Blame SOURCES/php-7.2.10-mysql8.patch

a247fe
From 03740ef7dffcc80530a89ebde3ccf5464f7f18e6 Mon Sep 17 00:00:00 2001
a247fe
From: Nikita Popov <nikita.ppv@gmail.com>
a247fe
Date: Tue, 4 Sep 2018 05:45:45 +0200
a247fe
Subject: [PATCH] Revert all MySQL auth related changes
a247fe
a247fe
Per bug #76651 these changes do not appear to work correctly in
a247fe
some cases. As no immediate fix seems to be forthcoming, I'm
a247fe
reverting these changes.
a247fe
a247fe
Revert "Fixed invalid free introduced by d6e81f0bfd0cb90586dd83d4fd47a4302605261a (avoid keeping "invalid" pointer)"
a247fe
a247fe
This reverts commit 11507c0e1bfa17a96480f3648397f6975c31551e.
a247fe
a247fe
Revert "Fix mysqlnd build without openssl"
a247fe
a247fe
This reverts commit 6c9db02ff7812c298d1e7e292ba731d9d3a66790.
a247fe
a247fe
Revert "Fix VC compilation as variable size array is not supported"
a247fe
a247fe
This reverts commit f96df64cb2219fda42ca875483f874cf3052647c.
a247fe
a247fe
Revert "Fix MySQL 8 auth"
a247fe
a247fe
This reverts commit d6e81f0bfd0cb90586dd83d4fd47a4302605261a.
a247fe
---
a247fe
 ext/mysqlnd/mysqlnd_auth.c         | 293 +----------------------------
a247fe
 ext/mysqlnd/mysqlnd_auth.h         |  23 ++-
a247fe
 ext/mysqlnd/mysqlnd_connection.c   |   4 -
a247fe
 ext/mysqlnd/mysqlnd_enum_n_def.h   |   1 -
a247fe
 ext/mysqlnd/mysqlnd_structs.h      |  10 -
a247fe
 ext/mysqlnd/mysqlnd_wireprotocol.c | 113 +----------
a247fe
 ext/mysqlnd/mysqlnd_wireprotocol.h |  10 -
a247fe
 7 files changed, 29 insertions(+), 425 deletions(-)
a247fe
a247fe
diff --git a/ext/mysqlnd/mysqlnd_auth.c b/ext/mysqlnd/mysqlnd_auth.c
a247fe
index 66e93cf63669..3ba447cfdf91 100644
a247fe
--- a/ext/mysqlnd/mysqlnd_auth.c
a247fe
+++ b/ext/mysqlnd/mysqlnd_auth.c
a247fe
@@ -89,7 +89,6 @@ mysqlnd_run_authentication(
a247fe
 			}
a247fe
 		}
a247fe
 
a247fe
-
a247fe
 		{
a247fe
 			zend_uchar * switch_to_auth_protocol_data = NULL;
a247fe
 			size_t switch_to_auth_protocol_data_len = 0;
a247fe
@@ -114,11 +113,10 @@ mysqlnd_run_authentication(
a247fe
 			DBG_INF_FMT("salt(%d)=[%.*s]", plugin_data_len, plugin_data_len, plugin_data);
a247fe
 			/* The data should be allocated with malloc() */
a247fe
 			if (auth_plugin) {
a247fe
-				scrambled_data = auth_plugin->methods.get_auth_data(
a247fe
-					NULL, &scrambled_data_len, conn, user, passwd,
a247fe
-					passwd_len, plugin_data, plugin_data_len,
a247fe
-					session_options, conn->protocol_frame_codec->data,
a247fe
-					mysql_flags);
a247fe
+				scrambled_data =
a247fe
+					auth_plugin->methods.get_auth_data(NULL, &scrambled_data_len, conn, user, passwd, passwd_len,
a247fe
+													   plugin_data, plugin_data_len, session_options,
a247fe
+													   conn->protocol_frame_codec->data, mysql_flags);
a247fe
 			}
a247fe
 
a247fe
 			if (conn->error_info->error_no) {
a247fe
@@ -129,7 +127,6 @@ mysqlnd_run_authentication(
a247fe
 											charset_no,
a247fe
 											first_call,
a247fe
 											requested_protocol,
a247fe
-											auth_plugin, plugin_data, plugin_data_len,
a247fe
 											scrambled_data, scrambled_data_len,
a247fe
 											&switch_to_auth_protocol, &switch_to_auth_protocol_len,
a247fe
 											&switch_to_auth_protocol_data, &switch_to_auth_protocol_data_len
a247fe
@@ -251,9 +248,6 @@ mysqlnd_auth_handshake(MYSQLND_CONN_DATA * conn,
a247fe
 							  unsigned int server_charset_no,
a247fe
 							  zend_bool use_full_blown_auth_packet,
a247fe
 							  const char * const auth_protocol,
a247fe
-							  struct st_mysqlnd_authentication_plugin * auth_plugin,
a247fe
-							  const zend_uchar * const orig_auth_plugin_data,
a247fe
-							  const size_t orig_auth_plugin_data_len,
a247fe
 							  const zend_uchar * const auth_plugin_data,
a247fe
 							  const size_t auth_plugin_data_len,
a247fe
 							  char ** switch_to_auth_protocol,
a247fe
@@ -324,11 +318,6 @@ mysqlnd_auth_handshake(MYSQLND_CONN_DATA * conn,
a247fe
 		conn->charset = mysqlnd_find_charset_nr(auth_packet->charset_no);
a247fe
 	}
a247fe
 
a247fe
-	if (auth_plugin && auth_plugin->methods.handle_server_response) {
a247fe
-		auth_plugin->methods.handle_server_response(auth_plugin, conn,
a247fe
-			orig_auth_plugin_data, orig_auth_plugin_data_len, passwd, passwd_len);
a247fe
-	}
a247fe
-
a247fe
 	if (FAIL == PACKET_READ(auth_resp_packet) || auth_resp_packet->response_code >= 0xFE) {
a247fe
 		if (auth_resp_packet->response_code == 0xFE) {
a247fe
 			/* old authentication with new server  !*/
a247fe
@@ -624,8 +613,7 @@ static struct st_mysqlnd_authentication_plugin mysqlnd_native_auth_plugin =
a247fe
 		}
a247fe
 	},
a247fe
 	{/* methods */
a247fe
-		mysqlnd_native_auth_get_auth_data,
a247fe
-		NULL
a247fe
+		mysqlnd_native_auth_get_auth_data
a247fe
 	}
a247fe
 };
a247fe
 
a247fe
@@ -674,8 +662,7 @@ static struct st_mysqlnd_authentication_plugin mysqlnd_pam_authentication_plugin
a247fe
 		}
a247fe
 	},
a247fe
 	{/* methods */
a247fe
-		mysqlnd_pam_auth_get_auth_data,
a247fe
-		NULL
a247fe
+		mysqlnd_pam_auth_get_auth_data
a247fe
 	}
a247fe
 };
a247fe
 
a247fe
@@ -859,283 +846,17 @@ static struct st_mysqlnd_authentication_plugin mysqlnd_sha256_authentication_plu
a247fe
 		}
a247fe
 	},
a247fe
 	{/* methods */
a247fe
-		mysqlnd_sha256_auth_get_auth_data,
a247fe
-		NULL
a247fe
+		mysqlnd_sha256_auth_get_auth_data
a247fe
 	}
a247fe
 };
a247fe
 #endif
a247fe
 
a247fe
-/*************************************** CACHING SHA2 Password *******************************/
a247fe
-
a247fe
-#undef L64
a247fe
-
a247fe
-#include "ext/hash/php_hash.h"
a247fe
-#include "ext/hash/php_hash_sha.h"
a247fe
-
a247fe
-#define SHA256_LENGTH 32
a247fe
-
a247fe
-/* {{{ php_mysqlnd_scramble_sha2 */
a247fe
-void php_mysqlnd_scramble_sha2(zend_uchar * const buffer, const zend_uchar * const scramble, const zend_uchar * const password, const size_t password_len)
a247fe
-{
a247fe
-	PHP_SHA256_CTX context;
a247fe
-	zend_uchar sha1[SHA256_LENGTH];
a247fe
-	zend_uchar sha2[SHA256_LENGTH];
a247fe
-
a247fe
-	/* Phase 1: hash password */
a247fe
-	PHP_SHA256Init(&context);
a247fe
-	PHP_SHA256Update(&context, password, password_len);
a247fe
-	PHP_SHA256Final(sha1, &context);
a247fe
-
a247fe
-	/* Phase 2: hash sha1 */
a247fe
-	PHP_SHA256Init(&context);
a247fe
-	PHP_SHA256Update(&context, (zend_uchar*)sha1, SHA256_LENGTH);
a247fe
-	PHP_SHA256Final(sha2, &context);
a247fe
-
a247fe
-	/* Phase 3: hash scramble + sha2 */
a247fe
-	PHP_SHA256Init(&context);
a247fe
-	PHP_SHA256Update(&context, (zend_uchar*)sha2, SHA256_LENGTH);
a247fe
-	PHP_SHA256Update(&context, scramble, SCRAMBLE_LENGTH);
a247fe
-	PHP_SHA256Final(buffer, &context);
a247fe
-
a247fe
-	/* let's crypt buffer now */
a247fe
-	php_mysqlnd_crypt(buffer, (const zend_uchar *)sha1, (const zend_uchar *)buffer, SHA256_LENGTH);
a247fe
-}
a247fe
-/* }}} */
a247fe
-
a247fe
-
a247fe
-/* {{{ mysqlnd_native_auth_get_auth_data */
a247fe
-static zend_uchar *
a247fe
-mysqlnd_caching_sha2_get_auth_data(struct st_mysqlnd_authentication_plugin * self,
a247fe
-								   size_t * auth_data_len,
a247fe
-							 	   MYSQLND_CONN_DATA * conn, const char * const user, const char * const passwd,
a247fe
-								   const size_t passwd_len, zend_uchar * auth_plugin_data, size_t auth_plugin_data_len,
a247fe
-								   const MYSQLND_SESSION_OPTIONS * const session_options,
a247fe
-								   const MYSQLND_PFC_DATA * const pfc_data,
a247fe
-								   zend_ulong mysql_flags
a247fe
-								  )
a247fe
-{
a247fe
-	zend_uchar * ret = NULL;
a247fe
-	DBG_ENTER("mysqlnd_caching_sha2_get_auth_data");
a247fe
-	DBG_INF_FMT("salt(%d)=[%.*s]", auth_plugin_data_len, auth_plugin_data_len, auth_plugin_data);
a247fe
-	*auth_data_len = 0;
a247fe
-
a247fe
-	DBG_INF("First auth step: send hashed password");
a247fe
-	/* copy scrambled pass*/
a247fe
-	if (passwd && passwd_len) {
a247fe
-		ret = malloc(SHA256_LENGTH + 1);
a247fe
-		*auth_data_len = SHA256_LENGTH;
a247fe
-		php_mysqlnd_scramble_sha2((zend_uchar*)ret, auth_plugin_data, (zend_uchar*)passwd, passwd_len);
a247fe
-		ret[SHA256_LENGTH] = '\0';
a247fe
-		DBG_INF_FMT("hash(%d)=[%.*s]", *auth_data_len, *auth_data_len, ret);
a247fe
-	}
a247fe
-
a247fe
-	DBG_RETURN(ret);
a247fe
-}
a247fe
-/* }}} */
a247fe
-
a247fe
-#ifdef MYSQLND_HAVE_SSL
a247fe
-static RSA *
a247fe
-mysqlnd_caching_sha2_get_key(MYSQLND_CONN_DATA *conn)
a247fe
-{
a247fe
-	RSA * ret = NULL;
a247fe
-	const MYSQLND_PFC_DATA * const pfc_data = conn->protocol_frame_codec->data;
a247fe
-	const char * fname = (pfc_data->sha256_server_public_key && pfc_data->sha256_server_public_key[0] != '\0')?
a247fe
-								pfc_data->sha256_server_public_key:
a247fe
-								MYSQLND_G(sha256_server_public_key);
a247fe
-	php_stream * stream;
a247fe
-	DBG_ENTER("mysqlnd_cached_sha2_get_key");
a247fe
-	DBG_INF_FMT("options_s256_pk=[%s] MYSQLND_G(sha256_server_public_key)=[%s]",
a247fe
-				 pfc_data->sha256_server_public_key? pfc_data->sha256_server_public_key:"n/a",
a247fe
-				 MYSQLND_G(sha256_server_public_key)? MYSQLND_G(sha256_server_public_key):"n/a");
a247fe
-	if (!fname || fname[0] == '\0') {
a247fe
-		MYSQLND_PACKET_CACHED_SHA2_RESULT *req_packet = NULL;
a247fe
-		MYSQLND_PACKET_SHA256_PK_REQUEST_RESPONSE *pk_resp_packet = NULL;
a247fe
-
a247fe
-		do {
a247fe
-			DBG_INF("requesting the public key from the server");
a247fe
-			req_packet = conn->payload_decoder_factory->m.get_cached_sha2_result_packet(conn->payload_decoder_factory, FALSE);
a247fe
-			pk_resp_packet = conn->payload_decoder_factory->m.get_sha256_pk_request_response_packet(conn->payload_decoder_factory, FALSE);
a247fe
-			req_packet->request = 1;
a247fe
-
a247fe
-			if (! PACKET_WRITE(req_packet)) {
a247fe
-				DBG_ERR_FMT("Error while sending public key request packet");
a247fe
-				php_error(E_WARNING, "Error while sending public key request packet. PID=%d", getpid());
a247fe
-				SET_CONNECTION_STATE(&conn->state, CONN_QUIT_SENT);
a247fe
-				break;
a247fe
-			}
a247fe
-			if (FAIL == PACKET_READ(pk_resp_packet) || NULL == pk_resp_packet->public_key) {
a247fe
-				DBG_ERR_FMT("Error while receiving public key");
a247fe
-				php_error(E_WARNING, "Error while receiving public key. PID=%d", getpid());
a247fe
-				SET_CONNECTION_STATE(&conn->state, CONN_QUIT_SENT);
a247fe
-				break;
a247fe
-			}
a247fe
-			DBG_INF_FMT("Public key(%d):\n%s", pk_resp_packet->public_key_len, pk_resp_packet->public_key);
a247fe
-			/* now extract the public key */
a247fe
-			{
a247fe
-				BIO * bio = BIO_new_mem_buf(pk_resp_packet->public_key, pk_resp_packet->public_key_len);
a247fe
-				ret = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL);
a247fe
-				BIO_free(bio);
a247fe
-			}
a247fe
-		} while (0);
a247fe
-		PACKET_FREE(req_packet);
a247fe
-		PACKET_FREE(pk_resp_packet);
a247fe
-
a247fe
-		DBG_INF_FMT("ret=%p", ret);
a247fe
-		DBG_RETURN(ret);
a247fe
-
a247fe
-		SET_CLIENT_ERROR(conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE,
a247fe
-			"caching_sha2_server_public_key is not set for the connection or as mysqlnd.sha256_server_public_key");
a247fe
-		DBG_ERR("server_public_key is not set");
a247fe
-		DBG_RETURN(NULL);
a247fe
-	} else {
a247fe
-		zend_string * key_str;
a247fe
-		DBG_INF_FMT("Key in a file. [%s]", fname);
a247fe
-		stream = php_stream_open_wrapper((char *) fname, "rb", REPORT_ERRORS, NULL);
a247fe
-
a247fe
-		if (stream) {
a247fe
-			if ((key_str = php_stream_copy_to_mem(stream, PHP_STREAM_COPY_ALL, 0)) != NULL) {
a247fe
-				BIO * bio = BIO_new_mem_buf(ZSTR_VAL(key_str), ZSTR_LEN(key_str));
a247fe
-				ret = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL);
a247fe
-				BIO_free(bio);
a247fe
-				DBG_INF("Successfully loaded");
a247fe
-				DBG_INF_FMT("Public key:%*.s", ZSTR_LEN(key_str), ZSTR_VAL(key_str));
a247fe
-				zend_string_release(key_str);
a247fe
-			}
a247fe
-			php_stream_close(stream);
a247fe
-		}
a247fe
-	}
a247fe
-	DBG_RETURN(ret);
a247fe
-
a247fe
-}
a247fe
-#endif
a247fe
-
a247fe
-
a247fe
-/* {{{ mysqlnd_caching_sha2_get_key */
a247fe
-static size_t
a247fe
-mysqlnd_caching_sha2_get_and_use_key(MYSQLND_CONN_DATA *conn,
a247fe
-		const zend_uchar * auth_plugin_data, size_t auth_plugin_data_len,
a247fe
-		unsigned char **crypted,
a247fe
-		const char * const passwd,
a247fe
-		const size_t passwd_len)
a247fe
-{
a247fe
-#ifdef MYSQLND_HAVE_SSL
a247fe
-	static RSA *server_public_key;
a247fe
-	server_public_key = mysqlnd_caching_sha2_get_key(conn);
a247fe
-
a247fe
-	DBG_ENTER("mysqlnd_caching_sha2_get_and_use_key(");
a247fe
-
a247fe
-	if (server_public_key) {
a247fe
-		int server_public_key_len;
a247fe
-		char xor_str[passwd_len + 1];
a247fe
-		memcpy(xor_str, passwd, passwd_len);
a247fe
-		xor_str[passwd_len] = '\0';
a247fe
-		mysqlnd_xor_string(xor_str, passwd_len, (char *) auth_plugin_data, auth_plugin_data_len);
a247fe
-
a247fe
-		server_public_key_len = RSA_size(server_public_key);
a247fe
-		/*
a247fe
-		  Because RSA_PKCS1_OAEP_PADDING is used there is a restriction on the passwd_len.
a247fe
-		  RSA_PKCS1_OAEP_PADDING is recommended for new applications. See more here:
a247fe
-		  http://www.openssl.org/docs/crypto/RSA_public_encrypt.html
a247fe
-		*/
a247fe
-		if ((size_t) server_public_key_len - 41 <= passwd_len) {
a247fe
-			/* password message is to long */
a247fe
-			SET_CLIENT_ERROR(conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, "password is too long");
a247fe
-			DBG_ERR("password is too long");
a247fe
-			DBG_RETURN(0);
a247fe
-		}
a247fe
-
a247fe
-		*crypted = emalloc(server_public_key_len);
a247fe
-		RSA_public_encrypt(passwd_len + 1, (zend_uchar *) xor_str, *crypted, server_public_key, RSA_PKCS1_OAEP_PADDING);
a247fe
-		DBG_RETURN(server_public_key_len);
a247fe
-	}
a247fe
-	DBG_RETURN(0);
a247fe
-#else
a247fe
-	DBG_ENTER("mysqlnd_caching_sha2_get_and_use_key(");
a247fe
-	php_error_docref(NULL, E_WARNING, "PHP was built without openssl extension, can't send password encrypted");
a247fe
-	DBG_RETURN(0);
a247fe
-#endif
a247fe
-}
a247fe
-/* }}} */
a247fe
-
a247fe
-/* {{{ mysqlnd_native_auth_get_auth_data */
a247fe
-static void
a247fe
-mysqlnd_caching_sha2_handle_server_response(struct st_mysqlnd_authentication_plugin *self,
a247fe
-		MYSQLND_CONN_DATA * conn,
a247fe
-		const zend_uchar * auth_plugin_data, size_t auth_plugin_data_len,
a247fe
-		const char * const passwd,
a247fe
-		const size_t passwd_len)
a247fe
-{
a247fe
-	DBG_ENTER("mysqlnd_caching_sha2_handle_server_response");
a247fe
-	MYSQLND_PACKET_CACHED_SHA2_RESULT *result_packet;
a247fe
-	result_packet = conn->payload_decoder_factory->m.get_cached_sha2_result_packet(conn->payload_decoder_factory, FALSE);
a247fe
-
a247fe
-	if (FAIL == PACKET_READ(result_packet)) {
a247fe
-		DBG_VOID_RETURN;
a247fe
-	}
a247fe
-
a247fe
-	switch (result_packet->response_code) {
a247fe
-		case 3:
a247fe
-			DBG_INF("fast path suceeded");
a247fe
-			PACKET_FREE(result_packet);
a247fe
-			DBG_VOID_RETURN;
a247fe
-		case 4:
a247fe
-			if (conn->vio->data->ssl || conn->unix_socket.s) {
a247fe
-				DBG_INF("fast path failed, doing full auth via SSL");
a247fe
-				result_packet->password = (zend_uchar *)passwd;
a247fe
-				result_packet->password_len = passwd_len + 1;
a247fe
-				PACKET_WRITE(result_packet);
a247fe
-			} else {
a247fe
-				DBG_INF("fast path failed, doing full auth without SSL");
a247fe
-				result_packet->password_len = mysqlnd_caching_sha2_get_and_use_key(conn, auth_plugin_data, auth_plugin_data_len, &result_packet->password, passwd, passwd_len);
a247fe
-				PACKET_WRITE(result_packet);
a247fe
-				efree(result_packet->password);
a247fe
-			}
a247fe
-			PACKET_FREE(result_packet);
a247fe
-			DBG_VOID_RETURN;
a247fe
-		case 2:
a247fe
-			// The server tried to send a key, which we didn't expect
a247fe
-			// fall-through
a247fe
-		default:
a247fe
-			php_error_docref(NULL, E_WARNING, "Unexpected server respose while doing caching_sha2 auth: %i", result_packet->response_code);
a247fe
-	}
a247fe
-
a247fe
-	PACKET_FREE(result_packet);
a247fe
-
a247fe
-	DBG_VOID_RETURN;
a247fe
-}
a247fe
-/* }}} */
a247fe
-
a247fe
-static struct st_mysqlnd_authentication_plugin mysqlnd_caching_sha2_auth_plugin =
a247fe
-{
a247fe
-	{
a247fe
-		MYSQLND_PLUGIN_API_VERSION,
a247fe
-		"auth_plugin_caching_sha2_password",
a247fe
-		MYSQLND_VERSION_ID,
a247fe
-		PHP_MYSQLND_VERSION,
a247fe
-		"PHP License 3.01",
a247fe
-		"Johannes Schlüter <johannes.schlueter@php.net>",
a247fe
-		{
a247fe
-			NULL, /* no statistics , will be filled later if there are some */
a247fe
-			NULL, /* no statistics */
a247fe
-		},
a247fe
-		{
a247fe
-			NULL /* plugin shutdown */
a247fe
-		}
a247fe
-	},
a247fe
-	{/* methods */
a247fe
-		mysqlnd_caching_sha2_get_auth_data,
a247fe
-		mysqlnd_caching_sha2_handle_server_response
a247fe
-	}
a247fe
-};
a247fe
-
a247fe
-
a247fe
 /* {{{ mysqlnd_register_builtin_authentication_plugins */
a247fe
 void
a247fe
 mysqlnd_register_builtin_authentication_plugins(void)
a247fe
 {
a247fe
 	mysqlnd_plugin_register_ex((struct st_mysqlnd_plugin_header *) &mysqlnd_native_auth_plugin);
a247fe
 	mysqlnd_plugin_register_ex((struct st_mysqlnd_plugin_header *) &mysqlnd_pam_authentication_plugin);
a247fe
-	mysqlnd_plugin_register_ex((struct st_mysqlnd_plugin_header *) &mysqlnd_caching_sha2_auth_plugin);
a247fe
 #ifdef MYSQLND_HAVE_SSL
a247fe
 	mysqlnd_plugin_register_ex((struct st_mysqlnd_plugin_header *) &mysqlnd_sha256_authentication_plugin);
a247fe
 #endif
a247fe
diff --git a/ext/mysqlnd/mysqlnd_auth.h b/ext/mysqlnd/mysqlnd_auth.h
a247fe
index 3ddb5a5f70fe..8fc369abca43 100644
a247fe
--- a/ext/mysqlnd/mysqlnd_auth.h
a247fe
+++ b/ext/mysqlnd/mysqlnd_auth.h
a247fe
@@ -31,9 +31,26 @@ mysqlnd_auth_handshake(MYSQLND_CONN_DATA * conn,
a247fe
 						unsigned int server_charset_no,
a247fe
 						zend_bool use_full_blown_auth_packet,
a247fe
 						const char * const auth_protocol,
a247fe
-						struct st_mysqlnd_authentication_plugin * auth_plugin,
a247fe
-						const zend_uchar * const orig_auth_plugin_data,
a247fe
-						const size_t orig_auth_plugin_data_len,
a247fe
+						const zend_uchar * const auth_plugin_data,
a247fe
+						const size_t auth_plugin_data_len,
a247fe
+						char ** switch_to_auth_protocol,
a247fe
+						size_t * switch_to_auth_protocol_len,
a247fe
+						zend_uchar ** switch_to_auth_protocol_data,
a247fe
+						size_t * switch_to_auth_protocol_data_len
a247fe
+						);
a247fe
+
a247fe
+enum_func_status
a247fe
+mysqlnd_auth_handshake(MYSQLND_CONN_DATA * conn,
a247fe
+						const char * const user,
a247fe
+						const char * const passwd,
a247fe
+						const size_t passwd_len,
a247fe
+						const char * const db,
a247fe
+						const size_t db_len,
a247fe
+						const MYSQLND_SESSION_OPTIONS * const session_options,
a247fe
+						zend_ulong mysql_flags,
a247fe
+						unsigned int server_charset_no,
a247fe
+						zend_bool use_full_blown_auth_packet,
a247fe
+						const char * const auth_protocol,
a247fe
 						const zend_uchar * const auth_plugin_data,
a247fe
 						const size_t auth_plugin_data_len,
a247fe
 						char ** switch_to_auth_protocol,
a247fe
diff --git a/ext/mysqlnd/mysqlnd_connection.c b/ext/mysqlnd/mysqlnd_connection.c
a247fe
index 2f458149a6cd..654673f500c0 100644
a247fe
--- a/ext/mysqlnd/mysqlnd_connection.c
a247fe
+++ b/ext/mysqlnd/mysqlnd_connection.c
a247fe
@@ -678,13 +678,9 @@ MYSQLND_METHOD(mysqlnd_conn_data, connect)(MYSQLND_CONN_DATA * conn,
a247fe
 
a247fe
 	{
a247fe
 		const MYSQLND_CSTRING scheme = { transport.s, transport.l };
a247fe
-		/* This will be overwritten below with a copy, but we can use it during authentication */
a247fe
-		conn->unix_socket.s = (char *)socket_or_pipe.s;
a247fe
 		if (FAIL == conn->m->connect_handshake(conn, &scheme, &username, &password, &database, mysql_flags)) {
a247fe
-			conn->unix_socket.s = NULL;
a247fe
 			goto err;
a247fe
 		}
a247fe
-		conn->unix_socket.s = NULL;
a247fe
 	}
a247fe
 
a247fe
 	{
a247fe
diff --git a/ext/mysqlnd/mysqlnd_enum_n_def.h b/ext/mysqlnd/mysqlnd_enum_n_def.h
a247fe
index 0a3022058d1d..4b3ae4fff36f 100644
a247fe
--- a/ext/mysqlnd/mysqlnd_enum_n_def.h
a247fe
+++ b/ext/mysqlnd/mysqlnd_enum_n_def.h
a247fe
@@ -618,7 +618,6 @@ enum mysqlnd_packet_type
a247fe
 	PROT_CHG_USER_RESP_PACKET,
a247fe
 	PROT_SHA256_PK_REQUEST_PACKET,
a247fe
 	PROT_SHA256_PK_REQUEST_RESPONSE_PACKET,
a247fe
-	PROT_CACHED_SHA2_RESULT_PACKET,
a247fe
 	PROT_LAST /* should always be last */
a247fe
 };
a247fe
 
a247fe
diff --git a/ext/mysqlnd/mysqlnd_structs.h b/ext/mysqlnd/mysqlnd_structs.h
a247fe
index bd09b5b0dffd..81b24066460a 100644
a247fe
--- a/ext/mysqlnd/mysqlnd_structs.h
a247fe
+++ b/ext/mysqlnd/mysqlnd_structs.h
a247fe
@@ -970,7 +970,6 @@ struct st_mysqlnd_packet_chg_user_resp;
a247fe
 struct st_mysqlnd_packet_auth_pam;
a247fe
 struct st_mysqlnd_packet_sha256_pk_request;
a247fe
 struct st_mysqlnd_packet_sha256_pk_request_response;
a247fe
-struct st_mysqlnd_packet_cached_sha2_result;
a247fe
 
a247fe
 typedef struct st_mysqlnd_packet_greet *		(*func_mysqlnd_protocol_payload_decoder_factory__get_greet_packet)(MYSQLND_PROTOCOL_PAYLOAD_DECODER_FACTORY * const factory, const zend_bool persistent);
a247fe
 typedef struct st_mysqlnd_packet_auth *			(*func_mysqlnd_protocol_payload_decoder_factory__get_auth_packet)(MYSQLND_PROTOCOL_PAYLOAD_DECODER_FACTORY * const factory, const zend_bool persistent);
a247fe
@@ -987,7 +986,6 @@ typedef struct st_mysqlnd_packet_prepare_response *(*func_mysqlnd_protocol_paylo
a247fe
 typedef struct st_mysqlnd_packet_chg_user_resp*(*func_mysqlnd_protocol_payload_decoder_factory__get_change_user_response_packet)(MYSQLND_PROTOCOL_PAYLOAD_DECODER_FACTORY * const factory, const zend_bool persistent);
a247fe
 typedef struct st_mysqlnd_packet_sha256_pk_request *(*func_mysqlnd_protocol_payload_decoder_factory__get_sha256_pk_request_packet)(MYSQLND_PROTOCOL_PAYLOAD_DECODER_FACTORY * const factory, const zend_bool persistent);
a247fe
 typedef struct st_mysqlnd_packet_sha256_pk_request_response *(*func_mysqlnd_protocol_payload_decoder_factory__get_sha256_pk_request_response_packet)(MYSQLND_PROTOCOL_PAYLOAD_DECODER_FACTORY * const factory, const zend_bool persistent);
a247fe
-typedef struct st_mysqlnd_packet_cached_sha2_result *(*func_mysqlnd_protocol_payload_decoder_factory__get_cached_sha2_result_packet)(MYSQLND_PROTOCOL_PAYLOAD_DECODER_FACTORY * const factory, const zend_bool persistent);
a247fe
 
a247fe
 typedef enum_func_status (*func_mysqlnd_protocol_payload_decoder_factory__send_command)(
a247fe
 			MYSQLND_PROTOCOL_PAYLOAD_DECODER_FACTORY * payload_decoder_factory,
a247fe
@@ -1045,7 +1043,6 @@ MYSQLND_CLASS_METHODS_TYPE(mysqlnd_protocol_payload_decoder_factory)
a247fe
 	func_mysqlnd_protocol_payload_decoder_factory__get_change_user_response_packet get_change_user_response_packet;
a247fe
 	func_mysqlnd_protocol_payload_decoder_factory__get_sha256_pk_request_packet get_sha256_pk_request_packet;
a247fe
 	func_mysqlnd_protocol_payload_decoder_factory__get_sha256_pk_request_response_packet get_sha256_pk_request_response_packet;
a247fe
-	func_mysqlnd_protocol_payload_decoder_factory__get_cached_sha2_result_packet get_cached_sha2_result_packet;
a247fe
 
a247fe
 	func_mysqlnd_protocol_payload_decoder_factory__send_command send_command;
a247fe
 	func_mysqlnd_protocol_payload_decoder_factory__send_command_handle_response send_command_handle_response;
a247fe
@@ -1358,18 +1355,11 @@ typedef zend_uchar * (*func_auth_plugin__get_auth_data)(struct st_mysqlnd_authen
a247fe
 														const MYSQLND_PFC_DATA * const pfc_data, zend_ulong mysql_flags
a247fe
 														);
a247fe
 
a247fe
-typedef void (*func_auth_plugin__handle_server_response)(struct st_mysqlnd_authentication_plugin * self, 
a247fe
-		MYSQLND_CONN_DATA * conn,
a247fe
-		const zend_uchar * auth_plugin_data, size_t auth_plugin_data_len,
a247fe
-		const char * const passwd,
a247fe
-		const size_t passwd_len);
a247fe
-
a247fe
 struct st_mysqlnd_authentication_plugin
a247fe
 {
a247fe
 	struct st_mysqlnd_plugin_header plugin_header;
a247fe
 	struct {
a247fe
 		func_auth_plugin__get_auth_data get_auth_data;
a247fe
-		func_auth_plugin__handle_server_response handle_server_response;
a247fe
 	} methods;
a247fe
 };
a247fe
 
a247fe
diff --git a/ext/mysqlnd/mysqlnd_wireprotocol.c b/ext/mysqlnd/mysqlnd_wireprotocol.c
a247fe
index c5039c3d722e..29f89e88e052 100644
a247fe
--- a/ext/mysqlnd/mysqlnd_wireprotocol.c
a247fe
+++ b/ext/mysqlnd/mysqlnd_wireprotocol.c
a247fe
@@ -2269,85 +2269,7 @@ php_mysqlnd_sha256_pk_request_response_free_mem(void * _packet, zend_bool stack_
a247fe
 }
a247fe
 /* }}} */
a247fe
 
a247fe
-static
a247fe
-size_t php_mysqlnd_cached_sha2_result_write(void * _packet)
a247fe
-{
a247fe
-	MYSQLND_PACKET_CACHED_SHA2_RESULT * packet= (MYSQLND_PACKET_CACHED_SHA2_RESULT *) _packet;
a247fe
-	MYSQLND_ERROR_INFO * error_info = packet->header.error_info;
a247fe
-	MYSQLND_PFC * pfc = packet->header.protocol_frame_codec;
a247fe
-	MYSQLND_VIO * vio = packet->header.vio;
a247fe
-	MYSQLND_STATS * stats = packet->header.stats;
a247fe
-#ifndef _MSC_VER
a247fe
-	zend_uchar buffer[MYSQLND_HEADER_SIZE + packet->password_len + 1];
a247fe
-#else
a247fe
-	ALLOCA_FLAG(use_heap)
a247fe
-	zend_uchar *buffer = do_alloca(MYSQLND_HEADER_SIZE + packet->password_len + 1, use_heap);
a247fe
-#endif
a247fe
-	size_t sent;
a247fe
-
a247fe
-	DBG_ENTER("php_mysqlnd_cached_sha2_result_write");
a247fe
-
a247fe
-	if (packet->request == 1) {
a247fe
-		int1store(buffer + MYSQLND_HEADER_SIZE, '\2');
a247fe
-		sent = pfc->data->m.send(pfc, vio, buffer, 1, stats, error_info);
a247fe
-	} else {
a247fe
-		memcpy(buffer + MYSQLND_HEADER_SIZE, packet->password, packet->password_len);
a247fe
-		sent = pfc->data->m.send(pfc, vio, buffer, packet->password_len, stats, error_info);
a247fe
-	}
a247fe
-
a247fe
-#ifdef _MSC_VER
a247fe
-	free_alloca(buffer, use_heap);
a247fe
-#endif
a247fe
-
a247fe
-	DBG_RETURN(sent);
a247fe
-}
a247fe
-
a247fe
-static enum_func_status
a247fe
-php_mysqlnd_cached_sha2_result_read(void * _packet)
a247fe
-{
a247fe
-	MYSQLND_PACKET_CACHED_SHA2_RESULT * packet= (MYSQLND_PACKET_CACHED_SHA2_RESULT *) _packet;
a247fe
-	MYSQLND_ERROR_INFO * error_info = packet->header.error_info;
a247fe
-	MYSQLND_PFC * pfc = packet->header.protocol_frame_codec;
a247fe
-	MYSQLND_VIO * vio = packet->header.vio;
a247fe
-	MYSQLND_STATS * stats = packet->header.stats;
a247fe
-	MYSQLND_CONNECTION_STATE * connection_state = packet->header.connection_state;
a247fe
-	zend_uchar buf[SHA256_PK_REQUEST_RESP_BUFFER_SIZE];
a247fe
-	zend_uchar *p = buf;
a247fe
-	const zend_uchar * const begin = buf;
a247fe
-
a247fe
-	DBG_ENTER("php_mysqlnd_cached_sha2_result_read");
a247fe
-	if (FAIL == mysqlnd_read_packet_header_and_body(&(packet->header), pfc, vio, stats, error_info, connection_state, buf, sizeof(buf), "PROT_CACHED_SHA2_RESULT_PACKET", PROT_CACHED_SHA2_RESULT_PACKET)) {
a247fe
-		DBG_RETURN(FAIL);
a247fe
-	}
a247fe
-	BAIL_IF_NO_MORE_DATA;
a247fe
-
a247fe
-	p++;
a247fe
-	packet->response_code = uint1korr(p);
a247fe
-	BAIL_IF_NO_MORE_DATA;
a247fe
 
a247fe
-	p++;
a247fe
-	packet->result = uint1korr(p);
a247fe
-	BAIL_IF_NO_MORE_DATA;
a247fe
-
a247fe
-	DBG_RETURN(PASS);
a247fe
-
a247fe
-premature_end:
a247fe
-	DBG_ERR_FMT("OK packet %d bytes shorter than expected", p - begin - packet->header.size);
a247fe
-	php_error_docref(NULL, E_WARNING, "SHA256_PK_REQUEST_RESPONSE packet "MYSQLND_SZ_T_SPEC" bytes shorter than expected",
a247fe
-					 p - begin - packet->header.size);
a247fe
-	DBG_RETURN(FAIL);
a247fe
-}
a247fe
-
a247fe
-static void
a247fe
-php_mysqlnd_cached_sha2_result_free_mem(void * _packet, zend_bool stack_allocation)
a247fe
-{
a247fe
-	MYSQLND_PACKET_CACHED_SHA2_RESULT * p = (MYSQLND_PACKET_CACHED_SHA2_RESULT *) _packet;
a247fe
-
a247fe
-	if (!stack_allocation) {
a247fe
-		mnd_pefree(p, p->header.persistent);
a247fe
-	}
a247fe
-}
a247fe
-/* }}} */
a247fe
 /* {{{ packet_methods */
a247fe
 static
a247fe
 mysqlnd_packet_methods packet_methods[PROT_LAST] =
a247fe
@@ -2441,15 +2363,9 @@ mysqlnd_packet_methods packet_methods[PROT_LAST] =
a247fe
 		php_mysqlnd_sha256_pk_request_response_read,
a247fe
 		NULL, /* write */
a247fe
 		php_mysqlnd_sha256_pk_request_response_free_mem,
a247fe
-	}, /* PROT_SHA256_PK_REQUEST_RESPONSE_PACKET */
a247fe
-	{
a247fe
-		sizeof(MYSQLND_PACKET_CACHED_SHA2_RESULT),
a247fe
-		php_mysqlnd_cached_sha2_result_read,
a247fe
-		php_mysqlnd_cached_sha2_result_write,
a247fe
-		php_mysqlnd_cached_sha2_result_free_mem
a247fe
-	} /* PROT_CACHED_SHA2_RESULT_PACKET */
a247fe
+	} /* PROT_SHA256_PK_REQUEST_RESPONSE_PACKET */
a247fe
 };
a247fe
-/* }}} */     
a247fe
+/* }}} */
a247fe
 
a247fe
 
a247fe
 /* {{{ mysqlnd_protocol::get_greet_packet */
a247fe
@@ -2798,30 +2714,6 @@ MYSQLND_METHOD(mysqlnd_protocol, get_sha256_pk_request_response_packet)(MYSQLND_
a247fe
 }
a247fe
 /* }}} */
a247fe
 
a247fe
-/* {{{ mysqlnd_protocol::init_cached_sha2_result_packet */
a247fe
-static struct st_mysqlnd_packet_cached_sha2_result *
a247fe
-MYSQLND_METHOD(mysqlnd_protocol, get_cached_sha2_result_packet)
a247fe
-(MYSQLND_PROTOCOL_PAYLOAD_DECODER_FACTORY * const factory, const zend_bool persistent)
a247fe
-{
a247fe
-	struct st_mysqlnd_packet_cached_sha2_result * packet = mnd_pecalloc(1, packet_methods[PROT_CACHED_SHA2_RESULT_PACKET].struct_size, persistent);
a247fe
-	DBG_ENTER("mysqlnd_protocol::init_cached_sha2_result_packet");
a247fe
-	if (packet) {
a247fe
-		memset(packet, 0, sizeof(*packet));
a247fe
-		packet->header.m = &packet_methods[PROT_CACHED_SHA2_RESULT_PACKET];
a247fe
-		packet->header.factory = factory;
a247fe
-
a247fe
-		packet->header.protocol_frame_codec = factory->conn->protocol_frame_codec;
a247fe
-		packet->header.vio = factory->conn->vio;
a247fe
-		packet->header.stats = factory->conn->stats;
a247fe
-		packet->header.error_info = factory->conn->error_info;
a247fe
-		packet->header.connection_state = &factory->conn->state;
a247fe
-
a247fe
-		packet->header.persistent = persistent;
a247fe
-	}
a247fe
-	DBG_RETURN(packet);
a247fe
-}
a247fe
-/* }}} */
a247fe
-
a247fe
 
a247fe
 /* {{{ mysqlnd_protocol::send_command */
a247fe
 static enum_func_status
a247fe
@@ -3052,7 +2944,6 @@ MYSQLND_CLASS_METHODS_START(mysqlnd_protocol_payload_decoder_factory)
a247fe
 	MYSQLND_METHOD(mysqlnd_protocol, get_change_user_response_packet),
a247fe
 	MYSQLND_METHOD(mysqlnd_protocol, get_sha256_pk_request_packet),
a247fe
 	MYSQLND_METHOD(mysqlnd_protocol, get_sha256_pk_request_response_packet),
a247fe
-	MYSQLND_METHOD(mysqlnd_protocol, get_cached_sha2_result_packet),
a247fe
 
a247fe
 	MYSQLND_METHOD(mysqlnd_protocol, send_command),
a247fe
 	MYSQLND_METHOD(mysqlnd_protocol, send_command_handle_response),
a247fe
diff --git a/ext/mysqlnd/mysqlnd_wireprotocol.h b/ext/mysqlnd/mysqlnd_wireprotocol.h
a247fe
index c749afeb75f5..d6855580b4e0 100644
a247fe
--- a/ext/mysqlnd/mysqlnd_wireprotocol.h
a247fe
+++ b/ext/mysqlnd/mysqlnd_wireprotocol.h
a247fe
@@ -292,16 +292,6 @@ typedef struct  st_mysqlnd_packet_sha256_pk_request_response {
a247fe
 	size_t					public_key_len;
a247fe
 } MYSQLND_PACKET_SHA256_PK_REQUEST_RESPONSE;
a247fe
 
a247fe
-typedef struct st_mysqlnd_packet_cached_sha2_result {
a247fe
-	MYSQLND_PACKET_HEADER		header;
a247fe
-	uint8_t		response_code;
a247fe
-	uint8_t 	result;
a247fe
-	uint8_t 	request;
a247fe
-	zend_uchar * password;
a247fe
-	size_t password_len;
a247fe
-} MYSQLND_PACKET_CACHED_SHA2_RESULT;
a247fe
-
a247fe
-
a247fe
 
a247fe
 zend_ulong		php_mysqlnd_net_field_length(const zend_uchar **packet);
a247fe
 zend_uchar *	php_mysqlnd_net_store_length(zend_uchar *packet, const uint64_t length);