Fabian, when configured with --enable-strict, this fail to compile on my Fedora 20 desktop: .../MonetDB/tools/merovingian/daemon/controlrunner.c: In function ‘ctl_handle_client’: .../MonetDB/tools/merovingian/daemon/controlrunner.c:387:13: error: ignoring return value of ‘chdir’, declared with attribute warn_unused_result [-Werror=unused-result] chdir(q); ^ cc1: all warnings being treated as errors I could not fix it quickly (i.e., checking and handling the return value of chdir()), as I could not quickly grasp how to do proper error/exception handling in this case ... Would be great, if you could have a look at it. Thanks! Stefan ----- Original Message -----

Changeset: 6177dd32ac5d for MonetDB URL: http://dev.monetdb.org/hg/MonetDB?cmd=changeset;node=6177dd32ac5d Modified Files: tools/merovingian/ChangeLog.Jan2014 tools/merovingian/client/monetdb.1 tools/merovingian/client/monetdb.c tools/merovingian/daemon/Makefile.ag tools/merovingian/daemon/controlrunner.c Branch: Jan2014 Log Message:

monetdb: allow databases to be created with a password for monetdb user

Creating a database with a custom password for the monetdb user makes it safer than when created with default/well-known credentials, hence it is not necessary to lock the database after creation.

diffs (190 lines):

diff --git a/tools/merovingian/ChangeLog.Jan2014 b/tools/merovingian/ChangeLog.Jan2014 --- a/tools/merovingian/ChangeLog.Jan2014 +++ b/tools/merovingian/ChangeLog.Jan2014 @@ -2,5 +2,7 @@ # This file is updated with mchangelog

* Sun Feb 16 2014 Fabian Groffen +- monetdb create: add -p flag to set monetdb user password on creation, + and therefore allow creating the database in unlocked state - monetdb destroy -f now also works on running databases

diff --git a/tools/merovingian/client/monetdb.1 b/tools/merovingian/client/monetdb.1 --- a/tools/merovingian/client/monetdb.1 +++ b/tools/merovingian/client/monetdb.1 @@ -52,12 +52,14 @@ stopping a database inside the MonetDB D For all commands, database arguments can be glob-like expressions. This allows to do wildcard matches. For details on the syntax, see .IR EXPRESSIONS . -.IP "create [\-m pattern] database [database ...]" +.IP "create [\-m pattern] [\-p password] database [database ...]" Initialises a new database in the MonetDB Database Server. A database created with this command makes it available under its database name, but not yet for use by clients, as the database is put into maintenance mode. This allows the database administrator to perform initialisation -steps before releasing it to users. See also +steps before releasing it to users, unless the +.I \-p +argument is supplied. See also .BR "monetdb lock" . The name of the database must match the expression [A\-Za\-z0\-9\-_]+. .IP " \-m pattern" @@ -74,6 +76,14 @@ or discovery. Each parallel target for sequence, separated by commas. Here the pattern is an ordinary pattern as would be used for connecting to a database, and can hence also be just the name of a database. +.IP " \-p password" +The +.I \-p +flag allows to create a database with the given password for the monetdb +user. Since this protects the database from being accessed via +well-known credentials, the created database is not locked after +creation. This way, a new database can be created and used right away +using the password supplied. .IP "destroy [\-f] database [database ...]" Removes the given database, including all its data and logfiles. Once destroy has completed, all data is lost. Be careful when using this diff --git a/tools/merovingian/client/monetdb.c b/tools/merovingian/client/monetdb.c --- a/tools/merovingian/client/monetdb.c +++ b/tools/merovingian/client/monetdb.c @@ -1435,6 +1435,7 @@ command_create(int argc, char *argv[]) { int i; char *mfunnel = NULL; + char *password = NULL; sabdb *orig = NULL; sabdb *stats = NULL;

@@ -1464,6 +1465,19 @@ command_create(int argc, char *argv[]) command_help(2, &argv[-1]); exit(1); } + } else if (argv[i][1] == 'p') { + if (argv[i][2] != '\0') { + password = &argv[i][2]; + argv[i] = NULL; + } else if (i + 1 < argc && argv[i + 1][0] != '-') { + argv[i] = NULL; + password = argv[++i]; + argv[i] = NULL; + } else { + fprintf(stderr, "create: -p needs an argument\n"); + command_help(2, &argv[-1]); + exit(1); + } } else { fprintf(stderr, "create: unknown option: %s\n", argv[i]); command_help(argc + 1, &argv[-1]); @@ -1492,6 +1506,13 @@ command_create(int argc, char *argv[]) simple_argv_cmd(argv[0], orig, cmd, "created multiplex-funnel in maintenance mode", NULL); free(cmd); + } else if (password != NULL) { + size_t len = strlen("create password=") + strlen(password) + 1; + char *cmd = malloc(len); + snprintf(cmd, len, "create password=%s", password); + simple_argv_cmd(argv[0], orig, cmd, + "created database with password for monetdb user", NULL); + free(cmd); } else { simple_argv_cmd(argv[0], orig, "create", "created database in maintenance mode", NULL); diff --git a/tools/merovingian/daemon/Makefile.ag b/tools/merovingian/daemon/Makefile.ag --- a/tools/merovingian/daemon/Makefile.ag +++ b/tools/merovingian/daemon/Makefile.ag @@ -27,7 +27,10 @@ monetdb_var_dbfarm_DATA = .merovingian_p INCLUDES = .. \ ../../../common/stream \ ../../../common/utils \ + ../../../common/options \ ../../../clients/mapilib \ + ../../../gdk \ + ../../../monetdb5/mal \ $(MSGCONTROL_FLAGS)

EXTRA_DIST = $(man_MANS) .merovingian_properties @@ -54,6 +57,8 @@ bin_monetdbd = { ../../../common/utils/libmsabaoth \ ../../../common/utils/libmuuid \ ../../../common/utils/libmutils \ + ../../../monetdb5/tools/libmonetdb5 \ + ../../../gdk/libbat \ $(UUID_LIBS) \ $(curl_LIBS) \ $(SOCKET_LIBS) \ diff --git a/tools/merovingian/daemon/controlrunner.c b/tools/merovingian/daemon/controlrunner.c --- a/tools/merovingian/daemon/controlrunner.c +++ b/tools/merovingian/daemon/controlrunner.c @@ -40,6 +40,10 @@ #include #include

+#include "gdk.h" /* these three for creation of dbs with password */ +#include "gdk_private.h" +#include "mal_authorize.h" + #include "merovingian.h" #include "discoveryrunner.h" /* broadcast, remotedb */ #include "forkmserver.h" @@ -353,8 +357,15 @@ static void ctl_handle_client( "database is not running: %s\n", q); send_client("!"); } - } else if (strcmp(p, "create") == 0) { - err e = db_create(q); + } else if (strcmp(p, "create") == 0 || + strncmp(p, "create password=", strlen("create password=")) == 0) { + err e; + + p += strlen("create"); + if (*p == ' ') + p += strlen(" password="); + + e = db_create(q); if (e != NO_ERR) { Mfprintf(_mero_ctlerr, "%s: failed to create " "database '%s': %s\n", origin, q, getErrMsg(e)); @@ -363,6 +374,43 @@ static void ctl_handle_client( send_client("!"); free(e); } else { + if (*p != '\0') { + pid_t child; + if ((child = fork()) == 0) { + FILE *secretf; + size_t len; + char *err; + char *vaultkey; + + /* the child, pollute scope by loading BBP */ + chdir(q); + + buf2[0] = '\0'; + if ((secretf = fopen(".vaultkey", "r")) != NULL) { + len = fread(buf2, 1, sizeof(buf2), secretf); + buf2[len] = '\0'; + len = strlen(buf2); /* secret can contain null-bytes */ + fclose(secretf); + } + BBPinit(); + vaultkey = buf2; + AUTHunlockVault(&vaultkey); + err = AUTHinitTables(&p); + if (err != NULL) { + Mfprintf(_mero_ctlerr, "%s: could not setup " + "database '%s': %s\n", origin, q, err); + } else { + /* don't start locked */ + unlink(".maintenance"); + } + + exit(0); /* return to the parent */ + } else { + /* wait for the child to finish */ + waitpid(child, NULL, 0); + } + } + Mfprintf(_mero_ctlout, "%s: created database '%s'\n", origin, q); len = snprintf(buf2, sizeof(buf2), "OK\n"); _______________________________________________ checkin-list mailing list checkin-list@monetdb.org https://www.monetdb.org/mailman/listinfo/checkin-list

-- | Stefan.Manegold@CWI.nl | DB Architectures (DA) | | www.CWI.nl/~manegold/ | Science Park 123 (L321) | | +31 (0)20 592-4212 | 1098 XG Amsterdam (NL) |