diff --git a/client/tarantool/main.h b/client/tarantool/main.h
index fd809f6d3611ae2d1e68506aabd30eb905db6ac4..cd77b9d65773134ac214a6029fa5db3641c2f212 100644
--- a/client/tarantool/main.h
+++ b/client/tarantool/main.h
@@ -33,7 +33,7 @@
#define TC_VERSION_MINOR "3"
#define TC_DEFAULT_HOST "localhost"
-#define TC_DEFAULT_PORT 33013
+#define TC_DEFAULT_PORT 3301
#define TC_DEFAULT_ADMIN_PORT 33015
#define TC_DEFAULT_HISTORY_FILE ".tarantool_history"
diff --git a/extra/schema_erase.lua b/extra/schema_erase.lua
index ce0d2f094a1785d5a727f168cfd12d67c975cd31..6ee9acfee3d7e9cb7e70b39e1a94d3e6277ff820 100644
--- a/extra/schema_erase.lua
+++ b/extra/schema_erase.lua
@@ -1,6 +1,9 @@
_schema = box.space[box.schema.SCHEMA_ID]
_space = box.space[box.schema.SPACE_ID]
_index = box.space[box.schema.INDEX_ID]
+_user = box.space[box.schema.USER_ID]
+_func = box.space[box.schema.FUNC_ID]
+_priv = box.space[box.schema.PRIV_ID]
-- destroy everything - save snapshot produces an empty snapshot now
_schema:run_triggers(false)
_schema:truncate()
@@ -8,4 +11,9 @@ _space:run_triggers(false)
_space:truncate()
_index:run_triggers(false)
_index:truncate()
-
+_user:run_triggers(false)
+_user:truncate()
+_func:run_triggers(false)
+_func:truncate()
+_priv:run_triggers(false)
+_priv:truncate()
diff --git a/extra/schema_fill.lua b/extra/schema_fill.lua
index b9170c45828a31bd01ac802bd0506a80fb7885ac..0fc6caf1debf1d6d41b580189683967cb911b1bc 100644
--- a/extra/schema_fill.lua
+++ b/extra/schema_fill.lua
@@ -1,20 +1,52 @@
+-- Super User ID
+GUEST = 0
+ADMIN = 1
_schema = box.space[box.schema.SCHEMA_ID]
_space = box.space[box.schema.SPACE_ID]
_index = box.space[box.schema.INDEX_ID]
+_func = box.space[box.schema.FUNC_ID]
+_user = box.space[box.schema.USER_ID]
+_priv = box.space[box.schema.PRIV_ID]
-- define schema version
_schema:insert{'version', 1, 6}
-- define system spaces
-_space:insert{_schema.n, 0, '_schema'}
-_space:insert{_space.n, 0, '_space'}
-_space:insert{_index.n, 0, '_index'}
+_space:insert{_schema.n, ADMIN, '_schema', 0}
+_space:insert{_space.n, ADMIN, '_space', 0}
+_space:insert{_index.n, ADMIN, '_index', 0}
+_space:insert{_func.n, ADMIN, '_func', 0}
+_space:insert{_user.n, ADMIN, '_user', 0}
+_space:insert{_priv.n, ADMIN, '_priv', 0}
-- define indexes
_index:insert{_schema.n, 0, 'primary', 'tree', 1, 1, 0, 'str'}
+-- stick to the following convention:
+-- prefer user id (owner id) in field #1
+-- prefer object name in field #2
+-- index on owner id is index #1
+-- index on object name is index #2
+--
-- space name is unique
_index:insert{_space.n, 0, 'primary', 'tree', 1, 1, 0, 'num'}
-_index:insert{_space.n, 1, 'name', 'tree', 1, 1, 2, 'str'}
+_index:insert{_space.n, 1, 'owner', 'tree', 0, 1, 1, 'num'}
+_index:insert{_space.n, 2, 'name', 'tree', 1, 1, 2, 'str'}
-- index name is unique within a space
_index:insert{_index.n, 0, 'primary', 'tree', 1, 2, 0, 'num', 1, 'num'}
-_index:insert{_index.n, 1, 'name', 'tree', 1, 2, 0, 'num', 2, 'str'}
+_index:insert{_index.n, 2, 'name', 'tree', 1, 2, 0, 'num', 2, 'str'}
+-- user name and id are unique
+_index:insert{_user.n, 0, 'primary', 'tree', 1, 1, 0, 'num'}
+_index:insert{_user.n, 2, 'name', 'tree', 1, 1, 2, 'str'}
+-- function name and id are unique
+_index:insert{_func.n, 0, 'primary', 'tree', 1, 1, 0, 'num'}
+_index:insert{_func.n, 1, 'owner', 'tree', 0, 1, 1, 'num'}
+_index:insert{_func.n, 2, 'name', 'tree', 1, 1, 2, 'str'}
+--
+-- space schema is: grantor id, user id, object_type, object_id, privilege
+-- primary key: user id, object type, object id
+_index:insert{_priv.n, 0, 'primary', 'tree', 1, 3, 1, 'num', 2, 'str', 3, 'num'}
+_index:insert{_priv.n, 1, 'owner', 'tree', 0, 1, 1, 'num'}
+
--
+-- Pre-create user and grants
+_user:insert{GUEST, '', 'guest'}
+_user:insert{ADMIN, '', 'admin'}
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index a4f6990bca3615131c65289d38f97e4df15187d0..d1f8cac069e55235baf727a9e507f0bd2ff71501 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -72,6 +72,8 @@ set (common_sources
say.c
fio.c
crc32.c
+ random.c
+ scramble.c
tbuf.c
opts.c
cpu_feature.c
diff --git a/src/admin.cc b/src/admin.cc
index bcb22099ed37a5e9db18a5c8d7f4cec8fe0a14aa..15ee0af3249ff3c82d572079d33946be69ac68e0 100644
--- a/src/admin.cc
+++ b/src/admin.cc
@@ -88,7 +88,9 @@ admin_handler(va_list ap)
* a remote client: it's used in Lua
* stored procedures.
*/
- (void) session_create(coio.fd, *(uint64_t *) addr);
+
+ session_set_user(session_create(coio.fd, *(uint64_t *) addr),
+ ADMIN, ADMIN);
for (;;) {
if (admin_dispatch(&coio, iobuf, L) < 0)
diff --git a/src/bootstrap.snap b/src/bootstrap.snap
index c392eda096eb41250bec15c2e5d69636511e60a6..71d7828c44f874099567fc642e08e603799c4622 100644
Binary files a/src/bootstrap.snap and b/src/bootstrap.snap differ
diff --git a/src/box/CMakeLists.txt b/src/box/CMakeLists.txt
index 0dac09813a5628e03946c0167fd40954ae6617c6..980678e2f7cb40ed45900db3095211b43a5551f1 100644
--- a/src/box/CMakeLists.txt
+++ b/src/box/CMakeLists.txt
@@ -32,6 +32,8 @@ tarantool_module("box"
request.cc
txn.cc
box.cc
+ access.cc
+ authentication.cc
${lua_sources}
lua/call.cc
lua/tuple.cc
diff --git a/src/box/access.cc b/src/box/access.cc
new file mode 100644
index 0000000000000000000000000000000000000000..a541a32345621e1883ad39323371adba77d4fb69
--- /dev/null
+++ b/src/box/access.cc
@@ -0,0 +1,174 @@
+/*
+ * Redistribution and use in source and binary forms, with or
+ * without modification, are permitted provided that the following
+ * conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials
+ * provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY <COPYRIGHT HOLDER> ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+ * <COPYRIGHT HOLDER> OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#include "access.h"
+#include "assoc.h"
+#include "schema.h"
+
+struct user users[BOX_USER_MAX];
+/** Bitmap type for used/unused authentication token map. */
+typedef unsigned long user_map_t;
+
+/** A map to quickly look up free slots in users[] array. */
+user_map_t user_map[BOX_USER_MAX/(CHAR_BIT*sizeof(user_map_t)) + 1];
+
+int user_map_idx = 0;
+struct mh_i32ptr_t *user_registry;
+
+uint8_t
+user_map_get_slot()
+{
+ uint32_t idx = __builtin_ffsl(user_map[user_map_idx]);
+ while (idx == 0) {
+ if (user_map_idx == sizeof(user_map)/sizeof(*user_map))
+ panic("Out of slots for new users");
+
+ user_map_idx++;
+ idx = __builtin_ffsl(user_map[user_map_idx]);
+ }
+ /*
+ * find-first-set returns bit index starting from 1,
+ * or 0 if no bit is set. Rebase the index to offset 0.
+ */
+ idx--;
+ if (idx == BOX_USER_MAX) {
+ /* A cap on the number of users was reached. */
+ tnt_raise(LoggedError, ER_USER_MAX, BOX_USER_MAX);
+ }
+ user_map[user_map_idx] ^= ((user_map_t) 1) << idx;
+ idx += user_map_idx * sizeof(*user_map) * CHAR_BIT;
+ assert(idx < UINT8_MAX);
+ return idx;
+}
+
+void
+user_map_put_slot(uint8_t auth_token)
+{
+ memset(users + auth_token, 0, sizeof(struct user));
+ uint32_t bit_no = auth_token & (sizeof(user_map_t) * CHAR_BIT - 1);
+ auth_token /= sizeof(user_map_t) * CHAR_BIT;
+ user_map[auth_token] |= ((user_map_t) 1) << bit_no;
+ if (auth_token > user_map_idx)
+ user_map_idx = auth_token;
+}
+
+const char *
+priv_name(uint8_t access)
+{
+ if (access & PRIV_R)
+ return "Read";
+ if (access & PRIV_W)
+ return "Write";
+ return "Execute";
+}
+
+void
+user_cache_replace(struct user *user)
+{
+ struct user *old = user_cache_find(user->uid);
+ if (old == NULL) {
+ uint8_t auth_token = user_map_get_slot();
+ old = users + auth_token;
+ assert(old->auth_token == 0);
+ old->auth_token = auth_token;
+ }
+ user->auth_token = old->auth_token;
+ *old = *user;
+ struct mh_i32ptr_node_t node = { old->uid, old };
+ mh_i32ptr_put(user_registry, &node, NULL, NULL);
+}
+
+void
+user_cache_delete(uint32_t uid)
+{
+ struct user *old = user_cache_find(uid);
+ if (old) {
+ assert(old->auth_token > ADMIN);
+ user_map_put_slot(old->auth_token);
+ old->auth_token = 0;
+ old->uid = 0;
+ mh_i32ptr_del(user_registry, uid, NULL);
+ }
+}
+
+/** Find user by id. */
+struct user *
+user_cache_find(uint32_t uid)
+{
+ mh_int_t k = mh_i32ptr_find(user_registry, uid, NULL);
+ if (k == mh_end(user_registry))
+ return NULL;
+ return (struct user *) mh_i32ptr_node(user_registry, k)->val;
+}
+
+/** Find user by name. */
+struct user *
+user_by_name(const char *name, uint32_t len)
+{
+ uint32_t uid = schema_find_id(SC_USER_ID, 2, name, len);
+ return user_cache_find(uid);
+}
+
+void
+user_cache_init()
+{
+ memset(user_map, 0xFF, sizeof(user_map));
+ user_registry = mh_i32ptr_new();
+ /*
+ * Solve a chicken-egg problem:
+ * we need a functional user cache entry for superuser to
+ * perform recovery, but the superuser credentials are
+ * stored in the snapshot. So, pre-create cache entries
+ * for 'guest' and 'admin' users here, they will be
+ * updated with snapshot contents during recovery.
+ */
+ struct user guest;
+ memset(&guest, 0, sizeof(guest));
+ snprintf(guest.name, sizeof(guest.name), "guest");
+ user_cache_replace(&guest);
+ /* 0 is the auth token and user id by default. */
+ assert(guest.auth_token == GUEST &&
+ guest.uid == GUEST &&
+ users[guest.auth_token].uid == guest.uid);
+
+ struct user admin;
+ memset(&admin, 0, sizeof(admin));
+ snprintf(admin.name, sizeof(admin.name), "admin");
+ admin.uid = ADMIN;
+ user_cache_replace(&admin);
+ /* ADMIN is both the auth token and user id for 'admin' user. */
+ assert(admin.auth_token == ADMIN &&
+ users[admin.auth_token].uid == ADMIN);
+}
+
+void
+user_cache_free()
+{
+ if (user_registry)
+ mh_i32ptr_delete(user_registry);
+}
diff --git a/src/box/access.h b/src/box/access.h
new file mode 100644
index 0000000000000000000000000000000000000000..ad53e9165230fc688572d1647093ba5f846714e1
--- /dev/null
+++ b/src/box/access.h
@@ -0,0 +1,153 @@
+#ifndef INCLUDES_TARANTOOL_BOX_ACCESS_H
+#define INCLUDES_TARANTOOL_BOX_ACCESS_H
+/*
+ * Redistribution and use in source and binary forms, with or
+ * without modification, are permitted provided that the following
+ * conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials
+ * provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY <COPYRIGHT HOLDER> ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+ * <COPYRIGHT HOLDER> OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#include "iproto_constants.h"
+#include "key_def.h"
+#include "scramble.h"
+#include "fiber.h"
+#include "session.h"
+
+enum {
+ /* SELECT */
+ PRIV_R = 1,
+ /* INSERT, UPDATE, DELETE, REPLACE */
+ PRIV_W = 2,
+ /* CALL */
+ PRIV_X = 4,
+};
+
+/* Privilege name for error messages */
+const char *
+priv_name(uint8_t access);
+
+/**
+ * A cache entry for an existing user. Entries for all existing
+ * users are always present in the cache. The entry is maintained
+ * in sync with _user and _priv system spaces by system space
+ * triggers.
+ * @sa alter.cc
+ */
+struct user {
+ /** User id. */
+ uint32_t uid;
+ /** User password - hash2 */
+ char hash2[SCRAMBLE_SIZE];
+ /** User name - for error messages and debugging */
+ char name[BOX_NAME_MAX + 1];
+ /** Global privileges this user has on the universe. */
+ uint8_t universal_access;
+ /** An id in users[] array to quickly find user */
+ uint8_t auth_token;
+};
+
+/**
+ * For best performance, all users are maintained in this array.
+ * Position in the array is store in user->auth_token and also
+ * in session->auth_token. This way it's easy to quickly find
+ * the current user of the session.
+ * An auth token, instead of a direct pointer, is stored in the
+ * session because it make dropping of a signed in user safe.
+ * The same auth token (index in an array)
+ * is also used to find out user privileges when accessing stored
+ * objects, such as spaces and functions.
+ */
+extern struct user users[];
+
+/*
+ * Insert or update user object (a cache entry
+ * for user).
+ * This is called from a trigger on _user table
+ * and from trigger on _priv table, (in the latter
+ * case, only when making a grant on the universe).
+ *
+ * If a user already exists, update it, otherwise
+ * find space in users[] array and store the new
+ * user in it. Update user->auth_token
+ * with an index in the users[] array.
+ */
+void
+user_cache_replace(struct user *user);
+
+/**
+ * Find a user by id and delete it from the
+ * users cache.
+ */
+void
+user_cache_delete(uint32_t uid);
+
+/** Find user by id. */
+struct user *
+user_cache_find(uint32_t uid);
+
+/* Find a user by name. Used by authentication. */
+struct user *
+user_by_name(const char *name, uint32_t len);
+
+/**
+ * Return the current user.
+ *
+ * @todo: this doesn't account for the case when a user
+ * was dropped, its slot in users array was reused
+ * for a new user, and some sessions exist which still
+ * use the old auth_token. In this case, already
+ * authenticated sessions use grants of the new user,
+ * not the old one.
+ *
+ * This can be easily fixed by checking that uid of the
+ * user found by means of auth_token matches the uid
+ * stored in the session, and invalidating the session
+ * auth_token when it doesn't.
+ *
+ * Alternatively, one could invalidate the session
+ * auth_token whenever sc_version changes. Alternatively,
+ * one could invalidate auth_token in all sessions whenever
+ * any tuple in _user or _priv spaces is modified.
+ *
+ * None of these 3 solutions seems to be worth the while
+ * at the moment.
+ */
+#define user() \
+({ \
+ struct session *s = fiber()->session; \
+ uint8_t auth_token = s ? s->auth_token : (int) ADMIN; \
+ struct user *u = &users[auth_token]; \
+ assert(u->auth_token == auth_token); \
+ u; \
+})
+
+/** Initialize the user cache and access control subsystem. */
+void
+user_cache_init();
+
+/** Cleanup the user cache and access control subsystem */
+void
+user_cache_free();
+
+#endif /* INCLUDES_TARANTOOL_BOX_ACCESS_H */
diff --git a/src/box/alter.cc b/src/box/alter.cc
index 3ff8239331f35f3c863f000d71423ae5f44166f1..292aba6a0f601e43c246e63b214d6a329364d116 100644
--- a/src/box/alter.cc
+++ b/src/box/alter.cc
@@ -28,28 +28,53 @@
*/
#include "alter.h"
#include "schema.h"
+#include "access.h"
#include "space.h"
#include "txn.h"
#include "tuple.h"
#include "fiber.h" /* for gc_pool */
#include "scoped_guard.h"
+#include "third_party/base64.h"
#include <new> /* for placement new */
#include <stdio.h> /* snprintf() */
#include <ctype.h>
/** _space columns */
#define ID 0
-#define ARITY 1
+#define UID 1
#define NAME 2
-#define FLAGS 3
+#define ARITY 3
+#define FLAGS 4
/** _index columns */
#define INDEX_ID 1
#define INDEX_TYPE 3
#define INDEX_IS_UNIQUE 4
#define INDEX_PART_COUNT 5
+/** _user columns */
+#define AUTH_DATA 3
+
+/** _priv columns */
+#define PRIV_OBJECT_TYPE 2
+#define PRIV_OBJECT_ID 3
+#define PRIV_ACCESS 4
+
/* {{{ Auxiliary functions and methods. */
+void
+access_check_ddl(uint32_t owner_uid)
+{
+ struct user *user = user();
+ /*
+ * Only the creator of the space or superuser can modify
+ * the space, since we don't have ALTER privilege.
+ */
+ if (owner_uid != user->uid && user->uid != ADMIN) {
+ tnt_raise(ClientError, ER_ACCESS_DENIED,
+ "Write", user->name);
+ }
+}
+
/**
* Create a key_def object from a record in _index
* system space.
@@ -125,6 +150,7 @@ space_def_create_from_tuple(struct space_def *def, struct tuple *tuple,
uint32_t errcode)
{
def->id = tuple_field_u32(tuple, ID);
+ def->uid = tuple_field_u32(tuple, UID);
def->arity = tuple_field_u32(tuple, ARITY);
int n = snprintf(def->name, sizeof(def->name),
"%s", tuple_field_cstr(tuple, NAME));
@@ -143,6 +169,7 @@ space_def_create_from_tuple(struct space_def *def, struct tuple *tuple,
(unsigned) SC_SYSTEM_ID_MIN,
(unsigned) SC_SYSTEM_ID_MAX);
}
+ access_check_ddl(def->uid);
}
/* }}} */
@@ -413,6 +440,8 @@ alter_space_do(struct txn *txn, struct alter_space *alter,
* the recovery phase.
*/
alter->new_space->engine = alter->old_space->engine;
+ memcpy(alter->new_space->access, alter->old_space->access,
+ sizeof(alter->old_space->access));
/*
* Change the new space: build the new index, rename,
* change arity.
@@ -940,6 +969,7 @@ on_replace_dd_space(struct trigger * /* trigger */, void *event)
*/
trigger_set(&txn->on_rollback, &drop_space_trigger);
} else if (new_tuple == NULL) { /* DELETE */
+ access_check_ddl(old_space->def.uid);
/* Verify that the space is empty (has no indexes) */
if (old_space->index_count) {
tnt_raise(ClientError, ER_DROP_SPACE,
@@ -1016,7 +1046,8 @@ on_replace_dd_index(struct trigger * /* trigger */, void *event)
uint32_t id = tuple_field_u32(old_tuple ? old_tuple : new_tuple, ID);
uint32_t iid = tuple_field_u32(old_tuple ? old_tuple : new_tuple,
INDEX_ID);
- struct space *old_space = space_find(id);
+ struct space *old_space = space_cache_find(id);
+ access_check_ddl(old_space->def.uid);
Index *old_index = space_index(old_space, iid);
struct alter_space *alter = alter_space_new();
auto scoped_guard =
@@ -1040,6 +1071,417 @@ on_replace_dd_index(struct trigger * /* trigger */, void *event)
scoped_guard.is_active = false;
}
+/* {{{ access control */
+
+/** True if the space has records identified by key 'uid'
+ * Uses 'owner' index.
+ */
+bool
+space_has_data(uint32_t id, uint32_t iid, uint32_t uid)
+{
+ struct space *space = space_by_id(id);
+ if (space == NULL)
+ return false;
+
+ Index *index = space_index(space, iid);
+ if (index == NULL)
+ return false;
+ assert(strcmp(index->key_def->name, "owner") == 0);
+ struct iterator *it = index->position();
+ char key[6];
+ assert(mp_sizeof_uint(SC_SYSTEM_ID_MIN) <= sizeof(key));
+ mp_encode_uint(key, uid);
+
+ index->initIterator(it, ITER_EQ, key, 1);
+ if (it->next(it))
+ return true;
+ return false;
+}
+
+bool
+user_has_data(uint32_t uid)
+{
+ uint32_t spaces[] = { SC_SPACE_ID, SC_FUNC_ID, SC_PRIV_ID };
+ uint32_t *end = spaces + sizeof(spaces)/sizeof(*spaces);
+ for (uint32_t *i = spaces; i < end; i++) {
+ if (space_has_data(*i, 1, uid))
+ return true;
+ }
+ return false;
+}
+
+/** Supposedly a user may have many authentication mechanisms
+ * defined, but for now we only support chap-sha1. Get
+ * password of chap-sha1 from the _user space.
+ */
+
+void
+user_fill_auth_data(struct user *user, const char *auth_data)
+{
+ if (mp_typeof(*auth_data) != MP_MAP)
+ return;
+ uint32_t mech_count = mp_decode_map(&auth_data);
+ for (uint32_t i = 0; i < mech_count; i++) {
+ if (mp_typeof(*auth_data) != MP_STR) {
+ mp_next(&auth_data);
+ mp_next(&auth_data);
+ continue;
+ }
+ uint32_t len;
+ const char *mech_name = mp_decode_str(&auth_data, &len);
+ if (strncasecmp(mech_name, "chap-sha1", 9) != 0) {
+ mp_next(&auth_data);
+ continue;
+ }
+ const char *hash2_base64 = mp_decode_str(&auth_data, &len);
+ if (len != 0 && len != SCRAMBLE_BASE64_SIZE) {
+ tnt_raise(ClientError, ER_CREATE_USER,
+ user->name, "invalid user password");
+ }
+ base64_decode(hash2_base64, len, user->hash2,
+ sizeof(user->hash2));
+ break;
+ }
+}
+
+void
+user_create_from_tuple(struct user *user, struct tuple *tuple)
+{
+ /* In case user password is empty, fill it with \0 */
+ memset(user, 0, sizeof(*user));
+ user->uid = tuple_field_u32(tuple, ID);
+ const char *name = tuple_field_cstr(tuple, NAME);
+ uint32_t len = strlen(name);
+ if (len >= sizeof(user->name)) {
+ tnt_raise(ClientError, ER_CREATE_USER,
+ name, "user name is too long");
+ }
+ snprintf(user->name, sizeof(user->name), "%s", name);
+ /*
+ * AUTH_DATA field in _user space should contain
+ * chap-sha1 -> base64_encode(sha1(sha1(password)).
+ * Check for trivial errors when a plain text
+ * password is saved in this field instead.
+ */
+ if (tuple_arity(tuple) > AUTH_DATA) {
+ const char *auth_data = tuple_field(tuple, AUTH_DATA);
+ user_fill_auth_data(user, auth_data);
+ }
+}
+
+static void
+user_cache_remove_user(struct trigger * /* trigger */, void *event)
+{
+ struct txn *txn = (struct txn *) event;
+ uint32_t uid = tuple_field_u32(txn->old_tuple ?
+ txn->old_tuple : txn->new_tuple, ID);
+ user_cache_delete(uid);
+}
+
+static struct trigger drop_user_trigger =
+ { rlist_nil, user_cache_remove_user, NULL, NULL };
+
+static void
+user_cache_replace_user(struct trigger * /* trigger */, void *event)
+{
+ struct txn *txn = (struct txn *) event;
+ struct user user;
+ user_create_from_tuple(&user, txn->new_tuple);
+ user_cache_replace(&user);
+}
+
+static struct trigger modify_user_trigger =
+ { rlist_nil, user_cache_replace_user, NULL, NULL };
+
+/**
+ * A trigger invoked on replace in the user table.
+ */
+static void
+on_replace_dd_user(struct trigger * /* trigger */, void *event)
+{
+ struct txn *txn = (struct txn *) event;
+ struct tuple *old_tuple = txn->old_tuple;
+ struct tuple *new_tuple = txn->new_tuple;
+
+ uint32_t uid = tuple_field_u32(old_tuple ?
+ old_tuple : new_tuple, ID);
+ struct user *old_user = user_cache_find(uid);
+ if (new_tuple != NULL && old_user == NULL) { /* INSERT */
+ struct user user;
+ user_create_from_tuple(&user, new_tuple);
+ (void) user_cache_replace(&user);
+ trigger_set(&txn->on_rollback, &drop_user_trigger);
+ } else if (new_tuple == NULL) { /* DELETE */
+ access_check_ddl(uid);
+ /* Can't drop guest or super user */
+ if (uid == GUEST || uid == ADMIN) {
+ tnt_raise(ClientError, ER_DROP_USER,
+ old_user->name,
+ "the user is a system user");
+ }
+ /*
+ * Can only delete user if it has no spaces,
+ * no functions and no grants.
+ */
+ if (user_has_data(uid)) {
+ tnt_raise(ClientError, ER_DROP_USER,
+ old_user->name, "the user has objects");
+ }
+ trigger_set(&txn->on_commit, &drop_user_trigger);
+ } else { /* UPDATE, REPLACE */
+ assert(old_user != NULL && new_tuple != NULL);
+ /*
+ * Allow change of user properties (name,
+ * password) but first check that the change is
+ * correct.
+ */
+ struct user user;
+ user_create_from_tuple(&user, new_tuple);
+ trigger_set(&txn->on_commit, &modify_user_trigger);
+ }
+}
+
+/** Create a function definition from tuple. */
+static void
+func_def_create_from_tuple(struct func_def *func, struct tuple *tuple)
+{
+ func->fid = tuple_field_u32(tuple, ID);
+ func->uid = tuple_field_u32(tuple, UID);
+ const char *name = tuple_field_cstr(tuple, NAME);
+ uint32_t len = strlen(name);
+ if (len >= sizeof(func->name)) {
+ tnt_raise(ClientError, ER_CREATE_FUNCTION,
+ name, "function name is too long");
+ }
+ snprintf(func->name, sizeof(func->name), "%s", name);
+}
+
+/** Remove a function from function cache */
+static void
+func_cache_remove_func(struct trigger * /* trigger */, void *event)
+{
+ struct txn *txn = (struct txn *) event;
+ uint32_t fid = tuple_field_u32(txn->old_tuple ?
+ txn->old_tuple : txn->new_tuple, ID);
+ func_cache_delete(fid);
+}
+
+static struct trigger drop_func_trigger =
+ { rlist_nil, func_cache_remove_func, NULL, NULL };
+
+/** Remove a function from function cache */
+static void
+func_cache_replace_func(struct trigger * /* trigger */, void *event)
+{
+ struct txn *txn = (struct txn *) event;
+ struct func_def func;
+ func_def_create_from_tuple(&func, txn->new_tuple);
+ func_cache_replace(&func);
+}
+
+static struct trigger modify_func_trigger =
+ { rlist_nil, func_cache_replace_func, NULL, NULL };
+
+/**
+ * A trigger invoked on replace in a space containing
+ * functions on which there were defined any grants.
+ */
+static void
+on_replace_dd_func(struct trigger * /* trigger */, void *event)
+{
+ struct func_def func;
+ struct txn *txn = (struct txn *) event;
+ struct tuple *old_tuple = txn->old_tuple;
+ struct tuple *new_tuple = txn->new_tuple;
+
+ uint32_t fid = tuple_field_u32(old_tuple ?
+ old_tuple : new_tuple, ID);
+ struct func_def *old_func = func_by_id(fid);
+ if (new_tuple != NULL && old_func == NULL) { /* INSERT */
+ func_def_create_from_tuple(&func, new_tuple);
+ func_cache_replace(&func);
+ trigger_set(&txn->on_rollback, &drop_func_trigger);
+ } else if (new_tuple == NULL) { /* DELETE */
+ func_def_create_from_tuple(&func, old_tuple);
+ /*
+ * Can only delete func if you're the one
+ * who created it or a superuser.
+ */
+ access_check_ddl(func.uid);
+ /* @todo can only delete func if it has no grants */
+ trigger_set(&txn->on_commit, &drop_func_trigger);
+ } else { /* UPDATE, REPLACE */
+ func_def_create_from_tuple(&func, new_tuple);
+ access_check_ddl(func.uid);
+ trigger_set(&txn->on_commit, &modify_func_trigger);
+ }
+}
+
+/**
+ * Create a privilege definition from tuple.
+ */
+static void
+priv_def_create_from_tuple(struct priv_def *priv, struct tuple *tuple)
+{
+ priv->grantor_id = tuple_field_u32(tuple, ID);
+ priv->grantee_id = tuple_field_u32(tuple, UID);
+ const char *object_type = tuple_field_cstr(tuple, PRIV_OBJECT_TYPE);
+ priv->object_id = tuple_field_u32(tuple, PRIV_OBJECT_ID);
+ priv->object_type = schema_object_type(object_type);
+ if (priv->object_type == SC_UNKNOWN) {
+ tnt_raise(ClientError, ER_UNKNOWN_SCHEMA_OBJECT,
+ object_type);
+ }
+ priv->access = tuple_field_u32(tuple, PRIV_ACCESS);
+}
+
+/*
+ * This function checks that:
+ * - a privilege is granted from an existing user to an existing
+ * user on an existing object
+ * - the grantor has the right to grant (is the owner of the object)
+ *
+ * @XXX Potentially there is a race in case of rollback, since an
+ * object can be changed during WAL write.
+ * In the future we must protect grant/revoke with a logical lock.
+ */
+static void
+priv_def_check(struct priv_def *priv)
+{
+ struct user *grantor = user_cache_find(priv->grantor_id);
+ struct user *grantee = user_cache_find(priv->grantee_id);
+ if (grantor == NULL) {
+ tnt_raise(ClientError, ER_NO_SUCH_USER,
+ int2str(priv->grantor_id));
+ }
+ if (grantee == NULL) {
+ tnt_raise(ClientError, ER_NO_SUCH_USER,
+ int2str(priv->grantee_id));
+ }
+ access_check_ddl(grantor->uid);
+ switch (priv->object_type) {
+ case SC_UNIVERSE:
+ if (grantor->uid != ADMIN) {
+ tnt_raise(ClientError, ER_ACCESS_DENIED,
+ priv_name(priv->access), grantor->name);
+ }
+ break;
+ case SC_SPACE:
+ {
+ struct space *space = space_cache_find(priv->object_id);
+ if (space->def.uid != grantor->uid) {
+ tnt_raise(ClientError, ER_ACCESS_DENIED,
+ priv_name(priv->access), grantor->name);
+ }
+ break;
+ }
+ case SC_FUNCTION:
+ {
+ struct func_def *func = func_cache_find(priv->object_id);
+ if (func->uid != grantor->uid) {
+ tnt_raise(ClientError, ER_ACCESS_DENIED,
+ priv_name(priv->access), grantor->name);
+ }
+ break;
+ }
+ default:
+ break;
+ }
+}
+
+/**
+ * Update a metadata cache object with the new access
+ * data.
+ */
+static void
+grant_or_revoke(struct priv_def *priv)
+{
+ struct user *grantee = user_cache_find(priv->grantee_id);
+ if (grantee == NULL)
+ return;
+ switch (priv->object_type) {
+ case SC_UNIVERSE:
+ grantee->universal_access = priv->access;
+ break;
+ case SC_SPACE:
+ {
+ struct space *space = space_by_id(priv->object_id);
+ if (space)
+ space->access[grantee->auth_token] = priv->access;
+ break;
+ }
+ case SC_FUNCTION:
+ {
+ struct func_def *func = func_by_id(priv->object_id);
+ if (func)
+ func->access[grantee->auth_token] = priv->access;
+ break;
+ }
+ default:
+ break;
+ }
+}
+
+/** A trigger called on rollback of grant, or on commit of revoke. */
+static void
+revoke_priv(struct trigger * /* trigger */, void *event)
+{
+ struct txn *txn = (struct txn *) event;
+ struct tuple *tuple = (txn->new_tuple ?
+ txn->new_tuple : txn->old_tuple);
+ struct priv_def priv;
+ priv_def_create_from_tuple(&priv, tuple);
+ priv.access = 0;
+ grant_or_revoke(&priv);
+}
+
+static struct trigger revoke_priv_trigger =
+ { rlist_nil, revoke_priv, NULL, NULL };
+
+/** A trigger called on rollback of grant, or on commit of revoke. */
+static void
+modify_priv(struct trigger * /* trigger */, void *event)
+{
+ struct txn *txn = (struct txn *) event;
+ struct priv_def priv;
+ priv_def_create_from_tuple(&priv, txn->new_tuple);
+ grant_or_revoke(&priv);
+}
+
+static struct trigger modify_priv_trigger =
+ { rlist_nil, modify_priv, NULL, NULL };
+
+/**
+ * A trigger invoked on replace in the space containing
+ * all granted privileges.
+ */
+static void
+on_replace_dd_priv(struct trigger * /* trigger */, void *event)
+{
+ struct priv_def priv;
+ struct txn *txn = (struct txn *) event;
+ struct tuple *old_tuple = txn->old_tuple;
+ struct tuple *new_tuple = txn->new_tuple;
+
+ if (new_tuple != NULL && old_tuple == NULL) { /* grant */
+ priv_def_create_from_tuple(&priv, new_tuple);
+ priv_def_check(&priv);
+ grant_or_revoke(&priv);
+ trigger_set(&txn->on_rollback, &revoke_priv_trigger);
+ } else if (new_tuple == NULL) { /* revoke */
+ assert(old_tuple);
+ priv_def_create_from_tuple(&priv, old_tuple);
+ access_check_ddl(priv.grantor_id);
+ trigger_set(&txn->on_commit, &revoke_priv_trigger);
+ } else { /* modify */
+ priv_def_create_from_tuple(&priv, new_tuple);
+ priv_def_check(&priv);
+ trigger_set(&txn->on_commit, &modify_priv_trigger);
+ }
+}
+
+/* }}} access control */
+
struct trigger alter_space_on_replace_space = {
rlist_nil, on_replace_dd_space, NULL, NULL
};
@@ -1048,4 +1490,16 @@ struct trigger alter_space_on_replace_index = {
rlist_nil, on_replace_dd_index, NULL, NULL
};
+struct trigger on_replace_user = {
+ rlist_nil, on_replace_dd_user, NULL, NULL
+};
+
+struct trigger on_replace_func = {
+ rlist_nil, on_replace_dd_func, NULL, NULL
+};
+
+struct trigger on_replace_priv = {
+ rlist_nil, on_replace_dd_priv, NULL, NULL
+};
+
/* vim: set foldmethod=marker */
diff --git a/src/box/alter.h b/src/box/alter.h
index 089412c59a3946c812294e805d03f24a45f97453..a563c3771e1fe06e7ba2f19c05d6093b298d7860 100644
--- a/src/box/alter.h
+++ b/src/box/alter.h
@@ -32,5 +32,8 @@
extern struct trigger alter_space_on_replace_space;
extern struct trigger alter_space_on_replace_index;
+extern struct trigger on_replace_user;
+extern struct trigger on_replace_func;
+extern struct trigger on_replace_priv;
#endif /* INCLUDES_TARANTOOL_BOX_ALTER_H */
diff --git a/src/box/authentication.cc b/src/box/authentication.cc
new file mode 100644
index 0000000000000000000000000000000000000000..fed6a96c2ca0d5d7e13456cba477070fde853241
--- /dev/null
+++ b/src/box/authentication.cc
@@ -0,0 +1,63 @@
+/*
+ * Redistribution and use in source and binary forms, with or
+ * without modification, are permitted provided that the following
+ * conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials
+ * provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY <COPYRIGHT HOLDER> ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+ * <COPYRIGHT HOLDER> OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#include "access.h"
+
+void
+authenticate(const char *user_name, uint32_t len,
+ const char *tuple, const char * /* tuple_end */)
+{
+ struct user *user = user_by_name(user_name, len);
+ if (user == NULL) {
+ char name[BOX_NAME_MAX + 1];
+ /* \0 - to correctly print user name the error message. */
+ snprintf(name, sizeof(name), "%.*s", len, user_name);
+ tnt_raise(ClientError, ER_NO_SUCH_USER, name);
+ }
+ struct session *session = fiber()->session;
+ uint32_t part_count = mp_decode_array(&tuple);
+ if (part_count < 2) {
+ /* Expected at least: authentication mechanism and data. */
+ tnt_raise(ClientError, ER_INVALID_MSGPACK,
+ "authentication request body");
+ }
+ mp_next(&tuple); /* Skip authentication mechanism. */
+ uint32_t scramble_len;
+ const char *scramble = mp_decode_str(&tuple, &scramble_len);
+ if (scramble_len != SCRAMBLE_SIZE) {
+ /* Authentication mechanism, data. */
+ tnt_raise(ClientError, ER_INVALID_MSGPACK,
+ "scramble is too short");
+ }
+
+ if (scramble_check(scramble, session->salt, user->hash2))
+ tnt_raise(ClientError, ER_PASSWORD_MISMATCH, user->name);
+
+ session_set_user(session, user->auth_token, user->uid);
+}
+
diff --git a/src/box/authentication.h b/src/box/authentication.h
new file mode 100644
index 0000000000000000000000000000000000000000..c665e0d3c95392c0021d22fc3ef5747be4091082
--- /dev/null
+++ b/src/box/authentication.h
@@ -0,0 +1,35 @@
+#ifndef INCLUDES_TARANTOOL_BOX_AUTHENTICATION_H
+#define INCLUDES_TARANTOOL_BOX_AUTHENTICATION_H
+/*
+ * Redistribution and use in source and binary forms, with or
+ * without modification, are permitted provided that the following
+ * conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials
+ * provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY <COPYRIGHT HOLDER> ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+ * <COPYRIGHT HOLDER> OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+void
+authenticate(const char *user_name, uint32_t len,
+ const char *tuple, const char *tuple_end);
+#endif /* INCLUDES_TARANTOOL_BOX_AUTHENTICATION_H */
diff --git a/src/box/box.cc b/src/box/box.cc
index 5146aaa5204f5f03e5f68d9345f1ef2e7509b8cc..9bf639e61363396a7c486a79e759d95f418501f8 100644
--- a/src/box/box.cc
+++ b/src/box/box.cc
@@ -51,6 +51,7 @@ extern "C" {
#include "request.h"
#include "txn.h"
#include "fiber.h"
+#include "access.h"
static void process_replica(struct port *port, struct request *request);
static void process_ro(struct port *port, struct request *request);
@@ -268,6 +269,7 @@ box_reload_config(struct tarantool_cfg *old_conf, struct tarantool_cfg *new_conf
void
box_free(void)
{
+ user_cache_free();
schema_free();
tuple_free();
recovery_free();
@@ -283,6 +285,7 @@ box_init()
tuple_init(cfg.slab_alloc_arena, cfg.slab_alloc_minimal,
cfg.slab_alloc_factor);
schema_init();
+ user_cache_init();
/* recovery initialization */
recovery_init(cfg.snap_dir, cfg.wal_dir,
diff --git a/src/box/key_def.cc b/src/box/key_def.cc
index 2cce6011ae71db570b63b7f24daccef1283c5b68..cac9a0c580540820470f882c7952deb30c1f3a5d 100644
--- a/src/box/key_def.cc
+++ b/src/box/key_def.cc
@@ -40,6 +40,15 @@ const uint32_t key_mp_type[] = {
/* [_STR] = */ 1U << MP_STR
};
+enum schema_object_type
+schema_object_type(const char *name)
+{
+ static const char *strs[] = {
+ "unknown", "universe", "space", "function" };
+ int index = strindex(strs, name, 4);
+ return (enum schema_object_type) (index == 4 ? 0 : index);
+}
+
struct key_def *
key_def_new(uint32_t space_id, uint32_t iid, const char *name,
enum index_type type, bool is_unique, uint32_t part_count)
diff --git a/src/box/key_def.h b/src/box/key_def.h
index b97cc70cf5d86556406089f8b78b9768e46933cc..668f9d5ea6dd29b9d3adb8f5089c478b635209db 100644
--- a/src/box/key_def.h
+++ b/src/box/key_def.h
@@ -36,9 +36,11 @@
enum {
BOX_SPACE_MAX = INT32_MAX,
+ BOX_FUNCTION_MAX = 32000,
BOX_INDEX_MAX = 10,
BOX_NAME_MAX = 32,
BOX_FIELD_MAX = INT32_MAX,
+ BOX_USER_MAX = 32,
/**
* A fairly arbitrary limit which is still necessary
* to keep tuple_format object small.
@@ -50,6 +52,20 @@ enum {
BOX_INDEX_PART_MAX = UINT8_MAX
};
+/*
+ * Different objects which can be subject to access
+ * control.
+ *
+ * Use 0 for unknown to use the same index consistently
+ * even when there are more object types in the future.
+ */
+enum schema_object_type {
+ SC_UNKNOWN = 0, SC_UNIVERSE = 1, SC_SPACE = 2, SC_FUNCTION = 3
+};
+
+enum schema_object_type
+schema_object_type(const char *name);
+
/*
* Possible field data types. Can't use STRS/ENUM macros for them,
* since there is a mismatch between enum name (STRING) and type
@@ -189,6 +205,8 @@ key_def_check(struct key_def *key_def);
struct space_def {
/** Space id. */
uint32_t id;
+ /** User id of the creator of the space */
+ uint32_t uid;
/**
* If not set (is 0), any tuple in the
* space can have any number of fields.
@@ -231,4 +249,40 @@ key_mp_type_validate(enum field_type key_type, enum mp_type mp_type,
field_type_strs[key_type]);
}
+/**
+ * Definition of a function. Function body is not stored
+ * or replicated (yet).
+ */
+
+struct func_def {
+ /** Function id. */
+ uint32_t fid;
+ /** Owner of the function. */
+ uint32_t uid;
+ /** Function name. */
+ char name[BOX_NAME_MAX + 1];
+ /**
+ * Strictly speaking, this doesn't belong
+ * to func def but belongs to func cache entry.
+ * Kept here for simplicity.
+ */
+ uint8_t access[BOX_USER_MAX];
+};
+
+/**
+ * Definition of a privilege
+ */
+struct priv_def {
+ /** Who grants the privilege. */
+ uint32_t grantor_id;
+ /** Whom the privilege is granted. */
+ uint32_t grantee_id;
+ /* Object id - is only defined for object type */
+ uint32_t object_id;
+ /* Object type - function, space, universe */
+ enum schema_object_type object_type;
+ /** What is being or has been granted. */
+ uint8_t access;
+};
+
#endif /* TARANTOOL_BOX_KEY_DEF_H_INCLUDED */
diff --git a/src/box/lua/box_net.lua b/src/box/lua/box_net.lua
index 989708bfc45b152a042c869e8c1d61f1af480158..507499802944ca04563236cf1fbcdcb212d394af 100644
--- a/src/box/lua/box_net.lua
+++ b/src/box/lua/box_net.lua
@@ -93,6 +93,7 @@ box.net = {
FUNCTION_NAME = 0x22,
DATA = 0x30,
ERROR = 0x31,
+ GREETING_SIZE = 128,
delete = function(self, space, key)
local t = self:process(box.net.box.DELETE,
@@ -423,6 +424,7 @@ box.net.box.new = function(host, port, reconnect_timeout)
self.host, self.port, s[4])
return false
end
+ sc:recv(box.net.box.GREETING_SIZE)
self.s = sc
diff --git a/src/box/lua/call.cc b/src/box/lua/call.cc
index 8207de2be6d887a27337337c1a3531f18c58e823..b9429b0638bab67991c0436d1d9b6543db697acd 100644
--- a/src/box/lua/call.cc
+++ b/src/box/lua/call.cc
@@ -44,6 +44,8 @@
#include "box/port.h"
#include "box/request.h"
#include "bit/bit.h"
+#include "box/access.h"
+#include "box/schema.h"
/* contents of box.lua, misc.lua, box.net.lua respectively */
extern char schema_lua[], box_lua[], box_net_lua[], misc_lua[] ;
@@ -476,6 +478,25 @@ lbox_call_loadproc(struct lua_State *L)
return box_lua_find(L, name, name + name_len);
}
+static inline void
+access_check_func(const char *name, uint32_t name_len,
+ struct user *user, uint8_t access)
+{
+ if (access == 0)
+ return;
+
+ struct func_def *func = func_by_name(name, name_len);
+ if (func == NULL || (func->uid != user->uid && user->uid != ADMIN &&
+ access & ~func->access[user->auth_token])) {
+
+ char name_buf[BOX_NAME_MAX + 1];
+ snprintf(name_buf, sizeof(name_buf), "%.*s", name_len, name);
+
+ tnt_raise(ClientError, ER_FUNCTION_ACCESS_DENIED,
+ priv_name(access), user->name, name_buf);
+ }
+}
+
/**
* Invoke a Lua stored procedure from the binary protocol
* (implementation of 'CALL' command code).
@@ -484,12 +505,16 @@ void
box_lua_call(struct request *request, struct txn *txn,
struct port *port)
{
+ struct user *user = user();
(void) txn;
lua_State *L = lua_newthread(tarantool_L);
LuarefGuard coro_ref(tarantool_L);
const char *name = request->key;
uint32_t name_len = mp_decode_strl(&name);
+ uint8_t access = PRIV_X & ~user->universal_access;
+ access_check_func(name, name_len, user, access);
+
/* proc name */
int oc = box_lua_find(L, name, name + name_len);
/* Push the rest of args (a tuple). */
diff --git a/src/box/lua/index.cc b/src/box/lua/index.cc
index 782dbf9eda1b2abe9945a56bbcb8ce8fbf5e3c8b..8afea6f27cb732ebc62576c7745e8e6d74c70bd0 100644
--- a/src/box/lua/index.cc
+++ b/src/box/lua/index.cc
@@ -59,7 +59,8 @@ lua_checkindex(struct lua_State *L, int i)
(struct lbox_index *) luaL_checkudata(L, i, indexlib_name);
assert(index != NULL);
if (index->sc_version != sc_version) {
- index->index = index_find(space_find(index->id), index->iid);
+ index->index = index_find(space_cache_find(index->id),
+ index->iid);
index->sc_version = sc_version;
}
return index->index;
@@ -71,7 +72,7 @@ lbox_index_bind(struct lua_State *L)
uint32_t id = (uint32_t) luaL_checkint(L, 1); /* get space id */
uint32_t iid = (uint32_t) luaL_checkint(L, 2); /* get index id in */
/* locate the appropriate index */
- struct space *space = space_find(id);
+ struct space *space = space_cache_find(id);
Index *i = index_find(space, iid);
/* create a userdata object */
@@ -146,7 +147,7 @@ boxffi_index_iterator(uint32_t space_id, uint32_t index_id, int type,
struct iterator *it = NULL;
enum iterator_type itype = (enum iterator_type) type;
try {
- struct space *space = space_find(space_id);
+ struct space *space = space_cache_find(space_id);
Index *index = index_find(space, index_id);
assert(mp_typeof(*key) == MP_ARRAY); /* checked by Lua */
uint32_t part_count = mp_decode_array(&key);
diff --git a/src/box/lua/schema.lua b/src/box/lua/schema.lua
index d1db58378ce8c99932bee581c85b19727af49ab5..1ef2dba001364c29df81ef4d77e635bef5ccc7bc 100644
--- a/src/box/lua/schema.lua
+++ b/src/box/lua/schema.lua
@@ -31,11 +31,27 @@ ffi.cdef[[
boxffi_select(struct port *port, uint32_t space_id, uint32_t index_id,
int iterator, uint32_t offset, uint32_t limit,
const char *key, const char *key_end);
+ void password_prepare(const char *password, int len,
+ char *out, int out_len);
]]
local builtin = ffi.C
local msgpackffi = require('msgpackffi')
local fun = require('fun')
+local function user_resolve(user)
+ local _user = box.space[box.schema.USER_ID]
+ local tuple
+ if type(user) == 'string' then
+ tuple = _user.index['name']:get{user}
+ else
+ tuple = _user.index['primary']:get{user}
+ end
+ if tuple == nil then
+ return nil
+ end
+ return tuple[0]
+end
+
box.schema.space = {}
box.schema.space.create = function(name, options)
local _space = box.space[box.schema.SPACE_ID]
@@ -68,7 +84,14 @@ box.schema.space.create = function(name, options)
if options.arity == nil then
options.arity = 0
end
- _space:insert{id, options.arity, name, temporary}
+ local uid = nil
+ if options.user then
+ uid = user_resolve(options.user)
+ end
+ if uid == nil then
+ uid = box.session.uid()
+ end
+ _space:insert{id, uid, name, options.arity, temporary}
return box.space[id], "created"
end
box.schema.create_space = box.schema.space.create
@@ -499,3 +522,168 @@ function box.schema.space.bless(space)
end
end
end
+
+local function privilege_resolve(privilege)
+ local numeric = 0
+ if type(privilege) == 'string' then
+ privilege = string.lower(privilege)
+ if string.find(privilege, 'read') then
+ numeric = numeric + 1
+ end
+ if string.find(privilege, 'write') then
+ numeric = numeric + 2
+ end
+ if string.find(privilege, 'execute') then
+ numeric = numeric + 4
+ end
+ else
+ numeric = privilege
+ end
+ return numeric
+end
+
+local function object_resolve(object_type, object_name)
+ if object_type == 'universe' then
+ return 0
+ end
+ if object_type == 'space' then
+ local space = box.space[object_name]
+ if space == nil then
+ box.raise(box.error.ER_NO_SUCH_SPACE,
+ "Space '"..object_name.."' does not exist")
+ end
+ return space.n
+ end
+ if object_type == 'function' then
+ local _func = box.space[box.schema.FUNC_ID]
+ local func
+ if type(object_name) == 'string' then
+ func = _func.index['name']:get{object_name}
+ else
+ func = _func.index['primary']:get{object_name}
+ end
+ if func then
+ return func[0]
+ else
+ box.raise(box.error.ER_NO_SUCH_FUNCTION,
+ "Function '"..object_name.."' does not exist")
+ end
+ end
+ box.raise(box.error.ER_UNKNOWN_SCHEMA_OBJECT,
+ "Unknown object type '"..object_type.."'")
+end
+
+box.schema.func = {}
+box.schema.func.create = function(name)
+ local _func = box.space[box.schema.FUNC_ID]
+ local func = _func.index['name']:get{name}
+ if func then
+ box.raise(box.error.ER_FUNCTION_EXISTS,
+ "Function '"..name.."' already exists")
+ end
+ _func:auto_increment{box.session.uid(), name}
+end
+
+box.schema.func.drop = function(name)
+ local _func = box.space[box.schema.FUNC_ID]
+ local fid = object_resolve('function', name)
+ _func:delete{fid}
+end
+
+box.schema.user = {}
+
+box.schema.user.password = function(password)
+ local BUF_SIZE = 128
+ local buf = ffi.new("char[?]", BUF_SIZE)
+ ffi.C.password_prepare(password, #password, buf, BUF_SIZE)
+ return ffi.string(buf)
+end
+
+box.schema.user.passwd = function(new_password)
+ local uid = box.session.uid()
+ local _user = box.space[box.schema.USER_ID]
+ auth_mech_list = {}
+ auth_mech_list["chap-sha1"] = box.schema.user.password(new_password)
+ _user:update({uid}, {"=", 3, auth_mech_list})
+end
+
+box.schema.user.create = function(name, opts)
+ local uid = user_resolve(name)
+ if uid then
+ box.raise(box.error.ER_USER_EXISTS,
+ "User '"..name.."' already exists")
+ end
+ if opts == nil then
+ opts = {}
+ end
+ auth_mech_list = {}
+ if opts.password then
+ auth_mech_list["chap-sha1"] = box.schema.user.password(opts.password)
+ end
+ local _user = box.space[box.schema.USER_ID]
+ _user:auto_increment{'', name, auth_mech_list}
+end
+
+box.schema.user.drop = function(name)
+ local uid = user_resolve(name)
+ if uid == nil then
+ box.raise(box.error.ER_NO_SUCH_USER,
+ "User '"..name.."' does not exist")
+ end
+ -- recursive delete of user data
+ local _priv = box.space[box.schema.PRIV_ID]
+ local privs = _priv.index['owner']:select{uid}
+ for k, tuple in pairs(privs) do
+ box.schema.user.revoke(uid, tuple[4], tuple[2], tuple[3])
+ end
+ local spaces = box.space[box.schema.SPACE_ID].index['owner']:select{uid}
+ for k, tuple in pairs(spaces) do
+ box.space[tuple[0]]:drop()
+ end
+ local funcs = box.space[box.schema.FUNC_ID].index['owner']:select{uid}
+ for k, tuple in pairs(spaces) do
+ box.schema.func.drop(tuple[0])
+ end
+ box.space[box.schema.USER_ID]:delete{uid}
+end
+
+box.schema.user.grant = function(user_name, privilege, object_type,
+ object_name, grantor)
+ local uid = user_resolve(user_name)
+ if uid == nil then
+ box.raise(box.error.ER_NO_SUCH_USER,
+ "User '"..user_name.."' does not exist")
+ end
+ privilege = privilege_resolve(privilege)
+ local oid = object_resolve(object_type, object_name)
+ if grantor == nil then
+ grantor = box.session.uid()
+ else
+ grantor = user_resolve(grantor)
+ end
+ local _priv = box.space[box.schema.PRIV_ID]
+ _priv:replace{grantor, uid, object_type, oid, privilege}
+end
+
+box.schema.user.revoke = function(user_name, privilege, object_type, object_name)
+ local uid = user_resolve(user_name)
+ if uid == nil then
+ box.raise(box.error.ER_NO_SUCH_USER,
+ "User '"..name.."' does not exist")
+ end
+ privilege = privilege_resolve(privilege)
+ local oid = object_resolve(object_type, object_name)
+ local _priv = box.space[box.schema.PRIV_ID]
+ local tuple = _priv:get{uid, object_type, oid}
+ if tuple == nil then
+ return
+ end
+ local old_privilege = tuple[4]
+ if old_privilege ~= privilege then
+ privilege = bit.band(old_privilege, bit.bnot(privilege))
+ _priv:update({uid, object_type, oid}, { "=", 4, privilege})
+ else
+ _priv:delete{uid, object_type, oid}
+ end
+end
+
diff --git a/src/box/lua/space.cc b/src/box/lua/space.cc
index 02549dccd18aae6f094fb94e9ea709d5e8a8a9e0..4496ea316de018df6c36cf24e043cba06bfa3d34 100644
--- a/src/box/lua/space.cc
+++ b/src/box/lua/space.cc
@@ -75,7 +75,8 @@ lbox_space_on_replace(struct lua_State *L)
"usage: space:on_replace(function | nil, [function | nil])");
}
lua_getfield(L, 1, "n"); /* Get space id. */
- struct space *space = space_find(lua_tointeger(L, lua_gettop(L)));
+ uint32_t id = lua_tointeger(L, lua_gettop(L));
+ struct space *space = space_cache_find(id);
lua_pop(L, 1);
return lbox_trigger_reset(L, 3,
@@ -275,6 +276,12 @@ box_lua_space_init(struct lua_State *L)
lua_setfield(L, -2, "SPACE_ID");
lua_pushnumber(L, SC_INDEX_ID);
lua_setfield(L, -2, "INDEX_ID");
+ lua_pushnumber(L, SC_USER_ID);
+ lua_setfield(L, -2, "USER_ID");
+ lua_pushnumber(L, SC_FUNC_ID);
+ lua_setfield(L, -2, "FUNC_ID");
+ lua_pushnumber(L, SC_PRIV_ID);
+ lua_setfield(L, -2, "PRIV_ID");
lua_pushnumber(L, SC_SYSTEM_ID_MIN);
lua_setfield(L, -2, "SYSTEM_ID_MIN");
lua_pushnumber(L, SC_SYSTEM_ID_MAX);
diff --git a/src/box/request.cc b/src/box/request.cc
index a22c569d25ec91d8253998b8136c91b81897e0af..f4703f1f09689b0caa44ba1d820ddc3b5fbc29d7 100644
--- a/src/box/request.cc
+++ b/src/box/request.cc
@@ -39,6 +39,18 @@
#include <fiber.h>
#include <scoped_guard.h>
#include <third_party/base64.h>
+#include "access.h"
+#include "authentication.h"
+
+static inline void
+access_check_space(uint8_t access, struct user *user, struct space *space)
+{
+ if (access && space->def.uid != user->uid && user->uid != ADMIN &&
+ access & ~space->access[user->auth_token]) {
+ tnt_raise(ClientError, ER_SPACE_ACCESS_DENIED,
+ priv_name(access), user->name, space->def.name);
+ }
+}
#if 0
static const char *
@@ -82,14 +94,23 @@ static void
execute_replace(struct request *request, struct txn *txn, struct port *port)
{
(void) port;
- txn_add_redo(txn, request);
+ struct user *user = user();
+ /*
+ * If a user has a global permission, clear the respective
+ * privilege from the list of privileges required
+ * to execute the request.
+ */
+ uint8_t access = PRIV_W & ~user->universal_access;
+
+ struct space *space = space_cache_find(request->space_id);
- struct space *space = space_find(request->space_id);
+ access_check_space(access, user, space);
struct tuple *new_tuple = tuple_new(space->format, request->tuple,
request->tuple_end);
TupleGuard guard(new_tuple);
space_validate_tuple(space, new_tuple);
enum dup_replace_mode mode = dup_replace_mode(request->type);
+ txn_add_redo(txn, request);
txn_replace(txn, space, NULL, new_tuple, mode);
}
@@ -98,11 +119,14 @@ execute_update(struct request *request, struct txn *txn,
struct port *port)
{
(void) port;
- txn_add_redo(txn, request);
+ struct user *user = user();
+ uint8_t access = PRIV_W & ~user->universal_access;
+
/* Parse UPDATE request. */
/** Search key and key part count. */
- struct space *space = space_find(request->space_id);
+ struct space *space = space_cache_find(request->space_id);
+ access_check_space(access, user, space);
Index *pk = index_find(space, 0);
/* Try to find the tuple by primary key. */
const char *key = request->key;
@@ -110,6 +134,7 @@ execute_update(struct request *request, struct txn *txn,
primary_key_validate(pk->key_def, key, part_count);
struct tuple *old_tuple = pk->findByKey(key, part_count);
+ txn_add_redo(txn, request);
if (old_tuple == NULL)
return;
@@ -124,13 +149,38 @@ execute_update(struct request *request, struct txn *txn,
txn_replace(txn, space, old_tuple, new_tuple, DUP_INSERT);
}
-/** }}} */
+static void
+execute_delete(struct request *request, struct txn *txn, struct port *port)
+{
+ (void) port;
+ struct user *user = user();
+ uint8_t access = PRIV_W & ~user->universal_access;
+
+ struct space *space = space_cache_find(request->space_id);
+ access_check_space(access, user, space);
+
+ /* Try to find tuple by primary key */
+ Index *pk = index_find(space, 0);
+ const char *key = request->key;
+ uint32_t part_count = mp_decode_array(&key);
+ primary_key_validate(pk->key_def, key, part_count);
+ struct tuple *old_tuple = pk->findByKey(key, part_count);
+
+ txn_add_redo(txn, request);
+ if (old_tuple == NULL)
+ return;
+ txn_replace(txn, space, old_tuple, NULL, DUP_REPLACE_OR_INSERT);
+}
+
static void
execute_select(struct request *request, struct txn *txn, struct port *port)
{
(void) txn;
- struct space *space = space_find(request->space_id);
+ struct user *user = user();
+ uint8_t access = PRIV_R & ~user->universal_access;
+ struct space *space = space_cache_find(request->space_id);
+ access_check_space(access, user, space);
Index *index = index_find(space, request->index_id);
ERROR_INJECT_EXCEPTION(ERRINJ_TESTING);
@@ -161,31 +211,22 @@ execute_select(struct request *request, struct txn *txn, struct port *port)
}
}
-static void
-execute_delete(struct request *request, struct txn *txn, struct port *port)
+void
+execute_auth(struct request *request, struct txn * /* txn */,
+ struct port * /* port */)
{
- (void) port;
- txn_add_redo(txn, request);
- struct space *space = space_find(request->space_id);
-
- /* Try to find tuple by primary key */
- Index *pk = index_find(space, 0);
- const char *key = request->key;
- uint32_t part_count = mp_decode_array(&key);
- primary_key_validate(pk->key_def, key, part_count);
- struct tuple *old_tuple = pk->findByKey(key, part_count);
-
- if (old_tuple == NULL)
- return;
-
- txn_replace(txn, space, old_tuple, NULL, DUP_REPLACE_OR_INSERT);
+ const char *user = request->key;
+ uint32_t len = mp_decode_strl(&user);
+ authenticate(user, len, request->tuple, request->tuple_end);
}
+/** }}} */
+
void
request_check_type(uint32_t type)
{
if (type < IPROTO_SELECT || type >= IPROTO_DML_REQUEST_MAX)
- tnt_raise(IllegalParams, "unknown request type %u", type);
+ tnt_raise(LoggedError, ER_UNKNOWN_REQUEST_TYPE, type);
}
void
@@ -194,7 +235,8 @@ request_create(struct request *request, uint32_t type)
request_check_type(type);
static const request_execute_f execute_map[] = {
NULL, execute_select, execute_replace, execute_replace,
- execute_update, execute_delete, box_lua_call
+ execute_update, execute_delete, box_lua_call,
+ execute_auth,
};
memset(request, 0, sizeof(*request));
request->type = type;
@@ -248,9 +290,10 @@ request_decode(struct request *request, const char *data, uint32_t len)
break;
case IPROTO_KEY:
case IPROTO_FUNCTION_NAME:
- default:
+ case IPROTO_USER_NAME:
request->key = value;
request->key_end = data;
+ default:
break;
}
}
diff --git a/src/box/schema.cc b/src/box/schema.cc
index 5e242e2ab15076f4017e8561a3e32219ee42fee1..eca6e4a6061f09d21516ace375ec31e721b4e26f 100644
--- a/src/box/schema.cc
+++ b/src/box/schema.cc
@@ -27,6 +27,7 @@
* SUCH DAMAGE.
*/
#include "schema.h"
+#include "access.h"
#include "space.h"
#include "tuple.h"
#include "assoc.h"
@@ -53,6 +54,7 @@
/** All existing spaces. */
static struct mh_i32ptr_t *spaces;
+static struct mh_i32ptr_t *funcs;
int sc_version;
bool
@@ -107,7 +109,7 @@ space_foreach(void (*func)(struct space *sp, void *udata), void *udata)
while ((tuple = it->next(it))) {
/* Get space id, primary key, field 0. */
uint32_t id = tuple_field_u32(tuple, 0);
- space = space_find(id);
+ space = space_cache_find(id);
if (! space_is_system(space))
break;
func(space, udata);
@@ -197,6 +199,24 @@ sc_space_new(struct space_def *space_def,
return space;
}
+uint32_t
+schema_find_id(uint32_t system_space_id, uint32_t index_id,
+ const char *name, uint32_t len)
+{
+ struct space *space = space_cache_find(system_space_id);
+ Index *index = index_find(space, index_id);
+ struct iterator *it = index->position();
+ char key[5 /* str len */ + BOX_NAME_MAX];
+ mp_encode_str(key, name, len);
+ index->initIterator(it, ITER_EQ, key, 1);
+ struct tuple *tuple;
+ while ((tuple = it->next(it))) {
+ /* id is always field #1 */
+ return tuple_field_u32(tuple, 0);
+ }
+ return SC_ID_NIL;
+}
+
/**
* Initialize a prototype for the two mandatory data
* dictionary spaces and create a cache entry for them.
@@ -208,6 +228,7 @@ schema_init()
{
/* Initialize the space cache. */
spaces = mh_i32ptr_new();
+ funcs = mh_i32ptr_new();
/*
* Create surrogate space objects for the mandatory system
* spaces (the primal eggs from which we get all the
@@ -219,7 +240,7 @@ schema_init()
* (and re-created) first.
*/
/* _schema - key/value space with schema description */
- struct space_def def = { SC_SCHEMA_ID, 0, "_schema", false };
+ struct space_def def = { SC_SCHEMA_ID, ADMIN, 0, "_schema", false };
struct key_def *key_def = key_def_new(def.id,
0 /* index id */,
"primary", /* name */
@@ -235,6 +256,23 @@ schema_init()
key_def_set_part(key_def, 0 /* part no */, 0 /* field no */, NUM);
(void) sc_space_new(&def, key_def, &alter_space_on_replace_space);
+
+ /* _user - all existing users */
+ key_def->space_id = def.id = SC_USER_ID;
+ snprintf(def.name, sizeof(def.name), "_user");
+ (void) sc_space_new(&def, key_def, &on_replace_user);
+
+ /* _func - all executable objects on which one can have grants */
+ key_def->space_id = def.id = SC_FUNC_ID;
+ snprintf(def.name, sizeof(def.name), "_func");
+ (void) sc_space_new(&def, key_def, &on_replace_func);
+ /*
+ * _priv - association user <-> object
+ * The real index is defined in the snapshot.
+ */
+ key_def->space_id = def.id = SC_PRIV_ID;
+ snprintf(def.name, sizeof(def.name), "_priv");
+ (void) sc_space_new(&def, key_def, &on_replace_priv);
key_def_delete(key_def);
/* _index - definition of indexes in all spaces */
@@ -298,4 +336,57 @@ schema_free(void)
space_delete(space);
}
mh_i32ptr_delete(spaces);
+ while (mh_size(funcs) > 0) {
+ mh_int_t i = mh_first(funcs);
+
+ struct func_def *func = (struct func_def *)
+ mh_i32ptr_node(funcs, i)->val;
+ func_cache_delete(func->fid);
+ }
+ mh_i32ptr_delete(funcs);
+}
+
+void
+func_cache_replace(struct func_def *func)
+{
+ struct func_def *old = func_by_id(func->fid);
+ if (old) {
+ *old = *func;
+ return;
+ }
+ if (mh_size(funcs) >= BOX_FUNCTION_MAX)
+ tnt_raise(ClientError, ER_FUNCTION_MAX, BOX_FUNCTION_MAX);
+ void *ptr = malloc(sizeof(*func));
+ if (ptr == NULL) {
+error:
+ panic_syserror("Out of memory for the data "
+ "dictionary cache.");
+ }
+ memcpy(ptr, func, sizeof(*func));
+ func = (struct func_def *) ptr;
+ const struct mh_i32ptr_node_t node = { func->fid, func };
+ mh_int_t k = mh_i32ptr_put(funcs, &node, NULL, NULL);
+ if (k == mh_end(funcs))
+ goto error;
+}
+
+void
+func_cache_delete(uint32_t fid)
+{
+ mh_int_t k = mh_i32ptr_find(funcs, fid, NULL);
+ if (k == mh_end(funcs))
+ return;
+ struct func_def *func = (struct func_def *)
+ mh_i32ptr_node(funcs, k)->val;
+ mh_i32ptr_del(funcs, k, NULL);
+ free(func);
+}
+
+struct func_def *
+func_by_id(uint32_t fid)
+{
+ mh_int_t func = mh_i32ptr_find(funcs, fid, NULL);
+ if (func == mh_end(funcs))
+ return NULL;
+ return (struct func_def *) mh_i32ptr_node(funcs, func)->val;
}
diff --git a/src/box/schema.h b/src/box/schema.h
index 76873bb9495151197e1a3405bc988447b2508ea4..097cbc7417d6a073017a3679efcbd2e93d3f2db0 100644
--- a/src/box/schema.h
+++ b/src/box/schema.h
@@ -39,10 +39,18 @@ enum schema_id {
SC_SPACE_ID = 280,
/** Space id of _index. */
SC_INDEX_ID = 288,
+ /** Space id of _func. */
+ SC_FUNC_ID = 296,
+ /** Space id of _user. */
+ SC_USER_ID = 304,
+ /** Space id of _priv. */
+ SC_PRIV_ID = 312,
/** End of the reserved range of system spaces. */
SC_SYSTEM_ID_MAX = 511
};
+enum { SC_ID_NIL = 4294967295 };
+
extern int sc_version;
struct space;
@@ -65,7 +73,7 @@ extern "C" const char *
space_name_by_id(uint32_t id);
static inline struct space *
-space_find(uint32_t id)
+space_cache_find(uint32_t id)
{
struct space *space = space_by_id(id);
if (space)
@@ -111,4 +119,36 @@ space_end_recover();
struct space *schema_space(uint32_t id);
+/*
+ * Find object id by object name.
+ */
+uint32_t
+schema_find_id(uint32_t system_space_id, uint32_t index_id,
+ const char *name, uint32_t len);
+
+void
+func_cache_replace(struct func_def *func);
+
+void
+func_cache_delete(uint32_t fid);
+
+struct func_def *
+func_by_id(uint32_t fid);
+
+static inline struct func_def *
+func_cache_find(uint32_t fid)
+{
+ struct func_def *func = func_by_id(fid);
+ if (func == NULL)
+ tnt_raise(ClientError, ER_NO_SUCH_FUNCTION, int2str(fid));
+ return func;
+}
+
+static inline struct func_def *
+func_by_name(const char *name, uint32_t name_len)
+{
+ uint32_t fid = schema_find_id(SC_FUNC_ID, 2, name, name_len);
+ return func_by_id(fid);
+}
+
#endif /* INCLUDES_TARANTOOL_BOX_SCHEMA_H */
diff --git a/src/box/space.h b/src/box/space.h
index 6f57c0f345087361ae91f32f89e173121516aa8d..41cb9f472cd587953f61ea2125ff04d90f1d34e1 100644
--- a/src/box/space.h
+++ b/src/box/space.h
@@ -77,6 +77,7 @@ void space_build_primary_key(struct space *space);
void space_build_all_keys(struct space *space);
struct space {
+ uint8_t access[BOX_USER_MAX];
/**
* Reflects the current space state and is also a vtab
* with methods. Unlike a C++ vtab, changes during space
diff --git a/src/box/txn.cc b/src/box/txn.cc
index f6c3539cc8d48f874691ce689681a7833e54fedf..e227be0da1c8f208073feb7bc0a6ba0bda3dd930 100644
--- a/src/box/txn.cc
+++ b/src/box/txn.cc
@@ -35,12 +35,6 @@
#include <fiber.h>
#include "request.h" /* for request_name */
-void
-txn_add_redo(struct txn *txn, struct request *request)
-{
- txn->request = request;
-}
-
void
txn_replace(struct txn *txn, struct space *space,
struct tuple *old_tuple, struct tuple *new_tuple,
diff --git a/src/box/txn.h b/src/box/txn.h
index 505aef6b5c7185412b55ce577ca95764abf94489..fb0802d3361394390d0c97edc11be13f3a0fc5d8 100644
--- a/src/box/txn.h
+++ b/src/box/txn.h
@@ -47,11 +47,16 @@ struct txn {
struct request *request;
};
+static inline void
+txn_add_redo(struct txn *txn, struct request *request)
+{
+ txn->request = request;
+}
+
struct txn *txn_begin();
void txn_commit(struct txn *txn);
void txn_finish(struct txn *txn);
void txn_rollback(struct txn *txn);
-void txn_add_redo(struct txn *txn, struct request *request);
void txn_replace(struct txn *txn, struct space *space,
struct tuple *old_tuple, struct tuple *new_tuple,
enum dup_replace_mode mode);
diff --git a/src/errcode.h b/src/errcode.h
index 208e754cf3a65076a2802e72427b831333e42e89..839a7bd21f219aaa8c70494623d5fbf696d80d41 100644
--- a/src/errcode.h
+++ b/src/errcode.h
@@ -91,6 +91,21 @@ enum { TNT_ERRMSG_MAX = 512 };
/* 39 */_(ER_INDEX_ARITY, 2, "Tuple field count %u is less than required by a defined index (expected %u)") \
/* 40 */_(ER_WAL_IO, 2, "Failed to write to disk") \
/* 41 */_(ER_MORE_THAN_ONE_TUPLE, 2, "More than one tuple found") \
+ /* 42 */_(ER_ACCESS_DENIED, 2, "%s access denied for user '%s'") \
+ /* 43 */_(ER_CREATE_USER, 2, "Failed to create user '%s': %s") \
+ /* 44 */_(ER_DROP_USER, 2, "Failed to drop user '%s': %s") \
+ /* 45 */_(ER_NO_SUCH_USER, 2, "User '%s' is not found") \
+ /* 46 */_(ER_USER_EXISTS, 2, "User '%s' already exists") \
+ /* 47 */_(ER_PASSWORD_MISMATCH, 2, "Incorrect password supplied for user '%s'") \
+ /* 48 */_(ER_UNKNOWN_REQUEST_TYPE, 2, "Unknown request type %u") \
+ /* 49 */_(ER_UNKNOWN_SCHEMA_OBJECT, 2, "Unknown object type '%s'") \
+ /* 50 */_(ER_CREATE_FUNCTION, 2, "Failed to create function: %s") \
+ /* 51 */_(ER_NO_SUCH_FUNCTION, 2, "Function '%s' does not exist") \
+ /* 52 */_(ER_FUNCTION_EXISTS, 2, "Function '%s' already exists") \
+ /* 53 */_(ER_FUNCTION_ACCESS_DENIED, 2, "%s access denied for user '%s' to function '%s'") \
+ /* 54 */_(ER_FUNCTION_MAX, 2, "A limit on the total number of functions has been reached: %u") \
+ /* 55 */_(ER_SPACE_ACCESS_DENIED, 2, "%s access denied for user '%s' to space '%s'") \
+ /* 56 */_(ER_USER_MAX, 2, "A limit on the total number of users has been reached: %u") \
/*
diff --git a/src/ffisyms.cc b/src/ffisyms.cc
index c7e2c190a084e33d6cac9a3264cf9cd372a39125..6b3dc5d202276815036cd2f604012d4e242876ae 100644
--- a/src/ffisyms.cc
+++ b/src/ffisyms.cc
@@ -1,12 +1,14 @@
#include <bit/bit.h>
#include <lib/msgpuck/msgpuck.h>
+#include "scramble.h"
#include <box/tuple.h>
#include <box/lua/index.h>
#include <box/lua/call.h>
/*
* A special hack to cc/ld to keep symbols in an optimized binary.
- * Please add your symbols to this array if you plan to use it from LuaJIT FFI.
+ * Please add your symbols to this array if you plan to use it from
+ * LuaJIT FFI.
*/
void *ffi_symbols[] = {
(void *) bswap_u32,
@@ -22,5 +24,6 @@ void *ffi_symbols[] = {
(void *) boxffi_index_iterator,
(void *) port_ffi_create,
(void *) port_ffi_destroy,
- (void *) boxffi_select
+ (void *) boxffi_select,
+ (void *) password_prepare
};
diff --git a/src/fiber.cc b/src/fiber.cc
index 7042c3477b0b0e06e930c7266c7c3d9ed2e53754..dd24d949adcb65607aa5b337417f224114648222 100644
--- a/src/fiber.cc
+++ b/src/fiber.cc
@@ -443,7 +443,6 @@ fiber_new(const char *name, void (*f) (va_list))
rlist_create(&fiber->state);
}
-
fiber->f = f;
/* fids from 0 to 100 are reserved */
diff --git a/src/iproto.cc b/src/iproto.cc
index e0af04080c77c934568babe0777a67233cc6d999..808bbac059762a615252e100b086b2cc151d68ba 100644
--- a/src/iproto.cc
+++ b/src/iproto.cc
@@ -44,6 +44,8 @@
#include "memory.h"
#include "msgpuck/msgpuck.h"
#include "replication.h"
+#include "third_party/base64.h"
+#include "coio.h"
class IprotoConnectionShutdown: public Exception
{
@@ -531,8 +533,8 @@ iproto_process_admin(struct iproto_request *ireq,
subscribe_request_decode(body, end));
tnt_raise(IprotoConnectionShutdown);
default:
- tnt_raise(IllegalParams, "unknown request type %u",
- ireq->header[IPROTO_CODE]);
+ tnt_raise(ClientError, ER_UNKNOWN_REQUEST_TYPE,
+ (uint32_t) ireq->header[IPROTO_CODE]);
}
if (! ev_is_active(&con->output))
ev_feed_event(con->loop, &con->output, EV_WRITE);
@@ -762,6 +764,20 @@ iproto_request_new(struct iproto_connection *con,
return ireq;
}
+const char *
+iproto_greeting(int *salt)
+{
+ static __thread char greeting[IPROTO_GREETING_SIZE + 1];
+ char base64buf[SESSION_SEED_SIZE * 4 / 3 + 5];
+
+ base64_encode((char *) salt, SESSION_SEED_SIZE,
+ base64buf, sizeof(base64buf));
+ snprintf(greeting, sizeof(greeting),
+ "Tarantool %-20s %-32s\n%-63s\n",
+ tarantool_version(), custom_proc_title, base64buf);
+ return greeting;
+}
+
/**
* Handshake a connection: invoke the on-connect trigger
* and possibly authenticate. Try to send the client an error
@@ -775,6 +791,8 @@ iproto_process_connect(struct iproto_request *request)
int fd = con->input.fd;
try { /* connect. */
con->session = session_create(fd, con->cookie);
+ coio_write(&con->input, iproto_greeting(con->session->salt),
+ IPROTO_GREETING_SIZE);
} catch (ClientError *e) {
iproto_reply_error(&iobuf->out, e, request->header[IPROTO_SYNC]);
try {
diff --git a/src/iproto_constants.c b/src/iproto_constants.c
index 6700ee3dff19c63ff87c110ffa9658de948781bd..6ff8a308be680f9f5943f9a3401a0816e332e6fa 100644
--- a/src/iproto_constants.c
+++ b/src/iproto_constants.c
@@ -51,6 +51,7 @@ unsigned char iproto_key_type[IPROTO_KEY_MAX] =
/* 0x20 */ MP_ARRAY, /* IPROTO_KEY */
/* 0x21 */ MP_ARRAY, /* IPROTO_TUPLE */
/* 0x22 */ MP_STR, /* IPROTO_FUNCTION_NAME */
+ /* 0x23 */ MP_STR, /* IPROTO_USER_NAME */
/* }}} */
};
diff --git a/src/iproto_constants.h b/src/iproto_constants.h
index 1de71a8f61331b8773609899162c62a525969bbb..63ff74afe499c822529c5ce3d4f4e80045040137 100644
--- a/src/iproto_constants.h
+++ b/src/iproto_constants.h
@@ -33,9 +33,11 @@
enum {
/** Maximal iproto package body length (2GiB) */
- IPROTO_BODY_LEN_MAX = 2147483648UL
+ IPROTO_BODY_LEN_MAX = 2147483648UL,
+ IPROTO_GREETING_SIZE = 128,
};
+
enum iproto_key {
IPROTO_CODE = 0x00,
IPROTO_SYNC = 0x01,
@@ -49,6 +51,7 @@ enum iproto_key {
IPROTO_KEY = 0x20,
IPROTO_TUPLE = 0x21,
IPROTO_FUNCTION_NAME = 0x22,
+ IPROTO_USER_NAME = 0x23,
/* Leave a gap between request keys and response keys */
IPROTO_DATA = 0x30,
IPROTO_ERROR = 0x31,
@@ -60,7 +63,7 @@ enum iproto_key {
#define IPROTO_HEAD_BMAP (bit(CODE) | bit(SYNC))
#define IPROTO_BODY_BMAP (bit(SPACE_ID) | bit(INDEX_ID) | bit(LIMIT) |\
bit(OFFSET) | bit(KEY) | bit(TUPLE) | \
- bit(FUNCTION_NAME))
+ bit(FUNCTION_NAME) | bit(USER_NAME))
static inline bool
iproto_header_has_key(const char *pos, const char *end)
{
@@ -87,9 +90,9 @@ enum iproto_request_type {
IPROTO_UPDATE = 4,
IPROTO_DELETE = 5,
IPROTO_CALL = 6,
- IPROTO_DML_REQUEST_MAX = 7,
+ IPROTO_AUTH = 7,
+ IPROTO_DML_REQUEST_MAX = 8,
IPROTO_PING = 64,
- IPROTO_AUTH = 65,
IPROTO_SUBSCRIBE = 66
};
diff --git a/src/lua/session.cc b/src/lua/session.cc
index 6112ac2a7d05932abbdab008b59b180fce22dab5..d428f1ef700f7d6c9a01086a9857de6db142c7de 100644
--- a/src/lua/session.cc
+++ b/src/lua/session.cc
@@ -29,6 +29,7 @@
#include "lua/session.h"
#include "lua/utils.h"
#include "lua/trigger.h"
+#include "box/access.h"
extern "C" {
#include <lua.h>
@@ -57,6 +58,57 @@ lbox_session_id(struct lua_State *L)
return 1;
}
+/** Session user id. */
+static int
+lbox_session_uid(struct lua_State *L)
+{
+ lua_pushnumber(L, fiber()->session ?
+ fiber()->session->uid : (int) GUEST);
+ return 1;
+}
+
+/** Session user id. */
+static int
+lbox_session_user(struct lua_State *L)
+{
+ struct user *user = NULL;
+ if (fiber()->session)
+ user = user_cache_find(fiber()->session->uid);
+ if (user)
+ lua_pushstring(L, user->name);
+ else
+ lua_pushnil(L);
+ return 1;
+}
+
+/** Session user id. */
+static int
+lbox_session_su(struct lua_State *L)
+{
+ if (lua_gettop(L) != 1)
+ luaL_error(L, "session.su(): bad arguments");
+ struct session *session = fiber()->session;
+ if (session == NULL)
+ luaL_error(L, "session.su(): session does not exit");
+ struct user *user;
+ if (lua_type(L, 1) == LUA_TSTRING) {
+ size_t len;
+ const char *name = lua_tolstring(L, 1, &len);
+ user = user_by_name(name, len);
+ if (user == NULL)
+ tnt_raise(ClientError, ER_NO_SUCH_USER, name);
+ } else {
+ uint32_t uid = lua_tointeger(L, 1);;
+ user = user_cache_find(uid);
+ if (user == NULL) {
+ tnt_raise(ClientError, ER_NO_SUCH_USER,
+ int2str(uid));
+ }
+ }
+ session_set_user(session, user->auth_token, user->uid);
+ return 0;
+}
+
/**
* Check whether or not a session exists.
*/
@@ -159,6 +211,9 @@ tarantool_lua_session_init(struct lua_State *L)
{
static const struct luaL_reg sessionlib[] = {
{"id", lbox_session_id},
+ {"uid", lbox_session_uid},
+ {"user", lbox_session_user},
+ {"su", lbox_session_su},
{"fd", lbox_session_fd},
{"exists", lbox_session_exists},
{"peer", lbox_session_peer},
diff --git a/src/random.c b/src/random.c
new file mode 100644
index 0000000000000000000000000000000000000000..914e631b3a4e0414e6490dea29624661dbb040e2
--- /dev/null
+++ b/src/random.c
@@ -0,0 +1,51 @@
+/*
+ * Redistribution and use in source and binary forms, with or
+ * without modification, are permitted provided that the following
+ * conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials
+ * provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY <COPYRIGHT HOLDER> ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+ * <COPYRIGHT HOLDER> OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#include "random.h"
+#include <sys/types.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <stdlib.h>
+
+#ifdef __linux__
+#define DEV_RANDOM "/dev/urandom"
+#else
+#define DEV_RANDOM "/dev/random"
+#endif
+
+void
+random_init(void)
+{
+ int fd = open(DEV_RANDOM, O_RDONLY);
+ long int seed;
+ read(fd, &seed, sizeof(seed));
+ close(fd);
+ srandom(seed);
+ srand(seed);
+}
diff --git a/src/random.h b/src/random.h
new file mode 100644
index 0000000000000000000000000000000000000000..98cd0e5e4ec16716882f5ec495d2a0285c04c888
--- /dev/null
+++ b/src/random.h
@@ -0,0 +1,40 @@
+#ifndef INCLUDES_TARANTOOL_RANDOM_H
+#define INCLUDES_TARANTOOL_RANDOM_H
+/*
+ * Redistribution and use in source and binary forms, with or
+ * without modification, are permitted provided that the following
+ * conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials
+ * provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY <COPYRIGHT HOLDER> ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+ * <COPYRIGHT HOLDER> OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#if defined(__cplusplus)
+extern "C" {
+#endif
+void
+random_init(void);
+
+#if defined(__cplusplus)
+}
+#endif /* extern "C" */
+#endif /* INCLUDES_TARANTOOL_RANDOM_H */
diff --git a/src/replica.cc b/src/replica.cc
index f627d131d504d86fa6679558ebabe1d5ed6babc0..18ab56e1a0088de5745f5820646fd20f44da88fc 100644
--- a/src/replica.cc
+++ b/src/replica.cc
@@ -90,6 +90,7 @@ int
replica_bootstrap(const char *replication_source)
{
char ip_addr[32];
+ char greeting[IPROTO_GREETING_SIZE];
int port;
struct sockaddr_in addr;
memset(&addr, 0, sizeof(addr));
@@ -109,7 +110,8 @@ replica_bootstrap(const char *replication_source)
int master = sio_socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
FDGuard guard(master);
sio_connect(master, &addr, sizeof(addr));
- sio_write(master, &iproto_subscribe_request,
+ sio_readn(master, greeting, sizeof(greeting));
+ sio_writen(master, &iproto_subscribe_request,
sizeof(iproto_subscribe_request));
guard.fd = -1;
@@ -120,10 +122,12 @@ static void
remote_connect(struct ev_io *coio, struct sockaddr_in *remote_addr,
int64_t initial_lsn, const char **err)
{
+ char greeting[IPROTO_GREETING_SIZE];
evio_socket(coio, AF_INET, SOCK_STREAM, IPPROTO_TCP);
*err = "can't connect to master";
coio_connect(coio, remote_addr);
+ coio_readn(coio, greeting, sizeof(greeting));
struct iproto_subscribe_request request = iproto_subscribe_request;
request.lsn = mp_bswap_u64(initial_lsn);
diff --git a/src/scramble.c b/src/scramble.c
new file mode 100644
index 0000000000000000000000000000000000000000..4773e38a10456c41310af1b94a0a0690393406d0
--- /dev/null
+++ b/src/scramble.c
@@ -0,0 +1,106 @@
+/*
+ * Redistribution and use in source and binary forms, with or
+ * without modification, are permitted provided that the following
+ * conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials
+ * provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY <COPYRIGHT HOLDER> ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+ * <COPYRIGHT HOLDER> OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#include "scramble.h"
+#include "third_party/sha1.h"
+#include "third_party/base64.h"
+#include <string.h>
+#include <stdio.h>
+
+static void
+xor(unsigned char *to, unsigned const char *left,
+ unsigned const char *right, uint32_t len)
+{
+ const uint8_t *end = to + len;
+ while (to < end)
+ *to++= *left++ ^ *right++;
+}
+
+void
+scramble_prepare(void *out, const void *salt, const void *password,
+ int password_len)
+{
+ unsigned char hash1[SCRAMBLE_SIZE];
+ unsigned char hash2[SCRAMBLE_SIZE];
+ SHA1_CTX ctx;
+
+ SHA1Init(&ctx);
+ SHA1Update(&ctx, password, password_len);
+ SHA1Final(hash1, &ctx);
+
+ SHA1Init(&ctx);
+ SHA1Update(&ctx, hash1, SCRAMBLE_SIZE);
+ SHA1Final(hash2, &ctx);
+
+ SHA1Init(&ctx);
+ SHA1Update(&ctx, salt, SCRAMBLE_SIZE);
+ SHA1Update(&ctx, hash2, SCRAMBLE_SIZE);
+ SHA1Final(out, &ctx);
+
+ xor(out, hash1, out, SCRAMBLE_SIZE);
+}
+
+int
+scramble_check(const void *scramble, const void *salt, const void *hash2)
+{
+ SHA1_CTX ctx;
+ unsigned char candidate_hash2[SCRAMBLE_SIZE];
+
+ SHA1Init(&ctx);
+ SHA1Update(&ctx, salt, SCRAMBLE_SIZE);
+ SHA1Update(&ctx, hash2, SCRAMBLE_SIZE);
+ SHA1Final(candidate_hash2, &ctx);
+
+ xor(candidate_hash2, candidate_hash2, scramble, SCRAMBLE_SIZE);
+ /*
+ * candidate_hash2 now supposedly contains hash1, turn it
+ * into hash2
+ */
+ SHA1Init(&ctx);
+ SHA1Update(&ctx, candidate_hash2, SCRAMBLE_SIZE);
+ SHA1Final(candidate_hash2, &ctx);
+
+ return memcmp(hash2, candidate_hash2, SCRAMBLE_SIZE);
+}
+
+void
+password_prepare(const char *password, int len, char *out, int out_len)
+{
+ unsigned char hash2[SCRAMBLE_SIZE];
+ SHA1_CTX ctx;
+
+ SHA1Init(&ctx);
+ SHA1Update(&ctx, (const unsigned char *) password, len);
+ SHA1Final(hash2, &ctx);
+
+ SHA1Init(&ctx);
+ SHA1Update(&ctx, hash2, SCRAMBLE_SIZE);
+ SHA1Final(hash2, &ctx);
+
+ base64_encode((char *) hash2, SCRAMBLE_SIZE, out, out_len);
+}
diff --git a/src/scramble.h b/src/scramble.h
new file mode 100644
index 0000000000000000000000000000000000000000..2a2a2a61eae182e89d4a11b42d4b927b8114ca1b
--- /dev/null
+++ b/src/scramble.h
@@ -0,0 +1,93 @@
+#ifndef INCLUDES_TARANTOOL_SCRAMBLE_H
+#define INCLUDES_TARANTOOL_SCRAMBLE_H
+/*
+ * Redistribution and use in source and binary forms, with or
+ * without modification, are permitted provided that the following
+ * conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials
+ * provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY <COPYRIGHT HOLDER> ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+ * <COPYRIGHT HOLDER> OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#if defined(__cplusplus)
+extern "C" {
+#endif
+/**
+ * These are the core bits of the built-in Tarantool
+ * authentication. They implement the same algorithm as
+ * in MySQL 4.1 authentication:
+ *
+ * SERVER: seed = create_random_string()
+ * send(seed)
+ *
+ * CLIENT: recv(seed)
+ * hash1 = sha1("password")
+ * hash2 = sha1(hash1)
+ * reply = xor(hash1, sha1(seed, hash2))
+ *
+ * ^^ these steps are done in scramble_prepare()
+ *
+ * send(reply)
+ *
+ *
+ * SERVER: recv(reply)
+ *
+ * hash1 = xor(reply, sha1(seed, hash2))
+ * candidate_hash2 = sha1(hash1)
+ * check(candidate_hash2 == hash2)
+ *
+ * ^^ these steps are done in scramble_check()
+ */
+
+enum { SCRAMBLE_SIZE = 20, SCRAMBLE_BASE64_SIZE = 28 };
+
+/**
+ * Prepare a scramble (cipher) to send over the wire
+ * to the server for authentication.
+ */
+void
+scramble_prepare(void *out, const void *salt, const void *password,
+ int password_len);
+
+
+/**
+ * Verify a password.
+ *
+ * @retval 0 passwords do match
+ * @retval !0 passwords do not match
+ */
+int
+scramble_check(const void *scramble, const void *salt, const void *hash2);
+
+
+/**
+ * Prepare a password hash as is stored in the _user space.
+ * @pre out must be at least SCRAMBLE_BASE64_SIZE
+ * @post out contains base64_encode(sha1(sha1(password)))
+ */
+void
+password_prepare(const char *password, int len, char *out, int out_len);
+
+#if defined(__cplusplus)
+} /* extern "C" */
+#endif
+#endif /* INCLUDES_TARANTOOL_SCRAMBLE_H */
diff --git a/src/session.cc b/src/session.cc
index 624439d6fb42aafcabf11191917491d37b253d61..8a787fdd72e57ff5c166ddbb926edfdd435e1d07 100644
--- a/src/session.cc
+++ b/src/session.cc
@@ -35,8 +35,6 @@
#include "exception.h"
#include <sys/socket.h>
-uint32_t sid_max;
-
static struct mh_i32ptr_t *session_registry;
struct mempool session_pool;
@@ -44,18 +42,31 @@ struct mempool session_pool;
RLIST_HEAD(session_on_connect);
RLIST_HEAD(session_on_disconnect);
-struct session *
-session_create(int fd, uint64_t cookie)
+static inline uint32_t
+sid_max()
{
- struct session *session = (struct session *)
- mempool_alloc(&session_pool);
+ static uint32_t sid_max = 0;
/* Return the next sid rolling over the reserved value of 0. */
while (++sid_max == 0)
;
+ return sid_max;
+}
- session->id = sid_max;
+struct session *
+session_create(int fd, uint64_t cookie)
+{
+ struct session *session = (struct session *)
+ mempool_alloc(&session_pool);
+ session->id = sid_max();
session->fd = fd;
session->cookie = cookie;
+ /*
+ * At first the session user is a superuser,
+ * to make sure triggers run correctly.
+ */
+ session_set_user(session, ADMIN, ADMIN);
+ for (int i = 0; i < SESSION_SEED_SIZE/sizeof(*session->salt); i++)
+ session->salt[i] = rand();
struct mh_i32ptr_node_t node;
node.key = session->id;
node.val = session;
@@ -80,6 +91,8 @@ session_create(int fd, uint64_t cookie)
mempool_free(&session_pool, session);
throw;
}
+ /* Set session user to guest, until it is authenticated. */
+ session_set_user(session, GUEST, GUEST);
return session;
}
@@ -89,7 +102,8 @@ session_destroy(struct session *session)
if (session == NULL) /* no-op for a dead session. */
return;
fiber_set_session(fiber(), session);
-
+ /* For triggers. */
+ session_set_user(session, ADMIN, ADMIN);
try {
trigger_run(&session_on_disconnect, NULL);
} catch (Exception *e) {
diff --git a/src/session.h b/src/session.h
index 1ef46bd5886c5cd0394dbae5bbefd05bdefb1b1c..7cb45b8e613fb9f47ac3a2ecedd7613891e15976 100644
--- a/src/session.h
+++ b/src/session.h
@@ -1,3 +1,5 @@
+#ifndef INCLUDES_TARANTOOL_SESSION_H
+#define INCLUDES_TARANTOOL_SESSION_H
/*
* Redistribution and use in source and binary forms, with or
* without modification, are permitted provided that the following
@@ -30,6 +32,10 @@
#include <stdbool.h>
#include "trigger.h"
+enum { SESSION_SEED_SIZE = 32 };
+/** Predefined user ids. */
+enum { GUEST = 0, ADMIN = 1 };
+
/**
* Abstraction of a single user session:
* for now, only provides accounting of established
@@ -40,9 +46,17 @@
*/
struct session {
+ /** Session id. */
uint32_t id;
+ /** File descriptor. */
int fd;
+ /** Peer cookie - description of the peer. */
uint64_t cookie;
+ /** Authentication salt. */
+ int salt[SESSION_SEED_SIZE/sizeof(int)];
+ /** A look up key to quickly find session user. */
+ uint8_t auth_token;
+ uint32_t uid;
};
/**
@@ -71,7 +85,6 @@ session_create(int fd, uint64_t cookie);
void
session_destroy(struct session *);
-
/**
* Return a file descriptor
* associated with a session, or -1 if the
@@ -89,6 +102,14 @@ session_exists(uint32_t sid)
return session_fd(sid) >= 0;
}
+/** Set session auth token and user id. */
+static inline void
+session_set_user(struct session *session, uint8_t auth_token, uint32_t uid)
+{
+ session->auth_token = auth_token;
+ session->uid = uid;
+}
+
/* The global on-connect trigger. */
extern struct rlist session_on_connect;
/* The global on-disconnect trigger. */
@@ -102,3 +123,4 @@ session_free();
void
session_storage_cleanup(int sid);
+#endif /* INCLUDES_TARANTOOL_SESSION_H */
diff --git a/src/sio.h b/src/sio.h
index 4ccba5eed580ff642daab507a525d8f03ef635e7..49a135308be2b8e95a63af5d929e25970d9b35ca 100644
--- a/src/sio.h
+++ b/src/sio.h
@@ -81,7 +81,6 @@ int sio_listen_backlog();
int sio_accept(int fd, struct sockaddr_in *addr, socklen_t *addrlen);
ssize_t sio_read(int fd, void *buf, size_t count);
-ssize_t sio_read_total(int fd, void *buf, size_t count, size_t total);
ssize_t sio_write(int fd, const void *buf, size_t count);
ssize_t sio_writev(int fd, const struct iovec *iov, int iovcnt);
diff --git a/src/tarantool.cc b/src/tarantool.cc
index 532d2b565394636067e72a132038e69088f689b2..a0a6180cbc3729a3f355942671209365895c10e4 100644
--- a/src/tarantool.cc
+++ b/src/tarantool.cc
@@ -68,7 +68,7 @@ extern "C" {
#include "session.h"
#include "box/box.h"
#include "scoped_guard.h"
-
+#include "random.h"
static pid_t master_pid;
const char *cfg_filename = NULL;
@@ -608,6 +608,7 @@ main(int argc, char **argv)
shebang = abspath(argv[0]);
}
+ random_init();
say_init(argv[0]);
crc32_init();
@@ -776,7 +777,6 @@ main(int argc, char **argv)
strcpy(custom_proc_title, "@");
strcat(custom_proc_title, cfg.custom_proc_title);
}
-
say_logger_init(cfg.logger, &cfg.log_level, cfg.logger_nonblock);
say_crit("version %s", tarantool_version());
diff --git a/src/trivia/util.h b/src/trivia/util.h
index 13dcd4e4815eebca44d289c8f4ff4520682e4079..7a1c9ece86773e42de504aea9175cecbf93ca816 100644
--- a/src/trivia/util.h
+++ b/src/trivia/util.h
@@ -171,6 +171,9 @@ void symbols_free();
char *abspath(const char *filename);
+char *
+int2str(int val);
+
#ifndef HAVE_MEMMEM
/* Declare memmem(). */
void *
diff --git a/src/tt_pthread.h b/src/tt_pthread.h
index 93662323d3a43a1e7c9dfdbeae5dafd024b50644..c0a6683651ac1d429e3b491cd172a95322651459 100644
--- a/src/tt_pthread.h
+++ b/src/tt_pthread.h
@@ -76,7 +76,7 @@
if (e != 0 && e != EBUSY) \
say_error("%s error %d at %s:%d", __func__, e, __FILE__, __LINE__);\
assert(e == 0 || e == EBUSY); \
- e \
+ e; \
})
#define tt_pthread_mutex_unlock(mutex) \
@@ -145,7 +145,7 @@
if (ETIMEDOUT != e) \
say_error("%s error %d", __func__, e);\
assert(e == 0 || e == ETIMEDOUT); \
- e \
+ e; \
})
#define tt_pthread_once(control, function) \
diff --git a/src/util.cc b/src/util.cc
index 5401a5bb4abac26f5e9804636c9f1327d8484aad..339e5a10b5d92293193c2416082409afccf21b38 100644
--- a/src/util.cc
+++ b/src/util.cc
@@ -348,6 +348,13 @@ abspath(const char *filename)
return abspath;
}
+char *
+int2str(int val)
+{
+ static char __thread buf[22];
+ snprintf(buf, sizeof(buf), "%d", val);
+ return buf;
+}
#ifdef HAVE_BFD
static struct symbol *symbols;
diff --git a/test/big/lua.result b/test/big/lua.result
index 6444b7564609ab95e555e7635d2ae605fa7703a8..65a49eb15b39bd3d3f1da0479aa9546edefa1751 100644
--- a/test/big/lua.result
+++ b/test/big/lua.result
@@ -472,7 +472,7 @@ t = {}
...
index:pairs('sid_t', { iterator = 'wrong_iterator_type' })
---
-- error: '[string "-- schema.lua (internal file)..."]:299: Wrong iterator type: wrong_iterator_type'
+- error: '[string "-- schema.lua (internal file)..."]:322: Wrong iterator type: wrong_iterator_type'
...
index = nil
---
diff --git a/test/big/sql.result b/test/big/sql.result
index 787aef83f8eac8678dae60bb4768878f653b34db..e9d05c6ba6d406c875d4e87546f61027f0b0fae4 100644
--- a/test/big/sql.result
+++ b/test/big/sql.result
@@ -1,3 +1,9 @@
+box.schema.user.create('test', { password = 'test' })
+---
+...
+box.schema.user.grant('test', 'execute,read,write', 'universe')
+---
+...
s = box.schema.create_space('tweedledum', { id = 0 })
---
...
@@ -584,6 +590,9 @@ delete from t0 where k0=3
---
- [3, 'Creature ']
...
+box.schema.user.drop('test')
+---
+...
s:drop()
---
...
diff --git a/test/big/sql.test.py b/test/big/sql.test.py
index 558103d06b9172280a03d06be15c309e929d862d..f59c80214c0c8bde8a0e485772a431aa14ac96bd 100644
--- a/test/big/sql.test.py
+++ b/test/big/sql.test.py
@@ -3,6 +3,8 @@ sql.sort = True
#
# Prepare spaces
#
+admin("box.schema.user.create('test', { password = 'test' })")
+admin("box.schema.user.grant('test', 'execute,read,write', 'universe')")
admin("s = box.schema.create_space('tweedledum', { id = 0 })")
admin("s:create_index('primary', { type = 'tree', parts = { 0, 'str'} })")
admin("s:create_index('secondary', { type = 'tree', unique = false, parts = {1, 'str'}})")
@@ -12,7 +14,7 @@ print """#
# "SELECT fails with a disjunct and small LIMIT"
# https://bugs.launchpad.net/tarantool/+bug/729758
#"""
-
+sql.authenticate('test', 'test')
sql("insert into t0 values ('Doe', 'Richard')")
sql("insert into t0 values ('Roe', 'Richard')")
sql("insert into t0 values ('Woe', 'Richard')")
@@ -203,6 +205,7 @@ admin("s.index[1]:max()")
sql("delete from t0 where k0=1")
sql("delete from t0 where k0=2")
sql("delete from t0 where k0=3")
+admin("box.schema.user.drop('test')")
admin("s:drop()")
sql.sort = False
diff --git a/test/box/access.result b/test/box/access.result
new file mode 100644
index 0000000000000000000000000000000000000000..d81d8b8ece1e7450c0e9acf7423158d68f6eed46
--- /dev/null
+++ b/test/box/access.result
@@ -0,0 +1,123 @@
+-- user id for a Lua session is admin - 1
+box.session.uid()
+---
+- 1
+...
+-- extra arguments are ignored
+box.session.uid(nil)
+---
+- 1
+...
+-- admin
+box.session.user()
+---
+- admin
+...
+-- extra argumentes are ignored
+box.session.user(nil)
+---
+- admin
+...
+-- password() is a function which returns base64(sha1(sha1(password))
+-- a string to store in _user table
+box.schema.user.password('test')
+---
+- lL3OvhkIPOKh+Vn9Avlkx69M/Ck=
+...
+box.schema.user.password('test1')
+---
+- BsC/W2Ts4vZItfBIpxkDkGugjlw=
+...
+-- admin can create any user
+box.schema.user.create('test', { password = 'test' })
+---
+...
+-- su() let's you change the user of the session
+-- the user will be unabe to change back unless he/she
+-- is granted access to 'su'
+box.session.su('test')
+---
+...
+-- you can't create spaces unless you have a write access on
+-- system space _space
+-- in future we may introduce a separate privilege
+box.schema.create_space('test')
+---
+- error: Read access denied for user 'test' to space '_space'
+...
+-- su() goes through because called from admin
+-- console, and it has no access checks
+-- for functions
+box.session.su('admin')
+---
+...
+box.schema.user.grant('test', 'write', 'space', '_space')
+---
+...
+--# setopt delimiter ';'
+function usermax()
+ local i = 1
+ while true do
+ box.schema.user.create('user'..i)
+ i = i + 1
+ end
+end;
+---
+...
+usermax();
+---
+- error: 'A limit on the total number of users has been reached: 32'
+...
+function usermax()
+ local i = 1
+ while true do
+ box.schema.user.drop('user'..i)
+ i = i + 1
+ end
+end;
+---
+...
+usermax();
+---
+- error: User 'user30' does not exist
+...
+--# setopt delimiter ''
+box.schema.user.create('rich')
+---
+...
+box.schema.user.grant('rich', 'read,write', 'universe')
+---
+...
+box.session.su('rich')
+---
+...
+uid = box.session.uid()
+---
+...
+box.schema.func.create('dummy')
+---
+...
+box.session.su('admin')
+---
+...
+box.space['_user']:delete{uid}
+---
+- error: 'Failed to drop user ''rich'': the user has objects'
+...
+box.schema.func.drop('dummy')
+---
+...
+box.space['_user']:delete{uid}
+---
+- error: 'Failed to drop user ''rich'': the user has objects'
+...
+box.schema.user.revoke('rich', 'read,write', 'universe')
+---
+...
+box.space['_user']:delete{uid}
+---
+- [3, '', 'rich', []]
+...
+box.schema.user.drop('test')
+---
+...
diff --git a/test/box/access.test.lua b/test/box/access.test.lua
new file mode 100644
index 0000000000000000000000000000000000000000..48b5ef987f3a6e378c0ab22df378c1ec0569d277
--- /dev/null
+++ b/test/box/access.test.lua
@@ -0,0 +1,58 @@
+-- user id for a Lua session is admin - 1
+box.session.uid()
+-- extra arguments are ignored
+box.session.uid(nil)
+-- admin
+box.session.user()
+-- extra argumentes are ignored
+box.session.user(nil)
+-- password() is a function which returns base64(sha1(sha1(password))
+-- a string to store in _user table
+box.schema.user.password('test')
+box.schema.user.password('test1')
+-- admin can create any user
+box.schema.user.create('test', { password = 'test' })
+-- su() let's you change the user of the session
+-- the user will be unabe to change back unless he/she
+-- is granted access to 'su'
+box.session.su('test')
+-- you can't create spaces unless you have a write access on
+-- system space _space
+-- in future we may introduce a separate privilege
+box.schema.create_space('test')
+-- su() goes through because called from admin
+-- console, and it has no access checks
+-- for functions
+box.session.su('admin')
+box.schema.user.grant('test', 'write', 'space', '_space')
+
+--# setopt delimiter ';'
+function usermax()
+ local i = 1
+ while true do
+ box.schema.user.create('user'..i)
+ i = i + 1
+ end
+end;
+usermax();
+function usermax()
+ local i = 1
+ while true do
+ box.schema.user.drop('user'..i)
+ i = i + 1
+ end
+end;
+usermax();
+--# setopt delimiter ''
+box.schema.user.create('rich')
+box.schema.user.grant('rich', 'read,write', 'universe')
+box.session.su('rich')
+uid = box.session.uid()
+box.schema.func.create('dummy')
+box.session.su('admin')
+box.space['_user']:delete{uid}
+box.schema.func.drop('dummy')
+box.space['_user']:delete{uid}
+box.schema.user.revoke('rich', 'read,write', 'universe')
+box.space['_user']:delete{uid}
+box.schema.user.drop('test')
diff --git a/test/box/alter.result b/test/box/alter.result
index 71fe92ccda806b3b60f8fbd19f57106a15ddfd72..618a03445c72c8745b696b35db3f4664b1253e87 100644
--- a/test/box/alter.result
+++ b/test/box/alter.result
@@ -4,11 +4,14 @@ _space = box.space[box.schema.SPACE_ID]
_index = box.space[box.schema.INDEX_ID]
---
...
+ADMIN = 1
+---
+...
--
-- Test insertion into a system space - verify that
-- mandatory fields are required.
--
-_space:insert{_space.n, 5, 'test'}
+_space:insert{_space.n, ADMIN, 'test', 5 }
---
- error: Duplicate key exists in unique index 0
...
@@ -22,35 +25,35 @@ _space:insert{'hello', 'world', 'test'}
--
-- Can't create a space which has wrong arity - arity must be NUM
--
-_space:insert{_space.n, 'world', 'test'}
+_space:insert{_space.n, ADMIN, 'test', 'world'}
---
- error: Duplicate key exists in unique index 0
...
--
-- There is already a tuple for the system space
--
-_space:insert{_space.n, 0, '_space'}
+_space:insert{_space.n, ADMIN, '_space', 0}
---
- error: Duplicate key exists in unique index 0
...
-_space:replace{_space.n, 0, '_space'}
+_space:replace{_space.n, ADMIN, '_space', 0}
---
-- [280, 0, '_space']
+- [280, 1, '_space', 0]
...
-_space:insert{_index.n, 0, '_index'}
+_space:insert{_index.n, ADMIN, '_index', 0}
---
- error: Duplicate key exists in unique index 0
...
-_space:replace{_index.n, 0, '_index'}
+_space:replace{_index.n, ADMIN, '_index', 0}
---
-- [288, 0, '_index']
+- [288, 1, '_index', 0]
...
--
-- Can't change properties of a space
--
-_space:replace{_space.n, 0, '_space'}
+_space:replace{_space.n, ADMIN, '_space', 0}
---
-- [280, 0, '_space']
+- [280, 1, '_space', 0]
...
--
-- Can't drop a system space
@@ -77,7 +80,7 @@ _space:update({_space.n}, {{'+', 0, 2}})
--
-- Create a space
--
-t = _space:auto_increment{0, 'hello'}
+t = _space:auto_increment{ADMIN, 'hello', 0}
---
...
-- Check that a space exists
@@ -86,7 +89,7 @@ space = box.space[t[0]]
...
space.n
---
-- 289
+- 313
...
space.arity
---
@@ -101,23 +104,23 @@ space.index[0]
--
space:select{0}
---
-- error: 'No index #0 is defined in space 289'
+- error: 'No index #0 is defined in space 313'
...
space:insert{0, 0}
---
-- error: 'No index #0 is defined in space 289'
+- error: 'No index #0 is defined in space 313'
...
space:replace{0, 0}
---
-- error: 'No index #0 is defined in space 289'
+- error: 'No index #0 is defined in space 313'
...
space:update({0}, {{'+', 0, 1}})
---
-- error: 'No index #0 is defined in space 289'
+- error: 'No index #0 is defined in space 313'
...
space:delete{0}
---
-- error: 'No index #0 is defined in space 289'
+- error: 'No index #0 is defined in space 313'
...
t = _space:delete{space.n}
---
@@ -131,7 +134,7 @@ space_deleted
...
space:replace{0}
---
-- error: Space 289 does not exist
+- error: Space 313 does not exist
...
_index:insert{_space.n, 0, 'primary', 'tree', 1, 1, 0, 'num'}
---
@@ -153,18 +156,26 @@ _index:select{}
---
- - [272, 0, 'primary', 'tree', 1, 1, 0, 'str']
- [280, 0, 'primary', 'tree', 1, 1, 0, 'num']
- - [280, 1, 'name', 'tree', 1, 1, 2, 'str']
+ - [280, 1, 'owner', 'tree', 0, 1, 1, 'num']
+ - [280, 2, 'name', 'tree', 1, 1, 2, 'str']
- [288, 0, 'primary', 'tree', 1, 2, 0, 'num', 1, 'num']
- - [288, 1, 'name', 'tree', 1, 2, 0, 'num', 2, 'str']
+ - [288, 2, 'name', 'tree', 1, 2, 0, 'num', 2, 'str']
+ - [296, 0, 'primary', 'tree', 1, 1, 0, 'num']
+ - [296, 1, 'owner', 'tree', 0, 1, 1, 'num']
+ - [296, 2, 'name', 'tree', 1, 1, 2, 'str']
+ - [304, 0, 'primary', 'tree', 1, 1, 0, 'num']
+ - [304, 2, 'name', 'tree', 1, 1, 2, 'str']
+ - [312, 0, 'primary', 'tree', 1, 3, 1, 'num', 2, 'str', 3, 'num']
+ - [312, 1, 'owner', 'tree', 0, 1, 1, 'num']
...
-- modify indexes of a system space
_index:delete{_index.n, 0}
---
- error: Can't drop the primary key in a system space, space id 288
...
-_space:insert{1000, 0, 'hello'}
+_space:insert{1000, ADMIN, 'hello', 0}
---
-- [1000, 0, 'hello']
+- [1000, 1, 'hello', 0]
...
_index:insert{1000, 0, 'primary', 'tree', 1, 1, 0, 'num'}
---
@@ -195,9 +206,12 @@ box.snapshot()
...
--# stop server default
--# start server default
-box.space['_space']:insert{1000, 0, 'test'}
+ADMIN = 1
+---
+...
+box.space['_space']:insert{1000, ADMIN, 'test', 0}
---
-- [1000, 0, 'test']
+- [1000, 1, 'test', 0]
...
box.space[1000].n
---
@@ -205,7 +219,7 @@ box.space[1000].n
...
box.space['_space']:delete{1000}
---
-- [1000, 0, 'test']
+- [1000, 1, 'test', 0]
...
box.space[1000]
---
diff --git a/test/box/alter.test.lua b/test/box/alter.test.lua
index e8058fb99d187384bfe99e782af56f135e46c5ac..120d2237d9cbcc975b8f35a0caebbfe17b1b2672 100644
--- a/test/box/alter.test.lua
+++ b/test/box/alter.test.lua
@@ -1,10 +1,11 @@
_space = box.space[box.schema.SPACE_ID]
_index = box.space[box.schema.INDEX_ID]
+ADMIN = 1
--
-- Test insertion into a system space - verify that
-- mandatory fields are required.
--
-_space:insert{_space.n, 5, 'test'}
+_space:insert{_space.n, ADMIN, 'test', 5 }
--
-- Bad space id
--
@@ -12,18 +13,18 @@ _space:insert{'hello', 'world', 'test'}
--
-- Can't create a space which has wrong arity - arity must be NUM
--
-_space:insert{_space.n, 'world', 'test'}
+_space:insert{_space.n, ADMIN, 'test', 'world'}
--
-- There is already a tuple for the system space
--
-_space:insert{_space.n, 0, '_space'}
-_space:replace{_space.n, 0, '_space'}
-_space:insert{_index.n, 0, '_index'}
-_space:replace{_index.n, 0, '_index'}
+_space:insert{_space.n, ADMIN, '_space', 0}
+_space:replace{_space.n, ADMIN, '_space', 0}
+_space:insert{_index.n, ADMIN, '_index', 0}
+_space:replace{_index.n, ADMIN, '_index', 0}
--
-- Can't change properties of a space
--
-_space:replace{_space.n, 0, '_space'}
+_space:replace{_space.n, ADMIN, '_space', 0}
--
-- Can't drop a system space
--
@@ -37,7 +38,7 @@ _space:update({_space.n}, {{'+', 0, 2}})
--
-- Create a space
--
-t = _space:auto_increment{0, 'hello'}
+t = _space:auto_increment{ADMIN, 'hello', 0}
-- Check that a space exists
space = box.space[t[0]]
space.n
@@ -62,7 +63,7 @@ _index:replace{_index.n, 0, 'primary', 'tree', 1, 2, 0, 'num', 1, 'num'}
_index:select{}
-- modify indexes of a system space
_index:delete{_index.n, 0}
-_space:insert{1000, 0, 'hello'}
+_space:insert{1000, ADMIN, 'hello', 0}
_index:insert{1000, 0, 'primary', 'tree', 1, 1, 0, 'num'}
box.space[1000]:insert{0, 'hello, world'}
box.space[1000]:drop()
@@ -74,7 +75,8 @@ _space:run_triggers(false)
box.snapshot()
--# stop server default
--# start server default
-box.space['_space']:insert{1000, 0, 'test'}
+ADMIN = 1
+box.space['_space']:insert{1000, ADMIN, 'test', 0}
box.space[1000].n
box.space['_space']:delete{1000}
box.space[1000]
diff --git a/test/box/alter_limits.result b/test/box/alter_limits.result
index 03b43e0f3e9ed651c490c420cccc7a52c0204963..2b47ebd6bbf7f3b07f4a8e71287b077280425ea6 100644
--- a/test/box/alter_limits.result
+++ b/test/box/alter_limits.result
@@ -244,8 +244,11 @@ s:select{}
---
- - [1, 2]
...
+ARITY = 3
+---
+...
-- increase arity -- error
-box.space['_space']:update(s.n, {{"=", 1, 3}})
+box.space['_space']:update(s.n, {{"=", ARITY, 3}})
---
- error: 'Can''t modify space 512: can not change arity on a non-empty space'
...
@@ -254,21 +257,21 @@ s:select{}
- - [1, 2]
...
-- decrease arity - error
-box.space['_space']:update(s.n, {{"=", 1, 1}})
+box.space['_space']:update(s.n, {{"=", ARITY, 1}})
---
- error: 'Can''t modify space 512: can not change arity on a non-empty space'
...
-- remove arity - ok
-box.space['_space']:update(s.n, {{"=", 1, 0}})
+box.space['_space']:update(s.n, {{"=", ARITY, 0}})
---
-- [512, 0, 'test', '']
+- [512, 1, 'test', 0, '']
...
s:select{}
---
- - [1, 2]
...
-- increase arity - error
-box.space['_space']:update(s.n, {{"=", 1, 3}})
+box.space['_space']:update(s.n, {{"=", ARITY, 3}})
---
- error: 'Can''t modify space 512: can not change arity on a non-empty space'
...
@@ -280,9 +283,9 @@ s:select{}
- []
...
-- set arity of an empty space
-box.space['_space']:update(s.n, {{"=", 1, 3}})
+box.space['_space']:update(s.n, {{"=", ARITY, 3}})
---
-- [512, 3, 'test', '']
+- [512, 1, 'test', 3, '']
...
s:select{}
---
@@ -659,7 +662,7 @@ s:create_index('third', { type = 'hash', parts = { 2, 'num' } })
...
s.index.third:rename('second')
---
-- error: Duplicate key exists in unique index 1
+- error: Duplicate key exists in unique index 2
...
s.index.third.id
---
diff --git a/test/box/alter_limits.test.lua b/test/box/alter_limits.test.lua
index 82063fc12998c868d03bfc4421afb6bbd1a967be..f55125206f99489131094b0fe5abec834b448e79 100644
--- a/test/box/alter_limits.test.lua
+++ b/test/box/alter_limits.test.lua
@@ -84,20 +84,22 @@ s:insert{1}
s:insert{1, 2}
s:insert{1, 2, 3}
s:select{}
+ARITY = 3
-- increase arity -- error
-box.space['_space']:update(s.n, {{"=", 1, 3}})
+
+box.space['_space']:update(s.n, {{"=", ARITY, 3}})
s:select{}
-- decrease arity - error
-box.space['_space']:update(s.n, {{"=", 1, 1}})
+box.space['_space']:update(s.n, {{"=", ARITY, 1}})
-- remove arity - ok
-box.space['_space']:update(s.n, {{"=", 1, 0}})
+box.space['_space']:update(s.n, {{"=", ARITY, 0}})
s:select{}
-- increase arity - error
-box.space['_space']:update(s.n, {{"=", 1, 3}})
+box.space['_space']:update(s.n, {{"=", ARITY, 3}})
s:truncate()
s:select{}
-- set arity of an empty space
-box.space['_space']:update(s.n, {{"=", 1, 3}})
+box.space['_space']:update(s.n, {{"=", ARITY, 3}})
s:select{}
-- arity actually works
s:insert{3, 4}
diff --git a/test/box/bad_trigger.result b/test/box/bad_trigger.result
index a28855fbba5f38416b62fb7af4ffff5cae0a5b98..b40377d1712a5493a6b256b87c9530d8bb9d93cf 100644
--- a/test/box/bad_trigger.result
+++ b/test/box/bad_trigger.result
@@ -10,12 +10,7 @@ box.session.on_connect(f1)
---
...
select * from t0 where k0=0
----
-- error:
- errcode: ER_PROC_LUA
- errmsg: [string "function f1() nosuchfunction() end"]:1: attempt to call global 'nosuchfunction' (a nil value)
-...
-Connection is dead.
+Connection is dead: Connection reset by peer.
box.session.on_connect(nil, f1)
---
diff --git a/test/box/bad_trigger.test.py b/test/box/bad_trigger.test.py
index 083c7c6235afb1f6b4bac38a265e1e42d8b79c74..2083ac3f8cdfa8046c7a44aba60e9c18f3b90c93 100644
--- a/test/box/bad_trigger.test.py
+++ b/test/box/bad_trigger.test.py
@@ -1,4 +1,5 @@
from lib.box_connection import BoxConnection
+from tarantool import NetworkError
print """
#
# if on_connect() trigger raises an exception, the connection is dropped
@@ -7,11 +8,11 @@ print """
admin("function f1() nosuchfunction() end")
admin("box.session.on_connect(f1)")
-con1 = BoxConnection('localhost', sql.port)
-con1("select * from t0 where k0=0")
-if not con1.check_connection():
- print "Connection is dead.\n"
-else:
+try:
+ con1 = BoxConnection('localhost', sql.port)
+ con1("select * from t0 where k0=0")
print "Connection is alive.\n"
+except NetworkError as e:
+ print "Connection is dead: {0}.\n".format(e.message)
# Clean-up
admin("box.session.on_connect(nil, f1)")
diff --git a/test/box/call.result b/test/box/call.result
index 334ccd8cdb592844954ef85becd7953abafa4393..06625a45290faf2c7104c66c4a8243e14f87aa3d 100644
--- a/test/box/call.result
+++ b/test/box/call.result
@@ -1,3 +1,9 @@
+box.schema.user.create('test', { password = 'test' })
+---
+...
+box.schema.user.grant('test', 'execute,read,write', 'universe')
+---
+...
function f1() return 'testing', 1, false, -1, 1.123, 1e123, nil end
---
...
@@ -366,3 +372,6 @@ call space:delete(4)
space:drop()
---
...
+box.schema.user.drop('test')
+---
+...
diff --git a/test/box/call.test.py b/test/box/call.test.py
index 830b5ef80bed84a1a42cb89775049aa285cb7031..a126b578fdd386a62173c8df3ca04ce0c019ed35 100644
--- a/test/box/call.test.py
+++ b/test/box/call.test.py
@@ -1,6 +1,9 @@
import os
import sys
+admin("box.schema.user.create('test', { password = 'test' })")
+admin("box.schema.user.grant('test', 'execute,read,write', 'universe')")
+sql.authenticate('test', 'test')
admin("function f1() return 'testing', 1, false, -1, 1.123, 1e123, nil end")
admin("f1()")
sql("call f1()")
@@ -118,3 +121,4 @@ sql("call field_x(4, 1)")
sql("call space:delete(4)")
admin("space:drop()")
+admin("box.schema.user.drop('test')")
diff --git a/test/box/dup_key1.xlog b/test/box/dup_key1.xlog
index a168b8473c850b6915b89dae08b8fce7816dc0e2..08563a9fb2cb9836509d28764624e13ae2c2d2dd 100644
Binary files a/test/box/dup_key1.xlog and b/test/box/dup_key1.xlog differ
diff --git a/test/box/dup_key2.xlog b/test/box/dup_key2.xlog
index 5d6978b801b0a483023b3efd218fadcd97645d5c..fb10436343275d0d4f7b12af4a3746fa56f0c55b 100644
Binary files a/test/box/dup_key2.xlog and b/test/box/dup_key2.xlog differ
diff --git a/test/box/misc.result b/test/box/misc.result
index 3f0752c55796438c320dbeef3a4921c847afbc85..b84c05a3806f610eb400dd6394f78dae849bb052 100644
--- a/test/box/misc.result
+++ b/test/box/misc.result
@@ -193,7 +193,8 @@ end;
...
t;
---
-- - 'box.error.ER_NO_SUCH_INDEX : 35'
+- - 'box.error.ER_CREATE_FUNCTION : 50'
+ - 'box.error.ER_NO_SUCH_INDEX : 35'
- 'box.error.ER_TUPLE_FOUND : 3'
- 'box.error.ER_CREATE_SPACE : 9'
- 'box.error.ER_TUPLE_FORMAT_LIMIT : 16'
@@ -202,25 +203,39 @@ t;
- 'box.error.ER_TUPLE_NOT_FOUND : 4'
- 'box.error.ER_INDEX_ARITY : 39'
- 'box.error.ER_WAL_IO : 40'
+ - 'box.error.ER_USER_MAX : 56'
+ - 'box.error.ER_NO_SUCH_FUNCTION : 51'
- 'box.error.ER_INJECTION : 8'
- 'box.error.ER_DROP_PRIMARY_KEY : 17'
- 'box.error.ER_INDEX_TYPE : 13'
- 'box.error.ER_ARG_TYPE : 26'
+ - 'box.error.ER_FUNCTION_MAX : 54'
+ - 'box.error.ER_FUNCTION_ACCESS_DENIED : 53'
+ - 'box.error.ER_SPACE_ARITY : 38'
- 'box.error.ER_INVALID_MSGPACK : 20'
+ - 'box.error.ER_SPACE_ACCESS_DENIED : 55'
- 'box.error.ER_KEY_PART_COUNT : 31'
+ - 'box.error.ER_UNKNOWN_SCHEMA_OBJECT : 49'
+ - 'box.error.ER_USER_EXISTS : 46'
- 'box.error.ER_MEMORY_ISSUE : 2'
- 'box.error.ER_ILLEGAL_PARAMS : 1'
- 'box.error.ER_KEY_FIELD_TYPE : 18'
- 'box.error.ER_NONMASTER : 6'
+ - 'box.error.ER_UNKNOWN_REQUEST_TYPE : 48'
- 'box.error.ER_FIELD_TYPE_MISMATCH : 24'
- 'box.error.ER_MODIFY_INDEX : 14'
+ - 'box.error.ER_PASSWORD_MISMATCH : 47'
- 'box.error.ER_EXACT_MATCH : 19'
+ - 'box.error.ER_NO_SUCH_USER : 45'
- 'box.error.ER_SECONDARY : 7'
+ - 'box.error.ER_FUNCTION_EXISTS : 52'
+ - 'box.error.ER_CREATE_USER : 43'
+ - 'box.error.ER_ACCESS_DENIED : 42'
- 'box.error.ER_LAST_DROP : 15'
- 'box.error.ER_UPDATE_FIELD : 29'
- 'box.error.ER_FIBER_STACK : 30'
- 'box.error.ER_UNKNOWN_UPDATE_OP : 28'
- - 'box.error.ER_SPACE_ARITY : 38'
+ - 'box.error.ER_DROP_USER : 44'
- 'box.error.ER_UNSUPPORTED : 5'
- 'box.error.ER_NO_SUCH_FIELD : 37'
- 'box.error.ER_TUPLE_NOT_ARRAY : 22'
diff --git a/test/box/net.box.result b/test/box/net.box.result
index 335d6819a6808dc7964d5641bee860ee625e1081..bc82f3272e3481a23d6ff7fddb9fa3f39d0c956d 100644
--- a/test/box/net.box.result
+++ b/test/box/net.box.result
@@ -4,6 +4,9 @@ space = box.schema.create_space('tweedledum')
space:create_index('primary', { type = 'tree'})
---
...
+box.schema.user.grant('guest', 'read,write,execute', 'universe')
+---
+...
remote = box.net.box.new('localhost', box.cfg.primary_port, '0.5')
---
...
@@ -427,13 +430,16 @@ remote:close()
...
remote:close()
---
-- error: '[string "-- box_net.lua (internal file)..."]:528: box.net.box: already closed'
+- error: '[string "-- box_net.lua (internal file)..."]:530: box.net.box: already closed'
...
remote:ping()
---
-- error: '[string "-- box_net.lua (internal file)..."]:533: box.net.box: connection
+- error: '[string "-- box_net.lua (internal file)..."]:535: box.net.box: connection
was closed'
...
space:drop()
---
...
+box.schema.user.revoke('guest', 'read,write,execute', 'universe')
+---
+...
diff --git a/test/box/net.box.test.lua b/test/box/net.box.test.lua
index 388922aeafc115ef42fc93e49bc581c4c329362b..09e43a4d263dee17ee01c6fd3e0546df29e0bda3 100644
--- a/test/box/net.box.test.lua
+++ b/test/box/net.box.test.lua
@@ -1,5 +1,6 @@
space = box.schema.create_space('tweedledum')
space:create_index('primary', { type = 'tree'})
+box.schema.user.grant('guest', 'read,write,execute', 'universe')
remote = box.net.box.new('localhost', box.cfg.primary_port, '0.5')
type(remote)
remote:ping()
@@ -149,3 +150,4 @@ remote:close()
remote:ping()
space:drop()
+box.schema.user.revoke('guest', 'read,write,execute', 'universe')
diff --git a/test/box/session.result b/test/box/session.result
index ad5be7bc5292a7586e37f170d9deab12eb56daf0..4678a1ddccfd54e02443d6cbfe905f1bd9c7ba59 100644
--- a/test/box/session.result
+++ b/test/box/session.result
@@ -186,3 +186,11 @@ active_connections
space:drop()
---
...
+box.session.uid()
+---
+- 1
+...
+box.session.user()
+---
+- admin
+...
diff --git a/test/box/session.test.lua b/test/box/session.test.lua
index 41323d4c0e31d8b6ca5fc73c71cb844170b67d96..f5b5111edce8e9012f2276636634eaa66fc834cd 100644
--- a/test/box/session.test.lua
+++ b/test/box/session.test.lua
@@ -79,3 +79,6 @@ box.session.on_disconnect(nil, audit_disconnect)
active_connections
space:drop()
+
+box.session.uid()
+box.session.user()
diff --git a/test/box/socket.result b/test/box/socket.result
index 82b40765dc925d19e9a12f2df7db1da48f623535..4637fcc3b630f0a1353e205f75528c0cc8480dc6 100644
--- a/test/box/socket.result
+++ b/test/box/socket.result
@@ -899,7 +899,7 @@ ping
s:close()
---
...
- replies = 0 packet = msgpack.encode({[0] = 64, [1] = 0}) packet = msgpack.encode(packet:len())..packet function bug1160869() local s = box.socket.tcp() s:connect('127.0.0.1', box.cfg.primary_port) box.fiber.resume( box.fiber.create(function() box.fiber.detach() while true do _, status = s:recv(18) if status == "eof" then error("unexpected eof") end replies = replies + 1 end end) ) return s:send(packet) end
+ replies = 0 packet = msgpack.encode({[0] = 64, [1] = 0}) packet = msgpack.encode(packet:len())..packet function bug1160869() local s = box.socket.tcp() s:connect('127.0.0.1', box.cfg.primary_port) s:recv(128) box.fiber.resume( box.fiber.create(function() box.fiber.detach() while true do _, status = s:recv(18) if status == "eof" then error("unexpected eof") end replies = replies + 1 end end) ) return s:send(packet) end
---
...
bug1160869()
@@ -921,7 +921,7 @@ replies
---
- 3
...
- s = nil syncno = 0 reps = 0 packet = msgpack.encode({[0] = 64, [1] = 0}) packet = msgpack.encode(packet:len())..packet function iostart() if s ~= nil then return end s = box.socket.tcp() s:connect('127.0.0.1', box.cfg.primary_port) box.fiber.resume( box.fiber.create(function() box.fiber.detach() while true do s:recv(18) if status == "eof" then error("unexpected eof") end reps = reps + 1 end end)) end function iotest() iostart() syncno = syncno + 1 packet = msgpack.encode({[0] = 64, [1] = syncno}) packet = msgpack.encode(packet:len())..packet return s:send(packet) end
+ s = nil syncno = 0 reps = 0 packet = msgpack.encode({[0] = 64, [1] = 0}) packet = msgpack.encode(packet:len())..packet function iostart() if s ~= nil then return end s = box.socket.tcp() s:connect('127.0.0.1', box.cfg.primary_port) s:recv(128) box.fiber.resume( box.fiber.create(function() box.fiber.detach() while true do s:recv(18) if status == "eof" then error("unexpected eof") end reps = reps + 1 end end)) end function iotest() iostart() syncno = syncno + 1 packet = msgpack.encode({[0] = 64, [1] = syncno}) packet = msgpack.encode(packet:len())..packet return s:send(packet) end
---
...
iotest()
@@ -946,7 +946,7 @@ reps
test_listen_done = false
---
...
- function server() ms = box.socket.tcp() ms:bind('127.0.0.1', 8181) ms:listen() test_listen_done = true while true do local s = ms:accept( .5 ) if s ~= 'timeout' then print("accepted connection ", s) s:send('Hello world') s:shutdown(box.socket.SHUT_RDWR) end end end fbr = box.fiber.wrap(server)
+ function server() ms = box.socket.tcp() ms:bind('127.0.0.1', 8181) ms:listen() test_listen_done = true while true do local s = ms:accept( .5 ) if s ~= 'timeout' then print("accepted connection ", s) s:send('Hello world') s:shutdown(box.socket.SHUT_RDWR) end end end fbr = box.fiber.wrap(server)
---
...
wait_cout = 100 while not test_listen_done and wait_cout > 0 do box.fiber.sleep(0.001) wait_cout = wait_cout - 1 end
diff --git a/test/box/socket.test.py b/test/box/socket.test.py
index c5862682e82378c577ebe9d9a5f28e7dae6ae76d..0b86dd8553fbbfb3672a7d13bcbd511851fa288c 100644
--- a/test/box/socket.test.py
+++ b/test/box/socket.test.py
@@ -514,19 +514,20 @@ replies = 0
packet = msgpack.encode({[0] = 64, [1] = 0})
packet = msgpack.encode(packet:len())..packet
function bug1160869()
- local s = box.socket.tcp()
- s:connect('127.0.0.1', box.cfg.primary_port)
- box.fiber.resume( box.fiber.create(function()
- box.fiber.detach()
- while true do
- _, status = s:recv(18)
+ local s = box.socket.tcp()
+ s:connect('127.0.0.1', box.cfg.primary_port)
+ s:recv(128)
+ box.fiber.resume( box.fiber.create(function()
+ box.fiber.detach()
+ while true do
+ _, status = s:recv(18)
if status == "eof" then
error("unexpected eof")
end
- replies = replies + 1
- end
- end) )
- return s:send(packet)
+ replies = replies + 1
+ end
+ end) )
+ return s:send(packet)
end
"""
admin(test.replace('\n', ' '))
@@ -544,29 +545,30 @@ reps = 0
packet = msgpack.encode({[0] = 64, [1] = 0})
packet = msgpack.encode(packet:len())..packet
function iostart()
- if s ~= nil then
- return
- end
- s = box.socket.tcp()
- s:connect('127.0.0.1', box.cfg.primary_port)
- box.fiber.resume( box.fiber.create(function()
- box.fiber.detach()
- while true do
- s:recv(18)
+ if s ~= nil then
+ return
+ end
+ s = box.socket.tcp()
+ s:connect('127.0.0.1', box.cfg.primary_port)
+ s:recv(128)
+ box.fiber.resume( box.fiber.create(function()
+ box.fiber.detach()
+ while true do
+ s:recv(18)
if status == "eof" then
error("unexpected eof")
end
- reps = reps + 1
- end
- end))
+ reps = reps + 1
+ end
+ end))
end
function iotest()
- iostart()
- syncno = syncno + 1
+ iostart()
+ syncno = syncno + 1
packet = msgpack.encode({[0] = 64, [1] = syncno})
packet = msgpack.encode(packet:len())..packet
- return s:send(packet)
+ return s:send(packet)
end
"""
admin(test.replace('\n', ' '))
@@ -582,19 +584,19 @@ admin("reps")
#
test="""
function server()
- ms = box.socket.tcp()
- ms:bind('127.0.0.1', 8181)
- ms:listen()
- test_listen_done = true
-
- while true do
- local s = ms:accept( .5 )
- if s ~= 'timeout' then
- print("accepted connection ", s)
- s:send('Hello world')
- s:shutdown(box.socket.SHUT_RDWR)
- end
- end
+ ms = box.socket.tcp()
+ ms:bind('127.0.0.1', 8181)
+ ms:listen()
+ test_listen_done = true
+
+ while true do
+ local s = ms:accept( .5 )
+ if s ~= 'timeout' then
+ print("accepted connection ", s)
+ s:send('Hello world')
+ s:shutdown(box.socket.SHUT_RDWR)
+ end
+ end
end
fbr = box.fiber.wrap(server)
diff --git a/test/box/sql.result b/test/box/sql.result
index ef1e79a47b07d601776c51d5d39611c0d88ebc8b..764055da360e41705bd97128c0b21b94c28de046 100644
--- a/test/box/sql.result
+++ b/test/box/sql.result
@@ -1,7 +1,22 @@
-space = box.schema.create_space('tweedledum', { id = 0 })
+function f() box.schema.create_space('test', { id = 0 }) end
---
...
-space:create_index('primary', { type = 'hash' })
+box.schema.user.create('test', { password = 'test' })
+---
+...
+box.schema.func.create('f')
+---
+...
+box.schema.user.grant('test', 'Write', 'space', '_space')
+---
+...
+box.schema.user.grant('test', 'Execute', 'function', 'f')
+---
+...
+call f()
+---
+...
+box.space.test:create_index('primary', { type = 'hash' })
---
...
ping
@@ -170,6 +185,9 @@ select * from t4294967295 where k0 = 0
box.space[0]:drop()
---
...
+box.schema.user.drop('test')
+---
+...
#
# A test case for: http://bugs.launchpad.net/bugs/716683
# Admin console should not stall on unknown command.
diff --git a/test/box/sql.test.py b/test/box/sql.test.py
index 19af93c2cc93779d415d62692f92f7601e79239b..4c95fd633697139c01ccde1b445ae7a45ceacebe 100644
--- a/test/box/sql.test.py
+++ b/test/box/sql.test.py
@@ -12,8 +12,15 @@ sql.set_schema({
}
})
-admin("space = box.schema.create_space('tweedledum', { id = 0 })")
-admin("space:create_index('primary', { type = 'hash' })")
+admin("function f() box.schema.create_space('test', { id = 0 }) end")
+admin("box.schema.user.create('test', { password = 'test' })")
+admin("box.schema.func.create('f')")
+admin("box.schema.user.grant('test', 'Write', 'space', '_space')")
+admin("box.schema.user.grant('test', 'Execute', 'function', 'f')")
+sql.authenticate('test', 'test')
+# call from sql to have the right owner
+sql("call f()")
+admin("box.space.test:create_index('primary', { type = 'hash' })")
sql("ping")
# xxx: bug -- currently selects no rows
sql("select * from t0")
@@ -73,6 +80,7 @@ sql("select * from t1 where k0 = 0")
sql("select * from t65537 where k0 = 0")
sql("select * from t4294967295 where k0 = 0")
admin("box.space[0]:drop()")
+admin("box.schema.user.drop('test')")
print """#
# A test case for: http://bugs.launchpad.net/bugs/716683
diff --git a/test/box/temp_spaces.result b/test/box/temp_spaces.result
index 4b068703634f820feddc1309fd3aebc6bc532a7e..133932e0b52554021cb429a791918c7e56c54263 100644
--- a/test/box/temp_spaces.result
+++ b/test/box/temp_spaces.result
@@ -1,5 +1,8 @@
-- temporary spaces
-- not a temporary
+FLAGS = 4
+---
+...
s = box.schema.create_space('t', { temporary = true })
---
...
@@ -50,16 +53,19 @@ s:len()
---
- 1
...
-box.space[box.schema.SPACE_ID]:update(s.n, {{'=', 3, 'temporary'}})
+box.space[box.schema.SPACE_ID]:update(s.n, {{'=', FLAGS, 'temporary'}})
---
-- [512, 0, 't', 'temporary']
+- [512, 1, 't', 0, 'temporary']
...
-box.space[box.schema.SPACE_ID]:update(s.n, {{'=', 3, ''}})
+box.space[box.schema.SPACE_ID]:update(s.n, {{'=', FLAGS, ''}})
---
- error: 'Can''t modify space 512: can not switch temporary flag on a non-empty space'
...
--# stop server default
--# start server default
+FLAGS = 4
+---
+...
s = box.space.t
---
...
@@ -71,33 +77,33 @@ s.temporary
---
- true
...
-box.space[box.schema.SPACE_ID]:update(s.n, {{'=', 3, 'no-temporary'}})
+box.space[box.schema.SPACE_ID]:update(s.n, {{'=', FLAGS, 'no-temporary'}})
---
-- [512, 0, 't', 'no-temporary']
+- [512, 1, 't', 0, 'no-temporary']
...
s.temporary
---
- false
...
-box.space[box.schema.SPACE_ID]:update(s.n, {{'=', 3, ',:asfda:temporary'}})
+box.space[box.schema.SPACE_ID]:update(s.n, {{'=', FLAGS, ',:asfda:temporary'}})
---
-- [512, 0, 't', ',:asfda:temporary']
+- [512, 1, 't', 0, ',:asfda:temporary']
...
s.temporary
---
- false
...
-box.space[box.schema.SPACE_ID]:update(s.n, {{'=', 3, 'a,b,c,d,e'}})
+box.space[box.schema.SPACE_ID]:update(s.n, {{'=', FLAGS, 'a,b,c,d,e'}})
---
-- [512, 0, 't', 'a,b,c,d,e']
+- [512, 1, 't', 0, 'a,b,c,d,e']
...
s.temporary
---
- false
...
-box.space[box.schema.SPACE_ID]:update(s.n, {{'=', 3, 'temporary'}})
+box.space[box.schema.SPACE_ID]:update(s.n, {{'=', FLAGS, 'temporary'}})
---
-- [512, 0, 't', 'temporary']
+- [512, 1, 't', 0, 'temporary']
...
s.temporary
---
@@ -110,11 +116,11 @@ s:insert{1, 2, 3}
---
- [1, 2, 3]
...
-box.space[box.schema.SPACE_ID]:update(s.n, {{'=', 3, 'temporary'}})
+box.space[box.schema.SPACE_ID]:update(s.n, {{'=', FLAGS, 'temporary'}})
---
-- [512, 0, 't', 'temporary']
+- [512, 1, 't', 0, 'temporary']
...
-box.space[box.schema.SPACE_ID]:update(s.n, {{'=', 3, 'no-temporary'}})
+box.space[box.schema.SPACE_ID]:update(s.n, {{'=', FLAGS, 'no-temporary'}})
---
- error: 'Can''t modify space 512: can not switch temporary flag on a non-empty space'
...
@@ -122,9 +128,9 @@ s:delete{1}
---
- [1, 2, 3]
...
-box.space[box.schema.SPACE_ID]:update(s.n, {{'=', 3, 'no-temporary'}})
+box.space[box.schema.SPACE_ID]:update(s.n, {{'=', FLAGS, 'no-temporary'}})
---
-- [512, 0, 't', 'no-temporary']
+- [512, 1, 't', 0, 'no-temporary']
...
s:drop()
---
diff --git a/test/box/temp_spaces.test.lua b/test/box/temp_spaces.test.lua
index bb87a026c3da62cf2ae3f5baad6f4b88630334dd..44ee7013f0f057892bfc9b8fa27e577695c5bc30 100644
--- a/test/box/temp_spaces.test.lua
+++ b/test/box/temp_spaces.test.lua
@@ -1,5 +1,6 @@
-- temporary spaces
-- not a temporary
+FLAGS = 4
s = box.schema.create_space('t', { temporary = true })
s.temporary
s:drop()
@@ -21,31 +22,32 @@ s:insert{1, 2, 3}
s:get{1}
s:len()
-box.space[box.schema.SPACE_ID]:update(s.n, {{'=', 3, 'temporary'}})
-box.space[box.schema.SPACE_ID]:update(s.n, {{'=', 3, ''}})
+box.space[box.schema.SPACE_ID]:update(s.n, {{'=', FLAGS, 'temporary'}})
+box.space[box.schema.SPACE_ID]:update(s.n, {{'=', FLAGS, ''}})
--# stop server default
--# start server default
+FLAGS = 4
s = box.space.t
s:len()
s.temporary
-box.space[box.schema.SPACE_ID]:update(s.n, {{'=', 3, 'no-temporary'}})
+box.space[box.schema.SPACE_ID]:update(s.n, {{'=', FLAGS, 'no-temporary'}})
s.temporary
-box.space[box.schema.SPACE_ID]:update(s.n, {{'=', 3, ',:asfda:temporary'}})
+box.space[box.schema.SPACE_ID]:update(s.n, {{'=', FLAGS, ',:asfda:temporary'}})
s.temporary
-box.space[box.schema.SPACE_ID]:update(s.n, {{'=', 3, 'a,b,c,d,e'}})
+box.space[box.schema.SPACE_ID]:update(s.n, {{'=', FLAGS, 'a,b,c,d,e'}})
s.temporary
-box.space[box.schema.SPACE_ID]:update(s.n, {{'=', 3, 'temporary'}})
+box.space[box.schema.SPACE_ID]:update(s.n, {{'=', FLAGS, 'temporary'}})
s.temporary
s:get{1}
s:insert{1, 2, 3}
-box.space[box.schema.SPACE_ID]:update(s.n, {{'=', 3, 'temporary'}})
-box.space[box.schema.SPACE_ID]:update(s.n, {{'=', 3, 'no-temporary'}})
+box.space[box.schema.SPACE_ID]:update(s.n, {{'=', FLAGS, 'temporary'}})
+box.space[box.schema.SPACE_ID]:update(s.n, {{'=', FLAGS, 'no-temporary'}})
s:delete{1}
-box.space[box.schema.SPACE_ID]:update(s.n, {{'=', 3, 'no-temporary'}})
+box.space[box.schema.SPACE_ID]:update(s.n, {{'=', FLAGS, 'no-temporary'}})
s:drop()
diff --git a/test/box/xlog.result b/test/box/xlog.result
index ed153a977dfdf8b5b2a55dde83badf3301c70507..1d4a5abcb6daf170b363afac59fbc398ac8672eb 100644
--- a/test/box/xlog.result
+++ b/test/box/xlog.result
@@ -37,17 +37,17 @@ box.space[0]:insert{3, 'third tuple'}
00000000000000000006.xlog.inprogress has been successfully deleted
A test case for https://bugs.launchpad.net/tarantool/+bug/1052018
-panic_on_wal_error doens't work for duplicate key errors
+panic_on_wal_error doesn't work for duplicate key errors
-box.space[0]:get{1}
+box.space['test']:get{1}
---
-- [1, 'First record']
+- [1, 'first tuple']
...
-box.space[0]:get{2}
+box.space['test']:get{2}
---
-- [2, 'Second record']
+- [2, 'second tuple']
...
-#box.space[0]
+box.space['test']:len()
---
-- 0
+- 2
...
diff --git a/test/box/xlog.test.py b/test/box/xlog.test.py
index e6d69a0865e83f5b8d862b309c5490e76e9a1fe6..62cec54948ed2f1f09f852e7ffe5b830626728ce 100644
--- a/test/box/xlog.test.py
+++ b/test/box/xlog.test.py
@@ -109,7 +109,7 @@ if not os.access(wal_inprogress, os.F_OK) and not os.access(wal, os.F_OK):
print """
A test case for https://bugs.launchpad.net/tarantool/+bug/1052018
-panic_on_wal_error doens't work for duplicate key errors
+panic_on_wal_error doesn't work for duplicate key errors
"""
server.stop()
server.cfgfile_source = "box/panic_on_wal_error.cfg"
@@ -120,9 +120,9 @@ shutil.copy(abspath("box/dup_key1.xlog"),
shutil.copy(abspath("box/dup_key2.xlog"),
os.path.join(server.vardir, "00000000000000000004.xlog"))
server.start()
-admin("box.space[0]:get{1}")
-admin("box.space[0]:get{2}")
-admin("#box.space[0]")
+admin("box.space['test']:get{1}")
+admin("box.space['test']:get{2}")
+admin("box.space['test']:len()")
# cleanup
server.stop()
diff --git a/test/connector_c/cfg/master.cfg b/test/connector_c/cfg/master.cfg
index 59dc00f297d0c2b7cde75bea6649bc03ec02c75c..67229b17755c4d4c5ec44d0921df703bf1fab569 100644
--- a/test/connector_c/cfg/master.cfg
+++ b/test/connector_c/cfg/master.cfg
@@ -3,7 +3,7 @@ slab_alloc_arena = 0.1
pid_file = "box.pid"
logger="cat - >> tarantool.log"
-primary_port = 33013
-admin_port = 33015
+primary_port = 3301
+admin_port = 3313
rows_per_wal = 50
diff --git a/test/connector_c/cfg/tarantool.cfg b/test/connector_c/cfg/tarantool.cfg
index 59dc00f297d0c2b7cde75bea6649bc03ec02c75c..67229b17755c4d4c5ec44d0921df703bf1fab569 100644
--- a/test/connector_c/cfg/tarantool.cfg
+++ b/test/connector_c/cfg/tarantool.cfg
@@ -3,7 +3,7 @@ slab_alloc_arena = 0.1
pid_file = "box.pid"
logger="cat - >> tarantool.log"
-primary_port = 33013
-admin_port = 33015
+primary_port = 3301
+admin_port = 3313
rows_per_wal = 50
diff --git a/test/lib/box_connection.py b/test/lib/box_connection.py
index e4bce7ab75a86483b9edf5cfb44b6abb30ba0452..e9b34de2ac53313f9b5e6033d4f1fe309ab75bd2 100644
--- a/test/lib/box_connection.py
+++ b/test/lib/box_connection.py
@@ -44,6 +44,9 @@ class BoxConnection(TarantoolConnection):
def connect(self):
self.py_con.connect()
+ def authenticate(self, user, password):
+ self.py_con.authenticate(user, password)
+
def disconnect(self):
self.py_con.close()
diff --git a/test/lib/tarantool-python b/test/lib/tarantool-python
index ef3a3b444b9a4e8a90bb5f631687b13f5890048b..6be9077e25e13d19be331d2999e2804c7ccfaa4a 160000
--- a/test/lib/tarantool-python
+++ b/test/lib/tarantool-python
@@ -1 +1 @@
-Subproject commit ef3a3b444b9a4e8a90bb5f631687b13f5890048b
+Subproject commit 6be9077e25e13d19be331d2999e2804c7ccfaa4a
diff --git a/test/replication/consistent.result b/test/replication/consistent.result
index 6a2cf544bd9d540367688c5b682a723be3b7b3e0..739b500885f50b6c3d92dbdb4a670385c2babbf7 100644
--- a/test/replication/consistent.result
+++ b/test/replication/consistent.result
@@ -1,6 +1,14 @@
--# create server replica with configuration='replication/cfg/replica.cfg', rpl_master=default
--# start server replica
--# set connection default
+box.schema.user.grant('guest', 'read,write,execute', 'universe')
+---
+...
+-- Wait until the grant reaches the replica
+--# set connection replica
+while box.space['_priv']:len() < 1 do box.fiber.sleep(0.01) end
+---
+...
--# setopt delimiter ';'
--# set connection default, replica
do
@@ -494,3 +502,6 @@ box.space[0]:insert{0, 'replica is RO'}
box.space[0]:drop()
---
...
+box.schema.user.revoke('guest', 'read,write,execute', 'universe')
+---
+...
diff --git a/test/replication/consistent.test.lua b/test/replication/consistent.test.lua
index 8b4aacbec2e2e249123e4f0f59e50a0bae03efdd..7984339ec3d77370cf1a09a72e989e7cebbaea00 100644
--- a/test/replication/consistent.test.lua
+++ b/test/replication/consistent.test.lua
@@ -1,7 +1,10 @@
--# create server replica with configuration='replication/cfg/replica.cfg', rpl_master=default
--# start server replica
--# set connection default
-
+box.schema.user.grant('guest', 'read,write,execute', 'universe')
+-- Wait until the grant reaches the replica
+--# set connection replica
+while box.space['_priv']:len() < 1 do box.fiber.sleep(0.01) end
--# setopt delimiter ';'
--# set connection default, replica
do
@@ -168,3 +171,4 @@ box.space[0]:insert{0, 'replica is RO'}
--# cleanup server replica
--# set connection default
box.space[0]:drop()
+box.schema.user.revoke('guest', 'read,write,execute', 'universe')
diff --git a/test/replication/hot_standby.result b/test/replication/hot_standby.result
index 36b6d725d1d73bfa253b624e6a9182cf0bfe5a40..78eefa3a1fd5126c51831f50e406b4377a58329d 100644
--- a/test/replication/hot_standby.result
+++ b/test/replication/hot_standby.result
@@ -2,8 +2,15 @@
--# create server replica with configuration='replication/cfg/replica.cfg' with rpl_master=default
--# start server hot_standby
--# start server replica
+--# set connection default
+box.schema.user.grant('guest', 'read,write,execute', 'universe')
+---
+...
--# setopt delimiter ';'
--# set connection default, hot_standby, replica
+while box.space['_priv']:len() < 1 do box.fiber.sleep(0.01) end;
+---
+...
do
begin_lsn = box.info.lsn
diff --git a/test/replication/hot_standby.test.lua b/test/replication/hot_standby.test.lua
index 117a24be93f2856d9e297e26ba6cfd6f629212bf..461fbc8152ec26c707ceca6b290339dd81e5e611 100644
--- a/test/replication/hot_standby.test.lua
+++ b/test/replication/hot_standby.test.lua
@@ -2,9 +2,12 @@
--# create server replica with configuration='replication/cfg/replica.cfg' with rpl_master=default
--# start server hot_standby
--# start server replica
+--# set connection default
+box.schema.user.grant('guest', 'read,write,execute', 'universe')
--# setopt delimiter ';'
--# set connection default, hot_standby, replica
+while box.space['_priv']:len() < 1 do box.fiber.sleep(0.01) end;
do
begin_lsn = box.info.lsn
diff --git a/test/replication/swap.result b/test/replication/swap.result
index 4b983caf47d198f2e568bd511a14e39990d3f961..9112d58f8467fa9613eb66eb34ed632cc47e81da 100644
--- a/test/replication/swap.result
+++ b/test/replication/swap.result
@@ -1,3 +1,9 @@
+box.schema.user.grant('guest', 'read,write,execute', 'universe')
+---
+...
+while box.space['_priv']:len() < 1 do box.fiber.sleep(0.01) end
+---
+...
s = box.schema.create_space('tweedledum', {id = 0})
---
...
diff --git a/test/replication/swap.test.py b/test/replication/swap.test.py
index 7a33ed32bf41efd9fe2e0090c4d212ccd9ab4679..52ddf0c2973cce671379d98bf3ce0a27fae39019 100644
--- a/test/replication/swap.test.py
+++ b/test/replication/swap.test.py
@@ -41,6 +41,8 @@ schema = {
master.sql.set_schema(schema)
replica.sql.set_schema(schema)
+master.admin("box.schema.user.grant('guest', 'read,write,execute', 'universe')")
+replica.admin("while box.space['_priv']:len() < 1 do box.fiber.sleep(0.01) end")
master.admin("s = box.schema.create_space('tweedledum', {id = 0})")
master.admin("s:create_index('primary', {type = 'hash'})")
id = ID_BEGIN
diff --git a/test/unit/CMakeLists.txt b/test/unit/CMakeLists.txt
index 32c2d7be733d427c3261370927bd8bd71c9f1204..4211e239ab4ce4f0f41dde33940db02d328762a1 100644
--- a/test/unit/CMakeLists.txt
+++ b/test/unit/CMakeLists.txt
@@ -47,3 +47,9 @@ set_source_files_properties(
"-I${MSGPUCK_DIR} -I${MSGPUCK_DIR}/test")
target_link_libraries(msgpack.test msgpuck)
+
+add_executable(scramble.test scramble.c
+ ${CMAKE_SOURCE_DIR}/src/scramble.c
+ ${CMAKE_SOURCE_DIR}/third_party/sha1.c
+ ${CMAKE_SOURCE_DIR}/third_party/base64.c
+ ${CMAKE_SOURCE_DIR}/src/random.c)
diff --git a/test/unit/scramble.c b/test/unit/scramble.c
new file mode 100644
index 0000000000000000000000000000000000000000..6d62e57cbabb779d0f8b87d04915b8d6f8b1345a
--- /dev/null
+++ b/test/unit/scramble.c
@@ -0,0 +1,65 @@
+#include "scramble.h"
+#include "random.h"
+#include "third_party/sha1.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "unit.h"
+
+void
+test_scramble()
+{
+ int salt[SCRAMBLE_SIZE/sizeof(int)];
+ for (int i = 0; i < sizeof(salt)/sizeof(int); i++)
+ salt[i] = rand();
+
+ char *password = "lechododilikraskaloh";
+ unsigned char hash2[SCRAMBLE_SIZE];
+
+ SHA1_CTX ctx;
+
+ SHA1Init(&ctx);
+ SHA1Update(&ctx, (unsigned char *) password, strlen(password));
+ SHA1Final(hash2, &ctx);
+
+ SHA1Init(&ctx);
+ SHA1Update(&ctx, hash2, SCRAMBLE_SIZE);
+ SHA1Final(hash2, &ctx);
+
+ char scramble[SCRAMBLE_SIZE];
+
+ scramble_prepare(scramble, salt, password, strlen(password));
+
+ printf("%d\n", scramble_check(scramble, salt, hash2));
+
+ password = "wrongpass";
+ scramble_prepare(scramble, salt, password, strlen(password));
+
+ printf("%d\n", scramble_check(scramble, salt, hash2) != 0);
+
+ scramble_prepare(scramble, salt, password, 0);
+
+ printf("%d\n", scramble_check(scramble, salt, hash2) != 0);
+}
+
+void
+test_password_prepare()
+{
+ char buf[SCRAMBLE_BASE64_SIZE * 2];
+ int password[5];
+ for (int i = 0; i < sizeof(password)/sizeof(int); i++)
+ password[i] = rand();
+ password_prepare((char *) password, sizeof(password),
+ buf, sizeof(buf));
+ fail_unless(strlen(buf) == SCRAMBLE_BASE64_SIZE);
+}
+
+int main()
+{
+ random_init();
+
+ test_scramble();
+ test_password_prepare();
+
+ return 0;
+}
diff --git a/test/unit/scramble.result b/test/unit/scramble.result
new file mode 100644
index 0000000000000000000000000000000000000000..986394f7c0fa05e52a94a3d93dee7085ed84cca4
--- /dev/null
+++ b/test/unit/scramble.result
@@ -0,0 +1,3 @@
+0
+1
+1
diff --git a/test/wal/alter.result b/test/wal/alter.result
index 6422a461212e534be93d987b5e00ff48397562c6..d417108da16d0b331d1a027e96a6ddc322039de8 100644
--- a/test/wal/alter.result
+++ b/test/wal/alter.result
@@ -17,7 +17,7 @@ end;
...
#spaces;
---
-- 65526
+- 65523
...
-- cleanup
for k, v in pairs(spaces) do
diff --git a/third_party/base64.c b/third_party/base64.c
index d2fdc253ab520216e574d7487a1184d8fcdc8729..e2fb9785c43ce65a76c2077455a1e18a0b4126a1 100644
--- a/third_party/base64.c
+++ b/third_party/base64.c
@@ -153,9 +153,12 @@ base64_encode_blockend(char *out_base64, int out_len,
}
if (out_pos >= out_end)
return out_pos - out_base64;
+#if 0
+ /* Sometimes the output is useful without a newline. */
*out_pos++ = '\n';
if (out_pos >= out_end)
return out_pos - out_base64;
+#endif
*out_pos = '\0';
return out_pos - out_base64;
}
@@ -241,7 +244,7 @@ base64_decode_block(const char *in_base64, int in_len,
*out_pos = (fragment & 0x03f) << 2;
case step_b:
do {
- if (in_pos == in_end || out_pos + 1 >= out_end)
+ if (in_pos == in_end || out_pos >= out_end)
{
state->step = step_b;
state->result = *out_pos;
@@ -250,10 +253,11 @@ base64_decode_block(const char *in_base64, int in_len,
fragment = base64_decode_value(*in_pos++);
} while (fragment < 0);
*out_pos++ |= (fragment & 0x030) >> 4;
- *out_pos = (fragment & 0x00f) << 4;
+ if (out_pos < out_end)
+ *out_pos = (fragment & 0x00f) << 4;
case step_c:
do {
- if (in_pos == in_end || out_pos + 1 >= out_end)
+ if (in_pos == in_end || out_pos >= out_end)
{
state->step = step_c;
state->result = *out_pos;
@@ -262,7 +266,8 @@ base64_decode_block(const char *in_base64, int in_len,
fragment = base64_decode_value(*in_pos++);
} while (fragment < 0);
*out_pos++ |= (fragment & 0x03c) >> 2;
- *out_pos = (fragment & 0x003) << 6;
+ if (out_pos < out_end)
+ *out_pos = (fragment & 0x003) << 6;
case step_d:
do {
if (in_pos == in_end || out_pos >= out_end)