From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tarantool-patches-bounce@freelists.org>
Received: from localhost (localhost [127.0.0.1])
	by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id E23AB23E7F
	for <tarantool-patches@freelists.org>; Sun, 13 May 2018 08:49:22 -0400 (EDT)
Received: from turing.freelists.org ([127.0.0.1])
	by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 9qaYq4Wh_z6y for <tarantool-patches@freelists.org>;
	Sun, 13 May 2018 08:49:22 -0400 (EDT)
Received: from smtp37.i.mail.ru (smtp37.i.mail.ru [94.100.177.97])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTPS id CF3F923E42
	for <tarantool-patches@freelists.org>; Sun, 13 May 2018 08:49:21 -0400 (EDT)
Date: Sun, 13 May 2018 15:49:18 +0300
From: Konstantin Osipov <kostja@tarantool.org>
Subject: [tarantool-patches] Re: [security 2/3] security: Refactor reads from
 systems spaces
Message-ID: <20180513124918.GA10552@atlas>
References: <cover.1522308989.git.imarkov@tarantool.org>
 <0c1d9e810129869e39003ca696de774a4d4f7a09.1522308989.git.imarkov@tarantool.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <0c1d9e810129869e39003ca696de774a4d4f7a09.1522308989.git.imarkov@tarantool.org>
Sender: tarantool-patches-bounce@freelists.org
Errors-to: tarantool-patches-bounce@freelists.org
Reply-To: tarantool-patches@freelists.org
List-help: <mailto:ecartis@freelists.org?Subject=help>
List-unsubscribe: <tarantool-patches-request@freelists.org?Subject=unsubscribe>
List-software: Ecartis version 1.0.0
List-Id: tarantool-patches <tarantool-patches.freelists.org>
List-subscribe: <tarantool-patches-request@freelists.org?Subject=subscribe>
List-owner: <mailto:>
List-post: <mailto:tarantool-patches@freelists.org>
List-archive: <http://www.freelists.org/archives/tarantool-patches>
To: tarantool-patches@freelists.org
Cc: georgy@tarantool.org

* Ilya Markov <imarkov@tarantool.org> [18/03/29 12:10]:
> +const uint32_t PRIV_WRDA = PRIV_W | PRIV_D | PRIV_A | PRIV_R;
> +
>  static bool
>  vspace_filter(struct space *source, struct tuple *tuple)

What did you need this for?


> +	if (PRIV_WRDA & cr->universal_access)
> +		return true;
> +	if (source->access[cr->auth_token].effective & PRIV_R)
> +		return true;

Stray change.

> -	return uid == cr->uid || owner_id == cr->uid;
> +	return uid == cr->uid || owner_id == cr->uid || uid == PUBLIC;

What is this change for?

> +	/* If user has global alter, drop privilege
> +	 * she may access all privileges
> +	 */
> +	if (PRIV_WRDA & cr->universal_access)
> +		return true;

The comment only talks about global alter/drop, what about global
'write'? Why did you include it into the list?

> +	if (source->access[cr->auth_token].effective & PRIV_R)
> +		return true;
> +	const char *type;
> +	uint32_t obj_id;
> +	if ((type = tuple_field_cstr(tuple, BOX_PRIV_FIELD_OBJECT_TYPE)) == NULL ||
> +		tuple_field_u32(tuple, BOX_PRIV_FIELD_OBJECT_ID, &obj_id) != 0)
> +		return false;
> +	return grantor_id == cr->uid || grantee_id == cr->uid ||
> +		(strncmp(type, "role", 4) == 0 && obj_id == PUBLIC);

What is this for?

> +	uint32_t effective = sequence->access[cr->auth_token].effective;
> +	return sequence->def->uid == cr->uid ||
> +		(PRIV_WRDA & effective);

Stray changes make things harder to follow.


-- 
Konstantin Osipov, Moscow, Russia, +7 903 626 22 32
http://tarantool.io - www.twitter.com/kostja_osipov