Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Srp user manager sporadically creates users which can not attach [CORE6038] #6288

Closed
firebird-issue-importer opened this issue Mar 29, 2019 · 14 comments

Comments

@firebird-issue-importer

Submitted by: @artyom-smirnov

To reproduce this bug enough to create user/try to login/drop user many times.

I digged into Srp manager and found it happen with some "magic" salts. For example: AE7A9732FB795098A4ECE3CE28BD01C4363E870F9AD399AFBEE2CBC6FBB30580

If you try to set this constant salt in SrpManagement.cpp all newly created users will be unable to authenticate (SrpServer.cpp: SrpServer::authenticate "if (clientProof == serverProof)" always false).

Reproducing script:

#⁠!/bin/bash

BIN=/opt/firebird/bin/
DBPATH=/tmp/test
DB=localhost:$DBPATH

cat << EOF > /tmp/prepare
create database '$DB' user sysdba password 'masterkey';
drop user test;
EOF

cat << EOF > /tmp/sql
connect '$DB' user sysdba password 'masterkey';
create user test password 'test';
connect '$DB' user test password 'test';
connect '$DB' user sysdba password 'masterkey';
drop user test;
EOF

rm $DBPATH
$BIN/isql -i /tmp/prepare

set -e

while true; do
$BIN/isql -b -i /tmp/sql
done

Commits: b52874f b30b7e2

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Mar 29, 2019

Modified by: @AlexPeshkoff

assignee: Alexander Peshkov [ alexpeshkoff ]

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Apr 4, 2019

Commented by: @artyom-smirnov

Looks I've found root of problem:

In some cases verifier (SrpManager.cpp: server.computeVerifier(user->userName()->get(), s1, user->password()->get()).getBytes(s);) which is should be 128 bit number generated as 127 bit.

When selecting (SrpServer.cpp: "SELECT PLG$VERIFIER, PLG$SALT FROM PLG$SRP WHERE PLG$USER_NAME = ? AND PLG$ACTIVE";) it casted to array of 128 bits (SrpServer.cpp: verifier.assign(reinterpret_cast<const UCHAR*>((const char*)verify), RemotePassword::SRP_VERIFIER_SIZE);) and padded with extra zero bytes at right. So after this casting we will get wrong verifier.

For example if we pad verifier from left when selecting it will be casted properly:
SELECT LPAD(PLG$VERIFIER, 128), PLG$SALT FROM PLG$SRP WHERE PLG$USER_NAME = ? AND PLG$ACTIVE"

The question is it always should be 128 bit or not?

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Apr 4, 2019

Commented by: @AlexPeshkoff

You've meant 128 bytes I suppose.
No - it should not. Treat verifier as a very big integer. When upper byte is 0 it's just omitted and this looks like 127-byte verifier.
If you have any DB with such verifier please send it to me - want to fix.

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Apr 4, 2019

Commented by: @artyom-smirnov

Yep, bytes of course.

Here backup and original security3.fdb database. User/password are test/test

https://www.dropbox.com/s/0qc79m69fix0byi/security3.bak?dl=1
https://www.dropbox.com/s/1wej7tbiphm2any/security3.fdb?dl=1

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Apr 14, 2019

Commented by: @AlexPeshkoff

Slightly offtopic - never used to notice that effect myself, great that you've found relatively stable case.

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Apr 14, 2019

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 3.0.5 [ 10885 ]

Fix Version: 4.0 Beta 2 [ 10888 ]

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Jun 5, 2019

Modified by: @pavel-zotov

status: Resolved [ 5 ] => Resolved [ 5 ]

QA Status: No test => Deferred

Test Details: Reproduced on old FB, but have question about randomness.
Sent letter to dimitr and alex, 04.06.2019 08:48.
Waiting for reply.

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Jun 5, 2019

Modified by: @pavel-zotov

status: Resolved [ 5 ] => Resolved [ 5 ]

QA Status: Deferred => Cannot be tested

Test Details: Reproduced on old FB, but have question about randomness.
Sent letter to dimitr and alex, 04.06.2019 08:48.
Waiting for reply.

=>

Ticket's issue *confirmed* following script:

connect 'localhost:e30' user sysdba password 'masterkey';
create or alter user c6038_srp password 'c6038_srp' using plugin Srp;
commit;
connect 'localhost:e30' user c6038_srp password 'c6038_srp';
commit;
connect 'localhost:e30' user sysdba password 'masterkey';
drop user c6038_srp using plugin Srp;
exit;

-- raises exception on WI-V3.0.5.33118 (date: 11.04.19): Statement failed, SQLSTATE = 28000 / Your user name and password are not defined. Ask your database administrator to set up a Firebird login.
But this error can occur within wide scopr of iterations. On my machine (Win 8.1) this is scope from 5 to ~250.

Error was gone on WI-V3.0.5.33139 - at least for first 10'000 iterations there was no exception.
But if some kind of regression will occur in the future then NEW scope for getting error can be much larger than above mentioned - say, with lo bound = 3000 or 5000 or so.
This means that creating test with hard-coded upper bound for loop is almost useless.

After discuss with dimitr, it was decided to SKIP creation of test for this ticket.

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Jun 5, 2019

Modified by: @pavel-zotov

status: Resolved [ 5 ] => Closed [ 6 ]

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Jun 5, 2019

Modified by: @pavel-zotov

status: Closed [ 6 ] => Closed [ 6 ]

Test Details: Ticket's issue *confirmed* following script:

connect 'localhost:e30' user sysdba password 'masterkey';
create or alter user c6038_srp password 'c6038_srp' using plugin Srp;
commit;
connect 'localhost:e30' user c6038_srp password 'c6038_srp';
commit;
connect 'localhost:e30' user sysdba password 'masterkey';
drop user c6038_srp using plugin Srp;
exit;

-- raises exception on WI-V3.0.5.33118 (date: 11.04.19): Statement failed, SQLSTATE = 28000 / Your user name and password are not defined. Ask your database administrator to set up a Firebird login.
But this error can occur within wide scopr of iterations. On my machine (Win 8.1) this is scope from 5 to ~250.

Error was gone on WI-V3.0.5.33139 - at least for first 10'000 iterations there was no exception.
But if some kind of regression will occur in the future then NEW scope for getting error can be much larger than above mentioned - say, with lo bound = 3000 or 5000 or so.
This means that creating test with hard-coded upper bound for loop is almost useless.

After discuss with dimitr, it was decided to SKIP creation of test for this ticket.

=>

Ticket's issue was *confirmed* by executing following script:

connect 'localhost:e30' user sysdba password 'masterkey';
create or alter user c6038_srp password 'c6038_srp' using plugin Srp;
commit;
connect 'localhost:e30' user c6038_srp password 'c6038_srp';
commit;
connect 'localhost:e30' user sysdba password 'masterkey';
drop user c6038_srp using plugin Srp;
exit;

-- raises exception on WI-V3.0.5.33118 (date: 11.04.19): Statement failed, SQLSTATE = 28000 / Your user name and password are not defined. Ask your database administrator to set up a Firebird login.
But this error can occur within wide scopr of iterations. On my machine (Win 8.1) this is scope from 5 to ~250.

Error was gone on WI-V3.0.5.33139 - at least for first 10'000 iterations there was no exception.
But if some kind of regression will occur in the future then NEW scope for getting error can be much larger than above mentioned - say, with lo bound = 3000 or 5000 or so.
This means that creating test with hard-coded upper bound for loop is almost useless.

After discuss with dimitr, it was decided to SKIP creation of test for this ticket.

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Jun 6, 2019

Modified by: @pavel-zotov

status: Closed [ 6 ] => Reopened [ 4 ]

resolution: Fixed [ 1 ] =>

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Jun 6, 2019

Modified by: @pavel-zotov

status: Reopened [ 4 ] => Reopened [ 4 ]

QA Status: Cannot be tested => Deferred

Test Details: Ticket's issue was *confirmed* by executing following script:

connect 'localhost:e30' user sysdba password 'masterkey';
create or alter user c6038_srp password 'c6038_srp' using plugin Srp;
commit;
connect 'localhost:e30' user c6038_srp password 'c6038_srp';
commit;
connect 'localhost:e30' user sysdba password 'masterkey';
drop user c6038_srp using plugin Srp;
exit;

-- raises exception on WI-V3.0.5.33118 (date: 11.04.19): Statement failed, SQLSTATE = 28000 / Your user name and password are not defined. Ask your database administrator to set up a Firebird login.
But this error can occur within wide scopr of iterations. On my machine (Win 8.1) this is scope from 5 to ~250.

Error was gone on WI-V3.0.5.33139 - at least for first 10'000 iterations there was no exception.
But if some kind of regression will occur in the future then NEW scope for getting error can be much larger than above mentioned - say, with lo bound = 3000 or 5000 or so.
This means that creating test with hard-coded upper bound for loop is almost useless.

After discuss with dimitr, it was decided to SKIP creation of test for this ticket.

=>

Ticket was reopened after discuss with alex and dimitr.
Test is ready but new problem detected on Classic: SYSDBA after some number of iterations (usually no more than 100) get exception on attempt to execute "DROP USER" statemewnt:
336723990 : record not found for user: <selected_user_name>
After this connect to database with <selected_user_name> will fail.

Sent letter to alex and dimitr, 06.06.2019 08:29. Waiting for reply.

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Jun 11, 2019

Modified by: @pavel-zotov

status: Reopened [ 4 ] => Reopened [ 4 ]

QA Status: Deferred => Done successfully

Test Details: Ticket was reopened after discuss with alex and dimitr.
Test is ready but new problem detected on Classic: SYSDBA after some number of iterations (usually no more than 100) get exception on attempt to execute "DROP USER" statemewnt:
336723990 : record not found for user: <selected_user_name>
After this connect to database with <selected_user_name> will fail.

Sent letter to alex and dimitr, 06.06.2019 08:29. Waiting for reply.

=>

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Jun 11, 2019

Modified by: @pavel-zotov

status: Reopened [ 4 ] => Closed [ 6 ]

resolution: Fixed [ 1 ]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants