diff --git a/examples/interfaces/10.backup.cpp b/examples/interfaces/10.backup.cpp index 978d33a50b..fae025e982 100644 --- a/examples/interfaces/10.backup.cpp +++ b/examples/interfaces/10.backup.cpp @@ -36,7 +36,7 @@ static IMaster* master = fb_get_master_interface(); bool printLine(const unsigned char*& p) { - const ISC_USHORT length = (ISC_USHORT) isc_vax_integer((char*)p, sizeof(ISC_USHORT)); + const ISC_USHORT length = (ISC_USHORT) isc_vax_integer((char*) p, sizeof(ISC_USHORT)); p += sizeof(ISC_USHORT); if (length > 0) printf("%*.*s\n", length, length, p); @@ -60,9 +60,8 @@ bool printInfo(const unsigned char* p, size_t pSize) case isc_info_truncated: if (!ignoreTruncation) - { printf("\n<<< truncated >>>\n"); - } + fflush(stdout); ret = true; break; @@ -96,7 +95,8 @@ int main() IXpbBuilder* spb1 = NULL; IXpbBuilder* spb2 = NULL; - try { + try + { printf("** Attaching to service manager...\n"); // Prepare SPB to attach to service manager @@ -166,8 +166,10 @@ int main() // generic cleanup prov->release(); status.dispose(); + if (spb1) spb1->dispose(); + if (spb2) spb2->dispose(); diff --git a/src/auth/SecureRemotePassword/manage/SrpManagement.cpp b/src/auth/SecureRemotePassword/manage/SrpManagement.cpp index a7c88591ba..a79f0e2d32 100644 --- a/src/auth/SecureRemotePassword/manage/SrpManagement.cpp +++ b/src/auth/SecureRemotePassword/manage/SrpManagement.cpp @@ -117,7 +117,9 @@ private: ++sql; err = true; } + att->execute(&statusWrapper, ddlTran, 0, sql, SQL_DIALECT_V6, NULL, NULL, NULL, NULL); + if (!err) check(&statusWrapper); } diff --git a/src/burp/restore.epp b/src/burp/restore.epp index d0ca8dbe04..e6685e02a4 100644 --- a/src/burp/restore.epp +++ b/src/burp/restore.epp @@ -7773,8 +7773,7 @@ bool get_sql_roles(BurpGlobals* tdgbl) { const ULONG l = get(tdgbl); if (l > sizeof(X.RDB$SYSTEM_PRIVILEGES)) - BURP_error_redirect (NULL, 46); - // msg 46 string truncated + BURP_error_redirect(NULL, 46); // msg 46 string truncated if (l) get_block(tdgbl, (UCHAR*) (X.RDB$SYSTEM_PRIVILEGES), l); diff --git a/src/common/isc_sync.cpp b/src/common/isc_sync.cpp index c63ea3ecf3..8bec215818 100644 --- a/src/common/isc_sync.cpp +++ b/src/common/isc_sync.cpp @@ -274,9 +274,7 @@ namespace { { struct STAT statistics; if (os_utils::fstat(fd, &statistics) != 0) - { system_call_failed::raise("stat"); - } return DevNode(statistics.st_dev, statistics.st_ino); } @@ -1840,10 +1838,9 @@ SharedMemoryBase::SharedMemoryBase(const TEXT* filename, ULONG length, IpcObject static void init(int fd) { void* sTab = os_utils::mmap(0, sizeof(SemTable), PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); + if ((U_IPTR) sTab == (U_IPTR) -1) - { system_call_failed::raise("mmap"); - } semTable = (SemTable*) sTab; initCache(); @@ -1879,10 +1876,10 @@ SharedMemoryBase::SharedMemoryBase(const TEXT* filename, ULONG length, IpcObject { // Get and use the existing length of the shared segment struct STAT file_stat; + if (os_utils::fstat(mainLock->getFd(), &file_stat) == -1) - { system_call_failed::raise("fstat"); - } + length = file_stat.st_size; if (length == 0) @@ -3089,6 +3086,7 @@ bool SharedMemoryBase::remapFile(CheckStatusWrapper* statusVector, ULONG new_len MemoryHeader* const address = (MemoryHeader*) os_utils::mmap(0, new_length, PROT_READ | PROT_WRITE, MAP_SHARED, mainLock->getFd(), 0); + if ((U_IPTR) address == (U_IPTR) -1) { error(statusVector, "mmap() failed", errno); diff --git a/src/common/os/os_utils.h b/src/common/os/os_utils.h index 68186da9c9..00d4933476 100644 --- a/src/common/os/os_utils.h +++ b/src/common/os/os_utils.h @@ -95,205 +95,245 @@ namespace os_utils inline off_t lseek(int fd, off_t offset, int whence) { off_t rc; - do { + + do + { #ifdef LSB_BUILD rc = lseek64(fd, offset, whence); #else rc = ::lseek(fd, offset, whence); #endif } while (rc == (off_t) -1 && SYSCALL_INTERRUPTED(errno)); + return rc; } - + inline int stat(const char* path, struct STAT* buf) { int rc; - do { + + do + { #ifdef LSB_BUILD rc = stat64(path, buf); #else rc = ::stat(path, buf); #endif } while (rc == -1 && SYSCALL_INTERRUPTED(errno)); + return rc; } - + inline int fstat(int fd, struct STAT* buf) { int rc; - do { + + do + { #ifdef LSB_BUILD rc = fstat64(fd, buf); #else rc = ::fstat(fd, buf); #endif } while (rc == -1 && SYSCALL_INTERRUPTED(errno)); + return rc; } - + inline int fgetpos(FILE* stream, fpos_t* pos) { int rc; - do { + + do + { #ifdef LSB_BUILD rc = fgetpos64(stream, pos); #else rc = ::fgetpos(stream, pos); #endif } while (rc == -1 && SYSCALL_INTERRUPTED(errno)); + return rc; } - + inline int fsetpos(FILE* stream, const fpos_t* pos) { int rc; - do { + + do + { #ifdef LSB_BUILD rc = fsetpos64(stream, pos); #else rc = ::fsetpos(stream, pos); #endif } while (rc == -1 && SYSCALL_INTERRUPTED(errno)); + return rc; } - + #ifndef WIN_NT inline int lockf(int fd, int cmd, off_t len) { int rc; - do { + + do + { #ifdef LSB_BUILD rc = lockf64(fd, cmd, len); #else rc = ::lockf(fd, cmd, len); #endif } while (rc == -1 && SYSCALL_INTERRUPTED(errno)); + return rc; } - + inline int mkstemp(char* templ) { int rc; - do { + + do + { #ifdef LSB_BUILD rc = mkstemp64(templ); #else rc = ::mkstemp(templ); #endif } while (rc == -1 && SYSCALL_INTERRUPTED(errno)); + return rc; } - + inline ssize_t pread(int fd, void* buf, size_t count, off_t offset) { // Don't check EINTR because it's done by caller - return #ifdef LSB_BUILD - pread64(fd, buf, count, offset); + return pread64(fd, buf, count, offset); #else - ::pread(fd, buf, count, offset); + return ::pread(fd, buf, count, offset); #endif } - + inline ssize_t pwrite(int fd, const void* buf, size_t count, off_t offset) { // Don't check EINTR because it's done by caller - return #ifdef LSB_BUILD - pwrite64(fd, buf, count, offset); + return pwrite64(fd, buf, count, offset); #else - ::pwrite(fd, buf, count, offset); + return ::pwrite(fd, buf, count, offset); #endif } - + inline struct dirent* readdir(DIR* dirp) { struct dirent* rc; - do { + + do + { #ifdef LSB_BUILD rc = readdir64(dirp); #else rc = ::readdir(dirp); #endif } while (rc == NULL && SYSCALL_INTERRUPTED(errno)); + return rc; } - + inline void* mmap(void* addr, size_t length, int prot, int flags, int fd, off_t offset) { void* rc; - do { + + do + { #ifdef LSB_BUILD rc = mmap64(addr, length, prot, flags, fd, offset); #else rc = ::mmap(addr, length, prot, flags, fd, offset); #endif } while (rc == MAP_FAILED && SYSCALL_INTERRUPTED(errno)); + return rc; } - + inline int ftruncate(int fd, off_t length) { int rc; - do { + + do + { #ifdef LSB_BUILD rc = ftruncate64(fd, length); #else rc = ::ftruncate(fd, length); #endif } while (rc == -1 && SYSCALL_INTERRUPTED(errno)); + return rc; } - + inline int lstat(const char* path, struct STAT* buf) { int rc; - do { + + do + { #ifdef LSB_BUILD rc = lstat64(path, buf); #else rc = ::lstat(path, buf); #endif } while (rc == -1 && SYSCALL_INTERRUPTED(errno)); + return rc; } - + inline int posix_fadvise(int fd, off_t offset, off_t len, int advice) { int rc; - do { + + do + { #ifdef LSB_BUILD rc = posix_fadvise64(fd, offset, len, advice); #else rc = ::posix_fadvise(fd, offset, len, advice); #endif } while (rc != 0 && SYSCALL_INTERRUPTED(rc)); + return rc; } - + inline int getrlimit(int resource, struct rlimit* rlim) { int rc; - do { + + do + { #ifdef LSB_BUILD rc = getrlimit64(resource, rlim); #else rc = ::getrlimit(resource, rlim); #endif } while (rc == -1 && SYSCALL_INTERRUPTED(errno)); + return rc; } - + inline int setrlimit(int resource, const struct rlimit* rlim) { int rc; - do { + + do + { #ifdef LSB_BUILD rc = setrlimit64(resource, rlim); #else rc = ::setrlimit(resource, rlim); #endif } while (rc == -1 && SYSCALL_INTERRUPTED(errno)); + return rc; } #endif // WIN_NT diff --git a/src/common/os/posix/os_utils.cpp b/src/common/os/posix/os_utils.cpp index 6c8d580fbe..47b212bb00 100644 --- a/src/common/os/posix/os_utils.cpp +++ b/src/common/os/posix/os_utils.cpp @@ -139,13 +139,16 @@ namespace inline int openFile(const char* pathname, int flags, mode_t mode = 0666) { int rc; - do { + + do + { #ifdef LSB_BUILD rc = open64(pathname, flags, mode); #else rc = ::open(pathname, flags, mode); #endif } while (rc == -1 && SYSCALL_INTERRUPTED(errno)); + return rc; } @@ -161,14 +164,10 @@ void createLockDirectory(const char* pathname) { struct STAT st; if (os_utils::stat(pathname, &st) != 0) - { system_call_failed::raise("stat"); - } if (S_ISDIR(st.st_mode)) - { return; - } // not exactly original meaning, but very close to it system_call_failed::raise("access", ENOTDIR); @@ -281,9 +280,7 @@ int open(const char* pathname, int flags, mode_t mode) fd = openFile(pathname, flags | O_CLOEXEC, mode); if (fd < 0 && errno == EINVAL) // probably O_CLOEXEC not accepted - { fd = openFile(pathname, flags | O_CLOEXEC, mode); - } setCloseOnExec(fd); return fd; @@ -292,7 +289,8 @@ int open(const char* pathname, int flags, mode_t mode) FILE* fopen(const char* pathname, const char* mode) { FILE* f = NULL; - do { + do + { #ifdef LSB_BUILD // TODO: use open + fdopen to avoid races f = fopen64(pathname, mode); @@ -323,9 +321,7 @@ void getUniqueFileId(int fd, UCharBuffer& id) { struct STAT statistics; if (os_utils::fstat(fd, &statistics) != 0) - { system_call_failed::raise("fstat"); - } makeUniqueFileId(statistics, id); } diff --git a/src/dsql/DdlNodes.epp b/src/dsql/DdlNodes.epp index 217649cca9..fdb250267b 100644 --- a/src/dsql/DdlNodes.epp +++ b/src/dsql/DdlNodes.epp @@ -11135,6 +11135,7 @@ void GrantRevokeNode::grantRevoke(thread_db* tdbb, jrd_tra* transaction, const G if (grantor && !tdbb->getAttachment()->locksmith(tdbb, USE_GRANTED_BY_CLAUSE)) { const Firebird::MetaName& owner(tdbb->getDatabase()->dbb_owner); + if (owner == DBA_USER_NAME) (Arg::PrivateDyn(252) << DBA_USER_NAME).raise(); else @@ -11255,6 +11256,7 @@ void GrantRevokeNode::grantRevoke(thread_db* tdbb, jrd_tra* transaction, const G // Check for blocking cycles of role grants. UserId grantedRoles; grantedRoles.setSqlRole(objName); + if (grantedRoles.roleInUse(tdbb, user)) { // 292: role @1 can not be granted to role @2 diff --git a/src/dsql/DdlNodes.h b/src/dsql/DdlNodes.h index bb06fb8bac..8cd21b042d 100644 --- a/src/dsql/DdlNodes.h +++ b/src/dsql/DdlNodes.h @@ -1932,6 +1932,7 @@ private: public: Firebird::MetaName name; bool createFlag, sysPrivDrop; + void addPrivilege(const Firebird::MetaName* privName) { fb_assert(privName); diff --git a/src/dsql/StmtNodes.cpp b/src/dsql/StmtNodes.cpp index a598223da1..8189c3ae11 100644 --- a/src/dsql/StmtNodes.cpp +++ b/src/dsql/StmtNodes.cpp @@ -7922,6 +7922,7 @@ void SetRoleNode::execute(thread_db* tdbb, dsql_req* request, jrd_tra** transact { if (!SCL_role_granted(tdbb, *user, roleName.c_str())) (Arg::Gds(isc_set_invalid_role) << roleName).raise(); + user->setSqlRole(roleName.c_str()); } diff --git a/src/isql/show.epp b/src/isql/show.epp index f2b51b6bee..50dce9ec26 100644 --- a/src/isql/show.epp +++ b/src/isql/show.epp @@ -5406,12 +5406,14 @@ static processing_state show_role(const SCHAR* object, bool system, const char* isqlGlob.printf("%38s%s", X.RDB$ROLE_NAME, (odd ? " " : NEWLINE)); odd = !odd; -/* + + /*** if (SHOW_system_privileges(X.RDB$ROLE_NAME, "System privileges:", !odd)) { isqlGlob.printf("%s", NEWLINE); odd = true; - } */ + } + ***/ } END_FOR ON_ERROR diff --git a/src/jrd/CryptoManager.cpp b/src/jrd/CryptoManager.cpp index 20b1164d18..bb45d9cbfc 100644 --- a/src/jrd/CryptoManager.cpp +++ b/src/jrd/CryptoManager.cpp @@ -220,7 +220,7 @@ namespace Jrd { ERR_punt(); } } - } + } } else { @@ -386,7 +386,7 @@ namespace Jrd { const bool newCryptState = plugName.hasData(); int bak_state = Ods::hdr_nbak_unknown; - { + { // scope BackupManager::StateReadGuard stateGuard(tdbb); bak_state = dbb.dbb_backup_manager->getState(); } @@ -768,7 +768,7 @@ namespace Jrd { // nbackup state check int bak_state = Ods::hdr_nbak_unknown; - { + { // scope BackupManager::StateReadGuard stateGuard(tdbb); bak_state = dbb.dbb_backup_manager->getState(); } @@ -1203,10 +1203,10 @@ namespace Jrd { */ signature.printf("%d %d %d %s", - hdr->hdr_flags & Ods::hdr_crypt_process ? 1 : 0, - hdr->hdr_flags & Ods::hdr_encrypted ? 1 : 0, - hdr->hdr_crypt_page, - hdr->hdr_crypt_plugin); + (hdr->hdr_flags & Ods::hdr_crypt_process ? 1 : 0), + (hdr->hdr_flags & Ods::hdr_encrypted ? 1 : 0), + hdr->hdr_crypt_page, + hdr->hdr_crypt_plugin); ClumpletWriter hc(ClumpletWriter::UnTagged, hdr->hdr_page_size); hdr.getClumplets(hc); diff --git a/src/jrd/DbCreators.cpp b/src/jrd/DbCreators.cpp index 8cccf972ca..3c32e8d298 100644 --- a/src/jrd/DbCreators.cpp +++ b/src/jrd/DbCreators.cpp @@ -242,11 +242,13 @@ bool checkCreateDatabaseGrant(const MetaName& userName, const MetaName& trustedR check("IAttachment::execute", &st); UserId::Privileges privileges, wrk; + while (rs->fetchNext(&st, res2.getBuffer()) == IStatus::RESULT_OK) { wrk.load(&priv); privileges |= wrk; } + check("IResultSet::fetchNext", &st); return wrk.test(CREATE_DATABASE); diff --git a/src/jrd/Mapping.cpp b/src/jrd/Mapping.cpp index 34735380b0..2772fb44cd 100644 --- a/src/jrd/Mapping.cpp +++ b/src/jrd/Mapping.cpp @@ -973,7 +973,8 @@ public: return &sync; } - bool getPrivileges(const PathName& db, const string& name, const string& trusted_role, UserId::Privileges& system_privileges) + bool getPrivileges(const PathName& db, const string& name, const string& trusted_role, + UserId::Privileges& system_privileges) { DbCache* c; return databases.get(db, c) && c->getPrivileges(name, trusted_role, system_privileges); @@ -1068,11 +1069,13 @@ private: AutoPtr > buffer(FB_NEW UCHAR[meta->getMessageLength(&st)]); UCHAR* bits = buffer + meta->getOffset(&st, 0); UserId::Privileges g, l; + while(curs->fetchNext(&st, buffer) == IStatus::RESULT_OK) { l.load(bits); g |= l; } + put(key, g); } diff --git a/src/jrd/dflt.h b/src/jrd/dflt.h index 4cdc135879..2e2181bcea 100644 --- a/src/jrd/dflt.h +++ b/src/jrd/dflt.h @@ -76,4 +76,3 @@ static const UCHAR dflt_no_privs[] = }; #endif // JRD_DFLT_H - diff --git a/src/jrd/jrd.cpp b/src/jrd/jrd.cpp index 99ebb888c9..9d41e50f64 100644 --- a/src/jrd/jrd.cpp +++ b/src/jrd/jrd.cpp @@ -1705,10 +1705,12 @@ JAttachment* JProvider::internalAttach(CheckStatusWrapper* user_status, const ch // database. smistry 10/5/98 if (attachment->isUtility()) + { validateAccess(tdbb, attachment, attachment->att_utility == Attachment::UTIL_GBAK ? USE_GBAK_UTILITY : attachment->att_utility == Attachment::UTIL_GFIX ? USE_GFIX_UTILITY : USE_GSTAT_UTILITY); + } if (options.dpb_verify) { diff --git a/src/jrd/scl.epp b/src/jrd/scl.epp index d4f12da72f..6767e1c7b3 100644 --- a/src/jrd/scl.epp +++ b/src/jrd/scl.epp @@ -1040,6 +1040,7 @@ void UserId::findGrantedRoles(thread_db* tdbb) const usr_granted_roles.clear(); usr_privileges.clearAll(); + while (rs->fetch(tdbb)) { if (!usr_granted_roles.exist(usr_get_role)) // SQL request can return duplicates @@ -1278,6 +1279,7 @@ SecurityClass::flags_t SCL_get_object_mask(const int object_type) return -1 & ~SCL_corrupt; } + ULONG SCL_get_number(const UCHAR* acl) { /************************************** diff --git a/src/jrd/scl.h b/src/jrd/scl.h index dd24f6e2ab..d7b895e1f1 100644 --- a/src/jrd/scl.h +++ b/src/jrd/scl.h @@ -216,12 +216,15 @@ public: Firebird::string usr_project_name; // Project name Firebird::string usr_org_name; // Organization name Firebird::string usr_auth_method; // Authentication method + private: mutable Privileges usr_privileges; // Privileges granted to user by default + public: Auth::AuthenticationBlock usr_auth_block; // Authentication block after mapping USHORT usr_user_id; // User id USHORT usr_group_id; // Group id + private: mutable USHORT usr_flags; // Misc. crud diff --git a/src/jrd/svc.cpp b/src/jrd/svc.cpp index fb7595071a..1398469eec 100644 --- a/src/jrd/svc.cpp +++ b/src/jrd/svc.cpp @@ -713,7 +713,8 @@ Service::Service(const TEXT* service_name, USHORT spb_length, const UCHAR* spb_d string trusted_role; mapUser(true, svc_username, trusted_role, NULL, &svc_auth_block, NULL, - svc_auth_block, "services manager", NULL, config->getSecurityDatabase(), svc_crypt_callback, NULL); + svc_auth_block, "services manager", NULL, config->getSecurityDatabase(), + svc_crypt_callback, NULL); trusted_role.upper(); svc_trusted_role = trusted_role == ADMIN_ROLE; }