New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Kerberos Constrained Delegation Impersonated Credential Expiry fix #636

Merged
merged 11 commits into from May 31, 2018

Conversation

5 participants
@rene-ye
Member

rene-ye commented Feb 23, 2018

no longer discards the impersonated credential after every request. Now checks that it times out and allows the impersonator to request multiple times. Addresses issue #607.

Also updated Maven Felix plugin from 3.4.0 to 3.5.0. The host for 3.4.0 seems unstable when running with Appveyor.

Kerberos DC
fix for automatic credential discarding

@rene-ye rene-ye requested a review from ulvii Feb 23, 2018

@codecov-io

This comment has been minimized.

codecov-io commented Feb 23, 2018

Codecov Report

Merging #636 into dev will decrease coverage by 0.01%.
The diff coverage is 0%.

Impacted file tree graph

@@             Coverage Diff              @@
##                dev     #636      +/-   ##
============================================
- Coverage     48.09%   48.08%   -0.02%     
+ Complexity     2579     2576       -3     
============================================
  Files           113      113              
  Lines         26552    26553       +1     
  Branches       4456     4457       +1     
============================================
- Hits          12770    12767       -3     
- Misses        11640    11643       +3     
- Partials       2142     2143       +1
Flag Coverage Δ Complexity Δ
#JDBC42 47.99% <0%> (+0.02%) 2569 <0> (+3) ⬆️
#JDBC43 47.86% <0%> (-0.08%) 2567 <0> (-5)
Impacted Files Coverage Δ Complexity Δ
.../microsoft/sqlserver/jdbc/SQLServerConnection.java 45.76% <0%> (+0.05%) 288 <0> (ø) ⬇️
...m/microsoft/sqlserver/jdbc/KerbAuthentication.java 0% <0%> (ø) 0 <0> (ø) ⬇️
...om/microsoft/sqlserver/jdbc/ReaderInputStream.java 44.94% <0%> (-1.13%) 16% <0%> (-1%)
...c/main/java/com/microsoft/sqlserver/jdbc/Util.java 61.35% <0%> (-0.66%) 89% <0%> (-1%)
...n/java/com/microsoft/sqlserver/jdbc/DataTypes.java 78.1% <0%> (-0.17%) 4% <0%> (-1%)
...om/microsoft/sqlserver/jdbc/SQLServerBulkCopy.java 52.29% <0%> (ø) 238% <0%> (ø) ⬇️
...in/java/com/microsoft/sqlserver/jdbc/IOBuffer.java 55.31% <0%> (+0.06%) 0% <0%> (ø) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ae8d4a1...0345af1. Read the comment docs.

@cheenamalhotra cheenamalhotra added this to Under Peer Review in MSSQL JDBC Feb 27, 2018

@rene-ye rene-ye requested a review from peterbae May 1, 2018

rene-ye added some commits May 1, 2018

@cheenamalhotra cheenamalhotra added this to the 6.5.3 milestone May 29, 2018

cheenamalhotra and others added some commits May 29, 2018

Revised implementation
Decided to not dispose user created credentials at all.

@rene-ye rene-ye dismissed stale reviews from cheenamalhotra and peterbae via 88dc78b May 30, 2018

@@ -390,6 +391,7 @@ private String findRealmFromHostname(RealmValidator realmValidator,
int port,
GSSCredential ImpersonatedUserCred) throws SQLServerException {
this(con, address, port);
isUserCreatedCredential = true;

This comment has been minimized.

@ulvii

ulvii May 31, 2018

Member

Can we pass this flag to the constructor from logon()?
if (null != ImpersonatedUserCred)

This comment has been minimized.

@rene-ye

rene-ye May 31, 2018

Member

changes pushed

rene-ye added some commits May 31, 2018

@ulvii

ulvii approved these changes May 31, 2018

@rene-ye rene-ye merged commit 99a2e0f into Microsoft:dev May 31, 2018

3 checks passed

continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
license/cla All CLA requirements met.
Details

MSSQL JDBC automation moved this from Under Peer Review to Closed/Merged PRs May 31, 2018

@rene-ye rene-ye deleted the rene-ye:KerbConsDel branch May 31, 2018

cheenamalhotra added a commit that referenced this pull request Jun 1, 2018

Merging dev to master for 6.5.3-preview Release (#713)
* 623 fix

* 623 change stash

* Prepared Statement Caching fix for 'handle not found' errors

* Fix for PS Caching issue - Calling reset instead of on type def changes

* Updated comparison

* Change back assert check.

* Adding call to removeReference back + Fix for Batch processes intermittent failures.

* Removed DBName and made changes to resetPrepStmtHandle method

* Check for null handle before proceed

* Adding Old Constrcutor back to AKV Implementation

* Making baseURL final

* Remove unnecessary code.

* Update snapshot

* Feature | AKV Old Constructor changes - Reformatted code + Deprecated old Constructor and added a new constructor with 1 param

* Mark computed columns as IS_GENERATEDCOLUMN in the result set returned by getColumns() (#695)

* Fix | getColumns() API, changed column name from SS_IS_COMPUTED to IS_AUTOINCREMENT per JDBC specs | issue #600

* Fix | getColumns() API, changed column name from SS_IS_COMPUTED to IS_GENERATEDCOLUMN per JDBC specs | issue #600

* fix issue with redirection

* Fix | PS Caching - Remove commented lines

* Trigger Appveyor test

* Fix | AKV Old Constructor - Calling the other constructor instead.

* Fix | Reversed null checks

* Resolving alignment problems and comments

* Applied formatter

* Fix | Fix some of the Javadoc warnings (#702)

* Resolved maven build warnings and java warnings regarding deprecated API (#701)

* Resolving maven warnings

* Removing jreVersion property

Does not make sense now that we use final name in the build itself. Only used in 1 place, hard-coding java version for different builds as that's what it represents anyways.

* java warnings

* resource bundle for junit test error strings (#698)

resource bundle for error message strings in junit tests

* Add support for JDK 10 in both Maven and Gradle (#691)

* Feature | Added support for JDK 10 in both Maven and Gradle - builds jre10 jars for the driver, replacing jre9

* JDK 10 | Merge 42 classes to base classes to reduce class redundancy.

* JDK 10 | Attempt to run JDK 10 with Appveyor

* Remove unwanted space

* Updating Travis script to use JDK 10

* Testing without addons

* Update script for Jacoco report to build 43 profile

* Revert driver changes for 42 compliance - to be added in a separate PR

* Revert Test class changes for 42 compliance - to be done in a separate PR

* Reformatted code

* Add ID to jacoco plugin execution task

* Kerberos Constrained Delegation Impersonated Credential Expiry fix (#636)

fix for automatic credential discarding

* update felix to 3.5.0

* Revised implementation

Decided to not dispose user created credentials at all.

* Updated flag set location

* changes for 6.5.3 preview release

* Revert "changes for 6.5.3 preview release"

This reverts commit 5c6ccd3.

* Changes in preparation for 6.5.3 preview release (#710)

* changes for preview release

* requested changes

* jre version update changes

cheenamalhotra added a commit that referenced this pull request Jun 30, 2018

Merge dev to master for 6.5.4 release (#733)
* 623 fix

* 623 change stash

* Prepared Statement Caching fix for 'handle not found' errors

* Fix for PS Caching issue - Calling reset instead of on type def changes

* Updated comparison

* Change back assert check.

* Adding call to removeReference back + Fix for Batch processes intermittent failures.

* Removed DBName and made changes to resetPrepStmtHandle method

* Check for null handle before proceed

* Adding Old Constrcutor back to AKV Implementation

* Making baseURL final

* Remove unnecessary code.

* Use Bulk Copy API for batch insert operation

* Parse bug fixing and test added

* bug fix + additional tests

* change reflection for testing

* more test changes

* Add parsing logic for -- comment

* refactoring

* Update snapshot

* Bug fix / testing change

* Reflect comment change

* Feature | AKV Old Constructor changes - Reformatted code + Deprecated old Constructor and added a new constructor with 1 param

* Mark computed columns as IS_GENERATEDCOLUMN in the result set returned by getColumns() (#695)

* Fix | getColumns() API, changed column name from SS_IS_COMPUTED to IS_AUTOINCREMENT per JDBC specs | issue #600

* Fix | getColumns() API, changed column name from SS_IS_COMPUTED to IS_GENERATEDCOLUMN per JDBC specs | issue #600

* fix issue with redirection

* Fix | PS Caching - Remove commented lines

* Trigger Appveyor test

* Fix | AKV Old Constructor - Calling the other constructor instead.

* Fix | Reversed null checks

* Resolving alignment problems and comments

* Refactor two Bulk files into a common parent

* javadoc changes

* Applied formatter

* fix problem with precision / scale

* Fix | Fix some of the Javadoc warnings (#702)

* fix issue with setting all to true

* Resolved maven build warnings and java warnings regarding deprecated API (#701)

* Resolving maven warnings

* Removing jreVersion property

Does not make sense now that we use final name in the build itself. Only used in 1 place, hard-coding java version for different builds as that's what it represents anyways.

* java warnings

* make bamoo fixes

* resource bundle for junit test error strings (#698)

resource bundle for error message strings in junit tests

* undo some changes made to SQLServerConnection

* apply resource bundling changes

* Add support for JDK 10 in both Maven and Gradle (#691)

* Feature | Added support for JDK 10 in both Maven and Gradle - builds jre10 jars for the driver, replacing jre9

* JDK 10 | Merge 42 classes to base classes to reduce class redundancy.

* JDK 10 | Attempt to run JDK 10 with Appveyor

* Remove unwanted space

* Updating Travis script to use JDK 10

* Testing without addons

* Update script for Jacoco report to build 43 profile

* Revert driver changes for 42 compliance - to be added in a separate PR

* Revert Test class changes for 42 compliance - to be done in a separate PR

* Reformatted code

* Add ID to jacoco plugin execution task

* Kerberos Constrained Delegation Impersonated Credential Expiry fix (#636)

fix for automatic credential discarding

* update felix to 3.5.0

* Revised implementation

Decided to not dispose user created credentials at all.

* Updated flag set location

* changes for 6.5.3 preview release

* Revert "changes for 6.5.3 preview release"

This reverts commit 5c6ccd3.

* Changes in preparation for 6.5.3 preview release (#710)

* changes for preview release

* requested changes

* jre version update changes

* snapshot updates post release

* remove on_dw, and remove redundant fmtonly

* formatting

* fix for getSchema when using "-" in name

* Reformatting + adding more tests

* inherit the connection property in statement + fix issue with null / empty string being passed in as values

* Request Boundary methods - beginRequest()/endRequest() implementation (#708)

* Add | Request Boundary Methods - beginRequest()/endRequest() implementation

* Fix | Remove unused import from AbstractTest

* Fix | Applying review comments

* Fix | Moving RequestBoundaryMethodsTest.java to connection package

* added error message in resource file and changed files accordingly

* comment revisions

* use TestResource

* test changes

removed finals
removed database creation tracking

* drop database before creating

* replaced dropDBIfExists with Utils function

* added try-with-resources nest

avoid manually closing statements, and safetly handles resources.

* Fixing logic / adding more tests

* dont use test database in tests

* Change exception handling as per JDBC specs

* Add | Add missing license headers (#725)

* remove some comments

* Enable verify data (#724)

Fix to enable data verification in Junit tests. Also addresses intermittent failures with Time/Timestamp where the precision was being inaccurately judged.

* Fix | Refactored socket creation to simplify handling of socket creation

Refactors socket creation in SocketFinder.findSocket(...) to simplify handling of socket creation.

When the host resolves to a single address the driver now defers to getConnectedSocket(...)
to create the socket without spawning any threads. This happens regardless of whether we're
running on an IBM JDK. Previously the single address case would still use NIO on an IBM JDK.

On non-IBM JDKs the driver now handles both IPv4 and IPv6 addresses concurrently with a single
shared timeout. Previously hosts that resolved to both types of addresses were allowed half the
timeout for socket creation per address type with the resolution performed sequentially.

* reflect comments

* Add support for UTF-8 feature extension. (#722)

* Add | Support for UTF8 changes

* changed how logger works, refactored code in SQLServerBulkCommon due to that, changed exception being thrown to BatchUpdateException, added same logic for parsing in executeLargeBatch, and added tests accordingly.

* add more tests, make the prepared statement property go away

* Feature | Introduce support for "Data Classification Specifications" on fetched resultsets (#709)

* Feature | Data Classification Project | Phase 1 (contains temporary skipping 2 bytes)

* Feature | Data Classification - Removing extra bytes added before

* Feature | Data Classification - Added new test class for testing Data Classification support in the driver

* Remove one println

* Feature | Repackaged newly added files for Data Classification + improvements in source code

* Feature | Changing tokens to bytes instead of int

* Feature | Making variables private

* Formatted code + dropTable method called from Utils

* Feature | Data Classification - Changes as per review comments

* Fix | Review comment changes

* Change exception codes to follow series

* Fix Conflict issue

* Added missing Javadocs and headers for all new files

* Added getter/setter public for the useBulkCopyForBatchInsert connection property.

* Change implementation of child classes a bit

* Remove dependencies from tests that are from outside required libraries

* also remove hex from DBTable

* Fix bamboo problem + refactor test code

* Replace all connection and statements with try blocks

* change spacing

* refactor code

* refactoring

* Fix | Making driver default compliant to JDBC 4.2 Specs and update ADAL4J dependency to 1.6.0 (#711)

* Feature | Added support for JDK 10 in both Maven and Gradle - builds jre10 jars for the driver, replacing jre9

* JDK 10 | Merge 42 classes to base classes to reduce class redundancy.

* JDK 10 | Attempt to run JDK 10 with Appveyor

* Remove unwanted space

* Updating Travis script to use JDK 10

* Testing without addons

* Update script for Jacoco report to build 43 profile

* Minor fix in formatting to avoid conflicts

* moving driver specific functions

for SQLServerPreparedStatement

* Remove unwanted code + Update Adal4J library dependency

* changes for CallableStatement

repeptitive delcarations

* Remove an extra bracket due to conflict

* changes for ISQLServerConnection

there are problems with moving all Driver sepcific public methods. SQLServerConnectionPoolProxy also implements this interface and there are many public APIs (such as preparedstmt cacheing stuff) which it doesn't implement, and cannot be moved into the interface at this time.

* lambda touch-up

should generally stick to 1 line if possible.

* changes for ISQLServerDataSource

* updates for ISQLServerResultSet

* Improvements | Missing interface APIs added + Code improvements

* More changes for Interface missing methods

* Implemented missing methods in SQLServerConnectionPoolProxy

* Removed ISQLServerConnection43 for duplicated method definitions

* Added APIs in interface for SQLServerResultSet

* More cleanup done

* Fix minor issues

* Fix test failures and implement Serialization for HashKey

* Fix JavaDoc errors and warnigs

* More changes for CallableStatement APIs

* More changes for Statement and Prepared Statament public APIs

* Javadoc fix

* More changes for SQL Server Bulk Record interface

* Callable Statement missing APIs for Interface

* Add missing desciptions

* Reverting pom.xml change for this PR

* Attempt to resolve conflicts

* Remove Interface as not needed.

* Added missing docs

* Changes for Clob/Blob classes for compliance

* Update ADAL4J with latest version

* Changes for Data Source classes

* Minor fixes to the new changes

* Fix for failing tests

* More changes for compliance

* Add Javadocs and class headers

* Fixed Malformed HTML Error in Javadocs

* javadoc changes

* more javadoc changes to make the abbreviations more clear

* fix unchecked warning issue

* Change HashKey in the driver to 256 Hash

* Add Interface back to SQLServerConnection43 class

* Revert "Change HashKey in the driver to 256 Hash"

This reverts commit e6bef4e.

* Changes for exceptions to throw SQLServerException type

* 6.5.4 preview release changelog (#731)

Release | Changelog for 6.5.4 preview release (#731)

* Fix Conflict issues with master branch
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment