xxq250
/
homework-jianmu
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix invalid ip white

This commit is contained in:
Yihao Deng 2024-06-21 11:12:58 +00:00
parent 7c748a9ebe
commit 4e1ea52d07
8 changed files with 31 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/common/tmsg.h
View File

@ -3245,6 +3245,7 @@ typedef struct {
typedef struct { typedef struct {
int64_t reqId; int64_t reqId;
SArray* reqs; // SArray<SClientHbReq> SArray* reqs; // SArray<SClientHbReq>
int64_t ipWhiteList;
} SClientHbBatchReq; } SClientHbBatchReq;
typedef struct { typedef struct {

8
source/client/src/clientHb.c
View File

@ -134,8 +134,7 @@ static int32_t hbUpdateUserAuthInfo(SAppHbMgr *pAppHbMgr, SUserAuthBatchRsp *bat
if (pTscObj->whiteListInfo.fp) { if (pTscObj->whiteListInfo.fp) {
SWhiteListInfo *whiteListInfo = &pTscObj->whiteListInfo; SWhiteListInfo *whiteListInfo = &pTscObj->whiteListInfo;
int64_t oldVer = atomic_load_64(&whiteListInfo->ver); int64_t oldVer = atomic_load_64(&whiteListInfo->ver);
if (oldVer != pRsp->whiteListVer) {
if (oldVer < pRsp->whiteListVer || pRsp->whiteListVer == 0) {
atomic_store_64(&whiteListInfo->ver, pRsp->whiteListVer); atomic_store_64(&whiteListInfo->ver, pRsp->whiteListVer);
if (whiteListInfo->fp) { if (whiteListInfo->fp) {
(*whiteListInfo->fp)(whiteListInfo->param, &pRsp->whiteListVer, TAOS_NOTIFY_WHITELIST_VER); (*whiteListInfo->fp)(whiteListInfo->param, &pRsp->whiteListVer, TAOS_NOTIFY_WHITELIST_VER);
@ -1048,6 +1047,7 @@ SClientHbBatchReq *hbGatherAllInfo(SAppHbMgr *pAppHbMgr) {
return NULL; return NULL;
} }
int64_t maxIpWhiteVer = 0;
void *pIter = NULL; void *pIter = NULL;
SHbParam param = {0}; SHbParam param = {0};
while ((pIter = taosHashIterate(pAppHbMgr->activeInfo, pIter))) { while ((pIter = taosHashIterate(pAppHbMgr->activeInfo, pIter))) {
@ -1084,7 +1084,11 @@ SClientHbBatchReq *hbGatherAllInfo(SAppHbMgr *pAppHbMgr) {
} }
releaseTscObj(connKey->tscRid); releaseTscObj(connKey->tscRid);
int64_t ver = atomic_load_64(&pTscObj->whiteListInfo.ver);
maxIpWhiteVer = MAX(maxIpWhiteVer, ver);
} }
pBatchReq->ipWhiteList = maxIpWhiteVer;
return pBatchReq; return pBatchReq;
} }

6
source/common/src/tmsg.c
View File

@ -467,6 +467,8 @@ int32_t tSerializeSClientHbBatchReq(void *buf, int32_t bufLen, const SClientHbBa
SClientHbReq *pReq = taosArrayGet(pBatchReq->reqs, i); SClientHbReq *pReq = taosArrayGet(pBatchReq->reqs, i);
if (tSerializeSClientHbReq(&encoder, pReq) < 0) return -1; if (tSerializeSClientHbReq(&encoder, pReq) < 0) return -1;
} }
if (tEncodeI64(&encoder, pBatchReq->ipWhiteList) < 0) return -1;
tEndEncode(&encoder); tEndEncode(&encoder);
int32_t tlen = encoder.pos; int32_t tlen = encoder.pos;
@ -493,6 +495,10 @@ int32_t tDeserializeSClientHbBatchReq(void *buf, int32_t bufLen, SClientHbBatchR
taosArrayPush(pBatchReq->reqs, &req); taosArrayPush(pBatchReq->reqs, &req);
} }
if (!tDecodeIsEnd(&decoder)) {
tDecodeI64(&decoder, &pBatchReq->ipWhiteList);
}
tEndDecode(&decoder); tEndDecode(&decoder);
tDecoderClear(&decoder); tDecoderClear(&decoder);
return 0; return 0;

2
source/dnode/mnode/impl/inc/mndUser.h
View File

@ -38,7 +38,7 @@ SHashObj *mndDupDbHash(SHashObj *pOld);
SHashObj *mndDupTableHash(SHashObj *pOld); SHashObj *mndDupTableHash(SHashObj *pOld);
SHashObj *mndDupTopicHash(SHashObj *pOld); SHashObj *mndDupTopicHash(SHashObj *pOld);
int32_t mndValidateUserAuthInfo(SMnode *pMnode, SUserAuthVersion *pUsers, int32_t numOfUses, void **ppRsp, int32_t mndValidateUserAuthInfo(SMnode *pMnode, SUserAuthVersion *pUsers, int32_t numOfUses, void **ppRsp,
int32_t *pRspLen); int32_t *pRspLen, int64_t ipWhiteListVer);
int32_t mndUserRemoveDb(SMnode *pMnode, STrans *pTrans, char *db); int32_t mndUserRemoveDb(SMnode *pMnode, STrans *pTrans, char *db);
int32_t mndUserRemoveStb(SMnode *pMnode, STrans *pTrans, char *stb); int32_t mndUserRemoveStb(SMnode *pMnode, STrans *pTrans, char *stb);
int32_t mndUserRemoveView(SMnode *pMnode, STrans *pTrans, char *view); int32_t mndUserRemoveView(SMnode *pMnode, STrans *pTrans, char *view);

11
source/dnode/mnode/impl/src/mndDnode.c
View File

@ -1457,7 +1457,7 @@ static int32_t mndProcessConfigDnodeReq(SRpcMsg *pReq) {
terrno = TSDB_CODE_INVALID_MSG; terrno = TSDB_CODE_INVALID_MSG;
return -1; return -1;
} }
int8_t updateIpWhiteList = 0;
mInfo("dnode:%d, start to config, option:%s, value:%s", cfgReq.dnodeId, cfgReq.config, cfgReq.value); mInfo("dnode:%d, start to config, option:%s, value:%s", cfgReq.dnodeId, cfgReq.config, cfgReq.value);
if (mndCheckOperPrivilege(pMnode, pReq->info.conn.user, MND_OPER_CONFIG_DNODE) != 0) { if (mndCheckOperPrivilege(pMnode, pReq->info.conn.user, MND_OPER_CONFIG_DNODE) != 0) {
tFreeSMCfgDnodeReq(&cfgReq); tFreeSMCfgDnodeReq(&cfgReq);
@ -1492,6 +1492,9 @@ static int32_t mndProcessConfigDnodeReq(SRpcMsg *pReq) {
terrno = TSDB_CODE_INVALID_CFG; terrno = TSDB_CODE_INVALID_CFG;
goto _err_out; goto _err_out;
} }
if (strncasecmp(dcfgReq.config, "enableWhiteList", strlen("enableWhiteList")) == 0) {
updateIpWhiteList = 1;
}
if (cfgCheckRangeForDynUpdate(taosGetCfg(), dcfgReq.config, dcfgReq.value, true) != 0) goto _err_out; if (cfgCheckRangeForDynUpdate(taosGetCfg(), dcfgReq.config, dcfgReq.value, true) != 0) goto _err_out;
} }
@ -1505,7 +1508,11 @@ static int32_t mndProcessConfigDnodeReq(SRpcMsg *pReq) {
tFreeSMCfgDnodeReq(&cfgReq); tFreeSMCfgDnodeReq(&cfgReq);
return mndSendCfgDnodeReq(pMnode, cfgReq.dnodeId, &dcfgReq); int32_t code = mndSendCfgDnodeReq(pMnode, cfgReq.dnodeId, &dcfgReq);
// dont care suss or succ;
if (updateIpWhiteList) mndRefreshUserIpWhiteList(pMnode);
return code;
_err_out: _err_out:
tFreeSMCfgDnodeReq(&cfgReq); tFreeSMCfgDnodeReq(&cfgReq);

2
source/dnode/mnode/impl/src/mndPrivilege.c
View File

@ -50,7 +50,7 @@ int32_t mndSetUserAuthRsp(SMnode *pMnode, SUserObj *pUser, SGetUserAuthRsp *pRsp
pRsp->sysInfo = pUser->sysInfo; pRsp->sysInfo = pUser->sysInfo;
pRsp->version = pUser->authVersion; pRsp->version = pUser->authVersion;
pRsp->passVer = pUser->passVersion; pRsp->passVer = pUser->passVersion;
pRsp->whiteListVer = mndGetUserIpWhiteListVer(pMnode, pUser); pRsp->whiteListVer = pMnode->ipWhiteVer;
return 0; return 0;
} }

7
source/dnode/mnode/impl/src/mndProfile.c
View File

@ -62,6 +62,7 @@ typedef struct {
int32_t onlineDnodes; int32_t onlineDnodes;
SEpSet epSet; SEpSet epSet;
SArray *pQnodeList; SArray *pQnodeList;
int64_t ipWhiteListVer;
} SConnPreparedObj; } SConnPreparedObj;
static SConnObj *mndCreateConn(SMnode *pMnode, const char *user, int8_t connType, uint32_t ip, uint16_t port, static SConnObj *mndCreateConn(SMnode *pMnode, const char *user, int8_t connType, uint32_t ip, uint16_t port,
@ -300,7 +301,7 @@ _CONNECT:
connectRsp.svrTimestamp = taosGetTimestampSec(); connectRsp.svrTimestamp = taosGetTimestampSec();
connectRsp.passVer = pUser->passVersion; connectRsp.passVer = pUser->passVersion;
connectRsp.authVer = pUser->authVersion; connectRsp.authVer = pUser->authVersion;
connectRsp.whiteListVer = mndGetUserIpWhiteListVer(pMnode, pUser); connectRsp.whiteListVer = pUser->ipWhiteListVer;
strcpy(connectRsp.sVer, version); strcpy(connectRsp.sVer, version);
snprintf(connectRsp.sDetailVer, sizeof(connectRsp.sDetailVer), "ver:%s\nbuild:%s\ngitinfo:%s", version, buildinfo, snprintf(connectRsp.sDetailVer, sizeof(connectRsp.sDetailVer), "ver:%s\nbuild:%s\ngitinfo:%s", version, buildinfo,
@ -568,7 +569,8 @@ static int32_t mndProcessQueryHeartBeat(SMnode *pMnode, SRpcMsg *pMsg, SClientHb
case HEARTBEAT_KEY_USER_AUTHINFO: { case HEARTBEAT_KEY_USER_AUTHINFO: {
void *rspMsg = NULL; void *rspMsg = NULL;
int32_t rspLen = 0; int32_t rspLen = 0;
mndValidateUserAuthInfo(pMnode, kv->value, kv->valueLen / sizeof(SUserAuthVersion), &rspMsg, &rspLen); mndValidateUserAuthInfo(pMnode, kv->value, kv->valueLen / sizeof(SUserAuthVersion), &rspMsg, &rspLen,
pObj->ipWhiteListVer);
if (rspMsg && rspLen > 0) { if (rspMsg && rspLen > 0) {
SKv kv1 = {.key = HEARTBEAT_KEY_USER_AUTHINFO, .valueLen = rspLen, .value = rspMsg}; SKv kv1 = {.key = HEARTBEAT_KEY_USER_AUTHINFO, .valueLen = rspLen, .value = rspMsg};
taosArrayPush(hbRsp.info, &kv1); taosArrayPush(hbRsp.info, &kv1);
@ -650,6 +652,7 @@ static int32_t mndProcessHeartBeatReq(SRpcMsg *pReq) {
SConnPreparedObj obj = {0}; SConnPreparedObj obj = {0};
obj.totalDnodes = mndGetDnodeSize(pMnode); obj.totalDnodes = mndGetDnodeSize(pMnode);
obj.ipWhiteListVer = batchReq.ipWhiteList;
mndGetOnlineDnodeNum(pMnode, &obj.onlineDnodes); mndGetOnlineDnodeNum(pMnode, &obj.onlineDnodes);
mndGetMnodeEpSet(pMnode, &obj.epSet); mndGetMnodeEpSet(pMnode, &obj.epSet);
mndCreateQnodeList(pMnode, &obj.pQnodeList, -1); mndCreateQnodeList(pMnode, &obj.pQnodeList, -1);

4
source/dnode/mnode/impl/src/mndUser.c
View File

@ -2805,7 +2805,7 @@ static void mndCancelGetNextPrivileges(SMnode *pMnode, void *pIter) {
} }
int32_t mndValidateUserAuthInfo(SMnode *pMnode, SUserAuthVersion *pUsers, int32_t numOfUses, void **ppRsp, int32_t mndValidateUserAuthInfo(SMnode *pMnode, SUserAuthVersion *pUsers, int32_t numOfUses, void **ppRsp,
int32_t *pRspLen) { int32_t *pRspLen, int64_t ipWhiteListVer) {
SUserAuthBatchRsp batchRsp = {0}; SUserAuthBatchRsp batchRsp = {0};
batchRsp.pArray = taosArrayInit(numOfUses, sizeof(SGetUserAuthRsp)); batchRsp.pArray = taosArrayInit(numOfUses, sizeof(SGetUserAuthRsp));
if (batchRsp.pArray == NULL) { if (batchRsp.pArray == NULL) {
@ -2827,7 +2827,7 @@ int32_t mndValidateUserAuthInfo(SMnode *pMnode, SUserAuthVersion *pUsers, int32_
} }
pUsers[i].version = ntohl(pUsers[i].version); pUsers[i].version = ntohl(pUsers[i].version);
if (pUser->authVersion <= pUsers[i].version) { if (pUser->authVersion <= pUsers[i].version || ipWhiteListVer == pMnode->ipWhiteVer) {
mndReleaseUser(pMnode, pUser); mndReleaseUser(pMnode, pUser);
continue; continue;
} }