英文:
How to view the contents of a Firebird 2.5 database
问题
我想查看一个 .fdb 文件的内容,并希望将其转换为 Excel 格式,这个文件来自另一台计算机。我已安装了 Firebird 2.5,并安装了 FlameRobin。
在 FlameRobin 中,我执行了 Database > Register Existing Database,用户名为 SYSDBA,密码为 masterkey。
但是我遇到了一个错误:“Your login SYSDBA is same as one of the SQL role name. Ask your database Administrator to set up a valid Firebird login”。
我已经阅读了足够的资料,了解到这据说是一个技巧,因为 Firebird 2.5 没有用户。根据这个旧帖子,我据说必须使用 IBexpert 或 IBsurgeon FirstAid,但不清楚如何使用它们。我已经下载并安装了它们。我应该找到一个名为 RDB$ROLES 的表,但我找不到它。
有人能帮我找到更好的方法吗?
英文:
I would like to view the contents of a .fdb file and hopefully transfer them to an Excel format, this file is from another computer. I have installed Firebird 2.5 and I have installed FlameRobin
And inside FlameRobin I did Database > Register Existing Database, with username = SYSDBA and password = masterkey
But I get an error:
"Your login SYSDBA is same as one of the SQL role name. Ask your database Administrator to set up a valid Firebird login"
I have done enough reading to know that this is supposedly a trick as Firebird 2.5 don't have user. According to this old post. I supposedly have to use IBexpert or IBsurgeon FirstAid, but it is not clear on how to use them. I have downloaded and installed them. I'm supposed to find a table named RDB$ROLES, but I could not find them.
Anyone can help me with a better method?
答案1
得分: 2
这个数据库通过创建一个同名角色来“保护”,以防止SYSDBA用户访问它。
请注意,以下步骤基于没有采取任何措施阻止普通用户从RDB$ROLES
表中选择的假设。否则,您将需要使用其他方式找到正确的用户(例如,从应用程序代码中,跟踪连接),或者需要使用数据库修复工具来删除/覆盖角色,或者检查文件本身(这需要对内部结构有很多了解)。
要能够访问它,您需要创建一个新用户。
创建一个新用户
在Firebird 2.5中,基本上有两种方法可以创建新用户:
-
使用SYSDBA(或具有RDB$ADMIN角色的其他用户)连接到另一个数据库。例如,使用ISQL,连接到标准Firebird安装中包含的employee数据库(*):
启动ISQL(用实际密码替代masterkey):
isql -user sysdba -password masterkey localhost:employee
在ISQL内(用所需的值替代thenewuser和thepassword):
create user thenewuser password 'thepassword'; commit; exit;
-
使用GSEC创建用户(注意:在Firebird 3.0中,GSEC已被弃用):
启动GSEC(用实际密码替代masterkey):
gsec -user sysdba -password masterkey
在GSEC内(用所需的值替代thenewuser和thepassword):
add thenewuser -pw thepassword
这个用户将无法做太多事情,但应该能够检查数据库的元数据表。
找到需要删除角色的用户
您应该能够使用先前创建的用户登录到数据库(用实际路径或别名替代thedatabase):
isql -user thenewuser -password thepassword localhost:thedatabase
然后查询“拥有”角色SYSDBA的用户:
select RDB$OWNER_NAME from RDB$ROLES where RDB$ROLE_NAME = 'SYSDBA';
注意:如果RDB$OWNER_NAME不是有效的常规标识符(以A-Z开头,其余为A-Z、0-9或_或$),则需要识别具有RDB$ADMIN权限的用户:
select RDB$USER from RDB$USER_PRIVILEGES where RDB$RELATION_NAME = 'RDB$ADMIN' and RDB$OBJECT_TYPE = 13;
作为最后的手段,尝试识别数据库所有者:
select distinct RDB$OWNER_NAME as DATABASE_OWNER
from RDB$RELATIONS
where RDB$SYSTEM_FLAG = 1;
现在,根据角色的所有者名称或具有RDB$ADMIN权限的用户之一,使用“创建新用户”部分中描述的步骤创建一个新用户(在以下步骤中,我使用用户名BROKEN_LOCK)。
如果用户已经存在,请使用以下命令更改其密码:
alter user BROKEN_LOCK set password 'thepassword';
删除SYSDBA角色
使用拥有角色的用户(或管理员)的ISQL访问数据库,如在上一步中找到的:
isql -user broken_lock -password thepassword -role RDB$ADMIN localhost:thedatabase
选项-role RDB$ADMIN
只对具有RDB$ADMIN权限的用户需要,但对于没有该角色的用户会被忽略。
在ISQL内,删除角色:
drop role SYSDBA;
commit;
exit;
现在,您应该能够使用SYSDBA访问数据库。
(*): 如果您的系统上没有其他数据库,您需要首先创建一个(或使用GSEC路线)。
启动ISQL:
isql
在ISQL中(用有效路径替代C:\Databases\mydatabase.fdb,用实际密码替代masterkey):
create database 'C:\Databases\mydatabase.fdb' user 'sysdba' password 'masterkey';
然后使用数据库路径代替employee
来创建用户。
英文:
This database was "protected" from being accessed by the SYSDBA user by creating a role with the same name.
Be aware that the following steps do come under the assumption that nothing was done to prevent a normal user from selecting from the RDB$ROLES
table. Otherwise, you will need to use other means to find the right user (e.g. from the application code, tracing the connection), or need a database repair tool to remove/overwrite the role, or inspect the file itself (which does require a lot of knowledge about the internals).
To be able to access it, you will need to create a new user.
Creating a new user
In Firebird 2.5, there are basically two ways to create new users:
-
Connect to another database with SYSDBA (or another user with the RDB$ADMIN role). For example, using ISQL, connect to the employee database which is included in standard Firebird installations(*):
Start ISQL (substitute masterkey with the actual password):
isql -user sysdba -password masterkey localhost:employee
Inside ISQL (substitute thenewuser and thepassword with desired values):
create user thenewuser password 'thepassword'; commit; exit;
-
Use GSEC to create a user (note: GSEC has been deprecated in Firebird 3.0):
Start GSEC (substitute masterkey with the actual password):
gsec -user sysdba -password masterkey
Inside GSEC (substitute thenewuser and thepassword with desired values):
add thenewuser -pw thepassword
This user will not be able to do much, but it should be able to inspect the metadata tables of the database.
Find the user needed to drop the role
You should be able to login into to the database (substitute thedatabase with the actual path or alias of the database) with the user created previously:
isql -user thenewuser -password thepassword localhost:thedatabase
Then query who "owns" the role SYSDBA:
select RDB$OWNER_NAME from RDB$ROLES where RDB$ROLE_NAME = 'SYSDBA';
NOTE: If the RDB$OWNER_NAME is not a valid regular identifier (starts with A-Z, rest is A-Z,0-9 or _ or $), you will need to identify users with the RDB$ADMIN privilege:
select RDB$USER from RDB$USER_PRIVILEGES where RDB$RELATION_NAME = 'RDB$ADMIN' and RDB$OBJECT_TYPE = 13;
As a last resort, try to identify the database owner:
select distinct RDB$OWNER_NAME as DATABASE_OWNER
from RDB$RELATIONS
where RDB$SYSTEM_FLAG = 1;
Now, create a new user with the owner name of the role or one of the users with the RDB$ADMIN privilege using the steps described in "Creating a new user" (in the following steps, I use the username BROKEN_LOCK).
If the user already exists, change their password with:
alter user BROKEN_LOCK set password 'thepassword';
Drop the SYSDBA role
Access the database with ISQL and the user that owns the role (or is an admin) as found in the previous step:
isql -user broken_lock -password thepassword -role RDB$ADMIN localhost:thedatabase
The option -role RDB$ADMIN
is only needed for the users with the RDB$ADMIN privilege, but is silently ignored for users that don't have that role.
Inside ISQL, drop the role:
drop role SYSDBA;
commit;
exit;
You should now be able access the database with SYSDBA.
(*): If you don't have any other databases on your system, you will need to create one first (or use the GSEC route).
Start ISQL:
isql
And in ISQL (substitute C:\Databases\mydatabase.fdb with a valid path, and masterkey with the actual password):
create database 'C:\Databases\mydatabase.fdb' user 'sysdba' password 'masterkey';
Then use the database path instead of employee
to create the users.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论