Changes between Initial Version and Version 1 of Ticket #3185
- Timestamp:
- Oct 13, 2009, 1:38:42 PM (15 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #3185
- Property Cc added
- Property Keywords OCI Oracle added
- Property Component default → OGR_SF
-
Ticket #3185 – Description
initial v1 1 1 The summary pretty much says it all. Below is an IRC discussion about this subject. Sorry for adding an extra lines. Without them this ticket would be all garbled up: 2 2 3 {{{ 3 4 <cgs_bob> Hello all. Is there a way to use ogr with an Oracle database that uses OS validation? 4 5 5 <mloskot> cgs_bob: I would expect it's something transparent, not required to implement by proxy-client as OGR OCI driver is 6 7 6 <mloskot> cgs_bob: [http://www.oracle-base.com/articles/misc/OsAuthentication.php] 8 9 7 <sigq> Title: ORACLE-BASE - OS Authentication (at www.oracle-base.com) 10 11 8 <cgs_bob> mloskot: I'm afraid I do not understand :) are you saying that I would not need to supply a login and password? in all of the ogr examples I've seen, you need to supply the login and password. 12 13 9 <mloskot> cgs_bob: now, what I'm saying is chances are you can supply all necessary credentials in connection string and OGR OCI driver will forward it to oracle correctly 14 15 10 <mloskot> AFAIK, OGR never interfers in things like authentication, but it just transparently passes this responsibility to another tier 16 17 11 <cgs_bob> mloskot: gotcha. I'll take a look at the link above and experiment more. thanks for the info 18 19 12 <mloskot> cgs_bob: actually, it's very easy to check what OGR OCI does: 20 21 13 <mloskot> [http://trac.osgeo.org/gdal/browser/trunk/gdal/ogr/ogrsf_frmts/oci/ogrocidatasource.cpp#L169] 22 23 14 <sigq> Title: /trunk/gdal/ogr/ogrsf_frmts/oci/ogrocidatasource.cpp - GDAL - Trac (at trac.osgeo.org) 24 25 15 <mloskot> connection string -> tokenize to retrieve user/pass, etc. -> pass to OCI library 26 27 16 <mloskot> [http://trac.osgeo.org/gdal/browser/trunk/gdal/ogr/ogrsf_frmts/oci/ogrocisession.cpp#L107] 28 29 17 <sigq> Title: /trunk/gdal/ogr/ogrsf_frmts/oci/ogrocisession.cpp - GDAL - Trac (at trac.osgeo.org) 30 31 18 <mloskot> and this 32 33 19 <mloskot> [http://trac.osgeo.org/gdal/browser/trunk/gdal/ogr/ogrsf_frmts/oci/ogrocisession.cpp#L137] 34 35 20 <sigq> Title: /trunk/gdal/ogr/ogrsf_frmts/oci/ogrocisession.cpp - GDAL - Trac (at trac.osgeo.org) 36 37 21 <cgs_bob> so how does OS validation fits into that scheme? I thought there is no password. in any case, I'll take a look at these links...thanks 38 39 22 <FrankW> cgs_bob: I don't know how os validation works either, but OGR does nothing special with regard to it. 40 41 23 <mloskot> cgs_bob: learn about Oracle and its API and having what OGR does, you will know 42 43 24 <FrankW> And then consider adding some wisdom at: [http://trac.osgeo.org/gdal/wiki/Oracle] 44 45 25 <sigq> Title: Oracle - GDAL - Trac (at trac.osgeo.org) 46 47 26 <cgs_bob> mloskot and FrankW, thanks for the help. I see I have lots of studying to do :) if I get any ifo worthy of the wiki I'll add it. 48 49 27 <mloskot> OK, I think I found it 50 51 28 <mloskot> The external authentication in Oracle can be achieved by call of OCISessionBegin function (from OCI) with proper flag OCI_CRED_EXT 52 53 29 <mloskot> [http://download.oracle.com/docs/cd/B10501_01/appdev.920/a96584/oci15r13.htm] 54 55 30 <sigq> Title: OCI Relational Functions, 13 of 38 (at download.oracle.com) 56 57 31 <mloskot> As I see, unfortunately, OGR OCI does not use this mode to establish connection/session 58 59 32 <FrankW> So we would need to do something special in the driver? 60 61 33 <FrankW> cgs_bob: if you are really keen on doing this, file a ticket, and we might be able to incorporate it for testing in trunk. 62 63 34 <mloskot> after 5 minutes research, yes 64 65 35 <mloskot> we would need to use different API calls, different more advanced session construction 66 67 36 <mloskot> but as I said, deeper investigation is needed. 68 69 37 <FrankW> Perhaps I can talk Ivan into it! 70 71 38 <mloskot> What I'm sure about is the flag OCI_CRED_EXT, it is used for so called OS Authentication even in PHP 72 73 39 <FrankW> He is keen on all things oracle. 74 75 40 <cgs_bob> FrankW: it is very important for use to use OS authentication, so I'll file a ticket 76 77 41 <mloskot> We use OCILogon 78 79 42 <mloskot> [http://download.oracle.com/docs/cd/B10501_01/appdev.920/a96584/oci15re9.htm] 80 81 43 <FrankW> cgs_bob: a mandate from the IT police? 82 83 44 <sigq> Title: OCI Relational Functions, 9 of 38 (at download.oracle.com) 84 85 45 <mloskot> "to create a simple logon session." 86 87 46 <mloskot> what would confirm what my suppositions 88 89 47 <FrankW> Please include mloskot's notes and links in the ticket. 90 91 48 <FrankW> mloskot: I'm assuming you don't have a deep desire to work on the oracle driver? 92 93 49 <mloskot> FrankW: it's not that I don't have desire, but I'm very short with time now 94 95 50 <mloskot> not earlier than in 5-6 days 96 97 51 <mloskot> but I will participate in the ticket and jump in if I can 98 99 52 <cgs_bob> FrankW: yup. and if we can't get ogr to work with OS authentication, they will have another reason to reject foss4g 100 101 53 <FrankW> Oh, when you put it like that you motivate me! 102 103 54 * mloskot has no idea who those they are, so can't get very motivated ;-) 104 105 55 <cgs_bob> FrankW: we have done a lot of good stuff with foss4g, so our project is still alive 106 107 56 <mloskot> What I've just learned, OCILogon is a simple single-user-session per connection mode, OCISessionBegin provides more advanced features 108 109 57 <mloskot> [http://download.oracle.com/docs/cd/B10501_01/appdev.920/a96584/oci02bas.htm] 110 111 58 <sigq> Title: OCI Programming Basics (at download.oracle.com) 112 113 59 <mloskot> Given that, I'm quite sure OGR OCI does not use API required to support Oracle OS Authentication 114 115 60 --> chaitanyach has joined this channel (n=chaitany@117.204.64.167). 116 117 61 <FrankW> I wonder if I could get oracle running on my new linux server. 118 119 62 <mloskot> As I see, it should be sufficient to dig ogrocisession.cpp only and replace OCILogon with OCIServerAttach + some OCIHandleAlloc calls + OCISessionBegin as shown in this section 120 121 63 <mloskot> OCIHandleAlloc 122 123 64 <mloskot> [http://download.oracle.com/docs/cd/B10501_01/appdev.920/a96584/oci02bas.htm#423550] 124 125 65 <sigq> Title: OCI Programming Basics (at download.oracle.com) 66 }}}