php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #32988 ext/oci8: OCI doesn't support DB external authentication
Submitted: 2005-05-09 17:00 UTC Modified: 2005-09-08 11:50 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: stephane dot dekeyzer at kmi dot be Assigned:
Status: Closed Package: Feature/Change Request
PHP Version: 5.0.4 OS: Any
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: stephane dot dekeyzer at kmi dot be
New email:
PHP Version: OS:

 

 [2005-05-09 17:00 UTC] stephane dot dekeyzer at kmi dot be 
Description:
------------
OCILogon, OCIPLogon, doesn't support external authentication to the database ...

I know this a ecurity hole if you use php with apache, but when you use it in scripting mode, it is very usefull, and itsn't a security breach.

I met Christopher Jones last week at the PHP conference in Amsterdam who agreed and asked me to post this bug so OCI developpers can discuss about it.

It would a be a good idea when php runs without apache, external authentication would be allowed.

I have a modification of the oci8.c wich support external authentication, just mail me if you want to have it !

Reproduce code:
---------------
$conn = OCILogon("", "", mydb); // should work
$conn = OCILogon("/", "", mydb); // should also work
$conn = OCILogon(null, null, mydb); // should also work

Expected result:
----------------
$conn = OCILogon(null, null, mydb); // should work and log me in as the os user curently running the script


Actual result:
--------------
$conn = OCILogon(null, null, mydb); // gives an error.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-05-10 17:51 UTC] wez@php.net 
Please post your patch online somewhere as a unified diff against CVS HEAD, and paste the link to that diff into this bug report; thanks :)
 [2005-05-11 11:07 UTC] stephane dot dekeyzer at kmi dot be 
simplified version:

if(external authentication){
  do ext authentication
}
else{
  do login/password authentication
}

after line 2819, here a re my new lines:

  if(strcmp(username, "/") == 0 && strlen(password) == 0 ||
     strlen(username) == 0      && strlen(password) == 0){
  	/* doing external authentication (OCI_CRED_EXT) */
  	CALL_OCI_RETURN(OCI(error),
  		OCISessionBegin(
  			svchp, 
  			OCI(pError), 
  			session->pSession, 
  			(ub4) OCI_CRED_EXT, 
  			(ub4) OCI_DEFAULT
  		)
  	);
  }
  else {

  	/* set the username in user handle */
  	CALL_OCI_RETURN(OCI(error),
  		OCIAttrSet(
  			(dvoid *) session->pSession, 
  			(ub4) OCI_HTYPE_SESSION, 
  			(dvoid *) username, 
  			(ub4) strlen(username), 
  			(ub4) OCI_ATTR_USERNAME, 
  			OCI(pError)
  		)
  	);
  
  	if (OCI(error) != OCI_SUCCESS) {
  		oci_error(OCI(pError), "OCIAttrSet OCI_ATTR_USERNAME", OCI(error));
  		goto CLEANUP;
  	}
  
  	/* set the password in user handle */
  	CALL_OCI_RETURN(OCI(error),
  		OCIAttrSet(
  			(dvoid *) session->pSession, 
  			(ub4) OCI_HTYPE_SESSION, 
  			(dvoid *) password, 
  			(ub4) strlen(password), 
  			(ub4) OCI_ATTR_PASSWORD, 
  			OCI(pError)
  		)
  	);
  
  	if (OCI(error) != OCI_SUCCESS) {
  		oci_error(OCI(pError), "OCIAttrSet OCI_ATTR_PASSWORD", OCI(error));
  		goto CLEANUP;
  	}
  
  	
  	CALL_OCI_RETURN(OCI(error),
  		OCISessionBegin(
  			svchp, 
  			OCI(pError), 
  			session->pSession, 
  			(ub4) OCI_CRED_RDBMS, 
  			(ub4) OCI_DEFAULT
  		)
  	);
	}
 [2005-09-08 11:50 UTC] tony2001@php.net 
The bug has been fixed in OCI8 v.1.1, which is available in CVS HEAD and PECL (use `pear install oci8-beta` to install it).
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Jul 17 14:04:04 2025 UTC