From 0aa31b33b276f0ff897ba2c2c6a649a98f3e010d Mon Sep 17 00:00:00 2001 From: roman-simakov Date: Tue, 22 Jul 2014 08:31:45 +0000 Subject: [PATCH] Removed SHADOW permissions since they handled by ALTER DATABASE permission Added show of DDL permissions in isql --- src/dsql/parse.y | 2 - src/isql/extract.epp | 9 +++ src/isql/show.epp | 142 ++++++++++++++++++++++++++++++++++++++++++- src/jrd/obj.h | 17 +++--- 4 files changed, 157 insertions(+), 13 deletions(-) diff --git a/src/dsql/parse.y b/src/dsql/parse.y index 14c46fc559..f9fa81da10 100644 --- a/src/dsql/parse.y +++ b/src/dsql/parse.y @@ -876,8 +876,6 @@ object { $$ = newNode(obj_exceptions, get_object_name(obj_exceptions)); } | ROLE { $$ = newNode(obj_roles, get_object_name(obj_roles)); } - | SHADOW - { $$ = newNode(obj_shadows, get_object_name(obj_shadows)); } | DATABASE { $$ = newNode(obj_database, get_object_name(obj_database)); } | CHARACTER SET diff --git a/src/isql/extract.epp b/src/isql/extract.epp index 86ebdedecc..53153aee77 100644 --- a/src/isql/extract.epp +++ b/src/isql/extract.epp @@ -1291,6 +1291,15 @@ static processing_state list_all_grants2(bool show_role_list, const SCHAR* termi ISQL_errmsg(fbStatus); return OBJECT_NOT_FOUND; END_ERROR + + // Process DDL permissions + for (int i = obj_database; i < obj_type_MAX; i++) + { + const processing_state rc = + SHOW_grants2(get_object_name(i), terminator, i, first ? banner : 0, mangle); + if (rc == SKIP) + first = false; + } } return first_role && first ? OBJECT_NOT_FOUND : SKIP; diff --git a/src/isql/show.epp b/src/isql/show.epp index 9738653a66..f62a3c3e02 100644 --- a/src/isql/show.epp +++ b/src/isql/show.epp @@ -198,7 +198,10 @@ enum priv_flag { priv_UPDATE = 8, priv_DELETE = 16, priv_EXECUTE = 32, - priv_REFERENCES = 64 + priv_REFERENCES = 64, + priv_CREATE = 128, + priv_ALTER = 256, + priv_DROP = 512 }; @@ -214,6 +217,9 @@ static const struct { priv_SELECT, "SELECT"}, // keyword { priv_UPDATE, "UPDATE"}, // keyword { priv_REFERENCES, "REFERENCES"}, // keyword + { priv_CREATE, "CREATE"}, // keyword + { priv_ALTER, "ALTER"}, // keyword + { priv_DROP, "DROP"}, // keyword { 0, NULL} }; @@ -682,6 +688,7 @@ processing_state SHOW_grants2 (const SCHAR* object, BASED_ON RDB$USER_PRIVILEGES.RDB$OBJECT_TYPE prev_object_type; SCHAR buf_grantor[sizeof(prev_grantor) + 20]; SCHAR user_string[QUOTEDLENGTH + 20]; + SCHAR obj_string[QUOTEDLENGTH + 20]; bool first = true; if (!*object) @@ -1311,6 +1318,139 @@ processing_state SHOW_grants2 (const SCHAR* object, } } + if (obj_type >= obj_database || obj_type == 255) + { + if (isqlGlob.major_ods >= ODS_VERSION12) + { + FOR PRV IN RDB$USER_PRIVILEGES WITH + PRV.RDB$OBJECT_TYPE >= obj_database AND + PRV.RDB$RELATION_NAME EQ object + SORTED BY PRV.RDB$USER, PRV.RDB$GRANT_OPTION + + if (first && optional_msg) + isqlGlob.prints(optional_msg); + + first = false; + fb_utils::exact_name(PRV.RDB$USER); + + // Only the first character is used for permissions + + const char c = PRV.RDB$PRIVILEGE[0]; + + switch (c) + { + case 'C': + priv_flags |= priv_CREATE; + break; + case 'L': + priv_flags |= priv_ALTER; + break; + case 'O': + priv_flags |= priv_DROP; + break; + default: + priv_flags |= priv_UNKNOWN; + } + + make_priv_string (priv_flags, priv_string); + + switch (PRV.RDB$USER_TYPE) + { + case obj_relation: + case obj_view: + case obj_trigger: + case obj_procedure: + case obj_udf: + case obj_sql_role: + case obj_package_header: + case obj_user: + if (mangle && isqlGlob.db_SQL_dialect > SQL_DIALECT_V6_TRANSITION) + IUTILS_copy_SQL_id(PRV.RDB$USER, SQL_identifier, DBL_QUOTE); + else + strcpy(SQL_identifier, PRV.RDB$USER); + break; + default: + strcpy(SQL_identifier, PRV.RDB$USER); + break; + } + + set_grantee(PRV.RDB$USER_TYPE, SQL_identifier, user_string); + + switch (PRV.RDB$OBJECT_TYPE) + { + case obj_database: + strcpy(obj_string, "DATABASE"); + break; + + case obj_relations: + strcpy(obj_string, "TABLE"); + break; + + case obj_views: + strcpy(obj_string, "VIEW"); + break; + + case obj_procedures: + strcpy(obj_string, "PROCEDURE"); + break; + + case obj_functions: + strcpy(obj_string, "FUNCTION"); + break; + + case obj_packages: + strcpy(obj_string, "PACKAGE"); + break; + + case obj_generators: + strcpy(obj_string, "GENERATOR"); + break; + + case obj_domains: + strcpy(obj_string, "DOMAIN"); + break; + + case obj_exceptions: + strcpy(obj_string, "EXCEPTION"); + break; + + case obj_roles: + strcpy(obj_string, "ROLE"); + break; + + case obj_charsets: + strcpy(obj_string, "CHARACTER SET"); + break; + + case obj_collations: + strcpy(obj_string, "COLLATION"); + break; + + case obj_filters: + strcpy(obj_string, "FILTER"); + break; + } + + if (PRV.RDB$GRANT_OPTION) + strcpy(with_option, " WITH GRANT OPTION"); + else + with_option[0] = '\0'; + + isqlGlob.printf("GRANT %s %s TO %s%s%s%s%s", + priv_string, obj_string, user_string, with_option, + granted_by(buf_grantor, PRV.RDB$GRANTOR), terminator, NEWLINE); + + END_FOR + ON_ERROR + ISQL_errmsg(fbStatus); + return ps_ERR; + END_ERROR + + if (!first) + return (SKIP); + } + } + return OBJECT_NOT_FOUND; } diff --git a/src/jrd/obj.h b/src/jrd/obj.h index 4a85a0b3ba..e0fdf7fc68 100644 --- a/src/jrd/obj.h +++ b/src/jrd/obj.h @@ -59,17 +59,16 @@ const int obj_generators = 26; const int obj_domains = 27; const int obj_exceptions = 28; const int obj_roles = 29; -const int obj_shadows = 30; -const int obj_charsets = 31; -const int obj_collations = 32; -const int obj_filters = 33; +const int obj_charsets = 30; +const int obj_collations = 31; +const int obj_filters = 32; -const int obj_type_MAX = 34; // keep this last! +const int obj_type_MAX = 33; // keep this last! // used in the parser only / no relation with obj_type_MAX -const int obj_user_or_role = 35; -const int obj_schema = 36; -const int obj_parameter = 37; +const int obj_user_or_role = 34; +const int obj_schema = 35; +const int obj_parameter = 36; inline const char* get_object_name(int object_type) { @@ -95,8 +94,6 @@ inline const char* get_object_name(int object_type) return "SQL$EXCEPTIONS"; case obj_roles: return "SQL$ROLES"; - case obj_shadows: - return "SQL$SHADOWS"; case obj_charsets: return "SQL$CHARSETS"; case obj_collations: