Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FB3 (protocol 13) returns op_accept instead op_accept_data [CORE6063] #6313

Closed
firebird-automations opened this issue May 14, 2019 · 5 comments

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: @ibprovider

Assigned to: @ibprovider

This problem was detected by IBProvider builtin client to Firebird (not by fbclient.dll).

Reproduction:

1. Server config:

AuthServer=Legacy_Auth, Win_SSpi, Srp
WireCrypt=enabled

2. Client config:

AuthClient=Legacy_Auth, Win_SSpi, Srp
WireCrypt=disabled

3. Create NEW used "DBA-SRP" through SRP plugin:

CREATE USER "DBA-SRP" PASSWORD 'masterkey' USING PLUGIN Srp;

4. Connect to database with "DBA-SRP"

5. Server returns op_accept instead op_accept_data.

The problem located in "static bool accept_connection(rem_port* port, P_CNCT* connect, PACKET* send)" (server.cpp):

case IAuth::AUTH_CONTINUE:
HANDSHAKE_DEBUG(fprintf(stderr, "AUTH_CONTINUE\n"));
// try next plugin
plugins->next();
if (!plugins->hasData())
{
// failed
setErrorStatus(&status);
accepted = false;
loginFail(port->port_login, port->getRemoteId());
break;
}
port->port_srv_auth_block->setPluginName(plugins->name());
port->port_srv_auth_block->extractPluginName(&send->p_acpd.p_acpt_plugin);
break;

case IAuth::AUTH\_CONTINUE:
	HANDSHAKE\_DEBUG\(fprintf\(stderr, "AUTH\_CONTINUE\\n"\)\);
	// try next plugin
	plugins\-\>next\(\);
	if \(\!plugins\-\>hasData\(\)\)
	\{
		// failed
		setErrorStatus\(&status\);
		accepted = false;
		loginFail\(port\-\>port\_login, port\-\>getRemoteId\(\)\);
		break;
	\}
	port\-\>port\_srv\_auth\_block\-\>setPluginName\(plugins\-\>name\(\)\);
	port\-\>port\_srv\_auth\_block\-\>extractPluginName\(&send\-\>p\_acpd\.p\_acpt\_plugin\);

	/\* BUG FIX \*/ returnData = true; // <\-\- You forgot setup this flag

	break;

----
This code (by designe) should return the name of next auth-plugin. But does not return, because returnData was not set to true.

Commits: 450db65 d218864

@firebird-automations
Copy link
Collaborator Author

Modified by: @ibprovider

description: This problem was detected by IBProvider builtin client to Firebird (not by fbclient.dll).

Reproductions:

1. Server config:

AuthServer=Legacy_Auth, Win_SSpi, Srp
WireCrypt=enabled

2. Client config:

AuthClient=Legacy_Auth, Win_SSpi, Srp
WireCrypt=disabled

3. Create NEW used "DBA-SRP" through SRP plugin:

CREATE USER "DBA-SRP" PASSWORD 'masterkey' USING PLUGIN Srp;

4. Connect to database with "DBA-SRP"

5. Server returns op_accept instead op_accept_data.

The problem located in static bool accept_connection(rem_port* port, P_CNCT* connect, PACKET* send):

case IAuth::AUTH\_CONTINUE:
	HANDSHAKE\_DEBUG\(fprintf\(stderr, "AUTH\_CONTINUE\\n"\)\);
	// try next plugin
	plugins\-\>next\(\);
	if \(\!plugins\-\>hasData\(\)\)
	\{
		// failed
		setErrorStatus\(&status\);
		accepted = false;
		loginFail\(port\-\>port\_login, port\-\>getRemoteId\(\)\);
		break;
	\}
	port\-\>port\_srv\_auth\_block\-\>setPluginName\(plugins\-\>name\(\)\);
	port\-\>port\_srv\_auth\_block\-\>extractPluginName\(&send\-\>p\_acpd\.p\_acpt\_plugin\);

	/\* BUG FIX \*/ returnData = true; // <\-\- You forgot setup this flag

	break;

----
This code (by designe) should return the name of next auth-plugin. But does not return, because returnData was not set to true.

=>

This problem was detected by IBProvider builtin client to Firebird (not by fbclient.dll).

Reproduction:

1. Server config:

AuthServer=Legacy_Auth, Win_SSpi, Srp
WireCrypt=enabled

2. Client config:

AuthClient=Legacy_Auth, Win_SSpi, Srp
WireCrypt=disabled

3. Create NEW used "DBA-SRP" through SRP plugin:

CREATE USER "DBA-SRP" PASSWORD 'masterkey' USING PLUGIN Srp;

4. Connect to database with "DBA-SRP"

5. Server returns op_accept instead op_accept_data.

The problem located in static bool accept_connection(rem_port* port, P_CNCT* connect, PACKET* send):

case IAuth::AUTH\_CONTINUE:
	HANDSHAKE\_DEBUG\(fprintf\(stderr, "AUTH\_CONTINUE\\n"\)\);
	// try next plugin
	plugins\-\>next\(\);
	if \(\!plugins\-\>hasData\(\)\)
	\{
		// failed
		setErrorStatus\(&status\);
		accepted = false;
		loginFail\(port\-\>port\_login, port\-\>getRemoteId\(\)\);
		break;
	\}
	port\-\>port\_srv\_auth\_block\-\>setPluginName\(plugins\-\>name\(\)\);
	port\-\>port\_srv\_auth\_block\-\>extractPluginName\(&send\-\>p\_acpd\.p\_acpt\_plugin\);

	/\* BUG FIX \*/ returnData = true; // <\-\- You forgot setup this flag

	break;

----
This code (by designe) should return the name of next auth-plugin. But does not return, because returnData was not set to true.

@firebird-automations
Copy link
Collaborator Author

Modified by: @ibprovider

description: This problem was detected by IBProvider builtin client to Firebird (not by fbclient.dll).

Reproduction:

1. Server config:

AuthServer=Legacy_Auth, Win_SSpi, Srp
WireCrypt=enabled

2. Client config:

AuthClient=Legacy_Auth, Win_SSpi, Srp
WireCrypt=disabled

3. Create NEW used "DBA-SRP" through SRP plugin:

CREATE USER "DBA-SRP" PASSWORD 'masterkey' USING PLUGIN Srp;

4. Connect to database with "DBA-SRP"

5. Server returns op_accept instead op_accept_data.

The problem located in static bool accept_connection(rem_port* port, P_CNCT* connect, PACKET* send):

case IAuth::AUTH\_CONTINUE:
	HANDSHAKE\_DEBUG\(fprintf\(stderr, "AUTH\_CONTINUE\\n"\)\);
	// try next plugin
	plugins\-\>next\(\);
	if \(\!plugins\-\>hasData\(\)\)
	\{
		// failed
		setErrorStatus\(&status\);
		accepted = false;
		loginFail\(port\-\>port\_login, port\-\>getRemoteId\(\)\);
		break;
	\}
	port\-\>port\_srv\_auth\_block\-\>setPluginName\(plugins\-\>name\(\)\);
	port\-\>port\_srv\_auth\_block\-\>extractPluginName\(&send\-\>p\_acpd\.p\_acpt\_plugin\);

	/\* BUG FIX \*/ returnData = true; // <\-\- You forgot setup this flag

	break;

----
This code (by designe) should return the name of next auth-plugin. But does not return, because returnData was not set to true.

=>

This problem was detected by IBProvider builtin client to Firebird (not by fbclient.dll).

Reproduction:

1. Server config:

AuthServer=Legacy_Auth, Win_SSpi, Srp
WireCrypt=enabled

2. Client config:

AuthClient=Legacy_Auth, Win_SSpi, Srp
WireCrypt=disabled

3. Create NEW used "DBA-SRP" through SRP plugin:

CREATE USER "DBA-SRP" PASSWORD 'masterkey' USING PLUGIN Srp;

4. Connect to database with "DBA-SRP"

5. Server returns op_accept instead op_accept_data.

The problem located in "static bool accept_connection(rem_port* port, P_CNCT* connect, PACKET* send)" (server.cpp):

case IAuth::AUTH_CONTINUE:
HANDSHAKE_DEBUG(fprintf(stderr, "AUTH_CONTINUE\n"));
// try next plugin
plugins->next();
if (!plugins->hasData())
{
// failed
setErrorStatus(&status);
accepted = false;
loginFail(port->port_login, port->getRemoteId());
break;
}
port->port_srv_auth_block->setPluginName(plugins->name());
port->port_srv_auth_block->extractPluginName(&send->p_acpd.p_acpt_plugin);
break;

case IAuth::AUTH\_CONTINUE:
	HANDSHAKE\_DEBUG\(fprintf\(stderr, "AUTH\_CONTINUE\\n"\)\);
	// try next plugin
	plugins\-\>next\(\);
	if \(\!plugins\-\>hasData\(\)\)
	\{
		// failed
		setErrorStatus\(&status\);
		accepted = false;
		loginFail\(port\-\>port\_login, port\-\>getRemoteId\(\)\);
		break;
	\}
	port\-\>port\_srv\_auth\_block\-\>setPluginName\(plugins\-\>name\(\)\);
	port\-\>port\_srv\_auth\_block\-\>extractPluginName\(&send\-\>p\_acpd\.p\_acpt\_plugin\);

	/\* BUG FIX \*/ returnData = true; // <\-\- You forgot setup this flag

	break;

----
This code (by designe) should return the name of next auth-plugin. But does not return, because returnData was not set to true.

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 3.0.5 [ 10885 ]

Fix Version: 4.0 Beta 2 [ 10888 ]

@firebird-automations
Copy link
Collaborator Author

Commented by: @ibprovider

Tested. Problem is solved. Thanks :)

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

assignee: Kovalenko Dmitry [ _dima_k_ ]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment