[CONJ-295] SSPI windows native implementation using waffle

mariadb-corporation · May 12, 2016 · e6f2975 · e6f2975
1 parent 86f403a
commit e6f2975
Show file tree

Hide file tree

Showing 7 changed files with 414 additions and 188 deletions.
diff --git a/documentation/plugin/GSSAPI.md b/documentation/plugin/GSSAPI.md
@@ -38,16 +38,7 @@ Logging can be set using additional properties:
 
         System.setProperty("sun.security.krb5.debug", "true");
         System.setProperty("sun.security.jgss.debug", "true");
-#### Jaas
 
-The driver will use the native ticket cache to get the TGT available in it using JAAS.
-If the System property "java.security.auth.login.config" is empty, driver will use the following configuration :
-
-    Krb5ConnectorContext {
-        com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true renewTGT=true doNotPrompt=true; 
-    };
-
-This permit to use current user TGT cache. 
 
 #### Java JCE
 
@@ -57,28 +48,56 @@ Depending on the kerberos ticket encryption, you may have to install the [Java C
 On unix, you can execute the "klist -e" command to view the encryption type in use:
 If AES is being used, output like the following is displayed after you type the klist command (note that AES-256 is included in the output):
 
-Ticket cache: FILE:/tmp/krb5cc_0
-Default principal: userOne@EXAMPLE
-Valid starting     Expires            Service principal
-03/30/15 13:25:04  03/31/15 13:25:04  krbtgt/EXAMPLE@EXAMPLE
+    Ticket cache: FILE:/tmp/krb5cc_0
+    Default principal: userOne@EXAMPLE
+    Valid starting     Expires            Service principal
+    03/30/15 13:25:04  03/31/15 13:25:04  krbtgt/EXAMPLE@EXAMPLE
     Etype (skey, tkt): AES-256 CTS mode with 96-bit SHA-1 HMAC, AES-256 CTS mode with 96-bit SHA-1 HMAC
 
 
-#### Windows specific
-Current implementation is using standard java implementation, not windows native SSPI.
-Some restriction apply ([see java ticket](http://bugs.java.com/bugdatabase/view_bug.do?bug_id=6722928)
+### Implementations
 
-To permit java to retrieve TGT (Ticket-Granting-Ticket), windows host need to have a registry entry set.
+On windows GSSAPI implementation is SSPI. The java 8 native implementation as many limitations ([see java ticket](http://bugs.java.com/bugdatabase/view_bug.do?bug_id=6722928)).
 
-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
-Value Name: AllowTGTSessionKey
-Value Type: REG_DWORD
-Value: 1
+There is 2 Different implementations:
+* a java standard implementation will use JAAS to allow java to access TGT.
+* a windows native implementation based on [Waffle](https://github.com/dblock/waffle)
 
-Kinit command must have been executed previously to connection.
+#### Standard java SSPI implementation
 
-(in next release driver will use windows native possibility)
+##### Jaas
+
+The driver will use the native ticket cache to get the TGT available in it using JAAS.
+If the System property "java.security.auth.login.config" is empty, driver will use the following configuration :
+
+    Krb5ConnectorContext {
+        com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true renewTGT=true doNotPrompt=true; 
+    };
 
+This permit to use current user TGT cache
+
+##### limitation on windows
+Main limitation are : 
+* To permit java to retrieve TGT (Ticket-Granting-Ticket), windows host need to have a registry entry set.
+
+  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
+  Value Name: AllowTGTSessionKey
+  Value Type: REG_DWORD
+  Value: 1
+* Kinit command must have been executed previously to connection.
+
+### Windows native java implementation
+Implementation is based on [Waffle](https://github.com/dblock/waffle) that support windows SSPI based on [JNA](https://github.com/java-native-access/jna).
+if on waffle-jna (and dependencies) is on classpath, native implementation will automatically be used. 
+(This permit to avoid any specific problem with admin right, registry, kinit ...)
+
+Dependencies :
+* [waffle-jna 1.8.1](https://maven-badges.herokuapp.com/maven-central/com.github.dblock.waffle/waffle-jna)  
+* [jna 4.2.1](https://maven-badges.herokuapp.com/maven-central/net.java.dev.jna/jna)
+* [jna-platform 4.2.1](https://maven-badges.herokuapp.com/maven-central/net.java.dev.jna/jna-platform)
+* [jcl-over-slf4j 1.7.14](https://maven-badges.herokuapp.com/maven-central/org.slf4j/jcl-over-slf4j)
+* [slf4j-api 1.7.14](https://maven-badges.herokuapp.com/maven-central/org.slf4j/slf4j-api)
+* [guava 19.0](https://maven-badges.herokuapp.com/com.google.guava/guava)
 
 ##Possible errors
 

diff --git a/mariadb-java-client.iml b/mariadb-java-client.iml
@@ -12,81 +12,15 @@
     </content>
     <orderEntry type="inheritedJdk" />
     <orderEntry type="sourceFolder" forTests="false" />
+    <orderEntry type="library" name="Maven: com.github.dblock.waffle:waffle-jna:1.8.1" level="project" />
+    <orderEntry type="library" name="Maven: org.slf4j:jcl-over-slf4j:1.7.14" level="project" />
+    <orderEntry type="library" name="Maven: org.slf4j:slf4j-api:1.7.14" level="project" />
+    <orderEntry type="library" name="Maven: com.google.guava:guava:19.0" level="project" />
     <orderEntry type="library" scope="TEST" name="Maven: junit:junit:4.12" level="project" />
     <orderEntry type="library" scope="TEST" name="Maven: org.hamcrest:hamcrest-core:1.3" level="project" />
     <orderEntry type="library" scope="TEST" name="Maven: org.threadly:threadly:4.4.3" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.zaxxer:HikariCP:2.4.3" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: org.slf4j:slf4j-api:1.7.12" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: org.slf4j:slf4j-simple:1.7.13" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-support:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-simpledb:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-simpleworkflow:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-storagegateway:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-route53:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-s3:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-importexport:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-sts:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-sqs:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-rds:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-redshift:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-elasticbeanstalk:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-glacier:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-iam:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-datapipeline:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-elasticloadbalancing:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-emr:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-elasticache:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-elastictranscoder:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-ec2:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-dynamodb:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-sns:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-cloudtrail:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-cloudwatch:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-logs:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-cognitoidentity:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-cognitosync:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-directconnect:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-cloudformation:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-cloudfront:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-kinesis:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-opsworks:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-ses:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-autoscaling:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-cloudsearch:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-cloudwatchmetrics:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-swf-libraries:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-codedeploy:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-codepipeline:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-kms:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-config:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-lambda:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-ecs:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-cloudhsm:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-ssm:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-workspaces:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-machinelearning:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-directory:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-efs:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-codecommit:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-devicefarm:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-elasticsearch:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-waf:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-marketplacecommerceanalytics:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-inspector:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-iot:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-api-gateway:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.amazonaws:aws-java-sdk-core:1.10.41" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: commons-logging:commons-logging:1.1.3" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: org.apache.httpcomponents:httpclient:4.3.6" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: org.apache.httpcomponents:httpcore:4.3.3" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: commons-codec:commons-codec:1.6" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.fasterxml.jackson.core:jackson-databind:2.5.3" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.fasterxml.jackson.core:jackson-annotations:2.5.0" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.fasterxml.jackson.core:jackson-core:2.5.3" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: joda-time:joda-time:2.8.1" level="project" />
-    <orderEntry type="library" name="Maven: net.java.dev.jna:jna:3.3.0" level="project" />
-    <orderEntry type="library" name="Maven: net.java.dev.jna:jna:platform:3.3.0" level="project" />
+    <orderEntry type="library" name="Maven: net.java.dev.jna:jna:4.2.1" level="project" />
+    <orderEntry type="library" name="Maven: net.java.dev.jna:jna-platform:4.2.1" level="project" />
     <orderEntry type="library" scope="TEST" name="Maven: commons-dbcp:commons-dbcp:1.4" level="project" />
     <orderEntry type="library" scope="TEST" name="Maven: commons-pool:commons-pool:1.5.4" level="project" />
   </component>

diff --git a/pom.xml b/pom.xml
@@ -12,7 +12,7 @@
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <jna.version>3.3.0</jna.version>
+        <jna.version>4.2.1</jna.version>
         <version.template.file>src/main/resources/Version.java.template</version.template.file>
         <version.file>src/main/java/org/mariadb/jdbc/internal/util/constant/Version.java</version.file>
         <checkstyleVersion>6.11.2</checkstyleVersion>
@@ -320,6 +320,12 @@
     </build>
 
     <dependencies>
+        <dependency>
+            <groupId>com.github.dblock.waffle</groupId>
+            <artifactId>waffle-jna</artifactId>
+            <version>1.8.1</version>
+            <optional>true</optional>
+        </dependency>
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
@@ -340,9 +346,8 @@
         </dependency>
         <dependency>
             <groupId>net.java.dev.jna</groupId>
-            <artifactId>jna</artifactId>
+            <artifactId>jna-platform</artifactId>
             <version>${jna.version}</version>
-            <classifier>platform</classifier>
             <optional>true</optional>
         </dependency>
         <dependency>