From 685ff5d4acc29e504aa4afae21bda4a11bb808c4 Mon Sep 17 00:00:00 2001
From: Denis Smirnov <sd@picodata.io>
Date: Mon, 18 Sep 2023 21:06:32 +0700
Subject: [PATCH] fix: auth API

box_auth_data_prepare() method declared to return a tuple while in
reality it returned a region allocated message pack string. Fixed.

NO_DOC=picodata internal patch
NO_CHANGELOG=picodata internal patch
NO_TEST=picodata internal patch
---
 src/box/box.cc            |  6 ++----
 src/box/box.h             |  7 ++++---
 test/app-tap/module_api.c | 12 ++++++++----
 3 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/src/box/box.cc b/src/box/box.cc
index d0c5859bb0..9aea8367ae 100644
--- a/src/box/box.cc
+++ b/src/box/box.cc
@@ -5310,7 +5310,7 @@ API_EXPORT int
 box_auth_data_prepare(const char *method_name, const char *method_name_end,
 		      const char *password, const char *password_end,
 		      const char *user_name, const char *user_name_end,
-		      box_tuple_t **result)
+		      const char **data, const char **data_end)
 {
 	assert(method_name != NULL);
 	assert(method_name_end != NULL);
@@ -5328,9 +5328,7 @@ box_auth_data_prepare(const char *method_name, const char *method_name_end,
 		return -1;
 	}
 
-	const char *data, *data_end;
 	auth_data_prepare(auth, password, password_end - password, user_name,
-			  user_name_end - user_name, &data, &data_end);
-	*result = (box_tuple_t *)data;
+			  user_name_end - user_name, data, data_end);
 	return 0;
 }
diff --git a/src/box/box.h b/src/box/box.h
index ce25da071a..1df8996cdc 100644
--- a/src/box/box.h
+++ b/src/box/box.h
@@ -422,8 +422,9 @@ typedef void
  * \param password_end pointer to the end of the password data
  * \param user_name pointer to the user name
  * \param user_name_end pointer to the end of the user name
- * \param[out] result a pointer to a tuple with authentication data
- *             (must be freed with box_tuple_unref())
+ * \param[out] data a pointer to a MessagePack with authentication data
+ *             string. The string is allocated on the fiber region.
+ * \param[out] data_end a pointer to the end of the authentication data.
  * \retval -1 on error
  * \retval 0 on success
  */
@@ -431,7 +432,7 @@ API_EXPORT int
 box_auth_data_prepare(const char *method_name, const char *method_name_end,
 		      const char *password, const char *password_end,
 		      const char *user_name, const char *user_name_end,
-		      box_tuple_t **result);
+		      const char **data, const char **data_end);
 
 /**
  * Return a tuple from stored C procedure.
diff --git a/test/app-tap/module_api.c b/test/app-tap/module_api.c
index c404d3a404..f775f60bca 100644
--- a/test/app-tap/module_api.c
+++ b/test/app-tap/module_api.c
@@ -3331,7 +3331,8 @@ test_box_auth_data_prepare(struct lua_State *L)
 {
 	size_t region_svp = box_region_used();
 
-	box_tuple_t *auth_data = NULL;
+	const char *auth_data = NULL;
+	const char *auth_data_end = NULL;
 	const char *empty = "";
 	const char *password = "password";
 	const char *user = "user";
@@ -3342,36 +3343,39 @@ test_box_auth_data_prepare(struct lua_State *L)
 	int rc = box_auth_data_prepare(md5, md5 + strlen(md5),
 				       password, password + strlen(password),
 				       user, user + strlen(user),
-				       &auth_data);
+				       &auth_data, &auth_data_end);
 	fail_unless(rc == 0);
 	char *hash = (char *)mp_decode_str((const char **)(&auth_data), &len);
 	const char *md5_hash = "md54d45974e13472b5a0be3533de4666414";
 	fail_unless(len == strlen(md5_hash));
 	fail_unless(strncmp(hash, md5_hash, len) == 0);
+	fail_unless(hash + len == auth_data_end);
 
 	/* Check chap-sha1 */
 	const char *chap_sha1 = "chap-sha1";
 	rc = box_auth_data_prepare(chap_sha1, chap_sha1 + strlen(chap_sha1),
 				   password, password + strlen(password),
 				   empty, empty + 0,
-				   &auth_data);
+				   &auth_data, &auth_data_end);
 	fail_unless(rc == 0);
 	hash = (char *)mp_decode_str((const char **)(&auth_data), &len);
 	const char *sha1_hash = "JHDAwG3uQv0WGLuZAFrcouydHhk=";
 	fail_unless(len == strlen(sha1_hash));
 	fail_unless(strncmp(hash, sha1_hash, len) == 0);
+	fail_unless(hash + len == auth_data_end);
 
 	/* Check ldap */
 	const char *ldap = "ldap";
 	rc = box_auth_data_prepare(ldap, ldap + strlen(ldap),
 				   empty, empty + 0,
 				   empty, empty + 0,
-				   &auth_data);
+				   &auth_data, &auth_data_end);
 	fail_unless(rc == 0);
 	hash = (char *)mp_decode_str((const char **)(&auth_data), &len);
 	const char *ldap_hash = "";
 	fail_unless(len == strlen(ldap_hash));
 	fail_unless(strncmp(hash, ldap_hash, len) == 0);
+	fail_unless(hash + len == auth_data_end);
 
 	box_region_truncate(region_svp);
 	lua_pushboolean(L, 1);
-- 
GitLab