Mercurial > hg > MonetDB
changeset 86149:0b7fb3a2229c userprofile
Remove commented code and tests.
| author | Sjoerd Mullender <sjoerd@acm.org> |
|---|---|
| date | Fri, 22 Jul 2022 16:10:19 +0200 |
| parents | a6f5eda2607b |
| children | 1a99e3095157 |
| files | monetdb5/mal/Tests/All monetdb5/mal/Tests/tst830.maltest monetdb5/mal/mal_authorize.c monetdb5/mal/mal_authorize.h monetdb5/mal/mal_client.c monetdb5/modules/mal/Tests/All monetdb5/modules/mal/Tests/clients-getpasswd.maltest monetdb5/modules/mal/clients.c sql/backends/monet5/sql.c sql/backends/monet5/sql_user.c sql/backends/monet5/sql_user.h |
| diffstat | 11 files changed, 3 insertions(+), 784 deletions(-) [+] |
line wrap: on
line diff
--- a/monetdb5/mal/Tests/All +++ b/monetdb5/mal/Tests/All @@ -170,7 +170,6 @@ tst802 tst804 tst810 tst819 -#tst830 removed API tst840 tst850 tst866
deleted file mode 100644 --- a/monetdb5/mal/Tests/tst830.maltest +++ /dev/null @@ -1,61 +0,0 @@ -statement ok -function foo(); - pw := clients.backendsum("Pmonetdb"); - id := clients.addUser("monetdb", pw); -catch MALException:str; - io.printf("0: %s\n",MALException); -exit MALException; - # should print 1@0 or something - id := clients.addUser("test", pw); - io.print(id); - # this should work also - id := clients.addUser("checkpoint", pw); - io.print(id); - # do a simple listing of users known - (u,n) := clients.getUsers(); - io.print(u,n); - # should work, we're the admin here - clients.removeUser("checkpoint"); - # do a simple listing of users known - (u,n) := clients.getUsers(); - io.print(u,n); - # forcefully set the password of the user test - clients.setPassword("test", pw); - # now try to set the password for ourself, should fail - clients.setPassword("monetdb", pw); -catch InvalidCredentialsException:str; - io.printf("1: %s\n", InvalidCredentialsException); -exit InvalidCredentialsException; -# -# # change our own password, -# mypw := clients.backendsum("monetdb"); -# clients.changePassword(mypw, pw); -# # try it again, should fail... -# clients.changePassword(mypw, pw); -#catch InvalidCredentialsException:str; -# io.printf("2: %s\n",InvalidCredentialsException); -# InvalidCredentialsException:= nil:str; -#exit InvalidCredentialsException; - # all should fail - clients.checkPermission("monetdb","Pmonetdb"); -catch InvalidCredentialsException:str; - io.printf("3: %s\n",InvalidCredentialsException); - InvalidCredentialsException:= nil:str; -exit InvalidCredentialsException; - clients.checkPermission("monetdb","x"); -catch InvalidCredentialsException:str; - io.printf("4: %s\n",InvalidCredentialsException); - InvalidCredentialsException:= nil:str; -exit InvalidCredentialsException; - clients.checkPermission("x","Pmonetdb"); -catch InvalidCredentialsException:str; - io.printf("5: %s\n",InvalidCredentialsException); - InvalidCredentialsException:= nil:str; -exit InvalidCredentialsException; -end; - -query T rowsort -user.foo(); ----- -5: InvalidCredentialsException:checkCredentials:invalid credentials for user 'x' -
--- a/monetdb5/mal/mal_authorize.c +++ b/monetdb5/mal/mal_authorize.c @@ -33,10 +33,6 @@ static BUN lookupRemoteTableKey(const char *key); -// static BAT *user = NULL; -// static BAT *pass = NULL; -// static BAT *duser = NULL; - /* Remote table bats */ static BAT *rt_key = NULL; static BAT *rt_uri = NULL; @@ -54,39 +50,11 @@ static AUTHCallbackCntx authCallbackCntx void AUTHreset(void) { - //if( user) BBPunfix(user->batCacheid); - // user = NULL; - //if( pass) BBPunfix(pass->batCacheid); - // pass = NULL; - //if( duser) BBPunfix(duser->batCacheid); - // duser = NULL; if (vaultKey != NULL) GDKfree(vaultKey); vaultKey = NULL; } -// static BUN -// AUTHfindUser(const char *username) -// { -// BATiter cni = bat_iterator(user); -// BUN p; -// -// if (BAThash(user) == GDK_SUCCEED) { -// MT_rwlock_rdlock(&user->thashlock); -// HASHloop_str(cni, user->thash, p, username) { -// oid pos = p; -// if (BUNfnd(duser, &pos) == BUN_NONE) { -// MT_rwlock_rdunlock(&user->thashlock); -// bat_iterator_end(&cni); -// return p; -// } -// } -// MT_rwlock_rdunlock(&user->thashlock); -// } -// bat_iterator_end(&cni); -// return BUN_NONE; -// } - /** * Requires the current client to be the admin user thread. If not the case, * this function returns an InvalidCredentialsException. @@ -98,50 +66,8 @@ AUTHrequireAdmin(Client cntxt) { if (cntxt->user != MAL_ADMIN) throw(MAL, "AUTHrequireAdmin", INVCRED_ACCESS_DENIED); return(MAL_SUCCEED); - - // oid id; - - // if (cntxt == NULL) - // return(MAL_SUCCEED); - // id = cntxt->user; - - // if (id != MAL_ADMIN) { - // str user = NULL; - // str tmp; - - // rethrow("requireAdmin", tmp, AUTHresolveUser(&user, id)); - // tmp = createException(INVCRED, "requireAdmin", INVCRED_ACCESS_DENIED " '%s'", user); - // GDKfree(user); - // return tmp; - // } - - // return(MAL_SUCCEED); } -/** - * Requires the current client to be the admin user, or the user with - * the given username. If not the case, this function returns an - * InvalidCredentialsException. - */ -// static str -// AUTHrequireAdminOrUser(Client cntxt, const char *username) { -// oid id = cntxt->user; -// str user = NULL; -// str tmp = MAL_SUCCEED; -// -// /* MAL_ADMIN then all is well */ -// if (id == MAL_ADMIN) -// return(MAL_SUCCEED); -// -// rethrow("requireAdminOrUser", tmp, AUTHresolveUser(&user, id)); -// if (username == NULL || strcmp(username, user) != 0) -// tmp = createException(INVCRED, "requireAdminOrUser", -// INVCRED_ACCESS_DENIED " '%s'", user); -// -// GDKfree(user); -// return tmp; -// } - static void AUTHcommit(void) { @@ -149,12 +75,6 @@ AUTHcommit(void) blist[0] = 0; - // assert(user); - // blist[1] = user->batCacheid; - // assert(pass); - // blist[2] = pass->batCacheid; - // assert(duser); - // blist[3] = duser->batCacheid; assert(rt_key); blist[1] = rt_key->batCacheid; assert(rt_uri); @@ -186,78 +106,8 @@ AUTHinitTables(const char *passwd) { (void) passwd; /* skip loading if already loaded */ - //if (user != NULL && pass != NULL) - // return(MAL_SUCCEED); - - /* if one is not NULL here, something is seriously screwed up */ - // assert (user == NULL); - // assert (pass == NULL); - - /* load/create users BAT */ - // bid = BBPindex("M5system_auth_user"); - // if (!bid) { - // user = COLnew(0, TYPE_str, 256, PERSISTENT); - // if (user == NULL) - // throw(MAL, "initTables.user", SQLSTATE(HY013) MAL_MALLOC_FAIL " user table"); - - // if (BATkey(user, true) != GDK_SUCCEED || - // BBPrename(user, "M5system_auth_user") != 0 || - // BATmode(user, false) != GDK_SUCCEED) { - // throw(MAL, "initTables.user", GDK_EXCEPTION); - // } - // } else { - // int dbg = GDKdebug; - // /* don't check this bat since we'll fix it below */ - // GDKdebug &= ~CHECKMASK; - // user = BATdescriptor(bid); - // GDKdebug = dbg; - // if (user == NULL) - // throw(MAL, "initTables.user", SQLSTATE(HY002) RUNTIME_OBJECT_MISSING); - // isNew = 0; - // } - // assert(user); - - /* load/create password BAT */ - // bid = BBPindex("M5system_auth_passwd_v2"); - // if (!bid) { - // pass = COLnew(0, TYPE_str, 256, PERSISTENT); - // if (pass == NULL) - // throw(MAL, "initTables.passwd", SQLSTATE(HY013) MAL_MALLOC_FAIL " password table"); - - // if (BBPrename(pass, "M5system_auth_passwd_v2") != 0 || - // BATmode(pass, false) != GDK_SUCCEED) { - // throw(MAL, "initTables.user", GDK_EXCEPTION); - // } - // } else { - // int dbg = GDKdebug; - // /* don't check this bat since we'll fix it below */ - // GDKdebug &= ~CHECKMASK; - // pass = BATdescriptor(bid); - // GDKdebug = dbg; - // if (pass == NULL) - // throw(MAL, "initTables.passwd", SQLSTATE(HY002) RUNTIME_OBJECT_MISSING); - // isNew = 0; - // } - // assert(pass); - - /* load/create deleted BAT */ - // bid = BBPindex("M5system_auth_deleted"); - // if (!bid) { - // duser = COLnew(0, TYPE_oid, 256, PERSISTENT); - // if (duser == NULL) - // throw(MAL, "initTables.duser", SQLSTATE(HY013) MAL_MALLOC_FAIL " deleted user table"); - - // if (BBPrename(duser, "M5system_auth_deleted") != 0 || - // BATmode(duser, false) != GDK_SUCCEED) { - // throw(MAL, "initTables.user", GDK_EXCEPTION); - // } - // } else { - // duser = BATdescriptor(bid); - // if (duser == NULL) - // throw(MAL, "initTables.duser", SQLSTATE(HY002) RUNTIME_OBJECT_MISSING); - // isNew = 0; - // } - // assert(duser); + if (rt_key != NULL && rt_deleted != NULL) + return(MAL_SUCCEED); /* Remote table authorization table. * @@ -386,30 +236,6 @@ AUTHinitTables(const char *passwd) { } assert(rt_deleted); - //if (isNew == 1) { - // /* insert the monetdb/monetdb administrator account on a - // * complete fresh and new auth tables system */ - // char *pw; - // oid uid; - - // if (passwd == NULL) - // passwd = "monetdb"; /* default password */ - // pw = mcrypt_BackendSum(passwd, strlen(passwd)); - // if(!pw) { - // if (!GDKembedded()) - // throw(MAL, "initTables", SQLSTATE(42000) "Crypt backend hash not found"); - // else - // pw = strdup(passwd); - // } - // msg = AUTHaddUser(&uid, NULL, "monetdb", pw); - // free(pw); - // if (msg) - // return msg; - // if (uid != MAL_ADMIN) - // throw(MAL, "initTables", INTERNAL_AUTHORIZATION " while they were just created!"); - // /* normally, we'd commit here, but it's done already in AUTHaddUser */ - //} - if (!GDKinmemory(0) && !GDKembedded()) { free(master_password); master_password = NULL; @@ -442,9 +268,6 @@ AUTHcheckCredentials( str hash = NULL; oid p = oid_nil; str passValue = NULL; - // BATiter passi; - // assert(user); - // assert(pass); if (strNil(username)) throw(INVCRED, "checkCredentials", "invalid credentials for unknown user"); @@ -477,13 +300,9 @@ AUTHcheckCredentials( } /* find the corresponding password to the user */ - // passi = bat_iterator(pass); - // tmp = (str)BUNtvar(passi, p); - // assert (tmp != NULL); /* decypher the password (we lose the original tmp here) */ tmp = AUTHdecypherValue(&pwd, passValue); GDKfree(passValue); - // bat_iterator_end(&passi); if (tmp) return tmp; @@ -524,276 +343,6 @@ AUTHcheckCredentials( } /** - * Adds the given user with password to the administration. The - * return value of this function is the user id of the added user. - */ -// str -// AUTHaddUser(oid *uid, Client cntxt, const char *username, const char *passwd) -// { -// BUN p; -// str tmp; -// str hash = NULL; -// -// assert(user); -// assert(pass); -// if (BATcount(user)) -// rethrow("addUser", tmp, AUTHrequireAdmin(cntxt)); -// -// /* some pre-condition checks */ -// if (strNil(username)) -// throw(ILLARG, "addUser", "username should not be nil"); -// if (strNil(passwd)) -// throw(ILLARG, "addUser", "password should not be nil"); -// rethrow("addUser", tmp, AUTHverifyPassword(passwd)); -// -// /* ensure that the username is not already there */ -// p = AUTHfindUser(username); -// if (p != BUN_NONE) -// throw(MAL, "addUser", "user '%s' already exists", username); -// -// /* we assume the BATs are still aligned */ -// if (!GDKembedded()) { -// rethrow("addUser", tmp, AUTHcypherValue(&hash, passwd)); -// } else { -// if (!(hash = GDKstrdup("hash"))) -// throw(MAL, "addUser", SQLSTATE(HY013) MAL_MALLOC_FAIL); -// } -// /* needs force, as SQL makes a view over user */ -// if (BUNappend(user, username, true) != GDK_SUCCEED || -// BUNappend(pass, hash, true) != GDK_SUCCEED) { -// GDKfree(hash); -// throw(MAL, "addUser", SQLSTATE(HY013) MAL_MALLOC_FAIL); -// } -// GDKfree(hash); -// /* retrieve the oid of the just inserted user */ -// p = AUTHfindUser(username); -// -// /* make the stuff persistent */ -// if (!GDKembedded()) -// AUTHcommit(); -// -// *uid = p; -// return(MAL_SUCCEED); -// } - -/** - * Removes the given user from the administration. - */ -// str -// AUTHremoveUser(Client cntxt, const char *username) -// { -// BUN p; -// oid id; -// str tmp; -// -// rethrow("removeUser", tmp, AUTHrequireAdmin(cntxt)); -// assert(user); -// assert(pass); -// -// /* pre-condition check */ -// if (strNil(username)) -// throw(ILLARG, "removeUser", "username should not be nil"); -// -// /* ensure that the username exists */ -// p = AUTHfindUser(username); -// if (p == BUN_NONE) -// throw(MAL, "removeUser", "no such user: '%s'", username); -// id = p; -// -// /* find the name of the administrator and see if it equals username */ -// if (id == cntxt->user) -// throw(MAL, "removeUser", "cannot remove yourself"); -// -// /* now, we got the oid, start removing the related tuples */ -// if (BUNappend(duser, &id, true) != GDK_SUCCEED) -// throw(MAL, "removeUser", SQLSTATE(HY013) MAL_MALLOC_FAIL); -// -// /* make the stuff persistent */ -// AUTHcommit(); -// return(MAL_SUCCEED); -// } - -/** - * Changes the username of the user indicated by olduser into newuser. - * If the newuser is already in use, an exception is thrown and nothing - * is modified. - */ -// str -// AUTHchangeUsername(Client cntxt, const char *olduser, const char *newuser) -// { -// BUN p, q; -// str tmp; -// -// rethrow("addUser", tmp, AUTHrequireAdminOrUser(cntxt, olduser)); -// -// /* precondition checks */ -// if (strNil(olduser)) -// throw(ILLARG, "changeUsername", "old username should not be nil"); -// if (strNil(newuser)) -// throw(ILLARG, "changeUsername", "new username should not be nil"); -// -// /* see if the olduser is valid */ -// p = AUTHfindUser(olduser); -// if (p == BUN_NONE) -// throw(MAL, "changeUsername", "user '%s' does not exist", olduser); -// /* ... and if the newuser is not there yet */ -// q = AUTHfindUser(newuser); -// if (q != BUN_NONE) -// throw(MAL, "changeUsername", "user '%s' already exists", newuser); -// -// /* ok, just do it! (with force, because sql makes view over it) */ -// assert(user->hseqbase == 0); -// if (BUNreplace(user, p, newuser, true) != GDK_SUCCEED) -// throw(MAL, "changeUsername", GDK_EXCEPTION); -// AUTHcommit(); -// return(MAL_SUCCEED); -// } - -/** - * Changes the password of the current user to the given password. The - * old password must match the one stored before the new password is - * set. - */ -// str -// AUTHchangePassword(Client cntxt, const char *oldpass, const char *passwd) -// { -// BUN p; -// str tmp= NULL; -// str hash= NULL; -// oid id; -// BATiter passi; -// str msg= MAL_SUCCEED; -// -// /* precondition checks */ -// if (strNil(oldpass)) -// throw(ILLARG, "changePassword", "old password should not be nil"); -// if (strNil(passwd)) -// throw(ILLARG, "changePassword", "password should not be nil"); -// rethrow("changePassword", tmp, AUTHverifyPassword(passwd)); -// -// /* check the old password */ -// id = cntxt->user; -// p = id; -// assert(p != BUN_NONE); -// passi = bat_iterator(pass); -// tmp = BUNtvar(passi, p); -// assert (tmp != NULL); -// /* decypher the password */ -// msg = AUTHdecypherValue(&hash, tmp); -// bat_iterator_end(&passi); -// if (msg) -// return msg; -// if (strcmp(hash, oldpass) != 0){ -// GDKfree(hash); -// throw(INVCRED, "changePassword", "Access denied"); -// } -// -// GDKfree(hash); -// /* cypher the password */ -// msg = AUTHcypherValue(&hash, passwd); -// if (msg) -// return msg; -// -// /* ok, just overwrite the password field for this user */ -// assert(id == p); -// assert(pass->hseqbase == 0); -// if (BUNreplace(pass, p, hash, true) != GDK_SUCCEED) { -// GDKfree(hash); -// throw(INVCRED, "changePassword", GDK_EXCEPTION); -// } -// GDKfree(hash); -// AUTHcommit(); -// return(MAL_SUCCEED); -// } - -/** - * Changes the password of the given user to the given password. This - * function can be used by the administrator to reset the password for a - * user. Note that for the administrator to change its own password, it - * cannot use this function for obvious reasons. - */ -// str -// AUTHsetPassword(Client cntxt, const char *username, const char *passwd) -// { -// BUN p; -// str tmp; -// str hash = NULL; -// oid id; -// BATiter useri; -// -// rethrow("setPassword", tmp, AUTHrequireAdmin(cntxt)); -// -// /* precondition checks */ -// if (strNil(username)) -// throw(ILLARG, "setPassword", "username should not be nil"); -// if (strNil(passwd)) -// throw(ILLARG, "setPassword", "password should not be nil"); -// rethrow("setPassword", tmp, AUTHverifyPassword(passwd)); -// -// id = cntxt->user; -// /* find the name of the administrator and see if it equals username */ -// p = id; -// assert (p != BUN_NONE); -// useri = bat_iterator(user); -// tmp = BUNtvar(useri, p); -// assert (tmp != NULL); -// if (strcmp(tmp, username) == 0) { -// bat_iterator_end(&useri); -// throw(INVCRED, "setPassword", "The administrator cannot set its own password, use changePassword instead"); -// } -// -// /* see if the user is valid */ -// p = AUTHfindUser(username); -// if (p == BUN_NONE) { -// bat_iterator_end(&useri); -// throw(MAL, "setPassword", "no such user '%s'", username); -// } -// id = p; -// -// /* cypher the password */ -// tmp = AUTHcypherValue(&hash, passwd); -// bat_iterator_end(&useri); -// if (tmp) -// return tmp; -// /* ok, just overwrite the password field for this user */ -// assert (p != BUN_NONE); -// assert(id == p); -// assert(pass->hseqbase == 0); -// if (BUNreplace(pass, p, hash, true) != GDK_SUCCEED) { -// GDKfree(hash); -// throw(MAL, "setPassword", GDK_EXCEPTION); -// } -// GDKfree(hash); -// AUTHcommit(); -// return(MAL_SUCCEED); -// } - -/** - * Resolves the given user id and returns the associated username. If - * the id is invalid, an exception is thrown. The given pointer to the - * username char buffer should be NULL if this function is supposed to - * allocate memory for it. If the pointer is pointing to an already - * allocated buffer, it is supposed to be of size BUFSIZ. - */ -// str -// AUTHresolveUser(str *username, oid uid) -// { -// BUN p; -// BATiter useri; -// -// if (is_oid_nil(uid) || (p = (BUN) uid) >= BATcount(user)) -// throw(ILLARG, "resolveUser", "userid should not be nil"); -// -// assert(username != NULL); -// useri = bat_iterator(user); -// *username = GDKstrdup((str)(BUNtvar(useri, p))); -// bat_iterator_end(&useri); -// if (*username == NULL) -// throw(MAL, "resolveUser", SQLSTATE(HY013) MAL_MALLOC_FAIL); -// return(MAL_SUCCEED); -// } - -/** * Returns the username of the given client. */ str @@ -809,69 +358,15 @@ AUTHgetUsername(str *username, Client cn } } return(MAL_SUCCEED); - - // TODO remove - // BUN p; - // BATiter useri; - - // p = (BUN) cntxt->user; - - // /* If you ask for a username using a client struct, and that user - // * doesn't exist, you seriously screwed up somehow. If this - // * happens, it may be a security breach/attempt, and hence - // * terminating the entire system seems like the right thing to do to - // * me. */ - // assert(p < BATcount(user)); - - // useri = bat_iterator(user); - // *username = GDKstrdup( BUNtvar(useri, p)); - // bat_iterator_end(&useri); - // if (*username == NULL) - // throw(MAL, "getUsername", SQLSTATE(HY013) MAL_MALLOC_FAIL); - // return(MAL_SUCCEED); } /** - * Returns a BAT with user names in the tail, and user ids in the head. - */ -// str -// AUTHgetUsers(BAT **ret1, BAT **ret2, Client cntxt) -// { -// BAT *bn; -// str tmp; -// -// rethrow("getUsers", tmp, AUTHrequireAdmin(cntxt)); -// -// *ret1 = BATdense(user->hseqbase, user->hseqbase, BATcount(user)); -// if (*ret1 == NULL) -// throw(MAL, "getUsers", SQLSTATE(HY013) MAL_MALLOC_FAIL); -// if (BATcount(duser)) { -// bn = BATdiff(*ret1, duser, NULL, NULL, false, false, BUN_NONE); -// BBPunfix((*ret1)->batCacheid); -// *ret2 = BATproject(bn, user); -// *ret1 = bn; -// } else { -// *ret2 = COLcopy(user, user->ttype, false, TRANSIENT); -// } -// if (*ret1 == NULL || *ret2 == NULL) { -// if (*ret1) -// BBPunfix((*ret1)->batCacheid); -// if (*ret2) -// BBPunfix((*ret2)->batCacheid); -// throw(MAL, "getUsers", SQLSTATE(HY013) MAL_MALLOC_FAIL); -// } -// return(NULL); -// } - -/** * Returns the password hash as used by the backend for the given * username. Throws an exception if called by a non-superuser. */ str AUTHgetPasswordHash(str *ret, Client cntxt, const char *username) { - // BUN p; - // BATiter i; str tmp; str msg; str passwd = NULL; @@ -897,19 +392,6 @@ AUTHgetPasswordHash(str *ret, Client cnt if(tmp) GDKfree(tmp); - // TODO remove old implementation - // p = AUTHfindUser(username); - // if (p == BUN_NONE) - // throw(MAL, "getPasswordHash", "user '%s' does not exist", username); - // i = bat_iterator(pass); - // tmp = BUNtvar(i, p); - // assert (tmp != NULL); - // /* decypher the password */ - // tmp = AUTHdecypherValue(&passwd, tmp); - // bat_iterator_end(&i); - // if (tmp) - // return tmp; - *ret = passwd; return(MAL_SUCCEED); }
--- a/monetdb5/mal/mal_authorize.h +++ b/monetdb5/mal/mal_authorize.h @@ -17,14 +17,7 @@ #define MAL_ADMIN (oid) 0 mal_export str AUTHcheckCredentials(oid *ret, Client c, const char *user, const char *passwd, const char *challenge, const char *algo); -// mal_export str AUTHaddUser(oid *ret, Client c, const char *user, const char *pass); -// mal_export str AUTHremoveUser(Client c, const char *username); -// mal_export str AUTHchangeUsername(Client c, const char *olduser, const char *newuser); -// mal_export str AUTHchangePassword(Client c, const char *oldpass, const char *passwd); -// mal_export str AUTHsetPassword(Client c, const char *username, const char *passwd); -// mal_export str AUTHresolveUser(str *ret, oid uid); mal_export str AUTHgetUsername(str *ret, Client c); -// mal_export str AUTHgetUsers(BAT **ret1, BAT **ret2, Client c); mal_export str AUTHgetPasswordHash(str *ret, Client c, const char *username); mal_export str AUTHinitTables(const char *passwd); @@ -41,7 +34,7 @@ mal_export str AUTHdeleteRemoteTableCred * (the vault) by supplying the master password which is the key for the * cypher algorithm used to store the data. The BAT will never * contain the plain hashes, as they will be decyphered on the fly when - * needed. A locked vault means none can log into the system, hence, the + * needed. A locked vault means no one can log into the system, hence, the * vault needs to be unlocked as part of the server startup ritual. */ mal_export str AUTHunlockVault(const char *password);
--- a/monetdb5/mal/mal_client.c +++ b/monetdb5/mal/mal_client.c @@ -272,12 +272,6 @@ MCinitClientRecord(Client c, oid user, b c->sqlprofiler = 0; c->wlc_kind = 0; c->wlc = NULL; - /* no authentication in embedded mode */ - // if (!GDKembedded()) { - // str msg = AUTHgetUsername(&c->username, c); - // if (msg) /* shouldn't happen */ - // freeException(msg); - // } c->blocksize = BLOCK; c->protocol = PROTOCOL_9;
--- a/monetdb5/modules/mal/Tests/All +++ b/monetdb5/modules/mal/Tests/All @@ -51,9 +51,6 @@ manifoldstr # might show different output if openssl is compiled without full sha2 # support clients-hashes -# shows different output if the password backend is different (or -# monetdb password has been changed), no more getpasswd -# clients-getpasswd #cpustat too system dependent to always run.
deleted file mode 100644 --- a/monetdb5/modules/mal/Tests/clients-getpasswd.maltest +++ /dev/null @@ -1,8 +0,0 @@ -statement ok -p := clients.getPasswordHash("monetdb") - -query T rowsort -io.print(p) ----- -"a73f1d86383446438ac64f56e15ada38b41fbb18f029d2181723aeb2acac6a831f60e5fdbd64ac2c8c70e035dd44cbbe3b45565ef2d58feb2821a2078c7fad35" -
--- a/monetdb5/modules/mal/clients.c +++ b/monetdb5/modules/mal/clients.c @@ -709,25 +709,6 @@ static str CLTbackendsum(str *ret, str * return MAL_SUCCEED; } -// static str CLTaddUser(Client cntxt, MalBlkPtr mb, MalStkPtr stk, InstrPtr pci) { -// oid *ret = getArgReference_oid(stk, pci, 0); -// str *usr = getArgReference_str(stk, pci, 1); -// str *pw = getArgReference_str(stk, pci, 2); -// -// (void)mb; -// -// return AUTHaddUser(ret, cntxt, *usr, *pw); -// } - -// static str CLTremoveUser(Client cntxt, MalBlkPtr mb, MalStkPtr stk, InstrPtr pci) { -// str *usr; -// (void)mb; -// -// usr = getArgReference_str(stk, pci, 1); -// -// return AUTHremoveUser(cntxt, *usr); -// } - static str CLTgetUsername(Client cntxt, MalBlkPtr mb, MalStkPtr stk, InstrPtr pci) { str *ret = getArgReference_str(stk, pci, 0); (void)mb; @@ -744,33 +725,6 @@ static str CLTgetPasswordHash(Client cnt return AUTHgetPasswordHash(ret, cntxt, *user); } -// static str CLTchangeUsername(Client cntxt, MalBlkPtr mb, MalStkPtr stk, InstrPtr pci) { -// str *old = getArgReference_str(stk, pci, 1); -// str *new = getArgReference_str(stk, pci, 2); -// -// (void)mb; -// -// return AUTHchangeUsername(cntxt, *old, *new); -// } - -// static str CLTchangePassword(Client cntxt, MalBlkPtr mb, MalStkPtr stk, InstrPtr pci) { -// str *old = getArgReference_str(stk, pci, 1); -// str *new = getArgReference_str(stk, pci, 2); -// -// (void)mb; -// -// return AUTHchangePassword(cntxt, *old, *new); -// } - -// static str CLTsetPassword(Client cntxt, MalBlkPtr mb, MalStkPtr stk, InstrPtr pci) { -// str *usr = getArgReference_str(stk, pci, 1); -// str *new = getArgReference_str(stk, pci, 2); -// -// (void)mb; -// -// return AUTHsetPassword(cntxt, *usr, *new); -// } - static str CLTcheckPermission(Client cntxt, MalBlkPtr mb, MalStkPtr stk, InstrPtr pci) { str *usr = getArgReference_str(stk, pci, 1); str *pw = getArgReference_str(stk, pci, 2); @@ -788,24 +742,6 @@ static str CLTcheckPermission(Client cnt return msg; } -// static str CLTgetUsers(Client cntxt, MalBlkPtr mb, MalStkPtr stk, InstrPtr pci) { -// bat *ret1 = getArgReference_bat(stk, pci, 0); -// bat *ret2 = getArgReference_bat(stk, pci, 1); -// BAT *uid, *nme; -// str tmp; -// -// (void)mb; -// -// tmp = AUTHgetUsers(&uid, &nme, cntxt); -// if (tmp) -// return tmp; -// *ret1 = uid->batCacheid; -// BBPkeepref(uid); -// *ret2 = nme->batCacheid; -// BBPkeepref(nme); -// return(MAL_SUCCEED); -// } - str CLTshutdown(Client cntxt, MalBlkPtr mb, MalStkPtr stk, InstrPtr pci) { str *ret = getArgReference_str(stk,pci,0); @@ -1033,15 +969,9 @@ mel_func clients_init_funcs[] = { command("clients", "sha2sum", CLTsha2sum, false, "Return hex string representation of the SHA-2 hash with bits of the given string", args(1,3, arg("",str),arg("pw",str),arg("bits",int))), command("clients", "ripemd160sum", CLTripemd160sum, false, "Return hex string representation of the RIPEMD160 hash of the given string", args(1,2, arg("",str),arg("pw",str))), command("clients", "backendsum", CLTbackendsum, false, "Return hex string representation of the currently used hash of the given string", args(1,2, arg("",str),arg("pw",str))), -// pattern("clients", "addUser", CLTaddUser, true, "Allow user with password access to the given scenarios", args(1,3, arg("",oid),arg("nme",str),arg("pw",str))), - // pattern("clients", "removeUser", CLTremoveUser, true, "Remove the given user from the system", args(1,2, arg("",void),arg("nme",str))), pattern("clients", "getUsername", CLTgetUsername, false, "Return the username of the currently logged in user", args(1,1, arg("",str))), pattern("clients", "getPasswordHash", CLTgetPasswordHash, false, "Return the password hash of the given user", args(1,2, arg("",str),arg("user",str))), - // pattern("clients", "changeUsername", CLTchangeUsername, true, "Change the username of the user into the new string", args(1,3, arg("",void),arg("old",str),arg("new",str))), -// pattern("clients", "changePassword", CLTchangePassword, true, "Change the password for the current user", args(1,3, arg("",void),arg("old",str),arg("new",str))), -// pattern("clients", "setPassword", CLTsetPassword, true, "Set the password for the given user", args(1,3, arg("",void),arg("user",str),arg("pass",str))), pattern("clients", "checkPermission", CLTcheckPermission, false, "Check permission for a user, requires hashed password (backendsum)", args(1,3, arg("",void),arg("usr",str),arg("pw",str))), -// pattern("clients", "getUsers", CLTgetUsers, false, "return a BAT with user id and one with name available in the system", args(2,2, batarg("",oid),batarg("",str))), pattern("clients", "current_sessionid", CLTgetSessionID, false, "return current session ID", args(1,1, arg("",int))), { .imp=NULL } };
--- a/sql/backends/monet5/sql.c +++ b/sql/backends/monet5/sql.c @@ -5189,9 +5189,7 @@ static mel_func sql_init_funcs[] = { pattern("sql", "argRecord", SQLargRecord, false, "Glue together the calling sequence", args(1,2, arg("",str),varargany("a",0))), pattern("sql", "sql_variables", sql_variables, false, "return the table with session variables", args(4,4, batarg("sname",str),batarg("name",str),batarg("type",str),batarg("value",str))), pattern("sql", "sessions", sql_sessions_wrap, false, "SQL export table of active sessions, their timeouts and idle status", args(9,9, batarg("id",int),batarg("user",str),batarg("start",timestamp),batarg("idle",timestamp),batarg("optmizer",str),batarg("stimeout",int),batarg("qtimeout",int),batarg("wlimit",int),batarg("mlimit",int))), -//pattern("sql", "db_users", db_users_wrap, false, "return table of users with sql scenario", args(1,1, batarg("",str))), pattern("sql", "password", SQLuser_password, false, "Return password hash of user", args(1,2, arg("",str),arg("user",str))), -//pattern("batsql", "password", db_password_wrap, false, "Return password hash of user", args(1,2, batarg("",str),batarg("user",str))), pattern("sql", "rt_credentials", sql_rt_credentials_wrap, false, "Return the remote table credentials for the given table", args(3,4, batarg("uri",str),batarg("username",str),batarg("hash",str),arg("tablename",str))), pattern("sql", "dump_cache", dump_cache, false, "dump the content of the query cache", args(2,2, batarg("query",str),batarg("count",int))), pattern("sql", "dump_opt_stats", dump_opt_stats, false, "dump the optimizer rewrite statistics", args(2,2, batarg("rewrite",str),batarg("count",int))),
--- a/sql/backends/monet5/sql_user.c +++ b/sql/backends/monet5/sql_user.c @@ -255,8 +255,6 @@ monet5_drop_user(ptr _mvc, str user) sql_schema *sys = find_sql_schema(m->session->tr, "sys"); sql_table *users = find_sql_table(m->session->tr, sys, "db_user_info"); sql_column *users_name = find_sql_column(users, "name"); - // str err; - // Client c = MCgetClient(m->clientid); sqlstore *store = m->session->tr->store; int log_res = LOG_OK; @@ -266,21 +264,6 @@ monet5_drop_user(ptr _mvc, str user) return FALSE; } - // grant_user = c->user; - // c->user = MAL_ADMIN; - // err = AUTHremoveUser(c, user); - // c->user = grant_user; - // if (err !=MAL_SUCCEED) { - // (void) sql_error(m, 02, "DROP USER: %s", getExceptionMessage(err)); - // freeException(err); - // return FALSE; - // } - /* FIXME: We have to ignore this inconsistency here, because the - * user was already removed from the system authorisation. Once - * we have warnings, we could issue a warning about this - * (seemingly) inconsistency between system and sql shadow - * administration. */ - return TRUE; } @@ -484,12 +467,6 @@ monet5_create_user(ptr _mvc, str user, s } } - // TODO don't add user in MAL - /* add the user to the M5 authorisation administration */ - // oid grant_user = c->user; - // c->user = MAL_ADMIN; - // ret = AUTHaddUser(&uid, c, user, pwd); - // c->user = grant_user; if (!enc) free(pwd); return ret; @@ -498,45 +475,13 @@ monet5_create_user(ptr _mvc, str user, s static int monet5_find_user(ptr mp, str user) { - // BAT *uid, *nme; - // BUN p; mvc *m = (mvc *) mp; oid rid = getUserOIDByName(m, user); if (is_oid_nil(rid)) return -1; return rid; - // Client c = MCgetClient(m->clientid); - // str err; - - // if ((err = AUTHgetUsers(&uid, &nme, c)) != MAL_SUCCEED) { - // freeException(err); - // return -1; - // } - // p = BUNfnd(nme, user); - // BBPunfix(uid->batCacheid); - // BBPunfix(nme->batCacheid); - - // /* yeah, I would prefer to return something different too */ - // return (p == BUN_NONE ? -1 : 1); } -// str -// db_users_wrap(Client cntxt, MalBlkPtr mb, MalStkPtr stk, InstrPtr pci) -// { -// bat *r = getArgReference_bat(stk, pci, 0); -// BAT *uid, *nme; -// str err; -// -// (void) mb; -// if ((err = AUTHgetUsers(&uid, &nme, cntxt)) != MAL_SUCCEED) -// return err; -// BBPunfix(uid->batCacheid); -// *r = nme->batCacheid; -// BBPkeepref(nme); -// return MAL_SUCCEED; -// } - - str monet5_password_hash(mvc *m, const char *username) { @@ -552,47 +497,6 @@ monet5_password_hash(mvc *m, const char } GDKfree(password); return hash; - // (void) mb; - - // if (stk->stk[pci->argv[0]].vtype == TYPE_bat) { - // BAT *b = BATdescriptor(*getArgReference_bat(stk, pci, 1)); - // if (b == NULL) - // throw(SQL, "sql.password", SQLSTATE(HY002) RUNTIME_OBJECT_MISSING); - // BAT *bn = COLnew(b->hseqbase, TYPE_str, BATcount(b), TRANSIENT); - // if (bn == NULL) { - // BBPunfix(b->batCacheid); - // throw(SQL, "sql.password", SQLSTATE(HY013) MAL_MALLOC_FAIL); - // } - // BATiter bi = bat_iterator(b); - // BUN p, q; - // BATloop(b, p, q) { - // char *hash, *msg; - // msg = AUTHgetPasswordHash(&hash, cntxt, BUNtvar(bi, p)); - // if (msg != MAL_SUCCEED) { - // bat_iterator_end(&bi); - // BBPunfix(b->batCacheid); - // BBPreclaim(bn); - // return msg; - // } - // if (BUNappend(bn, hash, false) != GDK_SUCCEED) { - // bat_iterator_end(&bi); - // BBPunfix(b->batCacheid); - // BBPreclaim(bn); - // GDKfree(hash); - // throw(SQL, "sql.password", SQLSTATE(HY013) MAL_MALLOC_FAIL); - // } - // GDKfree(hash); - // } - // bat_iterator_end(&bi); - // BBPunfix(b->batCacheid); - // BBPkeepref(bn); - // *getArgReference_bat(stk, pci, 0) = bn->batCacheid; - // return MAL_SUCCEED; - // } - // str *hash = getArgReference_str(stk, pci, 0); - // str *user = getArgReference_str(stk, pci, 1); - - // return AUTHgetPasswordHash(hash, cntxt, *user); } static void @@ -814,8 +718,6 @@ static int monet5_rename_user(ptr _mvc, str olduser, str newuser) { mvc *m = (mvc *) _mvc; - // Client c = MCgetClient(m->clientid); - // str err; oid rid; sql_schema *sys = find_sql_schema(m->session->tr, "sys"); sql_table *info = find_sql_table(m->session->tr, sys, "db_user_info"); @@ -824,12 +726,6 @@ monet5_rename_user(ptr _mvc, str olduser sql_column *auths_name = find_sql_column(auths, "name"); int res = LOG_OK; - // if ((err = AUTHchangeUsername(c, olduser, newuser)) != MAL_SUCCEED) { - // (void) sql_error(m, 02, "ALTER USER: %s", getExceptionMessage(err)); - // freeException(err); - // return (FALSE); - // } - sqlstore *store = m->session->tr->store; rid = store->table_api.column_find_row(m->session->tr, users_name, olduser, NULL); if (is_oid_nil(rid)) {
--- a/sql/backends/monet5/sql_user.h +++ b/sql/backends/monet5/sql_user.h @@ -14,7 +14,6 @@ extern void monet5_user_init(backend_fun extern int monet5_user_set_def_schema(mvc *m, oid user /* mal user id */); extern int monet5_user_get_def_schema(mvc *m, int user /* sql user id */, str *schema); -// extern str db_users_wrap(Client cntxt, MalBlkPtr mb, MalStkPtr stk, InstrPtr pci); extern str monet5_password_hash(mvc *m, const char *username); #endif /* _SQL_USER_H_ */