Merge branch 'dev' into maxResultBuffer

microsoft · Nov 23, 2020 · 8f2336d · 8f2336d
2 parents 989d362 + 9f7b5c6
commit 8f2336d
Show file tree

Hide file tree

Showing 15 changed files with 281 additions and 71 deletions.
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
@@ -38,7 +38,7 @@ jobs:
     name: authDLL
     displayName: 'Download mssql-jdbc_auth DLL'
     inputs:
-      secureFile: 'mssql-jdbc_auth-9.1.0.x64-preview.dll'
+      secureFile: 'mssql-jdbc_auth-9.1.1.x64-preview.dll'
   - task: Maven@3
     displayName: 'Maven build jre15'
     inputs:

diff --git a/build.gradle b/build.gradle
@@ -14,7 +14,7 @@
 
 apply plugin: 'java'
 
-version = '9.1.0'
+version = '9.1.1-SNAPSHOT'
 def jreVersion = ""
 def testOutputDir = file("build/classes/java/test")
 def archivesBaseName = 'mssql-jdbc'

diff --git a/pom.xml b/pom.xml
@@ -6,7 +6,7 @@
 
 	<groupId>com.microsoft.sqlserver</groupId>
 	<artifactId>mssql-jdbc</artifactId>
-	<version>9.1.0</version>
+	<version>9.1.1-SNAPSHOT</version>
 	<packaging>jar</packaging>
 
 	<name>Microsoft JDBC Driver for SQL Server</name>

diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/IOBuffer.java b/src/main/java/com/microsoft/sqlserver/jdbc/IOBuffer.java
@@ -110,6 +110,7 @@ final class TDS {
     static final byte ADALWORKFLOW_ACTIVEDIRECTORYPASSWORD = 0x01;
     static final byte ADALWORKFLOW_ACTIVEDIRECTORYINTEGRATED = 0x02;
     static final byte ADALWORKFLOW_ACTIVEDIRECTORYMSI = 0x03;
+    static final byte ADALWORKFLOW_ACTIVEDIRECTORYSERVICEPRINCIPAL = 0x01; // Using the Password byte as that is the closest we have.
     static final byte FEDAUTH_INFO_ID_STSURL = 0x01; // FedAuthInfoData is token endpoint URL from which to acquire fed
                                                      // auth token
     static final byte FEDAUTH_INFO_ID_SPN = 0x02; // FedAuthInfoData is the SPN to use for acquiring fed auth token

diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/ISQLServerDataSource.java b/src/main/java/com/microsoft/sqlserver/jdbc/ISQLServerDataSource.java
@@ -1021,16 +1021,47 @@ public interface ISQLServerDataSource extends javax.sql.CommonDataSource {
      */
     void setSendTemporalDataTypesAsStringForBulkCopy(boolean sendTemporalDataTypesAsStringForBulkCopy);
 
+    /**
+     * Returns the value for the connection property 'AADSecurePrincipalId'.
+     *
+     * @return 'AADSecurePrincipalId' property value.
+     */
+    String getAADSecurePrincipalId();
+
+    /**
+     * Sets the 'AADSecurePrincipalId' connection property used for Active Directory Service Principal authentication.
+     *
+     * @param AADSecurePrincipalId
+     *        Active Directory Service Principal Id.
+     */
+    void setAADSecurePrincipalId(String AADSecurePrincipalId);
+
+    /**
+     * Returns the value for the connection property 'AADSecurePrincipalSecret'.
+     *
+     * @return 'AADSecurePrincipalSecret' property value.
+     */
+    String getAADSecurePrincipalSecret();
+
+    /**
+     * Sets the 'AADSecurePrincipalSecret' connection property used for Active Directory Service Principal
+     * authentication.
+     *
+     * @param AADSecurePrincipalSecret
+     *        Active Directory Service Principal secret.
+     */
+    void setAADSecurePrincipalSecret(String AADSecurePrincipalSecret);
+
     /**
      * Returns value of 'maxResultBuffer' from Connection String.
-     * 
+     *
      * @return 'maxResultBuffer' property.
      */
     String getMaxResultBuffer();
 
     /**
      * Specifies value for 'maxResultBuffer' property
-     * 
+     *
      * @param maxResultBuffer
      *        String value for 'maxResultBuffer'
      */

diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/SQLJdbcVersion.java b/src/main/java/com/microsoft/sqlserver/jdbc/SQLJdbcVersion.java
@@ -8,7 +8,7 @@
 final class SQLJdbcVersion {
     static final int major = 9;
     static final int minor = 1;
-    static final int patch = 0;
+    static final int patch = 1;
     static final int build = 0;
     /*
      * Used to load mssql-jdbc_auth DLL.

diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java
@@ -137,6 +137,8 @@ public class SQLServerConnection implements ISQLServerConnection, java.io.Serial
     private String clientCertificate = null;
     private String clientKey = null;
     private String clientKeyPassword = "";
+    private String aadPrincipalID = "";
+    private String aadPrincipalSecret = "";
 
     private boolean sendTemporalDataTypesAsStringForBulkCopy = true;
 
@@ -404,6 +406,9 @@ class FederatedAuthenticationFeatureExtensionData implements Serializable {
                 case "ACTIVEDIRECTORYMSI":
                     this.authentication = SqlAuthentication.ActiveDirectoryMSI;
                     break;
+                case "ACTIVEDIRECTORYSERVICEPRINCIPAL":
+                    this.authentication = SqlAuthentication.ActiveDirectoryServicePrincipal;
+                    break;
                 default:
                     assert (false);
                     MessageFormat form = new MessageFormat(
@@ -1760,6 +1765,22 @@ Connection connectInternal(Properties propsIn,
                 }
             }
 
+            sPropKey = SQLServerDriverStringProperty.AAD_SECURE_PRINCIPAL_ID.toString();
+            sPropValue = activeConnectionProperties.getProperty(sPropKey);
+            if (null == sPropValue) {
+                sPropValue = SQLServerDriverStringProperty.AAD_SECURE_PRINCIPAL_ID.getDefaultValue();
+                activeConnectionProperties.setProperty(sPropKey, sPropValue);
+            }
+            aadPrincipalID = sPropValue;
+
+            sPropKey = SQLServerDriverStringProperty.AAD_SECURE_PRINCIPAL_SECRET.toString();
+            sPropValue = activeConnectionProperties.getProperty(sPropKey);
+            if (null == sPropValue) {
+                sPropValue = SQLServerDriverStringProperty.AAD_SECURE_PRINCIPAL_SECRET.getDefaultValue();
+                activeConnectionProperties.setProperty(sPropKey, sPropValue);
+            }
+            aadPrincipalSecret = sPropValue;
+
             // Must be set after STATEMENT_POOLING_CACHE_SIZE
             sPropKey = SQLServerDriverBooleanProperty.DISABLE_STATEMENT_POOLING.toString();
             sPropValue = activeConnectionProperties.getProperty(sPropKey);
@@ -1866,6 +1887,20 @@ Connection connectInternal(Properties propsIn,
                         null);
             }
 
+            if (authenticationString.equalsIgnoreCase(SqlAuthentication.ActiveDirectoryServicePrincipal.toString())
+                    && ((activeConnectionProperties
+                            .getProperty(SQLServerDriverStringProperty.AAD_SECURE_PRINCIPAL_ID.toString()).isEmpty())
+                            || (activeConnectionProperties
+                                    .getProperty(SQLServerDriverStringProperty.AAD_SECURE_PRINCIPAL_SECRET.toString())
+                                    .isEmpty()))) {
+                if (connectionlogger.isLoggable(Level.SEVERE)) {
+                    connectionlogger.severe(toString() + " "
+                            + SQLServerException.getErrString("R_NoUserPasswordForActiveServicePrincipal"));
+                }
+                throw new SQLServerException(
+                        SQLServerException.getErrString("R_NoUserPasswordForActiveServicePrincipal"), null);
+            }
+
             if (authenticationString.equalsIgnoreCase(SqlAuthentication.SqlPassword.toString())
                     && ((activeConnectionProperties.getProperty(SQLServerDriverStringProperty.USER.toString())
                             .isEmpty())
@@ -2720,6 +2755,8 @@ private InetSocketAddress connectHelper(ServerPortPlaceHolder serverInfo, int ti
 
         // We have successfully connected, now do the login. logon takes seconds timeout
         executeCommand(new LogonCommand());
+        aadPrincipalSecret = "";
+        activeConnectionProperties.remove(SQLServerDriverStringProperty.AAD_SECURE_PRINCIPAL_SECRET.toString());
         return inetSocketAddress;
     }
 
@@ -3888,6 +3925,9 @@ int writeFedAuthFeatureRequest(boolean write, /* if false just calculates the le
                         case ActiveDirectoryMSI:
                             workflow = TDS.ADALWORKFLOW_ACTIVEDIRECTORYMSI;
                             break;
+                        case ActiveDirectoryServicePrincipal:
+                            workflow = TDS.ADALWORKFLOW_ACTIVEDIRECTORYSERVICEPRINCIPAL;
+                            break;
                         default:
                             assert (false); // Unrecognized Authentication type for fedauth ADAL request
                             break;
@@ -3982,15 +4022,17 @@ private void logon(LogonCommand command) throws SQLServerException {
                         ntlmPasswordHash, hostName);
             }
         }
-
-        // If the workflow being used is Active Directory Password or Active Directory Integrated and server's prelogin
-        // response
-        // for FEDAUTHREQUIRED option indicates Federated Authentication is required, we have to insert FedAuth Feature
-        // Extension
-        // in Login7, indicating the intent to use Active Directory Authentication Library for SQL Server.
+        /*
+         * If the workflow being used is Active Directory Password or Active Directory Integrated and server's prelogin
+         * response for FEDAUTHREQUIRED option indicates Federated Authentication is required, we have to insert FedAuth
+         * Feature Extension in Login7, indicating the intent to use Active Directory Authentication Library for SQL
+         * Server.
+         */
         if (authenticationString.equalsIgnoreCase(SqlAuthentication.ActiveDirectoryPassword.toString())
                 || ((authenticationString.equalsIgnoreCase(SqlAuthentication.ActiveDirectoryIntegrated.toString())
-                        || authenticationString.equalsIgnoreCase(SqlAuthentication.ActiveDirectoryMSI.toString()))
+                        || authenticationString.equalsIgnoreCase(SqlAuthentication.ActiveDirectoryMSI.toString())
+                        || authenticationString
+                                .equalsIgnoreCase(SqlAuthentication.ActiveDirectoryServicePrincipal.toString()))
                         && fedAuthRequiredPreLoginResponse)) {
             federatedAuthenticationInfoRequested = true;
             fedAuthFeatureExtensionData = new FederatedAuthenticationFeatureExtensionData(TDS.TDS_FEDAUTH_LIBRARY_ADAL,
@@ -4000,16 +4042,18 @@ private void logon(LogonCommand command) throws SQLServerException {
         if (null != accessTokenInByte) {
             fedAuthFeatureExtensionData = new FederatedAuthenticationFeatureExtensionData(
                     TDS.TDS_FEDAUTH_LIBRARY_SECURITYTOKEN, fedAuthRequiredPreLoginResponse, accessTokenInByte);
-            // No need any further info from the server for token based authentication. So set
-            // _federatedAuthenticationRequested to true
+            /*
+             * No need any further info from the server for token based authentication. So set
+             * _federatedAuthenticationRequested to true
+             */
             federatedAuthenticationRequested = true;
         }
         try {
             sendLogon(command, authentication, fedAuthFeatureExtensionData);
-
-            // If we got routed in the current attempt,
-            // the server closes the connection. So, we should not
-            // be sending anymore commands to the server in that case.
+            /*
+             * If we got routed in the current attempt, the server closes the connection. So, we should not be sending
+             * anymore commands to the server in that case.
+             */
             if (!isRoutedInCurrentAttempt) {
                 originalCatalog = sCatalog;
                 String sqlStmt = sqlStatementToInitialize();
@@ -4469,6 +4513,13 @@ private SqlFedAuthToken getFedAuthToken(SqlFedAuthInfo fedAuthInfo) throws SQLSe
                 fedAuthToken = SQLServerSecurityUtility.getMSIAuthToken(fedAuthInfo.spn,
                         activeConnectionProperties.getProperty(SQLServerDriverStringProperty.MSI_CLIENT_ID.toString()));
 
+                // Break out of the retry loop in successful case.
+                break;
+            } else if (authenticationString
+                    .equalsIgnoreCase(SqlAuthentication.ActiveDirectoryServicePrincipal.toString())) {
+                fedAuthToken = SQLServerMSAL4JUtils.getSqlFedAuthTokenPrincipal(fedAuthInfo, aadPrincipalID,
+                        aadPrincipalSecret, authenticationString);
+
                 // Break out of the retry loop in successful case.
                 break;
             } else if (authenticationString.equalsIgnoreCase(SqlAuthentication.ActiveDirectoryIntegrated.toString())) {

diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDataSource.java b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDataSource.java
@@ -1018,6 +1018,30 @@ public void setClientKeyPassword(String password) {
         setStringProperty(connectionProps, SQLServerDriverStringProperty.CLIENT_KEY_PASSWORD.toString(), password);
     }
 
+    @Override
+    public String getAADSecurePrincipalId() {
+        return getStringProperty(connectionProps, SQLServerDriverStringProperty.AAD_SECURE_PRINCIPAL_ID.toString(),
+                SQLServerDriverStringProperty.AAD_SECURE_PRINCIPAL_ID.getDefaultValue());
+    }
+
+    @Override
+    public void setAADSecurePrincipalId(String AADSecurePrincipalId) {
+        setStringProperty(connectionProps, SQLServerDriverStringProperty.AAD_SECURE_PRINCIPAL_ID.toString(),
+                AADSecurePrincipalId);
+    }
+
+    @Override
+    public String getAADSecurePrincipalSecret() {
+        return getStringProperty(connectionProps, SQLServerDriverStringProperty.AAD_SECURE_PRINCIPAL_SECRET.toString(),
+                SQLServerDriverStringProperty.AAD_SECURE_PRINCIPAL_SECRET.getDefaultValue());
+    }
+
+    @Override
+    public void setAADSecurePrincipalSecret(String AADSecurePrincipalSecret) {
+        setStringProperty(connectionProps, SQLServerDriverStringProperty.AAD_SECURE_PRINCIPAL_SECRET.toString(),
+                AADSecurePrincipalSecret);
+    }
+
     @Override
     public boolean getSendTemporalDataTypesAsStringForBulkCopy() {
         return getBooleanProperty(connectionProps,

diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDriver.java b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDriver.java
@@ -65,7 +65,8 @@ enum SqlAuthentication {
     SqlPassword,
     ActiveDirectoryPassword,
     ActiveDirectoryIntegrated,
-    ActiveDirectoryMSI;
+    ActiveDirectoryMSI,
+    ActiveDirectoryServicePrincipal;
 
     static SqlAuthentication valueOfString(String value) throws SQLServerException {
         SqlAuthentication method = null;
@@ -82,6 +83,9 @@ static SqlAuthentication valueOfString(String value) throws SQLServerException {
             method = SqlAuthentication.ActiveDirectoryIntegrated;
         } else if (value.toLowerCase(Locale.US).equalsIgnoreCase(SqlAuthentication.ActiveDirectoryMSI.toString())) {
             method = SqlAuthentication.ActiveDirectoryMSI;
+        } else if (value.toLowerCase(Locale.US)
+                .equalsIgnoreCase(SqlAuthentication.ActiveDirectoryServicePrincipal.toString())) {
+            method = SqlAuthentication.ActiveDirectoryServicePrincipal;
         } else {
             MessageFormat form = new MessageFormat(SQLServerException.getErrString("R_InvalidConnectionSetting"));
             Object[] msgArgs = {"authentication", value};
@@ -367,6 +371,8 @@ enum SQLServerDriverStringProperty {
     CLIENT_CERTIFICATE("clientCertificate", ""),
     CLIENT_KEY("clientKey", ""),
     CLIENT_KEY_PASSWORD("clientKeyPassword", ""),
+    AAD_SECURE_PRINCIPAL_ID("AADSecurePrincipalId", ""),
+    AAD_SECURE_PRINCIPAL_SECRET("AADSecurePrincipalSecret", ""),
     MAX_RESULT_BUFFER("maxResultBuffer", "-1");
 
     private final String name;
@@ -583,7 +589,9 @@ public final class SQLServerDriver implements java.sql.Driver {
                     new String[] {SqlAuthentication.NotSpecified.toString(), SqlAuthentication.SqlPassword.toString(),
                             SqlAuthentication.ActiveDirectoryPassword.toString(),
                             SqlAuthentication.ActiveDirectoryIntegrated.toString(),
-                            SqlAuthentication.ActiveDirectoryMSI.toString()}),
+                            SqlAuthentication.ActiveDirectoryMSI.toString(),
+                            SqlAuthentication.ActiveDirectoryServicePrincipal
+                                    .toString()}),
             new SQLServerDriverPropertyInfo(SQLServerDriverIntProperty.SOCKET_TIMEOUT.toString(),
                     Integer.toString(SQLServerDriverIntProperty.SOCKET_TIMEOUT.getDefaultValue()), false, null),
             new SQLServerDriverPropertyInfo(SQLServerDriverBooleanProperty.FIPS.toString(),
@@ -636,6 +644,10 @@ public final class SQLServerDriver implements java.sql.Driver {
                     Boolean.toString(SQLServerDriverBooleanProperty.SEND_TEMPORAL_DATATYPES_AS_STRING_FOR_BULK_COPY
                             .getDefaultValue()),
                     false, TRUE_FALSE),
+            new SQLServerDriverPropertyInfo(SQLServerDriverStringProperty.AAD_SECURE_PRINCIPAL_ID.toString(),
+                    SQLServerDriverStringProperty.AAD_SECURE_PRINCIPAL_ID.getDefaultValue(), false, null),
+            new SQLServerDriverPropertyInfo(SQLServerDriverStringProperty.AAD_SECURE_PRINCIPAL_SECRET.toString(),
+                    SQLServerDriverStringProperty.AAD_SECURE_PRINCIPAL_SECRET.getDefaultValue(), false, null),
             new SQLServerDriverPropertyInfo(SQLServerDriverStringProperty.MAX_RESULT_BUFFER.toString(),
                     SQLServerDriverStringProperty.MAX_RESULT_BUFFER.getDefaultValue(), false, null),};