fix invalid ip white
This commit is contained in:
Yihao Deng
parent
7c748a9ebe
commit
4e1ea52d07
|
|
@ -3245,6 +3245,7 @@ typedef struct {
|
|||
typedef struct {
|
||||
int64_t reqId;
|
||||
SArray* reqs; // SArray<SClientHbReq>
|
||||
int64_t ipWhiteList;
|
||||
} SClientHbBatchReq;
|
||||
|
||||
typedef struct {
|
||||
|
|
|
|||
|
|
@ -134,8 +134,7 @@ static int32_t hbUpdateUserAuthInfo(SAppHbMgr *pAppHbMgr, SUserAuthBatchRsp *bat
|
|||
if (pTscObj->whiteListInfo.fp) {
|
||||
SWhiteListInfo *whiteListInfo = &pTscObj->whiteListInfo;
|
||||
int64_t oldVer = atomic_load_64(&whiteListInfo->ver);
|
||||
|
||||
if (oldVer < pRsp->whiteListVer || pRsp->whiteListVer == 0) {
|
||||
if (oldVer != pRsp->whiteListVer) {
|
||||
atomic_store_64(&whiteListInfo->ver, pRsp->whiteListVer);
|
||||
if (whiteListInfo->fp) {
|
||||
(*whiteListInfo->fp)(whiteListInfo->param, &pRsp->whiteListVer, TAOS_NOTIFY_WHITELIST_VER);
|
||||
|
|
@ -1048,6 +1047,7 @@ SClientHbBatchReq *hbGatherAllInfo(SAppHbMgr *pAppHbMgr) {
|
|||
return NULL;
|
||||
}
|
||||
|
||||
int64_t maxIpWhiteVer = 0;
|
||||
void *pIter = NULL;
|
||||
SHbParam param = {0};
|
||||
while ((pIter = taosHashIterate(pAppHbMgr->activeInfo, pIter))) {
|
||||
|
|
@ -1084,7 +1084,11 @@ SClientHbBatchReq *hbGatherAllInfo(SAppHbMgr *pAppHbMgr) {
|
|||
}
|
||||
|
||||
releaseTscObj(connKey->tscRid);
|
||||
|
||||
int64_t ver = atomic_load_64(&pTscObj->whiteListInfo.ver);
|
||||
maxIpWhiteVer = MAX(maxIpWhiteVer, ver);
|
||||
}
|
||||
pBatchReq->ipWhiteList = maxIpWhiteVer;
|
||||
|
||||
return pBatchReq;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -467,6 +467,8 @@ int32_t tSerializeSClientHbBatchReq(void *buf, int32_t bufLen, const SClientHbBa
|
|||
SClientHbReq *pReq = taosArrayGet(pBatchReq->reqs, i);
|
||||
if (tSerializeSClientHbReq(&encoder, pReq) < 0) return -1;
|
||||
}
|
||||
|
||||
if (tEncodeI64(&encoder, pBatchReq->ipWhiteList) < 0) return -1;
|
||||
tEndEncode(&encoder);
|
||||
|
||||
int32_t tlen = encoder.pos;
|
||||
|
|
@ -493,6 +495,10 @@ int32_t tDeserializeSClientHbBatchReq(void *buf, int32_t bufLen, SClientHbBatchR
|
|||
taosArrayPush(pBatchReq->reqs, &req);
|
||||
}
|
||||
|
||||
if (!tDecodeIsEnd(&decoder)) {
|
||||
tDecodeI64(&decoder, &pBatchReq->ipWhiteList);
|
||||
}
|
||||
|
||||
tEndDecode(&decoder);
|
||||
tDecoderClear(&decoder);
|
||||
return 0;
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ SHashObj *mndDupDbHash(SHashObj *pOld);
|
|||
SHashObj *mndDupTableHash(SHashObj *pOld);
|
||||
SHashObj *mndDupTopicHash(SHashObj *pOld);
|
||||
int32_t mndValidateUserAuthInfo(SMnode *pMnode, SUserAuthVersion *pUsers, int32_t numOfUses, void **ppRsp,
|
||||
int32_t *pRspLen);
|
||||
int32_t *pRspLen, int64_t ipWhiteListVer);
|
||||
int32_t mndUserRemoveDb(SMnode *pMnode, STrans *pTrans, char *db);
|
||||
int32_t mndUserRemoveStb(SMnode *pMnode, STrans *pTrans, char *stb);
|
||||
int32_t mndUserRemoveView(SMnode *pMnode, STrans *pTrans, char *view);
|
||||
|
|
|
|||
|
|
@ -1457,7 +1457,7 @@ static int32_t mndProcessConfigDnodeReq(SRpcMsg *pReq) {
|
|||
terrno = TSDB_CODE_INVALID_MSG;
|
||||
return -1;
|
||||
}
|
||||
|
||||
int8_t updateIpWhiteList = 0;
|
||||
mInfo("dnode:%d, start to config, option:%s, value:%s", cfgReq.dnodeId, cfgReq.config, cfgReq.value);
|
||||
if (mndCheckOperPrivilege(pMnode, pReq->info.conn.user, MND_OPER_CONFIG_DNODE) != 0) {
|
||||
tFreeSMCfgDnodeReq(&cfgReq);
|
||||
|
|
@ -1492,6 +1492,9 @@ static int32_t mndProcessConfigDnodeReq(SRpcMsg *pReq) {
|
|||
terrno = TSDB_CODE_INVALID_CFG;
|
||||
goto _err_out;
|
||||
}
|
||||
if (strncasecmp(dcfgReq.config, "enableWhiteList", strlen("enableWhiteList")) == 0) {
|
||||
updateIpWhiteList = 1;
|
||||
}
|
||||
|
||||
if (cfgCheckRangeForDynUpdate(taosGetCfg(), dcfgReq.config, dcfgReq.value, true) != 0) goto _err_out;
|
||||
}
|
||||
|
|
@ -1505,7 +1508,11 @@ static int32_t mndProcessConfigDnodeReq(SRpcMsg *pReq) {
|
|||
|
||||
tFreeSMCfgDnodeReq(&cfgReq);
|
||||
|
||||
return mndSendCfgDnodeReq(pMnode, cfgReq.dnodeId, &dcfgReq);
|
||||
int32_t code = mndSendCfgDnodeReq(pMnode, cfgReq.dnodeId, &dcfgReq);
|
||||
|
||||
// dont care suss or succ;
|
||||
if (updateIpWhiteList) mndRefreshUserIpWhiteList(pMnode);
|
||||
return code;
|
||||
|
||||
_err_out:
|
||||
tFreeSMCfgDnodeReq(&cfgReq);
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@ int32_t mndSetUserAuthRsp(SMnode *pMnode, SUserObj *pUser, SGetUserAuthRsp *pRsp
|
|||
pRsp->sysInfo = pUser->sysInfo;
|
||||
pRsp->version = pUser->authVersion;
|
||||
pRsp->passVer = pUser->passVersion;
|
||||
pRsp->whiteListVer = mndGetUserIpWhiteListVer(pMnode, pUser);
|
||||
pRsp->whiteListVer = pMnode->ipWhiteVer;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -62,6 +62,7 @@ typedef struct {
|
|||
int32_t onlineDnodes;
|
||||
SEpSet epSet;
|
||||
SArray *pQnodeList;
|
||||
int64_t ipWhiteListVer;
|
||||
} SConnPreparedObj;
|
||||
|
||||
static SConnObj *mndCreateConn(SMnode *pMnode, const char *user, int8_t connType, uint32_t ip, uint16_t port,
|
||||
|
|
@ -300,7 +301,7 @@ _CONNECT:
|
|||
connectRsp.svrTimestamp = taosGetTimestampSec();
|
||||
connectRsp.passVer = pUser->passVersion;
|
||||
connectRsp.authVer = pUser->authVersion;
|
||||
connectRsp.whiteListVer = mndGetUserIpWhiteListVer(pMnode, pUser);
|
||||
connectRsp.whiteListVer = pUser->ipWhiteListVer;
|
||||
|
||||
strcpy(connectRsp.sVer, version);
|
||||
snprintf(connectRsp.sDetailVer, sizeof(connectRsp.sDetailVer), "ver:%s\nbuild:%s\ngitinfo:%s", version, buildinfo,
|
||||
|
|
@ -568,7 +569,8 @@ static int32_t mndProcessQueryHeartBeat(SMnode *pMnode, SRpcMsg *pMsg, SClientHb
|
|||
case HEARTBEAT_KEY_USER_AUTHINFO: {
|
||||
void *rspMsg = NULL;
|
||||
int32_t rspLen = 0;
|
||||
mndValidateUserAuthInfo(pMnode, kv->value, kv->valueLen / sizeof(SUserAuthVersion), &rspMsg, &rspLen);
|
||||
mndValidateUserAuthInfo(pMnode, kv->value, kv->valueLen / sizeof(SUserAuthVersion), &rspMsg, &rspLen,
|
||||
pObj->ipWhiteListVer);
|
||||
if (rspMsg && rspLen > 0) {
|
||||
SKv kv1 = {.key = HEARTBEAT_KEY_USER_AUTHINFO, .valueLen = rspLen, .value = rspMsg};
|
||||
taosArrayPush(hbRsp.info, &kv1);
|
||||
|
|
@ -650,6 +652,7 @@ static int32_t mndProcessHeartBeatReq(SRpcMsg *pReq) {
|
|||
|
||||
SConnPreparedObj obj = {0};
|
||||
obj.totalDnodes = mndGetDnodeSize(pMnode);
|
||||
obj.ipWhiteListVer = batchReq.ipWhiteList;
|
||||
mndGetOnlineDnodeNum(pMnode, &obj.onlineDnodes);
|
||||
mndGetMnodeEpSet(pMnode, &obj.epSet);
|
||||
mndCreateQnodeList(pMnode, &obj.pQnodeList, -1);
|
||||
|
|
|
|||
|
|
@ -2805,7 +2805,7 @@ static void mndCancelGetNextPrivileges(SMnode *pMnode, void *pIter) {
|
|||
}
|
||||
|
||||
int32_t mndValidateUserAuthInfo(SMnode *pMnode, SUserAuthVersion *pUsers, int32_t numOfUses, void **ppRsp,
|
||||
int32_t *pRspLen) {
|
||||
int32_t *pRspLen, int64_t ipWhiteListVer) {
|
||||
SUserAuthBatchRsp batchRsp = {0};
|
||||
batchRsp.pArray = taosArrayInit(numOfUses, sizeof(SGetUserAuthRsp));
|
||||
if (batchRsp.pArray == NULL) {
|
||||
|
|
@ -2827,7 +2827,7 @@ int32_t mndValidateUserAuthInfo(SMnode *pMnode, SUserAuthVersion *pUsers, int32_
|
|||
}
|
||||
|
||||
pUsers[i].version = ntohl(pUsers[i].version);
|
||||
if (pUser->authVersion <= pUsers[i].version) {
|
||||
if (pUser->authVersion <= pUsers[i].version || ipWhiteListVer == pMnode->ipWhiteVer) {
|
||||
mndReleaseUser(pMnode, pUser);
|
||||
continue;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue