On 08/05/2016 05:18 PM, Dimitry Sibiryakov wrote: > Hello, All. > > I've dumped dpb and got following sequence: > > 79 - isc_dpb_auth_block, ok > 90, 0, 0, 0 - its length is 90, ok, next 90 bytes is supposedly auth > block itself in > wide untagged format > 0 - it must be auth tag, but 0 is not among them, WTF??? > 85, 0, 0, 0 - length of data 85, ok > 3 - here is real tag AUTH_TYPE, ok > 4, 0, 0, 0 - its length is 4, ok > ... and so on > > Is it expected that auth data is wrapped in another clumplet?
Yes. (see also network address format - same form with multiple clumplets is used, but without priority byte) There can be multiple sets of clumplets in auth block, first can be maooed into user name, next - into trusted role, etc. > And if so, what is the > meaning of zero tag for it? > That's priority byte. If 2 different clumplets of data from auth block both map into same authentication type (role for example) but with different values wins one with higher priority (traditionally that means that numeric value of priority is lower). If both have same priority authentication error takes place. In the end of ClumpletReader.h you can find AuthReader class that helps to parse auth block. ------------------------------------------------------------------------------ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
