[tarantool-patches] [PATCH v2 0/2] Update credentials without reconnect

Sat Oct 5 01:25:58 MSK 2019

The patchset makes user credentials be always up to date in all
sessions, functions with setuid, sudo contexts.

The implementation is simple: struct credentials are registered in
their source user via a trigger, and get all updates. First patch
prepares API for that, because struct credentials didn't have a
destructor, nor any other method except 'init'. Its lifetime was
not established. The second patch adds a trigger.

Motivation of the patch is real problems:

- If a user managed to connect after box.cfg started listening
port, but before access was granted, then he needed a reconnect;

- Even if access was granted, a user may connect after box.cfg
listen, but before access *is recovered* from _priv space. It
was not possible to fix without a reconnect. And this problem
affected replication.

They are gone now.

Branch: http://github.com/tarantool/tarantool/tree/gerold103/gh-2763-credentials-cache-update
Issue: https://github.com/tarantool/tarantool/issues/2763

Changes in V2:
- Total rework. Now a trigger is in struct credentials instead of
  struct session. Appeared, that there are more places besides
  session, where credentials need to follow priv updates.

V1: https://www.freelists.org/post/tarantool-patches/PATCH-11-session-update-credentials-without-reconnect

Vladislav Shpilevoy (2):
  access: rework struct credentials API
  access: update credentials without reconnect

 src/box/authentication.cc                     |   3 +-
 src/box/func.c                                |   9 +-
 src/box/lua/session.c                         |   6 +-
 src/box/session.cc                            |  10 +-
 src/box/session.h                             |   8 -
 src/box/user.cc                               |  51 +++++-
 src/box/user.h                                |  32 ++++
 src/box/user_def.h                            |   6 +
 test/box/access_bin.result                    |   9 +-
 test/box/access_bin.test.lua                  |   5 +-
 test/box/access_misc.result                   |   2 +-
 .../gh-2763-session-credentials-update.result | 170 ++++++++++++++++++
 ...h-2763-session-credentials-update.test.lua |  93 ++++++++++
 13 files changed, 365 insertions(+), 39 deletions(-)
 create mode 100644 test/box/gh-2763-session-credentials-update.result
 create mode 100644 test/box/gh-2763-session-credentials-update.test.lua

-- 
2.21.0 (Apple Git-122)