feat(oracle): 10G password verifier + 23ai TTC capability fixes#969
Merged
feat(oracle): 10G password verifier + 23ai TTC capability fixes#969
Conversation
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
…rovider Reviewer feedback (conventions + simplicity passes): - Plugin↔host error classification was string-prefix matching on `OracleSQLError.Code.description` (plugin) and `error.localizedDescription.contains(...)` (host). Both are brittle: `description` is not a stable contract, and the host matcher breaks under non-English locales. Replaced with typed plumbing. - New TableProPluginKit primitives: `PluginDiagnostic` value type (title, message, suggestedActions, diagnosticInfo, supportURL) and `PluginDiagnosticProvider` protocol. Plugins opt-in by conforming their main type; no DriverPlugin ABI bump needed. - `OracleError` is now a struct with a `Category` enum (.notConnected, .authVerifierUnsupported(flag:), .authConnectionDropped, .authVersionNotSupported, etc.). `OracleConnection.connect` classifies upstream OracleSQLError into a category and throws a rich OracleError that carries it. The classification stays at the throw site where the most context is available. - `OraclePlugin` conforms to PluginDiagnosticProvider. Its `diagnose(error:)` casts to `OracleError`, switches on `category`, and emits a localized PluginDiagnostic with suggested actions. The user-facing copy moves from the connection-form helpers into the plugin where it belongs. - `PluginManager.diagnose(error:for:)` looks up the driver by type id, casts to PluginDiagnosticProvider, and forwards. ~5 lines. - Generic `PluginDiagnosticSheet` replaces the Oracle-specific one. Renders any PluginDiagnostic; classifier `PluginDiagnosticItem.classify(error:connection:username:)` routes through PluginManager and is testable. - Drops `oracleDiagnosticPayload` helper from ConnectionFormView+Helpers and the Oracle-specific `OracleDiagnosticSheet`. Diagnostic UI is now driver-agnostic. - Bumps SPM pin to fork commit 7c01c8f (free-function 10G hash + VerifierKind.init(verifierFlag:) refactor pushed to TableProApp/oracle-nio). - Pre-existing OraclePlugin.swift had a magic-number lint violation surfaced by --strict on the touched file: `defaultPort = 1521` -> `1_521`.
4 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #483 (10G password verifier + 23ai cloud Oracle handshake failure). Adds support for Oracle accounts whose
password_versionscontains10G, fixes the speculative root cause of zetkey's 23ai uncleanShutdown report, and ships a focused Oracle diagnostic sheet for connection-test failures. Targets aplugin-oracle-v1.2.0release.Layer 1 (fork:
TableProApp/oracle-nio:tablepro-main,6bbaee5)Sources/OracleNIO/Helper/Oracle10GHash.swift: canonical Oracle 10G O5LOGON hash (UTF-16BE(uppercase(username + password)), null-padded to 8 bytes, two-pass DES-CBC with fixed initial key, second pass keyed by last 8 bytes of pass 1) via CommonCrypto. Verified against passlib canonical vector (username/password -> 872805F3F4C83365) andSCOTT/TIGER -> F894844C34402B67.OracleFrontendMessageEncoder.swift:verifier11g: Boolflag replaced withVerifierKindenum (tenG/elevenG/twelveC). 10G uses the sameAUTH_SESSKEY/AUTH_PASSWORDshape as 11G, with the 8-byte hash zero-padded to a 24-byte AES-192 key. NoAUTH_PBKDF2_SPEEDY_KEYfor 10G or 11G.OracleSQLError.unsupportedVerifierType(UInt32)case added so callers see the actual verifier flag instead of a genericserverVersionNotSupported.DEQUEUE_WITH_SELECTOR), 35 (OCI3_OCSSYNC), 39 (SESS_SIGNATURE_VERSION), 40 (TTC4addsEXPLICIT_BOUNDARY), 44 (TTC5addsTOKEN_SUPPORTED/PIPELINING_SUPPORT/PIPELINING_BREAK/SESSIONLESS_TXNS), 45 (FEATURE_BACKPORT2 + END_USER_SEC_CTX), 52 (VECTOR_FEATURES + SPARSE).TNS_ACCEPT_FLAG_CHECK_OOB (0x01), matching python-oracledb'ssupports_oob_checkgate. 23ai cloud and containerized deployments often omit this flag, causing the server to FIN the connection mid-handshake when oracle-nio sent an unexpected OOB byte.Layer 2 (this repo)
6bbaee5.Plugins/OracleDriverPlugin/OracleConnection.swift: connect-error catch now produces actionable diagnostic messages forunsupportedVerifierType,uncleanShutdown, andserverVersionNotSupportedinstead of a raw error description. Each message names the host/service and points the user at the right next action (checkpassword_versions, file an issue, etc.).TablePro/Views/Connection/OracleDiagnosticSheet.swift(new): focused SwiftUI sheet shown when an Oracle Test Connection fails with one of the auth-class errors. Includes copy-able diagnostic info, suggested actions, and a link to the issue tracker.docs/databases/oracle.mdx: new "Auth Compatibility" section withpassword_versionsmatrix and rotation SQL.Test plan
--strictclean on all changed files10Guser account (DBA-controlled fixture; need Oracle connection fails with uncleanShutdown on non-TLS server #483 reporter to verify)After merge: tag
plugin-oracle-v1.2.0from main.