Closed k33pn3xtlvl closed 9 months ago
Thank you very much. Your logs are very helpful.
If the code listed above does not have a Ping(), will the subsequent Query work?
And one more thing, does it give an error if you give the following settings in firebird.conf?
AuthServer = Srp256,Srp,Legacy_Auth
Trying to figure out if the problem is with Ping() or authentication.
Thank you, I have implemented your instructions, here are my results and attempts.
I'm not sure how much this attitude plays a role, but this is the output of the keyholder.conf
type .\plugins\KeyHolder.conf
UnsafeClient=true
Add in firebird.conf AuthServer = Srp256,Srp,Legacy_Auth
Results:
dsn := "SYSDBA:masterkey@192.168.58.201:5145/C:\Users\Home\Desktop\DB\DB.FDB?role=RDB$ADMIN&auth_plugin_name=Legacy_Auth" "Client attempted to attach unencrypted but wire encryption is required"
dsn := "SYSDBA:masterkey@192.168.58.201:5145/C:\Users\Home\Desktop\DB\DB.FDB?role=RDB$ADMIN&wire_crypt=true&auth_plugin_name=Legacy_Auth" "Client attempted to attach unencrypted but wire encryption is required"
dsn := "SYSDBA:masterkey@192.168.58.201:5145/C:\Users\Home\Desktop\DB\DB.FDB?role=RDB$ADMIN&auth_plugin_name=Srp256" Error op_response:97
dsn := "SYSDBA:masterkey@192.168.58.201:5145/C:\Users\Home\Desktop\DB\DB.FDB?role=RDB$ADMIN&auth_plugin_name=Srp" Error op_response:97
I see, it seems that the authentication is failing, not Ping().
The gsec results in my environment look like this
$ /opt/firebird/bin/gsec -display -user sysdba -password masterkey
user name uid gid admin full name
------------------------------------------------------------------------------------------------
SYSDBA
I am building Firebird Server from the latest source code, so what you see may be different, but do you have a SYSDBA user? Also, can you connect with isql with the same user and password as the code?
I have only been able to test on Ubuntu, but I don't think I have received similar reports on Windows.
Has anyone solved the same situation with the same environment Firebird 3.0.8 + Windows?
Many thanks for the very quick reply! - Yes the user exists in the db.
Here are my results, there are a few other users, but I think this user is the relevant one.
.\gsec.exe -display -user sysdba -password masterkey
user name uid gid admin full name
------------------------------------------------------------------------------------------------
SYSDBA 0 0
As an example, I can establish a clean connection with firebird via dbeaver ce (v23.3.0) or via falmerobin (0.9.10 (git hash f4386f82) Unicode).
A small side note that may also be helpful for this and your other project As you also develop "https://github.com/nakagami/pyfirebirdsql" I tested in container "jacobalberty/firebird:v3.0.8" with the pyfirebirdsql driver to be make sure it was not my fault in some way or the installed Firebird 3.0.8 on Windows. I also tried the latest "https://pypi.org/project/fdb/".
Unfortunately I got the same error with the pyfirebirdsql driver:
But it works with the python3 "fdb"
Maybe KeyHolderPlugin is not working. I have never used it.
After some long debugging and reverse sessions and seeing how it is implemented in C# (https://github.com/FirebirdSQL/NETProvider/blob/87933e5e9edb79dcab32f410431c407cd8219b10/src/FirebirdSql.Data.FirebirdClient/Client/Managed/Version13/GdsDatabase.cs#L297 and https://github.com/FirebirdSQL/NETProvider/blob/87933e5e9edb79dcab32f410431c407cd8219b10/src/FirebirdSql.Data.FirebirdClient/Client/Managed/Version13/GdsDatabase.cs#L49), I was able to get it to work. Since I currently (at least for now) do not need to provide a decryption key, I would leave this implementation as it is, as it covers my needs and maybe someone else's as well. As I am not a developer, do you have any objections or suggestions? Or should I just make a merge request?
This is my diff
diff --git a/wireprotocol.go b/wireprotocol.go
index f858306..6f73dfd 100644
--- a/wireprotocol.go
+++ b/wireprotocol.go
@@ -33,15 +33,16 @@ import (
"encoding/hex"
"errors"
"fmt"
- "github.com/kardianos/osext"
- "gitlab.com/nyarla/go-crypt"
- "golang.org/x/crypto/chacha20"
"math/big"
"net"
"os"
"strconv"
"strings"
"time"
+
+ "github.com/kardianos/osext"
+ "gitlab.com/nyarla/go-crypt"
+ "golang.org/x/crypto/chacha20"
//"unsafe"
)
@@ -864,6 +865,15 @@ func (p *wireProtocol) opCrypt(plugin string) error {
return err
}
+func (p *wireProtocol) opCryptCallback() error {
+ p.debugPrint("opCryptCallback")
+ p.packInt(op_crypt_key_callback)
+ p.packInt(0)
+ p.packInt(int32(BUFFER_LEN))
+ _, err := p.sendPackets()
+ return err
+}
+
func (p *wireProtocol) opDropDatabase() error {
p.debugPrint("opDropDatabase")
p.packInt(op_drop_database)
@@ -1216,6 +1226,17 @@ func (p *wireProtocol) opResponse() (int32, []byte, []byte, error) {
for bytes_to_bint32(b) == op_dummy {
b, _ = p.recvPackets(4)
}
+ for bytes_to_bint32(b) == op_crypt_key_callback {
+
+ err = p.opCryptCallback()
+ if err != nil {
+ return 0, nil, nil, err
+ }
+
+ b, _ = p.recvPackets(12)
+ b, _ = p.recvPackets(4)
+
+ }
for bytes_to_bint32(b) == op_response && p.lazyResponseCount > 0 {
p.lazyResponseCount--
_, _, _, _ = p._parse_op_response()
Thanks, this modifications are seems good.
format code as
gofmt -w *.go
and then, please send the Pull Request. I will merge it.
thanks
After updating the Firebird from version 2.5 to version 3.0.8 I get the error message op_response:97. Unfortunately, due to my limited knowledge of golang, I am unable to determine from the source code how to solve the problem.
The update was triggered by an application using Firebird. As the application has no API, I call Firebird directly via this driver for some queries. For this reason, I do not want to make any firebird server-side adjustments. (For test purposes i can try to change it.)
Unfortunately, neither changing the auth_plugin_name nor the charset made any difference.
firebase.conf
```bash cat firebird.conf| grep -v '#\|^$' DefaultDbCachePages = 8K FileSystemCacheThreshold = 2M TempBlockSize = 2M TempCacheLimit = 128M KeyHolderPlugin = KeyHolder RemoteServicePort = 5145 RemoteAuxPort = 5146 LockMemSize = 2M LockHashSlots = 8191 ServerMode = Super ```debug logs
```txt [c00014a480] opConnect [c00014a480] sendPackets():[0 0 0 1 0 0 0 19 0 0 0 3 0 0 0 1 0 0 0 31 67 58 92 85 115 101 114 115 92 72 111 109 101 92 68 101 115 107 116 111 112 92 68 66 92 68 66 46 70 68 66 0 0 0 0 8 0 0 1 77 9 6 83 89 83 68 66 65 8 6 83 114 112 50 53 54 10 22 83 114 112 50 53 54 44 83 114 112 44 76 101 103 97 99 121 95 65 117 116 104 7 255 0 55 100 51 98 55 50 57 57 51 48 54 97 54 56 49 99 48 57 53 49 48 97 56 48 56 49 49 57 53 51 52 56 56 48 97 54 98 101 54 52 49 101 97 98 52 52 52 102 50 48 99 101 53 54 55 100 57 54 54 98 53 97 50 101 102 101 102 50 56 97 56 48 54 52 100 99 98 50 57 98 97 56 51 100 56 102 55 52 97 57 100 55 56 51 101 51 101 102 52 100 49 57 101 55 53 56 53 48 102 50 98 98 52 99 100 99 97 100 53 54 99 52 56 100 50 50 55 100 97 50 56 57 102 49 52 52 100 98 52 97 97 57 57 101 55 53 52 98 50 97 100 56 50 50 57 98 50 100 54 50 100 101 49 50 50 57 52 102 97 99 54 53 53 102 50 100 56 97 52 97 100 52 52 57 97 55 98 50 99 56 48 99 100 57 50 54 98 53 97 53 50 99 52 101 53 99 101 100 52 102 102 48 56 49 56 52 54 102 56 98 55 56 102 101 101 102 101 100 57 53 50 102 52 98 101 101 48 50 55 48 97 50 54 53 97 48 55 48 97 101 99 48 57 54 7 3 1 55 51 11 4 1 0 0 0 1 11 107 51 51 112 110 51 120 116 108 118 108 4 8 82 76 76 76 65 83 48 53 6 0 0 0 0 0 0 0 10 0 0 0 1 0 0 0 0 0 0 0 5 0 0 0 2 255 255 128 11 0 0 0 1 0 0 0 0 0 0 0 5 0 0 0 4 255 255 128 12 0 0 0 1 0 0 0 0 0 0 0 5 0 0 0 6 255 255 128 13 0 0 0 1 0 0 0 0 0 0 0 5 0 0 0 8 255 255 128 14 0 0 0 1 0 0 0 0 0 0 0 5 0 0 0 10 255 255 128 15 0 0 0 1 0 0 0 0 0 0 0 5 0 0 0 12 255 255 128 16 0 0 0 1 0 0 0 0 0 0 0 5 0 0 0 14 255 255 128 17 0 0 0 1 0 0 0 0 0 0 0 5 0 0 0 16] [c00014a480] _parse_connect_response [c00014a480] recvPackets():[0 0 0 98]:Here is my example code which results the same error (it is almost the same as in issue #151)
go code
```go package main import ( "fmt" "log" "time" "github.com/jmoiron/sqlx" _ "github.com/nakagami/firebirdsql" ) func main() { err := dbConTest() if err != nil { log.Fatal(err) } fmt.Println("DONE") } func dbConTest() error { dsn := "SYSDBA:masterkey@192.168.58.201:5145/C:\\Users\\Home\\Desktop\\DB\\DB.FDB?role=RDB$ADMIN" log.Println("dsn", dsn) db, err := sqlx.Open("firebirdsql", dsn) if err != nil { return err } log.Println("db", db) db.SetMaxOpenConns(10) db.SetMaxIdleConns(10) db.SetConnMaxLifetime(5 * time.Minute) err = db.Ping() // <- returns Error op_response:97 if err != nil { return err } return nil } ```