firebird/firebird-mirror
firebird/firebird-mirror
8
0
Fork 1
mirror of https://github.com/FirebirdSQL/firebird.git synced 2025-01-24 04:03:03 +01:00
Code Issues

Backported fix for CORE-3932: can create but cant delete user with username containing double quotes with gsec

Browse Source
This commit is contained in:
alexpeshkoff 2012-12-29 11:16:34 +00:00
parent 016c34fbc4
commit e713fdb4c5
1 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/utilities/gsec/security.epp
View File

@ -50,10 +50,18 @@ static bool grantRevokeAdmin(ISC_STATUS* isc_status, FB_API_HANDLE DB, FB_API_HA
return true;
}
Firebird::string sql;
Firebird::string userName(io_user_data->user_name);
for (unsigned i = 0; i < userName.length(); ++i)
{
if (userName[i] == '"')
{
userName.insert(i++, 1, '"');
}
}
Firebird::string sql;
sql.printf(io_user_data->admin ? "GRANT %s TO \"%s\"" : "REVOKE %s FROM \"%s\"",
"RDB$ADMIN", io_user_data->user_name);
"RDB$ADMIN", userName.c_str());
isc_dsql_execute_immediate(isc_status, &DB, &trans, sql.length(), sql.c_str(), SQL_DIALECT_V6, NULL);
if (isc_status[1] && io_user_data->admin == 0)
@ -64,7 +72,7 @@ static bool grantRevokeAdmin(ISC_STATUS* isc_status, FB_API_HANDLE DB, FB_API_HA
AND R.RDB$RELATION_NAME EQ 'RDB$ADMIN'
AND R.RDB$PRIVILEGE EQ 'M'
sql.printf("REVOKE RDB$ADMIN FROM \"%s\" GRANTED BY \"%s\"",
io_user_data->user_name, R.RDB$GRANTOR);
userName.c_str(), R.RDB$GRANTOR);
END_FOR
if (request)
{