Issue Details (XML | Word | Printable)

Key: CORE-1778
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Alexander Peshkov
Reporter: Svend Meyland Nicolaisen
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
Firebird Core

GSEC does not authenticate user correctly

Created: 08/Mar/08 08:47 AM   Updated: 19/Jan/16 05:02 AM
Component/s: GSEC
Affects Version/s: 2.1 RC1, 2.1 RC2
Fix Version/s: 2.5 Alpha 1

Environment:
Windows 2000
ISC_USER and/or ISC_PASSWORD environment variables are not set.

QA Status: No test


 Description  « Hide
When starting gsec without parameters it does not prompt that user name and password are required.

==== Example
C:\Program Files\Firebird\Firebird_2_1\bin>gsec
GSEC>
==== Example end

When GSEC has been started without parameters on Windows XP, the add, delete and modify commands works as it would if valid authentication had been performed.

When GSEC has been started without parameters on Windows 2000, the add command causes an abnormal program termination.

ISQL has similar problems.




 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Alexander Peshkov added a comment - 11/Mar/08 03:58 AM
What about utilities behavior when started without login/password parameters - please see release notes: trusted authentiaction. I suppose on XP you login as member of admins group, but on 2k - not as a member of that group.

Abnormal program termination when error should be displayed in gsec appears fixed in RC2 - please retry with it, it will be available in a few days.

Svend Meyland Nicolaisen added a comment - 11/Mar/08 09:17 AM
Just testet with Firebird 2.1 RC2. GSEC still behaves incorrectly when using trusted authentication on Windows 2000.

Alexander Peshkov added a comment - 11/Mar/08 09:44 AM
Can you be more specific, please?
What is incorrect behavior? Does it terminate?

Svend Meyland Nicolaisen added a comment - 11/Mar/08 10:02 AM
Using trusted authentication:

A) I expect Display to display the users in the security database.

B) Add results in an abnormal program termination.

===> Example start

C:\Program Files\Firebird\Firebird_2_1>bin\gsec
GSEC> display
GSEC> add testuser -pw test
An error occurred while attempting to add the user.

C:\Program Files\Firebird\Firebird_2_1>

<=== Example end

Using trusted authentication:

C) I expect Modify to change the password for sysdba.

===> Example start

C:\Program Files\Firebird\Firebird_2_1>bin\gsec
GSEC> modify sysdba -pw test
The user name specified was not found in the security database
GSEC>

<=== Example end

Authentication using SYSDBA:

D) Shouldn't it be possible to change the password for SYSDBA and then be able to continiue to use GSEC without restarting it?

===> Example start

C:\Program Files\Firebird\Firebird_2_1>bin\gsec -user SYSDBA -password masterkey
GSEC> modify sysdba -pw master
GSEC> modify sysdba -pw masterkey
Warning - maximum 8 significant bytes of password used
Your user name and password are not defined. Ask your database administrator to
set up a Firebird login.
unable to open database
GSEC>

<=== Example end

Hope this help.


Svend Meyland Nicolaisen added a comment - 11/Mar/08 10:17 AM
DR. Watson dump for abnormal program termination:

Application exception occurred:
        App: (pid=2420)
        When: 11-03-2008 @ 15:16:06.756
        Exception number: c0000005 (access violation)

*----> System Information <----*
        Computer Name: SAGIOMASTERTEST
        User Name: Developer
        Number of Processors: 1
        Processor Type: x86 Family 6 Model 8 Stepping 3
        Windows 2000 Version: 5.0
        Current Build: 2195
        Service Pack: 4
        Current Type: Uniprocessor Free

*----> Task List <----*
   0 Idle.exe
   8 System.exe
 140 SMSS.exe
 164 CSRSS.exe
 160 WINLOGON.exe
 212 SERVICES.exe
 224 LSASS.exe
 400 svchost.exe
 428 spoolsv.exe
 488 bordbg50.exe
 504 S4SERVERNT.exe
 548 svchost.exe
 572 GMSService.exe
 636 FrameworkServic.exe
 696 Mcshield.exe
 712 VsTskMgr.exe
 800 sqlservr.exe
 820 PERSFW.exe
 856 regsvc.exe
 868 RTVNC.exe
 872 mstask.exe
 908 SCRMnger.exe
1120 stisvc.exe
1160 WinMgmt.exe
1176 svchost.exe
2088 SDBMSS.exe
1964 explorer.exe
1448 shstat.exe
1556 UpdaterUI.exe
1652 internat.exe
2468 sqlmangr.exe
2800 SDBM.exe
2128 SDBM.exe
1836 SDBMSandboxHost.exe
2104 CerPassEmulator.exe
 664 naPrdMgr.exe
1440 CMD.exe
1820 SDBMSandboxHost.exe
2776 mshta.exe
1596 mmc.exe
2068 fb_inet_server..exe
2420 gsec.exe
2164 fb_inet_server..exe
2520 DRWTSN32.exe
   0 _Total.exe

(00400000 - 0041A000)
(77F80000 - 77FFC000)
(76620000 - 76631000)
(7C2D0000 - 7C335000)
(7C570000 - 7C623000)
(77D30000 - 77DA8000)
(77E10000 - 77E79000)
(77F40000 - 77F7C000)
(10000000 - 10074000)
(75030000 - 75044000)
(78000000 - 78045000)
(75020000 - 75028000)
(78130000 - 781CB000)
(75E60000 - 75E7A000)
(6CA60000 - 6CA68000)
(66650000 - 666A4000)
(69BF0000 - 69C0D000)
(77800000 - 7781E000)
(77950000 - 7797B000)
(75150000 - 75160000)
(77BF0000 - 77C01000)
(77980000 - 779A4000)
(75050000 - 75058000)
(7CDC0000 - 7CE13000)
(751C0000 - 751C6000)
(7C340000 - 7C34F000)
(7CE20000 - 7CF0F000)
(70A70000 - 70AD6000)
(782D0000 - 782F2000)
(7C740000 - 7C7CC000)
(77430000 - 77441000)
(77340000 - 77353000)
(77520000 - 77525000)
(77320000 - 77337000)
(779B0000 - 77A4B000)
(773B0000 - 773DF000)
(77380000 - 773A3000)
(77830000 - 7783E000)
(77880000 - 7790E000)
(7C0F0000 - 7C154000)
(774E0000 - 77514000)
(774C0000 - 774D1000)
(77530000 - 77552000)
(71710000 - 71794000)
(77360000 - 77379000)

State Dump for Thread Id 0xab0

eax=00d1000c ebx=00000012 ecx=0012ef88 edx=00d1000d esi=00d1000c edi=0012ed04
eip=1003faf0 esp=0012eca8 ebp=0012ed04 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206


function: <nosymbols>
        1003fad2 e8714c0000 call 10044748
        1003fad7 83c424 add esp,0x24
        1003fada c3 ret
        1003fadb 8b7608 mov esi,[esi+0x8] ds:01879ef2=????????
        1003fade 85f6 test esi,esi
        1003fae0 7505 jnz 1004b8e7
        1003fae2 bed0c20510 mov esi,0x1005c2d0
        1003fae7 8bc6 mov eax,esi
        1003fae9 8d5001 lea edx,[eax+0x1] ds:01879ef2=????????
        1003faec 8d642400 lea esp,[esp+0x0] ss:00c98b8f=????????
FAULT ->1003faf0 8a08 mov cl,[eax] ds:00d1000c=??
        1003faf2 83c001 add eax,0x1
        1003faf5 84c9 test cl,cl
        1003faf7 75f7 jnz 100426f0
        1003faf9 2bc2 sub eax,edx
        1003fafb 3d00000100 cmp eax,0x10000
        1003fb00 7605 jbe 1004b307
        1003fb02 b800000100 mov eax,0x10000
        1003fb07 8b17 mov edx,[edi] ds:0012ed04=1005ccf0
        1003fb09 50 push eax
        1003fb0a 8b02 mov eax,[edx] ds:00d1000d=????????
        1003fb0c 56 push esi

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
0012ED04 00000400 0012F463 0012F460 0012F076 0012EF10 !<nosymbols>

*----> Raw Stack Dump <----*
0012eca8 a1 ed 12 00 a2 ed 12 00 - 04 ed 12 00 04 ed 12 00 ................
0012ecb8 bb 46 04 10 64 f0 12 00 - 90 ed 12 00 12 00 00 00 .F..d...........
0012ecc8 90 ed 12 00 00 00 00 00 - a9 28 fd 6a 7e fc 03 10 .........(.j~...
0012ecd8 04 ed 12 00 88 ef 12 00 - 64 f0 12 00 80 ef 12 00 ........d.......
0012ece8 24 00 00 00 20 00 00 00 - 52 fe 03 10 04 ed 12 00 $... ...R.......
0012ecf8 90 ed 12 00 80 ef 12 00 - 1d 29 fd 6a f0 cc 05 10 .........).j....
0012ed08 00 04 00 00 63 f4 12 00 - 60 f4 12 00 76 f0 12 00 ....c...`...v...
0012ed18 10 ef 12 00 a8 85 04 10 - 00 00 00 00 01 00 04 10 ................
0012ed28 64 f0 12 00 00 04 00 00 - 90 ed 12 00 80 ef 12 00 d...............
0012ed38 25 29 fd 6a 6c ef 12 00 - 00 04 00 00 64 f0 12 00 %).jl.......d...
0012ed48 40 f5 12 00 24 00 00 00 - be 03 41 00 00 00 00 00 @...$.....A.....
0012ed58 00 00 00 00 00 00 00 00 - e0 19 1c 78 34 00 00 00 ...........x4...
0012ed68 80 1b 1c 78 ec ef 12 00 - 34 00 00 00 6c e4 8c 00 ...x....4...l...
0012ed78 ff ff ff ff c3 03 41 00 - 00 00 00 00 00 00 00 00 ......A.........
0012ed88 00 00 00 00 00 00 00 00 - 6e 6f 20 70 65 72 6d 69 ........no permi
0012ed98 73 73 69 6f 6e 20 66 6f - 72 20 40 31 20 61 63 63 ssion for @1 acc
0012eda8 65 73 73 20 74 6f 20 40 - 32 20 40 33 00 00 00 00 ess to @2 @3....
0012edb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0012edc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0012edd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................


Alexander Peshkov added a comment - 12/Mar/08 05:51 AM
A. No matter of auth used, display shows all users only to SYSDBA. When legacy auth is used, it shows to non-SYSDBA only current user. This is normal security measure, is not it?
When trusted auth is used, members of admin group are mapped to SYSDBA, and therefore can see all reecords in security database. But when ordinary user runs gsec with trusted auth, there is NO record for CURRENT user in security database, therefore nothing is displayed. I agree that better diagnostic can be added here, but unfortunately that's true for many places in FB.

B. Sorry, I can't reproduce AV in gsec. I get correct and well looking error:
:\FB\2.1\temp\debug\firebird\bin>gsec.exe
GSEC> di
GSEC> add some -pw xxx
An error occurred while attempting to add the user.
no permission for insert/write access to TABLE USERS
GSEC> ^Z
It will be of great help if you can download symbol tables for firebird ang get stack backtrace with symbolic names. I'll be glad to fix, but I can't reproduce!

C. gsec has no problems changing SYSDBA password in trusted auth provided you are a member of admin group.

D. Please add it (possibility to change the password for SYSDBA and then be able to continiue to use GSEC without restarting it) as a separate feature request to the tracker.

Svend Meyland Nicolaisen added a comment - 12/Mar/08 06:22 AM
A. The user I am using is a member of the local Administrators group on the computer. It surdenly has administrative rights on the PC.
Why is an ordinary user allowed access to GSEC if it is not in the security database in the first place? (Not that it is a big issue to me. :-) )

B. I will try to produce a stack back trace later.

C. As A.

D. OK.

Alexander Peshkov added a comment - 11/Jun/08 08:56 AM
gsec operation can be now successfully continued after SYSDBA's password change.

The rest of reported issues (AVs in gsec) are not reproduced.