Issue Details (XML | Word | Printable)

Key: CORE-4766
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Vlad Khorsun
Reporter: Pavel Zotov
Votes: 0
Watchers: 1
Operations

If you were logged in you would be able to see more operations.
Firebird Core

AV when trying to manage users list using EXECUTE STATEMENT on behalf of non-sysdba user which has RDB$ADMIN role

Created: 21/Apr/15 02:21 PM   Updated: 23/Sep/15 11:34 AM
Component/s: None
Affects Version/s: None
Fix Version/s: 3.0 Beta 2

File Attachments: 1. Zip Archive av-when-trying-to-manage-users-list-using-es-on-behalf-of-non-sysdba-user-with-rdbadmin-role.zip (189 kB)


QA Status: Done with caveats
Test Details:
Note-1. Name of table in STDERR depends on value of UserManager = { Srp | Legacy_UserManager }.
For 'Srp' it will be 'PLG$SRP_VIEW', for Legacy_UserManager -- PLG$VIEW_USERS.
Because of this, section 'substitution' has been added in order to ignore rest part of line
after words 'TABLE PLG'.

Note-2. User 'boss' is NOT granted with 'RDB$ADMIN' role, only clause "grant admin" present for him
in the creating statement, so all his attempts to create/drop another user will be FAILED.
Before snapshot 31807 3rd such fail lead FB to crash (AV).
Test Specifics: Custom configuration required


 Description  « Hide
Consider the following script:

    set list on;

    show version;
    select mon$user,mon$remote_protocol,mon$auth_method from mon$attachments where mon$attachment_id=current_connection;
    commit;

    set echo on;
    drop user boss;
    drop user ozzy;
    commit;
    create user boss password '123' grant admin role;
    commit;
    
    select u.sec$user_name, u.sec$plugin, u.sec$admin from sec$users u where u.sec$user_name='BOSS';

    set term ^;
    execute block as
    begin
        execute statement 'create user ozzy password ''456'''
        as user 'BOSS' password '123' role 'RDB$ADMIN';
    end
    ^
    set term ;^
    commit;

    -- EXIT; ------------------------------- [ 1 ]
    
    select u.sec$user_name, sec$plugin, u.sec$admin
    from sec$users u
    where u.sec$user_name = upper('ozzy');

    set term ^;
    execute block as
    begin
        execute statement 'drop user ozzy'
        as user 'BOSS' password '123' role 'RDB$ADMIN';
    end
    ^
    set term ;^
    commit;


    drop user boss;
    commit;

CASE-1.
#######
When this script is running untill to commented '-- EXIT; --------- [ 1 ]' statement (i.e. when it is uncommented) FB will crash and firebird.log will contain:
===
CSPROG Tue Apr 21 16:38:17 2015
Shutting down the server with 2 active connection(s) to 1 database(s), 0 active service(s)


CSPROG Tue Apr 21 16:38:17 2015
INET/inet_error: read errno = 10054


CSPROG Tue Apr 21 16:38:17 2015
REMOTE INTERFACE/gds__detach: Unsuccesful detach from database.
Uncommitted work may have been lost.
Error writing data to the connection.
===

CASE-2.
#######
When the statement '-- EXIT;' will be COMMENTED firebird.log will contain:
===
CSPROG Tue Apr 21 16:40:36 2015
Access violation.
The code attempted to access a virtual
address without privilege to do so.
This exception will cause the Firebird server
to terminate abnormally.


CSPROG Tue Apr 21 16:41:01 2015
Shutting down the server with 2 active connection(s) to 1 database(s), 0 active service(s)


CSPROG Tue Apr 21 16:41:02 2015
INET/inet_error: read errno = 10054


CSPROG Tue Apr 21 16:41:02 2015
REMOTE INTERFACE/gds__detach: Unsuccesful detach from database.
Uncommitted work may have been lost.
Error writing data to the connection.
===

(and I can`t understand why AV message appear FIRST in this case).

Attached files (logs, firebird.conf, windows error related files):
1) in the folder "1-logs-when-only-add-user" -- what occurs for mentioned above case-1
2) in the folder "2-logs-when-add-and-drop-user " -- what occurs for mentioned above case-2

WI-T3.0.0.31801, got on SuperServer and SuperClassic.

firebird.conf:
===
RemoteServicePort = 3333
DefaultDbCachePages = 8192

LockHashSlots = 22111
TempCacheLimit = 2147483647

MaxUnflushedWrites = -1
MaxUnflushedWriteTime = -1

TempDirectories = c:\temp
MaxUserTraceLogSize = 99999

FileSystemCacheThreshold = 65536K
AuthServer = Srp,Legacy_Auth
AuthClient = Srp,Legacy_Auth,Win_Sspi
WireCrypt = Disabled
UserManager = Srp

BugcheckAbort = 1
===

 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
There are no comments yet on this issue.