Fixed #8644: Connection error via Loopback provider if it's the first in the Providers parameter

AlexPeshkoff · AlexPeshkoff · commit 27f7d4175c42 · 2025-07-23T20:37:13.000+03:00
diff --git a/src/jrd/extds/IscDS.cpp b/src/jrd/extds/IscDS.cpp
@@ -110,7 +110,22 @@ void IscConnection::attach(thread_db* tdbb)
 
 	// Avoid change of m_dpb by validatePassword() below
 	ClumpletWriter newDpb(ClumpletReader::dpbList, MAX_DPB_SIZE, m_dpb.begin(), m_dpb.getCount());
-	validatePassword(tdbb, m_dbName, newDpb);
+	if (validatePassword(tdbb, m_dbName, newDpb))
+	{
+		// After successful password validation only local for current server providers
+		// should be used. Currently we do not distinguish provider's properties
+		// therefore use working but definitely not ideal way to avoid remote & loopback
+		// providers to be used - add empty isc_dpb_address_path clumplet to DPB.
+		// See also get_new_dpb() in interface.cpp.
+
+		ClumpletWriter address_record(ClumpletReader::UnTagged, MAX_UCHAR - 2);
+		ClumpletWriter address_stack_buffer(ClumpletReader::UnTagged, MAX_UCHAR - 2);
+		address_stack_buffer.insertBytes(isc_dpb_address,
+			address_record.getBuffer(), address_record.getBufferLength());
+
+		newDpb.insertBytes(isc_dpb_address_path, address_stack_buffer.getBuffer(),
+						   address_stack_buffer.getBufferLength());
+	}
 	newDpb.insertInt(isc_dpb_ext_call_depth, attachment->att_ext_call_depth + 1);
 
 	if (newDpb.getBufferLength() > MAX_USHORT)
diff --git a/src/jrd/extds/ValidatePassword.cpp b/src/jrd/extds/ValidatePassword.cpp
@@ -172,18 +172,18 @@ void SBlock::putData(CheckStatusWrapper* status, unsigned int length, const void
 
 namespace EDS {
 
-void validatePassword(thread_db* tdbb, const PathName& file, ClumpletWriter& dpb)
+bool validatePassword(thread_db* tdbb, const PathName& file, ClumpletWriter& dpb)
 {
 	// Preliminary checks - should we really validate the password ourselves
 	if (!dpb.find(isc_dpb_user_name))		// check for user name presence
-		return;
+		return false;
 	if (ISC_check_if_remote(file, false))	// check for remote connection
-		return;
+		return false;
 	UserId* usr = tdbb->getAttachment()->att_user;
 	if (!usr)
-		return;
+		return false;
 	if (!usr->usr_auth_block.hasData())		// check for embedded attachment
-		return;
+		return false;
 
 	Arg::Gds loginError(isc_login_error);
 
@@ -264,10 +264,13 @@ void validatePassword(thread_db* tdbb, const PathName& file, ClumpletWriter& dpb
 			switch (server.plugin()->authenticate(&s, &sBlock, &writer))
 			{
 			case IAuth::AUTH_SUCCESS:
+				// remove isc_dpb_user_name cause it has precedence over isc_dpb_auth_block
 				dpb.deleteWithTag(isc_dpb_user_name);
+				// isc_dpb_password makes no sense w/o isc_dpb_user_name
 				dpb.deleteWithTag(isc_dpb_password);
+				// save built by this routine isc_dpb_auth_block
 				writer.store(&dpb, isc_dpb_auth_block);
-				return;
+				return true;
 
 			case IAuth::AUTH_CONTINUE:
 				limit = MAXLIMIT;
diff --git a/src/jrd/extds/ValidatePassword.h b/src/jrd/extds/ValidatePassword.h
@@ -34,7 +34,7 @@ namespace Jrd
 
 namespace EDS {
 
-void validatePassword(Jrd::thread_db* tdbb, const Firebird::PathName& file,
+bool validatePassword(Jrd::thread_db* tdbb, const Firebird::PathName& file,
 	Firebird::ClumpletWriter& dpb);
 
 } // namespace EDS
