From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id A907A21CC7 for ; Fri, 8 Jun 2018 05:06:44 -0400 (EDT) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dzQ_JfnHuk_v for ; Fri, 8 Jun 2018 05:06:44 -0400 (EDT) Received: from smtp48.i.mail.ru (smtp48.i.mail.ru [94.100.177.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTPS id 3CBB221C2C for ; Fri, 8 Jun 2018 05:06:44 -0400 (EDT) From: Georgy Kirichenko Subject: [tarantool-patches] [PATCH 2/3] security: add limits on object_type-privilege pair Date: Fri, 8 Jun 2018 12:06:33 +0300 Message-Id: <0e6cd9bcff2fca4d04105b42f96dd78a3bfee743.1528448404.git.georgy@tarantool.org> In-Reply-To: References: In-Reply-To: References: Sender: tarantool-patches-bounce@freelists.org Errors-to: tarantool-patches-bounce@freelists.org Reply-To: tarantool-patches@freelists.org List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: tarantool-patches List-subscribe: List-owner: List-post: List-archive: To: tarantool-patches@freelists.org Cc: imarkov From: imarkov Introduce constraints on object_type-privilege pairs. These constraints limit senseless grants/revokes, i.e., sequence - execute, all space related privileges(insert, delete, update), function - alter, all space related privileges, role - all privileges except create, drop, alter, execute Prerequisite #945 --- src/box/errcode.h | 2 +- src/box/lua/schema.lua | 13 ++++++++++-- test/box/access.result | 17 +++++++++++++++ test/box/access.test.lua | 9 +++++++- test/box/misc.result | 46 ++++++++++++++++++++-------------------- 5 files changed, 60 insertions(+), 27 deletions(-) diff --git a/src/box/errcode.h b/src/box/errcode.h index a0759f8f4..d76673be9 100644 --- a/src/box/errcode.h +++ b/src/box/errcode.h @@ -150,7 +150,7 @@ struct errcode_record { /* 95 */_(ER_UPDATE_INTEGER_OVERFLOW, "Integer overflow when performing '%c' operation on field %u") \ /* 96 */_(ER_GUEST_USER_PASSWORD, "Setting password for guest user has no effect") \ /* 97 */_(ER_TRANSACTION_CONFLICT, "Transaction has been aborted by conflict") \ - /* 98 */_(ER_UNSUPPORTED_ROLE_PRIV, "Unsupported role privilege '%s'") \ + /* 98 */_(ER_UNSUPPORTED_PRIV, "Unsupported %s privilege '%s'") \ /* 99 */_(ER_LOAD_FUNCTION, "Failed to dynamically load function '%s': %s") \ /*100 */_(ER_FUNCTION_LANGUAGE, "Unsupported language '%s' specified for function '%s'") \ /*101 */_(ER_RTREE_RECT, "RTree: %s must be an array with %u (point) or %u (rectangle/box) numeric coordinates") \ diff --git a/src/box/lua/schema.lua b/src/box/lua/schema.lua index 43c7d4e6b..4455b5e42 100644 --- a/src/box/lua/schema.lua +++ b/src/box/lua/schema.lua @@ -1724,10 +1724,19 @@ local function privilege_resolve(privilege) return numeric end +-- validate privileges +local forbidden_privileges = { + ["universe"] = 0, + ["space"] = 0, + ["sequence"] = bit.bor(box.priv.X, box.priv.A, box.priv.INSERT, box.priv.UPDATE, box.priv.DELETE), + ["function"] = bit.bor(box.priv.A, box.priv.INSERT, box.priv.UPDATE, box.priv.DELETE), + ["role"] = bit.bxor(box.priv.ALL, bit.bor(box.priv.C, box.priv.D, box.priv.X)), +} + local function checked_privilege(privilege, object_type) local priv_hex = privilege_resolve(privilege) - if object_type == 'role' and priv_hex ~= box.priv.X then - box.error(box.error.UNSUPPORTED_ROLE_PRIV, privilege) + if bit.band(priv_hex, forbidden_privileges[object_type] or 0) ~= 0 then + box.error(box.error.UNSUPPORTED_PRIV, object_type, privilege) end return priv_hex end diff --git a/test/box/access.result b/test/box/access.result index 131a21510..72f91173b 100644 --- a/test/box/access.result +++ b/test/box/access.result @@ -1645,3 +1645,20 @@ box.space._vsequence.index.name:get{"test"} ~= nil box.session.su('admin') --- ... +-- prerequisite gh-945 +box.schema.user.grant("guest", "alter", "function") +--- +- error: Unsupported function privilege 'alter' +... +box.schema.user.grant("guest", "execute", "sequence") +--- +- error: Unsupported sequence privilege 'execute' +... +box.schema.user.grant("guest", "read,execute", "sequence") +--- +- error: Unsupported sequence privilege 'read,execute' +... +box.schema.user.grant("guest", "read,write,execute", "role") +--- +- error: Unsupported role privilege 'read,write,execute' +... diff --git a/test/box/access.test.lua b/test/box/access.test.lua index 4bd34e45d..62691c471 100644 --- a/test/box/access.test.lua +++ b/test/box/access.test.lua @@ -586,6 +586,7 @@ box.schema.user.revoke("guest", "read", "universe", "useless name", {if_exists = box.schema.user.revoke("guest", "read", "universe", 0, {if_exists = true}) box.schema.user.revoke("guest", "read", "universe", nil, {if_exists = true}) box.schema.user.revoke("guest", "read", "universe", {}, {if_exists = true}) + -- -- Check that box.schema.* api is available to non-super user -- In scope of gh-3250 "make sure grant/revoke does not require @@ -632,4 +633,10 @@ box.space._vsequence.index.name:get{"test"} ~= nil -- -- restore -- -box.session.su('admin') \ No newline at end of file +box.session.su('admin') + +-- prerequisite gh-945 +box.schema.user.grant("guest", "alter", "function") +box.schema.user.grant("guest", "execute", "sequence") +box.schema.user.grant("guest", "read,execute", "sequence") +box.schema.user.grant("guest", "read,write,execute", "role") diff --git a/test/box/misc.result b/test/box/misc.result index c6e4917bf..7ab3d2fc4 100644 --- a/test/box/misc.result +++ b/test/box/misc.result @@ -345,12 +345,11 @@ t; - 'box.error.DROP_USER : 44' - 'box.error.MODIFY_INDEX : 14' - 'box.error.PASSWORD_MISMATCH : 47' - - 'box.error.UNSUPPORTED_ROLE_PRIV : 98' - 'box.error.ACCESS_DENIED : 42' - 'box.error.CANT_CREATE_COLLATION : 150' - 'box.error.USER_EXISTS : 46' - 'box.error.WAL_IO : 40' - - 'box.error.PROC_RET : 21' + - 'box.error.RTREE_RECT : 101' - 'box.error.PRIV_GRANTED : 89' - 'box.error.CREATE_SPACE : 9' - 'box.error.GRANT : 88' @@ -401,77 +400,78 @@ t; - 'box.error.CROSS_ENGINE_TRANSACTION : 81' - 'box.error.FORMAT_MISMATCH_INDEX_PART : 27' - 'box.error.FUNCTION_TX_ACTIVE : 30' + - 'box.error.injection : table:
- 'box.error.NO_SUCH_ENGINE : 57' - 'box.error.COMMIT_IN_SUB_STMT : 122' - - 'box.error.injection : table:
- 'box.error.NULLABLE_MISMATCH : 153' + - 'box.error.TUPLE_FORMAT_LIMIT : 16' - 'box.error.LAST_DROP : 15' - - 'box.error.NO_SUCH_ROLE : 82' + - 'box.error.SPACE_FIELD_IS_DUPLICATE : 149' - 'box.error.DECOMPRESSION : 124' - 'box.error.CREATE_SEQUENCE : 142' - 'box.error.CREATE_USER : 43' - - 'box.error.SPACE_FIELD_IS_DUPLICATE : 149' - - 'box.error.INSTANCE_UUID_MISMATCH : 66' - 'box.error.SEQUENCE_OVERFLOW : 147' + - 'box.error.INSTANCE_UUID_MISMATCH : 66' + - 'box.error.INJECTION : 8' - 'box.error.SYSTEM : 115' - 'box.error.KEY_PART_IS_TOO_LONG : 118' - - 'box.error.TUPLE_FORMAT_LIMIT : 16' - - 'box.error.BEFORE_REPLACE_RET : 53' - - 'box.error.NO_SUCH_SAVEPOINT : 61' + - 'box.error.INVALID_MSGPACK : 20' - 'box.error.TRUNCATE_SYSTEM_SPACE : 137' + - 'box.error.NO_SUCH_SAVEPOINT : 61' - 'box.error.VY_QUOTA_TIMEOUT : 135' + - 'box.error.READ_VIEW_ABORTED : 130' - 'box.error.WRONG_INDEX_OPTIONS : 108' - 'box.error.INVALID_VYLOG_FILE : 133' - 'box.error.INDEX_FIELD_COUNT_LIMIT : 127' - - 'box.error.READ_VIEW_ABORTED : 130' - - 'box.error.USER_MAX : 56' - 'box.error.PROTOCOL : 104' + - 'box.error.USER_MAX : 56' + - 'box.error.BEFORE_REPLACE_RET : 53' - 'box.error.TUPLE_NOT_ARRAY : 22' - 'box.error.KEY_PART_COUNT : 31' - 'box.error.ALTER_SPACE : 12' - 'box.error.ACTIVE_TRANSACTION : 79' - 'box.error.EXACT_FIELD_COUNT : 38' - 'box.error.DROP_SEQUENCE : 144' - - 'box.error.INVALID_MSGPACK : 20' - 'box.error.MORE_THAN_ONE_TUPLE : 41' - - 'box.error.RTREE_RECT : 101' - - 'box.error.SUB_STMT_MAX : 121' + - 'box.error.INVALID_XLOG_ORDER : 76' - 'box.error.UNKNOWN_REQUEST_TYPE : 48' - - 'box.error.SPACE_EXISTS : 10' + - 'box.error.SUB_STMT_MAX : 121' - 'box.error.PROC_LUA : 32' + - 'box.error.SPACE_EXISTS : 10' - 'box.error.ROLE_NOT_GRANTED : 92' + - 'box.error.UNSUPPORTED : 5' - 'box.error.NO_SUCH_SPACE : 36' - 'box.error.WRONG_INDEX_PARTS : 107' - - 'box.error.DROP_SPACE : 11' - 'box.error.MIN_FIELD_COUNT : 39' - 'box.error.REPLICASET_UUID_MISMATCH : 63' - 'box.error.UPDATE_FIELD : 29' + - 'box.error.INDEX_EXISTS : 85' - 'box.error.COMPRESSION : 119' - 'box.error.INVALID_ORDER : 68' - - 'box.error.INDEX_EXISTS : 85' - 'box.error.SPLICE : 25' - 'box.error.UNKNOWN : 0' + - 'box.error.IDENTIFIER : 70' - 'box.error.DROP_PRIMARY_KEY : 17' - 'box.error.NULLABLE_PRIMARY : 152' - 'box.error.NO_SUCH_SEQUENCE : 145' - 'box.error.RELOAD_CFG : 58' - 'box.error.INVALID_UUID : 64' - - 'box.error.INJECTION : 8' + - 'box.error.DROP_SPACE : 11' - 'box.error.TIMEOUT : 78' - - 'box.error.IDENTIFIER : 70' - 'box.error.ITERATOR_TYPE : 72' - 'box.error.REPLICA_MAX : 73' + - 'box.error.NO_SUCH_ROLE : 82' - 'box.error.MISSING_REQUEST_FIELD : 69' - 'box.error.MISSING_SNAPSHOT : 93' - 'box.error.WRONG_SPACE_OPTIONS : 111' - 'box.error.READONLY : 7' - - 'box.error.UNSUPPORTED : 5' - 'box.error.UPDATE_INTEGER_OVERFLOW : 95' - - 'box.error.NO_CONNECTION : 77' - - 'box.error.INVALID_XLOG_ORDER : 76' - 'box.error.UPSERT_UNIQUE_SECONDARY_KEY : 105' - - 'box.error.ROLLBACK_IN_SUB_STMT : 123' + - 'box.error.NO_CONNECTION : 77' + - 'box.error.UNSUPPORTED_PRIV : 98' - 'box.error.WRONG_SCHEMA_VERSION : 109' + - 'box.error.ROLLBACK_IN_SUB_STMT : 123' + - 'box.error.PROC_RET : 21' - 'box.error.UNSUPPORTED_INDEX_FEATURE : 112' - 'box.error.INDEX_PART_TYPE_MISMATCH : 24' - 'box.error.INVALID_XLOG_TYPE : 125' -- 2.17.1