Windows Authentication Fails After 2018-01-21 build and onwards

JerryC_ph · 2018-02-27 03:23:23

I noticed the issue when I recompiled two of my apps two days ago using the latest build.

So I went through the timelines and tried each build and see which build would work. The latest build that worked is ecdbf3a280 (2018-01-19).

I created ticket 560f084ad0 to report this issue.

I hope this can be resolved soon.

Thanks

Chaa · 2018-02-27 05:19:26

Commit d56fbbd7fb27f077 changed behavior of Base64ToBin function in case of empty input parameters.
Before commit Base64ToBin('', 0, OutData) results in empty OutData, after commit OutData remains untouched.

To solve problem only in SSPI auth you can change some code in mORMot.pas from:

class function TSQLRestServerAuthentication.ClientGetSessionKey(
  Sender: TSQLRestClientURI; User: TSQLAuthUser; const aNameValueParameters: array of const): RawUTF8;
...
begin
...
  end else begin
    SetString(result,values[0],StrLen(values[0]));
    Base64ToBin(PAnsiChar(values[1]),StrLen(values[1]),Sender.fSessionData)
...
end;

To:

class function TSQLRestServerAuthentication.ClientGetSessionKey(
  Sender: TSQLRestClientURI; User: TSQLAuthUser; const aNameValueParameters: array of const): RawUTF8;
...
begin
...
  end else begin
    SetString(result,values[0],StrLen(values[0]));
    if not Base64ToBin(PAnsiChar(values[1]),StrLen(values[1]),Sender.fSessionData) then
      Sender.fSessionData := '';
...
end;

To ab:
Description of Base64ToBin explicitly specified that OutData must be cleaned:
"returns false and data='' if sp/len buffer was invalid"

JerryC_ph · 2018-02-27 05:52:51

Thank you so much Chaa.

mpv · 2018-02-27 06:24:28

About the reason why Base64ToBin changed see this topic.
@ab - may be we add data := '' in case resultLen=0 in the Base64ToBinSafe?

ab · 2018-02-27 08:18:56

Please see https://synopse.info/fossil/info/876de04f72

Sorry for the feedback!

Chaa · 2018-02-27 08:37:35

ab, and another issue:
In SynSSPI.pas there is in many places missed keyword "raise", for example:

  if QueryContextAttributesW(@aSecContext.CtxHandle, SECPKG_ATTR_SIZES, @Sizes) <> 0 then
    ESynSSPI.CreateLastOSError(aSecContext);
  ^
  +-- raise missed

Chaa · 2018-02-27 10:42:45

I created a pull request:
https://github.com/synopse/mORMot/pull/86

mORMot Open Source

#1 2018-02-27 03:23:23

Windows Authentication Fails After 2018-01-21 build and onwards

#2 2018-02-27 05:19:26

Re: Windows Authentication Fails After 2018-01-21 build and onwards

#3 2018-02-27 05:52:51

Re: Windows Authentication Fails After 2018-01-21 build and onwards

#4 2018-02-27 06:24:28

Re: Windows Authentication Fails After 2018-01-21 build and onwards

#5 2018-02-27 08:18:56

Re: Windows Authentication Fails After 2018-01-21 build and onwards

#6 2018-02-27 08:37:35

Re: Windows Authentication Fails After 2018-01-21 build and onwards

#7 2018-02-27 10:42:45

Re: Windows Authentication Fails After 2018-01-21 build and onwards

Board footer