New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fbsvcmgr action_add_user creates user with EMPTY login when its (double-quoted) name starts with TWO apostrophes [CORE5072] #5359
Comments
Commented by: @pavel-zotov One more sample: now login starts with two DOUBLE quotes (and is enclosed in one else d.q. itself :)).
|
Modified by: @pavel-zotovAttachment: add-user-starting-with-double-quotes-using-fb_services-vs-using-isql-create-command.log.zip [ 12869 ] |
Commented by: @pavel-zotov And for dessert: case-1: fbsvcmgr localhost/3333:service_mgr user sysdba password masterkey action_add_user dbname C:\MIX\firebird\fb30\security3.fdb sec_password 123 sec_username "qwe""%\a" C:\MIX\firebird\QA\fbt-repo\tmp>echo show users; | isql localhost/3333:e30 -- here all fine (if not pay attention UPPERCASE of resulting characters; creating user by ISQL command will store this login with exact matching). case-2: fbsvcmgr localhost/3333:service_mgr user sysdba password masterkey action_add_user dbname C:\MIX\firebird\fb30\security3.fdb sec_password 123 sec_username "qwe""%\" C:\MIX\firebird\QA\fbt-repo\tmp>echo show users; | isql localhost/3333:e30 Where is trailing back-slash ? ( original login is: qwe""%\ -- without enclosing d.q.) |
Modified by: @dyemanovassignee: Alexander Peshkov [ alexpeshkoff ] |
Commented by: @AlexPeshkoff Pavel! |
Modified by: @AlexPeshkoffAttachment: a.zip [ 12886 ] |
Commented by: @pavel-zotov Alex, 1) was this .exe created for 64 bit Windows ? |
Commented by: @AlexPeshkoff 1. file ec.exe 2, An issue with quotes is not firebird issue, it's primarily OS documented behavior. What about cases when gsec is using 'original' way to work with quoted identifiers I see no big reason to document it - utility is already deprecated and we have documented that we recommend to use SQL to manage users. gsec & services are just for backward compatibility, and it's behavior re quotes did not change in fb3. |
Commented by: @pavel-zotov > services use gsec utility to manage users. And that gsec has very limited parser of quoted strings (being legacy intebase utility). |
Modified by: @pavel-zotovstatus: Resolved [ 5 ] => Closed [ 6 ] |
Submitted by: @pavel-zotov
Attachments:
add-user-starting-with-double-quotes-using-fb_services-vs-using-isql-create-command.log.zip
a.zip
command #1:
fbsvcmgr localhost:service_mgr user sysdba password masterkey action_add_user dbname C:\MIX\firebird\fb30\security3.fdb sec_password 1 sec_username "''foo1"
output: empty, i.e. all OK (fingers crossed... :))
command #2:
fbsvcmgr localhost:service_mgr user sysdba password masterkey action_add_user dbname C:\MIX\firebird\fb30\security3.fdb sec_password 1 sec_username "''foo2"
STDERR:
When user_mgr = Legacy:
-violation of PRIMARY or UNIQUE KEY constraint "INTEG_2" on table "PLG$USERS"
-Problematic key value is ("PLG$USER_NAME" = '')
When user_mgr = Srp:
An error occurred while attempting to add the user.
-violation of PRIMARY or UNIQUE KEY constraint "INTEG_5" on table "PLG$SRP"
-Problematic key value is ("PLG$USER_NAME" = '')
command #3:
echo drop user "''foo1"; | isql /:e30
STDERR (for both Legacy and Srp):
Statement failed, SQLSTATE = HY000
record not found for user: ''foo1
command #4:
echo set count on; set width uname 10; select row_number()over(), sec$user_name uname, char_length(trim(sec$user_name)) from sec$users; | isql /:e30
STDOUT (for both Legacy and Srp):
ROW_NUMBER UNAME CHAR_LENGTH
========== ========== ============
1 SYSDBA 6
2 0
Records affected: 2
################################################
No such trouble when above mentioned is done in ISQL, for both user_mgr = Srp and Legacy:
C:\MIX\firebird\QA\fbt-repo>isql /:e30
Database: /:e30, User: SYSDBA
SQL> create or alter user "''foo1" password '1';
SQL> create or alter user "''foo2" password '1';
SQL> commit;
SQL> show users;
Users in the database
0 ''foo1 0 ''foo2
1 #SYSDBA
SQL> set count on; set width uname 10; select row_number()over(), sec$user_name uname, char_length(trim(sec$user_name)) from sec$users;
===================== ========== ============
1 SYSDBA 6
2 ''foo1 6
3 ''foo2 6
Records affected: 3
SQL> drop user "''foo1";
SQL> drop user "''foo2";
SQL> exit;
PS. WI-V3.0.0.32268
The text was updated successfully, but these errors were encountered: