Issue Details (XML | Word | Printable)

Key: CORE-6038
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Alexander Peshkov
Reporter: Artyom Smirnov
Votes: 0
Watchers: 4
Operations

If you were logged in you would be able to see more operations.
Firebird Core

Srp user manager sporadically creates users which can not attach

Created: 29/Mar/19 12:07 PM   Updated: 11/Jun/19 05:36 PM
Component/s: Engine
Affects Version/s: 3.0.4
Fix Version/s: 3.0.5, 4.0 Beta 2

Environment: Ubuntu 18.10 x86_64, Cent OS 6/7 x86_64

QA Status: Done successfully


 Description  « Hide
To reproduce this bug enough to create user/try to login/drop user many times.

I digged into Srp manager and found it happen with some "magic" salts. For example: AE7A9732FB795098A4ECE3CE28BD01C4363E870F9AD399AFBEE2CBC6FBB30580

If you try to set this constant salt in SrpManagement.cpp all newly created users will be unable to authenticate (SrpServer.cpp: SrpServer::authenticate "if (clientProof == serverProof)" always false).

Reproducing script:

#!/bin/bash

BIN=/opt/firebird/bin/
DBPATH=/tmp/test
DB=localhost:$DBPATH

cat << EOF > /tmp/prepare
create database '$DB' user sysdba password 'masterkey';
drop user test;
EOF

cat << EOF > /tmp/sql
connect '$DB' user sysdba password 'masterkey';
create user test password 'test';
connect '$DB' user test password 'test';
connect '$DB' user sysdba password 'masterkey';
drop user test;
EOF

rm $DBPATH
$BIN/isql -i /tmp/prepare

set -e

while true; do
$BIN/isql -b -i /tmp/sql
done


 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
There are no subversion log entries for this issue yet.