Subject | Direct Client and authentication |
---|---|
Author | Goedhart, Andrew |
Post date | 2001-12-03T08:20:20Z |
Had a look at the configuration XML script posted in the jboss documentation
as a sample for configuring the dirver
It has the following attributes:
<attribute name="PrincipalMappingProperties">UserName=sysdba
Password=masterkey</attribute>
However this don't seem to work. When tryig it on windows 2000 at home I get
Invalid user name and password
Had a deeper loook at the source code of org.firebirdsql.jgds.gds_impl where
the connection to the database is being made and the the GDSException thrown
As far as I can tell the method responsible for actually making the
connection is the following bit of code in the private method connect.
//Here we identify the user to the engine. This may or may not
be used
//as login info to a database.
String user = System.getProperty("user.name");
if (debug) {System.out.println("user.name: " + user);}
String host = InetAddress.getLocalHost().getHostName();
byte[] user_id = new byte[200];
int n = 0;
user_id[n++] = 1; // CNCT_user
user_id[n++] = (byte) user.length();
System.arraycopy(user.getBytes(), 0, user_id, n, user.length());
n += user.length();
/* String passwd = "masterkey";
user_id[n++] = 2; // CNCT_passwd
user_id[n++] = (byte) passwd.length();
System.arraycopy(passwd.getBytes(), 0, user_id, n,
passwd.length());
n += passwd.length();*/
user_id[n++] = 4; // CNCT_host
user_id[n++] = (byte) host.length();
System.arraycopy(host.getBytes(), 0, user_id, n, host.length());
n += host.length();
//user_id[n++] = 6; // CNCT_user_verification
//user_id[n++] = 0;
It seems the driver is ignoring the entries in the configuration file and
using system.getProperty("user.name"). A hard coded password of masterkey
has been commented out.
Is there any version of the file somewhere (David this is where you
hopefully say yes ;-) or do I have to try and get my mind around security in
the murkey world of Connectors :-(.
if I do do a fix how do i get it into CVS, I don't have any access other
then via the Html web interface. I ftp'd the files one at a time. Do I post
it here and hope that some one will put it into CVS for me ?
By the way has anyone got any pointers as to where I could find the
properties and extract the that where set in the configuration file. (I
suppose thats where the work lies, oh well )
Hope to hear from someone. I don't want to do uneccessary work but as the
authentication stands, the dirver cannot be used under Windows. Under linux
where the database deferes authentication to the operating systemyes, but
connectiong from windows no.
Andrew
(A developer from Sunny South Africa)
as a sample for configuring the dirver
It has the following attributes:
<attribute name="PrincipalMappingProperties">UserName=sysdba
Password=masterkey</attribute>
However this don't seem to work. When tryig it on windows 2000 at home I get
Invalid user name and password
Had a deeper loook at the source code of org.firebirdsql.jgds.gds_impl where
the connection to the database is being made and the the GDSException thrown
As far as I can tell the method responsible for actually making the
connection is the following bit of code in the private method connect.
//Here we identify the user to the engine. This may or may not
be used
//as login info to a database.
String user = System.getProperty("user.name");
if (debug) {System.out.println("user.name: " + user);}
String host = InetAddress.getLocalHost().getHostName();
byte[] user_id = new byte[200];
int n = 0;
user_id[n++] = 1; // CNCT_user
user_id[n++] = (byte) user.length();
System.arraycopy(user.getBytes(), 0, user_id, n, user.length());
n += user.length();
/* String passwd = "masterkey";
user_id[n++] = 2; // CNCT_passwd
user_id[n++] = (byte) passwd.length();
System.arraycopy(passwd.getBytes(), 0, user_id, n,
passwd.length());
n += passwd.length();*/
user_id[n++] = 4; // CNCT_host
user_id[n++] = (byte) host.length();
System.arraycopy(host.getBytes(), 0, user_id, n, host.length());
n += host.length();
//user_id[n++] = 6; // CNCT_user_verification
//user_id[n++] = 0;
It seems the driver is ignoring the entries in the configuration file and
using system.getProperty("user.name"). A hard coded password of masterkey
has been commented out.
Is there any version of the file somewhere (David this is where you
hopefully say yes ;-) or do I have to try and get my mind around security in
the murkey world of Connectors :-(.
if I do do a fix how do i get it into CVS, I don't have any access other
then via the Html web interface. I ftp'd the files one at a time. Do I post
it here and hope that some one will put it into CVS for me ?
By the way has anyone got any pointers as to where I could find the
properties and extract the that where set in the configuration file. (I
suppose thats where the work lies, oh well )
Hope to hear from someone. I don't want to do uneccessary work but as the
authentication stands, the dirver cannot be used under Windows. Under linux
where the database deferes authentication to the operating systemyes, but
connectiong from windows no.
Andrew
(A developer from Sunny South Africa)