Secretless faithfully propagates MSSQL Login Response from server #1106
Assignees
Comments
This was referenced Jan 24, 2020
Closed
diverdane
pushed a commit
that referenced
this issue
Jan 28, 2020
This change removes any handling and translation of login responses from the server in the secretless broker. Instead, secretless will now "call it a day" after sending a translated version of the client's login request to the MSSQL server. Login responses from the server will now be passed transparently (from the perspective of secretless) from the server to the client. This is a Work-in-Progress. There is one integration test that is failing, and I need to do more investigation: The test for whether secretless is faithfully passing a bad database name in a login request from the client to the server is failing. In this scenario, the server is sending a "Cannot open database" error, but the client is somehow not detecting the error. Fixes Issue #1106.
5 tasks
diverdane
pushed a commit
that referenced
this issue
Jan 28, 2020
This change removes any handling and translation of login responses from the server in the secretless broker. Instead, secretless will now "call it a day" after sending a translated version of the client's login request to the MSSQL server. Login responses from the server will now be passed transparently (from the perspective of secretless) from the server to the client. This is a Work-in-Progress. There is one integration test that is failing, and I need to do more investigation: The test for whether secretless is faithfully passing a bad database name in a login request from the client to the server is failing. In this scenario, the server is sending a "Cannot open database" error, but the client is somehow not detecting the error. Fixes Issue #1106.
diverdane
pushed a commit
that referenced
this issue
Jan 28, 2020
This change removes any handling and translation of login responses from the server in the secretless broker. Instead, secretless will now "call it a day" after sending a translated version of the client's login request to the MSSQL server. Login responses from the server will now be passed transparently (from the perspective of secretless) from the server to the client. This is a Work-in-Progress. There is one integration test that is failing, and I need to do more investigation: The test for whether secretless is faithfully passing a bad database name in a login request from the client to the server is failing. In this scenario, the server is sending a "Cannot open database" error, but the client is somehow not detecting the error. Fixes Issue #1106.
diverdane
pushed a commit
that referenced
this issue
Jan 28, 2020
This change removes any handling and translation of login responses from the server in the secretless broker. Instead, secretless will now "call it a day" after sending a translated version of the client's login request to the MSSQL server. Login responses from the server will now be passed transparently (from the perspective of secretless) from the server to the client. This is a Work-in-Progress. There is one integration test that is failing, and I need to do more investigation: The test for whether secretless is faithfully passing a bad database name in a login request from the client to the server is failing. In this scenario, the server is sending a "Cannot open database" error, but the client is somehow not detecting the error. Fixes Issue #1106.
diverdane
pushed a commit
that referenced
this issue
Jan 28, 2020
This change removes any handling and translation of login responses from the server in the secretless broker. Instead, secretless will now "call it a day" after sending a translated version of the client's login request to the MSSQL server. Login responses from the server will now be passed transparently (from the perspective of secretless) from the server to the client. This is a Work-in-Progress. There is one integration test that is failing, and I need to do more investigation: The test for whether secretless is faithfully passing a bad database name in a login request from the client to the server is failing. In this scenario, the server is sending a "Cannot open database" error, but the client is somehow not detecting the error. Fixes Issue #1106.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Secretless faithfully propagates MSSQL Login Response from server.
At present, Secretless decodes the LoginResponse from the server and extracts the LoginAck token then sends that with a Done token. This is bad because it strips many important other tokens. e.g. see how in this example there are other tokens such as EnvChange present in the Response => https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-tds/517a62a2-7448-47b6-81eb-c0c5027826ca
AC:
The text was updated successfully, but these errors were encountered: