MonetDB: Jan2014 - AUTHinitTables: allow passing a password for ...

Sjoerd Mullender sjoerd at monetdb.org
Mon Feb 17 08:18:35 CET 2014


Fabian, this reeks of a forbidden ABI change.

On 2014-02-16 22:36, Fabian Groffen wrote:
> Changeset: 8f6aa798f4c5 for MonetDB
> URL: http://dev.monetdb.org/hg/MonetDB?cmd=changeset;node=8f6aa798f4c5
> Modified Files:
> 	clients/Tests/exports.stable.out
> 	monetdb5/mal/mal_authorize.c
> 	monetdb5/mal/mal_authorize.h
> Branch: Jan2014
> Log Message:
> 
> AUTHinitTables: allow passing a password for monetdb user
> 
> This allows to securely setup a new database.
> 
> 
> diffs (62 lines):
> 
> diff --git a/clients/Tests/exports.stable.out b/clients/Tests/exports.stable.out
> --- a/clients/Tests/exports.stable.out
> +++ b/clients/Tests/exports.stable.out
> @@ -881,7 +881,7 @@ str AUTHcheckCredentials(oid *ret, Clien
>  str AUTHgetPasswordHash(str *ret, Client *c, str *username);
>  str AUTHgetUsername(str *ret, Client *c);
>  str AUTHgetUsers(BAT **ret, Client *c);
> -str AUTHinitTables(void);
> +str AUTHinitTables(str *passwd);
>  str AUTHremoveUser(Client *c, str *username);
>  str AUTHrequireAdmin(Client *c);
>  str AUTHresolveUser(str *ret, oid *uid);
> diff --git a/monetdb5/mal/mal_authorize.c b/monetdb5/mal/mal_authorize.c
> --- a/monetdb5/mal/mal_authorize.c
> +++ b/monetdb5/mal/mal_authorize.c
> @@ -112,12 +112,13 @@ AUTHcommit(void)
>   * Localize the authorization tables in the database.  The authorization
>   * tables are a set of aligned BATs that store username, password (hashed)
>   * and scenario permissions.
> - * If the BATs do not exist, they are created, and the monetdb/monetdb
> - * administrator account is added.  Initialising the authorization tables
> - * can only be done after the GDK kernel has been initialized.
> + * If the BATs do not exist, they are created, and the monetdb
> + * administrator account is added with the given password (or 'monetdb'
> + * if NULL).  Initialising the authorization tables can only be done
> + * after the GDK kernel has been initialized.
>   */
>  str
> -AUTHinitTables(void) {
> +AUTHinitTables(str *passwd) {
>  	bat bid;
>  	BAT *b;
>  	int isNew = 1;
> @@ -168,12 +169,13 @@ AUTHinitTables(void) {
>  		/* insert the monetdb/monetdb administrator account on a
>  		 * complete fresh and new auth tables system */
>  		str user = "monetdb";
> -		str pw; /* will become the right hash for "monetdb" */
> -		int len = (int) strlen(user);
> +		str pw = "monetdb";
>  		oid uid;
>  		Client c = &mal_clients[0];
>  
> -		pw = mcrypt_BackendSum(user /* because user == pass */, len);
> +		if (passwd != NULL && *passwd != NULL)
> +			pw = *passwd;
> +		pw = mcrypt_BackendSum(pw, strlen(pw));
>  		msg = AUTHaddUser(&uid, &c, &user, &pw);
>  		free(pw);
>  		if (msg)
> diff --git a/monetdb5/mal/mal_authorize.h b/monetdb5/mal/mal_authorize.h
> --- a/monetdb5/mal/mal_authorize.h
> +++ b/monetdb5/mal/mal_authorize.h
> @@ -38,7 +38,7 @@ mal_export str AUTHgetUsers(BAT **ret, C
>  mal_export str AUTHgetPasswordHash(str *ret, Client *c, str *username);
>  
>  mal_export str AUTHrequireAdmin(Client *c);
> -mal_export str AUTHinitTables(void);
> +mal_export str AUTHinitTables(str *passwd);
>  
>  
>  /*
> _______________________________________________
> checkin-list mailing list
> checkin-list at monetdb.org
> https://www.monetdb.org/mailman/listinfo/checkin-list
> 

-- 
Sjoerd Mullender

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 356 bytes
Desc: OpenPGP digital signature
URL: <http://www.monetdb.org/pipermail/developers-list/attachments/20140217/820ffb84/attachment.sig>


More information about the developers-list mailing list