Srp256 authentication stopped working after upgrading Firebird SQL Server to version 3.0.10

[luronumen]

ACTUAL RESULT

• Srp256 authentication stopped working after upgrading Firebird SQL Server to version 3.0.10:

• This issue did not happen with Firebird SQL Server version 3.0.9!

EXPECTED RESULT

• Srp256 authentication should work in Firebird SQL Server version 3.0.10 as it did in Firebird SQL Server version 3.0.9

IMPORTANT NOTES

• This issue does not happen if Srp256 authentication is done using FlameRobin (fbclient.dll)
• This issue does not happen using Win_Sspi authentication

STEPS TO REPRODUCE THIS ISSUE

• On Firebird SQL Server version 3.0.9 check that the Srp256 authentication is working perfectly
• Update Firebird SQL Server to version 3.0.10: Verify that Srp256 authentication stopped working after upgrading Firebird SQL Server to version 3.0.10

ENVIRONMENT SETUP

ConnectionString var fbConnectionStringBuilder = new FbConnectionStringBuilder { Pooling = true, ServerType = FbServerType.Default, DataSource = "CINMOTO.MOT.COM", Database = "MOTOROBOT_CIN", UserID = "My UserID", Password = "My Password", Charset = "WIN1252", Role = "RDB$ADMIN" };

firebird.conf

SETUP

UserManager = Srp, Legacy_UserManager WireCrypt = Enabled

PERFORMANCE

DefaultDbCachePages = 50K FileSystemCacheThreshold = 999M LockHashSlots = 49999 LockMemSize = 30M TempBlockSize = 2M TempCacheLimit = 1024M

SECURITY

DatabaseAccess = None

databases.conf MOTOROBOT_CIN = D:\APPLICATIONS\LURONUMEN\DB\MOTOROBOT_CIN.FDB { AuthServer = Srp256, Win_Sspi SecurityDatabase = MOTOROBOT_CIN UserManager = Srp }

[luronumen]

Hi @cincuranet

I debugged this issue better and I believe I have identified the issue:

1. Install the Firebird SQL Server 3.0.9
2. Create a Database from it
3. Create a user in this database using the following command: CREATE OR ALTER USER "CINMOTO\WLM070" SET PASSWORD '123456' USING PLUGIN SRP
4. Try to connect with this database using CINMOTO\wlm070 user: PASS!
5. Try to connect with this database using CINMOTO\WLM070 user: PASS!
6. Update the firebird to Firebird SQL Server 3.0.10
7. Try to connect with this database using CINMOTO\wlm070 user: FAIL!
8. Try to connect with this database using CINMOTO\WLM070 user: PASS!

CONCLUSION The System.Security.Principal.WindowsIdentity.GetCurrent().Name C# .net method always return the current user as CINMOTO\wlm070 and until the Firebird SQL Server 3.0.9 the CINMOTO\wlm070 and CINMOTO\WLM070 are the same user. I believe that the issue Wrong detection of must-be-delimited user names #7106 fixed on Firebird SQL Server 3.0.10 has changed this behavior. I reading the firebird documentation 13.2.1. CREATE USER saw that: The username argument must follow the rules for Firebird regular identifiers: Delimited identifiers are case-sensitive in all contexts In other works, There was a bug in firebird until the Firebird SQL Server 3.0.9 that allowed me to log into the system using the CINMOTO\wlm070 user even though I registered the "CINMOTO\WLM070" user in the database. When I replaced System.Security.Principal.WindowsIdentity.GetCurrent().Name by System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToUpper() in my source code I got to login without any issue. So, In my option this is not a Firebird ADO.NET provide issue. Does it make sense for you too?

Thanks in advance, Luciano

[cincuranet]

Makes sense. And great job finding the issue (and I'm also happy it's not issue in the provider :)).