#1 2015-08-14 02:02:31

JerryC_ph
Member
Registered: 2013-03-11
Posts: 16

Error Encountered using Windows Credentials authentication

Here is the log when TSQLHttpClient.SetUser('','') is executed:

20150814 09553051  +    TSQLRestServerDB(00694E20).URI(GET library/TimeStamp inlen=0)
20150814 09553051 call          TSQLRestServerDB(00694E20) TimeStamp
20150814 09553051 srvr          TSQLRestServerDB(00694E20)   GET library/TimeSta
mp SOA-Method -> 200 with outlen=12 in 139 us
20150814 09553051  -    00.000.455
20150814 09553053  +    TSQLRestServerDB(00694E20).URI(GET library/Auth?UserName
=&data=YHwGBisGAQUFAqByMHCgMDAuBgorBgEEAYI3AgIKBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKK
wYBBAGCNwICHqI8BDpOVExNU1NQAAEAAAC3sgjiBwAHADMAAAALAAsAKAAAAAYDgCUAAAAPTUlTLVNUQ
UZGMDNBRERVTkVU inlen=0)
20150814 09553053 call          TSQLRestServerDB(00694E20) Auth
20150814 09553053 srvr          TSQLRestServerDB(00694E20)   GET library/Auth SO
A-Method -> 200 with outlen=367 in 469 us
20150814 09553053  -    00.001.271
20150814 09553053  +    TSQLRestServerDB(00694E20).URI(GET library/Auth?UserName
=&data=oXcwdaADCgEBoloEWE5UTE1TU1AAAwAAAAAAAABYAAAAAAAAAFgAAAAAAAAAWAAAAAAAAABYA
AAAAAAAAFgAAAAAAAAAWAAAADXCiOIGA4AlAAAAD2MoXA034A1w8Gl4sVrQUQCjEgQQAQAAAGV8baguT
wXoAAAAAA%3D%3D inlen=0)
20150814 09553053 call          TSQLRestServerDB(00694E20) Auth
20150814 09553053 EXC           EOSError ("System Error.  Code: 87.\r\nThe param
eter is incorrect") at 004246E5  stack trace API 004AC338 004AC360 00407E44
20150814 09553053 debug         TSQLRestServerDB(00694E20) TSQLRestRoutingREST.E
rror: {  "errorCode":500,  "error":  {"EOSError":{"EOSError":"System Error.  Cod
e: 87.\r\nThe parameter is incorrect"}}  }
20150814 09553053 srvr          TSQLRestServerDB(00694E20)   GET library/Auth SO
A-Method -> 500 with outlen=116 in 679 us
20150814 09553053  -    00.001.136

I also tried .SetUser('DomainName\UserName','password') and still get the same error.

Is there something that I missed?

Offline

#2 2015-08-14 05:58:50

Chaa
Member
Registered: 2011-03-26
Posts: 249

Re: Error Encountered using Windows Credentials authentication

Please write what Windows version on the client and on the server machines.

Can you trace ServerSSPIAuth (SynSSPIAuth.pas) and find which OS function call fails?

Offline

#3 2015-08-14 07:37:28

Chaa
Member
Registered: 2011-03-26
Posts: 249

Re: Error Encountered using Windows Credentials authentication

Simple test case:

program Project1;

{$APPTYPE CONSOLE}

uses
  SysUtils,
  SynLZ in 'SynLZ.pas',
  SynCommons in 'SynCommons.pas',
  SynSSPIAuth in 'SynSSPIAuth.pas';

var
  ClientSecContext: TSecContext;
  ServerSecContext: TSecContext;
  InData, OutData: RawByteString;
  UserName: RawUTF8;
begin
  try
    InvalidateSecContext(ClientSecContext, '');
    InvalidateSecContext(ServerSecContext, '');

    ClientSSPIAuth(ClientSecContext, InData, '', OutData);

    InData := OutData;

    ServerSSPIAuth(ServerSecContext, InData, OutData);

    InData := OutData;

    ClientSSPIAuth(ClientSecContext, InData, '', OutData);

    InData := OutData;

    ServerSSPIAuth(ServerSecContext, InData, OutData);
    ServerSSPIAuthUser(ServerSecContext, UserName);

    FreeSecContext(ClientSecContext);
    FreeSecContext(ServerSecContext);

    Writeln(UTF8ToString(UserName));
  except
    on E: Exception do
      Writeln(E.ClassName, ': ', E.Message);
  end;
end.

Offline

#4 2015-08-14 09:19:45

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,662
Website

Re: Error Encountered using Windows Credentials authentication

I've uploaded the sample at http://synopse.info/fossil/info/d12d499620

(with a fix to support latest version of the SynSSPIAuth.pas unit function parameters)

Offline

#5 2015-09-08 06:34:48

JerryC_ph
Member
Registered: 2013-03-11
Posts: 16

Re: Error Encountered using Windows Credentials authentication

Sorry for late reply.

Thanks for the test case code.  It works fine.

However, I'm still getting the same error with the latest nightly build.

I'm using Windows 8.1 and Delphi XE2 with server and client running on the same machine.

Call Stack Trace shows the error occurred on Line 465 ( SetString(aOutData, PAnsiChar(OutBuf.pvBuffer), OutBuf.cbBuffer); ) on SynSSPIAuth.pas

Offline

#6 2015-09-09 11:42:21

Chaa
Member
Registered: 2011-03-26
Posts: 249

Re: Error Encountered using Windows Credentials authentication

As I can see, exception raised on line 463 by RaiseLastOSError due to failed call to AcceptSecurityContext.
Try to change RaiseLastOSError to RaiseLastOSError(Status). And see what error returned by AcceptSecurityContext.
Resulting code:

  Status := AcceptSecurityContext(@aSecContext.CredHandle, LInCtxPtr, @InDesc,
      ASC_REQ_ALLOCATE_MEMORY or ASC_REQ_CONFIDENTIALITY,
      SECURITY_NATIVE_DREP, @aSecContext.CtxHandle, @OutDesc, CtxAttr, Expiry);

  Result := (Status = SEC_I_CONTINUE_NEEDED) or (Status = SEC_I_COMPLETE_AND_CONTINUE);

  if (Status = SEC_I_COMPLETE_NEEDED) or (Status = SEC_I_COMPLETE_AND_CONTINUE) then
    Status := CompleteAuthToken(@aSecContext.CtxHandle, @OutDesc);
  if Status < 0 then
      RaiseLastOSError(Status);

More on AcceptSecurityContext - https://msdn.microsoft.com/ru-ru/librar … 74703.aspx

Offline

#7 2015-09-09 11:47:01

Chaa
Member
Registered: 2011-03-26
Posts: 249

Re: Error Encountered using Windows Credentials authentication

I tested sample "04 - HTTP Client-Server" on Windows 8.1 and Delphi XE5. It works fine (I changed call to SetUser('','') and in database change login name "synopse" to my domain account name).

Offline

#8 2015-09-10 07:00:17

JerryC_ph
Member
Registered: 2013-03-11
Posts: 16

Re: Error Encountered using Windows Credentials authentication

AcceptSecurityContext is returning -2146893048.

Offline

#9 2015-09-10 07:02:13

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,662
Website

Re: Error Encountered using Windows Credentials authentication

This is SEC_E_INVALID_TOKEN, as explained by https://msdn.microsoft.com/en-us/librar … p/aa374708

Offline

#10 2015-09-23 09:44:01

Chaa
Member
Registered: 2011-03-26
Posts: 249

Re: Error Encountered using Windows Credentials authentication

Typically, this happens when the data (aInData for ServerSSPIAuth) is corrupted or when used wrong aSecContext for that data.

For example, similar error three years ago: Weird timing issue in ServerSSPIAuth.

P.S.
You may try to use browser to check auth:

http://myserver:8080/library/Auth?UserName=&data=

Offline

#11 2015-10-12 05:51:09

Chaa
Member
Registered: 2011-03-26
Posts: 249

Re: Error Encountered using Windows Credentials authentication

Offline

#12 2015-10-12 07:12:44

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,662
Website

Re: Error Encountered using Windows Credentials authentication

Should be fixed by http://synopse.info/fossil/info/cc41670824

Thanks for the report and investigation!

Offline

Board footer

Powered by FluxBB