Attachment #143904 for bug #208034

View | Details | Raw Unified | Return to bug 208034
Collapse All | Expand All

Lines 56-62 Link Here

(-)Firebird-2.0.3.12981-0_orig/src/jrd/constants.h (-1 / +1 lines)
56		56
57	/* Misc constant values */	57	/* Misc constant values */
58		58
59	const int USERNAME_LENGTH = 31; /* Characters */	59	const unsigned int USERNAME_LENGTH = 31; /* Characters */
60		60
61	const size_t MAX_SQL_IDENTIFIER_SIZE = 32;	61	const size_t MAX_SQL_IDENTIFIER_SIZE = 32;
62	const size_t MAX_SQL_IDENTIFIER_LEN = MAX_SQL_IDENTIFIER_SIZE - 1;	62	const size_t MAX_SQL_IDENTIFIER_LEN = MAX_SQL_IDENTIFIER_SIZE - 1;





#include <windows.h>
#include <aclapi.h>
#include <lmcons.h>

static USHORT os_type;
static SECURITY_ATTRIBUTES security_attr;

//static TEXT interbase_directory[MAXPATHLEN];

static bool check_user_privilege();

#endif // WIN_NT

static TEXT user_name[256];

}
#endif

const TEXT* ISC_get_host(Firebird::string& host)
{
/**************************************
 *
 *      I S C _ g e t _ h o s t
 *
 **************************************
 *
 * Functional description
 *      Get host name in non-plain buffer.
 *
 **************************************/
	TEXT buffer[BUFFER_SMALL];
	ISC_get_host(buffer, sizeof(buffer));
	host = buffer;
	return host.c_str();
}

#ifdef UNIX
bool ISC_get_user(Firebird::string*	name, 
				  int*	id,
				  int*	group,
				  const TEXT*	user_string)
									  TEXT*	organization,
									  int*	node,
									  const TEXT*	user_string)
{
/**************************************
 *

	}

	if (name)
		*name = p;

	if (id)
		*id = euid;

	if (group)
		*group = egid;

	if (project)
		*project = 0;

	if (organization)
		*organization = 0;

	if (node)
		*node = 0;

	return (euid == 0);
}
#endif

#endif

#ifdef WIN_NT
bool ISC_get_user(Firebird::string*	name, 
				  int*	id,
				  int*	group,
				  const TEXT*	user_string)
									  TEXT*	organization,
									  int*	node,
									  const TEXT*	user_string)
{
/**************************************
 *

	if (group)
		*group = -1;

	if (project)
		*project = 0;

	if (organization)
		*organization = 0;

	if (node)
		*node = 0;

	if (name)
	{
		DWORD name_len = UNLEN;
		TEXT* nm = name->getBuffer(name_len + 1);
		if (GetUserName(nm, &name_len))
		{
			name[name_len] = 0;

			/* NT user name is case insensitive */

			for (DWORD i = 0; i < name_len; i++)
			{
				name[i] = UPPER7(name[i]);
			}

/* This check is not internationalized, the security model needs to be
 * reengineered, especially on SUPERSERVER where none of these local
 * user (in process) assumptions are valid.
			if (!strcmp(name, "ADMINISTRATOR"))
			{
				if (id)
					*id = 0;

				if (group)
					*group = 0;
			}
 */
		}
	}

	return check_user_privilege();
}


//____________________________________________________________
//
// Check to see if the user belongs to the administrator group.
//
// This routine was adapted from code in routine RunningAsAdminstrator
// in \mstools\samples\regmpad\regdb.c.
//
static bool check_user_privilege()
{
	HANDLE tkhandle;
	SID_IDENTIFIER_AUTHORITY system_sid_authority = {SECURITY_NT_AUTHORITY};

	// First we must open a handle to the access token for this thread.

	if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, &tkhandle))
	{
		if (GetLastError() == ERROR_NO_TOKEN)
		{
			nm[name_len] = 0;
			// access token associated with the process.

			// NT user name is case insensitive
			CharUpperBuff(nm, name_len);
			name->recalculate_length();
				return false;
			}
		}
		else
		{
			*name = "";
		}
	}

	return false;
	DWORD			token_len = 0;

	while (true)
	{
		/* Then we must query the size of the group information associated with
		   the token.  This is guarenteed to fail the first time through
		   because there is no buffer. */

		if (GetTokenInformation(tkhandle,
								TokenGroups,
								ptg,
								token_len,
								&token_len))
		{
			break;
		}

		/* If there had been a buffer, it's either too small or something
		   else is wrong.  Either way, we can dispose of it. */

		if (ptg)
		{
			gds__free(ptg);
		}

		/* Here we verify that GetTokenInformation failed for lack of a large
		   enough buffer. */

		if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)
		{
			CloseHandle(tkhandle);
			return false;
		}

		// Allocate a buffer for the group information.
		ptg = (TOKEN_GROUPS *) gds__alloc((SLONG) token_len);

		if (!ptg)
		{
			CloseHandle(tkhandle);
			return false;		/* NOMEM: */
		}
		// FREE: earlier in this loop, and at procedure return
	}

	// Create a System Identifier for the Admin group.

	PSID admin_sid;

	if (!AllocateAndInitializeSid(&system_sid_authority, 2,
								  SECURITY_BUILTIN_DOMAIN_RID,
								  DOMAIN_ALIAS_RID_ADMINS,
								  0, 0, 0, 0, 0, 0, &admin_sid))
	{
		gds__free(ptg);
		CloseHandle(tkhandle);
		return false;
	}

	// Finally we'll iterate through the list of groups for this access
	// token looking for a match against the SID we created above.

	bool admin_priv = false;

	for (DWORD i = 0; i < ptg->GroupCount; i++)
	{
		if (EqualSid(ptg->Groups[i].Sid, admin_sid))
		{
			admin_priv = true;
			break;
		}
	}

	// Deallocate the SID we created.

	FreeSid(admin_sid);
	gds__free(ptg);
	CloseHandle(tkhandle);
	return admin_priv;
}
#endif


Lines 25-30 Link Here

(-)Firebird-2.0.3.12981-0_orig/src/jrd/isc_proto.h (-2 / +3 lines)
25	#define JRD_ISC_PROTO_H	25	#define JRD_ISC_PROTO_H
26		26
27	#include "../jrd/isc.h"	27	#include "../jrd/isc.h"
		28	#include "../common/classes/fb_string.h"
28		29
29	void ISC_ast_enter(void);	30	void ISC_ast_enter(void);
30	void ISC_ast_exit(void);	31	void ISC_ast_exit(void);
Lines 33-40 Link Here
33	//void ISC_get_config(TEXT , struct ipccfg );	34	//void ISC_get_config(TEXT , struct ipccfg );
34	//int ISC_set_config(TEXT , struct ipccfg );	35	//int ISC_set_config(TEXT , struct ipccfg );
35	TEXT* ISC_get_host(TEXT *, USHORT);	36	TEXT* ISC_get_host(TEXT *, USHORT);
36	int ISC_get_user(TEXT, int, int, TEXT,	37	const TEXT* ISC_get_host(Firebird::string&);
37	TEXT, int, const TEXT*);	38	bool ISC_get_user(Firebird::string, int, int, const TEXT);
38	SLONG ISC_get_user_group_id(const TEXT*);	39	SLONG ISC_get_user_group_id(const TEXT*);
39	void ISC_set_user(const TEXT*);	40	void ISC_set_user(const TEXT*);
40	SLONG ISC_get_prefix(const TEXT*);	41	SLONG ISC_get_prefix(const TEXT*);




 **/
static void getUserInfo(UserId& user, const DatabaseOptions& options)
{
	TEXT name[129] = "";
	TEXT project[33] = "";
	TEXT organization[33] = "";

	int node_id = 0;
	int id = -1, group = -1;	// CVC: This var contained trash
	int node_id = 0;
	Firebird::string name;

#ifdef BOOT_BUILD
	bool wheel = true;

	bool wheel = false;
	if (options.dpb_user_name.isEmpty()) 
	{
       wheel = ISC_get_user(&name,
                            &id,
                            &group,
                            project,
                            organization,
                            &node_id,
                            options.dpb_sys_user_name.nullStr());
	}


		{
			if (options.dpb_user_name.hasData())
			{
				name = options.dpb_user_name;
			}
			else
			{
				name = "<Unknown>";
			}
		}

		// if the name from the user database is defined as SYSDBA,
		// we define that user id as having system privileges

		if (name == SYSDBA_USER_NAME)
		{
			wheel = true;
		}


	if (wheel)
	{
		name = SYSDBA_USER_NAME;
	}

	user.usr_user_name = name;
	user.usr_project_name = "";
	user.usr_org_name = "";
	user.usr_sql_role_name = options.dpb_role_name;
	user.usr_user_id = id;
	user.usr_group_id = group;





	static void initialize();
	static void shutdown();
	static void verifyUser(Firebird::string&, const TEXT*, const TEXT*, const TEXT*,
		int*, int*, int*, const Firebird::string&);

	static void hash(Firebird::string& h, 
					 const Firebird::string& userName, 
					 const TEXT* passwd)
	{
		Firebird::string salt;

	}

	static void hash(Firebird::string& h, 
					 const Firebird::string& userName, 
					 const TEXT* passwd,
					 const Firebird::string& oldHash)
	{


	void fini();
	void init();
	bool lookup_user(const TEXT*, int*, int*, TEXT*);
	bool prepare();

	static SecurityDatabase instance;




	counter += (is_cached) ? 1 : 0;
}

bool SecurityDatabase::lookup_user(const TEXT* user_name, int* uid, int* gid, TEXT* pwd)
{
	bool found = false;		// user found flag
	TEXT uname[129];		// user name buffer

	instance.fini();
}

void SecurityDatabase::verifyUser(Firebird::string& name,
								  const TEXT* user_name,
								  const TEXT* password,
								  const TEXT* password_enc,

{
	if (user_name)
	{
		name = user_name;
		for (unsigned int n = 0; n < name.length(); ++n)
		{
			name[n] = UPPER7(name[n]);
		}
		*p = 0;
	}

#ifndef EMBEDDED

	// that means the current context must be saved and restored.

	TEXT pw1[MAX_PASSWORD_LENGTH + 1];
	const bool found = instance.lookup_user(name.c_str(), uid, gid, pw1);
	pw1[MAX_PASSWORD_LENGTH] = 0;
	Firebird::string storedHash(pw1, MAX_PASSWORD_LENGTH);
	storedHash.rtrim();

Lines 516-522 Link Here

(-)Firebird-2.0.3.12981-0_orig/src/jrd/svc.cpp (-1 / +1 lines)
516	}	516	}
517	else	517	else
518	{	518	{
519	TEXT name[129]; // unused after retrieved	519	Firebird::string name; // unused after retrieved
520	int id, group, node_id;	520	int id, group, node_id;
521		521
522	Firebird::string remote = options.spb_network_protocol +	522	Firebird::string remote = options.spb_network_protocol +




#endif
#endif // !(defined VMS || defined WIN_NT)

#if (defined DARWIN || defined HPUX)
extern "C" int innetgr(const char*, const char*, const char*, const char*);
#endif


#include "../common/utils_proto.h"
#include "../common/classes/ClumpletWriter.h"

#if (defined HPUX || defined SCO_UNIX)
extern int h_errno;
#endif



/* Pick up some user identification information */
	Firebird::ClumpletWriter user_id(Firebird::ClumpletReader::UnTagged, MAX_DPB_SIZE);
	Firebird::string buffer;

	int eff_gid;
	int eff_uid;
	ISC_get_user(buffer, &eff_uid, &eff_gid, 0, 0, 0, user_string);
	user_id.insertString(CNCT_user, buffer, strlen(buffer));

	ISC_get_user(&buffer, &eff_uid, &eff_gid, user_string);
	user_id.insertString(CNCT_user, buffer);

	ISC_get_host(buffer);
	buffer.lower();
	user_id.insertString(CNCT_host, buffer);
	user_id.insertString(CNCT_host, buffer, strlen(buffer));

	if ((eff_uid == -1) || uv_flag) {
		user_id.insertTag(CNCT_user_verification);

Lines 96-101 Link Here

(-)Firebird-2.0.3.12981-0_orig/src/remote/inet_server.cpp (-11 / +28 lines)
96	#include "../jrd/sch_proto.h"	96	#include "../jrd/sch_proto.h"
97	#include "../jrd/thread_proto.h"	97	#include "../jrd/thread_proto.h"
98	#include "../common/utils_proto.h"	98	#include "../common/utils_proto.h"
		99	#include "../common/classes/fb_string.h"
99		100
100	#ifdef UNIX	101	#ifdef UNIX
101	#ifdef NETBSD	102	#ifdef NETBSD
Lines 105-120 Link Here
105	#endif	106	#endif
106	#endif	107	#endif
107		108
		109	#ifdef HAVE_SYS_RESOURCE_H
		110	#include <sys/resource.h>
		111	#endif
		112
108	#if (defined SUPERSERVER && defined UNIX && defined SERVER_SHUTDOWN)	113	#if (defined SUPERSERVER && defined UNIX && defined SERVER_SHUTDOWN)
109	#include "../common/classes/semaphore.h"	114	#include "../common/classes/semaphore.h"
110	#define SHUTDOWN_THREAD	115	#define SHUTDOWN_THREAD
111	#endif	116	#endif
112		117
113	#ifdef SUPERSERVER	118	#ifdef UNIX
114	#ifndef WIN_NT
115	const char* TEMP_DIR = "/tmp";	119	const char* TEMP_DIR = "/tmp";
116	#define CHANGE_DIR chdir	120	#define CHANGE_DIR chdir
117	#endif	121	#endif
		122
		123	#ifdef SUPERSERVER
118	const char* INTERBASE_USER_NAME = "interbase";	124	const char* INTERBASE_USER_NAME = "interbase";
119	const char* INTERBASE_USER_SHORT = "interbas";	125	const char* INTERBASE_USER_SHORT = "interbas";
120	const char* FIREBIRD_USER_NAME = "firebird";	126	const char* FIREBIRD_USER_NAME = "firebird";
Lines 280-288 Link Here
280	set_signal(SIGUSR2, signal_handler);	286	set_signal(SIGUSR2, signal_handler);
281	#endif	287	#endif
282		288
283	#if defined(UNIX) && defined(DEV_BUILD)	289	#if defined(UNIX) && defined(HAVE_SETRLIMIT) && defined(HAVE_GETRLIMIT)
		290	#if !(defined(DEV_BUILD))
		291	if (Config::getBugcheckAbort())
		292	#endif
284	{	293	{
285	// try to force core files creation for DEV_BUILD	294	// try to force core files creation
286	struct rlimit core;	295	struct rlimit core;
287	if (getrlimit(RLIMIT_CORE, &core) == 0)	296	if (getrlimit(RLIMIT_CORE, &core) == 0)
288	{	297	{
Lines 296-301 Link Here
296	{	305	{
297	gds__log("getrlimit() failed, errno=%d", errno);	306	gds__log("getrlimit() failed, errno=%d", errno);
298	}	307	}
		308
		309	// we need some writable directory for core file
		310	// on any unix /tmp seems to be the best place
		311	if (CHANGE_DIR(TEMP_DIR)) {
		312	/* error on changing the directory */
		313	gds__log("Could not change directory to %s due to errno %d",
		314	TEMP_DIR, errno);
		315	}
299	}	316	}
300	#endif	317	#endif
301		318
Lines 328-341 Link Here
328	// Remove restriction on username, for DEV builds	345	// Remove restriction on username, for DEV builds
329	// restrict only for production builds. MOD 21-July-2002	346	// restrict only for production builds. MOD 21-July-2002
330	#ifndef DEV_BUILD	347	#ifndef DEV_BUILD
331	TEXT user_name[256]; /* holds the user name */	348	Firebird::string user_name; /* holds the user name */
332	/* check user id */	349	/* check user id */
333	ISC_get_user(user_name, NULL, NULL, NULL, NULL, NULL, NULL);	350	ISC_get_user(&user_name, NULL, NULL, NULL);
334		351
335	if (strcmp(user_name, "root") &&	352	if (user_name != "root" &&
336	strcmp(user_name, FIREBIRD_USER_NAME) &&	353	user_name != FIREBIRD_USER_NAME &&
337	strcmp(user_name, INTERBASE_USER_NAME) &&	354	user_name != INTERBASE_USER_NAME &&
338	strcmp(user_name, INTERBASE_USER_SHORT))	355	user_name != INTERBASE_USER_SHORT)
339	{	356	{
340	/* invalid user -- bail out */	357	/* invalid user -- bail out */
341	fprintf(stderr,	358	fprintf(stderr,
Lines 546-552 Link Here
546	#endif	563	#endif
547		564
548	#ifdef SHUTDOWN_THREAD	565	#ifdef SHUTDOWN_THREAD
549	static Firebird::Semaphore shutSem;	566	static Firebird::SignalSafeSemaphore shutSem;
550	static bool alreadyClosing = false;	567	static bool alreadyClosing = false;
551		568
552	static THREAD_ENTRY_DECLARE shutdown_thread(THREAD_ENTRY_PARAM arg)	569	static THREAD_ENTRY_DECLARE shutdown_thread(THREAD_ENTRY_PARAM arg)




	PACKET* packet = &rdb->rdb_packet;

/* Pick up some user identification information */
	Firebird::string buffer;
	TEXT *p;
	Firebird::ClumpletWriter user_id(Firebird::ClumpletReader::UnTagged, MAX_DPB_SIZE);

	ISC_get_user(&buffer, 0, 0, 0);
	buffer.lower();
	user_id.insertString(CNCT_user, buffer);

	ISC_get_host(buffer);
	buffer.lower();
	user_id.insertString(CNCT_host, buffer);

	ISC_get_host(buffer, sizeof(buffer));
	for (p = buffer; *p; p++) {
		if (*p >= 'A' && *p <= 'Z') {
			*p = *p - 'A' + 'a';
		}
	}
	user_id.insertString(CNCT_host, buffer, strlen(buffer));

	if (uv_flag) {
		user_id.insertTag(CNCT_user_verification);





	// Pick up some user identification information

	Firebird::string buffer;
	TEXT *p;
	Firebird::ClumpletWriter user_id(Firebird::ClumpletReader::UnTagged, MAX_DPB_SIZE);

	ISC_get_user(&buffer, 0, 0, 0);
	buffer.lower();
	user_id.insertString(CNCT_user, buffer);

	ISC_get_host(buffer);
	buffer.lower();
	user_id.insertString(CNCT_host, buffer);

	ISC_get_host(buffer, sizeof(buffer));
	for (p = buffer; *p; p++) {
		if (*p >= 'A' && *p <= 'Z') {
			*p = *p - 'A' + 'a';
		}
	}
	user_id.insertString(CNCT_host, buffer, strlen(buffer));

	if (uv_flag) {
		user_id.insertTag(CNCT_user_verification);


		// send events channel
		xps->xps_channels[XPS_CHANNEL_C2S_EVENTS].xch_client_ptr =
			((UCHAR *) xcc->xcc_mapped_addr + sizeof(struct xps));

		// receive events channel
		xps->xps_channels[XPS_CHANNEL_S2C_EVENTS].xch_client_ptr =
			((UCHAR *) xcc->xcc_mapped_addr + sizeof(struct xps) + (XNET_EVENT_SPACE));

		xcc->xcc_send_channel = &xps->xps_channels[XPS_CHANNEL_C2S_EVENTS];		
		xcc->xcc_recv_channel = &xps->xps_channels[XPS_CHANNEL_S2C_EVENTS];


		// send events channel
		xps->xps_channels[XPS_CHANNEL_S2C_EVENTS].xch_client_ptr =
			((UCHAR *) xcc->xcc_mapped_addr + sizeof(struct xps) + (XNET_EVENT_SPACE));

		// receive events channel
		xps->xps_channels[XPS_CHANNEL_C2S_EVENTS].xch_client_ptr =
			((UCHAR *) xcc->xcc_mapped_addr + sizeof(struct xps));

		xcc->xcc_send_channel = &xps->xps_channels[XPS_CHANNEL_S2C_EVENTS];		
		xcc->xcc_recv_channel = &xps->xps_channels[XPS_CHANNEL_C2S_EVENTS];




 *
 * All Rights Reserved.
 * Contributor(s): ______________________________________.
 * $Id: guard.cpp,v 1.8.12.4 2007/11/22 12:30:43 alexpeshkoff Exp $
 */
 /* contains the main() and not shared routines for ibguard */


#include "../jrd/gds_proto.h"
#include "../jrd/file_params.h"
#include "../utilities/guard/util_proto.h"
#include "../common/classes/fb_string.h"

const USHORT FOREVER	= 1;
const USHORT ONETIME	= 2;

	}							/* while */

/* check user id */
	Firebird::string user_name;		/* holds the user name */
	ISC_get_user(&user_name, NULL, NULL, NULL);

	if (user_name != INTERBASE_USER && 
		user_name != "root" &&
		user_name != FIREBIRD_USER &&
		user_name != INTERBASE_USER_SHORT)
	{
		/* invalid user bail out */
		fprintf(stderr,

Return to bug 208034

Lines 6699-6710 Link Here

(-)Firebird-2.0.3.12981-0_orig/src/jrd/jrd.cpp (-15 / +9 lines)
6699	**/	6699	**/
6700	static void getUserInfo(UserId& user, const DatabaseOptions& options)	6700	static void getUserInfo(UserId& user, const DatabaseOptions& options)
6701	{	6701	{
6702	TEXT name[129] = "";
6703	TEXT project[33] = "";
6704	TEXT organization[33] = "";
6705
6706	int node_id = 0;
6707	int id = -1, group = -1; // CVC: This var contained trash	6702	int id = -1, group = -1; // CVC: This var contained trash
		6703	int node_id = 0;
		6704	Firebird::string name;
6708		6705
6709	#ifdef BOOT_BUILD	6706	#ifdef BOOT_BUILD
6710	bool wheel = true;	6707	bool wheel = true;
Lines 6712-6723 Link Here
6712	bool wheel = false;	6709	bool wheel = false;
6713	if (options.dpb_user_name.isEmpty())	6710	if (options.dpb_user_name.isEmpty())
6714	{	6711	{
6715	wheel = ISC_get_user(name,	6712	wheel = ISC_get_user(&name,
6716	&id,	6713	&id,
6717	&group,	6714	&group,
6718	project,
6719	organization,
6720	&node_id,
6721	options.dpb_sys_user_name.nullStr());	6715	options.dpb_sys_user_name.nullStr());
6722	}	6716	}
6723		6717
Lines 6738-6755 Link Here
6738	{	6732	{
6739	if (options.dpb_user_name.hasData())	6733	if (options.dpb_user_name.hasData())
6740	{	6734	{
6741	options.dpb_user_name.copyTo(name, sizeof name);	6735	name = options.dpb_user_name;
6742	}	6736	}
6743	else	6737	else
6744	{	6738	{
6745	strcpy(name, "<Unknown>");	6739	name = "<Unknown>";
6746	}	6740	}
6747	}	6741	}
6748		6742
6749	// if the name from the user database is defined as SYSDBA,	6743	// if the name from the user database is defined as SYSDBA,
6750	// we define that user id as having system privileges	6744	// we define that user id as having system privileges
6751		6745
6752	if (!strcmp(name, SYSDBA_USER_NAME))	6746	if (name == SYSDBA_USER_NAME)
6753	{	6747	{
6754	wheel = true;	6748	wheel = true;
6755	}	6749	}
Lines 6761-6772 Link Here
6761		6755
6762	if (wheel)	6756	if (wheel)
6763	{	6757	{
6764	strcpy(name, SYSDBA_USER_NAME);	6758	name = SYSDBA_USER_NAME;
6765	}	6759	}
6766		6760
6767	user.usr_user_name = name;	6761	user.usr_user_name = name;
6768	user.usr_project_name = project;	6762	user.usr_project_name = "";
6769	user.usr_org_name = organization;	6763	user.usr_org_name = "";
6770	user.usr_sql_role_name = options.dpb_role_name;	6764	user.usr_sql_role_name = options.dpb_role_name;
6771	user.usr_user_id = id;	6765	user.usr_user_id = id;
6772	user.usr_group_id = group;	6766	user.usr_group_id = group;

Lines 263-269 Link Here

(-)Firebird-2.0.3.12981-0_orig/src/jrd/pwd.cpp (-7 / +6 lines)
263	counter += (is_cached) ? 1 : 0;	263	counter += (is_cached) ? 1 : 0;
264	}	264	}
265		265
266	bool SecurityDatabase::lookup_user(TEXT * user_name, int uid, int gid, TEXT * pwd)	266	bool SecurityDatabase::lookup_user(const TEXT* user_name, int* uid, int* gid, TEXT* pwd)
267	{	267	{
268	bool found = false; // user found flag	268	bool found = false; // user found flag
269	TEXT uname[129]; // user name buffer	269	TEXT uname[129]; // user name buffer
Lines 433-439 Link Here
433	instance.fini();	433	instance.fini();
434	}	434	}
435		435
436	void SecurityDatabase::verifyUser(TEXT* name,	436	void SecurityDatabase::verifyUser(Firebird::string& name,
437	const TEXT* user_name,	437	const TEXT* user_name,
438	const TEXT* password,	438	const TEXT* password,
439	const TEXT* password_enc,	439	const TEXT* password_enc,
Lines 444-455 Link Here
444	{	444	{
445	if (user_name)	445	if (user_name)
446	{	446	{
447	TEXT* p = name;	447	name = user_name;
448	for (const TEXT* q = user_name; *q; ++q, ++p)	448	for (unsigned int n = 0; n < name.length(); ++n)
449	{	449	{
450	p = UPPER7(q);	450	name[n] = UPPER7(name[n]);
451	}	451	}
452	*p = 0;
453	}	452	}
454		453
455	#ifndef EMBEDDED	454	#ifndef EMBEDDED
Lines 459-465 Link Here
459	// that means the current context must be saved and restored.	458	// that means the current context must be saved and restored.
460		459
461	TEXT pw1[MAX_PASSWORD_LENGTH + 1];	460	TEXT pw1[MAX_PASSWORD_LENGTH + 1];
462	const bool found = instance.lookup_user(name, uid, gid, pw1);	461	const bool found = instance.lookup_user(name.c_str(), uid, gid, pw1);
463	pw1[MAX_PASSWORD_LENGTH] = 0;	462	pw1[MAX_PASSWORD_LENGTH] = 0;
464	Firebird::string storedHash(pw1, MAX_PASSWORD_LENGTH);	463	Firebird::string storedHash(pw1, MAX_PASSWORD_LENGTH);
465	storedHash.rtrim();	464	storedHash.rtrim();

Lines 135-159 Link Here

(-)Firebird-2.0.3.12981-0_orig/src/remote/os/win32/wnet.cpp (-16 / +8 lines)
135	PACKET* packet = &rdb->rdb_packet;	135	PACKET* packet = &rdb->rdb_packet;
136		136
137	/* Pick up some user identification information */	137	/* Pick up some user identification information */
138	TEXT buffer[128];	138	Firebird::string buffer;
139	TEXT *p;	139	TEXT *p;
140	Firebird::ClumpletWriter user_id(Firebird::ClumpletReader::UnTagged, MAX_DPB_SIZE);	140	Firebird::ClumpletWriter user_id(Firebird::ClumpletReader::UnTagged, MAX_DPB_SIZE);
141		141
142	ISC_get_user(buffer, 0, 0, 0, 0, 0, 0);	142	ISC_get_user(&buffer, 0, 0, 0);
143	for (p = buffer; *p; p++) {	143	buffer.lower();
144	if (p >= 'A' && p <= 'Z') {	144	user_id.insertString(CNCT_user, buffer);
145	p = p - 'A' + 'a';	145
146	}	146	ISC_get_host(buffer);
147	}	147	buffer.lower();
148	user_id.insertString(CNCT_user, buffer, strlen(buffer));	148	user_id.insertString(CNCT_host, buffer);
149
150	ISC_get_host(buffer, sizeof(buffer));
151	for (p = buffer; *p; p++) {
152	if (p >= 'A' && p <= 'Z') {
153	p = p - 'A' + 'a';
154	}
155	}
156	user_id.insertString(CNCT_host, buffer, strlen(buffer));
157		149
158	if (uv_flag) {	150	if (uv_flag) {
159	user_id.insertTag(CNCT_user_verification);	151	user_id.insertTag(CNCT_user_verification);

Lines 214-238 Link Here

(-)Firebird-2.0.3.12981-0_orig/src/remote/xnet.cpp (-21 / +12 lines)
214		214
215	// Pick up some user identification information	215	// Pick up some user identification information
216		216
217	TEXT buffer[BUFFER_TINY];	217	Firebird::string buffer;
218	TEXT *p;
219	Firebird::ClumpletWriter user_id(Firebird::ClumpletReader::UnTagged, MAX_DPB_SIZE);	218	Firebird::ClumpletWriter user_id(Firebird::ClumpletReader::UnTagged, MAX_DPB_SIZE);
220		219
221	ISC_get_user(buffer, 0, 0, 0, 0, 0, 0);	220	ISC_get_user(&buffer, 0, 0, 0);
222	for (p = buffer; *p; p++) {	221	buffer.lower();
223	if (p >= 'A' && p <= 'Z') {	222	user_id.insertString(CNCT_user, buffer);
224	p = p - 'A' + 'a';	223
225	}	224	ISC_get_host(buffer);
226	}	225	buffer.lower();
227	user_id.insertString(CNCT_user, buffer, strlen(buffer));	226	user_id.insertString(CNCT_host, buffer);
228
229	ISC_get_host(buffer, sizeof(buffer));
230	for (p = buffer; *p; p++) {
231	if (p >= 'A' && p <= 'Z') {
232	p = p - 'A' + 'a';
233	}
234	}
235	user_id.insertString(CNCT_host, buffer, strlen(buffer));
236		227
237	if (uv_flag) {	228	if (uv_flag) {
238	user_id.insertTag(CNCT_user_verification);	229	user_id.insertTag(CNCT_user_verification);
Lines 760-770 Link Here
760		751
761	// send events channel	752	// send events channel
762	xps->xps_channels[XPS_CHANNEL_C2S_EVENTS].xch_client_ptr =	753	xps->xps_channels[XPS_CHANNEL_C2S_EVENTS].xch_client_ptr =
763	((UCHAR *) xpm->xpm_address + sizeof(struct xps));	754	((UCHAR *) xcc->xcc_mapped_addr + sizeof(struct xps));
764		755
765	// receive events channel	756	// receive events channel
766	xps->xps_channels[XPS_CHANNEL_S2C_EVENTS].xch_client_ptr =	757	xps->xps_channels[XPS_CHANNEL_S2C_EVENTS].xch_client_ptr =
767	((UCHAR *) xpm->xpm_address + sizeof(struct xps) + (XNET_EVENT_SPACE));	758	((UCHAR *) xcc->xcc_mapped_addr + sizeof(struct xps) + (XNET_EVENT_SPACE));
768		759
769	xcc->xcc_send_channel = &xps->xps_channels[XPS_CHANNEL_C2S_EVENTS];	760	xcc->xcc_send_channel = &xps->xps_channels[XPS_CHANNEL_C2S_EVENTS];
770	xcc->xcc_recv_channel = &xps->xps_channels[XPS_CHANNEL_S2C_EVENTS];	761	xcc->xcc_recv_channel = &xps->xps_channels[XPS_CHANNEL_S2C_EVENTS];
Lines 894-904 Link Here
894		885
895	// send events channel	886	// send events channel
896	xps->xps_channels[XPS_CHANNEL_S2C_EVENTS].xch_client_ptr =	887	xps->xps_channels[XPS_CHANNEL_S2C_EVENTS].xch_client_ptr =
897	((UCHAR *) xpm->xpm_address + sizeof(struct xps) + (XNET_EVENT_SPACE));	888	((UCHAR *) xcc->xcc_mapped_addr + sizeof(struct xps) + (XNET_EVENT_SPACE));
898		889
899	// receive events channel	890	// receive events channel
900	xps->xps_channels[XPS_CHANNEL_C2S_EVENTS].xch_client_ptr =	891	xps->xps_channels[XPS_CHANNEL_C2S_EVENTS].xch_client_ptr =
901	((UCHAR *) xpm->xpm_address + sizeof(struct xps));	892	((UCHAR *) xcc->xcc_mapped_addr + sizeof(struct xps));
902		893
903	xcc->xcc_send_channel = &xps->xps_channels[XPS_CHANNEL_S2C_EVENTS];	894	xcc->xcc_send_channel = &xps->xps_channels[XPS_CHANNEL_S2C_EVENTS];
904	xcc->xcc_recv_channel = &xps->xps_channels[XPS_CHANNEL_C2S_EVENTS];	895	xcc->xcc_recv_channel = &xps->xps_channels[XPS_CHANNEL_C2S_EVENTS];

Lines 87-100 Link Here

(-)Firebird-2.0.3.12981-0_orig/src/jrd/isc.cpp (-172 / +37 lines)
87		87
88	#include <windows.h>	88	#include <windows.h>
89	#include <aclapi.h>	89	#include <aclapi.h>
		90	#include <lmcons.h>
90		91
91	static USHORT os_type;	92	static USHORT os_type;
92	static SECURITY_ATTRIBUTES security_attr;	93	static SECURITY_ATTRIBUTES security_attr;
93		94
94	//static TEXT interbase_directory[MAXPATHLEN];	95	//static TEXT interbase_directory[MAXPATHLEN];
95		96
96	static bool check_user_privilege();
97
98	#endif // WIN_NT	97	#endif // WIN_NT
99		98
100	static TEXT user_name[256];	99	static TEXT user_name[256];
Lines 393-406 Link Here
393	}	392	}
394	#endif	393	#endif
395		394
		395	const TEXT* ISC_get_host(Firebird::string& host)
		396	{
		397	/**************************************
		398	*
		399	* I S C _ g e t _ h o s t
		400	*
		401	**************************************
		402	*
		403	* Functional description
		404	* Get host name in non-plain buffer.
		405	*
		406	**************************************/
		407	TEXT buffer[BUFFER_SMALL];
		408	ISC_get_host(buffer, sizeof(buffer));
		409	host = buffer;
		410	return host.c_str();
		411	}
		412
396	#ifdef UNIX	413	#ifdef UNIX
397	int ISC_get_user(TEXT* name,	414	bool ISC_get_user(Firebird::string* name,
398	int* id,	415	int* id,
399	int* group,	416	int* group,
400	TEXT* project,	417	const TEXT* user_string)
401	TEXT* organization,
402	int* node,
403	const TEXT* user_string)
404	{	418	{
405	/**************************************	419	/**************************************
406	*	420	*
Lines 448-454 Link Here
448	}	462	}
449		463
450	if (name)	464	if (name)
451	strcpy(name, p);	465	*name = p;
452		466
453	if (id)	467	if (id)
454	*id = euid;	468	*id = euid;
Lines 456-470 Link Here
456	if (group)	470	if (group)
457	*group = egid;	471	*group = egid;
458		472
459	if (project)
460	*project = 0;
461
462	if (organization)
463	*organization = 0;
464
465	if (node)
466	*node = 0;
467
468	return (euid == 0);	473	return (euid == 0);
469	}	474	}
470	#endif	475	#endif
Lines 573-585 Link Here
573	#endif	578	#endif
574		579
575	#ifdef WIN_NT	580	#ifdef WIN_NT
576	int ISC_get_user(TEXT* name,	581	bool ISC_get_user(Firebird::string* name,
577	int* id,	582	int* id,
578	int* group,	583	int* group,
579	TEXT* project,	584	const TEXT* user_string)
580	TEXT* organization,
581	int* node,
582	const TEXT* user_string)
583	{	585	{
584	/**************************************	586	/**************************************
585	*	587	*
Lines 597-758 Link Here
597	if (group)	599	if (group)
598	*group = -1;	600	*group = -1;
599		601
600	if (project)
601	*project = 0;
602
603	if (organization)
604	*organization = 0;
605
606	if (node)
607	*node = 0;
608
609	if (name)	602	if (name)
610	{	603	{
611	name[0] = 0;	604	DWORD name_len = UNLEN;
612	DWORD name_len = 128;	605	TEXT* nm = name->getBuffer(name_len + 1);
613	if (GetUserName(name, &name_len))	606	if (GetUserName(nm, &name_len))
614	{
615	name[name_len] = 0;
616
617	/* NT user name is case insensitive */
618
619	for (DWORD i = 0; i < name_len; i++)
620	{
621	name[i] = UPPER7(name[i]);
622	}
623
624	/* This check is not internationalized, the security model needs to be
625	* reengineered, especially on SUPERSERVER where none of these local
626	* user (in process) assumptions are valid.
627	if (!strcmp(name, "ADMINISTRATOR"))
628	{
629	if (id)
630	*id = 0;
631
632	if (group)
633	*group = 0;
634	}
635	*/
636	}
637	}
638
639	return check_user_privilege();
640	}
641
642
643	//____________________________________________________________
644	//
645	// Check to see if the user belongs to the administrator group.
646	//
647	// This routine was adapted from code in routine RunningAsAdminstrator
648	// in \mstools\samples\regmpad\regdb.c.
649	//
650	static bool check_user_privilege()
651	{
652	HANDLE tkhandle;
653	SID_IDENTIFIER_AUTHORITY system_sid_authority = {SECURITY_NT_AUTHORITY};
654
655	// First we must open a handle to the access token for this thread.
656
657	if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, &tkhandle))
658	{
659	if (GetLastError() == ERROR_NO_TOKEN)
660	{	607	{
661	// If the thread does not have an access token, we'll examine the	608	nm[name_len] = 0;
662	// access token associated with the process.
663		609
664	if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &tkhandle))	610	// NT user name is case insensitive
665	{	611	CharUpperBuff(nm, name_len);
666	CloseHandle(tkhandle);	612	name->recalculate_length();
667	return false;
668	}
669	}	613	}
670	else	614	else
671	{	615	{
672	return false;	616	*name = "";
673	}	617	}
674	}	618	}
675		619
676	TOKEN_GROUPS* ptg = NULL;	620	return false;
677	DWORD token_len = 0;
678
679	while (true)
680	{
681	/* Then we must query the size of the group information associated with
682	the token. This is guarenteed to fail the first time through
683	because there is no buffer. */
684
685	if (GetTokenInformation(tkhandle,
686	TokenGroups,
687	ptg,
688	token_len,
689	&token_len))
690	{
691	break;
692	}
693
694	/* If there had been a buffer, it's either too small or something
695	else is wrong. Either way, we can dispose of it. */
696
697	if (ptg)
698	{
699	gds__free(ptg);
700	}
701
702	/* Here we verify that GetTokenInformation failed for lack of a large
703	enough buffer. */
704
705	if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)
706	{
707	CloseHandle(tkhandle);
708	return false;
709	}
710
711	// Allocate a buffer for the group information.
712	ptg = (TOKEN_GROUPS *) gds__alloc((SLONG) token_len);
713
714	if (!ptg)
715	{
716	CloseHandle(tkhandle);
717	return false; /* NOMEM: */
718	}
719	// FREE: earlier in this loop, and at procedure return
720	}
721
722	// Create a System Identifier for the Admin group.
723
724	PSID admin_sid;
725
726	if (!AllocateAndInitializeSid(&system_sid_authority, 2,
727	SECURITY_BUILTIN_DOMAIN_RID,
728	DOMAIN_ALIAS_RID_ADMINS,
729	0, 0, 0, 0, 0, 0, &admin_sid))
730	{
731	gds__free(ptg);
732	CloseHandle(tkhandle);
733	return false;
734	}
735
736	// Finally we'll iterate through the list of groups for this access
737	// token looking for a match against the SID we created above.
738
739	bool admin_priv = false;
740
741	for (DWORD i = 0; i < ptg->GroupCount; i++)
742	{
743	if (EqualSid(ptg->Groups[i].Sid, admin_sid))
744	{
745	admin_priv = true;
746	break;
747	}
748	}
749
750	// Deallocate the SID we created.
751
752	FreeSid(admin_sid);
753	gds__free(ptg);
754	CloseHandle(tkhandle);
755	return admin_priv;
756	}	621	}
757	#endif	622	#endif
758		623

Lines 66-76 Link Here

(-)Firebird-2.0.3.12981-0_orig/src/jrd/jrd_pwd.h (-4 / +4 lines)
66		66
67	static void initialize();	67	static void initialize();
68	static void shutdown();	68	static void shutdown();
69	static void verifyUser(TEXT, const TEXT, const TEXT, const TEXT,	69	static void verifyUser(Firebird::string&, const TEXT, const TEXT, const TEXT*,
70	int, int, int*, const Firebird::string&);	70	int, int, int*, const Firebird::string&);
71		71
72	static void hash(Firebird::string& h,	72	static void hash(Firebird::string& h,
73	const TEXT* userName,	73	const Firebird::string& userName,
74	const TEXT* passwd)	74	const TEXT* passwd)
75	{	75	{
76	Firebird::string salt;	76	Firebird::string salt;
Lines 79-85 Link Here
79	}	79	}
80		80
81	static void hash(Firebird::string& h,	81	static void hash(Firebird::string& h,
82	const TEXT* userName,	82	const Firebird::string& userName,
83	const TEXT* passwd,	83	const TEXT* passwd,
84	const Firebird::string& oldHash)	84	const Firebird::string& oldHash)
85	{	85	{
Lines 110-116 Link Here
110		110
111	void fini();	111	void fini();
112	void init();	112	void init();
113	bool lookup_user(TEXT, int, int, TEXT);	113	bool lookup_user(const TEXT, int, int, TEXT);
114	bool prepare();	114	bool prepare();
115		115
116	static SecurityDatabase instance;	116	static SecurityDatabase instance;

Lines 15-21 Link Here

(-)Firebird-2.0.3.12981-0_orig/src/utilities/guard/guard.cpp (-6 / +8 lines)
15	*	15	*
16	* All Rights Reserved.	16	* All Rights Reserved.
17	* Contributor(s): ______________________________________.	17	* Contributor(s): ______________________________________.
18	* $Id: guard.cpp,v 1.8.12.3 2006/04/18 08:56:34 alexpeshkoff Exp $	18	* $Id: guard.cpp,v 1.8.12.4 2007/11/22 12:30:43 alexpeshkoff Exp $
19	*/	19	*/
20	/* contains the main() and not shared routines for ibguard */	20	/* contains the main() and not shared routines for ibguard */
21		21
Lines 45-50 Link Here
45	#include "../jrd/gds_proto.h"	45	#include "../jrd/gds_proto.h"
46	#include "../jrd/file_params.h"	46	#include "../jrd/file_params.h"
47	#include "../utilities/guard/util_proto.h"	47	#include "../utilities/guard/util_proto.h"
		48	#include "../common/classes/fb_string.h"
48		49
49	const USHORT FOREVER = 1;	50	const USHORT FOREVER = 1;
50	const USHORT ONETIME = 2;	51	const USHORT ONETIME = 2;
Lines 107-118 Link Here
107	} /* while */	108	} /* while */
108		109
109	/* check user id */	110	/* check user id */
110	TEXT user_name[256]; /* holds the user name */	111	Firebird::string user_name; /* holds the user name */
111	ISC_get_user(user_name, NULL, NULL, NULL, NULL, NULL, NULL);	112	ISC_get_user(&user_name, NULL, NULL, NULL);
112		113
113	if (strcmp(user_name, INTERBASE_USER) && strcmp(user_name, "root")	114	if (user_name != INTERBASE_USER &&
114	&& strcmp(user_name, FIREBIRD_USER)	115	user_name != "root" &&
115	&& strcmp(user_name, INTERBASE_USER_SHORT))	116	user_name != FIREBIRD_USER &&
		117	user_name != INTERBASE_USER_SHORT)
116	{	118	{
117	/* invalid user bail out */	119	/* invalid user bail out */
118	fprintf(stderr,	120	fprintf(stderr,