firebird/firebird-mirror
firebird/firebird-mirror
8
0
Fork 1
mirror of https://github.com/FirebirdSQL/firebird.git synced 2025-01-23 18:03:04 +01:00
Code Issues

Fixed #6889: no permision while ALTER USER SET TAGS

Browse Source
This commit is contained in:
AlexPeshkoff 2021-07-07 14:24:57 +03:00
parent 60527e378c
commit 575761e8c9
3 changed files with 22 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
src/jrd/scl.epp
View File

@ -168,7 +168,8 @@ namespace
if (p->num == num)
return p->name;
}
fb_assert(false);
if (num)
fb_assert(false);
return "<unknown object type>";
}
} // anonymous namespace
@ -198,20 +199,6 @@ static void raiseError(thread_db* tdbb, SecurityClass::flags_t mask, SLONG type,
// userName a name of user in which context permissions will be checked.
void SCL_check_access(thread_db* tdbb,
const SecurityClass* s_class,
SLONG obj_type,
const Firebird::MetaName& obj_name,
SecurityClass::flags_t mask,
SLONG type,
bool recursive,
const Firebird::MetaName& name,
const Firebird::MetaName& r_name)
{
SCL_check_access(tdbb, s_class, NULL, obj_type, obj_name, mask, type, recursive, name, r_name);
}
static bool check_access(thread_db* tdbb,
const SecurityClass* s_class,
SLONG obj_type,
@ -353,7 +340,7 @@ void SCL_check_charset(thread_db* tdbb, const MetaName& name, SecurityClass::fla
}
END_FOR
SCL_check_access(tdbb, s_class, 0, name, mask, SCL_object_charset, false, name);
SCL_check_access(tdbb, s_class, NULL, 0, name, mask, SCL_object_charset, false, name);
}
@ -384,7 +371,7 @@ void SCL_check_collation(thread_db* tdbb, const MetaName& name, SecurityClass::f
}
END_FOR
SCL_check_access(tdbb, s_class, 0, name, mask, SCL_object_collation, false, name);
SCL_check_access(tdbb, s_class, NULL, 0, name, mask, SCL_object_collation, false, name);
}
@ -453,7 +440,7 @@ void SCL_check_domain(thread_db* tdbb, const MetaName& name, SecurityClass::flag
}
END_FOR
SCL_check_access(tdbb, s_class, 0, name, mask, SCL_object_domain, false, name);
SCL_check_access(tdbb, s_class, NULL, 0, name, mask, SCL_object_domain, false, name);
}
@ -486,7 +473,7 @@ bool SCL_check_exception(thread_db* tdbb, const MetaName& name, SecurityClass::f
}
END_FOR
SCL_check_access(tdbb, s_class, 0, name, mask, SCL_object_exception, false, name);
SCL_check_access(tdbb, s_class, NULL, 0, name, mask, SCL_object_exception, false, name);
return found;
}
@ -520,7 +507,7 @@ bool SCL_check_generator(thread_db* tdbb, const MetaName& name, SecurityClass::f
}
END_FOR
SCL_check_access(tdbb, s_class, 0, name, mask, SCL_object_generator, false, name);
SCL_check_access(tdbb, s_class, NULL, 0, name, mask, SCL_object_generator, false, name);
return found;
}
@ -616,7 +603,7 @@ void SCL_check_index(thread_db* tdbb, const Firebird::MetaName& index_name, UCHA
if (reln_name.isEmpty())
return;
SCL_check_access(tdbb, s_class, 0, NULL, mask, SCL_object_table, false, reln_name);
SCL_check_access(tdbb, s_class, NULL, 0, NULL, mask, SCL_object_table, false, reln_name);
request.reset();
@ -636,7 +623,7 @@ void SCL_check_index(thread_db* tdbb, const Firebird::MetaName& index_name, UCHA
{
s_class = (!RF.RDB$SECURITY_CLASS.NULL) ?
SCL_get_class(tdbb, RF.RDB$SECURITY_CLASS) : default_s_class;
SCL_check_access(tdbb, s_class, 0, NULL, mask,
SCL_check_access(tdbb, s_class, NULL, 0, NULL, mask,
SCL_object_column, false, RF.RDB$FIELD_NAME, reln_name);
}
END_FOR
@ -680,7 +667,7 @@ bool SCL_check_package(thread_db* tdbb, const dsc* dsc_name, SecurityClass::flag
}
END_FOR
SCL_check_access(tdbb, s_class, id_package, name, mask, SCL_object_package, false, name);
SCL_check_access(tdbb, s_class, NULL, id_package, name, mask, SCL_object_package, false, name);
return found;
}
@ -723,7 +710,7 @@ bool SCL_check_procedure(thread_db* tdbb, const dsc* dsc_name, SecurityClass::fl
}
END_FOR
SCL_check_access(tdbb, s_class, id_procedure, name, mask, SCL_object_procedure, false, name);
SCL_check_access(tdbb, s_class, NULL, id_procedure, name, mask, SCL_object_procedure, false, name);
return found;
}
@ -766,7 +753,7 @@ bool SCL_check_function(thread_db* tdbb, const dsc* dsc_name, SecurityClass::fla
}
END_FOR
SCL_check_access(tdbb, s_class, id_function, name, mask, SCL_object_function, false, name);
SCL_check_access(tdbb, s_class, NULL, id_function, name, mask, SCL_object_function, false, name);
return found;
}
@ -801,7 +788,7 @@ void SCL_check_filter(thread_db* tdbb, const MetaName &name, SecurityClass::flag
}
END_FOR
SCL_check_access(tdbb, s_class, id_filter, name, mask, SCL_object_filter, false, name);
SCL_check_access(tdbb, s_class, NULL, id_filter, name, mask, SCL_object_filter, false, name);
}
@ -847,7 +834,7 @@ void SCL_check_relation(thread_db* tdbb, const dsc* dsc_name, SecurityClass::fla
}
END_FOR
SCL_check_access(tdbb, s_class, 0, NULL, mask, SCL_object_table, false, name);
SCL_check_access(tdbb, s_class, NULL, 0, NULL, mask, SCL_object_table, false, name);
}
bool SCL_check_view(thread_db* tdbb, const dsc* dsc_name, SecurityClass::flags_t mask)
@ -888,7 +875,7 @@ bool SCL_check_view(thread_db* tdbb, const dsc* dsc_name, SecurityClass::flags_t
}
END_FOR
SCL_check_access(tdbb, s_class, 0, NULL, mask, SCL_object_view, false, name);
SCL_check_access(tdbb, s_class, NULL, 0, NULL, mask, SCL_object_view, false, name);
return found;
}
@ -921,7 +908,7 @@ void SCL_check_role(thread_db* tdbb, const Firebird::MetaName& name, SecurityCla
}
END_FOR
SCL_check_access(tdbb, s_class, 0, NULL, mask, SCL_object_role, false, name);
SCL_check_access(tdbb, s_class, NULL, 0, NULL, mask, SCL_object_role, false, name);
}
SecurityClass* SCL_get_class(thread_db* tdbb, const TEXT* par_string)
@ -994,7 +981,7 @@ Jrd::SecurityClass* SCL_get_class(Jrd::thread_db* tdbb, SLONG view_id)
if (!view)
return NULL;
return SCL_get_class(tdbb, view->rel_owner_name.c_str());
return SCL_get_class(tdbb, view->rel_security_name.c_str());
}

6
src/jrd/scl_proto.h
View File

@ -33,14 +33,10 @@
struct dsc;
void SCL_check_access(Jrd::thread_db*, const Jrd::SecurityClass*,
SLONG, const Firebird::MetaName&,
Jrd::SecurityClass::flags_t, SLONG type, bool recursive, const Firebird::MetaName&,
const Firebird::MetaName& = "");
void SCL_check_access(Jrd::thread_db*, const Jrd::SecurityClass*,
const Jrd::SecurityClass*, SLONG, const Firebird::MetaName&,
Jrd::SecurityClass::flags_t, SLONG type, bool recursive, const Firebird::MetaName&,
const Firebird::MetaName&);
const Firebird::MetaName& = "");
void SCL_check_create_access(Jrd::thread_db*, int type);
void SCL_check_charset(Jrd::thread_db* tdbb, const Firebird::MetaName&, Jrd::SecurityClass::flags_t);
void SCL_check_collation(Jrd::thread_db* tdbb, const Firebird::MetaName&, Jrd::SecurityClass::flags_t);

8
src/jrd/tra.cpp
View File

@ -3771,9 +3771,7 @@ void jrd_tra::checkBlob(thread_db* tdbb, const bid* blob_id, bool punt)
// Relation has not been checked for access rights
try
{
ThreadStatusGuard status_vector(tdbb);
SCL_check_access(tdbb, s_class, 0, 0, NULL, SCL_select, SCL_object_table, false,
SCL_check_access(tdbb, s_class, NULL, 0, "", SCL_select, SCL_object_table, false,
blb_relation->rel_name);
s_class->scl_blb_access = SecurityClass::BA_SUCCESS;
}
@ -3793,9 +3791,11 @@ void jrd_tra::checkBlob(thread_db* tdbb, const bid* blob_id, bool punt)
// but someone else has (SP, view)
// store Blob ID as allowed in this transaction
tra_fetched_blobs.add(*blob_id);
// and clear status vector
tdbb->tdbb_status_vector->init();
}
break;
case SecurityClass::BA_FAILURE:
// Relation has been checked earlier and check was failed
if (punt)