Discussion:
[Firebird-devel] gsec-issues with FB3.0
Thomas Beckmann
2013-07-04 12:13:36 UTC
Permalink
Hi everybody,

I'm having quite some problems with the permissions in FB3.0 and would
appreciate some hints on this.

I'm using gsec version WI-T3.0.0.30472 Firebird 3.0 Alpha 1.

First question:

gsec -user sysdba -password masterkey
GSEC> display
user name uid gid admin full name
------------------------------------------------------------------------------------------------
SYSDBA 0 0
BECKMANN 0 0

Shouldn't SYSDBA show up with admin rights?
User BECKMANN were granted admin rights too
GSEC> modify BECKMANN -admin yes
but they won't show up either.

Now, I'd like to create a database (my server is running on 3051):

isql -user sysdba -password masterkey
CREATE DATABASE '127.0.0.1/3051:c:\temp\test.fdb' USER 'SYSDBA' PASSWORD
'masterkey';

But I get:
Statement failed, SQLSTATE = 28000
Your user name and password are not defined. Ask your database
administrator to set up a Firebird login.

Issuing
CREATE DATABASE 'c:\temp\test.fdb';
works fine.

Now, I try to connect to that database:
isql 127.0.0.1/3051:c:\temp\test.fdb -user sysdba -password masterkey
Does not work:
Statement failed, SQLSTATE = 28000
Your user name and password are not defined. Ask your database
administrator to set up a Firebird login.
Use CONNECT or CREATE DATABASE to specify a database

Using
isql 127.0.0.1/3051:c:\temp\test.fdb -user beckmann -password SomePwd
works fine - I understand, that my Windows-credentials have been used to
create the database.

Now:
gsec -database c:\temp\test.fdb
GSEC> display
Dynamic SQL Error
SQL error code = -204
Table unknown
PLG$SRP_VIEW
At line 1, column 129

After adding SYSDBA
GSEC>add SYSDBA -pw masterkey -admin yes
GSEC> display
GSEC>
SYSDBA will not show up, but the error is gone...

Issuing
gsec -database 127.0.0.1/3051:c:\temp\test.fdb -user beckmann -password
SomePwd
GSEC> display
crashes gsec (Windows exception), gsec shuts down, server is still up, while
gsec -database 127.0.0.1/3051:c:\temp\test.fdb -user sysdba -password
masterkey
works fine.

gsec -database c:\temp\test.fdb -user sysdba -password masterkey
GSEC> display
user name uid gid admin full name
------------------------------------------------------------------------------------------------
SYSDBA 0 0
GSEC>

Now, I do
gbak -b c:\temp\test.fdb c:\temp\test.fbk -user sysdba -password masterkey
gbak -r c:\temp\test.fbk c:\temp\test1.fdb -user sysdba -password masterkey

Than
gsec -database 127.0.0.1/3051:c:\temp\test1.fdb -user sysdba -password
masterkey
GSEC> display
crashes gsec, while
gsec -database c:\temp\test1.fdb -user sysdba -password masterkey
works fine.

Finally
gbak -b c:\temp\test.fdb c:\temp\test.fbk
gbak: ERROR:Unable to perform operation. You must be either SYSDBA or
owner of the database
gbak:Exiting before completion due to errors
I still am the owner of the database (I hope ;-))
gbak -b c:\temp\test.fdb c:\temp\test.fbk -user beckmann -password SomePwd
returns the same error (this behavior is already in the tracker and
confirmed as beeing erroneous).

Hm... I'm getting quite confused...
Some of this behavior might be a bug, but some might be intended...

Thank you for some hints on this! Thomas
--
Mit freundlichen Grüßen,

Thomas Beckmann
Diplom-Informatiker

Wielandstraße 14c • 23558 Lübeck
Tel +49 (22 25) 91 34 - 545 • Fax +49 (22 25) 91 34 - 604
Mail ***@assfinet.de <mailto:***@assfinet.de>

ASSFINET-Logo

*ASSFINET Dienstleistungs-GmbH*
Max-Planck-Straße 14 • 53501 Grafschaft bei Bonn
***@assfinet.de <mailto:***@assfinet.de> • www.assfinet.de
<http://www.assfinet.de/>

Geschäftsführer: Dipl. Wirtschaftsinformatiker Marc Rindermann
Registergericht Koblenz HRB 23331

Diese E-Mail enthält vertrauliche Informationen. Wenn Sie nicht der
richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben,
informieren Sie bitte sofort den Absender und vernichten Sie diese Mail.
Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist
nicht gestattet.
Dmitry Yemanov
2013-07-04 12:49:23 UTC
Permalink
Post by Thomas Beckmann
Finally
gbak -b c:\temp\test.fdb c:\temp\test.fbk
gbak: ERROR:Unable to perform operation. You must be either SYSDBA or
owner of the database
gbak:Exiting before completion due to errors
I still am the owner of the database (I hope ;-))
gbak -b c:\temp\test.fdb c:\temp\test.fbk -user beckmann -password SomePwd
returns the same error (this behavior is already in the tracker and
confirmed as beeing erroneous).
This one has already been fixed.


Dmitry
Thomas Beckmann
2013-07-04 13:04:09 UTC
Permalink
Post by Dmitry Yemanov
This one has already been fixed.
Thank you, I'll update and check again!
--
Mit freundlichen Grüßen,

Thomas Beckmann
Diplom-Informatiker

Wielandstraße 14c • 23558 Lübeck
Tel +49 (22 25) 91 34 - 545 • Fax +49 (22 25) 91 34 - 604
Mail ***@assfinet.de <mailto:***@assfinet.de>

ASSFINET-Logo

*ASSFINET Dienstleistungs-GmbH*
Max-Planck-Straße 14 • 53501 Grafschaft bei Bonn
***@assfinet.de <mailto:***@assfinet.de> • www.assfinet.de
<http://www.assfinet.de/>

Geschäftsführer: Dipl. Wirtschaftsinformatiker Marc Rindermann
Registergericht Koblenz HRB 23331

Diese E-Mail enthält vertrauliche Informationen. Wenn Sie nicht der
richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben,
informieren Sie bitte sofort den Absender und vernichten Sie diese Mail.
Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist
nicht gestattet.
Thomas Beckmann
2013-07-04 13:56:07 UTC
Permalink
Post by Dmitry Yemanov
Post by Thomas Beckmann
Finally
gbak -b c:\temp\test.fdb c:\temp\test.fbk
gbak: ERROR:Unable to perform operation. You must be either SYSDBA or
owner of the database
gbak:Exiting before completion due to errors
I still am the owner of the database (I hope ;-))
gbak -b c:\temp\test.fdb c:\temp\test.fbk -user beckmann -password SomePwd
returns the same error (this behavior is already in the tracker and
confirmed as beeing erroneous).
This one has already been fixed.
Yes, working is now:
gbak -b test.fdb test.fbk
gbak -b test.fdb test.fbk -user sysdba -password masterkey
gbak -b 127.0.0.1/3051:test.fdb test.fbk -user beckmann -password SomePwd

Not working is still:
gbak -b 127.0.0.1/3051:test.fdb test.fbk -user sysdba -password masterkey
gbak: ERROR:Your user name and password are not defined. Ask your
database administrator to set up a Firebird login.
gbak:Exiting before completion due to errors

gsec with server/port does not crash any more but still does not work:
gsec -database 127.0.0.1/3051:test.fdb -user sysdba -password masterkey
GSEC> display
Your user name and password are not defined. Ask your database
administrator to set up a Firebird login.

isql 127.0.0.1/3051:test.fdb -user sysdba -password masterkey
leads to the same result

gsec -database 127.0.0.1/3051:test.fdb -user beckmann -password SomePwd
GSEC> display
Dynamic SQL Error
SQL error code = -204
Table unknown
PLG$SRP_VIEW
At line 1, column 129

Very interesting...
--
Mit freundlichen Grüßen,

Thomas Beckmann
Diplom-Informatiker

Wielandstraße 14c • 23558 Lübeck
Tel +49 (22 25) 91 34 - 545 • Fax +49 (22 25) 91 34 - 604
Mail ***@assfinet.de <mailto:***@assfinet.de>

ASSFINET-Logo

*ASSFINET Dienstleistungs-GmbH*
Max-Planck-Straße 14 • 53501 Grafschaft bei Bonn
***@assfinet.de <mailto:***@assfinet.de> • www.assfinet.de
<http://www.assfinet.de/>

Geschäftsführer: Dipl. Wirtschaftsinformatiker Marc Rindermann
Registergericht Koblenz HRB 23331

Diese E-Mail enthält vertrauliche Informationen. Wenn Sie nicht der
richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben,
informieren Sie bitte sofort den Absender und vernichten Sie diese Mail.
Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist
nicht gestattet.
Paul Reeves
2013-07-04 14:16:54 UTC
Permalink
Post by Thomas Beckmann
gsec -database 127.0.0.1/3051:test.fdb -user beckmann -password SomePwd
GSEC> display
Dynamic SQL Error
SQL error code = -204
Table unknown
PLG$SRP_VIEW
At line 1, column 129
Very interesting...
Yes, very interesting.

I saw that error recently. I was trying to access gsec before I had added
SYSDBA. Once SYSDBA was added and I managed to login correctly as SYSDBA (not
easy) the message went away.

Presumably you have set AuthServer correctly? And restarted the server
perhaps?

Paul
--
Paul Reeves
http://www.ibphoenix.com
Supporting users of Firebird
Alex Peshkoff
2013-07-15 13:13:54 UTC
Permalink
Post by Paul Reeves
Post by Thomas Beckmann
gsec -database 127.0.0.1/3051:test.fdb -user beckmann -password SomePwd
GSEC> display
Dynamic SQL Error
SQL error code = -204
Table unknown
PLG$SRP_VIEW
At line 1, column 129
Very interesting...
Yes, very interesting.
I saw that error recently. I was trying to access gsec before I had added
SYSDBA. Once SYSDBA was added and I managed to login correctly as SYSDBA (not
easy) the message went away.
Presumably you have set AuthServer correctly? And restarted the server
perhaps?
Paul
I've fixed diagnostics here. Now under this conditions one gets:
- Install incomplete, please read chapter "Initializing security
database" in Quick Start Guide

It was always a case when trying to login to the server, missing correct
data structures in security3.fdb. Now same code is added to management
plugin.

What's bad is that we still do not have Quick Start Guide for FB3 (or
may be I'm missing something?) and therefore no such chapter.
As a solution I can suggest to write
doc/README.Initializing_security_database and add appropriate text to
error message.


Next question.
What more reasons do we have (with mentioned changes done and fixed
services code for -display switch) to use old security database format
in default windows install?
I want to ask to rollback installer changes and use SRP as default
plugin in FB3 as it was initially designed.

A.
Paul Reeves
2013-07-15 14:19:48 UTC
Permalink
Post by Alex Peshkoff
Next question.
What more reasons do we have (with mentioned changes done and fixed
services code for -display switch) to use old security database format
in default windows install?
I want to ask to rollback installer changes and use SRP as default
plugin in FB3 as it was initially designed.
One problem I found is that I couldn't log in to an FB3 server on windows from
a linux fb2.5 client. How is that done without the legacy authentication?

The main reason I see for using the old security database format in the
installer is to make it easy for our users to get started with FB3. The
documentation is still incomplete and things don't always quite work. By
keeping the old sysdba/masterkey login users should at least be able to get
started.

It is up for discussion as to whether it is the default click through option
or not. Users are not against change, they just like to do it at their own
pace. Hopefully the feedback we get during alpha/beta will help us make the
right decision.


Paul
--
Paul Reeves
http://www.ibphoenix.com
Supporting users of Firebird
Alex Peshkoff
2013-07-16 13:17:49 UTC
Permalink
Post by Paul Reeves
Post by Alex Peshkoff
Next question.
What more reasons do we have (with mentioned changes done and fixed
services code for -display switch) to use old security database format
in default windows install?
I want to ask to rollback installer changes and use SRP as default
plugin in FB3 as it was initially designed.
One problem I found is that I couldn't log in to an FB3 server on windows from
a linux fb2.5 client. How is that done without the legacy authentication?
No way.
Paul Reeves
2013-07-17 10:00:24 UTC
Permalink
Post by Alex Peshkoff
Post by Paul Reeves
One problem I found is that I couldn't log in to an FB3 server on windows
from a linux fb2.5 client. How is that done without the legacy
authentication?
No way.
Poul Dige
2013-07-18 07:59:51 UTC
Permalink
-----Oprindelig meddelelse-----
Sendt: 17. juli 2013 12:00
Til: For discussion among Firebird Developers
Emne: Re: [Firebird-devel] gsec-issues with FB3.0
Post by Alex Peshkoff
Post by Paul Reeves
One problem I found is that I couldn't log in to an FB3 server on
windows from a linux fb2.5 client. How is that done without the
legacy authentication?
No way.
Loading...