From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp38.i.mail.ru (smtp38.i.mail.ru [94.100.177.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 7654A452566 for ; Sat, 2 Nov 2019 00:36:49 +0300 (MSK) From: Vladislav Shpilevoy Date: Fri, 1 Nov 2019 22:42:25 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [Tarantool-patches] [PATCH 2/2] access: forbid to drop admin's universe access List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: tarantool-patches@dev.tarantool.org, kostja.osipov@gmail.com Bootstrap and recovery work on behalf of admin. Without the universe access they are not able to even fill system spaces with data. It is better to forbid this ability until someone made their cluster unrecoverable. --- src/box/user.cc | 6 ++++++ test/box/access.result | 8 ++++++++ test/box/access.test.lua | 6 ++++++ 3 files changed, 20 insertions(+) diff --git a/src/box/user.cc b/src/box/user.cc index cdddf237b..6b4a5565e 100644 --- a/src/box/user.cc +++ b/src/box/user.cc @@ -764,6 +764,12 @@ priv_grant(struct user *grantee, struct priv_def *priv) struct access *object = access_find(priv->object_type, priv->object_id); if (object == NULL) return 0; + if (grantee->auth_token == ADMIN && priv->object_type == SC_UNIVERSE && + priv->access != USER_ACCESS_FULL) { + diag_set(ClientError, ER_GRANT, + "can't revoke universe from the admin user"); + return -1; + } struct access *access = &object[grantee->auth_token]; access->granted = priv->access; if (rebuild_effective_grants(grantee) != 0) diff --git a/test/box/access.result b/test/box/access.result index dc339038d..01126a94b 100644 --- a/test/box/access.result +++ b/test/box/access.result @@ -2099,3 +2099,11 @@ box.schema.user.drop("user2") box.schema.user.drop("user3") --- ... +-- +-- Check that admin user privileges can't be removed. Otherwise an +-- instance could not bootstrap nor recovery. +-- +box.space._priv:delete{1, 'universe', 0} +--- +- error: 'Incorrect grant arguments: can''t revoke universe from the admin user' +... diff --git a/test/box/access.test.lua b/test/box/access.test.lua index a9843d155..759827721 100644 --- a/test/box/access.test.lua +++ b/test/box/access.test.lua @@ -800,3 +800,9 @@ box.space._user:select{} box.schema.user.drop("user1") box.schema.user.drop("user2") box.schema.user.drop("user3") + +-- +-- Check that admin user privileges can't be removed. Otherwise an +-- instance could not bootstrap nor recovery. +-- +box.space._priv:delete{1, 'universe', 0} -- 2.21.0 (Apple Git-122.2)