fix: auth failure
This commit is contained in:
Shengliang Guan
parent
e8db435e2e
commit
b47c829a9c
|
|
@ -23,7 +23,8 @@ extern "C" {
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
typedef enum {
|
typedef enum {
|
||||||
MND_OPER_CREATE_USER = 1,
|
MND_OPER_CONNECT = 1,
|
||||||
|
MND_OPER_CREATE_USER,
|
||||||
MND_OPER_DROP_USER,
|
MND_OPER_DROP_USER,
|
||||||
MND_OPER_ALTER_USER,
|
MND_OPER_ALTER_USER,
|
||||||
MND_OPER_CREATE_BNODE,
|
MND_OPER_CREATE_BNODE,
|
||||||
|
|
|
||||||
|
|
@ -222,7 +222,7 @@ typedef struct {
|
||||||
|
|
||||||
typedef struct {
|
typedef struct {
|
||||||
char user[TSDB_USER_LEN];
|
char user[TSDB_USER_LEN];
|
||||||
char pass[TSDB_PASSWORD_LEN + 1];
|
char pass[TSDB_PASSWORD_LEN];
|
||||||
char acct[TSDB_USER_LEN];
|
char acct[TSDB_USER_LEN];
|
||||||
int64_t createdTime;
|
int64_t createdTime;
|
||||||
int64_t updateTime;
|
int64_t updateTime;
|
||||||
|
|
|
||||||
|
|
@ -93,8 +93,13 @@ int32_t mndCheckOperAuth(SMnode *pMnode, const char *user, EOperType operType) {
|
||||||
goto _OVER;
|
goto _OVER;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
switch (operType) {
|
||||||
|
case MND_OPER_CONNECT:
|
||||||
|
break;
|
||||||
|
default:
|
||||||
terrno = TSDB_CODE_MND_NO_RIGHTS;
|
terrno = TSDB_CODE_MND_NO_RIGHTS;
|
||||||
code = -1;
|
code = -1;
|
||||||
|
}
|
||||||
|
|
||||||
_OVER:
|
_OVER:
|
||||||
mndReleaseUser(pMnode, pUser);
|
mndReleaseUser(pMnode, pUser);
|
||||||
|
|
|
||||||
|
|
@ -15,6 +15,7 @@
|
||||||
|
|
||||||
#define _DEFAULT_SOURCE
|
#define _DEFAULT_SOURCE
|
||||||
#include "mndProfile.h"
|
#include "mndProfile.h"
|
||||||
|
#include "mndAuth.h"
|
||||||
#include "mndDb.h"
|
#include "mndDb.h"
|
||||||
#include "mndDnode.h"
|
#include "mndDnode.h"
|
||||||
#include "mndMnode.h"
|
#include "mndMnode.h"
|
||||||
|
|
@ -215,36 +216,42 @@ static int32_t mndProcessConnectReq(SRpcMsg *pReq) {
|
||||||
SConnObj *pConn = NULL;
|
SConnObj *pConn = NULL;
|
||||||
int32_t code = -1;
|
int32_t code = -1;
|
||||||
SConnectReq connReq = {0};
|
SConnectReq connReq = {0};
|
||||||
char ip[30] = {0};
|
char ip[24] = {0};
|
||||||
const STraceId *trace = &pReq->info.traceId;
|
const STraceId *trace = &pReq->info.traceId;
|
||||||
|
|
||||||
if (tDeserializeSConnectReq(pReq->pCont, pReq->contLen, &connReq) != 0) {
|
if (tDeserializeSConnectReq(pReq->pCont, pReq->contLen, &connReq) != 0) {
|
||||||
terrno = TSDB_CODE_INVALID_MSG;
|
terrno = TSDB_CODE_INVALID_MSG;
|
||||||
goto CONN_OVER;
|
goto _OVER;
|
||||||
}
|
}
|
||||||
|
|
||||||
taosIp2String(pReq->info.conn.clientIp, ip);
|
taosIp2String(pReq->info.conn.clientIp, ip);
|
||||||
|
|
||||||
pUser = mndAcquireUser(pMnode, pReq->info.conn.user);
|
pUser = mndAcquireUser(pMnode, pReq->info.conn.user);
|
||||||
if (pUser == NULL) {
|
if (pUser == NULL) {
|
||||||
mGError("user:%s, failed to login while acquire user since %s", pReq->info.conn.user, terrstr());
|
mGError("user:%s, failed to login from %s while acquire user since %s", pReq->info.conn.user, ip, terrstr());
|
||||||
goto CONN_OVER;
|
goto _OVER;
|
||||||
}
|
}
|
||||||
if (0 != strncmp(connReq.passwd, pUser->pass, TSDB_PASSWORD_LEN)) {
|
|
||||||
mGError("user:%s, failed to auth while acquire user, input:%s", pReq->info.conn.user, connReq.passwd);
|
if (strncmp(connReq.passwd, pUser->pass, TSDB_PASSWORD_LEN - 1) != 0) {
|
||||||
|
mGError("user:%s, failed to login from %s since invalid pass, input:%s", pReq->info.conn.user, ip, connReq.passwd);
|
||||||
code = TSDB_CODE_RPC_AUTH_FAILURE;
|
code = TSDB_CODE_RPC_AUTH_FAILURE;
|
||||||
goto CONN_OVER;
|
goto _OVER;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (mndCheckOperAuth(pMnode, pReq->info.conn.user, MND_OPER_CONNECT) != 0) {
|
||||||
|
mGError("user:%s, failed to login from %s since %s", pReq->info.conn.user, ip, terrstr());
|
||||||
|
goto _OVER;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (connReq.db[0]) {
|
if (connReq.db[0]) {
|
||||||
char db[TSDB_DB_FNAME_LEN];
|
char db[TSDB_DB_FNAME_LEN] = {0};
|
||||||
snprintf(db, TSDB_DB_FNAME_LEN, "%d%s%s", pUser->acctId, TS_PATH_DELIMITER, connReq.db);
|
snprintf(db, TSDB_DB_FNAME_LEN, "%d%s%s", pUser->acctId, TS_PATH_DELIMITER, connReq.db);
|
||||||
pDb = mndAcquireDb(pMnode, db);
|
pDb = mndAcquireDb(pMnode, db);
|
||||||
if (pDb == NULL) {
|
if (pDb == NULL) {
|
||||||
terrno = TSDB_CODE_MND_INVALID_DB;
|
terrno = TSDB_CODE_MND_INVALID_DB;
|
||||||
mGError("user:%s, failed to login from %s while use db:%s since %s", pReq->info.conn.user, ip, connReq.db,
|
mGError("user:%s, failed to login from %s while use db:%s since %s", pReq->info.conn.user, ip, connReq.db,
|
||||||
terrstr());
|
terrstr());
|
||||||
goto CONN_OVER;
|
goto _OVER;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -252,7 +259,7 @@ static int32_t mndProcessConnectReq(SRpcMsg *pReq) {
|
||||||
pReq->info.conn.clientPort, connReq.pid, connReq.app, connReq.startTime);
|
pReq->info.conn.clientPort, connReq.pid, connReq.app, connReq.startTime);
|
||||||
if (pConn == NULL) {
|
if (pConn == NULL) {
|
||||||
mGError("user:%s, failed to login from %s while create connection since %s", pReq->info.conn.user, ip, terrstr());
|
mGError("user:%s, failed to login from %s while create connection since %s", pReq->info.conn.user, ip, terrstr());
|
||||||
goto CONN_OVER;
|
goto _OVER;
|
||||||
}
|
}
|
||||||
|
|
||||||
SConnectRsp connectRsp = {0};
|
SConnectRsp connectRsp = {0};
|
||||||
|
|
@ -268,9 +275,9 @@ static int32_t mndProcessConnectReq(SRpcMsg *pReq) {
|
||||||
mndGetMnodeEpSet(pMnode, &connectRsp.epSet);
|
mndGetMnodeEpSet(pMnode, &connectRsp.epSet);
|
||||||
|
|
||||||
int32_t contLen = tSerializeSConnectRsp(NULL, 0, &connectRsp);
|
int32_t contLen = tSerializeSConnectRsp(NULL, 0, &connectRsp);
|
||||||
if (contLen < 0) goto CONN_OVER;
|
if (contLen < 0) goto _OVER;
|
||||||
void *pRsp = rpcMallocCont(contLen);
|
void *pRsp = rpcMallocCont(contLen);
|
||||||
if (pRsp == NULL) goto CONN_OVER;
|
if (pRsp == NULL) goto _OVER;
|
||||||
tSerializeSConnectRsp(pRsp, contLen, &connectRsp);
|
tSerializeSConnectRsp(pRsp, contLen, &connectRsp);
|
||||||
|
|
||||||
pReq->info.rspLen = contLen;
|
pReq->info.rspLen = contLen;
|
||||||
|
|
@ -280,7 +287,7 @@ static int32_t mndProcessConnectReq(SRpcMsg *pReq) {
|
||||||
|
|
||||||
code = 0;
|
code = 0;
|
||||||
|
|
||||||
CONN_OVER:
|
_OVER:
|
||||||
|
|
||||||
mndReleaseUser(pMnode, pUser);
|
mndReleaseUser(pMnode, pUser);
|
||||||
mndReleaseDb(pMnode, pDb);
|
mndReleaseDb(pMnode, pDb);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue