Bug #6555
SECURITY-POLICY:SET-CLIENT fails with an imported CLIENT-PRINCIPAL
100%
History
#2 Updated by Constantin Asofiei about 2 years ago
- a
CLIENT-PRINCIPAL
is created, validated, sealed with a domain-access-code - the
CLIENT-PRINCIPAL
is exported to a raw variable - another
CLIENT-PRINCIPAL
is created and imported from the previous raw variable SECURITY-POLICY:SET-CLIENT
is called with theCLIENT-PRINCIPAL
at the previous step - after it was imported,ClientPrincipal.domainAccessCode
is null. This code:public static logical setClient(handle h) { ... Domain domain = registry.get(clientPrincipal.getDomainName().toStringMessage()); switch (loginState) { ... case LOGIN: ... if (!clientPrincipal.validateDomainAccessCode( "Session", domain.getAccessCode(), SealCallee.SET_CLIENT).booleanValue()) {
fails validating the domain-access-code, as the imported ClientPrincipal.domainAccessCode
is null.
Igor: please fix this.
#3 Updated by Igor Skornyakov about 2 years ago
Constantin Asofiei wrote:
I don't have a standalone recreate, but in #6531 we have a scenario like this:
- a
CLIENT-PRINCIPAL
is created, validated, sealed with a domain-access-code- the
CLIENT-PRINCIPAL
is exported to a raw variable- another
CLIENT-PRINCIPAL
is created and imported from the previous raw variableSECURITY-POLICY:SET-CLIENT
is called with theCLIENT-PRINCIPAL
at the previous step - after it was imported,ClientPrincipal.domainAccessCode
is null. This code:
[...]fails validating the domain-access-code, as the imported
ClientPrincipal.domainAccessCode
is null.Igor: please fix this.
OK. How urgent is this?
Thank you.
#4 Updated by Constantin Asofiei about 2 years ago
Igor Skornyakov wrote:
OK. How urgent is this?
Thank you.
If you can solve it early next week, is good.
#5 Updated by Igor Skornyakov about 2 years ago
Constantin Asofiei wrote:
Igor Skornyakov wrote:
OK. How urgent is this?
Thank you.If you can solve it early next week, is good.
I see. Will try.
Thank you.
#6 Updated by Igor Skornyakov almost 2 years ago
Fixed revealed incompatibility - the database should not be locked on SET-CLIENT
.
Committed to 3821c/ 14060.
#7 Updated by Igor Skornyakov almost 2 years ago
- Status changed from New to WIP
#8 Updated by Igor Skornyakov almost 2 years ago
- Status changed from WIP to Review
Fixed in 3821c/14065.
#9 Updated by Greg Shah almost 2 years ago
Constantin: Are you OK with the change?
Igor: Is there anything else to do in this task?
#10 Updated by Igor Skornyakov almost 2 years ago
Greg Shah wrote:
Igor: Is there anything else to do in this task?
I don't think so.
#11 Updated by Constantin Asofiei almost 2 years ago
- Status changed from Review to Closed
Greg Shah wrote:
Constantin: Are you OK with the change?
The changes are OK and solves the #6531 problem. I'm closing it.
#12 Updated by Constantin Asofiei almost 2 years ago
- % Done changed from 0 to 100