Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Long ACLs truncated [CORE1957] #2395

Closed
firebird-automations opened this issue Jun 24, 2008 · 19 comments
Closed

Long ACLs truncated [CORE1957] #2395

firebird-automations opened this issue Jun 24, 2008 · 19 comments

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: @AlexPeshkoff

Is related to CORE216
Relate to CORE2223

Votes: 1

This was reported to me privately by Paul Beach.

The grant.epp code turns out to have a couple of bugs that
interact badly with ib_replicator. The replicator grants
privileges on the replication log table to triggers it
generates for each table to be replicated. The result is
long ACLs - both lots of entries and relatively long (>20
character) names.

The original bug, present in all versions of Firebird
is in save_security_class:

blob = BLB_create(tdbb, dbb->dbb_sys_trans, (BID)&blob_id);
BLB_put_segment(tdbb, blob, buffer, length);
BLB_close(tdbb, blob);

BLB_put_segment takes an unsigned short for the length. As a
result, the ACL is limited to 64Kb, or about 2600 entries if
the average user name is about 20 bytes. An ACL is stored
in order by the type of object being granted rights - people,
then views, then triggers, procedures, and finally roles,
with lots of other stuff (uid, gid, node id) scattered around
for historical accuracy. What that means is that a GRANT ALL
TO PUBLIC will ordinarily fix all grant problems.

The code that builds the ACL originally used the normal pool
allocation mechanism which uses a ULONG to describe the amount
of memory it wants. In version 1.5 ACL is stored in the string class.
That class has a unsigned short length, also limiting ACL's length.

Commits: 7ba8a6f 91ad4a7 fb26565 aeba7e6

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

assignee: Alexander Peshkov [ alexpeshkoff ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Open [ 1 ]

Fix Version: 2.5 Beta 1 [ 10251 ]

Fix Version: 2.1.2 [ 10270 ]

Fix Version: 1.5.6 [ 10225 ]

Fix Version: 2.0.5 [ 10222 ]

@firebird-automations
Copy link
Collaborator Author

Commented by: @dyemanov

Isn't it the same as CORE216?

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

Very possible, but I've never seen it.
I've assigned it also to me, looks like will close both when fixed.

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

Link: This issue is related to CORE216 [ CORE216 ]

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

Correction - selected first in wrong box

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Open [ 1 ]

Target: 2.5 Beta 1, 2.1.2, 1.5.6, 2.0.5 [ 10251, 10270, 10225, 10222 ]

Fix Version: 2.5 Beta 1 [ 10251 ] =>

Fix Version: 2.1.2 [ 10270 ] =>

Fix Version: 1.5.6 [ 10225 ] =>

Fix Version: 2.0.5 [ 10222 ] =>

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

Fix Version: 2.5 Beta 1 [ 10251 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

Fix Version: 2.1.2 [ 10270 ]

@firebird-automations
Copy link
Collaborator Author

Commented by: @dyemanov

Is this going to be backported into 1.5.6 and 2.0.5, as intended originally?

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

Fix Version: 2.0.5 [ 10222 ]

Fix Version: 1.5.6 [ 10225 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

Target: 2.5 Beta 1, 2.1.2, 1.5.6, 2.0.5 [ 10251, 10270, 10225, 10222 ] => 1.5.6 [ 10225 ]

status: Open [ 1 ] => Open [ 1 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Open [ 1 ]

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

Now ported to all 4 supported branches.

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

Link: This issue relate to CORE2223 [ CORE2223 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pcisar

status: Resolved [ 5 ] => Closed [ 6 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

QA Status: No test

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

status: Closed [ 6 ] => Closed [ 6 ]

QA Status: No test => Cannot be tested

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment