Update of /cvsroot/monetdb/sql/src/backends/monet5/merovingian
In directory 23jxhf1.ch3.sourceforge.com:/tmp/cvs-serv23444
Modified Files:
control.c control.h database.c merovingian.c
merovingian_controlrunner.c utils.c utils.h
Log Message:
require a password such that not every joker can destroy all of my databases
U database.c
Index: database.c
===================================================================
RCS file: /cvsroot/monetdb/sql/src/backends/monet5/merovingian/database.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- database.c 22 Sep 2009 19:17:10 -0000 1.9
+++ database.c 23 Sep 2009 11:41:51 -0000 1.10
@@ -17,9 +17,7 @@
* All Rights Reserved.
*/
-/* NOTE: for this file to work correctly, SABAOTHinit must be called,
- * and the random number generator must have been seeded (srand) with
- * something like the current time */
+/* NOTE: for this file to work correctly, SABAOTHinit must be called. */
#include "sql_config.h"
#include "mal_sabaoth.h"
U merovingian_controlrunner.c
Index: merovingian_controlrunner.c
===================================================================
RCS file:
/cvsroot/monetdb/sql/src/backends/monet5/merovingian/merovingian_controlrunner.c,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -d -r1.20 -r1.21
--- merovingian_controlrunner.c 23 Sep 2009 09:46:55 -0000 1.20
+++ merovingian_controlrunner.c 23 Sep 2009 11:41:51 -0000 1.21
@@ -136,7 +136,6 @@
if (sock == tsock) {
struct sockaddr_in saddr;
socklen_t saddrlen = sizeof(struct sockaddr_in);
- /* TODO */
/* below routine is eligable for a function (reuse in
* merovingian_client.c) */
@@ -169,6 +168,34 @@
hoste->h_name,
(unsigned)(ntohs(saddr.sin_port)));
}
}
+
+ /* send challenge */
+ p = buf;
+ generateSalt(&p, 32);
+ len = snprintf(buf2, sizeof(buf2),
+ "merovingian:%s:%s:\n", MERO_VERSION,
p);
+ send(msgsock, buf2, len, 0);
+ if ((pos = recv(msgsock, buf2, sizeof(buf2), 0)) == 0) {
+ close(msgsock);
+ continue;
+ } else if (pos == -1) {
+ Mfprintf(_mero_ctlerr, "%s: error reading from
control "
+ "channel: %s\n", origin,
strerror(errno));
+ close(msgsock);
+ continue;
+ }
+ buf2[pos] = '\0';
+ pos = 0;
+ p = control_hash(_mero_controlpass, p);
+ if (strcmp(buf2, p) != 0) {
+ Mfprintf(_mero_ctlout, "%s: permission denied
(bad passphrase)",
+ origin);
+ len = snprintf(buf2, sizeof(buf2),
+ "access denied\n");
+ send(msgsock, buf2, len, 0);
+ close(msgsock);
+ continue;
+ }
}
while (_mero_keep_listening) {
U utils.h
Index: utils.h
===================================================================
RCS file: /cvsroot/monetdb/sql/src/backends/monet5/merovingian/utils.h,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- utils.h 22 Sep 2009 19:17:10 -0000 1.8
+++ utils.h 23 Sep 2009 11:41:52 -0000 1.9
@@ -44,6 +44,7 @@
char *setConfVal(confkeyval *ckv, char *val);
void secondsToString(char *buf, time_t t, int longness);
void abbreviateString(char *ret, char *in, size_t width);
+void generateSalt(char *buf[], unsigned int len);
char *generatePassphraseFile(char *path);
#endif
U merovingian.c
Index: merovingian.c
===================================================================
RCS file: /cvsroot/monetdb/sql/src/backends/monet5/merovingian/merovingian.c,v
retrieving revision 1.63
retrieving revision 1.64
diff -u -d -r1.63 -r1.64
--- merovingian.c 23 Sep 2009 09:46:55 -0000 1.63
+++ merovingian.c 23 Sep 2009 11:41:51 -0000 1.64
@@ -57,6 +57,7 @@
#include "glob.h"
#include "database.h"
#include "utils.h"
+#include "control.h"
#include <stdlib.h> /* exit, getenv, rand, srand */
#include <stdarg.h> /* variadic stuff */
#include <stdio.h> /* fprintf */
U utils.c
Index: utils.c
===================================================================
RCS file: /cvsroot/monetdb/sql/src/backends/monet5/merovingian/utils.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- utils.c 22 Sep 2009 19:17:10 -0000 1.12
+++ utils.c 23 Sep 2009 11:41:52 -0000 1.13
@@ -23,6 +23,9 @@
* Shared utility functions between merovingian and monetdb
*/
+/* NOTE: for this file to work correctly, the random number generator
+ * must have been seeded (srand) with something like the current time */
+
#include "sql_config.h"
#include "utils.h"
#include <stdio.h> /* fprintf, fgets */
@@ -262,21 +265,34 @@
'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z',
'1', '2', '3', '4', '5', '6', '7', '8', '9', '0'};
-char *
-generatePassphraseFile(char *path)
+/**
+ * Fills the array pointed to by buf of size len with a random salt.
+ * Padds the remaining bytes in buf with null-bytes.
+ */
+void
+generateSalt(char **buf, unsigned int len)
{
unsigned int c;
- char buf[48];
- FILE *f;
unsigned int size = (unsigned int)rand();
- size = (size % (36 - 20)) + 20;
+ unsigned int fill = len * 0.75;
+ unsigned int min = len * 0.42;
+ size = (size % (fill - min)) + min;
for (c = 0; c < size; c++)
- buf[c] = seedChars[rand() % 62];
- for ( ; c < 48; c++)
- buf[c] = '\0';
+ (*buf)[c] = seedChars[rand() % 62];
+ for ( ; c < len; c++)
+ (*buf)[c] = '\0';
+}
+
+char *
+generatePassphraseFile(char *path)
+{
+ FILE *f;
+ char *buf = alloca(sizeof(char) * 48);
+
+ generateSalt(&buf, 48);
f = fopen(path, "w");
if (fwrite(buf, 1, 48, f) < 48) {
- snprintf(buf, sizeof(buf), "cannot write vaultkey: %s",
+ snprintf(buf, sizeof(buf), "cannot write secret: %s",
strerror(errno));
fclose(f);
return(strdup(buf));
U control.h
Index: control.h
===================================================================
RCS file: /cvsroot/monetdb/sql/src/backends/monet5/merovingian/control.h,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- control.h 18 Sep 2009 11:16:12 -0000 1.2
+++ control.h 23 Sep 2009 11:41:51 -0000 1.3
@@ -27,5 +27,6 @@
char* database,
char* command,
char wait);
+char* control_hash(char *pass, char *salt);
#endif
U control.c
Index: control.c
===================================================================
RCS file: /cvsroot/monetdb/sql/src/backends/monet5/merovingian/control.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- control.c 18 Sep 2009 11:16:12 -0000 1.3
+++ control.c 23 Sep 2009 11:41:51 -0000 1.4
@@ -104,3 +104,38 @@
return(NULL);
}
+
+/**
+ * Returns a hash for pass and salt, to use when logging in on a remote
+ * merovingian. The result is a malloced string.
+ */
+char *
+control_hash(char *pass, char *salt) {
+ unsigned int ho;
+ unsigned int h = 0;
+ char buf[32];
+
+ /* use a very simple hash function designed for a single int val
+ * (hash buckets), we can make this more interesting if necessary in
+ * the future.
+ *
http://www.cs.hmc.edu/~geoff/classes/hmc.cs070.200101/homework10/hashfuncs.html
*/
+
+ while (*pass != '\0') {
+ ho = h & 0xf8000000;
+ h <<= 5;
+ h ^= ho >> 27;
+ h ^= (unsigned int)(*pass);
+ pass++;
+ }
+
+ while (*salt != '\0') {
+ ho = h & 0xf8000000;
+ h <<= 5;
+ h ^= ho >> 27;
+ h ^= (unsigned int)(*salt);
+ salt++;
+ }
+
+ snprintf(buf, sizeof(buf), "%u", h);
+ return(strdup(buf));
+}
------------------------------------------------------------------------------
Come build with us! The BlackBerry® Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9-12, 2009. Register now!
http://p.sf.net/sfu/devconf
_______________________________________________
Monetdb-sql-checkins mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/monetdb-sql-checkins
