Example 1 with UserDescriptor
use of org.apache.derby.iapi.sql.dictionary.UserDescriptor in project derby by apache.
the class SystemProcedures method addUser.
/**
* Create a new user (this entry is called when bootstrapping the credentials of the DBO
* at database creation time.
*/
public static void addUser(String userName, String password, TransactionController tc) throws SQLException {
//
try {
LanguageConnectionContext lcc = ConnectionUtil.getCurrentLCC();
DataDictionary dd = lcc.getDataDictionary();
/*
** Inform the data dictionary that we are about to write to it.
** There are several calls to data dictionary "get" methods here
** that might be done in "read" mode in the data dictionary, but
** it seemed safer to do this whole operation in "write" mode.
**
** We tell the data dictionary we're done writing at the end of
** the transaction.
*/
dd.startWriting(lcc);
UserDescriptor userDescriptor = makeUserDescriptor(dd, tc, userName, password);
dd.addDescriptor(userDescriptor, null, DataDictionary.SYSUSERS_CATALOG_NUM, false, tc);
// turn on NATIVE::LOCAL authentication
if (dd.getAuthorizationDatabaseOwner().equals(userName)) {
tc.setProperty(Property.AUTHENTICATION_PROVIDER_PARAMETER, Property.AUTHENTICATION_PROVIDER_NATIVE_LOCAL, true);
}
} catch (StandardException se) {
throw PublicAPI.wrapStandardException(se);
}
}
Also used :
StandardException(org.apache.derby.shared.common.error.StandardException)
LanguageConnectionContext(org.apache.derby.iapi.sql.conn.LanguageConnectionContext)
DataDictionary(org.apache.derby.iapi.sql.dictionary.DataDictionary)
UserDescriptor(org.apache.derby.iapi.sql.dictionary.UserDescriptor)
Example 2 with UserDescriptor
use of org.apache.derby.iapi.sql.dictionary.UserDescriptor in project derby by apache.
the class SystemProcedures method makeUserDescriptor.
private static UserDescriptor makeUserDescriptor(DataDictionary dd, TransactionController tc, String userName, String password) throws StandardException {
DataDescriptorGenerator ddg = dd.getDataDescriptorGenerator();
PasswordHasher hasher = dd.makePasswordHasher(tc.getProperties());
if (hasher == null) {
throw StandardException.newException(SQLState.WEAK_AUTHENTICATION);
}
String hashingScheme = hasher.encodeHashingScheme();
String hashedPassword = hasher.hashPasswordIntoString(userName, password);
Timestamp currentTimestamp = new Timestamp((new java.util.Date()).getTime());
UserDescriptor userDescriptor = ddg.newUserDescriptor(userName, hashingScheme, hashedPassword.toCharArray(), currentTimestamp);
return userDescriptor;
}
Also used :
DataDescriptorGenerator(org.apache.derby.iapi.sql.dictionary.DataDescriptorGenerator)
PasswordHasher(org.apache.derby.iapi.sql.dictionary.PasswordHasher)
Timestamp(java.sql.Timestamp)
UserDescriptor(org.apache.derby.iapi.sql.dictionary.UserDescriptor)
Example 3 with UserDescriptor
use of org.apache.derby.iapi.sql.dictionary.UserDescriptor in project derby by apache.
the class SystemProcedures method resetAuthorizationIDPassword.
/**
* Reset the password for an already normalized authorization id.
*/
private static void resetAuthorizationIDPassword(String userName, String password) throws SQLException {
try {
LanguageConnectionContext lcc = ConnectionUtil.getCurrentLCC();
DataDictionary dd = lcc.getDataDictionary();
TransactionController tc = lcc.getTransactionExecute();
checkLegalUser(dd, userName);
/*
** Inform the data dictionary that we are about to write to it.
** There are several calls to data dictionary "get" methods here
** that might be done in "read" mode in the data dictionary, but
** it seemed safer to do this whole operation in "write" mode.
**
** We tell the data dictionary we're done writing at the end of
** the transaction.
*/
dd.startWriting(lcc);
UserDescriptor userDescriptor = makeUserDescriptor(dd, tc, userName, password);
dd.updateUser(userDescriptor, tc);
} catch (StandardException se) {
throw PublicAPI.wrapStandardException(se);
}
}
Also used :
StandardException(org.apache.derby.shared.common.error.StandardException)
LanguageConnectionContext(org.apache.derby.iapi.sql.conn.LanguageConnectionContext)
DataDictionary(org.apache.derby.iapi.sql.dictionary.DataDictionary)
TransactionController(org.apache.derby.iapi.store.access.TransactionController)
UserDescriptor(org.apache.derby.iapi.sql.dictionary.UserDescriptor)
Example 4 with UserDescriptor
use of org.apache.derby.iapi.sql.dictionary.UserDescriptor in project derby by apache.
the class AuthenticationServiceBase method validate.
/**
* @see PropertySetCallback#validate
*/
public boolean validate(String key, Serializable value, Dictionary p) throws StandardException {
// user password properties need to be remapped. nothing else needs remapping.
if (key.startsWith(org.apache.derby.shared.common.reference.Property.USER_PROPERTY_PREFIX)) {
return true;
}
String stringValue = (String) value;
boolean settingToNativeLocal = Property.AUTHENTICATION_PROVIDER_NATIVE_LOCAL.equals(stringValue);
if (Property.AUTHENTICATION_PROVIDER_PARAMETER.equals(key)) {
// NATIVE + LOCAL is the only value of this property which can be persisted
if ((stringValue != null) && (stringValue.startsWith(Property.AUTHENTICATION_PROVIDER_NATIVE)) && !settingToNativeLocal) {
throw StandardException.newException(SQLState.PROPERTY_DBO_LACKS_CREDENTIALS);
}
// once set to NATIVE authentication, you can't change it
String oldValue = (String) p.get(Property.AUTHENTICATION_PROVIDER_PARAMETER);
if ((oldValue != null) && oldValue.startsWith(Property.AUTHENTICATION_PROVIDER_NATIVE)) {
throw StandardException.newException(SQLState.PROPERTY_CANT_UNDO_NATIVE);
}
// because you can't store credentials in a pre-10.9 database.
if (settingToNativeLocal) {
DataDictionary dd = getDataDictionary();
String dbo = dd.getAuthorizationDatabaseOwner();
UserDescriptor userCredentials = dd.getUser(dbo);
if (userCredentials == null) {
throw StandardException.newException(SQLState.PROPERTY_DBO_LACKS_CREDENTIALS);
}
}
}
if (Property.AUTHENTICATION_NATIVE_PASSWORD_LIFETIME.equals(key)) {
if (parsePasswordLifetime(stringValue) == null) {
throw StandardException.newException(SQLState.BAD_PASSWORD_LIFETIME, Property.AUTHENTICATION_NATIVE_PASSWORD_LIFETIME);
}
}
if (Property.AUTHENTICATION_PASSWORD_EXPIRATION_THRESHOLD.equals(key)) {
if (parsePasswordThreshold(stringValue) == null) {
throw StandardException.newException(SQLState.BAD_PASSWORD_LIFETIME, Property.AUTHENTICATION_PASSWORD_EXPIRATION_THRESHOLD);
}
}
return false;
}
Also used :
DataDictionary(org.apache.derby.iapi.sql.dictionary.DataDictionary)
UserDescriptor(org.apache.derby.iapi.sql.dictionary.UserDescriptor)
Example 5 with UserDescriptor
use of org.apache.derby.iapi.sql.dictionary.UserDescriptor in project derby by apache.
the class SYSUSERSRowFactory method buildDescriptor.
// /////////////////////////////////////////////////////////////////////////
//
// ABSTRACT METHODS TO BE IMPLEMENTED BY CHILDREN OF CatalogRowFactory
//
// /////////////////////////////////////////////////////////////////////////
/**
* Make a descriptor out of a SYSUSERS row. The password column in the
* row will be zeroed out.
*
* @param row a row
* @param parentTupleDescriptor Null for this kind of descriptor.
* @param dd dataDictionary
*
* @return a descriptor equivalent to a row
*
* @exception StandardException thrown on failure
*/
public TupleDescriptor buildDescriptor(ExecRow row, TupleDescriptor parentTupleDescriptor, DataDictionary dd) throws StandardException {
if (SanityManager.DEBUG) {
if (row.nColumns() != SYSUSERS_COLUMN_COUNT) {
SanityManager.THROWASSERT("Wrong number of columns for a SYSUSERS row: " + row.nColumns());
}
}
DataDescriptorGenerator ddg = dd.getDataDescriptorGenerator();
String userName;
String hashingScheme;
char[] password = null;
Timestamp lastModified;
DataValueDescriptor col;
SQLVarchar passwordCol = null;
UserDescriptor result;
try {
/* 1st column is USERNAME */
col = row.getColumn(USERNAME_COL_NUM);
userName = col.getString();
/* 2nd column is HASHINGSCHEME */
col = row.getColumn(HASHINGSCHEME_COL_NUM);
hashingScheme = col.getString();
/* 3nd column is PASSWORD */
passwordCol = (SQLVarchar) row.getColumn(PASSWORD_COL_NUM);
password = passwordCol.getRawDataAndZeroIt();
/* 4th column is LASTMODIFIED */
col = row.getColumn(LASTMODIFIED_COL_NUM);
lastModified = col.getTimestamp(new java.util.GregorianCalendar());
result = ddg.newUserDescriptor(userName, hashingScheme, password, lastModified);
} finally {
// zero out the password so that it can't be memory-sniffed
if (password != null) {
Arrays.fill(password, (char) 0);
}
if (passwordCol != null) {
passwordCol.zeroRawData();
}
}
return result;
}
Also used :
DataDescriptorGenerator(org.apache.derby.iapi.sql.dictionary.DataDescriptorGenerator)
DataValueDescriptor(org.apache.derby.iapi.types.DataValueDescriptor)
SQLVarchar(org.apache.derby.iapi.types.SQLVarchar)
SQLTimestamp(org.apache.derby.iapi.types.SQLTimestamp)
Timestamp(java.sql.Timestamp)
UserDescriptor(org.apache.derby.iapi.sql.dictionary.UserDescriptor)
Aggregations
UserDescriptor (org.apache.derby.iapi.sql.dictionary.UserDescriptor)7
DataDictionary (org.apache.derby.iapi.sql.dictionary.DataDictionary)4
Timestamp (java.sql.Timestamp)3
LanguageConnectionContext (org.apache.derby.iapi.sql.conn.LanguageConnectionContext)2
DataDescriptorGenerator (org.apache.derby.iapi.sql.dictionary.DataDescriptorGenerator)2
PasswordHasher (org.apache.derby.iapi.sql.dictionary.PasswordHasher)2
TransactionController (org.apache.derby.iapi.store.access.TransactionController)2
SQLTimestamp (org.apache.derby.iapi.types.SQLTimestamp)2
SQLVarchar (org.apache.derby.iapi.types.SQLVarchar)2
StandardException (org.apache.derby.shared.common.error.StandardException)2
ExecRow (org.apache.derby.iapi.sql.execute.ExecRow)1
DataValueDescriptor (org.apache.derby.iapi.types.DataValueDescriptor)1
