You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by rh...@apache.org on 2013/05/30 19:36:06 UTC
svn commit: r1487946 - in /db/derby/code/trunk/java:
engine/org/apache/derby/impl/sql/compile/FromBaseTable.java
testing/org/apache/derbyTesting/functionTests/tests/lang/DBOAccessTest.java
Author: rhillegas
Date: Thu May 30 17:36:06 2013
New Revision: 1487946
URL: http://svn.apache.org/r1487946
Log:
DERBY-6221: Check for invisible PASSWORD column at preprocessing time.
Modified:
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromBaseTable.java
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/DBOAccessTest.java
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromBaseTable.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromBaseTable.java?rev=1487946&r1=1487945&r2=1487946&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromBaseTable.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromBaseTable.java Thu May 30 17:36:06 2013
@@ -2794,7 +2794,33 @@ public class FromBaseTable extends FromT
FromList fromList)
throws StandardException
{
- /* Generate the referenced table map */
+ //
+ // We're done with binding, so we should know which columns
+ // are referenced. We check to see if SYSUSERS.PASSWORD is referenced.
+ // Even the DBO is not allowed to SELECT that column.
+ // This is to prevent us from instantiating the password as a
+ // String. See DERBY-866.
+ // We do this check before optimization because the optimizer may
+ // change the result column list as it experiments with different access paths.
+ // At preprocess() time, the result column list should be the columns in the base
+ // table.
+ //
+ if ( authorizeSYSUSERS )
+ {
+ int passwordColNum = SYSUSERSRowFactory.PASSWORD_COL_NUM;
+
+ FormatableBitSet refCols = resultColumns.getReferencedFormatableBitSet( false, true, false );
+
+ if (
+ (refCols.getLength() >= passwordColNum ) && refCols.isSet( passwordColNum - 1 )
+ )
+ {
+ throw StandardException.newException
+ ( SQLState.HIDDEN_COLUMN, SYSUSERSRowFactory.TABLE_NAME, SYSUSERSRowFactory.PASSWORD_COL_NAME );
+ }
+ }
+
+ /* Generate the referenced table map */
referencedTableMap = new JBitSet(numTables);
referencedTableMap.set(tableNumber);
@@ -3267,31 +3293,7 @@ public class FromBaseTable extends FromT
*/
void generate(ActivationClassBuilder acb, MethodBuilder mb)
throws StandardException
- {
- //
- // By now the map of referenced columns has been filled in.
- // We check to see if SYSUSERS.PASSWORD is referenced.
- // Even the DBO is not allowed to SELECT that column.
- // This is to prevent us from instantiating the password as a
- // String. The char[] inside the String can hang around, unzeroed
- // and be read by a memory-sniffer. See DERBY-866.
- //
- if ( authorizeSYSUSERS )
- {
- int passwordColNum = SYSUSERSRowFactory.PASSWORD_COL_NUM;
-
- if (
- ( referencedCols == null ) || // select * from sys.sysusers results in a null referecedCols
- (
- (referencedCols.getLength() >= passwordColNum ) && referencedCols.isSet( passwordColNum - 1 )
- )
- )
- {
- throw StandardException.newException
- ( SQLState.HIDDEN_COLUMN, SYSUSERSRowFactory.TABLE_NAME, SYSUSERSRowFactory.PASSWORD_COL_NAME );
- }
- }
-
+ {
generateResultSet( acb, mb );
/*
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/DBOAccessTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/DBOAccessTest.java?rev=1487946&r1=1487945&r2=1487946&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/DBOAccessTest.java (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/DBOAccessTest.java Thu May 30 17:36:06 2013
@@ -188,6 +188,9 @@ public class DBOAccessTest extends Gener
goodStatement( dboConnection, "create view v2 as select username, hashingscheme, lastmodified from sys.sysusers" );
if ( authorizationIsOn() ) { goodStatement( dboConnection, "grant select on v2 to public" ); }
+ goodStatement( dboConnection, "create view v3 as select username, hashingscheme, lastmodified from sys.sysusers where password is null" );
+ if ( authorizationIsOn() ) { goodStatement( dboConnection, "grant select on v3 to public" ); }
+
vetDBO_OKProbes( dboConnection, true );
vetDBO_OKProbes( janetConnection, !authorizationIsOn() );
@@ -202,6 +205,8 @@ public class DBOAccessTest extends Gener
vetUserProbes( conn, shouldSucceed, "select count(*) from sys.sysusers", ONLY_DBO );
vetUserProbes( conn, shouldSucceed, "select username, hashingscheme, lastmodified from sys.sysusers", ONLY_DBO );
vetUserProbes( conn, shouldSucceed, "select username from sys.sysusers", ONLY_DBO );
+ vetUserProbes( conn, shouldSucceed, "select username, lastmodified from sys.sysusers", ONLY_DBO );
+ vetUserProbes( conn, shouldSucceed, "select username, lastmodified from sys.sysusers where username = 'FRED'", ONLY_DBO );
// can't use views to subvert authorization checks
vetUserProbes( conn, shouldSucceed, "select count(*) from test_dbo.v2", ONLY_DBO );
@@ -218,6 +223,8 @@ public class DBOAccessTest extends Gener
vetUserProbes( conn, shouldSucceed, "select password from sys.sysusers", expectedSQLState );
vetUserProbes( conn, shouldSucceed, "select username, password from sys.sysusers", expectedSQLState );
vetUserProbes( conn, shouldSucceed, "select username from sys.sysusers where password = 'foo'", expectedSQLState );
+ vetUserProbes( conn, shouldSucceed, "select username, lastmodified from sys.sysusers where password is not null", expectedSQLState );
+ vetUserProbes( conn, shouldSucceed, "select * from test_dbo.v3", expectedSQLState );
}
private void vetUserProbes
( Connection conn, boolean shouldSucceed, String query, String expectedSQLState )