MySQL: add the option to force sending the password as plain text

* This re-uses the pam authentication method
* pdo_mysql: added option MYSQL_ATTR_SEND_CLEAR_PASSWORD
* mysqlnd: implemented CLIENT_PLUGIN_AUTH_LENENC_CLIENT_DATA option in order to send auth data longer than 255 bytes

Author: jafl

ext/mysqlnd/mysqlnd_auth.c

@@ -68,7 +68,7 @@ mysqlnd_run_authentication(
 	memcpy(plugin_data, auth_plugin_data.s, plugin_data_len);
 	plugin_data[plugin_data_len] = '\0';
 
-	requested_protocol = mnd_pestrdup(auth_protocol? auth_protocol : MYSQLND_DEFAULT_AUTH_PROTOCOL, FALSE);
+	requested_protocol = mnd_pestrdup(mysql_flags & CLIENT_SEND_CLEAR_PASSWORD ? MYSQLND_CLEAR_PASSWORD_AUTH_PROTOCOL : (auth_protocol? auth_protocol : MYSQLND_DEFAULT_AUTH_PROTOCOL), FALSE);
 	if (!requested_protocol) {
 		goto end;
 	}

ext/mysqlnd/mysqlnd_enum_n_def.h

@@ -34,13 +34,15 @@
 
 #define MYSQLND_ASSEMBLED_PACKET_MAX_SIZE 3UL*1024UL*1024UL*1024UL
 
-#define MYSQLND_DEFAULT_AUTH_PROTOCOL "mysql_native_password"
+#define MYSQLND_DEFAULT_AUTH_PROTOCOL			"mysql_native_password"
+#define MYSQLND_CLEAR_PASSWORD_AUTH_PROTOCOL	"mysql_clear_password"
 
 #define MYSQLND_ERRMSG_SIZE			512
 #define MYSQLND_SQLSTATE_LENGTH		5
 #define MYSQLND_SQLSTATE_NULL		"00000"
 
 #define MYSQLND_MAX_ALLOWED_USER_LEN	252		/* 63 char * 4byte . MySQL supports now only 32 char, but let it be forward compatible */
+#define MYSQLND_MAX_ALLOWED_AUTH_LEN	4096	/* This would be a very large token! */
 #define MYSQLND_MAX_ALLOWED_DB_LEN		1024	/* 256 char * 4byte. MySQL supports now only 64 char in the tables, but on the FS could be different. Forward compatible. */
 
 #define MYSQLND_NET_CMD_BUFFER_MIN_SIZE			4096
@@ -101,6 +103,10 @@
 #define CLIENT_PLUGIN_AUTH_LENENC_CLIENT_DATA	(1UL << 21) /* Enable authentication response packet to be larger than 255 bytes. */
 #define CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS		(1UL << 22) /* Don't close the connection for a connection with expired password. */
 #define CLIENT_SESSION_TRACK					(1UL << 23) /* Extended OK */
+/*
+  This is a mysqlnd extension. CLIENT_IGNORE_SIGPIPE is not used anyway. We will reuse it for our case and translate it to forcing the mysql_clear_password protocol
+*/
+#define CLIENT_SEND_CLEAR_PASSWORD		CLIENT_IGNORE_SIGPIPE /* Force plaintext password */
 /*
   This is a mysqlnd extension. CLIENT_ODBC is not used anyway. We will reuse it for our case and translate it to not using SSL peer verification
 */
@@ -110,7 +116,8 @@
 
 #define MYSQLND_CAPABILITIES (CLIENT_LONG_PASSWORD | CLIENT_LONG_FLAG | CLIENT_TRANSACTIONS | \
 				CLIENT_PROTOCOL_41 | CLIENT_SECURE_CONNECTION | \
-				CLIENT_MULTI_RESULTS  | CLIENT_LOCAL_FILES | CLIENT_PLUGIN_AUTH)
+				CLIENT_MULTI_RESULTS  | CLIENT_LOCAL_FILES | CLIENT_PLUGIN_AUTH | \
+				CLIENT_PLUGIN_AUTH_LENENC_CLIENT_DATA)
 
 #define MYSQLND_PROTOCOL_FLAG_USE_COMPRESSION 1
 

ext/mysqlnd/mysqlnd_wireprotocol.c

@@ -520,7 +520,7 @@ void php_mysqlnd_greet_free_mem(void * _packet)
 /* }}} */
 
 
-#define AUTH_WRITE_BUFFER_LEN (MYSQLND_HEADER_SIZE + MYSQLND_MAX_ALLOWED_USER_LEN + SCRAMBLE_LENGTH + MYSQLND_MAX_ALLOWED_DB_LEN + 1 + 4096)
+#define AUTH_WRITE_BUFFER_LEN (MYSQLND_HEADER_SIZE + MYSQLND_MAX_ALLOWED_USER_LEN + MYSQLND_MAX_ALLOWED_AUTH_LEN + MYSQLND_MAX_ALLOWED_DB_LEN + 1 + 4096)
 
 /* {{{ php_mysqlnd_auth_write */
 static
@@ -561,21 +561,33 @@ size_t php_mysqlnd_auth_write(MYSQLND_CONN_DATA * conn, void * _packet)
 		if (packet->auth_data == NULL) {
 			packet->auth_data_len = 0;
 		}
-		if (packet->auth_data_len > 0xFF) {
-			const char * const msg = "Authentication data too long. "
-				"Won't fit into the buffer and will be truncated. Authentication will thus fail";
-			SET_CLIENT_ERROR(error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, msg);
-			php_error_docref(NULL, E_WARNING, "%s", msg);
-			DBG_RETURN(0);
-		}
 
-		int1store(p, (int8_t)packet->auth_data_len);
-		++p;
+		if (packet->client_flags & CLIENT_PLUGIN_AUTH_LENENC_CLIENT_DATA) {
+			if (packet->auth_data_len > MYSQLND_MAX_ALLOWED_AUTH_LEN) {
+				const char * const msg = "Authentication data too long. "
+					"Won't fit into the buffer and will be truncated. Authentication will thus fail";
+				SET_CLIENT_ERROR(error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, msg);
+				php_error_docref(NULL, E_WARNING, "%s", msg);
+				DBG_RETURN(0);
+			}
 /*!!!!! is the buffer big enough ??? */
-		if (sizeof(buffer) < (packet->auth_data_len + (p - buffer))) {
-			DBG_ERR("the stack buffer was not enough!!");
-			DBG_RETURN(0);
+			if (sizeof(buffer) < (packet->auth_data_len + (p - buffer))) {
+				DBG_ERR("the stack buffer was not enough!!");
+				DBG_RETURN(0);
+			}
+			p = php_mysqlnd_net_store_length(p, packet->auth_data_len);
+		} else {
+			if (packet->auth_data_len > 0xFF) {
+				const char * const msg = "Authentication data too long. "
+					"Won't fit into the buffer and will be truncated. Authentication will thus fail";
+				SET_CLIENT_ERROR(error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, msg);
+				php_error_docref(NULL, E_WARNING, "%s", msg);
+				DBG_RETURN(0);
+			}
+			int1store(p, (int8_t)packet->auth_data_len);
+			++p;
 		}
+
 		if (packet->auth_data_len) {
 			p = zend_mempcpy(p, packet->auth_data, packet->auth_data_len);
 		}

ext/pdo_mysql/mysql_driver.c

@@ -905,6 +905,16 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options)
 			}
 		}
 #endif
+
+#ifdef PDO_USE_MYSQLND
+		{
+			zend_long send_clear_password = pdo_attr_lval(driver_options,
+					PDO_MYSQL_ATTR_SEND_CLEAR_PASSWORD, -1);
+			if (send_clear_password == 1) {
+				connect_opts |= CLIENT_SEND_CLEAR_PASSWORD;
+			}
+		}
+#endif
 	}
 
 	/* Always explicitly set the LOCAL_INFILE option. */

ext/pdo_mysql/pdo_mysql.c

@@ -144,6 +144,9 @@ static PHP_MINIT_FUNCTION(pdo_mysql)
 #if MYSQL_VERSION_ID >= 80021 || defined(PDO_USE_MYSQLND)
 	REGISTER_PDO_CLASS_CONST_LONG("MYSQL_ATTR_LOCAL_INFILE_DIRECTORY", (zend_long)PDO_MYSQL_ATTR_LOCAL_INFILE_DIRECTORY);
 #endif
+#ifdef PDO_USE_MYSQLND
+	REGISTER_PDO_CLASS_CONST_LONG("MYSQL_ATTR_SEND_CLEAR_PASSWORD", (zend_long)PDO_MYSQL_ATTR_SEND_CLEAR_PASSWORD);
+#endif
 
 #ifdef PDO_USE_MYSQLND
 	mysqlnd_reverse_api_register_api(&pdo_mysql_reverse_api);

ext/pdo_mysql/pdo_mysql.stub.php

@@ -72,6 +72,10 @@ class Mysql extends \PDO
     /** @cvalue PDO_MYSQL_ATTR_LOCAL_INFILE_DIRECTORY */
     public const int ATTR_LOCAL_INFILE_DIRECTORY = UNKNOWN;
 #endif
+#ifdef PDO_USE_MYSQLND
+    /** @cvalue PDO_MYSQL_ATTR_SEND_CLEAR_PASSWORD */
+    public const int ATTR_SEND_CLEAR_PASSWORD = UNKNOWN;
+#endif
 
     public function getWarningCount(): int {}
 }

ext/pdo_mysql/pdo_mysql_arginfo.h

@@ -184,6 +184,9 @@ enum {
 #if MYSQL_VERSION_ID >= 80021 || defined(PDO_USE_MYSQLND)
 	PDO_MYSQL_ATTR_LOCAL_INFILE_DIRECTORY,
 #endif
+#ifdef PDO_USE_MYSQLND
+	PDO_MYSQL_ATTR_SEND_CLEAR_PASSWORD,
+#endif
 };
 
 #endif

ext/pdo_mysql/php_pdo_mysql_int.h

@@ -49,6 +49,7 @@ if (!extension_loaded('mysqli') && !extension_loaded('mysqlnd')) {
     if (extension_loaded('mysqlnd')) {
         $expected['MYSQL_ATTR_SSL_VERIFY_SERVER_CERT']  = true;
         $expected['MYSQL_ATTR_SERVER_PUBLIC_KEY']		= true;
+        $expected['MYSQL_ATTR_SEND_CLEAR_PASSWORD']     = true;
     } else if (get_client_version() > 50605) {
         $expected['MYSQL_ATTR_SERVER_PUBLIC_KEY']	= true;
     }