MonetDB: Jan2014 - monetdb: allow databases to be created with a...

Stefan Manegold Stefan.Manegold at cwi.nl
Mon Feb 17 09:33:40 CET 2014


Fabian,

when configured with --enable-strict, this fail to compile on my Fedora 20 desktop:

.../MonetDB/tools/merovingian/daemon/controlrunner.c: In function ‘ctl_handle_client’:
.../MonetDB/tools/merovingian/daemon/controlrunner.c:387:13: error: ignoring return value of ‘chdir’, declared with attribute warn_unused_result [-Werror=unused-result]
        chdir(q);
             ^
cc1: all warnings being treated as errors

I could not fix it quickly (i.e., checking and handling the return value of chdir()),
as I could not quickly grasp how to do proper error/exception handling in this case ...

Would be great, if you could have a look at it.

Thanks!
Stefan


----- Original Message -----
> Changeset: 6177dd32ac5d for MonetDB
> URL: http://dev.monetdb.org/hg/MonetDB?cmd=changeset;node=6177dd32ac5d
> Modified Files:
> 	tools/merovingian/ChangeLog.Jan2014
> 	tools/merovingian/client/monetdb.1
> 	tools/merovingian/client/monetdb.c
> 	tools/merovingian/daemon/Makefile.ag
> 	tools/merovingian/daemon/controlrunner.c
> Branch: Jan2014
> Log Message:
> 
> monetdb: allow databases to be created with a password for monetdb user
> 
> Creating a database with a custom password for the monetdb user makes it
> safer than when created with default/well-known credentials, hence it is
> not necessary to lock the database after creation.
> 
> 
> diffs (190 lines):
> 
> diff --git a/tools/merovingian/ChangeLog.Jan2014
> b/tools/merovingian/ChangeLog.Jan2014
> --- a/tools/merovingian/ChangeLog.Jan2014
> +++ b/tools/merovingian/ChangeLog.Jan2014
> @@ -2,5 +2,7 @@
>  # This file is updated with mchangelog
>  
>  * Sun Feb 16 2014 Fabian Groffen <fabian at monetdb.org>
> +- monetdb create: add -p flag to set monetdb user password on creation,
> +  and therefore allow creating the database in unlocked state
>  - monetdb destroy -f now also works on running databases
>  
> diff --git a/tools/merovingian/client/monetdb.1
> b/tools/merovingian/client/monetdb.1
> --- a/tools/merovingian/client/monetdb.1
> +++ b/tools/merovingian/client/monetdb.1
> @@ -52,12 +52,14 @@ stopping a database inside the MonetDB D
>  For all commands, database arguments can be glob-like expressions.
>  This allows to do wildcard matches.  For details on the syntax, see
>  .IR EXPRESSIONS .
> -.IP "create [\-m pattern] database [database ...]"
> +.IP "create [\-m pattern] [\-p password] database [database ...]"
>  Initialises a new database in the MonetDB Database Server.  A database
>  created with this command makes it available under its database name,
>  but not yet for use by clients, as the database is put into maintenance
>  mode.  This allows the database administrator to perform initialisation
> -steps before releasing it to users.  See also
> +steps before releasing it to users, unless the
> +.I \-p
> +argument is supplied.  See also
>  .BR "monetdb lock" .
>  The name of the database must match the expression [A\-Za\-z0\-9\-_]+.
>  .IP "  \-m pattern"
> @@ -74,6 +76,14 @@ or discovery.  Each parallel target for
>  sequence, separated by commas.  Here the pattern is an ordinary pattern
>  as would be used for connecting to a database, and can hence also be
>  just the name of a database.
> +.IP "  \-p password"
> +The
> +.I \-p
> +flag allows to create a database with the given password for the monetdb
> +user.  Since this protects the database from being accessed via
> +well-known credentials, the created database is not locked after
> +creation.  This way, a new database can be created and used right away
> +using the password supplied.
>  .IP "destroy [\-f] database [database ...]"
>  Removes the given database, including all its data and logfiles.  Once
>  destroy has completed, all data is lost.  Be careful when using this
> diff --git a/tools/merovingian/client/monetdb.c
> b/tools/merovingian/client/monetdb.c
> --- a/tools/merovingian/client/monetdb.c
> +++ b/tools/merovingian/client/monetdb.c
> @@ -1435,6 +1435,7 @@ command_create(int argc, char *argv[])
>  {
>  	int i;
>  	char *mfunnel = NULL;
> +	char *password = NULL;
>  	sabdb *orig = NULL;
>  	sabdb *stats = NULL;
>  
> @@ -1464,6 +1465,19 @@ command_create(int argc, char *argv[])
>  					command_help(2, &argv[-1]);
>  					exit(1);
>  				}
> +			} else if (argv[i][1] == 'p') {
> +				if (argv[i][2] != '\0') {
> +					password = &argv[i][2];
> +					argv[i] = NULL;
> +				} else if (i + 1 < argc && argv[i + 1][0] != '-') {
> +					argv[i] = NULL;
> +					password = argv[++i];
> +					argv[i] = NULL;
> +				} else {
> +					fprintf(stderr, "create: -p needs an argument\n");
> +					command_help(2, &argv[-1]);
> +					exit(1);
> +				}
>  			} else {
>  				fprintf(stderr, "create: unknown option: %s\n", argv[i]);
>  				command_help(argc + 1, &argv[-1]);
> @@ -1492,6 +1506,13 @@ command_create(int argc, char *argv[])
>  		simple_argv_cmd(argv[0], orig, cmd,
>  				"created multiplex-funnel in maintenance mode", NULL);
>  		free(cmd);
> +	} else if (password != NULL) {
> +		size_t len = strlen("create password=") + strlen(password) + 1;
> +		char *cmd = malloc(len);
> +		snprintf(cmd, len, "create password=%s", password);
> +		simple_argv_cmd(argv[0], orig, cmd,
> +				"created database with password for monetdb user", NULL);
> +		free(cmd);
>  	} else {
>  		simple_argv_cmd(argv[0], orig, "create",
>  				"created database in maintenance mode", NULL);
> diff --git a/tools/merovingian/daemon/Makefile.ag
> b/tools/merovingian/daemon/Makefile.ag
> --- a/tools/merovingian/daemon/Makefile.ag
> +++ b/tools/merovingian/daemon/Makefile.ag
> @@ -27,7 +27,10 @@ monetdb_var_dbfarm_DATA = .merovingian_p
>  INCLUDES = .. \
>  		   ../../../common/stream \
>  		   ../../../common/utils \
> +		   ../../../common/options \
>  		   ../../../clients/mapilib \
> +		   ../../../gdk \
> +		   ../../../monetdb5/mal \
>  		   $(MSGCONTROL_FLAGS)
>  
>  EXTRA_DIST = $(man_MANS) .merovingian_properties
> @@ -54,6 +57,8 @@ bin_monetdbd = {
>  		   ../../../common/utils/libmsabaoth \
>  		   ../../../common/utils/libmuuid \
>  		   ../../../common/utils/libmutils \
> +		   ../../../monetdb5/tools/libmonetdb5 \
> +		   ../../../gdk/libbat \
>  		   $(UUID_LIBS) \
>  		   $(curl_LIBS) \
>  		   $(SOCKET_LIBS) \
> diff --git a/tools/merovingian/daemon/controlrunner.c
> b/tools/merovingian/daemon/controlrunner.c
> --- a/tools/merovingian/daemon/controlrunner.c
> +++ b/tools/merovingian/daemon/controlrunner.c
> @@ -40,6 +40,10 @@
>  #include <utils/database.h>
>  #include <utils/control.h>
>  
> +#include "gdk.h"  /* these three for creation of dbs with password */
> +#include "gdk_private.h"
> +#include "mal_authorize.h"
> +
>  #include "merovingian.h"
>  #include "discoveryrunner.h" /* broadcast, remotedb */
>  #include "forkmserver.h"
> @@ -353,8 +357,15 @@ static void ctl_handle_client(
>  							"database is not running: %s\n", q);
>  					send_client("!");
>  				}
> -			} else if (strcmp(p, "create") == 0) {
> -				err e = db_create(q);
> +			} else if (strcmp(p, "create") == 0 ||
> +					strncmp(p, "create password=", strlen("create password=")) == 0) {
> +				err e;
> +
> +				p += strlen("create");
> +				if (*p == ' ')
> +					p += strlen(" password=");
> +
> +				e = db_create(q);
>  				if (e != NO_ERR) {
>  					Mfprintf(_mero_ctlerr, "%s: failed to create "
>  							"database '%s': %s\n", origin, q, getErrMsg(e));
> @@ -363,6 +374,43 @@ static void ctl_handle_client(
>  					send_client("!");
>  					free(e);
>  				} else {
> +					if (*p != '\0') {
> +						pid_t child;
> +						if ((child = fork()) == 0) {
> +							FILE *secretf;
> +							size_t len;
> +							char *err;
> +							char *vaultkey;
> +
> +							/* the child, pollute scope by loading BBP */
> +							chdir(q);
> +
> +							buf2[0] = '\0';
> +							if ((secretf = fopen(".vaultkey", "r")) != NULL) {
> +								len = fread(buf2, 1, sizeof(buf2), secretf);
> +								buf2[len] = '\0';
> +								len = strlen(buf2); /* secret can contain null-bytes */
> +								fclose(secretf);
> +							}
> +							BBPinit();
> +							vaultkey = buf2;
> +							AUTHunlockVault(&vaultkey);
> +							err = AUTHinitTables(&p);
> +							if (err != NULL) {
> +								Mfprintf(_mero_ctlerr, "%s: could not setup "
> +										"database '%s': %s\n", origin, q, err);
> +							} else {
> +								/* don't start locked */
> +								unlink(".maintenance");
> +							}
> +
> +							exit(0); /* return to the parent */
> +						} else {
> +							/* wait for the child to finish */
> +							waitpid(child, NULL, 0);
> +						}
> +					}
> +
>  					Mfprintf(_mero_ctlout, "%s: created database '%s'\n",
>  							origin, q);
>  					len = snprintf(buf2, sizeof(buf2), "OK\n");
> _______________________________________________
> checkin-list mailing list
> checkin-list at monetdb.org
> https://www.monetdb.org/mailman/listinfo/checkin-list
> 

-- 
| Stefan.Manegold at CWI.nl | DB Architectures   (DA) |
| www.CWI.nl/~manegold/  | Science Park 123 (L321) |
| +31 (0)20 592-4212     | 1098 XG Amsterdam  (NL) |




More information about the developers-list mailing list