mirror of
https://github.com/FirebirdSQL/firebird.git
synced 2025-01-23 19:23:03 +01:00
finished rdb$users to match vulcan
This commit is contained in:
alexpeshkoff
parent
a6c7916255
commit
ec470fa08c
@ -23,46 +23,44 @@
|
||||
*/
|
||||
|
||||
/* Domain definitions */
|
||||
CREATE DOMAIN COMMENT AS BLOB SUB_TYPE TEXT SEGMENT SIZE 80 CHARACTER SET UNICODE_FSS;
|
||||
CREATE DOMAIN NAME_PART AS VARCHAR(32) CHARACTER SET UNICODE_FSS DEFAULT _UNICODE_FSS '';
|
||||
CREATE DOMAIN GID AS INTEGER;
|
||||
CREATE DOMAIN PASSWD AS VARCHAR(64) CHARACTER SET BINARY;
|
||||
CREATE DOMAIN UID AS INTEGER;
|
||||
CREATE DOMAIN USER_NAME AS VARCHAR(128) CHARACTER SET UNICODE_FSS;
|
||||
CREATE DOMAIN PRIVILEGE AS INTEGER;
|
||||
CREATE DOMAIN RDB$COMMENT AS BLOB SUB_TYPE TEXT SEGMENT SIZE 80 CHARACTER SET UNICODE_FSS;
|
||||
CREATE DOMAIN RDB$NAME_PART AS VARCHAR(32) CHARACTER SET UNICODE_FSS DEFAULT _UNICODE_FSS '';
|
||||
CREATE DOMAIN RDB$GID AS INTEGER;
|
||||
CREATE DOMAIN RDB$PASSWD AS VARCHAR(64) CHARACTER SET BINARY;
|
||||
CREATE DOMAIN RDB$UID AS INTEGER;
|
||||
CREATE DOMAIN RDB$USER_NAME AS VARCHAR(128) CHARACTER SET UNICODE_FSS;
|
||||
CREATE DOMAIN RDB$USER_PRIVILEGE AS INTEGER;
|
||||
|
||||
|
||||
/* Table: RDB$USERS */
|
||||
CREATE TABLE RDB$USERS (USER_NAME USER_NAME,
|
||||
CREATE TABLE RDB$USERS (
|
||||
RDB$USER_NAME RDB$USER_NAME NOT NULL PRIMARY KEY,
|
||||
/* local system user name for setuid for file permissions */
|
||||
SYS_USER_NAME USER_NAME,
|
||||
GROUP_NAME USER_NAME,
|
||||
UID UID,
|
||||
GID GID,
|
||||
PASSWD PASSWD,
|
||||
RDB$SYS_USER_NAME RDB$USER_NAME,
|
||||
RDB$GROUP_NAME RDB$USER_NAME,
|
||||
RDB$UID RDB$UID,
|
||||
RDB$GID RDB$GID,
|
||||
RDB$PASSWD RDB$PASSWD,
|
||||
|
||||
/* Privilege level of user-mark a user as having DBA privilege */
|
||||
PRIVILEGE PRIVILEGE,
|
||||
/* Privilege level of user - mark a user as having DBA privilege */
|
||||
RDB$PRIVILEGE RDB$USER_PRIVILEGE,
|
||||
|
||||
COMMENT COMMENT,
|
||||
FIRST_NAME NAME_PART,
|
||||
MIDDLE_NAME NAME_PART,
|
||||
LAST_NAME NAME_PART);
|
||||
RDB$COMMENT RDB$COMMENT,
|
||||
RDB$FIRST_NAME RDB$NAME_PART,
|
||||
RDB$MIDDLE_NAME RDB$NAME_PART,
|
||||
RDB$LAST_NAME RDB$NAME_PART);
|
||||
|
||||
COMMIT;
|
||||
|
||||
/* Index definition users_bg table */
|
||||
CREATE UNIQUE INDEX RDB$USER_NAME_INDEX ON RDB$USERS(USER_NAME);
|
||||
|
||||
/* View: USERS. Let's user modify his own password. */
|
||||
CREATE VIEW USERS (USER_NAME, SYS_USER_NAME, GROUP_NAME, UID, GID, PASSWD,
|
||||
PRIVILEGE, COMMENT, FIRST_NAME, MIDDLE_NAME, LAST_NAME, FULL_NAME) AS
|
||||
SELECT USER_NAME, SYS_USER_NAME, GROUP_NAME, UID, GID, PASSWD,
|
||||
PRIVILEGE, COMMENT, FIRST_NAME, MIDDLE_NAME, LAST_NAME,
|
||||
first_name || _UNICODE_FSS ' ' || middle_name || _UNICODE_FSS ' ' || last_name
|
||||
SELECT RDB$USER_NAME, RDB$SYS_USER_NAME, RDB$GROUP_NAME, RDB$UID, RDB$GID, RDB$PASSWD,
|
||||
RDB$PRIVILEGE, RDB$COMMENT, RDB$FIRST_NAME, RDB$MIDDLE_NAME, RDB$LAST_NAME,
|
||||
RDB$first_name || _UNICODE_FSS ' ' || RDB$middle_name || _UNICODE_FSS ' ' || RDB$last_name
|
||||
FROM RDB$USERS
|
||||
WHERE CURRENT_USER = 'SYSDBA'
|
||||
OR CURRENT_USER = RDB$USERS.USER_NAME;
|
||||
OR CURRENT_USER = RDB$USERS.RDB$USER_NAME;
|
||||
|
||||
/* Access rights */
|
||||
GRANT ALL ON RDB$USERS to VIEW USERS;
|
||||
@ -73,7 +71,7 @@ GRANT UPDATE(PASSWD, GROUP_NAME, UID, GID, FIRST_NAME, MIDDLE_NAME, LAST_NAME)
|
||||
COMMIT;
|
||||
|
||||
/* Needed record - with PASSWD = random + SHA1 (random + 'SYSDBA' + crypt('masterke')) */
|
||||
INSERT INTO RDB$USERS(USER_NAME, PASSWD, FIRST_NAME, MIDDLE_NAME, LAST_NAME)
|
||||
INSERT INTO RDB$USERS(RDB$USER_NAME, RDB$PASSWD, RDB$FIRST_NAME, RDB$MIDDLE_NAME, RDB$LAST_NAME)
|
||||
VALUES ('SYSDBA', 'NLtwcs9LrxLMOYhG0uGM9i6KS7mf3QAKvFVpmRg=', 'Sql', 'Server', 'Administrator');
|
||||
|
||||
COMMIT;
|
||||
|
||||
@ -72,22 +72,22 @@ const UCHAR SecurityDatabase::PWD_REQUEST[] = {
|
||||
blr_literal, blr_short, 0, 1, 0,
|
||||
blr_boolean,
|
||||
blr_eql,
|
||||
blr_field, 0, 9, 'U', 'S', 'E', 'R', '_', 'N', 'A', 'M', 'E',
|
||||
blr_field, 0, 13, 'R', 'D', 'B', '$', 'U', 'S', 'E', 'R', '_', 'N', 'A', 'M', 'E',
|
||||
blr_parameter, 0, 0, 0,
|
||||
blr_end,
|
||||
blr_send, 1,
|
||||
blr_begin,
|
||||
blr_assignment,
|
||||
blr_field, 0, 3, 'G', 'I', 'D',
|
||||
blr_field, 0, 7, 'R', 'D', 'B', '$', 'G', 'I', 'D',
|
||||
blr_parameter, 1, 0, 0,
|
||||
blr_assignment,
|
||||
blr_field, 0, 3, 'U', 'I', 'D',
|
||||
blr_field, 0, 7, 'R', 'D', 'B', '$', 'U', 'I', 'D',
|
||||
blr_parameter, 1, 1, 0,
|
||||
blr_assignment,
|
||||
blr_literal, blr_short, 0, 1, 0,
|
||||
blr_parameter, 1, 2, 0,
|
||||
blr_assignment,
|
||||
blr_field, 0, 6, 'P', 'A', 'S', 'S', 'W', 'D',
|
||||
blr_field, 0, 10, 'R', 'D', 'B', '$', 'P', 'A', 'S', 'S', 'W', 'D',
|
||||
blr_parameter, 1, 3, 0,
|
||||
blr_end,
|
||||
blr_send, 1,
|
||||
|
||||
@ -64,53 +64,56 @@ DROP DOMAIN PRIVILEGE;
|
||||
COMMIT;
|
||||
|
||||
-- 4. create new objects in database
|
||||
CREATE DOMAIN COMMENT AS BLOB SUB_TYPE TEXT SEGMENT SIZE 80 CHARACTER SET UNICODE_FSS;
|
||||
CREATE DOMAIN NAME_PART AS VARCHAR(32) CHARACTER SET UNICODE_FSS DEFAULT _UNICODE_FSS '';
|
||||
CREATE DOMAIN GID AS INTEGER;
|
||||
CREATE DOMAIN PASSWD AS VARCHAR(64) CHARACTER SET BINARY;
|
||||
CREATE DOMAIN UID AS INTEGER;
|
||||
CREATE DOMAIN USER_NAME AS VARCHAR(128) CHARACTER SET ASCII;
|
||||
CREATE DOMAIN PRIVILEGE AS INTEGER;
|
||||
CREATE DOMAIN RDB$COMMENT AS BLOB SUB_TYPE TEXT SEGMENT SIZE 80 CHARACTER SET UNICODE_FSS;
|
||||
CREATE DOMAIN RDB$NAME_PART AS VARCHAR(32) CHARACTER SET UNICODE_FSS DEFAULT _UNICODE_FSS '';
|
||||
CREATE DOMAIN RDB$GID AS INTEGER;
|
||||
CREATE DOMAIN RDB$PASSWD AS VARCHAR(64) CHARACTER SET BINARY;
|
||||
CREATE DOMAIN RDB$UID AS INTEGER;
|
||||
CREATE DOMAIN RDB$USER_NAME AS VARCHAR(128) CHARACTER SET UNICODE_FSS;
|
||||
CREATE DOMAIN RDB$USER_PRIVILEGE AS INTEGER;
|
||||
COMMIT;
|
||||
|
||||
CREATE TABLE USERS_BG (USER_NAME USER_NAME,
|
||||
SYS_USER_NAME USER_NAME,
|
||||
GROUP_NAME USER_NAME,
|
||||
UID UID,
|
||||
GID GID,
|
||||
PASSWD PASSWD,
|
||||
PRIVILEGE PRIVILEGE,
|
||||
COMMENT COMMENT,
|
||||
FIRST_NAME NAME_PART,
|
||||
MIDDLE_NAME NAME_PART,
|
||||
LAST_NAME NAME_PART);
|
||||
COMMIT;
|
||||
|
||||
CREATE UNIQUE INDEX USER_NAME_INDEX ON USERS_BG(USER_NAME);
|
||||
CREATE TABLE RDB$USERS (
|
||||
RDB$USER_NAME RDB$USER_NAME NOT NULL PRIMARY KEY,
|
||||
/* local system user name for setuid for file permissions */
|
||||
RDB$SYS_USER_NAME RDB$USER_NAME,
|
||||
RDB$GROUP_NAME RDB$USER_NAME,
|
||||
RDB$UID RDB$UID,
|
||||
RDB$GID RDB$GID,
|
||||
RDB$PASSWD RDB$PASSWD,
|
||||
|
||||
/* Privilege level of user - mark a user as having DBA privilege */
|
||||
RDB$PRIVILEGE RDB$USER_PRIVILEGE,
|
||||
|
||||
RDB$COMMENT RDB$COMMENT,
|
||||
RDB$FIRST_NAME RDB$NAME_PART,
|
||||
RDB$MIDDLE_NAME RDB$NAME_PART,
|
||||
RDB$LAST_NAME RDB$NAME_PART);
|
||||
COMMIT;
|
||||
|
||||
CREATE VIEW USERS (USER_NAME, SYS_USER_NAME, GROUP_NAME, UID, GID, PASSWD,
|
||||
PRIVILEGE, COMMENT, FIRST_NAME, MIDDLE_NAME, LAST_NAME, FULL_NAME) AS
|
||||
SELECT USER_NAME, SYS_USER_NAME, GROUP_NAME, UID, GID, PASSWD,
|
||||
PRIVILEGE, COMMENT, FIRST_NAME, MIDDLE_NAME, LAST_NAME,
|
||||
first_name || _UNICODE_FSS ' ' || middle_name || _UNICODE_FSS ' ' || last_name
|
||||
FROM USERS_BG
|
||||
WHERE CURRENT_USER = 'SYSDBA'
|
||||
OR CURRENT_USER = USERS_BG.USER_NAME;
|
||||
PRIVILEGE, COMMENT, FIRST_NAME, MIDDLE_NAME, LAST_NAME, FULL_NAME) AS
|
||||
SELECT RDB$USER_NAME, RDB$SYS_USER_NAME, RDB$GROUP_NAME, RDB$UID, RDB$GID, RDB$PASSWD,
|
||||
RDB$PRIVILEGE, RDB$COMMENT, RDB$FIRST_NAME, RDB$MIDDLE_NAME, RDB$LAST_NAME,
|
||||
RDB$first_name || _UNICODE_FSS ' ' || RDB$middle_name || _UNICODE_FSS ' ' || RDB$last_name
|
||||
FROM RDB$USERS
|
||||
WHERE CURRENT_USER = 'SYSDBA'
|
||||
OR CURRENT_USER = RDB$USERS.RDB$USER_NAME;
|
||||
COMMIT;
|
||||
|
||||
GRANT ALL ON USERS_BG to VIEW USERS;
|
||||
GRANT ALL ON RDB$USERS to VIEW USERS;
|
||||
GRANT SELECT ON USERS to PUBLIC;
|
||||
GRANT UPDATE(PASSWD, GROUP_NAME, UID, GID, FIRST_NAME, MIDDLE_NAME, LAST_NAME)
|
||||
ON USERS TO PUBLIC;
|
||||
COMMIT;
|
||||
|
||||
-- 5. move data from temporary table and drop it
|
||||
INSERT INTO USERS_BG(USER_NAME, SYS_USER_NAME, GROUP_NAME, UID, GID, PRIVILEGE,
|
||||
COMMENT, FIRST_NAME, MIDDLE_NAME, LAST_NAME, PASSWD)
|
||||
SELECT USER_NAME, SYS_USER_NAME, GROUP_NAME, UID, GID, PRIVILEGE,
|
||||
COMMENT, FIRST_NAME, MIDDLE_NAME, LAST_NAME, PASSWD
|
||||
FROM UTMP;
|
||||
INSERT INTO RDB$USERS(RDB$USER_NAME, RDB$SYS_USER_NAME, RDB$GROUP_NAME, RDB$UID, RDB$GID, RDB$PRIVILEGE,
|
||||
RDB$COMMENT, RDB$FIRST_NAME, RDB$MIDDLE_NAME, RDB$LAST_NAME, RDB$PASSWD)
|
||||
SELECT USER_NAME, SYS_USER_NAME, GROUP_NAME, UID, GID, PRIVILEGE,
|
||||
COMMENT, FIRST_NAME, MIDDLE_NAME, LAST_NAME, PASSWD
|
||||
FROM UTMP;
|
||||
COMMIT;
|
||||
|
||||
DROP TABLE UTMP;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user