Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AV when trying to manage users list using EXECUTE STATEMENT on behalf of non-sysdba user which has RDB$ADMIN role [CORE4766] #5066

Closed
firebird-issue-importer opened this issue Apr 21, 2015 · 5 comments

Comments

@firebird-issue-importer

Submitted by: @pavel-zotov

Attachments:
av-when-trying-to-manage-users-list-using-es-on-behalf-of-non-sysdba-user-with-rdbadmin-role.zip

Consider the following script:

set list on;

show version;
select mon$user,mon$remote\_protocol,mon$auth\_method from mon$attachments where mon$attachment\_id=current\_connection;
commit;

set echo on;
drop user boss;
drop user ozzy;
commit;
create user boss password '123' grant admin role;
commit;

select u\.sec$user\_name, u\.sec$plugin, u\.sec$admin from sec$users u where u\.sec$user\_name='BOSS';

set term ^;
execute block as
begin
    execute statement 'create user ozzy password ''456'''
    as user 'BOSS' password '123' role 'RDB$ADMIN';
end
^
set term ;^
commit;

\-\- EXIT; \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- \[ 1 \]

select u\.sec$user\_name, sec$plugin, u\.sec$admin
from sec$users u
where u\.sec$user\_name = upper\('ozzy'\);

set term ^;
execute block as
begin
    execute statement 'drop user ozzy'
    as user 'BOSS' password '123' role 'RDB$ADMIN';
end
^
set term ;^
commit;


drop user boss;
commit;

CASE-1.
#⁠#⁠#⁠#⁠#⁠#⁠#⁠
When this script is running untill to commented '-- EXIT; --------- [ 1 ]' statement (i.e. when it is uncommented) FB will crash and firebird.log will contain:

CSPROG Tue Apr 21 16:38:17 2015
Shutting down the server with 2 active connection(s) to 1 database(s), 0 active service(s)

CSPROG Tue Apr 21 16:38:17 2015
INET/inet_error: read errno = 10054

CSPROG Tue Apr 21 16:38:17 2015
REMOTE INTERFACE/gds__detach: Unsuccesful detach from database.
Uncommitted work may have been lost.
Error writing data to the connection.

CASE-2.
#⁠#⁠#⁠#⁠#⁠#⁠#⁠
When the statement '-- EXIT;' will be COMMENTED firebird.log will contain:

CSPROG Tue Apr 21 16:40:36 2015
Access violation.
The code attempted to access a virtual
address without privilege to do so.
This exception will cause the Firebird server
to terminate abnormally.

CSPROG Tue Apr 21 16:41:01 2015
Shutting down the server with 2 active connection(s) to 1 database(s), 0 active service(s)

CSPROG Tue Apr 21 16:41:02 2015
INET/inet_error: read errno = 10054

CSPROG Tue Apr 21 16:41:02 2015
REMOTE INTERFACE/gds__detach: Unsuccesful detach from database.
Uncommitted work may have been lost.
Error writing data to the connection.

(and I can`t understand why AV message appear FIRST in this case).

Attached files (logs, firebird.conf, windows error related files):
1) in the folder "1-logs-when-only-add-user" -- what occurs for mentioned above case-1
2) in the folder "2-logs-when-add-and-drop-user " -- what occurs for mentioned above case-2

WI-T3.0.0.31801, got on SuperServer and SuperClassic.

firebird.conf:

RemoteServicePort = 3333
DefaultDbCachePages = 8192

LockHashSlots = 22111
TempCacheLimit = 2147483647

MaxUnflushedWrites = -1
MaxUnflushedWriteTime = -1

TempDirectories = c:\temp
MaxUserTraceLogSize = 99999

FileSystemCacheThreshold = 65536K
AuthServer = Srp,Legacy_Auth
AuthClient = Srp,Legacy_Auth,Win_Sspi
WireCrypt = Disabled
UserManager = Srp

BugcheckAbort = 1

Commits: 1301cf9 FirebirdSQL/fbt-repository@49a7447

====== Test Details ======

Note-1. Name of table in STDERR depends on value of UserManager = { Srp | Legacy_UserManager }.
For 'Srp' it will be 'PLG$SRP_VIEW', for Legacy_UserManager -- PLG$VIEW_USERS.
Because of this, section 'substitution' has been added in order to ignore rest part of line
after words 'TABLE PLG'.

Note-2. User 'boss' is NOT granted with 'RDB$ADMIN' role, only clause "grant admin" present for him
in the creating statement, so all his attempts to create/drop another user will be FAILED.
Before snapshot 31807 3rd such fail lead FB to crash (AV).

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Apr 21, 2015

Modified by: @pavel-zotov

Attachment: av-when-trying-to-manage-users-list-using-es-on-behalf-of-non-sysdba-user-with-rdbadmin-role.zip [ 12720 ]

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Apr 22, 2015

Modified by: @hvlad

assignee: Vlad Khorsun [ hvlad ]

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Apr 22, 2015

Modified by: @hvlad

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 3.0 Beta 2 [ 10586 ]

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented May 27, 2015

Modified by: @pavel-zotov

status: Resolved [ 5 ] => Resolved [ 5 ]

QA Status: Done with caveats

Test Details: Note-1. Name of table in STDERR depends on value of UserManager = { Srp | Legacy_UserManager }.
For 'Srp' it will be 'PLG$SRP_VIEW', for Legacy_UserManager -- PLG$VIEW_USERS.
Because of this, section 'substitution' has been added in order to ignore rest part of line
after words 'TABLE PLG'.

Note-2. User 'boss' is NOT granted with 'RDB$ADMIN' role, only clause "grant admin" present for him
in the creating statement, so all his attempts to create/drop another user will be FAILED.
Before snapshot 31807 3rd such fail lead FB to crash (AV).

Test Specifics: [Custom configuration required]

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Sep 23, 2015

Modified by: @pcisar

status: Resolved [ 5 ] => Closed [ 6 ]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants