Merge pull request #26256 from taosdata/fix/TD-30583-2-30

Fix/TD-30583-2-30

include/common/tmsg.h

@@ -3245,6 +3245,7 @@ typedef struct {
 typedef struct {
   int64_t reqId;
   SArray* reqs;  // SArray<SClientHbReq>
+  int64_t ipWhiteList;
 } SClientHbBatchReq;
 
 typedef struct {

source/client/src/clientHb.c

@@ -134,8 +134,7 @@ static int32_t hbUpdateUserAuthInfo(SAppHbMgr *pAppHbMgr, SUserAuthBatchRsp *bat
       if (pTscObj->whiteListInfo.fp) {
         SWhiteListInfo *whiteListInfo = &pTscObj->whiteListInfo;
         int64_t         oldVer = atomic_load_64(&whiteListInfo->ver);
-
+        if (oldVer != pRsp->whiteListVer) {
-        if (oldVer < pRsp->whiteListVer || pRsp->whiteListVer == 0) {
           atomic_store_64(&whiteListInfo->ver, pRsp->whiteListVer);
           if (whiteListInfo->fp) {
             (*whiteListInfo->fp)(whiteListInfo->param, &pRsp->whiteListVer, TAOS_NOTIFY_WHITELIST_VER);
@@ -143,6 +142,14 @@ static int32_t hbUpdateUserAuthInfo(SAppHbMgr *pAppHbMgr, SUserAuthBatchRsp *bat
           tscDebug("update whitelist version of user %s from %" PRId64 " to %" PRId64 ", tscRid:%" PRIi64, pRsp->user,
                    oldVer, atomic_load_64(&whiteListInfo->ver), pTscObj->id);
         }
+      } else {
+        // Need to update version information to prevent frequent fetching of authentication
+        // information.
+        SWhiteListInfo *whiteListInfo = &pTscObj->whiteListInfo;
+        int64_t         oldVer = atomic_load_64(&whiteListInfo->ver);
+        atomic_store_64(&whiteListInfo->ver, pRsp->whiteListVer);
+        tscDebug("update whitelist version of user %s from %" PRId64 " to %" PRId64 ", tscRid:%" PRIi64, pRsp->user,
+                 oldVer, atomic_load_64(&whiteListInfo->ver), pTscObj->id);
       }
       releaseTscObj(pReq->connKey.tscRid);
     }
@@ -1048,6 +1055,7 @@ SClientHbBatchReq *hbGatherAllInfo(SAppHbMgr *pAppHbMgr) {
     return NULL;
   }
 
+  int64_t  maxIpWhiteVer = 0;
   void    *pIter = NULL;
   SHbParam param = {0};
   while ((pIter = taosHashIterate(pAppHbMgr->activeInfo, pIter))) {
@@ -1083,8 +1091,11 @@ SClientHbBatchReq *hbGatherAllInfo(SAppHbMgr *pAppHbMgr) {
       }
     }
 
+    int64_t ver = atomic_load_64(&pTscObj->whiteListInfo.ver);
+    maxIpWhiteVer = TMAX(maxIpWhiteVer, ver);
     releaseTscObj(connKey->tscRid);
   }
+  pBatchReq->ipWhiteList = maxIpWhiteVer;
 
   return pBatchReq;
 }

source/common/src/tmsg.c

@@ -467,6 +467,8 @@ int32_t tSerializeSClientHbBatchReq(void *buf, int32_t bufLen, const SClientHbBa
     SClientHbReq *pReq = taosArrayGet(pBatchReq->reqs, i);
     if (tSerializeSClientHbReq(&encoder, pReq) < 0) return -1;
   }
+
+  if (tEncodeI64(&encoder, pBatchReq->ipWhiteList) < 0) return -1;
   tEndEncode(&encoder);
 
   int32_t tlen = encoder.pos;
@@ -493,6 +495,10 @@ int32_t tDeserializeSClientHbBatchReq(void *buf, int32_t bufLen, SClientHbBatchR
     taosArrayPush(pBatchReq->reqs, &req);
   }
 
+  if (!tDecodeIsEnd(&decoder)) {
+    tDecodeI64(&decoder, &pBatchReq->ipWhiteList);
+  }
+
   tEndDecode(&decoder);
   tDecoderClear(&decoder);
   return 0;

source/dnode/mnode/impl/inc/mndUser.h

@@ -38,7 +38,7 @@ SHashObj *mndDupDbHash(SHashObj *pOld);
 SHashObj *mndDupTableHash(SHashObj *pOld);
 SHashObj *mndDupTopicHash(SHashObj *pOld);
 int32_t   mndValidateUserAuthInfo(SMnode *pMnode, SUserAuthVersion *pUsers, int32_t numOfUses, void **ppRsp,
-                                  int32_t *pRspLen);
+                                  int32_t *pRspLen, int64_t ipWhiteListVer);
 int32_t   mndUserRemoveDb(SMnode *pMnode, STrans *pTrans, char *db);
 int32_t   mndUserRemoveStb(SMnode *pMnode, STrans *pTrans, char *stb);
 int32_t   mndUserRemoveView(SMnode *pMnode, STrans *pTrans, char *view);

source/dnode/mnode/impl/src/mndDnode.c

@@ -1457,7 +1457,7 @@ static int32_t mndProcessConfigDnodeReq(SRpcMsg *pReq) {
     terrno = TSDB_CODE_INVALID_MSG;
     return -1;
   }
-
+  int8_t updateIpWhiteList = 0;
   mInfo("dnode:%d, start to config, option:%s, value:%s", cfgReq.dnodeId, cfgReq.config, cfgReq.value);
   if (mndCheckOperPrivilege(pMnode, pReq->info.conn.user, MND_OPER_CONFIG_DNODE) != 0) {
     tFreeSMCfgDnodeReq(&cfgReq);
@@ -1492,6 +1492,9 @@ static int32_t mndProcessConfigDnodeReq(SRpcMsg *pReq) {
       terrno = TSDB_CODE_INVALID_CFG;
       goto _err_out;
     }
+    if (strncasecmp(dcfgReq.config, "enableWhiteList", strlen("enableWhiteList")) == 0) {
+      updateIpWhiteList = 1;
+    }
 
     if (cfgCheckRangeForDynUpdate(taosGetCfg(), dcfgReq.config, dcfgReq.value, true) != 0) goto _err_out;
   }
@@ -1505,7 +1508,11 @@ static int32_t mndProcessConfigDnodeReq(SRpcMsg *pReq) {
 
   tFreeSMCfgDnodeReq(&cfgReq);
 
-  return mndSendCfgDnodeReq(pMnode, cfgReq.dnodeId, &dcfgReq);
+  int32_t code = mndSendCfgDnodeReq(pMnode, cfgReq.dnodeId, &dcfgReq);
+
+  // dont care suss or succ;
+  if (updateIpWhiteList) mndRefreshUserIpWhiteList(pMnode);
+  return code;
 
 _err_out:
   tFreeSMCfgDnodeReq(&cfgReq);

source/dnode/mnode/impl/src/mndPrivilege.c

@@ -50,7 +50,7 @@ int32_t mndSetUserAuthRsp(SMnode *pMnode, SUserObj *pUser, SGetUserAuthRsp *pRsp
   pRsp->sysInfo = pUser->sysInfo;
   pRsp->version = pUser->authVersion;
   pRsp->passVer = pUser->passVersion;
-  pRsp->whiteListVer = mndGetUserIpWhiteListVer(pMnode, pUser);
+  pRsp->whiteListVer = pMnode->ipWhiteVer;
   return 0;
 }
 

source/dnode/mnode/impl/src/mndProfile.c

@@ -62,6 +62,7 @@ typedef struct {
   int32_t onlineDnodes;
   SEpSet  epSet;
   SArray *pQnodeList;
+  int64_t ipWhiteListVer;
 } SConnPreparedObj;
 
 static SConnObj *mndCreateConn(SMnode *pMnode, const char *user, int8_t connType, uint32_t ip, uint16_t port,
@@ -300,7 +301,7 @@ _CONNECT:
   connectRsp.svrTimestamp = taosGetTimestampSec();
   connectRsp.passVer = pUser->passVersion;
   connectRsp.authVer = pUser->authVersion;
-  connectRsp.whiteListVer = mndGetUserIpWhiteListVer(pMnode, pUser);
+  connectRsp.whiteListVer = pUser->ipWhiteListVer;
 
   strcpy(connectRsp.sVer, version);
   snprintf(connectRsp.sDetailVer, sizeof(connectRsp.sDetailVer), "ver:%s\nbuild:%s\ngitinfo:%s", version, buildinfo,
@@ -568,7 +569,8 @@ static int32_t mndProcessQueryHeartBeat(SMnode *pMnode, SRpcMsg *pMsg, SClientHb
       case HEARTBEAT_KEY_USER_AUTHINFO: {
         void   *rspMsg = NULL;
         int32_t rspLen = 0;
-        mndValidateUserAuthInfo(pMnode, kv->value, kv->valueLen / sizeof(SUserAuthVersion), &rspMsg, &rspLen);
+        mndValidateUserAuthInfo(pMnode, kv->value, kv->valueLen / sizeof(SUserAuthVersion), &rspMsg, &rspLen,
+                                pObj->ipWhiteListVer);
         if (rspMsg && rspLen > 0) {
           SKv kv1 = {.key = HEARTBEAT_KEY_USER_AUTHINFO, .valueLen = rspLen, .value = rspMsg};
           taosArrayPush(hbRsp.info, &kv1);
@@ -650,6 +652,7 @@ static int32_t mndProcessHeartBeatReq(SRpcMsg *pReq) {
 
   SConnPreparedObj obj = {0};
   obj.totalDnodes = mndGetDnodeSize(pMnode);
+  obj.ipWhiteListVer = batchReq.ipWhiteList;
   mndGetOnlineDnodeNum(pMnode, &obj.onlineDnodes);
   mndGetMnodeEpSet(pMnode, &obj.epSet);
   mndCreateQnodeList(pMnode, &obj.pQnodeList, -1);

source/dnode/mnode/impl/src/mndUser.c

@@ -2805,7 +2805,7 @@ static void mndCancelGetNextPrivileges(SMnode *pMnode, void *pIter) {
 }
 
 int32_t mndValidateUserAuthInfo(SMnode *pMnode, SUserAuthVersion *pUsers, int32_t numOfUses, void **ppRsp,
-                                int32_t *pRspLen) {
+                                int32_t *pRspLen, int64_t ipWhiteListVer) {
   SUserAuthBatchRsp batchRsp = {0};
   batchRsp.pArray = taosArrayInit(numOfUses, sizeof(SGetUserAuthRsp));
   if (batchRsp.pArray == NULL) {
@@ -2827,7 +2827,7 @@ int32_t mndValidateUserAuthInfo(SMnode *pMnode, SUserAuthVersion *pUsers, int32_
     }
 
     pUsers[i].version = ntohl(pUsers[i].version);
-    if (pUser->authVersion <= pUsers[i].version) {
+    if (pUser->authVersion <= pUsers[i].version && ipWhiteListVer == pMnode->ipWhiteVer) {
       mndReleaseUser(pMnode, pUser);
       continue;
     }