diff --git a/tests/bugs/gh_7610_test.py b/tests/bugs/gh_7610_test.py new file mode 100644 index 00000000..ee5c466a --- /dev/null +++ b/tests/bugs/gh_7610_test.py @@ -0,0 +1,98 @@ +#coding:utf-8 + +""" +ID: issue-7610 +ISSUE: https://github.com/FirebirdSQL/firebird/issues/7610 +TITLE: Uninitialized/random value assigned to RDB$ROLES -> RDB$SYSTEM PRIVILEGES when restoring from FB3 backup +DESCRIPTION: + Test uses .fbk which was created in FB 3.x as it is described in the ticket. + Non-privileged user 'tmp_user_7610' and role 'tmp_role_7610' are created, and their names must be exactly the same + as used in FB 3.x. + We restore from this DB and check that it completes OK. + Then we make connection as non-pritileged user using role that did exist in FB 3.x. + Query 'select rdb$role_name,rdb$system_privileges from rdb$roles' must show 0000000000000000 for this role. + Query 'select * from test' must fail with 'no permission for SELECT' error. +NOTES: + [03.06.2023] pzotov + BOTH problems (ability to query table and random numbers in rdb$system_privileges) could be reproduced only in OLD + snapshots, not in recent ones! + In FB 4.x last snapshot where *both* problems present is 4.0.0.2571 (20-aug-2021). In 4.0.0.2573 only problem with + random number in rdb$ exists, but user can no longer query table. + In 4.0.3.2948 (01-jun-2023) content of rdb$ is 0000000000000000. + + In FB 5.x situation is similar: last snapshot with *both* problems is 5.0.0.1000 (02-apr-2023), and since 5.0.0.1001 + one may see only problem with numbers in rdb$, but they look 'constant': 3400000000000000, and this is so up to 5.0.0.1063. + Since 5.0.0.1065 (01-jun-2023) content of rdb$ is 0000000000000000. +""" + +import pytest +from firebird.qa import * +import zipfile +from pathlib import Path +from firebird.driver import SrvRestoreFlag +import locale +import re +import time + +db = db_factory() # do_not_create = True) +tmp_user = user_factory('db', name='tmp_user_7610', password='123') +tmp_role = role_factory('db', name='tmp_role_7610') + +act = python_act('db') + +fbk_file = temp_file('gh_7610.tmp.fbk') + +@pytest.mark.version('>=4.0.3') +def test_1(act: Action, fbk_file: Path, tmp_user: User, tmp_role: Role, capsys): + zipped_fbk_file = zipfile.Path(act.files_dir / 'gh_7610.zip', at = 'gh_7610_made_in_fb_3x.fbk') + fbk_file.write_bytes(zipped_fbk_file.read_bytes()) + + allowed_patterns = \ + ( + 'gbak:finishing, closing, and going home' + ,'gbak:adjusting the ONLINE and FORCED WRITES flags' + ) + allowed_patterns = [ re.compile(p, re.IGNORECASE) for p in allowed_patterns ] + + with act.connect_server(encoding=locale.getpreferredencoding()) as srv: + srv.database.restore(database=act.db.db_path, backup=fbk_file, flags=SrvRestoreFlag.REPLACE, verbose=True) + restore_log = srv.readlines() + for line in restore_log: + if act.match_any(line.strip(), allowed_patterns): + print(line) + + expected_stdout = """ + gbak:finishing, closing, and going home + gbak:adjusting the ONLINE and FORCED WRITES flags + """ + + act.expected_stdout = expected_stdout + act.stdout = capsys.readouterr().out + assert act.clean_stdout == act.clean_expected_stdout + act.reset() + + ##################################################### + + test_sql = f""" + set list on; + connect '{act.db.dsn}' user {tmp_user.name} password '{tmp_user.password}' role {tmp_role.name}; + select mon$user, mon$role from mon$attachments where mon$attachment_id = current_connection; + select rdb$role_name,rdb$system_privileges from rdb$roles; + select * from test; + """ + + expected_stdout = f""" + MON$USER {tmp_user.name.upper()} + MON$ROLE {tmp_role.name.upper()} + RDB$ROLE_NAME RDB$ADMIN + RDB$SYSTEM_PRIVILEGES FFFFFFFFFFFFFFFF + RDB$ROLE_NAME {tmp_role.name.upper()} + RDB$SYSTEM_PRIVILEGES 0000000000000000 + Statement failed, SQLSTATE = 28000 + no permission for SELECT access to TABLE TEST + -Effective user is {tmp_user.name.upper()} + """ + + act.expected_stdout = expected_stdout + act.isql(switches=['-q'], input = test_sql, connect_db = False, credentials = False, combine_output = True, io_enc = locale.getpreferredencoding()) + assert act.clean_stdout == act.clean_expected_stdout