From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 210632D5F6 for ; Fri, 12 Oct 2018 07:38:29 -0400 (EDT) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dblhlWuTS5op for ; Fri, 12 Oct 2018 07:38:29 -0400 (EDT) Received: from smtpng1.m.smailru.net (smtpng1.m.smailru.net [94.100.181.251]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTPS id D0E0D2D433 for ; Fri, 12 Oct 2018 07:38:28 -0400 (EDT) From: Kirill Yukhin Subject: [tarantool-patches] [PATCH v2 0/2] sql: check read access while executing SQL query Date: Fri, 12 Oct 2018 14:38:17 +0300 Message-Id: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: tarantool-patches-bounce@freelists.org Errors-to: tarantool-patches-bounce@freelists.org Reply-To: tarantool-patches@freelists.org List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: tarantool-patches List-subscribe: List-owner: List-post: List-archive: To: korablev@tarantool.org Cc: tarantool-patches@freelists.org, Kirill Yukhin This patchset intended to fix checking of read priviledges while executing SQL queries. To do so, box interface for fetching space pointer by name was replaced by requesting (created in 1st patch) dedicated mapping of space name to space pointer. This allows SQL machinery to read from system spaces w/o any access checks. Actual check is performed by IteratorOpen op-code. https://github.com/tarantool/tarantool/commits/kyukhin/gh-2362-sql-read-access-check https://github.com/tarantool/tarantool/issues/2362 Kirill Yukhin (2): Add space names cache sql: check read access while executing SQL query src/box/alter.cc | 18 +-- src/box/schema.cc | 123 +++++++++++++++--- src/box/schema.h | 12 +- src/box/sql/alter.c | 11 +- src/box/sql/analyze.c | 44 +++---- src/box/sql/build.c | 57 +++----- src/box/sql/delete.c | 26 ++-- src/box/sql/insert.c | 7 +- src/box/sql/pragma.c | 32 ++--- src/box/sql/vdbe.c | 5 + test/box/stat.result | 6 +- test/sql/gh-2362-select-access-rights.result | 110 ++++++++++++++++ .../sql/gh-2362-select-access-rights.test.lua | 42 ++++++ 13 files changed, 353 insertions(+), 140 deletions(-) create mode 100644 test/sql/gh-2362-select-access-rights.result create mode 100644 test/sql/gh-2362-select-access-rights.test.lua -- 2.19.1