From 270a7584f435051ad08f3372ae5b9eebdfc48b37 Mon Sep 17 00:00:00 2001
From: dapan1121 <wpan@taosdata.com>
Date: Wed, 13 Sep 2023 17:48:26 +0800
Subject: [PATCH] enh: prevent accessing ins_users&ins_user_privileges without
 sysinfo

---
 source/common/src/systable.c                | 4 ++--
 source/dnode/mnode/impl/src/mndInfoSchema.c | 9 ++++++++-
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/source/common/src/systable.c b/source/common/src/systable.c
index 66a498d15c..419241c0e6 100644
--- a/source/common/src/systable.c
+++ b/source/common/src/systable.c
@@ -326,7 +326,7 @@ static const SSysTableMeta infosMeta[] = {
     {TSDB_INS_TABLE_TAGS, userTagsSchema, tListLen(userTagsSchema), false},
     {TSDB_INS_TABLE_COLS, userColsSchema, tListLen(userColsSchema), false},
     // {TSDB_INS_TABLE_TABLE_DISTRIBUTED, userTblDistSchema, tListLen(userTblDistSchema)},
-    {TSDB_INS_TABLE_USERS, userUsersSchema, tListLen(userUsersSchema), false},
+    {TSDB_INS_TABLE_USERS, userUsersSchema, tListLen(userUsersSchema), true},
     {TSDB_INS_TABLE_LICENCES, grantsSchema, tListLen(grantsSchema), true},
     {TSDB_INS_TABLE_VGROUPS, vgroupsSchema, tListLen(vgroupsSchema), true},
     {TSDB_INS_TABLE_CONFIGS, configSchema, tListLen(configSchema), false},
@@ -336,7 +336,7 @@ static const SSysTableMeta infosMeta[] = {
     {TSDB_INS_TABLE_STREAMS, streamSchema, tListLen(streamSchema), false},
     {TSDB_INS_TABLE_STREAM_TASKS, streamTaskSchema, tListLen(streamTaskSchema), false},
     {TSDB_INS_TABLE_VNODES, vnodesSchema, tListLen(vnodesSchema), true},
-    {TSDB_INS_TABLE_USER_PRIVILEGES, userUserPrivilegesSchema, tListLen(userUserPrivilegesSchema), false},
+    {TSDB_INS_TABLE_USER_PRIVILEGES, userUserPrivilegesSchema, tListLen(userUserPrivilegesSchema), true},
 };
 
 static const SSysDbTableSchema connectionsSchema[] = {
diff --git a/source/dnode/mnode/impl/src/mndInfoSchema.c b/source/dnode/mnode/impl/src/mndInfoSchema.c
index 82294ac7bf..f17df28129 100644
--- a/source/dnode/mnode/impl/src/mndInfoSchema.c
+++ b/source/dnode/mnode/impl/src/mndInfoSchema.c
@@ -76,12 +76,19 @@ int32_t mndBuildInsTableSchema(SMnode *pMnode, const char *dbFName, const char *
   }
 
   STableMetaRsp *pMeta = taosHashGet(pMnode->infosMeta, tbName, strlen(tbName));
-  if (NULL == pMeta || (!sysinfo && pMeta->sysInfo)) {
+  if (NULL == pMeta) {
     mError("invalid information schema table name:%s", tbName);
     terrno = TSDB_CODE_MND_INVALID_SYS_TABLENAME;
     return -1;
   }
 
+  if (!sysinfo && pMeta->sysInfo) {
+    mError("no permission to get schema of table name:%s", tbName);
+    terrno = TSDB_CODE_PAR_PERMISSION_DENIED;
+    return -1;
+  }
+
+
   *pRsp = *pMeta;
 
   pRsp->pSchemas = taosMemoryCalloc(pMeta->numOfColumns, sizeof(SSchema));