Bug #3494
case-sensitivity issue for ConnectionManager APIs with ldbname
100%
History
#1 Updated by Constantin Asofiei over 6 years ago
The ConnectionManager.userIds
and ConnectionManager.connectTimeUserid
maps have as keys a 'ldbname' value. All APIs which work with these two maps should be revised, because the current access is case-sensitive, and APIs like ConnectionManager.setCurrentUseridImpl
(which ends up being called from a setuserid(username, password, ldbname)
statement) don't verify the key for case-sensitivity.
#2 Updated by Constantin Asofiei over 6 years ago
From a previous email thread:
On 03/02/2018 10:52 PM, Eric Faulhaber wrote:
Constantin,
What is the context of this? Is there a Redmine issue associated? If so, please put this discussion there.
I'm not sure of the fix: shouldn't the userIds (and connectTimeUserid) rely on ConnectionManager.getLDBName(String) to resolve the received ldbname?
I'm not as familiar with the userId implementation as Ovidiu, but your suggestion makes sense to me.
Ovidiu: is it possible that we can be passed an alias OR a logical database name in all the userId methods that have ldbName as a parameter? Right now, the parameter is simply accepted as the key (i.e., assumed not to be an alias, not case-normalized).
Thanks,
EricOn 03/02/2018 03:06 PM, Constantin Asofiei wrote:
Eric,
I'm not sure of the fix: shouldn't the userIds (and connectTimeUserid) rely on ConnectionManager.getLDBName(String) to resolve the received ldbname?
Thanks,
ConstantinOn 03/02/2018 09:24 PM, Ovidiu Maxiniuc wrote:
Constantin,
Yes, this doesn't looks right. The userIds map should have a case-insensitive key-set because logical database names are also case insensitive.
Thanks,
OvidiuOn 03/02/2018 08:55 PM, Constantin Asofiei wrote:
Eric,
I've ended up with these in ConnectionManager.userIds, using a setuserid(username, password, "HOTEL") stmt:
{hotel="", HOTEL="uname"}
note how the keys are case-sensitive... is this correct?
Thanks,
Constantin
#3 Updated by Ovidiu Maxiniuc over 6 years ago
Constantin Asofiei wrote:
The
ConnectionManager.userIds
andConnectionManager.connectTimeUserid
maps have as keys a 'ldbname' value. All APIs which work with these two maps should be revised, because the current access is case-sensitive, and APIs likeConnectionManager.setCurrentUseridImpl
(which ends up being called from asetuserid(username, password, ldbname)
statement) don't verify the key for case-sensitivity.
Indeed, this looks like the logical dbname was not resolved before putting the values into the map. I did not checked the code but I guess that the setuserid()
is called with a physical / alias database name while the method expects a logical database name.
#4 Updated by Eric Faulhaber over 6 years ago
- Assignee set to Ovidiu Maxiniuc
Ovidiu, please go ahead and fix this in 3483a.
#5 Updated by Ovidiu Maxiniuc over 6 years ago
I believe I fixed case-sensitivity issue for ConnectionManager
. At the same time, I dropped the defaultDatabase
notion from MetadataSecurityOps
(and from directory) and I replaced it with a lookup over the connected databases. Also, the USERID
returns now ?
(unknown value) when unknown value is passed as argument.
Committed to 3483a as revision 11234.
#6 Updated by Eric Faulhaber over 6 years ago
- % Done changed from 0 to 100
- Status changed from New to Closed
Task branch 3483a was merged to trunk revision 11230.