[tarantool-patches] [PATCH v2 0/2] Update credentials without reconnect
Vladislav Shpilevoy
v.shpilevoy at tarantool.org
Sat Oct 5 01:25:58 MSK 2019
The patchset makes user credentials be always up to date in all
sessions, functions with setuid, sudo contexts.
The implementation is simple: struct credentials are registered in
their source user via a trigger, and get all updates. First patch
prepares API for that, because struct credentials didn't have a
destructor, nor any other method except 'init'. Its lifetime was
not established. The second patch adds a trigger.
Motivation of the patch is real problems:
- If a user managed to connect after box.cfg started listening
port, but before access was granted, then he needed a reconnect;
- Even if access was granted, a user may connect after box.cfg
listen, but before access *is recovered* from _priv space. It
was not possible to fix without a reconnect. And this problem
affected replication.
They are gone now.
Branch: http://github.com/tarantool/tarantool/tree/gerold103/gh-2763-credentials-cache-update
Issue: https://github.com/tarantool/tarantool/issues/2763
Changes in V2:
- Total rework. Now a trigger is in struct credentials instead of
struct session. Appeared, that there are more places besides
session, where credentials need to follow priv updates.
V1: https://www.freelists.org/post/tarantool-patches/PATCH-11-session-update-credentials-without-reconnect
Vladislav Shpilevoy (2):
access: rework struct credentials API
access: update credentials without reconnect
src/box/authentication.cc | 3 +-
src/box/func.c | 9 +-
src/box/lua/session.c | 6 +-
src/box/session.cc | 10 +-
src/box/session.h | 8 -
src/box/user.cc | 51 +++++-
src/box/user.h | 32 ++++
src/box/user_def.h | 6 +
test/box/access_bin.result | 9 +-
test/box/access_bin.test.lua | 5 +-
test/box/access_misc.result | 2 +-
.../gh-2763-session-credentials-update.result | 170 ++++++++++++++++++
...h-2763-session-credentials-update.test.lua | 93 ++++++++++
13 files changed, 365 insertions(+), 39 deletions(-)
create mode 100644 test/box/gh-2763-session-credentials-update.result
create mode 100644 test/box/gh-2763-session-credentials-update.test.lua
--
2.21.0 (Apple Git-122)
More information about the Tarantool-patches
mailing list