aboutsummaryrefslogtreecommitdiffstats
path: root/Frameworks/SPMySQLFramework/MySQL Client Libraries
diff options
context:
space:
mode:
Diffstat (limited to 'Frameworks/SPMySQLFramework/MySQL Client Libraries')
-rw-r--r--Frameworks/SPMySQLFramework/MySQL Client Libraries/Patches/001-cpp-dependency.diff8
-rw-r--r--Frameworks/SPMySQLFramework/MySQL Client Libraries/Patches/002-new-types.diff9
-rw-r--r--Frameworks/SPMySQLFramework/MySQL Client Libraries/Patches/003-callback-password-auth.diff96
-rw-r--r--Frameworks/SPMySQLFramework/MySQL Client Libraries/include/mysql.h12
-rw-r--r--Frameworks/SPMySQLFramework/MySQL Client Libraries/include/mysql_version.h4
-rw-r--r--Frameworks/SPMySQLFramework/MySQL Client Libraries/lib/libmysqlclient.abin7932592 -> 7935040 bytes
6 files changed, 127 insertions, 2 deletions
diff --git a/Frameworks/SPMySQLFramework/MySQL Client Libraries/Patches/001-cpp-dependency.diff b/Frameworks/SPMySQLFramework/MySQL Client Libraries/Patches/001-cpp-dependency.diff
index 06c20001..e3ce848a 100644
--- a/Frameworks/SPMySQLFramework/MySQL Client Libraries/Patches/001-cpp-dependency.diff
+++ b/Frameworks/SPMySQLFramework/MySQL Client Libraries/Patches/001-cpp-dependency.diff
@@ -1,3 +1,11 @@
+This patch is neccesary to remove a linker error when trying to link SPMySQL with libmysqlclient.a.
+
+To apply:
+ cd mysql-source-root
+ patch -p1 < this-file
+
+(patch created with `diff -Naur`)
+
--- mysql-5.5.56-dist/extra/yassl/taocrypt/include/runtime.hpp 2017-04-27 09:12:30.000000000 +0200
+++ mysql-5.5.56/extra/yassl/taocrypt/include/runtime.hpp 2017-05-20 23:27:14.000000000 +0200
@@ -53,8 +53,8 @@
diff --git a/Frameworks/SPMySQLFramework/MySQL Client Libraries/Patches/002-new-types.diff b/Frameworks/SPMySQLFramework/MySQL Client Libraries/Patches/002-new-types.diff
index bb42f9d9..47aa9c6d 100644
--- a/Frameworks/SPMySQLFramework/MySQL Client Libraries/Patches/002-new-types.diff
+++ b/Frameworks/SPMySQLFramework/MySQL Client Libraries/Patches/002-new-types.diff
@@ -1,3 +1,12 @@
+This patch backports field types that were added after MySQL 5.5,
+but are technically still compatible to the old client libs.
+
+To apply:
+ cd mysql-source-root
+ patch -p1 < this-file
+
+(patch created with `diff -Naur`)
+
--- mysql-5.5.56-dist/include/mysql_com.h 2017-04-27 09:12:30.000000000 +0200
+++ mysql-5.5.56/include/mysql_com.h 2017-05-21 01:46:44.000000000 +0200
@@ -349,7 +349,11 @@
diff --git a/Frameworks/SPMySQLFramework/MySQL Client Libraries/Patches/003-callback-password-auth.diff b/Frameworks/SPMySQLFramework/MySQL Client Libraries/Patches/003-callback-password-auth.diff
new file mode 100644
index 00000000..78fa873d
--- /dev/null
+++ b/Frameworks/SPMySQLFramework/MySQL Client Libraries/Patches/003-callback-password-auth.diff
@@ -0,0 +1,96 @@
+This patch changes the way libmysqlclient receives the connection password.
+Usually it will get the password by trying in order:
+ 1) The passwd that is passed as a parameter to mysql_real_connect()
+ 2) The password that was set on MYSQL->options.password
+ 3) The contents of the environment variable MYSQL_PWD (compile time setting)
+ 4) An empty string
+
+If a connection could be made (not yet authenticathed) the password will be stored
+in MYSQL->passwd for the whole lifetime of the struct.
+
+We don't want that for two reasons:
+ 1) That way the password stays in plaintext memory for possibly a long time (and
+ may even get swapped to disk)
+ 2) MySQL uses plugins for auth (negotiated with the server) and some of them may
+ transmit the password in plaintext over an unsecure connection.
+ Since we have no control over that we would have to decide beforehand if that
+ COULD happen and flat out always deny or allow Keychain access (since e.g.
+ the AVAILABILITY of the cleartext plugin can be controlled by an envvar).
+
+So with this patch we change the flow of information:
+Now mysql doesn't receive the password up front, but instead it has to ask the user (ie. SPMySQL)
+to get the password precisely then when it needs it and mysql will also tell us
+which auth plugin it negotiated with the server, so we can decide on a per situation
+basis whether to request manual input or fetch it from Keychain.
+
+To apply:
+ cd mysql-source-root
+ patch -p1 < this-file
+
+(patch created with `diff -Naur`)
+
+diff -Naur mysql-5.5.59-dist/include/mysql.h mysql-5.5.59/include/mysql.h
+--- mysql-5.5.59-dist/include/mysql.h 2017-11-27 13:03:17.000000000 +0100
++++ mysql-5.5.59/include/mysql.h 2018-02-14 00:28:26.000000000 +0100
+@@ -288,6 +288,18 @@
+ /* needed for embedded server - no net buffer to store the 'info' */
+ char *info_buffer;
+ void *extension;
++
++ /* SPMySQL patch:
++ * Set this to a callback function that will be invoked when mysql wants to do authentication.
++ * @param mysql The MYSQL struct
++ * @param plugin The name of the auth plugin that will be used (usually either
++ * "mysql_native_password", "mysql_old_password" or "mysql_clear_password")
++ * @param with_password A block function you must invoke, during which mysql can use the password you provide via the passwd parameter.
++ * After the block you should immediately clear the password from memory again.
++ */
++ void (*passwd_callback)(struct st_mysql *mysql, const char *plugin, void (^with_password)(const char *passwd));
++ /* SPMySQL patch: This is used with passwd_callback to bridge back to OOP land */
++ void *sp_context;
+ } MYSQL;
+
+
+diff -Naur mysql-5.5.59-dist/sql-common/client.c mysql-5.5.59/sql-common/client.c
+--- mysql-5.5.59-dist/sql-common/client.c 2017-11-27 13:03:17.000000000 +0100
++++ mysql-5.5.59/sql-common/client.c 2018-02-14 00:34:26.000000000 +0100
+@@ -2952,7 +2952,7 @@
+ auth_plugin_t *auth_plugin;
+ MCPVIO_EXT mpvio;
+ ulong pkt_length;
+- int res;
++ __block int res;
+
+ DBUG_ENTER ("run_plugin_auth");
+ /* determine the default/initial plugin to use */
+@@ -2996,7 +2996,29 @@
+ mpvio.db= db;
+ mpvio.plugin= auth_plugin;
+
+- res= auth_plugin->authenticate_user((struct st_plugin_vio *)&mpvio, mysql);
++ /*
++ * SPMySQL Patch to inverse the password flow
++ */
++ if(mysql->passwd_callback)
++ {
++ res = CR_ERROR; //fallback, if block is never invoked
++ mysql->passwd_callback(mysql, auth_plugin_name, ^(const char *passwd) {
++ char *saved_passwd = mysql->passwd;
++ mysql->passwd = (char *)(passwd ? passwd : ""); // see mysql_change_user
++ res= auth_plugin->authenticate_user((struct st_plugin_vio *)&mpvio, mysql);
++ mysql->passwd = saved_passwd;
++ });
++ }
++ else
++ {
++ set_mysql_extended_error(mysql, CR_AUTH_PLUGIN_CANNOT_LOAD,
++ unknown_sqlstate,
++ ER(CR_AUTH_PLUGIN_CANNOT_LOAD),
++ auth_plugin_name,
++ "passwd_callback not set!");
++ DBUG_RETURN (1);
++ }
++
+ DBUG_PRINT ("info", ("authenticate_user returned %s",
+ res == CR_OK ? "CR_OK" :
+ res == CR_ERROR ? "CR_ERROR" :
diff --git a/Frameworks/SPMySQLFramework/MySQL Client Libraries/include/mysql.h b/Frameworks/SPMySQLFramework/MySQL Client Libraries/include/mysql.h
index 3a27ab41..353267aa 100644
--- a/Frameworks/SPMySQLFramework/MySQL Client Libraries/include/mysql.h
+++ b/Frameworks/SPMySQLFramework/MySQL Client Libraries/include/mysql.h
@@ -288,6 +288,18 @@ typedef struct st_mysql
/* needed for embedded server - no net buffer to store the 'info' */
char *info_buffer;
void *extension;
+
+ /* SPMySQL patch:
+ * Set this to a callback function that will be invoked when mysql wants to do authentication.
+ * @param mysql The MYSQL struct
+ * @param plugin The name of the auth plugin that will be used (usually either
+ * "mysql_native_password", "mysql_old_password" or "mysql_clear_password")
+ * @param with_password A block function you must invoke, during which mysql can use the password you provide via the passwd parameter.
+ * After the block you should immediately clear the password from memory again.
+ */
+ void (*passwd_callback)(struct st_mysql *mysql, const char *plugin, void (^with_password)(const char *passwd));
+ /* SPMySQL patch: This is used with passwd_callback to bridge back to OOP land */
+ void *sp_context;
} MYSQL;
diff --git a/Frameworks/SPMySQLFramework/MySQL Client Libraries/include/mysql_version.h b/Frameworks/SPMySQLFramework/MySQL Client Libraries/include/mysql_version.h
index 8c18116a..77ea7e07 100644
--- a/Frameworks/SPMySQLFramework/MySQL Client Libraries/include/mysql_version.h
+++ b/Frameworks/SPMySQLFramework/MySQL Client Libraries/include/mysql_version.h
@@ -11,11 +11,11 @@
#include <custom_conf.h>
#else
#define PROTOCOL_VERSION 10
-#define MYSQL_SERVER_VERSION "5.5.56"
+#define MYSQL_SERVER_VERSION "5.5.59"
#define MYSQL_BASE_VERSION "mysqld-5.5"
#define MYSQL_SERVER_SUFFIX_DEF ""
#define FRM_VER 6
-#define MYSQL_VERSION_ID 50556
+#define MYSQL_VERSION_ID 50559
#define MYSQL_PORT 3306
#define MYSQL_PORT_DEFAULT 0
#define MYSQL_UNIX_ADDR "/tmp/mysql.sock"
diff --git a/Frameworks/SPMySQLFramework/MySQL Client Libraries/lib/libmysqlclient.a b/Frameworks/SPMySQLFramework/MySQL Client Libraries/lib/libmysqlclient.a
index 0fccae22..27e9e15c 100644
--- a/Frameworks/SPMySQLFramework/MySQL Client Libraries/lib/libmysqlclient.a
+++ b/Frameworks/SPMySQLFramework/MySQL Client Libraries/lib/libmysqlclient.a
Binary files differ