mirror of
https://github.com/FirebirdSQL/firebird.git
synced 2025-01-23 15:23:02 +01:00
Authentication handshake improvements and fixes. Make debug output better readable.
This commit is contained in:
parent
b813a35d33
commit
1de6b3de52
@ -64,7 +64,7 @@ int SrpClient::authenticate(IStatus* status, IClientBlock* cb)
|
||||
|
||||
if (!client)
|
||||
{
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Client: SRP1: login=%s password=%s\n", cb->getLogin(), cb->getPassword()));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: SRP phase1: login=%s password=%s\n", cb->getLogin(), cb->getPassword()));
|
||||
if (!(cb->getLogin() && cb->getPassword()))
|
||||
{
|
||||
return AUTH_CONTINUE;
|
||||
@ -77,9 +77,13 @@ int SrpClient::authenticate(IStatus* status, IClientBlock* cb)
|
||||
return status->isSuccess() ? AUTH_MORE_DATA : AUTH_FAILED;
|
||||
}
|
||||
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Client: SRP2\n"));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: SRP phase2\n"));
|
||||
unsigned int length;
|
||||
const unsigned char* saltAndKey = cb->getData(&length);
|
||||
if (!saltAndKey || length == 0)
|
||||
{
|
||||
(Arg::Gds(isc_random) << "Missing data from server").raise();
|
||||
}
|
||||
if (length > (RemotePassword::SRP_SALT_SIZE + RemotePassword::SRP_KEY_SIZE + 2) * 2)
|
||||
{
|
||||
string msg;
|
||||
|
@ -86,7 +86,7 @@ int SrpServer::authenticate(IStatus* status, IServerBlock* sb, IWriter* writerIn
|
||||
{
|
||||
if (!server)
|
||||
{
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv SRP1\n"));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: SRP phase1\n"));
|
||||
|
||||
if (!sb->getLogin())
|
||||
{
|
||||
@ -102,7 +102,7 @@ int SrpServer::authenticate(IStatus* status, IServerBlock* sb, IWriter* writerIn
|
||||
|
||||
if (!clientPubKey.hasData())
|
||||
{
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv SRP: empty pubkey AUTH_MORE_DATA\n"));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: SRP: empty pubkey AUTH_MORE_DATA\n"));
|
||||
return AUTH_MORE_DATA;
|
||||
}
|
||||
|
||||
@ -133,7 +133,7 @@ int SrpServer::authenticate(IStatus* status, IServerBlock* sb, IWriter* writerIn
|
||||
{
|
||||
status_exception::raise(status->get());
|
||||
}
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv SRP1: attached sec db %s\n", secDbName));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv SRP: attached sec db %s\n", secDbName));
|
||||
|
||||
const UCHAR tpb[] =
|
||||
{
|
||||
@ -148,7 +148,7 @@ int SrpServer::authenticate(IStatus* status, IServerBlock* sb, IWriter* writerIn
|
||||
{
|
||||
status_exception::raise(status->get());
|
||||
}
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv SRP1: started transaction\n"));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: SRP1: started transaction\n"));
|
||||
|
||||
const char* sql = "SELECT PLG$VERIFIER, PLG$SALT FROM PLG$SRP WHERE PLG$USER_NAME = ?";
|
||||
stmt = att->prepare(status, tra, 0, sql, 3, IStatement::PREPARE_PREFETCH_METADATA);
|
||||
@ -185,14 +185,14 @@ int SrpServer::authenticate(IStatus* status, IServerBlock* sb, IWriter* writerIn
|
||||
}
|
||||
Field<Varying> verify(dat);
|
||||
Field<Varying> slt(dat);
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv SRP1: Ready to run statement with login '%s'\n", account.c_str()));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: SRP1: Ready to run statement with login '%s'\n", account.c_str()));
|
||||
|
||||
stmt->execute(status, tra, par.metadata, par.buffer, dat.metadata, dat.buffer);
|
||||
if (!status->isSuccess())
|
||||
{
|
||||
status_exception::raise(status->get());
|
||||
}
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv SRP1: Executed statement\n"));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: SRP1: Executed statement\n"));
|
||||
|
||||
stmt->free(status);
|
||||
if (!status->isSuccess())
|
||||
@ -260,7 +260,7 @@ int SrpServer::authenticate(IStatus* status, IServerBlock* sb, IWriter* writerIn
|
||||
|
||||
unsigned int length;
|
||||
const unsigned char* val = sb->getData(&length);
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv SRP2, data length is %d\n", length));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: SRP: phase2, data length is %d\n", length));
|
||||
string proof;
|
||||
proof.assign(val, length);
|
||||
BigInteger clientProof(proof.c_str());
|
||||
|
@ -6140,7 +6140,7 @@ static void info(IStatus* status,
|
||||
{
|
||||
// Probably communicate with services auth
|
||||
fb_assert(cBlock);
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "info() calls authReceiveResponse\n"));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: info() calls authReceiveResponse\n"));
|
||||
authReceiveResponse(*cBlock, rdb->rdb_port, rdb, status, packet, false);
|
||||
}
|
||||
else
|
||||
@ -6180,7 +6180,7 @@ static void authFillParametersBlock(ClntAuthBlock& cBlock, ClumpletWriter& dpb,
|
||||
{
|
||||
case Auth::AUTH_SUCCESS:
|
||||
case Auth::AUTH_MORE_DATA:
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "FPB: plugin %s is OK\n", cBlock.plugins.name()));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: authFillParametersBlock: plugin %s is OK\n", cBlock.plugins.name()));
|
||||
cleanDpb(dpb, tags);
|
||||
cBlock.extractDataFromPluginTo(dpb, tags, port->port_protocol);
|
||||
return;
|
||||
@ -6189,12 +6189,12 @@ static void authFillParametersBlock(ClntAuthBlock& cBlock, ClumpletWriter& dpb,
|
||||
continue;
|
||||
|
||||
case Auth::AUTH_FAILED:
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "FPB: plugin %s FAILED\n", cBlock.plugins.name()));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: authFillParametersBlock: plugin %s FAILED\n", cBlock.plugins.name()));
|
||||
(Arg::Gds(isc_login) << Arg::StatusVector(s.get())).raise();
|
||||
break; // compiler silencer
|
||||
}
|
||||
}
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "FPB: try next plugin, %s skipped\n", cBlock.plugins.name()));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: authFillParametersBlock: try next plugin, %s skipped\n", cBlock.plugins.name()));
|
||||
}
|
||||
}
|
||||
|
||||
@ -6244,7 +6244,7 @@ static void authReceiveResponse(ClntAuthBlock& cBlock, rem_port* port, Rdb* rdb,
|
||||
switch(packet->p_operation)
|
||||
{
|
||||
case op_trusted_auth:
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "RR:TA\n"));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: authReceiveResponse: trusted_auth\n"));
|
||||
d = &packet->p_trau.p_trau_data;
|
||||
break;
|
||||
|
||||
@ -6252,14 +6252,14 @@ static void authReceiveResponse(ClntAuthBlock& cBlock, rem_port* port, Rdb* rdb,
|
||||
d = &packet->p_auth_cont.p_data;
|
||||
n = &packet->p_auth_cont.p_name;
|
||||
port->addServerKeys(&packet->p_auth_cont.p_keys);
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "RR:CA d=%d n=%d '%.*s' 0x%x\n", d->cstr_length, n->cstr_length,
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: authReceiveResponse: ont_auth d=%d n=%d '%.*s' 0x%x\n", d->cstr_length, n->cstr_length,
|
||||
n->cstr_length, n->cstr_address, n->cstr_address ? n->cstr_address[0] : 0));
|
||||
break;
|
||||
|
||||
case op_crypt:
|
||||
fb_assert(!checkKeys);
|
||||
{
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "RR: Crypt answer\n"));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: authReceiveResponse: Crypt answer\n"));
|
||||
CSTRING* tmpKeys = REMOTE_dup_string(&packet->p_crypt.p_key);
|
||||
// it was start crypt packet, receive next one
|
||||
receive_response(status, rdb, packet);
|
||||
@ -6276,10 +6276,10 @@ static void authReceiveResponse(ClntAuthBlock& cBlock, rem_port* port, Rdb* rdb,
|
||||
return;
|
||||
|
||||
default:
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "RR: Default answer\n"));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: authReceiveResponse: Default answer\n"));
|
||||
REMOTE_check_response(status, rdb, packet, checkKeys);
|
||||
// successfully attached
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "RR: OK!\n"));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: authReceiveResponse: OK!\n"));
|
||||
rdb->rdb_id = packet->p_resp.p_resp_object;
|
||||
|
||||
// try to start crypt
|
||||
@ -6372,7 +6372,7 @@ static void init(IStatus* status, ClntAuthBlock& cBlock, rem_port* port, P_OP op
|
||||
|
||||
const ParametersSet* const ps = (op == op_service_attach ? &spbParam : &dpbParam);
|
||||
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "init calls authFillParametersBlock\n"));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: init calls authFillParametersBlock\n"));
|
||||
authFillParametersBlock(cBlock, dpb, ps, port);
|
||||
|
||||
port->port_client_crypt_callback = cryptCallback;
|
||||
@ -7317,7 +7317,7 @@ static void svcstart(IStatus* status,
|
||||
}
|
||||
else
|
||||
{
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "start calls authFillParametersBlock\n"));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: svcstart calls authFillParametersBlock\n"));
|
||||
authFillParametersBlock(cBlock, send, &spbStartParam, rdb->rdb_port);
|
||||
}
|
||||
|
||||
@ -7505,12 +7505,12 @@ void ClntAuthBlock::extractDataFromPluginTo(Firebird::ClumpletWriter& dpb,
|
||||
}
|
||||
dpb.insertPath(tags->plugin_list, pluginList);
|
||||
firstTime = false;
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "first time - added plugName & pluginList\n"));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: extractDataFromPluginTo: first time - added plugName & pluginList\n"));
|
||||
}
|
||||
fb_assert(tags->specific_data);
|
||||
dpb.insertBytes(tags->specific_data, dataFromPlugin.begin(), dataFromPlugin.getCount());
|
||||
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Added %" SIZEFORMAT " bytes of spec data with tag %d\n",
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: extractDataFromPluginTo: Added %" SIZEFORMAT " bytes of spec data with tag %d\n",
|
||||
dataFromPlugin.getCount(), tags->specific_data));
|
||||
|
||||
return;
|
||||
@ -7548,7 +7548,7 @@ void ClntAuthBlock::loadClnt(Firebird::ClumpletWriter& dpb, const ParametersSet*
|
||||
{
|
||||
dpb.getString(userName);
|
||||
makeUtfString(uft8Convert, userName);
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Loaded from PB user = %s\n", userName.c_str()));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: loadClnt: Loaded from PB user = %s\n", userName.c_str()));
|
||||
userName.upper();
|
||||
}
|
||||
else if (t == tags->password)
|
||||
@ -7556,12 +7556,12 @@ void ClntAuthBlock::loadClnt(Firebird::ClumpletWriter& dpb, const ParametersSet*
|
||||
makeUtfString(uft8Convert, password);
|
||||
dpb.getString(password);
|
||||
dpb.deleteClumplet();
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Loaded from PB password = %s\n", password.c_str()));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: loadClnt: Loaded from PB password = %s\n", password.c_str()));
|
||||
}
|
||||
else if (t == tags->encrypt_key)
|
||||
{
|
||||
hasCryptKey = true;
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "PB contains crypt key - need encrypted line to pass\n"));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: loadClnt: PB contains crypt key - need encrypted line to pass\n"));
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -7579,10 +7579,11 @@ void ClntAuthBlock::extractDataFromPluginTo(P_AUTH_CONT* to)
|
||||
|
||||
PathName pluginName = getPluginName();
|
||||
to->p_name.cstr_length = (ULONG) pluginName.length();
|
||||
to->p_name.cstr_address = (UCHAR*) pluginName.c_str();
|
||||
to->p_name.cstr_allocated = 0;
|
||||
to->p_name.cstr_address = FB_NEW(*getDefaultMemoryPool()) UCHAR[to->p_name.cstr_length];
|
||||
to->p_name.cstr_allocated = to->p_name.cstr_length;
|
||||
memcpy(to->p_name.cstr_address, pluginName.c_str(), to->p_name.cstr_length);
|
||||
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "extractDataFromPluginTo added plugin name (%d) and data (%d)\n",
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: extractDataFromPluginTo: added plugin name (%d) and data (%d)\n",
|
||||
to->p_name.cstr_length, to->p_data.cstr_length));
|
||||
|
||||
if (firstTime)
|
||||
@ -7590,7 +7591,7 @@ void ClntAuthBlock::extractDataFromPluginTo(P_AUTH_CONT* to)
|
||||
to->p_list.cstr_length = (ULONG) pluginList.length();
|
||||
to->p_list.cstr_address = (UCHAR*) pluginList.c_str();
|
||||
to->p_list.cstr_allocated = 0;
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "extractDataFromPluginTo added plugin list (%d len) to packet\n",
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: extractDataFromPluginTo: added plugin list (%d len) to packet\n",
|
||||
to->p_list.cstr_length));
|
||||
firstTime = false;
|
||||
}
|
||||
|
@ -1021,7 +1021,7 @@ void ClntAuthBlock::extractDataFromPluginTo(Firebird::ClumpletWriter& user_id)
|
||||
// Add user login name
|
||||
if (userName.hasData())
|
||||
{
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "extractDataFromPluginTo: userName=%s\n", userName.c_str()));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: extractDataFromPluginTo: userName=%s\n", userName.c_str()));
|
||||
user_id.insertString(CNCT_login, userName);
|
||||
}
|
||||
|
||||
@ -1029,7 +1029,7 @@ void ClntAuthBlock::extractDataFromPluginTo(Firebird::ClumpletWriter& user_id)
|
||||
Firebird::PathName pluginName = getPluginName();
|
||||
if (pluginName.hasData())
|
||||
{
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "extractDataFromPluginTo: pluginName=%s\n", pluginName.c_str()));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: extractDataFromPluginTo: pluginName=%s\n", pluginName.c_str()));
|
||||
user_id.insertPath(CNCT_plugin_name, pluginName);
|
||||
}
|
||||
|
||||
@ -1112,7 +1112,7 @@ void ClntAuthBlock::resetClnt(const Firebird::PathName* fileName, const CSTRING*
|
||||
|
||||
if (merged.getCount() == 0)
|
||||
{
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "No matching plugins on client\n"));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: No matching plugins on client\n"));
|
||||
(Firebird::Arg::Gds(isc_login)
|
||||
#ifdef DEV_BUILD
|
||||
<< Firebird::Arg::Gds(isc_random) << "No matching plugins on client"
|
||||
@ -1138,7 +1138,7 @@ Firebird::RefPtr<Config>* ClntAuthBlock::getConfig()
|
||||
void ClntAuthBlock::storeDataForPlugin(unsigned int length, const unsigned char* data)
|
||||
{
|
||||
dataForPlugin.assign(data, length);
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Cln: accepted data for plugin length=%d\n", length));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Cli: accepted data for plugin length=%d\n", length));
|
||||
}
|
||||
|
||||
Firebird::RefPtr<Config> REMOTE_get_config(const Firebird::PathName* dbName,
|
||||
|
@ -581,7 +581,7 @@ class ServerAuthBase
|
||||
{
|
||||
public:
|
||||
virtual ~ServerAuthBase();
|
||||
virtual bool authenticate(PACKET* send) = 0;
|
||||
virtual bool authenticate(PACKET* send, bool cont = false) = 0;
|
||||
};
|
||||
|
||||
class ServerCallbackBase
|
||||
@ -739,6 +739,7 @@ public:
|
||||
void setDataForPlugin(const p_auth_continue* data);
|
||||
void reset();
|
||||
bool extractNewKeys(CSTRING* to, bool flagPlugList = false);
|
||||
bool hasDataForPlugin();
|
||||
|
||||
// Auth::IServerBlock implementation
|
||||
int FB_CARG release();
|
||||
|
@ -235,6 +235,7 @@ public:
|
||||
userName(getPool()),
|
||||
authServer(NULL),
|
||||
tags(&aTags),
|
||||
hopsCount(0),
|
||||
authPort(port),
|
||||
dbName(getPool())
|
||||
{
|
||||
@ -243,7 +244,7 @@ public:
|
||||
authPort->port_srv_auth_block = new SrvAuthBlock(authPort);
|
||||
}
|
||||
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "ServerAuth()\n"));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: ServerAuth()\n"));
|
||||
|
||||
if (aPb->find(tags->user_name))
|
||||
{
|
||||
@ -255,7 +256,7 @@ public:
|
||||
(Arg::Gds(isc_login) << Arg::Gds(isc_random) << "Client error - login does not match").raise();
|
||||
}
|
||||
authPort->port_srv_auth_block->setLogin(userName);
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "ServerAuth(): user name=%s\n", userName.c_str()));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: ServerAuth(): user name=%s\n", userName.c_str()));
|
||||
}
|
||||
|
||||
const char* oldPath = authPort->port_srv_auth_block->getPath();
|
||||
@ -264,11 +265,11 @@ public:
|
||||
dbName = *aDbName;
|
||||
if (oldPath && dbName != oldPath)
|
||||
{
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "old='%s' new='%s'\n", oldPath, dbName.c_str()));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: ServerAuth(): old='%s' new='%s'\n", oldPath, dbName.c_str()));
|
||||
(Arg::Gds(isc_login) << Arg::Gds(isc_random) << "Client error - database name does not match").raise();
|
||||
}
|
||||
authPort->port_srv_auth_block->setPath(aDbName);
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "ServerAuth(): db name=%s\n", dbName.c_str()));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: ServerAuth(): db name=%s\n", dbName.c_str()));
|
||||
}
|
||||
|
||||
UCharBuffer u;
|
||||
@ -279,23 +280,23 @@ public:
|
||||
{
|
||||
aPb->getString(x);
|
||||
authPort->port_srv_auth_block->setPluginName(x);
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "ServerAuth(): plugin name=%s\n", x.c_str()));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: ServerAuth(): plugin name=%s\n", x.c_str()));
|
||||
}
|
||||
if (aPb->find(tags->plugin_list))
|
||||
{
|
||||
aPb->getString(x);
|
||||
authPort->port_srv_auth_block->setPluginList(x);
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "ServerAuth(): plugin list=%s\n", x.c_str()));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: ServerAuth(): plugin list=%s\n", x.c_str()));
|
||||
}
|
||||
if (aPb->find(tags->specific_data))
|
||||
{
|
||||
aPb->getData(u);
|
||||
authPort->port_srv_auth_block->setDataForPlugin(u);
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "ServerAuth(): plugin data is %" SIZEFORMAT " len\n", u.getCount()));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: ServerAuth(): plugin data is %" SIZEFORMAT " len\n", u.getCount()));
|
||||
}
|
||||
else
|
||||
{
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "ServerAuth(): miss data with tag %d\n", tags->specific_data));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: ServerAuth(): miss data with tag %d\n", tags->specific_data));
|
||||
}
|
||||
}
|
||||
else if (authPort->port_srv_auth_block->getLogin() &&
|
||||
@ -312,7 +313,7 @@ public:
|
||||
Auth::LEGACY_PASSWORD_SALT);
|
||||
const size_t len = strlen(&pwt[2]);
|
||||
memcpy(u.getBuffer(len), &pwt[2], len);
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "CALLED des locally\n"));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: ServerAuth(): CALLED des locally\n"));
|
||||
}
|
||||
authPort->port_srv_auth_block->setDataForPlugin(u);
|
||||
}
|
||||
@ -330,8 +331,18 @@ public:
|
||||
~ServerAuth()
|
||||
{ }
|
||||
|
||||
bool authenticate(PACKET* send)
|
||||
bool authenticate(PACKET* send, bool contAuth = false)
|
||||
{
|
||||
#ifdef DEV_BUILD
|
||||
if (++hopsCount > 10)
|
||||
#else
|
||||
if (++hopsCount > 100)
|
||||
#endif
|
||||
{
|
||||
(Arg::Gds(isc_login) <<
|
||||
Arg::Gds(isc_random) << "Exceeded authentication exchange limit").raise();
|
||||
}
|
||||
|
||||
if (authPort->port_srv_auth_block->authCompleted())
|
||||
{
|
||||
accept(send, &authPort->port_srv_auth_block->authBlockWriter);
|
||||
@ -357,15 +368,18 @@ public:
|
||||
|
||||
while (authItr && working && authItr->hasData())
|
||||
{
|
||||
if (! authServer)
|
||||
if (!authServer)
|
||||
{
|
||||
authServer = authItr->plugin();
|
||||
authPort->port_srv_auth_block->authBlockWriter.setMethod(authItr->name());
|
||||
}
|
||||
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "ServerAuth calls plug %s\n", authItr->name()));
|
||||
int authResult = authServer->authenticate(&st, authPort->port_srv_auth_block,
|
||||
&authPort->port_srv_auth_block->authBlockWriter);
|
||||
// if we asked for more data but received nothing switch to next plugin
|
||||
bool forceNext = contAuth && (!authPort->port_srv_auth_block->hasDataForPlugin());
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: authenticate: ServerAuth calls plug %s\n", forceNext ? "forced-NEXT" : authItr->name()));
|
||||
int authResult = forceNext ? Auth::AUTH_CONTINUE :
|
||||
authServer->authenticate(&st, authPort->port_srv_auth_block,
|
||||
&authPort->port_srv_auth_block->authBlockWriter);
|
||||
authPort->port_srv_auth_block->setPluginName(authItr->name());
|
||||
|
||||
cstring* s;
|
||||
@ -373,7 +387,7 @@ public:
|
||||
switch (authResult)
|
||||
{
|
||||
case Auth::AUTH_SUCCESS:
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Ahh - success\n"));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: authenticate: Ahh - success\n"));
|
||||
usernameFailedLogins->loginSuccess(userName);
|
||||
remoteFailedLogins->loginSuccess(authPort->getRemoteId());
|
||||
authServer = NULL;
|
||||
@ -382,13 +396,13 @@ public:
|
||||
return true;
|
||||
|
||||
case Auth::AUTH_CONTINUE:
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Next plug suggested\n"));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: authenticate: Next plug suggested\n"));
|
||||
authItr->next();
|
||||
authServer = NULL;
|
||||
continue;
|
||||
|
||||
case Auth::AUTH_MORE_DATA:
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "plugin wants more data\n"));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: authenticate: plugin wants more data\n"));
|
||||
if (authPort->port_protocol < PROTOCOL_VERSION11)
|
||||
{
|
||||
authServer = NULL;
|
||||
@ -426,7 +440,7 @@ public:
|
||||
return false;
|
||||
|
||||
case Auth::AUTH_FAILED:
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "No luck today...\n"));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: authenticate: No luck today - status:\n"));
|
||||
HANDSHAKE_DEBUG(isc_print_status(st.get()));
|
||||
authServer = NULL;
|
||||
working = false;
|
||||
@ -460,6 +474,7 @@ private:
|
||||
string userName;
|
||||
Auth::IServer* authServer;
|
||||
const ParametersSet* tags;
|
||||
unsigned int hopsCount;
|
||||
|
||||
protected:
|
||||
rem_port* authPort;
|
||||
@ -1536,7 +1551,7 @@ static bool accept_connection(rem_port* port, P_CNCT* connect, PACKET* send)
|
||||
}
|
||||
}
|
||||
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "protoaccept a=%d (v>=13)=%d %d %d\n",
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: accept_connection: protoaccept a=%d (v>=13)=%d %d %d\n",
|
||||
accepted, version >= PROTOCOL_VERSION13, version, PROTOCOL_VERSION13));
|
||||
|
||||
// We are going to try authentication handshake
|
||||
@ -1545,32 +1560,32 @@ static bool accept_connection(rem_port* port, P_CNCT* connect, PACKET* send)
|
||||
//bool returnPlugList = false;
|
||||
if (accepted && version >= PROTOCOL_VERSION13)
|
||||
{
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "accept connection creates port_srv_auth_block\n"));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: accept_connection: creates port_srv_auth_block\n"));
|
||||
port->port_srv_auth_block = new SrvAuthBlock(port);
|
||||
send->p_acpd.p_acpt_authenticated = 0;
|
||||
|
||||
Firebird::ClumpletReader id(Firebird::ClumpletReader::UnTagged,
|
||||
connect->p_cnct_user_id.cstr_address,
|
||||
connect->p_cnct_user_id.cstr_length);
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "accept connection is going to load data to port_srv_auth_block\n"));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: accept_connection: is going to load data to port_srv_auth_block\n"));
|
||||
port->port_srv_auth_block->load(id);
|
||||
if (port->port_srv_auth_block->getLogin())
|
||||
{
|
||||
port->port_login = port->port_srv_auth_block->getLogin();
|
||||
}
|
||||
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "accept connection finished with port_srv_auth_block prepare, a=%d\n", accepted));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: accept_connection: finished with port_srv_auth_block prepare, a=%d\n", accepted));
|
||||
|
||||
if (port->port_srv_auth_block->getPluginName())
|
||||
{
|
||||
Firebird::PathName file(connect->p_cnct_file.cstr_address, connect->p_cnct_file.cstr_length);
|
||||
port->port_srv_auth_block->setPath(&file);
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "accept connection calls createPluginsItr\n"));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: accept_connection: calls createPluginsItr\n"));
|
||||
port->port_srv_auth_block->createPluginsItr();
|
||||
|
||||
if (port->port_srv_auth_block->plugins) // We have all required data and iterator was created
|
||||
{
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "call plugin %s\n", port->port_srv_auth_block->getPluginName()));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: accept_connection: call plugin %s\n", port->port_srv_auth_block->getPluginName()));
|
||||
|
||||
AuthServerPlugins* const plugins = port->port_srv_auth_block->plugins;
|
||||
for (; plugins->hasData(); plugins->next())
|
||||
@ -1640,7 +1655,7 @@ static bool accept_connection(rem_port* port, P_CNCT* connect, PACKET* send)
|
||||
accept->p_acpt_architecture = architecture;
|
||||
accept->p_acpt_type = type;
|
||||
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "accepted ud=%d v=%x\n", returnData, version));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: accept_connection: accepted ud=%d v=%x\n", returnData, version));
|
||||
|
||||
// and modify the version string to reflect the chosen protocol
|
||||
|
||||
@ -4315,9 +4330,9 @@ static void trusted_auth(rem_port* port, const P_TRAU* p_trau, PACKET* send)
|
||||
send_error(port, send, (Arg::Gds(isc_random) << "Operation not supported for network protocol"));
|
||||
}
|
||||
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "trusted_auth\n"));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: trusted_auth\n"));
|
||||
port->port_srv_auth_block->setDataForPlugin(p_trau->p_trau_data);
|
||||
if (sa->authenticate(send))
|
||||
if (sa->authenticate(send, true))
|
||||
{
|
||||
delete sa;
|
||||
port->port_srv_auth = NULL;
|
||||
@ -4348,9 +4363,9 @@ static void continue_authentication(rem_port* port, const p_auth_continue* p_aut
|
||||
send_error(port, send, (Arg::Gds(isc_random) << "Operation not supported for network protocol"));
|
||||
}
|
||||
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "continue_authentication\n"));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: continue_authentication\n"));
|
||||
port->port_srv_auth_block->setDataForPlugin(p_auth_c);
|
||||
if (sa->authenticate(send))
|
||||
if (sa->authenticate(send, true))
|
||||
{
|
||||
delete sa;
|
||||
port->port_srv_auth = NULL;
|
||||
@ -6239,16 +6254,16 @@ void SrvAuthBlock::load(Firebird::ClumpletReader& id)
|
||||
case CNCT_login:
|
||||
id.getString(userName);
|
||||
userName.upper();
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "login %s\n", userName.c_str()));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: AuthBlock: login %s\n", userName.c_str()));
|
||||
break;
|
||||
case CNCT_plugin_name:
|
||||
id.getPath(pluginName);
|
||||
firstTime = false;
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "plugin %s\n", pluginName.c_str()));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: AuthBlock: plugin %s\n", pluginName.c_str()));
|
||||
break;
|
||||
case CNCT_plugin_list:
|
||||
id.getPath(pluginList);
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "plugin list %s\n", pluginList.c_str()));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: AuthBlock: plugin list %s\n", pluginList.c_str()));
|
||||
break;
|
||||
case CNCT_specific_data:
|
||||
{
|
||||
@ -6281,7 +6296,7 @@ void SrvAuthBlock::load(Firebird::ClumpletReader& id)
|
||||
}
|
||||
}
|
||||
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "data %" SIZEFORMAT "\n", dataForPlugin.getCount()));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: AuthBlock: data %" SIZEFORMAT "\n", dataForPlugin.getCount()));
|
||||
}
|
||||
|
||||
const char* SrvAuthBlock::getPluginName()
|
||||
@ -6319,7 +6334,7 @@ void SrvAuthBlock::setDataForPlugin(const cstring& data)
|
||||
void SrvAuthBlock::setDataForPlugin(const p_auth_continue* data)
|
||||
{
|
||||
dataForPlugin.assign(data->p_data.cstr_address, data->p_data.cstr_length);
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "setDataForPlugin=%d firstTime = %d nm=%d ls=%d login='%s'\n",
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: setDataForPlugin: %d firstTime = %d nm=%d ls=%d login='%s'\n",
|
||||
data->p_data.cstr_length, firstTime, data->p_name.cstr_length,
|
||||
data->p_list.cstr_length, userName.c_str()));
|
||||
if (firstTime)
|
||||
@ -6331,6 +6346,11 @@ void SrvAuthBlock::setDataForPlugin(const p_auth_continue* data)
|
||||
}
|
||||
}
|
||||
|
||||
bool SrvAuthBlock::hasDataForPlugin()
|
||||
{
|
||||
return dataForPlugin.hasData();
|
||||
}
|
||||
|
||||
void SrvAuthBlock::extractDataFromPluginTo(P_AUTH_CONT* to)
|
||||
{
|
||||
extractDataFromPluginTo(&to->p_data);
|
||||
@ -6434,7 +6454,7 @@ void SrvAuthBlock::createPluginsItr()
|
||||
|
||||
if (final.getCount() == 0)
|
||||
{
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "No matching plugins on server\n"));
|
||||
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: createPluginsItr: No matching plugins on server\n"));
|
||||
(Arg::Gds(isc_login)
|
||||
#ifdef DEV_BUILD
|
||||
<< Arg::Gds(isc_random) << "No matching plugins on server"
|
||||
|
Loading…
Reference in New Issue
Block a user