8
0
mirror of https://github.com/FirebirdSQL/firebird.git synced 2025-01-23 05:23:03 +01:00

Fixed use of encrypted database for users mapping

This commit is contained in:
alexpeshkoff 2014-10-09 15:25:39 +00:00
parent cbeaf9ae5c
commit ff3eb6e71e
4 changed files with 17 additions and 9 deletions

View File

@ -851,7 +851,8 @@ namespace Jrd {
void mapUser(string& name, string& trusted_role, Firebird::string* auth_method,
AuthReader::AuthBlock* newAuthBlock, const AuthReader::AuthBlock& authBlock,
const char* alias, const char* db, const char* securityAlias)
const char* alias, const char* db, const char* securityAlias,
ICryptKeyCallback* cryptCb)
{
AuthReader::Info info;
@ -908,6 +909,11 @@ void mapUser(string& name, string& trusted_role, Firebird::string* auth_method,
if (syncType == SYNC_EXCLUSIVE)
{
DispatcherPtr prov;
if (cryptCb)
{
prov->setDbCryptCallback(&st, cryptCb);
check("IProvider::setDbCryptCallback", &st);
}
ClumpletWriter embeddedSysdba(ClumpletWriter::Tagged,
MAX_DPB_SIZE, isc_dpb_version1);

View File

@ -39,7 +39,7 @@ namespace Jrd {
void mapUser(Firebird::string& name, Firebird::string& trusted_role, Firebird::string* auth_method,
Firebird::AuthReader::AuthBlock* newAuthBlock, const Firebird::AuthReader::AuthBlock& authBlock,
const char* alias, const char* db, const char* securityDb);
const char* alias, const char* db, const char* securityDb, Firebird::ICryptKeyCallback* cryptCb);
void clearMap(const char* dbName);
class GlobalMappingScan: public VirtualTableScan

View File

@ -995,7 +995,8 @@ static void release_attachment(thread_db*, Jrd::Attachment*);
static void rollback(thread_db*, jrd_tra*, const bool);
static void strip_quotes(string&);
static void purge_attachment(thread_db* tdbb, StableAttachmentPart* sAtt, unsigned flags = 0);
static void getUserInfo(UserId&, const DatabaseOptions&, const char*, const char*, const RefPtr<Config>*, bool);
static void getUserInfo(UserId&, const DatabaseOptions&, const char*, const char*,
const RefPtr<Config>*, bool, ICryptKeyCallback*);
static THREAD_ENTRY_DECLARE shutdown_thread(THREAD_ENTRY_PARAM);
@ -1007,7 +1008,7 @@ TraceFailedConnection::TraceFailedConnection(const char* filename, const Databas
m_filename(filename),
m_options(options)
{
getUserInfo(m_id, *m_options, m_filename, NULL, NULL, false);
getUserInfo(m_id, *m_options, m_filename, NULL, NULL, false, NULL);
}
@ -1397,7 +1398,7 @@ JAttachment* JProvider::attachDatabase(IStatus* user_status, const char* filenam
}
// Check for correct credentials supplied
getUserInfo(userId, options, org_filename.c_str(), expanded_name.c_str(), &config, false);
getUserInfo(userId, options, org_filename.c_str(), expanded_name.c_str(), &config, false, cryptCallback);
#ifdef WIN_NT
guardDbInit.enter(); // Required to correctly expand name of just created database
@ -2409,7 +2410,7 @@ JAttachment* JProvider::createDatabase(IStatus* user_status, const char* filenam
}
// Check for correct credentials supplied
getUserInfo(userId, options, org_filename.c_str(), NULL, &config, true);
getUserInfo(userId, options, org_filename.c_str(), NULL, &config, true, cryptCallback);
#ifdef WIN_NT
guardDbInit.enter(); // Required to correctly expand name of just created database
@ -7065,7 +7066,8 @@ static VdnResult verifyDatabaseName(const PathName& name, ISC_STATUS* status, bo
**/
static void getUserInfo(UserId& user, const DatabaseOptions& options,
const char* aliasName, const char* dbName, const RefPtr<Config>* config, bool creating)
const char* aliasName, const char* dbName, const RefPtr<Config>* config, bool creating,
ICryptKeyCallback* cryptCb)
{
bool wheel = false;
int id = -1, group = -1; // CVC: This var contained trash
@ -7089,7 +7091,7 @@ static void getUserInfo(UserId& user, const DatabaseOptions& options,
else if (options.dpb_auth_block.hasData())
{
mapUser(name, trusted_role, &auth_method, &user.usr_auth_block, options.dpb_auth_block,
aliasName, dbName, (config ? (*config)->getSecurityDatabase() : NULL));
aliasName, dbName, (config ? (*config)->getSecurityDatabase() : NULL), cryptCb);
ISC_systemToUtf8(name);
ISC_systemToUtf8(trusted_role);

View File

@ -798,7 +798,7 @@ Service::Service(const TEXT* service_name, USHORT spb_length, const UCHAR* spb_d
string trusted_role;
mapUser(svc_username, trusted_role, NULL, &svc_auth_block, svc_auth_block,
"services manager", NULL, config->getSecurityDatabase());
"services manager", NULL, config->getSecurityDatabase(), svc_crypt_callback);
// to be changed after refsoft special roles patch!!!
trusted_role.upper();