firebird/firebird-qa
6
0
Fork 0
mirror of https://github.com/FirebirdSQL/firebird-qa.git synced 2025-01-22 13:33:07 +01:00
Code Issues Activity
dbcd5e8067
firebird-qa/tests/bugs/gh_7610_test.py

99 lines
4.2 KiB
Python
Raw Blame History

#coding:utf-8
"""
ID: issue-7610
ISSUE: https://github.com/FirebirdSQL/firebird/issues/7610
TITLE: Uninitialized/random value assigned to RDB$ROLES -> RDB$SYSTEM PRIVILEGES when restoring from FB3 backup
DESCRIPTION:
Test uses .fbk which was created in FB 3.x as it is described in the ticket.
Non-privileged user 'tmp_user_7610' and role 'tmp_role_7610' are created, and their names must be exactly the same
as used in FB 3.x.
We restore from this DB and check that it completes OK.
Then we make connection as non-pritileged user using role that did exist in FB 3.x.
Query 'select rdb$role_name,rdb$system_privileges from rdb$roles' must show 0000000000000000 for this role.
Query 'select * from test' must fail with 'no permission for SELECT' error.
NOTES:
[03.06.2023] pzotov
BOTH problems (ability to query table and random numbers in rdb$system_privileges) could be reproduced only in OLD
snapshots, not in recent ones!
In FB 4.x last snapshot where *both* problems present is 4.0.0.2571 (20-aug-2021). In 4.0.0.2573 only problem with
random number in rdb$ exists, but user can no longer query table.
In 4.0.3.2948 (01-jun-2023) content of rdb$ is 0000000000000000.
In FB 5.x situation is similar: last snapshot with *both* problems is 5.0.0.1000 (02-apr-2023), and since 5.0.0.1001
one may see only problem with numbers in rdb$, but they look 'constant': 3400000000000000, and this is so up to 5.0.0.1063.
Since 5.0.0.1065 (01-jun-2023) content of rdb$ is 0000000000000000.
"""
import pytest
from firebird.qa import *
import zipfile
from pathlib import Path
from firebird.driver import SrvRestoreFlag
import locale
import re
import time
db = db_factory() # do_not_create = True)
tmp_user = user_factory('db', name='tmp_user_7610', password='123')
tmp_role = role_factory('db', name='tmp_role_7610')
act = python_act('db')
fbk_file = temp_file('gh_7610.tmp.fbk')
@pytest.mark.version('>=4.0.3')
def test_1(act: Action, fbk_file: Path, tmp_user: User, tmp_role: Role, capsys):
zipped_fbk_file = zipfile.Path(act.files_dir / 'gh_7610.zip', at = 'gh_7610_made_in_fb_3x.fbk')
fbk_file.write_bytes(zipped_fbk_file.read_bytes())
allowed_patterns = \
(
'gbak:finishing, closing, and going home'
,'gbak:adjusting the ONLINE and FORCED WRITES flags'
)
allowed_patterns = [ re.compile(p, re.IGNORECASE) for p in allowed_patterns ]
with act.connect_server(encoding=locale.getpreferredencoding()) as srv:
srv.database.restore(database=act.db.db_path, backup=fbk_file, flags=SrvRestoreFlag.REPLACE, verbose=True)
restore_log = srv.readlines()
for line in restore_log:
if act.match_any(line.strip(), allowed_patterns):
print(line)
expected_stdout = """
gbak:finishing, closing, and going home
gbak:adjusting the ONLINE and FORCED WRITES flags
"""
act.expected_stdout = expected_stdout
act.stdout = capsys.readouterr().out
assert act.clean_stdout == act.clean_expected_stdout
act.reset()
#####################################################
test_sql = f"""
set list on;
connect '{act.db.dsn}' user {tmp_user.name} password '{tmp_user.password}' role {tmp_role.name};
select mon$user, mon$role from mon$attachments where mon$attachment_id = current_connection;
select rdb$role_name,rdb$system_privileges from rdb$roles;
select * from test;
"""
expected_stdout = f"""
MON$USER {tmp_user.name.upper()}
MON$ROLE {tmp_role.name.upper()}
RDB$ROLE_NAME RDB$ADMIN
RDB$SYSTEM_PRIVILEGES FFFFFFFFFFFFFFFF
RDB$ROLE_NAME {tmp_role.name.upper()}
RDB$SYSTEM_PRIVILEGES 0000000000000000
Statement failed, SQLSTATE = 28000
no permission for SELECT access to TABLE TEST
-Effective user is {tmp_user.name.upper()}
"""
act.expected_stdout = expected_stdout
act.isql(switches=['-q'], input = test_sql, connect_db = False, credentials = False, combine_output = True, io_enc = locale.getpreferredencoding())
assert act.clean_stdout == act.clean_expected_stdout
Reference in New Issue View Git Blame Copy Permalink