Added support for system privileges

Author: AlexPeshkoff

doc/sql.extensions/README.builtin_functions.txt

@@ -681,6 +681,21 @@ Example:
     select * from x order by rand();
 
 
+--------------------
+RDB$SYSTEM_PRIVILEGE
+--------------------
+
+(FB4 extension)
+Function:
+    Returns true if current attachment has given system privilege.
+
+Format:
+    RDB$SYSTEM_PRIVILEGE( <privilege> )
+
+Example:
+	select rdb$system_privilege(user_management) from rdb$database;
+
+
 -------
 REPLACE
 -------

doc/sql.extensions/README.ddl.txt

@@ -509,3 +509,61 @@ ignoring it).
 ALTER DATABASE DECRYPT
 
 Decrypts database.
+
+
+21) New clauses in CREATE and ALTER role operators.
+(Alex Peshkov)
+
+Provide support for system privileges. One can:
+
+CREATE ROLE <name> SET SYSTEM PRIVILEGES TO <privilege1> {, <privilege2> {, ...  <privilegeN> }}
+ALTER ROLE <name> SET SYSTEM PRIVILEGES TO <privilege1> {, <privilege2> {, ...  <privilegeN> }}
+
+This forms assign non-empty list of system privileges to role <name>. Privileges previously assigned
+to role <name> are cleared when using second form.
+
+ALTER ROLE <name> DROP SYSTEM PRIVILEGES
+
+This form clears list of system privileges in role <name>.
+
+System privileges make it possible to delegate part of DBO rights to other users.
+Pay attention taht system privileges provide very thin level of control, therefore sometimes
+you will need to give user >1 privilege to perform some task (for example add
+IGNORE_DB_TRIGGERS to USE_GSTAT_UTILITY cause gstat wants to ignore database triggers).
+
+List of valid system privileges for FB4 is as follows:
+USER_MANAGEMENT					Manage users
+READ_RAW_PAGES					Read pages in raw format using Attachment::getInfo()
+CREATE_USER_TYPES				Add/change/delete non-system records in RDB$TYPES
+USE_NBACKUP_UTILITY				Use nbackup to create database's copies
+CHANGE_SHUTDOWN_MODE			Shutdown DB and bring online
+TRACE_ANY_ATTACHMENT			Trace other users' attachments
+MONITOR_ANY_ATTACHMENT			Monitor (tables MON$) other users' attachments
+ACCESS_SHUTDOWN_DATABASE		Access database when it's shut down
+CREATE_DATABASE					Create new databases (given in security.db)
+DROP_DATABASE					Drop this database
+USE_GBAK_UTILITY				Use appropriate utility
+USE_GSTAT_UTILITY				...
+USE_GFIX_UTILITY				...
+IGNORE_DB_TRIGGERS				Insruct engine not to run DB-level triggers
+CHANGE_HEADER_SETTINGS			Modify parameters in DB header page
+SELECT_ANY_OBJECT_IN_DATABASE	Use SELECT for any selectable object
+ACCESS_ANY_OBJECT_IN_DATABASE	Access (in any possible way) any object
+MODIFY_ANY_OBJECT_IN_DATABASE	Modify (up to drop) any object
+CHANGE_MAPPING_RULES			Change authentication mappings
+USE_GRANTED_BY_CLAUSE			Use GRANTED BY in GRANT and REVOKE operators
+GRANT_REVOKE_ON_ANY_OBJECT		GRANT and REVOKE rights on any object in database
+GRANT_REVOKE_ANY_DDL_RIGHT		GRANT and REVOKE any DDL rights
+CREATE_PRIVILEGED_ROLES			Use SET SYSTEM PRIVILEGES in roles
+
+
+22) New grantee type in GRANT and REVOKE operators - SYSTEM PRIVILEGE.
+(Alex Peshkov)
+
+With support for various system privileges in engine it's getting very convenient to grant some
+rights to users already having specific system privilege. Therefore appropriate grantee type is
+suppoprted now. Example:
+
+GRANT ALL ON PLG$SRP_VIEW TO SYSTEM PRIVILEGE USER_MANAGEMENT
+
+Grants all rights to view (used in SRP management plugin) to users having USER_MANAGEMENT privilege.

lang_helpers/gds_codes.ftn

@@ -1632,6 +1632,10 @@ C --
       PARAMETER (GDS__encrypt_error                    = 335545109)
       INTEGER*4 GDS__max_idx_depth                   
       PARAMETER (GDS__max_idx_depth                    = 335545110)
+      INTEGER*4 GDS__wrong_prvlg                     
+      PARAMETER (GDS__wrong_prvlg                      = 335545111)
+      INTEGER*4 GDS__miss_prvlg                      
+      PARAMETER (GDS__miss_prvlg                       = 335545112)
       INTEGER*4 GDS__gfix_db_name                    
       PARAMETER (GDS__gfix_db_name                     = 335740929)
       INTEGER*4 GDS__gfix_invalid_sw                 

lang_helpers/gds_codes.pas

@@ -1627,6 +1627,10 @@
 	gds_encrypt_error                    = 335545109;
 	isc_max_idx_depth                    = 335545110;
 	gds_max_idx_depth                    = 335545110;
+	isc_wrong_prvlg                      = 335545111;
+	gds_wrong_prvlg                      = 335545111;
+	isc_miss_prvlg                       = 335545112;
+	gds_miss_prvlg                       = 335545112;
 	isc_gfix_db_name                     = 335740929;
 	gds_gfix_db_name                     = 335740929;
 	isc_gfix_invalid_sw                  = 335740930;

src/auth/SecureRemotePassword/manage/SrpManagement.cpp

@@ -87,16 +87,18 @@ class SrpManagement FB_FINAL : public Firebird::StdPlugin<Firebird::IManagementI
 			"CREATE VIEW PLG$SRP_VIEW AS "
 			"SELECT PLG$USER_NAME, PLG$VERIFIER, PLG$SALT, PLG$COMMENT, "
 			"   PLG$FIRST, PLG$MIDDLE, PLG$LAST, PLG$ATTRIBUTES, PLG$ACTIVE "
-			"FROM PLG$SRP WHERE CURRENT_USER = 'SYSDBA' "
-			"   OR CURRENT_ROLE = '" ADMIN_ROLE "' OR CURRENT_USER = PLG$SRP.PLG$USER_NAME"
+			"FROM PLG$SRP WHERE RDB$SYSTEM_PRIVILEGE(USER_MANAGEMENT) "
+			"   OR CURRENT_USER = PLG$SRP.PLG$USER_NAME"
 			,
-			"GRANT ALL ON PLG$SRP to VIEW PLG$SRP_VIEW"
+			"GRANT ALL ON PLG$SRP TO VIEW PLG$SRP_VIEW"
 			,
-			"GRANT SELECT ON PLG$SRP_VIEW to PUBLIC"
+			"GRANT SELECT ON PLG$SRP_VIEW TO PUBLIC"
 			,
 			"GRANT UPDATE(PLG$VERIFIER, PLG$SALT, PLG$FIRST, PLG$MIDDLE, PLG$LAST, "
 			"   PLG$COMMENT, PLG$ATTRIBUTES) ON PLG$SRP_VIEW TO PUBLIC"
 			,
+			"GRANT ALL ON PLG$SRP_VIEW TO SYSTEM PRIVILEGE USER_MANAGEMENT"
+			,
 			NULL
 		};
 
@@ -106,10 +108,18 @@ class SrpManagement FB_FINAL : public Firebird::StdPlugin<Firebird::IManagementI
 
 		try
 		{
-			for (const char** sql = script; *sql; ++sql)
+			for (const char** s = script; *s; ++s)
 			{
-				att->execute(&statusWrapper, ddlTran, 0, *sql, SQL_DIALECT_V6, NULL, NULL, NULL, NULL);
-				check(&statusWrapper);
+				const char* sql = *s;
+				bool err = false;
+				if (sql[0] == '*')
+				{
+					++sql;
+					err = true;
+				}
+				att->execute(&statusWrapper, ddlTran, 0, sql, SQL_DIALECT_V6, NULL, NULL, NULL, NULL);
+				if (!err)
+					check(&statusWrapper);
 			}
 
 			ddlTran->commit(&statusWrapper);

src/auth/SecureRemotePassword/server/SrpServer.cpp

@@ -132,7 +132,7 @@ int SrpServer::authenticate(CheckStatusWrapper* status, IServerBlock* sb, IWrite
 			{
 				ClumpletWriter dpb(ClumpletReader::dpbList, MAX_DPB_SIZE);
 				dpb.insertByte(isc_dpb_sec_attach, TRUE);
-				dpb.insertString(isc_dpb_user_name, SYSDBA_USER_NAME, fb_strlen(SYSDBA_USER_NAME));
+				dpb.insertString(isc_dpb_user_name, DBA_USER_NAME, fb_strlen(DBA_USER_NAME));
 				const char* providers = "Providers=" CURRENT_ENGINE;
 				dpb.insertString(isc_dpb_config, providers, fb_strlen(providers));
 				att = p->attachDatabase(status, secDbName, dpb.getBufferLength(), dpb.getBuffer());

src/auth/SecurityDatabase/LegacyManagement.epp

@@ -508,7 +508,7 @@ int SecurityDatabaseManagement::execute(Firebird::CheckStatusWrapper* st, Firebi
 
 			found = false;
 			// Do not allow SYSDBA user to be deleted
-			if (!fb_utils::stricmp(user->userName()->get(), SYSDBA_USER_NAME))
+			if (!fb_utils::stricmp(user->userName()->get(), DBA_USER_NAME))
 				ret = GsecMsg23;
 			else
 			{

src/auth/SecurityDatabase/LegacyServer.cpp

@@ -289,7 +289,7 @@ void SecurityDatabase::prepare()
 	dpb.insertByte(isc_dpb_sec_attach, TRUE);
 
 	// Attach as SYSDBA
-	dpb.insertString(isc_dpb_trusted_auth, SYSDBA_USER_NAME, fb_strlen(SYSDBA_USER_NAME));
+	dpb.insertString(isc_dpb_trusted_auth, DBA_USER_NAME, fb_strlen(DBA_USER_NAME));
 
 	// Do not use other providers except current engine
 	const char* providers = "Providers=" CURRENT_ENGINE;

src/burp/backup.epp

@@ -4037,6 +4037,12 @@ void write_sql_roles()
 			if (!X.RDB$DESCRIPTION.NULL) {
 				put_source_blob (att_role_description, att_role_description, X.RDB$DESCRIPTION);
 			}
+
+			const UCHAR ll = sizeof(X.RDB$SYSTEM_PRIVILEGES);
+			put(tdgbl, att_role_sys_priveleges);
+			put(tdgbl, ll);
+			put_block(tdgbl, (const UCHAR*) (X.RDB$SYSTEM_PRIVILEGES), ll);
+
 			put(tdgbl, att_end);
 			MISC_terminate (X.RDB$ROLE_NAME, temp, l, sizeof(temp));
 			BURP_verbose (249, temp);

src/burp/burp.h

@@ -566,6 +566,7 @@ enum att_type {
 	att_role_name = SERIES,
 	att_role_owner_name,
 	att_role_description,
+	att_role_sys_priveleges,
 
 	// Check constraints attributes
 	att_chk_constraint_name = SERIES,

src/burp/restore.epp

@@ -7769,6 +7769,18 @@ bool get_sql_roles(BurpGlobals* tdgbl)
 						bad_attribute(scan_next_attr, attribute, 250);
 				    break;
 
+				case att_role_sys_priveleges:
+					{
+						const ULONG l = get(tdgbl);
+						if (l > sizeof(X.RDB$SYSTEM_PRIVILEGES))
+							BURP_error_redirect (NULL, 46);
+							// msg 46 string truncated
+
+						if (l)
+							get_block(tdgbl, (UCHAR*) (X.RDB$SYSTEM_PRIVILEGES), l);
+					}
+					break;
+
 				default:
 					// msg 250 SQL role
 					bad_attribute(scan_next_attr, attribute, 250);

src/common/classes/MetaName.h

@@ -81,6 +81,9 @@ class MetaName
 	bool isEmpty() const { return count == 0; }
 	bool hasData() const { return count != 0; }
 
+	char& operator[](unsigned n) { return data[n]; }
+	char operator[](unsigned n) const { return data[n]; }
+
 	const char* begin() const { return data; }
 	const char* end() const { return data + count; }