You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by km...@apache.org on 2005/04/07 21:08:02 UTC
svn commit: r160439 [1/3] - in incubator/derby/code/trunk/java:
drda/org/apache/derby/impl/drda/
testing/org/apache/derbyTesting/functionTests/master/
testing/org/apache/derbyTesting/functionTests/master/DerbyNet/
testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/
testing/org/apache/derbyTesting/functionTests/suites/
testing/org/apache/derbyTesting/functionTests/tests/derbynet/
Author: kmarsden
Date: Thu Apr 7 12:07:59 2005
New Revision: 160439
URL: http://svn.apache.org/viewcvs?view=rev&rev=160439
Log:
Derby-198 Add USERID only security for Network Server
Added:
incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/testSecMec.out (with props)
incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/testSecMec.out (with props)
incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/testSecMec.java (with props)
incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/testSecMec_app.properties (with props)
Modified:
incubator/derby/code/trunk/java/drda/org/apache/derby/impl/drda/CodePoint.java
incubator/derby/code/trunk/java/drda/org/apache/derby/impl/drda/DB2jServerImpl.java
incubator/derby/code/trunk/java/drda/org/apache/derby/impl/drda/DRDAConnThread.java
incubator/derby/code/trunk/java/drda/org/apache/derby/impl/drda/Database.java
incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/testij.out
incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/testij.out
incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/suites/derbynetmats.runall
incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/copyfiles.ant
incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/dataSourcePermissions_net.java
incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/protocol.tests
incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/testclientij.sql
incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/testij.sql
Modified: incubator/derby/code/trunk/java/drda/org/apache/derby/impl/drda/CodePoint.java
URL: http://svn.apache.org/viewcvs/incubator/derby/code/trunk/java/drda/org/apache/derby/impl/drda/CodePoint.java?view=diff&r1=160438&r2=160439
==============================================================================
--- incubator/derby/code/trunk/java/drda/org/apache/derby/impl/drda/CodePoint.java (original)
+++ incubator/derby/code/trunk/java/drda/org/apache/derby/impl/drda/CodePoint.java Thu Apr 7 12:07:59 2005
@@ -709,7 +709,7 @@
//---------------------Security Check Codes ---------------------------
static final int SECCHKCD_OK = 0; // Security info correct and acceptable
static final int SECCHKCD_NOTSUPPORTED = 0x01; // SECMEC value not supported
- static final int SECCHKCD_SECTKNMISSING = 0x0E; // SECTKN missing or invalid
+ static final int SECCHKCD_SECTKNMISSING_OR_INVALID = 0x0E; // SECTKN missing or invalid
static final int SECCHKCD_PASSWORDMISSING = 0x10; // Password missing
static final int SECCHKCD_USERIDMISSING = 0x12; // User Id missing
static final int SECCHKCD_USERIDINVALID = 0x13; // Userid invalid
Modified: incubator/derby/code/trunk/java/drda/org/apache/derby/impl/drda/DB2jServerImpl.java
URL: http://svn.apache.org/viewcvs/incubator/derby/code/trunk/java/drda/org/apache/derby/impl/drda/DB2jServerImpl.java?view=diff&r1=160438&r2=160439
==============================================================================
--- incubator/derby/code/trunk/java/drda/org/apache/derby/impl/drda/DB2jServerImpl.java (original)
+++ incubator/derby/code/trunk/java/drda/org/apache/derby/impl/drda/DB2jServerImpl.java Thu Apr 7 12:07:59 2005
@@ -171,7 +171,6 @@
protected final static int DEFAULT_CCSID = 1208;
protected final static byte SPACE_CHAR = 32;
- protected final static int DEFAULT_SECURITY_MECHANISM = CodePoint.SECMEC_USRIDPWD;
// Application Server manager levels - this needs to be in sync
// with CodePoint.MGR_CODEPOINTS
Modified: incubator/derby/code/trunk/java/drda/org/apache/derby/impl/drda/DRDAConnThread.java
URL: http://svn.apache.org/viewcvs/incubator/derby/code/trunk/java/drda/org/apache/derby/impl/drda/DRDAConnThread.java?view=diff&r1=160438&r2=160439
==============================================================================
--- incubator/derby/code/trunk/java/drda/org/apache/derby/impl/drda/DRDAConnThread.java (original)
+++ incubator/derby/code/trunk/java/drda/org/apache/derby/impl/drda/DRDAConnThread.java Thu Apr 7 12:07:59 2005
@@ -1556,10 +1556,13 @@
securityMechanism = reader.readNetworkShort();
if (SanityManager.DEBUG)
trace("Security mechanism = " + securityMechanism);
- if (securityMechanism != server.DEFAULT_SECURITY_MECHANISM)
+ // for plain text userid,password USRIDPWD, and USRIDONL
+ // no need of decryptionManager
+ if (securityMechanism != CodePoint.SECMEC_USRIDPWD &&
+ securityMechanism != CodePoint.SECMEC_USRIDONL)
{
//this is the only other one we understand
- if (securityMechanism != CodePoint.SECMEC_EUSRIDPWD)
+ if (securityMechanism != CodePoint.SECMEC_EUSRIDPWD)
securityCheckCode = CodePoint.SECCHKCD_NOTSUPPORTED;
else
{
@@ -1612,13 +1615,14 @@
if (securityCheckCode == 0 &&
database.securityMechanism == CodePoint.SECMEC_EUSRIDPWD &&
database.publicKeyIn == null)
- securityCheckCode = CodePoint.SECCHKCD_SECTKNMISSING;
+ securityCheckCode = CodePoint.SECCHKCD_SECTKNMISSING_OR_INVALID;
// shouldn't have security token
if (securityCheckCode == 0 &&
- database.securityMechanism == CodePoint.SECMEC_USRIDPWD &&
+ (database.securityMechanism == CodePoint.SECMEC_USRIDPWD ||
+ database.securityMechanism == CodePoint.SECMEC_USRIDONL) &&
database.publicKeyIn != null)
- securityCheckCode = CodePoint.SECCHKCD_SECTKNMISSING;
+ securityCheckCode = CodePoint.SECCHKCD_SECTKNMISSING_OR_INVALID;
if (SanityManager.DEBUG)
trace("** ACCSECRD securityCheckCode is: "+securityCheckCode);
@@ -2468,6 +2472,7 @@
// these are the ones we know about
writer.writeScalar2Bytes(CodePoint.SECMEC, CodePoint.SECMEC_USRIDPWD);
writer.writeScalar2Bytes(CodePoint.SECMEC, CodePoint.SECMEC_EUSRIDPWD);
+ writer.writeScalar2Bytes(CodePoint.SECMEC, CodePoint.SECMEC_USRIDONL);
}
if (securityCheckCode != 0)
{
@@ -2535,7 +2540,7 @@
case CodePoint.SECTKN:
if (database.securityMechanism != CodePoint.SECMEC_EUSRIDPWD)
{
- securityCheckCode = CodePoint.SECCHKCD_SECTKNMISSING;
+ securityCheckCode = CodePoint.SECCHKCD_SECTKNMISSING_OR_INVALID;
reader.skipBytes();
}
else if (database.decryptedUserId == null) {
@@ -2612,12 +2617,16 @@
//check if we have a userid and password when we need it
if (securityCheckCode == 0 &&
- database.securityMechanism == CodePoint.SECMEC_USRIDPWD)
+ (database.securityMechanism == CodePoint.SECMEC_USRIDPWD||
+ database.securityMechanism == CodePoint.SECMEC_USRIDONL ))
{
if (database.userId == null)
securityCheckCode = CodePoint.SECCHKCD_USERIDMISSING;
- else if (database.password == null)
+ else if ( database.securityMechanism == CodePoint.SECMEC_USRIDPWD)
+ {
+ if (database.password == null)
securityCheckCode = CodePoint.SECCHKCD_PASSWORDMISSING;
+ }
//Note, we'll ignore encryptedUserId and encryptedPassword if they
//are also set
}
Modified: incubator/derby/code/trunk/java/drda/org/apache/derby/impl/drda/Database.java
URL: http://svn.apache.org/viewcvs/incubator/derby/code/trunk/java/drda/org/apache/derby/impl/drda/Database.java?view=diff&r1=160438&r2=160439
==============================================================================
--- incubator/derby/code/trunk/java/drda/org/apache/derby/impl/drda/Database.java (original)
+++ incubator/derby/code/trunk/java/drda/org/apache/derby/impl/drda/Database.java Thu Apr 7 12:07:59 2005
@@ -241,7 +241,10 @@
protected Connection makeConnection(Properties p) throws SQLException
{
p.put(Attribute.USERNAME_ATTR, userId);
- p.put(Attribute.PASSWORD_ATTR, password);
+
+ // take care of case of SECMEC_USRIDONL
+ if(password != null)
+ p.put(Attribute.PASSWORD_ATTR, password);
Connection conn = DB2jServerImpl.getDriver().connect(Attribute.PROTOCOL
+ dbName + attrString, p);
conn.setAutoCommit(false);
Added: incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/testSecMec.out
URL: http://svn.apache.org/viewcvs/incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/testSecMec.out?view=auto&rev=160439
==============================================================================
--- incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/testSecMec.out (added)
+++ incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/testSecMec.out Thu Apr 7 12:07:59 2005
@@ -0,0 +1,9 @@
+Checking security mechanism authentication with DriverManager
+T1: jdbc:derby:net://localhost:20000/wombat;create=true - EXCEPTION null userid not supported
+T2: jdbc:derby:net://localhost:20000/wombat;create=true:user=max; - EXCEPTION null password not supported
+T3: jdbc:derby:net://localhost:20000/wombat;create=true:user=neelima;password=lee;
+T4: jdbc:derby:net://localhost:20000/wombat;create=true:user=neelima;password=lee;securityMechanism=3;
+T6: jdbc:derby:net://localhost:20000/wombat;create=true:user=neelima;securityMechanism=4;
+T8: jdbc:derby:net://localhost:20000/wombat;create=true:user=neelima;password=lee;securityMechanism=4;
+SECMEC_USRIDPWD: OK
+Completed testSecMec
Propchange: incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNet/testSecMec.out
------------------------------------------------------------------------------
svn:eol-style = native
Added: incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/testSecMec.out
URL: http://svn.apache.org/viewcvs/incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/testSecMec.out?view=auto&rev=160439
==============================================================================
--- incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/testSecMec.out (added)
+++ incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/testSecMec.out Thu Apr 7 12:07:59 2005
@@ -0,0 +1,9 @@
+Checking security mechanism authentication with DriverManager
+T1: jdbc:derby://localhost:20000/wombat;create=true - EXCEPTION null password not supported
+T2: jdbc:derby://localhost:20000/wombat;create=true;user=max - EXCEPTION null password not supported
+T3: jdbc:derby://localhost:20000/wombat;create=true;user=neelima;password=lee
+T4: jdbc:derby://localhost:20000/wombat;create=true;user=neelima;password=lee;securityMechanism=3
+T6: jdbc:derby://localhost:20000/wombat;create=true;user=neelima;securityMechanism=4
+T8: jdbc:derby://localhost:20000/wombat;create=true;user=neelima;password=lee;securityMechanism=4
+SECMEC_USRIDPWD: OK
+Completed testSecMec
Propchange: incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/testSecMec.out
------------------------------------------------------------------------------
svn:eol-style = native
Modified: incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/testij.out
URL: http://svn.apache.org/viewcvs/incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/testij.out?view=diff&r1=160438&r2=160439
==============================================================================
--- incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/testij.out (original)
+++ incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/DerbyNetClient/testij.out Thu Apr 7 12:07:59 2005
@@ -53,4 +53,9 @@
ij(CONNECTION14)> -- Should see message text
select * from APP.notthere;
ERROR 42X05: Table 'APP.NOTTHERE' does not exist.
+ij(CONNECTION14)> -- just user security mechanism
+connect 'jdbc:derby://localhost:1527/my-db-name;create=true;user=usr;retrieveMessageText=true';
+ERROR (no SQLState): null password not supported
+ij(CONNECTION14)> connect 'jdbc:derby://localhost:1527/wombat' USER 'APP';
+ERROR (no SQLState): null password not supported
ij(CONNECTION14)>
Modified: incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/testij.out
URL: http://svn.apache.org/viewcvs/incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/testij.out?view=diff&r1=160438&r2=160439
==============================================================================
--- incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/testij.out (original)
+++ incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/testij.out Thu Apr 7 12:07:59 2005
@@ -35,4 +35,7 @@
connect 'jdbc:derby:net://localhost:1527/"./my-dbname;create=true":user=usr;password=pwd;';
ERROR 08006: DB2 SQL error: SQLCODE: -1, SQLSTATE: 08006, SQLERRMC: my-db-name08006.DDatabase 'my-db-name' shutdown.((server log XXX)
ij(CONNECTION5)> connect 'jdbc:derby:net://localhost:1527/"./my-dbname;create=true":user=usr;password=pwd;retrieveMessagesFromServerOnGetMessage=true;';
+ij(CONNECTION6)> -- with no user
+connect 'jdbc:derby:net://localhost:1527/wombat;create=true:retrieveMessagesFromServerOnGetMessage=true;';
+ERROR (no SQLState): null userid not supported
ij(CONNECTION6)>
Modified: incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/suites/derbynetmats.runall
URL: http://svn.apache.org/viewcvs/incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/suites/derbynetmats.runall?view=diff&r1=160438&r2=160439
==============================================================================
--- incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/suites/derbynetmats.runall (original)
+++ incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/suites/derbynetmats.runall Thu Apr 7 12:07:59 2005
@@ -18,6 +18,7 @@
derbynet/testconnection.java
derbynet/testij.java
derbynet/timeslice.java
+derbynet/testSecMec.java
jdbcapi/autoGeneratedJdbc30.java
jdbcapi/dbMetaDataJdbc30.java
jdbcapi/metadata.java
Modified: incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/copyfiles.ant
URL: http://svn.apache.org/viewcvs/incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/copyfiles.ant?view=diff&r1=160438&r2=160439
==============================================================================
--- incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/copyfiles.ant (original)
+++ incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/copyfiles.ant Thu Apr 7 12:07:59 2005
@@ -17,6 +17,7 @@
testij_app.properties
testij_sed.properties
testProtocol_app.properties
+testSecMec_app.properties
protocol.tests
excsat_accsecrd1.inc
excsat_accsecrd2.inc
Modified: incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/dataSourcePermissions_net.java
URL: http://svn.apache.org/viewcvs/incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/dataSourcePermissions_net.java?view=diff&r1=160438&r2=160439
==============================================================================
--- incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/dataSourcePermissions_net.java (original)
+++ incubator/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/dataSourcePermissions_net.java Thu Apr 7 12:07:59 2005
@@ -123,7 +123,7 @@
public void setProperties() {
// Set required server properties.
- System.setProperty("database",
+ System.setProperty("database",
TestUtil.getJdbcUrlPrefix("localhost",
NETWORKSERVER_PORT) +
"wombat;create=true");
@@ -134,7 +134,7 @@
public String getJDBCUrl(String db, String attrs) {
- String s = TestUtil.getJdbcUrlPrefix("localhost", NETWORKSERVER_PORT)
+ String s = TestUtil.getJdbcUrlPrefix("localhost", NETWORKSERVER_PORT)
+ db;
if (attrs != null)
if (TestUtil.isJCCFramework())
@@ -146,16 +146,16 @@
}
- public javax.sql.DataSource getDS(String database, String user, String
+ public javax.sql.DataSource getDS(String database, String user, String
password)
{
return getDS(database,user,password,null);
}
public javax.sql.DataSource getDS(String database, String user, String
- password, Properties attrs)
+ password, Properties attrs)
{
-
+
if (attrs == null)
attrs = new Properties();
attrs.setProperty("databaseName", database);
@@ -166,7 +166,7 @@
attrs = addRequiredAttributes(attrs);
return TestUtil.getDataSource(attrs);
}
-
+
public javax.sql.ConnectionPoolDataSource getCPDS(String database, String user, String password) {
@@ -221,7 +221,7 @@
}
}
- private static boolean isServerStarted(NetworkServerControl server, int ntries)
+ protected static boolean isServerStarted(NetworkServerControl server, int ntries)
{
for (int i = 1; i <= ntries; i ++)
{
@@ -247,9 +247,9 @@
testRetrieveMessageText();
}
- /**
+ /**
* Test property retrieveMessageText to retrieve message text
- * Property defaults to true for Network Client but can be set to
+ * Property defaults to true for Network Client but can be set to
* false to disable the procedure call.
*/
public void testRetrieveMessageText() throws SQLException
@@ -268,7 +268,7 @@
conn = ds.getConnection();
checkMessageText(conn,"false");
conn.close();
-
+
// now try with retrieveMessageText = true
ds = getDS("wombat", "EDWARD", "noodle");
args = new Boolean[] { new Boolean(true) };
@@ -287,7 +287,7 @@
public void checkMessageText(Connection conn, String
retrieveMessageTextValue) throws SQLException
{
- System.out.println("** checkMessageText() with retrieveMessageText= " +
+ System.out.println("** checkMessageText() with retrieveMessageText= " +
retrieveMessageTextValue);
try {
@@ -299,8 +299,8 @@
String sqlState = e.getSQLState();
if (sqlState == null || ! sqlState.equals(expectedSQLState))
{
- System.out.println("Incorrect SQLState. Got: " + sqlState +
- " should be: " + expectedSQLState);
+ System.out.println("Incorrect SQLState. Got: " + sqlState +
+ " should be: " + expectedSQLState);
throw e;
}
if (retrieveMessageTextValue.equals("true") )
@@ -324,7 +324,7 @@
System.out.println("FAIL: Message Text should not have been retrieved");
throw e;
}
-
+
}
}