[patches] [security 1/1] security: Prohibit to drop super role

Mon Jan 29 16:58:06 MSK 2018

* Create constant SUPER - id of super role
* Forward the constant to box.schema
* Add checks on drop super role

Closes #3084

Signed-off-by: imarkov <imarkov at tarantool.org>
---
 src/box/lua/schema.lua   |  5 +++--
 src/box/lua/space.cc     |  2 ++
 src/box/user_def.h       |  1 +
 test/box/access.result   | 12 ++++++++++++
 test/box/access.test.lua |  3 +++
 5 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/src/box/lua/schema.lua b/src/box/lua/schema.lua
index 207e944..28e4d81 100644
--- a/src/box/lua/schema.lua
+++ b/src/box/lua/schema.lua
@@ -2070,7 +2070,8 @@ box.schema.user.drop = function(name, opts)
             box.error(box.error.DROP_USER, name,
                       "the user or the role is a system")
         end
-        if uid == box.session.uid() or uid == box.session.euid() then
+        if uid == box.session.uid() or uid == box.session.euid()
+            or uid == box.schema.SUPER_ROLE_ID then
             box.error(box.error.DROP_USER, name,
                       "the user is active in the current session")
         end
@@ -2143,7 +2144,7 @@ box.schema.role.drop = function(name, opts)
         return
     end
     if uid >= box.schema.SYSTEM_USER_ID_MIN and
-       uid <= box.schema.SYSTEM_USER_ID_MAX then
+       uid <= box.schema.SYSTEM_USER_ID_MAX or uid == box.schema.SUPER_ROLE_ID then
         -- gh-1205: box.schema.user.info fails
         box.error(box.error.DROP_USER, name, "the user or the role is a system")
     end
diff --git a/src/box/lua/space.cc b/src/box/lua/space.cc
index 3a4fe5b..6ef0573 100644
--- a/src/box/lua/space.cc
+++ b/src/box/lua/space.cc
@@ -386,6 +386,8 @@ box_lua_space_init(struct lua_State *L)
 	lua_setfield(L, -2, "SYSTEM_USER_ID_MIN");
 	lua_pushnumber(L, BOX_SYSTEM_USER_ID_MAX);
 	lua_setfield(L, -2, "SYSTEM_USER_ID_MAX");
+	lua_pushnumber(L, SUPER);
+	lua_setfield(L, -2, "SUPER_ROLE_ID");
 	lua_pushnumber(L, BOX_INDEX_MAX);
 	lua_setfield(L, -2, "INDEX_MAX");
 	lua_pushnumber(L, BOX_SPACE_MAX);
diff --git a/src/box/user_def.h b/src/box/user_def.h
index 1104ec6..8bf31c2 100644
--- a/src/box/user_def.h
+++ b/src/box/user_def.h
@@ -170,6 +170,7 @@ enum {
 	GUEST = 0,
 	ADMIN =  1,
 	PUBLIC = 2, /* role */
+	SUPER = 31, /* role */
 	BOX_SYSTEM_USER_ID_MAX = PUBLIC
 };
 
diff --git a/test/box/access.result b/test/box/access.result
index ac53c1f..a803b60 100644
--- a/test/box/access.result
+++ b/test/box/access.result
@@ -779,6 +779,18 @@ box.space._user.index.name:delete{'public'}
 ---
 - true
 ...
+box.schema.role.drop('super')
+---
+- error: 'Failed to drop user or role ''super'': the user or the role is a system'
+...
+box.space._user.index.name:delete{'super'}
+---
+- error: 'Failed to drop user or role ''super'': the user has objects'
+...
+#box.schema.role.info('super') > 0
+---
+- true
+...
 -- gh-944 name is too long
 name = string.rep('a', box.schema.NAME_MAX - 1)
 ---
diff --git a/test/box/access.test.lua b/test/box/access.test.lua
index 59dc55f..911afee 100644
--- a/test/box/access.test.lua
+++ b/test/box/access.test.lua
@@ -306,6 +306,9 @@ box.space._user.index.name:delete{'admin'}
 box.schema.role.drop('public')
 box.space._user.index.name:delete{'public'}
 #box.schema.role.info('public') > 0
+box.schema.role.drop('super')
+box.space._user.index.name:delete{'super'}
+#box.schema.role.info('super') > 0
 
 -- gh-944 name is too long
 name = string.rep('a', box.schema.NAME_MAX - 1)
-- 
2.7.4


