void grantRevokeAdmin(Firebird::IUser* user, bool ignoreRevoke = false)
{
if (!user->admin()->entered())
{
return;
}
Firebird::LocalStatus s;
Firebird::CheckStatusWrapper statusWrapper(&s);
Firebird::string userName(user->userName()->get());
prepareName(userName, '"');
Firebird::string sql;
if (user->admin()->get() == 0)
{
Firebird::string userName2(user->userName()->get());
prepareName(userName2, '\'');
Firebird::string selGrantor;
selGrantor.printf("SELECT RDB$GRANTOR FROM RDB$USER_PRIVILEGES "
"WHERE RDB$USER = '******' AND RDB$RELATION_NAME = '%s' AND RDB$PRIVILEGE = 'M'",
userName2.c_str(), ADMIN_ROLE);
Message out;
Field<Varying> grantor(out, MAX_SQL_IDENTIFIER_SIZE);
Firebird::IResultSet* curs = att->openCursor(&statusWrapper, tra, selGrantor.length(),
selGrantor.c_str(), SQL_DIALECT_V6, NULL, NULL, out.getMetadata(), NULL, 0);
check(&statusWrapper);
bool hasGrant = curs->fetchNext(&statusWrapper, out.getBuffer()) == Firebird::IStatus::RESULT_OK;
curs->close(&statusWrapper);
check(&statusWrapper);
if (hasGrant)
{
selGrantor = grantor;
prepareName(selGrantor, '"');
sql.printf("REVOKE %s FROM \"%s\" GRANTED BY \"%s\"",
ADMIN_ROLE, userName.c_str(), selGrantor.c_str());
}
else
{
if (ignoreRevoke)
return;
// no grant - let engine produce correct error message
sql.printf("REVOKE %s FROM \"%s\"", ADMIN_ROLE, userName.c_str());
}
}
else
{
sql.printf("GRANT %s TO \"%s\"", ADMIN_ROLE, userName.c_str());
}
att->execute(&statusWrapper, tra, sql.length(), sql.c_str(),
SQL_DIALECT_V6, NULL, NULL, NULL, NULL);
check(&statusWrapper);
}
ISC_STATUS API_ROUTINE isc_delete_user(ISC_STATUS* status, const USER_SEC_DATA* input_user_data)
{
/**************************************
*
* i s c _ d e l e t e _ u s e r
*
**************************************
*
* Functional description
* Deletes a user from the server's security
* database.
* Return 0 if the user was deleted
*
* Return > 0 if any error occurs.
*
**************************************/
Auth::StackUserData userInfo;
userInfo.op = Auth::DEL_OPER;
Firebird::LocalStatus s;
Firebird::CheckStatusWrapper statusWrapper(&s);
if (input_user_data->user_name)
{
Firebird::string work = input_user_data->user_name;
if (work.length() > USERNAME_LENGTH) {
return user_error(status, isc_usrname_too_long);
}
Firebird::string::size_type l = work.find(' ');
if (l != Firebird::string::npos) {
work.resize(l);
}
userInfo.user.set(&statusWrapper, work.c_str());
Firebird::check(&statusWrapper);
userInfo.user.setEntered(&statusWrapper, 1);
Firebird::check(&statusWrapper);
}
else {
return user_error(status, isc_usrname_required);
}
return executeSecurityCommand(status, input_user_data, userInfo);
}
void prepareDataStructures()
{
const char* script[] = {
"CREATE TABLE PLG$SRP (PLG$USER_NAME SEC$USER_NAME NOT NULL PRIMARY KEY, "
"PLG$VERIFIER VARCHAR(128) CHARACTER SET OCTETS NOT NULL, "
"PLG$SALT VARCHAR(32) CHARACTER SET OCTETS NOT NULL, "
"PLG$COMMENT RDB$DESCRIPTION, PLG$FIRST SEC$NAME_PART, "
"PLG$MIDDLE SEC$NAME_PART, PLG$LAST SEC$NAME_PART, "
"PLG$ATTRIBUTES RDB$DESCRIPTION, "
"PLG$ACTIVE BOOLEAN)"
,
"CREATE VIEW PLG$SRP_VIEW AS "
"SELECT PLG$USER_NAME, PLG$VERIFIER, PLG$SALT, PLG$COMMENT, "
" PLG$FIRST, PLG$MIDDLE, PLG$LAST, PLG$ATTRIBUTES, PLG$ACTIVE "
"FROM PLG$SRP WHERE RDB$SYSTEM_PRIVILEGE(USER_MANAGEMENT) "
" OR CURRENT_USER = PLG$SRP.PLG$USER_NAME"
,
"GRANT ALL ON PLG$SRP TO VIEW PLG$SRP_VIEW"
,
"GRANT SELECT ON PLG$SRP_VIEW TO PUBLIC"
,
"GRANT UPDATE(PLG$VERIFIER, PLG$SALT, PLG$FIRST, PLG$MIDDLE, PLG$LAST, "
" PLG$COMMENT, PLG$ATTRIBUTES) ON PLG$SRP_VIEW TO PUBLIC"
,
"GRANT ALL ON PLG$SRP_VIEW TO SYSTEM PRIVILEGE USER_MANAGEMENT"
,
NULL
};
Firebird::LocalStatus s;
Firebird::CheckStatusWrapper statusWrapper(&s);
Firebird::ITransaction* ddlTran(att->startTransaction(&statusWrapper, 0, NULL));
try
{
for (const char** s = script; *s; ++s)
{
const char* sql = *s;
bool err = false;
if (sql[0] == '*')
{
++sql;
err = true;
}
att->execute(&statusWrapper, ddlTran, 0, sql, SQL_DIALECT_V6, NULL, NULL, NULL, NULL);
if (!err)
check(&statusWrapper);
}
ddlTran->commit(&statusWrapper);
check(&statusWrapper);
}
catch (const Firebird::Exception&)
{
if (ddlTran)
{
ddlTran->rollback(&statusWrapper);
}
throw;
}
}
ISC_STATUS API_ROUTINE isc_modify_user(ISC_STATUS* status, const USER_SEC_DATA* input_user_data)
{
/**************************************
*
* i s c _ m o d i f y _ u s e r
*
**************************************
*
* Functional description
* Adds a user to the server's security
* database.
* Return 0 if the user was added
*
* Return > 0 if any error occurs.
*
**************************************/
Auth::StackUserData userInfo;
userInfo.op = Auth::MOD_OPER;
Firebird::LocalStatus s;
Firebird::CheckStatusWrapper statusWrapper(&s);
if (input_user_data->user_name)
{
Firebird::string work = input_user_data->user_name;
if (work.length() > USERNAME_LENGTH) {
return user_error(status, isc_usrname_too_long);
}
Firebird::string::size_type l = work.find(' ');
if (l != Firebird::string::npos) {
work.resize(l);
}
userInfo.user.set(&statusWrapper, work.c_str());
check(&statusWrapper);
userInfo.user.setEntered(&statusWrapper, 1);
check(&statusWrapper);
}
else {
return user_error(status, isc_usrname_required);
}
if (input_user_data->password)
{
userInfo.pass.set(&statusWrapper, input_user_data->password);
check(&statusWrapper);
userInfo.pass.setEntered(&statusWrapper, 1);
check(&statusWrapper);
}
else {
return user_error(status, isc_password_required);
}
copyField(userInfo.u, input_user_data->uid, input_user_data->sec_flags & sec_uid_spec);
copyField(userInfo.g, input_user_data->gid, input_user_data->sec_flags & sec_gid_spec);
copyField(userInfo.group, input_user_data->group_name, input_user_data->sec_flags & sec_group_name_spec);
copyField(userInfo.first, input_user_data->first_name, input_user_data->sec_flags & sec_first_name_spec);
copyField(userInfo.middle, input_user_data->middle_name, input_user_data->sec_flags & sec_middle_name_spec);
copyField(userInfo.last, input_user_data->last_name, input_user_data->sec_flags & sec_last_name_spec);
return executeSecurityCommand(status, input_user_data, userInfo);
}
