You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by ka...@apache.org on 2010/03/25 13:26:42 UTC

svn commit: r927367 - in /db/derby/code/trunk/java: engine/org/apache/derby/impl/jdbc/authentication/ engine/org/apache/derby/loc/ shared/org/apache/derby/shared/common/reference/ testing/org/apache/derbyTesting/functionTests/tests/lang/

Author: kahatlen
Date: Thu Mar 25 12:26:42 2010
New Revision: 927367

URL: http://svn.apache.org/viewvc?rev=927367&view=rev
Log:
DERBY-4483: Provide a way to change the hash algorithm used by BUILTIN authentication

Added more information to error message for authentication failure
with strong password substitution to indicate that it might have been
caused by the use of a custom hash algorithm.

Modified:
    db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/BasicAuthenticationServiceImpl.java
    db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml
    db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/ErrorCodeTest.java

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/BasicAuthenticationServiceImpl.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/BasicAuthenticationServiceImpl.java?rev=927367&r1=927366&r2=927367&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/BasicAuthenticationServiceImpl.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/BasicAuthenticationServiceImpl.java Thu Mar 25 12:26:42 2010
@@ -22,6 +22,7 @@
 package org.apache.derby.impl.jdbc.authentication;
 
 import org.apache.derby.iapi.reference.Attribute;
+import org.apache.derby.iapi.reference.SQLState;
 import org.apache.derby.authentication.UserAuthenticator;
 import org.apache.derby.iapi.services.property.PropertyUtil;
 import org.apache.derby.iapi.services.monitor.Monitor;
@@ -233,20 +234,24 @@ public final class BasicAuthenticationSe
             }
         }
 
-		if (definedUserPassword == null)
-			// no such user found
-			return false;
-
-		// check if the passwords match
-		if (!definedUserPassword.equals(passedUserPassword))
-			return false;
-
+        // Check if the passwords match.
 		// NOTE: We do not look at the passed-in database name value as
 		// we rely on the authorization service that was put in
 		// in 2.0 . (if a database name was passed-in)
+        boolean passwordsMatch =
+                (definedUserPassword != null) &&
+                definedUserPassword.equals(passedUserPassword);
+
+        // Provide extra information on mismatch if strong password
+        // substitution is used, since the problem may be that the stored
+        // password was stored using the configurable hash authentication
+        // scheme which is incompatible with strong password substitution.
+        if (!passwordsMatch && secMec == SECMEC_USRSSBPWD) {
+            throw Util.generateCsSQLException(
+                    SQLState.NET_CONNECT_SECMEC_INCOMPATIBLE_SCHEME);
+        }
 
-		// We do have a valid user
-		return true;
+        return passwordsMatch;
 	}
 
     /**

Modified: db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml?rev=927367&r1=927366&r2=927367&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml Thu Mar 25 12:26:42 2010
@@ -416,6 +416,11 @@ Guide.
             </msg>
 
             <msg>
+                <name>08004.C.12</name>
+                <text>Connection authentication failure occurred. Either the supplied credentials were invalid, or the database uses a password encryption scheme not compatible with the strong password substitution security mechanism. If this error started after upgrade, refer to the release note for DERBY-4483 for options.</text>
+            </msg>
+
+            <msg>
                 <name>08006.C</name>
                 <text>A network protocol error was encountered and the connection has been terminated: {0}</text>
 		<arg>error</arg>

Modified: db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java?rev=927367&r1=927366&r2=927367&view=diff
==============================================================================
--- db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java (original)
+++ db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java Thu Mar 25 12:26:42 2010
@@ -1655,6 +1655,7 @@ public interface SQLState {
     String AUTH_DATABASE_CREATE_EXCEPTION                   = "08004.C.10";
     //DERBY-2109: new state/msg
     String AUTH_DATABASE_CREATE_MISSING_PERMISSION          = "08004.C.11";
+    String NET_CONNECT_SECMEC_INCOMPATIBLE_SCHEME           = "08004.C.12";
 
     // There can be multiple causes for 08003, which according
     // to SQL2003 spec means "connection does not exist"

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/ErrorCodeTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/ErrorCodeTest.java?rev=927367&r1=927366&r2=927367&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/ErrorCodeTest.java (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/ErrorCodeTest.java Thu Mar 25 12:26:42 2010
@@ -26,16 +26,9 @@ import junit.framework.TestSuite;
 
 import org.apache.derbyTesting.junit.BaseJDBCTestCase;
 import org.apache.derbyTesting.junit.TestConfiguration;
-import org.apache.derbyTesting.junit.Utilities;
 
-import java.sql.Connection;
 import java.sql.ResultSet;
-import java.sql.ResultSetMetaData;
-import java.sql.PreparedStatement;
 import java.sql.Statement;
-import java.sql.CallableStatement;
-import java.sql.SQLWarning;
-import java.sql.SQLException;
 import org.apache.derbyTesting.junit.JDBC;
 
 public final class ErrorCodeTest extends BaseJDBCTestCase {
@@ -127,6 +120,7 @@ public final class ErrorCodeTest extends
         		{"08004","Missing permission for user '{0}' to shutdown system [{1}].","40000"},
         		{"08004","Cannot check system permission to create database '{0}' [{1}].","40000"},
         		{"08004","Missing permission for user '{0}' to create database '{1}' [{2}].","40000"},
+        		{"08004","Connection authentication failure occurred. Either the supplied credentials were invalid, or the database uses a password encryption scheme not compatible with the strong password substitution security mechanism. If this error started after upgrade, refer to the release note for DERBY-4483 for options.","40000"},
         		{"08006","An error occurred during connect reset and the connection has been terminated.  See chained exceptions for details.","40000"},
         		{"08006","SocketException: '{0}'","40000"},
         		{"08006","A communications error has been detected: {0}.","40000"},