MonetDB: userprofile - add password column to users tbl

Wed, 15 Jun 2022 08:51:46 -0700 

Changeset: 8e4c0ac61102 for MonetDB
URL: https://dev.monetdb.org/hg/MonetDB/rev/8e4c0ac61102
Modified Files:
        monetdb5/mal/mal_authorize.c
        monetdb5/mal/mal_authorize.h
        monetdb5/mal/mal_session.c
        sql/backends/monet5/sql_user.c
Branch: userprofile
Log Message:

add password column to users tbl


diffs (215 lines):

diff --git a/monetdb5/mal/mal_authorize.c b/monetdb5/mal/mal_authorize.c
--- a/monetdb5/mal/mal_authorize.c
+++ b/monetdb5/mal/mal_authorize.c
@@ -87,7 +87,7 @@ AUTHfindUser(const char *username)
 }
 
 /**
- * Requires the current client to be the admin user thread.  If not the case,
+ * Requires the current client to be the admin user thread. If not the case,
  * this function returns an InvalidCredentialsException.
  */
 static str
@@ -432,7 +432,7 @@ AUTHcheckCredentials(
        str pwd = NULL;
        str hash = NULL;
        BUN p;
-       BATiter passi;
+       // BATiter passi;
 
        if (cntxt)
                rethrow("checkCredentials", tmp, AUTHrequireAdminOrUser(cntxt, 
username));
@@ -456,13 +456,17 @@ AUTHcheckCredentials(
                throw(INVCRED, "checkCredentials", INVCRED_INVALID_USER " 
'%s'", username);
        }
 
+       // WIP load password from users tbl
+       if (authCallbackCntx.get_user_password && cntxt)
+               tmp = authCallbackCntx.get_user_password(cntxt, username);
+
        /* find the corresponding password to the user */
-       passi = bat_iterator(pass);
-       tmp = (str)BUNtvar(passi, p);
-       assert (tmp != NULL);
+       // passi = bat_iterator(pass);
+       // tmp = (str)BUNtvar(passi, p);
+       // assert (tmp != NULL);
        /* decypher the password (we lose the original tmp here) */
        tmp = AUTHdecypherValue(&pwd, tmp);
-       bat_iterator_end(&passi);
+       // bat_iterator_end(&passi);
        if (tmp)
                return tmp;
 
@@ -1271,3 +1275,10 @@ AUTHRegisterGetPasswordHandler(get_user_
        authCallbackCntx.get_user_password = callback;
        return MAL_SUCCEED;
 }
+
+
+str
+AUTHGeneratePasswordHash(str *res, const char *value)
+{
+       return AUTHcypherValue(res, value);
+}
diff --git a/monetdb5/mal/mal_authorize.h b/monetdb5/mal/mal_authorize.h
--- a/monetdb5/mal/mal_authorize.h
+++ b/monetdb5/mal/mal_authorize.h
@@ -46,12 +46,13 @@ mal_export str AUTHdeleteRemoteTableCred
  */
 mal_export str AUTHunlockVault(const char *password);
 
-typedef str (*get_user_password_handler)(void *mvc, str user);
+typedef str (*get_user_password_handler)(Client c, const char *user);
 
 typedef struct AUTHCallbackCntx {
        get_user_password_handler get_user_password;
 } AUTHCallbackCntx;
 
 mal_export str AUTHRegisterGetPasswordHandler(get_user_password_handler 
callback);
+mal_export str AUTHGeneratePasswordHash(str *res, const char *value);
 
 #endif /* _MAL_AUTHORIZE_H */
diff --git a/monetdb5/mal/mal_session.c b/monetdb5/mal/mal_session.c
--- a/monetdb5/mal/mal_session.c
+++ b/monetdb5/mal/mal_session.c
@@ -279,10 +279,14 @@ MSscheduleClient(str command, str challe
                sabdb *stats = NULL;
 
                if (!GDKembedded()) {
+                       c = MCinitClient(MAL_ADMIN, NULL, NULL);
+                       Scenario scenario = findScenario(lang);
+                       scenario->initClientCmd(c);
                        /* access control: verify the credentials supplied by 
the user,
                        * no need to check for database stuff, because that is 
done per
                        * database itself (one gets a redirect) */
-                       err = AUTHcheckCredentials(&uid, NULL, user, passwd, 
challenge, algo);
+                       err = AUTHcheckCredentials(&uid, c, user, passwd, 
challenge, algo);
+                       scenario->exitClientCmd(c);
                        if (err != MAL_SUCCEED) {
                                mnstr_printf(fout, "!%s\n", err);
                                exit_streams(fin, fout);
diff --git a/sql/backends/monet5/sql_user.c b/sql/backends/monet5/sql_user.c
--- a/sql/backends/monet5/sql_user.c
+++ b/sql/backends/monet5/sql_user.c
@@ -34,26 +34,30 @@ getUsersTbl(mvc *m)
 
 
 static oid
-getUserOIDByName(mvc *m, str user)
+getUserOIDByName(mvc *m, const char *user)
 {
        sql_trans *tr = m->session->tr;
        sqlstore *store = m->session->tr->store;
        sql_table *users = getUsersTbl(m);
-       return store->table_api.column_find_row(tr, find_sql_column(users, 
"name"), user, NULL);
+       sql_column *users_name = find_sql_column(users, "name");
+       return store->table_api.column_find_row(tr, users_name, user, NULL);
 }
 
 
 static str
-getPasswordHash(ptr _mvc, str user)
+getPasswordHash(Client c, const char *user)
 {
-       mvc *m = (mvc *) _mvc;
+       str res;
+       mvc *m = ((backend *) c->sqlcontext)->mvc;
        sql_trans *tr = m->session->tr;
        sqlstore *store = m->session->tr->store;
        sql_table *users = getUsersTbl(m);
+       sql_trans_begin(m->session);
        oid rid = getUserOIDByName(m, user);
        if (is_oid_nil(rid))
                return NULL;
-       return store->table_api.column_find_value(tr, find_sql_column(users, 
"password"), rid);
+       res = store->table_api.column_find_value(tr, find_sql_column(users, 
"password"), rid);
+       return res;
 }
 
 
@@ -208,7 +212,7 @@ monet5_create_user(ptr _mvc, str user, s
 {
        mvc *m = (mvc *) _mvc;
        oid rid, uid = 0;
-       str ret, pwd, schema_buf = NULL;
+       str ret, err, pwd, hash, schema_buf = NULL;
        sqlid user_id;
        sql_schema *s = find_sql_schema(m->session->tr, "sys");
        sql_table *db_user_info = find_sql_table(m->session->tr, s, 
"db_user_info"),
@@ -264,9 +268,15 @@ monet5_create_user(ptr _mvc, str user, s
                pwd = passwd;
        }
 
+       if ((err = AUTHGeneratePasswordHash(&hash, pwd)) != MAL_SUCCEED) {
+               if (schema_buf)
+                       GDKfree(schema_buf);
+               throw(MAL, "sql.create_user", SQLSTATE(42000) "create backend 
hash failure");
+       }
+
        user_id = store_next_oid(m->session->tr->store);
        sqlid default_role_id = role_id > 0 ? role_id : user_id;
-       if ((log_res = store->table_api.table_insert(m->session->tr, 
db_user_info, &user, &fullname, &schema_id, &schema_path, &max_memory, 
&max_workers, &optimizer, &default_role_id))) {
+       if ((log_res = store->table_api.table_insert(m->session->tr, 
db_user_info, &user, &fullname, &schema_id, &schema_path, &max_memory, 
&max_workers, &optimizer, &default_role_id, &hash))) {
                if (!enc)
                        free(pwd);
                if (schema_buf)
@@ -402,12 +412,14 @@ static void
 monet5_create_privileges(ptr _mvc, sql_schema *s)
 {
        sql_schema *sys;
-       sql_table *t = NULL, *uinfo = NULL;
+       sql_table *t = NULL;
+       sql_table *uinfo = NULL;
        sql_column *col = NULL;
        mvc *m = (mvc *) _mvc;
        sqlid schema_id = 0;
        list *res, *ops;
        sql_func *f = NULL;
+       str err;
 
        /* create the authorisation related tables */
        mvc_create_table(&t, m, s, "db_user_info", tt_table, 1, SQL_PERSIST, 0, 
-1, 0);
@@ -419,7 +431,7 @@ monet5_create_privileges(ptr _mvc, sql_s
        mvc_create_column_(&col, m, t, "max_workers", "int", 9);
        mvc_create_column_(&col, m, t, "optimizer", "varchar", 1024);
        mvc_create_column_(&col, m, t, "default_role", "int", 9);
-       // mvc_create_column_(&col, m, t, "password", "varchar", 256);
+       mvc_create_column_(&col, m, t, "password", "varchar", 256);
        uinfo = t;
 
        res = sa_list(m->sa);
@@ -452,6 +464,7 @@ monet5_create_privileges(ptr _mvc, sql_s
        mvc_create_column_(&col, m, t, "max_workers", "int", 9);
        mvc_create_column_(&col, m, t, "optimizer", "varchar", 1024);
        mvc_create_column_(&col, m, t, "default_role", "int", 9);
+       mvc_create_column_(&col, m, t, "password", "varchar", 256);
 
        sys = find_sql_schema(m->session->tr, "sys");
        schema_id = sys->base.id;
@@ -459,6 +472,14 @@ monet5_create_privileges(ptr _mvc, sql_s
 
        sqlstore *store = m->session->tr->store;
        char *username = "monetdb";
+       char *password = mcrypt_BackendSum("monetdb", strlen("monedtb"));
+       char *hash = NULL;
+       if ((err = AUTHGeneratePasswordHash(&hash, password)) != MAL_SUCCEED) {
+               TRC_CRITICAL(SQL_TRANS, "generate password hash failure");
+               freeException(err);
+               return ;
+       }
+
        char *fullname = "MonetDB Admin";
        char *schema_path = default_schema_path;
        // default values
@@ -467,9 +488,8 @@ monet5_create_privileges(ptr _mvc, sql_s
        int max_workers = 0;
        sqlid default_role_id = USER_MONETDB;
 
-
        store->table_api.table_insert(m->session->tr, uinfo, &username, 
&fullname, &schema_id, &schema_path, &max_memory,
-                       &max_workers, &optimizer, &default_role_id);
+               &max_workers, &optimizer, &default_role_id, &hash);
 }
 
 static int
_______________________________________________
checkin-list mailing list -- checkin-list@monetdb.org
To unsubscribe send an email to checkin-list-le...@monetdb.org

Reply via email to