From bf94c89a8cf613662bb4f2b28dad49914a20746d Mon Sep 17 00:00:00 2001
From: Christopher Jones <sixd@php.net>
Date: Mon, 6 Aug 2007 20:31:40 +0000
Subject: [PATCH] flush persistent connection after password change

---
 ext/oci8/oci8.c         | 22 +++++++++++++++++++---
 ext/oci8/php_oci8_int.h |  1 +
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/ext/oci8/oci8.c b/ext/oci8/oci8.c
index fa91116e63..08439a42a6 100644
--- a/ext/oci8/oci8.c
+++ b/ext/oci8/oci8.c
@@ -1238,6 +1238,9 @@ open:
 		connection->next_ping = 0;
 	}
 	
+	/* mark password as unchanged by PHP during the duration of the database session */
+	connection->passwd_changed = 0;
+	
 	smart_str_free_ex(&hashed_details, 0);
 
 	/* allocate environment handle */
@@ -1609,6 +1612,7 @@ int php_oci_password_change(php_oci_connection *connection, zstr user, int user_
 		PHP_OCI_HANDLE_ERROR(connection, connection->errcode);
 		return 1;
 	}
+	connection->passwd_changed = 1;
 	return 0;
 } /* }}} */
 
@@ -1848,7 +1852,7 @@ static int php_oci_persistent_helper(zend_rsrc_list_entry *le TSRMLS_DC)
 
 		if (connection->used_this_request) {
 			if ((PG(connection_status) & PHP_CONNECTION_TIMEOUT) || OCI_G(in_call)) {
-				return 1;
+				return ZEND_HASH_APPLY_REMOVE;
 			}
 
 			if (connection->descriptors) {
@@ -1861,6 +1865,18 @@ static int php_oci_persistent_helper(zend_rsrc_list_entry *le TSRMLS_DC)
 				php_oci_connection_rollback(connection TSRMLS_CC);
 			}
 			
+			/* If oci_password_change() changed the password of a
+			 * persistent connection, close the connection and remove
+			 * it from the persistent connection cache.  This means
+			 * subsequent scripts will be prevented from being able to
+			 * present the old (now invalid) password to a usable
+			 * connection to the database; they must use the new
+			 * password.
+			 */
+			if (connection->passwd_changed) {
+				return ZEND_HASH_APPLY_REMOVE;
+			}
+
 			if (OCI_G(persistent_timeout) > 0) {
 				connection->idle_expiry = timestamp + OCI_G(persistent_timeout);
 			}
@@ -1876,11 +1892,11 @@ static int php_oci_persistent_helper(zend_rsrc_list_entry *le TSRMLS_DC)
 		} else if (OCI_G(persistent_timeout) != -1) {
 			if (connection->idle_expiry < timestamp) {
 				/* connection has timed out */
-				return 1;
+				return ZEND_HASH_APPLY_REMOVE;
 			}
 		}
 	}
-	return 0;
+	return ZEND_HASH_APPLY_KEEP;
 } /* }}} */
 
 #ifdef ZTS
diff --git a/ext/oci8/php_oci8_int.h b/ext/oci8/php_oci8_int.h
index ba4a7938ff..3fb4234778 100644
--- a/ext/oci8/php_oci8_int.h
+++ b/ext/oci8/php_oci8_int.h
@@ -117,6 +117,7 @@ typedef struct { /* php_oci_connection {{{ */
 	unsigned is_persistent:1;	/* self-descriptive */
 	unsigned used_this_request:1; /* helps to determine if we should reset connection's next ping time and check its timeout */
 	unsigned needs_commit:1;	/* helps to determine if we should rollback this connection on close/shutdown */
+	unsigned passwd_changed:1;	/* helps determine if a persistent connection hash should be invalidated after a password change */
 	int rsrc_id;				/* resource ID */
 	time_t idle_expiry;			/* time when the connection will be considered as expired */
 	time_t next_ping;			/* time of the next ping */
-- 
2.40.0