firebird/firebird-mirror
firebird/firebird-mirror
8
0
Fork 1
mirror of https://github.com/FirebirdSQL/firebird.git synced 2025-01-23 10:03:03 +01:00
Code Issues

Authentication handshake improvements and fixes. Make debug output better readable.

Browse Source
This commit is contained in:
alexpeshkoff 2013-06-24 08:39:29 +00:00
parent b813a35d33
commit 1de6b3de52
6 changed files with 95 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/auth/SecureRemotePassword/client/SrpClient.cpp
View File

@ -64,7 +64,7 @@ int SrpClient::authenticate(IStatus* status, IClientBlock* cb)
if (!client)
{
HANDSHAKE_DEBUG(fprintf(stderr, "Client: SRP1: login=%s password=%s\n", cb->getLogin(), cb->getPassword()));
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: SRP phase1: login=%s password=%s\n", cb->getLogin(), cb->getPassword()));
if (!(cb->getLogin() && cb->getPassword()))
{
return AUTH_CONTINUE;
@ -77,9 +77,13 @@ int SrpClient::authenticate(IStatus* status, IClientBlock* cb)
return status->isSuccess() ? AUTH_MORE_DATA : AUTH_FAILED;
}
HANDSHAKE_DEBUG(fprintf(stderr, "Client: SRP2\n"));
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: SRP phase2\n"));
unsigned int length;
const unsigned char* saltAndKey = cb->getData(&length);
if (!saltAndKey || length == 0)
{
(Arg::Gds(isc_random) << "Missing data from server").raise();
}
if (length > (RemotePassword::SRP_SALT_SIZE + RemotePassword::SRP_KEY_SIZE + 2) * 2)
{
string msg;

14
src/auth/SecureRemotePassword/server/SrpServer.cpp
View File

@ -86,7 +86,7 @@ int SrpServer::authenticate(IStatus* status, IServerBlock* sb, IWriter* writerIn
{
if (!server)
{
HANDSHAKE_DEBUG(fprintf(stderr, "Srv SRP1\n"));
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: SRP phase1\n"));
if (!sb->getLogin())
{
@ -102,7 +102,7 @@ int SrpServer::authenticate(IStatus* status, IServerBlock* sb, IWriter* writerIn
if (!clientPubKey.hasData())
{
HANDSHAKE_DEBUG(fprintf(stderr, "Srv SRP: empty pubkey AUTH_MORE_DATA\n"));
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: SRP: empty pubkey AUTH_MORE_DATA\n"));
return AUTH_MORE_DATA;
}
@ -133,7 +133,7 @@ int SrpServer::authenticate(IStatus* status, IServerBlock* sb, IWriter* writerIn
{
status_exception::raise(status->get());
}
HANDSHAKE_DEBUG(fprintf(stderr, "Srv SRP1: attached sec db %s\n", secDbName));
HANDSHAKE_DEBUG(fprintf(stderr, "Srv SRP: attached sec db %s\n", secDbName));
const UCHAR tpb[] =
{
@ -148,7 +148,7 @@ int SrpServer::authenticate(IStatus* status, IServerBlock* sb, IWriter* writerIn
{
status_exception::raise(status->get());
}
HANDSHAKE_DEBUG(fprintf(stderr, "Srv SRP1: started transaction\n"));
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: SRP1: started transaction\n"));
const char* sql = "SELECT PLG$VERIFIER, PLG$SALT FROM PLG$SRP WHERE PLG$USER_NAME = ?";
stmt = att->prepare(status, tra, 0, sql, 3, IStatement::PREPARE_PREFETCH_METADATA);
@ -185,14 +185,14 @@ int SrpServer::authenticate(IStatus* status, IServerBlock* sb, IWriter* writerIn
}
Field<Varying> verify(dat);
Field<Varying> slt(dat);
HANDSHAKE_DEBUG(fprintf(stderr, "Srv SRP1: Ready to run statement with login '%s'\n", account.c_str()));
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: SRP1: Ready to run statement with login '%s'\n", account.c_str()));
stmt->execute(status, tra, par.metadata, par.buffer, dat.metadata, dat.buffer);
if (!status->isSuccess())
{
status_exception::raise(status->get());
}
HANDSHAKE_DEBUG(fprintf(stderr, "Srv SRP1: Executed statement\n"));
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: SRP1: Executed statement\n"));
stmt->free(status);
if (!status->isSuccess())
@ -260,7 +260,7 @@ int SrpServer::authenticate(IStatus* status, IServerBlock* sb, IWriter* writerIn
unsigned int length;
const unsigned char* val = sb->getData(&length);
HANDSHAKE_DEBUG(fprintf(stderr, "Srv SRP2, data length is %d\n", length));
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: SRP: phase2, data length is %d\n", length));
string proof;
proof.assign(val, length);
BigInteger clientProof(proof.c_str());

41
src/remote/client/interface.cpp
View File

@ -6140,7 +6140,7 @@ static void info(IStatus* status,
{
// Probably communicate with services auth
fb_assert(cBlock);
HANDSHAKE_DEBUG(fprintf(stderr, "info() calls authReceiveResponse\n"));
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: info() calls authReceiveResponse\n"));
authReceiveResponse(*cBlock, rdb->rdb_port, rdb, status, packet, false);
}
else
@ -6180,7 +6180,7 @@ static void authFillParametersBlock(ClntAuthBlock& cBlock, ClumpletWriter& dpb,
{
case Auth::AUTH_SUCCESS:
case Auth::AUTH_MORE_DATA:
HANDSHAKE_DEBUG(fprintf(stderr, "FPB: plugin %s is OK\n", cBlock.plugins.name()));
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: authFillParametersBlock: plugin %s is OK\n", cBlock.plugins.name()));
cleanDpb(dpb, tags);
cBlock.extractDataFromPluginTo(dpb, tags, port->port_protocol);
return;
@ -6189,12 +6189,12 @@ static void authFillParametersBlock(ClntAuthBlock& cBlock, ClumpletWriter& dpb,
continue;
case Auth::AUTH_FAILED:
HANDSHAKE_DEBUG(fprintf(stderr, "FPB: plugin %s FAILED\n", cBlock.plugins.name()));
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: authFillParametersBlock: plugin %s FAILED\n", cBlock.plugins.name()));
(Arg::Gds(isc_login) << Arg::StatusVector(s.get())).raise();
break; // compiler silencer
}
}
HANDSHAKE_DEBUG(fprintf(stderr, "FPB: try next plugin, %s skipped\n", cBlock.plugins.name()));
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: authFillParametersBlock: try next plugin, %s skipped\n", cBlock.plugins.name()));
}
}
@ -6244,7 +6244,7 @@ static void authReceiveResponse(ClntAuthBlock& cBlock, rem_port* port, Rdb* rdb,
switch(packet->p_operation)
{
case op_trusted_auth:
HANDSHAKE_DEBUG(fprintf(stderr, "RR:TA\n"));
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: authReceiveResponse: trusted_auth\n"));
d = &packet->p_trau.p_trau_data;
break;
@ -6252,14 +6252,14 @@ static void authReceiveResponse(ClntAuthBlock& cBlock, rem_port* port, Rdb* rdb,
d = &packet->p_auth_cont.p_data;
n = &packet->p_auth_cont.p_name;
port->addServerKeys(&packet->p_auth_cont.p_keys);
HANDSHAKE_DEBUG(fprintf(stderr, "RR:CA d=%d n=%d '%.*s' 0x%x\n", d->cstr_length, n->cstr_length,
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: authReceiveResponse: ont_auth d=%d n=%d '%.*s' 0x%x\n", d->cstr_length, n->cstr_length,
n->cstr_length, n->cstr_address, n->cstr_address ? n->cstr_address[0] : 0));
break;
case op_crypt:
fb_assert(!checkKeys);
{
HANDSHAKE_DEBUG(fprintf(stderr, "RR: Crypt answer\n"));
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: authReceiveResponse: Crypt answer\n"));
CSTRING* tmpKeys = REMOTE_dup_string(&packet->p_crypt.p_key);
// it was start crypt packet, receive next one
receive_response(status, rdb, packet);
@ -6276,10 +6276,10 @@ static void authReceiveResponse(ClntAuthBlock& cBlock, rem_port* port, Rdb* rdb,
return;
default:
HANDSHAKE_DEBUG(fprintf(stderr, "RR: Default answer\n"));
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: authReceiveResponse: Default answer\n"));
REMOTE_check_response(status, rdb, packet, checkKeys);
// successfully attached
HANDSHAKE_DEBUG(fprintf(stderr, "RR: OK!\n"));
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: authReceiveResponse: OK!\n"));
rdb->rdb_id = packet->p_resp.p_resp_object;
// try to start crypt
@ -6372,7 +6372,7 @@ static void init(IStatus* status, ClntAuthBlock& cBlock, rem_port* port, P_OP op
const ParametersSet* const ps = (op == op_service_attach ? &spbParam : &dpbParam);
HANDSHAKE_DEBUG(fprintf(stderr, "init calls authFillParametersBlock\n"));
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: init calls authFillParametersBlock\n"));
authFillParametersBlock(cBlock, dpb, ps, port);
port->port_client_crypt_callback = cryptCallback;
@ -7317,7 +7317,7 @@ static void svcstart(IStatus* status,
}
else
{
HANDSHAKE_DEBUG(fprintf(stderr, "start calls authFillParametersBlock\n"));
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: svcstart calls authFillParametersBlock\n"));
authFillParametersBlock(cBlock, send, &spbStartParam, rdb->rdb_port);
}
@ -7505,12 +7505,12 @@ void ClntAuthBlock::extractDataFromPluginTo(Firebird::ClumpletWriter& dpb,
}
dpb.insertPath(tags->plugin_list, pluginList);
firstTime = false;
HANDSHAKE_DEBUG(fprintf(stderr, "first time - added plugName & pluginList\n"));
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: extractDataFromPluginTo: first time - added plugName & pluginList\n"));
}
fb_assert(tags->specific_data);
dpb.insertBytes(tags->specific_data, dataFromPlugin.begin(), dataFromPlugin.getCount());
HANDSHAKE_DEBUG(fprintf(stderr, "Added %" SIZEFORMAT " bytes of spec data with tag %d\n",
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: extractDataFromPluginTo: Added %" SIZEFORMAT " bytes of spec data with tag %d\n",
dataFromPlugin.getCount(), tags->specific_data));
return;
@ -7548,7 +7548,7 @@ void ClntAuthBlock::loadClnt(Firebird::ClumpletWriter& dpb, const ParametersSet*
{
dpb.getString(userName);
makeUtfString(uft8Convert, userName);
HANDSHAKE_DEBUG(fprintf(stderr, "Loaded from PB user = %s\n", userName.c_str()));
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: loadClnt: Loaded from PB user = %s\n", userName.c_str()));
userName.upper();
}
else if (t == tags->password)
@ -7556,12 +7556,12 @@ void ClntAuthBlock::loadClnt(Firebird::ClumpletWriter& dpb, const ParametersSet*
makeUtfString(uft8Convert, password);
dpb.getString(password);
dpb.deleteClumplet();
HANDSHAKE_DEBUG(fprintf(stderr, "Loaded from PB password = %s\n", password.c_str()));
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: loadClnt: Loaded from PB password = %s\n", password.c_str()));
}
else if (t == tags->encrypt_key)
{
hasCryptKey = true;
HANDSHAKE_DEBUG(fprintf(stderr, "PB contains crypt key - need encrypted line to pass\n"));
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: loadClnt: PB contains crypt key - need encrypted line to pass\n"));
}
}
}
@ -7579,10 +7579,11 @@ void ClntAuthBlock::extractDataFromPluginTo(P_AUTH_CONT* to)
PathName pluginName = getPluginName();
to->p_name.cstr_length = (ULONG) pluginName.length();
to->p_name.cstr_address = (UCHAR*) pluginName.c_str();
to->p_name.cstr_allocated = 0;
to->p_name.cstr_address = FB_NEW(*getDefaultMemoryPool()) UCHAR[to->p_name.cstr_length];
to->p_name.cstr_allocated = to->p_name.cstr_length;
memcpy(to->p_name.cstr_address, pluginName.c_str(), to->p_name.cstr_length);
HANDSHAKE_DEBUG(fprintf(stderr, "extractDataFromPluginTo added plugin name (%d) and data (%d)\n",
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: extractDataFromPluginTo: added plugin name (%d) and data (%d)\n",
to->p_name.cstr_length, to->p_data.cstr_length));
if (firstTime)
@ -7590,7 +7591,7 @@ void ClntAuthBlock::extractDataFromPluginTo(P_AUTH_CONT* to)
to->p_list.cstr_length = (ULONG) pluginList.length();
to->p_list.cstr_address = (UCHAR*) pluginList.c_str();
to->p_list.cstr_allocated = 0;
HANDSHAKE_DEBUG(fprintf(stderr, "extractDataFromPluginTo added plugin list (%d len) to packet\n",
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: extractDataFromPluginTo: added plugin list (%d len) to packet\n",
to->p_list.cstr_length));
firstTime = false;
}

8
src/remote/remote.cpp
View File

@ -1021,7 +1021,7 @@ void ClntAuthBlock::extractDataFromPluginTo(Firebird::ClumpletWriter& user_id)
// Add user login name
if (userName.hasData())
{
HANDSHAKE_DEBUG(fprintf(stderr, "extractDataFromPluginTo: userName=%s\n", userName.c_str()));
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: extractDataFromPluginTo: userName=%s\n", userName.c_str()));
user_id.insertString(CNCT_login, userName);
}
@ -1029,7 +1029,7 @@ void ClntAuthBlock::extractDataFromPluginTo(Firebird::ClumpletWriter& user_id)
Firebird::PathName pluginName = getPluginName();
if (pluginName.hasData())
{
HANDSHAKE_DEBUG(fprintf(stderr, "extractDataFromPluginTo: pluginName=%s\n", pluginName.c_str()));
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: extractDataFromPluginTo: pluginName=%s\n", pluginName.c_str()));
user_id.insertPath(CNCT_plugin_name, pluginName);
}
@ -1112,7 +1112,7 @@ void ClntAuthBlock::resetClnt(const Firebird::PathName* fileName, const CSTRING*
if (merged.getCount() == 0)
{
HANDSHAKE_DEBUG(fprintf(stderr, "No matching plugins on client\n"));
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: No matching plugins on client\n"));
(Firebird::Arg::Gds(isc_login)
#ifdef DEV_BUILD
<< Firebird::Arg::Gds(isc_random) << "No matching plugins on client"
@ -1138,7 +1138,7 @@ Firebird::RefPtr<Config>* ClntAuthBlock::getConfig()
void ClntAuthBlock::storeDataForPlugin(unsigned int length, const unsigned char* data)
{
dataForPlugin.assign(data, length);
HANDSHAKE_DEBUG(fprintf(stderr, "Cln: accepted data for plugin length=%d\n", length));
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: accepted data for plugin length=%d\n", length));
}
Firebird::RefPtr<Config> REMOTE_get_config(const Firebird::PathName* dbName,

3
src/remote/remote.h
View File

@ -581,7 +581,7 @@ class ServerAuthBase
{
public:
virtual ~ServerAuthBase();
virtual bool authenticate(PACKET* send) = 0;
virtual bool authenticate(PACKET* send, bool cont = false) = 0;
};
class ServerCallbackBase
@ -739,6 +739,7 @@ public:
void setDataForPlugin(const p_auth_continue* data);
void reset();
bool extractNewKeys(CSTRING* to, bool flagPlugList = false);
bool hasDataForPlugin();
// Auth::IServerBlock implementation
int FB_CARG release();

90
src/remote/server/server.cpp
View File

@ -235,6 +235,7 @@ public:
userName(getPool()),
authServer(NULL),
tags(&aTags),
hopsCount(0),
authPort(port),
dbName(getPool())
{
@ -243,7 +244,7 @@ public:
authPort->port_srv_auth_block = new SrvAuthBlock(authPort);
}
HANDSHAKE_DEBUG(fprintf(stderr, "ServerAuth()\n"));
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: ServerAuth()\n"));
if (aPb->find(tags->user_name))
{
@ -255,7 +256,7 @@ public:
(Arg::Gds(isc_login) << Arg::Gds(isc_random) << "Client error - login does not match").raise();
}
authPort->port_srv_auth_block->setLogin(userName);
HANDSHAKE_DEBUG(fprintf(stderr, "ServerAuth(): user name=%s\n", userName.c_str()));
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: ServerAuth(): user name=%s\n", userName.c_str()));
}
const char* oldPath = authPort->port_srv_auth_block->getPath();
@ -264,11 +265,11 @@ public:
dbName = *aDbName;
if (oldPath && dbName != oldPath)
{
HANDSHAKE_DEBUG(fprintf(stderr, "old='%s' new='%s'\n", oldPath, dbName.c_str()));
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: ServerAuth(): old='%s' new='%s'\n", oldPath, dbName.c_str()));
(Arg::Gds(isc_login) << Arg::Gds(isc_random) << "Client error - database name does not match").raise();
}
authPort->port_srv_auth_block->setPath(aDbName);
HANDSHAKE_DEBUG(fprintf(stderr, "ServerAuth(): db name=%s\n", dbName.c_str()));
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: ServerAuth(): db name=%s\n", dbName.c_str()));
}
UCharBuffer u;
@ -279,23 +280,23 @@ public:
{
aPb->getString(x);
authPort->port_srv_auth_block->setPluginName(x);
HANDSHAKE_DEBUG(fprintf(stderr, "ServerAuth(): plugin name=%s\n", x.c_str()));
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: ServerAuth(): plugin name=%s\n", x.c_str()));
}
if (aPb->find(tags->plugin_list))
{
aPb->getString(x);
authPort->port_srv_auth_block->setPluginList(x);
HANDSHAKE_DEBUG(fprintf(stderr, "ServerAuth(): plugin list=%s\n", x.c_str()));
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: ServerAuth(): plugin list=%s\n", x.c_str()));
}
if (aPb->find(tags->specific_data))
{
aPb->getData(u);
authPort->port_srv_auth_block->setDataForPlugin(u);
HANDSHAKE_DEBUG(fprintf(stderr, "ServerAuth(): plugin data is %" SIZEFORMAT " len\n", u.getCount()));
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: ServerAuth(): plugin data is %" SIZEFORMAT " len\n", u.getCount()));
}
else
{
HANDSHAKE_DEBUG(fprintf(stderr, "ServerAuth(): miss data with tag %d\n", tags->specific_data));
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: ServerAuth(): miss data with tag %d\n", tags->specific_data));
}
}
else if (authPort->port_srv_auth_block->getLogin() &&
@ -312,7 +313,7 @@ public:
Auth::LEGACY_PASSWORD_SALT);
const size_t len = strlen(&pwt[2]);
memcpy(u.getBuffer(len), &pwt[2], len);
HANDSHAKE_DEBUG(fprintf(stderr, "CALLED des locally\n"));
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: ServerAuth(): CALLED des locally\n"));
}
authPort->port_srv_auth_block->setDataForPlugin(u);
}
@ -330,8 +331,18 @@ public:
~ServerAuth()
{ }
bool authenticate(PACKET* send)
bool authenticate(PACKET* send, bool contAuth = false)
{
#ifdef DEV_BUILD
if (++hopsCount > 10)
#else
if (++hopsCount > 100)
#endif
{
(Arg::Gds(isc_login) <<
Arg::Gds(isc_random) << "Exceeded authentication exchange limit").raise();
}
if (authPort->port_srv_auth_block->authCompleted())
{
accept(send, &authPort->port_srv_auth_block->authBlockWriter);
@ -357,15 +368,18 @@ public:
while (authItr && working && authItr->hasData())
{
if (! authServer)
if (!authServer)
{
authServer = authItr->plugin();
authPort->port_srv_auth_block->authBlockWriter.setMethod(authItr->name());
}
HANDSHAKE_DEBUG(fprintf(stderr, "ServerAuth calls plug %s\n", authItr->name()));
int authResult = authServer->authenticate(&st, authPort->port_srv_auth_block,
&authPort->port_srv_auth_block->authBlockWriter);
// if we asked for more data but received nothing switch to next plugin
bool forceNext = contAuth && (!authPort->port_srv_auth_block->hasDataForPlugin());
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: authenticate: ServerAuth calls plug %s\n", forceNext ? "forced-NEXT" : authItr->name()));
int authResult = forceNext ? Auth::AUTH_CONTINUE :
authServer->authenticate(&st, authPort->port_srv_auth_block,
&authPort->port_srv_auth_block->authBlockWriter);
authPort->port_srv_auth_block->setPluginName(authItr->name());
cstring* s;
@ -373,7 +387,7 @@ public:
switch (authResult)
{
case Auth::AUTH_SUCCESS:
HANDSHAKE_DEBUG(fprintf(stderr, "Ahh - success\n"));
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: authenticate: Ahh - success\n"));
usernameFailedLogins->loginSuccess(userName);
remoteFailedLogins->loginSuccess(authPort->getRemoteId());
authServer = NULL;
@ -382,13 +396,13 @@ public:
return true;
case Auth::AUTH_CONTINUE:
HANDSHAKE_DEBUG(fprintf(stderr, "Next plug suggested\n"));
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: authenticate: Next plug suggested\n"));
authItr->next();
authServer = NULL;
continue;
case Auth::AUTH_MORE_DATA:
HANDSHAKE_DEBUG(fprintf(stderr, "plugin wants more data\n"));
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: authenticate: plugin wants more data\n"));
if (authPort->port_protocol < PROTOCOL_VERSION11)
{
authServer = NULL;
@ -426,7 +440,7 @@ public:
return false;
case Auth::AUTH_FAILED:
HANDSHAKE_DEBUG(fprintf(stderr, "No luck today...\n"));
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: authenticate: No luck today - status:\n"));
HANDSHAKE_DEBUG(isc_print_status(st.get()));
authServer = NULL;
working = false;
@ -460,6 +474,7 @@ private:
string userName;
Auth::IServer* authServer;
const ParametersSet* tags;
unsigned int hopsCount;
protected:
rem_port* authPort;
@ -1536,7 +1551,7 @@ static bool accept_connection(rem_port* port, P_CNCT* connect, PACKET* send)
}
}
HANDSHAKE_DEBUG(fprintf(stderr, "protoaccept a=%d (v>=13)=%d %d %d\n",
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: accept_connection: protoaccept a=%d (v>=13)=%d %d %d\n",
accepted, version >= PROTOCOL_VERSION13, version, PROTOCOL_VERSION13));
// We are going to try authentication handshake
@ -1545,32 +1560,32 @@ static bool accept_connection(rem_port* port, P_CNCT* connect, PACKET* send)
//bool returnPlugList = false;
if (accepted && version >= PROTOCOL_VERSION13)
{
HANDSHAKE_DEBUG(fprintf(stderr, "accept connection creates port_srv_auth_block\n"));
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: accept_connection: creates port_srv_auth_block\n"));
port->port_srv_auth_block = new SrvAuthBlock(port);
send->p_acpd.p_acpt_authenticated = 0;
Firebird::ClumpletReader id(Firebird::ClumpletReader::UnTagged,
connect->p_cnct_user_id.cstr_address,
connect->p_cnct_user_id.cstr_length);
HANDSHAKE_DEBUG(fprintf(stderr, "accept connection is going to load data to port_srv_auth_block\n"));
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: accept_connection: is going to load data to port_srv_auth_block\n"));
port->port_srv_auth_block->load(id);
if (port->port_srv_auth_block->getLogin())
{
port->port_login = port->port_srv_auth_block->getLogin();
}
HANDSHAKE_DEBUG(fprintf(stderr, "accept connection finished with port_srv_auth_block prepare, a=%d\n", accepted));
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: accept_connection: finished with port_srv_auth_block prepare, a=%d\n", accepted));
if (port->port_srv_auth_block->getPluginName())
{
Firebird::PathName file(connect->p_cnct_file.cstr_address, connect->p_cnct_file.cstr_length);
port->port_srv_auth_block->setPath(&file);
HANDSHAKE_DEBUG(fprintf(stderr, "accept connection calls createPluginsItr\n"));
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: accept_connection: calls createPluginsItr\n"));
port->port_srv_auth_block->createPluginsItr();
if (port->port_srv_auth_block->plugins) // We have all required data and iterator was created
{
HANDSHAKE_DEBUG(fprintf(stderr, "call plugin %s\n", port->port_srv_auth_block->getPluginName()));
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: accept_connection: call plugin %s\n", port->port_srv_auth_block->getPluginName()));
AuthServerPlugins* const plugins = port->port_srv_auth_block->plugins;
for (; plugins->hasData(); plugins->next())
@ -1640,7 +1655,7 @@ static bool accept_connection(rem_port* port, P_CNCT* connect, PACKET* send)
accept->p_acpt_architecture = architecture;
accept->p_acpt_type = type;
HANDSHAKE_DEBUG(fprintf(stderr, "accepted ud=%d v=%x\n", returnData, version));
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: accept_connection: accepted ud=%d v=%x\n", returnData, version));
// and modify the version string to reflect the chosen protocol
@ -4315,9 +4330,9 @@ static void trusted_auth(rem_port* port, const P_TRAU* p_trau, PACKET* send)
send_error(port, send, (Arg::Gds(isc_random) << "Operation not supported for network protocol"));
}
HANDSHAKE_DEBUG(fprintf(stderr, "trusted_auth\n"));
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: trusted_auth\n"));
port->port_srv_auth_block->setDataForPlugin(p_trau->p_trau_data);
if (sa->authenticate(send))
if (sa->authenticate(send, true))
{
delete sa;
port->port_srv_auth = NULL;
@ -4348,9 +4363,9 @@ static void continue_authentication(rem_port* port, const p_auth_continue* p_aut
send_error(port, send, (Arg::Gds(isc_random) << "Operation not supported for network protocol"));
}
HANDSHAKE_DEBUG(fprintf(stderr, "continue_authentication\n"));
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: continue_authentication\n"));
port->port_srv_auth_block->setDataForPlugin(p_auth_c);
if (sa->authenticate(send))
if (sa->authenticate(send, true))
{
delete sa;
port->port_srv_auth = NULL;
@ -6239,16 +6254,16 @@ void SrvAuthBlock::load(Firebird::ClumpletReader& id)
case CNCT_login:
id.getString(userName);
userName.upper();
HANDSHAKE_DEBUG(fprintf(stderr, "login %s\n", userName.c_str()));
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: AuthBlock: login %s\n", userName.c_str()));
break;
case CNCT_plugin_name:
id.getPath(pluginName);
firstTime = false;
HANDSHAKE_DEBUG(fprintf(stderr, "plugin %s\n", pluginName.c_str()));
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: AuthBlock: plugin %s\n", pluginName.c_str()));
break;
case CNCT_plugin_list:
id.getPath(pluginList);
HANDSHAKE_DEBUG(fprintf(stderr, "plugin list %s\n", pluginList.c_str()));
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: AuthBlock: plugin list %s\n", pluginList.c_str()));
break;
case CNCT_specific_data:
{
@ -6281,7 +6296,7 @@ void SrvAuthBlock::load(Firebird::ClumpletReader& id)
}
}
HANDSHAKE_DEBUG(fprintf(stderr, "data %" SIZEFORMAT "\n", dataForPlugin.getCount()));
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: AuthBlock: data %" SIZEFORMAT "\n", dataForPlugin.getCount()));
}
const char* SrvAuthBlock::getPluginName()
@ -6319,7 +6334,7 @@ void SrvAuthBlock::setDataForPlugin(const cstring& data)
void SrvAuthBlock::setDataForPlugin(const p_auth_continue* data)
{
dataForPlugin.assign(data->p_data.cstr_address, data->p_data.cstr_length);
HANDSHAKE_DEBUG(fprintf(stderr, "setDataForPlugin=%d firstTime = %d nm=%d ls=%d login='%s'\n",
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: setDataForPlugin: %d firstTime = %d nm=%d ls=%d login='%s'\n",
data->p_data.cstr_length, firstTime, data->p_name.cstr_length,
data->p_list.cstr_length, userName.c_str()));
if (firstTime)
@ -6331,6 +6346,11 @@ void SrvAuthBlock::setDataForPlugin(const p_auth_continue* data)
}
}
bool SrvAuthBlock::hasDataForPlugin()
{
return dataForPlugin.hasData();
}
void SrvAuthBlock::extractDataFromPluginTo(P_AUTH_CONT* to)
{
extractDataFromPluginTo(&to->p_data);
@ -6434,7 +6454,7 @@ void SrvAuthBlock::createPluginsItr()
if (final.getCount() == 0)
{
HANDSHAKE_DEBUG(fprintf(stderr, "No matching plugins on server\n"));
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: createPluginsItr: No matching plugins on server\n"));
(Arg::Gds(isc_login)
#ifdef DEV_BUILD
<< Arg::Gds(isc_random) << "No matching plugins on server"