Implemented CORE-4726: REcreate user <user_name> password <user_pwd>

2025-01-22 20:03:02 +01:00 · 2019-04-13 21:21:56 +03:00 · 2019-04-13 21:21:56 +03:00 · 456e7a03cf
commit 456e7a03cf
parent 786190c97f
16 changed files with 36 additions and 11 deletions
--- a/doc/sql.extensions/README.user_management
+++ b/doc/sql.extensions/README.user_management
@ -13,6 +13,7 @@ Syntax is:
   ALTER USER name [ SET ] [ options ] [ TAGS ( tag [, tag [, tag ...]] ) ]
   ALTER CURRENT USER [ SET ] [ options ] [ TAGS ( tag [, tag [, tag ...]] ) ]
   CREATE OR ALTER USER name [ SET ] [ options ] [ TAGS ( tag [, tag [, tag ...]] ) ]
+   RECREATE USER name [ options ] [ TAGS ( tag [, tag [, tag ...]] ) ]
   DROP USER name [ USING PLUGIN name ];

 where OPTIONS is a list of following options:
@ -38,10 +39,10 @@ Makes it possible to add, modify and delete users in security database using SQL
 Firebird since version 3.0 supports multiple security databases. gsec utility and services API
 do not support it and use of them to manage users is deprecated.

-CREATE and DROP clauses are available only for SYSDBA (or other user, granted RDB$ADMIN role in
-security database). Ordinary user can ALTER his own password, wide names and tags. Attempt to modify
-another user will fail. Also will fail an attempt to make yourself inactive or active. In order to
-avoid typing your name each time simplified form ALTER CURRENT USER is present.
+CREATE and DROP clauses are available only for SYSDBA (or other user, having USER_MANAGEMENT
+privilege in security database). Ordinary user can ALTER his own password, wide names and tags.
+Attempt to modify another user will fail. Also will fail an attempt to make yourself inactive or
+active. In order to avoid typing your name each time simplified form ALTER CURRENT USER is present.

 At least one of PASSWORD, FIRSTNAME, MIDDLENAME, LASTNAME, ACTIVE, INACTIVE or TAGS must be present
 in ALTER USER statement. Also notice that PASSWORD clause is required when creating new user.
--- a/lang_helpers/gds_codes.ftn
+++ b/lang_helpers/gds_codes.ftn
@ -2690,6 +2690,8 @@ C --
      PARAMETER (GDS__dsql_string_char_length          = 336397332)
      INTEGER*4 GDS__dsql_max_nesting                
      PARAMETER (GDS__dsql_max_nesting                 = 336397333)
+      INTEGER*4 GDS__dsql_recreate_user_failed       
+      PARAMETER (GDS__dsql_recreate_user_failed        = 336397334)
      INTEGER*4 GDS__gsec_cant_open_db               
      PARAMETER (GDS__gsec_cant_open_db                = 336723983)
      INTEGER*4 GDS__gsec_switches_error             
--- a/lang_helpers/gds_codes.pas
+++ b/lang_helpers/gds_codes.pas
@ -2685,6 +2685,8 @@ const
 	gds_dsql_string_char_length          = 336397332;
 	isc_dsql_max_nesting                 = 336397333;
 	gds_dsql_max_nesting                 = 336397333;
+	isc_dsql_recreate_user_failed        = 336397334;
+	gds_dsql_recreate_user_failed        = 336397334;
 	isc_gsec_cant_open_db                = 336723983;
 	gds_gsec_cant_open_db                = 336723983;
 	isc_gsec_switches_error              = 336723984;
--- a/src/common/security.h
+++ b/src/common/security.h
@ -160,7 +160,7 @@ class UserData :
 {
 public:
 	UserData()
-		: op(0), trustedAuth(0), authenticationBlock(*getDefaultMemoryPool())
+		: op(0), trustedAuth(0), silent(false), authenticationBlock(*getDefaultMemoryPool())
 	{ }

 	// IUser implementation
@ -219,6 +219,7 @@ public:

 	unsigned int op;
 	int trustedAuth;
+	bool silent;
 	CharField user, pass, first, last, middle, com, attr;
 	IntField adm, act;
 	CharField database, dba, dbaPassword, role;
--- a/src/dsql/DdlNodes.epp
+++ b/src/dsql/DdlNodes.epp
@ -11108,6 +11108,7 @@ string DropUserNode::internalPrint(NodePrinter& printer) const

 	NODE_PRINT(printer, name);
 	NODE_PRINT(printer, plugin);
+	NODE_PRINT(printer, silent);

 	return "DropUserNode";
 }
@ -11134,6 +11135,7 @@ void DropUserNode::execute(thread_db* tdbb, DsqlCompilerScratch* dsqlScratch, jr
 	userData->user.set(&statusWrapper, text.c_str());
 	userData->user.setEntered(&statusWrapper, 1);
 	userData->plugin = plugin;
+	userData->silent = silent;
 	check(&statusWrapper);

 	executeDdlTrigger(tdbb, dsqlScratch, transaction, DTW_BEFORE, DDL_TRIGGER_DROP_USER,
--- a/src/dsql/DdlNodes.h
+++ b/src/dsql/DdlNodes.h
@ -2225,7 +2225,8 @@ public:
 	DropUserNode(MemoryPool& p, const Firebird::MetaName& aName, const Firebird::MetaName* aPlugin = NULL)
 		: UserNode(p),
 		  name(p, upper(aName)),
-		  plugin(p)
+		  plugin(p),
+		  silent(false)
 	{
 		if (aPlugin)
 			plugin = *aPlugin;
@ -2250,9 +2251,14 @@ protected:
 public:
 	const Firebird::MetaName name;
 	Firebird::MetaName plugin;
+	bool silent;
 };


+typedef RecreateNode<CreateAlterUserNode, DropUserNode, isc_dsql_recreate_user_failed>
+	RecreateUserNode;
+
+
 typedef Firebird::Pair<Firebird::NonPooled<char, ValueListNode*> > PrivilegeClause;
 typedef Firebird::Pair<Firebird::NonPooled<SSHORT, Firebird::MetaName> > GranteeClause;

--- a/src/dsql/parse.y
+++ b/src/dsql/parse.y
@ -1536,6 +1536,8 @@ recreate_clause
 		{ $$ = newNode<RecreateSequenceNode>($2); }
 	| SEQUENCE generator_clause
 		{ $$ = newNode<RecreateSequenceNode>($2); }
+	| USER create_user_clause
+		{ $$ = newNode<RecreateUserNode>($2); }
 	;

 %type <ddlNode> create_or_alter
--- a/src/include/gen/codetext.h
+++ b/src/include/gen/codetext.h
@ -1341,6 +1341,7 @@ static const struct {
 	{"dsql_string_byte_length", 336397331},
 	{"dsql_string_char_length", 336397332},
 	{"dsql_max_nesting", 336397333},
+	{"dsql_recreate_user_failed", 336397334},
 	{"gsec_cant_open_db", 336723983},
 	{"gsec_switches_error", 336723984},
 	{"gsec_no_op_spec", 336723985},
--- a/src/include/gen/iberror.h
+++ b/src/include/gen/iberror.h
@ -1375,6 +1375,7 @@ const ISC_STATUS isc_dsql_max_exception_arguments     = 336397330L;
 const ISC_STATUS isc_dsql_string_byte_length          = 336397331L;
 const ISC_STATUS isc_dsql_string_char_length          = 336397332L;
 const ISC_STATUS isc_dsql_max_nesting                 = 336397333L;
+const ISC_STATUS isc_dsql_recreate_user_failed        = 336397334L;
 const ISC_STATUS isc_gsec_cant_open_db                = 336723983L;
 const ISC_STATUS isc_gsec_switches_error              = 336723984L;
 const ISC_STATUS isc_gsec_no_op_spec                  = 336723985L;
@ -1478,7 +1479,7 @@ const ISC_STATUS isc_trace_switch_user_only           = 337182757L;
 const ISC_STATUS isc_trace_switch_param_miss          = 337182758L;
 const ISC_STATUS isc_trace_param_act_notcompat        = 337182759L;
 const ISC_STATUS isc_trace_mandatory_switch_miss      = 337182760L;
-const ISC_STATUS isc_err_max                          = 1422;
+const ISC_STATUS isc_err_max                          = 1423;

 #else /* c definitions */

@ -2823,6 +2824,7 @@ const ISC_STATUS isc_err_max                          = 1422;
 #define isc_dsql_string_byte_length          336397331L
 #define isc_dsql_string_char_length          336397332L
 #define isc_dsql_max_nesting                 336397333L
+#define isc_dsql_recreate_user_failed        336397334L
 #define isc_gsec_cant_open_db                336723983L
 #define isc_gsec_switches_error              336723984L
 #define isc_gsec_no_op_spec                  336723985L
@ -2926,7 +2928,7 @@ const ISC_STATUS isc_err_max                          = 1422;
 #define isc_trace_switch_param_miss          337182758L
 #define isc_trace_param_act_notcompat        337182759L
 #define isc_trace_mandatory_switch_miss      337182760L
-#define isc_err_max                          1422
+#define isc_err_max                          1423

 #endif

--- a/src/include/gen/msgs.h
+++ b/src/include/gen/msgs.h
@ -1344,6 +1344,7 @@ Data source : @4"},		/* eds_statement */
 	{336397331, "String literal with @1 bytes exceeds the maximum length of @2 bytes"},		/* dsql_string_byte_length */
 	{336397332, "String literal with @1 characters exceeds the maximum length of @2 characters for the @3 character set"},		/* dsql_string_char_length */
 	{336397333, "Too many BEGIN...END nesting. Maximum level is @1"},		/* dsql_max_nesting */
+	{336397334, "RECREATE USER @1 failed"},		/* dsql_recreate_user_failed */
 	{336723983, "unable to open database"},		/* gsec_cant_open_db */
 	{336723984, "error in switch specifications"},		/* gsec_switches_error */
 	{336723985, "no operation specified"},		/* gsec_no_op_spec */
--- a/src/include/gen/sql_code.h
+++ b/src/include/gen/sql_code.h
@ -1340,6 +1340,7 @@ static const struct {
 	{336397331, -901}, /* 1043 dsql_string_byte_length */
 	{336397332, -901}, /* 1044 dsql_string_char_length */
 	{336397333, -901}, /* 1045 dsql_max_nesting */
+	{336397334, -901}, /* 1046 dsql_recreate_user_failed */
 	{336723983, -901}, /*  15 gsec_cant_open_db */
 	{336723984, -901}, /*  16 gsec_switches_error */
 	{336723985, -901}, /*  17 gsec_no_op_spec */
--- a/src/include/gen/sql_state.h
+++ b/src/include/gen/sql_state.h
@ -1340,6 +1340,7 @@ static const struct {
 	{336397331, "42000"}, // 1043 dsql_string_byte_length
 	{336397332, "42000"}, // 1044 dsql_string_char_length
 	{336397333, "07002"}, // 1045 dsql_max_nesting
+	{336397334, "42000"}, // 1046 dsql_recreate_user_failed
 	{336723983, "00000"}, //  15 gsec_cant_open_db
 	{336723984, "00000"}, //  16 gsec_switches_error
 	{336723985, "00000"}, //  17 gsec_no_op_spec
--- a/src/jrd/UserManagement.cpp
+++ b/src/jrd/UserManagement.cpp
@ -362,7 +362,7 @@ void UserManagement::execute(USHORT id)

 		OldAttributes oldAttributes;
 		int ret = manager->execute(&statusWrapper, &cmd, &oldAttributes);
-		if (ret == 0 || status.getErrors()[1] != isc_missing_data_structures)
+		if ((ret == 0 || status.getErrors()[1] != isc_missing_data_structures) && (!command->silent))
 			checkSecurityResult(ret, &status, command->userName()->get(), command->operation());
 		else
 			statusWrapper.init();
@ -456,6 +456,7 @@ void UserManagement::execute(USHORT id)
 	}

 	int errcode = manager->execute(&statusWrapper, command, NULL);
+	if (!command->silent)
 		checkSecurityResult(errcode, &status, command->userName()->get(), command->operation());

 	delete commands[id];
--- a/src/msgs/facilities2.sql
+++ b/src/msgs/facilities2.sql
@ -10,7 +10,7 @@ set bulk_insert INSERT INTO FACILITIES (LAST_CHANGE, FACILITY, FAC_CODE, MAX_NUM
 ('1996-11-07 13:39:40', 'INSTALL', 10, 1)
 ('1996-11-07 13:38:41', 'TEST', 11, 4)
 ('2018-04-26 20:40:00', 'GBAK', 12, 388)
-('2015-08-05 12:40:00', 'SQLERR', 13, 1045)
+('2019-04-13 21:10:00', 'SQLERR', 13, 1047)
 ('1996-11-07 13:38:42', 'SQLWARN', 14, 613)
 ('2018-02-27 14:50:31', 'JRD_BUGCHK', 15, 308)
 ('2016-05-26 13:53:45', 'ISQL', 17, 196)
--- a/src/msgs/messages2.sql
+++ b/src/msgs/messages2.sql
@ -2832,6 +2832,7 @@ ERROR: Backup incomplete', NULL, NULL);
 ('dsql_string_byte_length', NULL, 'Parser.cpp', NULL, 13, 1043, NULL, 'String literal with @1 bytes exceeds the maximum length of @2 bytes', NULL, NULL);
 ('dsql_string_char_length', NULL, 'Parser.cpp', NULL, 13, 1044, NULL, 'String literal with @1 characters exceeds the maximum length of @2 characters for the @3 character set', NULL, NULL);
 ('dsql_max_nesting', NULL, 'StmtNodes.cpp', NULL, 13, 1045, NULL, 'Too many BEGIN...END nesting. Maximum level is @1', NULL, NULL);
+('dsql_recreate_user_failed', 'getMainErrorCode', 'DdlNodes.h', NULL, 13, 1046, NULL, 'RECREATE USER @1 failed', NULL, NULL);
 -- SQLWARN
 (NULL, NULL, NULL, NULL, 14, 100, NULL, 'Row not found for fetch, update or delete, or the result of a query is an empty table.', NULL, NULL);
 (NULL, NULL, NULL, NULL, 14, 101, NULL, 'segment buffer length shorter than expected', NULL, NULL);
--- a/src/msgs/system_errors2.sql
+++ b/src/msgs/system_errors2.sql
@ -1334,6 +1334,7 @@ COMMIT WORK;
 (-901, '42', '000', 13, 1043, 'dsql_string_byte_length', NULL, NULL)
 (-901, '42', '000', 13, 1044, 'dsql_string_char_length', NULL, NULL)
 (-901, '07', '002', 13, 1045, 'dsql_max_nesting', NULL, NULL)
+(-901, '42', '000', 13, 1046, 'dsql_recreate_user_failed', NULL, NULL);
 -- GSEC
 (-901, '00', '000', 18, 15, 'gsec_cant_open_db', NULL, NULL)
 (-901, '00', '000', 18, 16, 'gsec_switches_error', NULL, NULL)