Implemented CORE-4273: Per-database control on access to database from remote stations

builds/install/misc/databases.conf.in

@@ -20,6 +20,15 @@
 employee.fdb = $(dir_sampledb)/employee.fdb
 employee = $(dir_sampledb)/employee.fdb
 
+#
+# Master security database specific setup.
+# Do not remove it until you understand well what are you doing!
+#
+security.db = $(root)/security3.fdb
+{
+	RemoteAccess = false
+}
+
 #
 # Live Databases:
 #

src/auth/SecureRemotePassword/manage/SrpManagement.cpp

@@ -187,7 +187,6 @@ public:
 			}
 
 			Firebird::ClumpletWriter dpb(Firebird::ClumpletReader::dpbList, MAX_DPB_SIZE);
-			dpb.insertByte(isc_dpb_gsec_attach, TRUE);
 			dpb.insertByte(isc_dpb_sec_attach, TRUE);
 
 			const unsigned char* authBlock;

src/auth/SecurityDatabase/LegacyManagement.epp

@@ -147,7 +147,6 @@ void FB_CARG SecurityDatabaseManagement::start(Firebird::IStatus* st, ILogonInfo
 		}
 
 		Firebird::ClumpletWriter dpb(Firebird::ClumpletReader::dpbList, MAX_DPB_SIZE);
-		dpb.insertByte(isc_dpb_gsec_attach, TRUE);
 		dpb.insertByte(isc_dpb_sec_attach, TRUE);
 
 		const unsigned char* authBlock;

src/burp/burp.cpp

@@ -943,7 +943,6 @@ int gbak(Firebird::UtilSvc* uSvc)
 	Firebird::ClumpletWriter dpb(Firebird::ClumpletReader::Tagged, MAX_DPB_SIZE, isc_dpb_version1);
 
 	dpb.insertString(isc_dpb_gbak_attach, FB_VERSION, strlen(FB_VERSION));
-	dpb.insertByte(isc_dpb_gsec_attach, 1);		// make it possible to have local security backups
 	uSvc->fillDpb(dpb);
 
 	const UCHAR* authBlock;

src/common/config/config.cpp

@@ -179,7 +179,8 @@ const Config::ConfigEntry Config::entries[MAX_CONFIG_KEY] =
 	{TYPE_BOOLEAN,		"SharedDatabase",			(ConfigValue) false},
 	{TYPE_STRING,		"WireCrypt",				(ConfigValue) NULL},
 	{TYPE_STRING,		"WireCryptPlugin",			(ConfigValue) "Arc4"},
-	{TYPE_STRING,		"KeyHolderPlugin",			(ConfigValue) ""}
+	{TYPE_STRING,		"KeyHolderPlugin",			(ConfigValue) ""},
+	{TYPE_BOOLEAN,		"RemoteAccess",				(ConfigValue) true}
 };
 
 /******************************************************************************
@@ -720,3 +721,8 @@ int Config::getWireCrypt(WireCryptMode wcMode) const
 	else	// the safest choice
 		return WIRE_CRYPT_REQUIRED;
 }
+
+bool Config::getRemoteAccess() const
+{
+	return get<bool>(KEY_REMOTE_ACCESS);
+}

src/common/config/config.h

@@ -69,12 +69,6 @@ extern const char*	GCPolicyCooperative;
 extern const char*	GCPolicyBackground;
 extern const char*	GCPolicyCombined;
 
-extern const char*	AmNative;
-extern const char*	AmTrusted;
-extern const char*	AmMixed;
-
-enum AmCache {AM_UNKNOWN, AM_DISABLED, AM_ENABLED};
-
 const int WIRE_CRYPT_DISABLED = 0;
 const int WIRE_CRYPT_ENABLED = 1;
 const int WIRE_CRYPT_REQUIRED = 2;
@@ -140,6 +134,7 @@ public:
 		KEY_WIRE_CRYPT,
 		KEY_PLUG_WIRE_CRYPT,
 		KEY_PLUG_KEY_HOLDER,
+		KEY_REMOTE_ACCESS,
 		MAX_CONFIG_KEY		// keep it last
 	};
 
@@ -332,6 +327,8 @@ public:
 	const char* getSecurityDatabase() const;
 
 	int getWireCrypt(WireCryptMode wcMode) const;
+
+	bool getRemoteAccess() const;
 };
 
 // Implementation of interface to access master configuration file

src/include/consts_pub.h

@@ -101,7 +101,7 @@
 #define isc_dpb_gfix_attach               66
 #define isc_dpb_gstat_attach              67
 #define isc_dpb_set_db_charset            68
-#define isc_dpb_gsec_attach               69
+/* #define isc_dpb_gsec_attach               69 */
 #define isc_dpb_address_path              70
 #define isc_dpb_process_id                71
 #define isc_dpb_no_db_triggers            72

src/jrd/jrd.cpp

@@ -821,7 +821,6 @@ public:
 	bool	dpb_overwrite;
 	bool	dpb_sec_attach;
 	bool	dpb_disable_wal;
-	bool	dpb_gsec_attach;
 	SLONG	dpb_connect_timeout;
 	SLONG	dpb_dummy_packet_interval;
 	bool	dpb_db_readonly;
@@ -942,7 +941,7 @@ static void			purge_transactions(thread_db*, Jrd::Attachment*, const bool);
 static void 		handle_error(Firebird::IStatus*, ISC_STATUS);
 
 namespace {
-	enum VdnResult {VDN_FAIL, VDN_OK, VDN_SECURITY};
+	enum VdnResult {VDN_FAIL, VDN_OK/*, VDN_SECURITY*/};
 }
 static VdnResult	verifyDatabaseName(const PathName&, ISC_STATUS*, bool);
 
@@ -1315,13 +1314,11 @@ JAttachment* FB_CARG JProvider::attachDatabase(IStatus* user_status, const char*
 		// Initialize special error handling
 		try
 		{
-			// If database to be opened is security database, then only
-			// gsec or SecurityDatabase may open it. This protects from use
-			// of old gsec to write wrong password hashes into it.
-			if (vdn == VDN_SECURITY && !options.dpb_gsec_attach && !options.dpb_sec_attach)
+			// Check for ability to access requested DB remotely
+			if (options.dpb_remote_address.hasData() && !config->getRemoteAccess())
 			{
-				ERR_post(Arg::Gds(isc_no_priv) << Arg::Str("direct") <<
-												  Arg::Str("security database") <<
+				ERR_post(Arg::Gds(isc_no_priv) << Arg::Str("remote") <<
+												  Arg::Str("database") <<
 												  Arg::Str(org_filename));
 			}
 
@@ -2417,13 +2414,11 @@ JAttachment* FB_CARG JProvider::createDatabase(IStatus* user_status, const char*
 		// Initialize special error handling
 		try
 		{
-			// If database to be opened is security database, then only
-			// gsec or SecurityDatabase can open it. This protects from use
-			// of old gsec to write wrong password hashes into it.
-			if (vdn == VDN_SECURITY && !options.dpb_gsec_attach && !options.dpb_sec_attach)
+			// Check for ability to access requested DB remotely
+			if (options.dpb_remote_address.hasData() && !config->getRemoteAccess())
 			{
-				ERR_post(Arg::Gds(isc_no_priv) << Arg::Str("direct") <<
-												  Arg::Str("security database") <<
+				ERR_post(Arg::Gds(isc_no_priv) << Arg::Str("remote") <<
+												  Arg::Str("database") <<
 												  Arg::Str(org_filename));
 			}
 
@@ -5703,10 +5698,6 @@ void DatabaseOptions::get(const UCHAR* dpb, USHORT dpb_length, bool& invalid_cli
 			dpb_gfix_attach = true;
 			break;
 
-		case isc_dpb_gsec_attach:
-			dpb_gsec_attach = rdr.getBoolean();
-			break;
-
 		case isc_dpb_disable_wal:
 			dpb_disable_wal = true;
 			break;
@@ -6957,7 +6948,7 @@ static jrd_req* verify_request_synchronization(JrdStatement* statement, USHORT l
  **/
 static VdnResult verifyDatabaseName(const PathName& name, ISC_STATUS* status, bool is_alias)
 {
-	// Check for security2.fdb
+	// Check for securityX.fdb
 	static GlobalPtr<PathName> securityNameBuffer, expandedSecurityNameBuffer;
 	static GlobalPtr<Mutex> mutex;
 
@@ -6972,10 +6963,11 @@ static VdnResult verifyDatabaseName(const PathName& name, ISC_STATUS* status, bo
 	}
 
 	if (name == securityNameBuffer || name == expandedSecurityNameBuffer)
-		return VDN_SECURITY;
+		return VDN_OK;
 
 	// Check for .conf
-	if (!JRD_verify_database_access(name)) {
+	if (!JRD_verify_database_access(name))
+	{
 		if (!is_alias) {
 			ERR_build_status(status, Arg::Gds(isc_conf_access_denied) << Arg::Str("database") <<
 																		 Arg::Str(name));

src/jrd/tra.cpp

@@ -2494,8 +2494,6 @@ static THREAD_ENTRY_DECLARE sweep_database(THREAD_ENTRY_PARAM database)
 	Firebird::ClumpletWriter dpb(Firebird::ClumpletReader::Tagged, MAX_DPB_SIZE, isc_dpb_version1);
 
 	dpb.insertByte(isc_dpb_sweep, isc_dpb_records);
-	// sometimes security database is also to be swept
-	dpb.insertByte(isc_dpb_gsec_attach, 1);
 	// use trusted authentication to attach database
 	const char* szAuthenticator = "sweeper";
 	dpb.insertString(isc_dpb_trusted_auth, szAuthenticator, strlen(szAuthenticator));

src/remote/server/server.cpp

@@ -2112,10 +2112,6 @@ void DatabaseAuth::accept(PACKET* send, Auth::WriterImplementation* authBlock)
 	{
 		switch (pb->getClumpTag())
 		{
-		// Disable remote gsec attachments
-		case isc_dpb_gsec_attach:
-		case isc_dpb_sec_attach:
-
 		// remove trusted auth & trusted role if present (security measure)
 		case isc_dpb_trusted_role:
 		case isc_dpb_trusted_auth: