Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error retrieving current user name when using Windows trusted authentication and OS user name contains non-ASCII characters [CORE4885] #5179

Closed
firebird-issue-importer opened this issue Jul 23, 2015 · 8 comments

Comments

@firebird-issue-importer

Submitted by: @pavel-zotov

Attachments:
trusted-auth-with-non-ascii-chars-in-os-user-name.png
srp-auth-with-non-ascii-chars-in-SQL-user-name.png

Votes: 1

On snapshot with non-initialized security3.fdb and default firebird.conf do:

C:\...> gsec -display -database .\security3.fdb
Install incomplete, please read the Compatibility chapter in the release notes for this version

C:\...> echo create user SYSDBA password 'masterkey'; show users; | isql -user sysdba .\security3.fdb
Users in the database
2 #⁠SYSDBA

Than:

C:\...> isql localhost/3050:employee -q
SQL> CREATE GLOBAL MAPPING TRUSTED_AUTH USING PLUGIN WIN_SSPI FROM ANY USER TO USER;
SQL> exit;

Than firebird.conf was changed: AuthServer and AuthClient were replaced with `Win_Sspi` at the start of their values:

RemoteServicePort = 3330
Servermode = SuperClassic

AuthServer = Win_Sspi,Srp,Legacy_Auth
AuthClient = Win_Sspi,Srp,Legacy_Auth
WireCrypt = Disabled
UserManager = Srp

TempDirectories = c:\temp
MaxUserTraceLogSize = 99999
FileSystemCacheThreshold = 65536K
LockHashSlots = 22111
TempCacheLimit = 2147483647

-- and FB service was restarted.

After that OS user with cyrillic characters has been created on that host, his name is: "ВасисуалийПупка", after that Windows session was restarted with this user name.

Trying to connect to database 'employee' using OS authentification fails in this case - see attached file "trusted-auth-with-non-ascii-chars-in-os-user-name.png".
If undo changes in firebird.conf and try to create SQL login with non-ascii characters and connect using it - all OK, see file "srp-auth-with-non-ascii-chars-in-SQL-user-name.png" (but there is one question about MON$REMOTE_OS_USER - see this screenshot).

Commits: 881c796 FirebirdSQL/fbt-repository@de2c331

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Jul 23, 2015

Modified by: @pavel-zotov

Attachment: trusted-auth-with-non-ascii-chars-in-os-user-name.png [ 12783 ]

Attachment: srp-auth-with-non-ascii-chars-in-SQL-user-name.png [ 12784 ]

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Jul 23, 2015

Modified by: @pavel-zotov

summary: Trusted auth. does not workwhen OS user name contains non-ascii characters (rather than Srp auth which does work fine in that case for SQL login) => Trusted auth. does not work when OS user name contains non-ascii characters (rather than Srp auth which does work fine in that case for SQL login)

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Jul 24, 2015

Modified by: @AlexPeshkoff

assignee: Alexander Peshkov [ alexpeshkoff ]

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Oct 27, 2015

Modified by: @dyemanov

Fix Version: 3.0.0 [ 10048 ]

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Feb 1, 2016

Modified by: @dyemanov

summary: Trusted auth. does not work when OS user name contains non-ascii characters (rather than Srp auth which does work fine in that case for SQL login) => Error retrieving current user name when using Windows trusted authentication and OS user name contains non-ASCII characters

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Feb 1, 2016

Modified by: @dyemanov

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Feb 2, 2016

Commented by: @dyemanov

In order to test this ticket, a shorter OS user name must be used. Trusted authentication prepends the user name with a host/domain name - <host>\<user> - and keep in mind that UTF8 representation of "ВасисуалийПупка" is longer. Both these reasons may cause an error during connection time: "login is longer than 31 bytes". I've been testing with "Васисуалий" and it worked.

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented May 25, 2016

Modified by: @pavel-zotov

status: Resolved [ 5 ] => Resolved [ 5 ]

QA Status: No test => Cannot be tested

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment