db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rhille...@apache.org
Subject svn commit: r1212562 - in /db/derby/code/trunk/java: engine/org/apache/derby/iapi/sql/dictionary/ engine/org/apache/derby/iapi/types/ engine/org/apache/derby/impl/sql/catalog/ engine/org/apache/derby/impl/sql/compile/ engine/org/apache/derby/loc/ share...
Date Fri, 09 Dec 2011 18:19:58 GMT
Author: rhillegas
Date: Fri Dec  9 18:19:58 2011
New Revision: 1212562

URL: http://svn.apache.org/viewvc?rev=1212562&view=rev
Log:
DERBY-866: Add SYSUSERS table.

Added:
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/UserDescriptor.java   (with props)
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSUSERSRowFactory.java   (with props)
Modified:
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDescriptorGenerator.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDictionary.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/types/SQLChar.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/types/SQLVarchar.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DD_Version.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromBaseTable.java
    db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml
    db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/compressTable.out
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/ij7.out
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/DMDBugsTest.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/AlterTableTest.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/CollationTest.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/DBOAccessTest.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/GrantRevokeDDLTest.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/PrimaryKeyTest.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SystemCatalogTest.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/ViewsTest.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/upgradeTests/Changes10_9.java

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDescriptorGenerator.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDescriptorGenerator.java?rev=1212562&r1=1212561&r2=1212562&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDescriptorGenerator.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDescriptorGenerator.java Fri Dec  9 18:19:58 2011
@@ -437,6 +437,17 @@ public class DataDescriptorGenerator 
 		if (id == null) id = getUUIDFactory().createUUID();
 		return new FileInfoDescriptor(dataDictionary, id,sd,SQLName,generationId);
 	}
+
+	public UserDescriptor newUserDescriptor
+        (
+         String userName,
+         String hashingScheme,
+         char[] password,
+         Timestamp lastModified
+         )
+	{
+		return new UserDescriptor( dataDictionary, userName, hashingScheme, password, lastModified );
+	}
 	 	
     public TablePermsDescriptor newTablePermsDescriptor( TableDescriptor td,
                                                          String selectPerm,

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDictionary.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDictionary.java?rev=1212562&r1=1212561&r2=1212562&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDictionary.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDictionary.java Fri Dec  9 18:19:58 2011
@@ -194,6 +194,7 @@ public interface DataDictionary
     public static final int SYSROLES_CATALOG_NUM = 19;
     public static final int SYSSEQUENCES_CATALOG_NUM = 20;
     public static final int SYSPERMS_CATALOG_NUM = 21;
+    public static final int SYSUSERS_CATALOG_NUM = 22;
 
     /* static finals for constraints
 	 * (Here because they are needed by parser, compilation and execution.)

Added: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/UserDescriptor.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/UserDescriptor.java?rev=1212562&view=auto
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/UserDescriptor.java (added)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/UserDescriptor.java Fri Dec  9 18:19:58 2011
@@ -0,0 +1,108 @@
+/*
+
+   Derby - Class org.apache.derby.iapi.sql.dictionary.UserDescriptor
+
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to you under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+ */
+
+package org.apache.derby.iapi.sql.dictionary;
+
+import java.sql.Timestamp;
+import java.util.Arrays;
+
+import org.apache.derby.iapi.error.StandardException;
+import org.apache.derby.iapi.reference.SQLState;
+import org.apache.derby.iapi.services.sanity.SanityManager;
+
+/**
+ * A Descriptor for a user stored in SYSUSERS.
+ */
+public final class  UserDescriptor extends TupleDescriptor 
+{
+	private String _userName;
+	private String _hashingScheme;
+    private char[] _password;
+    private Timestamp _lastModified;
+	
+	/**
+	 * Constructor for a UserDescriptor.
+	 *
+	 * @param dataDictionary		The data dictionary that this descriptor lives in.
+	 * @param userName  Name of the user.
+	 * @param hashingScheme How the password was hashed.
+	 * @param password  The user's password.
+	 * @param lastModified  Time that the password was last modified.
+	 */
+
+	public UserDescriptor
+        (
+         DataDictionary dataDictionary,
+         String userName,
+         String hashingScheme,
+         char[] password,
+         Timestamp lastModified
+         )
+	{
+		super( dataDictionary );
+
+        _userName = userName;
+        _hashingScheme = hashingScheme;
+
+        if ( password == null ) { _password = null; }
+        else
+        {
+            // copy the password because the caller will 0 it out
+            _password = new char[ password.length ];
+            System.arraycopy( password, 0, _password, 0, password.length );
+        }
+        
+        _lastModified = lastModified;
+	}
+
+	public String getUserName(){ return _userName; }
+	public String getHashingScheme()    { return _hashingScheme; }
+    public  Timestamp   getLastModified()   { return _lastModified; }
+
+    /**
+     * <p>
+     * Zero the password after getting it so that the char[] can't be memory-sniffed.
+     * </p>
+     */
+	public char[]   getAndZeroPassword()
+	{
+		int length = _password.length;
+        char[] retval = new char[ length ];
+        System.arraycopy( _password, 0, retval, 0, length );
+        Arrays.fill( _password, (char) 0 );
+
+        return retval;
+	}
+
+	//
+	// class interface
+	//
+
+	
+	/** @see TupleDescriptor#getDescriptorType */
+	public String getDescriptorType() { return "User"; }
+
+	/** @see TupleDescriptor#getDescriptorName */
+	public String getDescriptorName() { return _userName; }
+
+
+
+}

Propchange: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/UserDescriptor.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/types/SQLChar.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/types/SQLChar.java?rev=1212562&r1=1212561&r2=1212562&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/types/SQLChar.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/types/SQLChar.java Fri Dec  9 18:19:58 2011
@@ -72,6 +72,7 @@ import java.sql.Time;
 import java.sql.Timestamp;
 import java.text.RuleBasedCollator;
 import java.text.CollationKey;
+import java.util.Arrays;
 import java.util.Locale;
 import java.util.Calendar;
 
@@ -214,6 +215,49 @@ public class SQLChar
         setValue( val );
     }
 
+    /**
+     * <p>
+     * This is a special constructor used when we need to represent a password
+     * as a VARCHAR (see DERBY-866). If you need a general-purpose constructor
+     * for char[] values and you want to re-use this constructor, make sure to
+     * keep track of the following:
+     * </p>
+     *
+     * <ul>
+     * <li>A password should never be turned into a String. This is because Java
+     * garbage collection makes it easy to sniff memory for String passwords. For
+     * more information, see
+     * <a href="http://securesoftware.blogspot.com/2009/01/java-security-why-not-to-use-string.html">this blog</a>.</li>
+     * <li>It must be possible to 0 out the char[] array wrapped inside this SQLChar. This
+     * reduces the vulnerability that someone could sniff the char[] password after Derby
+     * has processed it.</li>
+     * </ul>
+     */
+    public SQLChar( char[] val )
+    {
+        if ( val == null )
+        {
+            value = null;
+        }
+        else
+        {
+            int length = val.length;
+            char[]  localCopy = new char[ length ];
+            System.arraycopy( val, 0, localCopy, 0, length );
+            
+            copyState
+                (
+                 null,
+                 localCopy,
+                 length,
+                 null,
+                 null,
+                 null,
+                 null
+                 );
+        }
+    }
+
     /**************************************************************************
      * Private/Protected methods of This class:
      **************************************************************************
@@ -236,6 +280,41 @@ public class SQLChar
      **************************************************************************
      */
 
+    /**
+     * <p>
+     * This is a special accessor used when we wrap passwords in VARCHARs.
+     * This accessor copies the wrapped char[] and then fills it with 0s so that
+     * the password can't be memory-sniffed. For more information, see the comment
+     * on the SQLChar( char[] ) constructor.
+     * </p>
+     */
+    public  char[]  getRawDataAndZeroIt()
+    {
+        if ( rawData == null ) { return null; }
+
+        int length = rawData.length;
+        char[] retval = new char[ length ];
+        System.arraycopy( rawData, 0, retval, 0, length );
+
+        zeroRawData();
+
+        return retval;
+    }
+
+    /**
+     * <p>
+     * Zero out the wrapped char[] so that it can't be memory-sniffed.
+     * This helps us protect passwords. See
+     * the comment on the SQLChar( char[] ) constructor.
+     * </p>
+     */
+    public  void  zeroRawData()
+    {
+        if ( rawData == null ) { return; }
+
+        Arrays.fill( rawData, (char) 0 );
+    }
+
     /**************************************************************************
      * Public Methods of DataValueDescriptor interface:
      *     Mostly implemented in Datatype.
@@ -2978,15 +3057,37 @@ readingLoop:
 
     } // end of estimateMemoryUsage
 
-    protected void copyState(SQLChar other) {
-
-        this.value = other.value;
-        this.rawData = other.rawData;
-        this.rawLength = other.rawLength;
-        this.cKey = other.cKey;
-        this.stream = other.stream;
-        this._clobValue = other._clobValue;
-        this.localeFinder = other.localeFinder;
+    protected void copyState(SQLChar other)
+    {
+        copyState
+            (
+             other.value,
+             other.rawData,
+             other.rawLength,
+             other.cKey,
+             other.stream,
+             other._clobValue,
+             other.localeFinder
+             );
+    }
+    private void    copyState
+        (
+         String otherValue,
+         char[] otherRawData,
+         int otherRawLength,
+         CollationKey otherCKey,
+         InputStream    otherStream,
+         Clob otherClobValue,
+         LocaleFinder otherLocaleFinder
+         )
+    {
+        value = otherValue;
+        rawData = otherRawData;
+        rawLength = otherRawLength;
+        cKey = otherCKey;
+        stream = otherStream;
+        _clobValue = otherClobValue;
+        localeFinder = otherLocaleFinder;
     }
 
     /**

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/types/SQLVarchar.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/types/SQLVarchar.java?rev=1212562&r1=1212561&r2=1212562&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/types/SQLVarchar.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/types/SQLVarchar.java Fri Dec  9 18:19:58 2011
@@ -126,6 +126,16 @@ public class SQLVarchar
 		super(val);
 	}
 
+    /**
+     * <p>
+     * This is a special constructor used when we need to represent a password
+     * as a VARCHAR (see DERBY-866). If you need a general-purpose constructor
+     * for char[] values and you want to re-use this constructor, make sure to
+     * read the comment on the SQLChar( char[] ) constructor.
+     * </p>
+     */
+    public SQLVarchar( char[] val ) { super( val ); }
+
 	/**
 	 * Normalization method - this method may be called when putting
 	 * a value into a SQLVarchar, for example, when inserting into a SQLVarchar

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DD_Version.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DD_Version.java?rev=1212562&r1=1212561&r2=1212562&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DD_Version.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DD_Version.java Fri Dec  9 18:19:58 2011
@@ -493,6 +493,17 @@ public	class DD_Version implements	Forma
             bootingDictionary.upgradeSYSROUTINEPERMS_10_6( tc );
         }
         
+        if (fromMajorVersionNumber <= DataDictionary.DD_VERSION_DERBY_10_9)
+        {
+            // On ugrade from versions before 10.9, create system procedures
+            // added in 10.9.
+            
+            // On upgrade from versions before 10.9, create system catalogs
+            // added in 10.9
+            bootingDictionary.upgradeMakeCatalog(
+                    tc, DataDictionary.SYSUSERS_CATALOG_NUM);
+        }
+
         // Grant PUBLIC access to some system routines
         bootingDictionary.grantPublicAccessToSystemRoutines(newlyCreatedRoutines, tc, aid);
 	}

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java?rev=1212562&r1=1212561&r2=1212562&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java Fri Dec  9 18:19:58 2011
@@ -294,7 +294,7 @@ public final class	DataDictionaryImpl
 	private SchemaDescriptor systemUtilSchemaDesc;
     
 	// This array of non-core table names *MUST* be in the same order
-	// as the non-core table numbers, above.
+	// as the non-core table numbers in DataDictionary.
 	private static final String[] nonCoreNames = {
 									"SYSCONSTRAINTS",
 									"SYSKEYS",
@@ -313,7 +313,8 @@ public final class	DataDictionaryImpl
                                     "SYSROUTINEPERMS",
 									"SYSROLES",
                                     "SYSSEQUENCES",
-                                    "SYSPERMS"
+                                    "SYSPERMS",
+                                    "SYSUSERS"
                                     };
 
 	private	static final int		NUM_NONCORE = nonCoreNames.length;
@@ -9631,6 +9632,12 @@ public final class	DataDictionaryImpl
 											 luuidFactory, exFactory, dvf));
 
 				break;            
+
+              case SYSUSERS_CATALOG_NUM:
+				retval = new TabInfoImpl(new SYSUSERSRowFactory(
+											 luuidFactory, exFactory, dvf));
+
+				break;            
             }
 
 			initSystemIndexVariables(retval);

Added: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSUSERSRowFactory.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSUSERSRowFactory.java?rev=1212562&view=auto
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSUSERSRowFactory.java (added)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSUSERSRowFactory.java Fri Dec  9 18:19:58 2011
@@ -0,0 +1,251 @@
+/*
+
+   Derby - Class org.apache.derby.impl.sql.catalog.SYSUSERSRowFactory
+
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to you under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+ */
+
+package org.apache.derby.impl.sql.catalog;
+
+import java.sql.Timestamp;
+import java.sql.Types;
+import java.util.Arrays;
+
+import org.apache.derby.catalog.TypeDescriptor;
+import org.apache.derby.iapi.db.Database;
+import org.apache.derby.iapi.error.StandardException;
+import org.apache.derby.iapi.services.monitor.Monitor;
+import org.apache.derby.iapi.services.sanity.SanityManager;
+import org.apache.derby.iapi.services.uuid.UUIDFactory;
+import org.apache.derby.iapi.sql.dictionary.CatalogRowFactory;
+import org.apache.derby.iapi.sql.dictionary.DataDescriptorGenerator;
+import org.apache.derby.iapi.sql.dictionary.DataDictionary;
+import org.apache.derby.iapi.sql.dictionary.UserDescriptor;
+import org.apache.derby.iapi.sql.dictionary.SystemColumn;
+import org.apache.derby.iapi.sql.dictionary.TupleDescriptor;
+import org.apache.derby.iapi.sql.execute.ExecIndexRow;
+import org.apache.derby.iapi.sql.execute.ExecRow;
+import org.apache.derby.iapi.sql.execute.ExecutionContext;
+import org.apache.derby.iapi.sql.execute.ExecutionFactory;
+import org.apache.derby.iapi.types.SQLTimestamp;
+import org.apache.derby.iapi.types.SQLVarchar;
+import org.apache.derby.iapi.types.TypeId;
+import org.apache.derby.iapi.types.DataValueFactory;
+import org.apache.derby.iapi.types.RowLocation;
+import org.apache.derby.iapi.types.DataTypeDescriptor;
+import org.apache.derby.iapi.types.DataValueDescriptor;
+import org.apache.derby.iapi.types.TypeId;
+
+/**
+ * Factory for creating a SYSUSERS row.
+ */
+
+public class SYSUSERSRowFactory extends CatalogRowFactory
+{
+	public static final String	TABLE_NAME = "SYSUSERS";
+    public  static  final   String  SYSUSERS_UUID = "9810800c-0134-14a5-40c1-000004f61f90";
+    public  static  final   String  PASSWORD_COL_NAME = "PASSWORD";
+    
+    private static final int		SYSUSERS_COLUMN_COUNT = 4;
+
+	/* Column #s (1 based) */
+    private static final int		USERNAME_COL_NUM = 1;
+
+    private static final int		HASHINGSCHEME_COL_NUM = 2;
+
+    public static final int		PASSWORD_COL_NUM = 3;
+
+    private static final int		LASTMODIFIED_COL_NUM = 4;
+
+    static final int		SYSUSERS_INDEX1_ID = 0;
+
+	private static final int[][] indexColumnPositions =
+	{
+		{USERNAME_COL_NUM},
+	};
+
+    private	static	final	boolean[]	uniqueness = null;
+
+	private	static	final	String[]	uuids =
+	{
+		SYSUSERS_UUID,	// catalog UUID
+		"9810800c-0134-14a5-a609-000004f61f90",	// heap UUID
+		"9810800c-0134-14a5-f1cd-000004f61f90",	// SYSUSERS_INDEX1
+	};
+
+	/////////////////////////////////////////////////////////////////////////////
+	//
+	//	CONSTRUCTORS
+	//
+	/////////////////////////////////////////////////////////////////////////////
+
+    SYSUSERSRowFactory(UUIDFactory uuidf, ExecutionFactory ef, DataValueFactory dvf) 
+	{
+		super( uuidf, ef, dvf );
+		initInfo( SYSUSERS_COLUMN_COUNT, TABLE_NAME, indexColumnPositions, uniqueness, uuids );
+	}
+
+	/////////////////////////////////////////////////////////////////////////////
+	//
+	//	METHODS
+	//
+	/////////////////////////////////////////////////////////////////////////////
+
+	/**
+	 * Make a SYSUSERS row. The password in the UserDescriptor will be zeroed by
+     * this method.
+	 *
+	 * @return	Row suitable for inserting into SYSUSERS
+	 *
+	 * @exception   StandardException thrown on failure
+	 */
+
+	public ExecRow makeRow( TupleDescriptor td, TupleDescriptor parent )
+        throws StandardException
+	{
+		String  userName = null;
+		String  hashingScheme = null;
+		char[]  password = null;
+		Timestamp   lastModified = null;
+		
+		ExecRow        			row;
+
+        try {
+            if ( td != null )	
+            {
+                UserDescriptor descriptor = (UserDescriptor) td;
+                userName = descriptor.getUserName();
+                hashingScheme = descriptor.getHashingScheme();
+                password = descriptor.getAndZeroPassword();
+                lastModified = descriptor.getLastModified();
+            }
+	
+            /* Build the row to insert  */
+            row = getExecutionFactory().getValueRow( SYSUSERS_COLUMN_COUNT );
+
+            /* 1st column is USERNAME (varchar(128)) */
+            row.setColumn( USERNAME_COL_NUM, new SQLVarchar( userName ) );
+
+            /* 2nd column is HASHINGSCHEME (varchar(32672)) */
+            row.setColumn( HASHINGSCHEME_COL_NUM, new SQLVarchar( hashingScheme ) );
+
+            /* 3rd column is PASSWORD (varchar(32672)) */
+            row.setColumn( PASSWORD_COL_NUM, new SQLVarchar( password ) );
+
+            /* 4th column is LASTMODIFIED (timestamp) */
+            row.setColumn( LASTMODIFIED_COL_NUM, new SQLTimestamp( lastModified ) );
+        }
+        finally
+        {
+            // zero out the password to prevent it from being memory-sniffed
+            if ( password != null ) { Arrays.fill( password, (char) 0 ); }
+        }
+
+		return row;
+	}
+
+	///////////////////////////////////////////////////////////////////////////
+	//
+	//	ABSTRACT METHODS TO BE IMPLEMENTED BY CHILDREN OF CatalogRowFactory
+	//
+	///////////////////////////////////////////////////////////////////////////
+
+	/**
+	 * Make a descriptor out of a SYSUSERS row. The password column in the
+     * row will be zeroed out.
+	 *
+	 * @param row a row
+	 * @param parentTupleDescriptor	Null for this kind of descriptor.
+	 * @param dd dataDictionary
+	 *
+	 * @return	a descriptor equivalent to a row
+	 *
+	 * @exception   StandardException thrown on failure
+	 */
+	public TupleDescriptor buildDescriptor(
+		ExecRow					row,
+		TupleDescriptor			parentTupleDescriptor,
+		DataDictionary 			dd )
+					throws StandardException
+	{
+		if (SanityManager.DEBUG)
+		{
+			if (row.nColumns() != SYSUSERS_COLUMN_COUNT)
+			{
+				SanityManager.THROWASSERT("Wrong number of columns for a SYSUSERS row: "+
+							 row.nColumns());
+			}
+		}
+
+		DataDescriptorGenerator ddg = dd.getDataDescriptorGenerator();
+
+		String	userName;
+		String	hashingScheme;
+		char[]  password = null;
+		Timestamp   lastModified;
+		DataValueDescriptor	col;
+		SQLVarchar	passwordCol = null;
+
+		UserDescriptor	result;
+
+        try {
+            /* 1st column is USERNAME */
+            col = row.getColumn( USERNAME_COL_NUM );
+            userName = col.getString();
+
+            /* 2nd column is HASHINGSCHEME */
+            col = row.getColumn( HASHINGSCHEME_COL_NUM );
+            hashingScheme = col.getString();
+		
+            /* 3nd column is PASSWORD */
+            passwordCol = (SQLVarchar) row.getColumn( PASSWORD_COL_NUM );
+            password = passwordCol.getRawDataAndZeroIt();
+
+            /* 4th column is LASTMODIFIED */
+            col = row.getColumn( LASTMODIFIED_COL_NUM );
+            lastModified = col.getTimestamp( new java.util.GregorianCalendar() );
+
+            result = ddg.newUserDescriptor( userName, hashingScheme, password, lastModified );
+        }
+        finally
+        {
+            // zero out the password so that it can't be memory-sniffed
+            if ( password != null ) { Arrays.fill( password, (char) 0 ); }
+            if ( passwordCol != null ) { passwordCol.zeroRawData(); }
+        }
+        
+		return result;
+	}
+
+	/**
+	 * Builds a list of columns suitable for creating this Catalog.
+	 *
+	 *
+	 * @return array of SystemColumn suitable for making this catalog.
+	 */
+    public SystemColumn[]   buildColumnList()
+        throws StandardException
+    {
+        return new SystemColumn[]
+        {
+            SystemColumnImpl.getIdentifierColumn( "USERNAME", false ),
+            SystemColumnImpl.getColumn( "HASHINGSCHEME", Types.VARCHAR, false, TypeId.VARCHAR_MAXWIDTH ),
+            SystemColumnImpl.getColumn( PASSWORD_COL_NAME, Types.VARCHAR, false, TypeId.VARCHAR_MAXWIDTH ),
+            SystemColumnImpl.getColumn( "LASTMODIFIED", Types.TIMESTAMP, false ),
+        };
+    }
+}

Propchange: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/SYSUSERSRowFactory.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromBaseTable.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromBaseTable.java?rev=1212562&r1=1212561&r2=1212562&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromBaseTable.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/FromBaseTable.java Fri Dec  9 18:19:58 2011
@@ -79,7 +79,7 @@ import org.apache.derby.iapi.store.acces
 
 import org.apache.derby.iapi.types.DataValueDescriptor;
 
-
+import org.apache.derby.impl.sql.catalog.SYSUSERSRowFactory;
 
 /**
  * A FromBaseTable represents a table in the FROM list of a DML statement,
@@ -196,6 +196,9 @@ public class FromBaseTable extends FromT
 
 	private boolean getUpdateLocks;
 
+    // true if we are running with sql authorization and this is the SYSUSERS table
+    private boolean authorizeSYSUSERS;
+
 	/**
 	 * Initializer for a table in a FROM list. Parameters are as follows:
 	 *
@@ -2382,6 +2385,23 @@ public class FromBaseTable extends FromT
 				tableNumber = compilerContext.getNextTableNumber();
 		}
 
+        //
+        // Only the DBO can select from SYS.SYSUSERS.
+        //
+        authorizeSYSUSERS =
+            dataDictionary.usesSqlAuthorization() &&
+            tableDescriptor.getUUID().toString().equals( SYSUSERSRowFactory.SYSUSERS_UUID );
+        if ( authorizeSYSUSERS )
+        {
+            String  databaseOwner = dataDictionary.getAuthorizationDatabaseOwner();
+            String  currentUser = getLanguageConnectionContext().getStatementContext().getSQLSessionContext().getCurrentUser();
+
+            if ( !databaseOwner.equals( currentUser ) )
+            {
+                throw StandardException.newException( SQLState.DBO_ONLY );
+            }
+        }
+
 		return this;
 	}
 
@@ -2709,7 +2729,7 @@ public class FromBaseTable extends FromT
 		referencedTableMap = new JBitSet(numTables);
 		referencedTableMap.set(tableNumber);
 
-		return genProjectRestrict(numTables);
+        return genProjectRestrict(numTables);
 	}
 
 	/** 
@@ -3181,6 +3201,30 @@ public class FromBaseTable extends FromT
 								MethodBuilder mb)
 							throws StandardException
 	{
+        //
+        // By now the map of referenced columns has been filled in.
+        // We check to see if SYSUSERS.PASSWORD is referenced.
+        // Even the DBO is not allowed to SELECT that column.
+        // This is to prevent us from instantiating the password as a
+        // String. The char[] inside the String can hang around, unzeroed
+        // and be read by a memory-sniffer. See DERBY-866.
+        //
+        if ( authorizeSYSUSERS )
+        {
+            int passwordColNum = SYSUSERSRowFactory.PASSWORD_COL_NUM;
+            
+            if (
+                ( referencedCols == null ) || // select * from sys.sysusers results in a null referecedCols
+                (
+                 (referencedCols.getLength() >= passwordColNum ) && referencedCols.isSet( passwordColNum - 1 )
+                )
+               )
+            {
+                throw StandardException.newException
+                    ( SQLState.HIDDEN_COLUMN, SYSUSERSRowFactory.TABLE_NAME, SYSUSERSRowFactory.PASSWORD_COL_NAME );
+            }
+        }
+        
 		generateResultSet( acb, mb );
 
 		/*

Modified: db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml?rev=1212562&r1=1212561&r2=1212562&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml Fri Dec  9 18:19:58 2011
@@ -1228,6 +1228,13 @@ Guide.
             </msg>
 
             <msg>
+                <name>4251E</name>
+                <text>No-one can view the '{0}'.'{1}' column.</text>
+                 <arg>tableName</arg>
+                 <arg>columnName</arg>
+           </msg>
+
+            <msg>
                 <name>42601</name>
                 <text>In an ALTER TABLE statement, the column '{0}' has been specified as NOT NULL and either the DEFAULT clause was not specified or was specified as DEFAULT NULL.</text>
                 <arg>columnName</arg>

Modified: db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java?rev=1212562&r1=1212561&r2=1212562&view=diff
==============================================================================
--- db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java (original)
+++ db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java Fri Dec  9 18:19:58 2011
@@ -778,6 +778,7 @@ public interface SQLState {
 	String AUTH_PUBLIC_ILLEGAL_AUTHORIZATION_ID                        = "4251B";
 	String AUTH_ROLE_GRANT_CIRCULARITY                                 = "4251C";
 	String DBO_ONLY                                                         = "4251D";
+	String HIDDEN_COLUMN                                                         = "4251E";
 
 	String LANG_DB2_NOT_NULL_COLUMN_INVALID_DEFAULT                    = "42601";
 	String LANG_DB2_INVALID_HEXADECIMAL_CONSTANT                    = "42606";

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/compressTable.out
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/compressTable.out?rev=1212562&r1=1212561&r2=1212562&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/compressTable.out (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/compressTable.out Fri Dec  9 18:19:58 2011
@@ -1097,6 +1097,7 @@ SYS                                     
 SYS                                                                                                                             |SYSTABLEPERMS                                                                                                                   |1          
 SYS                                                                                                                             |SYSTABLES                                                                                                                       |1          
 SYS                                                                                                                             |SYSTRIGGERS                                                                                                                     |1          
+SYS                                                                                                                             |SYSUSERS                                                                                                                        |1          
 SYS                                                                                                                             |SYSVIEWS                                                                                                                        |1          
 SYSIBM                                                                                                                          |SYSDUMMY1                                                                                                                       |1          
 ij> select a, b from xena;

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/ij7.out
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/ij7.out?rev=1212562&r1=1212561&r2=1212562&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/ij7.out (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/ij7.out Fri Dec  9 18:19:58 2011
@@ -42,6 +42,7 @@ SYS                 |SYSSTATISTICS      
 SYS                 |SYSTABLEPERMS                 |                    
 SYS                 |SYSTABLES                     |                    
 SYS                 |SYSTRIGGERS                   |                    
+SYS                 |SYSUSERS                      |                    
 SYS                 |SYSVIEWS                      |                    
 SYSIBM              |SYSDUMMY1                     |                    
 ij> SET SCHEMA APP;
@@ -95,6 +96,7 @@ SYS                 |SYSSTATISTICS      
 SYS                 |SYSTABLEPERMS                 |                    
 SYS                 |SYSTABLES                     |                    
 SYS                 |SYSTRIGGERS                   |                    
+SYS                 |SYSUSERS                      |                    
 SYS                 |SYSVIEWS                      |                    
 SYSIBM              |SYSDUMMY1                     |                    
 APP                 |T1                            |                    

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/DMDBugsTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/DMDBugsTest.java?rev=1212562&r1=1212561&r2=1212562&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/DMDBugsTest.java (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/DMDBugsTest.java Fri Dec  9 18:19:58 2011
@@ -78,7 +78,7 @@ public class DMDBugsTest extends BaseJDB
 	                  {{"","APP","TSYN","SYNONYM","",null,null,null,null,null}});
 
 		rs = dmd.getTables( "%", "%", "%", new String[] {"SYSTEM TABLE"});
-		assertEquals(22, JDBC.assertDrainResults(rs));
+		assertEquals(23, JDBC.assertDrainResults(rs));
 		s.executeUpdate("DROP VIEW APP.V");
 		s.executeUpdate("DROP TABLE APP.TAB");
 		s.executeUpdate("DROP SYNONYM APP.TSYN");

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/AlterTableTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/AlterTableTest.java?rev=1212562&r1=1212561&r2=1212562&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/AlterTableTest.java (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/AlterTableTest.java Fri Dec  9 18:19:58 2011
@@ -838,30 +838,31 @@ public final class AlterTableTest extend
                 "select tablename, " +
                 "SYSCS_UTIL.SYSCS_CHECK_TABLE('SYS', tablename) from " +
                 "sys.systables where tabletype = 'S' and tablename " +
-                "!= 'SYSDUMMY1'");
+                "!= 'SYSDUMMY1' order by tablename");
 
         expRS = new String[][]{
-                    {"SYSCONGLOMERATES", "1"},
-                    {"SYSTABLES", "1"},
+                    {"SYSALIASES", "1"},
+                    {"SYSCHECKS", "1"},
+                    {"SYSCOLPERMS", "1"},
                     {"SYSCOLUMNS", "1"},
-                    {"SYSSCHEMAS", "1"},
+                    {"SYSCONGLOMERATES", "1"},
                     {"SYSCONSTRAINTS", "1"},
-                    {"SYSKEYS", "1"},
                     {"SYSDEPENDS", "1"},
-                    {"SYSALIASES", "1"},
-                    {"SYSVIEWS", "1"},
-                    {"SYSCHECKS", "1"},
+                    {"SYSFILES", "1"},
                     {"SYSFOREIGNKEYS", "1"},
+                    {"SYSKEYS", "1"},
+                    {"SYSPERMS", "1"},
+                    {"SYSROLES", "1"},
+                    {"SYSROUTINEPERMS", "1"},
+                    {"SYSSCHEMAS", "1"},
+                    {"SYSSEQUENCES", "1"},
                     {"SYSSTATEMENTS", "1"},
-                    {"SYSFILES", "1"},
-                    {"SYSTRIGGERS", "1"},
                     {"SYSSTATISTICS", "1"},
                     {"SYSTABLEPERMS", "1"},
-                    {"SYSCOLPERMS", "1"},
-                    {"SYSROUTINEPERMS", "1"},
-                    {"SYSROLES", "1"},
-                    {"SYSSEQUENCES", "1"},
-                    {"SYSPERMS", "1"}
+                    {"SYSTABLES", "1"},
+                    {"SYSTRIGGERS", "1"},
+                    {"SYSUSERS", "1"},
+                    {"SYSVIEWS", "1"},
                 };
 
         JDBC.assertFullResultSet(rs, expRS, true);

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/CollationTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/CollationTest.java?rev=1212562&r1=1212561&r2=1212562&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/CollationTest.java (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/CollationTest.java Fri Dec  9 18:19:58 2011
@@ -664,7 +664,7 @@ private void commonTestingForTerritoryBa
     //The query below will work for the same reason. 
     checkLangBasedQuery(s, "SELECT count(*) FROM SYS.SYSTABLES WHERE CASE " +
     		" WHEN 1=1 THEN TABLENAME ELSE TABLEID END = TABLENAME",
-    		new String[][] {{"25"} });
+    		new String[][] {{"26"} });
 
     //Do some testing using CONCATENATION
     //following will fail because result string of concatenation has 

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/DBOAccessTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/DBOAccessTest.java?rev=1212562&r1=1212561&r2=1212562&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/DBOAccessTest.java (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/DBOAccessTest.java Fri Dec  9 18:19:58 2011
@@ -49,6 +49,9 @@ public class DBOAccessTest extends Gener
     // Name of the log file to use when testing VTIs that expect one.
     private static final String TEST_LOG_FILE = "sys_vti_test_derby.tstlog";
 
+    private static  final   String      ONLY_DBO = "4251D";
+    private static  final   String      HIDDEN_COLUMN = "4251E";
+
     ///////////////////////////////////////////////////////////////////////////////////
     //
     // STATE
@@ -165,7 +168,65 @@ public class DBOAccessTest extends Gener
         if ( shouldSucceed ) { goodStatement( conn, query ); }
         else
         {
-            expectCompilationError( conn, "4251D", query );
+            expectCompilationError( conn, ONLY_DBO, query );
+        }
+    }
+
+    /**
+     * <p>
+     * Tests that only the DBO can select from SYSUSERS and no-one can SELECT
+     * SYSUSERS.PASSWORD.
+     * </p>
+     */
+    public  void    testSYSUSERS() throws Exception
+    {
+        println( "testSYSUSERS authorizationIsOn() = " + authorizationIsOn() );
+        
+        Connection  dboConnection = openUserConnection( TEST_DBO );
+        Connection  janetConnection = openUserConnection( JANET );
+
+        goodStatement( dboConnection, "create view v2 as select username, hashingscheme, lastmodified from sys.sysusers" );
+        if ( authorizationIsOn() ) { goodStatement( dboConnection, "grant select on v2 to public" ); }
+
+        vetDBO_OKProbes( dboConnection, true );
+        vetDBO_OKProbes( janetConnection, !authorizationIsOn() );
+
+        vetUnauthorizedProbes( dboConnection, !authorizationIsOn(), HIDDEN_COLUMN );
+        vetUnauthorizedProbes( janetConnection, !authorizationIsOn(), ONLY_DBO );
+    }
+    // these statements should always succeed if the dbo is running
+    // them or if authorization is not enabled
+    private void    vetDBO_OKProbes( Connection conn, boolean shouldSucceed )
+        throws Exception
+    {
+        vetUserProbes( conn, shouldSucceed, "select count(*) from sys.sysusers", ONLY_DBO );
+        vetUserProbes( conn, shouldSucceed, "select username, hashingscheme, lastmodified from sys.sysusers", ONLY_DBO );
+        vetUserProbes( conn, shouldSucceed, "select username from sys.sysusers", ONLY_DBO );
+
+        // can't use views to subvert authorization checks
+        vetUserProbes( conn, shouldSucceed, "select count(*) from test_dbo.v2", ONLY_DBO );
+        vetUserProbes( conn, shouldSucceed, "select * from test_dbo.v2", ONLY_DBO );
+        vetUserProbes( conn, shouldSucceed, "select username, hashingscheme, lastmodified from test_dbo.v2", ONLY_DBO );
+        vetUserProbes( conn, shouldSucceed, "select username from test_dbo.v2", ONLY_DBO );
+    }
+    // these statements should always fail if authorization is enabled
+    private void    vetUnauthorizedProbes( Connection conn, boolean shouldSucceed, String expectedSQLState )
+        throws Exception
+    {
+        vetUserProbes( conn, shouldSucceed, "select * from sys.sysusers", expectedSQLState );
+        vetUserProbes( conn, shouldSucceed, "select * from sys.sysusers where username='foo'", expectedSQLState );
+        vetUserProbes( conn, shouldSucceed, "select password from sys.sysusers", expectedSQLState );
+        vetUserProbes( conn, shouldSucceed, "select username, password from sys.sysusers", expectedSQLState );
+        vetUserProbes( conn, shouldSucceed, "select username from sys.sysusers where password = 'foo'", expectedSQLState );
+    }
+    private void    vetUserProbes
+        ( Connection conn, boolean shouldSucceed, String query, String expectedSQLState )
+        throws Exception
+    {
+        if ( shouldSucceed ) { goodStatement( conn, query ); }
+        else
+        {
+            expectCompilationError( conn, expectedSQLState, query );
         }
     }
 

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/GrantRevokeDDLTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/GrantRevokeDDLTest.java?rev=1212562&r1=1212561&r2=1212562&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/GrantRevokeDDLTest.java (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/GrantRevokeDDLTest.java Fri Dec  9 18:19:58 2011
@@ -7777,42 +7777,43 @@ public final class GrantRevokeDDLTest ex
         // ok
         
         rs = st_user2.executeQuery(
-            "select tablename from user1.sv1");
+            "select tablename from user1.sv1 order by tablename");
         
         expColNames = new String [] {"TABLENAME"};
         JDBC.assertColumnNames(rs, expColNames);
         
         expRS = new String [][]
         {
-            {"SYSCONGLOMERATES"},
-            {"SYSTABLES"},
+            {"SV1"},
+            {"SYSALIASES"},
+            {"SYSCHECKS"},
+            {"SYSCOLPERMS"},
             {"SYSCOLUMNS"},
-            {"SYSSCHEMAS"},
+            {"SYSCONGLOMERATES"},
             {"SYSCONSTRAINTS"},
-            {"SYSKEYS"},
             {"SYSDEPENDS"},
-            {"SYSALIASES"},
-            {"SYSVIEWS"},
-            {"SYSCHECKS"},
+            {"SYSDUMMY1"},
+            {"SYSFILES"},
             {"SYSFOREIGNKEYS"},
+            {"SYSKEYS"},
+            {"SYSPERMS"},
+            {"SYSROLES"},
+            {"SYSROUTINEPERMS"},
+            {"SYSSCHEMAS"},
+            {"SYSSEQUENCES"},
             {"SYSSTATEMENTS"},
-            {"SYSFILES"},
-            {"SYSTRIGGERS"},
             {"SYSSTATISTICS"},
-            {"SYSDUMMY1"},
             {"SYSTABLEPERMS"},
-            {"SYSCOLPERMS"},
-            {"SYSROUTINEPERMS"},
-            {"SYSROLES"},
-            {"SYSSEQUENCES"},
-            {"SYSPERMS"},
+            {"SYSTABLES"},
+            {"SYSTRIGGERS"},
+            {"SYSUSERS"},
+            {"SYSVIEWS"},
             {"T1"},
             {"T2"},
             {"T2"},
             {"T3"},
             {"T4"},
             {"T5"},
-            {"SV1"}
         };
         
         JDBC.assertFullResultSet(rs, expRS, true);

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/PrimaryKeyTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/PrimaryKeyTest.java?rev=1212562&r1=1212561&r2=1212562&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/PrimaryKeyTest.java (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/PrimaryKeyTest.java Fri Dec  9 18:19:58 2011
@@ -210,34 +210,37 @@ public class PrimaryKeyTest extends Base
 	public void testCatalog() throws SQLException {
 		Statement s = createStatement();
 		assertUpdateCount(s , 0 , "create table pos1(c1 int primary key)");
-		ResultSet rs = s.executeQuery("select tablename, SYSCS_UTIL.SYSCS_CHECK_TABLE('SYS', tablename) from sys.systables where CAST(tabletype AS CHAR(1)) = 'S'  and CAST(tablename AS VARCHAR(128)) != 'SYSDUMMY1'");
+		ResultSet rs = s.executeQuery("select tablename, SYSCS_UTIL.SYSCS_CHECK_TABLE('SYS', tablename) from sys.systables where CAST(tabletype AS CHAR(1)) = 'S'  and CAST(tablename AS VARCHAR(128)) != 'SYSDUMMY1' order by tablename");
                 String[][] expectedCheckTables = new String[][]
-                       {{"SYSCONGLOMERATES","1"},
-                        {"SYSTABLES","1"},
+                       {
+                        {"SYSALIASES","1"},
+                        {"SYSCHECKS","1"},
+                        {"SYSCOLPERMS","1"},
                         {"SYSCOLUMNS","1"},
-                        {"SYSSCHEMAS","1"},
+                        {"SYSCONGLOMERATES","1"},
                         {"SYSCONSTRAINTS","1"},
-                        {"SYSKEYS","1"},
                         {"SYSDEPENDS","1"},
-                        {"SYSALIASES","1"},
-                        {"SYSVIEWS","1"},
-                        {"SYSCHECKS","1"},
+                        {"SYSFILES","1"},
                         {"SYSFOREIGNKEYS","1"},
+                        {"SYSKEYS","1"},
+                        {"SYSPERMS", "1"},
+						{"SYSROLES", "1"},
+                        {"SYSROUTINEPERMS","1"},
+                        {"SYSSCHEMAS","1"},
+                        {"SYSSEQUENCES", "1"},
                         {"SYSSTATEMENTS","1"},
-                        {"SYSFILES","1"},
-                        {"SYSTRIGGERS","1"},
                         {"SYSSTATISTICS","1"},
                         {"SYSTABLEPERMS","1"},
-                        {"SYSCOLPERMS","1"},
-                        {"SYSROUTINEPERMS","1"},
-						{"SYSROLES", "1"},
-                        {"SYSSEQUENCES", "1"},
-                        {"SYSPERMS", "1"}};
+                        {"SYSTABLES","1"},
+                        {"SYSTRIGGERS","1"},
+                        {"SYSUSERS","1"},
+                        {"SYSVIEWS","1"},
+                       };
                 JDBC.assertFullResultSet(rs,expectedCheckTables); 
 		//-- drop tables
 		assertUpdateCount(s , 0 , "drop table pos1");
 		//-- verify it again
-                rs = s.executeQuery("select tablename, SYSCS_UTIL.SYSCS_CHECK_TABLE('SYS', tablename) from sys.systables where CAST(tabletype AS CHAR(1)) = 'S'  and CAST(tablename AS VARCHAR(128)) != 'SYSDUMMY1'");
+                rs = s.executeQuery("select tablename, SYSCS_UTIL.SYSCS_CHECK_TABLE('SYS', tablename) from sys.systables where CAST(tabletype AS CHAR(1)) = 'S'  and CAST(tablename AS VARCHAR(128)) != 'SYSDUMMY1' order by tablename");
                 JDBC.assertFullResultSet(rs, expectedCheckTables);
 	}
 	/**

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SystemCatalogTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SystemCatalogTest.java?rev=1212562&r1=1212561&r2=1212562&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SystemCatalogTest.java (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SystemCatalogTest.java Fri Dec  9 18:19:58 2011
@@ -318,6 +318,10 @@ public class SystemCatalogTest extends B
 				{"SYSTRIGGERS", "TRIGGERNAME", "2", "VARCHAR(128) NOT NULL"},
 				{"SYSTRIGGERS", "TYPE", "7", "CHAR(1) NOT NULL"},
 				{"SYSTRIGGERS", "WHENSTMTID", "10", "CHAR(36)"},
+				{"SYSUSERS", "HASHINGSCHEME", "2", "VARCHAR(32672) NOT NULL"},
+				{"SYSUSERS", "LASTMODIFIED", "4", "TIMESTAMP NOT NULL"},
+				{"SYSUSERS", "PASSWORD", "3", "VARCHAR(32672) NOT NULL"},
+				{"SYSUSERS", "USERNAME", "1", "VARCHAR(128) NOT NULL"},
 				{"SYSVIEWS", "CHECKOPTION", "3", "CHAR(1) NOT NULL"},
 				{"SYSVIEWS", "COMPILATIONSCHEMAID", "4", "CHAR(36)"},
 				{"SYSVIEWS", "TABLEID", "1", "CHAR(36) NOT NULL"},
@@ -405,6 +409,8 @@ public class SystemCatalogTest extends B
 				{"SYSTRIGGERS", "SYSTRIGGERS_INDEX3", "true"},
 				{"SYSTRIGGERS", "SYSTRIGGERS_INDEX2", "true"},
 				{"SYSTRIGGERS", "SYSTRIGGERS_INDEX1", "true"},
+				{"SYSUSERS", "SYSUSERS_HEAP", "false"},
+				{"SYSUSERS", "SYSUSERS_INDEX1", "true"},
 				{"SYSVIEWS", "SYSVIEWS_HEAP", "false"},
 				{"SYSVIEWS", "SYSVIEWS_INDEX1", "true"},
 			};

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/ViewsTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/ViewsTest.java?rev=1212562&r1=1212561&r2=1212562&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/ViewsTest.java (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/ViewsTest.java Fri Dec  9 18:19:58 2011
@@ -532,34 +532,35 @@ public final class ViewsTest extends Bas
             "select tablename, "
             + "SYSCS_UTIL.SYSCS_CHECK_TABLE('SYS', tablename) from "
             + "sys.systables where CAST(tabletype AS CHAR(1)) = "
-            + "'S' and CAST(tablename AS VARCHAR(128)) != 'SYSDUMMY1'");
+            + "'S' and CAST(tablename AS VARCHAR(128)) != 'SYSDUMMY1' order by tablename");
         
         expColNames = new String [] {"TABLENAME", "2"};
         JDBC.assertColumnNames(rs, expColNames);
         
         expRS = new String [][]
         {
-            {"SYSCONGLOMERATES", "1"},
-            {"SYSTABLES", "1"},
+            {"SYSALIASES", "1"},
+            {"SYSCHECKS", "1"},
+            {"SYSCOLPERMS", "1"},
             {"SYSCOLUMNS", "1"},
-            {"SYSSCHEMAS", "1"},
+            {"SYSCONGLOMERATES", "1"},
             {"SYSCONSTRAINTS", "1"},
-            {"SYSKEYS", "1"},
             {"SYSDEPENDS", "1"},
-            {"SYSALIASES", "1"},
-            {"SYSVIEWS", "1"},
-            {"SYSCHECKS", "1"},
+            {"SYSFILES", "1"},
             {"SYSFOREIGNKEYS", "1"},
+            {"SYSKEYS", "1"},
+            {"SYSPERMS", "1"},   
+            {"SYSROLES", "1"},
+            {"SYSROUTINEPERMS", "1"},
+            {"SYSSCHEMAS", "1"},
+            {"SYSSEQUENCES", "1"},
             {"SYSSTATEMENTS", "1"},
-            {"SYSFILES", "1"},
-            {"SYSTRIGGERS", "1"},
             {"SYSSTATISTICS", "1"},
             {"SYSTABLEPERMS", "1"},
-            {"SYSCOLPERMS", "1"},
-            {"SYSROUTINEPERMS", "1"},
-            {"SYSROLES", "1"},
-            {"SYSSEQUENCES", "1"},
-            {"SYSPERMS", "1"}    
+            {"SYSTABLES", "1"},
+            {"SYSTRIGGERS", "1"},
+            {"SYSUSERS", "1"},
+            {"SYSVIEWS", "1"},
         };
         
         JDBC.assertFullResultSet(rs, expRS, true);
@@ -643,34 +644,35 @@ public final class ViewsTest extends Bas
             "select tablename, "
             + "SYSCS_UTIL.SYSCS_CHECK_TABLE('SYS', tablename) from "
             + "sys.systables where CAST(tabletype as CHAR(1)) = "
-            + "'S' and CAST(tablename  as VARCHAR(128)) != 'SYSDUMMY1'");
+            + "'S' and CAST(tablename  as VARCHAR(128)) != 'SYSDUMMY1' order by tablename");
         
         expColNames = new String [] {"TABLENAME", "2"};
         JDBC.assertColumnNames(rs, expColNames);
         
         expRS = new String [][]
         {
-            {"SYSCONGLOMERATES", "1"},
-            {"SYSTABLES", "1"},
+            {"SYSALIASES", "1"},
+            {"SYSCHECKS", "1"},
+            {"SYSCOLPERMS", "1"},
             {"SYSCOLUMNS", "1"},
-            {"SYSSCHEMAS", "1"},
+            {"SYSCONGLOMERATES", "1"},
             {"SYSCONSTRAINTS", "1"},
-            {"SYSKEYS", "1"},
             {"SYSDEPENDS", "1"},
-            {"SYSALIASES", "1"},
-            {"SYSVIEWS", "1"},
-            {"SYSCHECKS", "1"},
+            {"SYSFILES", "1"},
             {"SYSFOREIGNKEYS", "1"},
+            {"SYSKEYS", "1"},
+            {"SYSPERMS", "1"},   
+            {"SYSROLES", "1"},
+            {"SYSROUTINEPERMS", "1"},
+            {"SYSSCHEMAS", "1"},
+            {"SYSSEQUENCES", "1"},
             {"SYSSTATEMENTS", "1"},
-            {"SYSFILES", "1"},
-            {"SYSTRIGGERS", "1"},
             {"SYSSTATISTICS", "1"},
             {"SYSTABLEPERMS", "1"},
-            {"SYSCOLPERMS", "1"},
-            {"SYSROUTINEPERMS", "1"},
-            {"SYSROLES", "1"},
-            {"SYSSEQUENCES", "1"},
-            {"SYSPERMS", "1"}
+            {"SYSTABLES", "1"},
+            {"SYSTRIGGERS", "1"},
+            {"SYSUSERS", "1"},
+            {"SYSVIEWS", "1"},
         };
         
         JDBC.assertFullResultSet(rs, expRS, true);

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/upgradeTests/Changes10_9.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/upgradeTests/Changes10_9.java?rev=1212562&r1=1212561&r2=1212562&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/upgradeTests/Changes10_9.java (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/upgradeTests/Changes10_9.java Fri Dec  9 18:19:58 2011
@@ -156,4 +156,45 @@ public class Changes10_9 extends Upgrade
         assertEquals( expectedRowCount, actualRowCount );
     }
 
+    /**
+     * Make sure that the catalogs and procedures for NATIVE authentication
+     * only appear after hard-upgrade.
+     */
+    public  void    testNativeAuthentication()  throws Exception
+    {
+        Statement s = createStatement();
+
+        switch ( getPhase() )
+        {
+        case PH_CREATE: // create with old version
+            vetSYSUSERS( s, false );
+            break;
+            
+        case PH_SOFT_UPGRADE: // boot with new version and soft-upgrade
+            vetSYSUSERS( s, false );
+            break;
+            
+        case PH_POST_SOFT_UPGRADE: // soft-downgrade: boot with old version after soft-upgrade
+            vetSYSUSERS( s, false );
+            break;
+
+        case PH_HARD_UPGRADE: // boot with new version and hard-upgrade
+            vetSYSUSERS( s, true );
+            break;
+        }
+        
+        s.close();
+    }
+    private void    vetSYSUSERS( Statement s, boolean shouldExist ) throws Exception
+    {
+        ResultSet   rs = s.executeQuery( "select count(*) from sys.systables where tablename = 'SYSUSERS'" );
+        rs.next();
+
+        int expectedValue = shouldExist ? 1 : 0;
+
+        assertEquals( expectedValue, rs.getInt( 1 ) );
+
+        rs.close();
+    }
+    
 }



Mime
View raw message