mirror of
https://github.com/FirebirdSQL/firebird.git
synced 2025-01-23 10:43:03 +01:00
Fixed use of encrypted database for users mapping
This commit is contained in:
alexpeshkoff
parent
cbeaf9ae5c
commit
ff3eb6e71e
@ -851,7 +851,8 @@ namespace Jrd {
|
||||
|
||||
void mapUser(string& name, string& trusted_role, Firebird::string* auth_method,
|
||||
AuthReader::AuthBlock* newAuthBlock, const AuthReader::AuthBlock& authBlock,
|
||||
const char* alias, const char* db, const char* securityAlias)
|
||||
const char* alias, const char* db, const char* securityAlias,
|
||||
ICryptKeyCallback* cryptCb)
|
||||
{
|
||||
AuthReader::Info info;
|
||||
|
||||
@ -908,6 +909,11 @@ void mapUser(string& name, string& trusted_role, Firebird::string* auth_method,
|
||||
if (syncType == SYNC_EXCLUSIVE)
|
||||
{
|
||||
DispatcherPtr prov;
|
||||
if (cryptCb)
|
||||
{
|
||||
prov->setDbCryptCallback(&st, cryptCb);
|
||||
check("IProvider::setDbCryptCallback", &st);
|
||||
}
|
||||
|
||||
ClumpletWriter embeddedSysdba(ClumpletWriter::Tagged,
|
||||
MAX_DPB_SIZE, isc_dpb_version1);
|
||||
|
||||
@ -39,7 +39,7 @@ namespace Jrd {
|
||||
|
||||
void mapUser(Firebird::string& name, Firebird::string& trusted_role, Firebird::string* auth_method,
|
||||
Firebird::AuthReader::AuthBlock* newAuthBlock, const Firebird::AuthReader::AuthBlock& authBlock,
|
||||
const char* alias, const char* db, const char* securityDb);
|
||||
const char* alias, const char* db, const char* securityDb, Firebird::ICryptKeyCallback* cryptCb);
|
||||
void clearMap(const char* dbName);
|
||||
|
||||
class GlobalMappingScan: public VirtualTableScan
|
||||
|
||||
@ -995,7 +995,8 @@ static void release_attachment(thread_db*, Jrd::Attachment*);
|
||||
static void rollback(thread_db*, jrd_tra*, const bool);
|
||||
static void strip_quotes(string&);
|
||||
static void purge_attachment(thread_db* tdbb, StableAttachmentPart* sAtt, unsigned flags = 0);
|
||||
static void getUserInfo(UserId&, const DatabaseOptions&, const char*, const char*, const RefPtr<Config>*, bool);
|
||||
static void getUserInfo(UserId&, const DatabaseOptions&, const char*, const char*,
|
||||
const RefPtr<Config>*, bool, ICryptKeyCallback*);
|
||||
|
||||
static THREAD_ENTRY_DECLARE shutdown_thread(THREAD_ENTRY_PARAM);
|
||||
|
||||
@ -1007,7 +1008,7 @@ TraceFailedConnection::TraceFailedConnection(const char* filename, const Databas
|
||||
m_filename(filename),
|
||||
m_options(options)
|
||||
{
|
||||
getUserInfo(m_id, *m_options, m_filename, NULL, NULL, false);
|
||||
getUserInfo(m_id, *m_options, m_filename, NULL, NULL, false, NULL);
|
||||
}
|
||||
|
||||
|
||||
@ -1397,7 +1398,7 @@ JAttachment* JProvider::attachDatabase(IStatus* user_status, const char* filenam
|
||||
}
|
||||
|
||||
// Check for correct credentials supplied
|
||||
getUserInfo(userId, options, org_filename.c_str(), expanded_name.c_str(), &config, false);
|
||||
getUserInfo(userId, options, org_filename.c_str(), expanded_name.c_str(), &config, false, cryptCallback);
|
||||
|
||||
#ifdef WIN_NT
|
||||
guardDbInit.enter(); // Required to correctly expand name of just created database
|
||||
@ -2409,7 +2410,7 @@ JAttachment* JProvider::createDatabase(IStatus* user_status, const char* filenam
|
||||
}
|
||||
|
||||
// Check for correct credentials supplied
|
||||
getUserInfo(userId, options, org_filename.c_str(), NULL, &config, true);
|
||||
getUserInfo(userId, options, org_filename.c_str(), NULL, &config, true, cryptCallback);
|
||||
|
||||
#ifdef WIN_NT
|
||||
guardDbInit.enter(); // Required to correctly expand name of just created database
|
||||
@ -7065,7 +7066,8 @@ static VdnResult verifyDatabaseName(const PathName& name, ISC_STATUS* status, bo
|
||||
|
||||
**/
|
||||
static void getUserInfo(UserId& user, const DatabaseOptions& options,
|
||||
const char* aliasName, const char* dbName, const RefPtr<Config>* config, bool creating)
|
||||
const char* aliasName, const char* dbName, const RefPtr<Config>* config, bool creating,
|
||||
ICryptKeyCallback* cryptCb)
|
||||
{
|
||||
bool wheel = false;
|
||||
int id = -1, group = -1; // CVC: This var contained trash
|
||||
@ -7089,7 +7091,7 @@ static void getUserInfo(UserId& user, const DatabaseOptions& options,
|
||||
else if (options.dpb_auth_block.hasData())
|
||||
{
|
||||
mapUser(name, trusted_role, &auth_method, &user.usr_auth_block, options.dpb_auth_block,
|
||||
aliasName, dbName, (config ? (*config)->getSecurityDatabase() : NULL));
|
||||
aliasName, dbName, (config ? (*config)->getSecurityDatabase() : NULL), cryptCb);
|
||||
ISC_systemToUtf8(name);
|
||||
ISC_systemToUtf8(trusted_role);
|
||||
|
||||
|
||||
@ -798,7 +798,7 @@ Service::Service(const TEXT* service_name, USHORT spb_length, const UCHAR* spb_d
|
||||
|
||||
string trusted_role;
|
||||
mapUser(svc_username, trusted_role, NULL, &svc_auth_block, svc_auth_block,
|
||||
"services manager", NULL, config->getSecurityDatabase());
|
||||
"services manager", NULL, config->getSecurityDatabase(), svc_crypt_callback);
|
||||
|
||||
// to be changed after refsoft special roles patch!!!
|
||||
trusted_role.upper();
|
||||
|
||||
Loading…
Reference in New Issue
Block a user