-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
prelogin fields data structure breaks when using access token for federated auth with AWS RDS Proxy MS SQL support #84
Comments
Update: After looking at the dotnet SqlClient code - it makes sense why it works - the implementation logic is different for prelogin response. I am guessing the switch statement never hits |
I think your scenario doesn't need to use the |
sure - but I get the same problem - as I have to use the go-mssqldb/azuread/configuration.go Line 81 in 1576f3e
I tried this:
Maybe we need an extra Technically it doesn't matter who is the token provider, |
Alternately - does it make sense for the prelogin response validation to check for both Pulling in |
I get it now. Leave it with me and I will find some time to try it. Thanks for the pointer! |
How about this.
For a generic access token provided by the user the above should be enough as they just want to auth and we don't want to check for the support. |
sounds good to me! Thx for working it out. Now I need some other curious-and-motivated community members to add Always Encrypted support. |
Describe the bug
odbc:server=%s;password={%s};port=%d;fedauth=ActiveDirectoryServicePrincipalAccessToken;
A valid token as passed as the password, and an AWS RDS MS SQL Proxy configured as the server, I get this error:
2023/01/29 12:16:08 Error preparing SQL statement:federated authentication is not supported by the server
Says that If the server received preloginFEDAUTHREQUIRED - it MUST respond as above.
I worked around this issue by removing the else. I am not sure if this is a problem with this library, or if its an issue with the AWS implementation of the protocol. (see below for example dotnet program which works fine - maybe the dotnet implementation doesn't have a similar check?)
See diffs for fix:
Exception message:
2023/01/29 12:16:08 Error preparing SQL statement:federated authentication is not supported by the server
To Reproduce
Include a complete code listing that we can run to reproduce the issue.
See here for gist
Instructions as per comment in gist:
rds-db:connect
as per AWS IAM docsgo run test.go
Expected behavior
I expect the following output (with my patch i get the correct output):
Instead I get this output (without my patch):
Further technical details
SQL Server version: Any (SQL 2019 Express)
Operating system: Any (MacOS Ventura 13.1 M1)
Additional context
prelogin definitions are here:
https://github.com/microsoft/go-mssqldb/blob/main/tds.go#L104
.NET 6 works just fine with Microsoft.Data.SqlClient which implies to me its not an issue with the implementation of the protocol.
Working .NET code here.
Debugger screenshot prior to readPrelogin response:
And after readPrelogin (no key for preloginFEDAUTHREQUIRED):
The text was updated successfully, but these errors were encountered: