Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GSEC does not authenticate user correctly [CORE1778] #2203

Closed
firebird-automations opened this issue Mar 8, 2008 · 16 comments
Closed

GSEC does not authenticate user correctly [CORE1778] #2203

firebird-automations opened this issue Mar 8, 2008 · 16 comments

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: Svend Meyland Nicolaisen (smndk)

When starting gsec without parameters it does not prompt that user name and password are required.

==== Example
C:\Program Files\Firebird\Firebird_2_1\bin>gsec
GSEC>
==== Example end

When GSEC has been started without parameters on Windows XP, the add, delete and modify commands works as it would if valid authentication had been performed.

When GSEC has been started without parameters on Windows 2000, the add command causes an abnormal program termination.

ISQL has similar problems.

@firebird-automations
Copy link
Collaborator Author

Modified by: Svend Meyland Nicolaisen (smndk)

description: When starting gsec without parameters it does not prompt that user name and password are required.

==== Example
C:\Program Files\Firebird\Firebird_2_1\bin>gsec
GSEC>
==== Example end

When GSEC has been started without parameters on Windows XP, the add, delete and modify commands works as it would if valid authentication had been performed.

When GSEC has been started without parameters on Windows 2000, the add command causes an abnormal program termination.

ISQL has similar problems.
*) On Windows XP it list users in the security database.
*) On Windows 2000 it lists nothing.

=>

When starting gsec without parameters it does not prompt that user name and password are required.

==== Example
C:\Program Files\Firebird\Firebird_2_1\bin>gsec
GSEC>
==== Example end

When GSEC has been started without parameters on Windows XP, the add, delete and modify commands works as it would if valid authentication had been performed.

When GSEC has been started without parameters on Windows 2000, the add command causes an abnormal program termination.

ISQL has similar problems.

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

assignee: Alexander Peshkov [ alexpeshkoff ]

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

What about utilities behavior when started without login/password parameters - please see release notes: trusted authentiaction. I suppose on XP you login as member of admins group, but on 2k - not as a member of that group.

Abnormal program termination when error should be displayed in gsec appears fixed in RC2 - please retry with it, it will be available in a few days.

@firebird-automations
Copy link
Collaborator Author

Modified by: Svend Meyland Nicolaisen (smndk)

Version: 2.1 RC2 [ 10250 ]

@firebird-automations
Copy link
Collaborator Author

Commented by: Svend Meyland Nicolaisen (smndk)

Just testet with Firebird 2.1 RC2. GSEC still behaves incorrectly when using trusted authentication on Windows 2000.

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

Can you be more specific, please?
What is incorrect behavior? Does it terminate?

@firebird-automations
Copy link
Collaborator Author

Commented by: Svend Meyland Nicolaisen (smndk)

Using trusted authentication:

A) I expect Display to display the users in the security database.

B) Add results in an abnormal program termination.

===> Example start

C:\Program Files\Firebird\Firebird_2_1>bin\gsec
GSEC> display
GSEC> add testuser -pw test
An error occurred while attempting to add the user.

C:\Program Files\Firebird\Firebird_2_1>

<=== Example end

Using trusted authentication:

C) I expect Modify to change the password for sysdba.

===> Example start

C:\Program Files\Firebird\Firebird_2_1>bin\gsec
GSEC> modify sysdba -pw test
The user name specified was not found in the security database
GSEC>

<=== Example end

Authentication using SYSDBA:

D) Shouldn't it be possible to change the password for SYSDBA and then be able to continiue to use GSEC without restarting it?

===> Example start

C:\Program Files\Firebird\Firebird_2_1>bin\gsec -user SYSDBA -password masterkey
GSEC> modify sysdba -pw master
GSEC> modify sysdba -pw masterkey
Warning - maximum 8 significant bytes of password used
Your user name and password are not defined. Ask your database administrator to
set up a Firebird login.
unable to open database
GSEC>

<=== Example end

Hope this help.

@firebird-automations
Copy link
Collaborator Author

Commented by: Svend Meyland Nicolaisen (smndk)

DR. Watson dump for abnormal program termination:

Application exception occurred:
App: (pid=2420)
When: 11-03-2008 @ 15:16:06.756
Exception number: c0000005 (access violation)

*----> System Information <----*
Computer Name: SAGIOMASTERTEST
User Name: Developer
Number of Processors: 1
Processor Type: x86 Family 6 Model 8 Stepping 3
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 4
Current Type: Uniprocessor Free

*----> Task List <----*
0 Idle.exe
8 System.exe
140 SMSS.exe
164 CSRSS.exe
160 WINLOGON.exe
212 SERVICES.exe
224 LSASS.exe
400 svchost.exe
428 spoolsv.exe
488 bordbg50.exe
504 S4SERVERNT.exe
548 svchost.exe
572 GMSService.exe
636 FrameworkServic.exe
696 Mcshield.exe
712 VsTskMgr.exe
800 sqlservr.exe
820 PERSFW.exe
856 regsvc.exe
868 RTVNC.exe
872 mstask.exe
908 SCRMnger.exe
1120 stisvc.exe
1160 WinMgmt.exe
1176 svchost.exe
2088 SDBMSS.exe
1964 explorer.exe
1448 shstat.exe
1556 UpdaterUI.exe
1652 internat.exe
2468 sqlmangr.exe
2800 SDBM.exe
2128 SDBM.exe
1836 SDBMSandboxHost.exe
2104 CerPassEmulator.exe
664 naPrdMgr.exe
1440 CMD.exe
1820 SDBMSandboxHost.exe
2776 mshta.exe
1596 mmc.exe
2068 fb_inet_server..exe
2420 gsec.exe
2164 fb_inet_server..exe
2520 DRWTSN32.exe
0 _Total.exe

(00400000 - 0041A000)
(77F80000 - 77FFC000)
(76620000 - 76631000)
(7C2D0000 - 7C335000)
(7C570000 - 7C623000)
(77D30000 - 77DA8000)
(77E10000 - 77E79000)
(77F40000 - 77F7C000)
(10000000 - 10074000)
(75030000 - 75044000)
(78000000 - 78045000)
(75020000 - 75028000)
(78130000 - 781CB000)
(75E60000 - 75E7A000)
(6CA60000 - 6CA68000)
(66650000 - 666A4000)
(69BF0000 - 69C0D000)
(77800000 - 7781E000)
(77950000 - 7797B000)
(75150000 - 75160000)
(77BF0000 - 77C01000)
(77980000 - 779A4000)
(75050000 - 75058000)
(7CDC0000 - 7CE13000)
(751C0000 - 751C6000)
(7C340000 - 7C34F000)
(7CE20000 - 7CF0F000)
(70A70000 - 70AD6000)
(782D0000 - 782F2000)
(7C740000 - 7C7CC000)
(77430000 - 77441000)
(77340000 - 77353000)
(77520000 - 77525000)
(77320000 - 77337000)
(779B0000 - 77A4B000)
(773B0000 - 773DF000)
(77380000 - 773A3000)
(77830000 - 7783E000)
(77880000 - 7790E000)
(7C0F0000 - 7C154000)
(774E0000 - 77514000)
(774C0000 - 774D1000)
(77530000 - 77552000)
(71710000 - 71794000)
(77360000 - 77379000)

State Dump for Thread Id 0xab0

eax=00d1000c ebx=00000012 ecx=0012ef88 edx=00d1000d esi=00d1000c edi=0012ed04
eip=1003faf0 esp=0012eca8 ebp=0012ed04 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206

function: <nosymbols>
1003fad2 e8714c0000 call 10044748
1003fad7 83c424 add esp,0x24
1003fada c3 ret
1003fadb 8b7608 mov esi,[esi+0x8] ds:01879ef2=????????
1003fade 85f6 test esi,esi
1003fae0 7505 jnz 1004b8e7
1003fae2 bed0c20510 mov esi,0x1005c2d0
1003fae7 8bc6 mov eax,esi
1003fae9 8d5001 lea edx,[eax+0x1] ds:01879ef2=????????
1003faec 8d642400 lea esp,[esp+0x0] ss:00c98b8f=????????
FAULT ->1003faf0 8a08 mov cl,[eax] ds:00d1000c=??
1003faf2 83c001 add eax,0x1
1003faf5 84c9 test cl,cl
1003faf7 75f7 jnz 100426f0
1003faf9 2bc2 sub eax,edx
1003fafb 3d00000100 cmp eax,0x10000
1003fb00 7605 jbe 1004b307
1003fb02 b800000100 mov eax,0x10000
1003fb07 8b17 mov edx,[edi] ds:0012ed04=1005ccf0
1003fb09 50 push eax
1003fb0a 8b02 mov eax,[edx] ds:00d1000d=????????
1003fb0c 56 push esi

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#⁠1 Param#⁠2 Param#⁠3 Param#⁠4 Function Name
0012ED04 00000400 0012F463 0012F460 0012F076 0012EF10 !<nosymbols>

*----> Raw Stack Dump <----*
0012eca8 a1 ed 12 00 a2 ed 12 00 - 04 ed 12 00 04 ed 12 00 ................
0012ecb8 bb 46 04 10 64 f0 12 00 - 90 ed 12 00 12 00 00 00 .F..d...........
0012ecc8 90 ed 12 00 00 00 00 00 - a9 28 fd 6a 7e fc 03 10 .........(.j~...
0012ecd8 04 ed 12 00 88 ef 12 00 - 64 f0 12 00 80 ef 12 00 ........d.......
0012ece8 24 00 00 00 20 00 00 00 - 52 fe 03 10 04 ed 12 00 $... ...R.......
0012ecf8 90 ed 12 00 80 ef 12 00 - 1d 29 fd 6a f0 cc 05 10 .........).j....
0012ed08 00 04 00 00 63 f4 12 00 - 60 f4 12 00 76 f0 12 00 ....c...`...v...
0012ed18 10 ef 12 00 a8 85 04 10 - 00 00 00 00 01 00 04 10 ................
0012ed28 64 f0 12 00 00 04 00 00 - 90 ed 12 00 80 ef 12 00 d...............
0012ed38 25 29 fd 6a 6c ef 12 00 - 00 04 00 00 64 f0 12 00 %).jl.......d...
0012ed48 40 f5 12 00 24 00 00 00 - be 03 41 00 00 00 00 00 @...$.....A.....
0012ed58 00 00 00 00 00 00 00 00 - e0 19 1c 78 34 00 00 00 ...........x4...
0012ed68 80 1b 1c 78 ec ef 12 00 - 34 00 00 00 6c e4 8c 00 ...x....4...l...
0012ed78 ff ff ff ff c3 03 41 00 - 00 00 00 00 00 00 00 00 ......A.........
0012ed88 00 00 00 00 00 00 00 00 - 6e 6f 20 70 65 72 6d 69 ........no permi
0012ed98 73 73 69 6f 6e 20 66 6f - 72 20 40 31 20 61 63 63 ssion for @1 acc
0012eda8 65 73 73 20 74 6f 20 40 - 32 20 40 33 00 00 00 00 ess to @2 @3....
0012edb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0012edc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0012edd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

A. No matter of auth used, display shows all users only to SYSDBA. When legacy auth is used, it shows to non-SYSDBA only current user. This is normal security measure, is not it?
When trusted auth is used, members of admin group are mapped to SYSDBA, and therefore can see all reecords in security database. But when ordinary user runs gsec with trusted auth, there is NO record for CURRENT user in security database, therefore nothing is displayed. I agree that better diagnostic can be added here, but unfortunately that's true for many places in FB.

B. Sorry, I can't reproduce AV in gsec. I get correct and well looking error:
:\FB\2.1\temp\debug\firebird\bin>gsec.exe
GSEC> di
GSEC> add some -pw xxx
An error occurred while attempting to add the user.
no permission for insert/write access to TABLE USERS
GSEC> ^Z
It will be of great help if you can download symbol tables for firebird ang get stack backtrace with symbolic names. I'll be glad to fix, but I can't reproduce!

C. gsec has no problems changing SYSDBA password in trusted auth provided you are a member of admin group.

D. Please add it (possibility to change the password for SYSDBA and then be able to continiue to use GSEC without restarting it) as a separate feature request to the tracker.

@firebird-automations
Copy link
Collaborator Author

Commented by: Svend Meyland Nicolaisen (smndk)

A. The user I am using is a member of the local Administrators group on the computer. It surdenly has administrative rights on the PC.
Why is an ordinary user allowed access to GSEC if it is not in the security database in the first place? (Not that it is a big issue to me. :-) )

B. I will try to produce a stack back trace later.

C. As A.

D. OK.

@firebird-automations
Copy link
Collaborator Author

Modified by: Svend Meyland Nicolaisen (smndk)

environment: Windows 2000, Windows XP.
ISC_USER and/or ISC_PASSWORD environment variables are not set.

=>

Windows 200
ISC_USER and/or ISC_PASSWORD environment variables are not set.

@firebird-automations
Copy link
Collaborator Author

Modified by: Svend Meyland Nicolaisen (smndk)

environment: Windows 200
ISC_USER and/or ISC_PASSWORD environment variables are not set.

=>

Windows 2000
ISC_USER and/or ISC_PASSWORD environment variables are not set.

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

gsec operation can be now successfully continued after SYSDBA's password change.

The rest of reported issues (AVs in gsec) are not reproduced.

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 2.5 Alpha 1 [ 10224 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pcisar

status: Resolved [ 5 ] => Closed [ 6 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

QA Status: No test

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants