Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fbsvcmgr action_add_user creates user with EMPTY login when its (double-quoted) name starts with TWO apostrophes [CORE5072] #5359

Closed
firebird-automations opened this issue Jan 10, 2016 · 11 comments
Closed

fbsvcmgr action_add_user creates user with EMPTY login when its (double-quoted) name starts with TWO apostrophes [CORE5072] #5359

firebird-automations opened this issue Jan 10, 2016 · 11 comments
Assignees
@AlexPeshkoff
Labels
affect-version: 3.0 RC1 component: svcmgr priority: major resolution: wontfix type: bug

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: @pavel-zotov

Attachments:
add-user-starting-with-double-quotes-using-fb_services-vs-using-isql-create-command.log.zip
a.zip

command #⁠1:

fbsvcmgr localhost:service_mgr user sysdba password masterkey action_add_user dbname C:\MIX\firebird\fb30\security3.fdb sec_password 1 sec_username "''foo1"

output: empty, i.e. all OK (fingers crossed... :))

command #⁠2:

fbsvcmgr localhost:service_mgr user sysdba password masterkey action_add_user dbname C:\MIX\firebird\fb30\security3.fdb sec_password 1 sec_username "''foo2"

STDERR:

When user_mgr = Legacy:
-violation of PRIMARY or UNIQUE KEY constraint "INTEG_2" on table "PLG$USERS"
-Problematic key value is ("PLG$USER_NAME" = '')

When user_mgr = Srp:
An error occurred while attempting to add the user.
-violation of PRIMARY or UNIQUE KEY constraint "INTEG_5" on table "PLG$SRP"
-Problematic key value is ("PLG$USER_NAME" = '')

command #⁠3:

echo drop user "''foo1"; | isql /:e30

STDERR (for both Legacy and Srp):

Statement failed, SQLSTATE = HY000
record not found for user: ''foo1

command #⁠4:

echo set count on; set width uname 10; select row_number()over(), sec$user_name uname, char_length(trim(sec$user_name)) from sec$users; | isql /:e30

STDOUT (for both Legacy and Srp):

ROW_NUMBER UNAME CHAR_LENGTH
========== ========== ============
1 SYSDBA 6
2 0
Records affected: 2

#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠

No such trouble when above mentioned is done in ISQL, for both user_mgr = Srp and Legacy:

C:\MIX\firebird\QA\fbt-repo>isql /:e30
Database: /:e30, User: SYSDBA
SQL> create or alter user "''foo1" password '1';
SQL> create or alter user "''foo2" password '1';
SQL> commit;
SQL> show users;
Users in the database
0 ''foo1 0 ''foo2
1 #⁠SYSDBA
SQL> set count on; set width uname 10; select row_number()over(), sec$user_name uname, char_length(trim(sec$user_name)) from sec$users;

       ROW\_NUMBER UNAME       CHAR\_LENGTH

===================== ========== ============
1 SYSDBA 6
2 ''foo1 6
3 ''foo2 6

Records affected: 3
SQL> drop user "''foo1";
SQL> drop user "''foo2";
SQL> exit;

PS. WI-V3.0.0.32268
@firebird-automations
Copy link
Collaborator Author

Commented by: @pavel-zotov

One more sample: now login starts with two DOUBLE quotes (and is enclosed in one else d.q. itself :)).
Consider following batch:

@Rem -------------------------- Add user using SERVICES -----------------

fbsvcmgr localhost:service_mgr user sysdba password masterkey action_add_user dbname C:\MIX\firebird\fb30\security3.fdb sec_username """fsvc_1" sec_password 1
fbsvcmgr localhost:service_mgr user sysdba password masterkey action_add_user dbname C:\MIX\firebird\fb30\security3.fdb sec_username """fsvc_2" sec_password 1

fbsvcmgr localhost:service_mgr user sysdba password masterkey action_add_user dbname C:\MIX\firebird\fb30\security3.fdb sec_username "fsvc_1" sec_password 1
fbsvcmgr localhost:service_mgr user sysdba password masterkey action_add_user dbname C:\MIX\firebird\fb30\security3.fdb sec_username "fsvc_2" sec_password 1

echo set count on; set width uname 31; ^
select row_number()over(), sec$user_name uname, char_length(trim(sec$user_name)) ^
from sec$users where sec$user_name containing 'fsvc_'; | isql /:e30

fbsvcmgr localhost:service_mgr user sysdba password masterkey action_display_user dbname C:\MIX\firebird\fb30\security3.fdb sec_username """fsvc_1"
fbsvcmgr localhost:service_mgr user sysdba password masterkey action_display_user dbname C:\MIX\firebird\fb30\security3.fdb sec_username """fsvc_2"

fbsvcmgr localhost:service_mgr user sysdba password masterkey action_display_user dbname C:\MIX\firebird\fb30\security3.fdb sec_username "fsvc_1"
fbsvcmgr localhost:service_mgr user sysdba password masterkey action_display_user dbname C:\MIX\firebird\fb30\security3.fdb sec_username "fsvc_2"

@Rem -------------------------- Add user using ISQL cmd -----------------

echo create user """isql_1" password '1'; | isql /3333:e30
echo create user "isql_1" password '1'; | isql /3333:e30

echo create user """isql_2" password '1'; | isql /3333:e30
echo create user "isql_2" password '1'; | isql /3333:e30

echo set count on; set width uname 31; ^
select row_number()over(), sec$user_name uname, char_length(trim(sec$user_name)) ^
from sec$users where sec$user_name containing 'isql_'; | isql /:e30

Its output please see in attached .zip.

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

Attachment: add-user-starting-with-double-quotes-using-fb_services-vs-using-isql-create-command.log.zip [ 12869 ]

@firebird-automations
Copy link
Collaborator Author

Commented by: @pavel-zotov

And for dessert:

case-1:
#⁠#⁠#⁠#⁠#⁠#⁠

fbsvcmgr localhost/3333:service_mgr user sysdba password masterkey action_add_user dbname C:\MIX\firebird\fb30\security3.fdb sec_password 123 sec_username "qwe""%\a"

C:\MIX\firebird\QA\fbt-repo\tmp>echo show users; | isql localhost/3333:e30
Users in the database
0 QWE"%\A 1 #⁠SYSDBA

-- here all fine (if not pay attention UPPERCASE of resulting characters; creating user by ISQL command will store this login with exact matching).

case-2:
#⁠#⁠#⁠#⁠#⁠#⁠

fbsvcmgr localhost/3333:service_mgr user sysdba password masterkey action_add_user dbname C:\MIX\firebird\fb30\security3.fdb sec_password 123 sec_username "qwe""%\"

C:\MIX\firebird\QA\fbt-repo\tmp>echo show users; | isql localhost/3333:e30
Users in the database
0 QWE"%" 1 #⁠SYSDBA

Where is trailing back-slash ? ( original login is: qwe""%\ -- without enclosing d.q.)
Why login contains now TWO double quote characters ? (second `"` is last byte of login; from where it appeared ?)
Why percent sign has "moved" between two double quotes ?

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

assignee: Alexander Peshkov [ alexpeshkoff ]

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

Pavel!
Please try to use this small echo program for windows (in a.zip) to see what gets into C/C++ routine when you type too many quotes in command line.
Also take into an account that services use gsec utility to manage users. And that gsec has very limited parser of quoted strings (being legacy intebase utility).
I suppose that after taking all that into consideration you would like to close this ticket as "Won't fix" yourself.

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

Attachment: a.zip [ 12886 ]

@firebird-automations
Copy link
Collaborator Author

Commented by: @pavel-zotov

Alex,

1) was this .exe created for 64 bit Windows ?
2) samples with logins that are shown above was found by script that did generate them on random basis. Am I correct that all such 'random-generated' logins must be specified WITHOUT single or double quotes ion order to avoid such problems ? If yes, this should be explicitly reflected in doc, IMO.

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

1. file ec.exe
ec.exe: PE32 executable (console) Intel 80386, for MS Windows

2, An issue with quotes is not firebird issue, it's primarily OS documented behavior. What about cases when gsec is using 'original' way to work with quoted identifiers I see no big reason to document it - utility is already deprecated and we have documented that we recommend to use SQL to manage users. gsec & services are just for backward compatibility, and it's behavior re quotes did not change in fb3.

@firebird-automations
Copy link
Collaborator Author

Commented by: @pavel-zotov

> services use gsec utility to manage users. And that gsec has very limited parser of quoted strings (being legacy intebase utility).
Yes, you're right: ticket can be closed with resolution "Won't fix".

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Won't Fix [ 2 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

status: Resolved [ 5 ] => Closed [ 6 ]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AlexPeshkoff AlexPeshkoff

Labels
affect-version: 3.0 RC1 component: svcmgr priority: major resolution: wontfix type: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AlexPeshkoff @firebird-automations