Discussion:
[freetds] Patch For sspi.c To Use Windows Authentication
ken
2012-10-29 13:08:14 UTC
Permalink
A user on my TinyTDS/SQLServer list reported this bug with FreeTDS. They could not get Windows authentication to work and had to make the following change to sspi.c
free(auth_buf);
// code added start
if (status == SEC_I_COMPLETE_AND_CONTINUE || status == SEC_I_CONTINUE_NEEDED) {
if (out_buf.cbBuffer > 0)
{
tds_put_n(tds, auth->tds_auth.packet, out_buf.cbBuffer);
tds_flush_packet(tds);
return status;
}
}
// code added end
if (status != SEC_E_OK)
return TDS_FAIL;
After that change, they got Windows authentication working and saw the following FreeTDS debug info.
AUTH
ENVCHANGE
INFO
ENVCHANGE
ENVCHANGE
INFO
LOGINACK
ENVCHANGE
DONE
Finally, there is the LOGINACK and DONE tokens : )
Opinions on doing this patch?


- Ken
Frediano Ziglio
2012-10-30 08:08:13 UTC
Permalink
Yes, I think your connection is using Kerberos. We have similar code
even for gssapi (that provide Kerberos for the Unix world). It must be
return tds_flush_packet(tds), not return status. Also you miss a
CompleteAuthToken call on SEC_I_COMPLETE_AND_CONTINUE.

Frediano
Post by ken
A user on my TinyTDS/SQLServer list reported this bug with FreeTDS. They could not get Windows authentication to work and had to make the following change to sspi.c
free(auth_buf);
// code added start
if (status == SEC_I_COMPLETE_AND_CONTINUE || status == SEC_I_CONTINUE_NEEDED) {
if (out_buf.cbBuffer > 0)
{
tds_put_n(tds, auth->tds_auth.packet, out_buf.cbBuffer);
tds_flush_packet(tds);
return status;
}
}
// code added end
if (status != SEC_E_OK)
return TDS_FAIL;
After that change, they got Windows authentication working and saw the following FreeTDS debug info.
AUTH
ENVCHANGE
INFO
ENVCHANGE
ENVCHANGE
INFO
LOGINACK
ENVCHANGE
DONE
Finally, there is the LOGINACK and DONE tokens : )
Opinions on doing this patch?
- Ken
_______________________________________________
FreeTDS mailing list
FreeTDS at lists.ibiblio.org
http://lists.ibiblio.org/mailman/listinfo/freetds
ken
2012-10-30 12:24:32 UTC
Permalink
Is this something you want me to forward on to the person that gave me this patch before you would apply it? I can get them to join the list if needed.

- Ken
Post by Frediano Ziglio
Yes, I think your connection is using Kerberos. We have similar code
even for gssapi (that provide Kerberos for the Unix world). It must be
return tds_flush_packet(tds), not return status. Also you miss a
CompleteAuthToken call on SEC_I_COMPLETE_AND_CONTINUE.
Frediano
Post by ken
A user on my TinyTDS/SQLServer list reported this bug with FreeTDS. They could not get Windows authentication to work and had to make the following change to sspi.c
free(auth_buf);
// code added start
if (status == SEC_I_COMPLETE_AND_CONTINUE || status == SEC_I_CONTINUE_NEEDED) {
if (out_buf.cbBuffer > 0)
{
tds_put_n(tds, auth->tds_auth.packet, out_buf.cbBuffer);
tds_flush_packet(tds);
return status;
}
}
// code added end
if (status != SEC_E_OK)
return TDS_FAIL;
After that change, they got Windows authentication working and saw the following FreeTDS debug info.
AUTH
ENVCHANGE
INFO
ENVCHANGE
ENVCHANGE
INFO
LOGINACK
ENVCHANGE
DONE
Finally, there is the LOGINACK and DONE tokens : )
Opinions on doing this patch?
- Ken
_______________________________________________
FreeTDS mailing list
FreeTDS at lists.ibiblio.org
http://lists.ibiblio.org/mailman/listinfo/freetds
_______________________________________________
FreeTDS mailing list
FreeTDS at lists.ibiblio.org
http://lists.ibiblio.org/mailman/listinfo/freetds
Frediano Ziglio
2012-11-04 10:26:37 UTC
Permalink
Could you try this patch ?

Frediano
Post by ken
Is this something you want me to forward on to the person that gave me this patch before you would apply it? I can get them to join the list if needed.
- Ken
Post by Frediano Ziglio
Yes, I think your connection is using Kerberos. We have similar code
even for gssapi (that provide Kerberos for the Unix world). It must be
return tds_flush_packet(tds), not return status. Also you miss a
CompleteAuthToken call on SEC_I_COMPLETE_AND_CONTINUE.
Frediano
Post by ken
A user on my TinyTDS/SQLServer list reported this bug with FreeTDS. They could not get Windows authentication to work and had to make the following change to sspi.c
free(auth_buf);
// code added start
if (status == SEC_I_COMPLETE_AND_CONTINUE || status == SEC_I_CONTINUE_NEEDED) {
if (out_buf.cbBuffer > 0)
{
tds_put_n(tds, auth->tds_auth.packet, out_buf.cbBuffer);
tds_flush_packet(tds);
return status;
}
}
// code added end
if (status != SEC_E_OK)
return TDS_FAIL;
After that change, they got Windows authentication working and saw the following FreeTDS debug info.
AUTH
ENVCHANGE
INFO
ENVCHANGE
ENVCHANGE
INFO
LOGINACK
ENVCHANGE
DONE
Finally, there is the LOGINACK and DONE tokens : )
Opinions on doing this patch?
- Ken
_______________________________________________
FreeTDS mailing list
FreeTDS at lists.ibiblio.org
http://lists.ibiblio.org/mailman/listinfo/freetds
_______________________________________________
FreeTDS mailing list
FreeTDS at lists.ibiblio.org
http://lists.ibiblio.org/mailman/listinfo/freetds
_______________________________________________
FreeTDS mailing list
FreeTDS at lists.ibiblio.org
http://lists.ibiblio.org/mailman/listinfo/freetds
-------------- next part --------------
A non-text attachment was scrubbed...
Name: commit-cdf93ab
Type: application/octet-stream
Size: 1281 bytes
Desc: not available
Url : http://lists.ibiblio.org/pipermail/freetds/attachments/20121104/30cc9b7f/attachment.obj
Ken Collins
2012-11-04 21:27:21 UTC
Permalink
Frediano,

Yes, I sent this along and will let you know how it goes. Thanks!


- Ken
Ken Collins
2012-11-07 12:48:41 UTC
Permalink
Confirmed! The patch works, so please move it on in :)

- Ken
Post by Frediano Ziglio
Could you try this patch ?
Frediano
Post by ken
Is this something you want me to forward on to the person that gave me this patch before you would apply it? I can get them to join the list if needed.
- Ken
Post by Frediano Ziglio
Yes, I think your connection is using Kerberos. We have similar code
even for gssapi (that provide Kerberos for the Unix world). It must be
return tds_flush_packet(tds), not return status. Also you miss a
CompleteAuthToken call on SEC_I_COMPLETE_AND_CONTINUE.
Frediano
Post by ken
A user on my TinyTDS/SQLServer list reported this bug with FreeTDS. They could not get Windows authentication to work and had to make the following change to sspi.c
free(auth_buf);
// code added start
if (status == SEC_I_COMPLETE_AND_CONTINUE || status == SEC_I_CONTINUE_NEEDED) {
if (out_buf.cbBuffer > 0)
{
tds_put_n(tds, auth->tds_auth.packet, out_buf.cbBuffer);
tds_flush_packet(tds);
return status;
}
}
// code added end
if (status != SEC_E_OK)
return TDS_FAIL;
After that change, they got Windows authentication working and saw the following FreeTDS debug info.
AUTH
ENVCHANGE
INFO
ENVCHANGE
ENVCHANGE
INFO
LOGINACK
ENVCHANGE
DONE
Finally, there is the LOGINACK and DONE tokens : )
Opinions on doing this patch?
- Ken
_______________________________________________
FreeTDS mailing list
FreeTDS at lists.ibiblio.org
http://lists.ibiblio.org/mailman/listinfo/freetds
_______________________________________________
FreeTDS mailing list
FreeTDS at lists.ibiblio.org
http://lists.ibiblio.org/mailman/listinfo/freetds
_______________________________________________
FreeTDS mailing list
FreeTDS at lists.ibiblio.org
http://lists.ibiblio.org/mailman/listinfo/freetds
<commit-cdf93ab>_______________________________________________
FreeTDS mailing list
FreeTDS at lists.ibiblio.org
http://lists.ibiblio.org/mailman/listinfo/freetds
Frediano Ziglio
2012-11-07 23:00:37 UTC
Permalink
Applied!
Post by Ken Collins
Confirmed! The patch works, so please move it on in :)
- Ken
Post by Frediano Ziglio
Could you try this patch ?
Frediano
Post by ken
Is this something you want me to forward on to the person that gave me this patch before you would apply it? I can get them to join the list if needed.
- Ken
Post by Frediano Ziglio
Yes, I think your connection is using Kerberos. We have similar code
even for gssapi (that provide Kerberos for the Unix world). It must be
return tds_flush_packet(tds), not return status. Also you miss a
CompleteAuthToken call on SEC_I_COMPLETE_AND_CONTINUE.
Frediano
Post by ken
A user on my TinyTDS/SQLServer list reported this bug with FreeTDS. They could not get Windows authentication to work and had to make the following change to sspi.c
free(auth_buf);
// code added start
if (status == SEC_I_COMPLETE_AND_CONTINUE || status == SEC_I_CONTINUE_NEEDED) {
if (out_buf.cbBuffer > 0)
{
tds_put_n(tds, auth->tds_auth.packet, out_buf.cbBuffer);
tds_flush_packet(tds);
return status;
}
}
// code added end
if (status != SEC_E_OK)
return TDS_FAIL;
After that change, they got Windows authentication working and saw the following FreeTDS debug info.
AUTH
ENVCHANGE
INFO
ENVCHANGE
ENVCHANGE
INFO
LOGINACK
ENVCHANGE
DONE
Finally, there is the LOGINACK and DONE tokens : )
Opinions on doing this patch?
- Ken
_______________________________________________
FreeTDS mailing list
FreeTDS at lists.ibiblio.org
http://lists.ibiblio.org/mailman/listinfo/freetds
_______________________________________________
FreeTDS mailing list
FreeTDS at lists.ibiblio.org
http://lists.ibiblio.org/mailman/listinfo/freetds
_______________________________________________
FreeTDS mailing list
FreeTDS at lists.ibiblio.org
http://lists.ibiblio.org/mailman/listinfo/freetds
<commit-cdf93ab>_______________________________________________
FreeTDS mailing list
FreeTDS at lists.ibiblio.org
http://lists.ibiblio.org/mailman/listinfo/freetds
_______________________________________________
FreeTDS mailing list
FreeTDS at lists.ibiblio.org
http://lists.ibiblio.org/mailman/listinfo/freetds
Ken Collins
2012-11-07 23:46:48 UTC
Permalink
Thanks! What versions (0.91.x, 0.92.x or current) and when will I find it here?
ftp://ftp.astron.com/pub/freetds/
Post by Frediano Ziglio
Applied!
Post by Ken Collins
Confirmed! The patch works, so please move it on in :)
- Ken
Frediano Ziglio
2012-11-08 21:27:02 UTC
Permalink
Mmm... good question... I thought this problem was sorted out. It
should be automatic.

Frediano
Post by Ken Collins
Thanks! What versions (0.91.x, 0.92.x or current) and when will I find it here?
ftp://ftp.astron.com/pub/freetds/
Post by Frediano Ziglio
Applied!
Post by Ken Collins
Confirmed! The patch works, so please move it on in :)
- Ken
_______________________________________________
FreeTDS mailing list
FreeTDS at lists.ibiblio.org
http://lists.ibiblio.org/mailman/listinfo/freetds
Ken Collins
2012-11-08 22:43:19 UTC
Permalink
It looks like there the distro system is not working from my end? Latest date is October 6th.

- Ken
Post by Frediano Ziglio
Mmm... good question... I thought this problem was sorted out. It
should be automatic.
Frediano
Post by Ken Collins
Thanks! What versions (0.91.x, 0.92.x or current) and when will I find it here?
ftp://ftp.astron.com/pub/freetds/
Post by Frediano Ziglio
Applied!
Post by Ken Collins
Confirmed! The patch works, so please move it on in :)
- Ken
_______________________________________________
FreeTDS mailing list
FreeTDS at lists.ibiblio.org
http://lists.ibiblio.org/mailman/listinfo/freetds
_______________________________________________
FreeTDS mailing list
FreeTDS at lists.ibiblio.org
http://lists.ibiblio.org/mailman/listinfo/freetds
Loading...