From b47c829a9c2e66415ae85345c8c31acc8b5c2fb8 Mon Sep 17 00:00:00 2001
From: Shengliang Guan <slguan@taosdata.com>
Date: Fri, 24 Jun 2022 15:55:31 +0800
Subject: [PATCH] fix: auth failure

---
 source/dnode/mnode/impl/inc/mndAuth.h    |  3 ++-
 source/dnode/mnode/impl/inc/mndDef.h     |  2 +-
 source/dnode/mnode/impl/src/mndAuth.c    |  9 +++++--
 source/dnode/mnode/impl/src/mndProfile.c | 33 ++++++++++++++----------
 4 files changed, 30 insertions(+), 17 deletions(-)

diff --git a/source/dnode/mnode/impl/inc/mndAuth.h b/source/dnode/mnode/impl/inc/mndAuth.h
index 45841ca367..9af4792665 100644
--- a/source/dnode/mnode/impl/inc/mndAuth.h
+++ b/source/dnode/mnode/impl/inc/mndAuth.h
@@ -23,7 +23,8 @@ extern "C" {
 #endif
 
 typedef enum {
-  MND_OPER_CREATE_USER = 1,
+  MND_OPER_CONNECT = 1,
+  MND_OPER_CREATE_USER,
   MND_OPER_DROP_USER,
   MND_OPER_ALTER_USER,
   MND_OPER_CREATE_BNODE,
diff --git a/source/dnode/mnode/impl/inc/mndDef.h b/source/dnode/mnode/impl/inc/mndDef.h
index 693cb77b6d..0605e3a69e 100644
--- a/source/dnode/mnode/impl/inc/mndDef.h
+++ b/source/dnode/mnode/impl/inc/mndDef.h
@@ -222,7 +222,7 @@ typedef struct {
 
 typedef struct {
   char      user[TSDB_USER_LEN];
-  char      pass[TSDB_PASSWORD_LEN + 1];
+  char      pass[TSDB_PASSWORD_LEN];
   char      acct[TSDB_USER_LEN];
   int64_t   createdTime;
   int64_t   updateTime;
diff --git a/source/dnode/mnode/impl/src/mndAuth.c b/source/dnode/mnode/impl/src/mndAuth.c
index f1f1bbae46..4445e3b9f7 100644
--- a/source/dnode/mnode/impl/src/mndAuth.c
+++ b/source/dnode/mnode/impl/src/mndAuth.c
@@ -93,8 +93,13 @@ int32_t mndCheckOperAuth(SMnode *pMnode, const char *user, EOperType operType) {
     goto _OVER;
   }
 
-  terrno = TSDB_CODE_MND_NO_RIGHTS;
-  code = -1;
+  switch (operType) {
+    case MND_OPER_CONNECT:
+      break;
+    default:
+      terrno = TSDB_CODE_MND_NO_RIGHTS;
+      code = -1;
+  }
 
 _OVER:
   mndReleaseUser(pMnode, pUser);
diff --git a/source/dnode/mnode/impl/src/mndProfile.c b/source/dnode/mnode/impl/src/mndProfile.c
index 08da1d54d9..2c47bba8ce 100644
--- a/source/dnode/mnode/impl/src/mndProfile.c
+++ b/source/dnode/mnode/impl/src/mndProfile.c
@@ -15,6 +15,7 @@
 
 #define _DEFAULT_SOURCE
 #include "mndProfile.h"
+#include "mndAuth.h"
 #include "mndDb.h"
 #include "mndDnode.h"
 #include "mndMnode.h"
@@ -215,36 +216,42 @@ static int32_t mndProcessConnectReq(SRpcMsg *pReq) {
   SConnObj       *pConn = NULL;
   int32_t         code = -1;
   SConnectReq     connReq = {0};
-  char            ip[30] = {0};
+  char            ip[24] = {0};
   const STraceId *trace = &pReq->info.traceId;
 
   if (tDeserializeSConnectReq(pReq->pCont, pReq->contLen, &connReq) != 0) {
     terrno = TSDB_CODE_INVALID_MSG;
-    goto CONN_OVER;
+    goto _OVER;
   }
 
   taosIp2String(pReq->info.conn.clientIp, ip);
 
   pUser = mndAcquireUser(pMnode, pReq->info.conn.user);
   if (pUser == NULL) {
-    mGError("user:%s, failed to login while acquire user since %s", pReq->info.conn.user, terrstr());
-    goto CONN_OVER;
+    mGError("user:%s, failed to login from %s while acquire user since %s", pReq->info.conn.user, ip, terrstr());
+    goto _OVER;
   }
-  if (0 != strncmp(connReq.passwd, pUser->pass, TSDB_PASSWORD_LEN)) {
-    mGError("user:%s, failed to auth while acquire user, input:%s", pReq->info.conn.user, connReq.passwd);
+
+  if (strncmp(connReq.passwd, pUser->pass, TSDB_PASSWORD_LEN - 1) != 0) {
+    mGError("user:%s, failed to login from %s since invalid pass, input:%s", pReq->info.conn.user, ip, connReq.passwd);
     code = TSDB_CODE_RPC_AUTH_FAILURE;
-    goto CONN_OVER;
+    goto _OVER;
+  }
+
+  if (mndCheckOperAuth(pMnode, pReq->info.conn.user, MND_OPER_CONNECT) != 0) {
+    mGError("user:%s, failed to login from %s since %s", pReq->info.conn.user, ip, terrstr());
+    goto _OVER;
   }
 
   if (connReq.db[0]) {
-    char db[TSDB_DB_FNAME_LEN];
+    char db[TSDB_DB_FNAME_LEN] = {0};
     snprintf(db, TSDB_DB_FNAME_LEN, "%d%s%s", pUser->acctId, TS_PATH_DELIMITER, connReq.db);
     pDb = mndAcquireDb(pMnode, db);
     if (pDb == NULL) {
       terrno = TSDB_CODE_MND_INVALID_DB;
       mGError("user:%s, failed to login from %s while use db:%s since %s", pReq->info.conn.user, ip, connReq.db,
               terrstr());
-      goto CONN_OVER;
+      goto _OVER;
     }
   }
 
@@ -252,7 +259,7 @@ static int32_t mndProcessConnectReq(SRpcMsg *pReq) {
                         pReq->info.conn.clientPort, connReq.pid, connReq.app, connReq.startTime);
   if (pConn == NULL) {
     mGError("user:%s, failed to login from %s while create connection since %s", pReq->info.conn.user, ip, terrstr());
-    goto CONN_OVER;
+    goto _OVER;
   }
 
   SConnectRsp connectRsp = {0};
@@ -268,9 +275,9 @@ static int32_t mndProcessConnectReq(SRpcMsg *pReq) {
   mndGetMnodeEpSet(pMnode, &connectRsp.epSet);
 
   int32_t contLen = tSerializeSConnectRsp(NULL, 0, &connectRsp);
-  if (contLen < 0) goto CONN_OVER;
+  if (contLen < 0) goto _OVER;
   void *pRsp = rpcMallocCont(contLen);
-  if (pRsp == NULL) goto CONN_OVER;
+  if (pRsp == NULL) goto _OVER;
   tSerializeSConnectRsp(pRsp, contLen, &connectRsp);
 
   pReq->info.rspLen = contLen;
@@ -280,7 +287,7 @@ static int32_t mndProcessConnectReq(SRpcMsg *pReq) {
 
   code = 0;
 
-CONN_OVER:
+_OVER:
 
   mndReleaseUser(pMnode, pUser);
   mndReleaseDb(pMnode, pDb);