[Firebird-devel] [FB-Tracker] Created: (CORE-5755) Existing a subject of privileges
Existing a subject of privileges Key: CORE-5755 URL: http://tracker.firebirdsql.org/browse/CORE-5755 Project: Firebird Core Issue Type: Bug Components: Engine Affects Versions: 3.0.3, 4.0 Alpha 1 Reporter: Roman Simakov We have no check of existance a subjects of privileges. I.e. roman:bin$ ./isql Use CONNECT or CREATE DATABASE to specify a database SQL> create database 'a'; SQL> create table t(i integer); SQL> grant select on t to function wrong_func; SQL> show function wrong_func; There is no user-defined function WRONG_FUNC in this database We cannot check of existance user in such case but when we grant privilege to the database object we need to do it. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://tracker.firebirdsql.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Existing a subject of privileges and refactoring
2018-02-20 15:43 GMT+03:00 Alex Peshkoff via Firebird-devel: > On 02/20/18 15:39, Roman Simakov wrote: >> In this case it's a bug right? >> > > yes http://tracker.firebirdsql.org/browse/CORE-5755 -- Roman Simakov -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Existing a subject of privileges and refactoring
On 02/20/18 15:39, Roman Simakov wrote: 2018-02-20 15:27 GMT+03:00 Alex Peshkoff via Firebird-devel: Always requiring object type is best of possible solutions but I'm afraid that's unreal. I've supposed missing keyword, i.e. real failing statement is: grant select on t to FUNCTION wrong_func; Roman - am I wrong? Right. I meant explicit keyword. See this: roman:bin$ ./isql Use CONNECT or CREATE DATABASE to specify a database SQL> create database 'a'; SQL> create table t(i integer); SQL> grant select on t to function wrong_func; SQL> show function wrong_func; There is no user-defined function WRONG_FUNC in this database In this case it's a bug right? yes -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Existing a subject of privileges and refactoring
2018-02-20 15:27 GMT+03:00 Alex Peshkoff via Firebird-devel: > Always requiring object type is best of possible solutions but I'm afraid > that's unreal. > > I've supposed missing keyword, i.e. real failing statement is: > > grant select on t to FUNCTION wrong_func; > > Roman - am I wrong? Right. I meant explicit keyword. See this: roman:bin$ ./isql Use CONNECT or CREATE DATABASE to specify a database SQL> create database 'a'; SQL> create table t(i integer); SQL> grant select on t to function wrong_func; SQL> show function wrong_func; There is no user-defined function WRONG_FUNC in this database In this case it's a bug right? -- Roman Simakov -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Existing a subject of privileges and refactoring
On 02/20/18 15:19, Dimitry Sibiryakov wrote: 20.02.2018 13:14, Alex Peshkoff via Firebird-devel wrote: 2) We have no check of existance a subjects of privileges. I.e. SQL> create table t(i integer); SQL> grant select on t to wrong_func; SQL> show function wrong_func; There is no user-defined function WRONG_FUNC in this database I tend to consider it as a bug to be fixed. Am I right? Definitely yes. Do you suggest to remove defaulting of subject type to "USER" and require explicit type name in all cases? Always requiring object type is best of possible solutions but I'm afraid that's unreal. I've supposed missing keyword, i.e. real failing statement is: grant select on t to FUNCTION wrong_func; Roman - am I wrong? -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] [FB-Tracker] Created: (CORE-5746) Remove the restriction on create/delete, enable/disable the system indexes in system tables
Hello. The background of this task in CORE-5612, it contains research details and conclusions. How much I understood, there is no way to specify what index should be used at system inquiries from *.epp files? If not, is it possible to enable the create/delete, enable/disable indexes on system tables, including standard system indexes? I would try to implement this if the approach is approved. In Firebird 2.5, we get around the problem described in CORE-5612 by creating 2 indexes and turning off the indices RDB$INDEX_27 and RDB$INDEX_28 at the right time (then turn it back on). But we can not act in the same way in Firebird 3.0 because these actions are only allowed by GBACK (attachment->isGbak) and only during the creation of the database (attachment->att_flags & ATT_creator). Those if you do not want to allow such actions publicly, you could be allowed to do it from external utilities similar to GBACK (dpb.insertString(isc_dpb_gbak_attach, FB_VERSION, fb_strlen(FB_VERSION))), but then need to remove the check for the creator of database (attachment->att_flags & ATT_creator). -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Existing a subject of privileges and refactoring
20.02.2018 13:14, Alex Peshkoff via Firebird-devel wrote: 2) We have no check of existance a subjects of privileges. I.e. SQL> create table t(i integer); SQL> grant select on t to wrong_func; SQL> show function wrong_func; There is no user-defined function WRONG_FUNC in this database I tend to consider it as a bug to be fixed. Am I right? Definitely yes. Do you suggest to remove defaulting of subject type to "USER" and require explicit type name in all cases? -- WBR, SD. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Existing a subject of privileges and refactoring
On 02/20/18 14:55, Roman Simakov wrote: Hello! I fixed several bugs related to GRANT operator and investigated a couple of issues I'd like to discuss: 1) Replace RDB$TRIGGER_9 (trigger1 in trig.h) by code in DdlNodes.epp with the same functions. I already did it in CORE-5747 to check grant option. Good way to go. We can do it since we remove direct modifying system tables. It's more obvious place and we can use at least assert to check that all object types are verifyied. That could avoid errors like CORE-5747 in future. BLR of trigger is hard for support IMO. Also note I'm checking GRANT OPTION of roles which current user use. Now he can have several such roles. RDB$TRIGGER_9 do not check them I think. 2) We have no check of existance a subjects of privileges. I.e. SQL> create table t(i integer); SQL> grant select on t to wrong_func; SQL> show function wrong_func; There is no user-defined function WRONG_FUNC in this database I tend to consider it as a bug to be fixed. Am I right? Definitely yes. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Existing a subject of privileges and refactoring
20.02.2018 12:55, Roman Simakov wrote: 2) We have no check of existance a subjects of privileges. I.e. SQL> create table t(i integer); SQL> grant select on t to wrong_func; SQL> show function wrong_func; There is no user-defined function WRONG_FUNC in this database I tend to consider it as a bug to be fixed. Am I right? Without explicit type of subject GRANT command grants it to a user which existence cannot be verified. You must use explicit "grant select on t to FUNCTION wrong_func" to get error. I don't know if in currently user's existence can be checked via SEC$USERS. -- WBR, SD. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
[Firebird-devel] Existing a subject of privileges and refactoring
Hello! I fixed several bugs related to GRANT operator and investigated a couple of issues I'd like to discuss: 1) Replace RDB$TRIGGER_9 (trigger1 in trig.h) by code in DdlNodes.epp with the same functions. I already did it in CORE-5747 to check grant option. We can do it since we remove direct modifying system tables. It's more obvious place and we can use at least assert to check that all object types are verifyied. That could avoid errors like CORE-5747 in future. BLR of trigger is hard for support IMO. Also note I'm checking GRANT OPTION of roles which current user use. Now he can have several such roles. RDB$TRIGGER_9 do not check them I think. 2) We have no check of existance a subjects of privileges. I.e. SQL> create table t(i integer); SQL> grant select on t to wrong_func; SQL> show function wrong_func; There is no user-defined function WRONG_FUNC in this database I tend to consider it as a bug to be fixed. Am I right? -- Roman Simakov -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel