Fixed CORE-6236 - RDB$TIME_ZONE_UTIL package has wrong privilege for PUBLIC.

2025-01-23 00:03:02 +01:00 · 2020-01-21 22:09:17 -03:00 · 2020-01-21 22:09:17 -03:00 · 6753656754
commit 6753656754
parent 6fa1fffbaa
1 changed files with 22 additions and 8 deletions
--- a/src/jrd/ini.epp
+++ b/src/jrd/ini.epp
@ -71,9 +71,9 @@ const int FB_MAX_ACL_SIZE	= 4096;


 static void add_index_set(thread_db*);
-static void add_security_to_sys_obj(thread_db*, AutoRequest&, AutoRequest&, AutoRequest&, 
+static void add_security_to_sys_obj(thread_db*, AutoRequest&, AutoRequest&, AutoRequest&,
 	const MetaName&, USHORT, const MetaName&, USHORT = 0, const UCHAR* = NULL);
-static void add_security_class(thread_db* tdbb, AutoRequest&, const MetaName& class_name, 
+static void add_security_class(thread_db* tdbb, AutoRequest&, const MetaName& class_name,
 	USHORT acl_length, const UCHAR* acl);
 static void add_security_to_sys_rel(thread_db*, AutoRequest&, AutoRequest&, AutoRequest&, const MetaName&,
 	const TEXT*, const USHORT, const UCHAR*);
@ -411,9 +411,12 @@ void INI_format(const char* owner, const char* charset)
 	const UCHAR NON_REL_OWNER_ACL[] =
 		{ACL_priv_list, priv_control, priv_alter, priv_drop, priv_usage, ACL_end};

-	const UCHAR NON_REL_PUBLIC_ACL[] =
+	const UCHAR NON_REL_PUBLIC_USAGE_ACL[] =
 		{ACL_priv_list, priv_usage, ACL_end};

+	const UCHAR PKG_PUBLIC_EXECUTE_ACL[] =
+		{ACL_priv_list, priv_execute, ACL_end};
+
 	UCHAR buffer[FB_MAX_ACL_SIZE];
 	UCHAR* acl = buffer;
 	*acl++ = ACL_version;
@ -431,8 +434,11 @@ void INI_format(const char* owner, const char* charset)

 	*acl++ = ACL_id_list;
 	*acl++ = ACL_end;
-	memcpy(acl, NON_REL_PUBLIC_ACL, sizeof(NON_REL_PUBLIC_ACL));
-	acl += sizeof(NON_REL_PUBLIC_ACL);
+
+	UCHAR* aclPublicStart = acl;
+
+	memcpy(acl, NON_REL_PUBLIC_USAGE_ACL, sizeof(NON_REL_PUBLIC_USAGE_ACL));
+	acl += sizeof(NON_REL_PUBLIC_USAGE_ACL);
 	*acl++ = ACL_end; // Put an extra terminator to avoid scl.epp:walk_acl() missing the end.

 	USHORT length = acl - buffer;
@ -471,13 +477,21 @@ void INI_format(const char* owner, const char* charset)
 			add_security_to_sys_obj(tdbb, reqAddSC, reqModObjSC, reqInsUserPriv, ownerName, obj_collation, collation->name, length, buffer);
 		}

+		// Must be last!
+		acl = aclPublicStart;
+		memcpy(acl, PKG_PUBLIC_EXECUTE_ACL, sizeof(PKG_PUBLIC_EXECUTE_ACL));
+		acl += sizeof(PKG_PUBLIC_EXECUTE_ACL);
+		*acl++ = ACL_end; // Put an extra terminator to avoid scl.epp:walk_acl() missing the end.
+		length = acl - buffer;
+
 		reqModObjSC.reset();
 		for (auto& systemPackage : SystemPackage::get())
 		{
 			if (systemPackage.odsVersion > ENCODE_ODS(dbb->dbb_ods_version, dbb->dbb_minor_version))
 				continue;

-			add_security_to_sys_obj(tdbb, reqAddSC, reqModObjSC, reqInsUserPriv, ownerName, obj_package_header, systemPackage.name, length, buffer);
+			add_security_to_sys_obj(tdbb, reqAddSC, reqModObjSC, reqInsUserPriv, ownerName,
+				obj_package_header, systemPackage.name, length, buffer);
 		}
 	}

@ -1091,8 +1105,8 @@ static void add_security_to_sys_rel(thread_db*	tdbb,

 // Add security to system objects.
 static void add_security_to_sys_obj(thread_db* tdbb,
-									AutoRequest& reqAddSC, 
-									AutoRequest& reqModObjSC, 
+									AutoRequest& reqAddSC,
+									AutoRequest& reqModObjSC,
 									AutoRequest& reqInsUserPriv,
 									const MetaName& user_name,
 									USHORT obj_type,