php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #36820 Privileged connection with an Oracle password file fails
Submitted: 2006-03-22 04:53 UTC Modified: 2006-03-22 10:46 UTC
From: cjbj at hotmail dot com Assigned: tony2001
Status: Closed Package: OCI8 related
PHP Version: 5.1.2 OS: Linux
Private report: No CVE-ID:
 [2006-03-22 04:53 UTC] cjbj at hotmail dot com
Description:
------------
When oci_connect() uses OCI_SYSDBA or OCI_SYSOPER, oci8.c always calls
OCISessionBegin() with OCI_CRED_EXT.  This needs to be changed to
OCI_CRED_RDBMS in some cases so privileged connections can be
authenticated by an Oracle password file.

When OCI_SYSDBA or OCI_SYSOPER are specified:
    if the username is "/" and there is no password then
	the credential should be OCI_CRED_EXT
    else
	the credential should be OCI_CRED_RDBMS

There are two success cases of interest:

Case 1: oci8.c should use OCI_CRED_EXT.

  Connect succeds if the process running PHP is in Oracle's OS dba
  group and the DB is "local" i.e on the same host and specified by
  ORACLE_SID environment variable.  Otherwise connection will fail.

      oci_connect("/", "", NULL, OCI_SYSDBA);

Case 2: oci8.c should use OCI_CRED_RDBMS.

  Connect succeeds if the user is in Oracle's password file.  The DB
  can be on a remote host.

      // Note DB name could be NULL.
      oci_connect("un", "pw", "MYSID", OCI_SYSDBA);

Note: the php.ini parameter oci8.privileged_connect must be true for
PHP to allow OCI_SYSDBA or OCI_SYSOPER connections.


Actual result:
--------------
Currently case 2 gives ORA-01031: insufficient privileges in test.php on line 3.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-03-22 10:46 UTC] tony2001@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 16 16:02:23 2014 UTC