Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 4228 invoked from network); 25 Aug 2007 16:34:04 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 25 Aug 2007 16:34:04 -0000 Received: (qmail 19378 invoked by uid 500); 25 Aug 2007 16:34:00 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 19295 invoked by uid 500); 25 Aug 2007 16:33:59 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 19223 invoked by uid 99); 25 Aug 2007 16:33:59 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 25 Aug 2007 09:33:59 -0700 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 25 Aug 2007 16:34:39 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id DD1D6714221 for ; Sat, 25 Aug 2007 09:33:31 -0700 (PDT) Message-ID: <19199645.1188059611903.JavaMail.jira@brutus> Date: Sat, 25 Aug 2007 09:33:31 -0700 (PDT) From: "Knut Anders Hatlen (JIRA)" To: derby-dev@db.apache.org Subject: [jira] Updated: (DERBY-3025) NPE when connecting to database with securityMechanism=8 In-Reply-To: <9934476.1187865034201.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/DERBY-3025?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Knut Anders Hatlen updated DERBY-3025: -------------------------------------- Attachment: d3025.stat d3025.diff Attaching a patch which seems to fix the bug. I haven't run the regression tests yet. When the client driver connects to the server with securityMechanism in the connection attributes, the attribute is stripped off by the client driver and the security mechanism is specified in a field defined by the DRDA protocol instead. On the server, information about the security mechanism is extracted and put back into the connection attributes and used when creating an embedded connection. The connection attributes used on the server include securityMechanism and possibly some internal attributes. The problem is caused by the server reusing the attribute name securityMechanism. The authentication code (within the embedded driver) should only care about the attribute if it was added by the server, but there is no way to figure out whether that was the case. The patch fixes the problem by using an internal attribute name (drdaSecMec) instead of securityMechanism to communicate to the embedded driver that a security mechanism is used. Of course, this doesn't prevent a user from specifying drdaSecMec when connecting to the embedded driver, but it is less likely that a user by mistake types an internal attribute name than the name of a documented client driver attribute. > NPE when connecting to database with securityMechanism=8 > -------------------------------------------------------- > > Key: DERBY-3025 > URL: https://issues.apache.org/jira/browse/DERBY-3025 > Project: Derby > Issue Type: Bug > Components: Security > Affects Versions: 10.3.1.4 > Environment: Solaris x86 > Reporter: Alan Burlison > Assignee: Knut Anders Hatlen > Attachments: d3025-test.diff, d3025.diff, d3025.stat > > > If derby.drda.securityMechanism has *not* been set to STRONG_PASSWORD_SUBSTITUTE_SECURITY and the database is opened with the securityMechanism=8 property set, a NPE is thrown: > // Try opening the database. > Properties props = new Properties(); > props.put("securityMechanism", "8"); > props.put("user", dbUser); > props.put("password", dbPass); > Connection db = null; > try { > StringBuilder sb = new StringBuilder("jdbc:derby:"); > sb.append(dbName); > db = DriverManager.getConnection(sb.toString(), props); > } > // Handle exception > } > java.lang.NullPointerException'. [XJ001] > Caused by: java.sql.SQLException: Java exception: ': java.lang.NullPointerException'. > at org.apache.derby.impl.jdbc.SQLExceptionFactory40.getSQLException(Unknown Source) > at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Unknown Source) > at org.apache.derby.impl.jdbc.Util.javaException(Unknown Source) > at org.apache.derby.impl.jdbc.TransactionResourceImpl.wrapInSQLException(Unknown Source) > at org.apache.derby.impl.jdbc.TransactionResourceImpl.handleException(Unknown Source) > at org.apache.derby.impl.jdbc.EmbedConnection.handleException(Unknown Source) > at org.apache.derby.impl.jdbc.EmbedConnection.(Unknown Source) > at org.apache.derby.impl.jdbc.EmbedConnection30.(Unknown Source) > at org.apache.derby.impl.jdbc.EmbedConnection40.(Unknown Source) > at org.apache.derby.jdbc.Driver40.getNewEmbedConnection(Unknown Source) > at org.apache.derby.jdbc.InternalDriver.connect(Unknown Source) > at org.apache.derby.jdbc.AutoloadedDriver.connect(Unknown Source) > at java.sql.DriverManager.getConnection(DriverManager.java:582) > at java.sql.DriverManager.getConnection(DriverManager.java:154) > at org.opensolaris.auth.db.DBManager.openDatabase(DBManager.java:152) > ... 1 more > Caused by: java.sql.SQLException: Java exception: ': java.lang.NullPointerException'. > at org.apache.derby.impl.jdbc.SQLExceptionFactory.getSQLException(Unknown Source) > at org.apache.derby.impl.jdbc.SQLExceptionFactory40.wrapArgsForTransportAcrossDRDA(Unknown Source) > ... 16 more > Caused by: java.lang.NullPointerException > at org.apache.derby.impl.jdbc.authentication.AuthenticationServiceBase.substitutePassword(Unknown Source) > at org.apache.derby.impl.jdbc.authentication.BasicAuthenticationServiceImpl.authenticateUser(Unknown Source) > at org.apache.derby.impl.jdbc.authentication.AuthenticationServiceBase.authenticate(Unknown Source) > at org.apache.derby.impl.jdbc.EmbedConnection.checkUserCredentials(Unknown Source) > ... 10 more -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.