From 06083e1eb9a344ea79d850f71a66d5f7ba718b13 Mon Sep 17 00:00:00 2001 From: dmchen Date: Mon, 28 Aug 2023 09:15:51 +0800 Subject: [PATCH 1/3] init --- include/common/tglobal.h | 5 +++ include/common/tmsg.h | 44 +++++++++++++++++++++++ include/libs/audit/audit.h | 46 ++++++++++++++++++++++++ source/common/src/tglobal.c | 13 +++++++ source/dnode/mgmt/node_mgmt/src/dmEnv.c | 20 +++++++++++ source/dnode/mnode/impl/CMakeLists.txt | 2 +- source/dnode/mnode/impl/src/mndDb.c | 9 +++++ source/dnode/mnode/impl/src/mndDnode.c | 21 +++++++++++ source/dnode/mnode/impl/src/mndMnode.c | 15 ++++++++ source/dnode/mnode/impl/src/mndProfile.c | 11 ++++++ source/dnode/mnode/impl/src/mndQnode.c | 10 ++++++ source/dnode/mnode/impl/src/mndStb.c | 7 ++++ source/dnode/mnode/impl/src/mndStream.c | 5 +++ source/dnode/mnode/impl/src/mndTopic.c | 5 +++ source/dnode/mnode/impl/src/mndUser.c | 26 ++++++++++++++ source/dnode/mnode/impl/src/mndVgroup.c | 8 +++++ source/dnode/vnode/CMakeLists.txt | 1 + source/dnode/vnode/src/vnd/vnodeSvr.c | 5 +++ source/libs/CMakeLists.txt | 1 + source/libs/audit/CMakeLists.txt | 13 +++++++ source/libs/audit/inc/auditInt.h | 25 +++++++++++++ source/libs/audit/src/auditMain.c | 43 ++++++++++++++++++++++ 22 files changed, 334 insertions(+), 1 deletion(-) create mode 100644 include/libs/audit/audit.h create mode 100644 source/libs/audit/CMakeLists.txt create mode 100644 source/libs/audit/inc/auditInt.h create mode 100644 source/libs/audit/src/auditMain.c diff --git a/include/common/tglobal.h b/include/common/tglobal.h index 3de291cb91..aff5945f9f 100644 --- a/include/common/tglobal.h +++ b/include/common/tglobal.h @@ -102,6 +102,11 @@ extern uint16_t tsMonitorPort; extern int32_t tsMonitorMaxLogs; extern bool tsMonitorComp; +// audit +extern bool tsEnableAudit; +extern char tsAuditFqdn[]; +extern uint16_t tsAuditPort; + // telem extern bool tsEnableTelem; extern int32_t tsTelemInterval; diff --git a/include/common/tmsg.h b/include/common/tmsg.h index 8deec53470..42a0549024 100644 --- a/include/common/tmsg.h +++ b/include/common/tmsg.h @@ -767,6 +767,8 @@ typedef struct { char* pAst2; int64_t deleteMark1; int64_t deleteMark2; + int32_t sqlLen; + char* sql; } SMCreateStbReq; int32_t tSerializeSMCreateStbReq(void* buf, int32_t bufLen, SMCreateStbReq* pReq); @@ -787,6 +789,8 @@ typedef struct { int8_t source; // 1-taosX or 0-taosClient int8_t reserved[6]; tb_uid_t suid; + int32_t sqlLen; + char* sql; } SMDropStbReq; int32_t tSerializeSMDropStbReq(void* buf, int32_t bufLen, SMDropStbReq* pReq); @@ -800,6 +804,8 @@ typedef struct { int32_t ttl; int32_t commentLen; char* comment; + int32_t sqlLen; + char* sql; } SMAlterStbReq; int32_t tSerializeSMAlterStbReq(void* buf, int32_t bufLen, SMAlterStbReq* pReq); @@ -869,6 +875,8 @@ int32_t tDeserializeSCreateAcctReq(void* buf, int32_t bufLen, SCreateAcctReq* pR typedef struct { char user[TSDB_USER_LEN]; + int32_t sqlLen; + char *sql; } SDropUserReq, SDropAcctReq; int32_t tSerializeSDropUserReq(void* buf, int32_t bufLen, SDropUserReq* pReq); @@ -881,6 +889,8 @@ typedef struct { int8_t enable; char user[TSDB_USER_LEN]; char pass[TSDB_USET_PASSWORD_LEN]; + int32_t sqlLen; + char* sql; } SCreateUserReq; int32_t tSerializeSCreateUserReq(void* buf, int32_t bufLen, SCreateUserReq* pReq); @@ -897,6 +907,8 @@ typedef struct { char tabName[TSDB_TABLE_NAME_LEN]; char* tagCond; int32_t tagCondLen; + int32_t sqlLen; + char* sql; } SAlterUserReq; int32_t tSerializeSAlterUserReq(void* buf, int32_t bufLen, SAlterUserReq* pReq); @@ -1059,6 +1071,8 @@ typedef struct { int16_t hashPrefix; int16_t hashSuffix; int32_t tsdbPageSize; + int32_t sqlLen; + char* sql; } SCreateDbReq; int32_t tSerializeSCreateDbReq(void* buf, int32_t bufLen, SCreateDbReq* pReq); @@ -1084,6 +1098,8 @@ typedef struct { int32_t minRows; int32_t walRetentionPeriod; int32_t walRetentionSize; + int32_t sqlLen; + char* sql; } SAlterDbReq; int32_t tSerializeSAlterDbReq(void* buf, int32_t bufLen, SAlterDbReq* pReq); @@ -1092,6 +1108,8 @@ int32_t tDeserializeSAlterDbReq(void* buf, int32_t bufLen, SAlterDbReq* pReq); typedef struct { char db[TSDB_DB_FNAME_LEN]; int8_t ignoreNotExists; + int32_t sqlLen; + char* sql; } SDropDbReq; int32_t tSerializeSDropDbReq(void* buf, int32_t bufLen, SDropDbReq* pReq); @@ -1289,6 +1307,8 @@ void tFreeSUserAuthBatchRsp(SUserAuthBatchRsp* pRsp); typedef struct { char db[TSDB_DB_FNAME_LEN]; STimeWindow timeRange; + int32_t sqlLen; + char* sql; } SCompactDbReq; int32_t tSerializeSCompactDbReq(void* buf, int32_t bufLen, SCompactDbReq* pReq); @@ -1852,6 +1872,8 @@ void tFreeSExplainRsp(SExplainRsp* pRsp); typedef struct { char fqdn[TSDB_FQDN_LEN]; // end point, hostname:port int32_t port; + int32_t sqlLen; + char* sql; } SCreateDnodeReq; int32_t tSerializeSCreateDnodeReq(void* buf, int32_t bufLen, SCreateDnodeReq* pReq); @@ -1863,6 +1885,8 @@ typedef struct { int32_t port; int8_t force; int8_t unsafe; + int32_t sqlLen; + char* sql; } SDropDnodeReq; int32_t tSerializeSDropDnodeReq(void* buf, int32_t bufLen, SDropDnodeReq* pReq); @@ -1878,6 +1902,8 @@ enum { typedef struct { int32_t dnodeId; int8_t restoreType; + int32_t sqlLen; + char* sql; } SRestoreDnodeReq; int32_t tSerializeSRestoreDnodeReq(void* buf, int32_t bufLen, SRestoreDnodeReq* pReq); @@ -1887,6 +1913,8 @@ typedef struct { int32_t dnodeId; char config[TSDB_DNODE_CONFIG_LEN]; char value[TSDB_DNODE_VALUE_LEN]; + int32_t sqlLen; + char* sql; } SMCfgDnodeReq; int32_t tSerializeSMCfgDnodeReq(void* buf, int32_t bufLen, SMCfgDnodeReq* pReq); @@ -1902,6 +1930,8 @@ int32_t tDeserializeSDCfgDnodeReq(void* buf, int32_t bufLen, SDCfgDnodeReq* pReq typedef struct { int32_t dnodeId; + int32_t sqlLen; + char *sql; } SMCreateMnodeReq, SMDropMnodeReq, SDDropMnodeReq, SMCreateQnodeReq, SMDropQnodeReq, SDCreateQnodeReq, SDDropQnodeReq, SMCreateSnodeReq, SMDropSnodeReq, SDCreateSnodeReq, SDDropSnodeReq; @@ -1942,6 +1972,8 @@ int32_t tDeserializeSKillTransReq(void* buf, int32_t bufLen, SKillTransReq* pReq typedef struct { int32_t useless; // useless + int32_t sqlLen; + char* sql; } SBalanceVgroupReq; int32_t tSerializeSBalanceVgroupReq(void* buf, int32_t bufLen, SBalanceVgroupReq* pReq); @@ -1960,6 +1992,8 @@ typedef struct { int32_t dnodeId1; int32_t dnodeId2; int32_t dnodeId3; + int32_t sqlLen; + char* sql; } SRedistributeVgroupReq; int32_t tSerializeSRedistributeVgroupReq(void* buf, int32_t bufLen, SRedistributeVgroupReq* pReq); @@ -1967,6 +2001,8 @@ int32_t tDeserializeSRedistributeVgroupReq(void* buf, int32_t bufLen, SRedistrib typedef struct { int32_t useless; + int32_t sqlLen; + char* sql; } SBalanceVgroupLeaderReq; int32_t tSerializeSBalanceVgroupLeaderReq(void* buf, int32_t bufLen, SBalanceVgroupLeaderReq* pReq); @@ -2226,6 +2262,7 @@ typedef struct { int64_t deleteMark; int8_t igUpdate; int64_t lastTs; + int32_t sqlLen; } SCMCreateStreamReq; typedef struct { @@ -2262,6 +2299,7 @@ typedef struct { char subDbName[TSDB_DB_FNAME_LEN]; char* ast; char subStbName[TSDB_TABLE_FNAME_LEN]; + int32_t sqlLen; } SCMCreateTopicReq; int32_t tSerializeSCMCreateTopicReq(void* buf, int32_t bufLen, const SCMCreateTopicReq* pReq); @@ -2446,6 +2484,8 @@ typedef struct { typedef struct { char name[TSDB_TOPIC_FNAME_LEN]; int8_t igNotExists; + int32_t sqlLen; + char* sql; } SMDropTopicReq; int32_t tSerializeSMDropTopicReq(void* buf, int32_t bufLen, SMDropTopicReq* pReq); @@ -2545,6 +2585,8 @@ typedef struct SVCreateTbReq { SSchemaWrapper schemaRow; } ntb; }; + int32_t sqlLen; + char* sql; } SVCreateTbReq; int tEncodeSVCreateTbReq(SEncoder* pCoder, const SVCreateTbReq* pReq); @@ -3019,6 +3061,8 @@ typedef struct { typedef struct { char name[TSDB_STREAM_FNAME_LEN]; int8_t igNotExists; + int32_t sqlLen; + char* sql; } SMDropStreamReq; typedef struct { diff --git a/include/libs/audit/audit.h b/include/libs/audit/audit.h new file mode 100644 index 0000000000..1381b6e4a2 --- /dev/null +++ b/include/libs/audit/audit.h @@ -0,0 +1,46 @@ +/* + * Copyright (c) 2019 TAOS Data, Inc. + * + * This program is free software: you can use, redistribute, and/or modify + * it under the terms of the GNU Affero General Public License, version 3 + * or later ("AGPL"), as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +#ifndef _TD_AUDIT_H_ +#define _TD_AUDIT_H_ + +#include "tarray.h" +#include "tdef.h" +#include "tlog.h" +#include "tmsg.h" +#include "tjson.h" +#include "tmsgcb.h" +#include "trpc.h" +#include "mnode.h" + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct { + const char *server; + uint16_t port; + bool comp; +} SAuditCfg; + +int32_t auditInit(const SAuditCfg *pCfg); +void auditSend(SJson *pJson); +void auditRecord(SRpcMsg *pReq, int64_t clusterId, char *operation, char *target1, char *target2, char *detail); + +#ifdef __cplusplus +} +#endif + +#endif /*_TD_MONITOR_H_*/ diff --git a/source/common/src/tglobal.c b/source/common/src/tglobal.c index 86a165f14a..e2074bd877 100644 --- a/source/common/src/tglobal.c +++ b/source/common/src/tglobal.c @@ -95,6 +95,11 @@ uint16_t tsMonitorPort = 6043; int32_t tsMonitorMaxLogs = 100; bool tsMonitorComp = false; +// audit +bool tsEnableAudit = false; +char tsAuditFqdn[TSDB_FQDN_LEN] = {0}; +uint16_t tsAuditPort = 6043; + // telem bool tsEnableTelem = true; int32_t tsTelemInterval = 43200; @@ -600,6 +605,10 @@ static int32_t taosAddServerCfg(SConfig *pCfg) { if (cfgAddInt32(pCfg, "monitorMaxLogs", tsMonitorMaxLogs, 1, 1000000, CFG_SCOPE_SERVER) != 0) return -1; if (cfgAddBool(pCfg, "monitorComp", tsMonitorComp, CFG_SCOPE_SERVER) != 0) return -1; + if (cfgAddBool(pCfg, "audit", tsEnableAudit, CFG_SCOPE_SERVER) != 0) return -1; + if (cfgAddString(pCfg, "auditFqdn", tsAuditFqdn, CFG_SCOPE_SERVER) != 0) return -1; + if (cfgAddInt32(pCfg, "auditPort", tsAuditPort, 1, 65056, CFG_SCOPE_SERVER) != 0) return -1; + if (cfgAddBool(pCfg, "crashReporting", tsEnableCrashReport, CFG_SCOPE_BOTH) != 0) return -1; if (cfgAddBool(pCfg, "telemetryReporting", tsEnableTelem, CFG_SCOPE_BOTH) != 0) return -1; if (cfgAddInt32(pCfg, "telemetryInterval", tsTelemInterval, 1, 200000, CFG_SCOPE_BOTH) != 0) return -1; @@ -1001,6 +1010,10 @@ static int32_t taosSetServerCfg(SConfig *pCfg) { tsMonitorComp = cfgGetItem(pCfg, "monitorComp")->bval; tsQueryRspPolicy = cfgGetItem(pCfg, "queryRspPolicy")->i32; + tsEnableAudit = cfgGetItem(pCfg, "audit")->bval; + tstrncpy(tsAuditFqdn, cfgGetItem(pCfg, "auditFqdn")->str, TSDB_FQDN_LEN); + tsAuditPort = (uint16_t)cfgGetItem(pCfg, "auditPort")->i32; + tsEnableTelem = cfgGetItem(pCfg, "telemetryReporting")->bval; tsEnableCrashReport = cfgGetItem(pCfg, "crashReporting")->bval; tsTtlChangeOnWrite = cfgGetItem(pCfg, "ttlChangeOnWrite")->bval; diff --git a/source/dnode/mgmt/node_mgmt/src/dmEnv.c b/source/dnode/mgmt/node_mgmt/src/dmEnv.c index a34002161d..320c9db37d 100644 --- a/source/dnode/mgmt/node_mgmt/src/dmEnv.c +++ b/source/dnode/mgmt/node_mgmt/src/dmEnv.c @@ -15,6 +15,7 @@ #define _DEFAULT_SOURCE #include "dmMgmt.h" +#include "audit.h" #define STR_CASE_CMP(s, d) (0 == strcasecmp((s), (d))) #define STR_STR_CMP(s, d) (strstr((s), (d))) @@ -34,6 +35,16 @@ } \ } while (0) +#define DM_INIT_AUDIT() \ + do { \ + auditCfg.port = tsMonitorPort; \ + auditCfg.server = tsMonitorFqdn; \ + auditCfg.comp = tsMonitorComp; \ + if (auditInit(&auditCfg) != 0) { \ + return -1; \ + } \ + } while (0) + #define DM_ERR_RTN(c) \ do { \ code = (c); \ @@ -96,6 +107,14 @@ _exit: return code; } +static int32_t dmInitAudit() { + SAuditCfg auditCfg = {0}; + + DM_INIT_AUDIT(); + + return 0; +} + static bool dmDataSpaceAvailable() { SDnode *pDnode = dmInstance(); if (pDnode->pTfs) { @@ -176,6 +195,7 @@ int32_t dmInit() { if (dmCheckRepeatInit(dmInstance()) != 0) return -1; if (dmInitSystem() != 0) return -1; if (dmInitMonitor() != 0) return -1; + if (dmInitAudit() != 0) return -1; if (dmInitDnode(dmInstance()) != 0) return -1; dInfo("dnode env is initialized"); diff --git a/source/dnode/mnode/impl/CMakeLists.txt b/source/dnode/mnode/impl/CMakeLists.txt index 010067e99f..48dc71a12b 100644 --- a/source/dnode/mnode/impl/CMakeLists.txt +++ b/source/dnode/mnode/impl/CMakeLists.txt @@ -16,7 +16,7 @@ target_include_directories( PRIVATE "${CMAKE_CURRENT_SOURCE_DIR}/inc" ) target_link_libraries( - mnode scheduler sdb wal transport cjson sync monitor executor qworker stream parser + mnode scheduler sdb wal transport cjson sync monitor executor qworker stream parser audit ) IF (TD_GRANT) diff --git a/source/dnode/mnode/impl/src/mndDb.c b/source/dnode/mnode/impl/src/mndDb.c index b0e3dc4331..c58df5c88c 100644 --- a/source/dnode/mnode/impl/src/mndDb.c +++ b/source/dnode/mnode/impl/src/mndDb.c @@ -29,6 +29,9 @@ #include "mndUser.h" #include "mndVgroup.h" #include "systable.h" +#include "tjson.h" +#include "thttp.h" +#include "audit.h" #define DB_VER_NUMBER 1 #define DB_RESERVE_SIZE 46 @@ -733,6 +736,8 @@ static int32_t mndProcessCreateDbReq(SRpcMsg *pReq) { code = mndCreateDb(pMnode, pReq, &createReq, pUser); if (code == 0) code = TSDB_CODE_ACTION_IN_PROGRESS; + auditRecord(pReq, pMnode->clusterId, "createDB", createReq.db, "", ""); + _OVER: if (code != 0 && code != TSDB_CODE_ACTION_IN_PROGRESS) { mError("db:%s, failed to create since %s", createReq.db, terrstr()); @@ -975,6 +980,8 @@ static int32_t mndProcessAlterDbReq(SRpcMsg *pReq) { if (code == 0) code = TSDB_CODE_ACTION_IN_PROGRESS; } + auditRecord(pReq, pMnode->clusterId, "alterDB", alterReq.db, "", ""); + _OVER: if (code != 0 && code != TSDB_CODE_ACTION_IN_PROGRESS) { if (terrno != 0) code = terrno; @@ -1264,6 +1271,8 @@ static int32_t mndProcessDropDbReq(SRpcMsg *pReq) { code = TSDB_CODE_ACTION_IN_PROGRESS; } + auditRecord(pReq, pMnode->clusterId, "dropDB", dropReq.db, "", ""); + _OVER: if (code != TSDB_CODE_SUCCESS && code != TSDB_CODE_ACTION_IN_PROGRESS) { mError("db:%s, failed to drop since %s", dropReq.db, terrstr()); diff --git a/source/dnode/mnode/impl/src/mndDnode.c b/source/dnode/mnode/impl/src/mndDnode.c index 917c6a00bc..476d4a4c6e 100644 --- a/source/dnode/mnode/impl/src/mndDnode.c +++ b/source/dnode/mnode/impl/src/mndDnode.c @@ -26,6 +26,7 @@ #include "mndVgroup.h" #include "tmisce.h" #include "mndCluster.h" +#include "audit.h" #define TSDB_DNODE_VER_NUMBER 2 #define TSDB_DNODE_RESERVE_SIZE 64 @@ -907,6 +908,13 @@ static int32_t mndProcessCreateDnodeReq(SRpcMsg *pReq) { code = mndCreateDnode(pMnode, pReq, &createReq); if (code == 0) code = TSDB_CODE_ACTION_IN_PROGRESS; tsGrantHBInterval = 5; + + char detail[1000] = {0}; + sprintf(detail, "%s:%d", + createReq.fqdn, createReq.port); + + auditRecord(pReq, pMnode->clusterId, "createDnode", detail, "", ""); + _OVER: if (code != 0 && code != TSDB_CODE_ACTION_IN_PROGRESS) { mError("dnode:%s:%d, failed to create since %s", createReq.fqdn, createReq.port, terrstr()); @@ -1054,6 +1062,14 @@ static int32_t mndProcessDropDnodeReq(SRpcMsg *pReq) { code = mndDropDnode(pMnode, pReq, pDnode, pMObj, pQObj, pSObj, numOfVnodes, force, dropReq.unsafe); if (code == 0) code = TSDB_CODE_ACTION_IN_PROGRESS; + char obj1[150] = {0}; + sprintf(obj1, "%s:%d", dropReq.fqdn, dropReq.port); + + char obj2[10] = {0}; + sprintf(obj2, "%d", dropReq.dnodeId); + + auditRecord(pReq, pMnode->clusterId, "dropDnode", obj1, obj2, ""); + _OVER: if (code != 0 && code != TSDB_CODE_ACTION_IN_PROGRESS) { mError("dnode:%d, failed to drop since %s", dropReq.dnodeId, terrstr()); @@ -1217,6 +1233,11 @@ static int32_t mndProcessConfigDnodeReq(SRpcMsg *pReq) { } } + char detail[50] = {0}; + sprintf(detail, "%d", cfgReq.dnodeId); + + auditRecord(pReq, pMnode->clusterId, "alterDnode", detail, "", ""); + int32_t code = -1; SSdb *pSdb = pMnode->pSdb; void *pIter = NULL; diff --git a/source/dnode/mnode/impl/src/mndMnode.c b/source/dnode/mnode/impl/src/mndMnode.c index 2757578d35..8b9deb3988 100644 --- a/source/dnode/mnode/impl/src/mndMnode.c +++ b/source/dnode/mnode/impl/src/mndMnode.c @@ -22,6 +22,7 @@ #include "mndSync.h" #include "mndTrans.h" #include "tmisce.h" +#include "audit.h" #define MNODE_VER_NUMBER 2 #define MNODE_RESERVE_SIZE 64 @@ -652,6 +653,15 @@ static int32_t mndProcessCreateMnodeReq(SRpcMsg *pReq) { code = mndCreateMnode(pMnode, pReq, pDnode, &createReq); if (code == 0) code = TSDB_CODE_ACTION_IN_PROGRESS; + char detail[1000] = {0}; + + char obj[20] = {0}; + sprintf(obj, "%d", createReq.dnodeId); + + sprintf(detail, "dnodeId:%d", createReq.dnodeId); + + auditRecord(pReq, pMnode->clusterId, "createMnode", obj, detail, ""); + _OVER: if (code != 0 && code != TSDB_CODE_ACTION_IN_PROGRESS) { mError("mnode:%d, failed to create since %s", createReq.dnodeId, terrstr()); @@ -788,6 +798,11 @@ static int32_t mndProcessDropMnodeReq(SRpcMsg *pReq) { code = mndDropMnode(pMnode, pReq, pObj); if (code == 0) code = TSDB_CODE_ACTION_IN_PROGRESS; + char obj[20] = {0}; + sprintf(obj, "%d", dropReq.dnodeId); + + auditRecord(pReq, pMnode->clusterId, "dropMnode", obj, "", ""); + _OVER: if (code != 0 && code != TSDB_CODE_ACTION_IN_PROGRESS) { mError("mnode:%d, failed to drop since %s", dropReq.dnodeId, terrstr()); diff --git a/source/dnode/mnode/impl/src/mndProfile.c b/source/dnode/mnode/impl/src/mndProfile.c index 524ea1a06b..db1546e33f 100644 --- a/source/dnode/mnode/impl/src/mndProfile.c +++ b/source/dnode/mnode/impl/src/mndProfile.c @@ -25,6 +25,7 @@ #include "mndUser.h" #include "tglobal.h" #include "tversion.h" +#include "audit.h" typedef struct { uint32_t id; @@ -308,6 +309,16 @@ _CONNECT: code = 0; + char detail[1000] = {0}; + + char obj[30] = {0}; + sprintf(obj, "%s:%d", ip, pConn->port); + + sprintf(detail, "user:%s, from:%s, connType%d", + connReq.user, obj, connReq.connType); + + auditRecord(pReq, pMnode->clusterId, "login", connReq.app, obj, detail); + _OVER: mndReleaseUser(pMnode, pUser); diff --git a/source/dnode/mnode/impl/src/mndQnode.c b/source/dnode/mnode/impl/src/mndQnode.c index 5ec81440bb..45efabe97d 100644 --- a/source/dnode/mnode/impl/src/mndQnode.c +++ b/source/dnode/mnode/impl/src/mndQnode.c @@ -20,6 +20,7 @@ #include "mndShow.h" #include "mndTrans.h" #include "mndUser.h" +#include "audit.h" #define QNODE_VER_NUMBER 1 #define QNODE_RESERVE_SIZE 64 @@ -306,6 +307,10 @@ static int32_t mndProcessCreateQnodeReq(SRpcMsg *pReq) { code = mndCreateQnode(pMnode, pReq, pDnode, &createReq); if (code == 0) code = TSDB_CODE_ACTION_IN_PROGRESS; + char obj[33] = {0}; + sprintf(obj, "%d", createReq.dnodeId); + + auditRecord(pReq, pMnode->clusterId, "createQnode", obj, "", ""); _OVER: if (code != 0 && code != TSDB_CODE_ACTION_IN_PROGRESS) { mError("qnode:%d, failed to create since %s", createReq.dnodeId, terrstr()); @@ -415,6 +420,11 @@ static int32_t mndProcessDropQnodeReq(SRpcMsg *pReq) { code = mndDropQnode(pMnode, pReq, pObj); if (code == 0) code = TSDB_CODE_ACTION_IN_PROGRESS; + char obj[33] = {0}; + sprintf(obj, "%d", dropReq.dnodeId); + + auditRecord(pReq, pMnode->clusterId, "createQnode", obj, "", ""); + _OVER: if (code != 0 && code != TSDB_CODE_ACTION_IN_PROGRESS) { mError("qnode:%d, failed to drop since %s", dropReq.dnodeId, terrstr()); diff --git a/source/dnode/mnode/impl/src/mndStb.c b/source/dnode/mnode/impl/src/mndStb.c index f52ce6582b..3d4e6a9061 100644 --- a/source/dnode/mnode/impl/src/mndStb.c +++ b/source/dnode/mnode/impl/src/mndStb.c @@ -31,6 +31,7 @@ #include "mndUser.h" #include "mndVgroup.h" #include "tname.h" +#include "audit.h" #define STB_VER_NUMBER 1 #define STB_RESERVE_SIZE 64 @@ -1173,6 +1174,8 @@ static int32_t mndProcessCreateStbReq(SRpcMsg *pReq) { } if (code == 0) code = TSDB_CODE_ACTION_IN_PROGRESS; + auditRecord(pReq, pMnode->clusterId, "createStb", pDb->name, createReq.name, ""); + _OVER: if (code != 0 && code != TSDB_CODE_ACTION_IN_PROGRESS) { mError("stb:%s, failed to create since %s", createReq.name, terrstr()); @@ -2241,6 +2244,8 @@ static int32_t mndProcessAlterStbReq(SRpcMsg *pReq) { code = mndAlterStb(pMnode, pReq, &alterReq, pDb, pStb); if (code == 0) code = TSDB_CODE_ACTION_IN_PROGRESS; + auditRecord(pReq, pMnode->clusterId, "alterStb", pDb->name, alterReq.name, ""); + _OVER: if (code != 0 && code != TSDB_CODE_ACTION_IN_PROGRESS) { mError("stb:%s, failed to alter since %s", alterReq.name, terrstr()); @@ -2502,6 +2507,8 @@ static int32_t mndProcessDropStbReq(SRpcMsg *pReq) { code = mndDropStb(pMnode, pReq, pDb, pStb); if (code == 0) code = TSDB_CODE_ACTION_IN_PROGRESS; + auditRecord(pReq, pMnode->clusterId, "dropStb", pDb->name, dropReq.name, ""); + _OVER: if (code != 0 && code != TSDB_CODE_ACTION_IN_PROGRESS) { mError("stb:%s, failed to drop since %s", dropReq.name, terrstr()); diff --git a/source/dnode/mnode/impl/src/mndStream.c b/source/dnode/mnode/impl/src/mndStream.c index 427a52af3b..063a5bdce1 100644 --- a/source/dnode/mnode/impl/src/mndStream.c +++ b/source/dnode/mnode/impl/src/mndStream.c @@ -27,6 +27,7 @@ #include "mndVgroup.h" #include "parser.h" #include "tname.h" +#include "audit.h" #define MND_STREAM_VER_NUMBER 3 #define MND_STREAM_RESERVE_SIZE 64 @@ -828,6 +829,8 @@ static int32_t mndProcessCreateStreamReq(SRpcMsg *pReq) { code = TSDB_CODE_ACTION_IN_PROGRESS; + auditRecord(pReq, pMnode->clusterId, "createStream", createStreamReq.name, "", ""); + _OVER: if (code != 0 && code != TSDB_CODE_ACTION_IN_PROGRESS) { mError("stream:%s, failed to create since %s", createStreamReq.name, terrstr()); @@ -1073,6 +1076,8 @@ static int32_t mndProcessDropStreamReq(SRpcMsg *pReq) { return -1; } + auditRecord(pReq, pMnode->clusterId, "dropStream", dropReq.name, "", ""); + sdbRelease(pMnode->pSdb, pStream); mndTransDrop(pTrans); diff --git a/source/dnode/mnode/impl/src/mndTopic.c b/source/dnode/mnode/impl/src/mndTopic.c index 621a80338d..b7089053a8 100644 --- a/source/dnode/mnode/impl/src/mndTopic.c +++ b/source/dnode/mnode/impl/src/mndTopic.c @@ -27,6 +27,7 @@ #include "mndVgroup.h" #include "parser.h" #include "tname.h" +#include "audit.h" #define MND_TOPIC_VER_NUMBER 3 #define MND_TOPIC_RESERVE_SIZE 64 @@ -621,6 +622,8 @@ static int32_t mndProcessCreateTopicReq(SRpcMsg *pReq) { code = TSDB_CODE_ACTION_IN_PROGRESS; } + auditRecord(pReq, pMnode->clusterId, "crateTopic", createTopicReq.name, createTopicReq.subDbName, createTopicReq.sql); + _OVER: if (code != 0 && code != TSDB_CODE_ACTION_IN_PROGRESS) { mError("failed to create topic:%s since %s", createTopicReq.name, terrstr()); @@ -812,6 +815,8 @@ static int32_t mndProcessDropTopicReq(SRpcMsg *pReq) { return -1; } + auditRecord(pReq, pMnode->clusterId, "dropTopic", dropReq.name, "", dropReq.sql); + return TSDB_CODE_ACTION_IN_PROGRESS; } diff --git a/source/dnode/mnode/impl/src/mndUser.c b/source/dnode/mnode/impl/src/mndUser.c index c59d23d252..8afc73bef6 100644 --- a/source/dnode/mnode/impl/src/mndUser.c +++ b/source/dnode/mnode/impl/src/mndUser.c @@ -22,6 +22,7 @@ #include "mndTopic.h" #include "mndTrans.h" #include "tbase64.h" +#include "audit.h" #define USER_VER_NUMBER 4 #define USER_RESERVE_SIZE 64 @@ -655,6 +656,8 @@ static int32_t mndProcessCreateUserReq(SRpcMsg *pReq) { code = mndCreateUser(pMnode, pOperUser->acct, &createReq, pReq); if (code == 0) code = TSDB_CODE_ACTION_IN_PROGRESS; + auditRecord(pReq, pMnode->clusterId, "createUser", createReq.user, "", ""); + _OVER: if (code != 0 && code != TSDB_CODE_ACTION_IN_PROGRESS) { mError("user:%s, failed to create since %s", createReq.user, terrstr()); @@ -970,6 +973,27 @@ static int32_t mndProcessAlterUserReq(SRpcMsg *pReq) { code = mndAlterUser(pMnode, pUser, &newUser, pReq); if (code == 0) code = TSDB_CODE_ACTION_IN_PROGRESS; + if(alterReq.alterType == TSDB_ALTER_USER_PASSWD){ + auditRecord(pReq, pMnode->clusterId, "changePassword", alterReq.user, alterReq.objname, ""); + } + else if(alterReq.alterType == TSDB_ALTER_USER_SUPERUSER || + alterReq.alterType == TSDB_ALTER_USER_ENABLE || + alterReq.alterType == TSDB_ALTER_USER_SYSINFO){ + auditRecord(pReq, pMnode->clusterId, "alterUser", alterReq.user, alterReq.objname, ""); + } + else if(alterReq.alterType == TSDB_ALTER_USER_ADD_READ_DB|| + alterReq.alterType == TSDB_ALTER_USER_ADD_WRITE_DB|| + alterReq.alterType == TSDB_ALTER_USER_ADD_ALL_DB|| + alterReq.alterType == TSDB_ALTER_USER_ADD_SUBSCRIBE_TOPIC|| + alterReq.alterType == TSDB_ALTER_USER_ADD_READ_TABLE|| + alterReq.alterType == TSDB_ALTER_USER_ADD_WRITE_TABLE|| + alterReq.alterType == TSDB_ALTER_USER_ADD_ALL_TABLE){ + auditRecord(pReq, pMnode->clusterId, "GrantPrivileges", alterReq.user, alterReq.objname, ""); + } + else{ + auditRecord(pReq, pMnode->clusterId, "RevokePrivileges", alterReq.user, alterReq.objname, ""); + } + _OVER: if (code != 0 && code != TSDB_CODE_ACTION_IN_PROGRESS) { mError("user:%s, failed to alter since %s", alterReq.user, terrstr()); @@ -1039,6 +1063,8 @@ static int32_t mndProcessDropUserReq(SRpcMsg *pReq) { code = mndDropUser(pMnode, pReq, pUser); if (code == 0) code = TSDB_CODE_ACTION_IN_PROGRESS; + auditRecord(pReq, pMnode->clusterId, "dropUser", dropReq.user, "", dropReq.sql); + _OVER: if (code != 0 && code != TSDB_CODE_ACTION_IN_PROGRESS) { mError("user:%s, failed to drop since %s", dropReq.user, terrstr()); diff --git a/source/dnode/mnode/impl/src/mndVgroup.c b/source/dnode/mnode/impl/src/mndVgroup.c index 26dc2a3f87..ff621198ff 100644 --- a/source/dnode/mnode/impl/src/mndVgroup.c +++ b/source/dnode/mnode/impl/src/mndVgroup.c @@ -26,6 +26,7 @@ #include "mndTrans.h" #include "mndUser.h" #include "tmisce.h" +#include "audit.h" #define VGROUP_VER_NUMBER 1 #define VGROUP_RESERVE_SIZE 64 @@ -2171,6 +2172,11 @@ static int32_t mndProcessRedistributeVgroupMsg(SRpcMsg *pReq) { if (code == 0) code = TSDB_CODE_ACTION_IN_PROGRESS; + char obj[33] = {0}; + sprintf(obj, "%d", req.vgId); + + auditRecord(pReq, pMnode->clusterId, "RedistributeVgroup", obj, "", req.sql); + _OVER: if (code != 0 && code != TSDB_CODE_ACTION_IN_PROGRESS) { mError("vgId:%d, failed to redistribute to dnode %d:%d:%d since %s", req.vgId, req.dnodeId1, req.dnodeId2, @@ -2981,6 +2987,8 @@ static int32_t mndProcessBalanceVgroupMsg(SRpcMsg *pReq) { code = mndBalanceVgroup(pMnode, pReq, pArray); } + auditRecord(pReq, pMnode->clusterId, "balanceVgroup", "", "", req.sql); + _OVER: if (code != 0 && code != TSDB_CODE_ACTION_IN_PROGRESS) { mError("failed to balance vgroup since %s", terrstr()); diff --git a/source/dnode/vnode/CMakeLists.txt b/source/dnode/vnode/CMakeLists.txt index c70df86e20..c2b41392e8 100644 --- a/source/dnode/vnode/CMakeLists.txt +++ b/source/dnode/vnode/CMakeLists.txt @@ -147,6 +147,7 @@ target_link_libraries( PUBLIC executor PUBLIC scheduler PUBLIC tdb + PUBLIC audit # PUBLIC bdb # PUBLIC scalar diff --git a/source/dnode/vnode/src/vnd/vnodeSvr.c b/source/dnode/vnode/src/vnd/vnodeSvr.c index 737fd03d6f..3687756ffc 100644 --- a/source/dnode/vnode/src/vnd/vnodeSvr.c +++ b/source/dnode/vnode/src/vnd/vnodeSvr.c @@ -19,6 +19,7 @@ #include "vndCos.h" #include "vnode.h" #include "vnodeInt.h" +#include "audit.h" static int32_t vnodeProcessCreateStbReq(SVnode *pVnode, int64_t ver, void *pReq, int32_t len, SRpcMsg *pRsp); static int32_t vnodeProcessAlterStbReq(SVnode *pVnode, int64_t ver, void *pReq, int32_t len, SRpcMsg *pRsp); @@ -930,6 +931,10 @@ static int32_t vnodeProcessCreateTbReq(SVnode *pVnode, int64_t ver, void *pReq, } taosArrayPush(rsp.pArray, &cRsp); + + int32_t clusterId = pVnode->config.syncCfg.nodeInfo[0].clusterId; + + auditRecord(pReq, clusterId, "createTable", pVnode->config.dbname, pCreateReq->name, ""); } vDebug("vgId:%d, add %d new created tables into query table list", TD_VID(pVnode), (int32_t)taosArrayGetSize(tbUids)); diff --git a/source/libs/CMakeLists.txt b/source/libs/CMakeLists.txt index 4a95629d59..9f812517c1 100644 --- a/source/libs/CMakeLists.txt +++ b/source/libs/CMakeLists.txt @@ -7,6 +7,7 @@ add_subdirectory(sync) add_subdirectory(qcom) add_subdirectory(nodes) add_subdirectory(catalog) +add_subdirectory(audit) add_subdirectory(scalar) add_subdirectory(function) diff --git a/source/libs/audit/CMakeLists.txt b/source/libs/audit/CMakeLists.txt new file mode 100644 index 0000000000..2a04f084f1 --- /dev/null +++ b/source/libs/audit/CMakeLists.txt @@ -0,0 +1,13 @@ +aux_source_directory(src AUDIT_SRC) +IF (TD_ENTERPRISE) + LIST(APPEND AUDIT_SRC ${TD_ENTERPRISE_DIR}/src/plugins/audit/src/audit.c) +ENDIF () + +add_library(audit STATIC ${AUDIT_SRC}) +target_include_directories( + audit + PUBLIC "${TD_SOURCE_DIR}/include/libs/audit" + PRIVATE "${CMAKE_CURRENT_SOURCE_DIR}/inc" +) + +target_link_libraries(audit os util common transport mnode) diff --git a/source/libs/audit/inc/auditInt.h b/source/libs/audit/inc/auditInt.h new file mode 100644 index 0000000000..b6c6ec87e8 --- /dev/null +++ b/source/libs/audit/inc/auditInt.h @@ -0,0 +1,25 @@ +/* + * Copyright (c) 2019 TAOS Data, Inc. + * + * This program is free software: you can use, redistribute, and/or modify + * it under the terms of the GNU Affero General Public License, version 3 + * or later ("AGPL"), as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +#ifndef _TD_AUDIT_INT_H_ +#define _TD_AUDIT_INT_H_ + +#include "audit.h" + +typedef struct { + SAuditCfg cfg; +} SAudit; + +#endif /*_TD_AUDIT_INT_H_*/ diff --git a/source/libs/audit/src/auditMain.c b/source/libs/audit/src/auditMain.c new file mode 100644 index 0000000000..d4b6465ac7 --- /dev/null +++ b/source/libs/audit/src/auditMain.c @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2019 TAOS Data, Inc. + * + * This program is free software: you can use, redistribute, and/or modify + * it under the terms of the GNU Affero General Public License, version 3 + * or later ("AGPL"), as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +#define _DEFAULT_SOURCE +#include "auditInt.h" +#include "taoserror.h" +#include "thttp.h" +#include "ttime.h" +#include "tjson.h" +#include "tglobal.h" +#include "mnode.h" + +SAudit tsAudit = {0}; +char* tsAuditUri = "/audit"; + +int32_t auditInit(const SAuditCfg *pCfg) { + tsAudit.cfg = *pCfg; + return 0; +} + +extern void auditRecordImp(SRpcMsg *pReq, int64_t clusterId, char *operation, char *target1, char *target2, char *detail); + +void auditRecord(SRpcMsg *pReq, int64_t clusterId, char *operation, char *target1, char *target2, char *detail) { + auditRecordImp(pReq, clusterId, operation, target1, target2, detail); +} + +#ifndef TD_ENTERPRISE +void auditRecordImp(SRpcMsg *pReq, int64_t clusterId, char *operation, char *target1, char *target2, char *detail) { +} +#endif + From ec6ccc45661775322bd9e8ef4fed1a1906c23c96 Mon Sep 17 00:00:00 2001 From: dmchen Date: Mon, 28 Aug 2023 09:30:54 +0800 Subject: [PATCH 2/3] ci merge --- source/libs/audit/CMakeLists.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/source/libs/audit/CMakeLists.txt b/source/libs/audit/CMakeLists.txt index 2a04f084f1..f04fba304c 100644 --- a/source/libs/audit/CMakeLists.txt +++ b/source/libs/audit/CMakeLists.txt @@ -1,7 +1,7 @@ aux_source_directory(src AUDIT_SRC) -IF (TD_ENTERPRISE) - LIST(APPEND AUDIT_SRC ${TD_ENTERPRISE_DIR}/src/plugins/audit/src/audit.c) -ENDIF () +#IF (TD_ENTERPRISE) +# LIST(APPEND AUDIT_SRC ${TD_ENTERPRISE_DIR}/src/plugins/audit/src/audit.c) +#ENDIF () add_library(audit STATIC ${AUDIT_SRC}) target_include_directories( From a7bd7e0a12175da8ae0a1e15b07eb8235f9b1d29 Mon Sep 17 00:00:00 2001 From: dmchen Date: Mon, 28 Aug 2023 10:05:07 +0800 Subject: [PATCH 3/3] ci merge --- source/libs/audit/CMakeLists.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/source/libs/audit/CMakeLists.txt b/source/libs/audit/CMakeLists.txt index f04fba304c..2a04f084f1 100644 --- a/source/libs/audit/CMakeLists.txt +++ b/source/libs/audit/CMakeLists.txt @@ -1,7 +1,7 @@ aux_source_directory(src AUDIT_SRC) -#IF (TD_ENTERPRISE) -# LIST(APPEND AUDIT_SRC ${TD_ENTERPRISE_DIR}/src/plugins/audit/src/audit.c) -#ENDIF () +IF (TD_ENTERPRISE) + LIST(APPEND AUDIT_SRC ${TD_ENTERPRISE_DIR}/src/plugins/audit/src/audit.c) +ENDIF () add_library(audit STATIC ${AUDIT_SRC}) target_include_directories(