From 5601a342cb4bcdc7335040b77bc3f96436a92c91 Mon Sep 17 00:00:00 2001 From: Polina Osadcha Date: Mon, 12 Jul 2021 17:21:27 +0300 Subject: [PATCH 1/3] adding support for auth via gssapi plugin --- auth.go | 29 +++++++++++++++++++++++++++++ go.mod | 2 ++ 2 files changed, 31 insertions(+) diff --git a/auth.go b/auth.go index b2f19e8f0..f9ee99e2f 100644 --- a/auth.go +++ b/auth.go @@ -17,6 +17,8 @@ import ( "encoding/pem" "fmt" "sync" + + "github.com/openshift/gssapi" ) // server pub keys registry @@ -289,6 +291,33 @@ func (mc *mysqlConn) auth(authData []byte, plugin string) ([]byte, error) { enc, err := encryptPassword(mc.cfg.Passwd, authData, pubKey) return enc, err + case "auth_gssapi_client": + dl, err := gssapi.Load(nil) + if err != nil { + return nil, err + } + + buf_name, err := dl.MakeBufferBytes(authData) + if err != nil { + return nil, err + } + name, err := buf_name.Name(dl.GSS_C_NT_USER_NAME) + input_buf, _ := dl.MakeBuffer(0) + if err != nil { + return nil, err + } + _, _, token, _, _, err := dl.InitSecContext( + dl.GSS_C_NO_CREDENTIAL, + nil, + name, + dl.GSS_C_NO_OID, + 0, + 0, + dl.GSS_C_NO_CHANNEL_BINDINGS, + input_buf) + + return token.Bytes(), err + default: errLog.Print("unknown auth plugin:", plugin) return nil, ErrUnknownPlugin diff --git a/go.mod b/go.mod index 251110478..c8b6bf257 100644 --- a/go.mod +++ b/go.mod @@ -1,3 +1,5 @@ module github.com/go-sql-driver/mysql go 1.13 + +require github.com/openshift/gssapi v0.0.0-20161010215902-5fb4217df13b // indirect From d06f886d4598704d2e62860cffc901abc64d9f0a Mon Sep 17 00:00:00 2001 From: Polina Osadcha Date: Mon, 12 Jul 2021 17:21:27 +0300 Subject: [PATCH 2/3] adding support for auth via gssapi plugin --- AUTHORS | 1 + auth.go | 29 +++++++++++++++++++++++++++++ go.mod | 2 ++ 3 files changed, 32 insertions(+) diff --git a/AUTHORS b/AUTHORS index fee2d5ccf..7d93a5a97 100644 --- a/AUTHORS +++ b/AUTHORS @@ -76,6 +76,7 @@ Olivier Mengué oscarzhao Paul Bonser Peter Schultz +Polina Osadcha Rebecca Chin Reed Allman Richard Wilkes diff --git a/auth.go b/auth.go index b2f19e8f0..f9ee99e2f 100644 --- a/auth.go +++ b/auth.go @@ -17,6 +17,8 @@ import ( "encoding/pem" "fmt" "sync" + + "github.com/openshift/gssapi" ) // server pub keys registry @@ -289,6 +291,33 @@ func (mc *mysqlConn) auth(authData []byte, plugin string) ([]byte, error) { enc, err := encryptPassword(mc.cfg.Passwd, authData, pubKey) return enc, err + case "auth_gssapi_client": + dl, err := gssapi.Load(nil) + if err != nil { + return nil, err + } + + buf_name, err := dl.MakeBufferBytes(authData) + if err != nil { + return nil, err + } + name, err := buf_name.Name(dl.GSS_C_NT_USER_NAME) + input_buf, _ := dl.MakeBuffer(0) + if err != nil { + return nil, err + } + _, _, token, _, _, err := dl.InitSecContext( + dl.GSS_C_NO_CREDENTIAL, + nil, + name, + dl.GSS_C_NO_OID, + 0, + 0, + dl.GSS_C_NO_CHANNEL_BINDINGS, + input_buf) + + return token.Bytes(), err + default: errLog.Print("unknown auth plugin:", plugin) return nil, ErrUnknownPlugin diff --git a/go.mod b/go.mod index 251110478..cf4cecb81 100644 --- a/go.mod +++ b/go.mod @@ -1,3 +1,5 @@ module github.com/go-sql-driver/mysql go 1.13 + +require github.com/openshift/gssapi v0.0.0-20161010215902-5fb4217df13b From f7965e4ce1a5bbf1c6af270fc20d438bf9e5ac7f Mon Sep 17 00:00:00 2001 From: Polina Osadcha Date: Tue, 13 Jul 2021 14:31:40 +0300 Subject: [PATCH 3/3] check for nil buffer --- auth.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/auth.go b/auth.go index f9ee99e2f..a6ba7602d 100644 --- a/auth.go +++ b/auth.go @@ -315,6 +315,9 @@ func (mc *mysqlConn) auth(authData []byte, plugin string) ([]byte, error) { 0, dl.GSS_C_NO_CHANNEL_BINDINGS, input_buf) + if token == nil { + return nil, err + } return token.Bytes(), err