[Firebird-devel] usage privileges
Currently access to sequences/generators and exceptions is not limited, i.e. user not granted explicitly any rights can access sequences and exceptions. I wonder - who added that privileges in such way? Is it WIP or a bug that requires fixing? -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] usage privileges
> On Mar 29, 2015, at 8:58 AM, Alex Peshkoff wrote: > > Currently access to sequences/generators and exceptions is not limited, > i.e. user not granted explicitly any rights can access sequences and > exceptions. I wonder - who added that privileges in such way? Is it WIP > or a bug that requires fixing? I can only speak to generators which were added a long time ago. At that time, InterBase had two security models - a permissive mode that assumed all usage and allowed the administrator to restrict access, and the beginning of the SQL model which was used only to the extent it was defined in the standard, which didn't recognize generators. So all access was allowed to generators by default. I guess if somebody had asked, we'd have added the ability to restrict access. Adding SQL style permissions will require some thought, since nobody has granted all rights to all on generators and suddenly restricting access to them will be a serious nuisance. Cheers, Ann -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] usage privileges
On 03/29/15 17:19, Ann Harrison wrote: >> On Mar 29, 2015, at 8:58 AM, Alex Peshkoff wrote: >> >> Currently access to sequences/generators and exceptions is not limited, >> i.e. user not granted explicitly any rights can access sequences and >> exceptions. I wonder - who added that privileges in such way? Is it WIP >> or a bug that requires fixing? > I can only speak to generators which were added a long time ago. At that > time, InterBase had two security models - a permissive mode that assumed all > usage and allowed the administrator to restrict access, and the beginning of > the SQL model which was used only to the extent it was defined in the > standard, which didn't recognize generators. So all access was allowed to > generators by default. I guess if somebody had asked, we'd have added the > ability to restrict access. > > Adding SQL style permissions will require some thought, since nobody has > granted all rights to all on generators and suddenly restricting access to > them will be a serious nuisance. I remember that GDML security model enabled all access by default. And we live with all generators available by default for many years. The main problem I see in current code is that we already have a command: grant usage on sequence gen_name to some_user; but it does not affect user rights to access gen_name - generators may be access with this command or without it (i.e. as it was before). I.e. looks like somebody started with limiting access to generators but did not complete that job. -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] usage privileges
29.03.2015 16:31, Alex Peshkoff wrote: > The main problem I see in current code is that we already have a command: > grant usage on sequence gen_name to some_user; > but it does not affect user rights to access gen_name - generators may > be access with this command or without it (i.e. as it was before). Isn't this the first grant in database?.. Full access to everything till the first grant is the legacy behaviour. -- WBR, SD. -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] usage privileges
On 03/29/15 17:35, Dimitry Sibiryakov wrote: > 29.03.2015 16:31, Alex Peshkoff wrote: >> The main problem I see in current code is that we already have a command: >> grant usage on sequence gen_name to some_user; >> but it does not affect user rights to access gen_name - generators may >> be access with this command or without it (i.e. as it was before). > Isn't this the first grant in database?.. No. > Full access to everything till the first > grant is the legacy behaviour. > -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Build Firebird on Mac OSX Yosemite with CMake
However today I tried to actually use it on my Mac. And I guess the schemes in Xcode are not ready to simply start it from the ide. So in the build directory I tried to start it using fbguard: sudo bin/fbguard -daemon Which failed with the following entries in the Firebird.log file: macbook.local Sun Mar 29 18:27:05 2015 socket: error creating socket (family 2, socktype 1, protocol 6 macbook.local Sun Mar 29 18:27:05 2015 startup:INET_connect: Unable to complete network request to host "127.0.0.1". Error while listening for an incoming connection. I set the address to 127.0.0.1 in the Firebird.conf: RemoteBindAddress = 127.0.0.1 Also for testing I turned off the Firewall completely, but still was unable to start it. I assume that the client/server communicate via tcp/ip but what about UNIX sockets? Where can I set which method should be used? I also seems that both fail. On Monday, March 9, 2015 9:41 PM, Nils B wrote: Quickly tested it, built w/o problems in Xcode! Thanks! On Sunday, March 8, 2015 2:24 PM, Egor Pugin wrote: Hi, Should be fixed now. Update trunk to the latest revision and try to build it. Please note that cmake build is still an experimental feature. On 8 March 2015 at 14:59, Nils B wrote: > Hi there > > I tried building the trunk version of Firebird on my Mac using Cmake. I > installed the dev tools, libicu and CMake and generated an Xcode Project. > When I tried to compile it on Xcode, I ended up with the following error: > > Ld /users/n/Develop/Firebird/build/src/Debug/bin/gpre_boot normal x86_64 > cd /users/n/Develop/Firebird/trunk > export MACOSX_DEPLOYMENT_TARGET=10.10 > > /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang++ > -arch x86_64 -isysroot > /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.10.sdk > -L/users/n/Develop/Firebird/build/src/Debug/bin -L/opt/local/lib/Debug > -L/opt/local/lib -F/users/n/Develop/Firebird/build/src/Debug/bin -filelist > /users/n/Develop/Firebird/build/src/firebird.build/Debug/gpre_boot.build/Objects-normal/x86_64/gpre_boot.LinkFileList > -Xlinker -rpath -Xlinker /opt/local/lib -mmacosx-version-min=10.10 > -Wl,-search_paths_first -Wl,-headerpad_max_install_names > /users/n/Develop/Firebird/build/src/gpre/Debug/libgpre_common.a > /users/n/Develop/Firebird/build/src/Debug/libcommon.a -Xlinker > -dependency_info -Xlinker > /users/n/Develop/Firebird/build/src/firebird.build/Debug/gpre_boot.build/Objects-normal/x86_64/gpre_boot_dependency_info.dat > -o /users/n/Develop/Firebird/build/src/Debug/bin/gpre_boot > > ld: warning: directory not found for option '-L/opt/local/lib/Debug' > ld: warning: directory not found for option '-L/opt/local/lib' > Undefined symbols for architecture x86_64: > "_iconv", referenced from: > (anonymous namespace)::IConv::convert(Firebird::AbstractString&, > void*) in libcommon.a(isc_file.o) > "_iconv_close", referenced from: > (anonymous namespace)::IConv::closeIconv(void*) in > libcommon.a(isc_file.o) > "_iconv_open", referenced from: > (anonymous namespace)::IConv::openIconv(char const*, char const*) in > libcommon.a(isc_file.o) > ld: symbol(s) not found for architecture x86_64 > clang: error: linker command failed with exit code 1 (use -v to see > invocation) > > I am not familiar with the iconv lib, but I guess there are people building > Firebird successfully on their Mac. So can anybody enlighten me what the > problem is? > > -- > Dive into the World of Parallel Programming The Go Parallel Website, > sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for > all > things parallel software development, from weekly thought leadership blogs > to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > Firebird-Devel mailing list, web interface at > https://lists.sourceforge.net/lists/listinfo/firebird-devel > -- Egor Pugin -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Build Firebird on Mac OSX Yosemite with CMake
Hi, Actually I didn't try to run Firebird on OS X before, but... I ran fbserver from Xcode and the standard socket() function cannot create socket. remote/inet.cpp:3060 fd = ::socket(domain, type | O_CLOEXEC, protocol); (The execution does not go into the next if statement. It seems errno has other value than specified in the condition.) Without the 'O_CLOEXEC' flag the server starts well. fd = ::socket(domain, type, protocol); You can ask core developers about this issue. On 29 March 2015 at 19:32, Nils wrote: > However today I tried to actually use it on my Mac. And I guess the schemes > in Xcode are not ready to simply start it from the ide. So in the build > directory I tried to start it using fbguard: > > sudo bin/fbguard -daemon > > Which failed with the following entries in the Firebird.log file: > > macbook.local Sun Mar 29 18:27:05 2015 > socket: error creating socket (family 2, socktype 1, protocol 6 > > > macbook.local Sun Mar 29 18:27:05 2015 > startup:INET_connect: > Unable to complete network request to host "127.0.0.1". > Error while listening for an incoming connection. > > > I set the address to 127.0.0.1 in the Firebird.conf: > > RemoteBindAddress = 127.0.0.1 > > Also for testing I turned off the Firewall completely, but still was unable > to start it. I assume that the client/server communicate via tcp/ip but what > about UNIX sockets? Where can I set which method should be used? I also > seems that both fail. > > > > > > On Monday, March 9, 2015 9:41 PM, Nils B wrote: > > > Quickly tested it, built w/o problems in Xcode! Thanks! > > > On Sunday, March 8, 2015 2:24 PM, Egor Pugin wrote: > > > Hi, > > Should be fixed now. > Update trunk to the latest revision and try to build it. > > Please note that cmake build is still an experimental feature. > > On 8 March 2015 at 14:59, Nils B wrote: >> Hi there >> >> I tried building the trunk version of Firebird on my Mac using Cmake. I >> installed the dev tools, libicu and CMake and generated an Xcode Project. >> When I tried to compile it on Xcode, I ended up with the following error: >> >> Ld /users/n/Develop/Firebird/build/src/Debug/bin/gpre_boot normal x86_64 >>cd /users/n/Develop/Firebird/trunk >>export MACOSX_DEPLOYMENT_TARGET=10.10 >> >> >> /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang++ >> -arch x86_64 -isysroot >> >> /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.10.sdk >> -L/users/n/Develop/Firebird/build/src/Debug/bin -L/opt/local/lib/Debug >> -L/opt/local/lib -F/users/n/Develop/Firebird/build/src/Debug/bin -filelist >> >> /users/n/Develop/Firebird/build/src/firebird.build/Debug/gpre_boot.build/Objects-normal/x86_64/gpre_boot.LinkFileList >> -Xlinker -rpath -Xlinker /opt/local/lib -mmacosx-version-min=10.10 >> -Wl,-search_paths_first -Wl,-headerpad_max_install_names >> /users/n/Develop/Firebird/build/src/gpre/Debug/libgpre_common.a >> /users/n/Develop/Firebird/build/src/Debug/libcommon.a -Xlinker >> -dependency_info -Xlinker >> >> /users/n/Develop/Firebird/build/src/firebird.build/Debug/gpre_boot.build/Objects-normal/x86_64/gpre_boot_dependency_info.dat >> -o /users/n/Develop/Firebird/build/src/Debug/bin/gpre_boot >> >> ld: warning: directory not found for option '-L/opt/local/lib/Debug' >> ld: warning: directory not found for option '-L/opt/local/lib' >> Undefined symbols for architecture x86_64: >> "_iconv", referenced from: >> (anonymous namespace)::IConv::convert(Firebird::AbstractString&, >> void*) in libcommon.a(isc_file.o) >> "_iconv_close", referenced from: >> (anonymous namespace)::IConv::closeIconv(void*) in >> libcommon.a(isc_file.o) >> "_iconv_open", referenced from: >> (anonymous namespace)::IConv::openIconv(char const*, char const*) in >> libcommon.a(isc_file.o) >> ld: symbol(s) not found for architecture x86_64 >> clang: error: linker command failed with exit code 1 (use -v to see >> invocation) >> >> I am not familiar with the iconv lib, but I guess there are people >> building >> Firebird successfully on their Mac. So can anybody enlighten me what the >> problem is? >> >> >> -- >> Dive into the World of Parallel Programming The Go Parallel Website, >> sponsored >> by Intel and developed in partnership with Slashdot Media, is your hub for >> all >> things parallel software development, from weekly thought leadership blogs > >> to > >> news, videos, case studies, tutorials and more. Take a look and join the >> conversation now. http://goparallel.sourceforge.net/ >> Firebird-Devel mailing list, web interface at >> https://lists.sourceforge.net/lists/listinfo/firebird-devel >> > > > > -- > Egor Pugin > > > > > -- Egor Pugin -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and develop
