diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/MySQLAuthenticationProviderModule.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/MySQLAuthenticationProviderModule.java index 62cf0c4c0f..a9b2d8cab0 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/MySQLAuthenticationProviderModule.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/MySQLAuthenticationProviderModule.java @@ -76,6 +76,10 @@ public MySQLAuthenticationProviderModule(MySQLEnvironment environment) myBatisProperties.setProperty("mybatis.pooled.pingEnabled", "true"); myBatisProperties.setProperty("mybatis.pooled.pingQuery", "SELECT 1"); + // Set whether public key retrieval from the server is allowed + driverProperties.setProperty("allowPublicKeyRetrieval", + environment.getMYSQLAllowPublicKeyRetrieval() ? "true" : "false"); + // Use UTF-8 in database driverProperties.setProperty("characterEncoding", "UTF-8"); @@ -113,15 +117,26 @@ public MySQLAuthenticationProviderModule(MySQLEnvironment environment) if (clientPassword != null) driverProperties.setProperty("clientCertificateKeyStorePassword", clientPassword); - - // Get the MySQL-compatible driver to use. - mysqlDriver = environment.getMySQLDriver(); + + // Set the path to the server public key, if any + // Note that the property name casing is slightly different for MySQL + // and MariaDB drivers. See + // https://dev.mysql.com/doc/connector-j/en/connector-j-connp-props-security.html#cj-conn-prop_serverRSAPublicKeyFile + // and https://mariadb.com/kb/en/about-mariadb-connector-j/#infrequently-used-parameters + String publicKeyFile = environment.getMYSQLServerRSAPublicKeyFile(); + if (publicKeyFile != null) + driverProperties.setProperty( + mysqlDriver == MySQLDriver.MYSQL + ? "serverRSAPublicKeyFile" : "serverRsaPublicKeyFile", + publicKeyFile); // If timezone is present, set it. TimeZone serverTz = environment.getServerTimeZone(); if (serverTz != null) driverProperties.setProperty("serverTimezone", serverTz.getID()); + System.err.println("Driver props: " + driverProperties.toString()); + } @Override diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLEnvironment.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLEnvironment.java index a3dea8964d..a75f011f18 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLEnvironment.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLEnvironment.java @@ -442,4 +442,35 @@ public boolean enforceAccessWindowsForActiveSessions() throws GuacamoleException true); } + /** + * Returns the absolute path to the public key for the server being connected to, + * if any, or null if the configuration property is unset. + * + * @return + * The absolute path to the public key for the server being connected to. + * + * @throws GuacamoleException + * If an error occurs retrieving the configuration value. + */ + public String getMYSQLServerRSAPublicKeyFile() throws GuacamoleException { + return getProperty(MySQLGuacamoleProperties.MYSQL_SERVER_RSA_PUBLIC_KEY_FILE); + } + + /** + * Returns true if the database server public key should be automatically + * retrieved from the MySQL server, or false otherwise. + * + * @return + * Whether the database server public key should be automatically + * retrieved from the MySQL server. + * + * @throws GuacamoleException + * If an error occurs retrieving the configuration value. + */ + public boolean getMYSQLAllowPublicKeyRetrieval() throws GuacamoleException { + return getProperty( + MySQLGuacamoleProperties.MYSQL_ALLOW_PUBLIC_KEY_RETRIEVAL, + false); + } + } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLGuacamoleProperties.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLGuacamoleProperties.java index 5e20b52c63..5f70bf1d63 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLGuacamoleProperties.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLGuacamoleProperties.java @@ -301,6 +301,29 @@ private MySQLGuacamoleProperties() {} @Override public String getName() { return "mysql-batch-size"; } - }; - + }; + + /** + * The absolute path to the public key for the server being connected to, if any. + */ + public static final StringGuacamoleProperty MYSQL_SERVER_RSA_PUBLIC_KEY_FILE = + new StringGuacamoleProperty() { + + @Override + public String getName() { return "mysql-server-rsa-public-key-file"; } + + }; + + /** + * Whether or not the server public key should be automatically retreived from + * the MySQL server. + */ + public static final BooleanGuacamoleProperty MYSQL_ALLOW_PUBLIC_KEY_RETRIEVAL = + new BooleanGuacamoleProperty() { + + @Override + public String getName() { return "mysql-allow-public-key-retrieval"; } + + }; + }