8
0
mirror of https://github.com/FirebirdSQL/firebird.git synced 2025-01-22 18:43:02 +01:00

Postfix for CORE-3242: somewhy when checking metadata access (like MODIFY or DROP) always checked that access from object itself. Strange at the first glance behavior, but let us do not change legacy (at least since FB1.0) when possible.

This commit is contained in:
alexpeshkoff 2014-05-07 11:21:31 +00:00
parent 9e3f5a9a56
commit bf82df1ebb
4 changed files with 19 additions and 18 deletions

View File

@ -454,14 +454,14 @@ void JrdStatement::verifyAccess(thread_db* tdbb)
{
SCL_check_access(tdbb, sec_class, access->acc_view_id, aclType,
routine->getName().identifier, access->acc_mask, access->acc_type,
access->acc_name, access->acc_r_name);
true, access->acc_name, access->acc_r_name);
}
else
{
SCL_check_access(tdbb, sec_class, access->acc_view_id,
id_package, routine->getName().package,
access->acc_mask, access->acc_type,
access->acc_name, access->acc_r_name);
true, access->acc_name, access->acc_r_name);
}
}
}
@ -508,7 +508,7 @@ void JrdStatement::verifyAccess(thread_db* tdbb)
}
SCL_check_access(tdbb, sec_class, access->acc_view_id, objType, objName,
access->acc_mask, access->acc_type, access->acc_name, access->acc_r_name);
access->acc_mask, access->acc_type, true, access->acc_name, access->acc_r_name);
}
}
@ -629,7 +629,7 @@ void JrdStatement::verifyTriggerAccess(thread_db* tdbb, jrd_rel* ownerRelation,
SCL_check_access(tdbb, sec_class,
(access->acc_view_id) ? access->acc_view_id : (view ? view->rel_id : 0),
id_trigger, t.statement->triggerName, access->acc_mask,
access->acc_type, access->acc_name, access->acc_r_name);
access->acc_type, true, access->acc_name, access->acc_r_name);
}
}
}

View File

@ -171,6 +171,7 @@ void SCL_check_access(thread_db* tdbb,
const Firebird::MetaName& obj_name,
SecurityClass::flags_t mask,
SLONG type,
bool recursive,
const Firebird::MetaName& name,
const Firebird::MetaName& r_name)
{
@ -237,7 +238,7 @@ void SCL_check_access(thread_db* tdbb,
// Allow recursive procedure/function call
if (((type == SCL_object_procedure && obj_type == id_procedure) ||
if (recursive && ((type == SCL_object_procedure && obj_type == id_procedure) ||
(type == SCL_object_function && obj_type == id_function)) && obj_name == name)
{
return;
@ -299,7 +300,7 @@ void SCL_check_charset(thread_db* tdbb, const MetaName& name, SecurityClass::fla
}
END_FOR
SCL_check_access(tdbb, s_class, 0, 0, name, mask, SCL_object_charset, name);
SCL_check_access(tdbb, s_class, 0, 0, name, mask, SCL_object_charset, false, name);
}
@ -330,7 +331,7 @@ void SCL_check_collation(thread_db* tdbb, const MetaName& name, SecurityClass::f
}
END_FOR
SCL_check_access(tdbb, s_class, 0, 0, name, mask, SCL_object_collation, name);
SCL_check_access(tdbb, s_class, 0, 0, name, mask, SCL_object_collation, false, name);
}
@ -361,7 +362,7 @@ void SCL_check_domain(thread_db* tdbb, const MetaName& name, SecurityClass::flag
}
END_FOR
SCL_check_access(tdbb, s_class, 0, 0, name, mask, SCL_object_domain, name);
SCL_check_access(tdbb, s_class, 0, 0, name, mask, SCL_object_domain, false, name);
}
@ -392,7 +393,7 @@ void SCL_check_exception(thread_db* tdbb, const MetaName& name, SecurityClass::f
}
END_FOR
SCL_check_access(tdbb, s_class, 0, 0, name, mask, SCL_object_exception, name);
SCL_check_access(tdbb, s_class, 0, 0, name, mask, SCL_object_exception, false, name);
}
@ -423,7 +424,7 @@ void SCL_check_generator(thread_db* tdbb, const MetaName& name, SecurityClass::f
}
END_FOR
SCL_check_access(tdbb, s_class, 0, 0, name, mask, SCL_object_generator, name);
SCL_check_access(tdbb, s_class, 0, 0, name, mask, SCL_object_generator, false, name);
}
@ -508,7 +509,7 @@ void SCL_check_index(thread_db* tdbb, const Firebird::MetaName& index_name, UCHA
if (reln_name.isEmpty())
return;
SCL_check_access(tdbb, s_class, 0, 0, NULL, mask, SCL_object_table, reln_name);
SCL_check_access(tdbb, s_class, 0, 0, NULL, mask, SCL_object_table, false, reln_name);
request.reset();
@ -529,7 +530,7 @@ void SCL_check_index(thread_db* tdbb, const Firebird::MetaName& index_name, UCHA
s_class = (!RF.RDB$SECURITY_CLASS.NULL) ?
SCL_get_class(tdbb, RF.RDB$SECURITY_CLASS) : default_s_class;
SCL_check_access(tdbb, s_class, 0, 0, NULL, mask,
SCL_object_column, RF.RDB$FIELD_NAME, reln_name);
SCL_object_column, false, RF.RDB$FIELD_NAME, reln_name);
}
END_FOR
}
@ -570,7 +571,7 @@ void SCL_check_package(thread_db* tdbb, const dsc* dsc_name, SecurityClass::flag
}
END_FOR
SCL_check_access(tdbb, s_class, 0, id_package, name, mask, SCL_object_package, name);
SCL_check_access(tdbb, s_class, 0, id_package, name, mask, SCL_object_package, false, name);
}
@ -610,7 +611,7 @@ void SCL_check_procedure(thread_db* tdbb, const dsc* dsc_name, SecurityClass::fl
}
END_FOR
SCL_check_access(tdbb, s_class, 0, id_procedure, name, mask, SCL_object_procedure, name);
SCL_check_access(tdbb, s_class, 0, id_procedure, name, mask, SCL_object_procedure, false, name);
}
@ -650,7 +651,7 @@ void SCL_check_function(thread_db* tdbb, const dsc* dsc_name, SecurityClass::fla
}
END_FOR
SCL_check_access(tdbb, s_class, 0, id_function, name, mask, SCL_object_function, name);
SCL_check_access(tdbb, s_class, 0, id_function, name, mask, SCL_object_function, false, name);
}
@ -688,7 +689,7 @@ void SCL_check_relation(thread_db* tdbb, const dsc* dsc_name, SecurityClass::fla
}
END_FOR
SCL_check_access(tdbb, s_class, 0, 0, NULL, mask, SCL_object_table, name);
SCL_check_access(tdbb, s_class, 0, 0, NULL, mask, SCL_object_table, false, name);
}

View File

@ -34,7 +34,7 @@
struct dsc;
void SCL_check_access(Jrd::thread_db*, const Jrd::SecurityClass*, SLONG, SLONG, const Firebird::MetaName&,
Jrd::SecurityClass::flags_t, SLONG type, const Firebird::MetaName&,
Jrd::SecurityClass::flags_t, SLONG type, bool recursive, const Firebird::MetaName&,
const Firebird::MetaName& = "");
void SCL_check_charset(Jrd::thread_db* tdbb, const Firebird::MetaName&, Jrd::SecurityClass::flags_t);
void SCL_check_collation(Jrd::thread_db* tdbb, const Firebird::MetaName&, Jrd::SecurityClass::flags_t);

View File

@ -3964,7 +3964,7 @@ static void check_rel_field_class(thread_db* tdbb,
// he may have access to relation as whole.
try
{
SCL_check_access(tdbb, s_class, 0, 0, NULL, flags, SCL_object_column, "");
SCL_check_access(tdbb, s_class, 0, 0, NULL, flags, SCL_object_column, false, "");
}
catch (const Firebird::Exception&)
{