JDBC: Support LDAP/SASL/SCRAM-SHA-1 authentication

Author: silvakid

CMakeLists.txt

@@ -265,6 +265,37 @@ set_target_properties(connector-jdbc
   VERSION   "${MYSQLCPPCONN_SOVERSION}.${CONNECTOR_NUMERIC_VERSION}"
 )
 
+#
+# Embed rpath information in the connector library.
+#
+
+set_property(TARGET connector-jdbc PROPERTY BUILD_WITH_INSTALL_RPATH ON)
+
+# The $ORIGIN/@loader_path entry tells to look for dependent libraries in the
+# location where our connector library is stored.
+
+if(APPLE)
+  set_property(TARGET connector-jdbc APPEND PROPERTY INSTALL_RPATH "@loader_path")
+  if(CMAKE_BUILD_TYPE MATCHES "[Dd][Ee][Bb][Uu][Gg]")
+    set_property(TARGET connector-jdbc APPEND PROPERTY INSTALL_RPATH "@loader_path/../private")
+    set_property(TARGET connector-jdbc APPEND PROPERTY INSTALL_RPATH "@loader_path/../plugin")
+  else()
+    set_property(TARGET connector-jdbc APPEND PROPERTY INSTALL_RPATH "@loader_path/private")
+    set_property(TARGET connector-jdbc APPEND PROPERTY INSTALL_RPATH "@loader_path/plugin")
+  endif()
+elseif(NOT WIN32)
+  set_property(TARGET connector-jdbc APPEND PROPERTY INSTALL_RPATH "$ORIGIN")
+  if(CMAKE_BUILD_TYPE MATCHES "[Dd][Ee][Bb][Uu][Gg]")
+    set_property(TARGET connector-jdbc APPEND PROPERTY INSTALL_RPATH "$ORIGIN/../private")
+    set_property(TARGET connector-jdbc APPEND PROPERTY INSTALL_RPATH "$ORIGIN/../plugin")
+  else()
+    set_property(TARGET connector-jdbc APPEND PROPERTY INSTALL_RPATH "$ORIGIN/private")
+    set_property(TARGET connector-jdbc APPEND PROPERTY INSTALL_RPATH "$ORIGIN/plugin")
+  endif()
+
+endif()
+
+
 
 install(TARGETS connector-jdbc
   CONFIGURATIONS Release RelWithDebInfo

cmake/DepFindMySQL.cmake

@@ -44,6 +44,7 @@
 #  MYSQL_VERSION, MYSQL_VERSION_ID
 #  MYSQL_INCLUDE_DIR
 #  MYSQL_LIB_DIR
+#  MYSQL_PLUGIN_DIR
 #  MYSQL_EXTERNAL_DEPENDENCIES
 #
 ##########################################################################
@@ -59,6 +60,7 @@ add_config_option(WITH_MYSQL PATH
 
 add_config_option(MYSQL_INCLUDE_DIR PATH ADVANCED "Path to MYSQL headers.")
 add_config_option(MYSQL_LIB_DIR PATH ADVANCED "Path to MYSQL libraries.")
+add_config_option(MYSQL_PLUGIN_DIR PATH ADVANCED "Path to MYSQL plugin libraries.")
 
 
 function(main)
@@ -119,6 +121,10 @@ function(main)
         set(MYSQL_LIB_DIR "${MYSQL_DIR}/lib")
       endif()
 
+      if(NOT DEFINED MYSQL_PLUGIN_DIR AND MYSQL_LIB_DIR)
+        set(MYSQL_PLUGIN_DIR "${MYSQL_LIB_DIR}/plugin")
+      endif()
+
     endif()
 
   endif(MYSQL_CONFIG_EXECUTABLE)
@@ -316,6 +322,10 @@ function(main)
   # Stores result in MYSQL_EXTERNAL_DEPENDENCIES.
   #
 
+  if(BUNDLE_DEPENDENCIES)
+    bundle_dependencies()
+  endif()
+
   get_dependencies()
 
   message("  version: ${MYSQL_VERSION}")
@@ -449,6 +459,48 @@ endfunction(get_dependencies)
 ##################################################################
 
 
+function(bundle_dependencies)
+# Get client side plugins and its dependencies
+
+  message("MYSQL_PLUGIN_DIR: ${MYSQL_PLUGIN_DIR}")
+
+  find_file(SASL_CLIENT
+  NAMES authentication_ldap_sasl_client.so authentication_ldap_sasl_client.dll authentication_ldap_sasl_client.dylib
+  HINTS ${MYSQL_PLUGIN_DIR}
+  NO_DEFAULT_PATH
+  )
+
+  message("SASL_CLIENT: ${SASL_CLIENT}")
+
+  if(SASL_CLIENT)
+
+    install(FILES ${SASL_CLIENT}
+      DESTINATION "${INSTALL_LIB_DIR}/plugin"
+      COMPONENT SASLDll
+    )
+
+    INCLUDE(GetPrerequisites)
+    GET_PREREQUISITES(${SASL_CLIENT} SASL_DEPENDENCIES 1 0 "" "")
+
+    if(SASL_DEPENDENCIES)
+      message("SASL_DEPENDENCIES: ${SASL_DEPENDENCIES}")
+      foreach (_file ${SASL_DEPENDENCIES})
+          get_filename_component(_resolvedFile "${_file}" REALPATH)
+          install(FILES ${_file} ${_resolvedFile}
+            DESTINATION "${INSTALL_LIB_DIR}/private"
+            COMPONENT SASLDll
+            )
+      endforeach()
+
+    endif()
+
+  endif()
+
+endfunction(bundle_dependencies)
+
+##################################################################
+
+
 function(use_mysql_config)
 
   if(NOT EXISTS "${MYSQL_CONFIG_EXECUTABLE}")
@@ -460,12 +512,15 @@ function(use_mysql_config)
 
   _mysql_conf(MYSQL_INCLUDE_DIR --variable=pkgincludedir)
   _mysql_conf(MYSQL_LIB_DIR     --variable=pkglibdir)
+  _mysql_conf(MYSQL_PLUGIN_DIR     --variable=plugindir)
 
   file(TO_CMAKE_PATH "${MYSQL_INCLUDE_DIR}" MYSQL_INCLUDE_DIR)
   file(TO_CMAKE_PATH "${MYSQL_LIB_DIR}" MYSQL_LIB_DIR)
+  file(TO_CMAKE_PATH "${MYSQL_PLUGIN_DIR}" MYSQL_PLUGIN_DIR)
 
   set(MYSQL_INCLUDE_DIR "${MYSQL_INCLUDE_DIR}" PARENT_SCOPE)
   set(MYSQL_LIB_DIR "${MYSQL_LIB_DIR}" PARENT_SCOPE)
+  set(MYSQL_PLUGIN_DIR "${MYSQL_PLUGIN_DIR}" PARENT_SCOPE)
 
   # client library version (note: it will be cleaned up in get_version())
 

examples/connect.cpp

@@ -65,6 +65,10 @@ int main(int argc, const char **argv)
   const char* mysql_port = getenv("MYSQL_PORT");
   const char* mysql_user = getenv("MYSQL_USER");
   const char* mysql_password = getenv("MYSQL_PASSWORD");
+  const char* ldap_user = getenv("LDAP_USER");
+  const char* ldap_simple_pwd = getenv("LDAP_SIMPLE_PWD");
+  const char* ldap_scram_pwd = getenv("LDAP_SCRAM_PWD");
+  const char* plugin_dir = getenv("PLUGIN_DIR");
 
   string url(EXAMPLE_HOST);
   string user(EXAMPLE_USER);
@@ -220,6 +224,88 @@ int main(int argc, const char **argv)
 
     cout << "#" << endl;
     cout << "#\t Demo of connection URL syntax" << endl;
+
+    if(ldap_simple_pwd)
+    {
+      //AUTH USING SASL client side plugin
+      try {
+        /*
+         When using ldap simple authentication, we need to enable cleartext
+         plugin
+        */
+
+        sql::ConnectOptionsMap opts;
+        opts[OPT_HOSTNAME] = url;
+        // We expect ldap_simple is the mysql user
+        opts[OPT_USERNAME] = "ldap_simple";
+        opts[OPT_PASSWORD] = ldap_simple_pwd;
+
+
+        opts[OPT_ENABLE_CLEARTEXT_PLUGIN] = true;
+
+        con.reset(driver->connect(opts));
+
+        auto *stmt = con->createStatement();
+        auto  *res = stmt->executeQuery("select 'Hello Simple LDAP'");
+
+        res->next();
+
+        std::cout << res->getString(1) << std::endl;
+
+        con->close();
+
+      } catch (sql::SQLException &e) {
+        cout << "#\t\t " << url << " caused expected exception when connecting using ldap_simple" << endl;
+        cout << "#\t\t " << e.what() << " (MySQL error code: " << e.getErrorCode();
+        cout << ", SQLState: " << e.getSQLState() << " )" << endl;
+        throw;
+      }
+    }
+
+    if(ldap_user && ldap_scram_pwd)
+    {
+      //AUTH USING SASL client side plugin
+      try {
+        /*
+         When using client side plugins (this case for SCRAM-SHA1 SASL
+         authentication, plugin_dir might have to be set (if not using default
+         location)
+        */
+
+        sql::ConnectOptionsMap opts;
+        opts[OPT_HOSTNAME] = url;
+        opts[OPT_USERNAME] = ldap_user;
+        opts[OPT_PASSWORD] = ldap_scram_pwd;
+
+        if(plugin_dir)
+        {
+          opts[OPT_PLUGIN_DIR] = plugin_dir;
+        }
+
+        try {
+          con.reset(driver->connect(opts));
+        }
+        catch(...){}
+        con.reset(driver->connect(opts));
+
+        auto *stmt = con->createStatement();
+        auto  *res = stmt->executeQuery("select 'Hello SASL'");
+
+        res->next();
+
+        std::cout << res->getString(1) << std::endl;
+
+        con->close();
+
+      } catch (sql::SQLException &e) {
+        cout << "#\t\t " << url << " caused expected exception when connecting using "<< user << endl;
+        cout << "#\t\t " << e.what() << " (MySQL error code: " << e.getErrorCode();
+        cout << ", SQLState: " << e.getSQLState() << " )" << endl;
+        throw;
+      }
+    }
+
+
     try {
       /*s This will implicitly assume that the host is 'localhost' */
       url = "unix://path_to_mysql_socket.sock";