From 1d6987e3f31d401f8a27ab8747d249ee40518710 Mon Sep 17 00:00:00 2001 From: Shamis Shukoor Date: Fri, 2 Aug 2019 17:56:49 +0200 Subject: [PATCH 1/5] asynchronising imem_server calls #276 --- src/imem_seco.erl | 18 ++++++++++++++++-- src/imem_server.erl | 28 +++++++++++++++++++++------- 2 files changed, 37 insertions(+), 9 deletions(-) diff --git a/src/imem_seco.erl b/src/imem_seco.erl index e8de054..005f50e 100755 --- a/src/imem_seco.erl +++ b/src/imem_seco.erl @@ -359,6 +359,14 @@ seco_existing(SKey) -> case if_read(ddSeCo@, SKey) of [#ddSeCo{pid=Pid} = SeCo] when Pid == self() -> SeCo; + [#ddSeCo{pid=Pid} = SeCo] -> + {links, Links} = erlang:process_info(self(), links), + case lists:member(Pid, Links) of + true -> + SeCo; + false -> + ?SecurityViolation({"Not logged in", SKey}) + end; [] -> ?SecurityException({"Not logged in", SKey}) end. @@ -379,8 +387,14 @@ seco_authorized(SKey) -> case if_read(ddSeCo@, SKey) of [#ddSeCo{pid=Pid, authState=authorized} = SeCo] when Pid == self() -> SeCo; - [#ddSeCo{}] -> - ?SecurityViolation({"Not logged in", SKey}); + [#ddSeCo{pid=Pid, authState=authorized} = SeCo] -> + {links, Links} = erlang:process_info(self(), links), + case lists:member(Pid, Links) of + true -> + SeCo; + false -> + ?SecurityViolation({"Not logged in", SKey}) + end; [] -> ?SecurityException({"Not logged in", SKey}) end. diff --git a/src/imem_server.erl b/src/imem_server.erl index 1326a97..56eeb2b 100755 --- a/src/imem_server.erl +++ b/src/imem_server.erl @@ -165,18 +165,32 @@ mfa({Ref, Mod, which_applications, Args}, Transport) when Mod =:= imem_sec; mfa({_Ref, imem_sec, echo, [_, Term]}, Transport) -> send_resp({server_echo, Term}, Transport), ok; +mfa({Ref, imem_sec = Mod, Fun, Args}, Transport) when Fun =:= login; + Fun =:= auth_start; + Fun =:= schema; + Fun =:= logout; + Fun =:= auth_add_cred -> + mfa(Ref, Mod, Fun, Args, Transport); mfa({Ref, Mod, Fun, Args}, Transport) -> + % mfa(Ref, Mod, Fun, Args); + spawn_link(fun() -> + mfa(Ref, Mod, Fun, Args, Transport) + end), + ok. % 'ok' returned for erlimem compatibility + +mfa(Ref, Mod, Fun, Args, Transport) -> NewArgs = args(Ref,Fun,Args,Transport), - ApplyRes = try - ?TLog("~p MFA -> R ~n ~p:~p(~p)~n", [Transport,Mod,Fun,NewArgs]), - apply(Mod,Fun,NewArgs) - catch - _Class:Reason -> {error, {Reason, erlang:get_stacktrace()}} - end, + ApplyRes = + try + ?TLog("~p MFA -> R ~n ~p:~p(~p)~n", [Transport,Mod,Fun,NewArgs]), + apply(Mod,Fun,NewArgs) + catch + _Class:Reason -> {error, {Reason, erlang:get_stacktrace()}} + end, ?TLog("~p MFA -> R ~n ~p:~p(~p) -> ~p~n", [Transport,Mod,Fun,NewArgs,ApplyRes]), ?TLog("~p MF -> R ~n ~p:~p -> ~p~n", [Transport,Mod,Fun,ApplyRes]), send_resp(ApplyRes, Transport), - ok. % 'ok' returned for erlimem compatibility + ok. args(R, fetch_recs_async, A, {_,_,R} = T) -> Args = lists:sublist(A, length(A)-1) ++ [T], From e68b409f244177366aa420d070a62d27d756c7d7 Mon Sep 17 00:00:00 2001 From: Shamis Shukoor Date: Mon, 5 Aug 2019 16:30:46 +0200 Subject: [PATCH 2/5] asynchronous calls over erlimem #276 --- src/imem_sec.erl | 10 ++++++++-- src/imem_seco.erl | 8 ++++++++ src/imem_server.erl | 3 +-- src/imem_statement.erl | 5 +++-- 4 files changed, 20 insertions(+), 6 deletions(-) diff --git a/src/imem_sec.erl b/src/imem_sec.erl index 17a7fc9..20ac3f7 100755 --- a/src/imem_sec.erl +++ b/src/imem_sec.erl @@ -923,8 +923,14 @@ seco_authorized(SKey) -> case imem_meta:read(ddSeCo@, SKey) of [#ddSeCo{pid=Pid, authState=authorized} = SeCo] when Pid == self() -> SeCo; - [#ddSeCo{pid=Pid}] -> - ?SecurityViolation({"Not logged in", {SKey,Pid}}); + [#ddSeCo{pid=Pid, authState=authorized} = SeCo] -> + {links, Links} = erlang:process_info(self(), links), + case lists:member(Pid, Links) of + true -> + SeCo; + false -> + ?SecurityViolation({"Not logged in", SKey}) + end; [] -> ?SecurityException({"Not logged in", SKey}) end. diff --git a/src/imem_seco.erl b/src/imem_seco.erl index 005f50e..6bdf3b0 100755 --- a/src/imem_seco.erl +++ b/src/imem_seco.erl @@ -59,6 +59,7 @@ , has_role/2 , has_permission/3 , has_permission/2 + , get_skey_pid/1 ]). -export([ have_role/2 @@ -296,6 +297,13 @@ if_has_child_permission([RootRoleId|OtherRoles], Permission) -> false -> if_has_child_permission(OtherRoles, Permission) end. +get_skey_pid(SKey) -> + case if_read(ddSeCo@, SKey) of + [#ddSeCo{pid=Pid}] -> + {ok, Pid}; + _ -> + not_found + end. %% --Implementation (exported helper functions) ---------------------------------------- diff --git a/src/imem_server.erl b/src/imem_server.erl index 56eeb2b..f010409 100755 --- a/src/imem_server.erl +++ b/src/imem_server.erl @@ -172,7 +172,6 @@ mfa({Ref, imem_sec = Mod, Fun, Args}, Transport) when Fun =:= login; Fun =:= auth_add_cred -> mfa(Ref, Mod, Fun, Args, Transport); mfa({Ref, Mod, Fun, Args}, Transport) -> - % mfa(Ref, Mod, Fun, Args); spawn_link(fun() -> mfa(Ref, Mod, Fun, Args, Transport) end), @@ -190,7 +189,7 @@ mfa(Ref, Mod, Fun, Args, Transport) -> ?TLog("~p MFA -> R ~n ~p:~p(~p) -> ~p~n", [Transport,Mod,Fun,NewArgs,ApplyRes]), ?TLog("~p MF -> R ~n ~p:~p -> ~p~n", [Transport,Mod,Fun,ApplyRes]), send_resp(ApplyRes, Transport), - ok. + ok. % 'ok' returned for erlimem compatibility args(R, fetch_recs_async, A, {_,_,R} = T) -> Args = lists:sublist(A, length(A)-1) ++ [T], diff --git a/src/imem_statement.erl b/src/imem_statement.erl index 8181863..4629eea 100755 --- a/src/imem_statement.erl +++ b/src/imem_statement.erl @@ -70,11 +70,12 @@ %% gen_server ----------------------------------------------------- create_stmt(Statement, SKey, IsSec) -> + {ok, SKeyPid} = imem_seco:get_skey_pid(SKey), case IsSec of false -> - gen_server:start(?MODULE, [Statement,self()], [{spawn_opt, [{fullsweep_after, 0}]}]); + gen_server:start(?MODULE, [Statement,SKeyPid], [{spawn_opt, [{fullsweep_after, 0}]}]); true -> - {ok, Pid} = gen_server:start(?MODULE, [Statement,self()], []), + {ok, Pid} = gen_server:start(?MODULE, [Statement,SKeyPid], []), NewSKey = imem_sec:clone_seco(SKey, Pid), ok = gen_server:call(Pid, {set_seco, NewSKey}), {ok, Pid} From da5cb306dc9b0d09a82877e93ecbe4a1a6ee8743 Mon Sep 17 00:00:00 2001 From: Shamis Shukoor Date: Mon, 5 Aug 2019 16:35:45 +0200 Subject: [PATCH 3/5] is_pid_linked fun added to imem_seco #276 --- src/imem_seco.erl | 32 ++++++++++++++------------------ 1 file changed, 14 insertions(+), 18 deletions(-) diff --git a/src/imem_seco.erl b/src/imem_seco.erl index 6bdf3b0..ef8b567 100755 --- a/src/imem_seco.erl +++ b/src/imem_seco.erl @@ -362,19 +362,21 @@ seco_register(#ddSeCo{skey=SKey, pid=Pid}=SeCo, AuthState) when Pid == self() -> seco_unregister(#ddSeCo{skey=SKey, pid=Pid}) when Pid == self() -> catch if_delete(SKey, ddSeCo@, SKey). +is_pid_linked(SKey, #ddSeCo{pid=Pid} = SeCo) -> + {links, Links} = erlang:process_info(self(), links), + case lists:member(Pid, Links) of + true -> + SeCo; + false -> + ?SecurityViolation({"Not logged in", SKey}) + end. seco_existing(SKey) -> case if_read(ddSeCo@, SKey) of [#ddSeCo{pid=Pid} = SeCo] when Pid == self() -> SeCo; - [#ddSeCo{pid=Pid} = SeCo] -> - {links, Links} = erlang:process_info(self(), links), - case lists:member(Pid, Links) of - true -> - SeCo; - false -> - ?SecurityViolation({"Not logged in", SKey}) - end; + [#ddSeCo{} = SeCo] -> + is_pid_linked(SKey, SeCo); [] -> ?SecurityException({"Not logged in", SKey}) end. @@ -395,17 +397,11 @@ seco_authorized(SKey) -> case if_read(ddSeCo@, SKey) of [#ddSeCo{pid=Pid, authState=authorized} = SeCo] when Pid == self() -> SeCo; - [#ddSeCo{pid=Pid, authState=authorized} = SeCo] -> - {links, Links} = erlang:process_info(self(), links), - case lists:member(Pid, Links) of - true -> - SeCo; - false -> - ?SecurityViolation({"Not logged in", SKey}) - end; - [] -> + [#ddSeCo{authState=authorized} = SeCo] -> + is_pid_linked(SKey, SeCo); + [] -> ?SecurityException({"Not logged in", SKey}) - end. + end. seco_update(#ddSeCo{skey=SKey,pid=Pid}=SeCo, #ddSeCo{skey=SKey,pid=Pid}=SeCoNew) when Pid == self() -> case if_read(ddSeCo@, SKey) of From fa46149c6d5427b3c7e6dde2c880f52898e3527f Mon Sep 17 00:00:00 2001 From: Shamis Shukoor Date: Mon, 5 Aug 2019 16:51:58 +0200 Subject: [PATCH 4/5] imem_seco:seco_authorized/1 exported, used in imem_sec #276 --- src/imem_sec.erl | 17 ++--------------- src/imem_seco.erl | 1 + 2 files changed, 3 insertions(+), 15 deletions(-) diff --git a/src/imem_sec.erl b/src/imem_sec.erl index 20ac3f7..b040379 100755 --- a/src/imem_sec.erl +++ b/src/imem_sec.erl @@ -919,21 +919,8 @@ have_module_permission(SKey, Module, Operation) -> %% ------- local private security extension for sql and tables (do not export!!) ------------ -seco_authorized(SKey) -> - case imem_meta:read(ddSeCo@, SKey) of - [#ddSeCo{pid=Pid, authState=authorized} = SeCo] when Pid == self() -> - SeCo; - [#ddSeCo{pid=Pid, authState=authorized} = SeCo] -> - {links, Links} = erlang:process_info(self(), links), - case lists:member(Pid, Links) of - true -> - SeCo; - false -> - ?SecurityViolation({"Not logged in", SKey}) - end; - [] -> - ?SecurityException({"Not logged in", SKey}) - end. +seco_authorized(SKey) -> + imem_seco:seco_authorized(SKey). % have_table_ownership(SKey, {Schema,Table,_Alias}) -> % have_table_ownership(SKey, {Schema,Table}); diff --git a/src/imem_seco.erl b/src/imem_seco.erl index ef8b567..aebf41f 100755 --- a/src/imem_seco.erl +++ b/src/imem_seco.erl @@ -60,6 +60,7 @@ , has_permission/3 , has_permission/2 , get_skey_pid/1 + , seco_authorized/1 ]). -export([ have_role/2 From c0fdad8410c285d6d77b1047d011af5788eeb6ff Mon Sep 17 00:00:00 2001 From: Shamis Shukoor Date: Mon, 5 Aug 2019 17:16:31 +0200 Subject: [PATCH 5/5] seco_authorized not exported #276 --- src/imem_sec.erl | 15 ++++++++++++++- src/imem_seco.erl | 9 ++------- 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/src/imem_sec.erl b/src/imem_sec.erl index b040379..5d4abbb 100755 --- a/src/imem_sec.erl +++ b/src/imem_sec.erl @@ -920,7 +920,20 @@ have_module_permission(SKey, Module, Operation) -> %% ------- local private security extension for sql and tables (do not export!!) ------------ seco_authorized(SKey) -> - imem_seco:seco_authorized(SKey). + case imem_meta:read(ddSeCo@, SKey) of + [#ddSeCo{pid=Pid, authState=authorized} = SeCo] when Pid == self() -> + SeCo; + [#ddSeCo{pid=Pid, authState=authorized} = SeCo] -> + {links, Links} = erlang:process_info(self(), links), + case lists:member(Pid, Links) of + true -> + SeCo; + false -> + ?SecurityViolation({"Not logged in", SKey}) + end; + [] -> + ?SecurityException({"Not logged in", SKey}) + end. % have_table_ownership(SKey, {Schema,Table,_Alias}) -> % have_table_ownership(SKey, {Schema,Table}); diff --git a/src/imem_seco.erl b/src/imem_seco.erl index aebf41f..f4206c1 100755 --- a/src/imem_seco.erl +++ b/src/imem_seco.erl @@ -60,7 +60,6 @@ , has_permission/3 , has_permission/2 , get_skey_pid/1 - , seco_authorized/1 ]). -export([ have_role/2 @@ -299,12 +298,8 @@ if_has_child_permission([RootRoleId|OtherRoles], Permission) -> end. get_skey_pid(SKey) -> - case if_read(ddSeCo@, SKey) of - [#ddSeCo{pid=Pid}] -> - {ok, Pid}; - _ -> - not_found - end. + #ddSeCo{pid=Pid} = seco_authorized(SKey), + {ok, Pid}. %% --Implementation (exported helper functions) ----------------------------------------