Fixed ActiveDirectoryMsi Authentication behavior when specified UID (#1374)
* ActiveDirectoryMsi uid-specified support
This commit is contained in:
parent
ba53591cf5
commit
a11822b154
|
@ -676,8 +676,8 @@ void build_connection_string_and_set_conn_attr( _Inout_ sqlsrv_conn* conn, _Inou
|
|||
|
||||
try {
|
||||
// Since connection options access token and authentication cannot coexist, check if both of them are used.
|
||||
// If access token is specified, check UID and PWD as well.
|
||||
// No need to check the keyword Trusted_Connection because it is not among the acceptable options for SQLSRV drivers
|
||||
// If access token is specified, check UID and PWD as well.
|
||||
// No need to check the keyword Trusted_Connection because it is not among the acceptable options for SQLSRV drivers
|
||||
if (zend_hash_index_exists(options, SQLSRV_CONN_OPTION_ACCESS_TOKEN)) {
|
||||
bool invalidOptions = false;
|
||||
|
||||
|
@ -715,6 +715,19 @@ void build_connection_string_and_set_conn_attr( _Inout_ sqlsrv_conn* conn, _Inou
|
|||
// Add the server name
|
||||
common_conn_str_append_func( ODBCConnOptions::SERVER, server, strnlen_s( server ), connection_string );
|
||||
|
||||
// Check uid when Authentication is ActiveDirectoryMSI
|
||||
// uid can be specified when using user-assigned identity
|
||||
if (activeDirectoryMSI) {
|
||||
if (uid != NULL && strnlen_s(uid) > 0) {
|
||||
bool escaped = core_is_conn_opt_value_escaped(uid, strnlen_s(uid));
|
||||
CHECK_CUSTOM_ERROR(!escaped, conn, SQLSRV_ERROR_UID_PWD_BRACES_NOT_ESCAPED) {
|
||||
throw core::CoreException();
|
||||
}
|
||||
|
||||
common_conn_str_append_func(ODBCConnOptions::UID, uid, strnlen_s(uid), connection_string);
|
||||
}
|
||||
}
|
||||
|
||||
// If uid is not present then we use trusted connection -- but not when connecting
|
||||
// using the access token or Authentication is ActiveDirectoryMSI
|
||||
if (!access_token_used && !activeDirectoryMSI) {
|
||||
|
|
|
@ -48,10 +48,42 @@ function connectInvalidServer()
|
|||
}
|
||||
}
|
||||
|
||||
function connectInvalidServerWithUser()
|
||||
{
|
||||
global $server, $driver, $uid, $pwd;
|
||||
|
||||
try {
|
||||
$conn = new PDO("sqlsrv:server = $server; driver=$driver;", $uid, $pwd);
|
||||
|
||||
$msodbcsqlVer = $conn->getAttribute(PDO::ATTR_CLIENT_VERSION)["DriverVer"];
|
||||
$version = explode(".", $msodbcsqlVer);
|
||||
|
||||
if ($version[0] < 17 || $version[1] < 3) {
|
||||
//skip the rest of this test, which requires ODBC driver 17.3 or above
|
||||
return;
|
||||
}
|
||||
unset($conn);
|
||||
|
||||
// Try connecting to an invalid server, should get an exception from ODBC
|
||||
$connectionInfo = "Authentication = ActiveDirectoryMsi;";
|
||||
$user = "user";
|
||||
$testCase = 'invalidServer';
|
||||
try {
|
||||
$conn = new PDO("sqlsrv:server = invalidServer; $connectionInfo", $user, null);
|
||||
echo $message . $testCase . PHP_EOL;
|
||||
} catch(PDOException $e) {
|
||||
// TODO: check the exception message here
|
||||
}
|
||||
} catch(PDOException $e) {
|
||||
print_r($e->getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
require_once('MsSetup.inc');
|
||||
|
||||
// Make a connection to an invalid server
|
||||
connectInvalidServer();
|
||||
connectInvalidServerWithUser();
|
||||
|
||||
echo "Done\n";
|
||||
?>
|
||||
|
|
Loading…
Reference in a new issue