Changeset: b51b78a26389 for MonetDB
URL: https://dev.monetdb.org/hg/MonetDB/rev/b51b78a26389
Modified Files:
monetdb5/mal/mal_runtime.c
sql/backends/monet5/sql.c
sql/backends/monet5/sql.h
sql/backends/monet5/sql_user.c
sql/backends/monet5/sql_user.h
sql/scripts/22_clients.sql
Branch: userprofile
Log Message:
fix password hash
diffs (203 lines):
diff --git a/monetdb5/mal/mal_runtime.c b/monetdb5/mal/mal_runtime.c
--- a/monetdb5/mal/mal_runtime.c
+++ b/monetdb5/mal/mal_runtime.c
@@ -99,7 +99,7 @@ updateUserStats(Client cntxt, MalBlkPtr
USRstats[idx].finished = finished;
USRstats[idx].maxticks = ticks;
GDKfree(USRstats[idx].maxquery);
- USRstats[idx].maxquery= GDKstrdup(query);
+ USRstats[idx].maxquery = GDKstrdup(query);
}
}
diff --git a/sql/backends/monet5/sql.c b/sql/backends/monet5/sql.c
--- a/sql/backends/monet5/sql.c
+++ b/sql/backends/monet5/sql.c
@@ -5108,6 +5108,31 @@ SQLstr_column_stop_vacuum(Client cntxt,
#include "for.h"
#include "dict.h"
#include "mel.h"
+
+
+str
+SQLuser_password(Client cntxt, MalBlkPtr mb, MalStkPtr stk, InstrPtr pci)
+{
+ mvc *m = NULL;
+ str msg = NULL;
+ str *password = getArgReference_str(stk, pci, 0);
+ const char *username = *getArgReference_str(stk, pci, 1);
+
+ (void) password;
+
+ if ((msg = getSQLContext(cntxt, mb, &m, NULL)) != NULL)
+ return msg;
+ if ((msg = checkSQLContext(cntxt)) != NULL)
+ return msg;
+ if (cntxt->username != username) {
+ // only MAL_ADMIN and user himself can access password
+ if ((msg = AUTHrequireAdmin(cntxt)) != MAL_SUCCEED)
+ return msg;
+ }
+ *password = monet5_password_hash(m, username);
+ return MAL_SUCCEED;
+}
+
static mel_func sql_init_funcs[] = {
pattern("sql", "shutdown", SQLshutdown_wrap, true, "", args(1,3,
arg("",str),arg("delay",bte),arg("force",bit))),
pattern("sql", "shutdown", SQLshutdown_wrap, true, "", args(1,3,
arg("",str),arg("delay",sht),arg("force",bit))),
@@ -5198,7 +5223,7 @@ static mel_func sql_init_funcs[] = {
pattern("sql", "sql_variables", sql_variables, false, "return the table with
session variables", args(4,4,
batarg("sname",str),batarg("name",str),batarg("type",str),batarg("value",str))),
pattern("sql", "sessions", sql_sessions_wrap, false, "SQL export table of
active sessions, their timeouts and idle status", args(9,9,
batarg("id",int),batarg("user",str),batarg("start",timestamp),batarg("idle",timestamp),batarg("optmizer",str),batarg("stimeout",int),batarg("qtimeout",int),batarg("wlimit",int),batarg("mlimit",int))),
//pattern("sql", "db_users", db_users_wrap, false, "return table of users with
sql scenario", args(1,1, batarg("",str))),
-//pattern("sql", "password", db_password_wrap, false, "Return password hash of
user", args(1,2, arg("",str),arg("user",str))),
+pattern("sql", "password", SQLuser_password, false, "Return password hash of
user", args(1,2, arg("",str),arg("user",str))),
//pattern("batsql", "password", db_password_wrap, false, "Return password hash
of user", args(1,2, batarg("",str),batarg("user",str))),
pattern("sql", "rt_credentials", sql_rt_credentials_wrap, false, "Return the
remote table credentials for the given table", args(3,4,
batarg("uri",str),batarg("username",str),batarg("hash",str),arg("tablename",str))),
pattern("sql", "dump_cache", dump_cache, false, "dump the content of the
query cache", args(2,2, batarg("query",str),batarg("count",int))),
diff --git a/sql/backends/monet5/sql.h b/sql/backends/monet5/sql.h
--- a/sql/backends/monet5/sql.h
+++ b/sql/backends/monet5/sql.h
@@ -289,6 +289,7 @@ extern str SQLunionfunc(Client cntxt, Ma
extern str SQLstr_column_vacuum(Client cntxt, MalBlkPtr mb, MalStkPtr stk,
InstrPtr pci);
extern str SQLstr_column_auto_vacuum(Client cntxt, MalBlkPtr mb, MalStkPtr
stk, InstrPtr pci);
extern str SQLstr_column_stop_vacuum(Client cntxt, MalBlkPtr mb, MalStkPtr
stk, InstrPtr pci);
+extern str SQLuser_password(Client cntxt, MalBlkPtr mb, MalStkPtr stk,
InstrPtr pci);
sql5_export str getBackendContext(Client cntxt, backend **be);
diff --git a/sql/backends/monet5/sql_user.c b/sql/backends/monet5/sql_user.c
--- a/sql/backends/monet5/sql_user.c
+++ b/sql/backends/monet5/sql_user.c
@@ -117,6 +117,7 @@ getUserPasswordCallback(Client c, const
backend *be = (backend *) c->sqlcontext;
if (be) {
mvc *m = be->mvc;
+ // this starts new transaction
if (mvc_trans(m) == 0) {
oid rid = getUserOIDByName(m, user);
res = getUserPassword(m, rid);
@@ -530,50 +531,61 @@ db_users_wrap(Client cntxt, MalBlkPtr mb
return MAL_SUCCEED;
}
+
str
-db_password_wrap(Client cntxt, MalBlkPtr mb, MalStkPtr stk, InstrPtr pci)
+monet5_password_hash(mvc *m, const char *username)
{
- (void) mb;
-
- if (stk->stk[pci->argv[0]].vtype == TYPE_bat) {
- BAT *b = BATdescriptor(*getArgReference_bat(stk, pci, 1));
- if (b == NULL)
- throw(SQL, "sql.password", SQLSTATE(HY002)
RUNTIME_OBJECT_MISSING);
- BAT *bn = COLnew(b->hseqbase, TYPE_str, BATcount(b), TRANSIENT);
- if (bn == NULL) {
- BBPunfix(b->batCacheid);
- throw(SQL, "sql.password", SQLSTATE(HY013)
MAL_MALLOC_FAIL);
+ str msg, hash = NULL;
+ oid rid = getUserOIDByName(m, username);
+ const char *password = getUserPassword(m, rid);
+ if (password) {
+ if ((msg = AUTHdecypherValue(&hash, password)) != MAL_SUCCEED) {
+ (void) sql_error(m, 02, SQLSTATE(42000)
"monet5_password_hash: %s", getExceptionMessage(msg));
+ freeException(msg);
}
- BATiter bi = bat_iterator(b);
- BUN p, q;
- BATloop(b, p, q) {
- char *hash, *msg;
- msg = AUTHgetPasswordHash(&hash, cntxt, BUNtvar(bi, p));
- if (msg != MAL_SUCCEED) {
- bat_iterator_end(&bi);
- BBPunfix(b->batCacheid);
- BBPreclaim(bn);
- return msg;
- }
- if (BUNappend(bn, hash, false) != GDK_SUCCEED) {
- bat_iterator_end(&bi);
- BBPunfix(b->batCacheid);
- BBPreclaim(bn);
- GDKfree(hash);
- throw(SQL, "sql.password", SQLSTATE(HY013)
MAL_MALLOC_FAIL);
- }
- GDKfree(hash);
- }
- bat_iterator_end(&bi);
- BBPunfix(b->batCacheid);
- BBPkeepref(bn);
- *getArgReference_bat(stk, pci, 0) = bn->batCacheid;
- return MAL_SUCCEED;
}
- str *hash = getArgReference_str(stk, pci, 0);
- str *user = getArgReference_str(stk, pci, 1);
+ return hash;
+ // (void) mb;
- return AUTHgetPasswordHash(hash, cntxt, *user);
+ // if (stk->stk[pci->argv[0]].vtype == TYPE_bat) {
+ // BAT *b = BATdescriptor(*getArgReference_bat(stk, pci, 1));
+ // if (b == NULL)
+ // throw(SQL, "sql.password", SQLSTATE(HY002)
RUNTIME_OBJECT_MISSING);
+ // BAT *bn = COLnew(b->hseqbase, TYPE_str, BATcount(b), TRANSIENT);
+ // if (bn == NULL) {
+ // BBPunfix(b->batCacheid);
+ // throw(SQL, "sql.password", SQLSTATE(HY013)
MAL_MALLOC_FAIL);
+ // }
+ // BATiter bi = bat_iterator(b);
+ // BUN p, q;
+ // BATloop(b, p, q) {
+ // char *hash, *msg;
+ // msg = AUTHgetPasswordHash(&hash, cntxt, BUNtvar(bi, p));
+ // if (msg != MAL_SUCCEED) {
+ // bat_iterator_end(&bi);
+ // BBPunfix(b->batCacheid);
+ // BBPreclaim(bn);
+ // return msg;
+ // }
+ // if (BUNappend(bn, hash, false) != GDK_SUCCEED) {
+ // bat_iterator_end(&bi);
+ // BBPunfix(b->batCacheid);
+ // BBPreclaim(bn);
+ // GDKfree(hash);
+ // throw(SQL, "sql.password", SQLSTATE(HY013)
MAL_MALLOC_FAIL);
+ // }
+ // GDKfree(hash);
+ // }
+ // bat_iterator_end(&bi);
+ // BBPunfix(b->batCacheid);
+ // BBPkeepref(bn);
+ // *getArgReference_bat(stk, pci, 0) = bn->batCacheid;
+ // return MAL_SUCCEED;
+ // }
+ // str *hash = getArgReference_str(stk, pci, 0);
+ // str *user = getArgReference_str(stk, pci, 1);
+
+ // return AUTHgetPasswordHash(hash, cntxt, *user);
}
static void
diff --git a/sql/backends/monet5/sql_user.h b/sql/backends/monet5/sql_user.h
--- a/sql/backends/monet5/sql_user.h
+++ b/sql/backends/monet5/sql_user.h
@@ -15,6 +15,6 @@ extern int monet5_user_set_def_schema(mv
extern int monet5_user_get_def_schema(mvc *m, int user /* sql user id */, str
*schema);
extern str db_users_wrap(Client cntxt, MalBlkPtr mb, MalStkPtr stk, InstrPtr
pci);
-extern str db_password_wrap(Client cntxt, MalBlkPtr mb, MalStkPtr stk,
InstrPtr pci);
+extern str monet5_password_hash(mvc *m, const char *username);
#endif /* _SQL_USER_H_ */
diff --git a/sql/scripts/22_clients.sql b/sql/scripts/22_clients.sql
--- a/sql/scripts/22_clients.sql
+++ b/sql/scripts/22_clients.sql
@@ -6,7 +6,8 @@
create function sys.password_hash (username string)
returns string
- return select password from users where name = username;
+ external name sql.password;
+ -- return select password from users where name = username;
create function sys.remote_table_credentials (tablename string)
returns table ("uri" string, "username" string, "hash" string)
_______________________________________________
checkin-list mailing list -- checkin-list@monetdb.org
To unsubscribe send an email to checkin-list-le...@monetdb.org
