firebird/firebird-mirror
firebird/firebird-mirror
8
0
Fork 1
mirror of https://github.com/FirebirdSQL/firebird.git synced 2025-01-23 19:23:03 +01:00
Code Issues

finished rdb$users to match vulcan

Browse Source
This commit is contained in:
alexpeshkoff 2005-10-24 12:30:57 +00:00
parent a6c7916255
commit ec470fa08c
3 changed files with 65 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
src/dbs/security.sql
View File

@ -23,46 +23,44 @@
*/ */
/* Domain definitions */ /* Domain definitions */
CREATE DOMAIN COMMENT AS BLOB SUB_TYPE TEXT SEGMENT SIZE 80 CHARACTER SET UNICODE_FSS; CREATE DOMAIN RDB$COMMENT AS BLOB SUB_TYPE TEXT SEGMENT SIZE 80 CHARACTER SET UNICODE_FSS;
CREATE DOMAIN NAME_PART AS VARCHAR(32) CHARACTER SET UNICODE_FSS DEFAULT _UNICODE_FSS ''; CREATE DOMAIN RDB$NAME_PART AS VARCHAR(32) CHARACTER SET UNICODE_FSS DEFAULT _UNICODE_FSS '';
CREATE DOMAIN GID AS INTEGER; CREATE DOMAIN RDB$GID AS INTEGER;
CREATE DOMAIN PASSWD AS VARCHAR(64) CHARACTER SET BINARY; CREATE DOMAIN RDB$PASSWD AS VARCHAR(64) CHARACTER SET BINARY;
CREATE DOMAIN UID AS INTEGER; CREATE DOMAIN RDB$UID AS INTEGER;
CREATE DOMAIN USER_NAME AS VARCHAR(128) CHARACTER SET UNICODE_FSS; CREATE DOMAIN RDB$USER_NAME AS VARCHAR(128) CHARACTER SET UNICODE_FSS;
CREATE DOMAIN PRIVILEGE AS INTEGER; CREATE DOMAIN RDB$USER_PRIVILEGE AS INTEGER;
/* Table: RDB$USERS */ /* Table: RDB$USERS */
CREATE TABLE RDB$USERS (USER_NAME USER_NAME, CREATE TABLE RDB$USERS (
RDB$USER_NAME RDB$USER_NAME NOT NULL PRIMARY KEY,
/* local system user name for setuid for file permissions */ /* local system user name for setuid for file permissions */
SYS_USER_NAME USER_NAME, RDB$SYS_USER_NAME RDB$USER_NAME,
GROUP_NAME USER_NAME, RDB$GROUP_NAME RDB$USER_NAME,
UID UID, RDB$UID RDB$UID,
GID GID, RDB$GID RDB$GID,
PASSWD PASSWD, RDB$PASSWD RDB$PASSWD,
/* Privilege level of user-mark a user as having DBA privilege */ /* Privilege level of user - mark a user as having DBA privilege */
PRIVILEGE PRIVILEGE, RDB$PRIVILEGE RDB$USER_PRIVILEGE,
COMMENT COMMENT, RDB$COMMENT RDB$COMMENT,
FIRST_NAME NAME_PART, RDB$FIRST_NAME RDB$NAME_PART,
MIDDLE_NAME NAME_PART, RDB$MIDDLE_NAME RDB$NAME_PART,
LAST_NAME NAME_PART); RDB$LAST_NAME RDB$NAME_PART);
COMMIT; COMMIT;
/* Index definition users_bg table */
CREATE UNIQUE INDEX RDB$USER_NAME_INDEX ON RDB$USERS(USER_NAME);
/* View: USERS. Let's user modify his own password. */ /* View: USERS. Let's user modify his own password. */
CREATE VIEW USERS (USER_NAME, SYS_USER_NAME, GROUP_NAME, UID, GID, PASSWD, CREATE VIEW USERS (USER_NAME, SYS_USER_NAME, GROUP_NAME, UID, GID, PASSWD,
PRIVILEGE, COMMENT, FIRST_NAME, MIDDLE_NAME, LAST_NAME, FULL_NAME) AS PRIVILEGE, COMMENT, FIRST_NAME, MIDDLE_NAME, LAST_NAME, FULL_NAME) AS
SELECT USER_NAME, SYS_USER_NAME, GROUP_NAME, UID, GID, PASSWD, SELECT RDB$USER_NAME, RDB$SYS_USER_NAME, RDB$GROUP_NAME, RDB$UID, RDB$GID, RDB$PASSWD,
PRIVILEGE, COMMENT, FIRST_NAME, MIDDLE_NAME, LAST_NAME, RDB$PRIVILEGE, RDB$COMMENT, RDB$FIRST_NAME, RDB$MIDDLE_NAME, RDB$LAST_NAME,
first_name || _UNICODE_FSS ' ' || middle_name || _UNICODE_FSS ' ' || last_name RDB$first_name || _UNICODE_FSS ' ' || RDB$middle_name || _UNICODE_FSS ' ' || RDB$last_name
FROM RDB$USERS FROM RDB$USERS
WHERE CURRENT_USER = 'SYSDBA' WHERE CURRENT_USER = 'SYSDBA'
OR CURRENT_USER = RDB$USERS.USER_NAME; OR CURRENT_USER = RDB$USERS.RDB$USER_NAME;
/* Access rights */ /* Access rights */
GRANT ALL ON RDB$USERS to VIEW USERS; GRANT ALL ON RDB$USERS to VIEW USERS;
@ -73,7 +71,7 @@ GRANT UPDATE(PASSWD, GROUP_NAME, UID, GID, FIRST_NAME, MIDDLE_NAME, LAST_NAME)
COMMIT; COMMIT;
/* Needed record - with PASSWD = random + SHA1 (random + 'SYSDBA' + crypt('masterke')) */ /* Needed record - with PASSWD = random + SHA1 (random + 'SYSDBA' + crypt('masterke')) */
INSERT INTO RDB$USERS(USER_NAME, PASSWD, FIRST_NAME, MIDDLE_NAME, LAST_NAME) INSERT INTO RDB$USERS(RDB$USER_NAME, RDB$PASSWD, RDB$FIRST_NAME, RDB$MIDDLE_NAME, RDB$LAST_NAME)
VALUES ('SYSDBA', 'NLtwcs9LrxLMOYhG0uGM9i6KS7mf3QAKvFVpmRg=', 'Sql', 'Server', 'Administrator'); VALUES ('SYSDBA', 'NLtwcs9LrxLMOYhG0uGM9i6KS7mf3QAKvFVpmRg=', 'Sql', 'Server', 'Administrator');
COMMIT; COMMIT;

8
src/jrd/pwd.cpp
View File

@ -72,22 +72,22 @@ const UCHAR SecurityDatabase::PWD_REQUEST[] = {
blr_literal, blr_short, 0, 1, 0, blr_literal, blr_short, 0, 1, 0,
blr_boolean, blr_boolean,
blr_eql, blr_eql,
blr_field, 0, 9, 'U', 'S', 'E', 'R', '_', 'N', 'A', 'M', 'E', blr_field, 0, 13, 'R', 'D', 'B', '$', 'U', 'S', 'E', 'R', '_', 'N', 'A', 'M', 'E',
blr_parameter, 0, 0, 0, blr_parameter, 0, 0, 0,
blr_end, blr_end,
blr_send, 1, blr_send, 1,
blr_begin, blr_begin,
blr_assignment, blr_assignment,
blr_field, 0, 3, 'G', 'I', 'D', blr_field, 0, 7, 'R', 'D', 'B', '$', 'G', 'I', 'D',
blr_parameter, 1, 0, 0, blr_parameter, 1, 0, 0,
blr_assignment, blr_assignment,
blr_field, 0, 3, 'U', 'I', 'D', blr_field, 0, 7, 'R', 'D', 'B', '$', 'U', 'I', 'D',
blr_parameter, 1, 1, 0, blr_parameter, 1, 1, 0,
blr_assignment, blr_assignment,
blr_literal, blr_short, 0, 1, 0, blr_literal, blr_short, 0, 1, 0,
blr_parameter, 1, 2, 0, blr_parameter, 1, 2, 0,
blr_assignment, blr_assignment,
blr_field, 0, 6, 'P', 'A', 'S', 'S', 'W', 'D', blr_field, 0, 10, 'R', 'D', 'B', '$', 'P', 'A', 'S', 'S', 'W', 'D',
blr_parameter, 1, 3, 0, blr_parameter, 1, 3, 0,
blr_end, blr_end,
blr_send, 1, blr_send, 1,

69
src/misc/upgrade/v2/security_database.sql
View File

@ -64,53 +64,56 @@ DROP DOMAIN PRIVILEGE;
COMMIT; COMMIT;
-- 4. create new objects in database -- 4. create new objects in database
CREATE DOMAIN COMMENT AS BLOB SUB_TYPE TEXT SEGMENT SIZE 80 CHARACTER SET UNICODE_FSS; CREATE DOMAIN RDB$COMMENT AS BLOB SUB_TYPE TEXT SEGMENT SIZE 80 CHARACTER SET UNICODE_FSS;
CREATE DOMAIN NAME_PART AS VARCHAR(32) CHARACTER SET UNICODE_FSS DEFAULT _UNICODE_FSS ''; CREATE DOMAIN RDB$NAME_PART AS VARCHAR(32) CHARACTER SET UNICODE_FSS DEFAULT _UNICODE_FSS '';
CREATE DOMAIN GID AS INTEGER; CREATE DOMAIN RDB$GID AS INTEGER;
CREATE DOMAIN PASSWD AS VARCHAR(64) CHARACTER SET BINARY; CREATE DOMAIN RDB$PASSWD AS VARCHAR(64) CHARACTER SET BINARY;
CREATE DOMAIN UID AS INTEGER; CREATE DOMAIN RDB$UID AS INTEGER;
CREATE DOMAIN USER_NAME AS VARCHAR(128) CHARACTER SET ASCII; CREATE DOMAIN RDB$USER_NAME AS VARCHAR(128) CHARACTER SET UNICODE_FSS;
CREATE DOMAIN PRIVILEGE AS INTEGER; CREATE DOMAIN RDB$USER_PRIVILEGE AS INTEGER;
COMMIT; COMMIT;
CREATE TABLE USERS_BG (USER_NAME USER_NAME,
SYS_USER_NAME USER_NAME,
GROUP_NAME USER_NAME,
UID UID,
GID GID,
PASSWD PASSWD,
PRIVILEGE PRIVILEGE,
COMMENT COMMENT,
FIRST_NAME NAME_PART,
MIDDLE_NAME NAME_PART,
LAST_NAME NAME_PART);
COMMIT;
CREATE UNIQUE INDEX USER_NAME_INDEX ON USERS_BG(USER_NAME); CREATE TABLE RDB$USERS (
RDB$USER_NAME RDB$USER_NAME NOT NULL PRIMARY KEY,
/* local system user name for setuid for file permissions */
RDB$SYS_USER_NAME RDB$USER_NAME,
RDB$GROUP_NAME RDB$USER_NAME,
RDB$UID RDB$UID,
RDB$GID RDB$GID,
RDB$PASSWD RDB$PASSWD,
/* Privilege level of user - mark a user as having DBA privilege */
RDB$PRIVILEGE RDB$USER_PRIVILEGE,
RDB$COMMENT RDB$COMMENT,
RDB$FIRST_NAME RDB$NAME_PART,
RDB$MIDDLE_NAME RDB$NAME_PART,
RDB$LAST_NAME RDB$NAME_PART);
COMMIT; COMMIT;
CREATE VIEW USERS (USER_NAME, SYS_USER_NAME, GROUP_NAME, UID, GID, PASSWD, CREATE VIEW USERS (USER_NAME, SYS_USER_NAME, GROUP_NAME, UID, GID, PASSWD,
PRIVILEGE, COMMENT, FIRST_NAME, MIDDLE_NAME, LAST_NAME, FULL_NAME) AS PRIVILEGE, COMMENT, FIRST_NAME, MIDDLE_NAME, LAST_NAME, FULL_NAME) AS
SELECT USER_NAME, SYS_USER_NAME, GROUP_NAME, UID, GID, PASSWD, SELECT RDB$USER_NAME, RDB$SYS_USER_NAME, RDB$GROUP_NAME, RDB$UID, RDB$GID, RDB$PASSWD,
PRIVILEGE, COMMENT, FIRST_NAME, MIDDLE_NAME, LAST_NAME, RDB$PRIVILEGE, RDB$COMMENT, RDB$FIRST_NAME, RDB$MIDDLE_NAME, RDB$LAST_NAME,
first_name || _UNICODE_FSS ' ' || middle_name || _UNICODE_FSS ' ' || last_name RDB$first_name || _UNICODE_FSS ' ' || RDB$middle_name || _UNICODE_FSS ' ' || RDB$last_name
FROM USERS_BG FROM RDB$USERS
WHERE CURRENT_USER = 'SYSDBA' WHERE CURRENT_USER = 'SYSDBA'
OR CURRENT_USER = USERS_BG.USER_NAME; OR CURRENT_USER = RDB$USERS.RDB$USER_NAME;
COMMIT; COMMIT;
GRANT ALL ON USERS_BG to VIEW USERS; GRANT ALL ON RDB$USERS to VIEW USERS;
GRANT SELECT ON USERS to PUBLIC; GRANT SELECT ON USERS to PUBLIC;
GRANT UPDATE(PASSWD, GROUP_NAME, UID, GID, FIRST_NAME, MIDDLE_NAME, LAST_NAME) GRANT UPDATE(PASSWD, GROUP_NAME, UID, GID, FIRST_NAME, MIDDLE_NAME, LAST_NAME)
ON USERS TO PUBLIC; ON USERS TO PUBLIC;
COMMIT; COMMIT;
-- 5. move data from temporary table and drop it -- 5. move data from temporary table and drop it
INSERT INTO USERS_BG(USER_NAME, SYS_USER_NAME, GROUP_NAME, UID, GID, PRIVILEGE, INSERT INTO RDB$USERS(RDB$USER_NAME, RDB$SYS_USER_NAME, RDB$GROUP_NAME, RDB$UID, RDB$GID, RDB$PRIVILEGE,
COMMENT, FIRST_NAME, MIDDLE_NAME, LAST_NAME, PASSWD) RDB$COMMENT, RDB$FIRST_NAME, RDB$MIDDLE_NAME, RDB$LAST_NAME, RDB$PASSWD)
SELECT USER_NAME, SYS_USER_NAME, GROUP_NAME, UID, GID, PRIVILEGE, SELECT USER_NAME, SYS_USER_NAME, GROUP_NAME, UID, GID, PRIVILEGE,
COMMENT, FIRST_NAME, MIDDLE_NAME, LAST_NAME, PASSWD COMMENT, FIRST_NAME, MIDDLE_NAME, LAST_NAME, PASSWD
FROM UTMP; FROM UTMP;
COMMIT; COMMIT;
DROP TABLE UTMP; DROP TABLE UTMP;