Skip to content

Fix caching_sha2_password auth #5034

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Dec 27, 2019
Merged

Fix caching_sha2_password auth #5034

merged 5 commits into from
Dec 27, 2019

Conversation

nikic
Copy link
Member

@nikic nikic commented Dec 27, 2019
edited
Loading

  • Handle auth switch response.
  • Correctly detect secure transports.
  • Support in change user authentication.
  • Handle error response (e.g. expired password).
  • Support empty passwords.

@nikic
Copy link
Member Author

nikic commented Dec 27, 2019

If anyone feels like it, it would be nice to update one of our CI jobs to use MySQL 8.

nikic added 5 commits December 27, 2019 17:27
@nikic
Support auth switch request during caching sha2 auth
6225137
@nikic
Fix unix socket check during caching_sha2_password
03ee36d 
The fact that conn->unix_socket is set does not mean that a Unix
socket is actually in use -- this member is set in a default
configuration.

Instead check whether a unix_socket stream ops is used.
@nikic
Add support for caching_sha2_password in change user authentication
e7e1254 
Same as for connection handshakes.
@nikic
Handle error response during caching_sha2_password auth
813d4a0 
In particular, this fixes handling of expired passwords.
@nikic
Handle empty password fast path in caching_sha2_password
32cd373 
If an empty password is used, no additional packets are exchanged
during caching_sha2_password auth. We're only looking for an
OK/ERR response.
@nikic nikic force-pushed the caching-sha2-fixes branch from a2ac525 to 32cd373 Compare December 27, 2019 16:28
@php-pulls php-pulls merged commit 32cd373 into php:master Dec 27, 2019
nikic referenced this pull request Dec 27, 2019
@nikic
Re-commit MySQL 8 cached SHA auth support
4f06e67 
With changes to (hopefully) correctly fall back if OpenSSL support
is missing. Furthermore the hard-coded dependency on ext/hash is
no longer an issue, as this extension is required in master.

This reverts commit 63072e9, reversing
changes made to 4cbabb6.
@collegeman
Copy link

Will this fix be incorporated into any version of PHP earlier than PHP 7.4?

@nikic
Copy link
Member Author

nikic commented Mar 18, 2020

@collegeman Given the mess that this was, support for caching_sha2_password will definitely not be backported to older PHP version.

@collegeman
Copy link

Thanks @nikic. I blame Digital Ocean. I'm trying to migrate to their managed DB platform.

@arianitu
Copy link

arianitu commented Dec 16, 2020
edited
Loading

I'm on PHP 7.4.13 and I am still running into this. I get Access Denied and PHP only works after I login to the user at least once using mysql -u user -p

My password length is shorter than 20 (it's 15 characters.) and it only includes A-Z as a test. My MySQL version is 8.0.4

@nikic

Is there any reason this could still be happening? My extensions are pdo_mysql and mysqli

@arianitu
Copy link

I upgrade my MySQL version from 8.0.4 to 8.0.22 and no longer have this problem. It appears the issue was from my MySQL version and not this bug, although I still find it weird how close it resembles this bug since it seems almost exactly the same.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@nikic @collegeman @arianitu @php-pulls