firebird/firebird-mirror
firebird/firebird-mirror
8
0
Fork 1
mirror of https://github.com/FirebirdSQL/firebird.git synced 2025-01-22 22:43:03 +01:00
Code Issues

Added default sql security for database to make it possible to be more relevant to SQL Standard

Browse Source
This commit is contained in:
Roman Simakov 2016-10-25 15:09:32 +03:00
parent aa53e630d7
commit c95a287cc9
15 changed files with 106 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/burp/backup.epp
View File

@ -2731,6 +2731,8 @@ void write_database( const TEXT* dbb_file)
PUT_TEXT (att_database_dfl_charset, D.RDB$CHARACTER_SET_NAME); PUT_TEXT (att_database_dfl_charset, D.RDB$CHARACTER_SET_NAME);
if (!D.RDB$LINGER.NULL) if (!D.RDB$LINGER.NULL)
put_int32(att_database_linger, D.RDB$LINGER); put_int32(att_database_linger, D.RDB$LINGER);
if (!D.RDB$SQL_SECURITY.NULL)
put_boolean(att_database_sql_security, D.RDB$SQL_SECURITY);
END_FOR; END_FOR;
ON_ERROR ON_ERROR
general_on_error(); general_on_error();

1
src/burp/burp.h
View File

@ -249,6 +249,7 @@ enum att_type {
att_SQL_dialect, // SQL dialect that it speaks att_SQL_dialect, // SQL dialect that it speaks
att_db_read_only, // Is the database ReadOnly? att_db_read_only, // Is the database ReadOnly?
att_database_linger, // Disconnection timeout att_database_linger, // Disconnection timeout
att_database_sql_security,// default sql security value
// Relation attributes // Relation attributes

32
src/burp/restore.epp
View File

@ -9780,7 +9780,7 @@ bool restore(BurpGlobals* tdgbl, const TEXT* file_name, const TEXT* database_nam
// msg 129 started transaction // msg 129 started transaction
att_type attribute; att_type attribute;
isc_req_handle req_handle2 = 0, req_handle3 = 0, req_handle4 = 0; isc_req_handle req_handle2 = 0, req_handle3 = 0, req_handle4 = 0, req_handle5 = 0;
while (get_attribute(&attribute, tdgbl) != att_end) while (get_attribute(&attribute, tdgbl) != att_end)
{ {
@ -9857,6 +9857,35 @@ bool restore(BurpGlobals* tdgbl, const TEXT* file_name, const TEXT* database_nam
} }
break; break;
case att_database_sql_security:
if (tdgbl->RESTORE_format >= 11)
{
if (tdgbl->runtimeODS >= DB_VERSION_DDL12)
{
FOR (REQUEST_HANDLE req_handle5)
X IN RDB$DATABASE
MODIFY X USING
X.RDB$SQL_SECURITY = get_boolean(tdgbl);
END_MODIFY;
ON_ERROR
general_on_error();
END_ERROR;
END_FOR;
ON_ERROR
general_on_error();
END_ERROR;
}
else
get_boolean(tdgbl);
}
else
{
// Functions that use scan_next_attr initialize it to NO_SKIP using skip_init().
// Here we don't use that logic, hence the first param to bad_attribute is hardcoded.
bad_attribute(NO_SKIP, attribute, 352);
}
break;
default: default:
{ {
SSHORT l = get(tdgbl); SSHORT l = get(tdgbl);
@ -9870,6 +9899,7 @@ bool restore(BurpGlobals* tdgbl, const TEXT* file_name, const TEXT* database_nam
MISC_release_request_silent(req_handle2); MISC_release_request_silent(req_handle2);
MISC_release_request_silent(req_handle3); MISC_release_request_silent(req_handle3);
MISC_release_request_silent(req_handle4); MISC_release_request_silent(req_handle4);
MISC_release_request_silent(req_handle5);
if (tdgbl->gbl_sw_fix_fss_data) if (tdgbl->gbl_sw_fix_fss_data)
{ {

9
src/dsql/DdlNodes.epp
View File

@ -7585,14 +7585,11 @@ void AlterRelationNode::execute(thread_db* tdbb, DsqlCompilerScratch* dsqlScratc
case Clause::TYPE_ALTER_SQL_SECURITY: case Clause::TYPE_ALTER_SQL_SECURITY:
{ {
AutoRequest request; AutoRequest request;
bool found = false;
FOR(REQUEST_HANDLE request TRANSACTION_HANDLE transaction) FOR(REQUEST_HANDLE request TRANSACTION_HANDLE transaction)
REL IN RDB$RELATIONS REL IN RDB$RELATIONS
WITH REL.RDB$RELATION_NAME EQ name.c_str() WITH REL.RDB$RELATION_NAME EQ name.c_str()
{ {
found = true;
MODIFY REL MODIFY REL
{ {
const Nullable<bool> ssDefiner = const Nullable<bool> ssDefiner =
@ -11949,6 +11946,12 @@ void AlterDatabaseNode::execute(thread_db* tdbb, DsqlCompilerScratch* dsqlScratc
DBB.RDB$LINGER = linger; DBB.RDB$LINGER = linger;
} }
if (ssDefiner.specified)
{
DBB.RDB$SQL_SECURITY.NULL = FALSE;
DBB.RDB$SQL_SECURITY = ssDefiner.value ? FB_TRUE : FB_FALSE;
}
if (clauses & CLAUSE_BEGIN_BACKUP) if (clauses & CLAUSE_BEGIN_BACKUP)
changeBackupMode(tdbb, transaction, CLAUSE_BEGIN_BACKUP); changeBackupMode(tdbb, transaction, CLAUSE_BEGIN_BACKUP);

1
src/dsql/DdlNodes.h
View File

@ -2318,6 +2318,7 @@ public:
Firebird::Array<NestConst<DbFileClause> > files; Firebird::Array<NestConst<DbFileClause> > files;
Firebird::MetaName cryptPlugin; Firebird::MetaName cryptPlugin;
Firebird::MetaName keyName; Firebird::MetaName keyName;
Nullable<bool> ssDefiner;
}; };

2
src/dsql/parse.y
View File

@ -4146,6 +4146,8 @@ db_alter_clause($alterDatabaseNode)
{ $alterDatabaseNode->linger = $4; } { $alterDatabaseNode->linger = $4; }
| DROP LINGER | DROP LINGER
{ $alterDatabaseNode->linger = 0; } { $alterDatabaseNode->linger = 0; }
| SET DEFAULT sql_security_clause
{ $alterDatabaseNode->ssDefiner = $3; }
; ;
%type crypt_key_clause(<alterDatabaseNode>) %type crypt_key_clause(<alterDatabaseNode>)

1
src/include/gen/ids.h
View File

@ -40,6 +40,7 @@
const USHORT f_dat_class = 2; const USHORT f_dat_class = 2;
const USHORT f_dat_charset = 3; const USHORT f_dat_charset = 3;
const USHORT f_dat_linger = 4; const USHORT f_dat_linger = 4;
const USHORT f_dat_sql_security = 5;
// Relation 2 (RDB$FIELDS) // Relation 2 (RDB$FIELDS)

9
src/isql/extract.epp
View File

@ -2076,6 +2076,15 @@ static void list_create_db()
return; return;
END_ERROR; END_ERROR;
FOR DBPSS IN RDB$DATABASE
WITH DBPSS.RDB$SQL_SECURITY NOT MISSING
AND DBPSS.RDB$SQL_SECURITY == FB_TRUE
isqlGlob.printf("%sALTER DATABASE SET DEFAULT SQL SECURITY DEFINER%s", NEWLINE, isqlGlob.global_Term);
END_FOR
ON_ERROR
ISQL_errmsg(fbStatus);
return;
END_ERROR;
if (nodb) if (nodb)
isqlGlob.printf(" */%s", NEWLINE); isqlGlob.printf(" */%s", NEWLINE);

3
src/isql/show.epp
View File

@ -3544,6 +3544,9 @@ static void show_db()
if (!DBB2.RDB$LINGER.NULL && DBB2.RDB$LINGER > 0) if (!DBB2.RDB$LINGER.NULL && DBB2.RDB$LINGER > 0)
isqlGlob.printf("Linger: %d seconds%s", DBB2.RDB$LINGER, NEWLINE); isqlGlob.printf("Linger: %d seconds%s", DBB2.RDB$LINGER, NEWLINE);
if (!DBB2.RDB$SQL_SECURITY.NULL && DBB2.RDB$SQL_SECURITY == FB_TRUE)
isqlGlob.printf("SQL SECURITY DEFINER%s", NEWLINE);
if (++pass > 1) if (++pass > 1)
isqlGlob.printf("RDB$DATABASE has more than one record%s", NEWLINE); isqlGlob.printf("RDB$DATABASE has more than one record%s", NEWLINE);

1
src/jrd/Database.h
View File

@ -470,6 +470,7 @@ public:
unsigned dbb_linger_seconds; unsigned dbb_linger_seconds;
time_t dbb_linger_end; time_t dbb_linger_end;
Firebird::RefPtr<Firebird::IPluginConfig> dbb_plugin_config; Firebird::RefPtr<Firebird::IPluginConfig> dbb_plugin_config;
Nullable<bool> dbb_ss_definer; // default sql security value
// returns true if primary file is located on raw device // returns true if primary file is located on raw device
bool onRawDevice() const; bool onRawDevice() const;

9
src/jrd/Function.epp
View File

@ -246,8 +246,13 @@ Function* Function::loadMetadata(thread_db* tdbb, USHORT id, bool noscan, USHORT
END_FOR END_FOR
} }
if (!function->ssDefiner.specified && !X.RDB$SQL_SECURITY.NULL) if (!function->ssDefiner.specified)
function->ssDefiner = (bool) X.RDB$SQL_SECURITY; {
if (!X.RDB$SQL_SECURITY.NULL)
function->ssDefiner = (bool) X.RDB$SQL_SECURITY;
else
function->ssDefiner = MET_get_ss_definer(tdbb);
}
size_t count = 0; size_t count = 0;
ULONG length = 0; ULONG length = 0;

1
src/jrd/irq.h
View File

@ -179,6 +179,7 @@ enum irq_type_t
irq_l_curr_format, // lookup table's current format irq_l_curr_format, // lookup table's current format
irq_linger, // get database linger value irq_linger, // get database linger value
irq_dbb_ss_definer, // get database sql security value
irq_MAX irq_MAX
}; };

41
src/jrd/met.epp
View File

@ -1974,6 +1974,7 @@ void MET_load_trigger(thread_db* tdbb,
Nullable<bool> ssDefiner; Nullable<bool> ssDefiner;
// If SQL SECURITY for relation was not specified it will re-use DB default so we should not care about it
if (!TRG.RDB$SQL_SECURITY.NULL) if (!TRG.RDB$SQL_SECURITY.NULL)
ssDefiner = (bool) TRG.RDB$SQL_SECURITY; ssDefiner = (bool) TRG.RDB$SQL_SECURITY;
else if (relation) else if (relation)
@ -3343,8 +3344,13 @@ jrd_prc* MET_procedure(thread_db* tdbb, USHORT id, bool noscan, USHORT flags)
END_FOR END_FOR
} }
if (!procedure->ssDefiner.specified && !P.RDB$SQL_SECURITY.NULL) if (!procedure->ssDefiner.specified)
procedure->ssDefiner = (bool) P.RDB$SQL_SECURITY; {
if (!P.RDB$SQL_SECURITY.NULL)
procedure->ssDefiner = (bool) P.RDB$SQL_SECURITY;
else
procedure->ssDefiner = MET_get_ss_definer(tdbb);
}
procedure->owner = P.RDB$OWNER_NAME; procedure->owner = P.RDB$OWNER_NAME;
procedure->setImplemented(true); procedure->setImplemented(true);
@ -3801,6 +3807,8 @@ void MET_scan_relation(thread_db* tdbb, jrd_rel* relation)
if (!REL.RDB$SQL_SECURITY.NULL) if (!REL.RDB$SQL_SECURITY.NULL)
relation->rel_ss_definer = (bool) REL.RDB$SQL_SECURITY; relation->rel_ss_definer = (bool) REL.RDB$SQL_SECURITY;
else
relation->rel_ss_definer = MET_get_ss_definer(tdbb);
if (!REL.RDB$VIEW_BLR.isEmpty()) if (!REL.RDB$VIEW_BLR.isEmpty())
{ {
@ -5380,3 +5388,32 @@ int MET_get_linger(thread_db* tdbb)
return rc; return rc;
} }
Nullable<bool> MET_get_ss_definer(Jrd::thread_db* tdbb)
{
/**************************************
*
* M E T _ s s _ d e f i n e r
*
**************************************
*
* Functional description
* Return sql security value for current database
*
**************************************/
SET_TDBB(tdbb);
Attachment* attachment = tdbb->getAttachment();
Nullable<bool> r;
AutoCacheRequest request(tdbb, irq_dbb_ss_definer, IRQ_REQUESTS);
FOR(REQUEST_HANDLE request)
DBB IN RDB$DATABASE
{
if (!DBB.RDB$SQL_SECURITY.NULL)
r = DBB.RDB$SQL_SECURITY;
}
END_FOR
return r;
}

1
src/jrd/met_proto.h
View File

@ -140,4 +140,5 @@ Firebird::MetaName MET_get_relation_field(Jrd::thread_db*, MemoryPool& csbPool,
const Firebird::MetaName&, const Firebird::MetaName&, dsc*, Jrd::FieldInfo*); const Firebird::MetaName&, const Firebird::MetaName&, dsc*, Jrd::FieldInfo*);
void MET_update_partners(Jrd::thread_db*); void MET_update_partners(Jrd::thread_db*);
int MET_get_linger(Jrd::thread_db*); int MET_get_linger(Jrd::thread_db*);
Nullable<bool> MET_get_ss_definer(Jrd::thread_db*);
#endif // JRD_MET_PROTO_H #endif // JRD_MET_PROTO_H

1
src/jrd/relations.h
View File

@ -39,6 +39,7 @@ RELATION(nam_database, rel_database, ODS_8_0, rel_persistent)
FIELD(f_dat_class, nam_class, fld_class, 1, ODS_8_0) FIELD(f_dat_class, nam_class, fld_class, 1, ODS_8_0)
FIELD(f_dat_charset, nam_charset_name, fld_charset_name, 1, ODS_8_0) FIELD(f_dat_charset, nam_charset_name, fld_charset_name, 1, ODS_8_0)
FIELD(f_dat_linger, nam_linger, fld_linger, 1, ODS_12_0) FIELD(f_dat_linger, nam_linger, fld_linger, 1, ODS_12_0)
FIELD(f_dat_sql_security, nam_sql_security, fld_b_sql_security, 1, ODS_13_0)
END_RELATION END_RELATION
// Relation 2 (RDB$FIELDS) // Relation 2 (RDB$FIELDS)