firebird/firebird-mirror
firebird/firebird-mirror
8
0
Fork 1
mirror of https://github.com/FirebirdSQL/firebird.git synced 2025-01-23 14:03:07 +01:00
Code Issues

More backport from v2.5.

Browse Source
This commit is contained in:
dimitr 2010-10-13 15:15:24 +00:00
parent 501dadee9d
commit 1d7ca1713f
5 changed files with 60 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/jrd/cmp.cpp
View File

@ -372,8 +372,8 @@ static void verify_trigger_access(thread_db* tdbb, jrd_rel* owner_relation, trig
}
}
// a direct access to an object from this trigger
const SecurityClass* sec_class = SCL_get_class(access->acc_security_name.c_str());
SCL_check_access(sec_class,
const SecurityClass* sec_class = SCL_get_class(tdbb, access->acc_security_name.c_str());
SCL_check_access(tdbb, sec_class,
(access->acc_view_id) ? access->acc_view_id :
(view ? view->rel_id : 0),
t.request->req_trg_name, NULL, access->acc_mask,
@ -407,8 +407,8 @@ void CMP_verify_access(thread_db* tdbb, jrd_req* request)
access < prc->prc_request->req_access.end();
access++)
{
const SecurityClass* sec_class = SCL_get_class(access->acc_security_name.c_str());
SCL_check_access(sec_class, access->acc_view_id, NULL, prc->prc_name,
const SecurityClass* sec_class = SCL_get_class(tdbb, access->acc_security_name.c_str());
SCL_check_access(tdbb, sec_class, access->acc_view_id, NULL, prc->prc_name,
access->acc_mask, access->acc_type, access->acc_name, access->acc_r_name);
}
}
@ -442,8 +442,8 @@ void CMP_verify_access(thread_db* tdbb, jrd_req* request)
for (const AccessItem* access = request->req_access.begin(); access < request->req_access.end();
access++)
{
const SecurityClass* sec_class = SCL_get_class(access->acc_security_name.c_str());
SCL_check_access(sec_class, access->acc_view_id, NULL, NULL,
const SecurityClass* sec_class = SCL_get_class(tdbb, access->acc_security_name.c_str());
SCL_check_access(tdbb, sec_class, access->acc_view_id, NULL, NULL,
access->acc_mask, access->acc_type, access->acc_name, access->acc_r_name);
}
}
@ -488,8 +488,8 @@ jrd_req* CMP_clone_request(thread_db* tdbb, jrd_req* request, USHORT level, bool
const TEXT* prc_sec_name =
(procedure->prc_security_name.length() > 0 ?
procedure->prc_security_name.c_str() : NULL);
const SecurityClass* sec_class = SCL_get_class(prc_sec_name);
SCL_check_access(sec_class, 0, NULL, NULL, SCL_execute,
const SecurityClass* sec_class = SCL_get_class(tdbb, prc_sec_name);
SCL_check_access(tdbb, sec_class, 0, NULL, NULL, SCL_execute,
object_procedure, procedure->prc_name);
}

2
src/jrd/met.epp
View File

@ -770,7 +770,7 @@ DeferredWork* MET_change_fields(thread_db* tdbb, jrd_tra* transaction, const dsc
INTL_ASSIGN_DSC(&relation_name, CS_METADATA, COLLATE_NONE);
relation_name.dsc_length = sizeof(X.RDB$RELATION_NAME);
relation_name.dsc_address = (UCHAR *) X.RDB$RELATION_NAME;
SCL_check_relation(&relation_name, SCL_control);
SCL_check_relation(tdbb, &relation_name, SCL_control);
dw = DFW_post_work(transaction, dfw_update_format, &relation_name, 0);
END_FOR;

56
src/jrd/scl.epp
View File

@ -113,7 +113,8 @@ static const P_NAMES p_names[] =
};
void SCL_check_access(const SecurityClass* s_class,
void SCL_check_access(thread_db* tdbb,
const SecurityClass* s_class,
SLONG view_id,
const Firebird::MetaName& trg_name,
const Firebird::MetaName& prc_name,
@ -134,7 +135,7 @@ void SCL_check_access(const SecurityClass* s_class,
* object in question.
*
**************************************/
thread_db* tdbb = JRD_get_thread_data();
SET_TDBB(tdbb);
if (s_class && (s_class->scl_flags & SCL_corrupt))
{
@ -263,9 +264,9 @@ void SCL_check_index(thread_db* tdbb, const Firebird::MetaName& index_name, UCHA
reln_name = REL.RDB$RELATION_NAME;
if (!REL.RDB$SECURITY_CLASS.NULL)
s_class = SCL_get_class(REL.RDB$SECURITY_CLASS);
s_class = SCL_get_class(tdbb, REL.RDB$SECURITY_CLASS);
if (!REL.RDB$DEFAULT_CLASS.NULL)
default_s_class = SCL_get_class(REL.RDB$DEFAULT_CLASS);
default_s_class = SCL_get_class(tdbb, REL.RDB$DEFAULT_CLASS);
END_FOR;
CMP_release(tdbb, request);
@ -281,9 +282,9 @@ void SCL_check_index(thread_db* tdbb, const Firebird::MetaName& index_name, UCHA
reln_name = REL.RDB$RELATION_NAME;
aux_idx_name = IND.RDB$INDEX_NAME;
if (!REL.RDB$SECURITY_CLASS.NULL)
s_class = SCL_get_class(REL.RDB$SECURITY_CLASS);
s_class = SCL_get_class(tdbb, REL.RDB$SECURITY_CLASS);
if (!REL.RDB$DEFAULT_CLASS.NULL)
default_s_class = SCL_get_class(REL.RDB$DEFAULT_CLASS);
default_s_class = SCL_get_class(tdbb, REL.RDB$DEFAULT_CLASS);
END_FOR;
CMP_release (tdbb, request);
@ -296,7 +297,7 @@ void SCL_check_index(thread_db* tdbb, const Firebird::MetaName& index_name, UCHA
return;
}
SCL_check_access(s_class, 0, NULL, NULL, mask, object_table, reln_name);
SCL_check_access(tdbb, s_class, 0, NULL, NULL, mask, object_table, reln_name);
request = NULL;
@ -320,8 +321,8 @@ void SCL_check_index(thread_db* tdbb, const Firebird::MetaName& index_name, UCHA
AND ISEG.RDB$INDEX_NAME EQ idx_name_ptr->c_str()
s_class = (!RF.RDB$SECURITY_CLASS.NULL) ?
SCL_get_class(RF.RDB$SECURITY_CLASS) : default_s_class;
SCL_check_access(s_class, 0, NULL, NULL, mask,
SCL_get_class(tdbb, RF.RDB$SECURITY_CLASS) : default_s_class;
SCL_check_access(tdbb, s_class, 0, NULL, NULL, mask,
object_column, RF.RDB$FIELD_NAME, reln_name);
END_FOR;
@ -337,7 +338,7 @@ void SCL_check_index(thread_db* tdbb, const Firebird::MetaName& index_name, UCHA
}
void SCL_check_procedure(const dsc* dsc_name, SecurityClass::flags_t mask)
void SCL_check_procedure(Jrd::thread_db* tdbb, const dsc* dsc_name, SecurityClass::flags_t mask)
{
/**************************************
*
@ -351,7 +352,7 @@ void SCL_check_procedure(const dsc* dsc_name, SecurityClass::flags_t mask)
* scanned. This is used exclusively for meta-data operations.
*
**************************************/
thread_db* tdbb = JRD_get_thread_data();
SET_TDBB(tdbb);
// Get the name in CSTRING format, ending on NULL or SPACE
fb_assert(dsc_name->dsc_dtype == dtype_text);
@ -370,17 +371,17 @@ void SCL_check_procedure(const dsc* dsc_name, SecurityClass::flags_t mask)
REQUEST(irq_p_security) = request;
if (!SPROC.RDB$SECURITY_CLASS.NULL)
s_class = SCL_get_class(SPROC.RDB$SECURITY_CLASS);
s_class = SCL_get_class(tdbb, SPROC.RDB$SECURITY_CLASS);
END_FOR;
if (!REQUEST(irq_p_security))
REQUEST(irq_p_security) = request;
SCL_check_access(s_class, 0, NULL, name, mask, object_procedure, name);
SCL_check_access(tdbb, s_class, 0, NULL, name, mask, object_procedure, name);
}
void SCL_check_relation(const dsc* dsc_name, SecurityClass::flags_t mask)
void SCL_check_relation(Jrd::thread_db* tdbb, const dsc* dsc_name, SecurityClass::flags_t mask)
{
/**************************************
*
@ -394,7 +395,7 @@ void SCL_check_relation(const dsc* dsc_name, SecurityClass::flags_t mask)
* scanned. This is used exclusively for meta-data operations.
*
**************************************/
thread_db* tdbb = JRD_get_thread_data();
SET_TDBB(tdbb);
// Get the name in CSTRING format, ending on NULL or SPACE
fb_assert(dsc_name->dsc_dtype == dtype_text);
@ -414,17 +415,17 @@ void SCL_check_relation(const dsc* dsc_name, SecurityClass::flags_t mask)
REQUEST(irq_v_security) = request;
if (!REL.RDB$SECURITY_CLASS.NULL)
s_class = SCL_get_class(REL.RDB$SECURITY_CLASS);
s_class = SCL_get_class(tdbb, REL.RDB$SECURITY_CLASS);
END_FOR;
if (!REQUEST(irq_v_security))
REQUEST(irq_v_security) = request;
SCL_check_access(s_class, 0, NULL, NULL, mask, object_table, name);
SCL_check_access(tdbb, s_class, 0, NULL, NULL, mask, object_table, name);
}
SecurityClass* SCL_get_class(const TEXT* par_string)
SecurityClass* SCL_get_class(Jrd::thread_db* tdbb, const TEXT* par_string)
{
/**************************************
*
@ -438,20 +439,21 @@ SecurityClass* SCL_get_class(const TEXT* par_string)
* class block.
*
**************************************/
thread_db* tdbb = JRD_get_thread_data();
SET_TDBB(tdbb);
Database* dbb = tdbb->getDatabase();
// Name may be absent or terminated with NULL or blank. Clean up name.
if (!par_string) {
if (!par_string)
{
return NULL;
}
Firebird::string string = par_string;
const Firebird::MetaName string(par_string);
fb_utils::exact_name(string);
//fb_utils::exact_name(string);
if (string.empty())
if (string.isEmpty())
{
return NULL;
}
@ -515,7 +517,7 @@ SecurityClass::flags_t SCL_get_mask(const TEXT* relation_name, const TEXT* field
(relation = MET_lookup_relation(tdbb, relation_name)))
{
MET_scan_relation(tdbb, relation);
if ( (s_class = SCL_get_class(relation->rel_security_name.c_str())) )
if ( (s_class = SCL_get_class(tdbb, relation->rel_security_name.c_str())) )
{
access &= s_class->scl_flags;
}
@ -525,7 +527,7 @@ SecurityClass::flags_t SCL_get_mask(const TEXT* relation_name, const TEXT* field
if (field_name &&
(id = MET_lookup_field(tdbb, relation, field_name)) >= 0 &&
(field = MET_get_field(relation, id)) &&
(s_class = SCL_get_class(field->fld_security_name.c_str())))
(s_class = SCL_get_class(tdbb, field->fld_security_name.c_str())))
{
access &= s_class->scl_flags;
}
@ -670,7 +672,7 @@ void SCL_init(bool create,
if (!X.RDB$SECURITY_CLASS.NULL)
tdbb->getAttachment()->att_security_class =
SCL_get_class(X.RDB$SECURITY_CLASS);
SCL_get_class(tdbb, X.RDB$SECURITY_CLASS);
END_FOR;
CMP_release(tdbb, handle);
@ -744,7 +746,7 @@ SecurityClass* SCL_recompute_class(thread_db* tdbb, const TEXT* string)
**************************************/
SET_TDBB(tdbb);
SecurityClass* s_class = SCL_get_class(string);
SecurityClass* s_class = SCL_get_class(tdbb, string);
if (!s_class) {
return NULL;
}

8
src/jrd/scl_proto.h
View File

@ -33,13 +33,13 @@
struct dsc;
void SCL_check_access(const Jrd::SecurityClass*, SLONG, const Firebird::MetaName&,
void SCL_check_access(Jrd::thread_db*, const Jrd::SecurityClass*, SLONG, const Firebird::MetaName&,
const Firebird::MetaName&, Jrd::SecurityClass::flags_t,
const TEXT*, const Firebird::MetaName&, const Firebird::MetaName& = "");
void SCL_check_index(Jrd::thread_db*, const Firebird::MetaName&, UCHAR, Jrd::SecurityClass::flags_t);
void SCL_check_procedure(const dsc*, Jrd::SecurityClass::flags_t);
void SCL_check_relation(const dsc*, Jrd::SecurityClass::flags_t);
Jrd::SecurityClass* SCL_get_class(const TEXT*);
void SCL_check_procedure(Jrd::thread_db*, const dsc*, Jrd::SecurityClass::flags_t);
void SCL_check_relation(Jrd::thread_db*, const dsc*, Jrd::SecurityClass::flags_t);
Jrd::SecurityClass* SCL_get_class(Jrd::thread_db*, const TEXT*);
Jrd::SecurityClass::flags_t SCL_get_mask(const TEXT*, const TEXT*);
void SCL_init(bool, const Jrd::UserId& tempId, Jrd::thread_db*);
Jrd::SecurityClass* SCL_recompute_class(Jrd::thread_db*, const TEXT*);

36
src/jrd/vio.cpp
View File

@ -1208,7 +1208,7 @@ void VIO_erase(thread_db* tdbb, record_param* rpb, jrd_tra* transaction)
case rel_relations:
if (EVL_field(0, rpb->rpb_record, f_rel_name, &desc))
{
SCL_check_relation(&desc, SCL_delete);
SCL_check_relation(tdbb, &desc, SCL_delete);
}
if (EVL_field(0, rpb->rpb_record, f_rel_id, &desc2))
{
@ -1225,7 +1225,7 @@ void VIO_erase(thread_db* tdbb, record_param* rpb, jrd_tra* transaction)
case rel_procedures:
if (EVL_field(0, rpb->rpb_record, f_prc_name, &desc))
{
SCL_check_procedure(&desc, SCL_delete);
SCL_check_procedure(tdbb, &desc, SCL_delete);
}
EVL_field(0, rpb->rpb_record, f_prc_id, &desc2);
id = MOV_get_long(&desc2, 0);
@ -1261,7 +1261,7 @@ void VIO_erase(thread_db* tdbb, record_param* rpb, jrd_tra* transaction)
case rel_indices:
EVL_field(0, rpb->rpb_record, f_idx_relation, &desc);
SCL_check_relation(&desc, SCL_control);
SCL_check_relation(tdbb, &desc, SCL_control);
EVL_field(0, rpb->rpb_record, f_idx_id, &desc2);
if ( (id = MOV_get_long(&desc2, 0)) )
{
@ -1320,7 +1320,7 @@ void VIO_erase(thread_db* tdbb, record_param* rpb, jrd_tra* transaction)
case rel_rfr:
EVL_field(0, rpb->rpb_record, f_rfr_rname, &desc);
SCL_check_relation(&desc, SCL_control);
SCL_check_relation(tdbb, &desc, SCL_control);
DFW_post_work(transaction, dfw_update_format, &desc, 0);
EVL_field(0, rpb->rpb_record, f_rfr_fname, &desc2);
MOV_get_metadata_str(&desc, relation_name, sizeof(relation_name));
@ -1335,7 +1335,7 @@ void VIO_erase(thread_db* tdbb, record_param* rpb, jrd_tra* transaction)
case rel_prc_prms:
EVL_field(0, rpb->rpb_record, f_prm_procedure, &desc);
SCL_check_procedure(&desc, SCL_control);
SCL_check_procedure(tdbb, &desc, SCL_control);
EVL_field(0, rpb->rpb_record, f_prm_name, &desc2);
MOV_get_metadata_str(&desc, procedure_name, sizeof(procedure_name));
if ( (procedure = MET_lookup_procedure(tdbb, procedure_name, true)) )
@ -1391,7 +1391,7 @@ void VIO_erase(thread_db* tdbb, record_param* rpb, jrd_tra* transaction)
/* check if this request go through without checking permissions */
if (!(request->req_flags & req_ignore_perm)) {
SCL_check_relation(&desc, SCL_control);
SCL_check_relation(tdbb, &desc, SCL_control);
}
EVL_field(0, rpb->rpb_record, f_trg_rname, &desc2);
@ -2233,14 +2233,14 @@ void VIO_modify(thread_db* tdbb, record_param* org_rpb, record_param* new_rpb,
case rel_relations:
EVL_field(0, org_rpb->rpb_record, f_rel_name, &desc1);
SCL_check_relation(&desc1, SCL_protect);
SCL_check_relation(tdbb, &desc1, SCL_protect);
check_class(tdbb, transaction, org_rpb, new_rpb, f_rel_class);
DFW_post_work(transaction, dfw_update_format, &desc1, 0);
break;
case rel_procedures:
EVL_field(0, org_rpb->rpb_record, f_prc_name, &desc1);
SCL_check_procedure(&desc1, SCL_protect);
SCL_check_procedure(tdbb, &desc1, SCL_protect);
check_class(tdbb, transaction, org_rpb, new_rpb, f_prc_class);
EVL_field(0, org_rpb->rpb_record, f_prc_id, &desc2);
{ // scope
@ -2299,7 +2299,7 @@ void VIO_modify(thread_db* tdbb, record_param* org_rpb, record_param* new_rpb,
case rel_indices:
EVL_field(0, new_rpb->rpb_record, f_idx_relation, &desc1);
SCL_check_relation(&desc1, SCL_control);
SCL_check_relation(tdbb, &desc1, SCL_control);
EVL_field(0, new_rpb->rpb_record, f_idx_name, &desc1);
if (dfw_should_know(org_rpb, new_rpb, f_idx_desc, true))
{
@ -2317,7 +2317,7 @@ void VIO_modify(thread_db* tdbb, record_param* org_rpb, record_param* new_rpb,
case rel_triggers:
{
EVL_field(0, new_rpb->rpb_record, f_trg_rname, &desc1);
SCL_check_relation(&desc1, SCL_control);
SCL_check_relation(tdbb, &desc1, SCL_control);
EVL_field(0, new_rpb->rpb_record, f_trg_rname, &desc1);
DFW_post_work(transaction, dfw_update_format, &desc1, 0);
EVL_field(0, org_rpb->rpb_record, f_trg_rname, &desc1);
@ -2700,7 +2700,7 @@ void VIO_store(thread_db* tdbb, record_param* rpb, jrd_tra* transaction)
case rel_indices:
EVL_field(0, rpb->rpb_record, f_idx_relation, &desc);
SCL_check_relation(&desc, SCL_control);
SCL_check_relation(tdbb, &desc, SCL_control);
EVL_field(0, rpb->rpb_record, f_idx_name, &desc);
if (EVL_field(0, rpb->rpb_record, f_idx_exp_blr, &desc2)) {
DFW_post_work(transaction, dfw_create_expression_index, &desc,
@ -2714,7 +2714,7 @@ void VIO_store(thread_db* tdbb, record_param* rpb, jrd_tra* transaction)
case rel_rfr:
EVL_field(0, rpb->rpb_record, f_rfr_rname, &desc);
SCL_check_relation(&desc, SCL_control);
SCL_check_relation(tdbb, &desc, SCL_control);
DFW_post_work(transaction, dfw_update_format, &desc, 0);
set_system_flag(tdbb, rpb, f_rfr_sys_flag, 0);
break;
@ -2768,7 +2768,7 @@ void VIO_store(thread_db* tdbb, record_param* rpb, jrd_tra* transaction)
/* check if this request go through without checking permissions */
if (!(request->req_flags & req_ignore_perm)) {
SCL_check_relation(&desc, SCL_control);
SCL_check_relation(tdbb, &desc, SCL_control);
}
if (EVL_field(0, rpb->rpb_record, f_trg_rname, &desc2))
@ -3374,14 +3374,14 @@ static void check_rel_field_class(thread_db* tdbb,
{
const Firebird::MetaName class_name(reinterpret_cast<TEXT*>(desc.dsc_address),
desc.dsc_length);
const SecurityClass* s_class = SCL_get_class(class_name.c_str());
const SecurityClass* s_class = SCL_get_class(tdbb, class_name.c_str());
if (s_class)
{
// In case when user has no access to the field,
// he may have access to relation as whole.
try
{
SCL_check_access(s_class, 0, NULL, NULL, flags, object_column, "");
SCL_check_access(tdbb, s_class, 0, NULL, NULL, flags, object_column, "");
}
catch (const Firebird::Exception&)
{
@ -3394,7 +3394,7 @@ static void check_rel_field_class(thread_db* tdbb,
EVL_field(0, rpb->rpb_record, f_rfr_rname, &desc);
if (! okField)
{
SCL_check_relation(&desc, flags);
SCL_check_relation(tdbb, &desc, flags);
}
DFW_post_work(transaction, dfw_update_format, &desc, 0);
}
@ -3425,7 +3425,7 @@ static void check_class(thread_db* tdbb,
Attachment* attachment = tdbb->getAttachment();
SCL_check_access(attachment->att_security_class,
SCL_check_access(tdbb, attachment->att_security_class,
0, NULL, NULL, SCL_protect, object_database, "");
DFW_post_work(transaction, dfw_compute_security, &desc2, 0);
}
@ -3448,7 +3448,7 @@ static void check_control(thread_db* tdbb)
Attachment* attachment = tdbb->getAttachment();
SCL_check_access(attachment->att_security_class,
SCL_check_access(tdbb, attachment->att_security_class,
0, NULL, NULL, SCL_control, object_database, "");
}