odpic-raw icon indicating copy to clipboard operation
odpic-raw copied to clipboard

Published 20 hours ago verified publisher icon leptonyu

Support TWO_TASK, TNS_ADMIN and Kerberos env setup

Open jlombera opened this issue 4 years ago • 0 comments

I need to connect to an instance that performs authentication via Kerberos. I have a env setup where environment variables ORACLE_SID, TNS_ADMIN and TWO_TASK (and the Kerberos config) are properly setup so that a simple invocation of sqlplus / (i.e. no user, password nor conn string specified) can connect/authenticate to the Oracle DB. I have not been able to connect with odpic-raw and wonder if this is supported by odpic-raw/odpi-c. Here is the simple test I've tried (basically the Hackage example with some minor changes):

{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE OverloadedStrings #-}
module Main where

import Data.ByteString (ByteString)
import Database.Dpi

connStr :: ByteString
connStr = ...  -- actual conn string as present in 
               -- $TNS_ADMIN/tnsnames.ora,
               -- identified by $TWO_TASK

conf :: OracleConfig
conf = defaultOracle "" "" ""

conf2 :: OracleConfig
conf2 = defaultOracle "" "" connStr

fp :: Data_PoolCreateParams -> IO Data_PoolCreateParams
fp c = pure (c { externalAuth = 1 } :: Data_PoolCreateParams)

main :: IO ()
main = do
  withContext $ \cxt ->
    withPool cxt conf fp $ \pool ->
      withPoolConnection pool $ \conn ->
        withStatement conn False "SELECT SYSDATE FROM DUAL" $ \st -> do
          r <- executeStatement st ModeExecDefault
          f <- fetch st
          mapM (getQueryValue st) [1..r] >>= print

If I use conf, I get error:

ErrorInfoException (Data_ErrorInfo {code = 12545, offset = 0, message = "ORA-12545: Connect failed because target host or object does not exist", encoding = "ASCII", fnName = "dpiPool_create", action = "create pool", sqlState = "HY000", isRecoverable = False})

i.e., it's unable to resolve the connection string using $TWO_TASK/$TNS_ADMIN/tnsnams.ora. If I explicitly specify the conn string using conf2, I get error:

ErrorInfoException (Data_ErrorInfo {code = 12638, offset = 0, message = "ORA-12638: Credential retrieval failed", encoding = "ASCII", fnName = "dpiPool_create", action = "create pool", sqlState = "HY000", isRecoverable = False})

i.e. it can connect but is unable to retrieve de Kerberos credentials as configured in $TNS_ADMIN/sqlnet.ora (and other env setup).

So this makes me think the env variables are completely ignored.

jlombera avatar Jan 04 '21 20:01 jlombera