firebird-mirror/src/common/security.cpp

/*
 *
 *	PROGRAM:	Security data base manager
 *	MODULE:		security.cpp
 *	DESCRIPTION:	Security routines
 *
 * The contents of this file are subject to the Interbase Public
 * License Version 1.0 (the "License"); you may not use this file
 * except in compliance with the License. You may obtain a copy
 * of the License at http://www.Inprise.com/IPL.html
 *
 * Software distributed under the License is distributed on an
 * "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express
 * or implied. See the License for the specific language governing
 * rights and limitations under the License.
 *
 * The Original Code was created by Inprise Corporation
 * and its predecessors. Portions created by Inprise Corporation are
 * Copyright (C) Inprise Corporation.
 *
 * All Rights Reserved.
 * Contributor(s): ______________________________________.
 * 					Alex Peshkoff
 */

#include "firebird.h"
#include "../common/security.h"
#include "../common/StatusArg.h"
#include "../utilities/gsec/gsec.h"		// gsec error codes

using namespace Firebird;

namespace {

void raise()
{
	(Arg::Gds(isc_random) << "Missing user management plugin").raise();
}

} // anonymous namespace

namespace Auth {

Get::Get(Config* firebirdConf)
	: GetPlugins<Firebird::IManagement>(IPluginManager::AuthUserManagement, firebirdConf)
{
	if (!hasData())
	{
		raise();
	}
}

Get::Get(const char* plugName)
	: GetPlugins<Firebird::IManagement>(IPluginManager::AuthUserManagement, plugName)
{
	if (!hasData())
	{
		raise();
	}
}

void UserData::clear(Firebird::IStatus*)
{
	op = 0;

	// interface fields
	user.clear();
	pass.clear();
	first.clear();
	last.clear();
	middle.clear();
	com.clear();
	attr.clear();
	adm.clear();
	act.clear();

	// internally used fields
	database.clear();
	dba.clear();
	dbaPassword.clear();
	role.clear();

	// never clear this permanent block!	authenticationBlock.clear();

	// internal support for deprecated fields
	group.clear();
	u.clear();
	g.clear();
}

// This function sets typical gsec return code based on requested operation if it was not set by plugin
int setGsecCode(int code, IUser* user)
{
	if (code >= 0)
	{
		return code;
	}

	switch(user->operation())
	{
	case ADD_OPER:
		return GsecMsg19;

	case MOD_OPER:
		return GsecMsg20;

	case DEL_OPER:
		return GsecMsg23;

	case OLD_DIS_OPER:
	case DIS_OPER:
		return GsecMsg28;

	case MAP_DROP_OPER:
	case MAP_SET_OPER:
		return GsecMsg97;
	}

	return GsecMsg17;
}

} // namespace Auth
Fixed CORE-3369: first step to make it possible to specify non-default security database for specific database 2011-03-02 14:42:56 +01:00			`/*`
			`*`
			`* PROGRAM: Security data base manager`
			`* MODULE: security.cpp`
			`* DESCRIPTION: Security routines`
			`*`
			`* The contents of this file are subject to the Interbase Public`
			`* License Version 1.0 (the "License"); you may not use this file`
			`* except in compliance with the License. You may obtain a copy`
			`* of the License at http://www.Inprise.com/IPL.html`
			`*`
			`* Software distributed under the License is distributed on an`
			`* "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express`
			`* or implied. See the License for the specific language governing`
			`* rights and limitations under the License.`
			`*`
			`* The Original Code was created by Inprise Corporation`
			`* and its predecessors. Portions created by Inprise Corporation are`
			`* Copyright (C) Inprise Corporation.`
			`*`
			`* All Rights Reserved.`
			`* Contributor(s): ______________________________________.`
			`* Alex Peshkoff`
			`*/`

			`#include "firebird.h"`
			`#include "../common/security.h"`
			`#include "../common/StatusArg.h"`
Diagnostics 2011-12-26 17:06:00 +01:00			`#include "../utilities/gsec/gsec.h" // gsec error codes`
Fixed CORE-3369: first step to make it possible to specify non-default security database for specific database 2011-03-02 14:42:56 +01:00
			`using namespace Firebird;`

			`namespace {`

			`void raise()`
			`{`
			`(Arg::Gds(isc_random) << "Missing user management plugin").raise();`
			`}`

			`} // anonymous namespace`

			`namespace Auth {`

			`Get::Get(Config* firebirdConf)`
Language independent API 2014-09-29 13:03:47 +02:00			`: GetPlugins<Firebird::IManagement>(IPluginManager::AuthUserManagement, firebirdConf)`
Fixed CORE-3369: first step to make it possible to specify non-default security database for specific database 2011-03-02 14:42:56 +01:00			`{`
			`if (!hasData())`
			`{`
			`raise();`
			`}`
			`}`

Implemented CORE-4607: Add support for having >1 UserManager in firebird.conf and use them from SQL 2014-12-24 15:50:03 +01:00			`Get::Get(const char* plugName)`
			`: GetPlugins<Firebird::IManagement>(IPluginManager::AuthUserManagement, plugName)`
			`{`
			`if (!hasData())`
			`{`
			`raise();`
			`}`
			`}`

Language independent API 2014-09-29 13:03:47 +02:00			`void UserData::clear(Firebird::IStatus*)`
Fixed CORE-3369: first step to make it possible to specify non-default security database for specific database 2011-03-02 14:42:56 +01:00			`{`
Implemented CORE-3370: Resolve additional aspects of multiple security databases from services and cross-database requests POV (mapping names) 2014-04-04 17:57:18 +02:00			`op = 0;`
Implemented CORE-4290: Extensible property support which can add properties (name-value pairs) to users 2013-12-06 18:10:10 +01:00
			`// interface fields`
Fixed CORE-3369: first step to make it possible to specify non-default security database for specific database 2011-03-02 14:42:56 +01:00			`user.clear();`
			`pass.clear();`
			`first.clear();`
			`last.clear();`
			`middle.clear();`
Implemented CORE-4290: Extensible property support which can add properties (name-value pairs) to users 2013-12-06 18:10:10 +01:00			`com.clear();`
			`attr.clear();`
Fixed CORE-3369: first step to make it possible to specify non-default security database for specific database 2011-03-02 14:42:56 +01:00			`adm.clear();`
Changed syntax of user definition operators according to discussion in devel Added virtual table sec$user_attributes with parsed user's attributes Implemented CORE-2004: Ability to alter user inactive/active Implemented CORE-2063: Added CREATE OR ALTER USER operator Implemented CORE-3931: Ability to set comment for the user 2013-12-17 15:20:25 +01:00			`act.clear();`
Fixed CORE-3369: first step to make it possible to specify non-default security database for specific database 2011-03-02 14:42:56 +01:00
Implemented CORE-4290: Extensible property support which can add properties (name-value pairs) to users 2013-12-06 18:10:10 +01:00			`// internally used fields`
Fixed CORE-3369: first step to make it possible to specify non-default security database for specific database 2011-03-02 14:42:56 +01:00			`database.clear();`
			`dba.clear();`
			`dbaPassword.clear();`
			`role.clear();`
Implemented CORE-4290: Extensible property support which can add properties (name-value pairs) to users 2013-12-06 18:10:10 +01:00
Make services work correctly with multiple security databases 2011-10-04 14:51:57 +02:00			`// never clear this permanent block! authenticationBlock.clear();`
Implemented CORE-4290: Extensible property support which can add properties (name-value pairs) to users 2013-12-06 18:10:10 +01:00
			`// internal support for deprecated fields`
			`group.clear();`
			`u.clear();`
			`g.clear();`
Fixed CORE-3369: first step to make it possible to specify non-default security database for specific database 2011-03-02 14:42:56 +01:00			`}`

Diagnostics 2011-12-26 17:06:00 +01:00			`// This function sets typical gsec return code based on requested operation if it was not set by plugin`
			`int setGsecCode(int code, IUser* user)`
			`{`
			`if (code >= 0)`
			`{`
			`return code;`
			`}`

			`switch(user->operation())`
			`{`
			`case ADD_OPER:`
			`return GsecMsg19;`

			`case MOD_OPER:`
			`return GsecMsg20;`

			`case DEL_OPER:`
			`return GsecMsg23;`

			`case OLD_DIS_OPER:`
			`case DIS_OPER:`
			`return GsecMsg28;`

			`case MAP_DROP_OPER:`
			`case MAP_SET_OPER:`
			`return GsecMsg97;`
			`}`

			`return GsecMsg17;`
			`}`

Fixed CORE-3369: first step to make it possible to specify non-default security database for specific database 2011-03-02 14:42:56 +01:00			`} // namespace Auth`