- Aug 04, 2023
-
-
Dmitry Ivanov authored
NO_DOC=picodata internal patch NO_CHANGELOG=picodata internal patch NO_TEST=picodata internal patch
-
- Aug 02, 2023
-
-
Dmitry Ivanov authored
NO_DOC=picodata internal patch NO_CHANGELOG=picodata internal patch NO_TEST=picodata internal patch
-
Dmitry Ivanov authored
Better late than never.
-
- Jul 24, 2023
-
-
Dmitry Ivanov authored
Unfortunately, Centos 7 provides only openssl 1.0.2 (at lest if we disregard epel), so we can't build the bundled libldap & libsasl2. "Okay", one might think, "we can link against the distro's libs". Well, turns out libldap 2.4, which is what we have to deal with in that case, doesn't have ldap_connect! Luckily, we don't have to connect explicitly. According to man pages: ``` ldap_init() acts just like ldap_open(), but does not open a connection to the LDAP server. The actual connection open will occur when the first operation is attempted. ldap_initialize() acts like ldap_init()... ``` This is still true for libldap up to and including version 2.6. NO_DOC=picodata internal patch NO_CHANGELOG=picodata internal patch NO_TEST=picodata internal patch
-
- Jul 21, 2023
-
-
Dmitry Ivanov authored
This is needed to fix Ninja, which requires them to build a dependency graph. NO_DOC=picodata internal patch NO_CHANGELOG=picodata internal patch NO_TEST=picodata internal patch
-
- Jul 20, 2023
-
-
Dmitry Ivanov authored
Now it's possible to specify the desired authentication method during user creation via `auth_type`, e.g. ```lua box.schema.user.create('mickey', { auth_type = 'chap-sha1', password = 'foobar' }) ``` Furthermore, authentication methods may now specify that they don't require password to create stored authentication info. This is used in LDAP authentication (`auth_type = 'ldap'`): ```lua box.schema.user.create('mickey', { auth_type = 'ldap' }) ``` NO_DOC=picodata internal patch NO_CHANGELOG=picodata internal patch NO_TEST=picodata internal patch
-
Dmitry Ivanov authored
This authentication method doesn't store any secrets; instead, we delegate the whole auth to a pre-configured LDAP server. In the method's implementation, we connect to the LDAP server and perform a BIND operation which checks user's credentials. Usage example: ```lua -- Set the default auth method to LDAP and create a new user. -- NOTE that we still have to provide a dummy password; otherwise -- box.schema.user.create will setup an empty auth data. box.cfg({auth_type = 'ldap'}) box.schema.user.create('demo', { password = '' }) -- Configure LDAP server connection URL and DN format string. os = require('os') os.setenv('TT_LDAP_URL', 'ldap://localhost:1389') os.setenv('TT_LDAP_DN_FMT', 'cn=$USER,ou=users,dc=example,dc=org') -- Authenticate using the LDAP authentication method via net.box. conn = require('net.box').connect(uri, { user = 'demo', password = 'password', auth_type = 'ldap', }) ``` NO_DOC=picodata internal patch NO_CHANGELOG=picodata internal patch NO_TEST=picodata internal patch
-
Dmitry Ivanov authored
This is required for LDAP authentication, because we need username to format the corresponding DN. NO_DOC=picodata internal patch NO_CHANGELOG=picodata internal patch NO_TEST=picodata internal patch
-
Maksim Kaitmazian authored
box.schema.user.passwd doesn't change the password for the current user because new password is passed instead of the user name. NO_CHANGELOG=fix an unreleased bug NO_DOC=fix an unreleased bug
-
Maksim Kaitmazian authored
It fixes the following assertion ```bash tarantool: ./src/lib/core/crypt.c:84: md5_encrypt: Assertion `password_len + salt_len > 0' failed. ``` caused by the following code ```lua box.cfg{auth_type='md5'} box.schema.user.password("") ``` NO_CHANGELOG=fix an unreleased feature NO_DOC=fix an unreleased feature
-
Maksim Kaitmazian authored
part of picodata/tarantool#21 NO_CHANGELOG=refactoring NO_DOC=refactoring
-
Дмитрий Кибирев authored
NO_DOC=ci change NO_TEST=ci change NO_CHANGELOG=ci change
-
Arseniy Volynets authored
Previous commit caused CI `pack` job to fail on some linux distros. This commit fixes the warnings from compiler. NO_DOC=picodata internal patch NO_CHANGELOG=picodata internal patch NO_TEST=picodata internal patch
-
- Jul 17, 2023
-
-
Arseniy Volynets authored
- Add a configurable non-negative session parameter "sql_vdbe_max_steps" -- max number of opcodes that Vdbe is allowed to execute for sql query. - Default value can be specified in box.cfg. If not set via box.cfg, default value is 45000. Value 0 means that no checks for number of executed Vdbe opcodes will be made. - Add the third argument to box.execute function, that allows to specify options for query execution. The only option supported: sql_vdbe_max_steps. Usage example: ``` box.execute([[select * from t]], {}, {{sql_vdbe_max_steps = 1000}}) ``` part of picodata/picodata/sbroad!461 NO_DOC=picodata internal patch NO_CHANGELOG=picodata internal patch
-
- Jul 13, 2023
-
-
Maksim Kaitmazian authored
It prevents password sniffing and avoids storing passwords on the server in plain text but provides no protection if an attacker manages to steal the password hash from the server. Usage example: ```lua -- Enable the md5 authentication method for all new users. box.cfg({auth_type = 'md5'}) -- Reset existing user passwords to use the md5 authentication method. box.schema.user.passwd('alice', 'topsecret') -- Authenticate using the md5 authentication method via net.box. conn = require('net.box').connect(uri, { user = 'alice', password = 'topsecret', -- Specifying the authentication method isn't strictly necessary: -- by default the client will use the method set in the remote -- server config (box.cfg.auth_type) auth_type = 'md5', }) ``` part of picodata/picodata/sbroad!377 @TarantoolBot document Title: md5 authentication method See the commit message.
-
Maksim Kaitmazian authored
User name is usually used as a salt for user password in order to avoid password repeating. For instance, postgres md5 authentication stores passwords as md5("password", "user"), so that the same passwords are represented by different hashes. part of picodata/picodata/sbroad!377 @TarantoolBot document Title: Document updated `box.schema.user.password` declaration. Since auth methods can use user name for hashing, user name is added to argument list of `box.schema.user.password`. NO_TEST=there are no methods that use user name
-
godzie44 authored
Calling a `TRASH` macro after calling the `free` function dereferences the pointer to the already freed memory. NO_DOC=picodata internal patch NO_CHANGELOG=picodata internal patch NO_TEST=picodata internal patch
-
- Jun 23, 2023
-
-
There used to be a rare error when failed to connect via tarantoolctl to listening cartridge console. It was caused by unclear console.local_print() contract. Starting from gh-7031 fix, the function assumed string-only arguments, while in some cases cdata error was passed. Now console.local_print() prints all non-string arguments as is, without modifying potential local_eos. Closes #8374 NO_DOC=bugfix NO_TEST=very hard to test
-
Tuple hash calculation tests for the C API were incorrect. Thanks to the full pipeline with DEBUG build we detected the problem and fixed it. NO_DOC=picodata internal patch NO_CHANGELOG=picodata internal patch
-
Picodata supports cluster-wide SQL and needs some predictable method to calculate tuple hashes for the bucket ids. Method should be available for Lua, C and Rust users. It was decided to expose a murmur3 hash calculation method of the key_def module. NO_DOC=picodata internal patch NO_CHANGELOG=picodata internal patch
-
Introduced a new type of cbus pipe - lcpipe. The current pipe in the cbus - cpipe, has a number of limitations, first of all - the cpipe cannot be used from the 3rd party threads, cpipe only works as a channel between two cords. That why lcpipe is needed. Its main responsibility - create channel between any thread and tarantool cord. Internally lcpipe is a cpipe, but: - on flush triggers removed, cause triggers use thread-local mem-pool, this is not possible on a third party thread - producer event loop removed, cause there is no libev event loop in third party thread Also, lcpipe interface is exported to the outside world. NO_DOC=core feature
-
Дмитрий Кольцов authored
NO_DOC=disable feedback NO_TEST=disable feedback
-
The index directory is created on demand since commit c00ba8e7 ("xlog: make log directory if needed") and removed when it becomes empty. There's no need to create it when an index is created anymore. Follow-up #8441 NO_DOC=bugfix
-
When vinyl space is dropped, its files are left on the file system until GC removes them. At the moment GC removes only run files, but not the root directory. These empty directories are never removed and occupy 4KB on ext-family file systems each. In a case of many dropped vinyl spaces it can become a serious disk space and inode leak. Current commit makes gc always remove root directory if there are no runs in it. Closes #8441 NO_DOC=bugfix
-
Дмитрий Кольцов authored
NO_DOC=core feature NO_TEST=no Lua API NO_CHANGELOG=bugfix
-
Дмитрий Кольцов authored
Due to inconsistency of Tarantool type casting while using strict data types as "double" or "unsigned" it is needed to use "number" data type in a whole bunch of cases. However "number" may contain "decimal" that will be serialized into string by JSON builtin module. This commit adds "encode_decimal_as_number" parameter to json.cfg{}. That forces to encode `decimal` as JSON number to force type consistency in JSON output. Use with catious - most of JSON parsers assume that number is restricted to float64. NO_DOC=we do not host doc
-
Previously, select "t1"."a" from (select "a" from "t") as "t1"; returned a result column name `t1` instead of `t1.a` because of incorrect work of a dequoting function. The reason was that previously sqlDequote() function finished its work when found the first closing quote. Old logic worked for simple selects where the column name doesn't contain an explicit scan name ("a" -> a). But for the sub-queries results sqlDequote() finished its work right after the scan name ("t1"."a" -> t1). Now the function continues its deqouting till it gets the null terminator at the end of the string. Closes #7063 NO_DOC=don't change any public API, only a bug fix Co-authored-by:
Mergen Imeev <imeevma@gmail.com>
-
Actually there is no reason to throw an error and make a user manually recreate prepared statement when it expires. A much more user friendly way is to recreate it under hood when statement's schema version differs from the box one. NO_DOC=refactoring NO_TEST=refactoring NO_CHANGELOG=refactoring
-
Problem description. When we prepare a statement with parameters in the result columns (for example box.prepare('select ?')) Tarantool has no information about the type of the output column and set it to default boolean. Then, on the execution phase, the type would be recalculated during the parameter binding. Tarantool expects that there is no way for parameter to appear in the result tuple other than exactly be mentioned in the final projection. But it is incorrect - we can easily propagate parameter from the inner part of the join. For example box.prepare([[select COLUMN_1 from t1 join (values (?)) as t2 on true]]) In this case column COLUMN_1 in the final projection is not a parameter, but a "reference" to it and its type depends on the parameter from the inner part of the join. But as Tarantool recalculates only binded parameters in the result projection, it doesn't change the default boolean metadata type of the COLUMN_1 and the query fails on comparison with the actual type of the tuple. Solution. As we don't want to patch Vdbe to make COLUMN_1 refer inner parameter, it was decided to make a simple workaround: change the default column type from BOOLEAN to ANY for parameters. It fixes the comparison with the actual tuple type (we do not fail), but in some cases get ANY column in the results where we would like to have explicitly defined type. Also NULL parameters would also have ANY type, though Tarantool prefers to have BOOLEAN in this case. Closes https://github.com/tarantool/tarantool/issues/7283 NO_DOC=bug fix
-
sql: add sql_execute_prepared_ext function, same as sql_execute_prepared but without `region` parameter closes #2 NO_DOC=minor NO_TEST=minor
-
- add box_tuple_data_offset function (return offset of the messagePack encoded data from the beginning of the tuple) - add more export functions closes #1 NO_DOC=build NO_TEST=build
-
Add to .gitlab.ci.yml test_linux, test_debian_docker_luacheck, coverage from .travis.mk. Also sign package on build Add checkpatch linter. Add docker image build. Image copies original tarantool/tarantool from Dockerhub NO_DOC=ci change NO_TEST=ci change NO_CHANGELOG=ci change
-
- May 24, 2023
-
-
Kirill Yukhin authored
Also, remove RC-related changelog. NO_DOC=no code changes NO_TEST=no code changes NO_CHANGELOG=no code changes
-
- Mar 07, 2023
-
-
Kirill Yukhin authored
Remove all entries since they're part of 2.11.0-rc2 changelog. NO_DOC=no code changes NO_TEST=no code changes NO_CHANGELOG=no code changes
-
Kirill Yukhin authored
NO_DOC=no code changes NO_TEST=no code changes NO_CHANGELOG=no code changes
-
andrei.aksenov authored
Fix grammar, punctuation, and wording NO_CHANGELOG=changelog NO_DOC=changelog NO_TEST=changelog
-
Georgiy Lebedev authored
In some cases unsafe extension decoding was done without bound and type checks: add necessary checks. Closes tarantool/security#73 NO_DOC=bugfix (cherry picked from commit 1de6a071)
-
- Mar 06, 2023
-
-
Oleg Jukovec authored
This patch addresses coverity complain 1535241. Follow-up #8047 NO_TEST=nit NO_CHANGELOG=nit NO_DOC=nit (cherry picked from commit 089cbfa9)
-
Vladimir Davydov authored
If the 'after' key is less than the search key in case of ge/gt or greater than the search key in case of le/lt, the iterator either crashes (vinyl) or returns invalid result (memtx). This happens because the engine implementation doesn't expect an invalid 'after' key. Let's fix this by raising an error at the top level in case the 'after' key doesn't meet the search criteria. Closes #8403 Closes #8404 NO_DOC=bug fix NO_CHANGELOG=unreleased (cherry picked from commit c561202d)
-
Vladimir Davydov authored
Currently, if the position isn't compatible with the index, we raise an error like "Invalid key part count ...". From this error it's difficult to figure out whether it's for the given iterator position of for the search key. Let's always raise ER_ITERATOR_POSITION in this case. Later on we'll use stacked diag to add extra error info. Needed for #8403 Needed for #8404 NO_DOC=bug fix NO_CHANGELOG=unreleased (cherry picked from commit 81d43c17)
-