[tarantool-patches] Re: [PATCH v1 1/1] box: support reload whole module
Vladimir Davydov
vdavydov.dev at gmail.com
Wed Jul 11 15:46:56 MSK 2018
On Tue, Jul 10, 2018 at 09:49:14AM +0300, Kirill Shcherbatov wrote:
> @@ -318,7 +320,19 @@ module_reload(const char *package, const char *package_end, struct module **modu
> struct func *func, *tmp_func;
> rlist_foreach_entry_safe(func, &old_module->funcs, item, tmp_func) {
> struct func_name name;
> - func_split_name(func->def->name, &name);
> + const char *func_name = func->def->name;
> + func_split_name(func_name, &name);
> +
> + /*
> + * Allow to reload only functions that belongs to
> + * current user. Skip other.
> + */
> + struct func *dummy;
> + if (check_access &&
> + box_func_check_access(func_name, strlen(func_name),
> + &dummy) != 0)
> + continue;
> +
AFAIU a user may reload a whole module only if he has the global EXECUTE
privilege (because we don't have such an entity as module in our data
dictionary to grant access rights for). access_check_func(), which is
called by func_reload(), already checks the global EXECUTE privilege and
returns 0 (success) if it is set, no matter if the function was found or
not. So all you have to do is call module_reload() from func_reload() if
access_check_func() returned func = NULL, no?
More information about the Tarantool-patches
mailing list