php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #32988 ext/oci8: OCI doesn't support DB external authentication
Submitted: 2005-05-09 17:00 UTC Modified: 2005-09-08 11:50 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: stephane dot dekeyzer at kmi dot be Assigned:
Status: Closed Package: Feature/Change Request
PHP Version: 5.0.4 OS: Any
Private report: No CVE-ID: None
View Developer Edit
 [2005-05-09 17:00 UTC] stephane dot dekeyzer at kmi dot be 
Description:
------------
OCILogon, OCIPLogon, doesn't support external authentication to the database ...

I know this a ecurity hole if you use php with apache, but when you use it in scripting mode, it is very usefull, and itsn't a security breach.

I met Christopher Jones last week at the PHP conference in Amsterdam who agreed and asked me to post this bug so OCI developpers can discuss about it.

It would a be a good idea when php runs without apache, external authentication would be allowed.

I have a modification of the oci8.c wich support external authentication, just mail me if you want to have it !

Reproduce code:
---------------
$conn = OCILogon("", "", mydb); // should work
$conn = OCILogon("/", "", mydb); // should also work
$conn = OCILogon(null, null, mydb); // should also work

Expected result:
----------------
$conn = OCILogon(null, null, mydb); // should work and log me in as the os user curently running the script


Actual result:
--------------
$conn = OCILogon(null, null, mydb); // gives an error.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-05-10 17:51 UTC] wez@php.net 
Please post your patch online somewhere as a unified diff against CVS HEAD, and paste the link to that diff into this bug report; thanks :)
 [2005-05-11 11:07 UTC] stephane dot dekeyzer at kmi dot be 
simplified version:

if(external authentication){
  do ext authentication
}
else{
  do login/password authentication
}

after line 2819, here a re my new lines:

  if(strcmp(username, "/") == 0 && strlen(password) == 0 ||
     strlen(username) == 0      && strlen(password) == 0){
  	/* doing external authentication (OCI_CRED_EXT) */
  	CALL_OCI_RETURN(OCI(error),
  		OCISessionBegin(
  			svchp, 
  			OCI(pError), 
  			session->pSession, 
  			(ub4) OCI_CRED_EXT, 
  			(ub4) OCI_DEFAULT
  		)
  	);
  }
  else {

  	/* set the username in user handle */
  	CALL_OCI_RETURN(OCI(error),
  		OCIAttrSet(
  			(dvoid *) session->pSession, 
  			(ub4) OCI_HTYPE_SESSION, 
  			(dvoid *) username, 
  			(ub4) strlen(username), 
  			(ub4) OCI_ATTR_USERNAME, 
  			OCI(pError)
  		)
  	);
  
  	if (OCI(error) != OCI_SUCCESS) {
  		oci_error(OCI(pError), "OCIAttrSet OCI_ATTR_USERNAME", OCI(error));
  		goto CLEANUP;
  	}
  
  	/* set the password in user handle */
  	CALL_OCI_RETURN(OCI(error),
  		OCIAttrSet(
  			(dvoid *) session->pSession, 
  			(ub4) OCI_HTYPE_SESSION, 
  			(dvoid *) password, 
  			(ub4) strlen(password), 
  			(ub4) OCI_ATTR_PASSWORD, 
  			OCI(pError)
  		)
  	);
  
  	if (OCI(error) != OCI_SUCCESS) {
  		oci_error(OCI(pError), "OCIAttrSet OCI_ATTR_PASSWORD", OCI(error));
  		goto CLEANUP;
  	}
  
  	
  	CALL_OCI_RETURN(OCI(error),
  		OCISessionBegin(
  			svchp, 
  			OCI(pError), 
  			session->pSession, 
  			(ub4) OCI_CRED_RDBMS, 
  			(ub4) OCI_DEFAULT
  		)
  	);
	}
 [2005-09-08 11:50 UTC] tony2001@php.net 
The bug has been fixed in OCI8 v.1.1, which is available in CVS HEAD and PECL (use `pear install oci8-beta` to install it).
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Jul 17 14:04:04 2025 UTC