Derby
  1. Derby
  2. DERBY-926

Protocol error when trying to connect with an unsupported security mechanism

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Minor Minor
    • Resolution: Unresolved
    • Affects Version/s: 10.0.2.0, 10.0.2.1, 10.0.2.2, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6
    • Fix Version/s: None
    • Environment:
      all
    • Urgency:
      Normal

      Description

      1) Start network server on port
      2) In ij, try to connect using the securityMechanism=12

      ij(CONNECTION2)> connect 'testdb;create=true;securityMechanism=12;user=sa;password=p1';
      ERROR 58009: Execution failed due to a distribution protocol error that caused deallocation of the conversation. A PROTOCOL Data Stream Syntax Error was detected. Reason: 0x12

        Issue Links

          Activity

          Hide
          Rick Hillegas added a comment -

          Triaged for 10.5.3: assigned normal urgency.

          Show
          Rick Hillegas added a comment - Triaged for 10.5.3: assigned normal urgency.
          Hide
          Francois Orsini added a comment -

          Assigning this to me as well as I have made the changes as part of DERBY-1517. Am linking it to #1517.

          Show
          Francois Orsini added a comment - Assigning this to me as well as I have made the changes as part of DERBY-1517 . Am linking it to #1517.
          Hide
          Sunitha Kambhampati added a comment -

          Per the DDM manual , pg 52 for ACCSEC.
          The normal response to the ACCSEC command is
          ACCSECRD (SECMEC (value

          {value..}

          )
          "if the target server supports the SECMEC value requested by the source server, then a single value is returned for SECMEC and is identical to the secmec value send in the ACCSEC command.
          but if the target server does not support the secmec requested by the source server, then only one or more values in SECMEC are returned. "

          Currently in the network server, if the security mechanism is not supported, 3 SECMECs are sent with the supported security mechanisms.
          see : DRDAConnThread.writeACCSECRD.
          .....
          writer.writeScalar2Bytes(CodePoint.SECMEC, CodePoint.SECMEC_USRIDPWD);
          writer.writeScalar2Bytes(CodePoint.SECMEC, CodePoint.SECMEC_EUSRIDPWD);
          writer.writeScalar2Bytes(CodePoint.SECMEC, CodePoint.SECMEC_USRIDONL);

          This needs to be changed to send one SECMEC with a list of secmec values.

          Show
          Sunitha Kambhampati added a comment - Per the DDM manual , pg 52 for ACCSEC. The normal response to the ACCSEC command is ACCSECRD (SECMEC (value {value..} ) "if the target server supports the SECMEC value requested by the source server, then a single value is returned for SECMEC and is identical to the secmec value send in the ACCSEC command. but if the target server does not support the secmec requested by the source server, then only one or more values in SECMEC are returned. " Currently in the network server, if the security mechanism is not supported, 3 SECMECs are sent with the supported security mechanisms. see : DRDAConnThread.writeACCSECRD. ..... writer.writeScalar2Bytes(CodePoint.SECMEC, CodePoint.SECMEC_USRIDPWD); writer.writeScalar2Bytes(CodePoint.SECMEC, CodePoint.SECMEC_EUSRIDPWD); writer.writeScalar2Bytes(CodePoint.SECMEC, CodePoint.SECMEC_USRIDONL); This needs to be changed to send one SECMEC with a list of secmec values.

            People

            • Assignee:
              Unassigned
              Reporter:
              Sunitha Kambhampati
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:

                Development