Fixed ActiveDirectoryMsi Authentication behavior when specified UID (#1374)
* ActiveDirectoryMsi uid-specified support
This commit is contained in:
parent
ba53591cf5
commit
a11822b154
|
@ -676,8 +676,8 @@ void build_connection_string_and_set_conn_attr( _Inout_ sqlsrv_conn* conn, _Inou
|
||||||
|
|
||||||
try {
|
try {
|
||||||
// Since connection options access token and authentication cannot coexist, check if both of them are used.
|
// Since connection options access token and authentication cannot coexist, check if both of them are used.
|
||||||
// If access token is specified, check UID and PWD as well.
|
// If access token is specified, check UID and PWD as well.
|
||||||
// No need to check the keyword Trusted_Connection because it is not among the acceptable options for SQLSRV drivers
|
// No need to check the keyword Trusted_Connection because it is not among the acceptable options for SQLSRV drivers
|
||||||
if (zend_hash_index_exists(options, SQLSRV_CONN_OPTION_ACCESS_TOKEN)) {
|
if (zend_hash_index_exists(options, SQLSRV_CONN_OPTION_ACCESS_TOKEN)) {
|
||||||
bool invalidOptions = false;
|
bool invalidOptions = false;
|
||||||
|
|
||||||
|
@ -715,6 +715,19 @@ void build_connection_string_and_set_conn_attr( _Inout_ sqlsrv_conn* conn, _Inou
|
||||||
// Add the server name
|
// Add the server name
|
||||||
common_conn_str_append_func( ODBCConnOptions::SERVER, server, strnlen_s( server ), connection_string );
|
common_conn_str_append_func( ODBCConnOptions::SERVER, server, strnlen_s( server ), connection_string );
|
||||||
|
|
||||||
|
// Check uid when Authentication is ActiveDirectoryMSI
|
||||||
|
// uid can be specified when using user-assigned identity
|
||||||
|
if (activeDirectoryMSI) {
|
||||||
|
if (uid != NULL && strnlen_s(uid) > 0) {
|
||||||
|
bool escaped = core_is_conn_opt_value_escaped(uid, strnlen_s(uid));
|
||||||
|
CHECK_CUSTOM_ERROR(!escaped, conn, SQLSRV_ERROR_UID_PWD_BRACES_NOT_ESCAPED) {
|
||||||
|
throw core::CoreException();
|
||||||
|
}
|
||||||
|
|
||||||
|
common_conn_str_append_func(ODBCConnOptions::UID, uid, strnlen_s(uid), connection_string);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// If uid is not present then we use trusted connection -- but not when connecting
|
// If uid is not present then we use trusted connection -- but not when connecting
|
||||||
// using the access token or Authentication is ActiveDirectoryMSI
|
// using the access token or Authentication is ActiveDirectoryMSI
|
||||||
if (!access_token_used && !activeDirectoryMSI) {
|
if (!access_token_used && !activeDirectoryMSI) {
|
||||||
|
|
|
@ -48,10 +48,42 @@ function connectInvalidServer()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function connectInvalidServerWithUser()
|
||||||
|
{
|
||||||
|
global $server, $driver, $uid, $pwd;
|
||||||
|
|
||||||
|
try {
|
||||||
|
$conn = new PDO("sqlsrv:server = $server; driver=$driver;", $uid, $pwd);
|
||||||
|
|
||||||
|
$msodbcsqlVer = $conn->getAttribute(PDO::ATTR_CLIENT_VERSION)["DriverVer"];
|
||||||
|
$version = explode(".", $msodbcsqlVer);
|
||||||
|
|
||||||
|
if ($version[0] < 17 || $version[1] < 3) {
|
||||||
|
//skip the rest of this test, which requires ODBC driver 17.3 or above
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
unset($conn);
|
||||||
|
|
||||||
|
// Try connecting to an invalid server, should get an exception from ODBC
|
||||||
|
$connectionInfo = "Authentication = ActiveDirectoryMsi;";
|
||||||
|
$user = "user";
|
||||||
|
$testCase = 'invalidServer';
|
||||||
|
try {
|
||||||
|
$conn = new PDO("sqlsrv:server = invalidServer; $connectionInfo", $user, null);
|
||||||
|
echo $message . $testCase . PHP_EOL;
|
||||||
|
} catch(PDOException $e) {
|
||||||
|
// TODO: check the exception message here
|
||||||
|
}
|
||||||
|
} catch(PDOException $e) {
|
||||||
|
print_r($e->getMessage());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
require_once('MsSetup.inc');
|
require_once('MsSetup.inc');
|
||||||
|
|
||||||
// Make a connection to an invalid server
|
// Make a connection to an invalid server
|
||||||
connectInvalidServer();
|
connectInvalidServer();
|
||||||
|
connectInvalidServerWithUser();
|
||||||
|
|
||||||
echo "Done\n";
|
echo "Done\n";
|
||||||
?>
|
?>
|
||||||
|
|
Loading…
Reference in a new issue