* [Tarantool-patches] [PATCH 0/3] Credentials follow up
@ 2019-10-31 21:42 Vladislav Shpilevoy
2019-10-31 21:42 ` [Tarantool-patches] [PATCH 1/3] test: fix flaky box/access_sysview.test.lua Vladislav Shpilevoy
` (3 more replies)
0 siblings, 4 replies; 10+ messages in thread
From: Vladislav Shpilevoy @ 2019-10-31 21:42 UTC (permalink / raw)
To: tarantool-patches
The patchset fixes a flaky test, a C++ exception thrown in C,
and invalid memory access problem left after the patch making
struct credentials a complex object with a constructor and a
destructor.
Branch: http://github.com/tarantool/tarantool/tree/gerold103/gh-4597-credentials-follow-up-2
Issue: https://github.com/tarantool/tarantool/issues/4597
Vladislav Shpilevoy (3):
test: fix flaky box/access_sysview.test.lua
user: don't throw C++ exception from user_find_by_name
session: su left dangling credentials object on stack
src/box/lua/session.c | 3 +--
src/box/user.cc | 2 +-
test/box/access.result | 11 +++++++++++
test/box/access.test.lua | 6 ++++++
test/box/access_sysview.result | 2 +-
test/box/access_sysview.test.lua | 2 +-
6 files changed, 21 insertions(+), 5 deletions(-)
--
2.21.0 (Apple Git-122.2)
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Tarantool-patches] [PATCH 1/3] test: fix flaky box/access_sysview.test.lua
2019-10-31 21:42 [Tarantool-patches] [PATCH 0/3] Credentials follow up Vladislav Shpilevoy
@ 2019-10-31 21:42 ` Vladislav Shpilevoy
2019-11-04 17:20 ` Konstantin Osipov
2019-10-31 21:42 ` [Tarantool-patches] [PATCH 2/3] user: don't throw C++ exception from user_find_by_name Vladislav Shpilevoy
` (2 subsequent siblings)
3 siblings, 1 reply; 10+ messages in thread
From: Vladislav Shpilevoy @ 2019-10-31 21:42 UTC (permalink / raw)
To: tarantool-patches
Some guest user privileges were not revoked in the
end.
---
test/box/access_sysview.result | 2 +-
test/box/access_sysview.test.lua | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/test/box/access_sysview.result b/test/box/access_sysview.result
index 3072b7394..1f33deceb 100644
--- a/test/box/access_sysview.result
+++ b/test/box/access_sysview.result
@@ -689,7 +689,7 @@ box.session.su('admin')
---
...
-- _vcollation is readable anyway.
-box.schema.user.revoke("guest", "read", "space", "_collation")
+box.schema.user.revoke("guest", "read, write, alter, execute", "space", "_collation")
---
...
box.session.su("guest")
diff --git a/test/box/access_sysview.test.lua b/test/box/access_sysview.test.lua
index 031df28aa..17420ae33 100644
--- a/test/box/access_sysview.test.lua
+++ b/test/box/access_sysview.test.lua
@@ -287,7 +287,7 @@ box.space._vcollation:select{0}
box.session.su('admin')
-- _vcollation is readable anyway.
-box.schema.user.revoke("guest", "read", "space", "_collation")
+box.schema.user.revoke("guest", "read, write, alter, execute", "space", "_collation")
box.session.su("guest")
#box.space._vcollation:select{}
session.su('admin')
--
2.21.0 (Apple Git-122.2)
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Tarantool-patches] [PATCH 2/3] user: don't throw C++ exception from user_find_by_name
2019-10-31 21:42 [Tarantool-patches] [PATCH 0/3] Credentials follow up Vladislav Shpilevoy
2019-10-31 21:42 ` [Tarantool-patches] [PATCH 1/3] test: fix flaky box/access_sysview.test.lua Vladislav Shpilevoy
@ 2019-10-31 21:42 ` Vladislav Shpilevoy
2019-11-04 17:22 ` Konstantin Osipov
2019-10-31 21:42 ` [Tarantool-patches] [PATCH 3/3] session: su left dangling credentials object on stack Vladislav Shpilevoy
2019-11-01 13:54 ` [Tarantool-patches] [PATCH 0/3] Credentials follow up Kirill Yukhin
3 siblings, 1 reply; 10+ messages in thread
From: Vladislav Shpilevoy @ 2019-10-31 21:42 UTC (permalink / raw)
To: tarantool-patches
This function is supposed to return NULL on an error.
For exceptions there is user_find_by_name_xc.
---
src/box/user.cc | 2 +-
test/box/access.result | 11 +++++++++++
test/box/access.test.lua | 6 ++++++
3 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/src/box/user.cc b/src/box/user.cc
index 6b562b1f0..03b4b2e3b 100644
--- a/src/box/user.cc
+++ b/src/box/user.cc
@@ -519,7 +519,7 @@ user_find_by_name(const char *name, uint32_t len)
{
uint32_t uid;
if (schema_find_id(BOX_USER_ID, 2, name, len, &uid) != 0)
- diag_raise();
+ return NULL;
struct user *user = user_by_id(uid);
if (user == NULL || user->def->type != SC_USER) {
diag_set(ClientError, ER_NO_SUCH_USER, tt_cstr(name, len));
diff --git a/test/box/access.result b/test/box/access.result
index 3976adfde..dc339038d 100644
--- a/test/box/access.result
+++ b/test/box/access.result
@@ -239,6 +239,17 @@ session.user()
---
- admin
...
+-- Invalid user.
+session.su('does not exist')
+---
+- error: User 'does not exist' is not found
+...
+-- The point of this test is to try a name > max
+-- allowed name.
+session.su(string.rep('a', 66000))
+---
+- error: name length 66000 is greater than BOX_NAME_MAX
+...
--------------------------------------------------------------------------------
-- Check if identifiers obey the common constraints
--------------------------------------------------------------------------------
diff --git a/test/box/access.test.lua b/test/box/access.test.lua
index 89a63c904..a9843d155 100644
--- a/test/box/access.test.lua
+++ b/test/box/access.test.lua
@@ -100,6 +100,12 @@ session.su('admin')
box.schema.user.drop('tester')
session.user()
+-- Invalid user.
+session.su('does not exist')
+-- The point of this test is to try a name > max
+-- allowed name.
+session.su(string.rep('a', 66000))
+
--------------------------------------------------------------------------------
-- Check if identifiers obey the common constraints
--------------------------------------------------------------------------------
--
2.21.0 (Apple Git-122.2)
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Tarantool-patches] [PATCH 3/3] session: su left dangling credentials object on stack
2019-10-31 21:42 [Tarantool-patches] [PATCH 0/3] Credentials follow up Vladislav Shpilevoy
2019-10-31 21:42 ` [Tarantool-patches] [PATCH 1/3] test: fix flaky box/access_sysview.test.lua Vladislav Shpilevoy
2019-10-31 21:42 ` [Tarantool-patches] [PATCH 2/3] user: don't throw C++ exception from user_find_by_name Vladislav Shpilevoy
@ 2019-10-31 21:42 ` Vladislav Shpilevoy
2019-11-04 17:23 ` Konstantin Osipov
2019-11-01 13:54 ` [Tarantool-patches] [PATCH 0/3] Credentials follow up Kirill Yukhin
3 siblings, 1 reply; 10+ messages in thread
From: Vladislav Shpilevoy @ 2019-10-31 21:42 UTC (permalink / raw)
To: tarantool-patches
Box.session.su() worked like following: check user
existence, create its credentials on the stack, check
the function, call the function, destroy the
credentials, restore the old credentials.
After creating the credentials on the stack the
function check could raise a Lua error. It led to the
credentials object not being destroyed. As a result,
user.credentials_list was pointing at invalid memory.
Now there is no errors between creating the temporary
credentials and its destruction.
Closes #4597
---
src/box/lua/session.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/box/lua/session.c b/src/box/lua/session.c
index de5eb9adc..c6a600f6f 100644
--- a/src/box/lua/session.c
+++ b/src/box/lua/session.c
@@ -189,14 +189,13 @@ lbox_session_su(struct lua_State *L)
fiber_set_user(fiber(), &session->credentials);
return 0; /* su */
}
+ luaL_checktype(L, 2, LUA_TFUNCTION);
struct credentials su_credentials;
struct credentials *old_credentials = fiber()->storage.credentials;
credentials_create(&su_credentials, user);
fiber()->storage.credentials = &su_credentials;
- /* sudo */
- luaL_checktype(L, 2, LUA_TFUNCTION);
int error = lua_pcall(L, top - 2, LUA_MULTRET, 0);
/* Restore the original credentials. */
fiber_set_user(fiber(), old_credentials);
--
2.21.0 (Apple Git-122.2)
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Tarantool-patches] [PATCH 0/3] Credentials follow up
2019-10-31 21:42 [Tarantool-patches] [PATCH 0/3] Credentials follow up Vladislav Shpilevoy
` (2 preceding siblings ...)
2019-10-31 21:42 ` [Tarantool-patches] [PATCH 3/3] session: su left dangling credentials object on stack Vladislav Shpilevoy
@ 2019-11-01 13:54 ` Kirill Yukhin
2019-11-04 17:23 ` Konstantin Osipov
3 siblings, 1 reply; 10+ messages in thread
From: Kirill Yukhin @ 2019-11-01 13:54 UTC (permalink / raw)
To: Vladislav Shpilevoy; +Cc: tarantool-patches
Hello,
On 31 окт 22:42, Vladislav Shpilevoy wrote:
> The patchset fixes a flaky test, a C++ exception thrown in C,
> and invalid memory access problem left after the patch making
> struct credentials a complex object with a constructor and a
> destructor.
>
> Branch: http://github.com/tarantool/tarantool/tree/gerold103/gh-4597-credentials-follow-up-2
> Issue: https://github.com/tarantool/tarantool/issues/4597
I've checked your patches into 2.1 2.2 and master.
I've also checked in `session` patch into 1.10.
--
Regards, Kirill Yukhin
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Tarantool-patches] [PATCH 1/3] test: fix flaky box/access_sysview.test.lua
2019-10-31 21:42 ` [Tarantool-patches] [PATCH 1/3] test: fix flaky box/access_sysview.test.lua Vladislav Shpilevoy
@ 2019-11-04 17:20 ` Konstantin Osipov
0 siblings, 0 replies; 10+ messages in thread
From: Konstantin Osipov @ 2019-11-04 17:20 UTC (permalink / raw)
To: Vladislav Shpilevoy; +Cc: tarantool-patches
* Vladislav Shpilevoy <v.shpilevoy@tarantool.org> [19/11/01 00:39]:
> Some guest user privileges were not revoked in the
> end.
> ---
> test/box/access_sysview.result | 2 +-
> test/box/access_sysview.test.lua | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/test/box/access_sysview.result b/test/box/access_sysview.result
> index 3072b7394..1f33deceb 100644
> --- a/test/box/access_sysview.result
> +++ b/test/box/access_sysview.result
> @@ -689,7 +689,7 @@ box.session.su('admin')
> ---
> ...
> -- _vcollation is readable anyway.
> -box.schema.user.revoke("guest", "read", "space", "_collation")
> +box.schema.user.revoke("guest", "read, write, alter, execute", "space", "_collation")
> ---
> ...
> box.session.su("guest")
> diff --git a/test/box/access_sysview.test.lua b/test/box/access_sysview.test.lua
> index 031df28aa..17420ae33 100644
> --- a/test/box/access_sysview.test.lua
> +++ b/test/box/access_sysview.test.lua
> @@ -287,7 +287,7 @@ box.space._vcollation:select{0}
> box.session.su('admin')
>
> -- _vcollation is readable anyway.
> -box.schema.user.revoke("guest", "read", "space", "_collation")
> +box.schema.user.revoke("guest", "read, write, alter, execute", "space", "_collation")
> box.session.su("guest")
> #box.space._vcollation:select{}
> session.su('admin')
lgtm
--
Konstantin Osipov, Moscow, Russia
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Tarantool-patches] [PATCH 2/3] user: don't throw C++ exception from user_find_by_name
2019-10-31 21:42 ` [Tarantool-patches] [PATCH 2/3] user: don't throw C++ exception from user_find_by_name Vladislav Shpilevoy
@ 2019-11-04 17:22 ` Konstantin Osipov
2019-11-05 9:44 ` Vladislav Shpilevoy
0 siblings, 1 reply; 10+ messages in thread
From: Konstantin Osipov @ 2019-11-04 17:22 UTC (permalink / raw)
To: Vladislav Shpilevoy; +Cc: tarantool-patches
* Vladislav Shpilevoy <v.shpilevoy@tarantool.org> [19/11/01 00:39]:
> +-- Invalid user.
> +session.su('does not exist')
> +---
> +- error: User 'does not exist' is not found
> +...
> +-- The point of this test is to try a name > max
> +-- allowed name.
> +session.su(string.rep('a', 66000))
> +---
> +- error: name length 66000 is greater than BOX_NAME_MAX
> +...
That's pretty strange, I think we had such tests before.
Did you actually verify that the tests do not pass before your
fix? Or they do pass because there is a catch clause somewhere
up the stack anyway?
Please clarify in the comment.
Otherwise LGTM.
--
Konstantin Osipov, Moscow, Russia
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Tarantool-patches] [PATCH 3/3] session: su left dangling credentials object on stack
2019-10-31 21:42 ` [Tarantool-patches] [PATCH 3/3] session: su left dangling credentials object on stack Vladislav Shpilevoy
@ 2019-11-04 17:23 ` Konstantin Osipov
0 siblings, 0 replies; 10+ messages in thread
From: Konstantin Osipov @ 2019-11-04 17:23 UTC (permalink / raw)
To: Vladislav Shpilevoy; +Cc: tarantool-patches
* Vladislav Shpilevoy <v.shpilevoy@tarantool.org> [19/11/01 00:39]:
> Box.session.su() worked like following: check user
> existence, create its credentials on the stack, check
> the function, call the function, destroy the
> credentials, restore the old credentials.
>
> After creating the credentials on the stack the
> function check could raise a Lua error. It led to the
> credentials object not being destroyed. As a result,
> user.credentials_list was pointing at invalid memory.
>
> Now there is no errors between creating the temporary
> credentials and its destruction.
lgtm
--
Konstantin Osipov, Moscow, Russia
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Tarantool-patches] [PATCH 0/3] Credentials follow up
2019-11-01 13:54 ` [Tarantool-patches] [PATCH 0/3] Credentials follow up Kirill Yukhin
@ 2019-11-04 17:23 ` Konstantin Osipov
0 siblings, 0 replies; 10+ messages in thread
From: Konstantin Osipov @ 2019-11-04 17:23 UTC (permalink / raw)
To: Kirill Yukhin; +Cc: tarantool-patches, Vladislav Shpilevoy
* Kirill Yukhin <kyukhin@tarantool.org> [19/11/01 16:59]:
> Hello,
>
> On 31 окт 22:42, Vladislav Shpilevoy wrote:
> > The patchset fixes a flaky test, a C++ exception thrown in C,
> > and invalid memory access problem left after the patch making
> > struct credentials a complex object with a constructor and a
> > destructor.
> >
> > Branch: http://github.com/tarantool/tarantool/tree/gerold103/gh-4597-credentials-follow-up-2
> > Issue: https://github.com/tarantool/tarantool/issues/4597
>
> I've checked your patches into 2.1 2.2 and master.
>
> I've also checked in `session` patch into 1.10.
yet another check in without a public review.
--
Konstantin Osipov, Moscow, Russia
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Tarantool-patches] [PATCH 2/3] user: don't throw C++ exception from user_find_by_name
2019-11-04 17:22 ` Konstantin Osipov
@ 2019-11-05 9:44 ` Vladislav Shpilevoy
0 siblings, 0 replies; 10+ messages in thread
From: Vladislav Shpilevoy @ 2019-11-05 9:44 UTC (permalink / raw)
To: Konstantin Osipov, tarantool-patches
On 04/11/2019 20:22, Konstantin Osipov wrote:
> * Vladislav Shpilevoy <v.shpilevoy@tarantool.org> [19/11/01 00:39]:
>> +-- Invalid user.
>> +session.su('does not exist')
>> +---
>> +- error: User 'does not exist' is not found
>> +...
>> +-- The point of this test is to try a name > max
>> +-- allowed name.
>> +session.su(string.rep('a', 66000))
>> +---
>> +- error: name length 66000 is greater than BOX_NAME_MAX
>> +...
>
> That's pretty strange, I think we had such tests before.
>
> Did you actually verify that the tests do not pass before your
> fix? Or they do pass because there is a catch clause somewhere
> up the stack anyway?
That test fails before my patch. The error was 'C++ exception'.
Now it is a ClientError object.
>
> Please clarify in the comment.
>
> Otherwise LGTM.
>
>
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2019-11-05 9:38 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-31 21:42 [Tarantool-patches] [PATCH 0/3] Credentials follow up Vladislav Shpilevoy
2019-10-31 21:42 ` [Tarantool-patches] [PATCH 1/3] test: fix flaky box/access_sysview.test.lua Vladislav Shpilevoy
2019-11-04 17:20 ` Konstantin Osipov
2019-10-31 21:42 ` [Tarantool-patches] [PATCH 2/3] user: don't throw C++ exception from user_find_by_name Vladislav Shpilevoy
2019-11-04 17:22 ` Konstantin Osipov
2019-11-05 9:44 ` Vladislav Shpilevoy
2019-10-31 21:42 ` [Tarantool-patches] [PATCH 3/3] session: su left dangling credentials object on stack Vladislav Shpilevoy
2019-11-04 17:23 ` Konstantin Osipov
2019-11-01 13:54 ` [Tarantool-patches] [PATCH 0/3] Credentials follow up Kirill Yukhin
2019-11-04 17:23 ` Konstantin Osipov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox