|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #36820 Privileged connection with an Oracle password file fails
Submitted: 2006-03-22 04:53 UTC Modified: 2006-03-22 10:46 UTC
From: cjbj at hotmail dot com Assigned: tony2001
Status: Closed Package: OCI8 related
PHP Version: 5.1.2 OS: Linux
Private report: No CVE-ID:
 [2006-03-22 04:53 UTC] cjbj at hotmail dot com
When oci_connect() uses OCI_SYSDBA or OCI_SYSOPER, oci8.c always calls
OCISessionBegin() with OCI_CRED_EXT.  This needs to be changed to
OCI_CRED_RDBMS in some cases so privileged connections can be
authenticated by an Oracle password file.

When OCI_SYSDBA or OCI_SYSOPER are specified:
    if the username is "/" and there is no password then
	the credential should be OCI_CRED_EXT
	the credential should be OCI_CRED_RDBMS

There are two success cases of interest:

Case 1: oci8.c should use OCI_CRED_EXT.

  Connect succeds if the process running PHP is in Oracle's OS dba
  group and the DB is "local" i.e on the same host and specified by
  ORACLE_SID environment variable.  Otherwise connection will fail.

      oci_connect("/", "", NULL, OCI_SYSDBA);

Case 2: oci8.c should use OCI_CRED_RDBMS.

  Connect succeeds if the user is in Oracle's password file.  The DB
  can be on a remote host.

      // Note DB name could be NULL.
      oci_connect("un", "pw", "MYSID", OCI_SYSDBA);

Note: the php.ini parameter oci8.privileged_connect must be true for
PHP to allow OCI_SYSDBA or OCI_SYSOPER connections.

Actual result:
Currently case 2 gives ORA-01031: insufficient privileges in test.php on line 3.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2006-03-22 10:46 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2016 The PHP Group
All rights reserved.
Last updated: Mon Oct 24 12:01:43 2016 UTC