Enable Fast Authentication for the latest Oracle Database release

Author: sharadraju

doc/src/release_notes.rst

@@ -13,6 +13,10 @@ node-oracledb `v6.5.0 <https://github.com/oracle/node-oracledb/compare/v6.4.0...
 Thin Mode Changes
 ++++++++++++++++++
 
+#)  Added support for Oracle Database 23c feature that can improve the
+    performance of connection creation by reducing the number of
+    round trips required for all connections created.
+
 #)  Error ``NJS-149: the bind variable placeholder "%s" cannot be used
     both before and after the RETURNING clause in a DML RETURNING statement``
     is now raised when the same bind variable placeholder name is used both

lib/thin/connection.js

@@ -50,8 +50,6 @@ const finalizationRegistry = new global.FinalizationRegistry((heldValue) => {
 class TDSBuffer extends BaseBuffer {
 }
 
-const connectionCookies = new Map();
-
 class ThinConnectionImpl extends ConnectionImpl {
 
   /**
@@ -596,26 +594,6 @@ class ThinConnectionImpl extends ConnectionImpl {
     return (this._pool) ? true : false;
   }
 
-  //---------------------------------------------------------------------------
-  // getConnectionCookieByUUID()
-  //
-  // It fetches from map which keeps keyname as UUID+ServiceName.
-  // UUID identifies the CDB instance and ServiceName identifies the
-  // entity within a PDB which uniquely identifies a pdb instance.
-  //---------------------------------------------------------------------------
-  getConnectionCookieByUUID(uuid) {
-    let cookie;
-    if (uuid) {
-      const key = uuid + ((this.serviceName) ? this.serviceName : this.sid);
-      cookie = connectionCookies.get(key);
-      if (!cookie) {
-        cookie = {};
-        connectionCookies.set(key, cookie);
-      }
-    }
-    return cookie;
-  }
-
   /**
    *
    * @param {object} params  Configuration of the connection
@@ -705,37 +683,19 @@ class ThinConnectionImpl extends ConnectionImpl {
     }
 
     try {
-      const cookie = this.getConnectionCookieByUUID(this.nscon.dbUUID);
-      this.nscon.dbUUID = null;
       const protocolMessage = new messages.ProtocolMessage(this);
       const dataTypeMessage = new messages.DataTypeMessage(this);
       const authMessage = new messages.AuthMessage(this, params);
-      let sentCookie = false;
-      if (cookie && cookie.populated) {
-        const cookieMessage = new messages.ConnectionCookieMessage(this);
-        cookieMessage.cookie = cookie;
-        cookieMessage.protocolMessage = protocolMessage;
-        cookieMessage.dataTypeMessage = dataTypeMessage;
-        cookieMessage.authMessage = authMessage;
-        await this._protocol._processMessage(cookieMessage);
-        sentCookie = true;
+      if (this.nscon.supportsFastAuth) {
+        const fastAuthMessage = new messages.FastAuthMessage(this);
+        fastAuthMessage.protocolMessage = protocolMessage;
+        fastAuthMessage.dataTypeMessage = dataTypeMessage;
+        fastAuthMessage.authMessage = authMessage;
+        await this._protocol._processMessage(fastAuthMessage);
       } else {
         await this._protocol._processMessage(protocolMessage);
-      }
-      if (!sentCookie || !cookie.populated) {
         await this._protocol._processMessage(dataTypeMessage);
-        // Does OSESSKEY for non-token Authentication else OAUTH
         await this._protocol._processMessage(authMessage);
-        if (cookie && !cookie.populated) {
-          cookie.protocolVersion = protocolMessage.serverVersion;
-          cookie.serverBanner = protocolMessage.serverBanner;
-          cookie.charsetID = this._protocol.caps.charSetID;
-          cookie.ncharsetID = this._protocol.caps.nCharsetId;
-          cookie.flags = protocolMessage.serverFlags;
-          cookie.compileCaps = Buffer.from(protocolMessage.serverCompileCaps);
-          cookie.runtimeCaps = Buffer.from(protocolMessage.serverRunTimeCaps);
-          cookie.populated = true;
-        }
       }
       if (!params.token) { // non-token Authentication
         await this._protocol._processMessage(authMessage); // OAUTH

lib/thin/protocol/constants.js

@@ -433,7 +433,7 @@ module.exports = {
   TNS_MSG_TYPE_ONEWAY_FN: 26,
   TNS_MSG_TYPE_IMPLICIT_RESULTSET: 27,
   TNS_MSG_TYPE_RENEGOTIATE: 28,
-  TNS_MSG_TYPE_COOKIE: 30,
+  TNS_MSG_TYPE_FAST_AUTH: 34,
 
   // parameter keyword numbers,
   TNS_KEYWORD_NUM_CURRENT_SCHEMA: 168,
@@ -669,6 +669,7 @@ module.exports = {
   TNS_TDU: 65535,
   TNS_MAX_CONNECT_DATA: 230,
   TNS_MAX_UROWID_LENGTH: 3950,
+  TNS_SERVER_CONVERTS_CHARS: 0x01, // server does charset conversion
 
   // drcp release mode
   DRCP_DEAUTHENTICATE: 0x00000002,

lib/thin/protocol/messages/connectionCookie.js renamed to lib/thin/protocol/messages/fastAuth.js

@@ -1,4 +1,4 @@
-// Copyright (c) 2023 Oracle and/or its affiliates.
+// Copyright (c) 2023, 2024, Oracle and/or its affiliates.
 
 //-----------------------------------------------------------------------------
 //
@@ -31,37 +31,38 @@ const Message = require("./base.js");
 
 /**
  * Executes a Fast Negotiation RPC function.
- * It sends Protocol Negotiation, Cookie Message, Datatype Negotiation
+ * It sends Protocol Negotiation, Datatype Negotiation
  * and OSESS Key RPC in single round trip.
  *
- * @class ConnectionCookieMessage
+ * @class FastAuthMessage
  * @extends {Message}
  */
-class ConnectionCookieMessage extends Message {
+class FastAuthMessage extends Message {
 
   /**
-   * Serializes the ConnectionCookieMessage function arguments
+   * Serializes the FastAuthMessage function arguments
    *
    * @param {object} buf input arguments
    */
   encode(buf) {
+    buf.writeUInt8(constants.TNS_MSG_TYPE_FAST_AUTH);
+    buf.writeUInt8(1); // Fast Auth version
+    buf.writeUInt8(constants.TNS_SERVER_CONVERTS_CHARS); // flag 1
+    buf.writeUInt8(0); // flag 2
     this.protocolMessage.encode(buf);
-    buf.writeUInt8(constants.TNS_MSG_TYPE_COOKIE);
-    buf.writeUInt8(1);                  // cookie version
-    buf.writeUInt8(this.cookie.protocolVersion);
-    buf.writeUInt16LE(this.cookie.charsetID);
-    buf.writeUInt8(this.cookie.flags);
-    buf.writeUInt16LE(this.cookie.ncharsetID);
-    buf.writeBytesWithLength(this.cookie.serverBanner);
-    buf.writeBytesWithLength(this.cookie.compileCaps);
-    buf.writeBytesWithLength(this.cookie.runtimeCaps);
+    buf.writeUInt16BE(0); // server charset (unused)
+    buf.writeUInt8(0); // server charset flag (unused)
+    buf.writeUInt16BE(0); // server ncharset (unused)
+    buf.caps.ttcFieldVersion = constants.TNS_CCAP_FIELD_VERSION_19_1_EXT_1;
+    buf.writeUInt8(buf.caps.ttcFieldVersion);
     this.dataTypeMessage.encode(buf);
     this.authMessage.encode(buf);
+    buf.caps.ttcFieldVersion = constants.TNS_CCAP_FIELD_VERSION_MAX;
   }
 
   processMessage(buf, messageType) {
     if (messageType === constants.TNS_MSG_TYPE_RENEGOTIATE) {
-      this.cookie.populated = false;
+      this.reNegotiate = true;
     } else if (messageType === constants.TNS_MSG_TYPE_PROTOCOL) {
       this.protocolMessage.processMessage(buf, messageType);
     } else if (messageType === constants.TNS_MSG_TYPE_DATA_TYPES) {
@@ -73,4 +74,4 @@ class ConnectionCookieMessage extends Message {
 
 }
 
-module.exports = ConnectionCookieMessage;
+module.exports = FastAuthMessage;

lib/thin/protocol/messages/index.js

@@ -37,12 +37,12 @@ const PingMessage = require('./ping.js');
 const ProtocolMessage = require('./protocol.js');
 const RollbackMessage = require('./rollback.js');
 const SessionReleaseMessage = require('./sessionRelease.js');
-const ConnectionCookieMessage = require('./connectionCookie.js');
+const FastAuthMessage = require('./fastAuth.js');
 
 module.exports = {
   AuthMessage,
   CommitMessage,
-  ConnectionCookieMessage,
+  FastAuthMessage,
   DataTypeMessage,
   ExecuteMessage,
   FetchMessage,

lib/thin/sqlnet/constants.js

@@ -108,6 +108,7 @@ module.exports =  {
   TNS_VERSION_DESIRED: 319,
   TNS_VERSION_MINIMUM: 300,
   TNS_VERSION_MIN_UUID: 319,
+  TNS_VERSION_MIN_DATA_FLAGS: 318,
   TNS_UUID_OFFSET: 45,
 
   /* Accept Packet */
@@ -143,6 +144,7 @@ module.exports =  {
   // Accept flag2
   NSPACOOB: 0x00000001, // OOB support check at connection time
   NSGPCHKSCMD: 0x01000000, // Support for Poll and Check logic
+  TNS_ACCEPT_FLAG_FAST_AUTH: 0x10000000, // Support Fast Auth
 
   /* Redirect packet */
   NSPRDLEN: 8,   // Length of redirect data

lib/thin/sqlnet/networkSession.js

@@ -355,8 +355,9 @@ class NetworkSession {
         break;
       case constants.NSPTAC: /* ACCEPT */
         Packet.AcceptPacket(packet, this.sAtts);
-        this.dbUUID = packet.dbUUID;
-        packet.dbUUID = null;
+        if (packet.flags & constants.TNS_ACCEPT_FLAG_FAST_AUTH) {
+          this.supportsFastAuth = true;
+        }
         break;
       case constants.NSPTRF: /* REFUSE */
         this.refusePkt = new Packet.RefusePacket(packet);

lib/thin/sqlnet/packet.js

@@ -246,11 +246,8 @@ function AcceptPacket(packet, sAtts) {
   this.flag0 = packet.buf.readUInt8(constants.NSPACFL0);
   this.flag1 = packet.buf.readUInt8(constants.NSPACFL1);
 
-  /* UUID - CDB Instance ID */
-  if (sAtts.version >= constants.TNS_VERSION_MIN_UUID) {
-    packet.dbUUID = packet.buf.subarray(constants.TNS_UUID_OFFSET,
-      constants.TNS_UUID_OFFSET + 16);
-    packet.dbUUID = packet.dbUUID.toString('base64');
+  if (sAtts.version >= constants.TNS_VERSION_MIN_DATA_FLAGS) {
+    packet.flags = packet.buf.readUInt32BE(constants.NSPACFL2);
   }
 }