从OCI使用Oracle Wallet身份验证 [英] Using Oracle Wallet authentication from OCI
问题描述
我想知道是否有人能成功编写使用Oracle OCI API并使用Oracle钱包进行身份验证的C/C ++应用程序.
I'm wondering if anyone has any success in writing a C/C++ application that uses the Oracle OCI API and authenticates using an Oracle wallet.
我已经使用mkstore成功创建了钱包并将凭证存储在其中.我的tnsnames.ora和sqlnames.ora文件具有正确的内容,并且我的ORACLE_HOME和ORACLE_SID环境变量已正确设置,因为我可以使用sqlplus/@ XE来成功验证使用它的sqlplus会话.
I have successfully created the wallet using mkstore and have stored the credentials in it. My tnsnames.ora and sqlnames.ora files have the correct contents, and my ORACLE_HOME and ORACLE_SID environment variables are set correctly as I can use sqlplus /@XE to authenticate a sqlplus session successfully using it.
在同一终端中,我创建了一个简单的C程序,该程序分配OCIEnv,OCIServer,OCIError和OCIsvcCtx句柄并调用OCIEnvCreate().一切正常.
Within the same terminal I have created a simple C program that allocates the OCIEnv, OCIServer, OCIError and OCIsvcCtx handles and calls OCIEnvCreate(). That all works fine.
然后,我尝试调用任何一个连接"函数,例如OCILogon(也尝试了OCILogon2和OCISessionPoolCreate),并且我总是得到无效的用户名/密码".我正在尝试调用它,因为它为我的sqlplus调用定义了它,即空用户名和密码的长度为0,而dbname为"XE"的长度是适当的. (为了完整性起见,我还尝试了"@XE"和"/@ XE"的数据库名)
I then try calling any one of the "connect" functions, such as OCILogon (also tried OCILogon2 and OCISessionPoolCreate as well), and I always get "invalid username/password". I am trying to call it as I see it defined for my invocation of sqlplus i.e null username and password with 0 length, and dbname of "XE" with appropriate length. (I've also tried dbnames of "@XE" and "/@XE" for completeness)
我看到有一个用于打开钱包并询问其内容的安全性API,但是我认为这是想要直接与钱包中的内容进行交互(即添加/删除凭据等)的应用程序.也许这对我而言是不正确的假设...
I see there is a security API for opening wallets and interrogating their contents, but I assumed this was application that want to interact directly with the contents of the wallet (i.e add/remove credentials etc). Maybe this is an incorrect assumption on my part...
关于如何以编程方式执行此操作的信息很少,因此,如果有人有任何指针,或者可以通过这种方式简单地连接到数据库的小型工作示例,我将不胜感激.
There is precious little info out there as to how to do this programatically, so if anyone has any pointers, or a small working example that can simply connect to the database in this way I would be very grateful.
非常感谢
本
推荐答案
这也是我发现的内容,关于如何以编程方式执行此操作的信息很少.我终于通过实验弄清楚了.看来您已正确设置了sqlnet.ora和tnsnames.ora文件,因此您所需要做的就是修改代码以附加到服务器并启动会话.
That's what I found also, there is precious little info out there on how to do this programatically. I finally figured it out by experiementing. It seems you have your sqlnet.ora and tnsnames.ora files set up correctly, so all you need to do is modify your code for attaching to the server and starting the session.
连接到服务器时,您的 dblink 文本字符串应该是tnsnames.ora中用于您的Oracle钱包条目的连接字符串.您的情况是" XE ".
When attaching to the server, your dblink text string should be your connect string in tnsnames.ora for your oracle wallet entry. In your case "XE".
OCIServerAttach (OCIServer * srvhp, OCIError * errhp, CONST文本 * dblink , sb4 dblink_len, ub4模式)
OCIServerAttach (OCIServer *srvhp, OCIError *errhp, CONST text *dblink, sb4 dblink_len, ub4 mode )
在开始会话时,应将 credt 设置为 OCI_CRED_EXT .这将在外部验证凭据,并且由于sqlnet.ora中存在SQLNET.WALLET_OVERRIDE = TRUE,因此使用oracle钱包来验证连接字符串.另外,将 credt 设置为 OCI_CRED_EXT 会忽略用户名和密码会话属性.
When beginning your session, credt should be set to OCI_CRED_EXT. This validates the credentials externally and since SQLNET.WALLET_OVERRIDE = TRUE is in sqlnet.ora, It uses oracle wallet to validate the connect string. Also, having credt set to OCI_CRED_EXT ignores the username and password session attributes.
OCISessionBegin (OCISvcCtx * svchp, OCIError * errhp, OCISession * usrhp, ub4 credt , ub4模式);
OCISessionBegin (OCISvcCtx *svchp, OCIError *errhp, OCISession *usrhp, ub4 credt, ub4 mode );
就是这样.我没有在代码中使用OCILogin或OCISessionPoolCreate.
That's it. I didn't use OCILogin or OCISessionPoolCreate in my code.
祝你好运, 大卫·M.
Good luck, David M.
这篇关于从OCI使用Oracle Wallet身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
