#1 2018-02-27 03:23:23

JerryC_ph
Member
Registered: 2013-03-11
Posts: 16

Windows Authentication Fails After 2018-01-21 build and onwards

I noticed the issue when I recompiled two of my apps two days ago using the latest build.

So I went through the timelines and tried each build and see which build would work.  The latest build that worked is ecdbf3a280 (2018-01-19).

I created ticket 560f084ad0 to report this issue.

I hope this can be resolved soon.

Thanks

Offline

#2 2018-02-27 05:19:26

Chaa
Member
Registered: 2011-03-26
Posts: 248

Re: Windows Authentication Fails After 2018-01-21 build and onwards

Commit d56fbbd7fb27f077 changed behavior of Base64ToBin function in case of empty input parameters.
Before commit Base64ToBin('', 0, OutData) results in empty OutData, after commit OutData remains untouched.

To solve problem only in SSPI auth you can change some code in mORMot.pas from:

class function TSQLRestServerAuthentication.ClientGetSessionKey(
  Sender: TSQLRestClientURI; User: TSQLAuthUser; const aNameValueParameters: array of const): RawUTF8;
...
begin
...
  end else begin
    SetString(result,values[0],StrLen(values[0]));
    Base64ToBin(PAnsiChar(values[1]),StrLen(values[1]),Sender.fSessionData)
...
end;

To:

class function TSQLRestServerAuthentication.ClientGetSessionKey(
  Sender: TSQLRestClientURI; User: TSQLAuthUser; const aNameValueParameters: array of const): RawUTF8;
...
begin
...
  end else begin
    SetString(result,values[0],StrLen(values[0]));
    if not Base64ToBin(PAnsiChar(values[1]),StrLen(values[1]),Sender.fSessionData) then
      Sender.fSessionData := '';
...
end;

To ab:
Description of Base64ToBin explicitly specified that OutData must be cleaned:
"returns false and data='' if sp/len buffer was invalid"

Offline

#3 2018-02-27 05:52:51

JerryC_ph
Member
Registered: 2013-03-11
Posts: 16

Re: Windows Authentication Fails After 2018-01-21 build and onwards

Thank you so much Chaa.

Offline

#4 2018-02-27 06:24:28

mpv
Member
From: Ukraine
Registered: 2012-03-24
Posts: 1,570
Website

Re: Windows Authentication Fails After 2018-01-21 build and onwards

About the reason why Base64ToBin changed see this topic.
@ab - may be we add data := '' in case resultLen=0 in the Base64ToBinSafe?

Offline

#5 2018-02-27 08:18:56

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,603
Website

Re: Windows Authentication Fails After 2018-01-21 build and onwards

Please see https://synopse.info/fossil/info/876de04f72

Sorry for the feedback!

Offline

#6 2018-02-27 08:37:35

Chaa
Member
Registered: 2011-03-26
Posts: 248

Re: Windows Authentication Fails After 2018-01-21 build and onwards

ab, and another issue:
In SynSSPI.pas there is in many places missed keyword "raise", for example:

  if QueryContextAttributesW(@aSecContext.CtxHandle, SECPKG_ATTR_SIZES, @Sizes) <> 0 then
    ESynSSPI.CreateLastOSError(aSecContext);
  ^
  +-- raise missed

Offline

#7 2018-02-27 10:42:45

Chaa
Member
Registered: 2011-03-26
Posts: 248

Re: Windows Authentication Fails After 2018-01-21 build and onwards

Offline

Board footer

Powered by FluxBB