From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id E23AB23E7F for ; Sun, 13 May 2018 08:49:22 -0400 (EDT) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9qaYq4Wh_z6y for ; Sun, 13 May 2018 08:49:22 -0400 (EDT) Received: from smtp37.i.mail.ru (smtp37.i.mail.ru [94.100.177.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTPS id CF3F923E42 for ; Sun, 13 May 2018 08:49:21 -0400 (EDT) Date: Sun, 13 May 2018 15:49:18 +0300 From: Konstantin Osipov Subject: [tarantool-patches] Re: [security 2/3] security: Refactor reads from systems spaces Message-ID: <20180513124918.GA10552@atlas> References: <0c1d9e810129869e39003ca696de774a4d4f7a09.1522308989.git.imarkov@tarantool.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <0c1d9e810129869e39003ca696de774a4d4f7a09.1522308989.git.imarkov@tarantool.org> Sender: tarantool-patches-bounce@freelists.org Errors-to: tarantool-patches-bounce@freelists.org Reply-To: tarantool-patches@freelists.org List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: tarantool-patches List-subscribe: List-owner: List-post: List-archive: To: tarantool-patches@freelists.org Cc: georgy@tarantool.org * Ilya Markov [18/03/29 12:10]: > +const uint32_t PRIV_WRDA = PRIV_W | PRIV_D | PRIV_A | PRIV_R; > + > static bool > vspace_filter(struct space *source, struct tuple *tuple) What did you need this for? > + if (PRIV_WRDA & cr->universal_access) > + return true; > + if (source->access[cr->auth_token].effective & PRIV_R) > + return true; Stray change. > - return uid == cr->uid || owner_id == cr->uid; > + return uid == cr->uid || owner_id == cr->uid || uid == PUBLIC; What is this change for? > + /* If user has global alter, drop privilege > + * she may access all privileges > + */ > + if (PRIV_WRDA & cr->universal_access) > + return true; The comment only talks about global alter/drop, what about global 'write'? Why did you include it into the list? > + if (source->access[cr->auth_token].effective & PRIV_R) > + return true; > + const char *type; > + uint32_t obj_id; > + if ((type = tuple_field_cstr(tuple, BOX_PRIV_FIELD_OBJECT_TYPE)) == NULL || > + tuple_field_u32(tuple, BOX_PRIV_FIELD_OBJECT_ID, &obj_id) != 0) > + return false; > + return grantor_id == cr->uid || grantee_id == cr->uid || > + (strncmp(type, "role", 4) == 0 && obj_id == PUBLIC); What is this for? > + uint32_t effective = sequence->access[cr->auth_token].effective; > + return sequence->def->uid == cr->uid || > + (PRIV_WRDA & effective); Stray changes make things harder to follow. -- Konstantin Osipov, Moscow, Russia, +7 903 626 22 32 http://tarantool.io - www.twitter.com/kostja_osipov