On 08/05/2016 07:13 PM, Dimitry Sibiryakov wrote: > 05.08.2016 17:48, Alex Peshkoff wrote: >> In the end of ClumpletReader.h you can find AuthReader class that helps >> to parse auth block. > I see the class but it gives me no idea how to interpret data from auth > blocks. How can > I understand that this block is user name and that - password if there is no > limits for > information that auth plugin can put into blocks? No predefined set of types, > just some > strings which can be any and mean anything. > >
Good, first step was to read format, now let's proceed with interpretation. Auth block can really contain everything - windows group name, client IP, anything plugins can put into it. In FB3 & later engines special function mapUser() performs actions needed to interpret this data according to the mapping rules set by CREATE/ALTER/DELETE MAPPING commands. I do not think it will be good idea to add all this complexity to 2.5 based provider. In the very beginning of attach/create (before engine reads options from DPB) add 2 fixed rules: 1. From a record with type == "User" add name to DPB as isc_dpb_user_name (missing record of that type is auth failure for you). 2. If there is a record with type == "Predefined_Group" and name == "DOMAIN_ANY_RID_ADMINS" add to DPB isc_dpb_trusted_role with RDB$ADMINS value (support of windows trusted auth OS admins mapping). As far as I remember that should be enough, if not - feel free to ask more. ------------------------------------------------------------------------------ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
