Changeset: 78acdb6b0452 for MonetDB
URL: https://dev.monetdb.org/hg/MonetDB?cmd=changeset;node=78acdb6b0452
Modified Files:
monetdb5/mal/mal_authorize.c
monetdb5/mal/mal_authorize.h
monetdb5/modules/mal/remote.c
sql/server/rel_schema.c
Branch: remote_auth
Log Message:
Change the authorization functions to be keyed by local table
The look up key should be the local "schema.table" string that
identifies the table we want to access.
diffs (148 lines):
diff --git a/monetdb5/mal/mal_authorize.c b/monetdb5/mal/mal_authorize.c
--- a/monetdb5/mal/mal_authorize.c
+++ b/monetdb5/mal/mal_authorize.c
@@ -942,27 +942,26 @@ AUTHverifyPassword(const char *passwd)
}
str
-AUTHgetRemoteTableCredentials(const char *uri, Client cntxt, str *username,
str *password)
+AUTHgetRemoteTableCredentials(const char *local_table, Client cntxt, str *uri,
str *username, str *password)
{
FILE *fp = fopen("/tmp/remote_table_auth.txt", "r");
- str localuser;
- str luri;
- str tmp;
+ str ltbl;
+ // str tmp;
char buf[BUFSIZ];
char *p, *q;
- (void)uri;
+ (void)cntxt;
fread(buf, 1, BUFSIZ, fp);
q = buf;
p = strchr(buf, ',');
*p = 0;
- luri = GDKstrdup(q);
+ ltbl = GDKstrdup(q);
q = p + 1;
p = strchr(q, ',');
*p = 0;
- localuser = GDKstrdup(q);
+ *uri = GDKstrdup(q);
q = p + 1;
p = strchr(q, ',');
@@ -977,36 +976,32 @@ AUTHgetRemoteTableCredentials(const char
fclose(fp);
/* mem leak */
- rethrow("checkCredentials", tmp, AUTHrequireAdminOrUser(cntxt,
localuser));
- if (strcmp(uri, luri)) {
- GDKfree(luri);
- GDKfree(localuser);
+ // rethrow("checkCredentials", tmp, AUTHrequireAdminOrUser(cntxt,
localuser));
+ if (strcmp(local_table, ltbl)) {
+ GDKfree(ltbl);
throw(MAL, "getRemoteTableCredentials", SQLSTATE(HY001) "URIs
do not match");
}
- GDKfree(luri);
- GDKfree(localuser);
+ GDKfree(ltbl);
+ // GDKfree(localuser);
return MAL_SUCCEED;
}
str
-AUTHaddRemoteTableCredentials(const char *uri, const char *localuser, const
char *remoteuser, const char *pass, bool pw_encrypted)
+AUTHaddRemoteTableCredentials(const char *local_table, const char *localuser,
const char *uri, const char *remoteuser, const char *pass, bool pw_encrypted)
{
/* Work in Progress */
FILE *fp = fopen("/tmp/remote_table_auth.txt", "w");
char *password = NULL;
bool free_pw = false;
str tmp;
- BUN p;
if (uri == NULL || strNil(uri))
throw(ILLARG, "addRemoteTableCredentials", "URI cannot be nil");
if (localuser == NULL || strNil(localuser))
throw(ILLARG, "addRemoteTableCredentials", "local user name
cannot be nil");
- (void)p;
-
if (pass == NULL) {
/* NOTE: Is having the client == NULL safe? */
AUTHgetPasswordHash(&password, NULL, localuser);
@@ -1022,7 +1017,7 @@ AUTHaddRemoteTableCredentials(const char
}
rethrow("addUser", tmp, AUTHverifyPassword(password));
- fprintf(fp, "%s,%s,%s,%s\n",uri, localuser, remoteuser, password);
+ fprintf(fp, "%s,%s,%s,%s\n", local_table, uri, remoteuser, password);
fclose(fp);
if (free_pw) {
diff --git a/monetdb5/mal/mal_authorize.h b/monetdb5/mal/mal_authorize.h
--- a/monetdb5/mal/mal_authorize.h
+++ b/monetdb5/mal/mal_authorize.h
@@ -27,8 +27,8 @@ mal_export str AUTHgetPasswordHash(str *
mal_export str AUTHinitTables(const char *passwd);
-mal_export str AUTHaddRemoteTableCredentials(const char *uri, const char
*localuser, const char *remoteuser, const char *pass, bool pw_encrypted);
-mal_export str AUTHgetRemoteTableCredentials(const char *uri, Client cntxt,
str *username, str *password);
+mal_export str AUTHaddRemoteTableCredentials(const char *local_table, const
char *localuser, const char *uri, const char *remoteuser, const char *pass,
bool pw_encrypted);
+mal_export str AUTHgetRemoteTableCredentials(const char *local_table, Client
cntxt, str *uri, str *username, str *password);
/*
diff --git a/monetdb5/modules/mal/remote.c b/monetdb5/modules/mal/remote.c
--- a/monetdb5/modules/mal/remote.c
+++ b/monetdb5/modules/mal/remote.c
@@ -260,6 +260,7 @@ str RMTconnect(
str
RMTconnectURI(Client cntxt, MalBlkPtr mb, MalStkPtr stk, InstrPtr pci)
{
+ char *local_table;
char *remoteuser;
char *passwd;
char *uri;
@@ -271,13 +272,13 @@ RMTconnectURI(Client cntxt, MalBlkPtr mb
(void)mb;
- uri = *getArgReference_str(stk, pci, 1);
+ local_table = *getArgReference_str(stk, pci, 1);
scen = *getArgReference_str(stk, pci, 2);
- if (uri == NULL || strcmp(uri, (str)str_nil) == 0) {
- throw(ILLARG, "remote.connect", ILLEGAL_ARGUMENT ": URI is NULL
or nil");
+ if (local_table == NULL || strcmp(local_table, (str)str_nil) == 0) {
+ throw(ILLARG, "remote.connect", ILLEGAL_ARGUMENT ": local table
is NULL or nil");
}
- rethrow("remote.connect", tmp, AUTHgetRemoteTableCredentials(uri,
cntxt, &remoteuser, &passwd));
+ rethrow("remote.connect", tmp,
AUTHgetRemoteTableCredentials(local_table, cntxt, &uri, &remoteuser, &passwd));
/* The password we just got is hashed. Add the byte \1 in front to
* signal this fact to the mapi. */
diff --git a/sql/server/rel_schema.c b/sql/server/rel_schema.c
--- a/sql/server/rel_schema.c
+++ b/sql/server/rel_schema.c
@@ -948,9 +948,11 @@ rel_create_table(mvc *sql, sql_schema *s
if (tt == tt_remote) {
char *local_user = stack_get_string(sql,
"current_user");
+ char *local_table = sa_strconcat(sql->sa,
sa_strconcat(sql->sa, sname, "."), name);
if (!mapiuri_valid(loc))
return sql_error(sql, 02, SQLSTATE(42000)
"CREATE TABLE: incorrect uri '%s' for remote table '%s'", loc, name);
- char *reg_credentials =
AUTHaddRemoteTableCredentials(mapiuri_uri(loc, sql->sa), local_user, username,
password, pw_encrypted);
+
+ char *reg_credentials =
AUTHaddRemoteTableCredentials(local_table, local_user, mapiuri_uri(loc,
sql->sa), username, password, pw_encrypted);
if (reg_credentials != 0) {
return sql_error(sql, 02, SQLSTATE(42000)
"CREATE TABLE: cannot register credentials for remote table '%s' in vault: %s",
name, reg_credentials);
}
_______________________________________________
checkin-list mailing list
[email protected]
https://www.monetdb.org/mailman/listinfo/checkin-list
