You are not logged in.
I noticed the issue when I recompiled two of my apps two days ago using the latest build.
So I went through the timelines and tried each build and see which build would work. The latest build that worked is ecdbf3a280 (2018-01-19).
I created ticket 560f084ad0 to report this issue.
I hope this can be resolved soon.
Thanks
Offline
Commit d56fbbd7fb27f077 changed behavior of Base64ToBin function in case of empty input parameters.
Before commit Base64ToBin('', 0, OutData) results in empty OutData, after commit OutData remains untouched.
To solve problem only in SSPI auth you can change some code in mORMot.pas from:
class function TSQLRestServerAuthentication.ClientGetSessionKey(
Sender: TSQLRestClientURI; User: TSQLAuthUser; const aNameValueParameters: array of const): RawUTF8;
...
begin
...
end else begin
SetString(result,values[0],StrLen(values[0]));
Base64ToBin(PAnsiChar(values[1]),StrLen(values[1]),Sender.fSessionData)
...
end;
To:
class function TSQLRestServerAuthentication.ClientGetSessionKey(
Sender: TSQLRestClientURI; User: TSQLAuthUser; const aNameValueParameters: array of const): RawUTF8;
...
begin
...
end else begin
SetString(result,values[0],StrLen(values[0]));
if not Base64ToBin(PAnsiChar(values[1]),StrLen(values[1]),Sender.fSessionData) then
Sender.fSessionData := '';
...
end;
To ab:
Description of Base64ToBin explicitly specified that OutData must be cleaned:
"returns false and data='' if sp/len buffer was invalid"
Offline
Thank you so much Chaa.
Offline
About the reason why Base64ToBin changed see this topic.
@ab - may be we add data := '' in case resultLen=0 in the Base64ToBinSafe?
Offline
Please see https://synopse.info/fossil/info/876de04f72
Sorry for the feedback!
Offline
ab, and another issue:
In SynSSPI.pas there is in many places missed keyword "raise", for example:
if QueryContextAttributesW(@aSecContext.CtxHandle, SECPKG_ATTR_SIZES, @Sizes) <> 0 then
ESynSSPI.CreateLastOSError(aSecContext);
^
+-- raise missed
Offline
I created a pull request:
https://github.com/synopse/mORMot/pull/86
Offline