Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Can't connect to the FB 3 server with AuthServer = Legacy_Auth. [JDBC460] #499

Closed
firebird-automations opened this issue Nov 25, 2016 · 13 comments

Comments

@firebird-automations
Copy link

Submitted by: John Kilin (johnkilin)

I try to connect with Jaybird-3.0.0-beta-1-JDK_1.8 to the FB 3 server with configuration parameters:
AuthServer = Legacy_Auth
UserManager = Legacy_UserManager
and receive error:
Caused by: java.sql.SQLException: Your user name and password are not defined. Ask your database administrator to set up a Firebird login. [SQLState:28000, ISC error code:335544472]
at org.firebirdsql.gds.ng.FbExceptionBuilder$Type$1.createSQLException(FbExceptionBuilder.java:479)
at org.firebirdsql.gds.ng.FbExceptionBuilder.toFlatSQLException(FbExceptionBuilder.java:293)
at org.firebirdsql.gds.ng.wire.AbstractWireOperations.readStatusVector(AbstractWireOperations.java:132)
at org.firebirdsql.gds.ng.wire.AbstractWireOperations.processOperation(AbstractWireOperations.java:196)
at org.firebirdsql.gds.ng.wire.AbstractWireOperations.readOperationResponse(AbstractWireOperations.java:155)
at org.firebirdsql.gds.ng.wire.version13.V13WireOperations.authReceiveResponse(V13WireOperations.java:105)
at org.firebirdsql.gds.ng.wire.version10.V10Database.authReceiveResponse(V10Database.java:566)
at org.firebirdsql.gds.ng.wire.version10.V10Database.attachOrCreate(V10Database.java:110)
at org.firebirdsql.gds.ng.wire.version10.V10Database.attach(V10Database.java:80)
at org.firebirdsql.jca.FBManagedConnection.<init>(FBManagedConnection.java:148)
at org.firebirdsql.jca.FBManagedConnectionFactory.createManagedConnection(FBManagedConnectionFactory.java:520)
at org.firebirdsql.jca.FBStandAloneConnectionManager.allocateConnection(FBStandAloneConnectionManager.java:65)
at org.firebirdsql.jdbc.FBDataSource.getConnection(FBDataSource.java:117)
at org.firebirdsql.jdbc.FBDriver.connect(FBDriver.java:137)

Commits: 61164a7 9557371 0a4b6de

@firebird-automations
Copy link
Author

Commented by: @mrotteveel

Which Firebird version are you using, if Firebird 3.0.0, make sure that the user **only** exists for Legacy_Auth.

@firebird-automations
Copy link
Author

Commented by: John Kilin (johnkilin)

Server Version LI-V6.3.1.32609 Firebird 3.0

OK, i check but why i have no problem when connect by fbclient or jaybird 2.2.11?

@firebird-automations
Copy link
Author

Commented by: John Kilin (johnkilin)

I try "the user **only** exists for Legacy_Auth" I still get the error.

@firebird-automations
Copy link
Author

Commented by: @mrotteveel

I will see if I can reproduce this, because I realize that I have recently only tested it with AuthServer=Srp,Legacy_Auth, and not with only AuthServer=Legacy_Auth.

@firebird-automations
Copy link
Author

Commented by: @mrotteveel

I can reproduce it when AuthServer=Legacy_Auth, but it works OK when AuthServer=Srp,Legacy_Auth.

I'll need to investigate this further, but changing to AuthServer=Srp,Legacy_Auth (and restarting Firebird) is the workaround.

The reason it works fine with Jaybird 2.2.11 is that Jaybird 2.2.11 and earlier only supports wire protocol version 10 and the legacy legacy authentication (not a typo), while Jaybird 3 has a fundamentally rewritten implementation to support wire protocol versions 10, 11, 12, and 13. For version 13 (Firebird 3), the method of authentication has also changed significantly to support multiple authentication plugins, and it looks like Jaybird is doing something wrong there when Firebird does not have Srp in the list of supported authentication plugins.

@firebird-automations
Copy link
Author

Modified by: @mrotteveel

Version: Jaybird 3.0.0-beta-1 [ 10801 ]

Fix Version: Jaybird 3.0 [ 10440 ]

Version: Jaybird 3.0 [ 10440 ] =>

@firebird-automations
Copy link
Author

Commented by: John Kilin (johnkilin)

I get by Wireshark the attach packets:
fbclient.dll
0000 00 00 00 13 00 00 00 00 00 00 00 06 4f 4c 41 50 ............OLAP
0010 4a 4b 00 00 00 00 00 6d 01 4a 2d 43 3a 5c 50 72 JK.....m.J-C:\Pr
0020 6f 67 72 61 6d 20 46 69 6c 65 73 20 28 78 38 36 ogram Files (x86
0030 29 5c 49 42 20 45 78 70 65 72 74 5c 69 62 65 78 )\IB Expert\ibex
0040 70 65 72 74 2e 65 78 65 50 1c 57 49 2d 56 33 2e pert.exeP.WI-V3.
0050 30 2e 31 2e 33 32 35 39 30 20 46 69 72 65 62 69 0.1.32590 Firebi
0060 72 64 20 33 2e 30 3e 00 4d 00 1c 04 4a 4f 48 4e rd 3.0>.M...JOHN
0070 3a 04 00 00 00 00 47 04 d8 13 00 00 30 07 57 49 :.....G.....0.WI
0080 4e 31 32 35 31 00 00 00 N1251...

jaybird 3.0.0
0000 00 00 00 13 00 00 00 00 00 00 00 06 4f 4c 41 50 ............OLAP
0010 4a 4b 20 20 00 00 00 81 02 4d 04 00 00 00 01 00 JK .....M......
0020 00 00 30 04 00 00 00 55 54 46 38 1c 04 00 00 00 ..0....UTF8.....
0030 4a 4f 48 4e 56 0b 00 00 00 4c 65 67 61 63 79 5f JOHNV....Legacy_
0040 41 75 74 68 55 0b 00 00 00 4c 65 67 61 63 79 5f AuthU....Legacy_
0050 41 75 74 68 54 16 00 00 00 33 34 36 46 33 35 34 AuthT....346F354
0060 34 35 30 35 38 36 34 33 34 34 44 36 32 33 32 3f 4505864344D6232?
0070 04 00 00 00 03 00 00 00 50 1c 00 00 00 4a 61 79 ........P....Jay
0080 62 69 72 64 20 33 2e 30 2e 30 2d 62 65 74 61 2d bird 3.0.0-beta-
0090 31 2d 4a 44 4b 5f 31 2e 38 00 00 00 1-JDK_1.8...

It's very different.

@firebird-automations
Copy link
Author

Commented by: John Kilin (johnkilin)

And yes with AuthServer=Srp,Legacy_Auth no errors.

@firebird-automations
Copy link
Author

Commented by: @mrotteveel

I found the problem. When adding the authentication information to the DPB, the authentication bytes were always converted to a hexadecimal string, but this only has to happen for the SRP authentication data, and not for legacy auth. This works OK when both Srp and Legacy_Auth are enabled on the server, because then the legacy auth is done in an authentication continuation packet, and not through the DPB.

The differences you observed in the attach packets is because Jaybird will always use DPB version 2 with wire protocol 13, but fbclient will initially start with DPB version 1, and only upgrade to DPB version 2 if it is really necessary, and the order of DPB items and actual DPB items in the packet differ.

I will probably release a beta-2 later this (or next) week. Let me know if you want a snapshot for testing.

@firebird-automations
Copy link
Author

Modified by: @mrotteveel

Fix Version: Jaybird 3.0.0-beta-2 [ 10802 ]

@firebird-automations
Copy link
Author

Modified by: @mrotteveel

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

@firebird-automations
Copy link
Author

Commented by: John Kilin (johnkilin)

Thanks! I'll wait for the beta-2.

@firebird-automations
Copy link
Author

Modified by: @mrotteveel

status: Resolved [ 5 ] => Closed [ 6 ]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment