Changeset: 78acdb6b0452 for MonetDB URL: https://dev.monetdb.org/hg/MonetDB?cmd=changeset;node=78acdb6b0452 Modified Files: monetdb5/mal/mal_authorize.c monetdb5/mal/mal_authorize.h monetdb5/modules/mal/remote.c sql/server/rel_schema.c Branch: remote_auth Log Message:
Change the authorization functions to be keyed by local table The look up key should be the local "schema.table" string that identifies the table we want to access. diffs (148 lines): diff --git a/monetdb5/mal/mal_authorize.c b/monetdb5/mal/mal_authorize.c --- a/monetdb5/mal/mal_authorize.c +++ b/monetdb5/mal/mal_authorize.c @@ -942,27 +942,26 @@ AUTHverifyPassword(const char *passwd) } str -AUTHgetRemoteTableCredentials(const char *uri, Client cntxt, str *username, str *password) +AUTHgetRemoteTableCredentials(const char *local_table, Client cntxt, str *uri, str *username, str *password) { FILE *fp = fopen("/tmp/remote_table_auth.txt", "r"); - str localuser; - str luri; - str tmp; + str ltbl; + // str tmp; char buf[BUFSIZ]; char *p, *q; - (void)uri; + (void)cntxt; fread(buf, 1, BUFSIZ, fp); q = buf; p = strchr(buf, ','); *p = 0; - luri = GDKstrdup(q); + ltbl = GDKstrdup(q); q = p + 1; p = strchr(q, ','); *p = 0; - localuser = GDKstrdup(q); + *uri = GDKstrdup(q); q = p + 1; p = strchr(q, ','); @@ -977,36 +976,32 @@ AUTHgetRemoteTableCredentials(const char fclose(fp); /* mem leak */ - rethrow("checkCredentials", tmp, AUTHrequireAdminOrUser(cntxt, localuser)); - if (strcmp(uri, luri)) { - GDKfree(luri); - GDKfree(localuser); + // rethrow("checkCredentials", tmp, AUTHrequireAdminOrUser(cntxt, localuser)); + if (strcmp(local_table, ltbl)) { + GDKfree(ltbl); throw(MAL, "getRemoteTableCredentials", SQLSTATE(HY001) "URIs do not match"); } - GDKfree(luri); - GDKfree(localuser); + GDKfree(ltbl); + // GDKfree(localuser); return MAL_SUCCEED; } str -AUTHaddRemoteTableCredentials(const char *uri, const char *localuser, const char *remoteuser, const char *pass, bool pw_encrypted) +AUTHaddRemoteTableCredentials(const char *local_table, const char *localuser, const char *uri, const char *remoteuser, const char *pass, bool pw_encrypted) { /* Work in Progress */ FILE *fp = fopen("/tmp/remote_table_auth.txt", "w"); char *password = NULL; bool free_pw = false; str tmp; - BUN p; if (uri == NULL || strNil(uri)) throw(ILLARG, "addRemoteTableCredentials", "URI cannot be nil"); if (localuser == NULL || strNil(localuser)) throw(ILLARG, "addRemoteTableCredentials", "local user name cannot be nil"); - (void)p; - if (pass == NULL) { /* NOTE: Is having the client == NULL safe? */ AUTHgetPasswordHash(&password, NULL, localuser); @@ -1022,7 +1017,7 @@ AUTHaddRemoteTableCredentials(const char } rethrow("addUser", tmp, AUTHverifyPassword(password)); - fprintf(fp, "%s,%s,%s,%s\n",uri, localuser, remoteuser, password); + fprintf(fp, "%s,%s,%s,%s\n", local_table, uri, remoteuser, password); fclose(fp); if (free_pw) { diff --git a/monetdb5/mal/mal_authorize.h b/monetdb5/mal/mal_authorize.h --- a/monetdb5/mal/mal_authorize.h +++ b/monetdb5/mal/mal_authorize.h @@ -27,8 +27,8 @@ mal_export str AUTHgetPasswordHash(str * mal_export str AUTHinitTables(const char *passwd); -mal_export str AUTHaddRemoteTableCredentials(const char *uri, const char *localuser, const char *remoteuser, const char *pass, bool pw_encrypted); -mal_export str AUTHgetRemoteTableCredentials(const char *uri, Client cntxt, str *username, str *password); +mal_export str AUTHaddRemoteTableCredentials(const char *local_table, const char *localuser, const char *uri, const char *remoteuser, const char *pass, bool pw_encrypted); +mal_export str AUTHgetRemoteTableCredentials(const char *local_table, Client cntxt, str *uri, str *username, str *password); /* diff --git a/monetdb5/modules/mal/remote.c b/monetdb5/modules/mal/remote.c --- a/monetdb5/modules/mal/remote.c +++ b/monetdb5/modules/mal/remote.c @@ -260,6 +260,7 @@ str RMTconnect( str RMTconnectURI(Client cntxt, MalBlkPtr mb, MalStkPtr stk, InstrPtr pci) { + char *local_table; char *remoteuser; char *passwd; char *uri; @@ -271,13 +272,13 @@ RMTconnectURI(Client cntxt, MalBlkPtr mb (void)mb; - uri = *getArgReference_str(stk, pci, 1); + local_table = *getArgReference_str(stk, pci, 1); scen = *getArgReference_str(stk, pci, 2); - if (uri == NULL || strcmp(uri, (str)str_nil) == 0) { - throw(ILLARG, "remote.connect", ILLEGAL_ARGUMENT ": URI is NULL or nil"); + if (local_table == NULL || strcmp(local_table, (str)str_nil) == 0) { + throw(ILLARG, "remote.connect", ILLEGAL_ARGUMENT ": local table is NULL or nil"); } - rethrow("remote.connect", tmp, AUTHgetRemoteTableCredentials(uri, cntxt, &remoteuser, &passwd)); + rethrow("remote.connect", tmp, AUTHgetRemoteTableCredentials(local_table, cntxt, &uri, &remoteuser, &passwd)); /* The password we just got is hashed. Add the byte \1 in front to * signal this fact to the mapi. */ diff --git a/sql/server/rel_schema.c b/sql/server/rel_schema.c --- a/sql/server/rel_schema.c +++ b/sql/server/rel_schema.c @@ -948,9 +948,11 @@ rel_create_table(mvc *sql, sql_schema *s if (tt == tt_remote) { char *local_user = stack_get_string(sql, "current_user"); + char *local_table = sa_strconcat(sql->sa, sa_strconcat(sql->sa, sname, "."), name); if (!mapiuri_valid(loc)) return sql_error(sql, 02, SQLSTATE(42000) "CREATE TABLE: incorrect uri '%s' for remote table '%s'", loc, name); - char *reg_credentials = AUTHaddRemoteTableCredentials(mapiuri_uri(loc, sql->sa), local_user, username, password, pw_encrypted); + + char *reg_credentials = AUTHaddRemoteTableCredentials(local_table, local_user, mapiuri_uri(loc, sql->sa), username, password, pw_encrypted); if (reg_credentials != 0) { return sql_error(sql, 02, SQLSTATE(42000) "CREATE TABLE: cannot register credentials for remote table '%s' in vault: %s", name, reg_credentials); } _______________________________________________ checkin-list mailing list checkin-list@monetdb.org https://www.monetdb.org/mailman/listinfo/checkin-list