Skip to content
Snippets Groups Projects
  1. Aug 02, 2023
  2. Jul 24, 2023
    • Dmitry Ivanov's avatar
      fix: Establish LDAP connections implicitly · 6131a2b5
      Dmitry Ivanov authored
      Unfortunately, Centos 7 provides only openssl 1.0.2 (at lest if we
      disregard epel), so we can't build the bundled libldap & libsasl2.
      "Okay", one might think, "we can link against the distro's libs".
      Well, turns out libldap 2.4, which is what we have to deal with in
      that case, doesn't have ldap_connect!
      
      Luckily, we don't have to connect explicitly. According to man pages:
      
      ```
      ldap_init() acts just like ldap_open(), but does not open a connection
      to the LDAP server.  The actual connection open will occur when the
      first operation is attempted.
      
      ldap_initialize()  acts  like ldap_init()...
      ```
      
      This is still true for libldap up to and including version 2.6.
      
      NO_DOC=picodata internal patch
      NO_CHANGELOG=picodata internal patch
      NO_TEST=picodata internal patch
      6131a2b5
  3. Jul 21, 2023
  4. Jul 20, 2023
    • Dmitry Ivanov's avatar
      feat: Add `auth_type` to box.schema.user.create() · 43ab3225
      Dmitry Ivanov authored
      Now it's possible to specify the desired authentication method during
      user creation via `auth_type`, e.g.
      
      ```lua
      box.schema.user.create('mickey', { auth_type = 'chap-sha1',
                                         password = 'foobar' })
      ```
      
      Furthermore, authentication methods may now specify that they don't
      require password to create stored authentication info. This is used
      in LDAP authentication (`auth_type = 'ldap'`):
      
      ```lua
      box.schema.user.create('mickey', { auth_type = 'ldap' })
      ```
      
      NO_DOC=picodata internal patch
      NO_CHANGELOG=picodata internal patch
      NO_TEST=picodata internal patch
    • Dmitry Ivanov's avatar
      feat: Implement LDAP authentication · a276dce6
      Dmitry Ivanov authored
      This authentication method doesn't store any secrets; instead,
      we delegate the whole auth to a pre-configured LDAP server. In
      the method's implementation, we connect to the LDAP server and
      perform a BIND operation which checks user's credentials.
      
      Usage example:
      
      ```lua
      -- Set the default auth method to LDAP and create a new user.
      -- NOTE that we still have to provide a dummy password; otherwise
      -- box.schema.user.create will setup an empty auth data.
      box.cfg({auth_type = 'ldap'})
      box.schema.user.create('demo', { password = '' })
      
      -- Configure LDAP server connection URL and DN format string.
      os = require('os')
      os.setenv('TT_LDAP_URL', 'ldap://localhost:1389')
      os.setenv('TT_LDAP_DN_FMT', 'cn=$USER,ou=users,dc=example,dc=org')
      
      -- Authenticate using the LDAP authentication method via net.box.
      conn = require('net.box').connect(uri, {
          user = 'demo',
          password = 'password',
          auth_type = 'ldap',
      })
      ```
      
      NO_DOC=picodata internal patch
      NO_CHANGELOG=picodata internal patch
      NO_TEST=picodata internal patch
      a276dce6
    • Dmitry Ivanov's avatar
      feat: Pass user to auth_method::authenticator_check_request · 2a59e1cd
      Dmitry Ivanov authored
      This is required for LDAP authentication, because we need
      username to format the corresponding DN.
      
      NO_DOC=picodata internal patch
      NO_CHANGELOG=picodata internal patch
      NO_TEST=picodata internal patch
      2a59e1cd
    • Maksim Kaitmazian's avatar
      fix: box.schema.user.passwd doesn't change the password · 794e7706
      Maksim Kaitmazian authored
      box.schema.user.passwd doesn't change the password for the current
      user because new password is passed instead of the user name.
      
      NO_CHANGELOG=fix an unreleased bug
      NO_DOC=fix an unreleased bug
    • Maksim Kaitmazian's avatar
      fix: allow empty password and username in MD5 · fbd187f8
      Maksim Kaitmazian authored
      It fixes the following assertion
      ```bash
      tarantool: ./src/lib/core/crypt.c:84: md5_encrypt:
      Assertion `password_len + salt_len > 0' failed.
      ```
      caused by the following code
      ```lua
      box.cfg{auth_type='md5'}
      box.schema.user.password("")
      ```
      
      NO_CHANGELOG=fix an unreleased feature
      NO_DOC=fix an unreleased feature
      fbd187f8
    • Maksim Kaitmazian's avatar
      feat: make user name argument optional · 59ef15af
      Maksim Kaitmazian authored
      part of picodata/tarantool#21
      
      NO_CHANGELOG=refactoring
      NO_DOC=refactoring
      59ef15af
    • Дмитрий Кибирев's avatar
      fix: save old deb-packages · be6700b8
      Дмитрий Кибирев authored
      NO_DOC=ci change
      NO_TEST=ci change
      NO_CHANGELOG=ci change
      be6700b8
    • Arseniy Volynets's avatar
      fix(ci): compile error for centos/altlinux · 373b50a8
      Arseniy Volynets authored
      Previous commit caused CI `pack` job
      to fail on some linux distros. This
      commit fixes the warnings from compiler.
      
      NO_DOC=picodata internal patch
      NO_CHANGELOG=picodata internal patch
      NO_TEST=picodata internal patch
  5. Jul 17, 2023
    • Arseniy Volynets's avatar
      feat: add limit for max executed vdbe opcodes · 5dc94c95
      Arseniy Volynets authored
      - Add a configurable non-negative
      session parameter "sql_vdbe_max_steps"
      -- max number of opcodes that Vdbe
      is allowed to execute for sql query.
      
      - Default value can be specified in box.cfg.
      If not set via box.cfg, default value
      is 45000. Value 0 means that no
      checks for number of executed Vdbe
      opcodes will be made.
      
      - Add the third argument to box.execute
      function, that allows to specify options
      for query execution. The only option
      supported: sql_vdbe_max_steps. Usage
      example:
      
      ```
      box.execute([[select * from t]], {}, {{sql_vdbe_max_steps = 1000}})
      ```
      
      part of picodata/picodata/sbroad!461
      
      NO_DOC=picodata internal patch
      NO_CHANGELOG=picodata internal patch
  6. Jul 13, 2023
    • Maksim Kaitmazian's avatar
      feat: implement md5 authentication · c6f8a85c
      Maksim Kaitmazian authored
      It prevents password sniffing and avoids storing passwords on the
      server in plain text but provides no protection if an attacker
      manages to steal the password hash from the server.
      
      Usage example:
      ```lua
      -- Enable the md5 authentication method for all new users.
      box.cfg({auth_type = 'md5'})
      
      -- Reset existing user passwords to use the md5 authentication method.
      box.schema.user.passwd('alice', 'topsecret')
      
      -- Authenticate using the md5 authentication method via net.box.
      conn = require('net.box').connect(uri, {
          user = 'alice',
          password = 'topsecret',
          -- Specifying the authentication method isn't strictly necessary:
          -- by default the client will use the method set in the remote
      	-- server config (box.cfg.auth_type)
          auth_type = 'md5',
      })
      ```
      
      part of picodata/picodata/sbroad!377
      
      @TarantoolBot document
      Title: md5 authentication method
      
      See the commit message.
      c6f8a85c
    • Maksim Kaitmazian's avatar
      feat: add user name argument to `auth_method` api · 459f7ec5
      Maksim Kaitmazian authored
      User name is usually used as a salt for user password in order to
      avoid password repeating.
      For instance, postgres md5 authentication stores passwords as
      md5("password", "user"), so that the same passwords are represented by
      different hashes.
      
      part of picodata/picodata/sbroad!377
      
      @TarantoolBot document
      Title: Document updated `box.schema.user.password` declaration.
      
      Since auth methods can use user name for hashing, user name is
      added to argument list of `box.schema.user.password`.
      
      NO_TEST=there are no methods that use user name
      459f7ec5
    • godzie44's avatar
      fix: use-after-free in `cbus_endpoint_delete` · 554a3dae
      godzie44 authored
      Calling a `TRASH` macro after calling the `free`
      function dereferences the pointer to the already
      freed memory.
      
      NO_DOC=picodata internal patch
      NO_CHANGELOG=picodata internal patch
      NO_TEST=picodata internal patch
      554a3dae
  7. Jun 23, 2023
    • Gleb Kashkin's avatar
      console: fix :endswith() err in tntctl connection · ef7eee49
      Gleb Kashkin authored and Дмитрий Кольцов's avatar Дмитрий Кольцов committed
      There used to be a rare error when failed to connect via tarantoolctl to
      listening cartridge console. It was caused by unclear
      console.local_print() contract. Starting from gh-7031 fix, the function
      assumed string-only arguments, while in some cases cdata error was
      passed.
      
      Now console.local_print() prints all non-string arguments as is, without
      modifying potential local_eos.
      
      Closes #8374
      
      NO_DOC=bugfix
      NO_TEST=very hard to test
    • Denis Smirnov's avatar
      fix: tuple hash calculation tests · 94508594
      Denis Smirnov authored and Дмитрий Кольцов's avatar Дмитрий Кольцов committed
      Tuple hash calculation tests for the C API were incorrect. Thanks
      to the full pipeline with DEBUG build we detected the problem and
      fixed it.
      
      NO_DOC=picodata internal patch
      NO_CHANGELOG=picodata internal patch
      94508594
    • Denis Smirnov's avatar
      feat: expose tuple hash calculation method · c36f674a
      Denis Smirnov authored and Дмитрий Кольцов's avatar Дмитрий Кольцов committed
      Picodata supports cluster-wide SQL and needs some predictable
      method to calculate tuple hashes for the bucket ids. Method
      should be available for Lua, C and Rust users. It was decided
      to expose a murmur3 hash calculation method of the key_def module.
      
      NO_DOC=picodata internal patch
      NO_CHANGELOG=picodata internal patch
      c36f674a
    • godzie44's avatar
      cbus: introduce lcpipe - light cpipe · 5377a748
      godzie44 authored and Дмитрий Кольцов's avatar Дмитрий Кольцов committed
      Introduced a new type of cbus pipe - lcpipe. The current pipe in the
      cbus - cpipe, has a number of limitations, first of all - the cpipe
      cannot be used from the 3rd party threads, cpipe only works as a channel
      between two cords. That why lcpipe is needed. Its main responsibility -
      create channel between any thread and tarantool cord.
      
      Internally lcpipe is a cpipe, but:
      - on flush triggers removed, cause triggers use thread-local mem-pool,
      this is not possible on a third party thread
      - producer event loop removed, cause there is no libev event loop in
      third party thread
      
      Also, lcpipe interface is exported to the outside world.
      
      NO_DOC=core feature
      5377a748
    • Дмитрий Кольцов's avatar
      build(CMakeLists.txt): disable feedback daemon by default · d91783b6
      Дмитрий Кольцов authored
      NO_DOC=disable feedback
      NO_TEST=disable feedback
      d91783b6
    • Vladimir Davydov's avatar
      vinyl: don't make dir when index is created · 74775f4c
      Vladimir Davydov authored and Дмитрий Кольцов's avatar Дмитрий Кольцов committed
      The index directory is created on demand since commit c00ba8e7
      ("xlog: make log directory if needed") and removed when it becomes
      empty. There's no need to create it when an index is created anymore.
      
      Follow-up #8441
      
      NO_DOC=bugfix
      74775f4c
    • Denis Smirnov's avatar
      vinyl: remove root directory if there are no more runs · b3b69c62
      Denis Smirnov authored and Дмитрий Кольцов's avatar Дмитрий Кольцов committed
      When vinyl space is dropped, its files are left on the file system
      until GC removes them. At the moment GC removes only run files,
      but not the root directory. These empty directories are never
      removed and occupy 4KB on ext-family file systems each. In a case
      of many dropped vinyl spaces it can become a serious disk space
      and inode leak. Current commit makes gc always remove root directory
      if there are no runs in it.
      
      Closes #8441
      
      NO_DOC=bugfix
      b3b69c62
    • Дмитрий Кольцов's avatar
      fix(schema version): fix some types that were not updated to 64 bit · 587118de
      Дмитрий Кольцов authored
      NO_DOC=core feature
      NO_TEST=no Lua API
      NO_CHANGELOG=bugfix
      587118de
    • Дмитрий Кольцов's avatar
      feat(json): add option to encode decimals as string · 370fbae1
      Дмитрий Кольцов authored
      Due to inconsistency of Tarantool type casting while using strict
      data types as "double" or "unsigned" it is needed
      to use "number" data type in a whole bunch of cases.
      However "number" may contain "decimal" that will be serialized into
      string by JSON builtin module.
      
      This commit adds "encode_decimal_as_number" parameter to json.cfg{}.
      That forces to encode `decimal` as JSON number to force type
      consistency in JSON output.
      Use with catious - most of JSON parsers assume that number is restricted
      to float64.
      
      NO_DOC=we do not host doc
      370fbae1
    • Denis Smirnov's avatar
      sql: fix string dequoting · bf2fdb85
      Denis Smirnov authored and Дмитрий Кольцов's avatar Дмитрий Кольцов committed
      
      Previously,
      
      select "t1"."a" from (select "a" from "t") as "t1";
      
      returned a result column name `t1` instead of `t1.a` because of
      incorrect work of a dequoting function. The reason was that
      previously sqlDequote() function finished its work when found the
      first closing quote.
      
      Old logic worked for simple selects where the column name doesn't
      contain an explicit scan name ("a" -> a).
      But for the sub-queries results sqlDequote() finished its work right
      after the scan name ("t1"."a" -> t1). Now the function continues its
      deqouting till it gets the null terminator at the end of the string.
      
      Closes #7063
      
      NO_DOC=don't change any public API, only a bug fix
      
      Co-authored-by: default avatarMergen Imeev <imeevma@gmail.com>
      bf2fdb85
    • Denis Smirnov's avatar
      sql: recompile expired prepared statements · 6295a3a0
      Denis Smirnov authored and Дмитрий Кольцов's avatar Дмитрий Кольцов committed
      Actually there is no reason to throw an error and make a user
      manually recreate prepared statement when it expires. A much more
      user friendly way is to recreate it under hood when statement's
      schema version differs from the box one.
      
      NO_DOC=refactoring
      NO_TEST=refactoring
      NO_CHANGELOG=refactoring
      6295a3a0
    • Denis Smirnov's avatar
      fix: default result parameter type · e98afa48
      Denis Smirnov authored and Дмитрий Кольцов's avatar Дмитрий Кольцов committed
      Problem description.
      
      When we prepare a statement with parameters in the result columns
      (for example box.prepare('select ?')) Tarantool has no information
      about the type of the output column and set it to default boolean.
      Then, on the execution phase, the type would be recalculated during
      the parameter binding.
      
      Tarantool expects that there is no way for parameter to appear in the
      result tuple other than exactly be mentioned in the final projection.
      But it is incorrect - we can easily propagate parameter from the inner
      part of the join. For example
      
      box.prepare([[select COLUMN_1 from t1 join (values (?)) as t2 on true]])
      
      In this case column COLUMN_1 in the final projection is not a
      parameter, but a "reference" to it and its type depends on the
      parameter from the inner part of the join. But as Tarantool
      recalculates only binded parameters in the result projection,
      it doesn't change the default boolean metadata type of the COLUMN_1
      and the query fails on comparison with the actual type of the tuple.
      
      Solution.
      As we don't want to patch Vdbe to make COLUMN_1 refer inner parameter,
      it was decided to make a simple workaround: change the default
      column type from BOOLEAN to ANY for parameters. It fixes the
      comparison with the actual tuple type (we do not fail), but in some
      cases get ANY column in the results where we would like to have
      explicitly defined type. Also NULL parameters would also have ANY
      type, though Tarantool prefers to have BOOLEAN in this case.
      
      Closes https://github.com/tarantool/tarantool/issues/7283
      
      NO_DOC=bug fix
      e98afa48
    • godzie44's avatar
      sql: add sql_execute_prepared_ext function, same as sql_execute_prepared but... · 3155b329
      godzie44 authored and Дмитрий Кольцов's avatar Дмитрий Кольцов committed
      sql: add sql_execute_prepared_ext function, same as sql_execute_prepared but without `region` parameter
      closes #2
      
      NO_DOC=minor
      NO_TEST=minor
      3155b329
    • godzie44's avatar
      compatibility with tarantool-module: · 633c443b
      godzie44 authored and Дмитрий Кольцов's avatar Дмитрий Кольцов committed
      - add box_tuple_data_offset function (return offset of the messagePack encoded data from the beginning of the tuple)
      - add more export functions
      
      closes #1
      
      NO_DOC=build
      NO_TEST=build
      633c443b
    • Alexey Protsenko's avatar
      build(gitlab): setup all CI · fd0dc7bd
      Alexey Protsenko authored and Дмитрий Кольцов's avatar Дмитрий Кольцов committed
      Add to .gitlab.ci.yml test_linux, test_debian_docker_luacheck, coverage
      from .travis.mk. Also sign package on build
      Add checkpatch linter.
      Add docker image build. Image copies original tarantool/tarantool from
      Dockerhub
      
      NO_DOC=ci change
      NO_TEST=ci change
      NO_CHANGELOG=ci change
      fd0dc7bd
  8. May 24, 2023
  9. Mar 07, 2023
  10. Mar 06, 2023
    • Oleg Jukovec's avatar
      httpc: check region_join result · 7a86f262
      Oleg Jukovec authored
      This patch addresses coverity complain 1535241.
      
      Follow-up #8047
      
      NO_TEST=nit
      NO_CHANGELOG=nit
      NO_DOC=nit
      
      (cherry picked from commit 089cbfa9)
      7a86f262
    • Vladimir Davydov's avatar
      box: check iterator position against search criteria · 54c50e53
      Vladimir Davydov authored
      If the 'after' key is less than the search key in case of ge/gt or
      greater than the search key in case of le/lt, the iterator either
      crashes (vinyl) or returns invalid result (memtx). This happens because
      the engine implementation doesn't expect an invalid 'after' key.
      Let's fix this by raising an error at the top level in case the 'after'
      key doesn't meet the search criteria.
      
      Closes #8403
      Closes #8404
      
      NO_DOC=bug fix
      NO_CHANGELOG=unreleased
      
      (cherry picked from commit c561202d)
      54c50e53
    • Vladimir Davydov's avatar
      box: raise ER_ITERATOR_POSITION on any kind of invalid position · 000e5e8f
      Vladimir Davydov authored
      Currently, if the position isn't compatible with the index, we raise
      an error like "Invalid key part count ...". From this error it's
      difficult to figure out whether it's for the given iterator position of
      for the search key. Let's always raise ER_ITERATOR_POSITION in this
      case. Later on we'll use stacked diag to add extra error info.
      
      Needed for #8403
      Needed for #8404
      
      NO_DOC=bug fix
      NO_CHANGELOG=unreleased
      
      (cherry picked from commit 81d43c17)
      000e5e8f
    • Vladimir Davydov's avatar
      key_def: make key_compare take keys without header · 0cff8847
      Vladimir Davydov authored
      We need to compare a tuple position with a search key in select() and
      pairs() to make sure the tuple position meets the search criteria. The
      problem is that we strip the MessagePack header from the position while
      key_compare() takes keys with headers. Let's make key_compare take keys
      without headers like the rest of comparator functions. Since in Vinyl we
      often need to compare keys with headers, we also add vy_key_compare()
      helper function.
      
      Needed for #8403
      Needed for #8404
      
      NO_DOC=refactoring
      NO_TEST=refactoring
      NO_CHANGELOG=refactoring
      
      (cherry picked from commit 41b8a012)
      0cff8847
    • Yaroslav Lobankov's avatar
      ci: fix code block indentation in pack-and-deploy · 4ba7e0a1
      Yaroslav Lobankov authored
      NO_DOC=ci
      NO_TEST=ci
      NO_CHANGELOG=ci
      
      (cherry picked from commit dcf1f1ec)
      4ba7e0a1
Loading