Issue Details (XML | Word | Printable)

Key: CORE-4222
Type: Improvement Improvement
Status: Resolved Resolved
Resolution: Fixed
Priority: Minor Minor
Assignee: Dmitry Yemanov
Reporter: Pavel Zotov
Votes: 0
Watchers: 2
Operations

If you were logged in you would be able to see more operations.
Firebird Core

Provide ability to know which auth. method was applied for establishing connect

Created: 18/Sep/13 08:53 AM   Updated: 12/Jun/16 04:56 PM
Component/s: Engine, Security
Affects Version/s: 3.0 Alpha 1
Fix Version/s: 3.0 RC2

Issue Links:
Depend
 


 Description  « Hide
Currently we have few plugins for client authentification defined in firebird.conf:
#AuthClient = Srp, Win_Sspi, Legacy_Auth

When client-3.x is connecting to server-3.x the plugin that is selected can be known only if we take this config parameter and analyze it "from left to right".
For the purpoces of testing and debugging it will be useful if such info will appear in MON$-tables.

 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Simonov Denis added a comment - 13/Jan/14 08:29 AM
Please add the description of a new column in README.monitoring_tables

Dmitry Yemanov added a comment - 13/Jan/14 09:07 AM
Done.

Pavel Zotov added a comment - 10/Jul/15 01:40 PM
Reopened temply: usage of auth plugin `Win_Sspi` is NOT reflected in MON$ATTACHMENTS table.

Steps to reproduce:
1) change firebird.conf to default, connect as 'sysdba/masterkey';
2) issue: CREATE GLOBAL MAPPING TRUSTED_AUTH USING PLUGIN WIN_SSPI FROM ANY USER TO USER; EXIT;
3) change firebird.conf to:
AuthServer = Win_Sspi,Legacy_Auth,Srp
AuthClient = Win_Sspi,Legacy_Auth,Srp
4) restart FB and try to:

SQL> set list on;
SQL> select mon$user,mon$remote_host,mon$remote_os_user,mon$client_version,mon$auth_method
CON> from mon$attachments where mon$attachment_id = current_connection;

Output will be:

MON$USER CSPROG\ZOTOV
MON$REMOTE_HOST csprog
MON$REMOTE_OS_USER zotov
MON$CLIENT_VERSION WI-V3.0.0.31929 Firebird 3.0 Release Candidate 1
MON$AUTH_METHOD <null> ---------------------------------------------------------------------- expected: 'Win_Sspi' or like this.

PS. Letter to Alex: 09-JUL-2015 14:53.

Dmitry Yemanov added a comment - 02/Feb/16 10:56 AM
Pavel, please re-check your latest comment. I've just tested and see MON$AUTH_METHOD = "Mapped from Win_Sspi".

Pavel Zotov added a comment - 02/Feb/16 02:56 PM
> please re-check your latest comment. I've just tested and see MON$AUTH_METHOD = "Mapped from Win_Sspi".

On build 32311 I've replaced firebird.conf with default one and changed following parameters:
===
C:\MIX\firebird\fb30>findstr /r /c:"^[^#;]" firebird.conf
AuthServer = Win_Sspi,Legacy_Auth,Srp
AuthClient = Win_Sspi,Legacy_Auth,Srp
WireCrypt = Disabled
RemoteServicePort = 3333
===

Then I removed environment variables ISC_USER, ISC_PASSWORD, restrt FB and did:

C:\MIX\firebird\fb30>isql /3333:employee
Database: /3333:employee, User: CSPROG\ZOTOV
SQL> set list on;
SQL> select mon$user,mon$remote_host,mon$remote_os_user,mon$client_version,mon$auth_method
CON> from mon$attachments where mon$attachment_id = current_connection;

Result is:
=======

MON$USER CSPROG\ZOTOV
MON$REMOTE_HOST csprog
MON$REMOTE_OS_USER zotov
MON$CLIENT_VERSION WI-V3.0.0.32311 Firebird 3.0 Release Candidate 2
MON$AUTH_METHOD Mapped from Win_Sspi