[FB-Tracker] Created: (CORE-5485) Authentication should continue with next plugin after plugin failure

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[FB-Tracker] Created: (CORE-5485) Authentication should continue with next plugin after plugin failure

JIRA tracker@firebirdsql.org
Authentication should continue with next plugin after plugin failure

                 Key: CORE-5485
                 URL: http://tracker.firebirdsql.org/browse/CORE-5485
             Project: Firebird Core
          Issue Type: Bug
          Components: Engine, Security
    Affects Versions: 3.0.1, 4.0 Initial, 3.0.2
            Reporter: Mark Rotteveel

All failures of an authentication plugin should let Firebird move to the next authentication plugin if available. Currently only absence of a user for the plugin, or 'normal' login failures (see CORE-5225) continue with the next plugin. However, when the security database is not initialised for a specific plugin, this plugin failure will end the authentication, and not continue with authentication for the next plugin.

Specifically assume a security database that is currently only initialised for Legacy_Auth (eg the default one in the Windows zipkit), if Jaybird 3 tries to connect (which first tries Srp, and then Legacy_Auth), the authentication fails with

Exception in thread "main" java.sql.SQLException: Your user name and password are not defined. Ask your database administrator to set up a Firebird login.; Install incomplete, please read the Compatibility chapter in the release notes for this version [SQLState:28000, ISC error code:335544472]

The message code of the second part is: 335545029.

This is in response to the initial op_connect. Instead the protocol should have continued with the next plugin.

The workaround in this specific case is to initialise the security database for SRP, eg by executing CREATE USER jaybird PASSWORD 'jdbc' USING PLUGIN Srp

Note that connecting with Jaybird 2.2 (which only uses legacy auth), or an Firebird 2.5 or earlier fbclient.dll will just work.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://tracker.firebirdsql.org/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel