Skip to content
Permalink
Browse files

bye newer mfa technique (#5873)

dlls were killin us
  • Loading branch information...
potatoqualitee committed Jul 9, 2019
1 parent 9c66d28 commit aa218f8a310c6f7516ece3297fea080208c95820
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -965,38 +965,6 @@ if ($option.LoadTypes -or
#. Import-ModuleFile "$script:PSModuleRoot\bin\type-extensions.ps1"
#Write-ImportTime -Text "Loaded type extensions"

# if .net 4.7.2 load new sql auth config
if ($psVersionTable.Platform -ne 'Unix' -and $PSVersionTable.PSEdition -ne "Core" -and $host.Name -ne 'Visual Studio Code Host') {
if ((Get-ItemProperty "HKLM:SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full").Release -ge 461808) {
Write-Verbose -Message "Loading app.config"
# avoid issues with app.config file and VS Integrated Console
$appconfig = "$(Get-DbatoolsConfigValue -FullName path.dbatoolstemp)\app.config"
if (-not (Test-Path -Path $appconfig)) {
$appconfigtext = '<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<configSections>
<!-- Change #1: Register the new SqlAuthenticationProvider configuration section -->
<section name="SqlAuthenticationProviders" type="System.Data.SqlClient.SqlAuthenticationProviderConfigurationSection, System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</configSections>
<!-- Change #3: Add the new SqlAuthenticationProvider configuration section, registering the built-in authentication provider in AppAuth library -->
<SqlAuthenticationProviders>
<providers>
<add name="Active Directory Interactive" type="Microsoft.Azure.Services.AppAuthentication.SqlAppAuthenticationProvider, Microsoft.Azure.Services.AppAuthentication" />
</providers>
</SqlAuthenticationProviders>
</configuration>'
$null = Set-Content -Path $appconfig -Value $appconfigtext -Encoding UTF8
}
# Load app.config that supports MFA
[appdomain]::CurrentDomain.SetData("APP_CONFIG_FILE", $appconfig)
Add-Type -AssemblyName System.Configuration
# Clear some cache to make sure it loads
[Configuration.ConfigurationManager].GetField("s_initState", "NonPublic, Static").SetValue($null, 0)
[Configuration.ConfigurationManager].GetField("s_configSystem", "NonPublic, Static").SetValue($null, $null)
([Configuration.ConfigurationManager].Assembly.GetTypes() | Where-Object { $_.FullName -eq "System.Configuration.ClientConfigPaths" })[0].GetField("s_current", "NonPublic, Static").SetValue($null, $null)
}
}

$td = (Get-TypeData -TypeName Microsoft.SqlServer.Management.Smo.Server)
[Sqlcollaborative.Dbatools.dbaSystem.SystemHost]::ModuleImported = $true;
$loadedModuleNames = Get-Module | Select-Object -ExpandProperty Name
@@ -446,7 +446,10 @@ function Connect-DbaInstance {
}

if ($Tenant -or $AuthenticationType -eq "AD Universal with MFA Support") {
$newway = ((Get-ItemProperty "HKLM:SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full").Release -ge 461808)
if ($Thumbprint) {
Stop-Function -Message "Thumbprint is unsupported at this time. Sorry, some DLLs were all messed up."
return
}

$appid = Get-DbatoolsConfigValue -FullName 'azure.appid'
$clientsecret = Get-DbatoolsConfigValue -FullName 'azure.clientsecret'
@@ -456,36 +459,23 @@ function Connect-DbaInstance {
}

if (-not $azurevm -and (-not $SqlCredential -and $Tenant)) {
Stop-Function -Message "When using Tenant, SqlCredential must be specified unless .net 4.7.2 or above is installed, even if client certificates are used; just specify the AppId as the credential username."
Stop-Function -Message "When using Tenant, SqlCredential must be specified."
return
}

if (-not $Database) {
Stop-Function -Message "When using AD Universal with MFA Support, database must be specified unless .net 4.7.2 or above is installed"
Stop-Function -Message "When using AD Universal with MFA Support, database must be specified."
return
}

if (($newway -and $AuthenticationType -in "Auto", "AD Universal with MFA Support") -and -not $script:core -and $host.Name -ne 'Visual Studio Code Host') {
if (-not $azurevm) {
if ($Thumbprint) {
Write-Message -Level Verbose -Message 'Setting $env:AzureServicesAuthConnectionString with Certificate'
$env:AzureServicesAuthConnectionString = "RunAs=App;AppId=$($SqlCredential.Username);TenantId=$Tenant;CertificateThumbprint=$Thumbprint;CertificateStoreLocation=$Store"
} else {
Write-Message -Level Verbose -Message 'Setting $env:AzureServicesAuthConnectionString with appid/client'
$env:AzureServicesAuthConnectionString = "RunAs=App;AppId=$($SqlCredential.Username);TenantId=$Tenant;AppKey=$($SqlCredential.GetNetworkCredential().Password)"
}
}

Write-Message -Level Verbose -Message "Creating 'Active Directory Interactive' connstring"
$azureconnstring = "Data Source=tcp:$instance;UID=dbatools;Initial Catalog=$Database;Authentication=Active Directory Interactive"
} else {
if (-not $SqlCredential) {
Stop-Function -Message "When using Tenant, SqlCredential must be specified unless .net 4.7.2 or above is installed"
return
}
Write-Message -Level Verbose -Message "Creating renewable token"
$accesstoken = (New-DbaAzAccessToken -Type RenewableServicePrincipal -Subtype AzureSqlDb -Tenant $Tenant -Credential $SqlCredential)
Write-Message -Level Verbose -Message "Creating 'Active Directory Interactive' connstring"
$azureconnstring = "Data Source=tcp:$instance;UID=dbatools;Initial Catalog=$Database;Authentication=Active Directory Interactive"
if (-not $SqlCredential) {
Stop-Function -Message "When using Tenant, SqlCredential must be specified."
return
}
Write-Message -Level Verbose -Message "Creating renewable token"
$accesstoken = (New-DbaAzAccessToken -Type RenewableServicePrincipal -Subtype AzureSqlDb -Tenant $Tenant -Credential $SqlCredential)
}

try {
@@ -91,15 +91,6 @@ $scriptBlock = {
}

$shared = @()
# New SQL Auth types require newer versions of .NET, check
# https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed
if ($psVersionTable.Platform -ne 'Unix') {
if ((Get-ItemProperty "HKLM:SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full").Release -ge 461808 -and $PSVersionTable.PSEdition -ne 'Core' -and $host.Name -ne 'Visual Studio Code Host') {
Write-Verbose -Message "Adding Azure DLLs"
$shared += 'Microsoft.IdentityModel.Clients.ActiveDirectory', 'Microsoft.Azure.Services.AppAuthentication'
}
}

$separator = [IO.Path]::DirectorySeparatorChar
$shared += "third-party" + $separator + "Bogus" + $separator + "Bogus"

0 comments on commit aa218f8

Please sign in to comment.
You can’t perform that action at this time.