Issue Details (XML | Word | Printable)

Key: CORE-5755
Type: Bug Bug
Status: Resolved Resolved
Resolution: Fixed
Priority: Major Major
Assignee: Roman Simakov
Reporter: Roman Simakov
Votes: 0
Watchers: 2
Operations

If you were logged in you would be able to see more operations.
Firebird Core

No error if the GRANT target object does not exist

Created: 20/Feb/18 12:50 PM   Updated: 04/Jun/18 09:55 AM
Component/s: Engine
Affects Version/s: 4.0 Alpha 1, 3.0.3
Fix Version/s: 3.0.4, 4.0 Beta 1

QA Status: Done with caveats
Test Details:
grant execute on proc|func|package and grant usage on sequence|exception -- still does NOT produce error/warning.



 Description  « Hide
We have no check of existance a subjects of privileges. I.e.
roman:bin$ ./isql
Use CONNECT or CREATE DATABASE to specify a database
SQL> create database 'a';
SQL> create table t(i integer);
SQL> grant select on t to function wrong_func;
SQL> show function wrong_func;
There is no user-defined function WRONG_FUNC in this database

We cannot check of existance user in such case but when we grant privilege to the database object we need to do it.

 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Pavel Zotov added a comment - 03/Jun/18 05:20 AM

set bail on;
recreate table table_test(x int);
create or alter procedure sp_test as begin end;

set term ^;
create or alter function fn_test returns int as
begin
    return cast( rand()*10000 as int );
end
^

create or alter package pkg_test as
begin
    procedure sp_foo;
end
^

recreate package body pkg_test as
begin
    procedure sp_foo as
        declare c int;
    begin
        c = 1;
    end
end
^
set term ;^

recreate sequence g_test;
recreate exception x_test 'foo!';
commit;

set bail off;

grant create table to function wrong_test;
Statement failed, SQLSTATE = 42000
unsuccessful metadata update
-GRANT failed
-Function WRONG_TEST does not exist


grant select on table_test to function wrong_func;
Statement failed, SQLSTATE = 42000
unsuccessful metadata update
-GRANT failed
-Function WRONG_FUNC does not exist


grant execute on procedure sp_test to wrong_func;

grant execute on function fn_test to wrong_func;

grant execute on package pkg_test to wrong_func;

grant usage on sequence g_test to wrong_func;

grant usage on exception x_test to wrong_func;
------------------

1) No error on last 5 statements. Is it OK ?
2) IMO, specifying non-existing target object should produce WARNING rather than ERROR. At least in 3.x which was released more than 2 years ago.

PS. Checked on:

ISQL Version: WI-T4.0.0.998 Firebird 4.0 Alpha 1
Server version:
WI-T4.0.0.998 Firebird 4.0 Alpha 1
WI-T4.0.0.998 Firebird 4.0 Alpha 1/tcp (csprog)/P16
WI-T4.0.0.998 Firebird 4.0 Alpha 1/tcp (csprog)/P16

Roman Simakov added a comment - 04/Jun/18 09:52 AM
> grant usage on exception x_test to wrong_func;
> ------------------
> 1) No error on last 5 statements. Is it OK ?

Yes. In this case wrong_func is not func :) it's non existing user to which it's possible to grant privileges. It was always so and I leave it so.

Roman Simakov added a comment - 04/Jun/18 09:55 AM
> 2) IMO, specifying non-existing target object should produce WARNING rather than ERROR. At least in 3.x which was released more than 2 years ago.

I tend to consider it as security bug and prefer to have an error.