Fixed ActiveDirectoryMsi Authentication behavior when specified UID (#1374)

* ActiveDirectoryMsi uid-specified support
This commit is contained in:
SAEKI Yoshiyasu 2022-03-19 06:49:32 +09:00 committed by GitHub
parent ba53591cf5
commit a11822b154
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 94 additions and 49 deletions

View file

@ -676,8 +676,8 @@ void build_connection_string_and_set_conn_attr( _Inout_ sqlsrv_conn* conn, _Inou
try {
// Since connection options access token and authentication cannot coexist, check if both of them are used.
// If access token is specified, check UID and PWD as well.
// No need to check the keyword Trusted_Connection because it is not among the acceptable options for SQLSRV drivers
// If access token is specified, check UID and PWD as well.
// No need to check the keyword Trusted_Connection because it is not among the acceptable options for SQLSRV drivers
if (zend_hash_index_exists(options, SQLSRV_CONN_OPTION_ACCESS_TOKEN)) {
bool invalidOptions = false;
@ -715,6 +715,19 @@ void build_connection_string_and_set_conn_attr( _Inout_ sqlsrv_conn* conn, _Inou
// Add the server name
common_conn_str_append_func( ODBCConnOptions::SERVER, server, strnlen_s( server ), connection_string );
// Check uid when Authentication is ActiveDirectoryMSI
// uid can be specified when using user-assigned identity
if (activeDirectoryMSI) {
if (uid != NULL && strnlen_s(uid) > 0) {
bool escaped = core_is_conn_opt_value_escaped(uid, strnlen_s(uid));
CHECK_CUSTOM_ERROR(!escaped, conn, SQLSRV_ERROR_UID_PWD_BRACES_NOT_ESCAPED) {
throw core::CoreException();
}
common_conn_str_append_func(ODBCConnOptions::UID, uid, strnlen_s(uid), connection_string);
}
}
// If uid is not present then we use trusted connection -- but not when connecting
// using the access token or Authentication is ActiveDirectoryMSI
if (!access_token_used && !activeDirectoryMSI) {

View file

@ -48,10 +48,42 @@ function connectInvalidServer()
}
}
function connectInvalidServerWithUser()
{
global $server, $driver, $uid, $pwd;
try {
$conn = new PDO("sqlsrv:server = $server; driver=$driver;", $uid, $pwd);
$msodbcsqlVer = $conn->getAttribute(PDO::ATTR_CLIENT_VERSION)["DriverVer"];
$version = explode(".", $msodbcsqlVer);
if ($version[0] < 17 || $version[1] < 3) {
//skip the rest of this test, which requires ODBC driver 17.3 or above
return;
}
unset($conn);
// Try connecting to an invalid server, should get an exception from ODBC
$connectionInfo = "Authentication = ActiveDirectoryMsi;";
$user = "user";
$testCase = 'invalidServer';
try {
$conn = new PDO("sqlsrv:server = invalidServer; $connectionInfo", $user, null);
echo $message . $testCase . PHP_EOL;
} catch(PDOException $e) {
// TODO: check the exception message here
}
} catch(PDOException $e) {
print_r($e->getMessage());
}
}
require_once('MsSetup.inc');
// Make a connection to an invalid server
connectInvalidServer();
connectInvalidServerWithUser();
echo "Done\n";
?>