You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by bp...@apache.org on 2006/03/14 20:11:49 UTC
svn commit: r385857 - in /db/derby/code/trunk/java:
drda/org/apache/derby/impl/drda/
testing/org/apache/derbyTesting/functionTests/master/DerbyNet/
testing/org/apache/derbyTesting/functionTests/master/DerbyNet/ibm14/
testing/org/apache/derbyTesting/fun...
Author: bpendleton
Date: Tue Mar 14 11:11:46 2006
New Revision: 385857
URL: http://svn.apache.org/viewcvs?rev=385857&view=rev
Log:
DERBY-1080: Connection reset when using security mechanism=EUSRIDPWD results in protocol error
Patch contributed by Sunitha Kambhampati
For eusridpwd case, the client sends the encrypted userid and password
sectkns as part of SECCHK. The protocol error was happening because we
only read the 2 sectkns if the database.decryptedUserId ,
database.decryptedPassword is null, otherwise we think we have already
read this. Thus on a connection reset,if the decryptedUserId and
decryptedPassword are not reset, server assumes we have seen more SECTKN's
and thus we throw error too many codepoints.
Patch adds
-- code to reset the security mechanism related variables on a connection re-use
-- regression test to testSecMec.java
Modified:
db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/DRDAConnThread.java
db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/Database.java
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/ibm14/testSecMec.out
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/ibm14/ver2.6/testSecMec.out
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/testSecMec.out
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/ver2.6/testSecMec.out
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/ibm14/testSecMec.out
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/testSecMec.out
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/testSecMec.java
Modified: db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/DRDAConnThread.java
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/DRDAConnThread.java?rev=385857&r1=385856&r2=385857&view=diff
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/DRDAConnThread.java (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/DRDAConnThread.java Tue Mar 14 11:11:46 2006
@@ -1617,7 +1617,12 @@
if (d == null)
addDatabase(dbname);
else
+ {
+
+ // reset database for connection re-use
+ d.reset();
database = d;
+ }
break;
//optional - depending on security Mechanism
case CodePoint.SECTKN:
Modified: db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/Database.java
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/Database.java?rev=385857&r1=385856&r2=385857&view=diff
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/Database.java (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/Database.java Tue Mar 14 11:11:46 2006
@@ -371,6 +371,30 @@
}
return s;
}
+
+ /**
+ * This method resets the state of this Database object so that it can
+ * be re-used.
+ * Note: currently this method resets the variables related to security
+ * mechanisms that have been investigated as needing a reset.
+ * TODO: Investigate what all variables in this class need to be
+ * reset when this database object is re-used on a connection pooling or
+ * transaction pooling. see DRDAConnThread.parseACCSEC (CodePoint.RDBNAM)
+ * where database object is re-used on a connection reset.
+ */
+ public void reset()
+ {
+ // Reset variables for connection re-use. Currently only takes care
+ // of reset the variables that affect EUSRIDPWD security mechanism. (DERBY-1080)
+ decryptedUserId = null;
+ decryptedPassword = null;
+ publicKeyIn = null;
+ publicKeyOut = null;
+ userId = null;
+ password = null;
+ securityMechanism = 0;
+ }
+
}
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/ibm14/testSecMec.out
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/ibm14/testSecMec.out?rev=385857&r1=385856&r2=385857&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/ibm14/testSecMec.out (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/ibm14/testSecMec.out Tue Mar 14 11:11:46 2006
@@ -9,6 +9,10 @@
T6: jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat:user=neelima;securityMechanism=4;
T8: jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat:user=neelima;password=lee;securityMechanism=4;
SECMEC_USRIDPWD: OK
+Test DERBY-1080
+withConnectionPooling
+ query ok
+OK
-----
Testing with derby.drda.securityMechanism=USER_ONLY_SECURITY
Checking security mechanism authentication with DriverManager
@@ -20,6 +24,9 @@
T6: jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat:user=neelima;securityMechanism=4;
T8: jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat:user=neelima;password=lee;securityMechanism=4;
SECMEC_USRIDPWD:EXCEPTION testSecurityMechanism() Connection authorization failure occurred. Reason: security mechanism not supported
+Test DERBY-1080
+withConnectionPooling
+DERBY-1080 EXCEPTION () Connection authorization failure occurred. Reason: security mechanism not supported
-----
Testing with derby.drda.securityMechanism=CLEAR_TEXT_PASSWORD_SECURITY
Checking security mechanism authentication with DriverManager
@@ -31,6 +38,9 @@
T6: jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat:user=neelima;securityMechanism=4; - EXCEPTION Connection authorization failure occurred. Reason: security mechanism not supported
T8: jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat:user=neelima;password=lee;securityMechanism=4; - EXCEPTION Connection authorization failure occurred. Reason: security mechanism not supported
SECMEC_USRIDPWD: OK
+Test DERBY-1080
+withConnectionPooling
+DERBY-1080 EXCEPTION () Connection authorization failure occurred. Reason: security mechanism not supported
-----
Testing with derby.drda.securityMechanism=ENCRYPTED_USER_AND_PASSWORD_SECURITY
Checking security mechanism authentication with DriverManager
@@ -42,6 +52,10 @@
T6: jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat:user=neelima;securityMechanism=4; - EXCEPTION Connection authorization failure occurred. Reason: security mechanism not supported
T8: jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat:user=neelima;password=lee;securityMechanism=4; - EXCEPTION Connection authorization failure occurred. Reason: security mechanism not supported
SECMEC_USRIDPWD:EXCEPTION testSecurityMechanism() Connection authorization failure occurred. Reason: security mechanism not supported
+Test DERBY-1080
+withConnectionPooling
+ query ok
+OK
-----
Testing with derby.drda.securityMechanism=INVALID_VALUE
EXPECTED EXCEPTION DRDA_InvalidValue.U:Invalid value, INVALID_VALUE, for derby.drda.securityMechanism.
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/ibm14/ver2.6/testSecMec.out
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/ibm14/ver2.6/testSecMec.out?rev=385857&r1=385856&r2=385857&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/ibm14/ver2.6/testSecMec.out (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/ibm14/ver2.6/testSecMec.out Tue Mar 14 11:11:46 2006
@@ -9,6 +9,10 @@
T6: jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat:user=neelima;securityMechanism=4;
T8: jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat:user=neelima;password=lee;securityMechanism=4;
SECMEC_USRIDPWD: OK
+Test DERBY-1080
+withConnectionPooling
+ query ok
+OK
-----
Testing with derby.drda.securityMechanism=USER_ONLY_SECURITY
Checking security mechanism authentication with DriverManager
@@ -20,6 +24,9 @@
T6: jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat:user=neelima;securityMechanism=4;
T8: jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat:user=neelima;password=lee;securityMechanism=4;
SECMEC_USRIDPWD:EXCEPTION testSecurityMechanism() Connection authorization failure occurred. Reason: security mechanism not supported
+Test DERBY-1080
+withConnectionPooling
+DERBY-1080 EXCEPTION () Connection authorization failure occurred. Reason: security mechanism not supported
-----
Testing with derby.drda.securityMechanism=CLEAR_TEXT_PASSWORD_SECURITY
Checking security mechanism authentication with DriverManager
@@ -31,6 +38,9 @@
T6: jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat:user=neelima;securityMechanism=4; - EXCEPTION Connection authorization failure occurred. Reason: security mechanism not supported
T8: jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat:user=neelima;password=lee;securityMechanism=4; - EXCEPTION Connection authorization failure occurred. Reason: security mechanism not supported
SECMEC_USRIDPWD: OK
+Test DERBY-1080
+withConnectionPooling
+DERBY-1080 EXCEPTION () Connection authorization failure occurred. Reason: security mechanism not supported
-----
Testing with derby.drda.securityMechanism=ENCRYPTED_USER_AND_PASSWORD_SECURITY
Checking security mechanism authentication with DriverManager
@@ -42,6 +52,10 @@
T6: jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat:user=neelima;securityMechanism=4; - EXCEPTION Connection authorization failure occurred. Reason: security mechanism not supported
T8: jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat:user=neelima;password=lee;securityMechanism=4; - EXCEPTION Connection authorization failure occurred. Reason: security mechanism not supported
SECMEC_USRIDPWD: OK
+Test DERBY-1080
+withConnectionPooling
+ query ok
+OK
-----
Testing with derby.drda.securityMechanism=INVALID_VALUE
EXPECTED EXCEPTION DRDA_InvalidValue.U:Invalid value, INVALID_VALUE, for derby.drda.securityMechanism.
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/testSecMec.out
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/testSecMec.out?rev=385857&r1=385856&r2=385857&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/testSecMec.out (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/testSecMec.out Tue Mar 14 11:11:46 2006
@@ -9,6 +9,9 @@
T6: jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat:user=neelima;securityMechanism=4;
T8: jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat:user=neelima;password=lee;securityMechanism=4;
SECMEC_USRIDPWD: OK
+Test DERBY-1080
+withConnectionPooling
+DERBY-1080 EXCEPTION () java.lang.ClassNotFoundException is caught when initializing EncryptionManager 'IBMJCE'
-----
Testing with derby.drda.securityMechanism=USER_ONLY_SECURITY
Checking security mechanism authentication with DriverManager
@@ -20,6 +23,9 @@
T6: jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat:user=neelima;securityMechanism=4;
T8: jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat:user=neelima;password=lee;securityMechanism=4;
SECMEC_USRIDPWD:EXCEPTION testSecurityMechanism() Connection authorization failure occurred. Reason: security mechanism not supported
+Test DERBY-1080
+withConnectionPooling
+DERBY-1080 EXCEPTION () java.lang.ClassNotFoundException is caught when initializing EncryptionManager 'IBMJCE'
-----
Testing with derby.drda.securityMechanism=CLEAR_TEXT_PASSWORD_SECURITY
Checking security mechanism authentication with DriverManager
@@ -31,6 +37,9 @@
T6: jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat:user=neelima;securityMechanism=4; - EXCEPTION Connection authorization failure occurred. Reason: security mechanism not supported
T8: jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat:user=neelima;password=lee;securityMechanism=4; - EXCEPTION Connection authorization failure occurred. Reason: security mechanism not supported
SECMEC_USRIDPWD: OK
+Test DERBY-1080
+withConnectionPooling
+DERBY-1080 EXCEPTION () java.lang.ClassNotFoundException is caught when initializing EncryptionManager 'IBMJCE'
-----
Testing with derby.drda.securityMechanism=ENCRYPTED_USER_AND_PASSWORD_SECURITY
Checking security mechanism authentication with DriverManager
@@ -42,6 +51,9 @@
T6: jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat:user=neelima;securityMechanism=4; - EXCEPTION Connection authorization failure occurred. Reason: security mechanism not supported
T8: jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat:user=neelima;password=lee;securityMechanism=4; - EXCEPTION Connection authorization failure occurred. Reason: security mechanism not supported
SECMEC_USRIDPWD:EXCEPTION testSecurityMechanism() Connection authorization failure occurred. Reason: security mechanism not supported
+Test DERBY-1080
+withConnectionPooling
+DERBY-1080 EXCEPTION () java.lang.ClassNotFoundException is caught when initializing EncryptionManager 'IBMJCE'
-----
Testing with derby.drda.securityMechanism=INVALID_VALUE
EXPECTED EXCEPTION DRDA_InvalidValue.U:Invalid value, INVALID_VALUE, for derby.drda.securityMechanism.
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/ver2.6/testSecMec.out
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/ver2.6/testSecMec.out?rev=385857&r1=385856&r2=385857&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/ver2.6/testSecMec.out (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/ver2.6/testSecMec.out Tue Mar 14 11:11:46 2006
@@ -9,6 +9,9 @@
T6: jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat:user=neelima;securityMechanism=4;
T8: jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat:user=neelima;password=lee;securityMechanism=4;
SECMEC_USRIDPWD: OK
+Test DERBY-1080
+withConnectionPooling
+DERBY-1080 EXCEPTION () java.lang.ClassNotFoundException is caught when initializing EncryptionManager 'IBMJCE'
-----
Testing with derby.drda.securityMechanism=USER_ONLY_SECURITY
Checking security mechanism authentication with DriverManager
@@ -20,6 +23,9 @@
T6: jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat:user=neelima;securityMechanism=4;
T8: jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat:user=neelima;password=lee;securityMechanism=4;
SECMEC_USRIDPWD:EXCEPTION testSecurityMechanism() Connection authorization failure occurred. Reason: security mechanism not supported
+Test DERBY-1080
+withConnectionPooling
+DERBY-1080 EXCEPTION () java.lang.ClassNotFoundException is caught when initializing EncryptionManager 'IBMJCE'
-----
Testing with derby.drda.securityMechanism=CLEAR_TEXT_PASSWORD_SECURITY
Checking security mechanism authentication with DriverManager
@@ -31,6 +37,9 @@
T6: jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat:user=neelima;securityMechanism=4; - EXCEPTION Connection authorization failure occurred. Reason: security mechanism not supported
T8: jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat:user=neelima;password=lee;securityMechanism=4; - EXCEPTION Connection authorization failure occurred. Reason: security mechanism not supported
SECMEC_USRIDPWD: OK
+Test DERBY-1080
+withConnectionPooling
+DERBY-1080 EXCEPTION () java.lang.ClassNotFoundException is caught when initializing EncryptionManager 'IBMJCE'
-----
Testing with derby.drda.securityMechanism=ENCRYPTED_USER_AND_PASSWORD_SECURITY
Checking security mechanism authentication with DriverManager
@@ -45,6 +54,9 @@
T8: jdbc:derby:net://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat:user=neelima;password=lee;securityMechanism=4; - EXCEPTION Connection authorization failure occurred. Reason: security mechanism not supported
SECMEC_USRIDPWD:EXCEPTION testSecurityMechanism() Connection authorization failure occurred. Reason: security mechanism not supported
SQLSTATE(null): java.lang.ClassNotFoundException is caught when initializing EncryptionManager 'IBMJCE'
+Test DERBY-1080
+withConnectionPooling
+DERBY-1080 EXCEPTION () java.lang.ClassNotFoundException is caught when initializing EncryptionManager 'IBMJCE'
-----
Testing with derby.drda.securityMechanism=INVALID_VALUE
EXPECTED EXCEPTION DRDA_InvalidValue.U:Invalid value, INVALID_VALUE, for derby.drda.securityMechanism.
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/ibm14/testSecMec.out
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/ibm14/testSecMec.out?rev=385857&r1=385856&r2=385857&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/ibm14/testSecMec.out (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/ibm14/testSecMec.out Tue Mar 14 11:11:46 2006
@@ -10,6 +10,10 @@
T8: jdbc:derby://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat;user=neelima;password=lee;securityMechanism=4
SECMEC_USRIDPWD: OK
SECMEC_EUSRIDPWD: OK
+Test DERBY-1080
+withConnectionPooling
+ query ok
+OK
-----
Testing with derby.drda.securityMechanism=USER_ONLY_SECURITY
Checking security mechanism authentication with DriverManager
@@ -22,6 +26,9 @@
T8: jdbc:derby://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat;user=neelima;password=lee;securityMechanism=4 - EXCEPTION Connection authorization failure occurred. Reason: security mechanism not supported
SECMEC_USRIDPWD:EXCEPTION testSecurityMechanism() Connection authorization failure occurred. Reason: security mechanism not supported
SECMEC_EUSRIDPWD:EXCEPTION testSecurityMechanism() Connection authorization failure occurred. Reason: security mechanism not supported
+Test DERBY-1080
+withConnectionPooling
+DERBY-1080 EXCEPTION () Connection authorization failure occurred. Reason: security mechanism not supported
-----
Testing with derby.drda.securityMechanism=CLEAR_TEXT_PASSWORD_SECURITY
Checking security mechanism authentication with DriverManager
@@ -34,6 +41,9 @@
T8: jdbc:derby://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat;user=neelima;password=lee;securityMechanism=4
SECMEC_USRIDPWD: OK
SECMEC_EUSRIDPWD:EXCEPTION testSecurityMechanism() Connection authorization failure occurred. Reason: security mechanism not supported
+Test DERBY-1080
+withConnectionPooling
+DERBY-1080 EXCEPTION () Connection authorization failure occurred. Reason: security mechanism not supported
-----
Testing with derby.drda.securityMechanism=ENCRYPTED_USER_AND_PASSWORD_SECURITY
Checking security mechanism authentication with DriverManager
@@ -46,6 +56,10 @@
T8: jdbc:derby://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat;user=neelima;password=lee;securityMechanism=4 - EXCEPTION Connection authorization failure occurred. Reason: security mechanism not supported
SECMEC_USRIDPWD:EXCEPTION testSecurityMechanism() Connection authorization failure occurred. Reason: security mechanism not supported
SECMEC_EUSRIDPWD: OK
+Test DERBY-1080
+withConnectionPooling
+ query ok
+OK
-----
Testing with derby.drda.securityMechanism=INVALID_VALUE
EXPECTED EXCEPTION DRDA_InvalidValue.U:Invalid value, INVALID_VALUE, for derby.drda.securityMechanism.
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/testSecMec.out
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/testSecMec.out?rev=385857&r1=385856&r2=385857&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/testSecMec.out (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/testSecMec.out Tue Mar 14 11:11:46 2006
@@ -10,6 +10,9 @@
T8: jdbc:derby://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat;user=neelima;password=lee;securityMechanism=4
SECMEC_USRIDPWD: OK
SECMEC_EUSRIDPWD:EXCEPTION testSecurityMechanism() Security exception encountered, see next exception for details.
+Test DERBY-1080
+withConnectionPooling
+DERBY-1080 EXCEPTION () Security exception encountered, see next exception for details.
-----
Testing with derby.drda.securityMechanism=USER_ONLY_SECURITY
Checking security mechanism authentication with DriverManager
@@ -22,6 +25,9 @@
T8: jdbc:derby://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat;user=neelima;password=lee;securityMechanism=4 - EXCEPTION Connection authorization failure occurred. Reason: security mechanism not supported
SECMEC_USRIDPWD:EXCEPTION testSecurityMechanism() Connection authorization failure occurred. Reason: security mechanism not supported
SECMEC_EUSRIDPWD:EXCEPTION testSecurityMechanism() Security exception encountered, see next exception for details.
+Test DERBY-1080
+withConnectionPooling
+DERBY-1080 EXCEPTION () Security exception encountered, see next exception for details.
-----
Testing with derby.drda.securityMechanism=CLEAR_TEXT_PASSWORD_SECURITY
Checking security mechanism authentication with DriverManager
@@ -34,6 +40,9 @@
T8: jdbc:derby://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat;user=neelima;password=lee;securityMechanism=4
SECMEC_USRIDPWD: OK
SECMEC_EUSRIDPWD:EXCEPTION testSecurityMechanism() Security exception encountered, see next exception for details.
+Test DERBY-1080
+withConnectionPooling
+DERBY-1080 EXCEPTION () Security exception encountered, see next exception for details.
-----
Testing with derby.drda.securityMechanism=ENCRYPTED_USER_AND_PASSWORD_SECURITY
Checking security mechanism authentication with DriverManager
@@ -46,6 +55,9 @@
T8: jdbc:derby://xxxFILTERED_HOSTNAMExxx:xxxFILTEREDPORTxxx/wombat;user=neelima;password=lee;securityMechanism=4 - EXCEPTION Connection authorization failure occurred. Reason: security mechanism not supported
SECMEC_USRIDPWD:EXCEPTION testSecurityMechanism() Connection authorization failure occurred. Reason: security mechanism not supported
SECMEC_EUSRIDPWD:EXCEPTION testSecurityMechanism() Security exception encountered, see next exception for details.
+Test DERBY-1080
+withConnectionPooling
+DERBY-1080 EXCEPTION () Security exception encountered, see next exception for details.
-----
Testing with derby.drda.securityMechanism=INVALID_VALUE
EXPECTED EXCEPTION DRDA_InvalidValue.U:Invalid value, INVALID_VALUE, for derby.drda.securityMechanism.
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/testSecMec.java
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/testSecMec.java?rev=385857&r1=385856&r2=385857&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/testSecMec.java (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/testSecMec.java Tue Mar 14 11:11:46 2006
@@ -28,6 +28,8 @@
import java.sql.SQLException;
import java.sql.DriverManager;
import javax.sql.DataSource;
+import javax.sql.ConnectionPoolDataSource;
+import javax.sql.PooledConnection;
import org.apache.derby.tools.JDBCDisplayUtil;
import org.apache.derby.tools.ij;
@@ -43,11 +45,39 @@
/**
* This class tests the security mechanisms supported by Network Server
* Network server supports SECMEC_EUSRIDPWD, SECMEC_USRIDPWD, SECMEC_USRIDONL
- * Note - currently the SECMEC_EUSRIDPWD does not work with all versions of ibm142
- * because of the following reason
- * The DiffieHelman algorithm that is used here uses a prime of 32bytes and this is not
- * supported by Sun JCE , but is supported in ibm141 and some latest versions of ibm142
- *
+ *
+ * Key points:
+ * 1)Server and client support encrypted userid/password (EUSRIDPWD) via the
+ * use of Diffie Helman key-agreement protocol - however current Open Group DRDA
+ * specifications imposes small prime and base generator values (256 bits) that
+ * prevents other JCE's to be used as java cryptography providers - typical
+ * minimum security requirements is usually of 1024 bits (512-bit absolute
+ * minimum) when using DH key-agreement protocol to generate a session key.
+ *
+ * (Reference: DDM manual, page 281 and 282. Section: Generating the shared
+ * private key. DRDA's diffie helman agreed public values for prime are 256
+ * bits. The spec gives the public values for the prime, generator and the size
+ * of exponent required for DH . These values must be used as is to generate a
+ * shared private key.)
+ *
+ * Encryption is done using JCE. Hence JCE support of the necessary algorithm is
+ * required for a particular security mechanism to work. Thus even though the
+ * server and client have code to support EUSRIDPWD, this security mechanism
+ * will not work in all JVMs.
+ *
+ * JVMs where support for DH(32byte prime) is not available and thus EUSRIDPWD
+ * wont work are Sun JVM (versions 1.3.1,1.4.1,1.4.2,1.5) and IBM JVM (versions
+ * 1.3.1 and some old versions of 1.4.2 (in 2004) )
+ *
+ * JVMs where support for DH(32bytes prime) is available and thus EUSRIDPWD will
+ * work are IBM JVM [versions 1.4.1, later versions of 1.4.2 (from 2005), 1.5]
+ *
+ * #2) JCC 2.6 client does some automatic upgrade of security mechanism in one
+ * case. Logic is as follows:
+ * If client sends USRIDPWD to server and server rejects this
+ * and says it accepts only EUSRIDPWD, in that case JCC 2.6 will upgrade the
+ * security mechanism to EUSRIDPWD and retry the request with EUSRIDPWD.
+ * This switching will also override the security mechanism specified by user.
*/
public class testSecMec extends dataSourcePermissions_net
@@ -283,6 +313,8 @@
getConnectionUsingDataSource();
+ // regression test for DERBY-1080
+ testDerby1080();
}
/*
@@ -380,4 +412,147 @@
}
}
+ /**
+ * Test a deferred connection reset. When connection pooling is done
+ * and connection is reset, the client sends EXCSAT,ACCSEC and followed
+ * by SECCHK and ACCRDB. Test if the security mechanism related information
+ * is correctly reset or not. This method was added to help simulate regression
+ * test for DERBY-1080. It is called from testDerby1080
+ * @param user username
+ * @param password password for connection
+ * @param secmec security mechanism for datasource
+ * @throws Exception
+ */
+ public void testSecMecWithConnPooling(String user, String password,
+ Short secmec) throws Exception
+ {
+ System.out.println("withConnectionPooling");
+ Connection conn;
+ String securityMechanismProperty = "SecurityMechanism";
+ Class[] argType = { Short.TYPE };
+ String methodName = TestUtil.getSetterName(securityMechanismProperty);
+ Object[] args = new Short[1];
+ args[0] = secmec;
+
+ ConnectionPoolDataSource cpds = getCPDS("wombat", user,password);
+
+ // call setSecurityMechanism with secmec.
+ Method sh = cpds.getClass().getMethod(methodName, argType);
+ sh.invoke(cpds, args);
+
+ // simulate case when connection will be re-used by getting
+ // a connection, closing it and then the next call to
+ // getConnection will re-use the previous connection.
+ PooledConnection pc = cpds.getPooledConnection();
+ conn = pc.getConnection();
+ conn.close();
+ conn = pc.getConnection();
+ test(conn);
+ conn.close();
+ System.out.println("OK");
+ }
+ /**
+ * Test a connection by executing a sample query
+ * @param conn database connection
+ * @throws Exception if there is any error
+ */
+ public void test(Connection conn)
+ throws Exception
+ {
+
+ Statement stmt = null;
+ ResultSet rs = null;
+ try
+ {
+ // To test our connection, we will try to do a select from the system catalog tables
+ stmt = conn.createStatement();
+ rs = stmt.executeQuery("select count(*) from sys.systables");
+ while(rs.next())
+ System.out.println(" query ok ");
+
+ }
+ catch(SQLException sqle)
+ {
+ System.out.println("SQLException when querying on the database connection; "+ sqle);
+ throw sqle;
+ }
+ finally
+ {
+ if(rs != null)
+ rs.close();
+ if(stmt != null)
+ stmt.close();
+ }
+ }
+
+
+
+ /**
+ * This is a regression test for DERBY-1080 - where some variables required
+ * only for the EUSRIDPWD security mechanism case were not getting reset on
+ * connection re-use and resulting in protocol error.
+ *
+ * Read class level comments (#1) to understand what is specified by drda
+ * spec for EUSRIDPWD.
+ * <br>
+ * Encryption is done using JCE. Hence JCE support of the necessary
+ * algorithm is required for EUSRIDPWD security mechanism to work. Thus
+ * even though the server and client have code to support EUSRIDPWD, this
+ * security mechanism will not work in all JVMs.
+ *
+ * JVMs where support for DH(32byte prime) is not available and thus EUSRIDPWD
+ * wont work are Sun JVM (versions 1.3.1,1.4.1,1.4.2,1.5) and
+ * IBM JVM (versions 1.3.1 and some old versions of 1.4.2 (in 2004) )
+ *
+ * Expected behavior for this test:
+ * If no regression has occurred, this test should work OK, given the
+ * expected exception in following cases:
+ * 1) When EUSRIDPWD is not supported in JVM the test is running, a CNFE
+ * with initializing EncryptionManager will happen. This will happen for
+ * Sun JVM (versions 1.3.1,1.4.1,1.4.2,1.5) and
+ * IBM JVM (versions 1.3.1 and some old versions of 1.4.2 (in 2004) )
+ * For JCC clients, error message is
+ * "java.lang.ClassNotFoundException is caught when initializing
+ * EncryptionManager 'IBMJCE'"
+ * For derby client, the error message is
+ * "Security exception encountered, see next exception for details."
+ * 2)If server does not accept EUSRIDPWD security mechanism from clients,then
+ * error message will be "Connection authorization failure
+ * occurred. Reason: security mechanism not supported"
+ * Note: #2 can happen if server is started with derby.drda.securityMechanism
+ * and thus restricts what security mechanisms the client can connect with.
+ * This will happen for the test run when derby.drda.securityMechanism is set and
+ * to some valid value other than ENCRYPTED_USER_AND_PASSWORD_SECURITY.
+ * <br>
+ * See RunTest where this method is called to test for regression for DERBY-1080.
+ * Also see main method to check if server is using the derby.drda.securityMechanism to
+ * restrict client connections based on security mechanism.
+ */
+ public void testDerby1080()
+ {
+ try
+ {
+ System.out.println("Test DERBY-1080");
+ // simulate connection re-set using connection pooling on a pooled datasource
+ // set security mechanism to use encrypted userid and password.
+ testSecMecWithConnPooling("peter","neelima",new Short(SECMEC_EUSRIDPWD));
+ }
+ catch (SQLException sqle)
+ {
+ // Exceptions expected in certain case hence printing message instead of stack traces
+ // here.
+ // - For cases where the jvm does not support EUSRIDPWD.
+ // - For case if server doesnt accept connection with this security mechanism
+ // Please see javadoc comments for this test method for more details of expected
+ // exceptions.
+ System.out.println("DERBY-1080 EXCEPTION () " + sqle.getMessage());
+ dumpSQLException(sqle.getNextException());
+ }
+ catch (Exception e)
+ {
+ System.out.println("UNEXPECTED EXCEPTION!!!" );
+ e.printStackTrace();
+ }
+
+ }
}