db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rhille...@apache.org
Subject svn commit: r1328431 - in /db/derby/code/trunk/java: engine/org/apache/derby/catalog/SystemProcedures.java engine/org/apache/derby/loc/messages.xml testing/org/apache/derbyTesting/functionTests/tests/lang/NativeAuthenticationServiceTest.java
Date Fri, 20 Apr 2012 16:10:05 GMT
Author: rhillegas
Date: Fri Apr 20 16:10:05 2012
New Revision: 1328431

URL: http://svn.apache.org/viewvc?rev=1328431&view=rev
Log:
DERBY-866: Prevent anyone other than the DBO from turning on NATIVE authentication.

Modified:
    db/derby/code/trunk/java/engine/org/apache/derby/catalog/SystemProcedures.java
    db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/NativeAuthenticationServiceTest.java

Modified: db/derby/code/trunk/java/engine/org/apache/derby/catalog/SystemProcedures.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/catalog/SystemProcedures.java?rev=1328431&r1=1328430&r2=1328431&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/catalog/SystemProcedures.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/catalog/SystemProcedures.java Fri Apr
20 16:10:05 2012
@@ -2054,7 +2054,8 @@ public class SystemProcedures  {
         LanguageConnectionContext lcc = ConnectionUtil.getCurrentLCC();
         TransactionController tc = lcc.getTransactionExecute();
 
-        // the first credentials must be those of the DBO
+        // the first credentials must be those of the DBO and only the DBO
+        // can add them
         try {
             DataDictionary dd = lcc.getDataDictionary();
             String  dbo = dd.getAuthorizationDatabaseOwner();
@@ -2066,6 +2067,15 @@ public class SystemProcedures  {
                     throw StandardException.newException( SQLState.DBO_FIRST );
                 }
             }
+            else    // we are trying to create credentials for the DBO
+            {
+                String  currentUser = lcc.getStatementContext().getSQLSessionContext().getCurrentUser();
+
+                if ( !dbo.equals( currentUser ) )
+                {
+                    throw StandardException.newException( SQLState.DBO_ONLY );
+                }
+            }
         } catch (StandardException se) { throw PublicAPI.wrapStandardException(se); }
 
         addUser( userName, password, tc );

Modified: db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml?rev=1328431&r1=1328430&r2=1328431&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml Fri Apr 20 16:10:05
2012
@@ -1236,7 +1236,7 @@ Guide.
 
             <msg>
                 <name>4251D</name>
-                <text>Only the database owner can view this data.</text>
+                <text>Only the database owner can perform this operation.</text>
             </msg>
 
             <msg>

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/NativeAuthenticationServiceTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/NativeAuthenticationServiceTest.java?rev=1328431&r1=1328430&r2=1328431&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/NativeAuthenticationServiceTest.java
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/NativeAuthenticationServiceTest.java
Fri Apr 20 16:10:05 2012
@@ -82,6 +82,7 @@ public class NativeAuthenticationService
     private static  final   String  ORANGE_USER = "ORANGE";   
     private static  final   String  BANANA_USER = "BANANA";   
     private static  final   String  GRAPE_USER = "GRAPE";   
+    private static  final   String  PINEAPPLE_USER = "PINEAPPLE";   
 
     private static  final   String  WALNUT_USER = "WALNUT";
 
@@ -674,9 +675,13 @@ public class NativeAuthenticationService
         // null password should not generate NPE
         getConnection( _nativeAuthentication, true, CREDENTIALS_DB, DBO, null, INVALID_AUTHENTICATION
);
 
-        // add the dbo as a user if he wasn't created when the database was created
+        // add the dbo as a user if she wasn't created when the database was created
         if ( !_nativeAuthentication )
         {
+            // verify that only the DBO can create credentials for the DBO
+            Connection  pineappleConn = openConnection( CREDENTIALS_DB, PINEAPPLE_USER, true,
null );
+            addUser( pineappleConn, DBO, DBO_ONLY_OPERATION );  // this should fail
+            
             addUser( sysadminConn, DBO );
         }
         
@@ -1494,10 +1499,30 @@ public class NativeAuthenticationService
 
     private void    addUser( Connection conn, String user ) throws Exception
     {
+        addUser( conn, user, null );
+    }
+
+    private void    addUser( Connection conn, String user, String expectedSQLState ) throws
Exception
+    {
+        boolean shouldFail = (expectedSQLState != null);
         String  password = getPassword( user );
         String  statement = "call syscs_util.syscs_create_user( '" + user + "', '" + password
+ "' )";
+
+        if ( shouldFail )
+        {
+            println( "Expecting " + expectedSQLState + " when executing '" + statement +
"'" );
+        }
         
-        goodStatement( conn, statement );
+        try {
+            goodStatement( conn, statement );
+
+            if ( shouldFail )   { fail( tagError( "Should not have been allowed to create
user " + user ) ); }
+        }
+        catch (SQLException se)
+        {
+            if ( shouldFail )   { assertSQLState( expectedSQLState, se ); }
+            else    { fail( tagError( "Unexpectedly failed to create user " + user ) );}
+        }
     }
 
     private void  setDatabaseProperty( boolean shouldFail, Connection conn, String key, String
value, String expectedSQLState )



Mime
View raw message