Feature | Introduce NTLM authentication mode

azure-pipelines.yml

@@ -1,5 +1,5 @@
 # Microsoft JDBC Driver for SQL Server CI Build triggers tests against below SQL Servers:
-#   - SQL Server 2017
+#   - SQL Server 2019
 #   - SQL Server 2008 R2
 jobs:
 - job: "CI_Build"
@@ -8,9 +8,9 @@ jobs:
     demands: maven
   strategy:
     matrix:
-      SQL-2017:
-        Target_SQL: 'SQL-2k17-03'
-        Ex_Groups: 'xSQLv14'
+      SQL-2019:
+        Target_SQL: 'SQL-2k19-01'
+        Ex_Groups: 'xSQLv15'
       SQL-2008R2:
         Target_SQL: 'SQL-2k8R2-SP3-1'
         Ex_Groups: 'xSQLv12'
@@ -33,7 +33,7 @@ jobs:
     displayName: 'Maven build jre12'
     inputs:
       mavenPomFile: 'pom.xml'
-      goals: 'clean -Dmssql_jdbc_test_connection_properties=jdbc:sqlserver://$(Target_SQL)$(server_domain);$(database);$(user);$(password); install -Pjre12 -DexcludedGroups=$(Ex_Groups)'
+      goals: 'clean -Dmssql_jdbc_test_connection_properties=jdbc:sqlserver://$(Target_SQL)$(server_domain);$(database);$(user);$(password); install -Pjre12 -DuserNTLM=$(userNTLM) -DpasswordNTLM=$(passwordNTLM) -DdomainNTLM=$(domainNTLM) -DexcludedGroups=$(Ex_Groups)'
       testResultsFiles: '**/TEST-*.xml'
       testRunTitle: 'Maven build jre12'
       javaHomeOption: Path
@@ -42,7 +42,7 @@ jobs:
     displayName: 'Maven build jre11'
     inputs:
       mavenPomFile: 'pom.xml'
-      goals: 'clean -Dmssql_jdbc_test_connection_properties=jdbc:sqlserver://$(Target_SQL)$(server_domain);$(database);$(user);$(password); install -Pjre11 -DexcludedGroups=$(Ex_Groups)'
+      goals: 'clean -Dmssql_jdbc_test_connection_properties=jdbc:sqlserver://$(Target_SQL)$(server_domain);$(database);$(user);$(password); install -Pjre11 -DuserNTLM=$(userNTLM) -DpasswordNTLM=$(passwordNTLM) -DdomainNTLM=$(domainNTLM) -DexcludedGroups=$(Ex_Groups)'
       testResultsFiles: '**/TEST-*.xml'
       testRunTitle: 'Maven build jre11'
       javaHomeOption: Path
@@ -51,7 +51,7 @@ jobs:
     displayName: 'Maven build jre8'
     inputs:
       mavenPomFile: 'pom.xml'
-      goals: 'clean -Dmssql_jdbc_test_connection_properties=jdbc:sqlserver://$(Target_SQL)$(server_domain);$(database);$(user);$(password); install -Pjre8 -DexcludedGroups=$(Ex_Groups)'
+      goals: 'clean -Dmssql_jdbc_test_connection_properties=jdbc:sqlserver://$(Target_SQL)$(server_domain);$(database);$(user);$(password); install -Pjre8 -DuserNTLM=$(userNTLM) -DpasswordNTLM=$(passwordNTLM) -DdomainNTLM=$(domainNTLM) -DexcludedGroups=$(Ex_Groups)'
       testResultsFiles: '**/TEST-*.xml'
       testRunTitle: 'Maven build jre8'
       javaHomeOption: Path

build.gradle

@@ -31,7 +31,7 @@ allprojects {
 
 test {
     useJUnitPlatform {
-        excludeTags (hasProperty('excludedGroups') ? excludedGroups : 'xSQLv15','xGradle')
+        excludeTags (hasProperty('excludedGroups') ? excludedGroups : 'xSQLv15','xGradle','NTLM')
     }
 }
 
@@ -70,7 +70,7 @@ if(hasProperty('buildProfile') && buildProfile == "jre8") {
 	targetCompatibility = 1.8
 	test {
 		useJUnitPlatform {
-			excludeTags (hasProperty('excludedGroups') ? excludedGroups : 'xSQLv15','xGradle','xJDBC42')
+			excludeTags (hasProperty('excludedGroups') ? excludedGroups : 'xSQLv15','xGradle','NTLM','xJDBC42')
 		}
 	}
 }

pom.xml

@@ -49,9 +49,10 @@
 			xAzureSQLDB - - - - For tests not compatible with Azure SQL Database - - 
 			xAzureSQLDW - - - - For tests not compatible with Azure Data Warehouse - 
 			xAzureSQLMI - - - - For tests not compatible with Azure SQL Managed Instance 
+			NTLM - - - - - - For tests using NTLM Authentication mode (excluded by default) 
 			- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
 			Default testing enabled with SQL Server 2019 (SQLv14) -->
-		<excludedGroups>xSQLv15</excludedGroups>
+		<excludedGroups>xSQLv15, NTLM</excludedGroups>
 
 		<!-- Driver Dependencies -->
 		<azure.keyvault.version>1.2.1</azure.keyvault.version>
@@ -414,7 +415,7 @@
 				<version>3.0.0</version>
 				<configuration>
 					<failOnError>true</failOnError>
-					<excludePackageNames>mssql.googlecode.*</excludePackageNames>
+					<excludePackageNames>mssql.googlecode.*:mssql.security.provider.MD4</excludePackageNames>
 				</configuration>
 				<executions>
 					<execution>

src/main/java/com/microsoft/sqlserver/jdbc/AuthenticationJNI.java

@@ -23,20 +23,20 @@ class FedAuthDllInfo {
  * Encapsulation of the JNI native calls for trusted authentication.
  */
 final class AuthenticationJNI extends SSPIAuthentication {
-    private final static int maximumpointersize = 128; // we keep the SNI_Sec pointer
+    private static final int maximumpointersize = 128; // we keep the SNI_Sec pointer
     private static boolean enabled = false;
     private static java.util.logging.Logger authLogger = java.util.logging.Logger
             .getLogger("com.microsoft.sqlserver.jdbc.internals.AuthenticationJNI");
     private static int sspiBlobMaxlen = 0;
     private byte[] sniSec = new byte[maximumpointersize];
-    private int sniSecLen[] = {0};
-    private final String DNSName;
+    private int[] sniSecLen = {0};
+    private final String dnsName;
     private final int port;
     private SQLServerConnection con;
 
     private static final UnsatisfiedLinkError linkError;
 
-    static int GetMaxSSPIBlobSize() {
+    static int getMaxSSPIBlobSize() {
         return sspiBlobMaxlen;
     }
 
@@ -54,8 +54,9 @@ static boolean isDllLoaded() {
             pkg[0] = 0;
             if (0 == SNISecInitPackage(pkg, authLogger)) {
                 sspiBlobMaxlen = pkg[0];
-            } else
+            } else {
                 throw new UnsatisfiedLinkError();
+            }
             enabled = true;
         } catch (UnsatisfiedLinkError e) {
             temp = e;
@@ -68,12 +69,13 @@ static boolean isDllLoaded() {
     }
 
     AuthenticationJNI(SQLServerConnection con, String address, int serverport) throws SQLServerException {
-        if (!enabled)
+        if (!enabled) {
             con.terminate(SQLServerException.DRIVER_ERROR_NONE,
                     SQLServerException.getErrString("R_notConfiguredForIntegrated"), linkError);
+        }
 
         this.con = con;
-        DNSName = GetDNSName(address);
+        dnsName = getDNSName(address);
         port = serverport;
     }
 
@@ -85,17 +87,17 @@ static FedAuthDllInfo getAccessTokenForWindowsIntegrated(String stsURL, String s
     }
 
     // InitDNSName should be called to initialize the DNSName before calling this function
-    byte[] GenerateClientContext(byte[] pin, boolean[] done) throws SQLServerException {
+    byte[] generateClientContext(byte[] pin, boolean[] done) throws SQLServerException {
         byte[] pOut;
         int[] outsize; // This is where the size of the filled data returned
         outsize = new int[1];
-        outsize[0] = GetMaxSSPIBlobSize();
+        outsize[0] = getMaxSSPIBlobSize();
         pOut = new byte[outsize[0]];
 
         // assert DNSName cant be null
-        assert DNSName != null;
+        assert dnsName != null;
 
-        int failure = SNISecGenClientContext(sniSec, sniSecLen, pin, pin.length, pOut, outsize, done, DNSName, port,
+        int failure = SNISecGenClientContext(sniSec, sniSecLen, pin, pin.length, pOut, outsize, done, dnsName, port,
                 null, null, authLogger);
 
         if (failure != 0) {
@@ -106,12 +108,12 @@ byte[] GenerateClientContext(byte[] pin, boolean[] done) throws SQLServerExcepti
                     SQLServerException.getErrString("R_integratedAuthenticationFailed"), linkError);
         }
         // allocate space based on the size returned
-        byte output[] = new byte[outsize[0]];
+        byte[] output = new byte[outsize[0]];
         System.arraycopy(pOut, 0, output, 0, outsize[0]);
         return output;
     }
 
-    /* L0 */ int ReleaseClientContext() {
+    int releaseClientContext() {
         int success = 0;
         if (sniSecLen[0] > 0) {
             success = SNISecReleaseClientContext(sniSec, sniSecLen[0], authLogger);
@@ -122,39 +124,38 @@ byte[] GenerateClientContext(byte[] pin, boolean[] done) throws SQLServerExcepti
 
     // note we handle the failures of the GetDNSName in this function, this function will return an empty string if the
     // underlying call fails.
-    private static String GetDNSName(String address) {
-        String DNS[] = new String[1];
-        if (GetDNSName(address, DNS, authLogger) != 0) {
+    private static String getDNSName(String address) {
+        String[] dns = new String[1];
+        if (GetDNSName(address, dns, authLogger) != 0) {
             // Simply initialize the DNS to address
-            DNS[0] = address;
+            dns[0] = address;
         }
-        return DNS[0];
+        return dns[0];
     }
 
     // we use arrays of size one in many places to retrieve output values
     // Java Integer objects are immutable so we cant use them to get the output sizes.
     // Same for String
-    /* L0 */private native static int SNISecGenClientContext(byte[] psec, int[] secptrsize, byte[] pin, int insize,
-            byte[] pOut, int[] outsize, boolean[] done, String servername, int port, String username, String password,
+    private static native int SNISecGenClientContext(byte[] psec, int[] secptrsize, byte[] pin, int insize, byte[] pOut,
+            int[] outsize, boolean[] done, String servername, int port, String username, String password,
             java.util.logging.Logger log);
 
-    /* L0 */ private native static int SNISecReleaseClientContext(byte[] psec, int secptrsize,
-            java.util.logging.Logger log);
+    private static native int SNISecReleaseClientContext(byte[] psec, int secptrsize, java.util.logging.Logger log);
 
-    private native static int SNISecInitPackage(int[] pcbMaxToken, java.util.logging.Logger log);
+    private static native int SNISecInitPackage(int[] pcbMaxToken, java.util.logging.Logger log);
 
-    private native static int SNISecTerminatePackage(java.util.logging.Logger log);
+    private static native int SNISecTerminatePackage(java.util.logging.Logger log);
 
-    private native static int SNIGetSID(byte[] SID, java.util.logging.Logger log);
+    private static native int SNIGetSID(byte[] SID, java.util.logging.Logger log);
 
-    private native static boolean SNIIsEqualToCurrentSID(byte[] SID, java.util.logging.Logger log);
+    private static native boolean SNIIsEqualToCurrentSID(byte[] SID, java.util.logging.Logger log);
 
-    private native static int GetDNSName(String address, String[] DNSName, java.util.logging.Logger log);
+    private static native int GetDNSName(String address, String[] DNSName, java.util.logging.Logger log);
 
-    private native static FedAuthDllInfo ADALGetAccessTokenForWindowsIntegrated(String stsURL,
+    private static native FedAuthDllInfo ADALGetAccessTokenForWindowsIntegrated(String stsURL,
             String servicePrincipalName, String clientConnectionId, String clientId, long expirationFileTime,
             java.util.logging.Logger log);
 
-    native static byte[] DecryptColumnEncryptionKey(String masterKeyPath, String encryptionAlgorithm,
+    static native byte[] DecryptColumnEncryptionKey(String masterKeyPath, String encryptionAlgorithm,
             byte[] encryptedColumnEncryptionKey) throws DLLException;
 }