Merge pull request #14223 from taosdata/fix/tsim

refactor: rename auth to privilege

source/dnode/mnode/impl/inc/mndPrivilege.h

@@ -64,6 +64,7 @@ void    mndCleanupPrivilege(SMnode *pMnode);
 
 int32_t mndCheckOperPrivilege(SMnode *pMnode, const char *user, EOperType operType);
 int32_t mndCheckDbPrivilege(SMnode *pMnode, const char *user, EOperType operType, SDbObj *pDb);
+int32_t mndCheckDbPrivilegeByName(SMnode *pMnode, const char *user, EOperType operType, const char *name);
 int32_t mndCheckShowPrivilege(SMnode *pMnode, const char *user, int32_t showType);
 int32_t mndCheckAlterUserPrivilege(SUserObj *pOperUser, SUserObj *pUser, SAlterUserReq *pAlter);
 

source/dnode/mnode/impl/src/mndConsumer.c

@@ -431,6 +431,10 @@ static int32_t mndProcessSubscribeReq(SRpcMsg *pMsg) {
       goto SUBSCRIBE_OVER;
     }
 
+    if (mndCheckDbPrivilegeByName(pMnode, pMsg->info.conn.user, MND_OPER_READ_DB, pTopic->db) != 0) {
+      goto SUBSCRIBE_OVER;
+    }
+
 #if 0
     // ref topic to prevent drop
     // TODO make topic complete

source/dnode/mnode/impl/src/mndPrivilege.c

@@ -16,6 +16,7 @@
 #define _DEFAULT_SOURCE
 #include "mndPrivilege.h"
 #include "mndUser.h"
+#include "mndDb.h"
 
 int32_t mndInitPrivilege(SMnode *pMnode) { return 0; }
 
@@ -133,15 +134,7 @@ int32_t mndCheckDbPrivilege(SMnode *pMnode, const char *user, EOperType operType
     if (pUser->sysInfo) goto _OVER;
   }
 
-  if (operType == MND_OPER_ALTER_DB) {
+  if (operType == MND_OPER_ALTER_DB || operType == MND_OPER_DROP_DB || operType == MND_OPER_COMPACT_DB) {
-    if (strcmp(pUser->user, pDb->createUser) == 0 && pUser->sysInfo) goto _OVER;
-  }
-
-  if (operType == MND_OPER_DROP_DB) {
-    if (strcmp(pUser->user, pDb->createUser) == 0 && pUser->sysInfo) goto _OVER;
-  }
-
-  if (operType == MND_OPER_COMPACT_DB) {
     if (strcmp(pUser->user, pDb->createUser) == 0 && pUser->sysInfo) goto _OVER;
   }
 
@@ -168,3 +161,12 @@ _OVER:
   mndReleaseUser(pMnode, pUser);
   return code;
 }
+
+int32_t mndCheckDbPrivilegeByName(SMnode *pMnode, const char *user, EOperType operType, const char *name) {
+  SDbObj *pDb = mndAcquireDb(pMnode, name);
+  if (pDb == NULL) return -1;
+
+  int32_t code = mndCheckDbPrivilege(pMnode, user, operType, pDb);
+  mndReleaseDb(pMnode, pDb);
+  return code;
+}

source/dnode/mnode/impl/src/mndStream.c

@@ -437,10 +437,6 @@ static int32_t mndCreateStbForStream(SMnode *pMnode, STrans *pTrans, const SStre
     goto _OVER;
   }
 
-  if (mndCheckDbPrivilege(pMnode, user, MND_OPER_WRITE_DB, pDb) != 0) {
-    goto _OVER;
-  }
-
   int32_t numOfStbs = -1;
   if (mndGetNumOfStbs(pMnode, pDb->name, &numOfStbs) != 0) {
     goto _OVER;
@@ -542,19 +538,6 @@ static int32_t mndProcessCreateStreamReq(SRpcMsg *pReq) {
     goto _OVER;
   }
 
-  // TODO check read auth for source and write auth for target
-#if 0
-  pDb = mndAcquireDb(pMnode, createStreamReq.sourceDB);
-  if (pDb == NULL) {
-    terrno = TSDB_CODE_MND_DB_NOT_SELECTED;
-    goto _OVER;
-  }
-
-  if (mndCheckDbPrivilege(pMnode, pReq->info.conn.user, MND_OPER_WRITE_DB, pDb) != 0) {
-    goto _OVER;
-  }
-#endif
-
   // build stream obj from request
   SStreamObj streamObj = {0};
   if (mndBuildStreamObjFromCreateReq(pMnode, &streamObj, &createStreamReq) < 0) {
@@ -592,6 +575,16 @@ static int32_t mndProcessCreateStreamReq(SRpcMsg *pReq) {
     goto _OVER;
   }
 
+  if (mndCheckDbPrivilegeByName(pMnode, pReq->info.conn.user, MND_OPER_READ_DB, streamObj.sourceDb) != 0) {
+    mndTransDrop(pTrans);
+    goto _OVER;
+  }
+
+  if (mndCheckDbPrivilegeByName(pMnode, pReq->info.conn.user, MND_OPER_WRITE_DB, streamObj.targetDb) != 0) {
+    mndTransDrop(pTrans);
+    goto _OVER;
+  }
+
   // execute creation
   if (mndTransPrepare(pMnode, pTrans) != 0) {
     mError("trans:%d, failed to prepare since %s", pTrans->id, terrstr());
@@ -641,13 +634,9 @@ static int32_t mndProcessDropStreamReq(SRpcMsg *pReq) {
     }
   }
 
-#if 0
+  if (mndCheckDbPrivilegeByName(pMnode, pReq->info.conn.user, MND_OPER_WRITE_DB, pStream->targetDb) != 0) {
-  // todo check auth
+    return -1;
-  pUser = mndAcquireUser(pMnode, pReq->info.conn.user);
-  if (pUser == NULL) {
-    goto DROP_STREAM_OVER;
   }
-#endif
 
   STrans *pTrans = mndTransCreate(pMnode, TRN_POLICY_RETRY, TRN_CONFLICT_NOTHING, pReq);
   if (pTrans == NULL) {

source/dnode/mnode/impl/src/mndTopic.c

@@ -14,12 +14,12 @@
  */
 
 #include "mndTopic.h"
-#include "mndPrivilege.h"
 #include "mndConsumer.h"
 #include "mndDb.h"
 #include "mndDnode.h"
 #include "mndMnode.h"
 #include "mndOffset.h"
+#include "mndPrivilege.h"
 #include "mndShow.h"
 #include "mndStb.h"
 #include "mndSubscribe.h"
@@ -480,7 +480,7 @@ static int32_t mndProcessCreateTopicReq(SRpcMsg *pReq) {
     goto _OVER;
   }
 
-  if (mndCheckDbPrivilege(pMnode, pReq->info.conn.user, MND_OPER_WRITE_DB, pDb) != 0) {
+  if (mndCheckDbPrivilege(pMnode, pReq->info.conn.user, MND_OPER_READ_DB, pDb) != 0) {
     goto _OVER;
   }
 
@@ -571,6 +571,10 @@ static int32_t mndProcessDropTopicReq(SRpcMsg *pReq) {
   }
 #endif
 
+  if (mndCheckDbPrivilegeByName(pMnode, pReq->info.conn.user, MND_OPER_READ_DB, pTopic->db) != 0) {
+    return -1;
+  }
+
   STrans *pTrans = mndTransCreate(pMnode, TRN_POLICY_ROLLBACK, TRN_CONFLICT_DB_INSIDE, pReq);
   mndTransSetDbName(pTrans, pTopic->db, NULL);
   if (pTrans == NULL) {

tests/script/tsim/user/privilege_sysinfo.sim

@@ -13,9 +13,6 @@ print user sysinfo0 login
 sql close
 sql connect sysinfo0
 
-system sh/exec.sh -n dnode1 -s stop
-return
-
 print =============== check oper
 sql_error create user u1 pass 'u1'
 sql_error drop user sysinfo1