diff --git a/builds/install/arch-specific/win32/BuildExecutableInstall.bat b/builds/install/arch-specific/win32/BuildExecutableInstall.bat
index f53ad7e873d..b3167db504f 100644
--- a/builds/install/arch-specific/win32/BuildExecutableInstall.bat
+++ b/builds/install/arch-specific/win32/BuildExecutableInstall.bat
@@ -254,8 +254,6 @@ set FBBUILD_INSTALL_IMAGES=%FB_ROOT_PATH%\builds\install_images
copy %FB_TEMP_DIR%\%FBBUILD_BUILDTYPE%\yvalve\fbclient.pdb %FB_OUTPUT_DIR%\ > nul
copy %FB_TEMP_DIR%\%FBBUILD_BUILDTYPE%\engine\engine*.pdb %FB_OUTPUT_DIR%\plugins\ > nul
copy %FB_TEMP_DIR%\%FBBUILD_BUILDTYPE%\fbtrace\fbtrace.pdb %FB_OUTPUT_DIR%\plugins\ > nul
- copy %FB_TEMP_DIR%\%FBBUILD_BUILDTYPE%\legacy_auth\legacy_auth.pdb %FB_OUTPUT_DIR%\plugins\ > nul
- copy %FB_TEMP_DIR%\%FBBUILD_BUILDTYPE%\legacy_usermanager\legacy_usermanager.pdb %FB_OUTPUT_DIR%\plugins\ > nul
copy %FB_TEMP_DIR%\%FBBUILD_BUILDTYPE%\srp\srp.pdb %FB_OUTPUT_DIR%\plugins\ > nul
copy %FB_TEMP_DIR%\%FBBUILD_BUILDTYPE%\udr_engine\udr_engine.pdb %FB_OUTPUT_DIR%\plugins\ > nul
)
diff --git a/builds/install/misc/firebird.conf b/builds/install/misc/firebird.conf
index 5221d6facb3..22f7f635982 100644
--- a/builds/install/misc/firebird.conf
+++ b/builds/install/misc/firebird.conf
@@ -444,8 +444,7 @@
# ----------------------------
# UserManager sets the plugins used to work with the security database. If more than
-# one plugin is given, the first plugin from the list is used by default. If you
-# need to manage legacy logins using legacy tools set it to Legacy_UserManager.
+# one plugin is given, the first plugin from the list is used by default.
# Other managers may be chosen in create/alter/drop user commands.
#
# Per-database configurable.
@@ -507,8 +506,6 @@
# Make sure your keys are well encrypted before enabling this parameter. Take into
# account that with AllowEncryptedSecurityDatabase=TRUE, unencrypted key transfer
# may take place even when the security database is not encrypted.
-# This feature is not supported by legacy authentication plugin - if you care
-# about security please never use legacy authentication.
#
# Type: boolean
#
diff --git a/builds/posix/Makefile.in b/builds/posix/Makefile.in
index e64fcc0f455..7b84b5d382a 100644
--- a/builds/posix/Makefile.in
+++ b/builds/posix/Makefile.in
@@ -619,10 +619,8 @@ $(NBACKUP): $(NBACKUP_Objects) $(COMMON_LIB)
# plugins - some of them are required to build examples, use separate entry for them
#
-.PHONY: udr legacy_user_management legacy_auth_server trace auth_debug udf_compat chacha profiler
+.PHONY: udr trace auth_debug udf_compat chacha profiler
UDR_PLUGIN = $(call makePluginName,udr_engine)
-LEGACY_USER_MANAGER = $(call makePluginName,Legacy_UserManager)
-LEGACY_AUTH_SERVER = $(call makePluginName,Legacy_Auth)
SRP_USER_MANAGER = $(call makePluginName,Srp)
FBTRACE = $(call makePluginName,fbtrace)
AUTH_DEBUGGER = $(call makePluginName,Auth_Debug)
@@ -636,7 +634,7 @@ ifeq ($(TARGET),Debug)
BUILD_DEBUG:=auth_debug
endif
-plugins: udr legacy_user_management legacy_auth_server srp_user_management trace $(BUILD_DEBUG) udf_compat chacha profiler
+plugins: udr srp_user_management trace $(BUILD_DEBUG) udf_compat chacha profiler
udr: $(UDR_PLUGIN) $(PLUGINS)/udr_engine.conf
@@ -647,24 +645,12 @@ $(UDR_PLUGIN): $(UDRENG_Objects) $(COMMON_LIB)
$(LINK_UDRENG) $(call LIB_LINK_SONAME,$(notdir $@).0) -o $@ $^ $(LINK_UDRENG_LIBS) $(FIREBIRD_LIBRARY_LINK)\
$(call LIB_LINK_DARWIN_INSTALL_NAME,plugins/libudr_engine.$(SHRLIB_EXT))
-legacy_user_management: $(LEGACY_USER_MANAGER)
-
-$(LEGACY_USER_MANAGER): $(LEGACY_USERS_MANAGE_Objects) $(COMMON_LIB)
- $(LINK_PLUGIN) $(call LIB_LINK_SONAME,$(notdir $@).0) -o $@ $^ $(LINK_PLUG_LIBS) $(RE2LIB) $(FIREBIRD_LIBRARY_LINK)\
- $(call LIB_LINK_DARWIN_INSTALL_NAME,plugins/libLegacy_UserManager.$(SHRLIB_EXT))
-
chacha: $(CHACHA)
$(CHACHA): $(Chacha_Objects) $(COMMON_LIB)
$(LINK_PLUGIN) $(call LIB_LINK_SONAME,$(notdir $@).0) -o $@ $^ $(LINK_PLUG_LIBS) $(FIREBIRD_LIBRARY_LINK)\
$(call LIB_LINK_DARWIN_INSTALL_NAME,plugins/libChaCha.$(SHRLIB_EXT))
-legacy_auth_server: $(LEGACY_AUTH_SERVER)
-
-$(LEGACY_AUTH_SERVER): $(LEGACY_AUTH_SERVER_Objects) $(COMMON_LIB)
- $(LINK_PLUGIN) $(call LIB_LINK_SONAME,$(notdir $@).0) -o $@ $^ $(LINK_PLUG_LIBS) $(FIREBIRD_LIBRARY_LINK)\
- $(call LIB_LINK_DARWIN_INSTALL_NAME,plugins/libLegacy_Auth.$(SHRLIB_EXT))
-
profiler: $(PROFILER)
$(PROFILER): $(Profiler_Objects) $(COMMON_LIB)
diff --git a/builds/posix/make.shared.variables b/builds/posix/make.shared.variables
index 5074e5cf68b..c5ce723dfbd 100644
--- a/builds/posix/make.shared.variables
+++ b/builds/posix/make.shared.variables
@@ -184,18 +184,6 @@ ISQL_Test_Objects:= $(call dirObjects,isql/tests)
AllObjects += $(ISQL_Objects) $(ISQL_Test_Objects)
-# Legacy users management in security database
-LEGACY_USERS_MANAGE_Objects:= $(call makeObjects,auth/SecurityDatabase,LegacyManagement.epp)
-
-AllObjects += $(LEGACY_USERS_MANAGE_Objects)
-
-
-# Legacy authentication on server
-LEGACY_AUTH_SERVER_Objects:= $(call makeObjects,auth/SecurityDatabase,LegacyServer.cpp) $(SecDbCache)
-
-AllObjects += $(LEGACY_AUTH_SERVER_Objects)
-
-
# SRP-based users management in security database
SRP_USERS_MANAGE_Objects:= $(call dirObjects,auth/SecureRemotePassword/manage) \
$(call dirObjects,auth/SecureRemotePassword)
diff --git a/builds/win32/msvc15/Firebird.sln b/builds/win32/msvc15/Firebird.sln
index a622aa6ac0c..522ae33c50d 100644
--- a/builds/win32/msvc15/Firebird.sln
+++ b/builds/win32/msvc15/Firebird.sln
@@ -31,9 +31,6 @@ EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gpre", "gpre.vcxproj", "{D84F0839-28A4-40B2-B5F4-F5E1E7F48FD0}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gsec", "gsec.vcxproj", "{7043CC61-DEC1-4C6B-86B9-0E911D1094C9}"
- ProjectSection(ProjectDependencies) = postProject
- {D836FBF5-071E-4E04-8D63-C7EB6701B296} = {D836FBF5-071E-4E04-8D63-C7EB6701B296}
- EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gsplit", "gsplit.vcxproj", "{B7F22B7F-9937-4874-9A8B-6AB4E36E74A5}"
EndProject
@@ -72,12 +69,8 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gpre_common", "gpre_common.
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "yvalve", "yvalve.vcxproj", "{4FE03933-98CD-4879-A135-FD9430087A6B}"
EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "legacy_usermanager", "legacy_usermanager.vcxproj", "{D836FBF5-071E-4E04-8D63-C7EB6701B296}"
-EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "srp", "srp.vcxproj", "{BD00D28E-6667-414E-A4B1-6BEFC07ADB42}"
EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "legacy_auth", "legacy_auth.vcxproj", "{062BD3C7-2D01-44F6-8D79-070F688C559F}"
-EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "udf_compat", "udf_compat.vcxproj", "{6794EB8C-6425-422D-A3B0-14EED54C0E98}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "chacha", "chacha.vcxproj", "{F2E1A852-5A4B-4162-9DA8-0363805FCFD0}"
@@ -335,14 +328,6 @@ Global
{4FE03933-98CD-4879-A135-FD9430087A6B}.Release|Win32.Build.0 = Release|Win32
{4FE03933-98CD-4879-A135-FD9430087A6B}.Release|x64.ActiveCfg = Release|x64
{4FE03933-98CD-4879-A135-FD9430087A6B}.Release|x64.Build.0 = Release|x64
- {D836FBF5-071E-4E04-8D63-C7EB6701B296}.Debug|Win32.ActiveCfg = Debug|Win32
- {D836FBF5-071E-4E04-8D63-C7EB6701B296}.Debug|Win32.Build.0 = Debug|Win32
- {D836FBF5-071E-4E04-8D63-C7EB6701B296}.Debug|x64.ActiveCfg = Debug|x64
- {D836FBF5-071E-4E04-8D63-C7EB6701B296}.Debug|x64.Build.0 = Debug|x64
- {D836FBF5-071E-4E04-8D63-C7EB6701B296}.Release|Win32.ActiveCfg = Release|Win32
- {D836FBF5-071E-4E04-8D63-C7EB6701B296}.Release|Win32.Build.0 = Release|Win32
- {D836FBF5-071E-4E04-8D63-C7EB6701B296}.Release|x64.ActiveCfg = Release|x64
- {D836FBF5-071E-4E04-8D63-C7EB6701B296}.Release|x64.Build.0 = Release|x64
{BD00D28E-6667-414E-A4B1-6BEFC07ADB42}.Debug|Win32.ActiveCfg = Debug|Win32
{BD00D28E-6667-414E-A4B1-6BEFC07ADB42}.Debug|Win32.Build.0 = Debug|Win32
{BD00D28E-6667-414E-A4B1-6BEFC07ADB42}.Debug|x64.ActiveCfg = Debug|x64
@@ -351,14 +336,6 @@ Global
{BD00D28E-6667-414E-A4B1-6BEFC07ADB42}.Release|Win32.Build.0 = Release|Win32
{BD00D28E-6667-414E-A4B1-6BEFC07ADB42}.Release|x64.ActiveCfg = Release|x64
{BD00D28E-6667-414E-A4B1-6BEFC07ADB42}.Release|x64.Build.0 = Release|x64
- {062BD3C7-2D01-44F6-8D79-070F688C559F}.Debug|Win32.ActiveCfg = Debug|Win32
- {062BD3C7-2D01-44F6-8D79-070F688C559F}.Debug|Win32.Build.0 = Debug|Win32
- {062BD3C7-2D01-44F6-8D79-070F688C559F}.Debug|x64.ActiveCfg = Debug|x64
- {062BD3C7-2D01-44F6-8D79-070F688C559F}.Debug|x64.Build.0 = Debug|x64
- {062BD3C7-2D01-44F6-8D79-070F688C559F}.Release|Win32.ActiveCfg = Release|Win32
- {062BD3C7-2D01-44F6-8D79-070F688C559F}.Release|Win32.Build.0 = Release|Win32
- {062BD3C7-2D01-44F6-8D79-070F688C559F}.Release|x64.ActiveCfg = Release|x64
- {062BD3C7-2D01-44F6-8D79-070F688C559F}.Release|x64.Build.0 = Release|x64
{6794EB8C-6425-422D-A3B0-14EED54C0E98}.Debug|Win32.ActiveCfg = Debug|Win32
{6794EB8C-6425-422D-A3B0-14EED54C0E98}.Debug|Win32.Build.0 = Debug|Win32
{6794EB8C-6425-422D-A3B0-14EED54C0E98}.Debug|x64.ActiveCfg = Debug|x64
@@ -456,9 +433,7 @@ Global
{20DEBF08-EF0A-4C94-ADEB-FE9BBA14588B} = {5A1544E3-A87E-4F78-B197-528C12A64C7D}
{2925B855-5975-44AE-BB00-1217A2A4E511} = {DA5015E4-8349-4DAB-A1E5-18BDBDDA3022}
{4FE03933-98CD-4879-A135-FD9430087A6B} = {5A1544E3-A87E-4F78-B197-528C12A64C7D}
- {D836FBF5-071E-4E04-8D63-C7EB6701B296} = {5A1544E3-A87E-4F78-B197-528C12A64C7D}
{BD00D28E-6667-414E-A4B1-6BEFC07ADB42} = {5A1544E3-A87E-4F78-B197-528C12A64C7D}
- {062BD3C7-2D01-44F6-8D79-070F688C559F} = {5A1544E3-A87E-4F78-B197-528C12A64C7D}
{6794EB8C-6425-422D-A3B0-14EED54C0E98} = {5A1544E3-A87E-4F78-B197-528C12A64C7D}
{F2E1A852-5A4B-4162-9DA8-0363805FCFD0} = {5A1544E3-A87E-4F78-B197-528C12A64C7D}
{B32D1B09-8161-451E-8D20-D30F26094EC0} = {DA5015E4-8349-4DAB-A1E5-18BDBDDA3022}
diff --git a/builds/win32/msvc15/legacy_auth.vcxproj b/builds/win32/msvc15/legacy_auth.vcxproj
deleted file mode 100644
index ada7c6d7dd4..00000000000
--- a/builds/win32/msvc15/legacy_auth.vcxproj
+++ /dev/null
@@ -1,200 +0,0 @@
-
-
-
-
- Debug
- Win32
-
-
- Debug
- x64
-
-
- Release
- Win32
-
-
- Release
- x64
-
-
-
- {062BD3C7-2D01-44F6-8D79-070F688C559F}
- 10.0.17763.0
- 10.0
- 10.0
-
-
-
- DynamicLibrary
- MultiByte
- v141
- v142
- v143
-
-
- DynamicLibrary
- MultiByte
- v141
- v142
- v143
-
-
- DynamicLibrary
- MultiByte
- v141
- v142
- v143
-
-
- DynamicLibrary
- MultiByte
- v141
- v142
- v143
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- <_ProjectFileVersion>10.0.30319.1
- true
- false
- false
- false
- AllRules.ruleset
-
-
- AllRules.ruleset
-
-
- AllRules.ruleset
-
-
- AllRules.ruleset
-
-
- ..\..\..\temp\$(PlatformName)\$(Configuration)\firebird\plugins\
- ..\..\..\temp\$(PlatformName)\$(Configuration)\firebird\plugins\
- ..\..\..\temp\$(PlatformName)\$(Configuration)\firebird\plugins\
- ..\..\..\temp\$(PlatformName)\$(Configuration)\firebird\plugins\
-
-
-
- Disabled
- WIN32;_DEBUG;DEV_BUILD;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
- EditAndContinue
-
-
- false
-
-
- ..\defs\plugin.def
- Windows
- mpr.lib;%(AdditionalDependencies)
-
-
-
-
- WIN32;NDEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
-
-
-
-
- false
-
-
- ..\defs\plugin.def
- Windows
- mpr.lib;%(AdditionalDependencies)
-
-
-
-
- X64
-
-
- Disabled
- WIN32;_DEBUG;DEV_BUILD;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
-
-
- false
-
-
- MachineX64
- ..\defs\plugin.def
- Windows
- mpr.lib;%(AdditionalDependencies)
-
-
-
-
- X64
-
-
- WIN32;NDEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
-
-
-
-
- false
-
-
- MachineX64
- ..\defs\plugin.def
- Windows
- mpr.lib;%(AdditionalDependencies)
-
-
-
-
-
-
-
-
-
-
- {15605f44-bffd-444f-ad4c-55dc9d704465}
- false
-
-
- {4fe03933-98cd-4879-a135-fd9430087a6b}
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/builds/win32/msvc15/legacy_auth.vcxproj.filters b/builds/win32/msvc15/legacy_auth.vcxproj.filters
deleted file mode 100644
index 2502900a3fa..00000000000
--- a/builds/win32/msvc15/legacy_auth.vcxproj.filters
+++ /dev/null
@@ -1,27 +0,0 @@
-
-
-
-
-
-
-
- {7b6c8954-96af-468f-a901-f3c81597d183}
-
-
- {4c5e0fa9-7842-465d-9364-753bfb267c3d}
-
-
-
-
- Resource files
-
-
-
-
- AUTH files
-
-
- AUTH files
-
-
-
\ No newline at end of file
diff --git a/builds/win32/msvc15/legacy_usermanager.vcxproj b/builds/win32/msvc15/legacy_usermanager.vcxproj
deleted file mode 100644
index 24a806667ac..00000000000
--- a/builds/win32/msvc15/legacy_usermanager.vcxproj
+++ /dev/null
@@ -1,203 +0,0 @@
-
-
-
-
- Debug
- Win32
-
-
- Debug
- x64
-
-
- Release
- Win32
-
-
- Release
- x64
-
-
-
- {D836FBF5-071E-4E04-8D63-C7EB6701B296}
- 10.0.17763.0
- 10.0
- 10.0
-
-
-
- DynamicLibrary
- MultiByte
- v141
- v142
- v143
-
-
- DynamicLibrary
- MultiByte
- v141
- v142
- v143
-
-
- DynamicLibrary
- MultiByte
- v141
- v142
- v143
-
-
- DynamicLibrary
- MultiByte
- v141
- v142
- v143
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- <_ProjectFileVersion>10.0.30319.1
- true
- false
- false
- false
- AllRules.ruleset
-
-
- AllRules.ruleset
-
-
- AllRules.ruleset
-
-
- AllRules.ruleset
-
-
- ..\..\..\temp\$(PlatformName)\$(Configuration)\firebird\plugins\
- ..\..\..\temp\$(PlatformName)\$(Configuration)\firebird\plugins\
- ..\..\..\temp\$(PlatformName)\$(Configuration)\firebird\plugins\
- ..\..\..\temp\$(PlatformName)\$(Configuration)\firebird\plugins\
-
-
-
- Disabled
- WIN32;_DEBUG;DEV_BUILD;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
- EditAndContinue
-
-
- false
-
-
- ..\defs\plugin.def
- Windows
- mpr.lib;%(AdditionalDependencies)
-
-
-
-
- WIN32;NDEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
-
-
-
-
- false
-
-
- ..\defs\plugin.def
- Windows
- mpr.lib;%(AdditionalDependencies)
-
-
-
-
- X64
-
-
- Disabled
- WIN32;_DEBUG;DEV_BUILD;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
-
-
- false
-
-
- MachineX64
- ..\defs\plugin.def
- Windows
- mpr.lib;%(AdditionalDependencies)
-
-
-
-
- X64
-
-
- WIN32;NDEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
-
-
-
-
- false
-
-
- MachineX64
- ..\defs\plugin.def
- Windows
- mpr.lib;%(AdditionalDependencies)
-
-
-
-
-
-
-
-
-
-
-
- {15605f44-bffd-444f-ad4c-55dc9d704465}
- false
-
-
- {4fe03933-98cd-4879-a135-fd9430087a6b}
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/builds/win32/msvc15/legacy_usermanager.vcxproj.filters b/builds/win32/msvc15/legacy_usermanager.vcxproj.filters
deleted file mode 100644
index df0166bb7d9..00000000000
--- a/builds/win32/msvc15/legacy_usermanager.vcxproj.filters
+++ /dev/null
@@ -1,38 +0,0 @@
-
-
-
-
- {f5abfba7-e5fe-444a-8f3a-71613bd06b14}
-
-
- {4d7668b6-d659-4684-ac32-6285d87a8977}
-
-
- {65cc725f-d68d-46a8-b9fd-1a442c5aa8bb}
-
-
- {a4bf3426-2fd1-4474-8dcf-41acdd200b1a}
-
-
-
-
- Resource files
-
-
-
-
- GPRE epp
-
-
-
-
-
- headers
-
-
-
-
- GPRE cpp
-
-
-
\ No newline at end of file
diff --git a/builds/win32/preprocess.bat b/builds/win32/preprocess.bat
index 049959f8ac4..b45ed120bf7 100644
--- a/builds/win32/preprocess.bat
+++ b/builds/win32/preprocess.bat
@@ -73,7 +73,6 @@ goto :EOF
:MASTER_PROCESS
@set GPRE=%FB_BIN_DIR%\gpre
@for %%i in (alice_meta) do @call :PREPROCESS alice %%i
-@for %%i in (LegacyManagement) do @call :PREPROCESS auth/SecurityDatabase %%i
@for %%i in (backup, restore, OdsDetection) do @call :PREPROCESS burp %%i -ocxx -m
@for %%i in (metd) do @call :PREPROCESS dsql %%i -gds_cxx
@for %%i in (DdlNodes, PackageNodes) do @call :PREPROCESS dsql %%i -gds_cxx
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 13059dc5ebe..70c0f4411e9 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -58,7 +58,6 @@ set(epp_boot_gds_files
jrd/Function.epp
)
set(epp_master_files
- auth/SecurityDatabase/LegacyManagement.epp
msgs/build_file.epp
misc/codes.epp
)
@@ -532,22 +531,6 @@ set_exported_symbols (ib_util ib_util)
set_output_directory_unix (ib_util lib)
-########################################
-# SHARED LIBRARY legacy_usermanager
-########################################
-
-set(legacy_usermanager_generated_src
- auth/SecurityDatabase/LegacyManagement.epp
-)
-add_epp_suffix(legacy_usermanager_generated_src master)
-
-add_library (legacy_usermanager SHARED ${legacy_usermanager_generated_src_master} auth/SecurityDatabase/LegacyManagement.h ${VERSION_RC})
-target_link_libraries (legacy_usermanager common yvalve)
-set_target_properties (legacy_usermanager PROPERTIES OUTPUT_NAME Legacy_UserManager)
-set_output_directory (legacy_usermanager plugins)
-set_exported_symbols (legacy_usermanager fbplugin)
-
-
########################################
# SHARED LIBRARY udr_engine
########################################
@@ -572,17 +555,6 @@ set_output_directory (srp plugins)
set_exported_symbols (srp fbplugin)
-########################################
-# SHARED LIBRARY legacy_auth
-########################################
-
-add_library (legacy_auth SHARED auth/SecurityDatabase/LegacyServer.cpp ${VERSION_RC})
-target_link_libraries (legacy_auth common yvalve)
-set_target_properties (legacy_auth PROPERTIES OUTPUT_NAME Legacy_Auth)
-set_output_directory (legacy_auth plugins)
-set_exported_symbols (legacy_auth fbplugin)
-
-
################################################################################
#
# EXECUTABLES
diff --git a/src/auth/SecurityDatabase/LegacyManagement.epp b/src/auth/SecurityDatabase/LegacyManagement.epp
deleted file mode 100644
index 80cbc070dc0..00000000000
--- a/src/auth/SecurityDatabase/LegacyManagement.epp
+++ /dev/null
@@ -1,771 +0,0 @@
-/*
- * PROGRAM: Security data base manager
- * MODULE: security.epp
- * DESCRIPTION: Security routines
- *
- * The contents of this file are subject to the Interbase Public
- * License Version 1.0 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy
- * of the License at http://www.Inprise.com/IPL.html
- *
- * Software distributed under the License is distributed on an
- * "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express
- * or implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code was created by Inprise Corporation
- * and its predecessors. Portions created by Inprise Corporation are
- * Copyright (C) Inprise Corporation.
- *
- * All Rights Reserved.
- * Contributor(s): ______________________________________.
- */
-
-#include "firebird.h"
-#include "../common/classes/alloc.h"
-#include
-#include
-#include
-#include
-#include "ibase.h"
-#include "../auth/SecurityDatabase/LegacyHash.h"
-#include "../common/enc_proto.h"
-#include "../yvalve/gds_proto.h"
-#include "../common/isc_proto.h"
-#include "../utilities/gsec/gsec.h"
-#include "../common/utils_proto.h"
-#include "../common/classes/init.h"
-#include "../common/classes/UserBlob.h"
-#include "../common/config/config_file.h"
-#include "../auth/SecurityDatabase/LegacyManagement.h"
-#include "../common/classes/ImplementHelper.h"
-#include "../common/classes/ClumpletWriter.h"
-#include "../common/StatusHolder.h"
-#include "../common/security.h"
-#include "../common/classes/ParsedList.h"
-#include "firebird/Interface.h"
-
-// Here we use version-independent symbolic link (or copy) of actual database
-DATABASE database = STATIC FILENAME "security.fdb";
-
-static Firebird::GlobalPtr execLineMutex; // protects various gpre generated structures
-
-static bool grantRevokeAdmin(ISC_STATUS* isc_status, FB_API_HANDLE database, FB_API_HANDLE trans,
- Firebird::IUser* user)
-{
- if (!user->admin()->entered())
- {
- return true;
- }
-
- Firebird::string userName(user->userName()->get());
- for (unsigned i = 0; i < userName.length(); ++i)
- {
- if (userName[i] == '"')
- {
- userName.insert(i++, 1, '"');
- }
- }
-
- Firebird::string sql;
- sql.printf((user->admin()->get() ? "GRANT %s TO \"%s\"" : "REVOKE %s FROM \"%s\""),
- ADMIN_ROLE, userName.c_str());
- isc_dsql_execute_immediate(isc_status, &database, &trans, sql.length(), sql.c_str(), SQL_DIALECT_V6, NULL);
-
- if (isc_status[1] && user->admin()->get() == 0)
- {
- isc_req_handle request = 0;
-
- FOR (TRANSACTION_HANDLE trans REQUEST_HANDLE request) R IN RDB$USER_PRIVILEGES
- WITH R.RDB$USER EQ user->userName()->get()
- AND R.RDB$RELATION_NAME EQ 'RDB$ADMIN'
- AND R.RDB$PRIVILEGE EQ 'M'
- sql.printf("REVOKE " ADMIN_ROLE " FROM \"%s\" GRANTED BY \"%s\"",
- userName.c_str(), R.RDB$GRANTOR);
- END_FOR
-
- if (request)
- {
- ISC_STATUS_ARRAY s;
- if (isc_release_request(s, &request) != FB_SUCCESS)
- {
- return false;
- }
- }
-
- isc_dsql_execute_immediate(isc_status, &database, &trans, sql.length(), sql.c_str(), SQL_DIALECT_V6, NULL);
- }
-
- return isc_status[1] == 0;
-}
-
-
-static Firebird::GlobalPtr keys;
-
-namespace Auth {
-
-SecurityDatabaseManagement::SecurityDatabaseManagement(Firebird::IPluginConfig* par)
- : database(0), transaction(0)
-{
- Firebird::LocalStatus s;
- Firebird::CheckStatusWrapper statusWrapper(&s);
- config.assignRefNoIncr(par->getFirebirdConf(&statusWrapper));
- check(&s);
-}
-
-void SecurityDatabaseManagement::start(Firebird::CheckStatusWrapper* st, Firebird::ILogonInfo* logonInfo)
-{
- try
- {
- st->init();
-
- unsigned int secDbKey = keys->getKey(config, "SecurityDatabase");
- const char* secDbName = config->asString(secDbKey);
- if (!(secDbName && secDbName[0]))
- {
- Firebird::Arg::Gds(isc_secdb_name).raise();
- }
-
- Firebird::ClumpletWriter dpb(Firebird::ClumpletReader::dpbList, MAX_DPB_SIZE);
- dpb.insertByte(isc_dpb_sec_attach, TRUE);
- dpb.insertString(isc_dpb_config, Firebird::ParsedList::getNonLoopbackProviders(secDbName));
-
- unsigned int authBlockSize;
- const unsigned char* authBlock = logonInfo->authBlock(&authBlockSize);
-
- if (authBlockSize)
- dpb.insertBytes(isc_dpb_auth_block, authBlock, authBlockSize);
- else
- {
- const char* logon = logonInfo->name();
- if (logon && logon[0])
- dpb.insertString(isc_dpb_trusted_auth, logon, fb_strlen(logon));
- }
-
- const char* role = logonInfo->role();
- if (role && role[0])
- dpb.insertString(isc_dpb_sql_role_name, role, fb_strlen(role));
-
- ISC_STATUS_ARRAY status;
- if (isc_attach_database(status, 0, secDbName, &database,
- dpb.getBufferLength(), reinterpret_cast(dpb.getBuffer())))
- {
- Firebird::status_exception::raise(status);
- }
-
- if (isc_start_transaction(status, &transaction, 1, &database, 0, NULL))
- {
- Firebird::status_exception::raise(status);
- }
- }
- catch (const Firebird::Exception& ex)
- {
- ex.stuffException(st);
- }
-}
-
-void SecurityDatabaseManagement::commit(Firebird::CheckStatusWrapper* st)
-{
- try
- {
- st->init();
-
- ISC_STATUS_ARRAY status;
- if (transaction)
- {
- if (isc_commit_transaction(status, &transaction))
- {
- Firebird::status_exception::raise(status);
- }
- }
- }
- catch (const Firebird::Exception& ex)
- {
- ex.stuffException(st);
- }
-}
-
-void SecurityDatabaseManagement::rollback(Firebird::CheckStatusWrapper* st)
-{
- try
- {
- st->init();
-
- ISC_STATUS_ARRAY status;
- if (transaction)
- {
- if (isc_rollback_transaction(status, &transaction))
- {
- Firebird::status_exception::raise(status);
- }
- }
- }
- catch (const Firebird::Exception& ex)
- {
- ex.stuffException(st);
- }
-}
-
-int SecurityDatabaseManagement::release()
-{
- if (--refCounter == 0)
- {
- ISC_STATUS_ARRAY status;
- if (transaction)
- isc_rollback_transaction(status, &transaction);
- if (database)
- isc_detach_database(status, &database);
-
- delete this;
- return 0;
- }
-
- return 1;
-}
-
-#define STR_STORE(to, from) fb_utils::copy_terminate(to, from, sizeof(to))
-#define STR_VSTORE(to, from) string2vary(&to, from, sizeof(to))
-static void string2vary(void* to, Firebird::string& from, size_t to_size)
-{
- size_t len = MIN(to_size - sizeof(USHORT), from.size());
- paramvary* v = reinterpret_cast(to);
- v->vary_length = len;
- memcpy(v->vary_string, from.c_str(), len);
-}
-
-
-int SecurityDatabaseManagement::execute(Firebird::CheckStatusWrapper* st, Firebird::IUser* user,
- Firebird::IListUsers* callback)
-{
-/*************************************
- *
- * S E C U R I T Y _ e x e c _ l i n e
- *
- **************************************
- *
- * Functional description
- * Process a command line for the security data base manager.
- * This is used to add and delete users from the user information
- * database (security2.fdb). It also displays information
- * about current users and allows modification of current
- * users' parameters.
- * Returns 0 on success, otherwise returns a Gsec message number
- * and the status vector containing the error info.
- * The syntax is:
- *
- * Adding a new user:
- *
- * gsec -add [ ... ] -- command line
- * add [ ... ] -- interactive
- *
- * Deleting a current user:
- *
- * gsec -delete -- command line
- * delete -- interactive
- *
- * Displaying all current users:
- *
- * gsec -display -- command line
- * display -- interactive
- *
- * Displaying one user:
- *
- * gsec -display -- command line
- * display -- interactive
- *
- * Modifying a user's parameters:
- *
- * gsec -modify [ ... ] -- command line
- * modify [ ... ] -- interactive
- *
- * Get help:
- *
- * gsec -help -- command line
- * ? -- interactive
- * help -- interactive
- *
- * Quit interactive session:
- *
- * quit -- interactive
- *
- * where can be one of:
- *
- * -uid
- * -gid
- * -fname
- * -mname
- * -lname
- *
- **************************************/
- int ret = 0;
-
- try
- {
- ISC_STATUS_ARRAY isc_status;
- fb_utils::init_status(isc_status);
- st->init();
-
- Firebird::MutexLockGuard guard(execLineMutex, FB_FUNCTION);
-
- SCHAR encrypted1[MAX_LEGACY_PASSWORD_LENGTH + 2];
- Firebird::string encrypted2;
- bool found;
-
- // check for non-printable characters in user name
- for (const TEXT* p = user->userName()->get(); *p; p++)
- {
- if (!isprint(*p))
- {
- return GsecMsg75; // Add special error message for this case ?
- }
- }
-
- isc_req_handle request = 0;
- isc_req_handle request2 = 0;
-
- switch (user->operation())
- {
- case Firebird::IUser::OP_USER_DROP_MAP:
- case Firebird::IUser::OP_USER_SET_MAP:
- {
- Firebird::string sql;
- sql.printf("ALTER ROLE " ADMIN_ROLE " %s AUTO ADMIN MAPPING",
- user->operation() == Firebird::IUser::OP_USER_SET_MAP ? "SET" : "DROP");
- isc_dsql_execute_immediate(isc_status, &database, &transaction, sql.length(), sql.c_str(), 1, NULL);
- if (isc_status[1] != 0)
- {
- ret = GsecMsg97;
- }
- }
- break;
-
- case Firebird::IUser::OP_USER_ADD:
- // this checks the "entered" flags for each parameter (except the name)
- // and makes all non-entered parameters null valued
-
- STORE (TRANSACTION_HANDLE transaction REQUEST_HANDLE request) U IN PLG$VIEW_USERS USING
- STR_STORE(U.PLG$USER_NAME, user->userName()->get());
-
- U.PLG$UID.NULL = ISC_TRUE;
- U.PLG$GID.NULL = ISC_TRUE;
- U.PLG$GROUP_NAME.NULL = ISC_TRUE;
- if (user->attributes()->entered())
- {
- ConfigFile attr(ConfigFile::USE_TEXT, user->attributes()->get());
- const ConfigFile::Parameter* p;
-
- if ((p = attr.findParameter("uid")) && p->value.hasData())
- {
- U.PLG$UID = p->asInteger();
- U.PLG$UID.NULL = ISC_FALSE;
- }
-
- if ((p = attr.findParameter("gid")) && p->value.hasData())
- {
- U.PLG$GID = p->asInteger();
- U.PLG$GID.NULL = ISC_FALSE;
- }
-
- if ((p = attr.findParameter("groupName")) && p->value.hasData())
- {
- STR_STORE(U.PLG$GROUP_NAME, p->value.c_str());
- U.PLG$GROUP_NAME.NULL = ISC_FALSE;
- }
- }
-
- if (user->password()->entered())
- {
- ENC_crypt(encrypted1, sizeof encrypted1, user->password()->get(), LEGACY_PASSWORD_SALT);
- LegacyHash::hash(encrypted2, user->userName()->get(), &encrypted1[2]);
- STR_VSTORE(U.PLG$PASSWD, encrypted2);
- U.PLG$PASSWD.NULL = ISC_FALSE;
- }
- else
- U.PLG$PASSWD.NULL = ISC_TRUE;
- if (user->firstName()->entered())
- {
- STR_STORE(U.PLG$FIRST_NAME, user->firstName()->get());
- U.PLG$FIRST_NAME.NULL = ISC_FALSE;
- }
- else
- U.PLG$FIRST_NAME.NULL = ISC_TRUE;
- if (user->middleName()->entered())
- {
- STR_STORE(U.PLG$MIDDLE_NAME, user->middleName()->get());
- U.PLG$MIDDLE_NAME.NULL = ISC_FALSE;
- }
- else
- U.PLG$MIDDLE_NAME.NULL = ISC_TRUE;
- if (user->lastName()->entered())
- {
- STR_STORE(U.PLG$LAST_NAME, user->lastName()->get());
- U.PLG$LAST_NAME.NULL = ISC_FALSE;
- }
- else
- U.PLG$LAST_NAME.NULL = ISC_TRUE;
- END_STORE
- ON_ERROR
- ret = GsecMsg19; // gsec - add record error
- END_ERROR;
- if (ret == 0 && !grantRevokeAdmin(isc_status, database, transaction, user))
- {
- ret = GsecMsg19; // gsec - add record error
- }
- break;
-
- case Firebird::IUser::OP_USER_MODIFY:
- // this updates an existing record, replacing all fields that are
- // entered, and for those that were specified but not entered, it
- // changes the current value to the null value
-
- found = false;
- FOR (TRANSACTION_HANDLE transaction REQUEST_HANDLE request) U IN PLG$VIEW_USERS
- WITH U.PLG$USER_NAME EQ user->userName()->get()
- {
- found = true;
- MODIFY U USING
- if (user->attributes()->entered())
- {
- U.PLG$UID.NULL = ISC_TRUE;
- U.PLG$GID.NULL = ISC_TRUE;
- U.PLG$GROUP_NAME.NULL = ISC_TRUE;
-
- ConfigFile attr(ConfigFile::USE_TEXT, user->attributes()->get());
- const ConfigFile::Parameter* p;
-
- if ((p = attr.findParameter("uid")) && p->value.hasData())
- {
- U.PLG$UID = p->asInteger();
- U.PLG$UID.NULL = ISC_FALSE;
- }
-
- if ((p = attr.findParameter("gid")) && p->value.hasData())
- {
- U.PLG$GID = p->asInteger();
- U.PLG$GID.NULL = ISC_FALSE;
- }
-
- if ((p = attr.findParameter("groupName")) && p->value.hasData())
- {
- STR_STORE(U.PLG$GROUP_NAME, p->value.c_str());
- U.PLG$GROUP_NAME.NULL = ISC_FALSE;
- }
- }
- else if (user->attributes()->specified())
- {
- U.PLG$UID.NULL = ISC_TRUE;
- U.PLG$GID.NULL = ISC_TRUE;
- U.PLG$GROUP_NAME.NULL = ISC_TRUE;
- }
-
- if (user->password()->entered())
- {
- ENC_crypt(encrypted1, sizeof encrypted1, user->password()->get(), LEGACY_PASSWORD_SALT);
- LegacyHash::hash(encrypted2, user->userName()->get(), &encrypted1[2]);
- STR_VSTORE(U.PLG$PASSWD, encrypted2);
- U.PLG$PASSWD.NULL = ISC_FALSE;
- }
- else if (user->password()->specified())
- U.PLG$PASSWD.NULL = ISC_TRUE;
-
- if (user->firstName()->entered())
- {
- STR_STORE(U.PLG$FIRST_NAME, user->firstName()->get());
- U.PLG$FIRST_NAME.NULL = ISC_FALSE;
- }
- else if (user->firstName()->specified())
- U.PLG$FIRST_NAME.NULL = ISC_TRUE;
-
- if (user->middleName()->entered())
- {
- STR_STORE(U.PLG$MIDDLE_NAME, user->middleName()->get());
- U.PLG$MIDDLE_NAME.NULL = ISC_FALSE;
- }
- else if (user->middleName()->specified())
- U.PLG$MIDDLE_NAME.NULL = ISC_TRUE;
-
- if (user->lastName()->entered())
- {
- STR_STORE(U.PLG$LAST_NAME, user->lastName()->get());
- U.PLG$LAST_NAME.NULL = ISC_FALSE;
- }
- else if (user->lastName()->specified())
- U.PLG$LAST_NAME.NULL = ISC_TRUE;
- END_MODIFY
- ON_ERROR
- ret = GsecMsg20;
- END_ERROR;
- }
- END_FOR
- ON_ERROR
- ret = GsecMsg21;
- END_ERROR;
-
- if (!ret && !found)
- ret = GsecMsg22;
-
- if (ret == 0 && !grantRevokeAdmin(isc_status, database, transaction, user))
- {
- ret = GsecMsg21;
- }
- break;
-
- case Firebird::IUser::OP_USER_DELETE:
- // looks up the specified user record and deletes it
-
- found = false;
- // Do not allow SYSDBA user to be deleted
- if (!fb_utils::stricmp(user->userName()->get(), DBA_USER_NAME))
- ret = GsecMsg23;
- else
- {
- FOR (TRANSACTION_HANDLE transaction REQUEST_HANDLE request) U IN PLG$VIEW_USERS
- WITH U.PLG$USER_NAME EQ user->userName()->get()
- {
- found = true;
- ERASE U
- ON_ERROR
- ret = GsecMsg23; // gsec - delete record error
- END_ERROR;
- }
- END_FOR
- ON_ERROR
- ret = GsecMsg24; // gsec - find/delete record error
- END_ERROR;
- }
-
- if (!ret && !found)
- ret = GsecMsg22; // gsec - record not found for user:
-
- user->admin()->set(st, 0);
- check(st);
- user->admin()->setEntered(st, 1);
- check(st);
- if (ret == 0 && !grantRevokeAdmin(isc_status, database, transaction, user))
- {
- ret = GsecMsg24;
- }
- break;
-
- case Firebird::IUser::OP_USER_DISPLAY:
- // gets either the desired record, or all records, and displays them
-
- found = false;
- if (!user->userName()->entered())
- {
- Firebird::LocalStatus s2;
- Firebird::CheckStatusWrapper statusWrapper2(&s2);
- Firebird::CheckStatusWrapper* s = st;
-
- FOR (TRANSACTION_HANDLE transaction REQUEST_HANDLE request) U IN PLG$VIEW_USERS
- try
- {
- {
- Firebird::string attr, a1, a2, a3;
-
- if (!U.PLG$UID.NULL)
- a1.printf("Uid=%d\n", U.PLG$UID);
-
- if (!U.PLG$GID.NULL)
- a2.printf("Gid=%d\n", U.PLG$GID);
-
- if (!U.PLG$GROUP_NAME.NULL)
- a3.printf("GroupName=%s\n", U.PLG$GROUP_NAME);
-
- attr = a1 + a2 + a3;
- user->attributes()->set(s, attr.c_str());
- check(s);
- user->attributes()->setEntered(s, attr.hasData() ? 1 : 0);
- check(s);
- }
-
- user->userName()->set(s, U.PLG$USER_NAME);
- check(s);
- user->userName()->setEntered(s, U.PLG$USER_NAME.NULL ? 0 : 1);
- check(s);
- user->password()->set(s, "");
- check(s);
- user->password()->setEntered(s, 0);
- check(s);
- user->firstName()->set(s, U.PLG$FIRST_NAME);
- check(s);
- user->firstName()->setEntered(s, U.PLG$FIRST_NAME.NULL ? 0 : 1);
- check(s);
- user->middleName()->set(s, U.PLG$MIDDLE_NAME);
- check(s);
- user->middleName()->setEntered(s, U.PLG$MIDDLE_NAME.NULL ? 0 : 1);
- check(s);
- user->lastName()->set(s, U.PLG$LAST_NAME);
- check(s);
- user->lastName()->setEntered(s, U.PLG$LAST_NAME.NULL ? 0 : 1);
- check(s);
-
- user->admin()->set(s, 0);
- check(s);
- user->admin()->setEntered(s, 1);
- check(s);
-
- FOR (TRANSACTION_HANDLE transaction REQUEST_HANDLE request2)
- P IN RDB$USER_PRIVILEGES
- WITH P.RDB$USER EQ U.PLG$USER_NAME AND
- P.RDB$RELATION_NAME EQ 'RDB$ADMIN' AND
- P.RDB$PRIVILEGE EQ 'M'
- {
- user->admin()->set(s, 1);
- }
- END_FOR
- check(s);
-
- callback->list(s, user);
- check(s);
-
- found = true;
- }
- catch (const Firebird::Exception& ex)
- {
- ex.stuffException(s);
- s = &statusWrapper2;
- }
- END_FOR
- ON_ERROR
- ret = GsecMsg28; // gsec - find/display record error
- END_ERROR;
-
- // real error raise - out of gpre's FOR loop
- check(st);
- }
- else
- {
- Firebird::string attr, a1, a2, a3;
- Firebird::LocalStatus s2;
- Firebird::CheckStatusWrapper statusWrapper2(&s2);
- Firebird::CheckStatusWrapper* s = st;
-
- FOR (TRANSACTION_HANDLE transaction REQUEST_HANDLE request) U IN PLG$VIEW_USERS
- WITH U.PLG$USER_NAME EQ user->userName()->get()
-
- try
- {
- if (!U.PLG$UID.NULL)
- a1.printf("Uid=%d\n", U.PLG$UID);
-
- if (!U.PLG$GID.NULL)
- a2.printf("Gid=%d\n", U.PLG$GID);
-
- if (!U.PLG$GROUP_NAME.NULL)
- a3.printf("GroupName=%s\n", U.PLG$GROUP_NAME);
-
- attr = a1 + a2 + a3;
- user->attributes()->set(s, attr.c_str());
- check(s);
- user->attributes()->setEntered(s, attr.hasData() ? 1 : 0);
- check(s);
-
- user->userName()->set(s, U.PLG$USER_NAME);
- check(s);
- user->userName()->setEntered(s, U.PLG$USER_NAME.NULL ? 0 : 1);
- check(s);
- user->password()->set(s, "");
- check(s);
- user->password()->setEntered(s, 0);
- check(s);
- user->firstName()->set(s, U.PLG$FIRST_NAME);
- check(s);
- user->firstName()->setEntered(s, U.PLG$FIRST_NAME.NULL ? 0 : 1);
- check(s);
- user->middleName()->set(s, U.PLG$MIDDLE_NAME);
- check(s);
- user->middleName()->setEntered(s, U.PLG$MIDDLE_NAME.NULL ? 0 : 1);
- check(s);
- user->lastName()->set(s, U.PLG$LAST_NAME);
- check(s);
- user->lastName()->setEntered(s, U.PLG$LAST_NAME.NULL ? 0 : 1);
- check(s);
-
- user->admin()->set(s, 0);
- check(s);
- user->admin()->setEntered(s, 1);
- check(s);
-
- FOR (TRANSACTION_HANDLE transaction REQUEST_HANDLE request2)
- P IN RDB$USER_PRIVILEGES
- WITH P.RDB$USER EQ U.PLG$USER_NAME AND
- P.RDB$RELATION_NAME EQ 'RDB$ADMIN' AND
- P.RDB$PRIVILEGE EQ 'M'
- {
- user->admin()->set(s, 1);
- }
- END_FOR
- check(s);
-
- callback->list(s, user);
- check(s);
-
- found = true;
- }
- catch (const Firebird::Exception& ex)
- {
- ex.stuffException(s);
- s = &statusWrapper2;
- }
- END_FOR
- ON_ERROR
- ret = GsecMsg28; // gsec - find/display record error
- END_ERROR;
-
- // real error raise - out of gpre's FOR loop
- check(st);
- }
- break;
-
- default:
- ret = GsecMsg16; // gsec - error in switch specifications
- break;
- }
-
- if (request)
- {
- ISC_STATUS_ARRAY s;
- if (isc_release_request(s, &request) != FB_SUCCESS)
- {
- if (! ret)
- {
- ret = GsecMsg94; // error releasing request in security database
- }
- }
- }
-
- if (request2)
- {
- ISC_STATUS_ARRAY s;
- if (isc_release_request(s, &request2) != FB_SUCCESS)
- {
- if (! ret)
- {
- ret = GsecMsg94; // error releasing request in security database
- }
- }
- }
-
- fb_utils::setIStatus(st, isc_status);
- }
- catch (const Firebird::Exception& ex)
- {
- ex.stuffException(st);
- }
-
- return ret;
-}
-
-} // namespace Auth
-
-// register plugin
-static Firebird::SimpleFactory factory;
-
-extern "C" FB_DLL_EXPORT void FB_PLUGIN_ENTRY_POINT(Firebird::IMaster* master)
-{
- Firebird::CachedMasterInterface::set(master);
- Firebird::PluginManagerInterfacePtr()->registerPluginFactory(
- Firebird::IPluginManager::TYPE_AUTH_USER_MANAGEMENT, "Legacy_UserManager", &factory);
- Firebird::getUnloadDetector()->registerMe();
-}
diff --git a/src/auth/SecurityDatabase/LegacyManagement.h b/src/auth/SecurityDatabase/LegacyManagement.h
deleted file mode 100644
index 65136edb6ad..00000000000
--- a/src/auth/SecurityDatabase/LegacyManagement.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * PROGRAM: Firebird authentication
- * MODULE: LegacyManagement.h
- * DESCRIPTION: Performs legacy actions with security database
- *
- * The contents of this file are subject to the Initial
- * Developer's Public License Version 1.0 (the "License");
- * you may not use this file except in compliance with the
- * License. You may obtain a copy of the License at
- * http://www.ibphoenix.com/main.nfs?a=ibphoenix&page=ibp_idpl.
- *
- * Software distributed under the License is distributed AS IS,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied.
- * See the License for the specific language governing rights
- * and limitations under the License.
- *
- * The Original Code was created by Alex Peshkov
- * for the Firebird Open Source RDBMS project.
- *
- * Copyright (c) 2010 Alex Peshkov
- * and all contributors signed below.
- *
- * All Rights Reserved.
- * Contributor(s): ______________________________________.
- */
-
-#ifndef AUTH_LEGACY_MANAGEMENT_H
-#define AUTH_LEGACY_MANAGEMENT_H
-
-#include "../common/classes/ImplementHelper.h"
-#include "firebird/Interface.h"
-
-
-namespace Auth {
-
-class SecurityDatabaseManagement final :
- public Firebird::StdPlugin >
-{
-public:
- explicit SecurityDatabaseManagement(Firebird::IPluginConfig* par);
-
- // IManagement implementation
- void start(Firebird::CheckStatusWrapper* status, Firebird::ILogonInfo* logonInfo) override;
- int execute(Firebird::CheckStatusWrapper* status, Firebird::IUser* user, Firebird::IListUsers* callback) override;
- void commit(Firebird::CheckStatusWrapper* status) override;
- void rollback(Firebird::CheckStatusWrapper* status) override;
-
- int release() override;
-
-private:
- Firebird::RefPtr config;
- FB_API_HANDLE database, transaction;
-};
-
-} // namespace Auth
-
-#endif // AUTH_LEGACY_MANAGEMENT_H
diff --git a/src/auth/SecurityDatabase/LegacyServer.cpp b/src/auth/SecurityDatabase/LegacyServer.cpp
deleted file mode 100644
index 03715e96157..00000000000
--- a/src/auth/SecurityDatabase/LegacyServer.cpp
+++ /dev/null
@@ -1,423 +0,0 @@
-/*
- * PROGRAM: JRD Access Method
- * MODULE: LegacyServer.cpp
- * DESCRIPTION: User information database access
- *
- * The contents of this file are subject to the Interbase Public
- * License Version 1.0 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy
- * of the License at http://www.Inprise.com/IPL.html
- *
- * Software distributed under the License is distributed on an
- * "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express
- * or implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code was created by Inprise Corporation
- * and its predecessors. Portions created by Inprise Corporation are
- * Copyright (C) Inprise Corporation.
- *
- * All Rights Reserved.
- * Contributor(s): ______________________________________.
- *
- * 2003.02.02 Dmitry Yemanov: Implemented cached security database connection
- */
-
-#include "firebird.h"
-
-#include "ibase.h"
-#include "iberror.h"
-#include "firebird/Interface.h"
-
-#include "../auth/SecurityDatabase/LegacyServer.h"
-#include "../auth/SecurityDatabase/LegacyHash.h"
-#include "../auth/SecDbCache.h"
-#include "../remote/remot_proto.h"
-#include "../jrd/constants.h"
-#include "../common/enc_proto.h"
-#include "../common/status.h"
-#include "../common/classes/init.h"
-#include "../common/classes/ClumpletWriter.h"
-
-#include
-
-#define PLUG_MODULE 1
-
-using namespace Firebird;
-
-namespace {
-
-// BLR to search database for user name record
-
-const UCHAR PWD_REQUEST[] =
-{
- blr_version5,
- blr_begin,
- blr_message, 1, 4, 0,
- blr_long, 0,
- blr_long, 0,
- blr_short, 0,
- blr_text, BLR_WORD(Auth::MAX_LEGACY_PASSWORD_LENGTH + 2),
- blr_message, 0, 1, 0,
- blr_cstring, 129, 0,
- blr_receive, 0,
- blr_begin,
- blr_for,
- blr_rse, 1,
- blr_relation, 9, 'P', 'L', 'G', '$', 'U', 'S', 'E', 'R', 'S', 0,
- blr_first,
- blr_literal, blr_short, 0, 1, 0,
- blr_boolean,
- blr_eql,
- blr_field, 0, 13, 'P', 'L', 'G', '$', 'U', 'S', 'E', 'R', '_', 'N', 'A', 'M', 'E',
- blr_parameter, 0, 0, 0,
- blr_end,
- blr_send, 1,
- blr_begin,
- blr_assignment,
- blr_field, 0, 7, 'P', 'L', 'G', '$', 'G', 'I', 'D',
- blr_parameter, 1, 0, 0,
- blr_assignment,
- blr_field, 0, 7, 'P', 'L', 'G', '$', 'U', 'I', 'D',
- blr_parameter, 1, 1, 0,
- blr_assignment,
- blr_literal, blr_short, 0, 1, 0,
- blr_parameter, 1, 2, 0,
- blr_assignment,
- blr_field, 0, 10, 'P', 'L', 'G', '$', 'P', 'A', 'S', 'S', 'W', 'D',
- blr_parameter, 1, 3, 0,
- blr_end,
- blr_send, 1,
- blr_assignment,
- blr_literal, blr_short, 0, 0, 0,
- blr_parameter, 1, 2, 0,
- blr_end,
- blr_end,
- blr_eoc
-};
-
-// Returns data in the following format
-
-struct user_record
-{
- SLONG gid;
- SLONG uid;
- SSHORT flag;
- SCHAR password[Auth::MAX_LEGACY_PASSWORD_LENGTH + 2];
-};
-
-typedef char user_name[129];
-
-// Transaction parameter buffer
-
-const UCHAR TPB[4] =
-{
- isc_tpb_version1,
- isc_tpb_read,
- isc_tpb_concurrency,
- isc_tpb_wait
-};
-
-} // anonymous namespace
-
-namespace Auth {
-
-GlobalPtr instances;
-
-
-class SecurityDatabaseServer final :
- public StdPlugin >
-{
-public:
- explicit SecurityDatabaseServer(IPluginConfig* p)
- : iParameter(p)
- { }
-
- // IServer implementation
- int authenticate(CheckStatusWrapper* status, IServerBlock* sBlock,
- IWriter* writerInterface);
- void setDbCryptCallback(CheckStatusWrapper*, ICryptKeyCallback*) { } // ignore
-
-private:
- RefPtr iParameter;
-};
-
-
-class SecurityDatabase : public VSecDb
-{
-public:
- bool lookup(void* inMsg, void* outMsg) override;
-
- bool test() override
- {
- return fb_ping(status, &lookup_db) == FB_SUCCESS;
- }
-
- // This 2 are needed to satisfy temporarily different calling requirements
- static int shutdown(const int, const int, void*)
- {
- return instances->shutdown();
- }
- static void cleanup()
- {
- instances->shutdown();
- }
-
- SecurityDatabase(const char* secDbName)
- : lookup_db(0), lookup_req(0)
- {
- prepare(secDbName);
- }
-
-private:
- ISC_STATUS_ARRAY status;
-
- isc_db_handle lookup_db;
- isc_req_handle lookup_req;
-
- ~SecurityDatabase();
-
- void prepare(const char* secDbName);
- void checkStatus(const char* callName, ISC_STATUS userError = isc_psw_db_error);
-};
-
-/******************************************************************************
- *
- * Private interface
- */
-
-SecurityDatabase::~SecurityDatabase()
-{
- // One can get 'invalid object' errors here cause provider
- // may get unloaded before authentication plugin
-
- if (lookup_req)
- {
- isc_release_request(status, &lookup_req);
- if (status[1] != isc_bad_req_handle)
- checkStatus("isc_release_request", 0);
- }
-
- if (lookup_db)
- {
- isc_detach_database(status, &lookup_db);
- if (status[1] != isc_bad_db_handle)
- checkStatus("isc_detach_database", 0);
- }
-}
-
-
-void SecurityDatabase::prepare(const char* secureDbName)
-{
- if (lookup_db)
- {
- return;
- }
-
-#ifndef PLUG_MODULE
- fb_shutdown_callback(status, shutdown, fb_shut_preproviders, 0);
-#endif
-
- lookup_db = lookup_req = 0;
-
- // Perhaps build up a dpb
- ClumpletWriter dpb(ClumpletReader::dpbList, MAX_DPB_SIZE);
-
- // Attachment is for the security database
- dpb.insertByte(isc_dpb_sec_attach, TRUE);
-
- // Attach as SYSDBA
- dpb.insertString(isc_dpb_trusted_auth, DBA_USER_NAME, fb_strlen(DBA_USER_NAME));
-
- // Do not use loopback provider
- dpb.insertString(isc_dpb_config, ParsedList::getNonLoopbackProviders(secureDbName));
-
- isc_db_handle tempHandle = 0;
- isc_attach_database(status, 0, secureDbName, &tempHandle,
- dpb.getBufferLength(), reinterpret_cast(dpb.getBuffer()));
- checkStatus("isc_attach_database", isc_psw_attach);
- lookup_db = tempHandle;
-
- isc_compile_request(status, &lookup_db, &lookup_req, sizeof(PWD_REQUEST),
- reinterpret_cast(PWD_REQUEST));
- if (status[1])
- {
- ISC_STATUS_ARRAY localStatus;
- // ignore status returned in order to keep first error
- isc_detach_database(localStatus, &lookup_db);
- }
-
- checkStatus("isc_compile_request", isc_psw_attach);
-}
-
-void SecurityDatabase::checkStatus(const char* callName, ISC_STATUS userError)
-{
- if (status[1] == 0)
- return;
-
- // suppress throwing errors from destructor which passes userError == 0
- if (!userError)
- return;
-
- Arg::Gds secDbError(userError);
-
- string message;
- message.printf("Error in %s() API call when working with legacy security database", callName);
- secDbError << Arg::Gds(isc_random) << message;
-
- secDbError << Arg::StatusVector(status);
- secDbError.raise();
-}
-
-bool SecurityDatabase::lookup(void* inMsg, void* outMsg)
-{
- isc_tr_handle lookup_trans = 0;
-
- isc_start_transaction(status, &lookup_trans, 1, &lookup_db, sizeof(TPB), TPB);
- checkStatus("isc_start_transaction", isc_psw_start_trans);
-
- isc_start_and_send(status, &lookup_req, &lookup_trans, 0, sizeof(user_name), inMsg, 0);
- checkStatus("isc_start_and_send");
-
- bool found = false;
- while (true)
- {
- user_record* user = static_cast(outMsg);
- isc_receive(status, &lookup_req, 1, sizeof(user_record), user, 0);
- checkStatus("isc_receive");
-
- if (!user->flag || status[1])
- break;
-
- found = true;
- }
-
- isc_rollback_transaction(status, &lookup_trans);
- checkStatus("isc_rollback_transaction");
-
- return found;
-}
-
-
-/******************************************************************************
- *
- * Public interface
- */
-
-int SecurityDatabaseServer::authenticate(CheckStatusWrapper* status, IServerBlock* sBlock,
- IWriter* authBlock)
-{
- status->init();
-
- try
- {
- const char* user = sBlock->getLogin();
- if (!user)
- {
- HANDSHAKE_DEBUG(fprintf(stderr, "LegacyServer (nologin) %d\n", IAuth::AUTH_CONTINUE));
- return IAuth::AUTH_CONTINUE;
- }
- string login(user);
-
- unsigned length;
- const unsigned char* data = sBlock->getData(&length);
- if (!(data && length))
- {
- HANDSHAKE_DEBUG(fprintf(stderr, "LegacyServer (nopw) %d\n", IAuth::AUTH_MORE_DATA));
- return IAuth::AUTH_MORE_DATA;
- }
-
- bool found = false;
- char pw1[MAX_LEGACY_PASSWORD_LENGTH + 1];
- PathName secureDbName;
- { // instance scope
- // Get database block from cache
- CachedSecurityDatabase::Instance instance;
- instances->getInstance(iParameter, instance);
-
- secureDbName = instance->secureDbName;
- if (!instance->secDb)
- instance->secDb = FB_NEW SecurityDatabase(instance->secureDbName);
-
- user_name uname; // user name buffer
- login.copyTo(uname, sizeof uname);
- user_record user_block; // user record
- found = instance->secDb->lookup(uname, &user_block);
- fb_utils::copy_terminate(pw1, user_block.password, MAX_LEGACY_PASSWORD_LENGTH + 1);
- }
- if (!found)
- {
- HANDSHAKE_DEBUG(fprintf(stderr, "LegacyServer (badlogin) %d\n", IAuth::AUTH_CONTINUE));
- return IAuth::AUTH_CONTINUE;
- }
-
- string storedHash(pw1, MAX_LEGACY_PASSWORD_LENGTH);
- storedHash.rtrim();
- storedHash.recalculate_length();
-
- string passwordEnc;
- passwordEnc.assign(data, length);
-
- string newHash;
- LegacyHash::hash(newHash, login, passwordEnc, storedHash);
- if (newHash != storedHash)
- {
- bool legacyHash = Config::getLegacyHash();
- if (legacyHash)
- {
- newHash.resize(MAX_LEGACY_PASSWORD_LENGTH + 2);
- ENC_crypt(newHash.begin(), newHash.length(), passwordEnc.c_str(), LEGACY_PASSWORD_SALT);
- newHash.recalculate_length();
- newHash.erase(0, 2);
- legacyHash = newHash == storedHash;
- }
- if (!legacyHash)
- {
- HANDSHAKE_DEBUG(fprintf(stderr, "LegacyServer (badpw) %d\n", IAuth::AUTH_CONTINUE));
- return IAuth::AUTH_CONTINUE;
- }
- }
-
- FbLocalStatus s;
- authBlock->add(&s, login.c_str());
- check(&s);
- authBlock->setDb(&s, secureDbName.c_str());
- check(&s);
- HANDSHAKE_DEBUG(fprintf(stderr, "LegacyServer (OK) %d\n", IAuth::AUTH_SUCCESS));
- return IAuth::AUTH_SUCCESS;
- }
- catch (const Exception& ex)
- {
- ex.stuffException(status);
- HANDSHAKE_DEBUG(fprintf(stderr, "LegacyServer: exception status:\n"));
- HANDSHAKE_DEBUG(isc_print_status(status->getErrors()));
- HANDSHAKE_DEBUG(isc_print_status(status->getWarnings()));
- return IAuth::AUTH_FAILED;
- }
-}
-
-namespace {
- SimpleFactory factory;
-}
-
-void registerLegacyServer(IPluginManager* iPlugin)
-{
- iPlugin->registerPluginFactory(IPluginManager::TYPE_AUTH_SERVER,
- "Legacy_Auth", &factory);
-}
-
-} // namespace Auth
-
-
-#ifdef PLUG_MODULE
-
-extern "C" FB_DLL_EXPORT void FB_PLUGIN_ENTRY_POINT(IMaster* master)
-{
- CachedMasterInterface::set(master);
-
- getUnloadDetector()->setCleanup(Auth::SecurityDatabase::cleanup);
- Auth::registerLegacyServer(PluginManagerInterfacePtr());
- getUnloadDetector()->registerMe();
-}
-
-#endif // PLUG_MODULE
diff --git a/src/auth/SecurityDatabase/LegacyServer.h b/src/auth/SecurityDatabase/LegacyServer.h
deleted file mode 100644
index 43f7f306dee..00000000000
--- a/src/auth/SecurityDatabase/LegacyServer.h
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * PROGRAM: JRD Access Method
- * MODULE: LegacyServer.h
- * DESCRIPTION: User information database name
- *
- * The contents of this file are subject to the Interbase Public
- * License Version 1.0 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy
- * of the License at http://www.Inprise.com/IPL.html
- *
- * Software distributed under the License is distributed on an
- * "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express
- * or implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code was created by Inprise Corporation
- * and its predecessors. Portions created by Inprise Corporation are
- * Copyright (C) Inprise Corporation.
- *
- * All Rights Reserved.
- * Contributor(s): ______________________________________.
- *
- * 2002.10.29 Sean Leyne - Removed obsolete "Netware" port
- * 2003.02.02 Dmitry Yemanov: Implemented cached security database connection
- */
-
-#ifndef AUTH_LEGACY_SERVER_H
-#define AUTH_LEGACY_SERVER_H
-
-#include "firebird/Interface.h"
-
-namespace Auth {
-
-void registerLegacyServer(Firebird::IPluginManager* iPlugin);
-
-} // namespace Auth
-
-#endif // AUTH_LEGACY_SERVER_H
diff --git a/src/jrd/version.h b/src/jrd/version.h
index 094ffef206a..56461ea6ebb 100644
--- a/src/jrd/version.h
+++ b/src/jrd/version.h
@@ -90,12 +90,6 @@
#elif defined RC_TARGET_isql
#define VER_FILEDESC "Interactive Query tool"
-#elif defined RC_TARGET_legacy_auth
-#define VER_FILEDESC "Legacy Auth plugin"
-
-#elif defined RC_TARGET_legacy_usermanager
-#define VER_FILEDESC "Legacy User Manager plugin"
-
#elif defined RC_TARGET_nbackup
#define VER_FILEDESC "Physical Backup Management tool"
diff --git a/src/remote/server/os/posix/inet_server.cpp b/src/remote/server/os/posix/inet_server.cpp
index 1266f28763a..8d234cd70b7 100644
--- a/src/remote/server/os/posix/inet_server.cpp
+++ b/src/remote/server/os/posix/inet_server.cpp
@@ -92,7 +92,6 @@
#include "firebird/Interface.h"
#include "../common/classes/ImplementHelper.h"
-#include "../auth/SecurityDatabase/LegacyServer.h"
#include "../auth/trusted/AuthSspi.h"
#include "../auth/SecureRemotePassword/server/SrpServer.h"
diff --git a/src/remote/server/os/win32/srvr_w32.cpp b/src/remote/server/os/win32/srvr_w32.cpp
index 6650fcc000e..e7dcd658981 100644
--- a/src/remote/server/os/win32/srvr_w32.cpp
+++ b/src/remote/server/os/win32/srvr_w32.cpp
@@ -113,7 +113,6 @@
#include "../common/os/os_utils.h"
#include "../common/status.h"
#include "../auth/trusted/AuthSspi.h"
-#include "../auth/SecurityDatabase/LegacyServer.h"
#include "../auth/SecureRemotePassword/server/SrpServer.h"
@@ -269,7 +268,6 @@ int WINAPI WinMain(HINSTANCE hThisInst, HINSTANCE /*hPrevInst*/, LPSTR lpszArgs,
{ // scope for interface ptr
PluginManagerInterfacePtr pi;
- //Auth::registerLegacyServer(pi);
Auth::registerSrpServer(pi);
#ifdef TRUSTED_AUTH
Auth::registerTrustedServer(pi);