Skip to content

Make server to correctly handle case when accept() returns both success and data for client. #8262

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Sep 23, 2024
Merged

Make server to correctly handle case when accept() returns both success and data for client. #8262

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 10 additions & 6 deletions src/auth/trusted/AuthSspi.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -367,7 +367,8 @@ bool AuthSspi::getLogin(string& login, bool& wh, GroupsList& grNames)


WinSspiServer::WinSspiServer(Firebird::IPluginConfig*)
: sspiData(getPool())
: sspiData(getPool()),
done(false)
{ }

int WinSspiServer::authenticate(Firebird::CheckStatusWrapper* status,
Expand All @@ -376,17 +377,18 @@ int WinSspiServer::authenticate(Firebird::CheckStatusWrapper* status,
{
try
{
const bool wasActive = sspi.isActive();

sspiData.clear();
unsigned int length;
const unsigned char* bytes = sBlock->getData(&length);
sspiData.add(bytes, length);

if (done && !length && !sspi.isActive())
return AUTH_SUCCESS;

if (!sspi.accept(sspiData))
return AUTH_CONTINUE;

if (wasActive && !sspi.isActive())
if (!sspi.isActive())
{
bool wheel = false;
string login;
Expand Down Expand Up @@ -445,7 +447,9 @@ int WinSspiServer::authenticate(Firebird::CheckStatusWrapper* status,
return AUTH_FAILED;
}

return AUTH_SUCCESS;
done = true;
if (sspiData.isEmpty())
return AUTH_SUCCESS;
}

sBlock->putData(status, sspiData.getCount(), sspiData.begin());
Expand All @@ -456,7 +460,7 @@ int WinSspiServer::authenticate(Firebird::CheckStatusWrapper* status,
return AUTH_FAILED;
}

return AUTH_MORE_DATA;
return done ? AUTH_SUCCESS_WITH_DATA : AUTH_MORE_DATA;
}


Expand Down
1 change: 1 addition & 0 deletions src/auth/trusted/AuthSspi.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 +124,7 @@ class WinSspiServer :
private:
AuthSspi::DataHolder sspiData;
AuthSspi sspi;
bool done;
};

class WinSspiClient :
Expand Down
1 change: 1 addition & 0 deletions src/include/firebird/FirebirdInterface.idl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -768,6 +768,7 @@ interface Auth : PluginBase
const int AUTH_SUCCESS = 0;
const int AUTH_MORE_DATA = 1;
const int AUTH_CONTINUE = 2;
const int AUTH_SUCCESS_WITH_DATA = 3;
}

interface Writer : Versioned
Expand Down
1 change: 1 addition & 0 deletions src/include/firebird/IdlFbInterfaces.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3062,6 +3062,7 @@ namespace Firebird
static CLOOP_CONSTEXPR int AUTH_SUCCESS = 0;
static CLOOP_CONSTEXPR int AUTH_MORE_DATA = 1;
static CLOOP_CONSTEXPR int AUTH_CONTINUE = 2;
static CLOOP_CONSTEXPR int AUTH_SUCCESS_WITH_DATA = 3;
};

#define FIREBIRD_IWRITER_VERSION 2u
Expand Down
1 change: 1 addition & 0 deletions src/include/gen/Firebird.pas
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1968,6 +1968,7 @@ IAuth = class(IPluginBase)
const AUTH_SUCCESS = Integer(0);
const AUTH_MORE_DATA = Integer(1);
const AUTH_CONTINUE = Integer(2);
const AUTH_SUCCESS_WITH_DATA = Integer(3);

end;

Expand Down
17 changes: 16 additions & 1 deletion src/remote/server/server.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -632,7 +632,10 @@ class ServerAuth : public GlobalStorage, public ServerAuthBase
}

// if we asked for more data but received nothing switch to next plugin
const bool forceNext = (flags & AUTH_CONTINUE) && (!authPort->port_srv_auth_block->hasDataForPlugin());
const bool forceNext = (flags & AUTH_CONTINUE) &&
(!authPort->port_srv_auth_block->hasDataForPlugin()) &&
(!authPort->port_srv_auth_block->authCompleted());

HANDSHAKE_DEBUG(fprintf(stderr, "Srv: authenticate: ServerAuth calls plug %s\n",
forceNext ? "forced-NEXT" : authItr->name()));
int authResult = forceNext ? IAuth::AUTH_CONTINUE :
Expand Down Expand Up @@ -661,6 +664,11 @@ class ServerAuth : public GlobalStorage, public ServerAuthBase
authServer = NULL;
continue;

case IAuth::AUTH_SUCCESS_WITH_DATA:
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: authenticate: success with data\n"));
fb_assert(!authPort->port_srv_auth_block->authCompleted());
// fall thru

case IAuth::AUTH_MORE_DATA:
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: authenticate: plugin wants more data\n"));
if (authPort->port_protocol < PROTOCOL_VERSION11)
Expand Down Expand Up @@ -714,6 +722,13 @@ class ServerAuth : public GlobalStorage, public ServerAuthBase
if (send->p_acpt.p_acpt_type & pflag_compress)
authPort->port_flags |= PORT_compressed;
memset(&send->p_auth_cont, 0, sizeof send->p_auth_cont);

if (authResult == IAuth::AUTH_SUCCESS_WITH_DATA)
{
authPort->port_srv_auth_block->authCompleted(true);
HANDSHAKE_DEBUG(fprintf(stderr, "Srv: authenticate: success with data, completed\n"));
}

return false;

case IAuth::AUTH_FAILED:
Expand Down
Loading