void grantRevokeAdmin(Firebird::IUser* user, bool ignoreRevoke = false) { if (!user->admin()->entered()) { return; } Firebird::LocalStatus s; Firebird::CheckStatusWrapper statusWrapper(&s); Firebird::string userName(user->userName()->get()); prepareName(userName, '"'); Firebird::string sql; if (user->admin()->get() == 0) { Firebird::string userName2(user->userName()->get()); prepareName(userName2, '\''); Firebird::string selGrantor; selGrantor.printf("SELECT RDB$GRANTOR FROM RDB$USER_PRIVILEGES " "WHERE RDB$USER = '******' AND RDB$RELATION_NAME = '%s' AND RDB$PRIVILEGE = 'M'", userName2.c_str(), ADMIN_ROLE); Message out; Field<Varying> grantor(out, MAX_SQL_IDENTIFIER_SIZE); Firebird::IResultSet* curs = att->openCursor(&statusWrapper, tra, selGrantor.length(), selGrantor.c_str(), SQL_DIALECT_V6, NULL, NULL, out.getMetadata(), NULL, 0); check(&statusWrapper); bool hasGrant = curs->fetchNext(&statusWrapper, out.getBuffer()) == Firebird::IStatus::RESULT_OK; curs->close(&statusWrapper); check(&statusWrapper); if (hasGrant) { selGrantor = grantor; prepareName(selGrantor, '"'); sql.printf("REVOKE %s FROM \"%s\" GRANTED BY \"%s\"", ADMIN_ROLE, userName.c_str(), selGrantor.c_str()); } else { if (ignoreRevoke) return; // no grant - let engine produce correct error message sql.printf("REVOKE %s FROM \"%s\"", ADMIN_ROLE, userName.c_str()); } } else { sql.printf("GRANT %s TO \"%s\"", ADMIN_ROLE, userName.c_str()); } att->execute(&statusWrapper, tra, sql.length(), sql.c_str(), SQL_DIALECT_V6, NULL, NULL, NULL, NULL); check(&statusWrapper); }
ISC_STATUS API_ROUTINE isc_delete_user(ISC_STATUS* status, const USER_SEC_DATA* input_user_data) { /************************************** * * i s c _ d e l e t e _ u s e r * ************************************** * * Functional description * Deletes a user from the server's security * database. * Return 0 if the user was deleted * * Return > 0 if any error occurs. * **************************************/ Auth::StackUserData userInfo; userInfo.op = Auth::DEL_OPER; Firebird::LocalStatus s; Firebird::CheckStatusWrapper statusWrapper(&s); if (input_user_data->user_name) { Firebird::string work = input_user_data->user_name; if (work.length() > USERNAME_LENGTH) { return user_error(status, isc_usrname_too_long); } Firebird::string::size_type l = work.find(' '); if (l != Firebird::string::npos) { work.resize(l); } userInfo.user.set(&statusWrapper, work.c_str()); Firebird::check(&statusWrapper); userInfo.user.setEntered(&statusWrapper, 1); Firebird::check(&statusWrapper); } else { return user_error(status, isc_usrname_required); } return executeSecurityCommand(status, input_user_data, userInfo); }
void prepareDataStructures() { const char* script[] = { "CREATE TABLE PLG$SRP (PLG$USER_NAME SEC$USER_NAME NOT NULL PRIMARY KEY, " "PLG$VERIFIER VARCHAR(128) CHARACTER SET OCTETS NOT NULL, " "PLG$SALT VARCHAR(32) CHARACTER SET OCTETS NOT NULL, " "PLG$COMMENT RDB$DESCRIPTION, PLG$FIRST SEC$NAME_PART, " "PLG$MIDDLE SEC$NAME_PART, PLG$LAST SEC$NAME_PART, " "PLG$ATTRIBUTES RDB$DESCRIPTION, " "PLG$ACTIVE BOOLEAN)" , "CREATE VIEW PLG$SRP_VIEW AS " "SELECT PLG$USER_NAME, PLG$VERIFIER, PLG$SALT, PLG$COMMENT, " " PLG$FIRST, PLG$MIDDLE, PLG$LAST, PLG$ATTRIBUTES, PLG$ACTIVE " "FROM PLG$SRP WHERE RDB$SYSTEM_PRIVILEGE(USER_MANAGEMENT) " " OR CURRENT_USER = PLG$SRP.PLG$USER_NAME" , "GRANT ALL ON PLG$SRP TO VIEW PLG$SRP_VIEW" , "GRANT SELECT ON PLG$SRP_VIEW TO PUBLIC" , "GRANT UPDATE(PLG$VERIFIER, PLG$SALT, PLG$FIRST, PLG$MIDDLE, PLG$LAST, " " PLG$COMMENT, PLG$ATTRIBUTES) ON PLG$SRP_VIEW TO PUBLIC" , "GRANT ALL ON PLG$SRP_VIEW TO SYSTEM PRIVILEGE USER_MANAGEMENT" , NULL }; Firebird::LocalStatus s; Firebird::CheckStatusWrapper statusWrapper(&s); Firebird::ITransaction* ddlTran(att->startTransaction(&statusWrapper, 0, NULL)); try { for (const char** s = script; *s; ++s) { const char* sql = *s; bool err = false; if (sql[0] == '*') { ++sql; err = true; } att->execute(&statusWrapper, ddlTran, 0, sql, SQL_DIALECT_V6, NULL, NULL, NULL, NULL); if (!err) check(&statusWrapper); } ddlTran->commit(&statusWrapper); check(&statusWrapper); } catch (const Firebird::Exception&) { if (ddlTran) { ddlTran->rollback(&statusWrapper); } throw; } }
ISC_STATUS API_ROUTINE isc_modify_user(ISC_STATUS* status, const USER_SEC_DATA* input_user_data) { /************************************** * * i s c _ m o d i f y _ u s e r * ************************************** * * Functional description * Adds a user to the server's security * database. * Return 0 if the user was added * * Return > 0 if any error occurs. * **************************************/ Auth::StackUserData userInfo; userInfo.op = Auth::MOD_OPER; Firebird::LocalStatus s; Firebird::CheckStatusWrapper statusWrapper(&s); if (input_user_data->user_name) { Firebird::string work = input_user_data->user_name; if (work.length() > USERNAME_LENGTH) { return user_error(status, isc_usrname_too_long); } Firebird::string::size_type l = work.find(' '); if (l != Firebird::string::npos) { work.resize(l); } userInfo.user.set(&statusWrapper, work.c_str()); check(&statusWrapper); userInfo.user.setEntered(&statusWrapper, 1); check(&statusWrapper); } else { return user_error(status, isc_usrname_required); } if (input_user_data->password) { userInfo.pass.set(&statusWrapper, input_user_data->password); check(&statusWrapper); userInfo.pass.setEntered(&statusWrapper, 1); check(&statusWrapper); } else { return user_error(status, isc_password_required); } copyField(userInfo.u, input_user_data->uid, input_user_data->sec_flags & sec_uid_spec); copyField(userInfo.g, input_user_data->gid, input_user_data->sec_flags & sec_gid_spec); copyField(userInfo.group, input_user_data->group_name, input_user_data->sec_flags & sec_group_name_spec); copyField(userInfo.first, input_user_data->first_name, input_user_data->sec_flags & sec_first_name_spec); copyField(userInfo.middle, input_user_data->middle_name, input_user_data->sec_flags & sec_middle_name_spec); copyField(userInfo.last, input_user_data->last_name, input_user_data->sec_flags & sec_last_name_spec); return executeSecurityCommand(status, input_user_data, userInfo); }