The InterBase and Firebird Developer Magazine 2005 ISSUE 1 Cover story Inside Savepoints Contents Such a nice newborn
Cover story Dear colleagues! and Microsoft command huge PR- Editor’s note budgets, we are very well positioned in by Dmitri Yemanov Inside Savepoints ...... 3 I am happy to present to you the this competition. And I am sure that all been waiting for this feature for a first issue of “The InterBase and there is huge hidden potential in our long time, and I suppose we won't be community. disappointed. by IBSurgeon Research Labs, [email protected] Firebird Developer Magazine”. It Type conversion through has been a long time since the ini- Now the situation is changing. We COMPUTED BY ...... 10 “Working with temporary tables in tial idea for such a magazine was have got at least one great book about InterBase 7.5” is also very interesting. born, and now you are reading Firebird, we have annual conference To my mind, adding user temporary Database maintenance the first issue. events, and now we have got our own tables is the most important recent magazine – just like other big players. improvement of InterBase so every by Dmitri Kouzmenko Embedded User Authentication Why “InterBase and Firebird” I hope that our magazine will be useful developer should know its details. in InterBase 7.5 ...... 11 and interesting for all people who work with InterBase and Firebird – as DBAs, And I think many InterBase and Fire- I think the “editor’s note” is the right as developers or even as project man- bird developers came across the most place to answer some obvious ques- by Vasiliy Ovchinnikov agers. We are concentrating on “all annoying error – error 10054. The Using KEEPALIVE-sockets to detect and release hung InterBase tions about a newborn magazine. First times greatest hits” problems and will article of Vasily Ovchinnikov is devoted and Firebird client connections, of all, why does its title contain both try to make this magazine not a one-off to practical ways to avoid 10054 or how to avoid 10054/104 errors ...... 15 “InterBase” and “Firebird”? Some reading, but a long-play interesting errors. newbies and gurus of InterBase and novel that makes for some good reaing Firebird insist that they are different Of course, this is not all of it in this issue a number of times. Also in future issues Developers area products – and I completely agree. – please feel invited to read on. we will pay attention to community They are different, but people who use by Dmitri Kouzmenko events like BorCon and the Firebird Working with temporary tables in InterBase 7.5 ...... 18 them are the same. Development We need your feedback Conference. approaches, problems and techniques This is the first issue of “The Interbase and Firebird Developer Magazine”. by Dmitri Kovalenko are almost always the same. Working with UNICODE in InterBase/Firebird ...... 21 In this issue We have got plenty of ideas for the fol- Of course, InterBase and Firebird are lowing issues and will try to make “The different but it is not the same kind of Ok, what do we have in this issue? The Interbase and Firebird Developer by Dmitri Kouzmenko first and largest article “Inside Save- Hyperthreading, SMP and InterBase, Firebird, Yaffil ...... 23 difference as between Oracle and MS Magazine” the best database devel- SQL – they are different like brothers. points” by Dmitri Yemanov is devote to oper magazine around. And the most the internal details of server save- Subscribe now! important thing we would like to know Who need our magazine points. Explicit savepoints are a rather is your opinion and your thoughts To receive future issues notifications send email to You sometimes hear the opinion that recent improvement in both InterBase about our work. Please do not hesitate [email protected] “InterBase is not a serious DBMS” and and Firebird, and I think it will be very to contact us: Credits “Firebird? What’s this?” And it is a interesting for all readers to know nitty- [email protected] Alexey Kovyazin, Chief Editor hardly known fact that the size of our gritty details of their functioning. Dmitri Kouzmenko, Editor community is close to the community Sincerely yours, Alexey Kovyazin. Another hot article is “Using Embed- Lev Tashchilin, Designer size of such monsters as Oracle and ded User Authentication in InterBase Chief Editor Volker Rehn, Subeditor MS SQL. Despite the fact that Oracle 7.5” by Dmitri Kouzmenko. We have
©2005 www.ibdeveloper.com ltd. All right reserved www.ibdeveloper.com 2 The InterBase and Firebird Developer Magazine 2005 ISSUE 1 Cover story Inside Savepoints
Author: Dmitri Yemanov Inside Savepoints [email protected]
General information Tip: In case there are no exception handlers available, the records may be reconstructed down to the global savepoint, providing complete A savepoint is an internal mechanism of If you expect that during transaction many changes are to be made, then transaction rollback. After reconstruction of all modified records, the the database, which binds any changes it makes sense to specify the isc_tpb_no_auto_undo transaction parame- savepoint is usually deleted from the transaction context. in the database to a specific point of ter, which disables usage of the global savepoint for rollback. In some time during a transaction, and in case of cases, it allows to increase server's performance during batch operations. Releasing savepoints necessity, allows a user to cancel all rollbacks, the server also uses them for record is being changed, is called "cur- In addition to the rollback to savepoint operation, there is an opera- changes, which were made after setting exception handling. Each SQL and/or rent". Information about record changes tion of regular deletion (release) of a savepoint. In case a savepoint is this particular savepoint. This process is PSQL operator is enclosed in a save- is stored in the current savepoint undo deleted, its undo log is merged with the undo log of the previous one, also known as rolling back to savepoint. point frame, which allows to rollback log. If a rollback to the savepoint is per- in the savepoint stack. In this sense, each savepoint is nested. Also server uses savepoint mechanism this particular operator, keeping the formed, the undo log is unwound, and to implement transaction handling This previous ones unchanged. This guaran- records are reconstructed. As a result, It is clear, that regular deletion of all savepoints located "deeper" than mechanism helps either to commit or to tees either successful execution of the the record becomes as it was at the the global one, would lead to the transfer of all changes to the trans- cancel all changes made during a trans- operator or automatic cancellation of moment this savepoint was set. action global savepoint. action. For those purposes, the server all changes made, and a corresponding Figure 1 Savepoints in action uses the global savepoint. error will be initiated. Such a savepoint is set automatically For exception handling in PSQL, each when a transaction starts, and it is the BEGIN…END block is also enclosed in first savepoint in the transaction context. a savepoint frame, which allows you to When transaction rollback is initiated, cancel all changes made by this block. all changes made within its context are Let's consider some details of how save- cancelled using the transaction global points work. savepoint. After that, the transaction is commited (!) within the Transaction Savepoints in action Inventory Page (TIP). This is necessary A savepoint is a data structure, which is in order to avoid housekeeping opera- located in the server's dynamic storage tions in the future. (transaction pool) and has a unique However, if the number of changes in numerical ID. A list of activities made transaction context becomes too big within the savepoint context is associat- (approx.10000 - 1000000 records), ed with this savepoint. Such a list is then the storing of rollback lists called an "undo log." Savepoints form a becomes expensive, and the server stack within a transaction, and that is deletes the transaction global save- the reason why only sequential rollback point, switching to the standard TIP of savepoints is possible. mechanism to mark the transaction as Undo log fragments are distributed dead. across savepoints that store the history. In addition to the use of savepoints for A savepoint, which is active when a
©2005 www.ibdeveloper.com ltd. All right reserved www.ibdeveloper.com 3 The InterBase and Firebird Developer Magazine 2005 ISSUE 1 Cover story Inside Savepoints
Figure 2 Releasing a savepoint: undo data moved to upward savepoint automatically deleted. and would be canceled entirely, if an 2. Execution of the BEGIN…END block error occurs. in PSQL (stored procedure or a trigger) Secondly, in the presence of a in case the block contains an error han- WHEN-handler, the occurrence of an dler (WHEN-block). In that case, each error leads a rollback of the only oper- BEGIN operator sets a savepoint, and ator, and after that the process is man- a corresponding END operator deletes aged by the handler. it. This enables to provide error han- That is to say, there are obvious dif- dling ferences in the server’s reactions, which in the PSQL-block. depend on the presence of a WHEN- handler. 3. Execution of an SQL-operator in the context of a “BEGIN…END” block, It is worth considering a known which contains an error handler anomaly, which does not fit the scheme (WHEN-block). That is, if the block con- described above. The scheme works as tains an error handler, any SQL-opera- follows: the paragraph 3 (enclosing of tor in this block is framed by a save- each SQL-operator inside a PSQL- point frame. block by its own savepoint frame) is true for SQL-operators only (moreover, Exception handling not for all of them). In other words, for Let’s consider the errors handling example, an assignment operator will process on the server. When an excep- not be framed by a savepoint frame. Tip: tion occurs, automatic rollback to the As a result of an error in assign- As is illustrated below, each custom SQL-query is a set of savepoints within a transaction. last set savepoint is performed. As a ment, execution leads to a normal roll- result, all operations performed by an back to the previous savepoint, which invalid SQL-query would be canceled. Thus, the combination of all changes, not created, and if regular deletion of the current stack is performed, the is… exactly! – the block’s savepoint. which were successfully executed dur- combined undo log is simply deleted, and transaction is marked dead, and Then, in case of a PSQL-block, it is That is to say, even if there is a ing transaction, is stored in undo logs. all changes are to be cleared (garbage collection). checked, if there is a custom WHEN- WHEN-handler, the error may cause That is why, when the automatic undo handler. If it does exist, control is trans- the rollback of the whole block before log is enabled, the server can cancel all Savepoints and exception handling ferred to it, and after exiting, savepoint control to the error handler. performed changes, and in the TIP this There are several events, which make server create system-defined (i.e. is deleted. I consider this situation as a serious transaction would be marked as com- user-uncontrollable) savepoints: Then the process repeats recursively, flaw in the server’s exceptions handling mitted, and not as dead. logic. Below is the full list of operators, 1. Execution of any user SQL-query. As has been said above, this done in until embedded handlers end. Thus, if a for which the savepoint frame is creat- When specifying the order to guarantee atomicity of a query. That is to say, if any exception stored procedure doesn't contain a ed: INSERT, UPDATE, DELETE, EXCEP- isc_tpb_no_auto_undo parameter at occurs during query execution, the changes made in the database will handler which would be able to handle TION, EXECUTE STATEMENT [INTO]. transaction start, a global savepoint is always be canceled. After the query is executed, the savepoint will be this error, the whole procedure will be considered as a single SQL-operator, To understand the reasons of this Tip: and canceled. anomaly, it is necessary to take into account the following 2 facts: It is necessary to note that the isc_tpb_no_auto_undo parameter does not disable the savepoints mecha- Let’s make a summary nism (this is impossible due to the atomicity guarantee for SQL-operators ). It only disables the creation Firstly, if there is no WHEN-handler, •If an error occurs, rollback to the of a transaction undo log as a single whole. any PSQL-block (including stored pro- last savepoint is performed uncondi- cedure and trigger) becomes atomic, tionally.
©2005 www.ibdeveloper.com ltd. All right reserved www.ibdeveloper.com 4 The InterBase and Firebird Developer Magazine 2005 ISSUE 1 Cover story Inside Savepoints
•A block’s savepoint deletion (or roll- point #2 was deleted right before assignment execution), INSERT will be back to it) is performed together with the canceled. Therefore, a rollback of the whole BEGIN...END block will be InterBase Myths № 1 verification of the savepoint’s identifier performed before entering the handler. When performing a "restore" outdated, versions are This means that when an error occurs in Below is the same procedure with an explicit exception statement, enclosed deleted (and, therefore, are stored in backup) or operators not included to the above list in a block without a WHEN-handler: gbak -g creates a backup file without versions, and (i.e. not enclosed in a savepoint frame), by default versions are included in the file. that actually the wrong (block's) save- CREATE PROCEDURE PROC2 Nothing of the kind! No records versions are stored in a back- point is deleted. But the block itself is tol- AS erant to that fact, since it only deletes its up because it is unnecessary. Generally, the backup process is an ordi- DECLARE VARIABLE X INT; own savepoint (in case it has one). This nary snapshot transaction (repeatable read), and it reads only those is the reason why the described server -- start savepoint #1 records versions, which were relevant at the beginning of the transac- error does not cause fatal conse- BEGIN tion. The “no_garbage_collect” flag controls collecting garbage versions quences. -- start savepoint #2 in the database itself. This flag can also be used during ordinary con- INSERT INTO TAB (COL) VALUES (23); nections accessing the AP (i.e. in applications, when, say, one needs to Let us illustrate such a situation, using the accelerate sampling in some cases). description of the [428903] Exception -- end savepoint #2 Handling Bug error. To clarify this, we BEGIN provide these examples with comments X = 1 / 0; END about show the server deals with save- END WHEN ANY DO points. WHEN ANY DO EXIT; EXIT; Example 1 -- end savepoint #1 -- end savepoint #1 A procedure with an error handler and HereEND we see a created savepoint frame. As a result, rollback is performed only for the error generation in the assignment END As you see, no savepoint frame near assignment operator was nearest BEGIN level (savepoint #3), and the INSERT operator remained executed. operator: created. Therefore, the result would be similar to the previous one. Below is the same procedure with an explicit exception call, in the Example 2 CREATE PROCEDURE PROC1 block, which contains WHEN-handler: A procedure with error handler and explicit exception call: AS DECLARE VARIABLE X INT; CREATE PROCEDURE PROC3 CREATE PROCEDURE PROC4 -- start savepoint #1 AS AS BEGIN DECLARE VARIABLE X INT; -- start savepoint #1 -- start savepoint #2 -- start savepoint #1 BEGIN INSERT INTO TAB (COL) VALUES BEGIN -- start savepoint #2 (01); -- start savepoint #2 INSERT INTO TAB (COL) VALUES (67); -- end savepoint #2 INSERT INTO TAB (COL) VALUES (45); -- end savepoint #2 X = 1 / 0; -- end savepoint #2 -- start savepoint #3 WHEN ANY DO -- start savepoint #3 EXCEPTION E; EXIT; BEGIN -- end savepoint #3 -- end savepoint #1 X = 1 / 0; WHEN ANY DO InEND this case, since savepoint #1 is the WHEN ANY DO EXIT; nearest to the erratic operator (save- EXIT; -- end savepoint #1 -- end savepoint #3 END
©2005 www.ibdeveloper.com ltd. All right reserved www.ibdeveloper.com 5 The InterBase and Firebird Developer Magazine 2005 ISSUE 1 Cover story Inside Savepoints
In this case, INSERT will not be canceled, would be desirable to provide an a transaction. If you attempt to create (delete) savepoints when they are no longer necessary. This can be accom- due to the fact that the exception initiation alternative to choose between two savepoints with similar names, the plished using the following operator: of E results in rollback to savepoint #3 and UNDO- and EXIT- behavior of a first savepoint is deleted, and the speci- subsequent transfer of control to the error handler, and repair the described fied name is given to the second one. ThisRELEASE command SAVEPOINT deletes
©2005 www.ibdeveloper.com ltd. All right reserved www.ibdeveloper.com 6 The InterBase and Firebird Developer Magazine 2005 ISSUE 1 Cover story Inside Savepoints
A simple example of working with savepoints is given below: END InterBase Myths № 2 create table test (id int); END Record versions are created during reading commit; CLOSE C; insert into test (id) values (1); COMMIT; Versions are created only when records are changed or Note: The use of savepoints in loops deleted (UPDATE or DELETE). On the contrary, if commit; has an additional advantage: you do unnecessary versions of the same record are detected, insert into test (id) values (2); not need to call RELEASE each time, they are marked as trash (i.e., they would be deleted). Read savepoint y; since resetting a savepoint automatical- as much as you want, this will not result in creation of new versions. delete from test; ly deletes the previous savepoint with Vice versa, updating of a record creates a new version of the record in the same name. select * from test; -- returns empty set any case, disregarding the fact that someone else reads this record. rollback to y; Another example is, undoubtedly, A myth sometimes becomes true: versions of the records may be cre- select * from test; -- returns two records audit. For example, you need to pro- ated during reading, but only in Firebird 1.5 (and higher) in queries vide a log record for each activity, and rollback; select ... for update with lock. More detailed information will be pub- at the same time, if an error occurs, the lished in the next issue of full title. Aselectcustom * savepointfrom test; -- returns one record record should remain in the audit log Now let us consider an example of how savepoints can be used in business logic. (with a corresponding note): Assume there is an operation of mass document handling in the application, and it is necessary to display error messages (or save them for future presentation as a list), and let this bulk operation continue. Since the document handling opera- START TRANSACTION; tion is not atomic, on the client’s side it is better not to use regular exception han- INSERT INTO AUDIT_LOG (ID, EVENT, STATUS) VALUES (:ID, :EVENT, 1); dling since we cannot continue the transaction if we know that an exception per- SAVEPOINT OPER; formed a rollback of only half of the operation. TRY<…> // operations on database Such a dilemma can be resolved by handling each document sequentially in a separate transaction. Nevertheless, this does increase the consumption of inter- nal server resources (maximum number of records in TIP, transaction counter EXCEPT increment), and is therefore not the best alternative. ROLLBACK TO SAVEPOINT OPER; UPDATE AUDIT_LOG SET STATUS = 0 WHERE ID = :ID; In addition, if there is a need to fix a set of documents during the handling process (for example, by changing the transaction isolation mode or explicit blocking of END the SELECT … WITH LOCK type), it would require using only one transaction for COMMIT; through the SAVEPOINT global opera- the delta packet. Using a savepoint, the following algorithm would be used (in Savepoints in stored procedures and triggers Now let us consider the usage of custom savepoints in procedures and triggers. tor). In addition, procedure savepoints pseudocode): must be local and their scope must be At first glance, it looks very attractive and useful. Originally this functionality is declared defined by the procedure. That is to say, START TRANSACTION; in InterBase 7.1. Let’s consider the capabilities in detail. there can be a savepoint named “S1” OPEN C FOR ( SELECT … ); First of all, savepoints must not break the atomicity of SQL-operators. This means that both in the transaction and in procedures FOR ( C ) DO none of the commands can be canceled partially. Remember that EXECUTE PROCE- and triggers executed in the context of this LOOP DURE is a legal SQL-operator, and any operators updates may lead to trigger execu- transaction. At that, such savepoints will be isolated from each other. Note that this TRY tion. Generally speaking, any “simple” operator, such as INSERT or UPDATE may result in launching of a whole chain of triggers and procedures. That is why we are to examine very method is used in InterBase 7.1. SAVEPOINT DOC; the scope of a savepoint. <…> ///single document handling commands A question emerges: how would custom savepoints coexist with internal save- EXCEPT It is obvious that in order to meet the atomicity requirement, savepoint affected instruc- tions with in a procedure should not have an access to the transaction savepoint (set points managed by the server? <…> //eitherROLLBACK log TOthe SAVEPOINTerror or display DOC; it
©2005 www.ibdeveloper.com ltd. All right reserved www.ibdeveloper.com 7 The InterBase and Firebird Developer Magazine 2005 ISSUE 1 Cover story Inside Savepoints
Some theory In this case, all operators within the 2. each block of PSQL-code with an Let us consider a simple example of savepoint usage in PSQL, suggested by INSERT INTO TABLE3 … loop will be automatically canceled, in exception handler is enclosed in a frame Borland in the InterBase 7.1 server documentation: EXECUTE PROCEDURE … the event that an exception occurs, Thus we arrive at a conclusion that any since the operators are located in the … code area of the following type: CREATE PROCEDURE ADD_EMP_PROJ2 ( atomic block by which the savepoint WHEN ANY DO frame for SQL-operators mechanism EMP_NO SMALLINT, BEGIN was enabled. After that, the server will SAVEPOINT S1; EMP_NAME VARCHAR(20), ROLLBACK TO SAVEPOINT go through the chain of embedded … PROJ_ID CHAR(5) ) S1; blocks, and will switch to the handler. BEGIN AS ERROR = REC_ID; Therefore, in virtually any case, one … BEGIN SUSPEND; can realize the same semantics using ROLLBACK TO SAVEPOINT S1; BEGIN END the server's standard mechanisms, i.e. SAVEPOINT EMP_PROJ_INSERT; END Here we try to handle all documents, using system savepoints instead of cus- … INSERT INTO EMPLOYEE_PROJECT (EMP_NO, PROJ_ID) but the program does not stop in case tom ones, at the cost of relatively WHEN VALUES (:EMP_NO, :PROJ_ID); of failure, it only returns all unsuccessful unhandy source code. Thus, savepoints is definitely invalid, since to perform a WHEN SQLCODE -530 DO attempts at the end of the procedure. in PSQL are nothing but an easy and rollback to savepoint S1, it would be BEGIN Server standard logic would cancel the comprehensive alternative for the explic- necessary to delete the system save- ROLLBACK TO SAVEPOINT EMP_PROJ_INSERT; error operator and control to the han- it usage of BEGIN…WHEN…END blocks. point, created by the server for excep- dler, which in its turn cancels actions of tion handling in the “BEGIN…END” EXCEPTION UNKNOWN_EMP_ID; A bit of practice the whole block. Thus, we can easily block. This would destroy the internal END turn the EXIT-handler to UNDO in case Now let us return from theory to prac- undo log, and may corrupt the data- END if necessary. Of course, this functionali- tice and test this reasoning in InterBase base. 7.1. The result is quite depressing: none ThisEND example demonstrates how exceptional situations are handled when ty can be obtained by standard means Thank God, the InterBase developers using savepoints. That is to say, when an exception with code -530 occurs as well: (!!!) of the given examples work, and error messages appear: did not create such cardinal realization, (the violation of reference integrity by a foreign key) we cancel the insert and server attempts to cancel the operation and initiate a user exception. Actually, this example is absolute- FOR SELECT ID, … INTO previous (last) savepoint directly, ly useless, since we do not need a savepoint here: Statement failed, SQLCODE = -504 :REC_ID, … only if its name matches. Since sys- Savepoint
Summary neither available in Firebird, nor in Yaffil. There are some peculiarities in save- BEGIN Note: As far as I understand it, the same reasons prevent from using commit/roll- points logic, which prevent realization INSERT INTO TABLE1 … back retaining in PSQL, since in that case the savepoint-frame of a procedure would of their complete support by PSQL. The be destroyed. ROLLBACK TO SAVEPOINT S1; analysis of InterBase 7.1 behavior INSERT INTO TABLE2 … proves the point. The rationale of that is Savepoint in distributed transactions END the presence of system savepoints, This is an emulation of an error, which which interaction with custom ones is InterBase 7.1 introduces the option to work with savepoints in coordinated transac- usually occurs if the required save- limited, due to data integrity require- tions. point cannot be found within a single ments. That's why this functionality is For this purpose, three new API functions are introduced: code block. As one would expect, the execution of the procedure returns the same error. But!!! Procedure execution ISC_STATUS isc_start_transaction(ISC_STATUS* status, does not stop at this point. Instead, the isc_tr_handle* trans, char* name); second INSERT is executed (which you ISC_STATUS isc_release_transaction(ISC_STATUS* status, can easily verify by substituting isc_tr_handle* trans, char* name); INSERT with an operator of EXCEP- TION E_TEST type). The question is, ISC_STATUS isc_rollback_transaction(ISC_STATUS* status, why? It turns out that this error cannot As you see, these functions do not all databasesisc_tr_handle* used by the trans, transaction. char* This name, seems shortabsolutely option); logical, since formal- be handled in the procedure, i.e. the have a connection descriptor (data- ly, a savepoint is a part of a transaction and not of a connection. However, there code: base handle) which means that corre- is one nuance here. Let’s examine following program fragment (error handling is sponding SQL-commands are issued to not included):
INSERT INTO TABLE1 … BEGIN /* Connect to the database */ ROLLBACK TO SAVEPOINT S1; isc_attach_database(status, 0, database1, &db1, 0, NULL); WHEN ANY DO isc_attach_database(status, 0, database2, &db2, 0, NULL); EXCEPTION E_TEST; doesEND not throw the E_TEST exception, /* Begin coordinated transaction */ as one might expect. Even though the isc_start_transaction(status, &trans, 2, &db1, 0, NULL, &db2, 0, NULL); code after ROLLBACK TO SAVE- POINT is executed, nothing really /* Create savepoint */ happens. Which means, that in case isc_start_savepoint(status, &trans, "A"); the described error occurs in a proce- dure, all changes made by this proce- /* Executing database operations */ dure will be unconditionally (!) can- celed. This happens regardless of isc_dsql_execute_immediate(status, &db1, &trans, 0, "DELETE FROM TABLE1", 1, NULL); which code was executed before or isc_dsql_execute_immediate(status, &db2, &trans, 0, "DELETE FROM TABLE2", 1, NULL); after the command. It would be inter- /* Delete the savepoint explicitly, through the second connection descriptor */ esting to find out how InterBase devel- isc_dsql_execute_immediate(status, &db2, &trans, 0, "RELEASE SAVEPOINT A", 1, NULL); opers explain this phenomenon. /* Rollback to savepoint */ isc_rollback_savepoint(status, &trans, "A", 0);
©2005 www.ibdeveloper.com ltd. All right reserved www.ibdeveloper.com 9 The InterBase and Firebird Developer Magazine 2005 ISSUE 1 Tips Inside Savepoints Type conversion through /* Commit coordinated transaction */ isc_commit_transaction (status, &trans); Author: /* Disconnecting the database */ COMPUTED BY IBSurgeon Research Labs, [email protected] isc_detach_database(status, &db1); isc_detach_database(status, &db2); As a result of a rollback to savepoint, Even if only one of them fails, InterBase has an interesting undocumented feature. Usually when the COMPUTED stored as integers’ one, and therefore I expect rollback to be performed in an error returns. Generally, BY field is declared, the following syntax is used: when one enters 1.88, in NUMERIC(15, both databases I work with. Then I this error does not character- 2) it would look as 1.88, though actual- commit the transaction, and after that ize the current situation, in ly (as a string) will turn out to be I need to see all data on their places, terms of correctness of the
©2005 www.ibdeveloper.com ltd. All right reserved www.ibdeveloper.com 10 The InterBase and Firebird Developer Magazine 2005 ISSUE 1 Database maintenance Embedded UA in InterBase
Author: Dmitri Kouzmenko Embedded User Authentication [email protected] in InterBase 7.5
One of the most important new features in InterBase 7.5 is user 3. if the passwords are equal, the user manage this functionality (in “gsec” a •internal gds software consistency authentication, which is embedded in the database. Let’s con- connects to the database he/she speci- “user_database” option is added for check (decompression overran buffer sider the scheme used in the previous version: fied. And if they do not, the user is user management in such databases). (179), file: sqz.c line: 229) unable to connect to the database This functionality is supported only for for databases, in which EUA was never Standard scheme ("wrong user name or password" error ODS 11.2, i.e. for the databases creat- enabled reported). In InterBase, a separate special database isc4.gdb is intended for user list ed or restored from backup in InterBase In other words, there is no other way to storing. In InterBase 7.0 this database was renamed (admin.ib), and in As you can see, to access any database 7.5. At that, previous versions of Inter- connect to the database, but from Inter- addition, new ibconfig parameter was added (ADMIN_DB), which allows on this server, a user must be specified Base, for example, 7.1 and below, Base 7.5 specifying a required pass- to specify any name for this database. in isc4/admin only once. In the future, when attempting to connect to such word (stored in the database) for a spe- in a particular database, user access is database, will return two types of mes- cific user (we do not consider the possi- defined by the rights he is granted. sages: bility of “hacking” such database, i.e. This scheme is insufficient when used in: •product DATABASE ACCESS is not editing it in HEX-editor). •single-user applications. It becomes licensed necessary to deploy both the database for databases, in which EUA is enabled continued on page 12 and admin.ib. or disabled •deployed or stolen databases. Any- one can "slip" his/her own “admin.ib” with SYSDBA/masterkey to the server, and, as a result, completely control a database. •systems, in which a user has to con- nect to only those databases, with which one is allowed to work.
In isc4.gdb/admin.ib, there is a basic “USERS” table, which contains user- Embedded User name, password, and other parameters. When a client connects to a data- Authentication base: In InterBase 7.5 you can either refuse 1. the front-end encrypts the password by DES algorithm with data loss, using admin.ib (see below), or combine and then sends the username and encrypted password to the server. admin.ib with user control in the data- 2. the server encrypts the received password once again by the same lossy base. For that purpose, attributes of DES, and then calls isc4/admin in the “USERS” table, finds the necessary several system tables were extended, user, and then verifies the received password with the stored one. and new SQL-operators were added to
©2005 www.ibdeveloper.com ltd. All right reserved www.ibdeveloper.com 11 The InterBase and Firebird Developer Magazine 2005 ISSUE 1 Database maintenance Embedded UA in InterBase
Enabling EUA There are two ways of enabling EUA in a database: [NO] SYSTEM USER NAME 1. When creating a database, specify an extra option – WITH ADMIN OPTION – [NO] GROUP NAME in CREATE DATABASE [NO] UID 2. For any ODS 11.2 database, enter the following operator [NO] GID [NO] DESCRIPTION [NO] FIRST NAME ALTER DATABASE ADD ADMIN OPTION In any case, among ODS 11.2 database system tables there always is the [NO] MIDDLE NAME RDB$USERS table. It is an equivalent to the USERS table from admin.ib [NO] LAST NAME (RDB$DEFAULT_ROLE, RDB$USER_ACTIVE, and RDB$USER_PRIVILEGE columns are added). ACTIVE INACTIVE When enabling EUA, it becomes active right away, and in the RDB$USERS table the SYSDBA user standard record appears (the password is encrypted “masterkey”), Examples: and with RDB$USER_PRIVILEGE = 1. After that, when connecting to a database, the server ignores presence (or absence) of the user in admin.ib, as well as his/her password. That is to say, when EUA is enabled, one can connect to a database only CREATE USER TEST SET PASSWORD 'TEST', NO LAST NAME, if username/password combination, stored in rdb$users, is correctly specified. DEFAULT ROLE ABC As a result, a user TEST with “TEST” password will be created; the LAST_NAME col- EUA can be temporarily deactivated by the command umn will be set NULL, the default role will be “ABC” (and rdb$user_privilege = 0, i.e. "not a database owner"). The same can be performed by the following com- mand set: andALTER activated DATABASE SET ADMIN OPTION INACTIVE
CREATE USER TEST SET PASSWORD 'TEST'; ALTER DATABASE SET ADMIN OPTION ACTIVE ALTER USER TEST SET NO LAST NAME, DEFAULT ROLE ABC; During deactivation, in RDB$USERS field RDB$USER_ACTIVE is set to 'N' for all Draw attention to the fact that one can “enable” and “disable” users by the alter user records (including SYSDBA). When activating, it is performed conversely: user xxx set inactive/active command. There is no such possibility in the standard RDB$USER_ACTIVE is entered to 'Y' for all users. Doing that, be careful, since if admin.ib. some users were disabled before EUA deactivation, as soon as EUA is activated, all EUA users will be able to access the database (i.e. all EUA accounts will be Authentication order enabled). It is important to comment how exactly connections are performed in case EUA is You can completely delete EUA, together with all user records by the command: active in a database: •The server opens a specific database. ALTER DATABASE DROP ADMIN OPTION This will clear the RDB$USERS table, and restore functioning of the standard 1. EUA disabled – user authentication is accomplished from admin.ib authentication scheme (through admin.ib). 2. EUA enabled - user authentication (any user, including SYSDBA), is accom- plished from rdb$users of this particular database User management If EUA is enabled, you can manage users: That is, when enabling SYSDBA and changing password for SYSDBA, it will be pos- sible to connect to this database under the “SYSDBA” name, only if the user speci- fies a correct password. {CREATE | ALTER} USER SET Attention: Admin.ib is mandatory in any case. The server, when trying to connect to a database, requires presence of admin.ib regardless of whether database EUA option : PASSWORD is enabled or not. continued on page 13 [NO] DEFAULT ROLE ©2005 www.ibdeveloper.com ltd. All right reserved www.ibdeveloper.com 12 The InterBase and Firebird Developer Magazine 2005 ISSUE 1 Database maintenance Embedded UA in InterBase
User schemes combining words. That is to say, one SYSDBA Thus, in InterBase 7.5 two schemes of manages the databases, which do not InterBase Myths № 3 user management are supported: stan- have EUA, while other SYSDBA con- dard and EUA. This allows building the trols the databases with EUA enabled. Database files (gdb) must be shared with users following schemes 5. standard+EUA 3: SYSDBA user- Never do that! InterBase – is not a file server, and works with databases independently. A client only 1. standard: all users included in names and passwords are different for informs the server, which database he/she wants to work admin.ib are allowed to access all all databases – with or without EUA. with, and what queries are to be executed. databases. Access rights to a specific The picture illustrates an example of database are defined by grants how two different users connect to dif- After restore, the rdb$user_privilege column of the rdb$users table has null value. 2. EUA: the usernames for a particular ferent databases. Even though this is “unimportant” for SYSDBA, in cases when SYSDBA is not the database are specified in this database User 1 can connect to databases with database owner (the owner is, say, the “TEST” user), that particular user, as well as only. Accordingly, only these users can EUA disabled. To access DB1.IB, it is any other users, cannot login to such database. connect to it. necessary to create a new user The situation can be corrected if one logins to this database as SYSDBA, setting “1” 3. standard+EUA 1: SYSDBA every- (USER1) in this database, and specify value in the column instead of null for the database owner, and “0” for all other where is the same (including pass- either the same, or a different password users. After this procedure, EUA’s workability will be restored. word), i.e. it administrates all databas- (if needed). To date (16.05.2005) in Borland it is considered as bug IB 7.5.0.174. es on the server. The server databases User 2 can connect to DB1.IB only. If can be divided into 2 sets: the first set this user is specified in ADMIN.IB, A workaround: without EUA (public access from he/she will be able to work with the disable EUA before backup (alter database set admin option inactive); after restore admin.ib), and the second set with EUA databases, in which EUA is disabled. is performed, enable EUA (alter database set admin option active). However, to (only the users specified in this particu- avoid change of the owner (unless it is sysdba), there should be an owner of the lar database are allowed to access it) BACKUP/RESTORE database with EUA in admin.ib. 4. standard+EUA 2: All users are com- At the given moment, in InterBase mon for all databases (if those, for 7.5.0.174 the following behavior is Other issues example are copied from one source), detected (there is no report about fixing Sometimes, for different purposes, a database can be created by a user other than but SYSDBA requires different pass- that problem in IB 7.5 SP 1): SYSDBA, for example, in order to use a database owner as a "backup user" (at that, all objects are created and modified on behalf of SYSDBA, and the owner cannot change them). In this case, a user who created the database, is the database owner, and thus can perform backup/restore being an owner not only of the database but also of all objects created by her/him. There are several features of applying such method when EUA is enabled. 1. Create a database not as a “SYSDBA,” but as a “TEST” user. As soon as a “TEST” user is created, it becomes a database owner. At this point, of course, the TEST (with password “test,” for example) user should be specified in admin.ib. 2. Enable EUA in the database. ALTER DATABASE ADD ADMIN OPTION; In the RDB$USERS table a record about the TEST user with “test” password appears (the password is double-encrypted, as in admin.ib), rdb$user_active = Y and rdb$user_privilege = 1 3. Add a "local" user USR
©2005 www.ibdeveloper.com ltd. All right reserved www.ibdeveloper.com 13 The InterBase and Firebird Developer Magazine 2005 ISSUE 1 Database maintenance Embedded UA in InterBase
create user USR set password 'usr'; • Probably, it would be better to create a flag in Header Page of the database, 4. All this leads to an interesting situation. The “TEST” user can perform backup, but which would signify presence of EUA. In this case, users would be ignored during would it be a backup from admin.ib, or from the database? Let’s change the TEST’s restore process. This is up to InterBase 7.5 developers. password in admin.ib. Let the password be “tttt”. • In spite of apparent “autonomy” of EUA, if there is no admin.ib, it would be pos- 5. try to backup from TEST user through admin.ib sible neither to connect to the database, nor perform restoring. gbak -b db.ib db.ibk -v -user TEST -pass tttt does not pass. Try a user from EUA gbak -b db.ib db.ibk -v -user TEST -pass test it does pass. That is, only the user specified in eua can do backup (i.e. database owner). 6. So far, it seems like one can delete the “TEST” user in admin.ib, or completely delete admin.ib. But without admin.ib the server will not connect even to the data- bases with active EUA. In addition, restore should be done by a user specified in admin.ib, since when restoring, it is impossible to find out whether a database has EUA or not. gbak -c db.ibk 1.db -v user TEST -pass test does not pass, as it was expected. The TEST user has a different name in admin.ib. gbak -c db.ibk 1.db -v user TEST -pass tttt restore is successfully accomplished. However, as it was already said above, the column rdb$user_privilege = NULL. This makes impossible for any EUA user to connect to the restored database EUA (including the “TEST” user with password “test”). Connect as TEST/tttt, set “0” instead of “null” in the rdb$users column of the TEST record, and then disconnect… As a result, EUA resumes work (see above an exam- ple of temporary solution of the problem).
Conclusion Regarding all that, we can come to several conclusions: • EUA in this version does not "outlive" backup/restore not only for the owner, but for SYSDBA as well. SYSDBA is "both king and god" for databases and that is why rdb$user_privilege = null is unnoticeable for a developer. This becomes important when one begins to use the database in operating mode. • When performing restore, there is a need to verify username/password. For reg- ular databases, restoring with other usernames is performed when it is necessary to change the database owner. However, since EUA is enabled for users within the database, restore can be performed in no other way but specifying a new user at gbak -c. Actually, SYSDBA from admin.ib may be a "wrong user" differing from SYSDBA in the database with EUA, if they have different passwords.
©2005 www.ibdeveloper.com ltd. All right reserved www.ibdeveloper.com 14 The InterBase and Firebird Developer Magazine 2005 ISSUE 1 Database maintenance Using Keepalive
Using KEEPALIVE-sockets to detect and release hung Author: Vasiliy Ovchinnikov InterBase and Firebird client connections, [email protected] or how to avoid the 10054/104 errors Introduction et mechanism (the one implemented in Parameter Description In the systems within InterBase or Firebird databases, which are intended InterBase 5.0 and repeatedly corrected in Firebird 1.5.x) strongly depends on Time interval, on expiry of which KEEPALIVE-probes start for working in either real-time or near-real-time modes, there is a problem KEEPALIVE_ TIME of client connection status tracking on the server side, and of forced discon- server’s and client’s operating systems, Time interval between KEEPALIVE-probes nection in case the client becomes inaccessible due to connection release. tcp stack versions, and many other con- KEEPALIVE_INTERVAL It is important to promptly release the resources busy with such phantom ditions. That is to say, effectiveness of Number of KEEPALIVE-probes KEEPALIVE_PROBES connections, especially when using servers with Classic architecture. such system in a real network tends to zero. The TCP stack tracks the moment when closed after the following time interval: If some users connect to the server through an unstable modem connection, KEEPALIVE_ TIME+ ( KEEPALIVE_ KEEPALIVE-sockets are a more interest- packets stop transmit between the client then the risk of disconnection becomes rather high. PROBES+1)* KEEPALIVE_ INTERVAL. ing mechanism. Implemented in Inter- and the server, by launching the For instance, a client saves a modified record set, and after UPDATE is exe- Base 6.0 and higher, it is intended for KEEPALIVE timer. As soon as the timer By default, the parameters values are cuted (while COMMIT is not) the connection is released. connection failure tracking. KEEPALIVE reaches the KEEPALIVE_ TIME point, rather big, and this makes use of them the server TCP stack would execute the As a rule, client applications in such situations reconnect to the server, but is enabled by setting the SO_ ineffective. For example, the default first KEEPALIVE probe. Probe is an the client (as he/she continues working with the data, after saving which KEEPALIVE socket option at the open- value of KEEPALIVE_ TIME parameter is empty packet with ACK flag sent to a one received error message due to connection fail) will be unable to save ing. There’s no need to manually set it if “2 hours,” both in Linux and in Win- user. If everything is alright on the client changes, since he/she will receive a message about lockout conflict (“lock you use Firebird 1.5 or higher, since it is dows. Actually, 1-2 minutes would be side, then the TCP stack on client side conflict on update”). The previous connection, which opened the transac- implemented in the program code of enough to make a decision about sends a response packet with ACK flag, tion (in the context of which UPDATE was executed, while COMMIT was- the Firebird server, both for Classic, forced disconnection of an inaccessible and the server TCP stack resets the n’t), still holds these records. and for Superserver. client. On the other hand, KEEPALIVE KEEPALIVE timer as soon as it receives default settings sometimes cause forced Connection failures may occur in a local network too, if the hardware (net- For Interbase and Firebird versions a response. disconnections in Windows networks, cards, hubs, commutators) is out of order or not adapted well, and/or due lower than 1.5, in the variant with Clas- If the client does not response to the which are stay inactive during these 2 to clutter in the network. In Interbase and Firebird logs, failures of tcp con- sic architecture, an additional setting is probe, the probes from the server con- hours (of course, one may cast doubt nections are displayed as error 10054 in Windows and 104 in Unix; net- necessary. This setting is described tinue to be sent. Their quantity equals to on necessity of such connections in the beui failures are displayed as 108/109 errors. below. the KEEPALIVE_ PROBES value; they applications, but this is a different mat- In this case, the operating system TCP are executed at the KEEPALIVE_ INTER- ter). Hung connections control methods stack (instead of the Firebird server) VAL time interval. If the client does not Below adjustment of these parameters In InterBase and Firebird, the mechanisms of DUMMY-packets or becomes responsible for connection respond to the last probe, then after for Windows and Linux operating sys- KEEPALIVE-sockets are used for tracking and disabling of such “dead” status. However, to enable this mecha- another KEEPALIVE_ INTERVAL time tems is described. connections. nism, one must adjust KEEPALIVE expires, the operating system TCP stack parameters. In InterBase 5.0 and higher, the mechanism of DUMMY-packets is imple- closes the connection, and the server (in Setting KEEPAILVE in Linux mented at the application layer between an InterBase/ Firebird server and this case, instance of InterBase or Fire- KEEPALIVE parameters in Linux can be a gds32/fbclient client library. It is included in ibconfig/ firebird. conf and KEEPALIVE description bird server) releases all resources busy changed either by file system direct is not examined in the present article. KEEPALIVE-sockets behavior is con- with provision of this connection. editing / proc, or by calling sysctl. trolled by the parameter presented in Note: As we know from previous experience, stability of the dummy-pack- Thus, a failed client connection will be the following table.
©2005 www.ibdeveloper.com ltd. All right reserved www.ibdeveloper.com 15 The InterBase and Firebird Developer Magazine 2005 ISSUE 1 Database maintenance Using Keepalive
For the first case, the following lines should be edited: KeepAliveTime interval expires, after each KeepAliveInterval time (in millisec- onds) KEEPALIVE-probes are sent with maximum number of MaxDataRetries. If no response comes, the connection closes. Default value is 1 second (1000). /proc/sys/net/ipv4/tcp_keepalive_time /proc/sys/net/ipv4/tcp_keepalive_intvl •MaxDataRetries = 32-digit value /proc/sys/net/ipv4/tcp_keepalive_probes Type: STRING For the second case, the following commands should be executed: Defines maximum number of KEEPALIVE-probes. Default value is 5.
sysctl –w net.ipv4.tcp_keepalive_time=value Setting KEEPALIVE in Windows 2000/NT/XP sysctl –w net.ipv4.tcp_keepalive_intvl=value Register branch sysctl –w net.ipv4.tcp_keepalive_probes=value Time value is expressed in seconds. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Pa rameters\. For automatic setting of these parameters in case of server restarting, add the fol- lowing lines to / etc/ sysctl. conf: Everything about TCP adjustment: 2000/ NT: http://support.microsoft.com/kb/120642 net.ipv4.tcp_keepalive_intvl = value XP: http://support.microsoft.com/kb/314053 net.ipv4.tcp_keepalive_time = value The MaxDataRetries parameter is substituted by net.ipv4.tcp_keepalive_probes = value Substitute the < value> word with necessary values. TCPMaxDataRetransmissions. If you use version of Firebird Classic lower than 1.5, then in /etc/xinet.d/firebird All other parameters have the same names as in Windows 9x the following should be added: FLAGS=REUSE KEEPALIVE Setting KEEPALIVE in Windows (for clients) This setting is optional, but it possibly will reduce number of messages about con- Adjusting KEEPALIVE in Windows 95/98/ME nection failure if one uses unreliable communications channels. Insert to the register Register branch branch HKEY_ LOCAL_ MACHINE\ System\ CurrentControlSet\ Services\ VxD\ MSTCP HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Pa Everything about adjustment of TCP can be found here: rameters http://support.microsoft.com/default.aspx?scid=kb;en-us;158474 parameter DisableDHCPMediaSense=1. See a description of this parameter here: Parameters: http://support.microsoft.com/?scid =kb%3Bru%3B239924&x=13&y=14 •KeepAliveTime = milliseconds Example Type: DWORD Let’s consider adjustment of Firebird SQL Server 1.5.2 CS under Linux OS. For Windows 98, type STRING. •Make sure that the DUMMY-packets mechanism is disabled in firebird.conf (the Defines connection inactivity time in milliseconds. When it expires, KEEPALIVE- parameter is commented-out) probes start executing. Default value is 2 hours (7200000). …………….. •KeepAliveInterval = 32-digit value #DummyPacketsInterval=0 Type: DWORD ……………. For Windows 98, STRING type. •Make sure there is the /etc/xinet.d/firebird configuration file Defines time between KEEPALIVE-probes (in milliseconds). As soon as the specified
©2005 www.ibdeveloper.com ltd. All right reserved www.ibdeveloper.com 16 The InterBase and Firebird Developer Magazine 2005 ISSUE 1 Database maintenance Using Keepalive
We kept everything unchanged, as it was registered during installation. Nothing KEEPALIVE-checks of normally needs to be added. working connections, which InterBase Myths № 4 •Change the TCP stack parameters launched long transactions. The KEEPALIVE_ INTERVAL If I see the word NATURAL in the query, it value is above or equal 10 is a bad one! sysctl –w net.ipv4.tcp_keepalive_time = 15 seconds, and the KEEPALIVE_ Nothing terrible. sysctl –w net.ipv4.tcp_keepalive_intvl = 10 PROBES value is above or Some data retrieval (depending on query) is better by nat- equal 5 checks. When many sysctl –w net.ipv4.tcp_keepalive_probes = 5 ural table scan, than by an index scan. •Connect to any database on the server from any network client. users work simultaneously, •Check traffic on the server using any packet filter. remember that if you perform It's better to check, how long time ago you refreshed statistics for checking too frequently, it may indices in your database. See documentation about SET STATISTICS If parameters specified as /proc/sys/net/tcp_ keepalive_*, within 15 seconds after considerably increase network INDEX
©2005 www.ibdeveloper.com ltd. All right reserved www.ibdeveloper.com 17 The InterBase and Firebird Developer Magazine 2005 ISSUE 1 Developers area Working with temporary tables
Author: Dmitri Kouzmenko Working with temporary [email protected] tables in InterBase 7.5
In InterBase 7.5, a new capability of working with temporary tables was added. Unlike system temporary tables (tmp$), these tables may RDB$RELATION_TYPE Description be created and used during applications’ work. To this very day, devel- opers had to store temporary data in ordinary tables, and that GLOBAL TEMPORARY Temporary tables, for which ON COMMIT DELETE required constant table content tracking, as well as specific organiza- DELETE ROWS is specified, i.e. the records, which will be tion of work with data. unconditionally deleted on the commit. Surely, most often temporary tables were necessary to those developers, who had GLOBAL TEMPORARY Temporary tables, for which ON COMMIT PRE- been working with MS SQL before they started to use InterBase/Firebird. PRESERVE SERVE ROWS is specified, i.e. the records, which will be unconditionally deleted on disconnection. Let’s consider what temporary tables in InterBase 7.5 really are. It is not recommended to modify this column manually; this will not result in anything Metadata good. That is to say, it is impossible to turn a regular table into a temporary and vice On the low system level temporary tables are implemented as permanent tables. versa. That is, when you create these tables, information about them is stored in the RDB$RELATIONS system table; pointer page and other system pages are distrib- For a time of transaction uted for them as for regular tables. Moreover, these tables not only will be stored in GLOBAL TEMPORARY DELETE stores records only until any commit is per- the database constantly, but also will "outlive" backup/restore (as distinct from any formed (not only in the transaction, which created them, but also of any other other attempts to extend or change the structure of the rdb$ system tables). transaction within this connect). Such behavior resembles a bug, since commit- Syntax of creation of temporary tables is as following: ting of competitive transactions is not supposed to flush record view. The temporary system tables work in exactly the same way, i.e. they display updated information CREATE GLOBAL TEMPORARY TABLE