mirror of
https://github.com/FirebirdSQL/firebird.git
synced 2025-01-23 04:43:03 +01:00
Fixed CORE-4980: Operator REVOKE can modify rights granted to system tables at DB creation time
This commit is contained in:
alexpeshkoff
parent
80e0b8375d
commit
ea49fcaa52
@ -762,6 +762,7 @@ struct burp_meta_obj
|
||||
burp_meta_obj* obj_next;
|
||||
USHORT obj_type;
|
||||
GDS_NAME obj_name;
|
||||
bool obj_class;
|
||||
};
|
||||
|
||||
// CVC: Could use MAXPATHLEN, but what about restoring in a different system?
|
||||
|
||||
@ -237,12 +237,13 @@ const int USER_PRIV_FIELD_NAME = 32;
|
||||
const int USER_PRIV_USER_TYPE = 64;
|
||||
const int USER_PRIV_OBJECT_TYPE = 128;
|
||||
|
||||
static inline void collect_missing_privs(BurpGlobals* tdgbl, USHORT type, const GDS_NAME name)
|
||||
static inline void collect_missing_privs(BurpGlobals* tdgbl, USHORT type, const GDS_NAME name, bool hasSecClass)
|
||||
{
|
||||
burp_meta_obj* object = (burp_meta_obj*) BURP_alloc_zero(sizeof(burp_meta_obj));
|
||||
object->obj_next = tdgbl->miss_privs;
|
||||
object->obj_type = type;
|
||||
strcpy(object->obj_name, name);
|
||||
object->obj_class = hasSecClass;
|
||||
tdgbl->miss_privs = object;
|
||||
}
|
||||
|
||||
@ -2196,8 +2197,7 @@ bool get_character_set(BurpGlobals* tdgbl)
|
||||
general_on_error ();
|
||||
END_ERROR;
|
||||
|
||||
if (!securityClass)
|
||||
collect_missing_privs(tdgbl, obj_charset, charset_name);
|
||||
collect_missing_privs(tdgbl, obj_charset, charset_name, securityClass);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -2489,8 +2489,7 @@ bool get_collation(BurpGlobals* tdgbl)
|
||||
general_on_error ();
|
||||
END_ERROR;
|
||||
|
||||
if (!securityClass)
|
||||
collect_missing_privs(tdgbl, obj_collation, coll_name);
|
||||
collect_missing_privs(tdgbl, obj_collation, coll_name, securityClass);
|
||||
}
|
||||
else if (tdgbl->runtimeODS >= DB_VERSION_DDL11)
|
||||
{
|
||||
@ -3360,8 +3359,7 @@ bool get_exception(BurpGlobals* tdgbl)
|
||||
general_on_error ();
|
||||
END_ERROR;
|
||||
|
||||
if (!securityClass)
|
||||
collect_missing_privs(tdgbl, obj_exception, exception_name);
|
||||
collect_missing_privs(tdgbl, obj_exception, exception_name, securityClass);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -4366,8 +4364,7 @@ bool get_function(BurpGlobals* tdgbl)
|
||||
existFlag = true;
|
||||
END_ERROR;
|
||||
|
||||
if (!securityClass)
|
||||
collect_missing_privs(tdgbl, obj_udf, function_name);
|
||||
collect_missing_privs(tdgbl, obj_udf, function_name, securityClass);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -5545,8 +5542,7 @@ bool get_global_field(BurpGlobals* tdgbl)
|
||||
general_on_error ();
|
||||
END_ERROR;
|
||||
|
||||
if (!securityClass)
|
||||
collect_missing_privs(tdgbl, obj_field, field_name);
|
||||
collect_missing_privs(tdgbl, obj_field, field_name, securityClass);
|
||||
}
|
||||
else if (tdgbl->runtimeODS >= DB_VERSION_DDL10)
|
||||
{
|
||||
@ -8935,6 +8931,7 @@ bool get_user_privilege(BurpGlobals* tdgbl)
|
||||
|
||||
user_type = obj_user;
|
||||
object_type = obj_relation;
|
||||
grantor[0] = 0;
|
||||
|
||||
skip_init(&scan_next_attr);
|
||||
while (skip_scan(&scan_next_attr), get_attribute(&attribute, tdgbl) != att_end)
|
||||
@ -8995,7 +8992,8 @@ bool get_user_privilege(BurpGlobals* tdgbl)
|
||||
// Check if object exists
|
||||
isc_tr_handle local_trans = 0;
|
||||
bool exists = false;
|
||||
switch (object_type)
|
||||
// if grantor is not set than it's system privilege which should not be restored
|
||||
if (grantor[0]) switch (object_type)
|
||||
{
|
||||
case obj_package_header:
|
||||
{
|
||||
@ -9029,11 +9027,31 @@ bool get_user_privilege(BurpGlobals* tdgbl)
|
||||
exists = true;
|
||||
if (rel->rel_flags & REL_view)
|
||||
local_trans = tdgbl->global_trans ? tdgbl->global_trans : gds_trans;
|
||||
break;
|
||||
break;
|
||||
}
|
||||
}
|
||||
break;
|
||||
|
||||
case obj_charset:
|
||||
case obj_collation:
|
||||
case obj_exception:
|
||||
case obj_udf:
|
||||
case obj_field:
|
||||
case obj_generator:
|
||||
{
|
||||
for (burp_meta_obj* object = tdgbl->miss_privs; object; object = object->obj_next)
|
||||
if (object->obj_type == object_type && strcmp(object->obj_name, relation_name) == 0)
|
||||
{
|
||||
if (object->obj_class)
|
||||
exists = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
break;
|
||||
|
||||
case obj_database:
|
||||
break;
|
||||
|
||||
default:
|
||||
exists = true;
|
||||
break;
|
||||
@ -10234,8 +10252,7 @@ void store_blr_gen_id(BurpGlobals* tdgbl, const TEXT* gen_name, SINT64 value, SI
|
||||
general_on_error ();
|
||||
END_ERROR;
|
||||
|
||||
if (!secclass)
|
||||
collect_missing_privs(tdgbl, obj_generator, gen_name);
|
||||
collect_missing_privs(tdgbl, obj_generator, gen_name, secclass);
|
||||
}
|
||||
else if (tdgbl->runtimeODS >= DB_VERSION_DDL11)
|
||||
{
|
||||
@ -10637,6 +10654,9 @@ void fix_missing_privileges(BurpGlobals* tdgbl)
|
||||
|
||||
for (burp_meta_obj* object = tdgbl->miss_privs; object; object = object->obj_next)
|
||||
{
|
||||
if (object->obj_class)
|
||||
continue;
|
||||
|
||||
const char* const privilege = (object->obj_type == obj_udf) ? "X" : "G";
|
||||
|
||||
for (int i = 1; i >= 0; i--)
|
||||
|
||||
@ -2428,6 +2428,7 @@ void DropFunctionNode::execute(thread_db* tdbb, DsqlCompilerScratch* dsqlScratch
|
||||
FOR (REQUEST_HANDLE requestHandle TRANSACTION_HANDLE transaction)
|
||||
PRIV IN RDB$USER_PRIVILEGES WITH PRIV.RDB$RELATION_NAME EQ name.c_str()
|
||||
AND PRIV.RDB$OBJECT_TYPE = obj_udf
|
||||
AND PRIV.RDB$GRANTOR NOT MISSING
|
||||
{
|
||||
ERASE PRIV;
|
||||
}
|
||||
@ -2438,6 +2439,7 @@ void DropFunctionNode::execute(thread_db* tdbb, DsqlCompilerScratch* dsqlScratch
|
||||
FOR (REQUEST_HANDLE requestHandle TRANSACTION_HANDLE transaction)
|
||||
PRIV IN RDB$USER_PRIVILEGES WITH PRIV.RDB$USER EQ name.c_str()
|
||||
AND PRIV.RDB$USER_TYPE = obj_udf
|
||||
AND PRIV.RDB$GRANTOR NOT MISSING
|
||||
{
|
||||
ERASE PRIV;
|
||||
}
|
||||
@ -3213,6 +3215,7 @@ void DropProcedureNode::execute(thread_db* tdbb, DsqlCompilerScratch* dsqlScratc
|
||||
FOR (REQUEST_HANDLE requestHandle TRANSACTION_HANDLE transaction)
|
||||
PRIV IN RDB$USER_PRIVILEGES WITH PRIV.RDB$RELATION_NAME EQ name.c_str()
|
||||
AND PRIV.RDB$OBJECT_TYPE = obj_procedure
|
||||
AND PRIV.RDB$GRANTOR NOT MISSING
|
||||
{
|
||||
ERASE PRIV;
|
||||
}
|
||||
@ -3223,6 +3226,7 @@ void DropProcedureNode::execute(thread_db* tdbb, DsqlCompilerScratch* dsqlScratc
|
||||
FOR (REQUEST_HANDLE requestHandle TRANSACTION_HANDLE transaction)
|
||||
PRIV IN RDB$USER_PRIVILEGES WITH PRIV.RDB$USER EQ name.c_str()
|
||||
AND PRIV.RDB$USER_TYPE = obj_procedure
|
||||
AND PRIV.RDB$GRANTOR NOT MISSING
|
||||
{
|
||||
ERASE PRIV;
|
||||
}
|
||||
@ -3695,7 +3699,8 @@ void DropTriggerNode::execute(thread_db* tdbb, DsqlCompilerScratch* dsqlScratch,
|
||||
FOR (REQUEST_HANDLE requestHandle TRANSACTION_HANDLE transaction)
|
||||
PRIV IN RDB$USER_PRIVILEGES
|
||||
WITH PRIV.RDB$USER EQ name.c_str() AND
|
||||
PRIV.RDB$USER_TYPE = obj_trigger
|
||||
PRIV.RDB$USER_TYPE = obj_trigger AND
|
||||
PRIV.RDB$GRANTOR NOT MISSING
|
||||
{
|
||||
ERASE PRIV;
|
||||
}
|
||||
@ -4106,7 +4111,8 @@ void DropCollationNode::execute(thread_db* tdbb, DsqlCompilerScratch* dsqlScratc
|
||||
FOR (REQUEST_HANDLE request TRANSACTION_HANDLE transaction)
|
||||
PRIV IN RDB$USER_PRIVILEGES
|
||||
WITH PRIV.RDB$RELATION_NAME EQ name.c_str() AND
|
||||
PRIV.RDB$OBJECT_TYPE = obj_collation
|
||||
PRIV.RDB$OBJECT_TYPE = obj_collation AND
|
||||
PRIV.RDB$GRANTOR NOT MISSING
|
||||
{
|
||||
ERASE PRIV;
|
||||
}
|
||||
@ -5099,7 +5105,8 @@ void DropDomainNode::execute(thread_db* tdbb, DsqlCompilerScratch* dsqlScratch,
|
||||
FOR (REQUEST_HANDLE request TRANSACTION_HANDLE transaction)
|
||||
PRIV IN RDB$USER_PRIVILEGES
|
||||
WITH PRIV.RDB$RELATION_NAME EQ name.c_str() AND
|
||||
PRIV.RDB$OBJECT_TYPE = obj_field
|
||||
PRIV.RDB$OBJECT_TYPE = obj_field AND
|
||||
PRIV.RDB$GRANTOR NOT MISSING
|
||||
{
|
||||
ERASE PRIV;
|
||||
}
|
||||
@ -5368,7 +5375,8 @@ void DropExceptionNode::execute(thread_db* tdbb, DsqlCompilerScratch* dsqlScratc
|
||||
FOR (REQUEST_HANDLE request TRANSACTION_HANDLE transaction)
|
||||
PRIV IN RDB$USER_PRIVILEGES
|
||||
WITH PRIV.RDB$RELATION_NAME EQ name.c_str() AND
|
||||
PRIV.RDB$OBJECT_TYPE = obj_exception
|
||||
PRIV.RDB$OBJECT_TYPE = obj_exception AND
|
||||
PRIV.RDB$GRANTOR NOT MISSING
|
||||
{
|
||||
ERASE PRIV;
|
||||
}
|
||||
@ -5712,7 +5720,8 @@ void DropSequenceNode::execute(thread_db* tdbb, DsqlCompilerScratch* dsqlScratch
|
||||
FOR (REQUEST_HANDLE request TRANSACTION_HANDLE transaction)
|
||||
PRIV IN RDB$USER_PRIVILEGES
|
||||
WITH PRIV.RDB$RELATION_NAME EQ name.c_str() AND
|
||||
PRIV.RDB$OBJECT_TYPE = obj_generator
|
||||
PRIV.RDB$OBJECT_TYPE = obj_generator AND
|
||||
PRIV.RDB$GRANTOR NOT MISSING
|
||||
{
|
||||
ERASE PRIV;
|
||||
}
|
||||
@ -6064,7 +6073,8 @@ void RelationNode::deleteLocalField(thread_db* tdbb, jrd_tra* transaction,
|
||||
PRIV IN RDB$USER_PRIVILEGES
|
||||
WITH PRIV.RDB$RELATION_NAME EQ relationName.c_str() AND
|
||||
PRIV.RDB$FIELD_NAME EQ fieldName.c_str() AND
|
||||
PRIV.RDB$OBJECT_TYPE = obj_relation
|
||||
PRIV.RDB$OBJECT_TYPE = obj_relation AND
|
||||
PRIV.RDB$GRANTOR NOT MISSING
|
||||
{
|
||||
ERASE PRIV;
|
||||
}
|
||||
@ -8155,7 +8165,8 @@ void DropRelationNode::execute(thread_db* tdbb, DsqlCompilerScratch* dsqlScratch
|
||||
FOR(REQUEST_HANDLE request2 TRANSACTION_HANDLE transaction)
|
||||
PRIV IN RDB$USER_PRIVILEGES
|
||||
WITH PRIV.RDB$USER EQ triggerName.c_str() AND
|
||||
PRIV.RDB$USER_TYPE = obj_trigger
|
||||
PRIV.RDB$USER_TYPE = obj_trigger AND
|
||||
PRIV.RDB$GRANTOR NOT MISSING
|
||||
{
|
||||
ERASE PRIV;
|
||||
}
|
||||
@ -8168,7 +8179,8 @@ void DropRelationNode::execute(thread_db* tdbb, DsqlCompilerScratch* dsqlScratch
|
||||
FOR(REQUEST_HANDLE request TRANSACTION_HANDLE transaction)
|
||||
PRIV IN RDB$USER_PRIVILEGES
|
||||
WITH PRIV.RDB$RELATION_NAME EQ name.c_str() AND
|
||||
PRIV.RDB$OBJECT_TYPE = obj_relation
|
||||
PRIV.RDB$OBJECT_TYPE = obj_relation AND
|
||||
PRIV.RDB$GRANTOR NOT MISSING
|
||||
{
|
||||
ERASE PRIV;
|
||||
}
|
||||
@ -8179,7 +8191,8 @@ void DropRelationNode::execute(thread_db* tdbb, DsqlCompilerScratch* dsqlScratch
|
||||
FOR(REQUEST_HANDLE request TRANSACTION_HANDLE transaction)
|
||||
PRIV IN RDB$USER_PRIVILEGES
|
||||
WITH PRIV.RDB$USER EQ name.c_str() AND
|
||||
PRIV.RDB$USER_TYPE = obj_view
|
||||
PRIV.RDB$USER_TYPE = obj_view AND
|
||||
PRIV.RDB$GRANTOR NOT MISSING
|
||||
{
|
||||
ERASE PRIV;
|
||||
}
|
||||
@ -10429,8 +10442,9 @@ void DropRoleNode::execute(thread_db* tdbb, DsqlCompilerScratch* dsqlScratch, jr
|
||||
// The 2nd OR clause finds all privileges granted to the role
|
||||
FOR(REQUEST_HANDLE request2 TRANSACTION_HANDLE transaction)
|
||||
PRIV IN RDB$USER_PRIVILEGES
|
||||
WITH (PRIV.RDB$RELATION_NAME EQ name.c_str() AND PRIV.RDB$OBJECT_TYPE = obj_sql_role) OR
|
||||
(PRIV.RDB$USER EQ name.c_str() AND PRIV.RDB$USER_TYPE = obj_sql_role)
|
||||
WITH ((PRIV.RDB$RELATION_NAME EQ name.c_str() AND PRIV.RDB$OBJECT_TYPE = obj_sql_role) OR
|
||||
(PRIV.RDB$USER EQ name.c_str() AND PRIV.RDB$USER_TYPE = obj_sql_role)) AND
|
||||
PRIV.RDB$GRANTOR NOT MISSING
|
||||
{
|
||||
ERASE PRIV;
|
||||
}
|
||||
@ -10991,7 +11005,8 @@ void GrantRevokeNode::grantRevoke(thread_db* tdbb, jrd_tra* transaction, const G
|
||||
FOR(REQUEST_HANDLE request TRANSACTION_HANDLE transaction)
|
||||
PRIV IN RDB$USER_PRIVILEGES
|
||||
WITH PRIV.RDB$USER = user.c_str() AND
|
||||
PRIV.RDB$USER_TYPE = userType
|
||||
PRIV.RDB$USER_TYPE = userType AND
|
||||
PRIV.RDB$GRANTOR NOT MISSING
|
||||
{
|
||||
if (tdbb->getAttachment()->att_user->locksmith() || grantorRevoker == PRIV.RDB$GRANTOR)
|
||||
{
|
||||
@ -11131,7 +11146,8 @@ void GrantRevokeNode::grantRevoke(thread_db* tdbb, jrd_tra* transaction, const G
|
||||
PRIV.RDB$PRIVILEGE EQ priv AND
|
||||
PRIV.RDB$USER = user.c_str() AND
|
||||
PRIV.RDB$USER_TYPE = userType AND
|
||||
PRIV.RDB$FIELD_NAME EQ field.c_str()
|
||||
PRIV.RDB$FIELD_NAME EQ field.c_str() AND
|
||||
PRIV.RDB$GRANTOR NOT MISSING
|
||||
{
|
||||
if (grantorRevoker == PRIV.RDB$GRANTOR)
|
||||
{
|
||||
@ -11151,7 +11167,8 @@ void GrantRevokeNode::grantRevoke(thread_db* tdbb, jrd_tra* transaction, const G
|
||||
PRIV.RDB$RELATION_NAME EQ objName.c_str() AND
|
||||
PRIV.RDB$OBJECT_TYPE = objType AND
|
||||
PRIV.RDB$USER EQ user.c_str() AND
|
||||
PRIV.RDB$USER_TYPE = userType
|
||||
PRIV.RDB$USER_TYPE = userType AND
|
||||
PRIV.RDB$GRANTOR NOT MISSING
|
||||
{
|
||||
// Revoking a permission at the table level implies revoking the perm. on all
|
||||
// columns. So for all fields in this table which have been granted the
|
||||
|
||||
@ -707,9 +707,10 @@ void DropPackageNode::execute(thread_db* tdbb, DsqlCompilerScratch* dsqlScratch,
|
||||
|
||||
FOR (REQUEST_HANDLE requestHandle TRANSACTION_HANDLE transaction)
|
||||
PRIV IN RDB$USER_PRIVILEGES
|
||||
WITH (PRIV.RDB$RELATION_NAME EQ name.c_str() AND
|
||||
WITH ((PRIV.RDB$RELATION_NAME EQ name.c_str() AND
|
||||
PRIV.RDB$OBJECT_TYPE = obj_package_header) OR
|
||||
(PRIV.RDB$USER EQ name.c_str() AND PRIV.RDB$USER_TYPE = obj_package_header)
|
||||
(PRIV.RDB$USER EQ name.c_str() AND PRIV.RDB$USER_TYPE = obj_package_header)) AND
|
||||
PRIV.RDB$GRANTOR NOT MISSING
|
||||
{
|
||||
ERASE PRIV;
|
||||
}
|
||||
|
||||
@ -563,7 +563,7 @@ void SHOW_read_owner()
|
||||
}
|
||||
|
||||
|
||||
static const char* granted_by(char* buffer, const char* grantor)
|
||||
static const char* granted_by(char* buffer, const char* grantor, bool nullGrantor)
|
||||
{
|
||||
/**************************************
|
||||
*
|
||||
@ -600,7 +600,7 @@ static const char* granted_by(char* buffer, const char* grantor)
|
||||
|
||||
strcpy(buffer, grantor);
|
||||
fb_utils::exact_name(buffer);
|
||||
if (!strcmp(buffer, owner))
|
||||
if ((!strcmp(buffer, owner)) || nullGrantor)
|
||||
buffer[0] = '\0';
|
||||
else
|
||||
{
|
||||
@ -757,7 +757,7 @@ processing_state SHOW_grants2 (const SCHAR* object,
|
||||
isqlGlob.printf("GRANT %s%s ON %s TO %s%s%s%s%s",
|
||||
priv_string, col_string,
|
||||
SQL_identifier,
|
||||
user_string, with_option, granted_by(buf_grantor, prev_grantor),
|
||||
user_string, with_option, granted_by(buf_grantor, prev_grantor, false),
|
||||
terminator, NEWLINE);
|
||||
|
||||
// re-initialize strings
|
||||
@ -872,7 +872,7 @@ processing_state SHOW_grants2 (const SCHAR* object,
|
||||
isqlGlob.printf("GRANT %s%s ON %s TO %s%s%s%s%s",
|
||||
priv_string, col_string,
|
||||
SQL_identifier,
|
||||
user_string, with_option, granted_by(buf_grantor, prev_grantor), terminator, NEWLINE);
|
||||
user_string, with_option, granted_by(buf_grantor, prev_grantor, false), terminator, NEWLINE);
|
||||
}
|
||||
|
||||
END_FOR
|
||||
@ -944,7 +944,7 @@ processing_state SHOW_grants2 (const SCHAR* object,
|
||||
|
||||
isqlGlob.printf("GRANT EXECUTE ON PROCEDURE %s TO %s%s%s%s%s",
|
||||
SQL_identifier, user_string, with_option,
|
||||
granted_by(buf_grantor, PRV.RDB$GRANTOR), terminator, NEWLINE);
|
||||
granted_by(buf_grantor, PRV.RDB$GRANTOR, PRV.RDB$GRANTOR.NULL), terminator, NEWLINE);
|
||||
|
||||
END_FOR
|
||||
ON_ERROR
|
||||
@ -997,7 +997,7 @@ processing_state SHOW_grants2 (const SCHAR* object,
|
||||
with_option[0] = '\0';
|
||||
|
||||
sprintf(Print_buffer, "GRANT %s TO %s%s%s%s%s", SQL_identifier,
|
||||
user_string, with_option, granted_by(buf_grantor, PRV.RDB$GRANTOR),
|
||||
user_string, with_option, granted_by(buf_grantor, PRV.RDB$GRANTOR, PRV.RDB$GRANTOR.NULL),
|
||||
terminator, NEWLINE);
|
||||
|
||||
if (first && optional_msg)
|
||||
@ -1076,7 +1076,8 @@ processing_state SHOW_grants2 (const SCHAR* object,
|
||||
|
||||
isqlGlob.printf("GRANT EXECUTE ON PACKAGE %s TO %s%s%s%s%s",
|
||||
SQL_identifier, user_string, with_option,
|
||||
granted_by(buf_grantor, PRV.RDB$GRANTOR), terminator, NEWLINE);
|
||||
granted_by(buf_grantor, PRV.RDB$GRANTOR, PRV.RDB$GRANTOR.NULL),
|
||||
terminator, NEWLINE);
|
||||
|
||||
END_FOR
|
||||
ON_ERROR
|
||||
@ -1152,7 +1153,8 @@ processing_state SHOW_grants2 (const SCHAR* object,
|
||||
|
||||
isqlGlob.printf("GRANT EXECUTE ON FUNCTION %s TO %s%s%s%s%s",
|
||||
SQL_identifier, user_string, with_option,
|
||||
granted_by(buf_grantor, PRV.RDB$GRANTOR), terminator, NEWLINE);
|
||||
granted_by(buf_grantor, PRV.RDB$GRANTOR, PRV.RDB$GRANTOR.NULL),
|
||||
terminator, NEWLINE);
|
||||
|
||||
END_FOR
|
||||
ON_ERROR
|
||||
@ -1224,7 +1226,8 @@ processing_state SHOW_grants2 (const SCHAR* object,
|
||||
|
||||
isqlGlob.printf("GRANT USAGE ON SEQUENCE %s TO %s%s%s%s%s",
|
||||
SQL_identifier, user_string, with_option,
|
||||
granted_by(buf_grantor, PRV.RDB$GRANTOR), terminator, NEWLINE);
|
||||
granted_by(buf_grantor, PRV.RDB$GRANTOR, PRV.RDB$GRANTOR.NULL),
|
||||
terminator, NEWLINE);
|
||||
|
||||
END_FOR
|
||||
ON_ERROR
|
||||
@ -1296,7 +1299,8 @@ processing_state SHOW_grants2 (const SCHAR* object,
|
||||
|
||||
isqlGlob.printf("GRANT USAGE ON EXCEPTION %s TO %s%s%s%s%s",
|
||||
SQL_identifier, user_string, with_option,
|
||||
granted_by(buf_grantor, PRV.RDB$GRANTOR), terminator, NEWLINE);
|
||||
granted_by(buf_grantor, PRV.RDB$GRANTOR, PRV.RDB$GRANTOR.NULL),
|
||||
terminator, NEWLINE);
|
||||
|
||||
END_FOR
|
||||
ON_ERROR
|
||||
@ -1368,7 +1372,8 @@ processing_state SHOW_grants2 (const SCHAR* object,
|
||||
|
||||
isqlGlob.printf("GRANT USAGE ON DOMAIN %s TO %s%s%s%s%s",
|
||||
SQL_identifier, user_string, with_option,
|
||||
granted_by(buf_grantor, PRV.RDB$GRANTOR), terminator, NEWLINE);
|
||||
granted_by(buf_grantor, PRV.RDB$GRANTOR, PRV.RDB$GRANTOR.NULL),
|
||||
terminator, NEWLINE);
|
||||
|
||||
END_FOR
|
||||
ON_ERROR
|
||||
@ -1440,7 +1445,8 @@ processing_state SHOW_grants2 (const SCHAR* object,
|
||||
|
||||
isqlGlob.printf("GRANT USAGE ON CHARACTER SET %s TO %s%s%s%s%s",
|
||||
SQL_identifier, user_string, with_option,
|
||||
granted_by(buf_grantor, PRV.RDB$GRANTOR), terminator, NEWLINE);
|
||||
granted_by(buf_grantor, PRV.RDB$GRANTOR, PRV.RDB$GRANTOR.NULL),
|
||||
terminator, NEWLINE);
|
||||
|
||||
END_FOR
|
||||
ON_ERROR
|
||||
@ -1512,7 +1518,8 @@ processing_state SHOW_grants2 (const SCHAR* object,
|
||||
|
||||
isqlGlob.printf("GRANT USAGE ON COLLATION %s TO %s%s%s%s%s",
|
||||
SQL_identifier, user_string, with_option,
|
||||
granted_by(buf_grantor, PRV.RDB$GRANTOR), terminator, NEWLINE);
|
||||
granted_by(buf_grantor, PRV.RDB$GRANTOR, PRV.RDB$GRANTOR.NULL),
|
||||
terminator, NEWLINE);
|
||||
|
||||
END_FOR
|
||||
ON_ERROR
|
||||
@ -1656,7 +1663,8 @@ processing_state SHOW_grants2 (const SCHAR* object,
|
||||
|
||||
isqlGlob.printf("GRANT %s %s TO %s%s%s%s%s",
|
||||
priv_string, obj_string, user_string, with_option,
|
||||
granted_by(buf_grantor, PRV.RDB$GRANTOR), terminator, NEWLINE);
|
||||
granted_by(buf_grantor, PRV.RDB$GRANTOR, PRV.RDB$GRANTOR.NULL),
|
||||
terminator, NEWLINE);
|
||||
|
||||
END_FOR
|
||||
ON_ERROR
|
||||
@ -1780,7 +1788,7 @@ void SHOW_grant_roles2 (const SCHAR* terminator,
|
||||
user_string = SQL_identifier2;
|
||||
}
|
||||
isqlGlob.printf("GRANT %s TO %s%s%s%s%s", role,
|
||||
user_string, with_option, granted_by(buf_grantor, grantor), terminator, NEWLINE);
|
||||
user_string, with_option, granted_by(buf_grantor, grantor, false), terminator, NEWLINE);
|
||||
|
||||
END_FOR
|
||||
ON_ERROR
|
||||
|
||||
@ -389,32 +389,6 @@ void INI_format(const char* owner, const char* charset)
|
||||
// Store symbols for international character sets & collations
|
||||
store_intlnames(tdbb, ownerName);
|
||||
|
||||
// Create generators to be used by system triggers
|
||||
|
||||
handle1.reset();
|
||||
|
||||
for (const gen* generator = generators; generator->gen_name; generator++)
|
||||
store_generator(tdbb, generator, handle1, ownerName);
|
||||
|
||||
// Adjust the value of the hidden generator RDB$GENERATORS
|
||||
DPM_gen_id(tdbb, 0, true, FB_NELEM(generators) - 1);
|
||||
|
||||
// store system-defined triggers
|
||||
|
||||
handle1.reset();
|
||||
|
||||
for (const jrd_trg* trigger = triggers; trigger->trg_relation; ++trigger)
|
||||
store_trigger(tdbb, trigger, handle1);
|
||||
|
||||
// store trigger messages to go with triggers
|
||||
|
||||
handle1.reset();
|
||||
|
||||
for (const trigger_msg* message = trigger_messages; message->trigmsg_name; ++message)
|
||||
store_message(tdbb, message, handle1);
|
||||
|
||||
DFW_perform_system_work(tdbb);
|
||||
|
||||
const size_t ownerNameLength = ownerName.length();
|
||||
fb_assert(ownerNameLength <= MAX_UCHAR);
|
||||
|
||||
@ -550,6 +524,32 @@ void INI_format(const char* owner, const char* charset)
|
||||
|
||||
add_security_to_sys_rel(tdbb, ownerName, names[relfld[RFLD_R_NAME]], length, buffer);
|
||||
}
|
||||
|
||||
// Create generators to be used by system triggers
|
||||
|
||||
handle1.reset();
|
||||
|
||||
for (const gen* generator = generators; generator->gen_name; generator++)
|
||||
store_generator(tdbb, generator, handle1, ownerName);
|
||||
|
||||
// Adjust the value of the hidden generator RDB$GENERATORS
|
||||
DPM_gen_id(tdbb, 0, true, FB_NELEM(generators) - 1);
|
||||
|
||||
// store system-defined triggers
|
||||
|
||||
handle1.reset();
|
||||
|
||||
for (const jrd_trg* trigger = triggers; trigger->trg_relation; ++trigger)
|
||||
store_trigger(tdbb, trigger, handle1);
|
||||
|
||||
// store trigger messages to go with triggers
|
||||
|
||||
handle1.reset();
|
||||
|
||||
for (const trigger_msg* message = trigger_messages; message->trigmsg_name; ++message)
|
||||
store_message(tdbb, message, handle1);
|
||||
|
||||
DFW_perform_system_work(tdbb);
|
||||
}
|
||||
|
||||
|
||||
@ -1073,8 +1073,8 @@ static void add_security_to_sys_rel(thread_db* tdbb,
|
||||
PRIV.RDB$GRANT_OPTION = 0;
|
||||
break;
|
||||
}
|
||||
strcpy(PRIV.RDB$GRANTOR, user_name.c_str());
|
||||
PRIV.RDB$PRIVILEGE[1] = 0;
|
||||
PRIV.RDB$GRANTOR.NULL = TRUE;
|
||||
strcpy(PRIV.RDB$RELATION_NAME, rel_name);
|
||||
PRIV.RDB$FIELD_NAME.NULL = TRUE;
|
||||
PRIV.RDB$USER_TYPE = obj_user;
|
||||
@ -1199,6 +1199,7 @@ static void add_security_to_sys_obj(thread_db* tdbb,
|
||||
PRIV.RDB$GRANT_OPTION = 1;
|
||||
PRIV.RDB$USER_TYPE = obj_user;
|
||||
PRIV.RDB$OBJECT_TYPE = obj_type;
|
||||
PRIV.RDB$GRANTOR.NULL = TRUE;
|
||||
END_STORE
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user