Appendix to Firebird 2 release notes

<< Firebird 2.0 project teams | Firebird 2.0.7 Release Notes | >>

Appendix to Firebird 2 release notes

Security upgrade script

A. Peshkov

 /* Script security_database.sql
 *
 * The contents of this file are subject to the Initial
 * Developer's Public License Version 1.0 (the "License");
 * you may not use this file except in compliance with the
 * License. You may obtain a copy of the License at
 * https://www.ibphoenix.com/main.nfs?a=ibphoenix&page=ibp_idpl.
 *
 * Software distributed under the License is distributed AS IS,
 * WITHOUT WARRANTY OF ANY KIND, either express or implied.
 * See the License for the specific language governing rights
 * and limitations under the License.
 *
 * The Original Code was created by Alex Peshkov on 16-Nov-2004
 * for the Firebird Open Source RDBMS project.
 *
 * Copyright (c) 2004 Alex Peshkov
 * and all contributors signed below.
 *
 * All Rights Reserved.
 * Contributor(s): ______________________________________.
 *
 */

 -- 1. temporary table to alter domains correctly.
 CREATE TABLE UTMP (
    USER_NAME VARCHAR(128) CHARACTER SET ASCII,
    SYS_USER_NAME VARCHAR(128) CHARACTER SET ASCII,
    GROUP_NAME VARCHAR(128) CHARACTER SET ASCII,
    UID INTEGER,
    GID INTEGER,
    PASSWD VARCHAR(64) CHARACTER SET BINARY,
    PRIVILEGE INTEGER,
    COMMENT BLOB SUB_TYPE TEXT SEGMENT SIZE 80
       CHARACTER SET UNICODE_FSS,
    FIRST_NAME VARCHAR(32) CHARACTER SET UNICODE_FSS
       DEFAULT _UNICODE_FSS '',
    MIDDLE_NAME VARCHAR(32) CHARACTER SET UNICODE_FSS
       DEFAULT _UNICODE_FSS '',
    LAST_NAME VARCHAR(32) CHARACTER SET UNICODE_FSS
       DEFAULT _UNICODE_FSS ''
    );
 COMMIT;

 -- 2. save users data
 INSERT INTO UTMP(USER_NAME, SYS_USER_NAME, GROUP_NAME,
    UID, GID, PRIVILEGE, COMMENT, FIRST_NAME, MIDDLE_NAME,
    LAST_NAME, PASSWD)
 SELECT USER_NAME, SYS_USER_NAME, GROUP_NAME,
    UID, GID, PRIVILEGE, COMMENT, FIRST_NAME, MIDDLE_NAME,
    LAST_NAME, PASSWD
   FROM USERS;
 COMMIT;

 -- 3. drop old tables and domains
 DROP TABLE USERS;
 DROP TABLE HOST_INFO;
 COMMIT;

 DROP DOMAIN COMMENT;
 DROP DOMAIN NAME_PART;
 DROP DOMAIN GID;
 DROP DOMAIN HOST_KEY;
 DROP DOMAIN HOST_NAME;
 DROP DOMAIN PASSWD;
 DROP DOMAIN UID;
 DROP DOMAIN USER_NAME;
 DROP DOMAIN PRIVILEGE;
 COMMIT;

 -- 4. create new objects in database
 CREATE DOMAIN RDB$COMMENT AS BLOB SUB_TYPE TEXT SEGMENT SIZE 80
    CHARACTER SET UNICODE_FSS;
 CREATE DOMAIN RDB$NAME_PART AS VARCHAR(32)
    CHARACTER SET UNICODE_FSS DEFAULT _UNICODE_FSS '';
 CREATE DOMAIN RDB$GID AS INTEGER;
 CREATE DOMAIN RDB$PASSWD AS VARCHAR(64) CHARACTER SET BINARY;
 CREATE DOMAIN RDB$UID AS INTEGER;
 CREATE DOMAIN RDB$USER_NAME AS VARCHAR(128)
 CHARACTER SET UNICODE_FSS;
 CREATE DOMAIN RDB$USER_PRIVILEGE AS INTEGER;
 COMMIT;

 CREATE TABLE RDB$USERS (
    RDB$USER_NAME RDB$USER_NAME NOT NULL PRIMARY KEY,
    /* local system user name
       for setuid for file permissions */
    RDB$SYS_USER_NAME RDB$USER_NAME,
    RDB$GROUP_NAME RDB$USER_NAME,
    RDB$UID RDB$UID,
    RDB$GID RDB$GID,
    RDB$PASSWD RDB$PASSWD, /* SEE NOTE BELOW */

    /* Privilege level of user -
       mark a user as having DBA privilege */
    RDB$PRIVILEGE RDB$USER_PRIVILEGE,

    RDB$COMMENT RDB$COMMENT,
    RDB$FIRST_NAME RDB$NAME_PART,
    RDB$MIDDLE_NAME RDB$NAME_PART,
    RDB$LAST_NAME RDB$NAME_PART);
 COMMIT;

 CREATE VIEW USERS (USER_NAME, SYS_USER_NAME, GROUP_NAME,
    UID, GID, PASSWD, PRIVILEGE, COMMENT, FIRST_NAME,
    MIDDLE_NAME, LAST_NAME, FULL_NAME) AS

 SELECT RDB$USER_NAME, RDB$SYS_USER_NAME, RDB$GROUP_NAME,
    RDB$UID, RDB$GID, RDB$PASSWD, RDB$PRIVILEGE, RDB$COMMENT,
    RDB$FIRST_NAME, RDB$MIDDLE_NAME, RDB$LAST_NAME,
    RDB$first_name || _UNICODE_FSS ' ' || RDB$middle_name
    || _UNICODE_FSS ' ' || RDB$last_name
    FROM RDB$USERS
    WHERE CURRENT_USER = 'SYSDBA'
    OR CURRENT_USER = RDB$USERS.RDB$USER_NAME;
 COMMIT;

 GRANT ALL ON RDB$USERS to VIEW USERS;
 GRANT SELECT ON USERS to PUBLIC;
 GRANT UPDATE(PASSWD, GROUP_NAME, UID, GID, FIRST_NAME,
    MIDDLE_NAME, LAST_NAME)
   ON USERS TO PUBLIC;
 COMMIT;

 -- 5. move data from temporary table and drop it
 INSERT INTO RDB$USERS(RDB$USER_NAME, RDB$SYS_USER_NAME,
    RDB$GROUP_NAME, RDB$UID, RDB$GID, RDB$PRIVILEGE, RDB$COMMENT,
    RDB$FIRST_NAME, RDB$MIDDLE_NAME, RDB$LAST_NAME, RDB$PASSWD)
 SELECT USER_NAME, SYS_USER_NAME, GROUP_NAME, UID, GID,
    PRIVILEGE, COMMENT, FIRST_NAME, MIDDLE_NAME, LAST_NAME,
    PASSWD
    FROM UTMP;
 COMMIT;

 DROP TABLE UTMP;
 COMMIT;

Note: This field should be constrained as NOT NULL. For information about this, see Nullability of RDB$PASSWD in the Security chapter.

back to top of page
<< Firebird 2.0 project teams | Firebird 2.0.7 Release Notes | >>