Brief Description
The security API (isc_[add, delete, modify, display]_user(s)) contains functions to add, remove, modify, and display users that have access to a particular InterBase server.
Purpose
This feature will be implemented to allow developers the ability to create their own routines for updating user access in the InterBase security database.
Feature Description
Usability Changes
This feature consists of three API functions:
- isc_add_user: adds a user record to the password database
- isc_delete_user: deletes a user record from the password database
- isc_modifiy_user: modifies a user record in the password database
There will be no call for isc_display_users since this can be accomplished by querying the security database.
Implementation
Affected modules:
alt.c: This module will contain the calls listed above.
*. bind: All bind files will be updated so that these calls are exported
ibase.h: Will be updated to contain the calls as prototypes
Proposed Code changes:
These functions are all wrappers around SECURITY_exec_line (
utilitiessecurity.e ). They use the same logic that is present in GSEC. This
allows any bugs found in GSEC to automatically be mirrored in the API. Some of
the logic in gsec.c has been duplicated (i.e. copying the username and password
information into the security structure).
The calls will be prototyped in ibase.h as follows:
/* Flags used to fill the structure so that we know what is being passed
in */
#define sec_uid_spec 0x01
#define sec_gid_spec 0x02
#define sec_server_spec 0x04
#define sec_password_spec 0x08
#define sec_group_name_spec 0x10
#define sec_first_name_spec 0x20
#define sec_middle_name_spec 0x40
#define sec_last_name_spec 0x80
#define sec_dba_user_name_spec 0x100
#define sec_dba_password_spec 0x200
/* Available protocols to use (SPX is not yet supported) */
#define sec_protocol_tcpip 1
#define sec_protocol_netbeui 2
#define sec_protocol_spx 3
#define sec_protocol_local 4
typedef struct {
short sec_flags; /* which fields are specified */
int uid; /* the user's id */
int gid; /* the user's group id */
int protocol; /* protocol to use for connection */
char ISC_FAR *server; /* server to administer */
char ISC_FAR *user_name; /* the user's name */
char ISC_FAR *password; /* the user's password */
char ISC_FAR *group_name; /* the group name */
char ISC_FAR *first_name; /* the user's first name */
char ISC_FAR *middle_name; /* the user's middle name */
char ISC_FAR *last_name; /* the user's last name */
char ISC_FAR *dba_user_name; /* the dba user name */
char ISC_FAR *dba_password; /* the dba password */
} USER_SEC_DATA;
int ISC_EXPORT isc_add_user (ISC_STATUS ISC_FAR*,
USER_SEC_DATA *);
int ISC_EXPORT isc_delete_user (ISC_STATUS ISC_FAR *,
USER_SEC_DATA *);
int ISC_EXPORT isc_modify_user (ISC_STATUS ISC_FAR *,
USER_SEC_DATA *);
The USER_SEC_DATA structure is a subset of the USER_DATA structure found in gsec.c.
The following error codes have been added:
| Code | Value | Description |
| Isc_usrname_too_long | 335544747 | The user name passed in is greater than 31 bytes |
| Isc_password_too_long | 335544748 | The password passed in is longer than 8 bytes |
| Isc_usrname_required | 335544749 | The operation requires a user name |
| Isc_password_required | 335544750 | The operation requires a password |
| Isc_bad_protocol | 335544751 | The protocol specified is invalid |
| Isc_dup_usrname_found | 335544752 | The user name being added already exists in the security database. |
| Isc_usrname_not_found | 335544753 | The user name was not found in the security database |
| Isc_error_adding_sec_record | 335544754 | An unknown error occurred while adding a user |
| Isc_error_deleting_sec_record | 335544755 | An unknown error occurred while deleting a user |
| Isc_error_modifying_sec_record | 335544756 | An unknown error occurred while modifying a user |
| Isc_error_updating_sec_db | 335544757 | An unknown error occurred while updating the security database |