[Firebird-devel] [FB-Tracker] Created: (CORE-4806) Regression: gen_id( , ) is allowed to user who has not permission to change (and even see) value of sequence

[Pavel Zotov (JIRA)]

Regression: gen_id( <non_granted_gen>, <any_increment> ) is allowed to user who 
has not permission to change (and even see) value of sequence
---------------------------------------------------------------------------------------------------------------------------------------------

                 Key: CORE-4806
                 URL: http://tracker.firebirdsql.org/browse/CORE-4806
             Project: Firebird Core
          Issue Type: Bug
          Components: Engine, Security
    Affects Versions: 3.0 Beta 1, 3.0 Beta 2
            Reporter: Pavel Zotov


Script:
=====

show version;
set list on;
set echo on;

recreate sequence g; 
commit;
drop user maverick; 
commit;
create user maverick password '123'; 
commit;
revoke all on all from maverick; 
commit;
revoke all on all from public; 
commit;

show sequ; 

set term ^;
execute block returns(who_am_i varchar(31), what_i_have_done_with_gen bigint) as
  declare n bigint;
begin
  execute statement 'select current_user, gen_id(g, -9871234598765) from 
rdb$database'
  on external 'localhost:' || rdb$get_context('SYSTEM', 'DB_NAME')
  as user 'maverick' password '123'
  into who_am_i, what_i_have_done_with_gen;
  suspend;
end
^
set term ;^
commit;

show sequ;

Output (starting from 1st 'show sequ' command):
======

1. On WI-T3.0.0.30566 Firebird 3.0 Alpha 1:

show sequ;
Generator G, current value is 0

set term ^;
execute block returns(who_am_i varchar(31), what_i_have_done_with_gen bigint) as
  declare n bigint;
begin
  execute statement 'select current_user, gen_id(g, -9871234598765) from 
rdb$database' 
  on external 'localhost:' || rdb$get_context('SYSTEM', 'DB_NAME')
  as user 'maverick' password '123'
  into who_am_i, what_i_have_done_with_gen;
  suspend;
end
^

Statement failed, SQLSTATE = 42000
Execute statement error at isc_dsql_prepare :
335544352 : no permission for USAGE access to GENERATOR G
Statement : select current_user, gen_id(g, -9871234598765) from rdb$database
Data source : Firebird::localhost:C:\MIX\FIREBIRD\QA\FBT-REPO\TMP\E30A1.FDB
After line 19 in file gen_id_hole.sql
set term ;^
commit;

show sequ;
Generator G, current value is 0


2. On WI-T3.0.0.31374 Firebird 3.0 Beta 1:

show sequ;
Generator G, current value: 0, initial value: 0, increment: 1

set term ^;
execute block returns(who_am_i varchar(31), what_i_have_done_with_gen bigint) as
  declare n bigint;
begin
  execute statement 'select current_user, gen_id(g, -9871234598765) from 
rdb$database' 
  on external 'localhost:' || rdb$get_context('SYSTEM', 'DB_NAME')
  as user 'maverick' password '123'
  into who_am_i, what_i_have_done_with_gen;
  suspend;
end
^

WHO_AM_I                        MAVERICK
WHAT_I_HAVE_DONE_WITH_GEN       -9871234598765


set term ;^
commit;

show sequ;
Generator G, current value: -9871234598765, initial value: 0, increment: 1

PS.
As for Alpha-2: this script will raise strange exception on ES/EDS: 
===
Statement failed, SQLSTATE = 42000
Execute statement error at attach :
335544344 : I/O error during "CreateFile (open)" operation for file 
"localhost:C:\MIX\FIREBIRD\QA\FBT-REPO\TMP\E30A2.FDB"
335544734 : Error while trying to open file
123 : <syntax error in the name of file, directory or volume> // localized 
message, e.g. in cyrillic
Data source : Firebird::localhost:C:\MIX\FIREBIRD\QA\FBT-REPO\TMP\E30A2.FDB
===

If change execute block + es/eds with this:
===
show sequ;
commit;

connect 'localhost/3299:C:\MIX\FIREBIRD\QA\FBT-REPO\TMP\e30a2.fdb' user 
'maverick' password '123';

select current_user as who_am_i, gen_id(g, -9871234598765) as 
what_i_have_done_with_gen from rdb$database;
commit;

show sequ;
===

-- output in WI-T3.0.0.30809 Firebird 3.0 Alpha 2 will be:

show sequ;
Generator G, current value is 0
commit;

connect 'localhost/3299:C:\MIX\FIREBIRD\QA\FBT-REPO\TMP\e30a2.fdb' user 
'maverick' password '123';

select current_user as who_am_i, gen_id(g, -9871234598765) as 
what_i_have_done_with_gen from rdb$database;
Statement failed, SQLSTATE = 28000
no permission for USAGE access to GENERATOR G
After line 20 in file gen_id_hole-a2.sql
commit;

show sequ;
Statement failed, SQLSTATE = 28000
no permission for USAGE access to GENERATOR G
After line 23 in file gen_id_hole-a2.sql
There are no generators in this database



-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://tracker.firebirdsql.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel