On 04/02/18 17:58, Dimitry Sibiryakov wrote:
Hello, All.
Firebird 3.0.4.32939. Default configuration. Key holder is set in
databases.conf for single database.
When I use "alter database encrypt" within embedded connection I see
following sequence of calls to my key holder plugin:
createPlugin is returning new KeyFileHolder object 001ec6c0
001ec6c0::keyCallback(00469770) returning 1
001ec6c0::keyHandle("AES256.AAA")
001ec6c0::00469770->callback returned 1
File name is Z
001ec6dc::CallbackInterface::callback(10, 0018e7a8, 32, 001e7bf0)
useOnlyOwnKeys returns 0
KeyFileHolder 001ec6c0 destructed
createPlugin is returning new KeyFileHolder object 001ec6c0
001ec6c0::keyCallback(00469770) returning 1
001ec6c0::keyHandle("AES256.AAA")
001ec6c0::00469770->callback returned 1
File name is Z
001ec6dc::CallbackInterface::callback(10, 0018e718, 32, 001ec930)
useOnlyOwnKeys returns 0
KeyFileHolder 001ec6c0 destructed
createPlugin is returning new KeyFileHolder object 001ec6c0
001ec6c0::keyCallback(00469770) returning 1
001ec6c0::keyHandle("AES256.AAA")
001ec6c0::00469770->callback returned 1
File name is Z
001ec6dc::CallbackInterface::callback(10, 0414eb78, 32, 001ecb50)
useOnlyOwnKeys returns 0
KeyFileHolder 001ec6c0 destructed
Could someone tell me why it is called three times in row, obviously
from three different instances of crypt plugin (according to the last
pointer in callback() call)? I thought that one instance is enough for
one database in superserver mode.
Number of instances of KeyHolder is not specified. It may be needed for
different purporses - take into an account transferring keys to EXECUTE
STATEMENT in another database.
Next, when I try to do the same over wire, I see following sequence:
createPlugin is returning new KeyFileHolder object 009f84f8
009f84f8::keyCallback(00380a10) returning 1
KeyFileHolder 009f84f8 destructed
createPlugin is returning new KeyFileHolder object 009f84f8
009f84f8::keyCallback(00380a00) returning 1
009f84f8::keyHandle("AES256.AAA")
009f84f8::00380a00->callback returned 0
KeyFileHolder 009f84f8 destructed
Here two instances are receiving different callback interfaces and
that one which is really called from crypt plugin cannot get key
information from application. Why?
Is it the limitation of Firebird or a bug in my plugin?
With what release of firebird are you building your plugin? I mean first
of all .h files.
There were some issues with dbcrypt, including bugfixes and adding new
features. Some of them were fixed adding new functions to interfaces.
Old plugins can provide basic functionality but if we talk about
something more specific it's better to build plugin with latest (3.0.3)
headers and implement missing functions. Returning to your particular
case - key holders talk one to another and user application using
interface chainHandle that slightly differs from keyHandle used to talk
to crypt plugin. When chainHandle is not implemented keyHandle is used
instead but this is not always possible. One of such cases is (if I'm
not mixing something) initial DB encryption with network access.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
