Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Long ACLs truncated [CORE1957] #2395

Closed
firebird-issue-importer opened this issue Jun 24, 2008 · 19 comments
Closed

Long ACLs truncated [CORE1957] #2395

firebird-issue-importer opened this issue Jun 24, 2008 · 19 comments

Comments

@firebird-issue-importer

Submitted by: @AlexPeshkoff

Is related to CORE216
Relate to CORE2223

Votes: 1

This was reported to me privately by Paul Beach.

The grant.epp code turns out to have a couple of bugs that
interact badly with ib_replicator. The replicator grants
privileges on the replication log table to triggers it
generates for each table to be replicated. The result is
long ACLs - both lots of entries and relatively long (>20
character) names.

The original bug, present in all versions of Firebird
is in save_security_class:

blob = BLB_create(tdbb, dbb->dbb_sys_trans, (BID)&blob_id);
BLB_put_segment(tdbb, blob, buffer, length);
BLB_close(tdbb, blob);

BLB_put_segment takes an unsigned short for the length. As a
result, the ACL is limited to 64Kb, or about 2600 entries if
the average user name is about 20 bytes. An ACL is stored
in order by the type of object being granted rights - people,
then views, then triggers, procedures, and finally roles,
with lots of other stuff (uid, gid, node id) scattered around
for historical accuracy. What that means is that a GRANT ALL
TO PUBLIC will ordinarily fix all grant problems.

The code that builds the ACL originally used the normal pool
allocation mechanism which uses a ULONG to describe the amount
of memory it wants. In version 1.5 ACL is stored in the string class.
That class has a unsigned short length, also limiting ACL's length.

Commits: 7ba8a6f 91ad4a7 fb26565 aeba7e6

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jun 24, 2008

Modified by: @AlexPeshkoff

assignee: Alexander Peshkov [ alexpeshkoff ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jun 24, 2008

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Open [ 1 ]

Fix Version: 2.5 Beta 1 [ 10251 ]

Fix Version: 2.1.2 [ 10270 ]

Fix Version: 1.5.6 [ 10225 ]

Fix Version: 2.0.5 [ 10222 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jun 24, 2008

Commented by: @dyemanov

Isn't it the same as CORE216?

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jun 24, 2008

Commented by: @AlexPeshkoff

Very possible, but I've never seen it.
I've assigned it also to me, looks like will close both when fixed.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jun 24, 2008

Modified by: @dyemanov

Link: This issue is related to CORE216 [ CORE216 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jun 24, 2008

Commented by: @AlexPeshkoff

Correction - selected first in wrong box

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jun 24, 2008

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Open [ 1 ]

Target: 2.5 Beta 1, 2.1.2, 1.5.6, 2.0.5 [ 10251, 10270, 10225, 10222 ]

Fix Version: 2.5 Beta 1 [ 10251 ] =>

Fix Version: 2.1.2 [ 10270 ] =>

Fix Version: 1.5.6 [ 10225 ] =>

Fix Version: 2.0.5 [ 10222 ] =>

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jul 11, 2008

Modified by: @AlexPeshkoff

Fix Version: 2.5 Beta 1 [ 10251 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jul 11, 2008

Modified by: @AlexPeshkoff

Fix Version: 2.1.2 [ 10270 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Sep 9, 2008

Commented by: @dyemanov

Is this going to be backported into 1.5.6 and 2.0.5, as intended originally?

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Sep 9, 2008

Modified by: @dyemanov

Fix Version: 2.0.5 [ 10222 ]

Fix Version: 1.5.6 [ 10225 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Sep 15, 2008

Modified by: @AlexPeshkoff

Target: 2.5 Beta 1, 2.1.2, 1.5.6, 2.0.5 [ 10251, 10270, 10225, 10222 ] => 1.5.6 [ 10225 ]

status: Open [ 1 ] => Open [ 1 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Oct 28, 2008

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Open [ 1 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Oct 28, 2008

Commented by: @AlexPeshkoff

Now ported to all 4 supported branches.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Oct 28, 2008

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Dec 3, 2008

Modified by: @AlexPeshkoff

Link: This issue relate to CORE2223 [ CORE2223 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jan 26, 2009

Modified by: @pcisar

status: Resolved [ 5 ] => Closed [ 6 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jan 19, 2016

Modified by: @pavel-zotov

QA Status: No test

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Aug 12, 2016

Modified by: @pavel-zotov

status: Closed [ 6 ] => Closed [ 6 ]

QA Status: No test => Cannot be tested

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment