mirrors/scylladb
1
0
Fork 0
mirror of https://github.com/scylladb/scylladb.git synced 2026-05-13 19:32:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
356ca329948fb8b143cd80cbac643d64007de07d
scylladb/auth
History
Marcin Maliszkiewicz 82c3509752 auth: tolerate missing permissions column in authorize() 
Ghost rows in role_permissions with a live row marker but no permissions
column can occur when permissions created via INSERT (e.g. by the removed
auth v2 migration) are later revoked. The row marker survives the revoke,
leaving a row visible to queries but with permissions=null.

Add a has() guard before accessing the permissions column, matching the
pattern already used in list_all(). Return NONE permissions for such
ghost rows instead of crashing.

(cherry picked from commit df69a5c79b)
2026-05-06 13:17:05 +02:00
..
allow_all_authenticator.cc
Revert "auth: move passwords::check call to alien thread"
2025-12-10 15:36:09 +01:00
allow_all_authenticator.hh
Revert "auth: move passwords::check call to alien thread"
2025-12-10 15:36:09 +01:00
allow_all_authorizer.cc
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
allow_all_authorizer.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
authenticated_user.cc
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
authenticated_user.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
authentication_options.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
authenticator.cc
Introduce LDAP role manager & saslauthd authenticator
2025-01-12 14:50:29 +02:00
authenticator.hh
auth: ensure default superuser password is set before serving CQL
2025-02-06 10:30:55 +01:00
authorizer.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
cache.cc
auth: add defensive has() guard for role_attributes value column
2026-05-06 13:17:04 +02:00
cache.hh
auth: remove unused permissions field from cache role_record
2026-05-06 13:16:52 +02:00
certificate_authenticator.cc
Merge 'auth: start using SHA 512 hashing originated from musl with added yielding' from Andrzej Jackowski
2025-12-14 14:01:01 +02:00
certificate_authenticator.hh
Revert "auth: move passwords::check call to alien thread"
2025-12-10 15:36:09 +01:00
CMakeLists.txt
auth: add unified cache implementation
2025-11-26 12:00:50 +01:00
common.cc
auth: always catch by const reference
2025-12-11 12:42:30 +01:00
common.hh
auth: move table names to common.hh
2025-11-26 12:00:50 +01:00
default_authorizer.cc
auth: tolerate missing permissions column in authorize()
2026-05-06 13:17:05 +02:00
default_authorizer.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
ldap_role_manager.cc
Merge 'auth: sanitize {USER} substitution in LDAP URL template' from Piotr Smaron
2026-04-17 11:45:50 +02:00
ldap_role_manager.hh
Merge 'auth: sanitize {USER} substitution in LDAP URL template' from Piotr Smaron
2026-04-17 11:45:50 +02:00
maintenance_socket_role_manager.cc
main: auth: add auth cache dependency to auth service
2025-11-26 12:01:31 +01:00
maintenance_socket_role_manager.hh
main: auth: add auth cache dependency to auth service
2025-11-26 12:01:31 +01:00
password_authenticator.cc
Merge 'auth: start using SHA 512 hashing originated from musl with added yielding' from Andrzej Jackowski
2025-12-14 14:01:01 +02:00
password_authenticator.hh
Revert "auth: move passwords::check call to alien thread"
2025-12-10 15:36:09 +01:00
passwords.cc
auth: change return type of passwords::check to future
2025-12-10 15:36:18 +01:00
passwords.hh
auth: remove confusing deprecation msg from hash_with_salt
2026-01-12 10:12:54 +01:00
permission.cc
auth: add a new permission VECTOR_SEARCH_INDEXING
2025-10-03 16:36:54 +02:00
permission.hh
auth: add a new permission VECTOR_SEARCH_INDEXING
2025-10-03 16:36:54 +02:00
permissions_cache.cc
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
permissions_cache.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
resource.cc
auth: add a new permission VECTOR_SEARCH_INDEXING
2025-10-03 16:36:54 +02:00
resource.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
role_manager.hh
auth: add query_state parameter to query functions
2025-09-25 16:46:50 +02:00
role_or_anonymous.cc
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
role_or_anonymous.hh
treewide: relicense to ScyllaDB-Source-Available-1.0
2024-12-18 17:45:13 +02:00
roles-metadata.cc
auth: mark some auth-v1 functions as legacy
2025-09-26 14:40:53 +02:00
roles-metadata.hh
auth: mark some auth-v1 functions as legacy
2025-09-26 14:40:53 +02:00
sasl_challenge.cc
audit: Add service level support to CQL login process
2025-01-15 11:10:36 +01:00
sasl_challenge.hh
audit: Add service level support to CQL login process
2025-01-15 11:10:36 +01:00
saslauthd_authenticator.cc
Revert "auth: move passwords::check call to alien thread"
2025-12-10 15:36:09 +01:00
saslauthd_authenticator.hh
Revert "auth: move passwords::check call to alien thread"
2025-12-10 15:36:09 +01:00
service.cc
auth: use paged internal queries during migration
2026-01-20 09:32:21 +01:00
service.hh
Revert "auth: move passwords::check call to alien thread"
2025-12-10 15:36:09 +01:00
standard_role_manager.cc
auth: always catch by const reference
2025-12-11 12:42:30 +01:00
standard_role_manager.hh
auth: use auth cache on login path
2025-11-26 12:01:33 +01:00
transitional.cc
Merge 'auth: start using SHA 512 hashing originated from musl with added yielding' from Andrzej Jackowski
2025-12-14 14:01:01 +02:00