Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Win_Sspi in the list of auth plugins leads message about failed login to be changed (from 'Your user name and password are not defined...' to 'Missing security context ...') [CORE6134] #6383

Closed
firebird-automations opened this issue Sep 3, 2019 · 7 comments

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: @pavel-zotov

Consider two sets of parameter in firebird.conf:
case-1:

AuthServer = Legacy_Auth, Srp
AuthClient = Legacy_Auth, Srp
WireCompression = false
WireCrypt = Enabled

case-2:

AuthServer = Legacy_Auth, Srp, Win_Sspi
AuthClient = Legacy_Auth, Srp, Win_Sspi
WireCompression = false
WireCrypt = Enabled

Run this script with both set:

set heading off;
set term ^;
execute block returns \(whoami varchar\(32\)\) as 
begin 
    execute statement 'select current\_user from rdb$database' 
        as user 'SYSDBA' 
        password 'fullyWrong'  \-\- or use here some other password that is for sure invalid
    into whoami; 
    suspend; 
end
^

=====

In case-1 we get:

Statement failed, SQLSTATE = 28000
Your user name and password are not defined\. Ask your database administrator to set up a Firebird login\.

In trace such error looks like this:
2019-09-03T07:10:20.3400 (1680:0000000004050640) ERROR AT JResultSet::fetchNext
e30 (ATT_98, SYSDBA:NONE, NONE, TCPv4:10.1.1.2/56669)
C:\FB\30SS\isql.exe:4676
335544472 : Your user name and password are not defined. Ask your database administrator to set up a Firebird login.

In case-2 we get:

Statement failed, SQLSTATE = 28000
Missing security context for C:\\FBTESTING\\qa\\misc\\e30\.fdb

In trace error will be written as:
2019-09-03T07:12:36.6600 (2072:0000000004EA0640) ERROR AT JResultSet::fetchNext
e30 (ATT_103, SYSDBA:NONE, NONE, TCPv4:10.1.1.2/56687)
C:\FB\30SS\isql.exe:2428
335545060 : Missing security context for C:\FBTESTING\qa\misc\e30.fdb

Checked on: WI-V3.0.5.33162

PS. It seems that this is regression and it appeared in 3.0.5.33161, date 24.07.19 (there was no such difference in build 3.0.5.33157, date 20.07.19).

Commits: e5866c9 d8f449d

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

assignee: Alexander Peshkov [ alexpeshkoff ]

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

Please recheck when new snapshot is ready

@firebird-automations
Copy link
Collaborator Author

Commented by: @pavel-zotov

Checked on today's snapshot ( 4.0.0.1575 0 - the problem still exists.
It seems that bug appears only when we try to run ES and, moreover, if we do this *without* specifying external data source.
It is only 'AuthClient' parameter that affects on this:

1) AuthClient = Legacy_Auth,Srp
--vs--
2) AuthClient = Legacy_Auth,Srp ,Win_Sspi

This is sligtly modified script which shows difference:

set heading off;
set echo on;

connect localhost:employee user 'sysdba' password 'masterkey';
rollback;
connect localhost:employee user 'sysdba' password 'totallywr0ng';
rollback;

connect localhost:employee user 'sysdba' password 'masterkey';

set term ^;
-- WITH EDS:
execute block returns (whoami varchar(32)) as
begin
execute statement 'select current_user from rdb$database'
on external 'localhost:' || rdb$get_context('SYSTEM', 'DB_NAME')
as user current_user
password 'totallywr0ng' -- or use here some other password that is for sure invalid
into whoami;
suspend;
end
^

-- WITHOUT EDS:
execute block returns (whoami varchar(32)) as
begin
execute statement 'select current_user from rdb$database'
as user current_user
password 'totallywr0ng' -- or use here some other password that is for sure invalid
into whoami;
suspend;
end
^

LAST execute block from this script (marked as "without eds") will issue:

1) for AuthClient = Legacy_Auth,Srp:

Statement failed, SQLSTATE = 28000
Your user name and password are not defined. Ask your database administrator to set up a Firebird login.

2) for AuthClient = Legacy_Auth,Srp ,Win_Sspi:

Statement failed, SQLSTATE = 28000
Missing security context for C:\FB\40SS\examples\empbuild\employee.fdb

PS.

No such error on today's snapshot WI-V3.0.5.33168, its last EB issues "Your user name and password are not defined" (checked SS and CS).
So, only 4.0 is affected.

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

> PS. No such error on today's snapshot WI-V3.0.5.33168

I.e. you confirm a fix - it was done initially only for FB3. Will frontport now.

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 3.0.5 [ 10885 ]

Fix Version: 4.0 Beta 2 [ 10888 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

status: Resolved [ 5 ] => Resolved [ 5 ]

QA Status: No test => Done successfully

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

status: Resolved [ 5 ] => Closed [ 6 ]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants