Changeset: 537e1e4b6392 for MonetDB
URL: http://dev.monetdb.org/hg/MonetDB?cmd=changeset;node=537e1e4b6392
Modified Files:
monetdb5/mal/Tests/tst830.mal
monetdb5/mal/Tests/tst830.stable.out
monetdb5/mal/mal_authorize.c
monetdb5/mal/mal_authorize.h
monetdb5/mal/mal_session.c
monetdb5/modules/mal/clients.mx
sql/backends/monet5/sql_user.c
Branch: default
Log Message:
libmonetdb5: ABI break on removal of scenarios from mal_authorize
Remove scenarios for real after commit 2b8f97996dca.
This commit breaks the ABI of libmonetdb5!
The ABI break is ok, since remote already got a signature change.
diffs (truncated from 518 to 300 lines):
diff --git a/monetdb5/mal/Tests/tst830.mal b/monetdb5/mal/Tests/tst830.mal
--- a/monetdb5/mal/Tests/tst830.mal
+++ b/monetdb5/mal/Tests/tst830.mal
@@ -1,60 +1,31 @@
# a simple functional test for the access control table
- scens := bat.new(:str, :oid);
- bat.insert(scens, "sql", nil:oid);
- bat.insert(scens, "mal", nil:oid);
-
# this should fail, the monetdb user is already there
pw := clients.backendsum("Pmonetdb");
- id := clients.addUser("monetdb", pw, scens);
+ id := clients.addUser("monetdb", pw);
catch MALException:str;
io.printf("%s\n",MALException);
exit MALException;
# should print 1@0 or something
- id := clients.addUser("test", pw, scens);
+ id := clients.addUser("test", pw);
io.print(id);
# this should work also
- # don't use nil:bat[:str, :oid] here, it results in a crash
- t := bat.new(:str, :oid);
- id := clients.addUser("checkpoint", pw, t);
+ id := clients.addUser("checkpoint", pw);
io.print(id);
# do a simple listing of users known
- u := clients.getUsers(t);
- io.print(u);
- bat.insert(t, "mal", nil:oid);
- bat.insert(t, "sql", nil:oid);
- u := clients.getUsers(t);
+ u := clients.getUsers();
io.print(u);
# should work, we're the admin here
clients.removeUser("checkpoint");
# do a simple listing of users known
- u := clients.getUsers(t);
+ u := clients.getUsers();
io.print(u);
- # just remove the scenarios one by one, should work
- clients.removeScenario("test", "mal");
- clients.removeScenario("test", "sql");
- # this one should fail: it's not there
- clients.removeScenario("test", "mil");
-catch MALException:str;
- io.printf("%s\n",MALException);
- MALException:= nil:str;
-exit MALException;
-
- # and add a scenario again
- clients.addScenario("test", "mal");
- # do it again, see what happens (should fail)
- clients.addScenario("test", "mal");
-catch MALException:str;
- io.printf("%s\n",MALException);
- MALException:= nil:str;
-exit MALException;
-
# forcefully set the password of the user test
clients.setPassword("test", pw);
# now try to set the password for ourself, should fail
@@ -74,23 +45,18 @@ catch InvalidCredentialsException:str;
exit InvalidCredentialsException;
# all should fail
- clients.checkPermission("monetdb","Pmonetdb","sql");
+ clients.checkPermission("monetdb","Pmonetdb");
catch InvalidCredentialsException:str;
io.printf("%s\n",InvalidCredentialsException);
InvalidCredentialsException:= nil:str;
exit InvalidCredentialsException;
- clients.checkPermission("monetdb","x","sql");
+ clients.checkPermission("monetdb","x");
catch InvalidCredentialsException:str;
io.printf("%s\n",InvalidCredentialsException);
InvalidCredentialsException:= nil:str;
exit InvalidCredentialsException;
- clients.checkPermission("monetdb","Pmonetdb","x");
+ clients.checkPermission("x","Pmonetdb");
catch InvalidCredentialsException:str;
io.printf("%s\n",InvalidCredentialsException);
InvalidCredentialsException:= nil:str;
exit InvalidCredentialsException;
- clients.checkPermission("x","Pmonetdb","sql");
-catch InvalidCredentialsException:str;
- io.printf("%s\n",InvalidCredentialsException);
- InvalidCredentialsException:= nil:str;
-exit InvalidCredentialsException;
diff --git a/monetdb5/mal/Tests/tst830.stable.out
b/monetdb5/mal/Tests/tst830.stable.out
--- a/monetdb5/mal/Tests/tst830.stable.out
+++ b/monetdb5/mal/Tests/tst830.stable.out
@@ -14,52 +14,26 @@ stdout of test 'tst830` in directory 'ma
# Listening for connection requests on mapi:monetdb://eir.ins.cwi.nl:35798/
function user.main():void;
# a simple functional test for the access control table
- scens := bat.new(:str,:oid);
- bat.insert(scens,"sql",nil:oid);
- bat.insert(scens,"mal",nil:oid);
# this should fail, the monetdb user is already there
pw := clients.backendsum("Pmonetdb");
- id := clients.addUser("monetdb",pw,scens);
+ id := clients.addUser("monetdb",pw);
catch MALException:str ;
io.printf("%s\n",MALException);
exit MALException:str ;
# should print 1@0 or something
- id := clients.addUser("test",pw,scens);
+ id := clients.addUser("test",pw);
io.print(id);
# this should work also
-# don't use nil:bat[:str, :oid] here, it results in a crash
- t := bat.new(:str,:oid);
- id := clients.addUser("checkpoint",pw,t);
+ id := clients.addUser("checkpoint",pw);
io.print(id);
# do a simple listing of users known
- u := clients.getUsers(t);
- io.print(u);
- bat.insert(t,"mal",nil:oid);
- bat.insert(t,"sql",nil:oid);
- u := clients.getUsers(t);
+ u := clients.getUsers();
io.print(u);
# should work, we're the admin here
clients.removeUser("checkpoint");
# do a simple listing of users known
- u := clients.getUsers(t);
+ u := clients.getUsers();
io.print(u);
-# just remove the scenarios one by one, should work
- clients.removeScenario("test","mal");
- clients.removeScenario("test","sql");
-# this one should fail: it's not there
- clients.removeScenario("test","mil");
-catch MALException:str ;
- io.printf("%s\n",MALException);
- MALException:str := nil:str;
-exit MALException:str ;
-# and add a scenario again
- clients.addScenario("test","mal");
-# do it again, see what happens (should fail)
- clients.addScenario("test","mal");
-catch MALException:str ;
- io.printf("%s\n",MALException);
- MALException:str := nil:str;
-exit MALException:str ;
# forcefully set the password of the user test
clients.setPassword("test",pw);
# now try to set the password for ourself, should fail
@@ -77,22 +51,17 @@ catch InvalidCredentialsException:str ;
InvalidCredentialsException:str := nil:str;
exit InvalidCredentialsException:str ;
# all should fail
- clients.checkPermission("monetdb","Pmonetdb","sql");
+ clients.checkPermission("monetdb","Pmonetdb");
catch InvalidCredentialsException:str ;
io.printf("%s\n",InvalidCredentialsException);
InvalidCredentialsException:str := nil:str;
exit InvalidCredentialsException:str ;
- clients.checkPermission("monetdb","x","sql");
+ clients.checkPermission("monetdb","x");
catch InvalidCredentialsException:str ;
io.printf("%s\n",InvalidCredentialsException);
InvalidCredentialsException:str := nil:str;
exit InvalidCredentialsException:str ;
- clients.checkPermission("monetdb","Pmonetdb","x");
-catch InvalidCredentialsException:str ;
- io.printf("%s\n",InvalidCredentialsException);
- InvalidCredentialsException:str := nil:str;
-exit InvalidCredentialsException:str ;
- clients.checkPermission("x","Pmonetdb","sql");
+ clients.checkPermission("x","Pmonetdb");
catch InvalidCredentialsException:str ;
io.printf("%s\n",InvalidCredentialsException);
InvalidCredentialsException:str := nil:str;
@@ -114,20 +83,10 @@ MALException:addUser:user 'monetdb' alre
#-------------------------#
[ 0@0, "monetdb" ]
[ 1@0, "test" ]
-[ 2@0, "checkpoint" ]
-#-------------------------#
-# h t # name
-# oid str # type
-#-------------------------#
-[ 0@0, "monetdb" ]
-[ 1@0, "test" ]
-MALException:removeScenario:scenario-based authorisation is no longer supported
-MALException:addScenario:scenario-based authorisation is no longer supported
InvalidCredentialsException:setPassword:The administrator cannot set its own
password, use changePassword instead
InvalidCredentialsException:changePassword:Access denied
InvalidCredentialsException:checkCredentials:invalid credentials for user
'monetdb'
InvalidCredentialsException:checkCredentials:invalid credentials for user
'monetdb'
-InvalidCredentialsException:checkCredentials:invalid credentials for user
'monetdb'
InvalidCredentialsException:checkCredentials:invalid credentials for user 'x'
# 08:49:53 >
diff --git a/monetdb5/mal/mal_authorize.c b/monetdb5/mal/mal_authorize.c
--- a/monetdb5/mal/mal_authorize.c
+++ b/monetdb5/mal/mal_authorize.c
@@ -175,12 +175,11 @@ AUTHinitTables(void) {
str user = "monetdb";
str pw; /* will become the right hash for "monetdb" */
int len = (int) strlen(user);
- bat b = 0;
oid uid;
Client c = &mal_clients[0];
pw = mcrypt_BackendSum(user /* because user == pass */, len);
- msg = AUTHaddUser(&uid, &c, &user, &pw, &b);
+ msg = AUTHaddUser(&uid, &c, &user, &pw);
free(pw);
if (msg)
return msg;
@@ -195,8 +194,6 @@ AUTHinitTables(void) {
/**
* Checks the credentials supplied and throws an exception if invalid.
* The user id of the authenticated user is returned upon success.
- * The scenario argument is ignored and should be removed on the next
- * ABI bump.
*/
str
AUTHcheckCredentials(
@@ -205,8 +202,7 @@ AUTHcheckCredentials(
str *username,
str *passwd,
str *challenge,
- str *algo,
- str *scenario)
+ str *algo)
{
str tmp;
str pwd = NULL;
@@ -257,20 +253,16 @@ AUTHcheckCredentials(
}
free(hash);
- /* scenario restrictions are legacy from the past, we don't check
- * this any more, so all is good */
- (void)scenario;
*uid = *id;
return(MAL_SUCCEED);
}
/**
- * Adds the given user with password to the administration. The scens
- * BAT is ignored, and should be removed on the next ABI bump. The
+ * Adds the given user with password to the administration. The
* return value of this function is the user id of the added user.
*/
str
-AUTHaddUser(oid *uid, Client *c, str *username, str *passwd, bat *scenarios) {
+AUTHaddUser(oid *uid, Client *c, str *username, str *passwd) {
BUN p;
oid *id;
str tmp;
@@ -305,9 +297,6 @@ AUTHaddUser(oid *uid, Client *c, str *us
useri = bat_iterator(user);
id = (oid*)(BUNhead(useri, p));
- /* scenarios are no longer checked */
- (void)scenarios;
-
/* make the stuff persistent */
AUTHcommit();
@@ -505,32 +494,6 @@ AUTHsetPassword(Client *c, str *username
}
/**
- * Obsolete function. Retained for ABI compatibility. Should be
- * removed with next ABI bump.
- */
-str
-AUTHaddScenario(Client *c, str *username, str *scenario) {
- (void)c;
- (void)username;
- (void)scenario;
-
- throw(MAL, "addScenario", "scenario-based authorisation is no longer
supported");
-}
-
-/**
- * Obsolete function. Retained for ABI compatibility. Should be
- * removed with next ABI bump.
- */
-str
-AUTHremoveScenario(Client *c, str *username, str *scenario) {
- (void)c;
- (void)username;
- (void)scenario;
-
- throw(MAL, "removeScenario", "scenario-based authorisation is no longer
supported");
_______________________________________________
Checkin-list mailing list
[email protected]
http://mail.monetdb.org/mailman/listinfo/checkin-list
