Tarantool development patches archive
 help / color / mirror / Atom feed
From: Vladimir Davydov <vdavydov.dev@gmail.com>
To: Serge Petrenko <sergepetrenko@tarantool.org>
Cc: kostja@tarantool.org, tarantool-patches@freelists.org
Subject: Re: [tarantool-patches] [PATCH 4/4] Add a privilege upgrade script and update tests.
Date: Wed, 22 Aug 2018 15:48:17 +0300	[thread overview]
Message-ID: <20180822124817.itomvbpuyjxnri5a@esperanza> (raw)
In-Reply-To: <29cee395a9c98d53f81fe9facd470b7842a6a0a5.1534751862.git.sergepetrenko@tarantool.org>

On Mon, Aug 20, 2018 at 11:10:08AM +0300, Serge Petrenko wrote:
> This patch adds a privilege upgrade script, which runs on upgrade to
> 1.10.2 and automatically grants CREATE,ALTER,DROP on objects and entities
> to all users, who have READ and WRITE access on them.

You modify the upgrade script, but not access_check_ddl() - the latter
will still treat read,write as create,alter,drop. Now, suppose the user
will grant read,write to universe *after* upgrading to 1.10.2.
Everything's going to work fine until we disable legacy mode and start
claiming that create,alter,drop are set explicitly. And there will be no
upgrade script to fix that. That said, if you change the upgrade script
you should also remove the legacy mode from access_check_ddl.

> Also all tests are rewritten to grant only necessary privileges, not
> privileges to universe.

AFAIU the tests you're patching have nothing to do with this particular
problem. Please submit them separately.

> diff --git a/src/box/lua/upgrade.lua b/src/box/lua/upgrade.lua
> index 091da2dc4..d8d03288c 100644
> --- a/src/box/lua/upgrade.lua
> +++ b/src/box/lua/upgrade.lua
> @@ -983,8 +983,31 @@ local function upgrade_space_priv_to_1_10_2()
>      _vpriv.index.object:alter{parts={3, 'string', 4, 'scalar'}}
>  end
>  
> +local function upgrade_users_to_1_10_2()

I don't think it's worth factoring this code out to a separate function.
Let's just fold it into upgrade_priv_to_1_10_2, because after all it's
about updating privileges.

> +    local _priv = box.space[box.schema.PRIV_ID]
> +    local _user = box.space[box.schema.USER_ID]
> +

Please add a comprehensive comment explaining what you're doing here
and why. Don't forget to mention why you need to handle 'universe' in
a special way.

> +    for _, user in _user:pairs() do
> +        if user[0] ~= ADMIN and user[0] ~= SUPER then
> +            for _, priv in _priv:pairs(user[0]) do
> +                if bit.band(priv[5], box.priv.W) ~= 0 and
> +                bit.band(priv[5], box.priv.R) ~= 0 then
> +                    local new_privs = bit.bor(box.priv.A, box.priv.D)
> +                    -- for universal grants

This particular comment is useless. Please remove.

> +                    if priv[3] == 'universe' then
> +                        new_privs = bit.bor(new_privs, box.priv.C)
> +                    end
> +                    _priv:update({priv[2], priv[3], priv[4]},
> +                                 {{ "|", 5, new_privs}})
> +                end
> +            end
> +        end
> +    end
> +end
> +
>  local function upgrade_to_1_10_2()
>      upgrade_space_priv_to_1_10_2()
> +    upgrade_users_to_1_10_2()
>  end
>  
>  local function get_version()

  reply	other threads:[~2018-08-22 12:48 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-08-20  8:10 [tarantool-patches] [PATCH 0/4] Finish implementation of privileges Serge Petrenko
2018-08-20  8:10 ` [tarantool-patches] [PATCH 1/4] Introduce separate entity object types for entity privileges Serge Petrenko
2018-08-22 10:28   ` Vladimir Davydov
2018-08-22 12:37   ` Vladimir Davydov
2018-08-20  8:10 ` [tarantool-patches] [PATCH 2/4] Add entities user, role to access control Serge Petrenko
2018-08-22 10:37   ` Vladimir Davydov
2018-08-22 12:53   ` Vladimir Davydov
2018-08-20  8:10 ` [tarantool-patches] [PATCH 3/4] Add single object privilege checks to access_check_ddl Serge Petrenko
2018-08-22 11:58   ` Vladimir Davydov
2018-08-20  8:10 ` [tarantool-patches] [PATCH 4/4] Add a privilege upgrade script and update tests Serge Petrenko
2018-08-22 12:48   ` Vladimir Davydov [this message]
  -- strict thread matches above, loose matches on Subject: below --
2018-07-17 15:47 [tarantool-patches] [PATCH 0/4] Fixes in access control and privileges Serge Petrenko
2018-07-17 15:47 ` [tarantool-patches] [PATCH 4/4] Add a privilege upgrade script and update tests Serge Petrenko

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180822124817.itomvbpuyjxnri5a@esperanza \
    --to=vdavydov.dev@gmail.com \
    --cc=kostja@tarantool.org \
    --cc=sergepetrenko@tarantool.org \
    --cc=tarantool-patches@freelists.org \
    --subject='Re: [tarantool-patches] [PATCH 4/4] Add a privilege upgrade script and update tests.' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox