.ad 8
.bm 8
.fm 4
.bt $Copyright (c) 2000-2004 SAP AG$$Page %$
.tm 12
.hm 6
.hs 3
.TT 1 $SQL$Project Distributed Database System$VAK21$
.tt 2 $$$
.TT 3 $ThomasA$AK_User_Password$2000-10-05$
***********************************************************
.nf
 
 
    ========== licence begin  GPL
    Copyright (c) 2000-2004 SAP AG
 
    This program is free software; you can redistribute it and/or
    modify it under the terms of the GNU General Public License
    as published by the Free Software Foundation; either version 2
    of the License, or (at your option) any later version.
 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
 
    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
    ========== licence end
 
.fo
.nf
.sp
MODULE  : AK_User_Password
=========
.sp
Purpose :
.CM *-END-* purpose -------------------------------------
.sp
.cp 3
Define  :
 
        PROCEDURE
              a21_call_semantic  (VAR acv : tak_all_command_glob);
 
        PROCEDURE
              a21init_glob (VAR a20v : tak_a21_glob);
 
        FUNCTION
              a21is_owner (VAR acv : tak_all_command_glob;
                    VAR userrec : tak_userrecord) : boolean;
 
        PROCEDURE
              a21create_user (VAR acv : tak_all_command_glob;
                    VAR a20v : tak_a21_glob);
 
.CM *-END-* define --------------------------------------
.sp;.cp 3
Use     :
 
&       ifdef TRACE
        FROM
              Test_Procedures : VTA01;
 
        PROCEDURE
              t01int4 (layer : tgg00_Debug;
                    nam : tsp00_Sname;
                    int : tsp00_Int4);
 
        PROCEDURE
              t01name (debug : tgg00_Debug;
                    nam : tsp00_Name);
 
        PROCEDURE
              t01surrogate (layer : tgg00_Debug;
                    nam       : tsp00_Sname;
                    VAR tabid : tgg00_Surrogate);
&       endif
 
      ------------------------------ 
 
        FROM
              Scanner : VAK01;
 
        VAR
              a01defaultkey       : tgg00_SysInfoKey;
              a01emptypriv        : tak_privilege;
              a01controluser      : tsp00_KnlIdentifier;
              a01_i_public        : tsp00_KnlIdentifier;
              a01_i_sysdd         : tsp00_KnlIdentifier;
              a01_i_sys           : tsp00_KnlIdentifier;
              a01_il_b_identifier : tsp00_KnlIdentifier;
 
        PROCEDURE
              a01setl_identifier (
                    VAR id         : tsp00_KnlIdentifier;
                    set_identifier : tsp00_KnlIdentifier);
 
      ------------------------------ 
 
        FROM
              AK_semantic_scanner_tools : VAK05;
 
        PROCEDURE
              a05_int4_unsigned_get (VAR acv : tak_all_command_glob;
                    pos     : integer;
                    l       : tsp00_Int2;
                    VAR int : tsp00_Int4);
 
        PROCEDURE
              a05identifier_get (VAR acv : tak_all_command_glob;
                    tree_index  : integer;
                    obj_len     : integer;
                    VAR moveobj : tsp00_KnlIdentifier);
 
        PROCEDURE
              a05password_get (VAR acv : tak_all_command_glob;
                    tree_index   : integer;
                    VAR password : tsp00_Pw);
 
        PROCEDURE
              a05string_literal_get (VAR acv : tak_all_command_glob;
                    tree_index  : integer;
                    datatyp     : tsp00_DataType;
                    VAR moveobj : tsp00_DbName;
                    obj_pos     : integer;
                    obj_len     : integer);
 
      ------------------------------ 
 
        FROM
              AK_universal_semantic_tools : VAK06;
 
        PROCEDURE
              a06a_mblock_init (VAR acv : tak_all_command_glob;
                    mtype       : tgg00_MessType;
                    m2type      : tgg00_MessType2;
                    VAR tree    : tgg00_FileId);
 
        PROCEDURE
              a06check_username (VAR acv : tak_all_command_glob;
                    VAR auth   : tsp00_KnlIdentifier;
                    VAR is_dba : boolean;
                    VAR ok     : boolean);
 
        PROCEDURE
              a06inc_linkage (VAR linkage : tsp00_C2);
 
        PROCEDURE
              a06det_user_id (VAR acv : tak_all_command_glob;
                    VAR authname : tsp00_KnlIdentifier;
                    VAR authid   : tgg00_Surrogate);
 
        PROCEDURE
              a06determine_username (VAR acv : tak_all_command_glob;
                    VAR userid    : tgg00_Surrogate;
                    VAR user_name : tsp00_KnlIdentifier);
 
        PROCEDURE
              a06rsend_mess_buf (VAR acv : tak_all_command_glob;
                    VAR mbuf    : tgg00_MessBlock;
                    result_req  : boolean;
                    VAR b_err   : tgg00_BasisError);
 
        PROCEDURE
              a06_systable_get (VAR acv : tak_all_command_glob;
                    dstate       : tak_directory_state;
                    VAR tableid  : tgg00_Surrogate;
                    VAR base_ptr : tak_sysbufferaddress;
                    get_all      : boolean;
                    VAR ok       : boolean);
 
        FUNCTION
              a06role_exist (VAR acv : tak_all_command_glob;
                    VAR role_name    : tsp00_KnlIdentifier;
                    dstate           : tak_directory_state;
                    VAR role_rec_ptr : tak_sysbufferaddress) : boolean;
 
        PROCEDURE
              a06unpack_priv (VAR packed_priv : tak_privilege;
                    VAR unpacked_priv : tak_privilege);
 
        PROCEDURE
              a06user_get_priv  (VAR acv : tak_all_command_glob;
                    VAR brec : tak_sysbufferaddress;
                    VAR user : tgg00_Surrogate;
                    VAR priv : tak_privilege);
 
      ------------------------------ 
 
        FROM
              AK_error_handling : VAK07;
 
        PROCEDURE
              a07ak_system_error (VAR acv : tak_all_command_glob;
                    modul_no : integer;
                    id       : integer);
 
        PROCEDURE
              a07_b_put_error (VAR acv : tak_all_command_glob;
                    b_err : tgg00_BasisError;
                    err_code : tsp00_Int4);
 
        PROCEDURE
              a07_const_b_put_error (
                    VAR acv    : tak_all_command_glob;
                    b_err      : tgg00_BasisError;
                    err_code   : tsp00_Int4;
                    param_addr : tsp00_MoveObjPtr;
                    const_len  : integer);
 
        PROCEDURE
              a07_kw_put_error (VAR acv : tak_all_command_glob;
                    b_err    : tgg00_BasisError;
                    err_code : tsp00_Int4;
                    kw       : integer);
 
        PROCEDURE
              a07_nb_put_error (VAR acv : tak_all_command_glob;
                    b_err    : tgg00_BasisError;
                    err_code : tsp00_Int4;
                    VAR n    : tsp00_KnlIdentifier);
 
      ------------------------------ 
 
        FROM
              AK_error_handling : VAK071;
 
        FUNCTION
              a07_return_code (
                    b_err   : tgg00_BasisError;
                    sqlmode : tsp00_SqlMode) : tsp00_Int2;
 
      ------------------------------ 
 
        FROM
              Systeminfo_cache   : VAK10;
 
        PROCEDURE
              a10_nil_get_sysinfo (VAR acv : tak_all_command_glob;
                    VAR syskey   : tgg00_SysInfoKey;
                    dstate       : tak_directory_state;
                    syslen       : tsp00_Int2;
                    VAR syspoint : tak_sysbufferaddress;
                    VAR b_err    : tgg00_BasisError);
 
        PROCEDURE
              a10_cache_delete  (VAR acv : tak_all_command_glob;
                    is_rollback : boolean);
 
        PROCEDURE
              a10get_sysinfo (VAR acv : tak_all_command_glob;
                    VAR syskey   : tgg00_SysInfoKey;
                    dstate       : tak_directory_state;
                    VAR syspoint : tak_sysbufferaddress;
                    VAR b_err    : tgg00_BasisError);
 
        PROCEDURE
              a10next_sysinfo (VAR acv : tak_all_command_glob;
                    VAR syskey   : tgg00_SysInfoKey;
                    stop_prefix  : integer;
                    dstate       : tak_directory_state;
                    reckind      : tsp00_C2;
                    VAR syspoint : tak_sysbufferaddress;
                    VAR b_err    : tgg00_BasisError);
 
        PROCEDURE
              a10add_sysinfo (VAR acv : tak_all_command_glob;
                    VAR syspoint : tak_sysbufferaddress;
                    VAR b_err    : tgg00_BasisError);
 
        PROCEDURE
              a10repl_sysinfo (VAR acv : tak_all_command_glob;
                    VAR syspoint : tak_sysbufferaddress;
                    VAR b_err    : tgg00_BasisError);
 
        PROCEDURE
              a10_add_repl_sysinfo (VAR acv : tak_all_command_glob;
                    VAR syspoint : tak_sysbufferaddress;
                    add_sysinfo  : boolean;
                    VAR b_err    : tgg00_BasisError);
 
        PROCEDURE
              a10_copy_catalog_rec (VAR acv : tak_all_command_glob;
                    VAR old_key     : tgg00_SysInfoKey;
                    del_old_rec     : boolean;
                    VAR new_key     : tgg00_SysInfoKey;
                    new_segment_id  : tsp00_C2;
                    add_new_rec     : boolean;
                    VAR b_err       : tgg00_BasisError);
 
        PROCEDURE
              a10del_sysinfo (VAR acv : tak_all_command_glob;
                    VAR syskey   : tgg00_SysInfoKey;
                    VAR b_err    : tgg00_BasisError);
 
        PROCEDURE
              a10_key_del  (VAR acv : tak_all_command_glob;
                    VAR syskey : tgg00_SysInfoKey);
 
        PROCEDURE
              a10_rel_sysinfo (VAR acv : tak_all_command_glob;
                    VAR syskey : tgg00_SysInfoKey);
 
        PROCEDURE
              a10_lock_sysinfo (VAR acv : tak_all_command_glob;
                    VAR syskey  : tgg00_SysInfoKey;
                    lockm       : tgg00_LockReqMode);
 
        PROCEDURE
              a10del_user_sysinfo  (VAR acv : tak_all_command_glob;
                    VAR auth    : tgg00_Surrogate;
                    VAR b_err   : tgg00_BasisError);
 
        PROCEDURE
              a10_fix_len_get_sysinfo (VAR acv : tak_all_command_glob;
                    VAR syskey   : tgg00_SysInfoKey;
                    dstate       : tak_directory_state;
                    required_len : integer;
                    plus         : integer;
                    VAR syspoint : tak_sysbufferaddress;
                    VAR b_err    : tgg00_BasisError);
 
        PROCEDURE
              a10rel_sysinfo (syspointer : tak_sysbufferaddress);
 
      ------------------------------ 
 
        FROM
              AK_Table   : VAK11;
 
        PROCEDURE
              a11put_date_time (VAR date : tsp00_Int4;
                    VAR time : tsp00_Int4);
 
        PROCEDURE
              a11drop_table  (VAR acv : tak_all_command_glob;
                    VAR tableid   : tgg00_Surrogate;
                    tablart       : tgg00_TableKind;
                    succ_filevers : boolean);
 
      ------------------------------ 
 
        FROM
              AK_Domain : VAK12;
 
        PROCEDURE
              a12drop_domain (VAR acv : tak_all_command_glob;
                    domain_ref : tak_sysbufferaddress);
 
        PROCEDURE
              a12reference (VAR acv : tak_all_command_glob;
                    VAR dbproc_surrogate : tgg00_Surrogate;
                    VAR owner            : tsp00_KnlIdentifier;
                    VAR dbproc_name      : tsp00_KnlIdentifier);
 
      ------------------------------ 
 
        FROM
              AK_usertab_tools : VAK19;
 
        PROCEDURE
              a19add_usertab  (VAR acv : tak_all_command_glob;
                    VAR user       : tgg00_Surrogate;
                    VAR surrogate  : tgg00_Surrogate;
                    surrogate_desc : tak_usertab_descriptor);
 
        PROCEDURE
              a19addroletab  (VAR acv : tak_all_command_glob;
                    VAR user       : tgg00_Surrogate;
                    VAR role_id    : tgg00_Surrogate);
 
        PROCEDURE
              a19adddefaultroletab  (VAR acv : tak_all_command_glob;
                    VAR user       : tgg00_Surrogate;
                    VAR role_id    : tgg00_Surrogate);
 
        PROCEDURE
              a19deldefault_roles  (VAR acv : tak_all_command_glob;
                    VAR user_id : tgg00_Surrogate);
 
        PROCEDURE
              a19delroletab  (VAR acv : tak_all_command_glob;
                    VAR user      : tgg00_Surrogate;
                    VAR role_id   : tgg00_Surrogate);
 
        FUNCTION
              a19user_knows_role (VAR acv : tak_all_command_glob;
                    VAR user_id : tgg00_Surrogate;
                    VAR role_id : tgg00_Surrogate) : boolean;
 
      ------------------------------ 
 
        FROM
              AK_Grant_Revoke : VAK22;
 
        PROCEDURE
              a22pack_priv (privbuf : tak_sysbufferaddress;
                    VAR new_priv    : tak_privilege;
                    VAR packed_priv : tak_privilege);
 
      ------------------------------ 
 
        FROM
              AK_Synonym : VAK23;
 
        PROCEDURE
              a23change_syn_owner (VAR acv : tak_all_command_glob;
                    VAR synid    : tgg00_Surrogate;
                    VAR owner_id : tgg00_Surrogate);
 
        PROCEDURE
              a23drop_sequence (VAR acv : tak_all_command_glob;
                    tableref     : tak_sysbufferaddress);
 
      ------------------------------ 
 
        FROM
              AK_Stored_Procedure_DDL : VAK261;
 
        PROCEDURE
              a261drop_procedure (VAR acv : tak_all_command_glob;
                    VAR procbuf  : tak_sysbufferaddress;
                    VAR owner_id : tgg00_Surrogate);
 
      ------------------------------ 
 
        FROM
              AK_Function : VAK264;
 
        PROCEDURE
              a264drop_function (VAR acv : tak_all_command_glob;
                    VAR func_name : tsp00_KnlIdentifier);
 
      ------------------------------ 
 
        FROM
              AK_VIEW_SCAN : VAK27;
 
        PROCEDURE
              a27init_viewscanpar (VAR acv : tak_all_command_glob;
                    VAR viewscanpar : tak_viewscan_par;
                    v_type          : tak_viewscantype);
 
        PROCEDURE
              a27rename_user (VAR acv : tak_all_command_glob;
                    VAR viewscanpar : tak_viewscan_par);
 
        PROCEDURE
              a27view_scan   (VAR acv : tak_all_command_glob;
                    VAR tableid     : tgg00_Surrogate;
                    VAR viewscanpar : tak_viewscan_par);
 
      ------------------------------ 
 
        FROM
              AK_data_dictionary : VAK38;
 
        PROCEDURE
              a38rename (VAR acv : tak_all_command_glob;
                    objtype      : integer;
                    VAR owner    : tsp00_KnlIdentifier;
                    VAR name1    : tsp00_KnlIdentifier;
                    VAR name2    : tsp00_KnlIdentifier;
                    VAR new_name : tsp00_KnlIdentifier);
 
        PROCEDURE
              a38user_drop (VAR acv : tak_all_command_glob;
                    VAR username : tsp00_KnlIdentifier;
                    VAR groupid  : tgg00_Surrogate;
                    usergroup    : boolean;
                    VAR ownerid  : tgg00_Surrogate;
                    uid          : tsp00_Int4);
 
      ------------------------------ 
 
        FROM
              AK_universal_show_tools : VAK40;
 
        PROCEDURE
              a40init_table_scan (VAR acv : tak_all_command_glob;
                    VAR a41v         : tak40_show_glob;
                    scan_temp        : boolean;
                    scan_private     : boolean;
                    scan_non_private : boolean;
                    scan_public      : boolean;
                    use_synonyms     : boolean;
                    all_base         : boolean);
 
        FUNCTION
              a40next_table (VAR acv : tak_all_command_glob;
                    VAR a41v : tak40_show_glob) : boolean;
 
      ------------------------------ 
 
        FROM
              AK_show_syntax : VAK41;
 
        PROCEDURE
              a41init_show_glob (VAR a41v : tak40_show_glob;
                    mess_code : tsp00_CodeType);
 
      ------------------------------ 
 
        FROM
              AK_Show_statistics : VAK42;
 
        PROCEDURE
              a42_get_pagecount (VAR acv : tak_all_command_glob;
                    base_ptr      : tak_sysbufferaddress;
                    VAR pagecount : tsp00_Int4);
 
      ------------------------------ 
 
        FROM
              AK_Connect : VAK51;
 
        PROCEDURE
              a51build_userkey (VAR user_name : tsp00_KnlIdentifier;
                    VAR userkey : tgg00_SysInfoKey);
 
      ------------------------------ 
 
        FROM
              AK_Lock_Commit_Rollback : VAK52;
 
        PROCEDURE
              a52internal_subtrans (VAR acv : tak_all_command_glob);
 
        PROCEDURE
              a52_ex_commit_rollback (VAR acv : tak_all_command_glob;
                    m_type         : tgg00_MessType;
                    n_rel          : boolean;
                    normal_release : boolean);
 
      ------------------------------ 
 
        FROM
              Configuration_Parameter : VGG01;
 
        VAR
              g01glob           : tgg00_KernelGlobals;
              g01serverdb_ident : tgg04_ServerdbIdent;
 
        PROCEDURE
              g01int4incr (VAR int : tsp00_C4);
 
      ------------------------------ 
 
        FROM
              Kernel-Version : VGG11;
 
        PROCEDURE
              g11kernel_version  (VAR vers : tsp00_Version);
 
      ------------------------------ 
 
        FROM
              GG_edit_routines : VGG17;
 
        PROCEDURE
              g17int4to_line (int : tsp00_Int4;
                    with_zero : boolean;
                    int_len   : integer;
                    ln_pos    : integer;
                    VAR ln    : tsp00_KnlIdentifier);
 
      ------------------------------ 
 
        FROM
              filesysteminterface_1 : VBD01;
 
        VAR
              b01niltree_id : tgg00_FileId;
 
        PROCEDURE
              b01empty_file (VAR t : tgg00_TransContext;
                    VAR current : tgg00_FileId);
 
      ------------------------------ 
 
        FROM
              Encrypting : VSP02;
 
        PROCEDURE
              s02encrypt (VAR clearname : tsp00_Name;
                    VAR crypt : tsp00_CryptPw);
 
      ------------------------------ 
 
        FROM
              Kernel_move_and_fill : VGG101;
 
        PROCEDURE
              SAPDB_PascalFill (
                    mod_id      : tsp00_C6;
                    mod_num     : tsp00_Int4;
                    obj_upb     : tsp00_Int4;
                    obj         : tsp00_MoveObjPtr;
                    obj_pos     : tsp00_Int4;
                    length      : tsp00_Int4;
                    fillchar    : char;
                    VAR e       : tgg00_BasisError);
 
        PROCEDURE
              SAPDB_PascalUnicodeFill (
                    mod_id      : tsp00_C6;
                    mod_num     : tsp00_Int4;
                    obj_upb     : tsp00_Int4;
                    obj         : tsp00_MoveObjPtr;
                    obj_pos     : tsp00_Int4;
                    length      : tsp00_Int4;
                    fillchar    : tsp00_C2;
                    VAR e       : tgg00_BasisError);
 
        PROCEDURE
              SAPDB_PascalForcedUnicodeFill (
                    obj_upb     : tsp00_Int4;
                    obj         : tsp00_MoveObjPtr;
                    obj_pos     : tsp00_Int4;
                    length      : tsp00_Int4;
                    fillchar    : tsp00_C2 );
 
        PROCEDURE
              SAPDB_PascalMove (
                    mod_id      : tsp00_C6;
                    mod_num     : tsp00_Int4;
                    source_upb  : tsp00_Int4;
                    dest_upb    : tsp00_Int4;
                    source      : tsp00_MoveObjPtr;
                    src_pos     : tsp00_Int4;
                    destin      : tsp00_MoveObjPtr;
                    dest_pos    : tsp00_Int4;
                    length      : tsp00_Int4;
                    VAR e       : tgg00_BasisError);
 
        PROCEDURE
              SAPDB_PascalOverlappingMove (
                    mod_id      : tsp00_C6;
                    mod_num     : tsp00_Int4;
                    source_upb  : tsp00_Int4;
                    dest_upb    : tsp00_Int4;
                    source      : tsp00_MoveObjPtr;
                    src_pos     : tsp00_Int4;
                    destin      : tsp00_MoveObjPtr;
                    dest_pos    : tsp00_Int4;
                    length      : tsp00_Int4;
                    VAR e       : tgg00_BasisError);
 
        PROCEDURE
              SAPDB_PascalForcedFill (
                    size        : tsp00_Int4;
                    m           : tsp00_MoveObjPtr;
                    pos         : tsp00_Int4;
                    len         : tsp00_Int4;
                    fillchar    : char);
 
        PROCEDURE
              SAPDB_PascalForcedMove (
                    source_upb  : tsp00_Int4;
                    destin_upb  : tsp00_Int4;
                    source      : tsp00_MoveObjPtr;
                    source_pos  : tsp00_Int4;
                    destin      : tsp00_MoveObjPtr;
                    destin_pos  : tsp00_Int4;
                    length      : tsp00_Int4);
 
        PROCEDURE
              SAPDB_PascalForcedOverlappingMove (
                    source_upb  : tsp00_Int4;
                    destin_upb  : tsp00_Int4;
                    source      : tsp00_MoveObjPtr;
                    source_pos  : tsp00_Int4;
                    destin      : tsp00_MoveObjPtr;
                    destin_pos  : tsp00_Int4;
                    length      : tsp00_Int4);
 
        PROCEDURE
              g10mv (
                    mod_id      : tsp00_C6;
                    mod_num     : tsp00_Int4;
                    source_upb  : tsp00_Int4;
                    dest_upb    : tsp00_Int4;
                    source      : tsp00_MoveObjPtr;
                    src_pos     : tsp00_Int4;
                    destin      : tsp00_MoveObjPtr;
                    dest_pos    : tsp00_Int4;
                    length      : tsp00_Int4;
                    VAR e       : tgg00_BasisError);
 
        PROCEDURE
              s10mv (
                    source_upb  : tsp00_Int4;
                    destin_upb  : tsp00_Int4;
                    source      : tsp00_MoveObjPtr;
                    source_pos  : tsp00_Int4;
                    destin      : tsp00_MoveObjPtr;
                    destin_pos  : tsp00_Int4;
                    length      : tsp00_Int4);
 
.CM *-END-* use -----------------------------------------
.sp;.cp 3
Synonym :
 
        PROCEDURE
              g17int4to_line;
 
              tsp00_Line tsp00_KnlIdentifier;
 
        PROCEDURE
              a05identifier_get;
 
              tsp00_MoveObj   tsp00_KnlIdentifier
 
        PROCEDURE
              a05string_literal_get;
 
              tsp00_MoveObj   tsp00_DbName
 
.CM *-END-* synonym -------------------------------------
.sp;.cp 3
Author  : ThomasA
.sp
.cp 3
Created : 1985-04-09
.sp
.cp 3
.sp
.cp 3
Release :      Date : 2000-10-05
.sp
***********************************************************
.sp
.cp 10
.fo;.pb '@'
.oc _/1
Specification:
.sp
PROCEDURE  A21_CALL_SEMANTIC (VAR acv : all_command_glob);
.sp;.fo
The procedur implements the commands
Create, Alter, Drop, Grant User(group) and Alter Password
by constructiong, updating or deleting the corresponding catalog
information. The catalog information involved is :
.br
i)@@@Create User(group)
.in +5
Construction of a tuserrecords, in case of a BDA's construction of
tprivrecords.
.in -5
ii)@@Alter User(group)
.in +5
Modifying of a tuserrecords, in some cases granting or revoking of
privileges, i.e. construction or dropping of a tprivrecord.
Dropping of all private tables, if a non-standard user becomes a
standard user.
.in -5
iii)@Drop User(group)
.in +5
dropping of the tuserrecords, in case of a drop usergroup command
dropping of the tuserrecords of all group members.
All private table of the user (group) have to be dropped.
.in -5
iv)@@Alter Password
.in +5
Modifying the tuserrecords.
.in -5
.br
The cache is deleted, to ensure that all catalog records, that are
read in the in the course of processing are locked implicitly.
The resulting catalog modifications are executed by one of the procedures
.br;.nf
     a21_alter_create_semantic,
     a21_alter_password_semantic,
     a21_drop_user oder
     a21_grant_user_semantic.
.fo
.br
If an error occurs in the course of processing, the cache is deleted and
all catalog records that have already been modified have to be rollbacked
(a06_partial_rollback).
.sp 4;.nf
PROCEDURE  A21_DBA_PRIVILEGES (VAR acv : all_command_glob;
            VAR a20v   : tak_a21_glob);
 
.sp;.fo
The insert, update, delete and select privilege for the tables
PUBLIC.SYSCOMMENTDBA, PUBLIC.SYSDEFUSAGEDBA and PUBLIC.SYSREFUSAGEDBA.
is granted to the user specified by a2authid. The corresponding
catalog record of type tprivrecord is created in the Cache and
inserted into systemfile1.
.sp 4;.nf
PROCEDURE  A21_OWNER_CHANGE (VAR acv : all_command_glob;
            VAR a20v       : tak_a21_glob;
            repl_tab_owner : boolean);
.sp;.fo
All users, whose owner is a2authid, receive a2likeauthid as new owner.
To implement this, all tuserrecords are analyzed in a loop.
If the procedure has been called in the course of dropping a DBA user
(repl_tab_owner = TRUE), PUBLIC is assigned as owner to all PUBLIC
tables, whose owner is a2authid.
The PUBLIC - tables which are owned by a2authid are determined by
analyzing the tusertabrecord(s) of a2authid. The modification of the
owner field in the tbaserecords of the tables are executed by the
procedure a21_public_owner_change.
.sp 4;.nf
PROCEDURE  AK21GROUP_MEMBERS (VAR acv : all_command_glob;
            VAR a20v       : tak_a21_glob);
.sp;.fo
All tuserrecords of group members of the usergroup a2authid are
dropped from the catalog.
.sp 4;.nf
PROCEDURE  A21_ALL_USERTABLE_DROP (VAR acv : all_command_glob;
            VAR a20v       : tak_a21_glob);
.sp;.fo
All private tables and STRING-files of the user a2authid
are dropped from the catalog. The next object to be deleted is determined
by a21_get_next_usertable. Depending of the type of the current object,
a11drop_table is called.
.sp 4;.nf
PROCEDURE  A21_ALTER_USER_SEMANTIC (VAR acv : all_command_glob;
            VAR a20v : tak_a21_glob);
.sp;.fo
This procedure executes the commands ALTER USER(GROUP) semanticly.
The following modifications are passible :
.br
i)@@@Altering the usertype (DBA, RESOURCE, STANDARD).
.br
ii)@@Altering the costlimit value.
.br
iii)@@@Altering the costwarning values.
.br
iv)@@Altering the connect mode (SINGLE, MULTIPLE).
.br
When calling the procedure, the username a2authid, the new usertype and
the new limit values are already transferred from the SQL-PACKET into
the corresponding varaible a20v. The following error can occur :
.sp
the current user is not the owner of the user a2authid.
.br
the user a2authid is a group member.
.br
the user shall become SUPERDBA.
.br
the user a2authid is connected.
.sp
The modifications of the user catalog information are executed by
calling the procedure ak21_user_rec_repl. Some privileges
on some system tables are granted to a2authid, if a2authid becomes a
DBA. If a DBA user becomes a resource or standard user, these
privileges are revoked. (==> a21_revoke_dba_privileges).
If a2authid becomes a standard user, all his private object are
dropped (==> a21_all_usertable_drop) and the SUPERDBA is assigned
as new owner to all PUBLIC tables, whose owner is a2authid
(==> a21_owner_change).
.sp 4;.nf
PROCEDURE  A21_PUBLIC_OWNER_CHANGE (VAR acv : all_command_glob;
            VAR a20v : tak_a21_glob;
            VAR tabln: name);
.sp;.fo
The SUPERDBA is assigned as new owner of the table PUBLIC.tabln.
In the catalog record of type tprivrecord of the previous owner
the owner privilege is revoked.
.sp 4
PROCEDURE  A21_GET_USER_RECORD (VAR acv : all_command_glob;
            VAR authid     : user_id;
            lock_mode      : lockmode;
            usergroup      : boolean;
            var siteset     : locnoset;
            dstate         : directory_state;
            VAR sysbuf     : tsysbufferaddress;
            errorpos       : integer);
.sp
The catalog record of type tuserrecord of the user authid is alloced
in the cache at address sysbuf. The status is d_fix, which means that
the record must not be shifted. The parameter usergroup specifies,
in den Cache gelesen. The parameter usergroup specifies whether a
description of a user (usergroup = FALSE) or one of a usergroup
is expected. Possible error messages :
.sp
unknown user if usergroup = false and (catalog record does not exist or
catalog record is the description of a usergroup).
.sp
unknown usergoup if usergroup = true and (catalog record does not exist
or catalog record is the description of a user).
.sp 4;.nf
PROCEDURE  A21_GRANT_USER (VAR acv : all_command_glob;
            VAR a20v : tak_a21_glob);
.sp;.fo
The procedure is called in the course of a grant user command to
execute the resulting catalog modifications.
The command
GRANT USER(GROUP) <user list> /FROM <from username>/ TO <to username>
effects, that all users, whose
owner is the user <from username> , get the user <to username>
as new owner (the owner privilege is revoked from <from username>).
If <from username> is not specified, the current user is used as
<from username>.
.br
First of all, the <from username> is read into a2authid, if he is
specified; otherwise the current user is assigned to a2authid.  The
catalog record of type tuserrecord of this user is allocated in the
cache (ak21_get_user_record). The <to username> is read into
a2likeauthid and the corresponding tuserrecord is allocated in cache.
If * has been specified in the userlist, i.e. if all user, which belong
to a2authid , obtain a2likeauthid as new owner, a2authid is substituded
by a2likeauthid in all corresponding tuserrecords (a21_owner_change).
.br
If the userlist specifies a list of usernames, for every of these user
the tuserrecord is allocated in cache and it is checked whether
a2authid is owner of this user. In this case a2likeauthid is
assigned as new owner (ak21_user_rec_repl).
.sp;.nf
PROCEDURE  A21_ALTER_PASSWORD_SEMANTIC (VAR acv : all_command_glob;
            VAR a20v : tak_a21_glob);
.sp;.fo
The procedure implements the command <Alter Password> by modifying
the password in the tuserrecord of the specified user (a2authid).
Two cases are possible :
.br
i)@@The current user alters his password himself.
.in +4
in this case the old password is specified in the SQL-PACKET.
This password is transferred to oldpassword.
.in -4
ii)@The SUPERDBA alters the password of a user.
.in +4
in this case the username and the new password are specified in the
SQL-PACKET.
.in -4
The tuserrecord of the roffenen user is allocated in cache.
If the current user alters his password, the old password specified
is compared with that stored in the catalog record of type tuserrecord.
An error ist returned, if the passwords are not equal.
.br
The new password is transferred in the variable newpassword and is stored
in an encrypted representation in the tuserrecord. The current date and
time are stored in the tuserrecord. At last the tuserrecord
is inserted into Systemfile2.
.sp 4;.nf
PROCEDURE  A21_LIKE_USER (VAR acv : all_command_glob;
            VAR a20v : tak_a21_glob);
.sp;.fo
The procedure inplements the command CREATE USER X LIKE Y an creates
the corresponding catalog information.
.br
The user a2authid is created with the same attributes like the user
a2likeauthid. This means that a2authid obtains the same user parameter
and the same privileges for all tables, which are visible for
a2likeauthid and which are not created by a2likeauthid.
.br
The name of the like user is transferred from the SQL-PACKET to
a2likeauthid and the tuserrecords of this user is allocated in the cache.
The paramter of this user are transferred in the the corresponding
fields of the variable a20v. After that a tuserrecord for a2authid is
created in the cache.
.br
Now the privileg catalog information for a2authid is created.
For every non-private table that is stored in the tusertabrecords
of a2likeauthid, a2authid obtains the same privileges like the
user a2likeauthid. The corresponding tprivilegerecord is build by
the procedure a21_create_priv_rec.
.sp 4;.nf
PROCEDURE  A21_ALTER_CREATE_USER_SEMANTIC (VAR acv : all_command_glob;
            VAR a20v : tak_a21_glob);
.sp;.fo
The procedure is called in the course of a create or alter user command
to transfer the user attributes specified in the SQL-PACKET into
the corresponding components of the variable a20v. Furthermore the
procedure does some nessecary semantic checks and causes the
corresponding catalog modification.
.br
The username and, if need be, the password are transferred from the
SQL-PACKET to a2authid and a2indexn. If no create user like
command is executed, two case have can occur :
.br
i)@@A member of a usergroup is created :
.in +4
The catalog record of type tuserrecord of the usergroup is allocated in
cache and the parameter of the group are transferred from this records
in the corresponding componentes of the varaible a20v.
.in -4;.hi +4
ii)@A create/alter user command is executed for a non-group member :
.hi -4;.in +4
The components of the variable a20v are initilized. In case of a create
user command the value 0 means that the corresponding value is not
specified. In case of an alter user command the value maxint4 means that
the corresponding value has not been altered. The attributes specified
in the SQL-PACKET are transferred in a20v by calling the procedure
a21_next_user_parameter in a20v.
.in -4
The construction or the modification of the catalog records respectively
are done by ak21_alter_user_semantic (ALTER USER) or
ak21_create_user (CREATE USER). In the latter case
a2like = TRUE indicates that a CREATE USER LIKE command has been
issued.
.sp;.nf
PROCEDURE  A21_NEXT_USER_PARAMETER (VAR acv : all_command_glob;
            VAR a20v : tak_a21_glob);
.sp;.fo
The procedure determines in the course of a create/user user command
the specified user atributes, checks whether they are valid and
tranfers them in the corresponding components of the variable a20v.
Zul?assigkeit und ?ubertr?agt die Informationen in die entsprechendnen
The current pointer of the syntax tree must describe the parameter that
has to be analyzed. The following cases are possible :
.br
i)@a costlimit value is specified.
.br
ii)@@a costwarning value is specified.
.br
iii)@@@a timeout value is specified.
.in +5
The value must be greater than 0 and must not be greater than
maxint2.
.in -5
vi)@@Exclusive or not exclusive is specified.
.in +5
The flag a2ex_modified is set to indicate that the exclusive attribute
has been altered.
.in -5;.sp 4;.nf
PROCEDURE  AK21_CREATE_USER (VAR acv : all_command_glob;
            VAR a20v : tak_a21_glob);
.sp;.fo
The procedure creates the catalog record of type tuserrecord
to describe a SQL-DB user. When calling the procedure, the user
user attributes are stored in the variable a20v :
.br;.nf
a2authid    = user name
a2userkind  = user kind (DBA, RESOURCE, STANDARD)
a2groupname = groupname of the user
a2params    = unused1/unused2/timemout/costlimit/
              costwarning values of the user..
a2exclusive = TRUE in case of a SINGLE conneced user.
.fo
When calling the procedure the tuserrecord that has to be created
is already allocated in cache at address a2sysbuf. The values of the
components of a20v are transferred in the corresponding components
of this tuserrecord. Some privileges on some system tables are
granted to the user if the user to be created is a DBA
(a21_dba_privileges).
If an error has occured in the course of the execution and
catalog modifications have already been done these modifications must
be rollbacked (a06_partial_rollback).
This rollback cannot be done at the end of a21_call_semantic because
ak21_create_user is also called by VAK81 where no rollback is
executed.
.sp 4;.nf
PROCEDURE  A21_REVOKE_DBA_PRIV  (VAR acv : all_command_glob;
            VAR a20v   : tak_a21_glob);
.sp;.fo
All privileges are revoked on the tables
PUBLIC.syscommentdba, PUBLIC.sysdefusagedba and PUBLIC.sysrefusagedba
from a2autid. The corresponding catalog records of type tprivilegerecord
are deleted.
.sp 4
PROCEDURE  A21_DROP_USER_SEMANTIC (VAR acv : all_command_glob;
            VAR a20v : tak_a21_glob);
.sp;.fo
The procedure implements the command drop user, i.e. the nessecary
catalog modifications are executed.
The name of the user to be dropped is transferred from the SQL-PACKET
in a2authid. The rest of the execution is done in the procedure
ak21drop_user.
.sp 4;.nf
PROCEDURE  AK21DROP_USER (VAR acv : all_command_glob;
            VAR a20v : tak_a21_glob);
.sp;.fo
The procedure takes care for the catalog modifications which must
be executed when a user is dropped.
.br
The name of the user is stored in a2authid. The dropping must not be
executed if the current user is not the SUPERDBA and not the owner
of a2authid or if a2authid is connected at the time of execution.
.br
A distinction must be made between the following  cases :
.br
i)@@@The user a2authid is a group member :
.in +5
The tuserrecord of a2authid is deleted from the catalog
.in -5
ii)@@a2authid is a usergroup :
.in +5
All group members are dropped implicitly, i.e. all tuserrecords of all
group members are dropped from the catalog.
(a21_drop_group_members). All private tables of the user group
are dropped (a21_all_usertable_drop).
All catalog records containing a2authid in their key are deleted,
(a10del_user_tab_sysinfo).
.in -5
ii)@@a2authid is a no group member :
.in +5
If the user is a DBA all PUBLIC tables which belong to a2authid
obtain the SUPERDBA as new owner (a21_owner_change).
All private tables of a2authid are dropped
 (a21_all_usertable_drop).
All catalog records containing a2authid in their key are deleted,
(a10del_user_tab_sysinfo).
.in -5
If errors have occured in the course of the execution and catalog
modifications have already by done, this modifications must be rollbacked
by calling a06_partial_rollback.
This rollback cannot be done at the end of a21_call_semantic because
ak21_create_user is also called by VAK81 where no rollback is
executed.
.sp 4;.nf
FUNCTION  A21_PERMCOUNT_GET (VAR acv : all_command_glob;
            VAR a20v   : tak_a21_glob;
            VAR site   : tgg_serberdb_no) int4;
.sp;.fo
The function returns the number of BD-pages occupied by private tables
of the user a2authid.
.br
The private tables of a2authid are determined with the aid
of the tusertabrecords. For every private table found
a42_get_pagecount is called to determine the number of pages of the
BD-file and the corresponding index BD-files.
.sp;.nf
PROCEDURE  A21_CREATE_PRIV_REC (VAR acv : all_command_glob;
            VAR a20v       : tak_a21_glob;
            VAR tab_authid : user_id;
            VAR tab_tablen : name);
.sp;.fo
Besides the owner privilege
the user a2authid obtains the same privileges for
the table tab_authid.tab_tablen like the user a2likeauthid.
.br
The tprivrecord of a2likeauthid concerning tab_authid.tab_tablen
is allocated in cache and a cache area for the
new tprivrecord of a2authid is required.
The privileges stored in the tprivrecords of a2likeauthid are copied
into the new tprivrecord of a2authid and the completed tprivrecord is
inserted into the catalog.
.sp 4;.nf
PROCEDURE  AK21_USER_REC_REPL  (VAR acv : all_command_glob;
            VAR a20v     : tak_a21_glob;
            VAR u_buf    : tsysbufferaddress;
            u_type       : usertyp);
.sp;.fo
The procedure is called in the course of an alter user(group)
command, if at least one user(group) attribute has been altered.
The new attributes are stored in the catalog record of type
tuserrecord allocated at address u_buf in the cache.
.br
The user attributes that have been altered (<> 0) are stored in the
tuserrecord. The exclusive attribute is modified only if the attribute
has been altered (a2ex_modified = TRUE).
The tuserecord is then inserted into systemfile2.
If the modification concerned a user group the modifications must be
made in all tuserrecords of all members of the group.
sp
.CM *-END-* specification -------------------------------
.sp 2
***********************************************************
.sp
.cp 10
.fo
.oc _/1
Description:
 
Role Dependencies
 
   Role --> Usertab Record of Owner (ok)
 
   Grant Role to Grantee (User or Role)
 
     Role --> Usertab Record of Grantee (ok)
 
   Grant <privilege> ON <table> To Role
 
     privilege record <table id> <role id> <grantee>
 
   Grant Execute on <db Proc> to Role
 
.CM *-END-* description ---------------------------------
.sp 2
***********************************************************
.sp
.cp 10
.nf
.oc _/1
Structure:
 
.CM *-END-* structure -----------------------------------
.sp 2
**********************************************************
.sp
.cp 10
.nf
.oc _/1
.CM -lll-
Code    :
 
 
CONST
      cak21min_timeout  = 30;
      drop              = true;
      connected         = false;
      c_is_rollback     = true;
 
TYPE
 
      tak21_id_map_name = RECORD
            CASE integer OF
                1 :
                    (n  : tsp00_Name);
                2 :
                    (pw : tsp00_Pw);
                3 :
                    (id : tsp00_KnlIdentifier);
                END;
            (*ENDCASE*) 
 
 
 
(*------------------------------*) 
 
PROCEDURE
      a21_call_semantic  (VAR acv : tak_all_command_glob);
 
VAR
      a20v : tak_a21_glob;
 
BEGIN
WITH acv, a20v  DO
    BEGIN
    a21init_glob (a20v);
    a10_cache_delete (acv, NOT c_is_rollback);
    a2ti := a_ap_tree^[0].n_lo_level;
    IF  a_ap_tree^[a2ti].n_subproc >= cak_x_user_group
    THEN
        a2usergroup := true
    ELSE
        a2usergroup := false;
    (*ENDIF*) 
    CASE (a_ap_tree^[ a_ap_tree^[ 0 ].n_lo_level ].n_subproc)
          MOD cak_x_user_group OF
        cak_x_create_user, cak_x_user_like, cak_x_alter_user,
        cak_x_create_role :
            ak21_alter_create_user_semantic (acv, a20v);
        cak_x_alter_password :
            ak21_alter_password_semantic (acv, a20v);
        cak_x_drop_user, cak_x_drop_role :
            ak21_drop_user_semantic (acv, a20v);
        cak_x_grant_user :
            ak21_grant_user (acv, a20v);
        cak_x_rename_user :
            ak21rename_user (acv, a20v);
        END;
    (*ENDCASE*) 
    IF  a_returncode <> 0
    THEN
        a_part_rollback := true
    (*ENDIF*) 
    END;
(*ENDWITH*) 
END;
 
(*------------------------------*) 
 
PROCEDURE
      a21init_glob (VAR a20v : tak_a21_glob);
 
VAR
      user_param  : tak_userparams;
      name_ptr    : ^tsp00_Name;
 
BEGIN
WITH a20v DO
    BEGIN
    a2user_name    := a01_il_b_identifier;
    a2like_name    := a01_il_b_identifier;
    a2groupname    := a01_il_b_identifier;
    name_ptr       := @a01_il_b_identifier;
    a2password     := name_ptr^;
    a2user_id      := cgg_zero_id;
    a2like_id      := cgg_zero_id;
    a2group_id     := cgg_zero_id;
    a2sysk         := a01defaultkey;
    (* PTS 1107952 E.Z. *)
    FOR user_param := up_unused1 TO cachelimit DO
        a2params[ user_param ] := csp_maxint4;
    (*ENDFOR*) 
    a2sysbuf       := NIL;
    a2errorpos     := 0;
    a2ti           := 1;
    a2userkind     := cak_i_standard;
    a2like         := false;
    a2modified     := false;
    a2exclusive    := false;
    a2ex_modified  := false;
    a2defc_modified:= false;
    a2usergroup    := false;
    a2cascade      := false;
    a2role         := false;
    a2defaultcode  := csp_instance_code;
    a2replication  := false;
    END;
(*ENDWITH*) 
END;
 
(*------------------------------*) 
 
PROCEDURE
      ak21_owner_change  (VAR acv : tak_all_command_glob;
            VAR a20v       : tak_a21_glob);
 
VAR
      b_err       : tgg00_BasisError;
      sysk        : tgg00_SysInfoKey;
      grant_user  : tsp00_KnlIdentifier;
 
BEGIN
WITH acv, a20v DO
    BEGIN
    IF  a_returncode = 0
    THEN
        BEGIN
        (* change userowner *)
&       ifdef trace
        t01surrogate (ak_sem, 'like user id', a2like_id);
&       endif
        sysk            := a01defaultkey;
        sysk.sauthid[1] := chr(255);
        sysk.sauthid[2] := chr(255);
        sysk.sentrytyp  := cak_euser;
        REPEAT
            a10next_sysinfo (acv, sysk, 0, d_release,
                  cak_euser, a2sysbuf,b_err);
            IF  b_err = e_ok
            THEN
                BEGIN
&               ifdef trace
                t01surrogate (ak_sem, 'curr ownerid',
                      a2sysbuf^.suser.userowner_id);
&               endif
                IF  (a2sysbuf^.suser.userowner_id = a2user_id)
                    AND
                    (a2sysbuf^.suser.userkind <> udba)
                    AND
                    (NOT a2usergroup OR
                    NOT (is_user_rec in a2sysbuf^.suser.urecordtyp))
                THEN
                    BEGIN
                    a06determine_username (acv, a2user_id, a2user_name);
                    a06determine_username (acv, a2like_id, a2like_name);
                    grant_user := a2sysbuf^.suser.username;
                    a2sysbuf^.suser.userowner_id := a2like_id;
                    IF  a2usergroup
                    THEN
                        ak21_user_rec_repl (acv, a20v,
                              a2sysbuf, a2sysbuf^.suser.userkind)
                    ELSE
                        a10repl_sysinfo (acv, a2sysbuf, b_err);
                    (*ENDIF*) 
                    END;
                (*ENDIF*) 
                END;
            (*ENDIF*) 
            a10_key_del (acv, sysk);
        UNTIL
            b_err <> e_ok;
        (*ENDREPEAT*) 
        IF  b_err <> e_no_next_record
        THEN
            a07_b_put_error (acv, b_err, 1);
        (*ENDIF*) 
        END;
    (*ENDIF*) 
    END;
(*ENDWITH*) 
END;
 
(*------------------------------*) 
 
PROCEDURE
      ak21group_members  (VAR acv : tak_all_command_glob;
            VAR a20v       : tak_a21_glob;
            drop_members   : boolean);
 
CONST
      c_max_user_in_buf = 1024;
 
VAR
      b_err      : tgg00_BasisError;
      connect_err: tgg00_BasisError;
      i          : integer;
      member_cnt : integer;
      userbuf    : tak_sysbufferaddress;
      userkey    : tgg00_SysInfoKey;
      delkey     : tgg00_SysInfoKey;
      member_arr : ARRAY[ 1..c_max_user_in_buf ] OF tgg00_Surrogate;
 
BEGIN
WITH acv, a20v DO
    BEGIN
    IF  a_returncode = 0
    THEN
        BEGIN
        userkey           := a01defaultkey;
        userkey.sentrytyp := cak_euser;
        delkey            := userkey;
        member_cnt        := 0;
        REPEAT
            a10next_sysinfo (acv, userkey, 0, d_release,
                  cak_euser, userbuf, b_err);
            IF  b_err = e_ok
            THEN
                IF  userbuf^.suser.usergroup_id = a2user_id
                THEN
                    BEGIN
                    IF  member_cnt = 0
                    THEN
                        BEGIN
                        a06a_mblock_init (acv,
                              m_down, mm_user, b01niltree_id);
                        a_mblock.mb_data_len  := 0
                        END;
                    (*ENDIF*) 
                    s10mv (sizeof(userkey.sauthid),
                          a_mblock.mb_data_size,
                          @userkey.sauthid,
                          SURROGATE_MXGG00 - USERID_MXGG04 + 1,
                          @a_mblock.mb_data^.mbp_buf,
                          a_mblock.mb_data_len  + 1,
                          sizeof(tgg00_UserId));
                    a_mblock.mb_data_len  :=
                          a_mblock.mb_data_len  +
                          sizeof(tgg00_UserId);
                    member_cnt := succ(member_cnt);
                    member_arr[ member_cnt ] := userkey.sauthid
                    END;
                (*ENDIF*) 
            (*ENDIF*) 
            IF  ((b_err      = e_no_next_record) OR
                ( member_cnt = c_max_user_in_buf))
                AND
                (member_cnt > 0)
            THEN
                BEGIN
                a06rsend_mess_buf (acv, acv.a_mblock,
                      NOT cak_return_req, connect_err);
                IF  connect_err <> e_ok
                THEN
                    b_err := connect_err
                ELSE
                    IF  drop_members
                    THEN
                        BEGIN
                        i     := 1;
                        b_err := e_ok;
                        WHILE (i <= member_cnt) AND (b_err = e_ok) DO
                            BEGIN
                            ak21drop_group_member (acv,
                                  member_arr[ i ], b_err);
                            i := succ(i)
                            END
                        (*ENDWHILE*) 
                        END;
                    (*ENDIF*) 
                (*ENDIF*) 
                member_cnt := 0;
                END
            (*ENDIF*) 
        UNTIL
            (b_err <> e_ok) OR (a_returncode <> 0);
        (*ENDREPEAT*) 
        IF  b_err <> e_no_next_record
        THEN
            a07_b_put_error (acv, b_err, 1);
        (*ENDIF*) 
        END;
    (*ENDIF*) 
    END;
(*ENDWITH*) 
END;
 
(*------------------------------*) 
 
PROCEDURE
      ak21drop_group_member (VAR acv : tak_all_command_glob;
            VAR surrogate : tgg00_Surrogate;
            VAR b_err     : tgg00_BasisError);
 
VAR
      userrecbuf : tak_sysbufferaddress;
      delkey     : tgg00_SysInfoKey;
 
BEGIN
delkey           := a01defaultkey;
delkey.sauthid   := surrogate;
delkey.sentrytyp := cak_euser;
a10get_sysinfo (acv, delkey, d_fix, userrecbuf, b_err);
IF  b_err = e_ok
THEN
    BEGIN
    a51build_userkey (userrecbuf^.suser.username, delkey);
    a10del_sysinfo (acv, delkey, b_err)
    END;
(*ENDIF*) 
IF  b_err = e_ok
THEN
    a10del_sysinfo (acv, userrecbuf^.syskey, b_err)
(*ENDIF*) 
END;
 
(*------------------------------*) 
 
PROCEDURE
      ak21_all_usertable_drop  (VAR acv : tak_all_command_glob;
            VAR a20v : tak_a21_glob;
            is_dba   : boolean);
 
VAR
      ok           : boolean;
      drop_table   : boolean;
      drop_sequence: boolean;
      b_err        : tgg00_BasisError;
      trefbuf      : tak_sysbufferaddress;
      tabid        : tgg00_Surrogate;
      sysk         : tgg00_SysInfoKey;
 
BEGIN
WITH acv, a20v DO
    IF  a_returncode = 0
    THEN
        BEGIN
        a06check_username (acv, a2user_name, is_dba, ok);
        a2sysk           := a01defaultkey;
        a2sysk.sauthid   := a2user_id;
        a2sysk.sentrytyp := cak_etableref;
        REPEAT
            (* drop all Tables, Views and Synonyms and *)
            (* sequences of user to be dropped         *)
            a10next_sysinfo (acv, a2sysk, SURROGATE_MXGG00+2, d_release,
                  cak_etableref, trefbuf, b_err);
            IF  b_err = e_ok
            THEN
                BEGIN
                drop_sequence := trefbuf^.stableref.rtablekind = tempty;
                drop_table    := NOT drop_sequence;
                IF  drop_table
                THEN
                    IF  a_is_ddl = ddl_alter_user
                    THEN
                        drop_table :=
                              trefbuf^.stableref.rtablekind in
                              [twithkey, twithoutkey]
                    ELSE (* a_is_ddl = ddl_drop_user *)
                        drop_table := true;
                    (*ENDIF*) 
                (*ENDIF*) 
                IF  drop_table
                THEN
                    BEGIN
                    IF  trefbuf^.stableref.rtablekind = tsynonym
                    THEN
                        tabid := trefbuf^.stableref.rsynid
                    ELSE
                        tabid := trefbuf^.stableref.rtableid;
                    (*ENDIF*) 
                    IF  NOT a2cascade
                    THEN
                        b_err := e_use_cascade
                    ELSE
                        a11drop_table (acv, tabid,
                              trefbuf^.stableref.rtablekind, true)
                    (*ENDIF*) 
                    END
                ELSE
                    IF  drop_sequence
                    THEN
                        IF  NOT a2cascade
                        THEN
                            b_err := e_use_cascade
                        ELSE
                            a23drop_sequence (acv, trefbuf);
                        (*ENDIF*) 
                    (*ENDIF*) 
                (*ENDIF*) 
                END;
            (*ENDIF*) 
        UNTIL
            b_err <> e_ok;
        (*ENDREPEAT*) 
        IF  (b_err = e_no_next_record) AND (a_is_ddl = ddl_drop_user)
        THEN
            BEGIN (* drop stored procedures of current user *)
            a2sysk           := a01defaultkey;
            a2sysk.sauthid   := a2user_id;
            (* PTS 1111576 E.Z. *)
            a2sysk.sentrytyp := cak_edomainusage; (* das nchstkleinere vom *)
            (* gelschten dblinkref *)
            REPEAT
                a10next_sysinfo (acv, a2sysk,
                      SURROGATE_MXGG00+2, d_release,
                      a2sysk.sentrytyp, trefbuf, b_err);
                IF  b_err = e_ok
                THEN
                    IF  NOT a2cascade
                    THEN
                        b_err := e_use_cascade
                    ELSE
                        BEGIN
                        CASE a2sysk.sentrytyp[2] OF
                            cak_cmethodref :
                                BEGIN
                                sysk           := a01defaultkey;
                                sysk.stableid  := trefbuf^.smethodref.mrf_method_id;
                                sysk.sentrytyp := cak_emethod;
                                a10get_sysinfo (acv, sysk, d_fix,
                                      trefbuf, b_err);
                                IF  b_err = e_ok
                                THEN
                                    a261drop_procedure (acv,
                                          trefbuf, a2user_id)
                                (*ENDIF*) 
                                END;
                            END;
                        (*ENDCASE*) 
                        END
                    (*ENDIF*) 
                ELSE
                    (* PTS 1111576 E.Z. *)
                    IF  (b_err = e_no_next_record) AND
                        (a2sysk.sentrytyp = cak_edomainusage)
                    THEN
                        BEGIN
                        b_err            := e_ok;
                        a2sysk           := a01defaultkey;
                        a2sysk.sauthid   := a2user_id;
                        a2sysk.sentrytyp := cak_emethodref;
                        END;
                    (*ENDIF*) 
                (*ENDIF*) 
            UNTIL
                b_err <> e_ok
            (*ENDREPEAT*) 
            END;
        (*ENDIF*) 
        IF  b_err = e_no_next_record
        THEN
            BEGIN (* drop domains of current user *)
            a2sysk           := a01defaultkey;
            a2sysk.sauthid   := a2user_id;
            a2sysk.sentrytyp := cak_edomainref;
            REPEAT
                a10next_sysinfo (acv,
                      a2sysk, SURROGATE_MXGG00 + 2, d_fix,
                      cak_edomainref, trefbuf, b_err);
                IF  b_err = e_ok
                THEN
                    IF  NOT a2cascade
                    THEN
                        b_err := e_use_cascade
                    ELSE
                        a12drop_domain (acv, trefbuf)
                    (*ENDIF*) 
                (*ENDIF*) 
            UNTIL
                (b_err <> e_ok) OR
                (a_returncode <> 0);
            (*ENDREPEAT*) 
            END;
        (*ENDIF*) 
        IF  b_err = e_no_next_record
        THEN
            BEGIN
            (* modify owner of public synonyms *)
            a2sysk           := a01defaultkey;
            a2sysk.sauthid   := cak_public_id;
            a2sysk.sentrytyp := cak_etableref;
            REPEAT
                a10next_sysinfo (acv,
                      a2sysk, SURROGATE_MXGG00 + 2, d_release,
                      cak_etableref, trefbuf, b_err);
                IF  b_err = e_ok
                THEN
                    IF  trefbuf^.stableref.rtablekind = tsynonym
                    THEN
                        a23change_syn_owner (acv,
                              trefbuf^.stableref.rsynid, a2user_id);
                    (*ENDIF*) 
                (*ENDIF*) 
            UNTIL
                (b_err <> e_ok) OR
                (a_returncode <> 0);
            (*ENDREPEAT*) 
            END;
        (*ENDIF*) 
        IF  (b_err = e_no_next_record) AND is_dba
        THEN
            BEGIN (* drop dbfunctions owned by dropped user user *)
            a2sysk.ssite     := cak_dbfunc_site;
            a2sysk.sentrytyp := cak_emethodinfo;
            a2sysk.skeylen   := sizeof (a2sysk.ssite);
            REPEAT
                a10next_sysinfo (acv,
                      a2sysk, sizeof (a2sysk.ssite), d_release,
                      cak_emethodinfo, trefbuf, b_err);
                IF  b_err = e_ok
                THEN
                    IF  trefbuf^.smethodinfo.mei_owner = a2user_id
                    THEN
                        IF  NOT a2cascade
                        THEN
                            b_err := e_use_cascade
                        ELSE
                            a264drop_function (acv, trefbuf^.smethodinfo.mei_name);
                        (*ENDIF*) 
                    (*ENDIF*) 
                (*ENDIF*) 
            UNTIL
                (b_err <> e_ok) OR
                (a_returncode <> 0);
            (*ENDREPEAT*) 
            END;
        (*ENDIF*) 
        IF  b_err <> e_no_next_record
        THEN
            a07_b_put_error (acv, b_err, 1)
        (*ENDIF*) 
        END;
    (*ENDIF*) 
(*ENDWITH*) 
END;
 
(*------------------------------*) 
 
PROCEDURE
      ak21_alter_user_semantic (VAR acv : tak_all_command_glob;
            VAR a20v : tak_a21_glob);
 
VAR
      make_standard_user : boolean;
      make_dba_user      : boolean;
      replace_owner      : boolean;
      is_dba             : boolean;
      kw_index           : integer;
      error              : tgg00_BasisError;
      userbuf            : tak_sysbufferaddress;
 
BEGIN
WITH acv, a20v DO
    BEGIN
&   ifdef trace
    t01int4 (ak_sem, 'a2ti        ', a2ti);
&   endif
    error              := e_ok;
    kw_index           := cak_i_no_keyword;
    make_standard_user := false;
    make_dba_user      := false;
    ak21_get_user_record (acv, a2user_name, a2user_id, lckRowExcl_egg00,
          a_ap_tree^[ a_ap_tree^[ 0 ].n_lo_level ].n_subproc >
          cak_x_user_group, d_fix, userbuf, a2errorpos);
    IF  a_returncode = 0
    THEN
        BEGIN
        IF  a21is_owner (acv, userbuf^.suser)
        THEN
            IF  NOT (is_group_rec in userbuf^.suser.urecordtyp)
            THEN
                error := e_group_user_not_allowed
            ELSE
                BEGIN
                IF  a_ap_tree^[ a_ap_tree^[ 0 ].n_lo_level ].n_subproc >
                    cak_x_user_group
                THEN
                    ak21group_members (acv, a20v, connected)
                ELSE
                    IF  userbuf^.suser.username <> a_curr_user_name
                    THEN
                        ak21user_connected (acv, a20v)
                    ELSE
                        IF  a2userkind <> 0
                        THEN
                            error := e_missing_privilege
                        (*ENDIF*) 
                    (*ENDIF*) 
                (*ENDIF*) 
                END
            (*ENDIF*) 
        ELSE
            BEGIN
            error    := e_missing_privilege;
            kw_index := cak_i_userid
            END;
        (*ENDIF*) 
        END;
    (*ENDIF*) 
    IF  (a_returncode = 0) AND (error = e_ok)
    THEN
        BEGIN
        is_dba := (userbuf^.suser.userkind = udba) OR
              (userbuf^.suser.userkind = usysdba);
        a11put_date_time (userbuf^.suser.ualterdate, userbuf^.suser.ualtertime);
        replace_owner      := false;
        IF  a_ap_tree^[a2ti].n_subproc = cak_i_role
        THEN
            BEGIN
            ak21default_role (acv, a20v, userbuf^.suser);
            a10repl_sysinfo (acv, userbuf, error)
            END
        ELSE
            IF  (a_ap_tree^[a2ti].n_subproc = cak_i_add) OR
                (a_ap_tree^[a2ti].n_subproc = cak_i_drop)
            THEN
                BEGIN
                ak21support_pwd (acv, a20v, userbuf^.suser);
                a10repl_sysinfo (acv, userbuf, error)
                END
            ELSE
                CASE userbuf^.suser.userkind OF
                    unoprivate :
                        CASE a2userkind OF
                            0, cak_i_standard :
                                BEGIN
                                (* PTS 1107952 E.Z. *)
                                IF  a2modified
                                THEN
                                    ak21_user_rec_repl (acv,a20v,
                                          userbuf, unoprivate);
                                (*ENDIF*) 
                                END;
                            cak_i_resource :
                                ak21_user_rec_repl (acv, a20v,
                                      userbuf, uprivate);
                            cak_i_dba :
                                make_dba_user := true;
                            END;
                        (*ENDCASE*) 
                    uprivate :
                        CASE a2userkind OF
                            cak_i_standard :
                                make_standard_user := true;
                            0, cak_i_resource :
                                IF  a2modified
                                THEN
                                    ak21_user_rec_repl (acv, a20v,
                                          userbuf, uprivate);
                                (*ENDIF*) 
                            cak_i_dba :
                                make_dba_user := true;
                            END;
                        (*ENDCASE*) 
                    udba   :
                        CASE a2userkind OF
                            cak_i_standard :
                                BEGIN
                                make_standard_user := true;
                                replace_owner      := true
                                END;
                            cak_i_resource :
                                BEGIN
                                ak21_user_rec_repl (acv, a20v,
                                      userbuf, uprivate);
                                a2like_id := a_curr_user_id;
                                ak21_owner_change (acv, a20v)
                                END;
                            0, cak_i_dba :
                                IF  a2modified
                                THEN
                                    ak21_user_rec_repl (acv, a20v,
                                          userbuf, udba);
                                (*ENDIF*) 
                            END;
                        (*ENDCASE*) 
                    END;
                (*ENDCASE*) 
            (*ENDIF*) 
        (*ENDIF*) 
        END;
    (*ENDIF*) 
    IF  make_dba_user
    THEN
        BEGIN
        IF  (a_current_user_kind <> usysdba)
            OR
            NOT (is_user_rec in userbuf^.suser.urecordtyp)
        THEN
            BEGIN
            error    := e_missing_privilege;
            kw_index := cak_i_sysdba
            END
        ELSE
            BEGIN
            userbuf^.suser.userowner_id := a_curr_user_id;
            ak21_user_rec_repl (acv, a20v, userbuf, udba);
            END;
        (*ENDIF*) 
        END;
    (*ENDIF*) 
    IF  make_standard_user
    THEN
        (* PTS 1107952 E.Z. *)
        BEGIN
        ak21_user_rec_repl (acv, a20v, userbuf, unoprivate);
        IF  replace_owner
        THEN
            BEGIN
            a2like_id := a_curr_user_id;
            ak21_owner_change (acv, a20v)
            END;
        (*ENDIF*) 
        a2cascade := true;
        ak21_all_usertable_drop (acv, a20v, is_dba);
        END;
    (*ENDIF*) 
    IF  error <> e_ok
    THEN
        a07_kw_put_error (acv, error, a2errorpos, kw_index);
    (*ENDIF*) 
    END;
(*ENDWITH*) 
END;
 
(*------------------------------*) 
 
PROCEDURE
      ak21support_pwd (VAR acv : tak_all_command_glob;
            VAR a20v    : tak_a21_glob;
            VAR userrec : tak_userrecord);
 
VAR
      pwd_node    : tsp00_Int2;
      password    : tak21_id_map_name;
      cryptpassw  : tsp00_CryptPw;
 
BEGIN
WITH acv, a20v, userrec DO
    BEGIN
    pwd_node := a_ap_tree^[ a2ti ].n_lo_level;
    a05password_get (acv, pwd_node, password.pw);
    IF  a_returncode = 0
    THEN
        BEGIN
        s02encrypt (password.n, cryptpassw);
        IF  cryptpassw = userpassw
        THEN
            a07_b_put_error (acv, e_wrong_password,
                  a_ap_tree^[ pwd_node ].n_pos)
        ELSE
            IF  a_ap_tree^[a2ti].n_subproc = cak_i_add
            THEN
                BEGIN
                usupportpasspw := cryptpassw;
                a11put_date_time (upwcreatedate, upwcreatetime);
                END
            ELSE
                IF  usupportpasspw <> cryptpassw
                THEN
                    a07_b_put_error (acv, e_unknown_user_password_pair, 1)
                ELSE
                    BEGIN
                    usupportpasspw := bsp_c24;
                    a11put_date_time (upwcreatedate, upwcreatetime);
                    END
                (*ENDIF*) 
            (*ENDIF*) 
        (*ENDIF*) 
        END
    (*ENDIF*) 
    END;
(*ENDWITH*) 
END;
 
(*------------------------------*) 
 
PROCEDURE
      ak21default_role (VAR acv : tak_all_command_glob;
            VAR a20v    : tak_a21_glob;
            VAR userrec : tak_userrecord);
 
VAR
      action   : integer;
      role_ptr : tak_sysbufferaddress;
      role     : tsp00_KnlIdentifier;
 
BEGIN
WITH acv.a_ap_tree^[a20v.a2ti] DO
    BEGIN
    action    := n_length;
    a20v.a2ti := n_lo_level
    END;
(*ENDWITH*) 
&ifdef trace
t01int4 (ak_sem, 'action      ', action);
t01int4 (ak_sem, 'a2ti        ', a20v.a2ti);
&endif
IF  (userrec.userrolecnt > 0) AND (userrec.userroleinfo <> role_none)
THEN
    a19deldefault_roles (acv, a20v.a2user_id);
(*ENDIF*) 
IF  action = cak_i_none
THEN
    BEGIN (* no default roles *)
    userrec.userroleinfo := role_none
    END
ELSE
    BEGIN
    userrec.userrolecnt := 0;
    IF  action = cak_i_except
    THEN
        userrec.userroleinfo := role_except
    ELSE
        userrec.userroleinfo := role_all;
    (*ENDIF*) 
    WHILE (a20v.a2ti <> 0) DO
        IF  userrec.userrolecnt = csp_maxint1
        THEN
            a07_b_put_error (acv, e_too_many_columns, 1)
        ELSE
            BEGIN
            a05identifier_get (acv, a20v.a2ti, sizeof (role), role);
            IF  a06role_exist (acv, role, d_release, role_ptr)
            THEN
                IF  a19user_knows_role (acv, a20v.a2user_id,
                    role_ptr^.syskey.sauthid)
                THEN
                    BEGIN
                    a19adddefaultroletab (acv,
                          a20v.a2user_id, role_ptr^.syskey.sauthid);
                    IF  acv.a_returncode =
                        a07_return_code (e_ak_system_error, acv.a_sqlmode)
                    THEN
                        acv.a_returncode := 0
                    ELSE
                        userrec.userrolecnt := userrec.userrolecnt + 1
                    (*ENDIF*) 
                    END
                ELSE
                    BEGIN
                    a07_b_put_error (acv, e_missing_privilege, 1)
                    END
                (*ENDIF*) 
            ELSE
                a07_nb_put_error (acv, e_unknown_name,
                      acv.a_ap_tree^[a20v.a2ti].n_pos, role);
            (*ENDIF*) 
            a20v.a2ti := acv.a_ap_tree^[a20v.a2ti].n_sa_level
            END;
        (*ENDIF*) 
    (*ENDWHILE*) 
    END;
(*ENDIF*) 
END;
 
(*------------------------------*) 
 
PROCEDURE
      ak21_get_user_record (VAR acv : tak_all_command_glob;
            VAR user_name  : tsp00_KnlIdentifier;
            VAR userid     : tgg00_Surrogate;
            lock_mode      : tgg00_LockReqMode;
            usergroup      : boolean;
            dstate         : tak_directory_state;
            VAR sysbuf     : tak_sysbufferaddress;
            errorpos       : integer);
 
VAR
      b_err  : tgg00_BasisError;
      error  : tgg00_BasisError;
      syskey : tgg00_SysInfoKey;
 
BEGIN
WITH acv DO
    IF  a_returncode = 0
    THEN
        BEGIN
        error := e_ok;
        a51build_userkey (user_name, syskey);
        a10get_sysinfo (acv, syskey, dstate, sysbuf, b_err);
        IF  b_err = e_ok
        THEN
            WITH sysbuf^.suserref DO
                BEGIN
                userid := ru_user_id;
                syskey := a01defaultkey;
                WITH syskey DO
                    BEGIN
                    stableid  := userid;
                    sentrytyp := cak_euser;
                    END;
                (*ENDWITH*) 
                IF  a_is_ddl <> no_ddl
                THEN
                    BEGIN
                    a10_key_del (acv, syskey);
                    a10_lock_sysinfo (acv, syskey, lock_mode)
                    END;
                (*ENDIF*) 
                a10get_sysinfo (acv, syskey, dstate, sysbuf, b_err)
                END;
            (*ENDWITH*) 
        (*ENDIF*) 
        IF  b_err = e_ok
        THEN
            WITH sysbuf^.suser DO
                BEGIN
                IF  ((a_is_ddl = ddl_drop_role) AND
                    NOT (is_role_rec in urecordtyp))
                    OR
                    ((usergroup) AND (urecordtyp <> [ is_group_rec ]))
                    OR
                    (NOT (usergroup) AND
                    (urecordtyp = [ is_group_rec ]))
                THEN
                    error := e_unknown_user;
                (*ENDIF*) 
                END
            (*ENDWITH*) 
        ELSE
            IF  b_err = e_sysinfo_not_found
            THEN
                error := e_unknown_user
            ELSE
                IF  b_err <> e_ok
                THEN
                    a07_b_put_error (acv, b_err, 1);
                (*ENDIF*) 
            (*ENDIF*) 
        (*ENDIF*) 
        IF  (error <> e_ok) AND (a_is_ddl <> no_ddl)
        THEN
            BEGIN
            IF  a_is_ddl = ddl_drop_role
            THEN
                error := e_unknown_name
            ELSE
                IF  usergroup
                THEN
                    error := e_unknown_groupname;
                (*ENDIF*) 
            (*ENDIF*) 
            a07_b_put_error (acv, error, errorpos);
            END;
        (*ENDIF*) 
        END;
    (*ENDIF*) 
(*ENDWITH*) 
END;
 
(*------------------------------*) 
 
PROCEDURE
      ak21_grant_user (VAR acv : tak_all_command_glob;
            VAR a20v : tak_a21_glob);
 
VAR
      i             : tak_userparams;
      errpos        : integer;
      kw_index      : integer;
      error         : tgg00_BasisError;
      user_buf      : tak_sysbufferaddress;
      grant_user    : tsp00_KnlIdentifier;
      grant_user_id : tgg00_Surrogate;
 
BEGIN
WITH acv, a20v DO
    BEGIN
    error     := e_ok;
    kw_index  := cak_i_no_keyword;
    errpos    := 1;
    a2ti      := a_ap_tree^[ a_ap_tree^[ 0 ].n_lo_level ].n_lo_level;
    WITH a_ap_tree^[ a2ti ] DO
        IF  n_symb = s_authid
        THEN(* get grantor *)
            BEGIN
            a05identifier_get (acv, a2ti,
                  sizeof (a2user_name), a2user_name);
            errpos := n_pos;
            END
        ELSE
            a2user_name := a_curr_user_name;
        (*ENDIF*) 
    (*ENDWITH*) 
    a2ti := a_ap_tree^[ a2ti ].n_lo_level;
    IF  a2user_name <> a_curr_user_name
    THEN
        BEGIN
        ak21_get_user_record (acv, a2user_name,
              a2user_id, lckRowShare_egg00, false,
              d_release, a2sysbuf, errpos);
        IF  a_returncode = 0
        THEN
            IF  NOT a21is_owner (acv, a2sysbuf^.suser) OR
                (a_current_user_kind <> usysdba)
            THEN
                BEGIN
                error    := e_missing_privilege;
                kw_index := cak_i_userid
                END
            (*ENDIF*) 
        (*ENDIF*) 
        END
    ELSE
        IF  (a_current_user_kind <> udba) AND
            (a_current_user_kind <> usysdba)
        THEN
            BEGIN
            error    := e_missing_privilege;
            kw_index := cak_i_dba
            END
        ELSE
            a2user_id := a_curr_user_id;
        (*ENDIF*) 
    (*ENDIF*) 
    IF  (a_returncode = 0) AND (error = e_ok)
    THEN
        BEGIN
        (* get grantee *)
        a05identifier_get (acv, a2ti,
              sizeof (a2like_name), a2like_name);
        errpos := a_ap_tree^[ a2ti ].n_pos;
        ak21_get_user_record (acv, a2like_name,
              a2like_id, lckRowShare_egg00, false,
              d_release, a2sysbuf, errpos);
        IF  a_returncode = 0
        THEN
            IF  (a2like_name = a2user_name) OR
                (a2sysbuf^.suser.userkind <> udba)
            THEN
                error := e_user_not_allowed;
            (*ENDIF*) 
        (*ENDIF*) 
        END;
    (*ENDIF*) 
    IF  (a_returncode = 0) AND (error = e_ok)
    THEN
        BEGIN
        a2ti := a_ap_tree^[ a_ap_tree^[ 0 ].n_lo_level ].n_sa_level;
        IF  a2ti = 0
        THEN (* grant user * ... *)
            ak21_owner_change  (acv, a20v)
        ELSE
            BEGIN (* grant user <user name list> .... *)
            REPEAT
                WITH a_ap_tree^[ a2ti ] DO
                    BEGIN
                    a05identifier_get (acv, a2ti,
                          sizeof (grant_user), grant_user);
                    errpos := n_pos;
                    a2ti   := n_sa_level
                    END;
                (*ENDWITH*) 
                IF  grant_user <> a2user_name
                THEN
                    BEGIN
                    ak21_get_user_record (acv, grant_user,
                          grant_user_id, lckRowExcl_egg00,
                          a_ap_tree^[ a_ap_tree^[ 0 ].n_lo_level ].n_subproc >
                          cak_x_user_group, d_fix, user_buf, errpos);
                    END
                ELSE
                    error := e_user_not_allowed;
                (*ENDIF*) 
                IF  (error = e_ok) AND (a_returncode = 0)
                THEN
                    WITH user_buf^.suser DO
                        BEGIN
                        IF  (userowner_id <> a2user_id) OR
                            (userkind = udba)
                        THEN
                            error := e_missing_privilege
                        ELSE
                            IF  NOT(is_group_rec in urecordtyp)
                            THEN
                                error := e_group_user_not_allowed;
                            (*ENDIF*) 
                        (*ENDIF*) 
                        IF  error = e_ok
                        THEN
                            BEGIN
                            userowner_id := a2like_id;
                            (* PTS 1107952 E.Z. *)
                            FOR i := up_unused1 TO cachelimit DO
                                a2params[ i ] := cak_is_undefined;
                            (*ENDFOR*) 
                            a2ex_modified  := false;
                            a2defc_modified:= false;
                            ak21_user_rec_repl (acv, a20v,
                                  user_buf, userkind)
                            END;
                        (*ENDIF*) 
                        END;
                    (*ENDWITH*) 
                (*ENDIF*) 
            UNTIL
                (a2ti = 0) OR (a_returncode <> 0) OR (error<> e_ok);
            (*ENDREPEAT*) 
            END;
        (*ENDIF*) 
        END;
    (*ENDIF*) 
    IF  error <> e_ok
    THEN
        a07_kw_put_error (acv, error, errpos, kw_index);
    (*ENDIF*) 
    END;
(*ENDWITH*) 
END;
 
(*------------------------------*) 
 
PROCEDURE
      ak21_alter_password_semantic (VAR acv : tak_all_command_glob;
            VAR a20v : tak_a21_glob);
 
VAR
      b_err       : tgg00_BasisError;
      errorpos    : integer;
      newpw_pos   : tsp00_Int4;
      oldpassword : tak21_id_map_name;
      newpassword : tak21_id_map_name;
      cryptpassw  : tsp00_CryptPw;
 
BEGIN
WITH acv, a20v DO
    BEGIN
    a2usergroup    := false;
    a2user_name    := a01_il_b_identifier;
    oldpassword.id := a01_il_b_identifier;
    a2ti           := 1;
    IF  a_ap_tree^[ a2ti ].n_lo_level <> 0
    THEN
        BEGIN
        newpw_pos := 2;
        a2ti      := a_ap_tree^[ a_ap_tree^[ 0 ].n_lo_level ].n_lo_level;
        WITH a_ap_tree^[ a2ti ] DO
            IF  n_symb = s_authid
            THEN
                BEGIN
                a05identifier_get (acv, a2ti,
                      sizeof (a2user_name), a2user_name);
                errorpos := n_pos
                END
            ELSE
                BEGIN
                a2user_name := a_acc_user;
                a05password_get (acv, a2ti, oldpassword.pw)
                END;
            (*ENDIF*) 
        (*ENDWITH*) 
        END
    ELSE (* get oldpassword from part2 *)
        BEGIN
        a2user_name := a_acc_user;
        a05password_get (acv, 0, oldpassword.pw)
        END;
    (*ENDIF*) 
    IF  a_returncode = 0
    THEN
        ak21_get_user_record (acv, a2user_name, a2user_id, lckRowExcl_egg00,
              false, d_fix, a2sysbuf, errorpos);
    (*ENDIF*) 
    IF  a_returncode = 0
    THEN
        BEGIN
        IF  oldpassword.id = a01_il_b_identifier
        THEN
            BEGIN (* alter password without old password *)
            IF  NOT (a21is_owner (acv, a2sysbuf^.suser) AND
                (a_current_user_kind in [usysdba, ucontroluser])) (* PTS 1112485 *)
                AND
                ((a_current_user_kind <> usuperdba) OR
                ( a2user_name         <> g01glob.sysuser_name))
            THEN
                a07_kw_put_error (acv, e_missing_privilege,
                      errorpos, cak_i_userid)
            (*ENDIF*) 
            END
        ELSE
            WITH a2sysbuf^.suser DO
                BEGIN
                s02encrypt (oldpassword.n, cryptpassw);
                IF  cryptpassw <> userpassw
                THEN
                    a07_b_put_error (acv, e_unknown_password,
                          a_ap_tree^[ a2ti ].n_pos)
                (*ENDIF*) 
                END;
            (*ENDWITH*) 
        (*ENDIF*) 
        IF  a_returncode = 0
        THEN
            BEGIN
            a2ti := a_ap_tree^[a2ti].n_sa_level;
            newpassword.id := a01_il_b_identifier;
            a05password_get (acv, a2ti, newpassword.pw);
            s02encrypt (newpassword.n, cryptpassw);
            WITH a2sysbuf^.suser DO
                BEGIN
                userpassw := cryptpassw;
                a11put_date_time (upwcreatedate, upwcreatetime);
                a10repl_sysinfo (acv, a2sysbuf, b_err);
                IF  b_err <> e_ok
                THEN
                    a07_b_put_error (acv, b_err, 1);
                (*ENDIF*) 
                END;
            (*ENDWITH*) 
            END;
        (*ENDIF*) 
        END;
    (*ENDIF*) 
    END;
(*ENDWITH*) 
END;
 
(*------------------------------*) 
 
PROCEDURE
      ak21_like_user (VAR acv : tak_all_command_glob;
            VAR a20v : tak_a21_glob);
 
VAR
      b_err    : tgg00_BasisError;
      count    : integer;
      sysbuf   : tak_sysbufferaddress;
      syskey   : tgg00_SysInfoKey;
 
BEGIN
WITH acv, a20v DO
    BEGIN
    WITH a_ap_tree^[ a2ti ] DO
        BEGIN
        a05identifier_get (acv,
              a2ti, sizeof (a2like_name), a2like_name);
        IF  (a2user_name = a2like_name)
        THEN
            a07_b_put_error (acv, e_user_not_allowed, n_pos)
        ELSE
            ak21_get_user_record (acv, a2like_name, a2like_id,
                  lckRowShare_egg00, a_ap_tree^[a_ap_tree^[ 0 ].n_lo_level].n_subproc >
                  cak_x_user_group, d_release, sysbuf, n_pos);
        (*ENDIF*) 
        END;
    (*ENDWITH*) 
    IF  a_returncode = 0
    THEN
        BEGIN
        IF  NOT a21is_owner (acv, sysbuf^.suser)
        THEN
            a07_kw_put_error (acv, e_missing_privilege, 1, cak_i_userid)
        ELSE
            WITH sysbuf^.suser DO
                BEGIN
                CASE userkind OF
                    unoprivate :
                        a2userkind := cak_i_standard;
                    uprivate :
                        a2userkind := cak_i_resource;
                    udba :
                        a2userkind := cak_i_dba;
                    END;
                (*ENDCASE*) 
                a2group_id    := usergroup_id;
                a2params      := uparams;
                a2exclusive   := uexclusive;
                (* PTS 1117216 E.Z. *)
                a2defaultcode := userchardefcode;
                ak21_create_user (acv, a20v);
                END;
            (*ENDWITH*) 
        (*ENDIF*) 
        END;
    (*ENDIF*) 
    IF  (a_returncode = 0) AND
        (is_group_rec in sysbuf^.suser.urecordtyp)
    THEN
        BEGIN
        a06det_user_id (acv, a2like_name, a2like_id);
        syskey           := a01defaultkey;
        syskey.sauthid   := a2like_id;
        syskey.sentrytyp := cak_eusertab;
        syskey.slinkage  := cak_zero_linkage;
        REPEAT
            a06inc_linkage (syskey.slinkage);
            a10get_sysinfo (acv, syskey, d_fix, sysbuf, b_err);
            IF  b_err = e_ok
            THEN
                WITH sysbuf^.susertab DO
                    BEGIN
                    FOR count := 1 TO usertabcount DO
                        WITH usertabdef[ count ] DO
                            BEGIN
                            (* PTS 1111576 E.Z. *)
                            IF  (NOT ut_empty) AND
                                (ut_kind in [ ut_table, ut_base_table, ut_view,
                                ut_oracle_systable, ut_internal_systable ])
                            THEN
                                ak21_create_priv_rec (acv, a20v,
                                      ut_surrogate, ut_kind)
                            (*ENDIF*) 
                            END;
                        (*ENDWITH*) 
                    (*ENDFOR*) 
                    IF  NOT (usertabnext_exist)
                    THEN
                        b_err := e_sysinfo_not_found
                    (*ENDIF*) 
                    END;
                (*ENDWITH*) 
            (*ENDIF*) 
            a10_rel_sysinfo (acv, syskey);
            IF  (b_err = e_sysinfo_not_found) AND
                (syskey.slinkage[ 1 ] < chr (128))
            THEN
                BEGIN
                b_err                 := e_ok;
                syskey.slinkage       := cak_zero_linkage;
                syskey.slinkage [ 1 ] := chr (128)
                END;
            (*ENDIF*) 
        UNTIL
            b_err <> e_ok;
        (*ENDREPEAT*) 
        IF  b_err <> e_sysinfo_not_found
        THEN
            a07_b_put_error (acv, b_err, 1);
        (*ENDIF*) 
        END;
    (*ENDIF*) 
    END;
(*ENDWITH*) 
END;
 
(*------------------------------*) 
 
PROCEDURE
      ak21_alter_create_user_semantic (VAR acv : tak_all_command_glob;
            VAR a20v : tak_a21_glob);
 
VAR
      tlo            : integer;
      user_param     : tak_userparams;
      init_value     : tsp00_Int4;
      group_buf      : tak_sysbufferaddress;
 
BEGIN
WITH acv, a20v DO
    BEGIN
    a2ti         := 2;
    a2password   := bsp_name;
    a2group_id   := cgg_zero_id;
    a2role       :=
          a_ap_tree^[a_ap_tree^[ 0 ].n_lo_level].n_subproc = cak_x_create_role;
    (* PTS 1117216 E.Z. *)
    a2defaultcode := csp_instance_code;
    WITH a_ap_tree^[ a2ti ] DO
        BEGIN (* user name *)
        a05identifier_get (acv,
              a2ti, sizeof (a2user_name), a2user_name);
        a2errorpos := n_pos;
        tlo        := n_lo_level;
        a2ti       := n_sa_level
        END;
    (*ENDWITH*) 
    IF  (tlo <> 0) OR
        (a_ap_tree^[ a_ap_tree^[ 0 ].n_lo_level ].n_subproc = cak_x_create_user)
    THEN
        a05password_get (acv, tlo, a2password);
    (*ENDIF*) 
    IF  (tlo <> 0) AND NOT a2role
    THEN
        a2ti := a_ap_tree^[tlo].n_sa_level;
    (*ENDIF*) 
    IF  a_ap_tree^[a_ap_tree^[ 0 ].n_lo_level].n_subproc MOD
        cak_x_user_group <> cak_x_user_like
    THEN
        BEGIN
        a2like := false;
        IF  a_ap_tree^[ a2ti ].n_subproc = cak_i_usergroup
        THEN (* Group Member *)
            BEGIN
            WITH a_ap_tree^[ a_ap_tree^[ a2ti ].n_lo_level ] DO
                BEGIN
                a05identifier_get (acv,
                      a_ap_tree^[a2ti].n_lo_level,
                      sizeof (a2groupname), a2groupname);
                ak21_get_user_record (acv, a2groupname, a2group_id,
                      lckRowShare_egg00, true,
                      d_release, group_buf, n_pos);
                END;
            (*ENDWITH*) 
            IF  a_returncode = 0
            THEN
                WITH group_buf^.suser DO
                    BEGIN
                    IF  NOT a21is_owner (acv, group_buf^.suser)
                    THEN
                        a07_kw_put_error (acv,
                              e_missing_privilege, 1, cak_i_userid)
                    ELSE
                        BEGIN
                        CASE userkind OF
                            uprivate :
                                a2userkind := cak_i_resource;
                            OTHERWISE
                                a2userkind := cak_i_standard;
                            END;
                        (*ENDCASE*) 
                        a2params    := uparams;
                        a2exclusive := uexclusive;
                        END;
                    (*ENDIF*) 
                    END;
                (*ENDWITH*) 
            (*ENDIF*) 
            END
        ELSE
            BEGIN
            IF  (a_ap_tree^[ a_ap_tree^[ 0 ].n_lo_level ].n_subproc
                MOD cak_x_user_group) in
                [cak_x_create_user, cak_x_create_role]
            THEN
                init_value := csp_maxint4
            ELSE
                init_value := cak_is_undefined;
            (*ENDIF*) 
            (* PTS 1107952 E.Z. *)
            FOR user_param := up_unused1 TO cachelimit DO
                a2params[ user_param ] := init_value;
            (*ENDFOR*) 
            a2exclusive   := true;
            IF  a2role
            THEN
                a2userkind := cak_i_standard
            ELSE
                IF  (a_ap_tree^[ a2ti ].n_subproc = cak_i_add) OR
                    (a_ap_tree^[ a2ti ].n_subproc = cak_i_drop)
                THEN
                    a2userkind := 0
                ELSE
                    a2userkind := a_ap_tree^[ a2ti ]. n_subproc;
                (*ENDIF*) 
            (*ENDIF*) 
            a2modified     := false;
            a2ex_modified  := false;
            a2defc_modified:= false;
            WHILE (a_ap_tree^[ a2ti ].n_sa_level <> 0) AND
                  (a_returncode = 0) DO
                BEGIN
                a2modified  := true;
                a2ti        := a_ap_tree^[ a2ti ].n_sa_level;
                IF  (a_ap_tree^[ a2ti ].n_subproc <> cak_i_add) AND
                    (a_ap_tree^[ a2ti ].n_subproc <> cak_i_drop)
                THEN
                    ak21_next_user_parameter (acv, a20v)
                ELSE
                    a2userkind := 0
                (*ENDIF*) 
                END
            (*ENDWHILE*) 
            END;
        (*ENDIF*) 
        END
    ELSE
        a2like := true;
    (*ENDIF*) 
    IF  a_ap_tree^[a_ap_tree^[ 0 ].n_lo_level].n_subproc
        MOD cak_x_user_group = cak_x_alter_user
    THEN
        ak21_alter_user_semantic (acv, a20v)
    ELSE
        a21create_user (acv, a20v)
    (*ENDIF*) 
    END;
(*ENDWITH*) 
END;
 
(*------------------------------*) 
 
PROCEDURE
      ak21int4_value_get (VAR acv : tak_all_command_glob;
            VAR a20v : tak_a21_glob;
            param    : tak_userparams);
 
VAR
      tlo : integer;
 
BEGIN
WITH acv, a20v DO
    BEGIN
    tlo := a_ap_tree^[ a2ti ].n_lo_level;
    IF  tlo = 0
    THEN
        a2params[ param ] := csp_maxint4
    ELSE
        WITH a_ap_tree^[ tlo ] DO
            a05_int4_unsigned_get (acv, n_pos, n_length,
                  a2params[ param ]);
        (*ENDWITH*) 
    (*ENDIF*) 
    END;
(*ENDWITH*) 
END;
 
(*------------------------------*) 
 
PROCEDURE
      ak21_next_user_parameter (VAR acv : tak_all_command_glob;
            VAR a20v : tak_a21_glob);
 
VAR
      error    : tgg00_BasisError;
      b_err    : tgg00_BasisError;
      sysbuf   : tak_sysbufferaddress;
      sysk     : tgg00_SysInfoKey;
 
BEGIN
error := e_ok;
WITH acv, a20v DO
    CASE a_ap_tree^[ a2ti ].n_subproc OF
        cak_i_at :
            BEGIN
            sysk := a01defaultkey;
            a05string_literal_get (acv,
                  a_ap_tree^[ a2ti ].n_lo_level, dcha,
                  sysk.sdbname, 1, sizeof(sysk.sdbname));
            IF  sysk.sdbname <> g01serverdb_ident.svServerdb_gg04
            THEN
                error := e_unknown_name_of_serverdb;
            (*ENDIF*) 
            END;
        cak_i_cachelimit :
            ak21int4_value_get (acv, a20v, cachelimit);
        cak_i_costlimit :
            ak21int4_value_get (acv, a20v, costlimit);
        cak_i_costwarning :
            ak21int4_value_get (acv, a20v, costwarning);
        cak_i_exclusive :
            a2ex_modified := true;
        cak_i_not :
            BEGIN
            a2exclusive   := false;
            a2ex_modified := true;
            END;
        (* PTS 1107952 E.Z. *)
        cak_i_timeout :
            BEGIN
            ak21int4_value_get (acv, a20v, maxtimeout);
            IF  ((a2params[ maxtimeout ] = 0) AND
                ( a_current_user_kind <> usysdba))
                OR
                (a2params[ maxtimeout ] < cak21min_timeout)
                OR
                ((a2params[ maxtimeout ] > cgg04_max_cmd_timeout) AND
                (a2params[ maxtimeout ] <> csp_maxint4))
            THEN
                error := e_cmd_timeout_invalid;
            (*ENDIF*) 
            END;
        (* PTS 1117216 E.Z. *)
        cak_i_defaultcode :
            BEGIN
            a2defaultcode := a_ap_tree^[ a2ti ].n_length;
            a2defc_modified:= true;
            END;
        cak_i_replication :
            BEGIN
            ak21IsUniqueReplicationUser(acv);
            a2replication := true;
            END;
        END;
    (*ENDCASE*) 
(*ENDWITH*) 
IF  error <> e_ok
THEN
    a07_b_put_error (acv, error, 1);
(*ENDIF*) 
END;
 
(*------------------------------*) 
 
PROCEDURE
      ak21IsUniqueReplicationUser (VAR acv : tak_all_command_glob);
 
CONST
      c_groupuser = true;
 
VAR
      b_err       : tgg00_BasisError;
      sysk        : tgg00_SysInfoKey;
      dummyBuf    : tak_sysbufferaddress;
      userBuf     : tak_sysbufferaddress;
      dummyUserId : tgg00_Surrogate;
      msg         : tsp00_C32;
 
BEGIN
ak21_get_user_record (acv, g01glob.sysuser_name,
      dummyUserId, lckRowExcl_egg00,
      NOT c_groupuser, d_release, dummyBuf, 1);
IF  acv.a_returncode = 0
THEN
    BEGIN
    sysk            := a01defaultkey;
    sysk.sauthid[1] := chr(255);
    sysk.sauthid[2] := chr(255);
    sysk.sentrytyp  := cak_euser;
    REPEAT
        a10next_sysinfo (acv, sysk, 2, d_release,
              cak_euser, userBuf, b_err);
        IF  b_err = e_ok
        THEN
            IF  userBuf^.suser.ureplication
            THEN
                b_err := e_missing_privilege;
            (*ENDIF*) 
        (*ENDIF*) 
    UNTIL
        b_err <> e_ok;
    (*ENDREPEAT*) 
    END;
(*ENDIF*) 
IF  b_err <> e_no_next_record
THEN
    IF  b_err = e_missing_privilege
    THEN
        BEGIN
        msg := 'DUPLICATE REPLICATION USER      ';
        a07_const_b_put_error (acv, b_err, 1, @msg, sizeof(msg));
        END
    ELSE
        a07_b_put_error (acv, b_err, 1);
    (*ENDIF*) 
(*ENDIF*) 
END;
 
(*------------------------------*) 
 
PROCEDURE
      ak21rename_user (VAR acv : tak_all_command_glob;
            VAR a20v  : tak_a21_glob);
 
CONST
      c_del_old_rec = true;
      c_add_new_rec = true;
      c_release     = true;
 
VAR
      ok              : boolean;
      is_user_group   : boolean;
      is_group_member : boolean;
      b_err           : tgg00_BasisError;
      owner           : tsp00_KnlIdentifier;
      char_uid        : tsp00_KnlIdentifier;
      new_key         : tgg00_SysInfoKey;
      old_key         : tgg00_SysInfoKey;
      viewscanpar     : tak_viewscan_par;
 
BEGIN
WITH acv, a20v DO
    BEGIN
    is_user_group := a_ap_tree^[a_ap_tree^[ 0 ].n_lo_level].n_subproc >
          cak_x_user_group;
    a27init_viewscanpar (acv, viewscanpar, v_rename_user);
    a2ti := a_ap_tree^[a2ti].n_sa_level;
    a05identifier_get (acv,
          a2ti, sizeof (a2user_name), a2user_name);
    IF  a2user_name = a_curr_user_name
    THEN
        IF  a_current_user_kind <> usysdba (* PTS 1114245 *)
        THEN
            a07_kw_put_error (acv, e_missing_privilege,
                  1, cak_i_userid)
        ELSE
            BEGIN
            a52_ex_commit_rollback (acv, m_commit,
                  NOT c_release, NOT c_release);
            IF  acv.a_returncode = 0
            THEN
                a52internal_subtrans (acv)
            (*ENDIF*) 
            END;
        (*ENDIF*) 
    (*ENDIF*) 
    viewscanpar.vsc_old_user_name := a2user_name;
    ak21_get_user_record (acv, a2user_name,
          a2user_id, lckRowShare_egg00, is_user_group,
          d_fix, a2sysbuf, a_ap_tree^[a2ti].n_pos);
    IF  a_returncode = 0
    THEN
        BEGIN
        IF  NOT a21is_owner (acv, a2sysbuf^.suser)
        THEN
            a07_kw_put_error (acv, e_missing_privilege,
                  1, cak_i_userid)
        ELSE
            IF  a2user_name <> a_curr_user_name
            THEN
                ak21user_connected (acv, a20v);
            (*ENDIF*) 
        (*ENDIF*) 
        END;
    (*ENDIF*) 
    IF  a_returncode = 0
    THEN
        BEGIN
        a2ti := a_ap_tree^[a2ti].n_sa_level;
        a05identifier_get (acv,
              a2ti, sizeof (viewscanpar.vsc_new_user_name),
              viewscanpar.vsc_new_user_name);
        IF  (viewscanpar.vsc_new_user_name = a01controluser      ) OR
            (viewscanpar.vsc_new_user_name = a01_il_b_identifier) OR
            (viewscanpar.vsc_new_user_name = a01_i_sysdd         ) OR
            (viewscanpar.vsc_new_user_name = a01_i_sys           )
        THEN
            a07_b_put_error (acv, e_user_not_allowed,
                  a_ap_tree^[a2ti].n_pos)
        ELSE
            BEGIN
            a51build_userkey (a2user_name,   old_key);
            a51build_userkey (viewscanpar.vsc_new_user_name, new_key);
            a10_copy_catalog_rec (acv, old_key,
                  c_del_old_rec, new_key, cak00_public_segment_id,
                  c_add_new_rec, b_err);
            IF  b_err = e_duplicate_sysinfo
            THEN
                a07_b_put_error (acv, e_duplicate_name,
                      a_ap_tree^[a2ti].n_pos)
            ELSE
                BEGIN
                is_group_member :=
                      a2sysbuf^.suser.urecordtyp = [is_user_rec];
                a06determine_username (acv,
                      a2sysbuf^.suser.userowner_id, owner);
                a2sysbuf^.suser.username :=
                      viewscanpar.vsc_new_user_name;
                a10repl_sysinfo (acv, a2sysbuf, b_err)
                END;
            (*ENDIF*) 
            IF  b_err <> e_ok
            THEN
                a07_b_put_error (acv, b_err, 1)
            (*ENDIF*) 
            END
        (*ENDIF*) 
        END;
    (*ENDIF*) 
    IF  (a_returncode = 0) AND (* PTS 1116837 M.Ki. *)
        NOT is_group_member
    THEN
        BEGIN
        a2sysk           := a01defaultkey;
        a2sysk.sauthid   := a2user_id;
        a2sysk.sentrytyp := cak_etableref;
        REPEAT
            a10next_sysinfo (acv, a2sysk, SURROGATE_MXGG00+2, d_release,
                  cak_etableref, a2sysbuf, b_err);
            IF  b_err = e_ok
            THEN
                IF  a2sysbuf^.stableref.rtablekind <> tempty
                THEN
                    BEGIN
                    viewscanpar.vsc_base_tabid :=
                          a2sysbuf^.stableref.rtableid;
                    a06_systable_get (acv, d_fix, viewscanpar.vsc_base_tabid,
                          a_p_arr1.pbasep, false, ok);
                    IF  ok
                    THEN
                        BEGIN
                        IF  a_p_arr1.pbasep^.sbase.btablekind in
                            (* PTS 1111576 E.Z. *)
                            [tonebase, tview, tcomplexview]
                        THEN
                            WITH viewscanpar DO
                                BEGIN
                                vsc_usagedef.usa_tableid := vsc_base_tabid;
                                a27rename_user (acv, viewscanpar);
                                END;
                            (*ENDWITH*) 
                        (*ENDIF*) 
                        IF  a_returncode = 0
                        THEN
                            a27view_scan (acv, viewscanpar.vsc_base_tabid,
                                  viewscanpar);
                        (*ENDIF*) 
                        a10_rel_sysinfo (acv, a_p_arr1.pbasep^.syskey)
                        END
                    ELSE
                        a07ak_system_error (acv, 21, 4)
                    (*ENDIF*) 
                    END;
                (*ENDIF*) 
            (*ENDIF*) 
        UNTIL
            (b_err <> e_ok) OR
            (a_returncode <> 0);
        (*ENDREPEAT*) 
        b01empty_file (acv.a_transinf.tri_trans, acv.a_into_tree);
        IF  a_returncode = 0
        THEN
            BEGIN
            char_uid := bsp_c64;
            g17int4to_line ( ak21uid(a2user_id), false, 10, 1, char_uid);
            a01setl_identifier (char_uid, char_uid);
            a38rename (acv, cak_i_user, owner,
                  viewscanpar.vsc_old_user_name, char_uid,
                  viewscanpar.vsc_new_user_name)
            END;
        (*ENDIF*) 
        END;
    (*ENDIF*) 
    IF  (a2user_name = a_curr_user_name) AND
        (a_returncode = 0)
    THEN
        a_acc_user := viewscanpar.vsc_new_user_name
    (*ENDIF*) 
    END;
(*ENDWITH*) 
END;
 
(*------------------------------*) 
 
PROCEDURE
      ak21user_connected (VAR acv : tak_all_command_glob;
            VAR a20v  : tak_a21_glob);
 
BEGIN
WITH acv DO
    BEGIN
    a06a_mblock_init (acv,
          m_down, mm_user, b01niltree_id);
    s10mv (sizeof(a20v.a2user_id), a_mblock.mb_data_size,
          @a20v.a2user_id, SURROGATE_MXGG00 - USERID_MXGG04 + 1,
          @a_mblock.mb_data^.mbp_buf, 1, sizeof(tgg00_UserId));
    a_mblock.mb_data_len  := sizeof (tgg00_UserId);
    a06rsend_mess_buf (acv, a_mblock, NOT cak_return_req,
          a_transinf.tri_trans.trError_gg00);
    IF  a_transinf.tri_trans.trError_gg00 <> e_ok
    THEN
        a07_b_put_error (acv, a_transinf.tri_trans.trError_gg00, 1)
    (*ENDIF*) 
    END;
(*ENDWITH*) 
END;
 
(*------------------------------*) 
 
PROCEDURE
      ak21get_user_id (VAR acv : tak_all_command_glob;
            VAR a20v : tak_a21_glob);
 
VAR
      b_err   : tgg00_BasisError;
      i       : integer;
      uid_buf : tak_sysbufferaddress;
      sysk    : tgg00_SysInfoKey;
 
BEGIN
WITH acv, a20v DO
    BEGIN
    sysk           := a01defaultkey;
    sysk.sentrytyp := cak_euserid;
    a10_fix_len_get_sysinfo (acv, sysk, d_release,
          mxak_useridrec, 0, uid_buf, b_err);
    IF  a_returncode = 0
    THEN
        WITH uid_buf^.suserid DO
            BEGIN
            IF  b_err = e_sysinfo_not_found
            THEN
                BEGIN
                us_segmentid := cak00_public_segment_id;
                us_filler[ 1 ] := chr (0);
                us_filler[ 2 ] := chr (0);
                us_userid[ 1 ] := chr (0);
                us_userid[ 2 ] := chr (0);
                us_userid[ 3 ] := chr (0);
                us_userid[ 4 ] := chr (9)
                END;
            (*ENDIF*) 
            g01int4incr (us_userid);
            a2user_id := cgg_zero_id;
            FOR i := 1 TO mxsp_c4 DO
                a2user_id [ SURROGATE_MXGG00 - mxsp_c4 + i ] := us_userid [ i ];
            (*ENDFOR*) 
            a2user_id [1] := chr (255);
            IF  a2role
            THEN
                a2user_id [2] := chr (250)
            ELSE
                a2user_id [2] := chr (255);
            (*ENDIF*) 
            a10_add_repl_sysinfo (acv,
                  uid_buf, b_err <> e_ok, b_err);
            END;
        (*ENDWITH*) 
    (*ENDIF*) 
    IF  b_err <> e_ok
    THEN
        a07_b_put_error (acv, b_err, 1)
    (*ENDIF*) 
    END;
(*ENDWITH*) 
END;
 
(*------------------------------*) 
 
PROCEDURE
      ak21system_user (VAR acv : tak_all_command_glob;
            VAR a20v : tak_a21_glob);
 
VAR
      b_err      : tgg00_BasisError;
      sysdbabuf  : tak_sysbufferaddress;
      sysk       : tgg00_SysInfoKey;
 
BEGIN
WITH a20v DO
    IF  a2user_name[ 1 ] = bsp_c1
    THEN
        a07_b_put_error (acv, e_user_not_allowed, 1)
    ELSE
        BEGIN
        sysk           := a01defaultkey;
        sysk.ssite     := cgg_zero_c2;
        sysk.sentrytyp := cak_esysdba;
        a10_nil_get_sysinfo (acv, sysk, d_release,
              sizeof(tak_sysdbarecord), sysdbabuf, b_err);
        IF  b_err = e_ok
        THEN
            WITH sysdbabuf^.ssysdba DO
                BEGIN
                syssegmentid := cak00_public_segment_id;
                sysactivated := false;
                sysversion   := cak_sysdba_version;
                sysauthid    := a2user_id;
                g11kernel_version (sysKnlVersion);
                a10add_sysinfo (acv, sysdbabuf, b_err);
                IF  b_err = e_duplicate_sysinfo
                THEN
                    a07_b_put_error (acv, e_duplicate_name, 1)
                ELSE
                    BEGIN
                    g01glob.sysuser_name := a2user_name;
                    g01glob.sysuser_id   := a2user_id
                    END;
                (*ENDIF*) 
                END;
            (*ENDWITH*) 
        (*ENDIF*) 
        IF  b_err <> e_ok
        THEN
            a07_b_put_error (acv, b_err, 1)
        (*ENDIF*) 
        END;
    (*ENDIF*) 
(*ENDWITH*) 
END;
 
(*------------------------------*) 
 
PROCEDURE
      ak21_create_user (VAR acv : tak_all_command_glob;
            VAR a20v : tak_a21_glob);
 
VAR
      error        : tgg00_BasisError;
      b_err        : tgg00_BasisError;
      group_user   : boolean;
      passw_ptr    : ^tsp00_CryptPw;
 
BEGIN
WITH acv, a20v DO
    BEGIN
    error := e_ok;
    b_err := e_ok;
    group_user := (a2group_id <> cgg_zero_id);
    WITH a2sysbuf^, suser DO
        BEGIN
        usersegmentid  := cak00_public_segment_id;
        username       := a2user_name;
        usersysdba     := a2userkind = cak_i_sysdba;
        uexclusive     := a2exclusive;
&       ifdef trace
        t01name (ak_sem, a2password);
&       endif
        IF  (usersysdba) AND (a2password = bsp_name)
        THEN
            BEGIN
            passw_ptr := @a_data_ptr^[ 1 ];
            userpassw := passw_ptr^;
            END
        ELSE
            s02encrypt (a2password, userpassw);
        (*ENDIF*) 
        usupportpasspw:= bsp_c24;
        a11put_date_time (ucreatedate, ucreatetime);
        upwcreatedate   := ucreatedate;
        upwcreatetime   := ucreatetime;
        ualterdate      := ucreatedate;
        ualtertime      := ucreatetime;
        userchardefcode := a2defaultcode; (* PTS 1117216 E.Z. *)
        ureplication    := a2replication;
        userfiller2     := false;
        userfiller3     := 0;
        IF  a2role
        THEN
            urecordtyp := [ is_role_rec]
        ELSE
            IF  group_user
            THEN
                urecordtyp := [ is_user_rec ]
            ELSE
                IF  (a_ap_tree^[ a_ap_tree^[ 0 ].n_lo_level ].n_subproc >
                    cak_x_user_group) AND
                    NOT  usersysdba
                THEN
                    urecordtyp := [ is_group_rec ]
                ELSE
                    urecordtyp := [ is_group_rec, is_user_rec ];
                (*ENDIF*) 
            (*ENDIF*) 
        (*ENDIF*) 
        IF  usersysdba
        THEN
            userowner_id := syskey.sauthid
        ELSE
            userowner_id := a_curr_user_id;
        (*ENDIF*) 
        ucomment     := false;
        userroleinfo := role_none;
        userrolecnt  := 0;
        CASE a2userkind OF
            cak_i_standard :
                userkind := unoprivate;
            cak_i_resource :
                userkind := uprivate;
            cak_i_dba :
                BEGIN
                IF  (a_current_user_kind = usysdba)
                    AND
                    (a_ap_tree^[ a_ap_tree^[ 0 ].n_lo_level ].n_subproc <= cak_x_user_group)
                THEN
                    userkind := udba
                ELSE
                    error := e_missing_privilege;
                (*ENDIF*) 
                END;
            cak_i_sysdba :
                userkind := udba;
            OTHERWISE
                error := e_missing_privilege;
            END;
        (*ENDCASE*) 
        uparams := a2params;
        usergroup_id := a2group_id;
        uperm_ref    := b01niltree_id.fileUserRef_gg00;
        END;
    (*ENDWITH*) 
    IF  (error = e_ok) AND (b_err = e_ok)
    THEN
        (* PTS 1107952 E.Z. *)
        a10add_sysinfo (acv, a2sysbuf, b_err);
    (*ENDIF*) 
    IF  error <> e_ok
    THEN
        a07_b_put_error (acv, error, 1)
    ELSE
        IF  a2role
        THEN
            a19addroletab (acv, a_curr_user_id, a2user_id)
        (*ENDIF*) 
    (*ENDIF*) 
    END;
(*ENDWITH*) 
END;
 
(*------------------------------*) 
 
PROCEDURE
      a21create_user (VAR acv : tak_all_command_glob;
            VAR a20v : tak_a21_glob);
 
VAR
      b_err     : tgg00_BasisError;
 
BEGIN
WITH acv, a20v DO
    BEGIN
    IF  (a_current_user_kind  = usysdba)
        OR
        (a_current_user_kind  = udba)
        OR
        ((a_current_user_kind = ucontroluser) AND
        ( a2userkind = cak_i_sysdba))
    THEN
        BEGIN
        IF  (a2user_name = a01_i_sys) AND
            NOT
            ((a_cmd_segment_header.sp1c_producer = sp1pr_installation)     OR
            ((a_cmd_segment_header.sp1c_producer = sp1pr_internal_cmd) AND
            ( a_comp_type = at_load)))
        THEN
            a07_b_put_error (acv, e_user_not_allowed, a2errorpos)
        ELSE
            IF  (a2user_name = a01controluser    ) OR
                (a2user_name = a01_il_b_identifier) OR
                (a2user_name = a01_i_sysdd       )
            THEN
                a07_b_put_error (acv, e_user_not_allowed, a2errorpos)
            ELSE
                IF  (a2params[ costwarning ] <> csp_maxint4) AND
                    (a2params[ costwarning ] >= a2params[ costlimit ])
                    AND NOT (a2like)
                THEN
                    a07_b_put_error (acv, e_invalid_costwarning, 1);
                (*ENDIF*) 
            (*ENDIF*) 
        (*ENDIF*) 
        END
    ELSE
        a07_kw_put_error (acv, e_missing_privilege, 1, cak_i_dba);
    (*ENDIF*) 
    IF  a_returncode = 0
    THEN
        BEGIN
        a51build_userkey (a2user_name, a2sysk);
        a10_fix_len_get_sysinfo (acv, a2sysk, d_release,
              sizeof (tak_userrefrecord), 0, a2sysbuf, b_err);
        IF  b_err = e_ok
        THEN
            a07_b_put_error (acv, e_duplicate_name, 1)
        ELSE
            IF  a_returncode = 0
            THEN
                BEGIN
                WITH a2sysbuf^.suserref DO
                    BEGIN
                    IF  a2user_name = a01_i_public
                    THEN
                        a2user_id := cak_public_user_id
                    ELSE
                        ak21get_user_id (acv, a20v);
                    (*ENDIF*) 
                    ru_segmentid := cak00_public_segment_id;
                    ru_user_id   := a2user_id;
                    a10add_sysinfo (acv, a2sysbuf, b_err)
                    END;
                (*ENDWITH*) 
                IF  b_err = e_ok
                THEN
                    BEGIN
                    a2sysk := a01defaultkey;
                    WITH a2sysk DO
                        BEGIN
                        stableid  := a2user_id;
                        sentrytyp := cak_euser
                        END;
                    (*ENDWITH*) 
                    a10_nil_get_sysinfo (acv, a2sysk, d_fix,
                          sizeof (tak_userrecord), a2sysbuf, b_err)
                    END;
                (*ENDIF*) 
                IF  b_err <> e_ok
                THEN
                    a07_b_put_error (acv, b_err, 1)
                ELSE
                    IF  a2userkind = cak_i_sysdba
                    THEN
                        ak21system_user (acv, a20v);
                    (*ENDIF*) 
                (*ENDIF*) 
                END;
            (*ENDIF*) 
        (*ENDIF*) 
        END;
    (*ENDIF*) 
    IF  a_returncode = 0
    THEN
        IF  a2like
        THEN
            ak21_like_user (acv, a20v)
        ELSE
            ak21_create_user (acv, a20v);
        (*ENDIF*) 
    (*ENDIF*) 
    END;
(*ENDWITH*) 
END;
 
(*------------------------------*) 
 
PROCEDURE
      ak21_drop_user_semantic (VAR acv : tak_all_command_glob;
            VAR a20v : tak_a21_glob);
 
BEGIN
WITH acv, a20v DO
    BEGIN
    WITH a_ap_tree^[a2ti] DO
        BEGIN
        a2cascade := n_length = cak_i_cascade;
        a2ti      := n_lo_level
        END;
    (*ENDWITH*) 
    a05identifier_get (acv, a2ti,
          sizeof (a2user_name), a2user_name);
    a2errorpos := a_ap_tree^[a2ti].n_pos;
    ak21_get_user_record (acv, a2user_name, a2user_id, lckRowExcl_egg00,
          a_ap_tree^[ a_ap_tree^[ 0 ].n_lo_level ].n_subproc > cak_x_user_group,
          d_fix, a2sysbuf, a2errorpos);
    IF  a_returncode = 0
    THEN
        WITH a2sysbuf^,suser DO
            BEGIN
            IF  NOT a21is_owner (acv, a2sysbuf^.suser)
                OR
                usersysdba
            THEN
                a07_kw_put_error ( acv,
                      e_missing_privilege, 1, cak_i_userid)
            ELSE
                IF  a_is_ddl <> ddl_drop_role
                THEN
                    ak21user_connected (acv, a20v);
                (*ENDIF*) 
            (*ENDIF*) 
            IF  a_returncode = 0
            THEN
                IF  a_is_ddl = ddl_drop_role
                THEN
                    ak21drop_role (acv, a2user_name, a2user_id)
                ELSE
                    ak21drop_user (acv, a20v)
                (*ENDIF*) 
            (*ENDIF*) 
            END;
        (*ENDWITH*) 
    (*ENDIF*) 
    END;
(*ENDWITH*) 
END;
 
(*------------------------------*) 
 
PROCEDURE
      ak21drop_user (VAR acv : tak_all_command_glob;
            VAR a20v  : tak_a21_glob);
 
VAR
      is_dba : boolean;
      b_err  : tgg00_BasisError;
      userk  : tgg00_SysInfoKey;
 
BEGIN
WITH acv, a20v, a2sysbuf^, suser DO
    BEGIN
    is_dba := false;
    b_err  := e_ok;
    a38user_drop (acv, a2user_name,
          usergroup_id, a2usergroup, userowner_id, ak21uid(a2user_id));
    IF   NOT (is_group_rec in urecordtyp)
    THEN (* drop group member *)
        a10del_sysinfo (acv, a2sysbuf^.syskey, b_err)
    ELSE
        BEGIN
        IF   NOT (is_user_rec in urecordtyp)
        THEN (* DROP USERGROUP *)
            ak21group_members (acv, a20v, drop)
        ELSE
            IF  userkind = udba
            THEN
                BEGIN
                is_dba    := true;
                a2like_id := a_curr_user_id;
                ak21_owner_change (acv, a20v)
                END;
            (*ENDIF*) 
        (*ENDIF*) 
        IF   a_returncode = 0
        THEN
            BEGIN
            (* PTS 1107952 E.Z. *)
            IF  b_err = e_ok
            THEN
                ak21privilege_handling (acv, a20v);
            (*ENDIF*) 
            END;
        (*ENDIF*) 
        IF  a_returncode = 0
        THEN
            BEGIN
            ak21_all_usertable_drop (acv, a20v, is_dba);
            ak21drop_user_roles     (acv, a20v)
            END;
        (*ENDIF*) 
        IF  b_err = e_ok
        THEN
            a10del_user_sysinfo  (acv, a2user_id, b_err)
        (*ENDIF*) 
        END;
    (*ENDIF*) 
    IF  b_err = e_ok
    THEN
        BEGIN (* delete user reference record *)
        a51build_userkey (a2user_name, userk);
        a10del_sysinfo (acv, userk, b_err)
        END;
    (*ENDIF*) 
    IF  b_err <> e_ok
    THEN
        a07_b_put_error (acv, b_err, 1);
    (*ENDIF*) 
    END;
(*ENDWITH*) 
END;
 
(*------------------------------*) 
 
PROCEDURE
      ak21drop_role (VAR acv : tak_all_command_glob;
            VAR role_name : tsp00_KnlIdentifier;
            VAR role_id   : tgg00_Surrogate);
 
VAR
      b_err   : tgg00_BasisError;
      rolekey : tgg00_SysInfoKey;
 
BEGIN
ak21del_role_privileges (acv, role_id);
a10del_user_sysinfo  (acv, role_id, b_err);
IF  b_err = e_ok
THEN
    BEGIN (* delete user reference record *)
    a51build_userkey (role_name, rolekey);
    a10del_sysinfo (acv, rolekey, b_err)
    END;
(*ENDIF*) 
IF  b_err <> e_ok
THEN
    a07_b_put_error (acv, b_err, 1);
(*ENDIF*) 
END;
 
(*------------------------------*) 
 
PROCEDURE
      ak21drop_user_roles (VAR acv : tak_all_command_glob;
            VAR a20v  : tak_a21_glob);
 
VAR
      b_err       : tgg00_BasisError;
      ix          : integer;
      roletab_ptr : tak_sysbufferaddress;
      role_ptr    : tak_sysbufferaddress;
      sysk        : tgg00_SysInfoKey;
      role_sysk   : tgg00_SysInfoKey;
 
BEGIN
sysk           := a01defaultkey;
sysk.sauthid   := a20v.a2user_id;
sysk.sentrytyp := cak_eroletab;
REPEAT
    a10get_sysinfo (acv, sysk, d_fix, roletab_ptr, b_err);
    IF  b_err = e_ok
    THEN
        WITH roletab_ptr^.susertab DO
            BEGIN
            ix := 1;
            WHILE ix <= usertabcount DO
                BEGIN
                IF  NOT usertabdef[ix].ut_empty
                THEN
                    BEGIN
                    role_sysk           := a01defaultkey;
                    role_sysk.sauthid   := usertabdef[ix].ut_surrogate;
                    role_sysk.sentrytyp := cak_euser;
                    a10get_sysinfo (acv, role_sysk,
                          d_fix, role_ptr, b_err);
                    IF  b_err = e_ok
                    THEN
                        IF  role_ptr^.suser.userowner_id = a20v.a2user_id
                        THEN (* PTS 1113470 *)
                            ak21drop_role (acv,
                                  role_ptr^.suser.username,
                                  usertabdef[ix].ut_surrogate)
                        (*ENDIF*) 
                    (*ENDIF*) 
                    END;
                (*ENDIF*) 
                ix := ix + 1;
                END;
            (*ENDWHILE*) 
            IF  usertabnext_exist
            THEN
                a06inc_linkage (sysk.slinkage)
            ELSE
                b_err := e_sysinfo_not_found
            (*ENDIF*) 
            END;
        (*ENDWITH*) 
    (*ENDIF*) 
UNTIL
    b_err <> e_ok;
(*ENDREPEAT*) 
IF  b_err <> e_sysinfo_not_found
THEN
    a07_b_put_error (acv, b_err, 1)
(*ENDIF*) 
END;
 
(*------------------------------*) 
 
PROCEDURE
      ak21del_role_privileges (VAR acv : tak_all_command_glob;
            role_id   : tgg00_Surrogate);
 
VAR
      b_err : tgg00_BasisError;
      p     : tak_sysbufferaddress;
      sysk  : tgg00_SysInfoKey;
 
BEGIN
a19delroletab  (acv, acv.a_curr_user_id, role_id);
IF  acv.a_returncode = 0
THEN
    BEGIN
    sysk           := a01defaultkey;
    sysk.sauthid   := role_id;
    sysk.sentrytyp := cak_eprivuser;
    REPEAT
        a10next_sysinfo (acv, sysk, SURROGATE_MXGG00 + 2,
              d_fix, cak_eprivuser, p, b_err);
        IF  b_err = e_ok
        THEN
            BEGIN
            a19delroletab   (acv, p^.syskey.suserid,  role_id);
            a10del_sysinfo (acv, sysk, b_err)
            END;
        (*ENDIF*) 
    UNTIL
        b_err <> e_ok;
    (*ENDREPEAT*) 
    IF  b_err <> e_no_next_record
    THEN
        a07_b_put_error (acv, b_err, 1)
    (*ENDIF*) 
    END;
(*ENDIF*) 
END;
 
(*------------------------------*) 
 
PROCEDURE
      ak21privilege_handling (VAR acv : tak_all_command_glob;
            VAR a20v  : tak_a21_glob);
 
VAR
      ok      : boolean;
      b_err   : tgg00_BasisError;
      tabno   : integer;
      priv    : tak_privilege;
      sysbuf  : tak_sysbufferaddress;
      syskey  : tgg00_SysInfoKey;
      is_dba  : boolean;
      sysk    : tgg00_SysInfoKey;
      owner   : tsp00_KnlIdentifier;
      owner_id: tgg00_Surrogate;
      proc    : tsp00_KnlIdentifier;
 
BEGIN
WITH acv, a20v DO
    BEGIN
    syskey := a01defaultkey;
    WITH syskey DO
        BEGIN
        sauthid   := a2user_id;
        sentrytyp := cak_eusertab
        END;
    (*ENDWITH*) 
    REPEAT
        a10get_sysinfo (acv, syskey, d_fix, sysbuf, b_err);
        IF  b_err = e_ok
        THEN
            BEGIN
            tabno := 1;
            WHILE (tabno <= sysbuf^.susertab.usertabcount) AND
                  (a_returncode = 0) DO
                BEGIN
                WITH sysbuf^.susertab.usertabdef[ tabno ] DO
                    BEGIN
                    IF  NOT (ut_empty)
                    THEN
                        CASE ut_kind OF
                            (* PTS 1111576 E.Z. *)
                            ut_table,    ut_base_table, ut_view,
                            ut_oracle_systable, ut_internal_systable :
                                BEGIN
                                a06_systable_get (acv, d_fix,
                                      ut_surrogate,
                                      a_p_arr1.pbasep, false, ok);
                                IF  ok
                                THEN
                                    BEGIN
                                    a06user_get_priv (acv, a_p_arr1.
                                          pbasep, a2user_id, priv);
                                    IF  (priv.priv_all_grant_set <> [])
                                        OR
                                        (priv.priv_grant_upd_set <> [])
                                        OR
                                        (priv.priv_grant_sel_set <> [])
                                    THEN
                                        ak21change_grantor (acv,
                                              a2user_id);
                                    (*ENDIF*) 
                                    a10rel_sysinfo (a_p_arr1.pbasep)
                                    END
                                ELSE
                                    a07ak_system_error (acv, 21, 1);
                                (*ENDIF*) 
                                END;
                            ut_procedure :
                                BEGIN
                                (* get author of the stored procedure *)
                                a12reference (acv, ut_surrogate,
                                      owner, proc);
                                IF  a_returncode = 0
                                THEN
                                    a06det_user_id (acv, owner, owner_id)
                                ELSE
                                    a07ak_system_error (acv, 21, 2);
                                (*ENDIF*) 
                                IF  (a_returncode = 0) AND
                                    (owner_id <> a2user_id)
                                THEN (* user to be dropped is not *)
                                    (* the owner of the stored   *)
                                    (* procedure -> procpriv-rec *)
                                    BEGIN
                                    a06check_username (acv, owner,
                                          is_dba, ok);
                                    (* procid *)
                                    sysk.stableid  := ut_surrogate;
                                    sysk.sentrytyp := cak_eprocpriv;
                                    sysk.slinkage  := cak_init_linkage;
                                    (* granteeid *)
                                    sysk.suserid   := a2user_id;
                                    sysk.skeylen   := mxak_standard_sysk +
                                          SURROGATE_MXGG00;
                                    (* delete privproc record *)
                                    a10del_sysinfo (acv, sysk, b_err);
                                    IF  b_err <> e_ok
                                    THEN
                                        a07ak_system_error (acv, 21, 3);
                                    (*ENDIF*) 
                                    END;
                                (*ENDIF*) 
                                END;
                            ut_sequence :
                                BEGIN
                                sysk.stableid  := ut_surrogate;
                                sysk.sentrytyp := cak_esequencepriv;
                                sysk.slinkage  := cak_init_linkage;
                                sysk.suserid   := a2user_id;
                                sysk.skeylen   := mxak_standard_sysk +
                                      SURROGATE_MXGG00;
                                a10del_sysinfo (acv, sysk, b_err);
                                IF  b_err <> e_ok
                                THEN
                                    a07ak_system_error (acv, 21, 3)
                                (*ENDIF*) 
                                END;
                            OTHERWISE;
                            END;
                        (*ENDCASE*) 
                    (*ENDIF*) 
                    END;
                (*ENDWITH*) 
                tabno := succ(tabno)
                END;
            (*ENDWHILE*) 
            a10_rel_sysinfo (acv, syskey);
            IF  sysbuf^.susertab.usertabnext_exist
            THEN
                a06inc_linkage (syskey.slinkage)
            ELSE
                b_err := e_sysinfo_not_found;
            (*ENDIF*) 
            END;
        (*ENDIF*) 
        IF  (b_err = e_sysinfo_not_found) AND
            (syskey.slinkage [ 1 ] < chr(128))
        THEN
            BEGIN
            b_err                 := e_ok;
            syskey.slinkage       := cak_init_linkage;
            syskey.slinkage [ 1 ] := chr (128)
            END;
        (*ENDIF*) 
    UNTIL
        (b_err <> e_ok) OR (a_returncode <> 0);
    (*ENDREPEAT*) 
    IF  b_err <> e_sysinfo_not_found
    THEN
        a07_b_put_error (acv, b_err, 1);
    (*ENDIF*) 
    END;
(*ENDWITH*) 
END;
 
(*------------------------------*) 
 
PROCEDURE
      ak21change_grantor (VAR acv : tak_all_command_glob;
            VAR userid : tgg00_Surrogate);
 
VAR
      b_err      : tgg00_BasisError;
      new_sysinfo: boolean;
      i          : tak_priv_descriptors;
      sysbuf     : tak_sysbufferaddress;
      privbuf    : tak_sysbufferaddress;
      sysk       : tgg00_SysInfoKey;
      privkey    : tgg00_SysInfoKey;
      ownerpriv  : tak_privilege;
      currpriv   : tak_privilege;
 
BEGIN
WITH acv DO
    BEGIN
    sysk           := a_p_arr1.pbasep^.syskey;
    sysk.sentrytyp := cak_eprivuser;
    REPEAT
        a10next_sysinfo (acv, sysk, SURROGATE_MXGG00 + 2, d_fix,
              cak_eprivuser, sysbuf, b_err);
        IF  b_err = e_ok
        THEN
            IF  sysk.stableid = a_p_arr1.pbasep^.syskey.stableid
            THEN
                BEGIN
                IF  sysk.sgrantuser = userid
                THEN
                    BEGIN
                    privkey            := sysk;
                    privkey.sgrantuser :=
                          a_p_arr1.pbasep^.sbase.bauthid;
                    a10_fix_len_get_sysinfo (acv, privkey, d_release,
                          sizeof (tak_privuserrecord),
                          0, privbuf, b_err);
                    IF  b_err = e_sysinfo_not_found
                    THEN
                        BEGIN
                        b_err := e_ok;
                        new_sysinfo := true;
                        s10mv (sizeof(sysbuf^), sizeof(privbuf^),
                              @sysbuf^, 1, @privbuf^, 1, sysbuf^.b_sl);
                        privbuf^.syskey.sgrantuser :=
                              privkey.sgrantuser;
                        END
                    ELSE
                        IF  b_err = e_ok
                        THEN
                            BEGIN
                            new_sysinfo := false;
                            ownerpriv := a01emptypriv;
                            currpriv  := a01emptypriv;
                            a06unpack_priv (privbuf^.sprivuser.pru_priv,
                                  ownerpriv);
                            a06unpack_priv (sysbuf^.sprivuser.pru_priv,
                                  currpriv);
                            ownerpriv.priv_all_set :=
                                  ownerpriv.priv_all_set +
                                  currpriv.priv_all_set;
                            ownerpriv.priv_all_grant_set :=
                                  ownerpriv.priv_all_grant_set +
                                  currpriv.priv_all_grant_set;
                            FOR i := priv_col_sel TO priv_col_upd_grant DO
                                ownerpriv.priv_col[ i ] :=
                                      ownerpriv.priv_col[ i ] +
                                      currpriv.priv_col[ i ];
                            (*ENDFOR*) 
                            a22pack_priv (privbuf, ownerpriv,
                                  privbuf^.sprivuser.pru_priv)
                            END;
                        (*ENDIF*) 
                    (*ENDIF*) 
                    IF  b_err = e_ok
                    THEN
                        a10_add_repl_sysinfo (acv,
                              privbuf, new_sysinfo, b_err);
                    (*ENDIF*) 
                    IF  b_err = e_ok
                    THEN
                        a10del_sysinfo (acv, sysbuf^.syskey, b_err)
                    (*ENDIF*) 
                    END;
                (*ENDIF*) 
                END
            ELSE
                b_err := e_no_next_record;
            (*ENDIF*) 
        (*ENDIF*) 
        a10_rel_sysinfo (acv, sysk);
    UNTIL
        b_err <> e_ok;
    (*ENDREPEAT*) 
    END;
(*ENDWITH*) 
END;
 
(*------------------------------*) 
 
FUNCTION
      ak21permcount_get (VAR acv : tak_all_command_glob;
            VAR user_rec : tak_userrecord) : tsp00_Int4;
 
CONST
      no_temp        = false;
      private        = true;
      no_nonprivate  = false;
      no_public      = false;
      no_synonyms    = false;
      not_all_base   = false;
 
VAR
      count          : tsp00_Int4;
      init_username  : tsp00_KnlIdentifier;
      init_userid    : tgg00_Surrogate;
      a41v           : tak40_show_glob;
 
BEGIN
WITH acv DO
    BEGIN
    count               := 0;
    init_username       := a_curr_user_name;
    init_userid         := a_curr_user_id;
    a_curr_user_name    := user_rec.username;
    a_curr_user_id      := user_rec.usurrogate;
    a41init_show_glob (a41v, a_cmd_packet_header.sp1h_mess_code);
    a40init_table_scan (acv, a41v, no_temp, private, no_nonprivate,
          no_public, no_synonyms, not_all_base);
    WHILE a40next_table (acv, a41v) DO
        WITH a41v.a4p_arr.pbasep^.sbase DO
            IF  (btablekind = twithkey) OR
                (btablekind = twithoutkey)
            THEN
                a42_get_pagecount (acv, a41v.a4p_arr.pbasep, count);
            (*ENDIF*) 
        (*ENDWITH*) 
    (*ENDWHILE*) 
    a_curr_user_name    := init_username;
    a_curr_user_id      := init_userid;
    ak21permcount_get   := count
    END;
(*ENDWITH*) 
END;
 
(*------------------------------*) 
 
PROCEDURE
      ak21_create_priv_rec (VAR acv : tak_all_command_glob;
            VAR a20v        : tak_a21_glob;
            VAR tabid       : tgg00_Surrogate;
            VAR tab_kind    : tak_usertab_descriptor);
 
VAR
      b_err       : tgg00_BasisError;
      required_len: integer;
      i           : tak_priv_descriptors;
      curr_index  : tak_priv_descriptors;
      sysbuf      : tak_sysbufferaddress;
      privbuf     : tak_sysbufferaddress;
      privkey     : tgg00_SysInfoKey;
      syskey      : tgg00_SysInfoKey;
      priv        : tak_privilege;
 
BEGIN
WITH acv, a20v DO
    BEGIN
    b_err := e_sysinfo_not_found;
    priv  := a01emptypriv;
    WITH syskey DO
        BEGIN
        stableid  := tabid;
        sentrytyp := cak_eprivuser;
        slinkage  := cak_init_linkage;
        suserid   := a2like_id;
        skeylen   := mxak_standard_sysk + SURROGATE_MXGG00
        END;
    (*ENDWITH*) 
    REPEAT
        a10next_sysinfo (acv, syskey, SURROGATE_MXGG00+2, d_fix,
              cak_eprivuser, privbuf, b_err);
        IF  b_err = e_ok
        THEN
            IF  (syskey.stableid <> tabid)
                OR
                (syskey.suserid <> a2like_id)
            THEN
                b_err := e_no_next_record;
            (*ENDIF*) 
        (*ENDIF*) 
        IF  b_err = e_ok
        THEN
            BEGIN
            privkey         := syskey;
            privkey.suserid := a2user_id;
            a10_nil_get_sysinfo (acv, privkey, d_release,
                  privbuf^.b_sl, sysbuf, b_err);
            IF  b_err = e_ok
            THEN
                BEGIN
                priv.priv_all_set :=  priv.priv_all_set +
                      privbuf^.sprivuser.pru_priv.priv_all_set;
                priv.priv_all_grant_set := priv.priv_all_grant_set +
                      privbuf^.sprivuser.pru_priv.priv_all_grant_set;
                curr_index := priv_col_sel;
                FOR i := priv_col_sel TO priv_col_upd_grant DO
                    BEGIN
                    IF  i in privbuf^.sprivuser.pru_priv.priv_col_exist
                    THEN
                        BEGIN
                        priv.priv_col[ i ] := priv.priv_col[ i ] +
                              privbuf^.sprivuser.
                              pru_priv.priv_col[ curr_index ];
                        priv.priv_col_exist :=
                              priv.priv_col_exist + [ i ];
                        IF  curr_index < priv_col_upd_grant
                        THEN
                            curr_index := succ(curr_index)
                        (*ENDIF*) 
                        END;
                    (*ENDIF*) 
                    END;
                (*ENDFOR*) 
                s10mv  (sizeof(privbuf^), sizeof(sysbuf^),
                      @privbuf^, 1, @sysbuf^, 1, privbuf^.b_sl);
                sysbuf^.syskey.suserid := a2user_id;
                WITH sysbuf^.spriv.pr_priv DO
                    priv_all_set := priv_all_set - [ r_owner ];
                (*ENDWITH*) 
                a10add_sysinfo (acv, sysbuf, b_err)
                END;
            (*ENDIF*) 
            END;
        (*ENDIF*) 
        a10_rel_sysinfo (acv, syskey);
    UNTIL
        b_err <> e_ok;
    (*ENDREPEAT*) 
    IF  b_err = e_no_next_record
    THEN
        BEGIN
        b_err := e_ok;
        IF  priv.priv_c132 <> a01emptypriv.priv_c132
        THEN
            BEGIN
            IF  r_upd in priv.priv_all_set
            THEN
                priv.priv_col_exist :=
                      priv.priv_col_exist - [ priv_col_upd ];
            (*ENDIF*) 
            IF  r_sel in priv.priv_all_set
            THEN
                priv.priv_col_exist :=
                      priv.priv_col_exist - [ priv_col_sel ];
            (*ENDIF*) 
            IF  r_upd in priv.priv_all_grant_set
            THEN
                priv.priv_col_exist :=
                      priv.priv_col_exist-[ priv_col_upd_grant ];
            (*ENDIF*) 
            IF  r_sel in priv.priv_all_grant_set
            THEN
                priv.priv_col_exist :=
                      priv.priv_col_exist-[ priv_col_sel_grant ];
            (*ENDIF*) 
            privkey.sentrytyp := cak_epriv;
            privkey.skeylen   := mxak_standard_sysk + SURROGATE_MXGG00;
            required_len      := sizeof (tak_privrecord);
            a10_nil_get_sysinfo (acv, privkey, d_release,
                  required_len, privbuf, b_err);
            IF  b_err = e_ok
            THEN
                BEGIN
                a22pack_priv (privbuf,
                      priv, privbuf^.spriv.pr_priv);
                a10add_sysinfo (acv, privbuf, b_err)
                END;
            (*ENDIF*) 
            END;
        (*ENDIF*) 
        END;
    (*ENDIF*) 
    IF  b_err <> e_ok
    THEN
        a07_b_put_error (acv, b_err, 1)
    ELSE
        a19add_usertab  (acv, a2user_id, tabid, tab_kind)
    (*ENDIF*) 
    END;
(*ENDWITH*) 
END;
 
(* PTS 1107952 E.Z. *)
(*------------------------------*) 
 
FUNCTION
      ak21uid (VAR user_id : tgg00_Surrogate) : tsp00_Int4;
 
VAR
      uid  : tsp00_Int4;
      ix   : integer;
      mult : tsp00_Int4;
 
BEGIN
uid    := 0;
mult      := 1;
FOR ix := sizeof (user_id) DOWNTO
      sizeof (user_id) - 4 + 1 DO
    BEGIN
    uid  := uid + ord (user_id[ix]) * mult;
    mult := mult * 256
    END;
(*ENDFOR*) 
ak21uid := uid;
END;
 
(*------------------------------*) 
 
PROCEDURE
      ak21_user_rec_repl  (VAR acv : tak_all_command_glob;
            VAR a20v     : tak_a21_glob;
            VAR u_buf    : tak_sysbufferaddress;
            u_type       : tak_usertyp);
 
VAR
      exclusive    : boolean;
      b_err        : tgg00_BasisError;
      user_param   : tak_userparams;
      userownerid  : tgg00_Surrogate;
      groupid      : tgg00_Surrogate;
      u_parameters : tak_userpar_arr;
      u_defcode    : tsp00_CodeType;
 
BEGIN
WITH acv, a20v  DO
    IF  a_returncode = 0
    THEN
        BEGIN
        b_err                 := e_ok;
        u_buf^.suser.userkind := u_type;
        userownerid           := u_buf^.suser.userowner_id;
        IF  u_buf^.suser.urecordtyp = [ is_group_rec ]
        THEN
            groupid := u_buf^.syskey.sauthid
        ELSE
            groupid := cak_nil_group_id;
        (*ENDIF*) 
        (* PTS 1107952 E.Z. *)
        IF  b_err = e_ok
        THEN
            BEGIN
            WITH u_buf^.suser DO
                BEGIN
                FOR user_param := up_unused2 TO cachelimit DO
                    IF  a2params[ user_param ] <> cak_is_undefined
                    THEN
                        uparams[ user_param ] :=
                              a2params[ user_param ];
                    (*ENDIF*) 
                (*ENDFOR*) 
                u_parameters := uparams;
                IF  a2ex_modified
                THEN
                    uexclusive := a2exclusive;
                (*ENDIF*) 
                exclusive := uexclusive;
                IF  a2defc_modified
                THEN
                    userchardefcode := a2defaultcode;
                (*ENDIF*) 
                u_defcode := userchardefcode;
                IF  (uparams[ costwarning ] <> csp_maxint4) AND
                    (uparams[ costwarning ] >= uparams[ costlimit ])
                THEN
                    b_err := e_invalid_costwarning
                ELSE
                    a10repl_sysinfo (acv, u_buf, b_err)
                (*ENDIF*) 
                END;
            (*ENDWITH*) 
            IF  (b_err = e_ok)
                AND (groupid <> cak_nil_group_id)
            THEN
                BEGIN
                a2sysk           := a01defaultkey;
                a2sysk.sentrytyp := cak_euser;
                REPEAT
                    a10next_sysinfo (acv, a2sysk, 0,
                          d_release,
                          cak_euser, a2sysbuf, b_err);
                    IF  b_err = e_ok
                    THEN
                        WITH a2sysbuf^.suser DO
                            IF  usergroup_id = groupid
                            THEN
                                BEGIN
                                a10_lock_sysinfo (acv,
                                      a2sysk, lckRowExcl_egg00);
                                userkind        := u_type;
                                userowner_id    := userownerid;
                                uparams         := u_parameters;
                                uexclusive      := exclusive;
                                userchardefcode := u_defcode;
                                a10repl_sysinfo (acv, a2sysbuf, b_err);
                                END;
                            (*ENDIF*) 
                        (*ENDWITH*) 
                    (*ENDIF*) 
                    a10_key_del (acv, a2sysk);
                UNTIL
                    b_err <> e_ok;
                (*ENDREPEAT*) 
                IF  (b_err <> e_ok) AND (b_err <> e_no_next_record)
                THEN
                    a07_b_put_error (acv, b_err, 1)
                ELSE
                    b_err := e_ok;
                (*ENDIF*) 
                END;
            (*ENDIF*) 
            a10_key_del (acv, u_buf^.syskey);
            END;
        (*ENDIF*) 
        IF  b_err <> e_ok
        THEN
            a07_b_put_error (acv, b_err, 1)
        (*ENDIF*) 
        END;
    (*ENDIF*) 
(*ENDWITH*) 
END;
 
(*------------------------------*) 
 
FUNCTION
      a21is_owner (VAR acv : tak_all_command_glob;
            VAR userrec : tak_userrecord) : boolean;
 
VAR
      is_owner : boolean;
      b_err    : tgg00_BasisError;
      userbuf  : tak_sysbufferaddress;
      sysk     : tgg00_SysInfoKey;
 
BEGIN (* PTS 1112485 *)
is_owner := (acv.a_current_user_kind in [usysdba, ucontroluser])
      OR
      (userrec.userowner_id = acv.a_curr_user_id)
      OR
      (acv.a_curr_user_name = a01controluser);
IF  NOT is_owner AND (acv.a_current_user_kind = usysdba)
    AND (userrec.userkind <> udba)
THEN
    BEGIN
    sysk           := a01defaultkey;
    sysk.sauthid   := userrec.userowner_id;
    sysk.sentrytyp := cak_euser;
    a10get_sysinfo (acv, sysk, d_release,
          userbuf, b_err);
    IF  b_err = e_ok
    THEN
        is_owner := userbuf^.suser.userowner_id = acv.a_curr_user_id
    ELSE
        a07_b_put_error (acv, b_err, 1)
    (*ENDIF*) 
    END;
(*ENDIF*) 
a21is_owner := is_owner
END;
 
.CM *-END-* code ----------------------------------------
.SP 2 
***********************************************************
.PA 
