feat: privilege for sysinfo user
This commit is contained in:
Shengliang Guan
parent
1fb2c664a4
commit
89d6ca7823
|
|
@ -34,10 +34,8 @@ extern int32_t tsRpcHeadSize;
|
|||
typedef struct {
|
||||
uint32_t clientIp;
|
||||
uint16_t clientPort;
|
||||
union {
|
||||
char user[TSDB_USER_LEN];
|
||||
int64_t applyIndex;
|
||||
};
|
||||
int64_t applyIndex;
|
||||
char user[TSDB_USER_LEN];
|
||||
} SRpcConnInfo;
|
||||
|
||||
typedef struct SRpcHandleInfo {
|
||||
|
|
|
|||
|
|
@ -253,6 +253,11 @@ int32_t dmProcessRetrieve(SDnodeMgmt *pMgmt, SRpcMsg *pMsg) {
|
|||
int32_t size = 0;
|
||||
int32_t rowsRead = 0;
|
||||
|
||||
if (strcmp(pMsg->info.conn.user, TSDB_DEFAULT_USER) != 0) {
|
||||
terrno = TSDB_CODE_MND_NO_RIGHTS;
|
||||
return -1;
|
||||
}
|
||||
|
||||
SRetrieveTableReq retrieveReq = {0};
|
||||
if (tDeserializeSRetrieveTableReq(pMsg->pCont, pMsg->contLen, &retrieveReq) != 0) {
|
||||
terrno = TSDB_CODE_INVALID_MSG;
|
||||
|
|
|
|||
|
|
@ -57,6 +57,8 @@ typedef enum {
|
|||
MND_OPER_USE_DB,
|
||||
MND_OPER_WRITE_DB,
|
||||
MND_OPER_READ_DB,
|
||||
MND_OPER_READ_OR_WRITE_DB,
|
||||
MND_OPER_SHOW_VARIBALES,
|
||||
} EOperType;
|
||||
|
||||
int32_t mndInitPrivilege(SMnode *pMnode);
|
||||
|
|
@ -64,8 +66,8 @@ void mndCleanupPrivilege(SMnode *pMnode);
|
|||
|
||||
int32_t mndCheckOperPrivilege(SMnode *pMnode, const char *user, EOperType operType);
|
||||
int32_t mndCheckDbPrivilege(SMnode *pMnode, const char *user, EOperType operType, SDbObj *pDb);
|
||||
int32_t mndCheckDbPrivilegeByName(SMnode *pMnode, const char *user, EOperType operType, const char *name);
|
||||
int32_t mndCheckShowPrivilege(SMnode *pMnode, const char *user, int32_t showType);
|
||||
int32_t mndCheckDbPrivilegeByName(SMnode *pMnode, const char *user, EOperType operType, const char *dbname);
|
||||
int32_t mndCheckShowPrivilege(SMnode *pMnode, const char *user, EShowType showType, const char *dbname);
|
||||
int32_t mndCheckAlterUserPrivilege(SUserObj *pOperUser, SUserObj *pUser, SAlterUserReq *pAlter);
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
|
|
|||
|
|
@ -15,9 +15,9 @@
|
|||
|
||||
#define _DEFAULT_SOURCE
|
||||
#include "mndDb.h"
|
||||
#include "mndPrivilege.h"
|
||||
#include "mndDnode.h"
|
||||
#include "mndOffset.h"
|
||||
#include "mndPrivilege.h"
|
||||
#include "mndShow.h"
|
||||
#include "mndSma.h"
|
||||
#include "mndStb.h"
|
||||
|
|
@ -1336,7 +1336,7 @@ char *buildRetension(SArray *pRetension) {
|
|||
}
|
||||
|
||||
static void dumpDbInfoData(SSDataBlock *pBlock, SDbObj *pDb, SShowObj *pShow, int32_t rows, int64_t numOfTables,
|
||||
bool sysDb, ESdbStatus objStatus) {
|
||||
bool sysDb, ESdbStatus objStatus, bool sysinfo) {
|
||||
int32_t cols = 0;
|
||||
|
||||
int32_t bytes = pShow->pMeta->pSchemas[cols].bytes;
|
||||
|
|
@ -1354,7 +1354,7 @@ static void dumpDbInfoData(SSDataBlock *pBlock, SDbObj *pDb, SShowObj *pShow, in
|
|||
char statusB[24] = {0};
|
||||
STR_WITH_SIZE_TO_VARSTR(statusB, status, strlen(status));
|
||||
|
||||
if (sysDb) {
|
||||
if (sysDb || !sysinfo) {
|
||||
for (int32_t i = 0; i < pShow->numOfColumns; ++i) {
|
||||
SColumnInfoData *pColInfo = taosArrayGet(pBlock->pDataBlock, i);
|
||||
if (i == 0) {
|
||||
|
|
@ -1528,17 +1528,21 @@ static int32_t mndRetrieveDbs(SRpcMsg *pReq, SShowObj *pShow, SSDataBlock *pBloc
|
|||
SDbObj *pDb = NULL;
|
||||
ESdbStatus objStatus = 0;
|
||||
|
||||
SUserObj *pUser = mndAcquireUser(pMnode, pReq->info.conn.user);
|
||||
if (pUser == NULL) return 0;
|
||||
bool sysinfo = pUser->sysInfo;
|
||||
|
||||
// Append the information_schema database into the result.
|
||||
if (!pShow->sysDbRsp) {
|
||||
SDbObj infoschemaDb = {0};
|
||||
setInformationSchemaDbCfg(&infoschemaDb);
|
||||
dumpDbInfoData(pBlock, &infoschemaDb, pShow, numOfRows, 14, true, 0);
|
||||
dumpDbInfoData(pBlock, &infoschemaDb, pShow, numOfRows, 14, true, 0, 1);
|
||||
|
||||
numOfRows += 1;
|
||||
|
||||
SDbObj perfschemaDb = {0};
|
||||
setPerfSchemaDbCfg(&perfschemaDb);
|
||||
dumpDbInfoData(pBlock, &perfschemaDb, pShow, numOfRows, 3, true, 0);
|
||||
dumpDbInfoData(pBlock, &perfschemaDb, pShow, numOfRows, 3, true, 0, 1);
|
||||
|
||||
numOfRows += 1;
|
||||
pShow->sysDbRsp = true;
|
||||
|
|
@ -1550,16 +1554,19 @@ static int32_t mndRetrieveDbs(SRpcMsg *pReq, SShowObj *pShow, SSDataBlock *pBloc
|
|||
break;
|
||||
}
|
||||
|
||||
int32_t numOfTables = 0;
|
||||
sdbTraverse(pSdb, SDB_VGROUP, mndGetTablesOfDbFp, &numOfTables, NULL, NULL);
|
||||
if (mndCheckDbPrivilege(pMnode, pReq->info.conn.user, MND_OPER_READ_OR_WRITE_DB, pDb) == 0) {
|
||||
int32_t numOfTables = 0;
|
||||
sdbTraverse(pSdb, SDB_VGROUP, mndGetTablesOfDbFp, &numOfTables, NULL, NULL);
|
||||
|
||||
dumpDbInfoData(pBlock, pDb, pShow, numOfRows, numOfTables, false, objStatus, sysinfo);
|
||||
numOfRows++;
|
||||
}
|
||||
|
||||
dumpDbInfoData(pBlock, pDb, pShow, numOfRows, numOfTables, false, objStatus);
|
||||
numOfRows++;
|
||||
sdbRelease(pSdb, pDb);
|
||||
}
|
||||
|
||||
pShow->numOfRows += numOfRows;
|
||||
|
||||
mndReleaseUser(pMnode, pUser);
|
||||
return numOfRows;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -558,7 +558,11 @@ _OVER:
|
|||
|
||||
static int32_t mndProcessShowVariablesReq(SRpcMsg *pReq) {
|
||||
SShowVariablesRsp rsp = {0};
|
||||
int32_t code = -1;
|
||||
int32_t code = -1;
|
||||
|
||||
if (mndCheckOperPrivilege(pReq->info.node, pReq->info.conn.user, MND_OPER_SHOW_VARIBALES) != 0) {
|
||||
goto _OVER;
|
||||
}
|
||||
|
||||
rsp.variables = taosArrayInit(4, sizeof(SVariablesInfo));
|
||||
if (NULL == rsp.variables) {
|
||||
|
|
|
|||
|
|
@ -15,8 +15,8 @@
|
|||
|
||||
#define _DEFAULT_SOURCE
|
||||
#include "mndPrivilege.h"
|
||||
#include "mndUser.h"
|
||||
#include "mndDb.h"
|
||||
#include "mndUser.h"
|
||||
|
||||
int32_t mndInitPrivilege(SMnode *pMnode) { return 0; }
|
||||
|
||||
|
|
@ -46,6 +46,7 @@ int32_t mndCheckOperPrivilege(SMnode *pMnode, const char *user, EOperType operTy
|
|||
case MND_OPER_CONNECT:
|
||||
case MND_OPER_CREATE_FUNC:
|
||||
case MND_OPER_DROP_FUNC:
|
||||
case MND_OPER_SHOW_VARIBALES:
|
||||
break;
|
||||
default:
|
||||
terrno = TSDB_CODE_MND_NO_RIGHTS;
|
||||
|
|
@ -80,7 +81,7 @@ int32_t mndCheckAlterUserPrivilege(SUserObj *pOperUser, SUserObj *pUser, SAlterU
|
|||
return -1;
|
||||
}
|
||||
|
||||
int32_t mndCheckShowPrivilege(SMnode *pMnode, const char *user, int32_t showType) {
|
||||
int32_t mndCheckShowPrivilege(SMnode *pMnode, const char *user, EShowType showType, const char *dbname) {
|
||||
int32_t code = 0;
|
||||
SUserObj *pUser = mndAcquireUser(pMnode, user);
|
||||
|
||||
|
|
@ -99,14 +100,34 @@ int32_t mndCheckShowPrivilege(SMnode *pMnode, const char *user, int32_t showType
|
|||
goto _OVER;
|
||||
}
|
||||
|
||||
if (!pUser->sysInfo) {
|
||||
terrno = TSDB_CODE_MND_NO_RIGHTS;
|
||||
code = -1;
|
||||
if (pUser->sysInfo) {
|
||||
goto _OVER;
|
||||
}
|
||||
|
||||
terrno = TSDB_CODE_MND_NO_RIGHTS;
|
||||
code = -1;
|
||||
switch (showType) {
|
||||
case TSDB_MGMT_TABLE_DB:
|
||||
case TSDB_MGMT_TABLE_STB:
|
||||
case TSDB_MGMT_TABLE_INDEX:
|
||||
case TSDB_MGMT_TABLE_STREAMS:
|
||||
case TSDB_MGMT_TABLE_CONSUMERS:
|
||||
case TSDB_MGMT_TABLE_TOPICS:
|
||||
case TSDB_MGMT_TABLE_SUBSCRIPTIONS:
|
||||
case TSDB_MGMT_TABLE_FUNC:
|
||||
case TSDB_MGMT_TABLE_QUERIES:
|
||||
case TSDB_MGMT_TABLE_CONNS:
|
||||
case TSDB_MGMT_TABLE_APPS:
|
||||
case TSDB_MGMT_TABLE_TRANS:
|
||||
code = 0;
|
||||
break;
|
||||
default:
|
||||
terrno = TSDB_CODE_MND_NO_RIGHTS;
|
||||
code = -1;
|
||||
goto _OVER;
|
||||
}
|
||||
|
||||
if (showType == TSDB_MGMT_TABLE_STB || showType == TSDB_MGMT_TABLE_VGROUP || showType == TSDB_MGMT_TABLE_INDEX) {
|
||||
code = mndCheckDbPrivilegeByName(pMnode, user, MND_OPER_READ_OR_WRITE_DB, dbname);
|
||||
}
|
||||
|
||||
_OVER:
|
||||
mndReleaseUser(pMnode, pUser);
|
||||
|
|
@ -138,7 +159,7 @@ int32_t mndCheckDbPrivilege(SMnode *pMnode, const char *user, EOperType operType
|
|||
if (strcmp(pUser->user, pDb->createUser) == 0 && pUser->sysInfo) goto _OVER;
|
||||
}
|
||||
|
||||
if (operType == MND_OPER_USE_DB) {
|
||||
if (operType == MND_OPER_USE_DB || operType == MND_OPER_READ_OR_WRITE_DB) {
|
||||
if (strcmp(pUser->user, pDb->createUser) == 0) goto _OVER;
|
||||
if (taosHashGet(pUser->readDbs, pDb->name, strlen(pDb->name) + 1) != NULL) goto _OVER;
|
||||
if (taosHashGet(pUser->writeDbs, pDb->name, strlen(pDb->name) + 1) != NULL) goto _OVER;
|
||||
|
|
@ -162,8 +183,8 @@ _OVER:
|
|||
return code;
|
||||
}
|
||||
|
||||
int32_t mndCheckDbPrivilegeByName(SMnode *pMnode, const char *user, EOperType operType, const char *name) {
|
||||
SDbObj *pDb = mndAcquireDb(pMnode, name);
|
||||
int32_t mndCheckDbPrivilegeByName(SMnode *pMnode, const char *user, EOperType operType, const char *dbname) {
|
||||
SDbObj *pDb = mndAcquireDb(pMnode, dbname);
|
||||
if (pDb == NULL) return -1;
|
||||
|
||||
int32_t code = mndCheckDbPrivilege(pMnode, user, operType, pDb);
|
||||
|
|
|
|||
|
|
@ -254,6 +254,10 @@ static int32_t mndProcessConnectReq(SRpcMsg *pReq) {
|
|||
terrstr());
|
||||
goto _OVER;
|
||||
}
|
||||
|
||||
if (mndCheckDbPrivilege(pMnode, pReq->info.conn.user, MND_OPER_READ_OR_WRITE_DB, pDb) != 0) {
|
||||
goto _OVER;
|
||||
}
|
||||
}
|
||||
|
||||
pConn = mndCreateConn(pMnode, pReq->info.conn.user, connReq.connType, pReq->info.conn.clientIp,
|
||||
|
|
|
|||
|
|
@ -231,8 +231,10 @@ static int32_t mndProcessRetrieveSysTableReq(SRpcMsg *pReq) {
|
|||
}
|
||||
|
||||
mDebug("show:0x%" PRIx64 ", start retrieve data, type:%d", pShow->id, pShow->type);
|
||||
|
||||
// if (mndCheckShowPrivilege(pMnode, pReq->info.conn.user, pShow->type) != 0) return -1;
|
||||
if (mndCheckShowPrivilege(pMnode, retrieveReq.user, pShow->type, retrieveReq.db) != 0) {
|
||||
return -1;
|
||||
}
|
||||
memcpy(pReq->info.conn.user, retrieveReq.user, TSDB_USER_LEN);
|
||||
|
||||
int32_t numOfCols = pShow->pMeta->numOfColumns;
|
||||
SSDataBlock *pBlock = taosMemoryCalloc(1, sizeof(SSDataBlock));
|
||||
|
|
|
|||
|
|
@ -15,12 +15,12 @@
|
|||
|
||||
#define _DEFAULT_SOURCE
|
||||
#include "mndStb.h"
|
||||
#include "mndPrivilege.h"
|
||||
#include "mndDb.h"
|
||||
#include "mndDnode.h"
|
||||
#include "mndInfoSchema.h"
|
||||
#include "mndMnode.h"
|
||||
#include "mndPerfSchema.h"
|
||||
#include "mndPrivilege.h"
|
||||
#include "mndScheduler.h"
|
||||
#include "mndShow.h"
|
||||
#include "mndSma.h"
|
||||
|
|
@ -107,7 +107,7 @@ SSdbRaw *mndStbActionEncode(SStbObj *pStb) {
|
|||
int32_t funcNum = taosArrayGetSize(pStb->pFuncs);
|
||||
SDB_SET_INT32(pRaw, dataPos, funcNum, _OVER)
|
||||
for (int32_t i = 0; i < funcNum; ++i) {
|
||||
char* func = taosArrayGet(pStb->pFuncs, i);
|
||||
char *func = taosArrayGet(pStb->pFuncs, i);
|
||||
SDB_SET_BINARY(pRaw, dataPos, func, TSDB_FUNC_NAME_LEN, _OVER)
|
||||
}
|
||||
|
||||
|
|
@ -708,7 +708,7 @@ int32_t mndBuildStbFromReq(SMnode *pMnode, SStbObj *pDst, SMCreateStbReq *pCreat
|
|||
pDst->commentLen = pCreate->commentLen;
|
||||
pDst->pFuncs = pCreate->pFuncs;
|
||||
pCreate->pFuncs = NULL;
|
||||
|
||||
|
||||
if (pDst->commentLen > 0) {
|
||||
pDst->comment = taosMemoryCalloc(pDst->commentLen + 1, 1);
|
||||
if (pDst->comment == NULL) {
|
||||
|
|
@ -1391,12 +1391,11 @@ static int32_t mndBuildStbCfgImp(SDbObj *pDb, SStbObj *pStb, const char *tbName,
|
|||
if (pStb->pFuncs) {
|
||||
pRsp->pFuncs = taosArrayDup(pStb->pFuncs);
|
||||
}
|
||||
|
||||
|
||||
taosRUnLockLatch(&pStb->lock);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
static int32_t mndBuildStbSchema(SMnode *pMnode, const char *dbFName, const char *tbName, STableMetaRsp *pRsp,
|
||||
int32_t *smaVer) {
|
||||
char tbFName[TSDB_TABLE_FNAME_LEN] = {0};
|
||||
|
|
@ -1426,31 +1425,29 @@ static int32_t mndBuildStbSchema(SMnode *pMnode, const char *dbFName, const char
|
|||
}
|
||||
|
||||
static int32_t mndBuildStbCfg(SMnode *pMnode, const char *dbFName, const char *tbName, STableCfgRsp *pRsp) {
|
||||
char tbFName[TSDB_TABLE_FNAME_LEN] = {0};
|
||||
snprintf(tbFName, sizeof(tbFName), "%s.%s", dbFName, tbName);
|
||||
char tbFName[TSDB_TABLE_FNAME_LEN] = {0};
|
||||
snprintf(tbFName, sizeof(tbFName), "%s.%s", dbFName, tbName);
|
||||
|
||||
SDbObj *pDb = mndAcquireDb(pMnode, dbFName);
|
||||
if (pDb == NULL) {
|
||||
terrno = TSDB_CODE_MND_DB_NOT_SELECTED;
|
||||
return -1;
|
||||
}
|
||||
SDbObj *pDb = mndAcquireDb(pMnode, dbFName);
|
||||
if (pDb == NULL) {
|
||||
terrno = TSDB_CODE_MND_DB_NOT_SELECTED;
|
||||
return -1;
|
||||
}
|
||||
|
||||
SStbObj *pStb = mndAcquireStb(pMnode, tbFName);
|
||||
if (pStb == NULL) {
|
||||
mndReleaseDb(pMnode, pDb);
|
||||
terrno = TSDB_CODE_PAR_TABLE_NOT_EXIST;
|
||||
return -1;
|
||||
}
|
||||
SStbObj *pStb = mndAcquireStb(pMnode, tbFName);
|
||||
if (pStb == NULL) {
|
||||
mndReleaseDb(pMnode, pDb);
|
||||
terrno = TSDB_CODE_PAR_TABLE_NOT_EXIST;
|
||||
return -1;
|
||||
}
|
||||
|
||||
int32_t code = mndBuildStbCfgImp(pDb, pStb, tbName, pRsp);
|
||||
|
||||
mndReleaseDb(pMnode, pDb);
|
||||
mndReleaseStb(pMnode, pStb);
|
||||
return code;
|
||||
int32_t code = mndBuildStbCfgImp(pDb, pStb, tbName, pRsp);
|
||||
|
||||
mndReleaseDb(pMnode, pDb);
|
||||
mndReleaseStb(pMnode, pStb);
|
||||
return code;
|
||||
}
|
||||
|
||||
|
||||
|
||||
static int32_t mndBuildSMAlterStbRsp(SDbObj *pDb, const SMAlterStbReq *pAlter, SStbObj *pObj, void **pCont,
|
||||
int32_t *pLen) {
|
||||
int32_t ret;
|
||||
|
|
@ -1811,10 +1808,10 @@ _OVER:
|
|||
}
|
||||
|
||||
static int32_t mndProcessTableCfgReq(SRpcMsg *pReq) {
|
||||
SMnode *pMnode = pReq->info.node;
|
||||
int32_t code = -1;
|
||||
STableCfgReq cfgReq = {0};
|
||||
STableCfgRsp cfgRsp = {0};
|
||||
SMnode *pMnode = pReq->info.node;
|
||||
int32_t code = -1;
|
||||
STableCfgReq cfgReq = {0};
|
||||
STableCfgRsp cfgRsp = {0};
|
||||
|
||||
if (tDeserializeSTableCfgReq(pReq->pCont, pReq->contLen, &cfgReq) != 0) {
|
||||
terrno = TSDB_CODE_INVALID_MSG;
|
||||
|
|
@ -1866,7 +1863,6 @@ _OVER:
|
|||
return code;
|
||||
}
|
||||
|
||||
|
||||
int32_t mndValidateStbInfo(SMnode *pMnode, SSTableVersion *pStbVersions, int32_t numOfStbs, void **ppRsp,
|
||||
int32_t *pRspLen) {
|
||||
SSTbHbRsp hbRsp = {0};
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ sql create user sysinfo0 pass 'taosdata'
|
|||
sql create user sysinfo1 pass 'taosdata'
|
||||
sql alter user sysinfo0 sysinfo 0
|
||||
sql alter user sysinfo1 sysinfo 1
|
||||
sql create database db
|
||||
|
||||
print user sysinfo0 login
|
||||
sql close
|
||||
|
|
@ -39,6 +40,24 @@ sql_error kill connection 1
|
|||
sql_error kill query 1
|
||||
|
||||
print =============== check db
|
||||
sql_error create database db
|
||||
sql_error create database d1
|
||||
sql_error drop database db
|
||||
sql_error use db
|
||||
sql_error alter database db replica 1;
|
||||
sql_error show db.vgroups
|
||||
sql_error show db.stables
|
||||
sql_error show db.tables
|
||||
|
||||
print =============== check show
|
||||
sql_error show users
|
||||
sql_error show cluster
|
||||
sql_error show dnodes
|
||||
sql_error show mnodes
|
||||
sql_error show snodes
|
||||
sql_error show qnodes
|
||||
sql_error show bnodes
|
||||
sql_error show grants
|
||||
sql_error show dnode 1 variables;
|
||||
sql show variables;
|
||||
|
||||
system sh/exec.sh -n dnode1 -s stop -x SIGINT
|
||||
|
|
@ -858,9 +858,7 @@ void shellGetGrantInfo() {
|
|||
|
||||
int32_t code = taos_errno(tres);
|
||||
if (code != TSDB_CODE_SUCCESS) {
|
||||
if (code == TSDB_CODE_OPS_NOT_SUPPORT) {
|
||||
fprintf(stdout, "Server is Community Edition, %s\n\n", sinfo);
|
||||
} else {
|
||||
if (code != TSDB_CODE_OPS_NOT_SUPPORT && code != TSDB_CODE_MND_NO_RIGHTS) {
|
||||
fprintf(stderr, "Failed to check Server Edition, Reason:0x%04x:%s\n\n", code, taos_errstr(tres));
|
||||
}
|
||||
return;
|
||||
|
|
|
|||
Loading…
Reference in New Issue