27aea1d1ad
git-svn-id: https://svn.code.sf.net/p/lazarus-ccr/svn@5438 8e941d3f-bd1b-0410-a28a-d453659cc2b4
217 lines
7.2 KiB
ObjectPascal
217 lines
7.2 KiB
ObjectPascal
{*********************************************************}
|
|
{* FlashFiler: Client Security Monitor/Extender *}
|
|
{*********************************************************}
|
|
|
|
(* ***** BEGIN LICENSE BLOCK *****
|
|
* Version: MPL 1.1
|
|
*
|
|
* The contents of this file are subject to the Mozilla Public License Version
|
|
* 1.1 (the "License"); you may not use this file except in compliance with
|
|
* the License. You may obtain a copy of the License at
|
|
* http://www.mozilla.org/MPL/
|
|
*
|
|
* Software distributed under the License is distributed on an "AS IS" basis,
|
|
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
|
* for the specific language governing rights and limitations under the
|
|
* License.
|
|
*
|
|
* The Original Code is TurboPower FlashFiler
|
|
*
|
|
* The Initial Developer of the Original Code is
|
|
* TurboPower Software
|
|
*
|
|
* Portions created by the Initial Developer are Copyright (C) 1996-2002
|
|
* the Initial Developer. All Rights Reserved.
|
|
*
|
|
* Contributor(s):
|
|
*
|
|
* ***** END LICENSE BLOCK ***** *)
|
|
|
|
{$I ffdefine.inc} //<-- soner added
|
|
|
|
unit ffsrsec;
|
|
|
|
interface
|
|
|
|
uses
|
|
SysUtils,
|
|
fflleng,
|
|
ffllbase,
|
|
ffsreng,
|
|
ffsrbase,
|
|
ffsrbde;
|
|
|
|
type
|
|
TffSecurityExtender = class(TffBaseEngineExtender)
|
|
public
|
|
constructor Create(aOwner : TffBaseEngineMonitor); override;
|
|
function Notify(aServerObject : TffObject;
|
|
aAction : TffEngineAction) : TffResult; override;
|
|
protected
|
|
end;
|
|
|
|
TffSecurityMonitor = class(TffBaseEngineMonitor)
|
|
public
|
|
function Interested(aServerObject : TffObject) : TffBaseEngineExtender; override;
|
|
protected
|
|
procedure bemSetServerEngine(anEngine : TffBaseServerEngine); override;
|
|
end;
|
|
|
|
implementation
|
|
|
|
uses
|
|
ffsrcvex;
|
|
|
|
{===TffSecurityMonitor===============================================}
|
|
function TffSecurityMonitor.Interested(aServerObject : TffObject) : TffBaseEngineExtender;
|
|
{Rewritten !!.11}
|
|
begin
|
|
{ This should always be a TffSrBaseCursor, TffSrClient or TffDatabase,
|
|
but we need to check to be sure. }
|
|
Result := nil;
|
|
if (aServerObject is TffSrBaseCursor) then begin
|
|
{ Do not create extenders for temporary files. Temporary files are
|
|
created by the SQL engine when it needs to build a result table. }
|
|
if not (fffaTemporary in
|
|
TffSrBaseCursor(aServerObject).Table.Files[0].fiAttributes) then
|
|
Result := TffSecurityExtender.Create(Self);
|
|
end
|
|
else if (aServerObject is TffSrDatabase) or
|
|
(aServerObject is TffSrClient) then
|
|
Result := TffSecurityExtender.Create(Self);
|
|
end;
|
|
{--------}
|
|
procedure TffSecurityMonitor.bemSetServerEngine(anEngine : TffBaseServerEngine);
|
|
begin
|
|
inherited bemSetServerEngine(anEngine);
|
|
AddInterest(TffSrClient);
|
|
AddInterest(TffSrDatabase);
|
|
AddInterest(TffSrBaseCursor);
|
|
end;
|
|
{====================================================================}
|
|
|
|
{===TffSecurityExtender==============================================}
|
|
constructor TffSecurityExtender.Create(aOwner: TffBaseEngineMonitor);
|
|
begin
|
|
inherited Create(aOwner);
|
|
FActions := [ffeaBeforeAddInx,
|
|
ffeaBeforeBLOBCreate,
|
|
ffeaBeforeBLOBDelete,
|
|
ffeaBeforeBLOBGetLength,
|
|
ffeaBeforeBLOBRead,
|
|
ffeaBeforeBLOBTruncate,
|
|
ffeaBeforeBLOBWrite,
|
|
ffeaBeforeChgAliasPath,
|
|
ffeaBeforeDBDelete,
|
|
ffeaBeforeDBInsert,
|
|
ffeaBeforeDBRead,
|
|
ffeaBeforeFileBLOBAdd,
|
|
ffeaBeforeRebuildInx,
|
|
ffeaBeforeRecDelete,
|
|
ffeaBeforeRecInsert,
|
|
ffeaBeforeRecRead,
|
|
ffeaBeforeRecUpdate,
|
|
ffeaBeforeTabDelete,
|
|
ffeaBeforeTabInsert,
|
|
ffeaBeforeTableLock,
|
|
ffeaBeforeTabPack,
|
|
ffeaBeforeTabRead,
|
|
ffeaBeforeTabRestruct,
|
|
ffeaBeforeTabUpdate];
|
|
end;
|
|
|
|
function TffSecurityExtender.Notify(aServerObject : TffObject;
|
|
aAction : TffEngineAction) : TffResult;
|
|
var
|
|
ReqRights : TffUserRights;
|
|
begin
|
|
try
|
|
Result := DBIERR_NONE;
|
|
ReqRights := [];
|
|
|
|
{don't check rights if this isn't a secure server}
|
|
if not TffServerEngine(FParent.ServerEngine).Configuration.GeneralInfo^.giIsSecure then
|
|
Exit;
|
|
{ Ignore if this is not the right kind of server object. }
|
|
if (not (aServerObject is TffSrBaseCursor)) and {!!.01}
|
|
(not (aServerObject is TffSrDatabase)) and {!!.01}
|
|
(not (aServerObject is TffSrClient)) then
|
|
Exit;
|
|
{find what rights are needed for aAction}
|
|
case aAction of
|
|
{grouped by unique subsets of TffUserRights}
|
|
{record actions include actions for BLOBs - for example,
|
|
reading a BLOB would require the client to have the same
|
|
privileges as reading a record}
|
|
|
|
{reading a record, BLOB, table, or database requires read privileges}
|
|
ffeaBeforeDBRead,
|
|
ffeaBeforeBLOBRead,
|
|
ffeaBeforeBLOBGetLength,
|
|
ffeaBeforeRecRead,
|
|
ffeaBeforeTabRead : ReqRights := [arRead];
|
|
|
|
{inserting a record, BLOB, table, or database requires insert privileges}
|
|
ffeaBeforeDBInsert,
|
|
ffeaBeforeBLOBCreate,
|
|
ffeaBeforeFileBLOBAdd,
|
|
ffeaBeforeRecInsert,
|
|
ffeaBeforeTabInsert : ReqRights := [arInsert];
|
|
|
|
{updating a table, writing to a BLOB, or truncating a BLOB requires
|
|
updates privileges}
|
|
ffeaBeforeBLOBWrite,
|
|
ffeaBeforeBLOBTruncate,
|
|
ffeaBeforeTabUpdate : ReqRights := [arUpdate];
|
|
|
|
{updating a record requires read and update privileges}
|
|
ffeaBeforeRecUpdate : ReqRights := [arRead, arUpdate];
|
|
|
|
{deleting a record, BLOB, table, or database requires delete privileges}
|
|
ffeaBeforeDBDelete,
|
|
ffeaBeforeBLOBDelete,
|
|
ffeaBeforeRecDelete,
|
|
ffeaBeforeTabDelete : ReqRights := [arDelete];
|
|
|
|
{restructuring a table requires the client to have delete,
|
|
insert, read, and update privileges}
|
|
ffeaBeforeTabRestruct : ReqRights := [arDelete, arInsert, arRead, arUpdate];
|
|
|
|
{packing a table requires delete and update privileges}
|
|
ffeaBeforeTabPack : ReqRights := [arDelete, arUpdate];
|
|
|
|
{adding or rebuilding an index requires insert, read, and
|
|
update privileges}
|
|
ffeaBeforeAddInx,
|
|
ffeaBeforeRebuildInx : ReqRights := [arInsert, arRead, arUpdate];
|
|
|
|
{locking a table or changing an alias requires read and
|
|
update privileges}
|
|
ffeaBeforeChgAliasPath,
|
|
ffeaBeforeTableLock : ReqRights := [arRead, arUpdate];
|
|
end; {case}
|
|
|
|
{ If no rights required then exit. }
|
|
if ReqRights = [] then
|
|
exit;
|
|
|
|
{ Now that we know what rights are required, lets see if the
|
|
client has sufficient rights. }
|
|
if aServerObject is TffSrClient then begin
|
|
if (TffSrClient(aServerObject).Rights * ReqRights) <> ReqRights then
|
|
Result := DBIERR_NOTSUFFTABLERIGHTS;
|
|
end
|
|
else
|
|
if ((TffSrClient(TffServerObject(aServerObject).Client).Rights) *
|
|
ReqRights) <> ReqRights then
|
|
Result := DBIERR_NOTSUFFTABLERIGHTS;
|
|
except
|
|
on E : Exception do begin
|
|
Result := ConvertServerException(E, nil);
|
|
end;
|
|
end;{try..except}
|
|
end;
|
|
{====================================================================}
|
|
|
|
end.
|