Error retrieving current user name when using Windows trusted authentication and OS user name contains non-ASCII characters [CORE4885] #5179
Comments
Modified by: @pavel-zotovAttachment: trusted-auth-with-non-ascii-chars-in-os-user-name.png [ 12783 ] Attachment: srp-auth-with-non-ascii-chars-in-SQL-user-name.png [ 12784 ] |
Modified by: @pavel-zotovsummary: Trusted auth. does not workwhen OS user name contains non-ascii characters (rather than Srp auth which does work fine in that case for SQL login) => Trusted auth. does not work when OS user name contains non-ascii characters (rather than Srp auth which does work fine in that case for SQL login) |
Modified by: @AlexPeshkoffassignee: Alexander Peshkov [ alexpeshkoff ] |
Modified by: @dyemanovFix Version: 3.0.0 [ 10048 ] |
Modified by: @dyemanovsummary: Trusted auth. does not work when OS user name contains non-ascii characters (rather than Srp auth which does work fine in that case for SQL login) => Error retrieving current user name when using Windows trusted authentication and OS user name contains non-ASCII characters |
|
Commented by: @dyemanov In order to test this ticket, a shorter OS user name must be used. Trusted authentication prepends the user name with a host/domain name - <host>\<user> - and keep in mind that UTF8 representation of "ВасисуалийПупка" is longer. Both these reasons may cause an error during connection time: "login is longer than 31 bytes". I've been testing with "Васисуалий" and it worked. |
Modified by: @pavel-zotovstatus: Resolved [ 5 ] => Resolved [ 5 ] QA Status: No test => Cannot be tested |
Submitted by: @pavel-zotov
Attachments:
trusted-auth-with-non-ascii-chars-in-os-user-name.png
srp-auth-with-non-ascii-chars-in-SQL-user-name.png
Votes: 1
On snapshot with non-initialized security3.fdb and default firebird.conf do:
C:\...> gsec -display -database .\security3.fdb
Install incomplete, please read the Compatibility chapter in the release notes for this version
C:\...> echo create user SYSDBA password 'masterkey'; show users; | isql -user sysdba .\security3.fdb
Users in the database
2 #SYSDBA
Than:
C:\...> isql localhost/3050:employee -q
SQL> CREATE GLOBAL MAPPING TRUSTED_AUTH USING PLUGIN WIN_SSPI FROM ANY USER TO USER;
SQL> exit;
Than firebird.conf was changed: AuthServer and AuthClient were replaced with `Win_Sspi` at the start of their values:
RemoteServicePort = 3330
Servermode = SuperClassic
AuthServer = Win_Sspi,Srp,Legacy_Auth
AuthClient = Win_Sspi,Srp,Legacy_Auth
WireCrypt = Disabled
UserManager = Srp
TempDirectories = c:\temp
MaxUserTraceLogSize = 99999
FileSystemCacheThreshold = 65536K
LockHashSlots = 22111
TempCacheLimit = 2147483647
-- and FB service was restarted.
After that OS user with cyrillic characters has been created on that host, his name is: "ВасисуалийПупка", after that Windows session was restarted with this user name.
Trying to connect to database 'employee' using OS authentification fails in this case - see attached file "trusted-auth-with-non-ascii-chars-in-os-user-name.png".
If undo changes in firebird.conf and try to create SQL login with non-ascii characters and connect using it - all OK, see file "srp-auth-with-non-ascii-chars-in-SQL-user-name.png" (but there is one question about MON$REMOTE_OS_USER - see this screenshot).
Commits: 881c796 FirebirdSQL/fbt-repository@de2c331
The text was updated successfully, but these errors were encountered: