From edec43a589f1228bf3349a8ab3a0696323726c40 Mon Sep 17 00:00:00 2001 From: asfernandes Date: Mon, 21 Sep 2015 16:46:05 +0000 Subject: [PATCH] Fixed CORE-2883 - isql needs to extract security for new elements with ACLs. --- src/isql/extract.epp | 56 +++++++++++ src/isql/show.epp | 230 ++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 281 insertions(+), 5 deletions(-) diff --git a/src/isql/extract.epp b/src/isql/extract.epp index 6cbdc8fcce..7651f1dd3c 100644 --- a/src/isql/extract.epp +++ b/src/isql/extract.epp @@ -1288,6 +1288,62 @@ static processing_state list_all_grants2(bool show_role_list, const SCHAR* termi return OBJECT_NOT_FOUND; END_ERROR + FOR FLD IN RDB$FIELDS WITH + FLD.RDB$FIELD_NAME NOT MATCHING "RDB$+" USING "+=[0-9][0-9]* *" + AND FLD.RDB$SYSTEM_FLAG NE 1 + SORTED BY FLD.RDB$FIELD_NAME + { + // Null terminate name string + fb_utils::exact_name(FLD.RDB$FIELD_NAME); + const processing_state rc = + SHOW_grants2(FLD.RDB$FIELD_NAME, terminator, obj_field, + (first ? banner : 0), mangle); + + if (rc == SKIP) + first = false; + } + END_FOR + ON_ERROR + ISQL_errmsg(fbStatus); + return OBJECT_NOT_FOUND; + END_ERROR + + FOR CS IN RDB$CHARACTER_SETS + SORTED BY CS.RDB$CHARACTER_SET_NAME + { + // Null terminate name string + fb_utils::exact_name(CS.RDB$CHARACTER_SET_NAME); + const processing_state rc = + SHOW_grants2(CS.RDB$CHARACTER_SET_NAME, terminator, obj_charset, + (first ? banner : 0), mangle); + + if (rc == SKIP) + first = false; + } + END_FOR + ON_ERROR + ISQL_errmsg(fbStatus); + return OBJECT_NOT_FOUND; + END_ERROR + + FOR COL IN RDB$COLLATIONS + SORTED BY COL.RDB$COLLATION_NAME + { + // Null terminate name string + fb_utils::exact_name(COL.RDB$COLLATION_NAME); + const processing_state rc = + SHOW_grants2(COL.RDB$COLLATION_NAME, terminator, obj_collation, + (first ? banner : 0), mangle); + + if (rc == SKIP) + first = false; + } + END_FOR + ON_ERROR + ISQL_errmsg(fbStatus); + return OBJECT_NOT_FOUND; + END_ERROR + // Process DDL permissions for (int i = obj_database; i < obj_type_MAX; i++) { diff --git a/src/isql/show.epp b/src/isql/show.epp index 7c8b29c57a..f994a8f88c 100644 --- a/src/isql/show.epp +++ b/src/isql/show.epp @@ -80,7 +80,7 @@ enum commentMode {cmmShow, cmmExtract}; static void remove_delimited_double_quotes(TEXT*); -static void make_priv_string(USHORT, char*); +static void make_priv_string(USHORT, char*, bool); static processing_state show_all_tables(SSHORT); static void show_charsets(const SCHAR*, const SCHAR*, const bool, bool, bool, bool); static processing_state show_check(const SCHAR*); @@ -742,7 +742,7 @@ processing_state SHOW_grants2 (const SCHAR* object, (prev_object_type != -1 && prev_object_type != PRV.RDB$OBJECT_TYPE)) { - make_priv_string (priv_flags, priv_string); + make_priv_string(priv_flags, priv_string, false); if (first && optional_msg) isqlGlob.prints(optional_msg); @@ -859,7 +859,7 @@ processing_state SHOW_grants2 (const SCHAR* object, if (prev_option != -1) { - make_priv_string (priv_flags, priv_string); + make_priv_string(priv_flags, priv_string, false); if (first && optional_msg) isqlGlob.prints(optional_msg); first = false; @@ -1314,6 +1314,222 @@ processing_state SHOW_grants2 (const SCHAR* object, } } + if (obj_type == obj_field || obj_type == 255) + { + if (isqlGlob.major_ods >= ODS_VERSION12) + { + FOR FIRST 1 F IN RDB$FIELDS WITH F.RDB$FIELD_NAME EQ object + FOR PRV IN RDB$USER_PRIVILEGES CROSS + FLD IN RDB$FIELDS WITH + PRV.RDB$OBJECT_TYPE = obj_field AND + PRV.RDB$RELATION_NAME EQ object AND + FLD.RDB$FIELD_NAME EQ object AND + PRV.RDB$PRIVILEGE EQ 'G' AND + FLD.RDB$OWNER_NAME NE PRV.RDB$USER + SORTED BY PRV.RDB$USER, PRV.RDB$FIELD_NAME, PRV.RDB$GRANT_OPTION + + if (first && optional_msg) + isqlGlob.prints(optional_msg); + + first = false; + fb_utils::exact_name(PRV.RDB$USER); + + switch (PRV.RDB$USER_TYPE) + { + case obj_relation: + case obj_view: + case obj_trigger: + case obj_procedure: + case obj_udf: + case obj_sql_role: + case obj_package_header: + case obj_user: + if (mangle && isqlGlob.db_SQL_dialect > SQL_DIALECT_V6_TRANSITION) + IUTILS_copy_SQL_id(PRV.RDB$USER, SQL_identifier, DBL_QUOTE); + else + strcpy(SQL_identifier, PRV.RDB$USER); + break; + default: + strcpy(SQL_identifier, PRV.RDB$USER); + break; + } + + set_grantee(PRV.RDB$USER_TYPE, SQL_identifier, user_string); + + if (PRV.RDB$GRANT_OPTION) + strcpy(with_option, " WITH GRANT OPTION"); + else + with_option[0] = '\0'; + + if (mangle && isqlGlob.db_SQL_dialect > SQL_DIALECT_V6_TRANSITION) + IUTILS_copy_SQL_id(object, SQL_identifier, DBL_QUOTE); + else + strcpy(SQL_identifier, object); + + isqlGlob.printf("GRANT USAGE ON DOMAIN %s TO %s%s%s%s%s", + SQL_identifier, user_string, with_option, + granted_by(buf_grantor, PRV.RDB$GRANTOR), terminator, NEWLINE); + + END_FOR + ON_ERROR + ISQL_errmsg(fbStatus); + return ps_ERR; + END_ERROR + END_FOR + ON_ERROR + ISQL_errmsg(fbStatus); + return ps_ERR; + END_ERROR; + + if (!first) + return (SKIP); + } + } + + if (obj_type == obj_charset || obj_type == 255) + { + if (isqlGlob.major_ods >= ODS_VERSION12) + { + FOR FIRST 1 C IN RDB$CHARACTER_SETS WITH C.RDB$CHARACTER_SET_NAME EQ object + FOR PRV IN RDB$USER_PRIVILEGES CROSS + CS IN RDB$CHARACTER_SETS WITH + PRV.RDB$OBJECT_TYPE = obj_charset AND + PRV.RDB$RELATION_NAME EQ object AND + CS.RDB$CHARACTER_SET_NAME EQ object AND + PRV.RDB$PRIVILEGE EQ 'G' AND + CS.RDB$OWNER_NAME NE PRV.RDB$USER + SORTED BY PRV.RDB$USER, PRV.RDB$FIELD_NAME, PRV.RDB$GRANT_OPTION + + if (first && optional_msg) + isqlGlob.prints(optional_msg); + + first = false; + fb_utils::exact_name(PRV.RDB$USER); + + switch (PRV.RDB$USER_TYPE) + { + case obj_relation: + case obj_view: + case obj_trigger: + case obj_procedure: + case obj_udf: + case obj_sql_role: + case obj_package_header: + case obj_user: + if (mangle && isqlGlob.db_SQL_dialect > SQL_DIALECT_V6_TRANSITION) + IUTILS_copy_SQL_id(PRV.RDB$USER, SQL_identifier, DBL_QUOTE); + else + strcpy(SQL_identifier, PRV.RDB$USER); + break; + default: + strcpy(SQL_identifier, PRV.RDB$USER); + break; + } + + set_grantee(PRV.RDB$USER_TYPE, SQL_identifier, user_string); + + if (PRV.RDB$GRANT_OPTION) + strcpy(with_option, " WITH GRANT OPTION"); + else + with_option[0] = '\0'; + + if (mangle && isqlGlob.db_SQL_dialect > SQL_DIALECT_V6_TRANSITION) + IUTILS_copy_SQL_id(object, SQL_identifier, DBL_QUOTE); + else + strcpy(SQL_identifier, object); + + isqlGlob.printf("GRANT USAGE ON CHARACTER SET %s TO %s%s%s%s%s", + SQL_identifier, user_string, with_option, + granted_by(buf_grantor, PRV.RDB$GRANTOR), terminator, NEWLINE); + + END_FOR + ON_ERROR + ISQL_errmsg(fbStatus); + return ps_ERR; + END_ERROR + END_FOR + ON_ERROR + ISQL_errmsg(fbStatus); + return ps_ERR; + END_ERROR; + + if (!first) + return (SKIP); + } + } + + if (obj_type == obj_collation || obj_type == 255) + { + if (isqlGlob.major_ods >= ODS_VERSION12) + { + FOR FIRST 1 C IN RDB$COLLATIONS WITH C.RDB$COLLATION_NAME EQ object + FOR PRV IN RDB$USER_PRIVILEGES CROSS + COL IN RDB$COLLATIONS WITH + PRV.RDB$OBJECT_TYPE = obj_collation AND + PRV.RDB$RELATION_NAME EQ object AND + COL.RDB$COLLATION_NAME EQ object AND + PRV.RDB$PRIVILEGE EQ 'G' AND + COL.RDB$OWNER_NAME NE PRV.RDB$USER + SORTED BY PRV.RDB$USER, PRV.RDB$FIELD_NAME, PRV.RDB$GRANT_OPTION + + if (first && optional_msg) + isqlGlob.prints(optional_msg); + + first = false; + fb_utils::exact_name(PRV.RDB$USER); + + switch (PRV.RDB$USER_TYPE) + { + case obj_relation: + case obj_view: + case obj_trigger: + case obj_procedure: + case obj_udf: + case obj_sql_role: + case obj_package_header: + case obj_user: + if (mangle && isqlGlob.db_SQL_dialect > SQL_DIALECT_V6_TRANSITION) + IUTILS_copy_SQL_id(PRV.RDB$USER, SQL_identifier, DBL_QUOTE); + else + strcpy(SQL_identifier, PRV.RDB$USER); + break; + default: + strcpy(SQL_identifier, PRV.RDB$USER); + break; + } + + set_grantee(PRV.RDB$USER_TYPE, SQL_identifier, user_string); + + if (PRV.RDB$GRANT_OPTION) + strcpy(with_option, " WITH GRANT OPTION"); + else + with_option[0] = '\0'; + + if (mangle && isqlGlob.db_SQL_dialect > SQL_DIALECT_V6_TRANSITION) + IUTILS_copy_SQL_id(object, SQL_identifier, DBL_QUOTE); + else + strcpy(SQL_identifier, object); + + isqlGlob.printf("GRANT USAGE ON COLLATION %s TO %s%s%s%s%s", + SQL_identifier, user_string, with_option, + granted_by(buf_grantor, PRV.RDB$GRANTOR), terminator, NEWLINE); + + END_FOR + ON_ERROR + ISQL_errmsg(fbStatus); + return ps_ERR; + END_ERROR + END_FOR + ON_ERROR + ISQL_errmsg(fbStatus); + return ps_ERR; + END_ERROR; + + if (!first) + return (SKIP); + } + } + if (obj_type >= obj_database || obj_type == 255) { if (isqlGlob.major_ods >= ODS_VERSION12) @@ -1354,7 +1570,7 @@ processing_state SHOW_grants2 (const SCHAR* object, break; } - make_priv_string (priv_flags, priv_string); + make_priv_string(priv_flags, priv_string, (PRV.RDB$OBJECT_TYPE != obj_database)); switch (PRV.RDB$USER_TYPE) { @@ -2385,7 +2601,7 @@ static void remove_delimited_double_quotes(TEXT* string) } -static void make_priv_string(USHORT flags, char* string) +static void make_priv_string(USHORT flags, char* string, bool useAny) { /************************************** * @@ -2404,7 +2620,11 @@ static void make_priv_string(USHORT flags, char* string) { if (*string) strcat(string, ", "); + strcat(string, privs[i].priv_string); + + if (useAny && (privs[i].priv_flag == priv_ALTER || privs[i].priv_flag == priv_DROP)) + strcat(string, " ANY"); } } }