From: <di...@us...> - 2012-01-20 10:23:38
|
Revision: 53900 http://firebird.svn.sourceforge.net/firebird/?rev=53900&view=rev Author: dimitr Date: 2012-01-20 10:23:31 +0000 (Fri, 20 Jan 2012) Log Message: ----------- Disallowed deletions from RDB$DATABASE. This fixes the only problematic part of CORE-3735: Unprivileged user can delete from RDB$DATABASE, RDB$COLLATIONS, RDB$CHARACTER_SETS. The implemented solution could be used to protect other system tables from direct modifications. Modified Paths: -------------- firebird/trunk/lang_helpers/gds_codes.ftn firebird/trunk/lang_helpers/gds_codes.pas firebird/trunk/src/include/gen/codetext.h firebird/trunk/src/include/gen/iberror.h firebird/trunk/src/include/gen/msgs.h firebird/trunk/src/include/gen/sql_code.h firebird/trunk/src/include/gen/sql_state.h firebird/trunk/src/jrd/vio.cpp firebird/trunk/src/msgs/facilities2.sql firebird/trunk/src/msgs/messages2.sql firebird/trunk/src/msgs/system_errors2.sql Modified: firebird/trunk/lang_helpers/gds_codes.ftn =================================================================== --- firebird/trunk/lang_helpers/gds_codes.ftn 2012-01-20 03:39:43 UTC (rev 53899) +++ firebird/trunk/lang_helpers/gds_codes.ftn 2012-01-20 10:23:31 UTC (rev 53900) @@ -1470,6 +1470,8 @@ PARAMETER (GDS__ss_out_of_bounds = 335545028) INTEGER*4 GDS__missing_data_structures PARAMETER (GDS__missing_data_structures = 335545029) + INTEGER*4 GDS__protect_sys_tab + PARAMETER (GDS__protect_sys_tab = 335545030) INTEGER*4 GDS__gfix_db_name PARAMETER (GDS__gfix_db_name = 335740929) INTEGER*4 GDS__gfix_invalid_sw Modified: firebird/trunk/lang_helpers/gds_codes.pas =================================================================== --- firebird/trunk/lang_helpers/gds_codes.pas 2012-01-20 03:39:43 UTC (rev 53899) +++ firebird/trunk/lang_helpers/gds_codes.pas 2012-01-20 10:23:31 UTC (rev 53900) @@ -742,6 +742,7 @@ gds_ee_blr_mismatch_length = 335545027; gds_ss_out_of_bounds = 335545028; gds_missing_data_structures = 335545029; + gds_protect_sys_tab = 335545030; gds_gfix_db_name = 335740929; gds_gfix_invalid_sw = 335740930; gds_gfix_incmp_sw = 335740932; Modified: firebird/trunk/src/include/gen/codetext.h =================================================================== --- firebird/trunk/src/include/gen/codetext.h 2012-01-20 03:39:43 UTC (rev 53899) +++ firebird/trunk/src/include/gen/codetext.h 2012-01-20 10:23:31 UTC (rev 53900) @@ -731,6 +731,7 @@ {"ee_blr_mismatch_length", 335545027}, {"ss_out_of_bounds", 335545028}, {"missing_data_structures", 335545029}, + {"protect_sys_tab", 335545030}, {"gfix_db_name", 335740929}, {"gfix_invalid_sw", 335740930}, {"gfix_incmp_sw", 335740932}, Modified: firebird/trunk/src/include/gen/iberror.h =================================================================== --- firebird/trunk/src/include/gen/iberror.h 2012-01-20 03:39:43 UTC (rev 53899) +++ firebird/trunk/src/include/gen/iberror.h 2012-01-20 10:23:31 UTC (rev 53900) @@ -765,6 +765,7 @@ const ISC_STATUS isc_ee_blr_mismatch_length = 335545027L; const ISC_STATUS isc_ss_out_of_bounds = 335545028L; const ISC_STATUS isc_missing_data_structures = 335545029L; +const ISC_STATUS isc_protect_sys_tab = 335545030L; const ISC_STATUS isc_gfix_db_name = 335740929L; const ISC_STATUS isc_gfix_invalid_sw = 335740930L; const ISC_STATUS isc_gfix_incmp_sw = 335740932L; @@ -1206,7 +1207,7 @@ const ISC_STATUS isc_trace_switch_param_miss = 337182758L; const ISC_STATUS isc_trace_param_act_notcompat = 337182759L; const ISC_STATUS isc_trace_mandatory_switch_miss = 337182760L; -const ISC_STATUS isc_err_max = 1150; +const ISC_STATUS isc_err_max = 1151; #else /* c definitions */ @@ -1941,6 +1942,7 @@ #define isc_ee_blr_mismatch_length 335545027L #define isc_ss_out_of_bounds 335545028L #define isc_missing_data_structures 335545029L +#define isc_protect_sys_tab 335545030L #define isc_gfix_db_name 335740929L #define isc_gfix_invalid_sw 335740930L #define isc_gfix_incmp_sw 335740932L @@ -2382,7 +2384,7 @@ #define isc_trace_switch_param_miss 337182758L #define isc_trace_param_act_notcompat 337182759L #define isc_trace_mandatory_switch_miss 337182760L -#define isc_err_max 1150 +#define isc_err_max 1151 #endif Modified: firebird/trunk/src/include/gen/msgs.h =================================================================== --- firebird/trunk/src/include/gen/msgs.h 2012-01-20 03:39:43 UTC (rev 53899) +++ firebird/trunk/src/include/gen/msgs.h 2012-01-20 10:23:31 UTC (rev 53900) @@ -734,6 +734,7 @@ {335545027, "External BLR message mismatch: length = @1, expected @2"}, /* ee_blr_mismatch_length */ {335545028, "Subscript @1 out of bounds [@2, @3]"}, /* ss_out_of_bounds */ {335545029, "Install incomplete, please read chapter \"Initializing security database\" in Quick Start Guide"}, /* missing_data_structures */ + {335545030, "@1 operation is not allowed for system table @2"}, /* protect_sys_tab */ {335740929, "data base file name (@1) already given"}, /* gfix_db_name */ {335740930, "invalid switch @1"}, /* gfix_invalid_sw */ {335740932, "incompatible switch combination"}, /* gfix_incmp_sw */ Modified: firebird/trunk/src/include/gen/sql_code.h =================================================================== --- firebird/trunk/src/include/gen/sql_code.h 2012-01-20 03:39:43 UTC (rev 53899) +++ firebird/trunk/src/include/gen/sql_code.h 2012-01-20 10:23:31 UTC (rev 53900) @@ -730,6 +730,7 @@ {335545027, -901}, /* 707 ee_blr_mismatch_length */ {335545028, -406}, /* 708 ss_out_of_bounds */ {335545029, -902}, /* 709 missing_data_structures */ + {335545030, -902}, /* 710 protect_sys_tab */ {335740929, -901}, /* 1 gfix_db_name */ {335740930, -901}, /* 2 gfix_invalid_sw */ {335740932, -901}, /* 4 gfix_incmp_sw */ Modified: firebird/trunk/src/include/gen/sql_state.h =================================================================== --- firebird/trunk/src/include/gen/sql_state.h 2012-01-20 03:39:43 UTC (rev 53899) +++ firebird/trunk/src/include/gen/sql_state.h 2012-01-20 10:23:31 UTC (rev 53900) @@ -730,6 +730,7 @@ {335545027, "42000"}, // 707 ee_blr_mismatch_length {335545028, "42000"}, // 708 ss_out_of_bounds {335545029, "28000"}, // 709 missing_data_structures + {335545030, "42000"}, // 710 protect_sys_tab {335740929, "00000"}, // 1 gfix_db_name {335740930, "00000"}, // 2 gfix_invalid_sw {335740932, "00000"}, // 4 gfix_incmp_sw Modified: firebird/trunk/src/jrd/vio.cpp =================================================================== --- firebird/trunk/src/jrd/vio.cpp 2012-01-20 03:39:43 UTC (rev 53899) +++ firebird/trunk/src/jrd/vio.cpp 2012-01-20 10:23:31 UTC (rev 53900) @@ -132,6 +132,7 @@ static int prepare_update(thread_db*, jrd_tra*, SLONG, record_param*, record_param*, record_param*, PageStack&, bool); +static void protect_system_table(thread_db*, const jrd_rel*, const char*, bool = false); static void purge(thread_db*, record_param*); static Record* replace_gc_record(jrd_rel*, Record**, USHORT); static void replace_record(thread_db*, record_param*, PageStack*, const jrd_tra*); @@ -1327,6 +1328,10 @@ switch ((RIDS) relation->rel_id) { + case rel_database: + protect_system_table(tdbb, relation, "DELETE", true); + break; + case rel_relations: if (EVL_field(0, rpb->rpb_record, f_rel_name, &desc)) { @@ -5260,6 +5265,38 @@ } +static void protect_system_table(thread_db* tdbb, + const jrd_rel* relation, + const char* operation, + bool force_flag) +{ +/************************************** + * + * p r o t e c t _ s y s t e m _ t a b l e + * + ************************************** + * + * Functional description + * Disallow modifications on system tables for everyone except + * the GBAK restore process and internal (system) requests used + * by the engine itself. + * + **************************************/ + const Attachment* const attachment = tdbb->getAttachment(); + const jrd_req* const request = tdbb->getRequest(); + + if (force_flag || + (!(attachment->att_flags & ATT_gbak_attachment) && + !(request->getStatement()->flags & JrdStatement::FLAG_INTERNAL))) + { + fb_assert(relation->rel_flags & REL_scanned); + + status_exception::raise(Arg::Gds(isc_protect_sys_tab) << + Arg::Str(operation) << Arg::Str(relation->rel_name)); + } +} + + static void purge(thread_db* tdbb, record_param* rpb) { /************************************** Modified: firebird/trunk/src/msgs/facilities2.sql =================================================================== --- firebird/trunk/src/msgs/facilities2.sql 2012-01-20 03:39:43 UTC (rev 53899) +++ firebird/trunk/src/msgs/facilities2.sql 2012-01-20 10:23:31 UTC (rev 53900) @@ -1,7 +1,7 @@ /* MAX_NUMBER is the next number to be used, always one more than the highest message number. */ set bulk_insert INSERT INTO FACILITIES (LAST_CHANGE, FACILITY, FAC_CODE, MAX_NUMBER) VALUES (?, ?, ?, ?); -- -('2011-12-22 18:36:31', 'JRD', 0, 710) +('2012-01-20 11:48:31', 'JRD', 0, 711) ('2012-01-19 04:56:37', 'QLI', 1, 532) ('2009-07-16 05:26:11', 'GFIX', 3, 121) ('1996-11-07 13:39:40', 'GPRE', 4, 1) Modified: firebird/trunk/src/msgs/messages2.sql =================================================================== --- firebird/trunk/src/msgs/messages2.sql 2012-01-20 03:39:43 UTC (rev 53899) +++ firebird/trunk/src/msgs/messages2.sql 2012-01-20 10:23:31 UTC (rev 53900) @@ -817,6 +817,7 @@ ('ee_blr_mismatch_length', NULL, 'met.epp', NULL, 0, 707, NULL, 'External BLR message mismatch: length = @1, expected @2', NULL, NULL) ('ss_out_of_bounds', NULL, 'sdl.cpp', NULL, 0, 708, NULL, 'Subscript @1 out of bounds [@2, @3]', NULL, NULL) ('missing_data_structures', NULL, 'server.cpp', NULL, 0, 709, NULL, 'Install incomplete, please read chapter "Initializing security database" in Quick Start Guide', NULL, NULL) +('protect_sys_tab', NULL, 'vio.cpp', NULL, 0, 710, NULL, '@1 operation is not allowed for system table @2', NULL, NULL) -- QLI (NULL, NULL, NULL, NULL, 1, 0, NULL, 'expected type', NULL, NULL); (NULL, NULL, NULL, NULL, 1, 1, NULL, 'bad block type', NULL, NULL); Modified: firebird/trunk/src/msgs/system_errors2.sql =================================================================== --- firebird/trunk/src/msgs/system_errors2.sql 2012-01-20 03:39:43 UTC (rev 53899) +++ firebird/trunk/src/msgs/system_errors2.sql 2012-01-20 10:23:31 UTC (rev 53900) @@ -715,6 +715,7 @@ (-901, '42', '000', 0, 707, 'ee_blr_mismatch_length', NULL, NULL) (-406, '42', '000', 0, 708, 'ss_out_of_bounds', NULL, NULL) (-902, '28', '000', 0, 709, 'missing_data_structures', NULL, NULL) +(-902, '42', '000', 0, 710, 'protect_sys_tab', NULL, NULL) -- GFIX (-901, '00', '000', 3, 1, 'gfix_db_name', NULL, NULL) (-901, '00', '000', 3, 2, 'gfix_invalid_sw', NULL, NULL) This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |