Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEC$USERS table is unavailable in case of any error in any configured user manager plugin [CORE4969] #5260

Closed
firebird-automations opened this issue Oct 20, 2015 · 5 comments

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: @sim1984

Create database with standard Security Database. Then assign it as the Security Database itself.

test = d:\fb\fb30\data\test.fdb
{
DefaultDbCachePages = 8K
TempCacheLimit = 512M
SecurityDatabase = test
WireCrypt = Enabled
AuthServer = Legacy_Auth
UserManager = Legacy_UserManager
}

And we are trying to initialize the SYSDBA.

Use CONNECT or CREATE DATABASE to specify a database
SQL> connect test user sysdba;
Database: test, User: SYSDBA
SQL> create user sysdba password 'masterkey';
Statement failed, SQLSTATE = 42S02
add record error
-table PLG$VIEW_USERS is not defined
SQL>

OK. Change configuration

test = d:\fb\fb30\data\test.fdb
{
DefaultDbCachePages = 8K
TempCacheLimit = 512M
SecurityDatabase = test
WireCrypt = Enabled
AuthServer = Srp, Legacy_Auth
UserManager = Srp, Legacy_UserManager
}

Use CONNECT or CREATE DATABASE to specify a database
SQL> connect test user sysdba;
Database: test, User: SYSDBA
SQL> create user sysdba password 'masterkey';
SQL> exit;

Trying to connect

Use CONNECT or CREATE DATABASE to specify a database
SQL> connect 'localhost:test' user sysdba password 'masterkey';
Database: 'localhost:test', User: SYSDBA
SQL> set list on;
SQL> select * from sec$users;

Statement failed, SQLSTATE = 42S02
find/display record error
-table PLG$VIEW_USERS is not defined
SQL>

Apparently table PLG$USERS and view PLG$VIEW_USERS are predefined in security3.fdb, but are not automatically created when initializing sysdba with Legacy_UserManager.
In addition, we have a side effect - the unavailability SEC$USERS.

Commits: 3434d0a FirebirdSQL/fbt-repository@5f28330

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

assignee: Alexander Peshkov [ alexpeshkoff ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

Fix Version: 3.0.0 [ 10048 ]

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

The only bug here is mentioned in the end side effect - unavailability of SEC$USERS.

Legacy plugin is extremely unsecure and should not be uses with new security databases. The only reason why it was kept is to simplify migration from previous firebird versions (including use of old client) for people who do not care about security. Certainly, everyone is free to create appropriate table and view in new security database manually, and use legacy plugin, but that is not recommended and will not be automated.

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

summary: Table PLG$USERS and view PLG$VIEW_USERS are not created automatically when you create a SYSDBA with Legacy_UserManager => SEC$USERS table is unavailable in case of any error in any configured user manager plugin

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants