From ab84adb79404ece4be2ebfcef64b2afe41ad02b8 Mon Sep 17 00:00:00 2001
From: pavel-zotov <p519446@yandex.ru>
Date: Sat, 3 Jun 2023 22:56:50 +0300
Subject: [PATCH] Added/Updated tests\bugs\gh_7610_test.py: checked on
 4.0.3.2948 and 5.0.0.1065. See notes.

---
 tests/bugs/gh_7610_test.py | 98 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 98 insertions(+)
 create mode 100644 tests/bugs/gh_7610_test.py

diff --git a/tests/bugs/gh_7610_test.py b/tests/bugs/gh_7610_test.py
new file mode 100644
index 00000000..ee5c466a
--- /dev/null
+++ b/tests/bugs/gh_7610_test.py
@@ -0,0 +1,98 @@
+#coding:utf-8
+
+"""
+ID:          issue-7610
+ISSUE:       https://github.com/FirebirdSQL/firebird/issues/7610
+TITLE:       Uninitialized/random value assigned to RDB$ROLES -> RDB$SYSTEM PRIVILEGES when restoring from FB3 backup
+DESCRIPTION: 
+    Test uses .fbk which was created in FB 3.x as it is described in the ticket.
+    Non-privileged user 'tmp_user_7610' and role 'tmp_role_7610' are created, and their names must be exactly the same
+    as used in FB 3.x.
+    We restore from this DB and check that it completes OK.
+    Then we make connection as non-pritileged user using role that did exist in FB 3.x.
+    Query 'select rdb$role_name,rdb$system_privileges from rdb$roles' must show 0000000000000000 for this role.
+    Query 'select * from test' must fail with 'no permission for SELECT' error.
+NOTES:
+    [03.06.2023] pzotov
+    BOTH problems (ability to query table and random numbers in rdb$system_privileges) could be reproduced only in OLD
+    snapshots, not in recent ones! 
+    In FB 4.x last snapshot where *both* problems present is 4.0.0.2571 (20-aug-2021). In 4.0.0.2573 only problem with
+    random number in rdb$ exists, but user can no longer query table.
+    In 4.0.3.2948 (01-jun-2023) content of rdb$ is 0000000000000000.
+
+    In FB 5.x situation is similar: last snapshot with *both* problems is 5.0.0.1000 (02-apr-2023), and since 5.0.0.1001
+    one may see only problem with numbers in rdb$, but they look 'constant': 3400000000000000, and this is so up to 5.0.0.1063.
+    Since 5.0.0.1065 (01-jun-2023) content of rdb$ is 0000000000000000.
+"""
+
+import pytest
+from firebird.qa import *
+import zipfile
+from pathlib import Path
+from firebird.driver import SrvRestoreFlag
+import locale
+import re
+import time
+
+db = db_factory() # do_not_create = True)
+tmp_user = user_factory('db', name='tmp_user_7610', password='123')
+tmp_role = role_factory('db', name='tmp_role_7610')
+
+act = python_act('db')
+
+fbk_file = temp_file('gh_7610.tmp.fbk')
+
+@pytest.mark.version('>=4.0.3')
+def test_1(act: Action, fbk_file: Path, tmp_user: User, tmp_role: Role, capsys):
+    zipped_fbk_file = zipfile.Path(act.files_dir / 'gh_7610.zip', at = 'gh_7610_made_in_fb_3x.fbk')
+    fbk_file.write_bytes(zipped_fbk_file.read_bytes())
+
+    allowed_patterns = \
+    (
+         'gbak:finishing, closing, and going home'
+        ,'gbak:adjusting the ONLINE and FORCED WRITES flags'
+    )
+    allowed_patterns = [ re.compile(p, re.IGNORECASE) for p in allowed_patterns ]
+
+    with act.connect_server(encoding=locale.getpreferredencoding()) as srv:
+        srv.database.restore(database=act.db.db_path, backup=fbk_file, flags=SrvRestoreFlag.REPLACE, verbose=True)
+        restore_log = srv.readlines()
+        for line in restore_log:
+            if act.match_any(line.strip(), allowed_patterns):
+                print(line)
+
+    expected_stdout = """
+        gbak:finishing, closing, and going home
+        gbak:adjusting the ONLINE and FORCED WRITES flags
+    """
+
+    act.expected_stdout = expected_stdout
+    act.stdout = capsys.readouterr().out
+    assert act.clean_stdout == act.clean_expected_stdout
+    act.reset()
+
+    #####################################################
+
+    test_sql = f"""
+        set list on;
+        connect '{act.db.dsn}' user {tmp_user.name} password '{tmp_user.password}' role {tmp_role.name};
+        select mon$user, mon$role from mon$attachments where mon$attachment_id = current_connection;
+        select rdb$role_name,rdb$system_privileges from rdb$roles;
+        select * from test;
+    """
+
+    expected_stdout = f"""
+        MON$USER                        {tmp_user.name.upper()}
+        MON$ROLE                        {tmp_role.name.upper()}
+        RDB$ROLE_NAME                   RDB$ADMIN
+        RDB$SYSTEM_PRIVILEGES           FFFFFFFFFFFFFFFF
+        RDB$ROLE_NAME                   {tmp_role.name.upper()}
+        RDB$SYSTEM_PRIVILEGES           0000000000000000
+        Statement failed, SQLSTATE = 28000
+        no permission for SELECT access to TABLE TEST
+        -Effective user is {tmp_user.name.upper()}
+    """
+
+    act.expected_stdout = expected_stdout
+    act.isql(switches=['-q'], input = test_sql, connect_db = False, credentials = False, combine_output = True, io_enc = locale.getpreferredencoding())
+    assert act.clean_stdout == act.clean_expected_stdout