We prefer clean solutions (such as declaring the proper type in the
first place, or introducing a portable format specifier) where easily
possible, but resort to casts otherwise.
We also port f1480ab14b.
https://dev.mysql.com/doc/dev/mysql-server/latest/page_caching_sha2_authentication_exchanges.html
tells us that the nonce used in this authentication method is 20 bytes
long. However, we might receive additional scramble data in
php_mysqlnd_greet_read not used in this method.
On my test setup, I received 21 bytes (20 bytes + '\0'). This resulted
in the xor computation to incorrectly include the NUL byte. Every
password of at least 20 characters therefore failed to authenticate
using this method.
Looking at mysql-server source code also seems to reveal that it always
uses a fixed number of scramble bytes [1].
[1] ea7087d885/sql/auth/sha2_password.cc (L1078-L1079)
Closes GH-11445.
Co-authored-by: Kamil Tekiela <tekiela246@gmail.com>
1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |
The PAM service requires the terminating null to be part
of the communication.
Tested with MariaDB-10.4(pam) and Percona Server 5.7.32(auth_pam_compat).
Also changed MySQL Enterprise test to the server side plugin, authentication_pam
as opposed to the client plugin mysql_clear_password.
Add additional check for pamtest user and pam service file as
all are required for the test.
More importantly, test result should actually succeed.
Thanks Geoff Montee for bug report.
Closes GH-78680.
We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.
Of course, zend_bool is retained as an alias.
In commit a7305eb539 the last_message
field of the connection object was changed to be always non-persistent.
But there is a place on change_user path that still treats it
depending on conn->persistent flag. This will cause PHP crash after
com_change_user success when there is last_message set
auth_plugin_data_len here is 21, including the trailing null byte.
Directly use SCRAMBLE_LENGTH instead. Also add a sanity check that
the provided scramble is long enough.
* PHP-7.4:
Handle empty password fast path in caching_sha2_password
Handle error response during caching_sha2_password auth
Add support for caching_sha2_password in change user authentication
Fix unix socket check during caching_sha2_password
Support auth switch request during caching sha2 auth
The fact that conn->unix_socket is set does not mean that a Unix
socket is actually in use -- this member is set in a default
configuration.
Instead check whether a unix_socket stream ops is used.
This patch follows previous license year ranges updates. With new
approach source code files now have simplified headers with license
information without year ranges.
This patch removes the so called local variables defined per
file basis for certain editors to properly show tab width, and
similar settings. These are mainly used by Vim and Emacs editors
yet with recent changes the once working definitions don't work
anymore in Vim without custom plugins or additional configuration.
Neither are these settings synced across the PHP code base.
A simpler and better approach is EditorConfig and fixing code
using some code style fixing tools in the future instead.
This patch also removes the so called modelines for Vim. Modelines
allow Vim editor specifically to set some editor configuration such as
syntax highlighting, indentation style and tab width to be set in the
first line or the last 5 lines per file basis. Since the php test
files have syntax highlighting already set in most editors properly and
EditorConfig takes care of the indentation settings, this patch removes
these as well for the Vim 6.0 and newer versions.
With the removal of local variables for certain editors such as
Emacs and Vim, the footer is also probably not needed anymore when
creating extensions using ext_skel.php script.
Additionally, Vim modelines for setting php syntax and some editor
settings has been removed from some *.phpt files. All these are
mostly not relevant for phpt files neither work properly in the
middle of the file.
Since more than an year it not possible to create commands in the heap
but they are allocated on the stack and directly run. In this regard, it
doesn't make sense to have all the vararg stuff. Commands made sense
to be created and pushed onto a stack then a general executor will
run thru the stack and execute/handle the commands.
With changes to (hopefully) correctly fall back if OpenSSL support
is missing. Furthermore the hard-coded dependency on ext/hash is
no longer an issue, as this extension is required in master.
This reverts commit 63072e9c0e, reversing
changes made to 4cbabb6852.
