From 39d04ed15b5d81438636c875b4ad41fe1737b31f Mon Sep 17 00:00:00 2001
From: yihaoDeng <cyang@taosdata.com>
Date: Mon, 11 Sep 2023 20:48:24 +0800
Subject: [PATCH] add rpc update interface

---
 include/common/tmsgcb.h                       |  1 +
 source/dnode/mgmt/mgmt_dnode/src/dmHandle.c   |  4 ++
 source/dnode/mgmt/mgmt_dnode/src/dmInt.c      |  2 +-
 source/dnode/mgmt/node_mgmt/src/dmTransport.c | 22 ++++++----
 source/dnode/mnode/impl/inc/mndPrivilege.h    |  1 +
 source/dnode/mnode/impl/src/mndPrivilege.c    |  3 ++
 source/dnode/mnode/impl/src/mndUser.c         |  9 ++--
 source/libs/transport/src/transSvr.c          | 41 +++++++++++--------
 8 files changed, 56 insertions(+), 27 deletions(-)

diff --git a/include/common/tmsgcb.h b/include/common/tmsgcb.h
index 9b709272b2..311bffb7da 100644
--- a/include/common/tmsgcb.h
+++ b/include/common/tmsgcb.h
@@ -52,6 +52,7 @@ typedef struct {
   void*                   data;
   void*                   mgmt;
   void*                   clientRpc;
+  void*                   serverRpc;
   PutToQueueFp            putToQueueFp;
   GetQueueSizeFp          qsizeFp;
   SendReqFp               sendReqFp;
diff --git a/source/dnode/mgmt/mgmt_dnode/src/dmHandle.c b/source/dnode/mgmt/mgmt_dnode/src/dmHandle.c
index e9ba8603e6..023859176f 100644
--- a/source/dnode/mgmt/mgmt_dnode/src/dmHandle.c
+++ b/source/dnode/mgmt/mgmt_dnode/src/dmHandle.c
@@ -33,6 +33,10 @@ static void dmUpdateDnodeCfg(SDnodeMgmt *pMgmt, SDnodeCfg *pCfg) {
 static void dmMayShouldUpdateIpWhiteList(SDnodeMgmt *pMgmt, int64_t ver) {
   dInfo("ip-white-dnode ver: %" PRId64 ", status ver: %" PRId64 "", pMgmt->ipWhiteVer, ver);
   if (pMgmt->ipWhiteVer == ver) {
+    if (ver == 0) {
+      dInfo("disable ip-white-dnode ver: %" PRId64 ", status ver: %" PRId64 "", pMgmt->ipWhiteVer, ver);
+      rpcSetIpWhite(pMgmt->msgCb.serverRpc, NULL);
+    }
     return;
   }
   int64_t oldVer = pMgmt->ipWhiteVer;
diff --git a/source/dnode/mgmt/mgmt_dnode/src/dmInt.c b/source/dnode/mgmt/mgmt_dnode/src/dmInt.c
index ab3852cd0c..b68a6e9008 100644
--- a/source/dnode/mgmt/mgmt_dnode/src/dmInt.c
+++ b/source/dnode/mgmt/mgmt_dnode/src/dmInt.c
@@ -55,7 +55,7 @@ static int32_t dmOpenMgmt(SMgmtInputOpt *pInput, SMgmtOutputOpt *pOutput) {
   pMgmt->getMnodeLoadsFp = pInput->getMnodeLoadsFp;
   pMgmt->getQnodeLoadsFp = pInput->getQnodeLoadsFp;
 
-  pMgmt->ipWhiteVer = -1;
+  pMgmt->ipWhiteVer = 0;
   if (dmStartWorker(pMgmt) != 0) {
     return -1;
   }
diff --git a/source/dnode/mgmt/node_mgmt/src/dmTransport.c b/source/dnode/mgmt/node_mgmt/src/dmTransport.c
index 763f476abc..93bc80b705 100644
--- a/source/dnode/mgmt/node_mgmt/src/dmTransport.c
+++ b/source/dnode/mgmt/node_mgmt/src/dmTransport.c
@@ -73,6 +73,18 @@ static void dmUpdateRpcIpWhite(void *pTrans, SRpcMsg *pRpc) {
 
   rpcFreeCont(pRpc->pCont);
 }
+static bool dmIsForbiddenIp(int8_t forbidden, char *user, uint32_t clientIp) {
+  if (forbidden) {
+    SIpV4Range range = {.ip = clientIp, .mask = 32};
+    char       buf[36] = {0};
+
+    rpcUtilSIpRangeToStr(&range, buf);
+    dError("User %s host:%s not in ip white list", user, buf);
+    return true;
+  } else {
+    return false;
+  }
+}
 static void dmProcessRpcMsg(SDnode *pDnode, SRpcMsg *pRpc, SEpSet *pEpSet) {
   SDnodeTrans  *pTrans = &pDnode->trans;
   int32_t       code = -1;
@@ -91,13 +103,8 @@ static void dmProcessRpcMsg(SDnode *pDnode, SRpcMsg *pRpc, SEpSet *pEpSet) {
     goto _OVER;
   }
 
-  if (pRpc->info.forbiddenIp == 1) {
-    char       tbuf[36] = {0};
-    SIpV4Range range = {.ip = pRpc->info.conn.clientIp, .mask = 32};
-    rpcUtilSIpRangeToStr(&range, tbuf);
-
-    dError("User %s host:%s not in ip white list", pRpc->info.conn.user, tbuf);
-
+  bool isForbidden = dmIsForbiddenIp(pRpc->info.forbiddenIp, pRpc->info.conn.user, pRpc->info.conn.clientIp);
+  if (isForbidden) {
     terrno = TSDB_CODE_IP_NOT_IN_WHITE_LIST;
     goto _OVER;
   }
@@ -397,6 +404,7 @@ void dmCleanupServer(SDnode *pDnode) {
 SMsgCb dmGetMsgcb(SDnode *pDnode) {
   SMsgCb msgCb = {
       .clientRpc = pDnode->trans.clientRpc,
+      .serverRpc = pDnode->trans.serverRpc,
       .sendReqFp = dmSendReq,
       .sendRspFp = dmSendRsp,
       .registerBrokenLinkArgFp = dmRegisterBrokenLinkArg,
diff --git a/source/dnode/mnode/impl/inc/mndPrivilege.h b/source/dnode/mnode/impl/inc/mndPrivilege.h
index dfde2f671e..dcfcdd814a 100644
--- a/source/dnode/mnode/impl/inc/mndPrivilege.h
+++ b/source/dnode/mnode/impl/inc/mndPrivilege.h
@@ -33,6 +33,7 @@ int32_t mndCheckTopicPrivilegeByName(SMnode *pMnode, const char *user, EOperType
 int32_t mndCheckShowPrivilege(SMnode *pMnode, const char *user, EShowType showType, const char *dbname);
 int32_t mndCheckAlterUserPrivilege(SUserObj *pOperUser, SUserObj *pUser, SAlterUserReq *pAlter);
 int32_t mndSetUserAuthRsp(SMnode *pMnode, SUserObj *pUser, SGetUserAuthRsp *pRsp);
+int32_t mndCheckIpWhiteList(SMnode *pMnode);
 
 #ifdef __cplusplus
 }
diff --git a/source/dnode/mnode/impl/src/mndPrivilege.c b/source/dnode/mnode/impl/src/mndPrivilege.c
index bec516b1ee..70bed1480b 100644
--- a/source/dnode/mnode/impl/src/mndPrivilege.c
+++ b/source/dnode/mnode/impl/src/mndPrivilege.c
@@ -28,6 +28,7 @@ int32_t mndCheckDbPrivilege(SMnode *pMnode, const char *user, EOperType operType
 int32_t mndCheckDbPrivilegeByName(SMnode *pMnode, const char *user, EOperType operType, const char *dbname) {
   return 0;
 }
+
 int32_t mndCheckTopicPrivilege(SMnode *pMnode, const char *user, EOperType operType, SMqTopicObj *pTopic) { return 0; }
 int32_t mndCheckTopicPrivilegeByName(SMnode *pMnode, const char *user, EOperType operType, const char *topicName) {
   return 0;
@@ -41,4 +42,6 @@ int32_t mndSetUserAuthRsp(SMnode *pMnode, SUserObj *pUser, SGetUserAuthRsp *pRsp
   pRsp->passVer = pUser->passVersion;
   return 0;
 }
+
+int32_t mndCheckIpWhiteList(SMnode *pMnode) { return 0; }
 #endif
\ No newline at end of file
diff --git a/source/dnode/mnode/impl/src/mndUser.c b/source/dnode/mnode/impl/src/mndUser.c
index 6f60c199ca..d076b57bd8 100644
--- a/source/dnode/mnode/impl/src/mndUser.c
+++ b/source/dnode/mnode/impl/src/mndUser.c
@@ -66,7 +66,7 @@ static SIpWhiteMgt ipWhiteMgt;
 
 void ipWhiteMgtInit() {
   ipWhiteMgt.pIpWhiteTab = taosHashInit(8, taosGetDefaultHashFunction(TSDB_DATA_TYPE_BINARY), 1, HASH_ENTRY_LOCK);
-  ipWhiteMgt.ver = taosGetTimestampMs();
+  ipWhiteMgt.ver = 0;
   taosThreadRwlockInit(&ipWhiteMgt.rw, NULL);
 }
 void ipWhiteMgtCleanup() {
@@ -188,11 +188,14 @@ int64_t mndGetIpWhiteVer(SMnode *pMnode) {
   int64_t ver = ipWhiteMgt.ver;
   if (ver == 0) {
     ipWhiteMgtUpdateAll(pMnode);
+    ipWhiteMgt.ver = taosGetTimestampMs();
   }
-
-  ver = ipWhiteMgt.ver;
   taosThreadRwlockUnlock(&ipWhiteMgt.rw);
   mInfo("ip-white-mnode ver, %" PRId64 "", ver);
+
+  if (mndCheckIpWhiteList(pMnode) == 0 || tsEnableWhiteList == false) {
+    return 0;
+  }
   return ver;
 }
 
diff --git a/source/libs/transport/src/transSvr.c b/source/libs/transport/src/transSvr.c
index 6a65cb0272..f4d0a0371c 100644
--- a/source/libs/transport/src/transSvr.c
+++ b/source/libs/transport/src/transSvr.c
@@ -96,6 +96,7 @@ typedef struct SWorkThrd {
 
   SWhiteList* pWhiteList;
   int64_t     whiteListVer;
+  int8_t      enableIpWhiteList;
 } SWorkThrd;
 
 typedef struct SServerObj {
@@ -355,9 +356,12 @@ static bool uvHandleReq(SSvrConn* pConn) {
   pConn->inType = pHead->msgType;
   memcpy(pConn->user, pHead->user, strlen(pHead->user));
 
-  int8_t forbiddenIp = uvWhiteListCheckConn(pThrd->pWhiteList, pConn) == false ? 1 : 0;
-  if (forbiddenIp == 0) {
-    uvWhiteListSetConnVer(pThrd->pWhiteList, pConn);
+  int8_t forbiddenIp = 0;
+  if (pThrd->enableIpWhiteList) {
+    forbiddenIp = uvWhiteListCheckConn(pThrd->pWhiteList, pConn) == false ? 1 : 0;
+    if (forbiddenIp == 0) {
+      uvWhiteListSetConnVer(pThrd->pWhiteList, pConn);
+    }
   }
 
   if (uvRecvReleaseReq(pConn, pHead)) {
@@ -1355,21 +1359,26 @@ void uvHandleRegister(SSvrMsg* msg, SWorkThrd* thrd) {
 }
 void uvHandleUpdate(SSvrMsg* msg, SWorkThrd* thrd) {
   SUpdateIpWhite* req = msg->arg;
-  for (int i = 0; i < req->numOfUser; i++) {
-    SUpdateUserIpWhite* pUser = &req->pUserIpWhite[i];
+  if (req != NULL) {
+    for (int i = 0; i < req->numOfUser; i++) {
+      SUpdateUserIpWhite* pUser = &req->pUserIpWhite[i];
 
-    int32_t       sz = pUser->numOfRange * sizeof(SIpV4Range);
-    SIpWhiteList* pList = taosMemoryCalloc(1, sz + sizeof(SIpWhiteList));
-    pList->num = pUser->numOfRange;
+      int32_t       sz = pUser->numOfRange * sizeof(SIpV4Range);
+      SIpWhiteList* pList = taosMemoryCalloc(1, sz + sizeof(SIpWhiteList));
+      pList->num = pUser->numOfRange;
 
-    memcpy(pList->pIpRange, pUser->pIpRanges, sz);
-    uvWhiteListAdd(thrd->pWhiteList, pUser->user, pList, pUser->ver);
+      memcpy(pList->pIpRange, pUser->pIpRanges, sz);
+      uvWhiteListAdd(thrd->pWhiteList, pUser->user, pList, pUser->ver);
+    }
+
+    thrd->pWhiteList->ver = req->ver;
+    thrd->enableIpWhiteList = 1;
+
+    tFreeSUpdateIpWhiteReq(req);
+    taosMemoryFree(req);
+  } else {
+    thrd->enableIpWhiteList = 0;
   }
-
-  thrd->pWhiteList->ver = req->ver;
-
-  tFreeSUpdateIpWhiteReq(req);
-  taosMemoryFree(req);
   taosMemoryFree(msg);
   return;
 }
@@ -1560,7 +1569,7 @@ void transSetIpWhiteList(void* thandle, void* arg, FilteFunc* func) {
     SWorkThrd* pThrd = svrObj->pThreadObj[i];
 
     SSvrMsg*        msg = taosMemoryCalloc(1, sizeof(SSvrMsg));
-    SUpdateIpWhite* pReq = cloneSUpdateIpWhiteReq((SUpdateIpWhite*)arg);
+    SUpdateIpWhite* pReq = (arg != NULL ? cloneSUpdateIpWhiteReq((SUpdateIpWhite*)arg) : NULL);
 
     msg->type = Update;
     msg->arg = pReq;