Details
-
New Feature
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
None
-
None
Description
The PAM / dialog authentication plugin currently relies on password2/password3/... URL options for multi-step rounds.
This makes interactive use (desktop apps, CLI tools) not easy because every answer must be embedded in the JDBC URL up front.
the goal is to provide a simple callback (an SPI discovered via ServiceLoader).
When an implementation is registered, SendPamAuthPacket invokes it for every server prompt after round 1, passing the prompt text, the echo flag (info vs password-style) and the round number.
When no implementation is registered, behavior is unchanged and the existing passwordN URL options still apply.
This mirrors mariadb-connector-c's mariadb_auth_dialog dlsym hook, so applications that already integrate PAM via the C client can ship an equivalent Java integration.
interface :
public interface AuthDialogCallback { |
|
|
/** |
* Answer a server-issued prompt.
|
*
|
* @param echo {@code true} if the server expects normal input (info / echoed input); {@code
|
* false} if it's a password-style prompt where the input should be hidden
|
* @param prompt prompt text the server sent (UTF-8, may be empty)
|
* @param round the round number (>= 2)
|
* @return the user's answer, or {@code null} to fall through to the legacy {@code passwordN}
|
* URL options
|
*/
|
String prompt(boolean echo, String prompt, int round); |
}
|
|
example of console based implementation :
package myapp; |
|
|
import org.mariadb.jdbc.plugin.AuthDialogCallback; |
|
|
public class CliDialog implements AuthDialogCallback { |
@Override |
public String prompt(boolean echo, String prompt, int round) { |
System.out.print("[round " + round + " echo=" + echo + "] " + prompt); |
if (echo) { |
return new java.util.Scanner(System.in).nextLine(); |
}
|
if (System.console() != null) { |
return new String(System.console().readPassword()); |
}
|
return new java.util.Scanner(System.in).nextLine(); |
}
|
}
|
|