flush persistent connection after password change

2024-09-22 10:27:25 +00:00 · 2007-08-06 20:31:40 +00:00 · 2007-08-06 20:31:40 +00:00 · bf94c89a8c
commit bf94c89a8c
parent ac3a73972a
2 changed files with 20 additions and 3 deletions
--- a/ext/oci8/oci8.c
+++ b/ext/oci8/oci8.c
@ -1238,6 +1238,9 @@ open:
 		connection->next_ping = 0;
 	}
 	
+	/* mark password as unchanged by PHP during the duration of the database session */
+	connection->passwd_changed = 0;
+	
 	smart_str_free_ex(&hashed_details, 0);

 	/* allocate environment handle */
@ -1609,6 +1612,7 @@ int php_oci_password_change(php_oci_connection *connection, zstr user, int user_
 		PHP_OCI_HANDLE_ERROR(connection, connection->errcode);
 		return 1;
 	}
+	connection->passwd_changed = 1;
 	return 0;
 } /* }}} */

@ -1848,7 +1852,7 @@ static int php_oci_persistent_helper(zend_rsrc_list_entry *le TSRMLS_DC)

 		if (connection->used_this_request) {
 			if ((PG(connection_status) & PHP_CONNECTION_TIMEOUT) || OCI_G(in_call)) {
-				return 1;
+				return ZEND_HASH_APPLY_REMOVE;
 			}

 			if (connection->descriptors) {
@ -1861,6 +1865,18 @@ static int php_oci_persistent_helper(zend_rsrc_list_entry *le TSRMLS_DC)
 				php_oci_connection_rollback(connection TSRMLS_CC);
 			}
 			
+			/* If oci_password_change() changed the password of a
+			 * persistent connection, close the connection and remove
+			 * it from the persistent connection cache.  This means
+			 * subsequent scripts will be prevented from being able to
+			 * present the old (now invalid) password to a usable
+			 * connection to the database; they must use the new
+			 * password.
+			 */
+			if (connection->passwd_changed) {
+				return ZEND_HASH_APPLY_REMOVE;
+			}
+
 			if (OCI_G(persistent_timeout) > 0) {
 				connection->idle_expiry = timestamp + OCI_G(persistent_timeout);
 			}
@ -1876,11 +1892,11 @@ static int php_oci_persistent_helper(zend_rsrc_list_entry *le TSRMLS_DC)
 		} else if (OCI_G(persistent_timeout) != -1) {
 			if (connection->idle_expiry < timestamp) {
 				/* connection has timed out */
-				return 1;
+				return ZEND_HASH_APPLY_REMOVE;
 			}
 		}
 	}
-	return 0;
+	return ZEND_HASH_APPLY_KEEP;
 } /* }}} */

 #ifdef ZTS
--- a/ext/oci8/php_oci8_int.h
+++ b/ext/oci8/php_oci8_int.h
@ -117,6 +117,7 @@ typedef struct { /* php_oci_connection {{{ */
 	unsigned is_persistent:1;	/* self-descriptive */
 	unsigned used_this_request:1; /* helps to determine if we should reset connection's next ping time and check its timeout */
 	unsigned needs_commit:1;	/* helps to determine if we should rollback this connection on close/shutdown */
+	unsigned passwd_changed:1;	/* helps determine if a persistent connection hash should be invalidated after a password change */
 	int rsrc_id;				/* resource ID */
 	time_t idle_expiry;			/* time when the connection will be considered as expired */
 	time_t next_ping;			/* time of the next ping */