8
0
mirror of https://github.com/FirebirdSQL/firebird.git synced 2025-01-23 20:03:03 +01:00

1. Modified syntax of ALTER ROLE command according to Dmitry's request.

2. Avoid any use of predefined NT group name "Domain Admins".
3. Fixed DYN code generation for USER operations.

                     ***** WARNING *****
After this commit all previous backups of 2.5 databases with turned on
admins mapping become unrestorable. ODS is not changed.
This commit is contained in:
alexpeshkoff 2008-05-14 11:24:45 +00:00
parent c96db93e72
commit 27a97e2a6a
9 changed files with 38 additions and 14 deletions

View File

@ -3996,8 +3996,9 @@ void write_mapping(void)
if (X.RDB$SYSTEM_FLAG == (ROLE_FLAG_MAY_TRUST | ROLE_FLAG_DBO))
{
put(tdgbl, rec_mapping);
put_text(att_map_os, DOMAIN_ADMINS, strlen(DOMAIN_ADMINS) + 1);
put_text(att_map_role, ADMIN_ROLE, strlen(ADMIN_ROLE) + 1);
//put_text(att_map_os, DOMAIN-ADMINS, strlen(DOMAIN-ADMINS) + 1);
//put_text(att_map_role, ADMIN-ROLE, strlen(ADMIN-ROLE) + 1);
put_text(att_auto_map_role, ADMIN_ROLE, strlen(ADMIN_ROLE) + 1);
put(tdgbl, att_end);
BURP_verbose (297, ADMIN_ROLE);
// msg 297 writing mapping for @1

View File

@ -540,7 +540,8 @@ enum att_type {
// Names mapping
att_map_os = SERIES,
att_map_user,
att_map_role
att_map_role,
att_auto_map_role
};

View File

@ -5876,7 +5876,7 @@ bool get_mapping(BurpGlobals* tdgbl)
{
switch (attribute)
{
case att_map_role:
/* case att_map_role:
l = GET_TEXT(temp);
role.assign(temp, l);
break;
@ -5885,6 +5885,11 @@ bool get_mapping(BurpGlobals* tdgbl)
l = GET_TEXT(temp);
os.assign(temp, l);
break;
*/
case att_auto_map_role:
l = GET_TEXT(temp);
role.assign(temp, l);
break;
default:
// msg 299 name mapping
@ -5898,7 +5903,7 @@ bool get_mapping(BurpGlobals* tdgbl)
return true; // silently skip attributes on old server
}
if (os != DOMAIN_ADMINS || role != ADMIN_ROLE)
if (role != ADMIN_ROLE)
{
BURP_error(300, false);
return true;

View File

@ -5807,13 +5807,14 @@ static void modify_map(dsql_req* request)
fb_assert(node->nod_type == nod_mod_role);
const dsql_str* ds = (dsql_str*) node->nod_arg[e_mod_role_os_name];
fb_assert(ds);
request->append_cstring(isc_dyn_mapping, ds->str_data);
fb_assert(ds ||
node->nod_arg[e_mod_role_action]->getSlong() == isc_dyn_automap_role ||
node->nod_arg[e_mod_role_action]->getSlong() == isc_dyn_autounmap_role);
request->append_cstring(isc_dyn_mapping, ds ? ds->str_data : "");
ds = (dsql_str*) node->nod_arg[e_mod_role_db_name];
fb_assert(ds);
request->append_cstring(*(SLONG *) // TODO: use getSlong()
(node->nod_arg[e_mod_role_action]->nod_desc.dsc_address), ds->str_data);
request->append_cstring(node->nod_arg[e_mod_role_action]->getSlong(), ds->str_data);
request->append_uchar(isc_dyn_end);
}
@ -5879,6 +5880,7 @@ static void define_user(dsql_req* request, UCHAR op)
}
request->append_uchar(isc_user_end);
request->append_uchar(isc_dyn_end);
}

View File

@ -231,6 +231,7 @@ static const TOK tokens[] =
{KW_LOWER, "LOWER", 2, false},
{LPAD, "LPAD", 2, false},
{MANUAL, "MANUAL", 1, false},
{MAPPING, "MAPPING", 2, false},
{MATCHED, "MATCHED", 2, false},
{MATCHING, "MATCHING", 2, false},
{MAXIMUM, "MAX", 1, false},

View File

@ -546,6 +546,7 @@ inline void check_copy_incr(char*& to, const char ch, const char* const string)
%token FIRSTNAME
%token LASTNAME
%token MIDDLENAME
%token MAPPING
%token OS_NAME
%token SIMILAR
%token UUID_TO_CHAR
@ -2474,6 +2475,7 @@ alter_udf_clause : symbol_UDF_name entry_op module_op
{ $$ = make_node(nod_mod_udf, e_mod_udf_count, $1, $2, $3); }
;
/*
alter_role_clause : symbol_role_name alter_role_action OS_NAME os_security_name
{ $$ = make_node(nod_mod_role, e_mod_role_count, $4, $1, $2); }
;
@ -2483,6 +2485,17 @@ alter_role_action : ADD
| DROP
{ $$ = MAKE_const_slong (isc_dyn_unmap_role); }
;
*/
alter_role_clause : symbol_role_name alter_role_enable AUTO ADMIN MAPPING
{ $$ = make_node(nod_mod_role, e_mod_role_count, NULL, $1, $2); }
;
alter_role_enable : SET
{ $$ = MAKE_const_slong (isc_dyn_automap_role); }
| DROP
{ $$ = MAKE_const_slong (isc_dyn_autounmap_role); }
;
os_security_name : STRING
{ $$ = $1; }
@ -4982,6 +4995,7 @@ non_reserved_word :
| FIRSTNAME
| MIDDLENAME
| LASTNAME
| MAPPING
| OS_NAME
| UUID_TO_CHAR
| COMMON // new execute statement

View File

@ -827,6 +827,8 @@
#define isc_dyn_unmap_role 2
#define isc_dyn_map_user 3
#define isc_dyn_unmap_user 4
#define isc_dyn_automap_role 5
#define isc_dyn_autounmap_role 6
/********************/
/* Users control */

View File

@ -73,8 +73,6 @@ const char* const ADMIN_ROLE = "RDB$ADMIN";
// Value 1 is skipped because rdb$system_flag = 1 is used in all other cases.
const SSHORT ROLE_FLAG_MAY_TRUST = 2;
const SSHORT ROLE_FLAG_DBO = 4;
// Predefined NT group name
const char* const DOMAIN_ADMINS = "Domain Admins";
const char* const PRIMARY_KEY = "PRIMARY KEY";
const char* const FOREIGN_KEY = "FOREIGN KEY";

View File

@ -3425,7 +3425,7 @@ void DYN_modify_mapping(Global* gbl, const UCHAR** ptr)
// This is FB 2.5 limited implementation!
// Later it should work with new system table, something like RDB$MAPPING.
if (osName != DOMAIN_ADMINS || dbName != ADMIN_ROLE)
if (dbName != ADMIN_ROLE)
{
Firebird::status_exception::raise(isc_no_meta_update, isc_arg_gds, isc_wish_list, isc_arg_end);
}
@ -3445,11 +3445,11 @@ void DYN_modify_mapping(Global* gbl, const UCHAR** ptr)
MODIFY X
switch (op)
{
case isc_dyn_map_role:
case isc_dyn_automap_role:
X.RDB$SYSTEM_FLAG = ROLE_FLAG_DBO | ROLE_FLAG_MAY_TRUST;
break;
case isc_dyn_unmap_role:
case isc_dyn_autounmap_role:
X.RDB$SYSTEM_FLAG = ROLE_FLAG_DBO;
break;