ID: 32988
User updated by: stephane dot dekeyzer at kmi dot be
Reported By: stephane dot dekeyzer at kmi dot be
-Status: Feedback
+Status: Open
Bug Type: Feature/Change Request
Operating System: Any
PHP Version: 5.0.4
New Comment:
simplified version:
if(external authentication){
do ext authentication
}
else{
do login/password authentication
}
after line 2819, here a re my new lines:
if(strcmp(username, "/") == 0 && strlen(password) == 0 ||
strlen(username) == 0 && strlen(password) == 0){
/* doing external authentication (OCI_CRED_EXT) */
CALL_OCI_RETURN(OCI(error),
OCISessionBegin(
svchp,
OCI(pError),
session->pSession,
(ub4) OCI_CRED_EXT,
(ub4) OCI_DEFAULT
)
);
}
else {
/* set the username in user handle */
CALL_OCI_RETURN(OCI(error),
OCIAttrSet(
(dvoid *) session->pSession,
(ub4) OCI_HTYPE_SESSION,
(dvoid *) username,
(ub4) strlen(username),
(ub4) OCI_ATTR_USERNAME,
OCI(pError)
)
);
if (OCI(error) != OCI_SUCCESS) {
oci_error(OCI(pError), "OCIAttrSet OCI_ATTR_USERNAME",
OCI(error));
goto CLEANUP;
}
/* set the password in user handle */
CALL_OCI_RETURN(OCI(error),
OCIAttrSet(
(dvoid *) session->pSession,
(ub4) OCI_HTYPE_SESSION,
(dvoid *) password,
(ub4) strlen(password),
(ub4) OCI_ATTR_PASSWORD,
OCI(pError)
)
);
if (OCI(error) != OCI_SUCCESS) {
oci_error(OCI(pError), "OCIAttrSet OCI_ATTR_PASSWORD",
OCI(error));
goto CLEANUP;
}
CALL_OCI_RETURN(OCI(error),
OCISessionBegin(
svchp,
OCI(pError),
session->pSession,
(ub4) OCI_CRED_RDBMS,
(ub4) OCI_DEFAULT
)
);
}
Previous Comments:
------------------------------------------------------------------------
[2005-05-10 17:51:57] [EMAIL PROTECTED]
Please post your patch online somewhere as a unified diff against CVS
HEAD, and paste the link to that diff into this bug report; thanks :)
------------------------------------------------------------------------
[2005-05-09 17:00:26] stephane dot dekeyzer at kmi dot be
Description:
------------
OCILogon, OCIPLogon, doesn't support external authentication to the
database ...
I know this a ecurity hole if you use php with apache, but when you use
it in scripting mode, it is very usefull, and itsn't a security breach.
I met Christopher Jones last week at the PHP conference in Amsterdam
who agreed and asked me to post this bug so OCI developpers can discuss
about it.
It would a be a good idea when php runs without apache, external
authentication would be allowed.
I have a modification of the oci8.c wich support external
authentication, just mail me if you want to have it !
Reproduce code:
---------------
$conn = OCILogon("", "", mydb); // should work
$conn = OCILogon("/", "", mydb); // should also work
$conn = OCILogon(null, null, mydb); // should also work
Expected result:
----------------
$conn = OCILogon(null, null, mydb); // should work and log me in as the
os user curently running the script
Actual result:
--------------
$conn = OCILogon(null, null, mydb); // gives an error.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=32988&edit=1
