Issue Details (XML | Word | Printable)

Key: DERBY-198
Type: Improvement Improvement
Status: Closed Closed
Resolution: Fixed
Priority: Minor Minor
Assignee: Sunitha Kambhampati
Reporter: Kathey Marsden
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
Derby

Add Support for network Server USRIDONL security

Created: 05/Apr/05 08:11 AM   Updated: 05/Jun/05 01:44 AM
Return to search
Component/s: Network Server
Affects Version/s: 10.1.1.0
Fix Version/s: 10.1.1.0

Time Tracking:
Not Specified

File Attachments:
  File Name Date Attached Attached By Size
Text File Licensed for inclusion in ASF works Derby198.diff 2005-04-07 10:01 PM Sunitha Kambhampati 25 kB

Resolution Date: 01/Jun/05 04:17 AM


 Description  « Hide
Currently Network Server supports only two security mechanisms.

User ID and password (usridpwd)
User ID and encrypted password (eusridpwd)


It would be good to add support for User ID Only security so that it could more closely match the embedded driver and not always require a password.

See details of security mechanism implementations in section 4.4.2.1 of

DRDA V3 Vol. 1: Distributed Relational Database Architecture
http://www.opengroup.org/dbiop/

 All   Comments   Work Log   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Sunitha Kambhampati added a comment - 07/Apr/05 10:01 PM
Patch to support USRIDONL security for network server. derbynetmats tests ran fine. Added new tests to test security mechanism.

Sunitha Kambhampati made changes - 07/Apr/05 10:01 PM
Field Original Value New Value
Attachment Derby198.diff [ 19534 ]
[ Permlink | « Hide ]
Kathey Marsden added a comment - 08/Apr/05 04:14 AM
Committed revision 160439 for this patch.
Ran derbynetmats on the change.

[ Permlink | « Hide ]
Sunitha Kambhampati added a comment - 01/Jun/05 04:17 AM
This fix was committed with revision 160439 a while ago.
_________

The general flow is
client sends ACCSEC with CodePoint.SECMEC as SECMEC_USRIDONL (4) to use userid only security.
In the ACCSECRD the server sends secmec as SECMEC_USRIDONL which means it supports this security mechanism
Then client sends SECCHK sending only USRID
The server sends a SECCHKRM as normal after validating the userid. This is actually done by trying to obtain a connection from the database.

Changes that went in
-- Recognize CodePoint.SECMEC_USRIDONL sent in for CodePoint.SECMEC as part of the ACCSEC command (DRDAConnThread#parseACCSEC)
-- validate if the right parameters are sent for SECMEC_USRIDONL
-- Change the constant SECCHKCD_SECTKNMISSING to SECCHKCD_SECTKNMISSING_OR_INVALID for clarity. Since this code is sent in cases when the security token is invalid as well as when it is missing.
-- Changes to parseSECCHK to check for only the userid to support SECMEC_USRIDONL
-- Changes to Database#makeConnection to take care of a null password


Sunitha Kambhampati made changes - 01/Jun/05 04:17 AM
Status Open [ 1 ] Resolved [ 5 ]
Resolution Fixed [ 1 ]
Sunitha Kambhampati made changes - 05/Jun/05 01:44 AM
Status Resolved [ 5 ] Closed [ 6 ]

Powered by a free Atlassian JIRA open source license for Apache Software Foundation. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.2-#335) - Bug/feature request - Atlassian news - Contact Administrators