Brief Description

The security API (isc_[add, delete, modify, display]_user(s)) contains functions to add, remove, modify, and display users that have access to a particular InterBase server.


This feature will be implemented to allow developers the ability to create their own routines for updating user access in the InterBase security database.

Feature Description

Usability Changes

This feature consists of three API functions:

  • isc_add_user: adds a user record to the password database
  • isc_delete_user: deletes a user record from the password database
  • isc_modifiy_user: modifies a user record in the password database

There will be no call for isc_display_users since this can be accomplished by querying the security database.


Affected modules:

alt.c: This module will contain the calls listed above.
*. bind: All bind files will be updated so that these calls are exported
ibase.h: Will be updated to contain the calls as prototypes

Proposed Code changes:

These functions are all wrappers around SECURITY_exec_line ( utilitiessecurity.e ). They use the same logic that is present in GSEC. This allows any bugs found in GSEC to automatically be mirrored in the API. Some of the logic in gsec.c has been duplicated (i.e. copying the username and password information into the security structure).
The calls will be prototyped in ibase.h as follows:

/* Flags used to fill the structure so that we know what is being passed in */
#define sec_uid_spec 0x01
#define sec_gid_spec 0x02
#define sec_server_spec 0x04
#define sec_password_spec 0x08
#define sec_group_name_spec 0x10
#define sec_first_name_spec 0x20
#define sec_middle_name_spec 0x40
#define sec_last_name_spec 0x80
#define sec_dba_user_name_spec 0x100
#define sec_dba_password_spec 0x200

/* Available protocols to use (SPX is not yet supported) */
#define sec_protocol_tcpip 1
#define sec_protocol_netbeui 2
#define sec_protocol_spx 3
#define sec_protocol_local 4

typedef struct {
short sec_flags; /* which fields are specified */
int uid; /* the user's id */
int gid; /* the user's group id */
int protocol; /* protocol to use for connection */
char ISC_FAR *server; /* server to administer */
char ISC_FAR *user_name; /* the user's name */
char ISC_FAR *password; /* the user's password */
char ISC_FAR *group_name; /* the group name */
char ISC_FAR *first_name; /* the user's first name */
char ISC_FAR *middle_name; /* the user's middle name */
char ISC_FAR *last_name; /* the user's last name */
char ISC_FAR *dba_user_name; /* the dba user name */
char ISC_FAR *dba_password; /* the dba password */

int ISC_EXPORT isc_add_user (ISC_STATUS ISC_FAR*,
int ISC_EXPORT isc_delete_user (ISC_STATUS ISC_FAR *,
int ISC_EXPORT isc_modify_user (ISC_STATUS ISC_FAR *, USER_SEC_DATA *);

The USER_SEC_DATA structure is a subset of the USER_DATA structure found in gsec.c.

The following error codes have been added:

Code Value Description
Isc_usrname_too_long 335544747 The user name passed in is greater than 31 bytes
Isc_password_too_long 335544748 The password passed in is longer than 8 bytes
Isc_usrname_required 335544749 The operation requires a user name
Isc_password_required 335544750 The operation requires a password
Isc_bad_protocol 335544751 The protocol specified is invalid
Isc_dup_usrname_found 335544752 The user name being added already exists in the security database.
Isc_usrname_not_found 335544753 The user name was not found in the security database
Isc_error_adding_sec_record 335544754 An unknown error occurred while adding a user
Isc_error_deleting_sec_record 335544755 An unknown error occurred while deleting a user
Isc_error_modifying_sec_record 335544756 An unknown error occurred while modifying a user
Isc_error_updating_sec_db 335544757 An unknown error occurred while updating the security database