Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Connections compressed and encrypted in MON$ATTACHMENTS table [CORE5536] #5804

Closed
firebird-issue-importer opened this issue May 13, 2017 · 17 comments

Comments

@firebird-issue-importer

Submitted by: erick perez (erickperez)

Jira_subtask_outward CORE5601
Jira_subtask_outward CORE5913

Votes: 3

It would nice to know if connections are compressed or/and encrypted in MON$ATTACHMENTS table. There is not way to know this info from server side easily. We can see client and remote version, but this is not enogh information to be sure if client connection is compressed and encrypted

Commits: 50e9f8c 2ac2aa8 83e1342 ec9e4ac 4e4be00

====== Test Details ======

3.0.3 is NOT checked -- see comment 29/Aug/17 05:18 AM

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented May 13, 2017

Modified by: @dyemanov

assignee: Dmitry Yemanov [ dimitr ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented May 15, 2017

Modified by: @AlexPeshkoff

assignee: Dmitry Yemanov [ dimitr ] => Alexander Peshkov [ alexpeshkoff ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented May 16, 2017

Commented by: @dyemanov

The easiest solution might be extending MON$REMOTE_VERSION with flag characters 'C'/'Z' like "show version" does (e.g. P13/C), but this does not look user friendly. Maybe pass such a line internally via DPB but parse it inside the MON handler and decode into different fields?

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented May 16, 2017

Commented by: @AlexPeshkoff

Yes, I was thinking about something like this. Separate boolean fields are much better than characters in protocol version.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Aug 15, 2017

Commented by: @AlexPeshkoff

In FB3 adding fields to monitoring table means minor ODS change which we avoid in point releases. Therefore only new tag for attachment information call was backported.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Aug 15, 2017

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 3.0.3 [ 10810 ]

Fix Version: 4.0 Beta 1 [ 10750 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Aug 28, 2017

Modified by: @pavel-zotov

status: Resolved [ 5 ] => Resolved [ 5 ]

QA Status: No test => Done with caveats

Test Details: 3.0.3 is NOT checked because currently one may use only Legacy_Auth method in fbtest framedwork
and there is no difference in output of MON$REMOTE_VERSION field: in any case this field will contain
'Legacy_Auth' string without any details.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Aug 28, 2017

Modified by: @pavel-zotov

status: Resolved [ 5 ] => Closed [ 6 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Aug 29, 2017

Commented by: @pavel-zotov

I've checked fresh 3.0.3 snapshot and found that there is _no_ differences in MON$REMOTE_VERSION
content when parameter 'WireCompression' is changed to true and/or parameter WireCrypt is set to
Required or Enabled.
This field contains 'P15' in any case, w/o suffix(es) 'C/Z'.

Following firebird.conf was used to initialize security3.fdb and check content of mon$attachments (build WI-V3.0.3.32798):

AuthServer = Srp
AuthClient = Srp,Win_Sspi
WireCrypt = Required
WireCompression = true
UserManager = Srp

Then:

echo set list on; select * from mon$attachments where mon$attachment_id = current_connection; show database; | C:\MIX\firebird\fb30\isql -z /:e30

Log of this command:

ISQL Version: WI-V3.0.3.32798 Firebird 3.0
Server version:
WI-V3.0.3.32798 Firebird 3.0
WI-V3.0.3.32798 Firebird 3.0/tcp (csprog)/P15:CZ --------------------------------------- [1]
WI-V3.0.3.32798 Firebird 3.0/tcp (csprog)/P15:CZ
Database: /:e30, User: SYSDBA
SQL>
MON$ATTACHMENT_ID 56
MON$SERVER_PID 2012
MON$STATE 1
MON$ATTACHMENT_NAME e30
MON$USER SYSDBA
MON$ROLE NONE
MON$REMOTE_PROTOCOL TCPv4
MON$REMOTE_ADDRESS 192.168.1.57/1082
MON$REMOTE_PID 2208
MON$CHARACTER_SET_ID 0
MON$TIMESTAMP 2017-08-29 08:08:34.1090
MON$GARBAGE_COLLECTION 1
MON$REMOTE_PROCESS C:\MIX\firebird\fb30\isql.exe
MON$STAT_ID 8
MON$CLIENT_VERSION WI-V3.0.3.32798 Firebird 3.0
MON$REMOTE_VERSION P15 ------------------------------------------------------ [2]
MON$REMOTE_HOST csprog
MON$REMOTE_OS_USER zotov
MON$AUTH_METHOD Srp
MON$SYSTEM_FLAG 0

NB: line [1] _does_ contain:
1) suffix 'Z' when WireCompression= true (and does not in opposite case).
2) suffix 'C' when WireCrypt = Required or Enabled

But line [2] has no such sufixes (of course, I did restart FB after each changing).

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Aug 29, 2017

Modified by: @pavel-zotov

status: Closed [ 6 ] => Closed [ 6 ]

Test Details: 3.0.3 is NOT checked because currently one may use only Legacy_Auth method in fbtest framedwork
and there is no difference in output of MON$REMOTE_VERSION field: in any case this field will contain
'Legacy_Auth' string without any details.

=>

3.0.3 is NOT checked -- see comment 29/Aug/17 05:18 AM

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Aug 29, 2017

Modified by: @pavel-zotov

status: Closed [ 6 ] => Closed [ 6 ]

Test Specifics: [Custom configuration required]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Aug 29, 2017

Commented by: @AlexPeshkoff

This is as designed in fb3 - one must use Attachment::getInfo() call with new tag (fb_info_conn_flags) in order to obtain compress/crypt info, monitoring tables remain unchanged. Read carefully what I've written: "only new tag for attachment information call was backported".

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Aug 29, 2017

Commented by: @pavel-zotov

So why 3.0.3 is included into "Fix Version/s" ? We stilll have to use 'show version' rather than query to mon$attachments in order to obtain info about compression/encryption. Author of this ticket asked about mon$-approach, AFAIU..

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Aug 29, 2017

Commented by: @AlexPeshkoff

Do you think it makes sense to change fix list here and add new ticket for fb3?

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Aug 29, 2017

Commented by: @pavel-zotov

No, I don't think like this.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Aug 29, 2017

Commented by: Sean Leyne (seanleyne)

IMO, this case should be changed to be v4 only, since the requirement/subject described is not met in v3.x.

A separate v3.x & 4.x case "new tag ( fb_info_conn_flags) to getInfo() API call" should be created, since it is only that functionality which is supported in v3.x

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Aug 30, 2017

Modified by: @AlexPeshkoff

Fix Version: 3.0.3 [ 10810 ] =>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants