From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tarantool-patches-bounce@freelists.org>
Received: from localhost (localhost [127.0.0.1])
	by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 210632D5F6
	for <tarantool-patches@freelists.org>; Fri, 12 Oct 2018 07:38:29 -0400 (EDT)
Received: from turing.freelists.org ([127.0.0.1])
	by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id dblhlWuTS5op for <tarantool-patches@freelists.org>;
	Fri, 12 Oct 2018 07:38:29 -0400 (EDT)
Received: from smtpng1.m.smailru.net (smtpng1.m.smailru.net [94.100.181.251])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTPS id D0E0D2D433
	for <tarantool-patches@freelists.org>; Fri, 12 Oct 2018 07:38:28 -0400 (EDT)
From: Kirill Yukhin <kyukhin@tarantool.org>
Subject: [tarantool-patches] [PATCH v2 0/2]  sql: check read access while executing SQL query
Date: Fri, 12 Oct 2018 14:38:17 +0300
Message-Id: <cover.1539344128.git.kyukhin@tarantool.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: tarantool-patches-bounce@freelists.org
Errors-to: tarantool-patches-bounce@freelists.org
Reply-To: tarantool-patches@freelists.org
List-help: <mailto:ecartis@freelists.org?Subject=help>
List-unsubscribe: <tarantool-patches-request@freelists.org?Subject=unsubscribe>
List-software: Ecartis version 1.0.0
List-Id: tarantool-patches <tarantool-patches.freelists.org>
List-subscribe: <tarantool-patches-request@freelists.org?Subject=subscribe>
List-owner: <mailto:>
List-post: <mailto:tarantool-patches@freelists.org>
List-archive: <http://www.freelists.org/archives/tarantool-patches>
To: korablev@tarantool.org
Cc: tarantool-patches@freelists.org, Kirill Yukhin <kyukhin@tarantool.org>

This patchset intended to fix checking of read priviledges
while executing SQL queries. To do so, box interface for
fetching space pointer by name was replaced by requesting
(created in 1st patch) dedicated mapping of space name to
space pointer. This allows SQL machinery to read from system
spaces w/o any access checks. Actual check is performed by
IteratorOpen op-code.

https://github.com/tarantool/tarantool/commits/kyukhin/gh-2362-sql-read-access-check                                                                                                        
https://github.com/tarantool/tarantool/issues/2362

Kirill Yukhin (2):
  Add space names cache
  sql: check read access while executing SQL query

 src/box/alter.cc                              |  18 +--
 src/box/schema.cc                             | 123 +++++++++++++++---
 src/box/schema.h                              |  12 +-
 src/box/sql/alter.c                           |  11 +-
 src/box/sql/analyze.c                         |  44 +++----
 src/box/sql/build.c                           |  57 +++-----
 src/box/sql/delete.c                          |  26 ++--
 src/box/sql/insert.c                          |   7 +-
 src/box/sql/pragma.c                          |  32 ++---
 src/box/sql/vdbe.c                            |   5 +
 test/box/stat.result                          |   6 +-
 test/sql/gh-2362-select-access-rights.result  | 110 ++++++++++++++++
 .../sql/gh-2362-select-access-rights.test.lua |  42 ++++++
 13 files changed, 353 insertions(+), 140 deletions(-)
 create mode 100644 test/sql/gh-2362-select-access-rights.result
 create mode 100644 test/sql/gh-2362-select-access-rights.test.lua

-- 
2.19.1