mirror of
https://github.com/FirebirdSQL/firebird.git
synced 2025-01-23 05:23:03 +01:00
Fixed CORE-2883 - isql needs to extract security for new elements with ACLs.
This commit is contained in:
parent
552b9be23b
commit
edec43a589
@ -1288,6 +1288,62 @@ static processing_state list_all_grants2(bool show_role_list, const SCHAR* termi
|
||||
return OBJECT_NOT_FOUND;
|
||||
END_ERROR
|
||||
|
||||
FOR FLD IN RDB$FIELDS WITH
|
||||
FLD.RDB$FIELD_NAME NOT MATCHING "RDB$+" USING "+=[0-9][0-9]* *"
|
||||
AND FLD.RDB$SYSTEM_FLAG NE 1
|
||||
SORTED BY FLD.RDB$FIELD_NAME
|
||||
{
|
||||
// Null terminate name string
|
||||
fb_utils::exact_name(FLD.RDB$FIELD_NAME);
|
||||
const processing_state rc =
|
||||
SHOW_grants2(FLD.RDB$FIELD_NAME, terminator, obj_field,
|
||||
(first ? banner : 0), mangle);
|
||||
|
||||
if (rc == SKIP)
|
||||
first = false;
|
||||
}
|
||||
END_FOR
|
||||
ON_ERROR
|
||||
ISQL_errmsg(fbStatus);
|
||||
return OBJECT_NOT_FOUND;
|
||||
END_ERROR
|
||||
|
||||
FOR CS IN RDB$CHARACTER_SETS
|
||||
SORTED BY CS.RDB$CHARACTER_SET_NAME
|
||||
{
|
||||
// Null terminate name string
|
||||
fb_utils::exact_name(CS.RDB$CHARACTER_SET_NAME);
|
||||
const processing_state rc =
|
||||
SHOW_grants2(CS.RDB$CHARACTER_SET_NAME, terminator, obj_charset,
|
||||
(first ? banner : 0), mangle);
|
||||
|
||||
if (rc == SKIP)
|
||||
first = false;
|
||||
}
|
||||
END_FOR
|
||||
ON_ERROR
|
||||
ISQL_errmsg(fbStatus);
|
||||
return OBJECT_NOT_FOUND;
|
||||
END_ERROR
|
||||
|
||||
FOR COL IN RDB$COLLATIONS
|
||||
SORTED BY COL.RDB$COLLATION_NAME
|
||||
{
|
||||
// Null terminate name string
|
||||
fb_utils::exact_name(COL.RDB$COLLATION_NAME);
|
||||
const processing_state rc =
|
||||
SHOW_grants2(COL.RDB$COLLATION_NAME, terminator, obj_collation,
|
||||
(first ? banner : 0), mangle);
|
||||
|
||||
if (rc == SKIP)
|
||||
first = false;
|
||||
}
|
||||
END_FOR
|
||||
ON_ERROR
|
||||
ISQL_errmsg(fbStatus);
|
||||
return OBJECT_NOT_FOUND;
|
||||
END_ERROR
|
||||
|
||||
// Process DDL permissions
|
||||
for (int i = obj_database; i < obj_type_MAX; i++)
|
||||
{
|
||||
|
@ -80,7 +80,7 @@ enum commentMode {cmmShow, cmmExtract};
|
||||
|
||||
|
||||
static void remove_delimited_double_quotes(TEXT*);
|
||||
static void make_priv_string(USHORT, char*);
|
||||
static void make_priv_string(USHORT, char*, bool);
|
||||
static processing_state show_all_tables(SSHORT);
|
||||
static void show_charsets(const SCHAR*, const SCHAR*, const bool, bool, bool, bool);
|
||||
static processing_state show_check(const SCHAR*);
|
||||
@ -742,7 +742,7 @@ processing_state SHOW_grants2 (const SCHAR* object,
|
||||
(prev_object_type != -1 && prev_object_type != PRV.RDB$OBJECT_TYPE))
|
||||
{
|
||||
|
||||
make_priv_string (priv_flags, priv_string);
|
||||
make_priv_string(priv_flags, priv_string, false);
|
||||
|
||||
if (first && optional_msg)
|
||||
isqlGlob.prints(optional_msg);
|
||||
@ -859,7 +859,7 @@ processing_state SHOW_grants2 (const SCHAR* object,
|
||||
|
||||
if (prev_option != -1)
|
||||
{
|
||||
make_priv_string (priv_flags, priv_string);
|
||||
make_priv_string(priv_flags, priv_string, false);
|
||||
if (first && optional_msg)
|
||||
isqlGlob.prints(optional_msg);
|
||||
first = false;
|
||||
@ -1314,6 +1314,222 @@ processing_state SHOW_grants2 (const SCHAR* object,
|
||||
}
|
||||
}
|
||||
|
||||
if (obj_type == obj_field || obj_type == 255)
|
||||
{
|
||||
if (isqlGlob.major_ods >= ODS_VERSION12)
|
||||
{
|
||||
FOR FIRST 1 F IN RDB$FIELDS WITH F.RDB$FIELD_NAME EQ object
|
||||
FOR PRV IN RDB$USER_PRIVILEGES CROSS
|
||||
FLD IN RDB$FIELDS WITH
|
||||
PRV.RDB$OBJECT_TYPE = obj_field AND
|
||||
PRV.RDB$RELATION_NAME EQ object AND
|
||||
FLD.RDB$FIELD_NAME EQ object AND
|
||||
PRV.RDB$PRIVILEGE EQ 'G' AND
|
||||
FLD.RDB$OWNER_NAME NE PRV.RDB$USER
|
||||
SORTED BY PRV.RDB$USER, PRV.RDB$FIELD_NAME, PRV.RDB$GRANT_OPTION
|
||||
|
||||
if (first && optional_msg)
|
||||
isqlGlob.prints(optional_msg);
|
||||
|
||||
first = false;
|
||||
fb_utils::exact_name(PRV.RDB$USER);
|
||||
|
||||
switch (PRV.RDB$USER_TYPE)
|
||||
{
|
||||
case obj_relation:
|
||||
case obj_view:
|
||||
case obj_trigger:
|
||||
case obj_procedure:
|
||||
case obj_udf:
|
||||
case obj_sql_role:
|
||||
case obj_package_header:
|
||||
case obj_user:
|
||||
if (mangle && isqlGlob.db_SQL_dialect > SQL_DIALECT_V6_TRANSITION)
|
||||
IUTILS_copy_SQL_id(PRV.RDB$USER, SQL_identifier, DBL_QUOTE);
|
||||
else
|
||||
strcpy(SQL_identifier, PRV.RDB$USER);
|
||||
break;
|
||||
default:
|
||||
strcpy(SQL_identifier, PRV.RDB$USER);
|
||||
break;
|
||||
}
|
||||
|
||||
set_grantee(PRV.RDB$USER_TYPE, SQL_identifier, user_string);
|
||||
|
||||
if (PRV.RDB$GRANT_OPTION)
|
||||
strcpy(with_option, " WITH GRANT OPTION");
|
||||
else
|
||||
with_option[0] = '\0';
|
||||
|
||||
if (mangle && isqlGlob.db_SQL_dialect > SQL_DIALECT_V6_TRANSITION)
|
||||
IUTILS_copy_SQL_id(object, SQL_identifier, DBL_QUOTE);
|
||||
else
|
||||
strcpy(SQL_identifier, object);
|
||||
|
||||
isqlGlob.printf("GRANT USAGE ON DOMAIN %s TO %s%s%s%s%s",
|
||||
SQL_identifier, user_string, with_option,
|
||||
granted_by(buf_grantor, PRV.RDB$GRANTOR), terminator, NEWLINE);
|
||||
|
||||
END_FOR
|
||||
ON_ERROR
|
||||
ISQL_errmsg(fbStatus);
|
||||
return ps_ERR;
|
||||
END_ERROR
|
||||
END_FOR
|
||||
ON_ERROR
|
||||
ISQL_errmsg(fbStatus);
|
||||
return ps_ERR;
|
||||
END_ERROR;
|
||||
|
||||
if (!first)
|
||||
return (SKIP);
|
||||
}
|
||||
}
|
||||
|
||||
if (obj_type == obj_charset || obj_type == 255)
|
||||
{
|
||||
if (isqlGlob.major_ods >= ODS_VERSION12)
|
||||
{
|
||||
FOR FIRST 1 C IN RDB$CHARACTER_SETS WITH C.RDB$CHARACTER_SET_NAME EQ object
|
||||
FOR PRV IN RDB$USER_PRIVILEGES CROSS
|
||||
CS IN RDB$CHARACTER_SETS WITH
|
||||
PRV.RDB$OBJECT_TYPE = obj_charset AND
|
||||
PRV.RDB$RELATION_NAME EQ object AND
|
||||
CS.RDB$CHARACTER_SET_NAME EQ object AND
|
||||
PRV.RDB$PRIVILEGE EQ 'G' AND
|
||||
CS.RDB$OWNER_NAME NE PRV.RDB$USER
|
||||
SORTED BY PRV.RDB$USER, PRV.RDB$FIELD_NAME, PRV.RDB$GRANT_OPTION
|
||||
|
||||
if (first && optional_msg)
|
||||
isqlGlob.prints(optional_msg);
|
||||
|
||||
first = false;
|
||||
fb_utils::exact_name(PRV.RDB$USER);
|
||||
|
||||
switch (PRV.RDB$USER_TYPE)
|
||||
{
|
||||
case obj_relation:
|
||||
case obj_view:
|
||||
case obj_trigger:
|
||||
case obj_procedure:
|
||||
case obj_udf:
|
||||
case obj_sql_role:
|
||||
case obj_package_header:
|
||||
case obj_user:
|
||||
if (mangle && isqlGlob.db_SQL_dialect > SQL_DIALECT_V6_TRANSITION)
|
||||
IUTILS_copy_SQL_id(PRV.RDB$USER, SQL_identifier, DBL_QUOTE);
|
||||
else
|
||||
strcpy(SQL_identifier, PRV.RDB$USER);
|
||||
break;
|
||||
default:
|
||||
strcpy(SQL_identifier, PRV.RDB$USER);
|
||||
break;
|
||||
}
|
||||
|
||||
set_grantee(PRV.RDB$USER_TYPE, SQL_identifier, user_string);
|
||||
|
||||
if (PRV.RDB$GRANT_OPTION)
|
||||
strcpy(with_option, " WITH GRANT OPTION");
|
||||
else
|
||||
with_option[0] = '\0';
|
||||
|
||||
if (mangle && isqlGlob.db_SQL_dialect > SQL_DIALECT_V6_TRANSITION)
|
||||
IUTILS_copy_SQL_id(object, SQL_identifier, DBL_QUOTE);
|
||||
else
|
||||
strcpy(SQL_identifier, object);
|
||||
|
||||
isqlGlob.printf("GRANT USAGE ON CHARACTER SET %s TO %s%s%s%s%s",
|
||||
SQL_identifier, user_string, with_option,
|
||||
granted_by(buf_grantor, PRV.RDB$GRANTOR), terminator, NEWLINE);
|
||||
|
||||
END_FOR
|
||||
ON_ERROR
|
||||
ISQL_errmsg(fbStatus);
|
||||
return ps_ERR;
|
||||
END_ERROR
|
||||
END_FOR
|
||||
ON_ERROR
|
||||
ISQL_errmsg(fbStatus);
|
||||
return ps_ERR;
|
||||
END_ERROR;
|
||||
|
||||
if (!first)
|
||||
return (SKIP);
|
||||
}
|
||||
}
|
||||
|
||||
if (obj_type == obj_collation || obj_type == 255)
|
||||
{
|
||||
if (isqlGlob.major_ods >= ODS_VERSION12)
|
||||
{
|
||||
FOR FIRST 1 C IN RDB$COLLATIONS WITH C.RDB$COLLATION_NAME EQ object
|
||||
FOR PRV IN RDB$USER_PRIVILEGES CROSS
|
||||
COL IN RDB$COLLATIONS WITH
|
||||
PRV.RDB$OBJECT_TYPE = obj_collation AND
|
||||
PRV.RDB$RELATION_NAME EQ object AND
|
||||
COL.RDB$COLLATION_NAME EQ object AND
|
||||
PRV.RDB$PRIVILEGE EQ 'G' AND
|
||||
COL.RDB$OWNER_NAME NE PRV.RDB$USER
|
||||
SORTED BY PRV.RDB$USER, PRV.RDB$FIELD_NAME, PRV.RDB$GRANT_OPTION
|
||||
|
||||
if (first && optional_msg)
|
||||
isqlGlob.prints(optional_msg);
|
||||
|
||||
first = false;
|
||||
fb_utils::exact_name(PRV.RDB$USER);
|
||||
|
||||
switch (PRV.RDB$USER_TYPE)
|
||||
{
|
||||
case obj_relation:
|
||||
case obj_view:
|
||||
case obj_trigger:
|
||||
case obj_procedure:
|
||||
case obj_udf:
|
||||
case obj_sql_role:
|
||||
case obj_package_header:
|
||||
case obj_user:
|
||||
if (mangle && isqlGlob.db_SQL_dialect > SQL_DIALECT_V6_TRANSITION)
|
||||
IUTILS_copy_SQL_id(PRV.RDB$USER, SQL_identifier, DBL_QUOTE);
|
||||
else
|
||||
strcpy(SQL_identifier, PRV.RDB$USER);
|
||||
break;
|
||||
default:
|
||||
strcpy(SQL_identifier, PRV.RDB$USER);
|
||||
break;
|
||||
}
|
||||
|
||||
set_grantee(PRV.RDB$USER_TYPE, SQL_identifier, user_string);
|
||||
|
||||
if (PRV.RDB$GRANT_OPTION)
|
||||
strcpy(with_option, " WITH GRANT OPTION");
|
||||
else
|
||||
with_option[0] = '\0';
|
||||
|
||||
if (mangle && isqlGlob.db_SQL_dialect > SQL_DIALECT_V6_TRANSITION)
|
||||
IUTILS_copy_SQL_id(object, SQL_identifier, DBL_QUOTE);
|
||||
else
|
||||
strcpy(SQL_identifier, object);
|
||||
|
||||
isqlGlob.printf("GRANT USAGE ON COLLATION %s TO %s%s%s%s%s",
|
||||
SQL_identifier, user_string, with_option,
|
||||
granted_by(buf_grantor, PRV.RDB$GRANTOR), terminator, NEWLINE);
|
||||
|
||||
END_FOR
|
||||
ON_ERROR
|
||||
ISQL_errmsg(fbStatus);
|
||||
return ps_ERR;
|
||||
END_ERROR
|
||||
END_FOR
|
||||
ON_ERROR
|
||||
ISQL_errmsg(fbStatus);
|
||||
return ps_ERR;
|
||||
END_ERROR;
|
||||
|
||||
if (!first)
|
||||
return (SKIP);
|
||||
}
|
||||
}
|
||||
|
||||
if (obj_type >= obj_database || obj_type == 255)
|
||||
{
|
||||
if (isqlGlob.major_ods >= ODS_VERSION12)
|
||||
@ -1354,7 +1570,7 @@ processing_state SHOW_grants2 (const SCHAR* object,
|
||||
break;
|
||||
}
|
||||
|
||||
make_priv_string (priv_flags, priv_string);
|
||||
make_priv_string(priv_flags, priv_string, (PRV.RDB$OBJECT_TYPE != obj_database));
|
||||
|
||||
switch (PRV.RDB$USER_TYPE)
|
||||
{
|
||||
@ -2385,7 +2601,7 @@ static void remove_delimited_double_quotes(TEXT* string)
|
||||
}
|
||||
|
||||
|
||||
static void make_priv_string(USHORT flags, char* string)
|
||||
static void make_priv_string(USHORT flags, char* string, bool useAny)
|
||||
{
|
||||
/**************************************
|
||||
*
|
||||
@ -2404,7 +2620,11 @@ static void make_priv_string(USHORT flags, char* string)
|
||||
{
|
||||
if (*string)
|
||||
strcat(string, ", ");
|
||||
|
||||
strcat(string, privs[i].priv_string);
|
||||
|
||||
if (useAny && (privs[i].priv_flag == priv_ALTER || privs[i].priv_flag == priv_DROP))
|
||||
strcat(string, " ANY");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user