Re: MonetDB: Jan2014 - AUTHinitTables: allow passing a password for ...
Fabian, this reeks of a forbidden ABI change. On 2014-02-16 22:36, Fabian Groffen wrote:
Changeset: 8f6aa798f4c5 for MonetDB URL: http://dev.monetdb.org/hg/MonetDB?cmd=changeset;node=8f6aa798f4c5 Modified Files: clients/Tests/exports.stable.out monetdb5/mal/mal_authorize.c monetdb5/mal/mal_authorize.h Branch: Jan2014 Log Message:
AUTHinitTables: allow passing a password for monetdb user
This allows to securely setup a new database.
diffs (62 lines):
diff --git a/clients/Tests/exports.stable.out b/clients/Tests/exports.stable.out --- a/clients/Tests/exports.stable.out +++ b/clients/Tests/exports.stable.out @@ -881,7 +881,7 @@ str AUTHcheckCredentials(oid *ret, Clien str AUTHgetPasswordHash(str *ret, Client *c, str *username); str AUTHgetUsername(str *ret, Client *c); str AUTHgetUsers(BAT **ret, Client *c); -str AUTHinitTables(void); +str AUTHinitTables(str *passwd); str AUTHremoveUser(Client *c, str *username); str AUTHrequireAdmin(Client *c); str AUTHresolveUser(str *ret, oid *uid); diff --git a/monetdb5/mal/mal_authorize.c b/monetdb5/mal/mal_authorize.c --- a/monetdb5/mal/mal_authorize.c +++ b/monetdb5/mal/mal_authorize.c @@ -112,12 +112,13 @@ AUTHcommit(void) * Localize the authorization tables in the database. The authorization * tables are a set of aligned BATs that store username, password (hashed) * and scenario permissions. - * If the BATs do not exist, they are created, and the monetdb/monetdb - * administrator account is added. Initialising the authorization tables - * can only be done after the GDK kernel has been initialized. + * If the BATs do not exist, they are created, and the monetdb + * administrator account is added with the given password (or 'monetdb' + * if NULL). Initialising the authorization tables can only be done + * after the GDK kernel has been initialized. */ str -AUTHinitTables(void) { +AUTHinitTables(str *passwd) { bat bid; BAT *b; int isNew = 1; @@ -168,12 +169,13 @@ AUTHinitTables(void) { /* insert the monetdb/monetdb administrator account on a * complete fresh and new auth tables system */ str user = "monetdb"; - str pw; /* will become the right hash for "monetdb" */ - int len = (int) strlen(user); + str pw = "monetdb"; oid uid; Client c = &mal_clients[0];
- pw = mcrypt_BackendSum(user /* because user == pass */, len); + if (passwd != NULL && *passwd != NULL) + pw = *passwd; + pw = mcrypt_BackendSum(pw, strlen(pw)); msg = AUTHaddUser(&uid, &c, &user, &pw); free(pw); if (msg) diff --git a/monetdb5/mal/mal_authorize.h b/monetdb5/mal/mal_authorize.h --- a/monetdb5/mal/mal_authorize.h +++ b/monetdb5/mal/mal_authorize.h @@ -38,7 +38,7 @@ mal_export str AUTHgetUsers(BAT **ret, C mal_export str AUTHgetPasswordHash(str *ret, Client *c, str *username);
mal_export str AUTHrequireAdmin(Client *c); -mal_export str AUTHinitTables(void); +mal_export str AUTHinitTables(str *passwd);
/* _______________________________________________ checkin-list mailing list checkin-list@monetdb.org https://www.monetdb.org/mailman/listinfo/checkin-list
-- Sjoerd Mullender
On 17-02-2014 08:18:35 +0100, Sjoerd Mullender wrote:
Fabian, this reeks of a forbidden ABI change.
The ABI/API should not be externally visible. Or at least it was not. But anyway, you're probably right that it's more a feature than a fix, so if you feel it should be on default, and not Jan2014, then that's fine with me. Fabian
participants (2)
-
Fabian Groffen -
Sjoerd Mullender