db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d..@apache.org
Subject svn commit: r545370 - in /db/derby/code/trunk/java: engine/org/apache/derby/iapi/reference/ engine/org/apache/derby/impl/jdbc/ engine/org/apache/derby/impl/sql/catalog/ testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/
Date Fri, 08 Jun 2007 02:15:09 GMT
Author: dag
Date: Thu Jun  7 19:15:08 2007
New Revision: 545370

URL: http://svn.apache.org/viewvc?view=rev&rev=545370
Log:
DERBY-2264 Committed DERBY-2264-9.* which restricts database owner
powers enforcement to only such cases as when both
derby.database.requireAuthentication and
derby.database.sqlAuthentication are enabled, based on feed-back from
community over upgrading compatibility concerns.

Also fixes an issue with interference between feature checking and hard upgrade.

Modified:
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Attribute.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/AuthenticationTest.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/DboPowersTest.java

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Attribute.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Attribute.java?view=diff&rev=545370&r1=545369&r2=545370
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Attribute.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Attribute.java Thu Jun
 7 19:15:08 2007
@@ -239,6 +239,18 @@
     String DRDA_SECTKN_OUT = "drdaSecTokenOut";
 
 	/**
+	 * Internal attribute. Used to always allow soft upgrade for
+	 * authentication purposes in a two phase hard upgrade (to check
+	 * database owner power before proceeding.  The purpose is to
+	 * avoid failing soft upgrade due to a feature being set but not
+	 * supported until after hard upgrade has taken place (e.g. during
+	 * hard upgrade from 10.1 -> 10.3 or higher if
+	 * derby.database.sqlAuthorization is set,
+	 * cf. DD_Version#checkVersion).
+	 */
+	 String SOFT_UPGRADE_NO_FEATURE_CHECK = "softUpgradeNoFeatureCheck";
+
+	/**
 		Optional JDBC url attribute (at the database create time only) It can 
 		be set to one of the following 2 values
 		1) UCS_BASIC (This means codepoint based collation. This will also be 

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java?view=diff&rev=545370&r1=545369&r2=545370
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java Thu Jun
 7 19:15:08 2007
@@ -252,7 +252,7 @@
 				// type indicated by the proptocol within the name.  If that's
 				// the case then we are the wrong driver.
 
-				if (!bootDatabase(info))
+				if (!bootDatabase(info, isTwoPhaseUpgradeBoot))
 				{
 					tr.clearContextInError();
 					setInactive();
@@ -305,10 +305,12 @@
 			tr.startTransaction();
 
 			if (isTwoPhaseEncryptionBoot || isTwoPhaseUpgradeBoot) {
+
 				// DERBY-2264: shutdown and boot again with encryption or
 				// upgrade attributes active. This is restricted to the
-				// database owner.
-				if (!usingNoneAuth) {
+				// database owner if authentication and sqlAuthorization is on.
+				if (!usingNoneAuth &&
+						getLanguageConnection().usesSqlAuthorization()) {
 					// a failure here leaves database booted, but no
 					// (re)encryption has taken place and the connection is
 					// rejected.
@@ -325,7 +327,7 @@
 				active = true;
 				setupContextStack();
 
-				if (!bootDatabase(info))
+				if (!bootDatabase(info, false))
 				{
 					if (SanityManager.DEBUG) {
 						SanityManager.THROWASSERT(
@@ -343,9 +345,10 @@
 
 			// now we have the database connection, we can shut down
 			if (shutdown) {
-				if (!usingNoneAuth) {
+				if (!usingNoneAuth &&
+						getLanguageConnection().usesSqlAuthorization()) {
 					// DERBY-2264: Only allow database owner to shut down if
-					// authentication is on.
+					// authentication and sqlAuthorization is on.
 					checkIsDBOwner(OP_SHUTDOWN);
 				}
 				throw tr.shutdownDatabaseException();
@@ -1824,14 +1827,23 @@
 
 
 	/**
-		Return false iff the monitor cannot handle a service
-		of the type indicated by the protocol within the name.
-		If that's the case then we are the wrong driver.
-
-		Throw exception if anything else is wrong.
+	 * Boot database.
+	 *
+	 * @param info boot properties
+	 *
+	 * @param softAuthenticationBoot If true, don't fail soft upgrade due
+	 * to missing features (phase one of two phased hard upgrade boot).
+	 *
+	 * @return false iff the monitor cannot handle a service
+	 * of the type indicated by the protocol within the name.
+	 * If that's the case then we are the wrong driver.
+	 *
+	 * @throws Throwable if anything else is wrong.
 	 */
 
-	private boolean bootDatabase(Properties info) throws Throwable
+	private boolean bootDatabase(Properties info,
+								 boolean softAuthenticationBoot
+								 ) throws Throwable
 	{
 		String dbname = tr.getDBName();
 
@@ -1839,6 +1851,13 @@
 		try {
 
 			info = filterProperties(info);
+
+			if (softAuthenticationBoot) {
+				info.setProperty(Attribute.SOFT_UPGRADE_NO_FEATURE_CHECK,
+								 "true");
+			} else {
+				info.remove(Attribute.SOFT_UPGRADE_NO_FEATURE_CHECK);
+			}
 			
 			// try to start the service if it doesn't already exist
 			if (!Monitor.startPersistentService(dbname, info)) {

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java?view=diff&rev=545370&r1=545369&r2=545370
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java
(original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java
Thu Jun  7 19:15:08 2007
@@ -753,11 +753,42 @@
 				authorizationDatabaseOwner = sd.getAuthorizationId();
 				String sqlAuth = PropertyUtil.getDatabaseProperty(bootingTC,
 										Property.SQL_AUTHORIZATION_PROPERTY);
-				if (Boolean.valueOf(sqlAuth).booleanValue())
-				{
-					// SQL authorization requires 10.2 or higher database
-					checkVersion(DataDictionary.DD_VERSION_DERBY_10_2, "sqlAuthorization");
-					usesSqlAuthorization=true;
+
+				// Feature compatibility check.
+				if (Boolean.valueOf
+						(startParams.getProperty(
+							Attribute.SOFT_UPGRADE_NO_FEATURE_CHECK))
+						.booleanValue()) {
+					// Do not perform check if this boot is the first
+					// phase (soft upgrade boot) of a hard upgrade,
+					// which happens in two phases beginning with
+					// DERBY-2264. In this case, we need to always be
+					// able to boot to authenticate, notwithstanding
+					// any feature properties set
+					// (e.g. derby.database.sqlAuthorization) which
+					// may not yet be supported until that hard
+					// upgrade has happened, normally causing an error
+					// below.
+					//
+					// Feature sqlAuthorization is a special case:
+					// Since database ownership checking only happens
+					// when sqlAuthorization is true, we can't afford
+					// to *not* use it for upgrades from 10.2 or
+					// later, lest we lose the database owner check.
+					// For upgrades from 10.1 and earlier there is no
+					// database owner check at a hard upgrade.
+					if (dictionaryVersion.majorVersionNumber >=
+						DataDictionary.DD_VERSION_DERBY_10_2) {
+						usesSqlAuthorization = Boolean.valueOf(sqlAuth).
+							booleanValue();
+					}
+				} else {
+					if (Boolean.valueOf(sqlAuth).booleanValue()) {
+						// SQL authorization requires 10.2 or higher database
+						checkVersion(DataDictionary.DD_VERSION_DERBY_10_2,
+									 "sqlAuthorization");
+						usesSqlAuthorization=true;
+					}
 				}
 			}
 					

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/AuthenticationTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/AuthenticationTest.java?view=diff&rev=545370&r1=545369&r2=545370
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/AuthenticationTest.java
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/AuthenticationTest.java
Thu Jun  7 19:15:08 2007
@@ -166,11 +166,16 @@
         assertConnectionWOUPOK(dbName, "system", ("admin"));
         assertConnectionOK(dbName, "dan", ("dan" + PASSWORD_SUFFIX));
         assertConnectionWOUPOK(dbName, "dan", ("dan" + PASSWORD_SUFFIX));
-        // try shutdown (but only dbo can do it)
-        assertShutdownFail("08004", dbName, "dan", ("dan" + PASSWORD_SUFFIX));
-        assertShutdownWOUPFail("08004", dbName, "dan", ("dan" + PASSWORD_SUFFIX));
-        assertShutdownFail("08004", dbName, "system", "admin");
-        assertShutdownWOUPFail("08004", dbName, "system", "admin");
+        // try shutdown as non-owner
+        assertShutdownOK(dbName, "dan", ("dan" + PASSWORD_SUFFIX));
+        assertConnectionOK(dbName, "system", ("admin"));
+        assertShutdownWOUPOK(dbName, "dan", ("dan" + PASSWORD_SUFFIX));
+        assertConnectionOK(dbName, "system", ("admin"));
+        assertShutdownOK(dbName, "system", "admin");
+        assertConnectionOK(dbName, "system", ("admin"));
+        assertShutdownWOUPOK(dbName, "system", "admin");
+        assertConnectionOK(dbName, "system", ("admin"));
+        // try shutdown as owner
         assertShutdownUsingConnAttrsOK(dbName, "APP", ("APP" + PASSWORD_SUFFIX));
         
         // ensure that a password is encrypted
@@ -199,9 +204,10 @@
         // check the non-existent, but allowed user
         assertConnectionFail("08004", dbName, "nomen", "nescio");
         assertConnectionWOUPFail("08004", dbName, "nomen", "nescio");
-        // attempt to shutdown db as one of the allowed users, will fail...
-        assertShutdownFail("08004", dbName, "francois", ("francois" + PASSWORD_SUFFIX));
-        // ...for only dbowner can shutdown db.
+        // attempt to shutdown db as one of the allowed users, but not db owner
+        assertShutdownOK(dbName, "francois", ("francois" + PASSWORD_SUFFIX));
+        // attempt shutdown as db owner
+        assertConnectionOK(dbName, "system", "admin");
         assertShutdownWOUPOK(dbName, "APP", ("APP" + PASSWORD_SUFFIX));
         // check simple connect ok as another allowed user, also revive db
         assertConnectionOK(dbName, "jeff", ("jeff" + PASSWORD_SUFFIX));
@@ -216,9 +222,10 @@
             "jeff,dan,francois,jamie", conn1);
         conn1.commit();
         conn1.close();
+        assertConnectionOK(dbName, "dan", ("dan" + PASSWORD_SUFFIX));
+        assertShutdownOK(dbName, "dan", ("dan" + PASSWORD_SUFFIX));
         assertConnectionOK(dbName, "dan", ("dan" + PASSWORD_SUFFIX)); 
-        assertShutdownFail("08004", dbName, "dan", ("dan" + PASSWORD_SUFFIX));
-        // but dbo was not on list...
+         // but dbo was not on list...
         assertShutdownFail("08004", dbName, "APP", ("APP" + PASSWORD_SUFFIX));
         // now add dbo back in...
         conn1 = openDefaultConnection("francois", ("francois" + PASSWORD_SUFFIX));
@@ -681,11 +688,15 @@
         else {
             assertConnectionOK(dbName, zeus, apollo);
             assertConnectionFail("08004", dbName, apollo, apollo);
-            // shutdown only allowd by DBO
-            assertShutdownFail("08004", dbName, zeus, apollo);
+            // shutdown as non-dbo
+            assertShutdownOK(dbName, zeus, apollo);
             assertConnectionOK(dbName, apollo, zeus);
+            // wrong credentials
             assertShutdownFail("08004", dbName, zeus, zeus);
-            assertShutdownFail("08004", dbName, apollo, zeus);
+             // shutdown as non-dbo
+            assertShutdownOK(dbName, apollo, zeus);
+            assertConnectionOK(dbName, apollo, zeus);
+            // shutdown as dbo
             assertShutdownUsingSetShutdownOK(
                 dbName, "APP", ("APP" + PASSWORD_SUFFIX));
 
@@ -951,6 +962,20 @@
         }
     }
     
+    protected void assertShutdownOK(
+        String dbName, String user, String password)
+    throws SQLException
+    {
+        DataSource ds = JDBCDataSource.getDataSource(dbName);
+        JDBCDataSource.setBeanProperty(ds, "shutdownDatabase", "shutdown");
+        try {
+            ds.getConnection(user, password);
+            fail("expected shutdown to fail");
+        } catch (SQLException e) {
+            assertSQLState("08006", e);
+        }
+    }
+
     protected void assertShutdownWOUPFail(
         String expectedSqlState, String dbName, String user, String password) 
     throws SQLException

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/DboPowersTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/DboPowersTest.java?view=diff&rev=545370&r1=545369&r2=545370
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/DboPowersTest.java
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/DboPowersTest.java
Thu Jun  7 19:15:08 2007
@@ -145,9 +145,7 @@
      */
     final static String[][] users = {
         /* authLevel == AUTHENTICATION: dbo is APP/APP for db 'wombat',
-         * so use that as first user.  Otherwise,
-         * builtinAuthentication decorator's db shutdown fails to
-         * work after DERBY-2264(!).
+         * so use that as first user.
          */
         {"APP", "U1"},
         /* authLevel == SQLAUTHORIZATION: sqlAuthorizationDecorator
@@ -290,14 +288,13 @@
                            "08006", e);
             break;
         case AUTHENTICATION:
-            if ("APP".equals(user)) {
-                assertSQLState("database shutdown, authentication, db owner",
-                               "08006", e);
-            } else {
-                assertSQLState("database shutdown restriction, " +
-                               "authentication,  not db owner",
-                               "08004", e);
-            }
+            /* We don't enforce dbo powers if only connection level
+             * authentication is used, for now. This leniency was
+             * introduced late in 10.3 release cycle for compatibility
+             * reasons.
+             */
+            assertSQLState("database shutdown, authentication",
+                           "08006", e);
             break;
         case SQLAUTHORIZATION:
             if ("TEST_DBO".equals(user)) {
@@ -735,12 +732,12 @@
             assertEquals(operation + ", no authentication", null, e);
             break;
         case AUTHENTICATION:
-            if ("APP".equals(user)) {
-                assertEquals(operation + ", authentication, db owner", null, e);
-            } else {
-                assertSQLState(operation + ", authentication, not db owner",
-                               state, e);
-            }
+            /* We don't enforce dbo powers if only connection level
+             * authentication is used, for now. This leniency was
+             * introduced late in 10.3 release cycle for compatibility
+             * reasons.
+             */
+            assertEquals(operation + ", authentication", null, e);
             break;
         case SQLAUTHORIZATION:
             if ("TEST_DBO".equals(user)) {



Mime
View raw message