[Firebird-devel] [FB-Tracker] Created: (CORE-5485) Authentication should continue with next plugin after plugin failure

Wed, 15 Feb 2017 07:37:03 -0800 

Authentication should continue with next plugin after plugin failure
--------------------------------------------------------------------

                 Key: CORE-5485
                 URL: http://tracker.firebirdsql.org/browse/CORE-5485
             Project: Firebird Core
          Issue Type: Bug
          Components: Engine, Security
    Affects Versions: 3.0.1, 4.0 Initial, 3.0.2
            Reporter: Mark Rotteveel


All failures of an authentication plugin should let Firebird move to the next 
authentication plugin if available. Currently only absence of a user for the 
plugin, or 'normal' login failures (see CORE-5225) continue with the next 
plugin. However, when the security database is not initialised for a specific 
plugin, this plugin failure will end the authentication, and not continue with 
authentication for the next plugin.

Specifically assume a security database that is currently only initialised for 
Legacy_Auth (eg the default one in the Windows zipkit), if Jaybird 3 tries to 
connect (which first tries Srp, and then Legacy_Auth), the authentication fails 
with 

Exception in thread "main" java.sql.SQLException: Your user name and password 
are not defined. Ask your database administrator to set up a Firebird login.; 
Install incomplete, please read the Compatibility chapter in the release notes 
for this version [SQLState:28000, ISC error code:335544472]

The message code of the second part is: 335545029.

This is in response to the initial op_connect. Instead the protocol should have 
continued with the next plugin.

The workaround in this specific case is to initialise the security database for 
SRP, eg by executing CREATE USER jaybird PASSWORD 'jdbc' USING PLUGIN Srp

Note that connecting with Jaybird 2.2 (which only uses legacy auth), or an 
Firebird 2.5 or earlier fbclient.dll will just work.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://tracker.firebirdsql.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

Reply via email to