Fix | Access token identity leaking across pooled connections (#1592)

* Mock TDS server plus access token + connection pool tests for issue #1396

* Fix | An existing connection in the connection pool is reused unexpectedly even though it has a different access token.
Fixes #1396
Properly implement access token handling to support pooling connections. Mock TDS server implementation allows testing of FedAuth connections without Azure configuration. Prepend MSPHPSQL to APP access token hash to ensure unique pool key.

* Implement access token caching to ensure pointer stability and prevent use-after-free issues.

* Detect borked tests and make build_drivers.py ts/nts option case insensitve to simplify calling logic.

Author: David-Engel

.gitignore

@@ -4,6 +4,23 @@ __pycache__
 *.diff
 *.exp
 *.log
-*.sh
 *.out
-test/**/**/*.php
+*.so
+source/**/.libs
+source/**/build
+source/**/modules
+source/pdo_sqlsrv/shared
+source/sqlsrv/shared
+source/**/autom4te.cache
+source/**/*.dep
+source/**/*.la
+source/**/*.lo
+source/**/config.h*
+source/**/config.nice
+source/**/config.status
+source/**/configure*
+source/**/libtool
+source/**/Makefile*
+source/**/run-tests.php
+buildscripts/php*.dll
+buildscripts/php*.pdb

azure-pipelines.yml

@@ -384,9 +384,25 @@ jobs:
       # Set TEST_PHP_ARGS
       export TEST_PHP_ARGS="-c $PHP_INI"
       
+      # Track test failures and borked tests
+      sqlsrv_failed=0
+      pdo_failed=0
+      sqlsrv_borked=0
+      pdo_borked=0
+      
       echo "Running sqlsrv tests..."
       $PHP_BIN run-tests.php -p $PHP_BIN -c $PHP_INI -P sqlsrv/*.phpt --no-color 2>&1 | tee sqlsrv-macos.log || true
       
+      # Check for test failures and borked tests
+      if grep -q "Tests failed.*[1-9]" sqlsrv-macos.log; then
+          sqlsrv_failed=$(grep "Tests failed" sqlsrv-macos.log | grep -oE '[0-9]+' | head -1)
+          echo "sqlsrv tests failed: $sqlsrv_failed"
+      fi
+      if grep -q "Tests borked.*[1-9]" sqlsrv-macos.log; then
+          sqlsrv_borked=$(grep "Tests borked" sqlsrv-macos.log | grep -oE '[0-9]+' | head -1)
+          echo "sqlsrv tests borked: $sqlsrv_borked"
+      fi
+      
       # Show diff files
       for f in sqlsrv/*.diff; do
           if [[ -f "$f" ]]; then
@@ -401,6 +417,16 @@ jobs:
       echo "Running pdo_sqlsrv tests..."
       $PHP_BIN run-tests.php -p $PHP_BIN -c $PHP_INI -P pdo_sqlsrv/*.phpt --no-color 2>&1 | tee pdo_sqlsrv-macos.log || true
       
+      # Check for test failures and borked tests
+      if grep -q "Tests failed.*[1-9]" pdo_sqlsrv-macos.log; then
+          pdo_failed=$(grep "Tests failed" pdo_sqlsrv-macos.log | grep -oE '[0-9]+' | head -1)
+          echo "pdo_sqlsrv tests failed: $pdo_failed"
+      fi
+      if grep -q "Tests borked.*[1-9]" pdo_sqlsrv-macos.log; then
+          pdo_borked=$(grep "Tests borked" pdo_sqlsrv-macos.log | grep -oE '[0-9]+' | head -1)
+          echo "pdo_sqlsrv tests borked: $pdo_borked"
+      fi
+      
       # Show diff files
       for f in pdo_sqlsrv/*.diff; do
           if [[ -f "$f" ]]; then
@@ -409,7 +435,16 @@ jobs:
           fi
       done
       
-      echo "Tests completed!"
+      # Fail if there are test failures or borked tests
+      total_failed=$((${sqlsrv_failed:-0} + ${pdo_failed:-0}))
+      total_borked=$((${sqlsrv_borked:-0} + ${pdo_borked:-0}))
+      if [[ $total_failed -gt 0 || $total_borked -gt 0 ]]; then
+          echo "Total test failures: $total_failed (sqlsrv: ${sqlsrv_failed:-0}, pdo_sqlsrv: ${pdo_failed:-0})"
+          echo "Total borked tests: $total_borked (sqlsrv: ${sqlsrv_borked:-0}, pdo_sqlsrv: ${pdo_borked:-0})"
+          exit 1
+      else
+          echo "All tests passed!"
+      fi
     displayName: 'Run PHP Functional Tests'
 
   #########################################
@@ -439,7 +474,7 @@ jobs:
       testResultsFormat: 'JUnit'
       testResultsFiles: '**/*.xml'
       searchFolder: '$(REPO_ROOT)/test/functional/'
-      failTaskOnFailedTests: false
+      failTaskOnFailedTests: true
       testRunTitle: 'macOS-PHP$(phpver)'
 
   #########################################

build-linux.sh

@@ -0,0 +1,126 @@
+#!/bin/bash
+#
+# Build sqlsrv and pdo_sqlsrv PHP extensions on Linux.
+#
+# Usage:
+#   ./build-linux.sh              # build and copy output to build-output/
+#   ./build-linux.sh --install    # build and install to PHP extension dir (requires sudo)
+#   ./build-linux.sh --clean      # build, copy output, then clean intermediate files
+#   ./build-linux.sh --clean-only # just remove build artifacts (no build)
+#
+# Output:
+#   build-output/sqlsrv.so
+#   build-output/pdo_sqlsrv.so
+
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+SRC_DIR="$SCRIPT_DIR/source"
+OUT_DIR="$SCRIPT_DIR/build-output"
+
+DO_BUILD=true
+DO_CLEAN=false
+DO_INSTALL=false
+
+for arg in "$@"; do
+    case "$arg" in
+        --clean)      DO_CLEAN=true ;;
+        --clean-only) DO_BUILD=false; DO_CLEAN=true ;;
+        --install)    DO_INSTALL=true ;;
+        *) echo "Unknown option: $arg"; exit 1 ;;
+    esac
+done
+
+# Build one extension.
+#   $1 = extension source dir (e.g. source/sqlsrv)
+#   $2 = configure flag       (e.g. --enable-sqlsrv)
+build_ext() {
+    local ext_dir="$1"
+    local configure_flag="$2"
+    local ext_name
+    ext_name="$(basename "$ext_dir")"
+
+    echo "=== Building $ext_name ==="
+
+    pushd "$ext_dir" > /dev/null
+
+    # Ensure shared/ symlink exists
+    if [ ! -e shared ]; then
+        ln -s ../shared shared
+    fi
+
+    phpize
+    ./configure "$configure_flag"
+    make -j"$(nproc)"
+
+    popd > /dev/null
+}
+
+# Copy built .so to output dir.
+collect_output() {
+    mkdir -p "$OUT_DIR"
+    cp "$SRC_DIR/sqlsrv/modules/sqlsrv.so" "$OUT_DIR/"
+    cp "$SRC_DIR/pdo_sqlsrv/modules/pdo_sqlsrv.so" "$OUT_DIR/"
+    echo ""
+    echo "=== Extensions copied to build-output/ ==="
+    ls -lh "$OUT_DIR"/*.so
+}
+
+# Remove all build artifacts from one extension dir.
+#   $1 = extension source dir
+clean_ext() {
+    local ext_dir="$1"
+    local ext_name
+    ext_name="$(basename "$ext_dir")"
+
+    echo "=== Cleaning $ext_name ==="
+
+    pushd "$ext_dir" > /dev/null
+
+    # make clean removes .lo/.la/.so/.libs etc.
+    [ -f Makefile ] && make clean 2>/dev/null || true
+
+    # phpize --clean removes autoconf scaffolding
+    [ -f configure ] && phpize --clean 2>/dev/null || true
+
+    # Remove the symlink we created
+    [ -L shared ] && rm -f shared
+
+    popd > /dev/null
+}
+
+# Also clean .lo/.dep files that ended up in source/shared/
+clean_shared() {
+    echo "=== Cleaning shared/ build artifacts ==="
+    find "$SRC_DIR/shared" -name '*.lo' -o -name '*.dep' -o -name '*.o' | xargs rm -f 2>/dev/null || true
+    rm -rf "$SRC_DIR/shared/.libs" 2>/dev/null || true
+}
+
+if $DO_BUILD; then
+    build_ext "$SRC_DIR/sqlsrv"     "--enable-sqlsrv"
+    build_ext "$SRC_DIR/pdo_sqlsrv" "--with-pdo_sqlsrv"
+    collect_output
+
+    if $DO_INSTALL; then
+        echo ""
+        echo "=== Installing extensions ==="
+        pushd "$SRC_DIR/sqlsrv" > /dev/null
+        sudo make install
+        popd > /dev/null
+        pushd "$SRC_DIR/pdo_sqlsrv" > /dev/null
+        sudo make install
+        popd > /dev/null
+    fi
+fi
+
+if $DO_CLEAN; then
+    clean_ext "$SRC_DIR/sqlsrv"
+    clean_ext "$SRC_DIR/pdo_sqlsrv"
+    clean_shared
+    # Remove the top-level run-tests.php copied by phpize
+    rm -f "$SCRIPT_DIR/run-tests.php"
+    echo ""
+    echo "=== Build artifacts cleaned ==="
+fi
+
+echo "Done."

buildscripts/builddrivers.py

@@ -408,7 +408,7 @@ def validate_php_version(version):
     parser = argparse.ArgumentParser()
     parser.add_argument('--PHPVER', help="PHP version, e.g. 7.4.* etc.")
     parser.add_argument('--ARCH', choices=['x64', 'x86'])
-    parser.add_argument('--THREAD', choices=['nts', 'ts'])
+    parser.add_argument('--THREAD', choices=['nts', 'ts'], type=str.lower)
     parser.add_argument('--DRIVER', default='all', choices=['all', 'sqlsrv', 'pdo_sqlsrv'], help="driver to build (default: all)")
     parser.add_argument('--DEBUG', action='store_true', help="enable debug mode (default: False)")
     parser.add_argument('--REPO', default='Microsoft', help="GitHub repository (default: Microsoft)")