_options,
247 zend_ulong mysql_flags,
248 unsigned int server_charset_no,
249 zend_bool use_full_blown_auth_packet,
250 const char * const auth_protocol,
251 const zend_uchar * const auth_plugin_data,
252 const size_t auth_plugin_data_len,
253 char ** switch_to_auth_protocol,
254 size_t * switch_to_auth_protocol_len,
255 zend_uchar ** switch_to_auth_protocol_data,
256 size_t * switch_to_auth_protocol_data_len
257 )
258 {
259 enum_func_status ret = FAIL;
260 const MYSQLND_CHARSET * charset = NULL;
261 MYSQLND_PACKET_CHANGE_AUTH_RESPONSE * change_auth_resp_packet = NULL;
262 MYSQLND_PACKET_AUTH_RESPONSE * auth_resp_packet = NULL;
263 MYSQLND_PACKET_AUTH * auth_packet = NULL;
264
265 DBG_ENTER("mysqlnd_auth_handshake");
266
267 auth_resp_packet = conn->payload_decoder_factory->m.get_auth_response_packet(conn->payload_decoder_factory, FALSE);
268
269 if (!auth_resp_packet) {
270 SET_OOM_ERROR(conn->error_info);
271 goto end;
272 }
273
274 if (use_full_blown_auth_packet != TRUE) {
275 change_auth_resp_packet = conn->payload_decoder_factory->m.get_change_auth_response_packet(conn->payload_decoder_factory, FALSE);
276 if (!change_auth_resp_packet) {
277 SET_OOM_ERROR(conn->error_info);
278 goto end;
279 }
280
281 change_auth_resp_packet->auth_data = auth_plugin_data;
282 change_auth_resp_packet->auth_data_len = auth_plugin_data_len;
283
284 if (!PACKET_WRITE(change_auth_resp_packet)) {
285 SET_CONNECTION_STATE(&conn->state, CONN_QUIT_SENT);
286 SET_CLIENT_ERROR(conn->error_info, CR_SERVER_GONE_ERROR, UNKNOWN_SQLSTATE, mysqlnd_server_gone);
287 goto end;
288 }
289 } else {
290 auth_packet = conn->payload_decoder_factory->m.get_auth_packet(conn->payload_decoder_factory, FALSE);
291
292 auth_packet->client_flags = mysql_flags;
293 auth_packet->max_packet_size = session_options->max_allowed_packet;
294 if (session_options->charset_name && (charset = mysqlnd_find_charset_name(session_options->charset_name))) {
295 auth_packet->charset_no = charset->nr;
296 } else {
297 auth_packet->charset_no = server_charset_no;
298 }
299
300 auth_packet->send_auth_data = TRUE;
301 auth_packet->user = user;
302 auth_packet->db = db;
303 auth_packet->db_len = db_len;
304
305 auth_packet->auth_data = auth_plugin_data;
306 auth_packet->auth_data_len = auth_plugin_data_len;
307 auth_packet->auth_plugin_name = auth_protocol;
308
309 if (conn->server_capabilities & CLIENT_CONNECT_ATTRS) {
310 auth_packet->connect_attr = conn->options->connect_attr;
311 }
312
313 if (!PACKET_WRITE(auth_packet)) {
314 goto end;
315 }
316 }
317 if (use_full_blown_auth_packet == TRUE) {
318 conn->charset = mysqlnd_find_charset_nr(auth_packet->charset_no);
319 }
320
321 if (FAIL == PACKET_READ(auth_resp_packet) || auth_resp_packet->response_code >= 0xFE) {
322 if (auth_resp_packet->response_code == 0xFE) {
323 /* old authentication with new server !*/
324 if (!auth_resp_packet->new_auth_protocol) {
325 DBG_ERR(mysqlnd_old_passwd);
326 SET_CLIENT_ERROR(conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, mysqlnd_old_passwd);
327 } else {
328 *switch_to_auth_protocol = mnd_pestrndup(auth_resp_packet->new_auth_protocol, auth_resp_packet->new_auth_protocol_len, FALSE);
329 *switch_to_auth_protocol_len = auth_resp_packet->new_auth_protocol_len;
330 if (auth_resp_packet->new_auth_protocol_data) {
331 *switch_to_auth_protocol_data_len = auth_resp_packet->new_auth_protocol_data_len;
332 *switch_to_auth_protocol_data = mnd_emalloc(*switch_to_auth_protocol_data_len);
333 memcpy(*switch_to_auth_protocol_data, auth_resp_packet->new_auth_protocol_data, *switch_to_auth_protocol_data_len);
334 } else {
335 *switch_to_auth_protocol_data = NULL;
336 *switch_to_auth_protocol_data_len = 0;
337 }
338 }
339 } else if (auth_resp_packet->response_code == 0xFF) {
340 if (auth_resp_packet->sqlstate[0]) {
341 strlcpy(conn->error_info->sqlstate, auth_resp_packet->sqlstate, sizeof(conn->error_info->sqlstate));
342 DBG_ERR_FMT("ERROR:%u [SQLSTATE:%s] %s", auth_resp_packet->error_no, auth_resp_packet->sqlstate, auth_resp_packet->error);
343 }
344 SET_CLIENT_ERROR(conn->error_info, auth_resp_packet->error_no, UNKNOWN_SQLSTATE, auth_resp_packet->error);
345 }
346 goto end;
347 }
348
349 SET_NEW_MESSAGE(conn->last_message.s, conn->last_message.l, auth_resp_packet->message, auth_resp_packet->message_len, conn->persistent);
350 ret = PASS;
351 end:
352 PACKET_FREE(change_auth_resp_packet);
353 PACKET_FREE(auth_packet);
354 PACKET_FREE(auth_resp_packet);
355 DBG_RETURN(ret);
356 }
357 /* }}} */
358
359
360 /* {{{ mysqlnd_auth_change_user */
361 enum_func_status
mysqlnd_auth_change_user(MYSQLND_CONN_DATA * const conn,const char * const user,const size_t user_len,const char * const passwd,const size_t passwd_len,const char * const db,const size_t db_len,const zend_bool silent,zend_bool use_full_blown_auth_packet,const char * const auth_protocol,zend_uchar * auth_plugin_data,size_t auth_plugin_data_len,char ** switch_to_auth_protocol,size_t * switch_to_auth_protocol_len,zend_uchar ** switch_to_auth_protocol_data,size_t * switch_to_auth_protocol_data_len)362 mysqlnd_auth_change_user(MYSQLND_CONN_DATA * const conn,
363 const char * const user,
364 const size_t user_len,
365 const char * const passwd,
366 const size_t passwd_len,
367 const char * const db,
368 const size_t db_len,
369 const zend_bool silent,
370 zend_bool use_full_blown_auth_packet,
371 const char * const auth_protocol,
372 zend_uchar * auth_plugin_data,
373 size_t auth_plugin_data_len,
374 char ** switch_to_auth_protocol,
375 size_t * switch_to_auth_protocol_len,
376 zend_uchar ** switch_to_auth_protocol_data,
377 size_t * switch_to_auth_protocol_data_len
378 )
379 {
380 enum_func_status ret = FAIL;
381 const MYSQLND_CHARSET * old_cs = conn->charset;
382 MYSQLND_PACKET_CHANGE_AUTH_RESPONSE * change_auth_resp_packet = NULL;
383 MYSQLND_PACKET_CHG_USER_RESPONSE * chg_user_resp = NULL;
384 MYSQLND_PACKET_AUTH * auth_packet = NULL;
385
386 DBG_ENTER("mysqlnd_auth_change_user");
387
388 chg_user_resp = conn->payload_decoder_factory->m.get_change_user_response_packet(conn->payload_decoder_factory, FALSE);
389
390 if (!chg_user_resp) {
391 SET_OOM_ERROR(conn->error_info);
392 goto end;
393 }
394
395 if (use_full_blown_auth_packet != TRUE) {
396 change_auth_resp_packet = conn->payload_decoder_factory->m.get_change_auth_response_packet(conn->payload_decoder_factory, FALSE);
397 if (!change_auth_resp_packet) {
398 SET_OOM_ERROR(conn->error_info);
399 goto end;
400 }
401
402 change_auth_resp_packet->auth_data = auth_plugin_data;
403 change_auth_resp_packet->auth_data_len = auth_plugin_data_len;
404
405 if (!PACKET_WRITE(change_auth_resp_packet)) {
406 SET_CONNECTION_STATE(&conn->state, CONN_QUIT_SENT);
407 SET_CLIENT_ERROR(conn->error_info, CR_SERVER_GONE_ERROR, UNKNOWN_SQLSTATE, mysqlnd_server_gone);
408 goto end;
409 }
410 } else {
411 auth_packet = conn->payload_decoder_factory->m.get_auth_packet(conn->payload_decoder_factory, FALSE);
412
413 if (!auth_packet) {
414 SET_OOM_ERROR(conn->error_info);
415 goto end;
416 }
417
418 auth_packet->is_change_user_packet = TRUE;
419 auth_packet->user = user;
420 auth_packet->db = db;
421 auth_packet->db_len = db_len;
422 auth_packet->silent = silent;
423
424 auth_packet->auth_data = auth_plugin_data;
425 auth_packet->auth_data_len = auth_plugin_data_len;
426 auth_packet->auth_plugin_name = auth_protocol;
427
428 if (conn->server_capabilities & CLIENT_CONNECT_ATTRS) {
429 auth_packet->connect_attr = conn->options->connect_attr;
430 }
431
432 if (conn->m->get_server_version(conn) >= 50123) {
433 auth_packet->charset_no = conn->charset->nr;
434 }
435
436 if (!PACKET_WRITE(auth_packet)) {
437 SET_CONNECTION_STATE(&conn->state, CONN_QUIT_SENT);
438 SET_CLIENT_ERROR(conn->error_info, CR_SERVER_GONE_ERROR, UNKNOWN_SQLSTATE, mysqlnd_server_gone);
439 goto end;
440 }
441 }
442
443 ret = PACKET_READ(chg_user_resp);
444 COPY_CLIENT_ERROR(conn->error_info, chg_user_resp->error_info);
445
446 if (0xFE == chg_user_resp->response_code) {
447 ret = FAIL;
448 if (!chg_user_resp->new_auth_protocol) {
449 DBG_ERR(mysqlnd_old_passwd);
450 SET_CLIENT_ERROR(conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, mysqlnd_old_passwd);
451 } else {
452 *switch_to_auth_protocol = mnd_pestrndup(chg_user_resp->new_auth_protocol, chg_user_resp->new_auth_protocol_len, FALSE);
453 *switch_to_auth_protocol_len = chg_user_resp->new_auth_protocol_len;
454 if (chg_user_resp->new_auth_protocol_data) {
455 *switch_to_auth_protocol_data_len = chg_user_resp->new_auth_protocol_data_len;
456 *switch_to_auth_protocol_data = mnd_emalloc(*switch_to_auth_protocol_data_len);
457 memcpy(*switch_to_auth_protocol_data, chg_user_resp->new_auth_protocol_data, *switch_to_auth_protocol_data_len);
458 } else {
459 *switch_to_auth_protocol_data = NULL;
460 *switch_to_auth_protocol_data_len = 0;
461 }
462 }
463 }
464
465 if (conn->error_info->error_no) {
466 ret = FAIL;
467 /*
468 COM_CHANGE_USER is broken in 5.1. At least in 5.1.15 and 5.1.14, 5.1.11 is immune.
469 bug#25371 mysql_change_user() triggers "packets out of sync"
470 When it gets fixed, there should be one more check here
471 */
472 if (conn->m->get_server_version(conn) > 50113L &&conn->m->get_server_version(conn) < 50118L) {
473 MYSQLND_PACKET_OK * redundant_error_packet = conn->payload_decoder_factory->m.get_ok_packet(conn->payload_decoder_factory, FALSE);
474 if (redundant_error_packet) {
475 PACKET_READ(redundant_error_packet);
476 PACKET_FREE(redundant_error_packet);
477 DBG_INF_FMT("Server is %u, buggy, sends two ERR messages", conn->m->get_server_version(conn));
478 } else {
479 SET_OOM_ERROR(conn->error_info);
480 }
481 }
482 }
483 if (ret == PASS) {
484 char * tmp = NULL;
485 /* if we get conn->username as parameter and then we first free it, then estrndup it, we will crash */
486 tmp = mnd_pestrndup(user, user_len, conn->persistent);
487 if (conn->username.s) {
488 mnd_pefree(conn->username.s, conn->persistent);
489 }
490 conn->username.s = tmp;
491
492 tmp = mnd_pestrdup(passwd, conn->persistent);
493 if (conn->password.s) {
494 mnd_pefree(conn->password.s, conn->persistent);
495 }
496 conn->password.s = tmp;
497
498 if (conn->last_message.s) {
499 mnd_pefree(conn->last_message.s, conn->persistent);
500 conn->last_message.s = NULL;
501 }
502 UPSERT_STATUS_RESET(conn->upsert_status);
503 /* set charset for old servers */
504 if (conn->m->get_server_version(conn) < 50123) {
505 ret = conn->m->set_charset(conn, old_cs->name);
506 }
507 } else if (ret == FAIL && chg_user_resp->server_asked_323_auth == TRUE) {
508 /* old authentication with new server !*/
509 DBG_ERR(mysqlnd_old_passwd);
510 SET_CLIENT_ERROR(conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, mysqlnd_old_passwd);
511 }
512 end:
513 PACKET_FREE(change_auth_resp_packet);
514 PACKET_FREE(auth_packet);
515 PACKET_FREE(chg_user_resp);
516 DBG_RETURN(ret);
517 }
518 /* }}} */
519
520
521 /******************************************* MySQL Native Password ***********************************/
522
523 #include "ext/standard/sha1.h"
524
525 /* {{{ php_mysqlnd_crypt */
526 static void
php_mysqlnd_crypt(zend_uchar * buffer,const zend_uchar * s1,const zend_uchar * s2,size_t len)527 php_mysqlnd_crypt(zend_uchar *buffer, const zend_uchar *s1, const zend_uchar *s2, size_t len)
528 {
529 const zend_uchar *s1_end = s1 + len;
530 while (s1 < s1_end) {
531 *buffer++= *s1++ ^ *s2++;
532 }
533 }
534 /* }}} */
535
536
537 /* {{{ php_mysqlnd_scramble */
php_mysqlnd_scramble(zend_uchar * const buffer,const zend_uchar * const scramble,const zend_uchar * const password,const size_t password_len)538 void php_mysqlnd_scramble(zend_uchar * const buffer, const zend_uchar * const scramble, const zend_uchar * const password, const size_t password_len)
539 {
540 PHP_SHA1_CTX context;
541 zend_uchar sha1[SHA1_MAX_LENGTH];
542 zend_uchar sha2[SHA1_MAX_LENGTH];
543
544 /* Phase 1: hash password */
545 PHP_SHA1Init(&context);
546 PHP_SHA1Update(&context, password, password_len);
547 PHP_SHA1Final(sha1, &context);
548
549 /* Phase 2: hash sha1 */
550 PHP_SHA1Init(&context);
551 PHP_SHA1Update(&context, (zend_uchar*)sha1, SHA1_MAX_LENGTH);
552 PHP_SHA1Final(sha2, &context);
553
554 /* Phase 3: hash scramble + sha2 */
555 PHP_SHA1Init(&context);
556 PHP_SHA1Update(&context, scramble, SCRAMBLE_LENGTH);
557 PHP_SHA1Update(&context, (zend_uchar*)sha2, SHA1_MAX_LENGTH);
558 PHP_SHA1Final(buffer, &context);
559
560 /* let's crypt buffer now */
561 php_mysqlnd_crypt(buffer, (const zend_uchar *)buffer, (const zend_uchar *)sha1, SHA1_MAX_LENGTH);
562 }
563 /* }}} */
564
565
566 /* {{{ mysqlnd_native_auth_get_auth_data */
567 static zend_uchar *
mysqlnd_native_auth_get_auth_data(struct st_mysqlnd_authentication_plugin * self,size_t * auth_data_len,MYSQLND_CONN_DATA * conn,const char * const user,const char * const passwd,const size_t passwd_len,zend_uchar * auth_plugin_data,size_t auth_plugin_data_len,const MYSQLND_SESSION_OPTIONS * const session_options,const MYSQLND_PFC_DATA * const pfc_data,zend_ulong mysql_flags)568 mysqlnd_native_auth_get_auth_data(struct st_mysqlnd_authentication_plugin * self,
569 size_t * auth_data_len,
570 MYSQLND_CONN_DATA * conn, const char * const user, const char * const passwd,
571 const size_t passwd_len, zend_uchar * auth_plugin_data, size_t auth_plugin_data_len,
572 const MYSQLND_SESSION_OPTIONS * const session_options,
573 const MYSQLND_PFC_DATA * const pfc_data,
574 zend_ulong mysql_flags
575 )
576 {
577 zend_uchar * ret = NULL;
578 DBG_ENTER("mysqlnd_native_auth_get_auth_data");
579 *auth_data_len = 0;
580
581 /* 5.5.x reports 21 as scramble length because it needs to show the length of the data before the plugin name */
582 if (auth_plugin_data_len < SCRAMBLE_LENGTH) {
583 /* mysql_native_password only works with SCRAMBLE_LENGTH scramble */
584 SET_CLIENT_ERROR(conn->error_info, CR_MALFORMED_PACKET, UNKNOWN_SQLSTATE, "The server sent wrong length for scramble");
585 DBG_ERR_FMT("The server sent wrong length for scramble %u. Expected %u", auth_plugin_data_len, SCRAMBLE_LENGTH);
586 DBG_RETURN(NULL);
587 }
588
589 /* copy scrambled pass*/
590 if (passwd && passwd_len) {
591 ret = malloc(SCRAMBLE_LENGTH);
592 *auth_data_len = SCRAMBLE_LENGTH;
593 /* In 4.1 we use CLIENT_SECURE_CONNECTION and thus the len of the buf should be passed */
594 php_mysqlnd_scramble((zend_uchar*)ret, auth_plugin_data, (zend_uchar*)passwd, passwd_len);
595 }
596 DBG_RETURN(ret);
597 }
598 /* }}} */
599
600
601 static struct st_mysqlnd_authentication_plugin mysqlnd_native_auth_plugin =
602 {
603 {
604 MYSQLND_PLUGIN_API_VERSION,
605 "auth_plugin_mysql_native_password",
606 MYSQLND_VERSION_ID,
607 PHP_MYSQLND_VERSION,
608 "PHP License 3.01",
609 "Andrey Hristov <andrey@php.net>, Ulf Wendel <uwendel@mysql.com>, Georg Richter <georg@mysql.com>",
610 {
611 NULL, /* no statistics , will be filled later if there are some */
612 NULL, /* no statistics */
613 },
614 {
615 NULL /* plugin shutdown */
616 }
617 },
618 {/* methods */
619 mysqlnd_native_auth_get_auth_data
620 }
621 };
622
623
624 /******************************************* PAM Authentication ***********************************/
625
626 /* {{{ mysqlnd_pam_auth_get_auth_data */
627 static zend_uchar *
mysqlnd_pam_auth_get_auth_data(struct st_mysqlnd_authentication_plugin * self,size_t * auth_data_len,MYSQLND_CONN_DATA * conn,const char * const user,const char * const passwd,const size_t passwd_len,zend_uchar * auth_plugin_data,size_t auth_plugin_data_len,const MYSQLND_SESSION_OPTIONS * const session_options,const MYSQLND_PFC_DATA * const pfc_data,zend_ulong mysql_flags)628 mysqlnd_pam_auth_get_auth_data(struct st_mysqlnd_authentication_plugin * self,
629 size_t * auth_data_len,
630 MYSQLND_CONN_DATA * conn, const char * const user, const char * const passwd,
631 const size_t passwd_len, zend_uchar * auth_plugin_data, size_t auth_plugin_data_len,
632 const MYSQLND_SESSION_OPTIONS * const session_options,
633 const MYSQLND_PFC_DATA * const pfc_data,
634 zend_ulong mysql_flags
635 )
636 {
637 zend_uchar * ret = NULL;
638
639 /* copy pass*/
640 if (passwd && passwd_len) {
641 ret = (zend_uchar*) zend_strndup(passwd, passwd_len);
642 }
643 *auth_data_len = passwd_len;
644
645 return ret;
646 }
647 /* }}} */
648
649
650 static struct st_mysqlnd_authentication_plugin mysqlnd_pam_authentication_plugin =
651 {
652 {
653 MYSQLND_PLUGIN_API_VERSION,
654 "auth_plugin_mysql_clear_password",
655 MYSQLND_VERSION_ID,
656 PHP_MYSQLND_VERSION,
657 "PHP License 3.01",
658 "Andrey Hristov <andrey@php.net>, Ulf Wendel <uw@php.net>, Georg Richter <georg@php.net>",
659 {
660 NULL, /* no statistics , will be filled later if there are some */
661 NULL, /* no statistics */
662 },
663 {
664 NULL /* plugin shutdown */
665 }
666 },
667 {/* methods */
668 mysqlnd_pam_auth_get_auth_data
669 }
670 };
671
672
673 /******************************************* SHA256 Password ***********************************/
674 #ifdef MYSQLND_HAVE_SSL
675 static void
mysqlnd_xor_string(char * dst,const size_t dst_len,const char * xor_str,const size_t xor_str_len)676 mysqlnd_xor_string(char * dst, const size_t dst_len, const char * xor_str, const size_t xor_str_len)
677 {
678 unsigned int i;
679 for (i = 0; i <= dst_len; ++i) {
680 dst[i] ^= xor_str[i % xor_str_len];
681 }
682 }
683
684
685 #include <openssl/rsa.h>
686 #include <openssl/pem.h>
687 #include <openssl/err.h>
688
689
690 /* {{{ mysqlnd_sha256_get_rsa_key */
691 static RSA *
mysqlnd_sha256_get_rsa_key(MYSQLND_CONN_DATA * conn,const MYSQLND_SESSION_OPTIONS * const session_options,const MYSQLND_PFC_DATA * const pfc_data)692 mysqlnd_sha256_get_rsa_key(MYSQLND_CONN_DATA * conn,
693 const MYSQLND_SESSION_OPTIONS * const session_options,
694 const MYSQLND_PFC_DATA * const pfc_data
695 )
696 {
697 RSA * ret = NULL;
698 const char * fname = (pfc_data->sha256_server_public_key && pfc_data->sha256_server_public_key[0] != '\0')?
699 pfc_data->sha256_server_public_key:
700 MYSQLND_G(sha256_server_public_key);
701 php_stream * stream;
702 DBG_ENTER("mysqlnd_sha256_get_rsa_key");
703 DBG_INF_FMT("options_s256_pk=[%s] MYSQLND_G(sha256_server_public_key)=[%s]",
704 pfc_data->sha256_server_public_key? pfc_data->sha256_server_public_key:"n/a",
705 MYSQLND_G(sha256_server_public_key)? MYSQLND_G(sha256_server_public_key):"n/a");
706 if (!fname || fname[0] == '\0') {
707 MYSQLND_PACKET_SHA256_PK_REQUEST * pk_req_packet = NULL;
708 MYSQLND_PACKET_SHA256_PK_REQUEST_RESPONSE * pk_resp_packet = NULL;
709
710 do {
711 DBG_INF("requesting the public key from the server");
712 pk_req_packet = conn->payload_decoder_factory->m.get_sha256_pk_request_packet(conn->payload_decoder_factory, FALSE);
713 if (!pk_req_packet) {
714 SET_OOM_ERROR(conn->error_info);
715 break;
716 }
717 pk_resp_packet = conn->payload_decoder_factory->m.get_sha256_pk_request_response_packet(conn->payload_decoder_factory, FALSE);
718 if (!pk_resp_packet) {
719 SET_OOM_ERROR(conn->error_info);
720 PACKET_FREE(pk_req_packet);
721 break;
722 }
723
724 if (! PACKET_WRITE(pk_req_packet)) {
725 DBG_ERR_FMT("Error while sending public key request packet");
726 php_error(E_WARNING, "Error while sending public key request packet. PID=%d", getpid());
727 SET_CONNECTION_STATE(&conn->state, CONN_QUIT_SENT);
728 break;
729 }
730 if (FAIL == PACKET_READ(pk_resp_packet) || NULL == pk_resp_packet->public_key) {
731 DBG_ERR_FMT("Error while receiving public key");
732 php_error(E_WARNING, "Error while receiving public key. PID=%d", getpid());
733 SET_CONNECTION_STATE(&conn->state, CONN_QUIT_SENT);
734 break;
735 }
736 DBG_INF_FMT("Public key(%d):\n%s", pk_resp_packet->public_key_len, pk_resp_packet->public_key);
737 /* now extract the public key */
738 {
739 BIO * bio = BIO_new_mem_buf(pk_resp_packet->public_key, pk_resp_packet->public_key_len);
740 ret = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL);
741 BIO_free(bio);
742 }
743 } while (0);
744 PACKET_FREE(pk_req_packet);
745 PACKET_FREE(pk_resp_packet);
746
747 DBG_INF_FMT("ret=%p", ret);
748 DBG_RETURN(ret);
749
750 SET_CLIENT_ERROR(conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE,
751 "sha256_server_public_key is not set for the connection or as mysqlnd.sha256_server_public_key");
752 DBG_ERR("server_public_key is not set");
753 DBG_RETURN(NULL);
754 } else {
755 zend_string * key_str;
756 DBG_INF_FMT("Key in a file. [%s]", fname);
757 stream = php_stream_open_wrapper((char *) fname, "rb", REPORT_ERRORS, NULL);
758
759 if (stream) {
760 if ((key_str = php_stream_copy_to_mem(stream, PHP_STREAM_COPY_ALL, 0)) != NULL) {
761 BIO * bio = BIO_new_mem_buf(ZSTR_VAL(key_str), ZSTR_LEN(key_str));
762 ret = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL);
763 BIO_free(bio);
764 DBG_INF("Successfully loaded");
765 DBG_INF_FMT("Public key:%*.s", ZSTR_LEN(key_str), ZSTR_VAL(key_str));
766 zend_string_release(key_str);
767 }
768 php_stream_close(stream);
769 }
770 }
771 DBG_RETURN(ret);
772 }
773 /* }}} */
774
775
776 /* {{{ mysqlnd_sha256_auth_get_auth_data */
777 static zend_uchar *
mysqlnd_sha256_auth_get_auth_data(struct st_mysqlnd_authentication_plugin * self,size_t * auth_data_len,MYSQLND_CONN_DATA * conn,const char * const user,const char * const passwd,const size_t passwd_len,zend_uchar * auth_plugin_data,size_t auth_plugin_data_len,const MYSQLND_SESSION_OPTIONS * const session_options,const MYSQLND_PFC_DATA * const pfc_data,zend_ulong mysql_flags)778 mysqlnd_sha256_auth_get_auth_data(struct st_mysqlnd_authentication_plugin * self,
779 size_t * auth_data_len,
780 MYSQLND_CONN_DATA * conn, const char * const user, const char * const passwd,
781 const size_t passwd_len, zend_uchar * auth_plugin_data, size_t auth_plugin_data_len,
782 const MYSQLND_SESSION_OPTIONS * const session_options,
783 const MYSQLND_PFC_DATA * const pfc_data,
784 zend_ulong mysql_flags
785 )
786 {
787 RSA * server_public_key;
788 zend_uchar * ret = NULL;
789 DBG_ENTER("mysqlnd_sha256_auth_get_auth_data");
790 DBG_INF_FMT("salt(%d)=[%.*s]", auth_plugin_data_len, auth_plugin_data_len, auth_plugin_data);
791
792
793 if (conn->vio->data->ssl) {
794 DBG_INF("simple clear text under SSL");
795 /* clear text under SSL */
796 *auth_data_len = passwd_len;
797 ret = malloc(passwd_len);
798 memcpy(ret, passwd, passwd_len);
799 } else {
800 *auth_data_len = 0;
801 server_public_key = mysqlnd_sha256_get_rsa_key(conn, session_options, pfc_data);
802
803 if (server_public_key) {
804 int server_public_key_len;
805 char xor_str[passwd_len + 1];
806 memcpy(xor_str, passwd, passwd_len);
807 xor_str[passwd_len] = '\0';
808 mysqlnd_xor_string(xor_str, passwd_len, (char *) auth_plugin_data, auth_plugin_data_len);
809
810 server_public_key_len = RSA_size(server_public_key);
811 /*
812 Because RSA_PKCS1_OAEP_PADDING is used there is a restriction on the passwd_len.
813 RSA_PKCS1_OAEP_PADDING is recommended for new applications. See more here:
814 http://www.openssl.org/docs/crypto/RSA_public_encrypt.html
815 */
816 if ((size_t) server_public_key_len - 41 <= passwd_len) {
817 /* password message is to long */
818 SET_CLIENT_ERROR(conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, "password is too long");
819 DBG_ERR("password is too long");
820 DBG_RETURN(NULL);
821 }
822
823 *auth_data_len = server_public_key_len;
824 ret = malloc(*auth_data_len);
825 RSA_public_encrypt(passwd_len + 1, (zend_uchar *) xor_str, ret, server_public_key, RSA_PKCS1_OAEP_PADDING);
826 }
827 }
828
829 DBG_RETURN(ret);
830 }
831 /* }}} */
832
833
834 static struct st_mysqlnd_authentication_plugin mysqlnd_sha256_authentication_plugin =
835 {
836 {
837 MYSQLND_PLUGIN_API_VERSION,
838 "auth_plugin_sha256_password",
839 MYSQLND_VERSION_ID,
840 PHP_MYSQLND_VERSION,
841 "PHP License 3.01",
842 "Andrey Hristov <andrey@php.net>, Ulf Wendel <uwendel@mysql.com>",
843 {
844 NULL, /* no statistics , will be filled later if there are some */
845 NULL, /* no statistics */
846 },
847 {
848 NULL /* plugin shutdown */
849 }
850 },
851 {/* methods */
852 mysqlnd_sha256_auth_get_auth_data
853 }
854 };
855 #endif
856
857 /* {{{ mysqlnd_register_builtin_authentication_plugins */
858 void
mysqlnd_register_builtin_authentication_plugins(void)859 mysqlnd_register_builtin_authentication_plugins(void)
860 {
861 mysqlnd_plugin_register_ex((struct st_mysqlnd_plugin_header *) &mysqlnd_native_auth_plugin);
862 mysqlnd_plugin_register_ex((struct st_mysqlnd_plugin_header *) &mysqlnd_pam_authentication_plugin);
863 #ifdef MYSQLND_HAVE_SSL
864 mysqlnd_plugin_register_ex((struct st_mysqlnd_plugin_header *) &mysqlnd_sha256_authentication_plugin);
865 #endif
866 }
867 /* }}} */
868
869
870 /*
871 * Local variables:
872 * tab-width: 4
873 * c-basic-offset: 4
874 * End:
875 * vim600: noet sw=4 ts=4 fdm=marker
876 * vim<600: noet sw=4 ts=4
877 */
878