*
* @return security check code - 0 if everything O.K.
*/
private int validateSecMecUSRSSBPWD() throws DRDAProtocolException
{
AuthenticationService authenticationService = null;
org.apache.derby.iapi.db.Database databaseObj = null;
String srvrlslv = appRequester.srvrlslv;
// Check if application requester is the Derby Network Client (DNC)
//
// We use a trick here - as the product ID is not yet available
// since ACCRDB message is only coming later, we check the server
// release level field sent as part of the initial EXCSAT message;
// indeed, the product ID (PRDID) is prefixed to in the field.
// Derby always sets it as part of the EXCSAT message so if it is
// not available, we stop here and inform the requester that
// SECMEC_USRSSBPWD cannot be supported for this connection.
if ((srvrlslv == null) || (srvrlslv.length() == 0) ||
(srvrlslv.length() < CodePoint.PRDID_MAX) ||
(srvrlslv.indexOf(DRDAConstants.DERBY_DRDA_CLIENT_ID)
== -1)) {
return CodePoint.SECCHKCD_NOTSUPPORTED; // Not Supported
}
// Client product version is extracted from the srvrlslv field.
// srvrlslv has the format <PRDID>/<ALTERNATE VERSION FORMAT>
// typically, a known Derby client has a four part version number
// with a pattern such as DNC10020/10.2.0.3 alpha. If the alternate
// version format is not specified, clientProductVersion_ will just
// be set to the srvrlslvl. Final fallback will be the product id.
//
// SECMEC_USRSSBPWD is only supported by the Derby engine and network
// server code starting at version major '10' and minor '02'. Hence,
// as this is the same for the derby client driver, we need to ensure
// our DNC client is at version and release level of 10.2 at least.
// We set the client version in the application requester and check
// if it is at the level we require at a minimum.
appRequester.setClientVersion(
srvrlslv.substring(0, (int) CodePoint.PRDID_MAX));
if (appRequester.supportsSecMecUSRSSBPWD() == false) {
return CodePoint.SECCHKCD_NOTSUPPORTED; // Not Supported
}
String dbName = database.getShortDbName();
// Check if the database is available (booted)
//
// First we need to have the database name available and it should
// have been set as part of the ACCSEC request (in the case of a Derby
// 'DNC' client)
if ((dbName == null) || (dbName.length() == 0))
{
// No database specified in the connection URL attributes
//
// In this case, we get the authentication service handle from the
// local driver, as the requester may simply be trying to shutdown
// the engine.
authenticationService = ((InternalDriver)
NetworkServerControlImpl.getDriver()).getAuthenticationService();
}
else
{
// We get the authentication service from the database as this
// last one might have specified its own auth provider (at the
// database level).
//
// if monitor is never setup by any ModuleControl, getMonitor
// returns null and no Derby database has been booted.
if (Monitor.getMonitor() != null) {
databaseObj = (org.apache.derby.iapi.db.Database)
Monitor.findService(Property.DATABASE_MODULE, dbName);
}
if (databaseObj == null)
{
// If database is not found, try connecting to it.
database.makeDummyConnection();
// now try to find it again
databaseObj = (org.apache.derby.iapi.db.Database)
Monitor.findService(Property.DATABASE_MODULE, dbName);
}
// If database still could not be found, it means the database
// does not exist - we just return security mechanism not
// supported down below as we could not verify we can handle
// it.
try {
if (databaseObj != null) {
authenticationService =
databaseObj.getAuthenticationService();
}
} catch (StandardException se) {
println2Log(null, session.drdaID, se.getMessage());
// Local security service non-retryable error.
return CodePoint.SECCHKCD_0A;
}
}
// Now we check if the authentication provider is NONE or BUILTIN
if (authenticationService != null)
{
String authClassName = authenticationService.getClass().getName();
if (!authClassName.equals(AUTHENTICATION_PROVIDER_BUILTIN_CLASS) &&
!authClassName.equals(AUTHENTICATION_PROVIDER_NONE_CLASS)) {
return CodePoint.SECCHKCD_NOTSUPPORTED; // Not Supported
}