Changeset: ebf4456f2297 for MonetDB
URL: https://dev.monetdb.org/hg/MonetDB/rev/ebf4456f2297
Modified Files:
clients/Tests/MAL-signatures-hge.test
clients/Tests/MAL-signatures.test
clients/Tests/exports.stable.out
clients/mapiclient/dump.c
monetdb5/mal/mal.c
monetdb5/mal/mal_authorize.c
monetdb5/mal/mal_authorize.h
monetdb5/mal/mal_embedded.c
monetdb5/mal/mal_scenario.c
monetdb5/mal/mal_scenario.h
monetdb5/mal/mal_session.c
monetdb5/modules/mal/clients.c
monetdb5/modules/mal/remote.c
sql/backends/monet5/rel_bin.c
sql/backends/monet5/sql.c
sql/backends/monet5/sql.h
sql/backends/monet5/sql_cat.c
sql/backends/monet5/sql_execute.c
sql/backends/monet5/sql_gencode.c
sql/backends/monet5/sql_scenario.c
sql/backends/monet5/sql_scenario.h
sql/backends/monet5/sql_user.c
sql/backends/monet5/sql_user.h
sql/common/sql_backend.c
sql/common/sql_backend.h
sql/scripts/22_clients.sql
sql/scripts/52_describe.sql
sql/server/rel_distribute.c
sql/server/rel_prop.c
sql/server/rel_prop.h
sql/server/rel_schema.c
sql/server/sql_mvc.c
sql/server/sql_mvc.h
sql/server/sql_parser.y
sql/server/sql_privileges.c
sql/server/sql_privileges.h
sql/test/Dependencies/Tests/dependency_DBobjects.test
sql/test/Dependencies/Tests/dependency_functions.test
sql/test/Dependencies/Tests/dependency_owner_schema_3.test
sql/test/testdb/Tests/dump-nogeom.stable.out
sql/test/testdb/Tests/dump.stable.out
sql/test/testdb/Tests/load.test
tools/monetdbe/monetdbe.c
tools/mserver/shutdowntest.c
Branch: triggers
Log Message:
brought the remote table credentials into the sql layer.
There now is a new table remote_user_info, which has 3 columns
(table_id, username, pwhash/cyphered).
The mapi login is now done by the scenario initClient call (which is called
directly, no longer in the scenarioBody).
With this the callback interface for AUTH->sql is removed
also the user api hooks on the sql side.
diffs (truncated from 2696 to 300 lines):
diff --git a/clients/Tests/MAL-signatures-hge.test
b/clients/Tests/MAL-signatures-hge.test
--- a/clients/Tests/MAL-signatures-hge.test
+++ b/clients/Tests/MAL-signatures-hge.test
@@ -47834,11 +47834,6 @@ command remote.connect(X_0:str, X_1:str,
RMTconnectScen;
returns a newly created connection for uri, using user name, password and
scenario
remote
-connect
-pattern remote.connect(X_0:str, X_1:str):str
-RMTconnectTable;
-return a newly created connection for a table. username and password should be
in the vault
-remote
disconnect
command remote.disconnect(X_0:str):void
RMTdisconnect;
@@ -48279,6 +48274,11 @@ command sql.date_trunc(X_0:str, X_1:time
date_trunc;
Truncate a timestamp to (millennium,
century,decade,year,quarter,month,week,day,hour,minute,second,
milliseconds,microseconds)
sql
+decypher
+pattern sql.decypher(X_0:str):str
+SQLdecypher;
+Return decyphered password
+sql
delete
unsafe pattern sql.delete(X_0:int, X_1:str, X_2:str, X_3:any):int
mvc_delete_wrap;
@@ -48769,11 +48769,6 @@ pattern sql.row_number(X_0:any_1, X_1:bi
SQLrow_number;
return the row_numer-ed groups
sql
-rt_credentials
-pattern sql.rt_credentials(X_0:str) (X_1:bat[:str], X_2:bat[:str],
X_3:bat[:str])
-sql_rt_credentials_wrap;
-Return the remote table credentials for the given table
-sql
sessions
pattern sql.sessions() (X_0:bat[:int], X_1:bat[:str], X_2:bat[:timestamp],
X_3:bat[:timestamp], X_4:bat[:str], X_5:bat[:int], X_6:bat[:int],
X_7:bat[:int], X_8:bat[:int])
sql_sessions_wrap;
@@ -49304,6 +49299,11 @@ pattern sqlcatalog.create_table(X_0:str,
SQLcreate_table;
Catalog operation create_table
sqlcatalog
+create_table
+pattern sqlcatalog.create_table(X_0:str, X_1:str, X_2:ptr, X_3:int, X_4:str,
X_5:str):void
+SQLcreate_table;
+Catalog operation create_table
+sqlcatalog
create_trigger
pattern sqlcatalog.create_trigger(X_0:str, X_1:str, X_2:str, X_3:int, X_4:int,
X_5:int, X_6:str, X_7:str, X_8:str, X_9:str, X_10:int):void
SQLcreate_trigger;
diff --git a/clients/Tests/MAL-signatures.test
b/clients/Tests/MAL-signatures.test
--- a/clients/Tests/MAL-signatures.test
+++ b/clients/Tests/MAL-signatures.test
@@ -36264,11 +36264,6 @@ command remote.connect(X_0:str, X_1:str,
RMTconnectScen;
returns a newly created connection for uri, using user name, password and
scenario
remote
-connect
-pattern remote.connect(X_0:str, X_1:str):str
-RMTconnectTable;
-return a newly created connection for a table. username and password should be
in the vault
-remote
disconnect
command remote.disconnect(X_0:str):void
RMTdisconnect;
@@ -36684,6 +36679,11 @@ command sql.date_trunc(X_0:str, X_1:time
date_trunc;
Truncate a timestamp to (millennium,
century,decade,year,quarter,month,week,day,hour,minute,second,
milliseconds,microseconds)
sql
+decypher
+pattern sql.decypher(X_0:str):str
+SQLdecypher;
+Return decyphered password
+sql
delete
unsafe pattern sql.delete(X_0:int, X_1:str, X_2:str, X_3:any):int
mvc_delete_wrap;
@@ -37149,11 +37149,6 @@ pattern sql.row_number(X_0:any_1, X_1:bi
SQLrow_number;
return the row_numer-ed groups
sql
-rt_credentials
-pattern sql.rt_credentials(X_0:str) (X_1:bat[:str], X_2:bat[:str],
X_3:bat[:str])
-sql_rt_credentials_wrap;
-Return the remote table credentials for the given table
-sql
sessions
pattern sql.sessions() (X_0:bat[:int], X_1:bat[:str], X_2:bat[:timestamp],
X_3:bat[:timestamp], X_4:bat[:str], X_5:bat[:int], X_6:bat[:int],
X_7:bat[:int], X_8:bat[:int])
sql_sessions_wrap;
@@ -37629,6 +37624,11 @@ pattern sqlcatalog.create_table(X_0:str,
SQLcreate_table;
Catalog operation create_table
sqlcatalog
+create_table
+pattern sqlcatalog.create_table(X_0:str, X_1:str, X_2:ptr, X_3:int, X_4:str,
X_5:str):void
+SQLcreate_table;
+Catalog operation create_table
+sqlcatalog
create_trigger
pattern sqlcatalog.create_trigger(X_0:str, X_1:str, X_2:str, X_3:int, X_4:int,
X_5:int, X_6:str, X_7:str, X_8:str, X_9:str, X_10:int):void
SQLcreate_trigger;
diff --git a/clients/Tests/exports.stable.out b/clients/Tests/exports.stable.out
--- a/clients/Tests/exports.stable.out
+++ b/clients/Tests/exports.stable.out
@@ -721,18 +721,8 @@ const char *wsaerror(int);
# monetdb5
str AUTHGeneratePasswordHash(str *res, const char *value);
-str AUTHRegisterGetPasswordHandler(get_user_password_handler callback);
-str AUTHRegisterGetUserNameHandler(get_user_name_handler callback);
-str AUTHRegisterGetUserOIDHandler(get_user_oid_handler callback);
-str AUTHaddRemoteTableCredentials(const char *local_table, const char
*localuser, const char *uri, const char *remoteuser, const char *pass, bool
pw_encrypted);
-str AUTHcheckCredentials(oid *ret, Client c, const char *user, const char
*passwd, const char *challenge, const char *algo);
str AUTHcypherValue(str *ret, const char *value);
str AUTHdecypherValue(str *ret, const char *value);
-str AUTHdeleteRemoteTableCredentials(const char *local_table);
-str AUTHgetPasswordHash(str *ret, Client c, const char *username);
-str AUTHgetRemoteTableCredentials(const char *local_table, str *uri, str
*username, str *password);
-str AUTHgetUsername(str *ret, Client c);
-str AUTHinitTables(void);
str AUTHrequireAdmin(Client c);
str AUTHunlockVault(const char *password);
str AUTHverifyPassword(const char *passwd);
@@ -1366,8 +1356,8 @@ str SQLengineIntern(Client c, backend *b
str SQLescapeString(str s);
str SQLexit(Client c);
str SQLexitClient(Client c);
-str SQLinitClient(Client c);
-str SQLinitClientFromMAL(Client c);
+str SQLinitClient(Client c, str passwd, str challenge, str algo);
+str SQLinitClientFromMAL(Client c, str passwd, str challenge, str algo);
str SQLparser(Client c);
str SQLreader(Client c);
str SQLresetClient(Client c);
diff --git a/clients/mapiclient/dump.c b/clients/mapiclient/dump.c
--- a/clients/mapiclient/dump.c
+++ b/clients/mapiclient/dump.c
@@ -409,6 +409,47 @@ bailout:
return false;
}
+static bool
+has_remote_user_info_table(Mapi mid)
+{
+ MapiHdl hdl;
+ bool ret;
+ static int answer = -1;
+
+ if (answer >= 0)
+ return answer;
+
+ if ((hdl = mapi_query(mid,
+ "select id from sys._tables"
+ " where name = 'remote_user_info'"
+ " and schema_id = ("
+ "select id from sys.schemas"
+ " where name = 'sys')")) == NULL ||
+ mapi_error(mid))
+ goto bailout;
+ ret = mapi_get_row_count(hdl) == 1;
+ while ((mapi_fetch_row(hdl)) != 0) {
+ if (mapi_error(mid))
+ goto bailout;
+ }
+ if (mapi_error(mid))
+ goto bailout;
+ mapi_close_handle(hdl);
+ answer = ret;
+ return ret;
+
+bailout:
+ if (hdl) {
+ if (mapi_result_error(hdl))
+ mapi_explain_result(hdl, stderr);
+ else
+ mapi_explain_query(hdl, stderr);
+ mapi_close_handle(hdl);
+ } else
+ mapi_explain(mid, stderr);
+ return false;
+}
+
static int
dump_foreign_keys(Mapi mid, const char *schema, const char *tname, const char
*tid, stream *toConsole)
{
@@ -1320,10 +1361,17 @@ describe_table(Mapi mid, const char *sch
} else if (type == 5) { /* remote table */
char *rt_user = NULL;
char *rt_hash = NULL;
- snprintf(query, maxquerylen,
- "SELECT username, hash "
- "FROM sys.remote_table_credentials('%s.%s')",
- schema, tname);
+ if (has_remote_user_info_table(mid)) {
+ snprintf(query, maxquerylen,
+ "SELECT username,
sys.decypher(password) "
+ "FROM sys.remote_user_info where
table_id = (select t.id from sys._tables t, sys.schemas s where "
+ "t.schema_id = s.id and s.name = '%s'
and t.name = '%s')", schema, tname);
+ } else {
+ snprintf(query, maxquerylen,
+ "SELECT username, hash "
+ "FROM
sys.remote_table_credentials('%s.%s')",
+ schema, tname);
+ }
if ((hdl = mapi_query(mid, query)) == NULL ||
mapi_error(mid))
goto bailout;
cnt = 0;
diff --git a/monetdb5/mal/mal.c b/monetdb5/mal/mal.c
--- a/monetdb5/mal/mal.c
+++ b/monetdb5/mal/mal.c
@@ -163,11 +163,6 @@ mal_init(char *modules[], bool embedded,
if (initialize_tl_client_key() != 0)
return -1;
- if ((err = AUTHinitTables()) != MAL_SUCCEED) {
- freeException(err);
- return -1;
- }
-
if (!MCinit())
return -1;
#ifndef NDEBUG
diff --git a/monetdb5/mal/mal_authorize.c b/monetdb5/mal/mal_authorize.c
--- a/monetdb5/mal/mal_authorize.c
+++ b/monetdb5/mal/mal_authorize.c
@@ -33,24 +33,11 @@
#include <unistd.h>
#endif
-/* Remote table bats */
-static BAT *rt_key = NULL;
-static BAT *rt_uri = NULL;
-static BAT *rt_remoteuser = NULL;
-static BAT *rt_hashedpwd = NULL;
-static BAT *rt_deleted = NULL;
/* yep, the vault key is just stored in memory */
static str vaultKey = NULL;
-static str master_password = NULL;
/* lock to protect the above */
static MT_RWLock rt_lock = MT_RWLOCK_INITIALIZER(rt_lock);
-static AUTHCallbackCntx authCallbackCntx = {
- .get_user_name = NULL,
- .get_user_password = NULL,
- .get_user_oid = NULL,
-};
-static str AUTHdeleteRemoteTableCredentialsLocked(const char *local_table);
static str AUTHdecypherValueLocked(str *ret, const char *value);
void AUTHreset(void)
@@ -74,383 +61,8 @@ AUTHrequireAdmin(Client cntxt) {
return(MAL_SUCCEED);
}
-static str
-AUTHcommit(void)
-{
- bat blist[6];
-
- blist[0] = 0;
-
- assert(rt_key);
- blist[1] = rt_key->batCacheid;
- assert(rt_uri);
- blist[2] = rt_uri->batCacheid;
- assert(rt_remoteuser);
- blist[3] = rt_remoteuser->batCacheid;
- assert(rt_hashedpwd);
- blist[4] = rt_hashedpwd->batCacheid;
- assert(rt_deleted);
- blist[5] = rt_deleted->batCacheid;
- if (TMsubcommit_list(blist, NULL, 6, getBBPlogno(), getBBPtransid()) !=
GDK_SUCCEED)
- throw(MAL, "AUTHcommit", GDK_EXCEPTION);
- return MAL_SUCCEED;
-}
-
-/*
- * Localize the authorization tables in the database. The authorization
- * tables are a set of aligned BATs that store username, password (hashed)
- * and scenario permissions.
- * If the BATs do not exist, they are created, and the monetdb
- * administrator account is added with the given password (or 'monetdb'
- * if NULL). Initialising the authorization tables can only be done
- * after the GDK kernel has been initialized.
- */
-str
-AUTHinitTables(void) {
- bat bid;
- int isNew = 1;
- str msg = MAL_SUCCEED;
-
- MT_rwlock_wrlock(&rt_lock);
-
- /* skip loading if already loaded */
- if (rt_key != NULL && rt_deleted != NULL) {
- MT_rwlock_wrunlock(&rt_lock);
- return(MAL_SUCCEED);
- }
-
_______________________________________________
checkin-list mailing list -- checkin-list@monetdb.org
To unsubscribe send an email to checkin-list-le...@monetdb.org
