Description: I can't connect to DB user when it's configured to gssapi auth (auth with win user credentials). This works nice from i.e. HeidiSQL (where an option is displayed to use the current win user account). Steps to Reproduce: 1. Connect to MySQL/MariaDB instance with gssapi_auth plugin enabled (server side) and mapped to the db user. 2. Try to connect to this instance from LO Base via the MySQL connector. Actual Results: An error message is displayed with a bit weired content (German l10n): > Plugin auth_gssapi_client could not be loaded: Das angegebene Modul wurde nicht gefunden. Library path is '/usr/local/lib/mariadb/plugin/auth_gssapi_client.dll' Why a Linux path while LO and the MariaDB server are running on Win?? Expected Results: Base should find the auth_gssapi_client.dll and connect via this auth method like it does perfectly with user/password auth. Reproducible: Always User Profile Reset: No Additional Info: As a workaround: Can I copy the mentioned dll to some folder? I tried to add it as extension but it isn't prepared to be an extension... I understood the JDBC connector isn't an option because it isn't maintained anymore, right?
(In reply to Markus from comment #0) > > Additional Info: > As a workaround: Can I copy the mentioned dll to some folder? I tried to add > it as extension but it isn't prepared to be an extension... > I understood the JDBC connector isn't an option because it isn't maintained > anymore, right? Can't say anything ti this special Windows bug, but: Where do you find JDBC connector isn't maintained for MySQL? https://dev.mysql.com/downloads/connector/j/ You are writing about MariaDB also: https://mariadb.com/kb/en/about-mariadb-connector-j/ How to connect to these two JDBC-drivers: See the German Base Handbuch.
(In reply to Robert Großkopf from comment #1) > Can't say anything ti this special Windows bug, but: Where do you find JDBC > connector isn't maintained for MySQL? > https://dev.mysql.com/downloads/connector/j/ Oh, perhaps I misunderstood something. I tried to connect using the JDBC connector. This works for normal connections with user/pass auth. I found this doc explaining something about using the connector with the gssapi auth: https://mariadb.com/kb/en/gssapi-authentication-with-mariadb-connector-j/ But to be honest: I didn't succeed to transfer this to my usecase with the loaded mariadb-java-client-3.0.6.jar within LO. My original topic was the missing auth plugins support for the direct MySQL connection implementation. Some dlls seems to be missing. Obviously LO tries to search a linux path on win only systems - if the error message is correct.
Michael: I don't know gss but I remind caching_sha2_pw, could this kind of patch help: diff --git a/external/mariadb-connector-c/StaticLibrary_mariadb-connector-c.mk b/external/mariadb-connector-c/StaticLibrary_mariadb-connector-c.mk index 3458089ce99e..b3948bd72ec7 100644 --- a/external/mariadb-connector-c/StaticLibrary_mariadb-connector-c.mk +++ b/external/mariadb-connector-c/StaticLibrary_mariadb-connector-c.mk @@ -67,6 +67,9 @@ $(eval $(call gb_StaticLibrary_add_generated_cobjects,mariadb-connector-c,\ UnpackedTarball/mariadb-connector-c/libmariadb/ma_client_plugin \ UnpackedTarball/mariadb-connector-c/plugins/auth/my_auth \ UnpackedTarball/mariadb-connector-c/plugins/auth/caching_sha2_pw \ + UnpackedTarball/mariadb-connector-c/plugins/auth/auth_gssapi_client \ + UnpackedTarball/mariadb-connector-c/plugins/auth/gssapi_client \ + UnpackedTarball/mariadb-connector-c/plugins/auth/gssapi_errmsg \ UnpackedTarball/mariadb-connector-c/plugins/pvio/pvio_socket \ $(if $(filter $(OS),WNT), \ UnpackedTarball/mariadb-connector-c/libmariadb/win32_errmsg \ ? I mean, build is ok but then doc about it to test this doesn't seem easy https://mariadb.com/kb/en/authentication-plugin-gssapi/ at least for authentication beotians like me. Thought it could be interesting to submit a patch on master only first then asking for some test and if it's ok cherry-pick the patch on 7.4
i see 2 things missing: 1. most likely some initialization pointer needs to be added like in commit b746633b2b251695134e7f8c268a75e45cf97c82 2. gssapi probably needs to link to some libraries in connectivity/Library_mysqlc.mk 3. configure.ac already contains --with-gssapi and some checks but only if postgresql-sdbc is enabled.
(In reply to Michael Stahl (allotropia) from comment #4) > i see 2 things missing: > > 1. most likely some initialization pointer needs to be added like in commit > b746633b2b251695134e7f8c268a75e45cf97c82 > > 2. gssapi probably needs to link to some libraries in > connectivity/Library_mysqlc.mk > > 3. configure.ac already contains --with-gssapi and some checks but only if > postgresql-sdbc is enabled. Thank you for the feedback I expected the patch wouldn't be sufficient. For 1) I noticed in workdir/UnpackedTarball/mariadb-connector-c/plugins/auth/auth_gssapi_client.c 102 /* register client plugin */ 103 #ifndef PLUGIN_DYNAMIC 104 struct st_mysql_client_plugin_AUTHENTICATION auth_gssapi_client_client_plugin= 105 #else 106 struct st_mysql_client_plugin_AUTHENTICATION _mysql_client_plugin_declaration_ = 107 #endif 108 { 109 MYSQL_CLIENT_AUTHENTICATION_PLUGIN, 110 MYSQL_CLIENT_AUTHENTICATION_PLUGIN_INTERFACE_VERSION, 111 "auth_gssapi_client", 112 "Shuang Qiu, Robbie Harwood, Vladislav Vaintroub, Georg Richter", 113 "GSSAPI/SSPI based authentication", 114 {0, 1, 0}, 115 "BSD", 116 NULL, 117 NULL, 118 NULL, 119 NULL, 120 gssapi_auth_client 121 }; but don't know what to do. For 2) and 3), no idea. I've got no idea if gss is often used or not so don't know if it should be high, medium or low priority.
I gave it a try with https://gerrit.libreoffice.org/c/core/+/159954 I tried to take into account https://bugs.documentfoundation.org/show_bug.cgi?id=150082#c4
(In reply to Julien Nabet from comment #6) > I gave it a try with https://gerrit.libreoffice.org/c/core/+/159954 > > I tried to take into account > https://bugs.documentfoundation.org/show_bug.cgi?id=150082#c4 I tried twice, it didn't work => I abandoned the patch
I gave a new try by restoring the patch and excluding Windows since it requires gssapi.h and we're not sure we have it here.
Julien Nabet committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/53ab6269215d4e37af3f9dfaae2a306e040c5b88 tdf#150082: LO Base MariaDB/MySQL connector don't accept auth via gssapi It will be available in 24.8.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Since I didn't test this because don't know how to do it, don't hesitate to provide some feedback when a build including the patch will be available (in 24/48 hours). Just for the repeat, I excluded Windows in the patch because of gssapi.h file was missing.
Julien Nabet committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/62b08851dd7866c830124b30d5722b9541cb2d93 Related tdf#150082: remove duplicate gssapi_client/gssapi_errmsg It will be available in 24.8.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Julien Nabet committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/6d5d9eaa61505cebaf3bde4bfc157d8e19fec8de tdf#150082: LO Base MariaDB/MySQL connector don't accept auth via gssapi... It will be available in 24.8.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.