Merge pull request #1 from mhaderman/dev

Dev

Author: mhaderman

src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnectionPoolProxy.java

@@ -32,7 +32,7 @@
 
 /**
  * SQLServerConnectionPoolProxy is a wrapper around SQLServerConnection object. When returning a connection object from PooledConnection.getConnection
- * we returnt this proxy per SPEC.
+ * we return this proxy per SPEC.
  * <p>
  * This class's public functions need to be kept identical to the SQLServerConnection's.
  * <p>
@@ -114,7 +114,7 @@ public void commit() throws SQLServerException {
     }
 
     /**
-     * Rollback a transcation.
+     * Rollback a transaction.
      *
      * @throws SQLServerException
      *             if no transaction exists or if the connection is in auto-commit mode.

src/main/java/com/microsoft/sqlserver/jdbc/SQLServerParameterMetaData.java

@@ -366,7 +366,7 @@ private class MetaInfo {
      */
     private MetaInfo parseStatement(String sql,
             String sTableMarker) {
-        StringTokenizer st = new StringTokenizer(sql, " ,", true);
+        StringTokenizer st = new StringTokenizer(sql, " ,\r\n", true);
 
         /* Find the table */
 
@@ -375,6 +375,10 @@ private MetaInfo parseStatement(String sql,
         while (st.hasMoreTokens()) {
             String sToken = st.nextToken().trim();
 
+            if(sToken.contains("*/")){
+                sToken = removeCommentsInTheBeginning(sToken, 0, 0, "/*", "*/");
+            }
+
             if (sToken.equalsIgnoreCase(sTableMarker)) {
                 if (st.hasMoreTokens()) {
                     metaTable = escapeParse(st, st.nextToken());
@@ -409,6 +413,18 @@ private MetaInfo parseStatement(String sql) throws SQLServerException {
         if (st.hasMoreTokens()) {
             String sToken = st.nextToken().trim();
 
+            // filter out multiple line comments in the beginning of the query
+            if (sToken.contains("/*")) {
+                String sqlWithoutCommentsInBeginning = removeCommentsInTheBeginning(sql, 0, 0, "/*", "*/");
+                return parseStatement(sqlWithoutCommentsInBeginning);
+            }
+
+            // filter out single line comments in the beginning of the query
+            if (sToken.contains("--")) {
+                String sqlWithoutCommentsInBeginning = removeCommentsInTheBeginning(sql, 0, 0, "--", "\n");
+                return parseStatement(sqlWithoutCommentsInBeginning);
+            }
+
             if (sToken.equalsIgnoreCase("INSERT"))
                 return parseStatement(sql, "INTO"); // INTO marks the table name
 
@@ -424,6 +440,40 @@ private MetaInfo parseStatement(String sql) throws SQLServerException {
 
         return null;
     }
+    
+    private String removeCommentsInTheBeginning(String sql,
+            int startCommentMarkCount,
+            int endCommentMarkCount,
+            String startMark,
+            String endMark) {
+        int startCommentMarkIndex = sql.indexOf(startMark);
+        int endCommentMarkIndex = sql.indexOf(endMark);
+
+        if (-1 == startCommentMarkIndex) {
+            startCommentMarkIndex = Integer.MAX_VALUE;
+        }
+        if (-1 == endCommentMarkIndex) {
+            endCommentMarkIndex = Integer.MAX_VALUE;
+        }
+
+        // Base case. startCommentMarkCount is guaranteed to be bigger than 0 because the method is called when /* occurs
+        if (startCommentMarkCount == endCommentMarkCount) {
+            if (startCommentMarkCount != 0 && endCommentMarkCount != 0) {
+                return sql;
+            }
+        }
+
+        // filter out first start comment mark
+        if (startCommentMarkIndex < endCommentMarkIndex) {
+            String sqlWithoutCommentsInBeginning = sql.substring(startCommentMarkIndex + startMark.length());
+            return removeCommentsInTheBeginning(sqlWithoutCommentsInBeginning, ++startCommentMarkCount, endCommentMarkCount, startMark, endMark);
+        }
+        // filter out first end comment mark
+        else {
+            String sqlWithoutCommentsInBeginning = sql.substring(endCommentMarkIndex + endMark.length());
+            return removeCommentsInTheBeginning(sqlWithoutCommentsInBeginning, startCommentMarkCount, ++endCommentMarkCount, startMark, endMark);
+        }
+    }
 
     String parseThreePartNames(String threeName) throws SQLServerException {
         int noofitems = 0;
@@ -581,6 +631,9 @@ private void checkClosed() throws SQLServerException {
         catch (SQLException e) {
             SQLServerException.makeFromDriverError(con, stmtParent, e.toString(), null, false);
         }
+        catch(StringIndexOutOfBoundsException e){
+            SQLServerException.makeFromDriverError(con, stmtParent, e.toString(), null, false);
+        }
     }
 
     public boolean isWrapperFor(Class<?> iface) throws SQLException {

src/samples/README.md

@@ -31,6 +31,9 @@ The following samples are available:
 
 7. sparse
 	* **SparseColumns** - how to detect column sets. It also shows a technique for parsing a column set's XML output, to get data from the sparse columns.
+   
+8. constrained
+	* **ConstrainedSample** - how to connect with Kerberos constrained delegation using an impersonated credential.
 
 
 ## Running Samples

src/samples/constrained/pom.xml

@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>com.microsoft.sqlserver.jdbc</groupId>
+    <artifactId>constrained</artifactId>
+    <version>0.0.1</version>
+
+    <packaging>jar</packaging>
+
+    <name>${project.artifactId}</name>
+    <url>https://github.com/Microsoft/mssql-jdbc/tree/master/src/samples</url>
+
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>com.microsoft.sqlserver</groupId>
+            <artifactId>mssql-jdbc</artifactId>
+            <version>6.1.5.jre8-preview</version>
+        </dependency>
+    </dependencies>
+
+    <profiles>
+        <profile>
+            <id>ConstrainedSample</id>
+            <build>
+                <finalName>ConstrainedSample</finalName>
+
+                <plugins>
+                    <plugin>
+                        <groupId>org.codehaus.mojo</groupId>
+                        <artifactId>exec-maven-plugin</artifactId>
+                        <version>1.6.0</version>
+                        <configuration>
+                            <mainClass>ConstrainedSample</mainClass>
+                        </configuration>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+    </profiles>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>3.6.0</version>
+                <configuration>
+                    <source>1.8</source>
+                    <target>1.8</target>
+                </configuration>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-resources-plugin</artifactId>
+                <version>3.0.2</version>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>

src/samples/constrained/src/main/java/ConstrainedSample.java

@@ -0,0 +1,161 @@
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import java.sql.Connection;
+import java.sql.DriverManager;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+
+import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSException;
+import org.ietf.jgss.GSSManager;
+import org.ietf.jgss.GSSName;
+import org.ietf.jgss.Oid;
+
+import com.sun.security.jgss.ExtendedGSSCredential;
+
+/**
+ *
+ * Sample of constrained delegation connection.
+ *
+ * An intermediate service is necessary to impersonate the client. This service needs to be configured with the
+ * options:
+ *      "Trust this user for delegation to specified services only"
+ *      "Use any authentication protocol"
+ *
+ */
+public class ConstrainedSample {
+
+    // Connection properties
+    private static final String DRIVER_CLASS_NAME ="com.microsoft.sqlserver.jdbc.SQLServerDriver";
+    private static final String CONNECTION_URI = "jdbc:sqlserver:// URI of the SQLServer";
+
+    private static final String TARGET_USER_NAME = "User to be impersonated";
+
+    // Impersonation service properties
+    private static final String SERVICE_PRINCIPAL = "SPN";
+    private static final String KEYTAB_ROUTE = "Route to the keytab file";
+
+    private static final Properties driverProperties;
+    private static Oid krb5Oid;
+
+    private static Subject serviceSubject;
+
+    static {
+
+        driverProperties = new Properties();
+        driverProperties.setProperty("integratedSecurity", "true");
+        driverProperties.setProperty("authenticationScheme", "JavaKerberos");
+
+        try {
+            krb5Oid = new Oid("1.2.840.113554.1.2.2");
+        } catch (GSSException e) {
+            System.out.println("Error creating Oid: " + e);
+            System.exit(-1);
+        }
+    }
+
+    public static void main(String... args) throws Exception {
+
+        Class.forName(DRIVER_CLASS_NAME).getConstructor().newInstance();
+        System.out.println("Service subject: " + doInitialLogin());
+
+        // Get impersonated user credentials thanks S4U2self mechanism
+        GSSCredential impersonatedUserCreds = impersonate();
+        System.out.println("Credentials for " + TARGET_USER_NAME + ": " + impersonatedUserCreds);
+
+        // Create a connection for target service thanks S4U2proxy mechanism
+        try (Connection con = createConnection(impersonatedUserCreds)) {
+            System.out.println("Connection succesfully: " + con);
+        }
+
+    }
+
+    /**
+     *
+     * Authenticate the intermediate server that is going to impersonate the client
+     *
+     * @return a subject for the intermediate server with the keytab credentials
+     * @throws PrivilegedActionException in case of failure
+     */
+    private static Subject doInitialLogin() throws PrivilegedActionException {
+        serviceSubject = new Subject();
+
+        LoginModule krb5Module;
+        try {
+            krb5Module = (LoginModule) Class.forName("com.sun.security.auth.module.Krb5LoginModule").getConstructor()
+                    .newInstance();
+        } catch (Exception e) {
+            System.out.print("Error loading Krb5LoginModule module: " + e);
+            throw new PrivilegedActionException(e);
+        }
+
+        System.setProperty("sun.security.krb5.debug", String.valueOf(true));
+
+        Map<String, String> options = new HashMap<>();
+        options.put("useKeyTab", "true");
+        options.put("storeKey", "true");
+        options.put("doNotPrompt", "true");
+        options.put("keyTab", KEYTAB_ROUTE);
+        options.put("principal", SERVICE_PRINCIPAL);
+        options.put("debug", "true");
+        options.put("isInitiator", "true");
+
+        Map<String, String> sharedState = new HashMap<>(0);
+
+        krb5Module.initialize(serviceSubject, null, sharedState, options);
+        try {
+            krb5Module.login();
+            krb5Module.commit();
+        } catch (LoginException e) {
+            System.out.print("Error authenticating with Kerberos: " + e);
+            try {
+                krb5Module.abort();
+            } catch (LoginException e1) {
+                System.out.print("Error aborting Kerberos authentication:  " + e1);
+                throw new PrivilegedActionException(e);
+            }
+            throw new PrivilegedActionException(e);
+        }
+
+        return serviceSubject;
+    }
+
+    /**
+     * Generate the impersonated user credentials thanks to the S4U2self mechanism
+     *
+     * @return the client impersonated GSSCredential
+     * @throws PrivilegedActionException in case of failure
+     */
+    private static GSSCredential impersonate() throws PrivilegedActionException {
+        return Subject.doAs(serviceSubject, (PrivilegedExceptionAction<GSSCredential>) () -> {
+            GSSManager manager = GSSManager.getInstance();
+
+            GSSCredential self = manager.createCredential(null, GSSCredential.DEFAULT_LIFETIME, krb5Oid,
+                    GSSCredential.INITIATE_ONLY);
+            GSSName user = manager.createName(TARGET_USER_NAME, GSSName.NT_USER_NAME);
+            return ((ExtendedGSSCredential) self).impersonate(user);
+        });
+    }
+
+    /**
+     * Obtains a connection using an impersonated credential
+     *
+     * @param impersonatedUserCredential impersonated user credentials
+     * @return a connection to the SQL Server opened using the given impersonated credential
+     * @throws PrivilegedActionException in case of failure
+     */
+    private static Connection createConnection(final GSSCredential impersonatedUserCredential)
+            throws PrivilegedActionException {
+
+        return Subject.doAs(new Subject(), (PrivilegedExceptionAction<Connection>) () -> {
+            driverProperties.put("gsscredential", impersonatedUserCredential);
+            return DriverManager.getConnection(CONNECTION_URI, driverProperties);
+        });
+    }
+
+}