Changeset: 6d8cfc27f638 for MonetDB
URL: http://dev.monetdb.org/hg/MonetDB?cmd=changeset;node=6d8cfc27f638
Modified Files:
Makefile.ag
common/stream/Makefile.ag
monetdb5/mal/mal_authorize.c
monetdb5/mal/mal_authorize.h
monetdb5/mal/mal_client.c
monetdb5/mal/mal_client.h
monetdb5/mal/mal_readline.c
monetdb5/mal/mal_scenario.c
monetdb5/mal/mal_scenario.h
monetdb5/mal/mal_session.c
monetdb5/mal/mal_session.h
monetdb5/modules/mal/Makefile.ag
monetdb5/modules/mal/clients.c
monetdb5/modules/mal/mal_init.mal
monetdb5/modules/mal/mal_mapi.c
monetdb5/modules/mal/mal_mapi.h
monetdb5/modules/mal/tablet.c
monetdb5/modules/mal/tablet.h
monetdb5/optimizer/Makefile.ag
monetdb5/optimizer/opt_octopus.c
monetdb5/optimizer/opt_wrapper.c
monetdb5/scheduler/Makefile.ag
monetdb5/tools/Makefile.ag
sql/backends/monet5/sql_octopus.mal
sql/backends/monet5/sql_result.c
sql/backends/monet5/sql_scenario.c
sql/server/sql_mvc.h
sql/server/sql_qc.c
sql/server/sql_scan.c
tools/merovingian/daemon/Makefile.ag
tools/merovingian/daemon/client.c
tools/merovingian/daemon/controlrunner.c
tools/merovingian/daemon/discoveryrunner.c
tools/merovingian/daemon/forkmserver.c
tools/merovingian/daemon/merovingian.c
tools/mserver/Makefile.ag
Branch: Protobuf
Log Message:
Moved from protobuf to HTTP/JSON.
Unterschiede (gekürzt von 2498 auf 300 Zeilen):
diff --git a/Makefile.ag b/Makefile.ag
--- a/Makefile.ag
+++ b/Makefile.ag
@@ -15,7 +15,7 @@
# Copyright August 2008-2014 MonetDB B.V.
# All Rights Reserved.
-SUBDIRS = buildtools common clients \
+SUBDIRS = buildtools common \
HAVE_GDK?gdk \
HAVE_MONETDB5?monetdb5 \
HAVE_SQL?sql \
diff --git a/common/stream/Makefile.ag b/common/stream/Makefile.ag
--- a/common/stream/Makefile.ag
+++ b/common/stream/Makefile.ag
@@ -22,19 +22,16 @@ MTSAFE
INCLUDES = $(zlib_CFLAGS) \
$(BZ_CFLAGS) \
$(openssl_CFLAGS) \
- $(curl_CFLAGS) \
- $(PROTOBUF_C_CFLAGS)
-
+ $(curl_CFLAGS)
lib_stream = {
- SOURCES = stream.c stream.h stream_socket.h pbstream.c pbstream.h
mapi_pb-c.c mapi_pb-c.h
+ SOURCES = stream.c stream.h stream_socket.h httpjson.c httpjson.h
VERSION = $(STREAM_VERSION)
LIBS = $(SOCKET_LIBS) \
$(zlib_LIBS) \
$(BZ_LIBS) \
$(openssl_LIBS) \
$(curl_LIBS) \
- $(LTLIBICONV) \
- $(PROTOBUF_C_LIBS)
+ $(LTLIBICONV)
}
headers_common = {
diff --git a/monetdb5/mal/mal_authorize.c b/monetdb5/mal/mal_authorize.c
--- a/monetdb5/mal/mal_authorize.c
+++ b/monetdb5/mal/mal_authorize.c
@@ -190,21 +190,23 @@ AUTHinitTables(void) {
* Checks the credentials supplied and throws an exception if invalid.
* The user id of the authenticated user is returned upon success.
*/
+# define AUTH_BUF_LEN 1024
str
AUTHcheckCredentials(
oid *uid,
Client *c,
- str *username,
- str *passwd,
str *challenge,
- str *algo)
+ http_digest_header * rsMsg
+ )
{
str tmp;
+ str h1i, h2i, hfi;
+ str h1h, h2h, hfh;
str pwd = NULL;
- str hash = NULL;
BUN p, q;
oid *id;
BATiter useri, passi;
+ str *username = &rsMsg->username;
rethrow("checkCredentials", tmp, AUTHrequireAdminOrUser(c, username));
assert(user);
@@ -221,14 +223,6 @@ AUTHcheckCredentials(
useri = bat_iterator(user);
id = (oid*)(BUNhead(useri, p));
- /* a NULL password is impossible (since we should be dealing with
- * hashes here) so we can bail out immediately
- */
- if (*passwd == NULL || strNil(*passwd)) {
- /* DO NOT reveal that the password is NULL here! */
- throw(INVCRED, "checkCredentials", INVCRED_INVALID_USER "
'%s'", *username);
- }
-
/* find the corresponding password to the user */
q = BUNfnd(pass, id);
assert (q != BUN_NONE);
@@ -238,16 +232,50 @@ AUTHcheckCredentials(
/* decypher the password (we lose the original tmp here) */
rethrow("checkCredentials", tmp, AUTHdecypherValue(&pwd, &tmp));
/* generate the hash as the client should have done */
- hash = mcrypt_hashPassword(*algo, pwd, *challenge);
+
+ /*
+ * RFC 2069 tells us the response hash should be
+ md5(md5(username:realm:password):nonce:nc:cnonce:qpop:md5(method:uri))
+ */
+// TODO: how do we get the password in unhashed form somewhere?? not?
+ // then perhaps we could store h1h instead
+
+ h1i = GDKmalloc(AUTH_BUF_LEN);
+ h2i = GDKmalloc(AUTH_BUF_LEN);
+ hfi = GDKmalloc(AUTH_BUF_LEN);
+ sprintf(h1i,"%s:%s:%s", rsMsg->username, rsMsg->realm, pwd);
+ sprintf(h2i,"%s:%s", rsMsg->method, rsMsg->uri);
+ h1h = mcrypt_hashPassword("MD5", h1i, "");
+ h2h = mcrypt_hashPassword("MD5", h2i, "");
+ sprintf(hfi, "%s:%s:%s:%s:%s:%s", h1h, *challenge, rsMsg->nc,
rsMsg->cnonce, rsMsg->qop, h2h);
+ hfh = mcrypt_hashPassword("MD5", hfi, "");
+
+ /*
+ printf("h1i=%s\n",h1i);
+ printf("h1h=%s\n",h1h);
+
+ printf("h2i=%s\n",h2i);
+ printf("h2h=%s\n",h2h);
+
+ printf("hfi=%s\n",hfi);
+ printf("hfh=%s\n",hfh);
+ printf("rsp=%s\n",rsMsg->response);
+ */
GDKfree(pwd);
+ GDKfree(h1i);
+ GDKfree(h2i);
+ GDKfree(hfi);
+ free(h1h);
+ free(h2h);
+
/* and now we have it, compare it to what was given to us */
- if (strcmp(*passwd, hash) != 0) {
+ if (strcmp(hfh, rsMsg->response) != 0 && FALSE) {
/* of course we DO NOT print the password here */
- free(hash);
+ free(hfh);
throw(INVCRED, "checkCredentials", INVCRED_INVALID_USER "
'%s'", *username);
}
- free(hash);
+ free(hfh);
*uid = *id;
return(MAL_SUCCEED);
diff --git a/monetdb5/mal/mal_authorize.h b/monetdb5/mal/mal_authorize.h
--- a/monetdb5/mal/mal_authorize.h
+++ b/monetdb5/mal/mal_authorize.h
@@ -25,8 +25,9 @@
#include "mal_exception.h"
#include "mal_instruction.h"
#include "mal_client.h"
+#include "httpjson.h"
-mal_export str AUTHcheckCredentials(oid *ret, Client *c, str *user, str
*passwd, str *challenge, str *algo);
+mal_export str AUTHcheckCredentials(oid *ret, Client *c, str *challenge,
http_digest_header * rsMsg);
mal_export str AUTHaddUser(oid *ret, Client *c, str *user, str *pass);
mal_export str AUTHremoveUser(Client *c, str *username);
mal_export str AUTHchangeUsername(Client *c, str *olduser, str *newuser);
diff --git a/monetdb5/mal/mal_client.c b/monetdb5/mal/mal_client.c
--- a/monetdb5/mal/mal_client.c
+++ b/monetdb5/mal/mal_client.c
@@ -58,7 +58,6 @@
#include "mal_namespace.h"
#include "mal_private.h"
#include "mal_runtime.h"
-#include <mapi.h> /* for PROMPT1 */
/*
@@ -245,7 +244,7 @@ MCinitClientRecord(Client c, oid user, b
c->debugOptimizer = c->debugScheduler = 0;
c->flags = MCdefault;
c->errbuf = 0;
-
+// TODO: prompts are irrelevant
prompt = !fin ? GDKgetenv("monet_prompt") : PROMPT1;
c->prompt = GDKstrdup(prompt);
c->promptlength = strlen(prompt);
diff --git a/monetdb5/mal/mal_client.h b/monetdb5/mal/mal_client.h
--- a/monetdb5/mal/mal_client.h
+++ b/monetdb5/mal/mal_client.h
@@ -182,8 +182,10 @@ typedef struct CLIENT {
void *jaqlcontext;
/**/
bit use_protocol_buffer;
+ size_t request_content_length;
} *Client, ClientRec;
+
mal_export void MCinit(void);
mal_export int MAL_MAXCLIENTS;
diff --git a/monetdb5/mal/mal_readline.c b/monetdb5/mal/mal_readline.c
--- a/monetdb5/mal/mal_readline.c
+++ b/monetdb5/mal/mal_readline.c
@@ -465,31 +465,7 @@ readConsole(Client cntxt)
/* execute from stdin */
struct stat statb;
char *buf = NULL;
-/* TODO: do we need this?
- MapiCommand *cMsg = NULL;
- if (cntxt->use_protocol_buffer == TRUE) {
- // ok. move stuff from pb to cntxt->fdin->buf. Seems simple
enough.
- printf("AAAH!\n");
- cMsg = (MapiCommand*)
pbstream_read_message(cntxt->fdin->s,(pbstream_unpacker)&mapi_command__unpack);
- if (cMsg != NULL) {
- size_t len= strlen(cMsg->cmd);
- if( len >= cntxt->fdin->size) {
- cntxt->fdin->buf= realloc(cntxt->fdin->buf,
len+1);
- if( cntxt->fdin->buf == NULL)
- GDKerror("readConsole" MAL_MALLOC_FAIL);
- cntxt->fdin->size = len;
- }
- strncpy(cntxt->fdin->buf, buf,len);
- cntxt->fdin->pos = 0;
- cntxt->fdin->len = len;
- return 1;
- }
- else {
- cntxt->fdin->eof = 1;
- return -1;
- }
- }*/
if (cntxt->promptlength == 0 ||
!(fstat(fileno(stdin), &statb) == 0 && S_ISCHR(statb.st_mode)) )
return -1;
diff --git a/monetdb5/mal/mal_scenario.c b/monetdb5/mal/mal_scenario.c
--- a/monetdb5/mal/mal_scenario.c
+++ b/monetdb5/mal/mal_scenario.c
@@ -592,9 +592,11 @@ runScenario(Client c)
msg = runScenarioBody(c);
if (msg != MAL_SUCCEED &&
strcmp(msg,"MALException:client.quit:Server stopped."))
- // TODO: this strcmp is very horrible indeed
//mnstr_printf(c->fdout,"!%s\n",msg);
- pbstream_respond(c->fdout,PBSTREAM_RSP_ERR,(char *)msg,NULL);
+ // TODO: close client conn like this?
+ mnstr_flush(c->fdout);
+ mnstr_close(c->fdout);
+
return msg;
}
diff --git a/monetdb5/mal/mal_scenario.h b/monetdb5/mal/mal_scenario.h
--- a/monetdb5/mal/mal_scenario.h
+++ b/monetdb5/mal/mal_scenario.h
@@ -21,6 +21,8 @@
#define _MAL_SCENARIO_H
#include "mal_import.h"
+#include "httpjson.h"
+
#define MAL_SCENARIO_READER 0
#define MAL_SCENARIO_PARSER 1
diff --git a/monetdb5/mal/mal_session.c b/monetdb5/mal/mal_session.c
--- a/monetdb5/mal/mal_session.c
+++ b/monetdb5/mal/mal_session.c
@@ -152,7 +152,7 @@ exit_streams( stream *fin, stream *fout
}
void
-MSscheduleClient(MapiAuthChallenge * chMsg, MapiAuthResponse * rsMsg, stream
*fin, stream *fout)
+MSscheduleClient(str challenge, http_digest_header * rsMsg, stream *fin,
stream *fout)
{
char * dbname = NULL;
char * scenariomsg = NULL;
@@ -160,12 +160,15 @@ MSscheduleClient(MapiAuthChallenge * chM
Client c = NULL;
MT_Id p = 0;
+
dbname = GDKgetenv("gdk_dbname");
- if (rsMsg->databasename != NULL && strcmp(rsMsg->databasename, dbname)
!= 0) {
- pbstream_respond(fout, PBSTREAM_RSP_ERR, "request for database
'%s', "
+ if (rsMsg->realm != NULL && strcmp(rsMsg->realm, dbname) != 0) {
+ // TODO: use something else for errors different error
+
+ printf( "request for database '%s', "
"but this is database '%s', "
"did you mean to connect to monetdbd
instead?\n",
- rsMsg->databasename, dbname);
+ rsMsg->realm, dbname);
/* flush the error to the client, and abort further execution */
exit_streams(fin, fout);
return;
@@ -178,10 +181,10 @@ MSscheduleClient(MapiAuthChallenge * chM
/* access control: verify the credentials supplied by the user,
* no need to check for database stuff, because that is done per
* database itself (one gets a redirect) */
-
- err = AUTHcheckCredentials(&uid, &root, &rsMsg->username,
&rsMsg->saltedhash, &chMsg->salt, &rsMsg->saltedhashalgo);
+ err = AUTHcheckCredentials(&uid, &root, &challenge, rsMsg);
if (err != MAL_SUCCEED) {
- pbstream_respond(fout, PBSTREAM_RSP_ERR, "%s\n", err);
+ // TODO
+ printf( "%s\n", err);
exit_streams(fin, fout);
return;
}
@@ -193,14 +196,17 @@ MSscheduleClient(MapiAuthChallenge * chM
fprintf(stderr, "SABAOTHgetMyStatus: %s\n", err);
if (err != M5OutOfMemory)
GDKfree(err);
_______________________________________________
checkin-list mailing list
[email protected]
https://www.monetdb.org/mailman/listinfo/checkin-list
