From 4e1ea52d07ec06fdf6af2e5650de97975b946488 Mon Sep 17 00:00:00 2001 From: Yihao Deng Date: Fri, 21 Jun 2024 11:12:58 +0000 Subject: [PATCH] fix invalid ip white --- include/common/tmsg.h | 1 + source/client/src/clientHb.c | 8 ++++++-- source/common/src/tmsg.c | 6 ++++++ source/dnode/mnode/impl/inc/mndUser.h | 2 +- source/dnode/mnode/impl/src/mndDnode.c | 11 +++++++++-- source/dnode/mnode/impl/src/mndPrivilege.c | 2 +- source/dnode/mnode/impl/src/mndProfile.c | 7 +++++-- source/dnode/mnode/impl/src/mndUser.c | 4 ++-- 8 files changed, 31 insertions(+), 10 deletions(-) diff --git a/include/common/tmsg.h b/include/common/tmsg.h index 698ab8fac3..9e7c9cc7a2 100644 --- a/include/common/tmsg.h +++ b/include/common/tmsg.h @@ -3245,6 +3245,7 @@ typedef struct { typedef struct { int64_t reqId; SArray* reqs; // SArray + int64_t ipWhiteList; } SClientHbBatchReq; typedef struct { diff --git a/source/client/src/clientHb.c b/source/client/src/clientHb.c index a060dab24c..90bf8101b2 100644 --- a/source/client/src/clientHb.c +++ b/source/client/src/clientHb.c @@ -134,8 +134,7 @@ static int32_t hbUpdateUserAuthInfo(SAppHbMgr *pAppHbMgr, SUserAuthBatchRsp *bat if (pTscObj->whiteListInfo.fp) { SWhiteListInfo *whiteListInfo = &pTscObj->whiteListInfo; int64_t oldVer = atomic_load_64(&whiteListInfo->ver); - - if (oldVer < pRsp->whiteListVer || pRsp->whiteListVer == 0) { + if (oldVer != pRsp->whiteListVer) { atomic_store_64(&whiteListInfo->ver, pRsp->whiteListVer); if (whiteListInfo->fp) { (*whiteListInfo->fp)(whiteListInfo->param, &pRsp->whiteListVer, TAOS_NOTIFY_WHITELIST_VER); @@ -1048,6 +1047,7 @@ SClientHbBatchReq *hbGatherAllInfo(SAppHbMgr *pAppHbMgr) { return NULL; } + int64_t maxIpWhiteVer = 0; void *pIter = NULL; SHbParam param = {0}; while ((pIter = taosHashIterate(pAppHbMgr->activeInfo, pIter))) { @@ -1084,7 +1084,11 @@ SClientHbBatchReq *hbGatherAllInfo(SAppHbMgr *pAppHbMgr) { } releaseTscObj(connKey->tscRid); + + int64_t ver = atomic_load_64(&pTscObj->whiteListInfo.ver); + maxIpWhiteVer = MAX(maxIpWhiteVer, ver); } + pBatchReq->ipWhiteList = maxIpWhiteVer; return pBatchReq; } diff --git a/source/common/src/tmsg.c b/source/common/src/tmsg.c index b2a1aac62d..fa1ff00757 100644 --- a/source/common/src/tmsg.c +++ b/source/common/src/tmsg.c @@ -467,6 +467,8 @@ int32_t tSerializeSClientHbBatchReq(void *buf, int32_t bufLen, const SClientHbBa SClientHbReq *pReq = taosArrayGet(pBatchReq->reqs, i); if (tSerializeSClientHbReq(&encoder, pReq) < 0) return -1; } + + if (tEncodeI64(&encoder, pBatchReq->ipWhiteList) < 0) return -1; tEndEncode(&encoder); int32_t tlen = encoder.pos; @@ -493,6 +495,10 @@ int32_t tDeserializeSClientHbBatchReq(void *buf, int32_t bufLen, SClientHbBatchR taosArrayPush(pBatchReq->reqs, &req); } + if (!tDecodeIsEnd(&decoder)) { + tDecodeI64(&decoder, &pBatchReq->ipWhiteList); + } + tEndDecode(&decoder); tDecoderClear(&decoder); return 0; diff --git a/source/dnode/mnode/impl/inc/mndUser.h b/source/dnode/mnode/impl/inc/mndUser.h index 5782890f73..eda39dd29f 100644 --- a/source/dnode/mnode/impl/inc/mndUser.h +++ b/source/dnode/mnode/impl/inc/mndUser.h @@ -38,7 +38,7 @@ SHashObj *mndDupDbHash(SHashObj *pOld); SHashObj *mndDupTableHash(SHashObj *pOld); SHashObj *mndDupTopicHash(SHashObj *pOld); int32_t mndValidateUserAuthInfo(SMnode *pMnode, SUserAuthVersion *pUsers, int32_t numOfUses, void **ppRsp, - int32_t *pRspLen); + int32_t *pRspLen, int64_t ipWhiteListVer); int32_t mndUserRemoveDb(SMnode *pMnode, STrans *pTrans, char *db); int32_t mndUserRemoveStb(SMnode *pMnode, STrans *pTrans, char *stb); int32_t mndUserRemoveView(SMnode *pMnode, STrans *pTrans, char *view); diff --git a/source/dnode/mnode/impl/src/mndDnode.c b/source/dnode/mnode/impl/src/mndDnode.c index d02aec98ca..8847158c11 100644 --- a/source/dnode/mnode/impl/src/mndDnode.c +++ b/source/dnode/mnode/impl/src/mndDnode.c @@ -1457,7 +1457,7 @@ static int32_t mndProcessConfigDnodeReq(SRpcMsg *pReq) { terrno = TSDB_CODE_INVALID_MSG; return -1; } - + int8_t updateIpWhiteList = 0; mInfo("dnode:%d, start to config, option:%s, value:%s", cfgReq.dnodeId, cfgReq.config, cfgReq.value); if (mndCheckOperPrivilege(pMnode, pReq->info.conn.user, MND_OPER_CONFIG_DNODE) != 0) { tFreeSMCfgDnodeReq(&cfgReq); @@ -1492,6 +1492,9 @@ static int32_t mndProcessConfigDnodeReq(SRpcMsg *pReq) { terrno = TSDB_CODE_INVALID_CFG; goto _err_out; } + if (strncasecmp(dcfgReq.config, "enableWhiteList", strlen("enableWhiteList")) == 0) { + updateIpWhiteList = 1; + } if (cfgCheckRangeForDynUpdate(taosGetCfg(), dcfgReq.config, dcfgReq.value, true) != 0) goto _err_out; } @@ -1505,7 +1508,11 @@ static int32_t mndProcessConfigDnodeReq(SRpcMsg *pReq) { tFreeSMCfgDnodeReq(&cfgReq); - return mndSendCfgDnodeReq(pMnode, cfgReq.dnodeId, &dcfgReq); + int32_t code = mndSendCfgDnodeReq(pMnode, cfgReq.dnodeId, &dcfgReq); + + // dont care suss or succ; + if (updateIpWhiteList) mndRefreshUserIpWhiteList(pMnode); + return code; _err_out: tFreeSMCfgDnodeReq(&cfgReq); diff --git a/source/dnode/mnode/impl/src/mndPrivilege.c b/source/dnode/mnode/impl/src/mndPrivilege.c index fd7f9e5fb3..ce082ad45d 100644 --- a/source/dnode/mnode/impl/src/mndPrivilege.c +++ b/source/dnode/mnode/impl/src/mndPrivilege.c @@ -50,7 +50,7 @@ int32_t mndSetUserAuthRsp(SMnode *pMnode, SUserObj *pUser, SGetUserAuthRsp *pRsp pRsp->sysInfo = pUser->sysInfo; pRsp->version = pUser->authVersion; pRsp->passVer = pUser->passVersion; - pRsp->whiteListVer = mndGetUserIpWhiteListVer(pMnode, pUser); + pRsp->whiteListVer = pMnode->ipWhiteVer; return 0; } diff --git a/source/dnode/mnode/impl/src/mndProfile.c b/source/dnode/mnode/impl/src/mndProfile.c index fcd4403aa4..15ad292bf5 100644 --- a/source/dnode/mnode/impl/src/mndProfile.c +++ b/source/dnode/mnode/impl/src/mndProfile.c @@ -62,6 +62,7 @@ typedef struct { int32_t onlineDnodes; SEpSet epSet; SArray *pQnodeList; + int64_t ipWhiteListVer; } SConnPreparedObj; static SConnObj *mndCreateConn(SMnode *pMnode, const char *user, int8_t connType, uint32_t ip, uint16_t port, @@ -300,7 +301,7 @@ _CONNECT: connectRsp.svrTimestamp = taosGetTimestampSec(); connectRsp.passVer = pUser->passVersion; connectRsp.authVer = pUser->authVersion; - connectRsp.whiteListVer = mndGetUserIpWhiteListVer(pMnode, pUser); + connectRsp.whiteListVer = pUser->ipWhiteListVer; strcpy(connectRsp.sVer, version); snprintf(connectRsp.sDetailVer, sizeof(connectRsp.sDetailVer), "ver:%s\nbuild:%s\ngitinfo:%s", version, buildinfo, @@ -568,7 +569,8 @@ static int32_t mndProcessQueryHeartBeat(SMnode *pMnode, SRpcMsg *pMsg, SClientHb case HEARTBEAT_KEY_USER_AUTHINFO: { void *rspMsg = NULL; int32_t rspLen = 0; - mndValidateUserAuthInfo(pMnode, kv->value, kv->valueLen / sizeof(SUserAuthVersion), &rspMsg, &rspLen); + mndValidateUserAuthInfo(pMnode, kv->value, kv->valueLen / sizeof(SUserAuthVersion), &rspMsg, &rspLen, + pObj->ipWhiteListVer); if (rspMsg && rspLen > 0) { SKv kv1 = {.key = HEARTBEAT_KEY_USER_AUTHINFO, .valueLen = rspLen, .value = rspMsg}; taosArrayPush(hbRsp.info, &kv1); @@ -650,6 +652,7 @@ static int32_t mndProcessHeartBeatReq(SRpcMsg *pReq) { SConnPreparedObj obj = {0}; obj.totalDnodes = mndGetDnodeSize(pMnode); + obj.ipWhiteListVer = batchReq.ipWhiteList; mndGetOnlineDnodeNum(pMnode, &obj.onlineDnodes); mndGetMnodeEpSet(pMnode, &obj.epSet); mndCreateQnodeList(pMnode, &obj.pQnodeList, -1); diff --git a/source/dnode/mnode/impl/src/mndUser.c b/source/dnode/mnode/impl/src/mndUser.c index 68c935d3be..66122d7b0a 100644 --- a/source/dnode/mnode/impl/src/mndUser.c +++ b/source/dnode/mnode/impl/src/mndUser.c @@ -2805,7 +2805,7 @@ static void mndCancelGetNextPrivileges(SMnode *pMnode, void *pIter) { } int32_t mndValidateUserAuthInfo(SMnode *pMnode, SUserAuthVersion *pUsers, int32_t numOfUses, void **ppRsp, - int32_t *pRspLen) { + int32_t *pRspLen, int64_t ipWhiteListVer) { SUserAuthBatchRsp batchRsp = {0}; batchRsp.pArray = taosArrayInit(numOfUses, sizeof(SGetUserAuthRsp)); if (batchRsp.pArray == NULL) { @@ -2827,7 +2827,7 @@ int32_t mndValidateUserAuthInfo(SMnode *pMnode, SUserAuthVersion *pUsers, int32_ } pUsers[i].version = ntohl(pUsers[i].version); - if (pUser->authVersion <= pUsers[i].version) { + if (pUser->authVersion <= pUsers[i].version || ipWhiteListVer == pMnode->ipWhiteVer) { mndReleaseUser(pMnode, pUser); continue; }