From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtpng3.m.smailru.net (smtpng3.m.smailru.net [94.100.177.149]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 8A85746971A for ; Fri, 6 Dec 2019 15:53:09 +0300 (MSK) Received: by smtpng3.m.smailru.net with esmtpa (envelope-from ) id 1idD6b-0001kS-3R for tarantool-patches@dev.tarantool.org; Fri, 06 Dec 2019 15:53:09 +0300 From: Chris Sosnin Date: Fri, 6 Dec 2019 15:53:08 +0300 Message-Id: <20191206125308.79432-1-k.sosnin@tarantool.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [Tarantool-patches] [PATCH] sql: remove grants associated with the table List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: tarantool-patches@dev.tarantool.org Dropping table with sql removes everything associated with it but grants, which is inconsistent. Generating code for it fixes this bug. Closes #4546 --- branch: https://github.com/tarantool/tarantool/tree/ksosnin/gh-4546-sql-drop-grants issue: https://github.com/tarantool/tarantool/issues/4546 src/box/sql/build.c | 43 +++++++++++++++++++++++ src/box/user.cc | 7 ++++ src/box/user.h | 4 +++ test/sql/gh-4546-sql-drop-grants.result | 34 ++++++++++++++++++ test/sql/gh-4546-sql-drop-grants.test.lua | 15 ++++++++ 5 files changed, 103 insertions(+) create mode 100644 test/sql/gh-4546-sql-drop-grants.result create mode 100644 test/sql/gh-4546-sql-drop-grants.test.lua diff --git a/src/box/sql/build.c b/src/box/sql/build.c index 51cd7ce63..d700ec5e2 100644 --- a/src/box/sql/build.c +++ b/src/box/sql/build.c @@ -56,6 +56,7 @@ #include "box/schema.h" #include "box/tuple_format.h" #include "box/coll_id_cache.h" +#include "box/user.h" void sql_finish_coding(struct Parse *parse_context) @@ -1523,6 +1524,43 @@ vdbe_emit_ck_constraint_drop(struct Parse *parser, const char *ck_name, sqlReleaseTempRange(parser, key_reg, 3); } +/** + * Generate VDBE program to remove table grants. + * + * @param parser Parsing context. + * @param space Space whose grants will be deleted. + */ +static void +vdbe_emit_drop_grants(struct Parse *parser, struct space *space) +{ + struct Vdbe *v = sqlGetVdbe(parser); + if (v == NULL) + return; + /* + * Get uid of users through space->access + * and generate code to delete corresponding + * entries from _priv + */ + int key_reg = sqlGetTempRange(parser, 4); + for (uint8_t token = 0; token < BOX_USER_MAX; ++token) { + if (space->access[token].granted) { + struct user *user = user_find_by_token(token); + sqlVdbeAddOp2(v, OP_Integer, user->def->uid, + key_reg); + sqlVdbeAddOp4(v, OP_String8, 0, key_reg + 1, 0, + "space", P4_STATIC); + sqlVdbeAddOp2(v, OP_Integer, space->def->id, + key_reg + 2); + sqlVdbeAddOp3(v, OP_MakeRecord, key_reg, 3, + key_reg + 3); + sqlVdbeAddOp2(v, OP_SDelete, BOX_PRIV_ID, + key_reg + 3); + } + } + VdbeComment((v, "Remove table grants")); + sqlReleaseTempRange(parser, key_reg, 3); +} + /** * Generate code to drop a table. * This routine includes dropping triggers, sequences, @@ -1538,6 +1576,11 @@ sql_code_drop_table(struct Parse *parse_context, struct space *space, { struct Vdbe *v = sqlGetVdbe(parse_context); assert(v != NULL); + /* + * Remove all grants associated with + * with the table being dropped. + */ + vdbe_emit_drop_grants(parse_context, space); /* * Drop all triggers associated with the table being * dropped. Code is generated to remove entries from diff --git a/src/box/user.cc b/src/box/user.cc index a012cb196..fe0555886 100644 --- a/src/box/user.cc +++ b/src/box/user.cc @@ -517,6 +517,13 @@ user_find(uint32_t uid) return user; } +/* Find a user by authentication token. */ +struct user * +user_find_by_token(uint8_t auth_token) +{ + return &users[auth_token]; +} + /** Find user by name. */ struct user * user_find_by_name(const char *name, uint32_t len) diff --git a/src/box/user.h b/src/box/user.h index 545401d5c..ccfc59346 100644 --- a/src/box/user.h +++ b/src/box/user.h @@ -112,6 +112,10 @@ user_find_by_name(const char *name, uint32_t len); struct user * user_find(uint32_t uid); +/* Find a user by authentication token. */ +struct user * +user_find_by_token(uint8_t auth_token); + /** Create a cache of user's privileges in @a cr. */ void credentials_create(struct credentials *cr, struct user *user); diff --git a/test/sql/gh-4546-sql-drop-grants.result b/test/sql/gh-4546-sql-drop-grants.result new file mode 100644 index 000000000..915a265bd --- /dev/null +++ b/test/sql/gh-4546-sql-drop-grants.result @@ -0,0 +1,34 @@ +test_run = require('test_run').new() +--- +... +engine = test_run:get_cfg('engine') +--- +... +box.execute('pragma sql_default_engine=\''..engine..'\'') +--- +- row_count: 0 +... +-- If we drop the table with sql, all associated +-- grants must be deleted so we don't recieve an error +box.cfg{} +--- +... +box.schema.user.create('test_user1') +--- +... +box.schema.user.create('test_user2') +--- +... +test_space = box.schema.create_space('T') +--- +... +box.schema.user.grant('test_user1', 'read', 'space', 'T') +--- +... +box.schema.user.grant('test_user2', 'write', 'space', 'T') +--- +... +box.execute([[DROP TABLE T;]]) +--- +- row_count: 1 +... diff --git a/test/sql/gh-4546-sql-drop-grants.test.lua b/test/sql/gh-4546-sql-drop-grants.test.lua new file mode 100644 index 000000000..6aeca4ce0 --- /dev/null +++ b/test/sql/gh-4546-sql-drop-grants.test.lua @@ -0,0 +1,15 @@ +test_run = require('test_run').new() +engine = test_run:get_cfg('engine') +box.execute('pragma sql_default_engine=\''..engine..'\'') + +-- If we drop the table with sql, all associated +-- grants must be deleted so we don't recieve an error + +box.cfg{} + +box.schema.user.create('test_user1') +box.schema.user.create('test_user2') +test_space = box.schema.create_space('T') +box.schema.user.grant('test_user1', 'read', 'space', 'T') +box.schema.user.grant('test_user2', 'write', 'space', 'T') +box.execute([[DROP TABLE T;]]) -- 2.21.0 (Apple Git-122.2)