db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rhille...@apache.org
Subject svn commit: r1297528 - in /db/derby/code/trunk/java: engine/org/apache/derby/impl/jdbc/ engine/org/apache/derby/loc/ shared/org/apache/derby/shared/common/reference/ testing/org/apache/derbyTesting/functionTests/tests/lang/
Date Tue, 06 Mar 2012 15:33:22 GMT
Author: rhillegas
Date: Tue Mar  6 15:33:21 2012
New Revision: 1297528

URL: http://svn.apache.org/viewvc?rev=1297528&view=rev
Log:
DERBY-866: Prevent credentials db from being created with empty username or password.

Modified:
    db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java
    db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml
    db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/ErrorCodeTest.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/NativeAuthenticationServiceTest.java

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java?rev=1297528&r1=1297527&r2=1297528&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java Tue Mar
 6 15:33:21 2012
@@ -1226,8 +1226,18 @@ public abstract class EmbedConnection im
         {
             //
             // NATIVE authentication using a system-wide credentials database
-            // which is being created now. Allow this to succeed.
+            // which is being created now. Allow this to succeed. However, here we make sure
that
+            // the credentials are legal. This prevents the credentials db from being
+            // created with a bad DBO or password.
             //
+            String  user = userInfo.getProperty(Attribute.USERNAME_ATTR);
+            String  password = userInfo.getProperty(Attribute.PASSWORD_ATTR);
+
+            if ( emptyCredential( user ) || emptyCredential( password ) )
+            {
+                throw newSQLException( SQLState.AUTH_EMPTY_CREDENTIALS );
+            }
+            
             return;
         }
 
@@ -1256,9 +1266,9 @@ public abstract class EmbedConnection im
 			
 		if ( !authenticationSucceeded )
         {
-			throw newSQLException(SQLState.NET_CONNECT_AUTH_FAILED,
+            throw newSQLException(SQLState.NET_CONNECT_AUTH_FAILED,
                      MessageService.getTextMessage(MessageId.AUTH_INVALID));
-		}
+        }
 
 		// If authentication is not on, we have to raise a warning if sqlAuthorization is ON
 		// Since NoneAuthenticationService is the default for Derby, it should be ok to refer
@@ -1268,6 +1278,16 @@ public abstract class EmbedConnection im
 	}
 
     /**
+     * <p>
+     * Forbid empty or null usernames and passwords.
+     * </p>
+     */
+    private boolean emptyCredential( String credential )
+    {
+        return ( (credential == null) || (credential.length() == 0) );
+    }
+
+    /**
      * Compare two user-specified database names to see if they identify
      * the same database.
      */

Modified: db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml?rev=1297528&r1=1297527&r2=1297528&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml Tue Mar  6 15:33:21
2012
@@ -437,6 +437,11 @@ Guide.
             </msg>
 
             <msg>
+                <name>08004.C.13</name>
+                <text>Username or password is null or 0 length.</text>
+            </msg>
+
+            <msg>
                 <name>08006.C</name>
                 <text>A network protocol error was encountered and the connection has
been terminated: {0}</text>
 		<arg>error</arg>

Modified: db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java?rev=1297528&r1=1297527&r2=1297528&view=diff
==============================================================================
--- db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java
(original)
+++ db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java
Tue Mar  6 15:33:21 2012
@@ -1668,6 +1668,7 @@ public interface SQLState {
     //DERBY-2109: new state/msg
     String AUTH_DATABASE_CREATE_MISSING_PERMISSION          = "08004.C.11";
     String NET_CONNECT_SECMEC_INCOMPATIBLE_SCHEME           = "08004.C.12";
+    String AUTH_EMPTY_CREDENTIALS                                  = "08004.C.13";
 
     // There can be multiple causes for 08003, which according
     // to SQL2003 spec means "connection does not exist"

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/ErrorCodeTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/ErrorCodeTest.java?rev=1297528&r1=1297527&r2=1297528&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/ErrorCodeTest.java
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/ErrorCodeTest.java
Tue Mar  6 15:33:21 2012
@@ -128,6 +128,7 @@ public final class ErrorCodeTest extends
         		{"08004","Cannot check system permission to create database '{0}' [{1}].","40000"},
         		{"08004","Missing permission for user '{0}' to create database '{1}' [{2}].","40000"},
         		{"08004","Connection authentication failure occurred. Either the supplied credentials
were invalid, or the database uses a password encryption scheme not compatible with the strong
password substitution security mechanism. If this error started after upgrade, refer to the
release note for DERBY-4483 for options.","40000"},
+        		{"08004","Username or password is null or 0 length.","40000"},
         		{"08006","An error occurred during connect reset and the connection has been terminated.
 See chained exceptions for details.","40000"},
         		{"08006","SocketException: '{0}'","40000"},
         		{"08006","A communications error has been detected: {0}.","40000"},

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/NativeAuthenticationServiceTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/NativeAuthenticationServiceTest.java?rev=1297528&r1=1297527&r2=1297528&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/NativeAuthenticationServiceTest.java
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/NativeAuthenticationServiceTest.java
Tue Mar  6 15:33:21 2012
@@ -118,6 +118,7 @@ public class NativeAuthenticationService
     private static  final   String  SQL_AUTHORIZATION_PROPERTY = "derby.database.sqlAuthorization";
 
     private static  final   String  CREDENTIALS_DB_DOES_NOT_EXIST = "4251I";
+    private static  final   String  BAD_NETWORK_AUTHENTICATION = "08001";
     private static  final   String  INVALID_AUTHENTICATION = "08004";
     private static  final   String  DBO_ONLY_OPERATION = "4251D";
     private static  final   String  INVALID_PROVIDER_CHANGE = "XCY05";
@@ -656,6 +657,9 @@ public class NativeAuthenticationService
         Connection  secondDBConn = getConnection
             ( _nativeAuthentication, true, SECOND_DB, APPLE_USER, CREDENTIALS_DB_DOES_NOT_EXIST
);
 
+        // can't create a credentials db with an empty username or password
+        if ( _nativeAuthentication ) { vetEmptyCredentials(); }
+        
         // create the credentials database
         Connection  sysadminConn = openConnection( CREDENTIALS_DB, DBO, true, null );
 
@@ -914,6 +918,26 @@ public class NativeAuthenticationService
         return "jar:(" + SupportFilesSetup.getReadOnlyFileName( NAST1_JAR_FILE  ) + ")" +
dbName;
     }
     private static  String  classpathDBName()   { return "classpath:nast"; }
+
+    private void    vetEmptyCredentials()   throws Exception
+    {
+        vetEmptyCredentials( null, null );
+        vetEmptyCredentials( "", null );
+        vetEmptyCredentials( null, "" );
+        vetEmptyCredentials( "", "" );
+
+        vetEmptyCredentials( "foo", null );
+        vetEmptyCredentials( "foo", "" );
+
+        if ( isEmbedded() ) { vetEmptyCredentials( null, "bar" ); } // the network server
fabricates a username of APP
+        vetEmptyCredentials( "", "bar" );
+    }
+    private void    vetEmptyCredentials( String user, String password ) throws Exception
+    {
+        String[]  expectedSQLStates = new String[] { INVALID_AUTHENTICATION,BAD_NETWORK_AUTHENTICATION
};
+        
+        getConnection( true, true, CREDENTIALS_DB, user, password, expectedSQLStates );
+    }
     
     private void    addBuiltinUser( Connection conn, String user )  throws Exception
     {
@@ -1249,9 +1273,15 @@ public class NativeAuthenticationService
         ( boolean shouldFail, boolean isLogicalName, String dbName, String user, String password,
String expectedSQLState )
         throws Exception
     {
+        return getConnection( shouldFail, isLogicalName, dbName, user, password, new String[]
{ expectedSQLState } );
+    }
+    private Connection  getConnection
+        ( boolean shouldFail, boolean isLogicalName, String dbName, String user, String password,
String[] expectedSQLStates )
+        throws Exception
+    {
         Connection  conn = null;
 
-        reportConnectionAttempt( dbName, user, isLogicalName );
+        reportConnectionAttempt( dbName, user, password, isLogicalName );
 
         try {
             conn = openConnection( dbName, user, password, isLogicalName, null );
@@ -1260,7 +1290,20 @@ public class NativeAuthenticationService
         }
         catch (Throwable t)
         {
-            if ( shouldFail && (t instanceof SQLException) )   { assertSQLState(
expectedSQLState, (SQLException) t ); }
+            if ( shouldFail && (t instanceof SQLException) )
+            {
+                String          actualSQLState = ((SQLException) t).getSQLState();
+                StringBuffer    buffer = new StringBuffer();
+
+                //  ok if the sqlstate is one of the expected ones
+                for ( int i = 0; i < expectedSQLStates.length; i++ )
+                {
+                    String  expected = expectedSQLStates[ i ];
+                    buffer.append( " " + expected );
+                    if ( expected.equals( actualSQLState ) ) { return null; }
+                }
+                fail( tagError( "SQLState " + actualSQLState + " not in expected list: "
+ buffer.toString() ) );
+            }
             else
             {
                 printStackTrace( t );
@@ -1277,7 +1320,7 @@ public class NativeAuthenticationService
     {
         Connection  conn = null;
 
-        reportConnectionAttempt( dbName, user, true );
+        reportConnectionAttempt( dbName, user, getPassword( user ), true );
 
         conn = openConnection( dbName, user, true, null );
 
@@ -1296,9 +1339,9 @@ public class NativeAuthenticationService
 
         return conn;
     }
-    private void    reportConnectionAttempt( String dbName, String user, boolean isLogicalName
)
+    private void    reportConnectionAttempt( String dbName, String user, String password,
boolean isLogicalName )
     {
-        String  message = user + " attempting to get connection to database " + dbName;
+        String  message = "User '" + user + "' with password '" + password + "' attempting
to get connection to database " + dbName;
         if ( isLogicalName ) { message = message + " aka " + getTestConfiguration().getPhysicalDatabaseName(
dbName ) ; }
         println( message );
     }



Mime
View raw message