WL14113 JDBC: Support LDAP/SASL/SCRAM-SHA-1 authentication

Author: silvakid

CMakeLists.txt

@@ -265,6 +265,37 @@ set_target_properties(connector-jdbc
   VERSION   "${MYSQLCPPCONN_SOVERSION}.${CONNECTOR_NUMERIC_VERSION}"
 )
 
+#
+# Embed rpath information in the connector library.
+#
+
+set_property(TARGET connector-jdbc PROPERTY BUILD_WITH_INSTALL_RPATH ON)
+
+# The $ORIGIN/@loader_path entry tells to look for dependent libraries in the
+# location where our connector library is stored.
+
+if(APPLE)
+  set_property(TARGET connector-jdbc APPEND PROPERTY INSTALL_RPATH "@loader_path")
+  if(CMAKE_BUILD_TYPE MATCHES "[Dd][Ee][Bb][Uu][Gg]")
+    set_property(TARGET connector-jdbc APPEND PROPERTY INSTALL_RPATH "@loader_path/../private")
+    set_property(TARGET connector-jdbc APPEND PROPERTY INSTALL_RPATH "@loader_path/../plugin")
+  else()
+    set_property(TARGET connector-jdbc APPEND PROPERTY INSTALL_RPATH "@loader_path/private")
+    set_property(TARGET connector-jdbc APPEND PROPERTY INSTALL_RPATH "@loader_path/plugin")
+  endif()
+elseif(NOT WIN32)
+  set_property(TARGET connector-jdbc APPEND PROPERTY INSTALL_RPATH "$ORIGIN")
+  if(CMAKE_BUILD_TYPE MATCHES "[Dd][Ee][Bb][Uu][Gg]")
+    set_property(TARGET connector-jdbc APPEND PROPERTY INSTALL_RPATH "$ORIGIN/../private")
+    set_property(TARGET connector-jdbc APPEND PROPERTY INSTALL_RPATH "$ORIGIN/../plugin")
+  else()
+    set_property(TARGET connector-jdbc APPEND PROPERTY INSTALL_RPATH "$ORIGIN/private")
+    set_property(TARGET connector-jdbc APPEND PROPERTY INSTALL_RPATH "$ORIGIN/plugin")
+  endif()
+
+endif()
+
+
 
 install(TARGETS connector-jdbc
   CONFIGURATIONS Release RelWithDebInfo
@@ -346,57 +377,64 @@ endif()
 
 if(BUNDLE_DEPENDENCIES)
 
-message("looking for bundled client lib deps: ${MYSQL_EXTERNAL_DEPENDENCIES}")
+  message("looking for bundled client lib deps: ${MYSQL_EXTERNAL_DEPENDENCIES}")
+
+  #
+  # Note: Currently we simply copy all libraries bundled in the server installation
+  # filtering-out these that we know are not needed on the client side.
+  #
+  # More precise approach would be to get information about external dependencies
+  # from mysql_config and other sources and bundle only these libraries that we
+  # know are needed. But this is not implemented yet. Note also that dependencies
+  # reported by mysql_config in MYSQL_EXTERNAL_DEPENDENCIES do not include things
+  # like client-side plugins and their dependencies.
+  #
 
-if(MYSQL_EXTERNAL_DEPENDENCIES)
+  file(GLOB _bundled1 "${MYSQL_LIB_DIR}/*${CMAKE_SHARED_LIBRARY_SUFFIX}*")
+  file(GLOB _bundled2 "${MYSQL_LIB_DIR}/private/*${CMAKE_SHARED_LIBRARY_SUFFIX}*")
 
-  foreach(lib ${MYSQL_EXTERNAL_DEPENDENCIES})
+  foreach(lib IN LISTS _bundled1 _bundled2)
 
-    #message("-- looking for: ${MYSQL_LIB_DIR}/*${lib}*${CMAKE_SHARED_LIBRARY_SUFFIX}*")
-    file(GLOB _bundled1 "${MYSQL_LIB_DIR}/private/*${CMAKE_SHARED_LIBRARY_PREFIX}${lib}${CMAKE_SHARED_LIBRARY_SUFFIX}*")
-    file(GLOB _bundled2 "${MYSQL_LIB_DIR}/*${CMAKE_SHARED_LIBRARY_PREFIX}${lib}${CMAKE_SHARED_LIBRARY_SUFFIX}*")
+    get_filename_component(lib_name ${lib} NAME_WE)
 
-    if(_bundled1 OR _bundled2)
+    # ssl|crypto are bundled on cdk/cmake/DepFindSSL.cmake
+    if(NOT lib_name MATCHES "mysql|protobuf|lber|ldap_r|ssl|crypto")
 
-      message("found bundled libs: ${_bundled1} ${_bundled2}")
+    message("found bundled libs: ${lib}")
 
-      install(FILES ${_bundled1} ${_bundled2}
-        DESTINATION "${INSTALL_LIB_DIR}"
-        COMPONENT JDBCDll
-      )
+    install(FILES "${lib}"
+      DESTINATION "${INSTALL_LIB_DIR}/private"
+      COMPONENT JDBCDll
+    )
 
     endif()
 
   endforeach()
 
-else()
+  file(GLOB _bundled "${MYSQL_PLUGIN_DIR}/*${CMAKE_SHARED_LIBRARY_SUFFIX}*")
 
-  #
-  # If detection of external MySQL library dependencies did not work for
-  # some reason, copy known dependencies if they are bundled with
-  # MySQL. This list would need to be updated if new required dependencies
-  # appear.
-  #
+  foreach(lib ${_bundled})
 
-  file(GLOB _bundled "${MYSQL_DIR}/lib/*${CMAKE_SHARED_LIBRARY_SUFFIX}*")
+    get_filename_component(lib_name ${lib} NAME_WE)
 
-  foreach(lib ${_bundled})
-    if(lib MATCHES "eay|ssl|crypto")
+    if(
+      lib_name MATCHES "_client"
+      AND NOT lib_name MATCHES "qa_auth_client"
+    )
 
-      message("found bundled libs: ${lib}")
+    message("found client plugin: ${lib}")
 
-      install(FILES "${lib}"
-        DESTINATION "${INSTALL_LIB_DIR}"
-        COMPONENT JDBCDll
-      )
+    install(FILES "${lib}"
+      DESTINATION "${INSTALL_LIB_DIR}/plugin"
+      COMPONENT JDBCDll
+    )
 
     endif()
   endforeach()
 
-endif()
-
 endif(BUNDLE_DEPENDENCIES)
 
+
 if(WITH_TESTS)
 
   if(NOT BUILD_SHARED_LIBS)

cmake/DepFindMySQL.cmake

@@ -44,6 +44,7 @@
 #  MYSQL_VERSION, MYSQL_VERSION_ID
 #  MYSQL_INCLUDE_DIR
 #  MYSQL_LIB_DIR
+#  MYSQL_PLUGIN_DIR
 #  MYSQL_EXTERNAL_DEPENDENCIES
 #
 ##########################################################################
@@ -59,6 +60,7 @@ add_config_option(WITH_MYSQL PATH
 
 add_config_option(MYSQL_INCLUDE_DIR PATH ADVANCED "Path to MYSQL headers.")
 add_config_option(MYSQL_LIB_DIR PATH ADVANCED "Path to MYSQL libraries.")
+add_config_option(MYSQL_PLUGIN_DIR PATH ADVANCED "Path to MYSQL plugin libraries.")
 
 
 function(main)
@@ -119,6 +121,10 @@ function(main)
         set(MYSQL_LIB_DIR "${MYSQL_DIR}/lib")
       endif()
 
+      if(NOT DEFINED MYSQL_PLUGIN_DIR AND MYSQL_LIB_DIR)
+        set(MYSQL_PLUGIN_DIR "${MYSQL_LIB_DIR}/plugin")
+      endif()
+
     endif()
 
   endif(MYSQL_CONFIG_EXECUTABLE)
@@ -146,6 +152,11 @@ function(main)
     FORCE
   )
 
+  set(MYSQL_PLUGIN_DIR "${MYSQL_PLUGIN_DIR}"
+    CACHE PATH "Path to MYSQL plugin libraries (computed)."
+    FORCE
+  )
+
 
   #
   # Searching for library.
@@ -460,12 +471,15 @@ function(use_mysql_config)
 
   _mysql_conf(MYSQL_INCLUDE_DIR --variable=pkgincludedir)
   _mysql_conf(MYSQL_LIB_DIR     --variable=pkglibdir)
+  _mysql_conf(MYSQL_PLUGIN_DIR     --variable=plugindir)
 
   file(TO_CMAKE_PATH "${MYSQL_INCLUDE_DIR}" MYSQL_INCLUDE_DIR)
   file(TO_CMAKE_PATH "${MYSQL_LIB_DIR}" MYSQL_LIB_DIR)
+  file(TO_CMAKE_PATH "${MYSQL_PLUGIN_DIR}" MYSQL_PLUGIN_DIR)
 
   set(MYSQL_INCLUDE_DIR "${MYSQL_INCLUDE_DIR}" PARENT_SCOPE)
   set(MYSQL_LIB_DIR "${MYSQL_LIB_DIR}" PARENT_SCOPE)
+  set(MYSQL_PLUGIN_DIR "${MYSQL_PLUGIN_DIR}" PARENT_SCOPE)
 
   # client library version (note: it will be cleaned up in get_version())
 

examples/connect.cpp

@@ -65,6 +65,11 @@ int main(int argc, const char **argv)
   const char* mysql_port = getenv("MYSQL_PORT");
   const char* mysql_user = getenv("MYSQL_USER");
   const char* mysql_password = getenv("MYSQL_PASSWORD");
+  const char* ldap_user = getenv("LDAP_USER");
+  const char* ldap_user_dn = getenv("LDAP_USER_DN");
+  const char* ldap_simple_pwd = getenv("LDAP_SIMPLE_PWD");
+  const char* ldap_scram_pwd = getenv("LDAP_SCRAM_PWD");
+  const char* plugin_dir = getenv("PLUGIN_DIR");
 
   string url(EXAMPLE_HOST);
   string user(EXAMPLE_USER);
@@ -101,7 +106,6 @@ int main(int argc, const char **argv)
     pass = mysql_password;
   }
 
-
   /* sql::ResultSet.rowsCount() returns size_t */
   size_t row;
   stringstream sql;
@@ -120,8 +124,6 @@ int main(int argc, const char **argv)
   try {
     sql::Driver * driver = sql::mysql::get_driver_instance();
 
-
-
     /* Using the Driver to create a connection */
     boost::scoped_ptr< sql::Connection > con(driver->connect(url, user, pass));
 
@@ -220,6 +222,113 @@ int main(int argc, const char **argv)
 
     cout << "#" << endl;
     cout << "#\t Demo of connection URL syntax" << endl;
+
+    //Lets first create ldap and sasl users
+    if(ldap_user || ldap_user_dn)
+    {
+      if(ldap_user_dn)
+      {
+        stringstream user_create;
+        stmt.reset(con->createStatement());
+        user_create << "CREATE USER ldap_simple IDENTIFIED WITH "
+                       "authentication_ldap_simple AS \""
+                    << ldap_user_dn
+                    << "\"";
+        try{
+        stmt->execute(user_create.str());
+        }catch(...)
+        {}
+      }
+
+      if(ldap_user)
+      {
+        stringstream user_create;
+        stmt.reset(con->createStatement());
+        user_create << "CREATE USER "
+                    << ldap_user
+                    << " IDENTIFIED WITH authentication_ldap_sasl";
+        try{
+        stmt->execute(user_create.str());
+        }catch(...)
+        {}
+      }
+    }
+
+    if(ldap_simple_pwd)
+    {
+      //AUTH USING SASL client side plugin
+      try {
+        /*
+         When using ldap simple authentication, we need to enable cleartext
+         plugin
+        */
+
+        sql::ConnectOptionsMap opts;
+        opts[OPT_HOSTNAME] = url;
+        opts[OPT_USERNAME] = "ldap_simple";
+        opts[OPT_PASSWORD] = ldap_simple_pwd;
+
+        opts[OPT_ENABLE_CLEARTEXT_PLUGIN] = true;
+
+        con.reset(driver->connect(opts));
+
+        auto *stmt = con->createStatement();
+        auto  *res = stmt->executeQuery("select 'Hello Simple LDAP'");
+
+        res->next();
+
+        std::cout << res->getString(1) << std::endl;
+
+        con->close();
+
+      } catch (sql::SQLException &e) {
+        cout << "#\t\t " << url << " caused expected exception when connecting using ldap_simple" << endl;
+        cout << "#\t\t " << e.what() << " (MySQL error code: " << e.getErrorCode();
+        cout << ", SQLState: " << e.getSQLState() << " )" << endl;
+        throw;
+      }
+    }
+
+    if(ldap_user && ldap_scram_pwd)
+    {
+      //AUTH USING SASL client side plugin
+      try {
+        /*
+         When using client side plugins (this case for SCRAM-SHA1 SASL
+         authentication, plugin_dir might have to be set (if not using default
+         location)
+        */
+
+        sql::ConnectOptionsMap opts;
+        opts[OPT_HOSTNAME] = url;
+        opts[OPT_USERNAME] = ldap_user;
+        opts[OPT_PASSWORD] = ldap_scram_pwd;
+
+        if(plugin_dir)
+        {
+          opts[OPT_PLUGIN_DIR] = plugin_dir;
+        }
+
+        con.reset(driver->connect(opts));
+
+        auto *stmt = con->createStatement();
+        auto  *res = stmt->executeQuery("select 'Hello SASL'");
+
+        res->next();
+
+        std::cout << res->getString(1) << std::endl;
+
+        con->close();
+
+      } catch (sql::SQLException &e) {
+        cout << "#\t\t " << url << " caused expected exception when connecting using "<< ldap_user << endl;
+        cout << "#\t\t " << e.what() << " (MySQL error code: " << e.getErrorCode();
+        cout << ", SQLState: " << e.getSQLState() << " )" << endl;
+        throw;
+      }
+    }
+
+
     try {
       /*s This will implicitly assume that the host is 'localhost' */
       url = "unix://path_to_mysql_socket.sock";