On 05/10/18 18:36, Dimitry Sibiryakov wrote:
10.05.2018 17:20, Alex Peshkoff via Firebird-devel wrote:
BTW, is there a way to distinguish cases when
a) ICryptKeyCallback::callback() returned zero because application
key not needed
b) Application callback is not set
Both cases are normal - return non-zro here.
Not in the case if an application callback is required for keyholder
to work.
c) Key plugin is refused by application as a fake one.
In this case it's good to raise an error in status parameter.
How? ICryptKeyCallback::callback() has no status parameter.
Sorry - I've meant first interface you've asked about.
I meant the case when user application don't want to work with
_this_ key holder and want server to try a next one if available.
No matter what key holders are installed application is using same way
to decide will it talk to key holder talking to it currently - and the
ony criteria is _can_ it talk to such key holder or not. If it can
continue conversation with key holder it sends next portion of data, if
not - send empty reply with zero length.
If conversation is not complete (and therefore key is not transfered)
next key holder will be tried by server.
Returning to your cases:
a) ICryptKeyCallback::callback() returned zero because application key
not needed
Well written key holder will not try to talk to client at all if it
already has a key...
b) Application callback is not set
Server does not know in advance is there callback at client or not. I.e.
it will anyway send request to client and get empty answer from it. I
agree that something might be optimized here knowing the reason of error
return (next KeyHolders might get error as an answer at once). May be in
next protocol version...
c) Key plugin is refused by application as a fake one.
It's normal error from server's POV. I'm even not sure is it good idea
to notify fake plugin that it's attack was detected ;-)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
