Changeset: 284280266e77 for MonetDB
URL: http://dev.monetdb.org/hg/MonetDB?cmd=changeset;node=284280266e77
Modified Files:
clients/Tests/exports.stable.out
monetdb5/ChangeLog
monetdb5/mal/mal_authorize.c
monetdb5/mal/mal_authorize.h
monetdb5/mal/mal_session.c
monetdb5/modules/mal/clients.c
sql/backends/monet5/sql_user.c
tools/merovingian/daemon/controlrunner.c
tools/mserver/mserver5.c
tools/mserver/shutdowntest.c
Branch: default
Log Message:
Changed interfaces of the AUTH* functions.
diffs (truncated from 781 to 300 lines):
diff --git a/clients/Tests/exports.stable.out b/clients/Tests/exports.stable.out
--- a/clients/Tests/exports.stable.out
+++ b/clients/Tests/exports.stable.out
@@ -740,19 +740,19 @@ str ALGunique1(bat *result, const bat *b
str ALGunique2(bat *result, const bat *bid, const bat *sid);
str ALGvariance(dbl *res, const bat *bid);
str ALGvariancep(dbl *res, const bat *bid);
-str AUTHaddUser(oid *ret, Client c, str *user, str *pass);
-str AUTHchangePassword(Client c, str *oldpass, str *passwd);
-str AUTHchangeUsername(Client c, str *olduser, str *newuser);
-str AUTHcheckCredentials(oid *ret, Client c, str *user, str *passwd, str
*challenge, str *algo);
-str AUTHgetPasswordHash(str *ret, Client c, str *username);
+str AUTHaddUser(oid *ret, Client c, const char *user, const char *pass);
+str AUTHchangePassword(Client c, const char *oldpass, const char *passwd);
+str AUTHchangeUsername(Client c, const char *olduser, const char *newuser);
+str AUTHcheckCredentials(oid *ret, Client c, const char *user, const char
*passwd, const char *challenge, const char *algo);
+str AUTHgetPasswordHash(str *ret, Client c, const char *username);
str AUTHgetUsername(str *ret, Client c);
str AUTHgetUsers(BAT **ret1, BAT **ret2, Client c);
-str AUTHinitTables(str *passwd);
-str AUTHremoveUser(Client c, str *username);
+str AUTHinitTables(const char *passwd);
+str AUTHremoveUser(Client c, const char *username);
void AUTHreset(void) __attribute__((__visibility__("hidden")));
-str AUTHresolveUser(str *ret, oid *uid);
-str AUTHsetPassword(Client c, str *username, str *passwd);
-str AUTHunlockVault(str *password);
+str AUTHresolveUser(str *ret, oid uid);
+str AUTHsetPassword(Client c, const char *username, const char *passwd);
+str AUTHunlockVault(const char *password);
str BATPCREilike(bat *ret, const bat *b, const str *pat, const str *esc);
str BATPCREilike2(bat *ret, const bat *b, const str *pat);
str BATPCRElike(bat *ret, const bat *b, const str *pat, const str *esc);
diff --git a/monetdb5/ChangeLog b/monetdb5/ChangeLog
--- a/monetdb5/ChangeLog
+++ b/monetdb5/ChangeLog
@@ -1,6 +1,10 @@
# ChangeLog file for MonetDB5
# This file is updated with Maddlog
+* Thu Jan 5 2017 Sjoerd Mullender <sjo...@acm.org>
+- Changed the interfaces of the AUTH* functions: pass values, not pointers
+ to values.
+
* Tue Dec 13 2016 Sjoerd Mullender <sjo...@acm.org>
- Removed calc.setoid().
- group.subgroup is now called group.group if it is not refining a group.
diff --git a/monetdb5/mal/mal_authorize.c b/monetdb5/mal/mal_authorize.c
--- a/monetdb5/mal/mal_authorize.c
+++ b/monetdb5/mal/mal_authorize.c
@@ -39,9 +39,9 @@
#endif
#endif
-static str AUTHdecypherValue(str *ret, str *value);
-static str AUTHcypherValue(str *ret, str *value);
-static str AUTHverifyPassword(str *passwd);
+static str AUTHdecypherValue(str *ret, const char *value);
+static str AUTHcypherValue(str *ret, const char *value);
+static str AUTHverifyPassword(const char *passwd);
static BAT *user = NULL;
static BAT *pass = NULL;
@@ -74,7 +74,7 @@ AUTHfindUser(const char *username)
if (BUNfnd(duser, &pos) == BUN_NONE)
return p;
}
- }
+ }
return BUN_NONE;
}
@@ -95,7 +95,7 @@ AUTHrequireAdmin(Client cntxt) {
str user = u;
str tmp;
- rethrow("requireAdmin", tmp, AUTHresolveUser(&user, &id));
+ rethrow("requireAdmin", tmp, AUTHresolveUser(&user, id));
throw(INVCRED, "requireAdmin", INVCRED_ACCESS_DENIED " '%s'",
user);
}
@@ -108,20 +108,21 @@ AUTHrequireAdmin(Client cntxt) {
* InvalidCredentialsException.
*/
static str
-AUTHrequireAdminOrUser(Client cntxt, str *username) {
+AUTHrequireAdminOrUser(Client cntxt, const char *username) {
oid id = cntxt->user;
- char u[BUFSIZ] = "";
- str user = u;
+ str user = NULL;
str tmp = MAL_SUCCEED;
/* root? then all is well */
if (id == 0)
return(MAL_SUCCEED);
- rethrow("requireAdminOrUser", tmp, AUTHresolveUser(&user, &id));
- if (username == NULL || *username == NULL || strcmp(*username, user) !=
0) {
+ rethrow("requireAdminOrUser", tmp, AUTHresolveUser(&user, id));
+ if (username == NULL || strcmp(username, user) != 0) {
+ GDKfree(user);
throw(INVCRED, "requireAdminOrUser", INVCRED_ACCESS_DENIED "
'%s'", user);
}
+ GDKfree(user);
return(MAL_SUCCEED);
}
@@ -152,7 +153,7 @@ AUTHcommit(void)
* after the GDK kernel has been initialized.
*/
str
-AUTHinitTables(str *passwd) {
+AUTHinitTables(const char *passwd) {
bat bid;
int isNew = 1;
str msg = MAL_SUCCEED;
@@ -224,15 +225,14 @@ AUTHinitTables(str *passwd) {
if (isNew == 1) {
/* insert the monetdb/monetdb administrator account on a
* complete fresh and new auth tables system */
- str user = "monetdb";
- str pw = "monetdb";
+ char *pw;
oid uid;
Client c = &mal_clients[0];
- if (passwd != NULL && *passwd != NULL)
- pw = *passwd;
- pw = mcrypt_BackendSum(pw, strlen(pw));
- msg = AUTHaddUser(&uid, c, &user, &pw);
+ if (passwd == NULL)
+ passwd = "monetdb"; /* default password */
+ pw = mcrypt_BackendSum(passwd, strlen(passwd));
+ msg = AUTHaddUser(&uid, c, "monetdb", pw);
free(pw);
if (msg)
return msg;
@@ -252,10 +252,10 @@ str
AUTHcheckCredentials(
oid *uid,
Client cntxt,
- str *username,
- str *passwd,
- str *challenge,
- str *algo)
+ const char *username,
+ const char *passwd,
+ const char *challenge,
+ const char *algo)
{
str tmp;
str pwd = NULL;
@@ -267,21 +267,21 @@ AUTHcheckCredentials(
assert(user);
assert(pass);
- if (*username == NULL || strNil(*username))
+ if (username == NULL || strNil(username))
throw(INVCRED, "checkCredentials", "invalid credentials for
unknown user");
- p = AUTHfindUser(*username);
+ p = AUTHfindUser(username);
if (p == BUN_NONE) {
/* DO NOT reveal that the user doesn't exist here! */
- throw(INVCRED, "checkCredentials", INVCRED_INVALID_USER "
'%s'", *username);
+ throw(INVCRED, "checkCredentials", INVCRED_INVALID_USER "
'%s'", username);
}
/* a NULL password is impossible (since we should be dealing with
* hashes here) so we can bail out immediately
*/
- if (*passwd == NULL || strNil(*passwd)) {
+ if (passwd == NULL || strNil(passwd)) {
/* DO NOT reveal that the password is NULL here! */
- throw(INVCRED, "checkCredentials", INVCRED_INVALID_USER "
'%s'", *username);
+ throw(INVCRED, "checkCredentials", INVCRED_INVALID_USER "
'%s'", username);
}
/* find the corresponding password to the user */
@@ -289,15 +289,15 @@ AUTHcheckCredentials(
tmp = (str)BUNtail(passi, p);
assert (tmp != NULL);
/* decypher the password (we lose the original tmp here) */
- rethrow("checkCredentials", tmp, AUTHdecypherValue(&pwd, &tmp));
+ rethrow("checkCredentials", tmp, AUTHdecypherValue(&pwd, tmp));
/* generate the hash as the client should have done */
- hash = mcrypt_hashPassword(*algo, pwd, *challenge);
+ hash = mcrypt_hashPassword(algo, pwd, challenge);
GDKfree(pwd);
/* and now we have it, compare it to what was given to us */
- if (strcmp(*passwd, hash) != 0) {
+ if (strcmp(passwd, hash) != 0) {
/* of course we DO NOT print the password here */
free(hash);
- throw(INVCRED, "checkCredentials", INVCRED_INVALID_USER "
'%s'", *username);
+ throw(INVCRED, "checkCredentials", INVCRED_INVALID_USER "
'%s'", username);
}
free(hash);
@@ -310,7 +310,7 @@ AUTHcheckCredentials(
* return value of this function is the user id of the added user.
*/
str
-AUTHaddUser(oid *uid, Client cntxt, str *username, str *passwd)
+AUTHaddUser(oid *uid, Client cntxt, const char *username, const char *passwd)
{
BUN p;
str tmp;
@@ -321,25 +321,25 @@ AUTHaddUser(oid *uid, Client cntxt, str
assert(pass);
/* some pre-condition checks */
- if (*username == NULL || strNil(*username))
+ if (username == NULL || strNil(username))
throw(ILLARG, "addUser", "username should not be nil");
- if (*passwd == NULL || strNil(*passwd))
+ if (passwd == NULL || strNil(passwd))
throw(ILLARG, "addUser", "password should not be nil");
rethrow("addUser", tmp, AUTHverifyPassword(passwd));
/* ensure that the username is not already there */
- p = AUTHfindUser(*username);
+ p = AUTHfindUser(username);
if (p != BUN_NONE)
- throw(MAL, "addUser", "user '%s' already exists", *username);
+ throw(MAL, "addUser", "user '%s' already exists", username);
/* we assume the BATs are still aligned */
rethrow("addUser", tmp, AUTHcypherValue(&hash, passwd));
/* needs force, as SQL makes a view over user */
- BUNappend(user, *username, TRUE);
+ BUNappend(user, username, TRUE);
BUNappend(pass, hash, TRUE);
GDKfree(hash);
/* retrieve the oid of the just inserted user */
- p = AUTHfindUser(*username);
+ p = AUTHfindUser(username);
/* make the stuff persistent */
AUTHcommit();
@@ -352,7 +352,7 @@ AUTHaddUser(oid *uid, Client cntxt, str
* Removes the given user from the administration.
*/
str
-AUTHremoveUser(Client cntxt, str *username)
+AUTHremoveUser(Client cntxt, const char *username)
{
BUN p;
oid id;
@@ -363,13 +363,13 @@ AUTHremoveUser(Client cntxt, str *userna
assert(pass);
/* pre-condition check */
- if (*username == NULL || strNil(*username))
+ if (username == NULL || strNil(username))
throw(ILLARG, "removeUser", "username should not be nil");
/* ensure that the username exists */
- p = AUTHfindUser(*username);
+ p = AUTHfindUser(username);
if (p == BUN_NONE)
- throw(MAL, "removeUser", "no such user: '%s'", *username);
+ throw(MAL, "removeUser", "no such user: '%s'", username);
id = p;
/* find the name of the administrator and see if it equals username */
@@ -386,11 +386,11 @@ AUTHremoveUser(Client cntxt, str *userna
/**
* Changes the username of the user indicated by olduser into newuser.
- * If the username is already in use, an exception is thrown and nothing
+ * If the newuser is already in use, an exception is thrown and nothing
* is modified.
*/
str
-AUTHchangeUsername(Client cntxt, str *olduser, str *newuser)
+AUTHchangeUsername(Client cntxt, const char *olduser, const char *newuser)
{
BUN p, q;
str tmp;
@@ -398,22 +398,22 @@ AUTHchangeUsername(Client cntxt, str *ol
rethrow("addUser", tmp, AUTHrequireAdminOrUser(cntxt, olduser));
/* precondition checks */
- if (*olduser == NULL || strNil(*olduser))
+ if (olduser == NULL || strNil(olduser))
throw(ILLARG, "changeUsername", "old username should not be
nil");
- if (*newuser == NULL || strNil(*newuser))
+ if (newuser == NULL || strNil(newuser))
throw(ILLARG, "changeUsername", "new username should not be
nil");
/* see if the olduser is valid */
- p = AUTHfindUser(*olduser);
+ p = AUTHfindUser(olduser);
if (p == BUN_NONE)
- throw(MAL, "changeUsername", "user '%s' does not exist",
*olduser);
+ throw(MAL, "changeUsername", "user '%s' does not exist",
olduser);
/* ... and if the newuser is not there yet */
- q = AUTHfindUser(*newuser);
_______________________________________________
checkin-list mailing list
checkin-list@monetdb.org
https://www.monetdb.org/mailman/listinfo/checkin-list
