Project

General

Profile

Bug #6555

SECURITY-POLICY:SET-CLIENT fails with an imported CLIENT-PRINCIPAL

Added by Constantin Asofiei about 2 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Igor Skornyakov
Target version:
-
Start date:
Due date:
% Done:

100%

billable:
No
vendor_id:
GCD
case_num:
version_reported:
version_resolved:

History

#2 Updated by Constantin Asofiei about 2 years ago

I don't have a standalone recreate, but in #6531 we have a scenario like this:
  • a CLIENT-PRINCIPAL is created, validated, sealed with a domain-access-code
  • the CLIENT-PRINCIPAL is exported to a raw variable
  • another CLIENT-PRINCIPAL is created and imported from the previous raw variable
  • SECURITY-POLICY:SET-CLIENT is called with the CLIENT-PRINCIPAL at the previous step - after it was imported, ClientPrincipal.domainAccessCode is null. This code:
       public static logical setClient(handle h)
   {
      ...
      Domain domain = registry.get(clientPrincipal.getDomainName().toStringMessage());
      switch (loginState)
      {
         ...
      case LOGIN:
         ...
         if (!clientPrincipal.validateDomainAccessCode(
                  "Session", domain.getAccessCode(), SealCallee.SET_CLIENT).booleanValue())
         {

fails validating the domain-access-code, as the imported ClientPrincipal.domainAccessCode is null.

Igor: please fix this.

#3 Updated by Igor Skornyakov about 2 years ago

Constantin Asofiei wrote:

I don't have a standalone recreate, but in #6531 we have a scenario like this:
  • a CLIENT-PRINCIPAL is created, validated, sealed with a domain-access-code
  • the CLIENT-PRINCIPAL is exported to a raw variable
  • another CLIENT-PRINCIPAL is created and imported from the previous raw variable
  • SECURITY-POLICY:SET-CLIENT is called with the CLIENT-PRINCIPAL at the previous step - after it was imported, ClientPrincipal.domainAccessCode is null. This code:
    [...]

fails validating the domain-access-code, as the imported ClientPrincipal.domainAccessCode is null.

Igor: please fix this.

OK. How urgent is this?
Thank you.

#4 Updated by Constantin Asofiei about 2 years ago

Igor Skornyakov wrote:

OK. How urgent is this?
Thank you.

If you can solve it early next week, is good.

#5 Updated by Igor Skornyakov about 2 years ago

Constantin Asofiei wrote:

Igor Skornyakov wrote:

OK. How urgent is this?
Thank you.

If you can solve it early next week, is good.

I see. Will try.
Thank you.

#6 Updated by Igor Skornyakov almost 2 years ago

Fixed revealed incompatibility - the database should not be locked on SET-CLIENT.
Committed to 3821c/ 14060.

#7 Updated by Igor Skornyakov almost 2 years ago

  • Status changed from New to WIP

#8 Updated by Igor Skornyakov almost 2 years ago

  • Status changed from WIP to Review

Fixed in 3821c/14065.

#9 Updated by Greg Shah almost 2 years ago

Constantin: Are you OK with the change?

Igor: Is there anything else to do in this task?

#10 Updated by Igor Skornyakov almost 2 years ago

Greg Shah wrote:

Igor: Is there anything else to do in this task?

I don't think so.

#11 Updated by Constantin Asofiei almost 2 years ago

  • Status changed from Review to Closed

Greg Shah wrote:

Constantin: Are you OK with the change?

The changes are OK and solves the #6531 problem. I'm closing it.

#12 Updated by Constantin Asofiei almost 2 years ago

  • % Done changed from 0 to 100

Also available in: Atom PDF