Fixed CORE-6489: User without ALTER ANY ROLE privilege can use COMMENT ON ROLE

AlexPeshkoff · AlexPeshkoff · commit 3f2e1ea84206 · 2021-03-12T17:38:52.000+03:00
diff --git a/src/jrd/ini.epp b/src/jrd/ini.epp
@@ -471,17 +471,23 @@ void INI_format(const char* owner, const char* charset)
 			charset->name;
 			++charset)
 		{
-			add_security_to_sys_obj(tdbb, reqAddSC, reqModObjSC, reqInsUserPriv, ownerName, obj_charset, charset->name, length, buffer);
+			add_security_to_sys_obj(tdbb, reqAddSC, reqModObjSC, reqInsUserPriv, ownerName, obj_charset,
+				charset->name, length, buffer);
 		}
 
 		reqModObjSC.reset();
 		for (const IntlManager::CollationDefinition* collation = IntlManager::defaultCollations;
 			collation->name;
 			++collation)
 		{
-			add_security_to_sys_obj(tdbb, reqAddSC, reqModObjSC, reqInsUserPriv, ownerName, obj_collation, collation->name, length, buffer);
+			add_security_to_sys_obj(tdbb, reqAddSC, reqModObjSC, reqInsUserPriv, ownerName, obj_collation,
+				collation->name, length, buffer);
 		}
 
+		reqModObjSC.reset();
+		add_security_to_sys_obj(tdbb, reqAddSC, reqModObjSC, reqInsUserPriv, ownerName, obj_sql_role,
+				ADMIN_ROLE, length, buffer);
+
 		// Must be last!
 		acl = aclPublicStart;
 		memcpy(acl, PKG_PUBLIC_EXECUTE_ACL, sizeof(PKG_PUBLIC_EXECUTE_ACL));
@@ -1205,6 +1211,18 @@ static void add_security_to_sys_obj(thread_db* tdbb,
 		}
 		END_FOR
 	}
+	else if (obj_type == obj_sql_role)
+	{
+		FOR(REQUEST_HANDLE reqModObjSC) R IN RDB$ROLES
+			WITH R.RDB$ROLE_NAME EQ obj_name.c_str()
+		{
+			MODIFY R USING
+				R.RDB$SECURITY_CLASS.NULL = FALSE;
+				PAD(security_class.c_str(), R.RDB$SECURITY_CLASS);
+			END_MODIFY
+		}
+		END_FOR
+	}
 	else if (obj_type == obj_package_header)
 	{
 		FOR(REQUEST_HANDLE reqModObjSC) PKG IN RDB$PACKAGES
