Added/Updated bugs\core_5496_test.py. Checked on 3.0.8.33535 (SS/CS), 4.0.1.2692 (SS/CS), 5.0.0.730 (SS/CS) - both Linux and Windows.

2025-01-22 13:33:07 +01:00 · 2022-09-18 15:18:44 +03:00 · 2022-09-18 15:18:44 +03:00 · f03fdd0bd5
commit f03fdd0bd5
parent ca3c0af5c0
1 changed files with 105 additions and 33 deletions
--- a/tests/bugs/core_5496_test.py
+++ b/tests/bugs/core_5496_test.py
@ -3,23 +3,48 @@
 """
 ID:          issue-5765
 ISSUE:       5765
-TITLE:       Creating SRP SYSDBA with explicit admin (-admin yes in gsec or grant admin
+TITLE:       Creating SRP SYSDBA with explicit admin (-admin yes in gsec or grant admin role in create user) creates two SYSDBA accounts
  role in create user) creates two SYSDBA accounts
 DESCRIPTION:
  Test script should display only ONE record.
 NOTES:
 [8.12.2021] [pcisar]
  On Linux it fails with:
  Statement failed, SQLSTATE = 28000
  no permission for remote access to database security.db
 JIRA:        CORE-5496
 FBTEST:      bugs.core_5496
 NOTES:
    [08.12.2021] [pcisar]
    On Linux it fails with:
    Statement failed, SQLSTATE = 28000
    no permission for remote access to database security.db
    [18.09.2022] pzotov
    1. One need to be sure that firebird.conf does NOT contain DatabaseAccess = None.
    2. Test uses pre-created databases.conf which has alias defvined by variable REQUIRED_ALIAS.
       Database file for that alias must NOT exist in the QA_root/files/qa/ subdirectory: it will be created here.
       Content of databases.conf must be taken from $QA_ROOT/files/qa-databases.conf (one need to replace
       it before every test session).
       Discussed with pcisar, letters since 30-may-2022 13:48, subject:
       "new qa, core_4964_test.py: strange outcome when use... shutil.copy() // comparing to shutil.copy2()"
    3. Value of REQUIRED_ALIAS must be EXACTLY the same as alias specified in the pre-created databases.conf
       (for LINUX this equality is case-sensitive, even when aliases are compared!)
    Confirmed problem on 3.0.1.32609
    Checked on 3.0.8.33535 (SS/CS), 4.0.1.2692 (SS/CS), 5.0.0.730 (SS/CS) - both Linux and Windows.
 """
 import locale
 import re
 import sys
 from pathlib import Path
 import time
 import pytest
 from firebird.qa import *
 # Pre-defined alias for self-security DB in the QA_root/files/qa-databases.conf.
 # This file must be copied manually to each testing FB home folder, with replacing
 # databases.conf there:
 #
 REQUIRED_ALIAS = 'tmp_core_5496_alias'
 db = db_factory()
 db_clone = db_factory(filename = '#' + REQUIRED_ALIAS, do_not_create = True, do_not_drop = True)
 act = python_act('db')
@ -28,32 +53,79 @@ expected_stdout = """
    SEC$PLUGIN                      Srp
    Records affected: 1
 """
 #----------------------------------------------------
 def get_filename_by_alias(act: Action, alias_from_dbconf):
    # Scan line-by-line through databases.conf, find line starting with REQUIRED_ALIAS and extract name of file that
    # must be created in the $(dir_sampleDb)/qa/ folder. This name will be used further as target database (tmp_fdb).
    # NOTE: we have to SKIP lines which are commented out, i.e. if they starts with '#':
    p_required_alias_ptn =  re.compile( '^(?!#)((^|\\s+)' + alias_from_dbconf + ')\\s*=\\s*\\$\\(dir_sampleDb\\)/qa/', re.IGNORECASE )
    fname_in_dbconf = None
-test_script = """
+    with open(act.home_dir/'databases.conf', 'r') as f:
-    connect 'localhost:security.db';
+        for line in f:
-    create or alter user foo password '123' grant admin role using plugin Srp;
+            if p_required_alias_ptn.search(line):
-    create or alter user rio password '123' grant admin role using plugin Srp;
+                # If databases.conf contains line like this:
-    create or alter user bar password '123' grant admin role using plugin Srp;
+                #     tmp_6147_alias = $(dir_sampleDb)/qa/tmp_core_6147.fdb
-    commit;
+                # - then we extract filename: 'tmp_core_6147.fdb' (see below):
-    grant rdb$admin to sysdba granted by foo;
+                fname_in_dbconf = Path(line.split('=')[1].strip()).name
-    grant rdb$admin to sysdba granted by rio;
+                break
    grant rdb$admin to sysdba granted by bar;
    commit;
    set list on;
    set count on;
    select sec$user_name, sec$plugin from sec$users where upper(sec$user_name) = upper('sysdba') and upper(sec$plugin) = upper('srp');
    commit;
-    drop user foo using plugin Srp;
+    # if 'fname_in_dbconf' remains undefined here then propably REQUIRED_ALIAS not equals to specified in the databases.conf!
-    drop user rio using plugin Srp;
+    #
-    drop user bar using plugin Srp;
+    assert fname_in_dbconf
    commit;
    quit;
 """
-@pytest.mark.skip('FIXME: remote access to security.db')
+    #------------------------------------------------------------------
-@pytest.mark.version('>=3.0.2')
+    # Full path + filename of database to which we will try to connect:
-def test_1(act: Action):
+    #
-    act.expected_stdout = expected_stdout
+    tmp_fdb = Path( act.vars['sample_dir'], 'qa', fname_in_dbconf )
-    act.isql(switches=['-q', '-b'], input=test_script)
+
-    assert act.clean_stdout == act.clean_expected_stdout
+    return tmp_fdb
 #----------------------------------------------------
@pytest.mark.version('>=3.0.1')
 def test_1(act: Action, capsys):
    db_work_file = get_filename_by_alias(act, REQUIRED_ALIAS)
    dba_pswd = 'alterkey'
    sql_test = f"""
        set list on;
        create database '{REQUIRED_ALIAS}' user {act.db.user};
        create user {act.db.user} password '{dba_pswd}' using plugin Srp;
        create or alter user foo password '123' grant admin role using plugin Srp;
        create or alter user rio password '123' grant admin role using plugin Srp;
        create or alter user bar password '123' grant admin role using plugin Srp;
        commit;
        grant rdb$admin to {act.db.user} granted by foo;
        grant rdb$admin to {act.db.user} granted by rio;
        grant rdb$admin to {act.db.user} granted by bar;
        commit;
        set list on;
        set count on;
        -- This must return only 1 record:
        select sec$user_name, sec$plugin from sec$users where upper(sec$user_name) = upper('{act.db.user}') and upper(sec$plugin) = upper('srp');
        commit;
    """
    try:
        act.expected_stdout = f"""
            SEC$USER_NAME                   SYSDBA
            SEC$PLUGIN                      Srp
            Records affected: 1
        """
        act.isql(switches=['-q'], input=sql_test, connect_db=False, credentials = False, combine_output = True, io_enc = locale.getpreferredencoding())
        assert act.clean_stdout == act.clean_expected_stdout
        act.reset()
    finally:
        for p in (db_work_file,):
            if Path.exists(p):
                # Change DB state to full shutdown in order to have ability to drop database file.
                # This is needed because when DB is self-security then it will be kept opened for 10s
                # (as it always occurs for default security<N>.fdb). Set linger to 0 does not help.
                # Attempt to use 'drop database' fails with:
                # "SQLSTATE = 40001 / lock time-out on wait transaction / -object ... is in use"
                act.gfix(switches=['-shut', 'full', '-force', '0', f'localhost:{p}', '-user', act.db.user, '-pas', dba_pswd], io_enc = locale.getpreferredencoding(), credentials = False, combine_output = True)
                p.unlink()
                assert '' == capsys.readouterr().out