* modular database backends
@ 2001-05-27 11:32 Peter Novodvorsky
2001-05-28 2:43 ` Yngve Svendsen
` (2 more replies)
0 siblings, 3 replies; 22+ messages in thread
From: Peter Novodvorsky @ 2001-05-27 11:32 UTC (permalink / raw)
To: gnats-devel
Hello!
I always thought about BTS as database and tools to work with
it. And these things are different. In gnats I see opposite thing: database,
tools and servers share one source and tools sometimes do too much.
So I've began work on making database backends to gnats modular.
Just now, gnats has two "backends", network (gnatsd) and filsystem. If
we make system of backends modular we could have SQL backend, etc., etc.
Second thing I don't like in GNATS, it doesn't has ACLs. This
modular framework should support them. Here is the header file that
will briefly describe what I mean:
struct _gnats_database {
URI *U;
FILE *serv_read;
FILE *serv_write;
void *module_handle;
int (* init) (ErrorDesc *err, gnats_database);
int (* add_pr) (ErrorDesc *err, gnats_database, PR);
int (* update_pr) (ErrorDesc *err, gnats_database, PR);
int (* query_pr) (ErrorDesc *err, gnats_database, QueryExpr);
int (* disconnect) (ErrorDesc *err, gnats_database);
};
typedef struct _gnats_database *gnats_database;
gnats_database gnats_new_database (ErrorDesc *err, URI *U);
int gnats_destroy_database (gnats_database db);
module_handle is object handle that is returned by dlopen.
URI is:
struct _URI
{
char *scheme;
char *host;
char *user;
char *pwd;
char *path;
unsigned int port;
};
typedef struct _URI URI;
And there is a function
URI *gnats_parse_uri (const char *gnats_uri, int length);
that takes URI (for example
gnatsd4x://nidd:pwd@nidd.debian.net:1529/database_name) and converts
it in such structure (gnatsd4x is 4.0 gnatsd protocol).
I'm currently implementing gnatsd4x backend. After this I'll
make query-pr, pr-edit, gnatsd and other tools to work with this model.
And then I'll begin to make SQL backend.
If everything will be OK in the end following will be possible:
user -> client -> gnatsd -> SQL server (MySQL, Postgres)
What do you think of this crazy idea?
Thanks,
--
Peter Novodvorsky http://www.altlinux.ru/ AltLinux Team, Russia
Debian.Org http://debian.org/~nidd
Debian --- no need to wait for tomorrow.
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: modular database backends
2001-05-27 11:32 modular database backends Peter Novodvorsky
@ 2001-05-28 2:43 ` Yngve Svendsen
2001-05-28 4:34 ` Peter Novodvorsky
2001-06-04 21:53 ` Margaret BRIERTON
2001-05-28 14:37 ` modular database backends Milan Zamazal
2001-06-11 11:53 ` access control (was Re: modular database backends) Milan Zamazal
2 siblings, 2 replies; 22+ messages in thread
From: Yngve Svendsen @ 2001-05-28 2:43 UTC (permalink / raw)
To: Peter Novodvorsky, gnats-devel
At 22:18 27.05.2001 +0400, Peter Novodvorsky wrote:
> I'm currently implementing gnatsd4x backend. After this I'll
>make query-pr, pr-edit, gnatsd and other tools to work with this model.
>And then I'll begin to make SQL backend.
>
> If everything will be OK in the end following will be possible:
>
> user -> client -> gnatsd -> SQL server (MySQL, Postgres)
>
> What do you think of this crazy idea?
I really support this wholeheartedly, and I know that a lot of people would
welcome this feature very much.
Yngve Svendsen
IS Engineer
Clustra AS, Trondheim, Norway
yngve.svendsen@clustra.com
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: modular database backends
2001-05-28 2:43 ` Yngve Svendsen
@ 2001-05-28 4:34 ` Peter Novodvorsky
2001-06-04 21:53 ` Margaret BRIERTON
1 sibling, 0 replies; 22+ messages in thread
From: Peter Novodvorsky @ 2001-05-28 4:34 UTC (permalink / raw)
To: Yngve Svendsen; +Cc: gnats-devel
Yngve Svendsen <yngve.svendsen@clustra.com> writes:
> At 22:18 27.05.2001 +0400, Peter Novodvorsky wrote:
> > I'm currently implementing gnatsd4x backend. After this I'll
> >make query-pr, pr-edit, gnatsd and other tools to work with this model.
> >And then I'll begin to make SQL backend.
> >
> > If everything will be OK in the end following will be possible:
> >
> > user -> client -> gnatsd -> SQL server (MySQL, Postgres)
> >
> > What do you think of this crazy idea?
>
> I really support this wholeheartedly, and I know that a lot of people
> would welcome this feature very much.
I'm not professional programmer and I would like to discuss implementation
of this feature with maintainer. In fact this feature requires quite a
lot of hacking, and it can happen that Milan won't like it.
Thanks,
--
Peter Novodvorsky http://www.altlinux.ru/ AltLinux Team, Russia
Debian.Org http://debian.org/~nidd
Debian --- no need to wait for tomorrow.
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: modular database backends
2001-05-28 2:43 ` Yngve Svendsen
2001-05-28 4:34 ` Peter Novodvorsky
@ 2001-06-04 21:53 ` Margaret BRIERTON
2001-06-05 1:35 ` GNATS discussion group Yngve Svendsen
1 sibling, 1 reply; 22+ messages in thread
From: Margaret BRIERTON @ 2001-06-04 21:53 UTC (permalink / raw)
To: gnats-devel
Hi
Can anyone tell me if there is a GNATS discussion group. I'm having a few
problems getting it up and running on my machine and would really appreciate a
bit of input into where i'm going wrong.
Does anyone know if such a group exists?
Cheers
Margaret
^ permalink raw reply [flat|nested] 22+ messages in thread
* GNATS discussion group
2001-06-04 21:53 ` Margaret BRIERTON
@ 2001-06-05 1:35 ` Yngve Svendsen
2001-06-05 19:56 ` Margaret BRIERTON
0 siblings, 1 reply; 22+ messages in thread
From: Yngve Svendsen @ 2001-06-05 1:35 UTC (permalink / raw)
To: Margaret BRIERTON, gnats-devel
At 14:49 05.06.01 +1000, Margaret BRIERTON wrote:
>Hi
>
>Can anyone tell me if there is a GNATS discussion group. I'm having a few
>problems getting it up and running on my machine and would really appreciate a
>bit of input into where i'm going wrong.
>
>Does anyone know if such a group exists?
We don't have a dedicated "GNATS user" mailing list, but ask you questions
here, and a lot of knowledegeable people should be able to reply.
Yngve Svendsen
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: GNATS discussion group
2001-06-05 1:35 ` GNATS discussion group Yngve Svendsen
@ 2001-06-05 19:56 ` Margaret BRIERTON
2001-06-06 4:54 ` Yngve Svendsen
0 siblings, 1 reply; 22+ messages in thread
From: Margaret BRIERTON @ 2001-06-05 19:56 UTC (permalink / raw)
To: Yngve Svendsen; +Cc: gnats-devel
Ok.....
So far i'm able to run "send-pr", create a problem report and send it. This works
fine. I'm also able to read the mail using "sendmail".
My problem is that i there are no entries being created in the database. I query
the dbase and i get no matching results found, when i know that i've just send a
pr that matches that criteria.
I've attached my config and /etc/aliases file.
Can someone please offer me some help.
Thank you
Margaret
gnats- is a user who i've set up on my machine...like the doco says
margaret-is my account on my machine.
the software is stored on my local machine which is called bilbo.
Yngve Svendsen wrote:
> At 14:49 05.06.01 +1000, Margaret BRIERTON wrote:
> >Hi
> >
> >Can anyone tell me if there is a GNATS discussion group. I'm having a few
> >problems getting it up and running on my machine and would really appreciate a
> >bit of input into where i'm going wrong.
> >
> >Does anyone know if such a group exists?
>
> We don't have a dedicated "GNATS user" mailing list, but ask you questions
> here, and a lot of knowledegeable people should be able to reply.
>
> Yngve Svendsen
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: GNATS discussion group
2001-06-05 19:56 ` Margaret BRIERTON
@ 2001-06-06 4:54 ` Yngve Svendsen
2001-06-07 17:04 ` Margaret BRIERTON
0 siblings, 1 reply; 22+ messages in thread
From: Yngve Svendsen @ 2001-06-06 4:54 UTC (permalink / raw)
To: Margaret BRIERTON; +Cc: gnats-devel
At 12:51 06.06.01 +1000, Margaret BRIERTON wrote:
>Ok.....
>
>So far i'm able to run "send-pr", create a problem report and send
>it. This works
>fine. I'm also able to read the mail using "sendmail".
>
>My problem is that i there are no entries being created in the
>database. I query
>the dbase and i get no matching results found, when i know that i've just
>send a
>pr that matches that criteria.
>
>I've attached my config and /etc/aliases file.
>
>Can someone please offer me some help.
It sounds as if you haven't set up the periodic cron job that is supposed
to pick up submitted PRs from the gnats-queue directory and file them into
the database.
Have a look of item 5 under
http://sources.redhat.com/gnats/3_113_manual/gnats_4.html#SEC57
Yngve Svendsen
Gnatsweb maintainer
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: GNATS discussion group
2001-06-06 4:54 ` Yngve Svendsen
@ 2001-06-07 17:04 ` Margaret BRIERTON
2001-06-07 18:15 ` Database Margaret BRIERTON
0 siblings, 1 reply; 22+ messages in thread
From: Margaret BRIERTON @ 2001-06-07 17:04 UTC (permalink / raw)
To: Yngve Svendsen; +Cc: gnats-devel
cheers for that.........
my problem lay in the fact that i didn't run the command "newaliases" when i
changed my aliases file.
All seems ok now though.
Thanks.
Yngve Svendsen wrote:
> At 12:51 06.06.01 +1000, Margaret BRIERTON wrote:
> >Ok.....
> >
> >So far i'm able to run "send-pr", create a problem report and send
> >it. This works
> >fine. I'm also able to read the mail using "sendmail".
> >
> >My problem is that i there are no entries being created in the
> >database. I query
> >the dbase and i get no matching results found, when i know that i've just
> >send a
> >pr that matches that criteria.
> >
> >I've attached my config and /etc/aliases file.
> >
> >Can someone please offer me some help.
>
> It sounds as if you haven't set up the periodic cron job that is supposed
> to pick up submitted PRs from the gnats-queue directory and file them into
> the database.
>
> Have a look of item 5 under
> http://sources.redhat.com/gnats/3_113_manual/gnats_4.html#SEC57
>
> Yngve Svendsen
> Gnatsweb maintainer
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: modular database backends
2001-05-27 11:32 modular database backends Peter Novodvorsky
2001-05-28 2:43 ` Yngve Svendsen
@ 2001-05-28 14:37 ` Milan Zamazal
2001-05-29 12:43 ` Peter Novodvorsky
2001-06-11 11:53 ` access control (was Re: modular database backends) Milan Zamazal
2 siblings, 1 reply; 22+ messages in thread
From: Milan Zamazal @ 2001-05-28 14:37 UTC (permalink / raw)
To: Peter Novodvorsky; +Cc: gnats-devel
>>>>> "PN" == Peter Novodvorsky <nidd@altlinux.ru> writes:
PN> So I've began work on making database backends to gnats
PN> modular. Just now, gnats has two "backends", network (gnatsd)
PN> and filsystem. If we make system of backends modular we could
PN> have SQL backend, etc., etc.
Yes, this is a wanted feature.
PN> Second thing I don't like in GNATS, it doesn't has
PN> ACLs. This modular framework should support them. Here is the
PN> header file that will briefly describe what I mean:
I'm afraid I couldn't understand what kind of ACLs you would like to
have. Could you elaborate?
PN> If everything will be OK in the end following will be
PN> possible:
PN> user -> client -> gnatsd -> SQL server (MySQL,
PN> Postgres)
PN> What do you think of this crazy idea?
I can't see anything crazy in it. :-) Actually I was already asked by my
friend about the possibility of using LDAP as the PR storage.
However, no new features will get into GNATS 4.0. I think the backend
architecture and the MIME handling could be the main feature candidates
for the first non-bug-fix release after 4.0. Of course, we can start
discussing the API and architecture now and you can also work on a
preliminary implementation in the meantime, just don't expect it to have
it in 4.0.
PN> I'm not professional programmer and I would like to discuss
PN> implementation of this feature with maintainer.
OK.
BTW, please note I'll be soon out of Internet for about a week or two.
Regards,
Milan Zamazal
--
Omigod, it's a flame war about a flame war. You know, a meta-flame war!
Kenny Tilton in comp.lang.lisp
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: modular database backends
2001-05-28 14:37 ` modular database backends Milan Zamazal
@ 2001-05-29 12:43 ` Peter Novodvorsky
2001-06-11 11:53 ` Milan Zamazal
0 siblings, 1 reply; 22+ messages in thread
From: Peter Novodvorsky @ 2001-05-29 12:43 UTC (permalink / raw)
To: Milan Zamazal; +Cc: gnats-devel
Milan Zamazal <pdm@zamazal.org> writes:
> >>>>> "PN" == Peter Novodvorsky <nidd@altlinux.ru> writes:
>
> PN> Second thing I don't like in GNATS, it doesn't has
> PN> ACLs. This modular framework should support them. Here is the
> PN> header file that will briefly describe what I mean:
>
> I'm afraid I couldn't understand what kind of ACLs you would like to
> have. Could you elaborate?
1). i don't like that client can pass without authentication phase.
If he want to login as anonymous, he has to do it. IE,
USER anonymous nidd@altlinux.ru
2). I don't like that check of user/password is made by gnatsd and not
by "database driver". I mean that function that authentificates user
isn't called by init_gnats that actually connects to database, but after
it. Access control is done by gnatsd, and not by database driver.
3). There is no access control for query-pr, send-pr and edit-pr. This
is close to the subject of 2)., because authentification is made on
the side of client, not on the side of database.
Advanced topics.
4). I want that some bugs can be edited only by group of developers.
It can't be done in current version.
Is it enough? ;-)
> However, no new features will get into GNATS 4.0. I think the backend
> architecture and the MIME handling could be the main feature candidates
> for the first non-bug-fix release after 4.0. Of course, we can start
> discussing the API and architecture now and you can also work on a
> preliminary implementation in the meantime, just don't expect it to have
> it in 4.0.
May be you could make a CVS branch for 4.99?
> BTW, please note I'll be soon out of Internet for about a week or two.
Heh, that's bad because I wanted to begin making implementation very
actively. Do you have thoughts on the subject? I'm writing
``specification'' of some kind. Maybe it will give the subject for
discussion.
Regards,
--
Peter Novodvorsky http://www.altlinux.ru/ AltLinux Team, Russia
Debian.Org http://debian.org/~nidd
Debian --- no need to wait for tomorrow.
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: modular database backends
2001-05-29 12:43 ` Peter Novodvorsky
@ 2001-06-11 11:53 ` Milan Zamazal
2001-06-13 10:31 ` Peter Novodvorsky
0 siblings, 1 reply; 22+ messages in thread
From: Milan Zamazal @ 2001-06-11 11:53 UTC (permalink / raw)
To: Peter Novodvorsky; +Cc: gnats-devel
>>>>> "PN" == Peter Novodvorsky <nidd@altlinux.ru> writes:
PN> May be you could make a CVS branch for 4.99?
Not yet. That would require a lot of duplicate commits in the bug
fixing and cleanup phase.
PN> Heh, that's bad because I wanted to begin making implementation
PN> very actively. Do you have thoughts on the subject? I'm writing
PN> ``specification'' of some kind. Maybe it will give the subject
PN> for discussion.
Well, the first ideas are:
- A function for deleting a PR should be added. This is only seldom
used, but it's sometimes useful and can also be used e.g. by
maintenance tools.
- Maybe it's not *necessary* to force backends to implement full query
handling. We probably can agree on that writing new backends should
be as simple as possible. I can imagine that your `query_pr' function
could be only optional and there could be available simpler versions
of query functions that can get a list of all problem IDs, a
particular PR and maybe also optionally some index (similar to the
current one).
Regards,
Milan Zamazal
--
_/_\_/_ o _\_/_\_ o _/_\_/_ o _\_/_\_ o BEWARE!
-<_|_|_|_><-- -<_|_|_|_><-- -<_|_|_|_><-- -<_|_|_|_><-- *Bugs* are
/ \ / o \ / \ o / \ / o \ / \ o approaching!
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: modular database backends
2001-06-11 11:53 ` Milan Zamazal
@ 2001-06-13 10:31 ` Peter Novodvorsky
2001-06-17 12:26 ` Milan Zamazal
0 siblings, 1 reply; 22+ messages in thread
From: Peter Novodvorsky @ 2001-06-13 10:31 UTC (permalink / raw)
To: Milan Zamazal; +Cc: gnats-devel
Milan Zamazal wrote:
> PN> May be you could make a CVS branch for 4.99?
>
> Not yet. That would require a lot of duplicate commits in the bug
> fixing and cleanup phase.
>
> PN> Heh, that's bad because I wanted to begin making implementation
> PN> very actively. Do you have thoughts on the subject? I'm writing
> PN> ``specification'' of some kind. Maybe it will give the subject
> PN> for discussion.
>
> Well, the first ideas are:
>
> - A function for deleting a PR should be added. This is only seldom
> used, but it's sometimes useful and can also be used e.g. by
> maintenance tools.
Yeah, this is reasonable.
>
>
> - Maybe it's not *necessary* to force backends to implement full query
> handling. We probably can agree on that writing new backends should
> be as simple as possible. I can imagine that your `query_pr' function
> could be only optional and there could be available simpler versions
> of query functions that can get a list of all problem IDs, a
> particular PR and maybe also optionally some index (similar to the
> current one).
We can implement simplier functions in library that will open this
module. And
these functions will use query_pr as more low level function. Any
objections?
Nidd.
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: modular database backends
2001-06-13 10:31 ` Peter Novodvorsky
@ 2001-06-17 12:26 ` Milan Zamazal
0 siblings, 0 replies; 22+ messages in thread
From: Milan Zamazal @ 2001-06-17 12:26 UTC (permalink / raw)
To: Peter Novodvorsky; +Cc: gnats-devel
>>>>> "PN" == Peter Novodvorsky <nidd@altlinux.ru> writes:
PN> Milan Zamazal wrote:
>> - Maybe it's not *necessary* to force backends to implement full
>> query handling. We probably can agree on that writing new
>> backends should be as simple as possible. I can imagine that
>> your `query_pr' function could be only optional and there could
>> be available simpler versions of query functions that can get a
>> list of all problem IDs, a particular PR and maybe also
>> optionally some index (similar to the current one).
PN> We can implement simplier functions in library that will open
PN> this module. And these functions will use query_pr as more low
PN> level function. Any objections?
I'm not sure we understand each other. To clarify the things: For
instance, we could make a backend library that defines three functions
query_pr, get_list_of_pr_ids, get_pr. query_pr is implemented in the
library using the other two functions and those are implemented using
query_pr. Every backend must provide its own implementation of either
query_pr or get_list_of_pr_ids and get_pr, the other functions may (but
needn't) be implemented using the library.
So a backend powered by a sophisticated query engine (e.g. SQL) can
implement the complex query_pr function itself and needn't bother to
implement the simpler functions get_*. On the other hand, a file system
backend would implement the get_* functions and use the library function
for query_pr.
OK?
Milan Zamazal
--
And why?
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: access control (was Re: modular database backends)
2001-05-27 11:32 modular database backends Peter Novodvorsky
2001-05-28 2:43 ` Yngve Svendsen
2001-05-28 14:37 ` modular database backends Milan Zamazal
@ 2001-06-11 11:53 ` Milan Zamazal
2001-06-13 5:20 ` access control Hans-Albert Schneider
2001-06-13 10:44 ` access control (was Re: modular database backends) Peter Novodvorsky
2 siblings, 2 replies; 22+ messages in thread
From: Milan Zamazal @ 2001-06-11 11:53 UTC (permalink / raw)
To: Peter Novodvorsky; +Cc: gnats-devel
>>>>> "PN" == Peter Novodvorsky <nidd@altlinux.ru> writes:
PN> 1). i don't like that client can pass without authentication
PN> phase. If he want to login as anonymous, he has to do it. IE,
PN> USER anonymous nidd@altlinux.ru
Hm, are there any *real* benefits of this except it's annoying during
debugging? :-)
PN> 2). I don't like that check of user/password is made by gnatsd
PN> and not by "database driver". I mean that function that
PN> authentificates user isn't called by init_gnats that actually
PN> connects to database, but after it. Access control is done by
PN> gnatsd, and not by database driver.
IMO this is implied by the fact that there are actually several
authentication methods in GNATS. The "built-in" methods are file system
permissions and the gnatsd mechanism. Since gnatsd is supposed to be
the only method of accessing GNATS through network, I can't see anything
much wrong in that gnatsd performs *the* authentication.
PN> 3). There is no access control for query-pr, send-pr and
PN> edit-pr. This is close to the subject of 2)., because
PN> authentification is made on the side of client, not on the side
PN> of database.
I'd consider this a feature. It's sometimes useful to be able to access
GNATS data based on the file system permissions. If you don't like
that, simply chmod go-rwx the database directory and force users to
access the database via query-pr etc. connections to localhost, thus
moving the authentication to gnatsd (single place).
PN> 4). I want that some bugs can be edited only by group of
PN> developers. It can't be done in current version.
I think this complaint is legitimate.
PN> Is it enough? ;-)
Pardon my ignorance. :-) Generally, I'd be curious whether your problems
come from a real experience or you just think only on a theoretical
level. My experience with running BTS is that the more access control
the more problems (the first one being users don't bother to use the
BTS). There is no access control in the Debian BTS and it works well.
In one company I used GNATS we had simply full intranet access and in
another one we had to introduce more regulations to protect the system
from incompetent people (but the incompetence was a problem itself and I
had to leave the company because it annoyed me too much).
I don't say some things shouldn't be improved but it's a low priority
issue for me. For instance, I consider the modular database backends
problem much more important and useful than the access control features.
Regards,
Milan Zamazal
--
It's amazing how much better you feel once you've given up hope.
(unknown source)
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: access control
2001-06-11 11:53 ` access control (was Re: modular database backends) Milan Zamazal
@ 2001-06-13 5:20 ` Hans-Albert Schneider
2001-06-17 12:26 ` Milan Zamazal
2001-06-13 10:44 ` access control (was Re: modular database backends) Peter Novodvorsky
1 sibling, 1 reply; 22+ messages in thread
From: Hans-Albert Schneider @ 2001-06-13 5:20 UTC (permalink / raw)
To: Milan Zamazal; +Cc: gnats-devel
>>>>> "MZ" == Milan Zamazal <pdm@zamazal.org> writes:
>>>>> "PN" == Peter Novodvorsky <nidd@altlinux.ru> writes:
PN> Is it enough? ;-)
MZ> Pardon my ignorance. :-) Generally, I'd be curious
MZ> whether your problems come from a real experience or you
MZ> just think only on a theoretical level.
I cannot speak for Peter, of course. However, we are currently
using GNATS internally. Opening it to our customers would
require some method to restrict access such that customers are
unable to see the reports submitted by other customers, because
the reports sometimes include real-life data of the customer. Of
course, each customer should be able to see all their own
reports. (So the granularity of the "confidential" flag is too
coarse.)
As our customers do not have accounts on our machines, and there
is no query-pr mail alias they could use, it is OK for us if this
is implemented in gnatsd.
A first idea that comes into my mind is to have a mapping of
usernames
- to submitter id(s) the user is allowed to use in submitting
reports, and
- to the submitter ids whose reports this user may see (both in
listings and in full). [BTW, this would interfere with the
"merging duplicates" feature discussed recently on the list.]
The mapping could be done by two optional fields to gnatsd.access.
This feature could be combined with the "confidential" flag:
Reports marked confidential are only visible to the same
submitter id, others are visible to everyone.
Of course, the developers must be able to see all reports, as
should those of us who do consulting for the customers.
Hans-Albert
PS: If somebody wants to discuss this with me: I will not be able
to access this mailbox from June 14 to June 24, inclusive.
--
Hans-Albert Schneider <Hans-Albert.Schneider@mchp.siemens.de>
Siemens AG phone: (+49) 89 636 45445
Corporate Technology fax: (+49) 89 636 42284
Munich, Germany
-- To get my public PGP key, send me a mail with subject "send key" --
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: access control
2001-06-13 5:20 ` access control Hans-Albert Schneider
@ 2001-06-17 12:26 ` Milan Zamazal
0 siblings, 0 replies; 22+ messages in thread
From: Milan Zamazal @ 2001-06-17 12:26 UTC (permalink / raw)
To: Hans-Albert.Schneider, Peter Novodvorsky; +Cc: gnats-devel
>>>>> "HS" == Hans-Albert Schneider <Hans-Albert.Schneider@mchp.siemens.de> writes:
HS> I cannot speak for Peter, of course. However, we are currently
HS> using GNATS internally. Opening it to our customers would
HS> require some method to restrict access such that customers are
HS> unable to see the reports submitted by other customers, because
HS> the reports sometimes include real-life data of the customer.
HS> Of course, each customer should be able to see all their own
HS> reports. (So the granularity of the "confidential" flag is too
HS> coarse.)
I agree this is a real and important problem. I used to have a similar
problem. I solved it by using gnats2w authentication and authorization
mechanism, but it should actually be handled in gnatsd.
HS> A first idea that comes into my mind is to have a mapping of
HS> usernames - to submitter id(s) the user is allowed to use in
HS> submitting reports, and - to the submitter ids whose reports
HS> this user may see (both in listings and in full). [BTW, this
HS> would interfere with the "merging duplicates" feature discussed
HS> recently on the list.]
HS> The mapping could be done by two optional fields to
HS> gnatsd.access.
Well, maybe.
HS> This feature could be combined with the "confidential" flag:
HS> Reports marked confidential are only visible to the same
HS> submitter id, others are visible to everyone.
This sounds very reasonable.
HS> Of course, the developers must be able to see all reports, as
HS> should those of us who do consulting for the customers.
Yes, that could be done with a wildcard in the configuration.
>>>>> "PN" == Peter Novodvorsky <nidd@altlinux.ru> writes:
PN> Milan Zamazal wrote:
>>>>>>> "PN" == Peter Novodvorsky <nidd@altlinux.ru> writes:
>>>>>>
PN> 1). i don't like that client can pass without authentication
PN> phase. If he want to login as anonymous, he has to do it. IE,
PN> USER anonymous nidd@altlinux.ru
>> Hm, are there any *real* benefits of this except it's annoying
>> during debugging?:-)
PN> Yes, I want to devide everything in several stages. One of them
PN> is authentification stage (Like in ftp/pop3).
Do you talk about your application or about gnatsd protocol
elegance? :-) If the first, creating an anonymous user should be
sufficient, and if the latter, frankly, I don't care much.
PN> Some of them come for theoretical level, and some of them have
PN> real-life reasons. Company I work for makes a distribution. It
PN> is maintained by my coworkers and some people who volounteer. I
PN> want them to have rights to edit only their bug reports while
PN> office people to edit any bug report.
OK, this should be solved in foreseeable future.
PN> OK. In this case I was talking about non-existing GNATS5. ;-)
Well, let's say 4.1. :-)
I know there are important features that should be included in GNATS,
but we should really release GNATS 4 sometimes and let the most
important new features be solved in the first non bug fix release after
it. Thanks to all the contributors, especially Yngve, we got much
closer to the GNATS 4 release now, so let's not delay it again. :-)
Milan Zamazal
--
_/_\_/_ o _\_/_\_ o _/_\_/_ o _\_/_\_ o BEWARE!
-<_|_|_|_><-- -<_|_|_|_><-- -<_|_|_|_><-- -<_|_|_|_><-- *Bugs* are
/ \ / o \ / \ o / \ / o \ / \ o approaching!
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: access control (was Re: modular database backends)
2001-06-11 11:53 ` access control (was Re: modular database backends) Milan Zamazal
2001-06-13 5:20 ` access control Hans-Albert Schneider
@ 2001-06-13 10:44 ` Peter Novodvorsky
1 sibling, 0 replies; 22+ messages in thread
From: Peter Novodvorsky @ 2001-06-13 10:44 UTC (permalink / raw)
To: Milan Zamazal; +Cc: gnats-devel
Milan Zamazal wrote:
>>>>>> "PN" == Peter Novodvorsky <nidd@altlinux.ru> writes:
>>>>>
>
> PN> 1). i don't like that client can pass without authentication
> PN> phase. If he want to login as anonymous, he has to do it. IE,
>
> PN> USER anonymous nidd@altlinux.ru
>
> Hm, are there any *real* benefits of this except it's annoying during
> debugging?:-)
Yes, I want to devide everything in several stages. One of them is
authentification
stage (Like in ftp/pop3).
>
>
> PN> 2). I don't like that check of user/password is made by gnatsd
> PN> and not by "database driver". I mean that function that
> PN> authentificates user isn't called by init_gnats that actually
> PN> connects to database, but after it. Access control is done by
> PN> gnatsd, and not by database driver.
>
> IMO this is implied by the fact that there are actually several
> authentication methods in GNATS. The "built-in" methods are file system
> permissions and the gnatsd mechanism. Since gnatsd is supposed to be
> the only method of accessing GNATS through network, I can't see anything
> much wrong in that gnatsd performs *the* authentication
Yes, this is ok for current version.
>
>
> PN> 3). There is no access control for query-pr, send-pr and
> PN> edit-pr. This is close to the subject of 2)., because
> PN> authentification is made on the side of client, not on the side
> PN> of database.
>
> I'd consider this a feature. It's sometimes useful to be able to access
> GNATS data based on the file system permissions. If you don't like
> that, simply chmod go-rwx the database directory and force users to
> access the database via query-pr etc. connections to localhost, thus
> moving the authentication to gnatsd (single place).
OK.
>
>
> PN> 4). I want that some bugs can be edited only by group of
> PN> developers. It can't be done in current version.
>
> I think this complaint is legitimate.
>
> PN> Is it enough? ;-)
>
> Pardon my ignorance. :-) Generally, I'd be curious whether your problems
> come from a real experience or you just think only on a theoretical
> level.
Some of them come for theoretical level, and some of them have real-life
reasons.
Company I work for makes a distribution. It is maintained by my
coworkers and some
people who volounteer. I want them to have rights to edit only their bug
reports while
office people to edit any bug report.
> My experience with running BTS is that the more access control
> the more problems (the first one being users don't bother to use the
> BTS). There is no access control in the Debian BTS and it works well.
Remember two things:
1). Debian is open project, it doesn't have competitives that want to
spoil it's
buisiness.
2). Debian isn't commercial project and if BTS gets spammed and is down for
1 day, it is not critical while in company you loose one buisness day.
This is one of reasons why I decided not to use debbugs (another were that
it is very ugly perl with pieces of source code put in aj's home dir,
and you
cannot find them in CVS :).
> I don't say some things shouldn't be improved but it's a low priority
> issue for me. For instance, I consider the modular database backends
> problem much more important and useful than the access control features.
OK. In this case I was talking about non-existing GNATS5. ;-)
Nidd.
^ permalink raw reply [flat|nested] 22+ messages in thread
* modular database backends
@ 2001-05-27 11:35 Peter Novodvorsky
0 siblings, 0 replies; 22+ messages in thread
From: Peter Novodvorsky @ 2001-05-27 11:35 UTC (permalink / raw)
To: gnats-devel
Hello!
I always thought about BTS as database and tools to work with
it. And these things are different. In gnats I see opposite thing: database,
tools and servers share one source and tools sometimes do too much.
So I've began work on making database backends to gnats modular.
Just now, gnats has two "backends", network (gnatsd) and filsystem. If
we make system of backends modular we could have SQL backend, etc., etc.
Second thing I don't like in GNATS, it doesn't has ACLs. This
modular framework should support them. Here is the header file that
will briefly describe what I mean:
struct _gnats_database {
URI *U;
FILE *serv_read;
FILE *serv_write;
void *module_handle;
int (* init) (ErrorDesc *err, gnats_database);
int (* add_pr) (ErrorDesc *err, gnats_database, PR);
int (* update_pr) (ErrorDesc *err, gnats_database, PR);
int (* query_pr) (ErrorDesc *err, gnats_database, QueryExpr);
int (* disconnect) (ErrorDesc *err, gnats_database);
};
typedef struct _gnats_database *gnats_database;
gnats_database gnats_new_database (ErrorDesc *err, URI *U);
int gnats_destroy_database (gnats_database db);
module_handle is object handle that is returned by dlopen.
URI is:
struct _URI
{
char *scheme;
char *host;
char *user;
char *pwd;
char *path;
unsigned int port;
};
typedef struct _URI URI;
And there is a function
URI *gnats_parse_uri (const char *gnats_uri, int length);
that takes URI (for example
gnatsd4x://nidd:pwd@nidd.debian.net:1529/database_name) and converts
it in such structure (gnatsd4x is 4.0 gnatsd protocol).
I'm currently implementing gnatsd4x backend. After this I'll
make query-pr, pr-edit, gnatsd and other tools to work with this model.
And then I'll begin to make SQL backend.
If everything will be OK in the end following will be possible:
user -> client -> gnatsd -> SQL server (MySQL, Postgres)
What do you think of this crazy idea?
Thanks,
--
Peter Novodvorsky http://www.altlinux.ru/ AltLinux Team, Russia
Debian.Org http://debian.org/~nidd
Debian --- no need to wait for tomorrow.
^ permalink raw reply [flat|nested] 22+ messages in thread
* RE: modular database backends
@ 2001-05-29 0:11 Dirk Bergstrom
2001-05-29 0:22 ` Bob Kaehms
0 siblings, 1 reply; 22+ messages in thread
From: Dirk Bergstrom @ 2001-05-29 0:11 UTC (permalink / raw)
To: 'Peter Novodvorsky', gnats-devel
a database backend for gnats, huh? i've been thinking about this myself.
in fact, it's quite likely to be a major project for me this year. i
haven't gotten too far along, but i will soon have a lot more time to devote
to thinking about it. i wouldn't describe myself as a high powered C
programmer (cough cough...), but i've got clue, time, and energy.
we should gather together interested parties, and kick some ideas around.
--
Dirk Bergstrom dirk@juniper.net
____________________________________________
Juniper Networks Inc., Engineering Web Guru
Tel: 408.745.3182 Fax: 408.745.8905
> -----Original Message-----
> From: Peter Novodvorsky [ mailto:nidd@altlinux.ru ]
> Sent: Sunday, May 27, 2001 11:18 AM
> To: gnats-devel@sources.redhat.com
> Subject: modular database backends
>
>
>
> Hello!
>
> I always thought about BTS as database and tools to work with
> it. And these things are different. In gnats I see opposite
> thing: database,
> tools and servers share one source and tools sometimes do too much.
>
> So I've began work on making database backends to
> gnats modular.
> Just now, gnats has two "backends", network (gnatsd) and filsystem. If
> we make system of backends modular we could have SQL backend,
> etc., etc.
>
> Second thing I don't like in GNATS, it doesn't has ACLs. This
> modular framework should support them. Here is the header file that
> will briefly describe what I mean:
>
> struct _gnats_database {
> URI *U;
>
> FILE *serv_read;
> FILE *serv_write;
>
> void *module_handle;
>
> int (* init) (ErrorDesc *err, gnats_database);
> int (* add_pr) (ErrorDesc *err, gnats_database, PR);
> int (* update_pr) (ErrorDesc *err, gnats_database, PR);
> int (* query_pr) (ErrorDesc *err, gnats_database, QueryExpr);
> int (* disconnect) (ErrorDesc *err, gnats_database);
> };
>
> typedef struct _gnats_database *gnats_database;
>
> gnats_database gnats_new_database (ErrorDesc *err, URI *U);
> int gnats_destroy_database (gnats_database db);
>
> module_handle is object handle that is returned by dlopen.
> URI is:
>
> struct _URI
> {
> char *scheme;
> char *host;
> char *user;
> char *pwd;
> char *path;
> unsigned int port;
> };
>
> typedef struct _URI URI;
>
> And there is a function
>
> URI *gnats_parse_uri (const char *gnats_uri, int length);
>
> that takes URI (for example
> gnatsd4x://nidd:pwd@nidd.debian.net:1529/database_name) and converts
> it in such structure (gnatsd4x is 4.0 gnatsd protocol).
>
> I'm currently implementing gnatsd4x backend. After this I'll
> make query-pr, pr-edit, gnatsd and other tools to work with
> this model.
> And then I'll begin to make SQL backend.
>
> If everything will be OK in the end following will be
> possible:
>
> user -> client -> gnatsd -> SQL server (MySQL, Postgres)
>
> What do you think of this crazy idea?
>
> Thanks,
> --
> Peter Novodvorsky http://www.altlinux.ru/ AltLinux Team, Russia
> Debian.Org
http://debian.org/~nidd
Debian --- no need to wait for tomorrow.
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: modular database backends
2001-05-29 0:11 Dirk Bergstrom
@ 2001-05-29 0:22 ` Bob Kaehms
2001-05-29 1:16 ` Peter Novodvorsky
0 siblings, 1 reply; 22+ messages in thread
From: Bob Kaehms @ 2001-05-29 0:22 UTC (permalink / raw)
To: Dirk Bergstrom; +Cc: 'Peter Novodvorsky', gnats-devel
Just as a thought, perhaps the whole thing should be done in php/mysql.
it's a little archaic as is.
Dirk Bergstrom writes:
> a database backend for gnats, huh? i've been thinking about this myself.
> in fact, it's quite likely to be a major project for me this year. i
> haven't gotten too far along, but i will soon have a lot more time to devote
> to thinking about it. i wouldn't describe myself as a high powered C
> programmer (cough cough...), but i've got clue, time, and energy.
>
> we should gather together interested parties, and kick some ideas around.
>
> --
> Dirk Bergstrom dirk@juniper.net
> ____________________________________________
> Juniper Networks Inc., Engineering Web Guru
> Tel: 408.745.3182 Fax: 408.745.8905
>
>
>> -----Original Message-----
>> From: Peter Novodvorsky [ mailto:nidd@altlinux.ru ]
>> Sent: Sunday, May 27, 2001 11:18 AM
>> To: gnats-devel@sources.redhat.com
>> Subject: modular database backends
>>
>>
>>
>> Hello!
>>
>> I always thought about BTS as database and tools to work with
>> it. And these things are different. In gnats I see opposite
>> thing: database,
>> tools and servers share one source and tools sometimes do too much.
>>
>> So I've began work on making database backends to
>> gnats modular.
>> Just now, gnats has two "backends", network (gnatsd) and filsystem. If
>> we make system of backends modular we could have SQL backend,
>> etc., etc.
>>
>> Second thing I don't like in GNATS, it doesn't has ACLs. This
>> modular framework should support them. Here is the header file that
>> will briefly describe what I mean:
>>
>> struct _gnats_database {
>> URI *U;
>>
>> FILE *serv_read;
>> FILE *serv_write;
>>
>> void *module_handle;
>>
>> int (* init) (ErrorDesc *err, gnats_database);
>> int (* add_pr) (ErrorDesc *err, gnats_database, PR);
>> int (* update_pr) (ErrorDesc *err, gnats_database, PR);
>> int (* query_pr) (ErrorDesc *err, gnats_database, QueryExpr);
>> int (* disconnect) (ErrorDesc *err, gnats_database);
>> };
>>
>> typedef struct _gnats_database *gnats_database;
>>
>> gnats_database gnats_new_database (ErrorDesc *err, URI *U);
>> int gnats_destroy_database (gnats_database db);
>>
>> module_handle is object handle that is returned by dlopen.
>> URI is:
>>
>> struct _URI
>> {
>> char *scheme;
>> char *host;
>> char *user;
>> char *pwd;
>> char *path;
>> unsigned int port;
>> };
>>
>> typedef struct _URI URI;
>>
>> And there is a function
>>
>> URI *gnats_parse_uri (const char *gnats_uri, int length);
>>
>> that takes URI (for example
>> gnatsd4x://nidd:pwd@nidd.debian.net:1529/database_name) and converts
>> it in such structure (gnatsd4x is 4.0 gnatsd protocol).
>>
>> I'm currently implementing gnatsd4x backend. After this I'll
>> make query-pr, pr-edit, gnatsd and other tools to work with
>> this model.
>> And then I'll begin to make SQL backend.
>>
>> If everything will be OK in the end following will be
>> possible:
>>
>> user -> client -> gnatsd -> SQL server (MySQL, Postgres)
>>
>> What do you think of this crazy idea?
>>
>> Thanks,
>> --
>> Peter Novodvorsky http://www.altlinux.ru/ AltLinux Team, Russia
>> Debian.Org
> http://debian.org/~nidd
> Debian --- no need to wait for tomorrow.
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: modular database backends
2001-05-29 0:22 ` Bob Kaehms
@ 2001-05-29 1:16 ` Peter Novodvorsky
0 siblings, 0 replies; 22+ messages in thread
From: Peter Novodvorsky @ 2001-05-29 1:16 UTC (permalink / raw)
To: Dirk Bergstrom; +Cc: gnats-devel
> Just as a thought, perhaps the whole thing should be done in php/mysql.
> it's a little archaic as is.
If you say so, you didn't got the idea. I don't want only one backend.
I want modular backends.
> > a database backend for gnats, huh? i've been thinking about this myself.
> > in fact, it's quite likely to be a major project for me this year. i
> > haven't gotten too far along, but i will soon have a lot more time to devote
> > to thinking about it. i wouldn't describe myself as a high powered C
> > programmer (cough cough...), but i've got clue, time, and energy. we
> > should gather together interested parties, and kick some ideas
What do you think about my prototype? Is it good or bad? I'm going
to do modules through dlopen. I would like to hear you thoughts about it.
Thanks,
--
Peter Novodvorsky http://www.altlinux.ru/ AltLinux Team, Russia
Debian.Org http://debian.org/~nidd
Debian --- no need to wait for tomorrow.
^ permalink raw reply [flat|nested] 22+ messages in thread
end of thread, other threads:[~2001-06-17 12:26 UTC | newest]
Thread overview: 22+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-05-27 11:32 modular database backends Peter Novodvorsky
2001-05-28 2:43 ` Yngve Svendsen
2001-05-28 4:34 ` Peter Novodvorsky
2001-06-04 21:53 ` Margaret BRIERTON
2001-06-05 1:35 ` GNATS discussion group Yngve Svendsen
2001-06-05 19:56 ` Margaret BRIERTON
2001-06-06 4:54 ` Yngve Svendsen
2001-06-07 17:04 ` Margaret BRIERTON
2001-06-07 18:15 ` Database Margaret BRIERTON
2001-05-28 14:37 ` modular database backends Milan Zamazal
2001-05-29 12:43 ` Peter Novodvorsky
2001-06-11 11:53 ` Milan Zamazal
2001-06-13 10:31 ` Peter Novodvorsky
2001-06-17 12:26 ` Milan Zamazal
2001-06-11 11:53 ` access control (was Re: modular database backends) Milan Zamazal
2001-06-13 5:20 ` access control Hans-Albert Schneider
2001-06-17 12:26 ` Milan Zamazal
2001-06-13 10:44 ` access control (was Re: modular database backends) Peter Novodvorsky
2001-05-27 11:35 modular database backends Peter Novodvorsky
2001-05-29 0:11 Dirk Bergstrom
2001-05-29 0:22 ` Bob Kaehms
2001-05-29 1:16 ` Peter Novodvorsky
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).