New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CREATE DATABASE grant is lost in security.db after backup/restore cycle [CORE6208] #6453
Comments
Modified by: @AlexPeshkoffassignee: Alexander Peshkov [ alexpeshkoff ] |
Modified by: @AlexPeshkoffFix Version: 4.0 Beta 2 [ 10888 ] |
Modified by: @pavel-zotovstatus: Open [ 1 ] => Open [ 1 ] QA Status: No test => Cannot be tested Test Details: Embedded mode required. Could not reproduce using local or remote protocol with restoring to DB that distincts from "security.db". Checked on 3.0.1, 3.0.4, 3.0.5, 4.0.0. Test Specifics: [Architecture (SS/CS) specific] |
Modified by: @pavel-zotovstatus: Open [ 1 ] => Open [ 1 ] QA Status: Cannot be tested => Done with caveats Test Details: Embedded mode required. Could not reproduce using local or remote protocol with restoring to DB that distincts from "security.db". Checked on 3.0.1, 3.0.4, 3.0.5, 4.0.0. => NOTES, for SUPERSERVER and SUPERCLASSIC. Following values of AuthClient: -- force delay to be inserted after point when database is overwritten and before we do connect in order to verity grant. If we skip this delay then connect will fail with:
=====
|
Modified by: @AlexPeshkoffstatus: Open [ 1 ] => Resolved [ 5 ] resolution: Fixed [ 1 ] Fix Version: 3.0.6 [ 10889 ] |
Modified by: @dyemanovsummary: Grant lost in security.db after backup/restore cycle => CREATE DATABASE grant is lost in security.db after backup/restore cycle |
Commented by: Basil A. Sidorov (basid) Before backup: After restore from backup: Grant lost - leave only object name, but lost object type (USER in my case). P.S. |
Modified by: Basil A. Sidorov (basid)Attachment: CORE6208_reopen.zip [ 13476 ] |
Commented by: @AlexPeshkoff Did not reproduce: PS. isql -z |
Commented by: Basil A. Sidorov (basid) echo show grant;|isql -q -user sysdba security.db|findstr -c:"CREATE DATABASE" |
Submitted by: Basil A. Sidorov (basid)
Attachments:
CORE-6208_reopen.zip
Check for 3.0.4.33054, 3.0.5.33208, 4.0.0.1689 on windows.
Step to reproduce (embedded mode).
set ISC_USER=sysdba
isql security.db
create user owner password 'owner';
grant create database to user owner;
commit; exit;
echo show grant;|isql -q security.db|findstr OWNER
GRANT CREATE DATABASE TO USER OWNER
-- all ok: grant present
ren security3.fdb security3.bak
gbak -b security3.bak stdout|gbak -c stdin security.db
echo show grant;|isql -q security.db|findstr OWNER
-- empty output: grant lost
Commits: 8211f7e f47472f c6df8f4 808688a
====== Test Details ======
NOTES, for SUPERSERVER and SUPERCLASSIC.
Following values of AuthClient:
AuthClient = Srp256, Srp, Win_Sspi, Legacy_Auth
or
AuthClient = Legacy_Auth, Srp, Srp256, Win_Sspi
-- force delay to be inserted after point when database is overwritten and before we do connect in order to verity grant.
This delay must be significant: 9s for SS and 11s for SC, at least on Windows 8.1 x64 (cpu 3 GHz, ram 12 gb, no workload from other processes).
If we skip this delay then connect will fail with:
=====
-- and firebird.log will contain:
=====
THE ONLY way to avoid delay is to put 'Srp' ( NOT 'Legacy_Auth' and even not 'Srp256' ! ) in the head of this list.
No such trouble on Classic Server (checked all modes on 4.0.0.1714, build of 05-jan-2020).
The text was updated successfully, but these errors were encountered: