[Letodb-developers] 2009-03-31 10:20 UTC+0300 Alexander Kresin (alex/at/belacy.belgorod.su)

[Alexander S.K. <al...@be...>]

2009-03-31 10:20 UTC+0300 Alexander Kresin (alex/at/belacy.belgorod.su)
   * include/funcleto.h
     * Declarations of encryption functions has been added
       LETO_PASSWORD definition has been added, it designates an 
encryption key,
       which is used by both client and server side.
   * include/rddleto.h
     * LETOAREA: USHORT uiRecInBuf has been added, it designates a relative
                 current record position in a pBuffer.
       LETOCONNECTION: a size of szVersion has been increased,
                       cDopcode has been added, it keeps an additional 
2-char code from
                       the server, which is included in an encryption 
key.
   + include/rddleto.ch
     + Connection error codes.

   * source/common/common_c.c
     leto_byte2hexchar(), leto_hexchar2byte() function has been added.
   + source/common/blowfish.c
     + encryption module has been added ( code is borrowed fron HwGUI ).

   * source/client/leto1.c
     * leto_skip() now allows to skip records in a backward direction in 
a buffer ( pBuffer )
       to reduce using of server.
     * leto_ConnectionNew() has been changed. It accepts additional 
encryption code from
       server, passes username and password to server, if needed, sets 
connection error code.
     * LETO_CONNECT_ERR() function has been added, it returns connection 
error code - look at
       utils/manager/manage.prg for a sample.
   * source/client/letomgmn.c
     * LETO_CONNECT( cAddr [, cUser, cPassword] ) now passes username 
and password, if needed.
     * Following functions has been added:
       LETO_USERADD( cUser, cPassword [, cAccess] )
       LETO_USERPASSWD( cUser, cPassword )
       LETO_USERRIGHTS( cUser, cAccess )
       LETO_USERFLUSH()
     * Some changes in LETO_MGGETINFO(), LETO_MGGETUSERS() due to 
additional data, which
       these functions accepts.

   * source/server/server.prg
   * source/server/letofunc.c
     * leto_mgmt() now passes some additional data. In a basic data 
array it is 12-th item,
       maximum time of waiting for query execution. In a users list it 
is a value of a
       time for which the user is inactive.
     * added initial support for authentication subsystem.
       server's ini file now can include these items:
       PASS_FOR_LOGIN = 1 ( 0, if it is off ), if the server requires 
authentication
             to be logged in;
       PASS_FOR_MANAGE = 1, if appropriate rights are necessary to use 
manage functions;
       PASS_FOR_DATA = 1, if appropriate rights are necessary to have 
wright access.
       PASS_FILE - a path and name of authentication file, by default it 
is "leto_users".
   + source/server/letoacc.c
     + structures and functions for username/password/access rights 
handling.

   Some notes about authentication subsystem. To turn it on, you need to 
include in server's
   ini file any of the above items ( PASS_FOR_... ). But before you need 
to create, at least,
   one user with admin rights, because when authentication subsystem 
works, only authenticated
   users with admin rights are able to add/change users and passwords. 
To add a user, you need
   to include a call of LETO_USERADD() in your client side program, for 
example:

   	LETO_USERADD( "admin", "secret:)", "YYY" )

   where "YYY" is a string, which gives rights to admin, manage and 
write access.
   To connect to server with an authentication data you need to use 
LETO_CONNECT() function.

Regards,
   Alexander