FWD » Bugs

The ConnectionManager.userIds and ConnectionManager.connectTimeUserid maps have as keys a 'ldbname' value. All APIs which work with these two maps should be revised, because the current access is case-sensitive, and APIs like ConnectionManager.setCurrentUseridImpl (which ends up being called from a setuserid(username, password, ldbname) statement) don't verify the key for case-sensitivity.

From a previous email thread:

On 03/02/2018 10:52 PM, Eric Faulhaber wrote:

Constantin,

What is the context of this? Is there a Redmine issue associated? If so, please put this discussion there.

I'm not sure of the fix: shouldn't the userIds (and connectTimeUserid) rely on ConnectionManager.getLDBName(String) to resolve the received ldbname?

I'm not as familiar with the userId implementation as Ovidiu, but your suggestion makes sense to me.

Ovidiu: is it possible that we can be passed an alias OR a logical database name in all the userId methods that have ldbName as a parameter? Right now, the parameter is simply accepted as the key (i.e., assumed not to be an alias, not case-normalized).

Thanks,
Eric

On 03/02/2018 03:06 PM, Constantin Asofiei wrote:

Eric,

I'm not sure of the fix: shouldn't the userIds (and connectTimeUserid) rely on ConnectionManager.getLDBName(String) to resolve the received ldbname?

Thanks,
Constantin

On 03/02/2018 09:24 PM, Ovidiu Maxiniuc wrote:

Constantin,

Yes, this doesn't looks right. The userIds map should have a case-insensitive key-set because logical database names are also case insensitive.

Thanks,
Ovidiu

On 03/02/2018 08:55 PM, Constantin Asofiei wrote:

Eric,

I've ended up with these in ConnectionManager.userIds, using a setuserid(username, password, "HOTEL") stmt:

{hotel="", HOTEL="uname"}

note how the keys are case-sensitive... is this correct?

Thanks,

Constantin

Constantin Asofiei wrote:

The ConnectionManager.userIds and ConnectionManager.connectTimeUserid maps have as keys a 'ldbname' value. All APIs which work with these two maps should be revised, because the current access is case-sensitive, and APIs like ConnectionManager.setCurrentUseridImpl (which ends up being called from a setuserid(username, password, ldbname) statement) don't verify the key for case-sensitivity.

Indeed, this looks like the logical dbname was not resolved before putting the values into the map. I did not checked the code but I guess that the setuserid() is called with a physical / alias database name while the method expects a logical database name.

I believe I fixed case-sensitivity issue for ConnectionManager. At the same time, I dropped the defaultDatabase notion from MetadataSecurityOps (and from directory) and I replaced it with a lookup over the connected databases. Also, the USERID returns now ? (unknown value) when unknown value is passed as argument.

Committed to 3483a as revision 11234.