search

MutonUfoAI / pgina

pGina fork: Open Source Windows Authentication
http://mutonufoai.github.io/pgina
BSD 3-Clause "New" or "Revised" License
156 stars 39 forks source link

mysql-auth drops trailing spaces before database-request #161

Open sh-dvl opened 4 years ago

sh-dvl commented 4 years ago

if someone enters a trailing space after the username, windows recognize it as normal character.

using the mysql-plugin this username is cleaned up before checking auth.

auth succeeds, but windows keeps this space, so first a new user is created and then on any access to fileservers windows asks for auth-credentials.

system is windows 10 1909, pgIna 3.9.9.12

sh-dvl commented 4 years ago

this is not a bug of the plugin, but standard behaviour of mysql/mariadb, called collating pad. (see: https://dev.mysql.com/doc/refman/8.0/en/charset-binary-collations.html#charset-binary-collations-trailing-space-comparisons , https://mariadb.com/kb/en/supported-character-sets-and-collations/#no-pad-collations )

for mysql it seems that this can be configured, for mariadb this seems not to be possible.

a workaround is, to modify in file MySqlUserDataSource.cs the select-strings by adding "BINARY" in front of the user-param.

for example in function GetUserEntry() instead of: "SELECT {1}, {2}, {3} FROM {0} WHERE {1}=@user" use: "SELECT {1}, {2}, {3} FROM {0} WHERE {1} = BINARY @user"

same in IsMemberOfGroup()

after changing these statements, trailing spaces won't match anymore.