Merge branch 'master' into throw-error-in-extensions

author: Aaron Piotrowski <aaron@trowski.com> 2016-06-10 22:02:23 -0500
committer: Aaron Piotrowski <aaron@trowski.com> 2016-06-10 22:02:23 -0500
commit: e3c681aa5cc71122a8d2fae42e6513fc413ccac8 (patch)
tree: 5f1df62f7b666028edb0ee1adf083a52d63df45a /ext/mysqlnd/mysqlnd_net.c
parent: fb4e3085cbaa76eb8f28eebf848a81d1c0190067 (diff)
parent: 792e89385ca6fc722a03590722eb7745a2374720 (diff)
download: php-git-e3c681aa5cc71122a8d2fae42e6513fc413ccac8.tar.gz
1 files changed, 82 insertions, 30 deletions
diff --git a/ext/mysqlnd/mysqlnd_net.c b/ext/mysqlnd/mysqlnd_net.c
index bcd40d7ab6..111a4898d0 100644
--- a/ext/mysqlnd/mysqlnd_net.c
+++ b/ext/mysqlnd/mysqlnd_net.c
@@ -2,7 +2,7 @@
   +----------------------------------------------------------------------+
   | PHP Version 7                                                        |
   +----------------------------------------------------------------------+
-  | Copyright (c) 2006-2015 The PHP Group                                |
+  | Copyright (c) 2006-2016 The PHP Group                                |
   +----------------------------------------------------------------------+
   | This source file is subject to version 3.01 of the PHP license,      |
   | that is bundled with this package in the file LICENSE, and is        |
@@ -12,13 +12,11 @@
   | obtain it through the world-wide-web, please send a note to          |
   | license@php.net so we can mail you a copy immediately.               |
   +----------------------------------------------------------------------+
-  | Authors: Andrey Hristov <andrey@mysql.com>                           |
-  |          Ulf Wendel <uwendel@mysql.com>                              |
-  |          Georg Richter <georg@mysql.com>                             |
+  | Authors: Andrey Hristov <andrey@php.net>                             |
+  |          Ulf Wendel <uw@php.net>                                     |
   +----------------------------------------------------------------------+
 */
 
-/* $Id: mysqlnd_ps.c 316906 2011-09-17 10:24:18Z pajoye $ */
 #include "php.h"
 #include "php_globals.h"
 #include "mysqlnd.h"
@@ -61,6 +59,27 @@ mysqlnd_set_sock_no_delay(php_stream * stream)
 /* }}} */
 
 
+/* {{{ mysqlnd_set_sock_keepalive */
+static int
+mysqlnd_set_sock_keepalive(php_stream * stream)
+{
+
+	int socketd = ((php_netstream_data_t*)stream->abstract)->socket;
+	int ret = SUCCESS;
+	int flag = 1;
+	int result = setsockopt(socketd, SOL_SOCKET, SO_KEEPALIVE, (char *) &flag, sizeof(int));
+
+	DBG_ENTER("mysqlnd_set_sock_keepalive");
+
+	if (result == -1) {
+		ret = FAILURE;
+	}
+
+	DBG_RETURN(ret);
+}
+/* }}} */
+
+
 /* {{{ mysqlnd_net::network_read_ex */
 static enum_func_status
 MYSQLND_METHOD(mysqlnd_net, network_read_ex)(MYSQLND_NET * const net, zend_uchar * const buffer, const size_t count,
@@ -112,11 +131,7 @@ MYSQLND_METHOD(mysqlnd_net, open_pipe)(MYSQLND_NET * const net, const char * con
 									   const zend_bool persistent,
 									   MYSQLND_STATS * const conn_stats, MYSQLND_ERROR_INFO * const error_info)
 {
-#if PHP_API_VERSION < 20100412
-	unsigned int streams_options = ENFORCE_SAFE_MODE;
-#else
 	unsigned int streams_options = 0;
-#endif
 	dtor_func_t origin_dtor;
 	php_stream * net_stream = NULL;
 
@@ -152,11 +167,7 @@ MYSQLND_METHOD(mysqlnd_net, open_tcp_or_unix)(MYSQLND_NET * const net, const cha
 											  const zend_bool persistent,
 											  MYSQLND_STATS * const conn_stats, MYSQLND_ERROR_INFO * const error_info)
 {
-#if PHP_API_VERSION < 20100412
-	unsigned int streams_options = ENFORCE_SAFE_MODE;
-#else
 	unsigned int streams_options = 0;
-#endif
 	unsigned int streams_flags = STREAM_XPORT_CLIENT | STREAM_XPORT_CONNECT;
 	char * hashed_details = NULL;
 	int hashed_details_len = 0;
@@ -190,9 +201,11 @@ MYSQLND_METHOD(mysqlnd_net, open_tcp_or_unix)(MYSQLND_NET * const net, const cha
 			mnd_sprintf_free(hashed_details);
 		}
 		errcode = CR_CONNECTION_ERROR;
-		SET_CLIENT_ERROR(*error_info, errcode? errcode:CR_CONNECTION_ERROR, UNKNOWN_SQLSTATE, ZSTR_VAL(errstr));
+		SET_CLIENT_ERROR(*error_info,
+						 CR_CONNECTION_ERROR,
+						 UNKNOWN_SQLSTATE,
+						 errstr? ZSTR_VAL(errstr):"Unknown error while connecting");
 		if (errstr) {
-			/* no mnd_ since we don't allocate it */
 			zend_string_release(errstr);
 		}
 		DBG_RETURN(NULL);
@@ -260,6 +273,8 @@ MYSQLND_METHOD(mysqlnd_net, post_connect_set_opt)(MYSQLND_NET * const net,
 		if (!memcmp(scheme, "tcp://", sizeof("tcp://") - 1)) {
 			/* TCP -> Set TCP_NODELAY */
 			mysqlnd_set_sock_no_delay(net_stream);
+			/* TCP -> Set SO_KEEPALIVE */
+			mysqlnd_set_sock_keepalive(net_stream);
 		}
 	}
 
@@ -781,8 +796,27 @@ MYSQLND_METHOD(mysqlnd_net, set_client_option)(MYSQLND_NET * const net, enum mys
 				break;
 			}
 		case MYSQL_OPT_SSL_VERIFY_SERVER_CERT:
-			net->data->options.ssl_verify_peer = value? ((*(zend_bool *)value)? TRUE:FALSE): FALSE;
+		{
+			enum mysqlnd_ssl_peer val = *((enum mysqlnd_ssl_peer *)value);
+			switch (val) {
+				case MYSQLND_SSL_PEER_VERIFY:
+					DBG_INF("MYSQLND_SSL_PEER_VERIFY");
+					break;
+				case MYSQLND_SSL_PEER_DONT_VERIFY:
+					DBG_INF("MYSQLND_SSL_PEER_DONT_VERIFY");
+					break;
+				case MYSQLND_SSL_PEER_DEFAULT:
+					DBG_INF("MYSQLND_SSL_PEER_DEFAULT");
+					val = MYSQLND_SSL_PEER_DEFAULT;
+					break;
+				default:
+					DBG_INF("default = MYSQLND_SSL_PEER_DEFAULT_ACTION");
+					val = MYSQLND_SSL_PEER_DEFAULT;
+					break;
+			}
+			net->data->options.ssl_verify_peer = val;
 			break;
+		}
 		case MYSQL_OPT_READ_TIMEOUT:
 			net->data->options.timeout_read = *(unsigned int*) value;
 			break;
@@ -869,6 +903,7 @@ MYSQLND_METHOD(mysqlnd_net, enable_ssl)(MYSQLND_NET * const net)
 #ifdef MYSQLND_SSL_SUPPORTED
 	php_stream_context * context = php_stream_context_alloc();
 	php_stream * net_stream = net->data->m.get_stream(net);
+	zend_bool any_flag = FALSE;
 
 	DBG_ENTER("mysqlnd_net::enable_ssl");
 	if (!context) {
@@ -879,11 +914,8 @@ MYSQLND_METHOD(mysqlnd_net, enable_ssl)(MYSQLND_NET * const net)
 		zval key_zval;
 		ZVAL_STRING(&key_zval, net->data->options.ssl_key);
 		php_stream_context_set_option(context, "ssl", "local_pk", &key_zval);
-	}
-	if (net->data->options.ssl_verify_peer) {
-		zval verify_peer_zval;
-		ZVAL_TRUE(&verify_peer_zval);
-		php_stream_context_set_option(context, "ssl", "verify_peer", &verify_peer_zval);
+		zval_ptr_dtor(&key_zval);
+		any_flag = TRUE;
 	}
 	if (net->data->options.ssl_cert) {
 		zval cert_zval;
@@ -892,32 +924,56 @@ MYSQLND_METHOD(mysqlnd_net, enable_ssl)(MYSQLND_NET * const net)
 		if (!net->data->options.ssl_key) {
 			php_stream_context_set_option(context, "ssl", "local_pk", &cert_zval);
 		}
+		zval_ptr_dtor(&cert_zval);
+		any_flag = TRUE;
 	}
 	if (net->data->options.ssl_ca) {
 		zval cafile_zval;
 		ZVAL_STRING(&cafile_zval, net->data->options.ssl_ca);
 		php_stream_context_set_option(context, "ssl", "cafile", &cafile_zval);
+		any_flag = TRUE;
 	}
 	if (net->data->options.ssl_capath) {
 		zval capath_zval;
 		ZVAL_STRING(&capath_zval, net->data->options.ssl_capath);
-		php_stream_context_set_option(context, "ssl", "cafile", &capath_zval);
+		php_stream_context_set_option(context, "ssl", "capath", &capath_zval);
+		zval_ptr_dtor(&capath_zval);
+		any_flag = TRUE;
 	}
 	if (net->data->options.ssl_passphrase) {
 		zval passphrase_zval;
 		ZVAL_STRING(&passphrase_zval, net->data->options.ssl_passphrase);
 		php_stream_context_set_option(context, "ssl", "passphrase", &passphrase_zval);
+		zval_ptr_dtor(&passphrase_zval);
+		any_flag = TRUE;
 	}
 	if (net->data->options.ssl_cipher) {
 		zval cipher_zval;
 		ZVAL_STRING(&cipher_zval, net->data->options.ssl_cipher);
 		php_stream_context_set_option(context, "ssl", "ciphers", &cipher_zval);
+		zval_ptr_dtor(&cipher_zval);
+		any_flag = TRUE;
+	}
+	{
+		zval verify_peer_zval;
+		zend_bool verify;
+
+		if (net->data->options.ssl_verify_peer == MYSQLND_SSL_PEER_DEFAULT) {
+			net->data->options.ssl_verify_peer = any_flag? MYSQLND_SSL_PEER_DEFAULT_ACTION:MYSQLND_SSL_PEER_DONT_VERIFY;
+		}
+
+		verify = net->data->options.ssl_verify_peer == MYSQLND_SSL_PEER_VERIFY? TRUE:FALSE;
+
+		DBG_INF_FMT("VERIFY=%d", verify);
+		ZVAL_BOOL(&verify_peer_zval, verify);
+		php_stream_context_set_option(context, "ssl", "verify_peer", &verify_peer_zval);
+		php_stream_context_set_option(context, "ssl", "verify_peer_name", &verify_peer_zval);
+		if (net->data->options.ssl_verify_peer == MYSQLND_SSL_PEER_DONT_VERIFY) {
+			ZVAL_TRUE(&verify_peer_zval);
+			php_stream_context_set_option(context, "ssl", "allow_self_signed", &verify_peer_zval);
+		}
 	}
-#if PHP_API_VERSION >= 20131106
-	php_stream_context_set(net_stream, context);
-#else
 	php_stream_context_set(net_stream, context);
-#endif
 	if (php_stream_xport_crypto_setup(net_stream, STREAM_CRYPTO_METHOD_TLS_CLIENT, NULL) < 0 ||
 	    php_stream_xport_crypto_enable(net_stream, 1) < 0)
 	{
@@ -933,11 +989,7 @@ MYSQLND_METHOD(mysqlnd_net, enable_ssl)(MYSQLND_NET * const net)
 	  of the context, which means usage of already freed memory, bad. Actually we don't need this
 	  context anymore after we have enabled SSL on the connection. Thus it is very simple, we remove it.
 	*/
-#if PHP_API_VERSION >= 20131106
 	php_stream_context_set(net_stream, NULL);
-#else
-	php_stream_context_set(net_stream, NULL);
-#endif
 
 	if (net->data->options.timeout_read) {
 		struct timeval tv;
author	Aaron Piotrowski <aaron@trowski.com>	2016-06-10 22:02:23 -0500
committer	Aaron Piotrowski <aaron@trowski.com>	2016-06-10 22:02:23 -0500
commit	e3c681aa5cc71122a8d2fae42e6513fc413ccac8 (patch)
tree	5f1df62f7b666028edb0ee1adf083a52d63df45a /ext/mysqlnd/mysqlnd_net.c
parent	fb4e3085cbaa76eb8f28eebf848a81d1c0190067 (diff)
parent	792e89385ca6fc722a03590722eb7745a2374720 (diff)
download	php-git-e3c681aa5cc71122a8d2fae42e6513fc413ccac8.tar.gz