From: Ann W. H. <awh...@us...> - 2001-11-03 19:50:15
|
Build Number:559 Update of /cvsroot/firebird/interbase/jrd In directory usw-pr-cvs1:/tmp/cvs-serv30439/interbase/jrd Modified Files: drq.h dyn.e grant.e Log Message: Going at the privileges error again. Now dyn.e picks a security class name for grants on fields and checks that it is unique. Index: drq.h =================================================================== RCS file: /cvsroot/firebird/interbase/jrd/drq.h,v retrieving revision 1.2 retrieving revision 1.3 diff -U3 -r1.2 -r1.3 --- drq.h 2001/07/02 07:56:55 1.2 +++ drq.h 2001/11/03 19:50:11 1.3 @@ -174,7 +174,9 @@ the user who was granted the privileges */ #define drq_g_rel_constr_nm 125 /* get relation constraint name */ #define drq_e_rel_const 126 /* erase relation constraints */ -#define drq_e_gens 127 /* erase generators */ -#define drq_MAX 128 +#define drq_e_gens 127 /* erase generators */ +#define drq_s_f_class 128 /* set the security class name for a field */ +#define drq_s_u_class 129 /* find a unique security class name for a field */ +#define drq_MAX 130 #endif /* _JRD_DRQ_H_ */ Index: dyn.e =================================================================== RCS file: /cvsroot/firebird/interbase/jrd/dyn.e,v retrieving revision 1.8 retrieving revision 1.9 diff -U3 -r1.8 -r1.9 --- dyn.e 2001/10/11 04:25:56 1.8 +++ dyn.e 2001/11/03 19:50:11 1.9 @@ -56,6 +56,7 @@ #include "../jrd/all_proto.h" #include "../jrd/blb_proto.h" #include "../jrd/cmp_proto.h" +#include "../jrd/dpm_proto.h" #include "../jrd/dyn_proto.h" #include "../jrd/dyn_df_proto.h" #include "../jrd/dyn_dl_proto.h" @@ -66,6 +67,7 @@ #include "../jrd/inf_proto.h" #include "../jrd/intl_proto.h" #include "../jrd/isc_f_proto.h" +#include "../jrd/met_proto.h" #include "../jrd/thd_proto.h" #include "../jrd/vio_proto.h" @@ -79,12 +81,13 @@ DATABASE DB = STATIC "yachts.gdb"; - + static void grant (GBL, UCHAR **); static BOOLEAN grantor_can_grant_role (TDBB, GBL, TEXT*, TEXT*); static BOOLEAN grantor_can_grant (GBL, TEXT*, TEXT*, TEXT*, TEXT*, BOOLEAN); static void revoke_permission (GBL, UCHAR **); static void store_privilege (GBL, TEXT *, TEXT *,TEXT *, TEXT *, SSHORT, SSHORT, int); +static void set_field_class_name (TEXT *, TEXT *); void DYN_ddl ( ATT attachment, @@ -2071,7 +2074,74 @@ tdbb->tdbb_setjmp = (UCHAR*) old_env; } - + +static void set_field_class_name ( + GBL gbl, + TEXT *relation, + TEXT *field) +{ +/************************************** + * + * s e t _ f i e l d _ c l a s s _ n a m e + * + ************************************** + * + * Functional description + * For field level grants, be sure the + * field has a unique class name. + * + **************************************/ +BLK request, request2 = NULL; +BOOLEAN unique = FALSE; +TDBB tdbb; +DBB dbb; + + +tdbb = GET_THREAD_DATA; +dbb = tdbb->tdbb_database; + + +request = (BLK) CMP_find_request (tdbb, drq_s_f_class, DYN_REQUESTS); + +FOR (REQUEST_HANDLE request TRANSACTION_HANDLE gbl->gbl_transaction) + RFR IN RDB$RELATION_FIELDS + WITH RFR.RDB$FIELD_NAME = field AND + RFR.RDB$RELATION_NAME = relation AND + RFR.RDB$SECURITY_CLASS MISSING + + MODIFY RFR + while (!unique) + { + sprintf (RFR.RDB$SECURITY_CLASS, "%s%" QUADFORMAT "d\0", "SQL$GRANT", + DPM_gen_id (tdbb, + MET_lookup_generator (tdbb, "RDB$SECURITY_CLASS"), + 0, (SINT64) 1)); + + unique = TRUE; + request2 = (BLK) CMP_find_request (tdbb, drq_s_u_class, DYN_REQUESTS); + FOR (REQUEST_HANDLE request2 TRANSACTION_HANDLE gbl->gbl_transaction) + RFR1 IN RDB$RELATION_FIELDS + WITH RFR1.RDB$SECURITY_CLASS = RFR.RDB$SECURITY_CLASS + unique = FALSE; + END_FOR; + } + + RFR.RDB$SECURITY_CLASS.NULL = FALSE; + END_MODIFY; + +END_FOR; + +if (!DYN_REQUEST (drq_s_f_class)) + DYN_REQUEST (drq_s_f_class) = request; + + +if (request2 && !DYN_REQUEST (drq_s_u_class)) + DYN_REQUEST (drq_s_u_class) = request; +} + + + + static void store_privilege ( GBL gbl, TEXT *object, @@ -2128,6 +2198,7 @@ { strcpy (PRIV.RDB$FIELD_NAME, field); PRIV.RDB$FIELD_NAME.NULL = FALSE; + set_field_class_name (gbl, object, field); } PRIV.RDB$PRIVILEGE [0] = privilege [0]; PRIV.RDB$PRIVILEGE [1] = 0; Index: grant.e =================================================================== RCS file: /cvsroot/firebird/interbase/jrd/grant.e,v retrieving revision 1.2 retrieving revision 1.3 diff -U3 -r1.2 -r1.3 --- grant.e 2001/09/17 12:50:24 1.2 +++ grant.e 2001/11/03 19:50:11 1.3 @@ -900,25 +900,21 @@ strcpy (s_class, FLD.RDB$SECURITY_CLASS); if (!s_class [0]) { - /* There is no security class name for this field, then make one. - Note that the field security class name is set here and in the - pre-store trigger for rdb$user_privileges. This field security - class name is removed in the pre erase trigger for - rdb$user_privileges. */ + /* We should never get here (I think) because this + value is set by dyn.e when the rdb$user_privileges + record is stored. There's also a before store trigger + on rdb$user_privileges, but it isn't so smart. -- AWH + */ + + sprintf (s_class, "%s%" QUADFORMAT "d\0", "SQL$GRANT", + DPM_gen_id (tdbb, MET_lookup_generator (tdbb, "RDB$SECURITY_CLASS"), + 0, (SINT64) 1)); + FOR (REQUEST_HANDLE request2) FLD2 IN RDB$RELATION_FIELDS WITH FLD2.RDB$RELATION_NAME EQ FLD.RDB$RELATION_NAME AND FLD2.RDB$FIELD_NAME EQ FLD.RDB$FIELD_NAME MODIFY FLD2 -#ifndef EXACT_NUMERICS - sprintf (s_class, "%s%ld\0", "SQL$GRANT", - DPM_gen_id (tdbb, MET_lookup_generator (tdbb, "RDB$SECURITY_CLASS"), - 0, (SLONG) 1)); -#else - sprintf (s_class, "%s%" QUADFORMAT "d\0", "SQL$GRANT", - DPM_gen_id (tdbb, MET_lookup_generator (tdbb, "RDB$SECURITY_CLASS"), - 0, (SINT64) 1)); -#endif jrd_vtof (s_class, FLD2.RDB$SECURITY_CLASS, sizeof (FLD2.RDB$SECURITY_CLASS)); END_MODIFY; END_FOR; |