From b8205f23bfe976e8b6fed64a9e0c7bcaa5ad1b9c Mon Sep 17 00:00:00 2001 From: shenglian zhou Date: Wed, 30 Aug 2023 14:32:46 +0800 Subject: [PATCH] enhance: ip whitelist before debug --- source/libs/nodes/src/nodesUtilFuncs.c | 11 ++++- source/libs/parser/inc/sql.y | 2 +- source/libs/parser/src/parAstCreater.c | 63 ++++++++++++++++++-------- source/libs/parser/src/parTranslater.c | 6 +++ source/util/src/terror.c | 3 +- 5 files changed, 62 insertions(+), 23 deletions(-) diff --git a/source/libs/nodes/src/nodesUtilFuncs.c b/source/libs/nodes/src/nodesUtilFuncs.c index 77637757b1..bc2067660a 100644 --- a/source/libs/nodes/src/nodesUtilFuncs.c +++ b/source/libs/nodes/src/nodesUtilFuncs.c @@ -924,8 +924,15 @@ void nodesDestroyNode(SNode* pNode) { nodesDestroyNode((SNode*)pStmt->pVal); break; } - case QUERY_NODE_CREATE_USER_STMT: // no pointer field - case QUERY_NODE_ALTER_USER_STMT: // no pointer field + case QUERY_NODE_CREATE_USER_STMT: { + SCreateUserStmt* pStmt = (SCreateUserStmt*)pNode; + taosMemoryFree(pStmt->pIpRanges); + break; + } + case QUERY_NODE_ALTER_USER_STMT: { + SAlterUserStmt* pStmt = (SAlterUserStmt*)pNode; + taosMemoryFree(pStmt->pIpRanges); + } case QUERY_NODE_DROP_USER_STMT: // no pointer field case QUERY_NODE_USE_DATABASE_STMT: // no pointer field case QUERY_NODE_CREATE_DNODE_STMT: // no pointer field diff --git a/source/libs/parser/inc/sql.y b/source/libs/parser/inc/sql.y index 2a7f6c6eef..eb5d6d71df 100755 --- a/source/libs/parser/inc/sql.y +++ b/source/libs/parser/inc/sql.y @@ -99,7 +99,7 @@ white_list_opt(A) ::= white_list(B). cmd ::= CREATE USER user_name(A) PASS NK_STRING(B) sysinfo_opt(C) white_list_opt(D). { pCxt->pRootNode = createCreateUserStmt(pCxt, &A, &B, C); - addCreateUserStmtWhiteList(pCxt, pCxt->pRootNode, D); + pCxt->pRootNode = addCreateUserStmtWhiteList(pCxt, pCxt->pRootNode, D); } cmd ::= ALTER USER user_name(A) PASS NK_STRING(B). { pCxt->pRootNode = createAlterUserStmt(pCxt, &A, TSDB_ALTER_USER_PASSWD, &B); } cmd ::= ALTER USER user_name(A) ENABLE NK_INTEGER(B). { pCxt->pRootNode = createAlterUserStmt(pCxt, &A, TSDB_ALTER_USER_ENABLE, &B); } diff --git a/source/libs/parser/src/parAstCreater.c b/source/libs/parser/src/parAstCreater.c index 94e678b0bc..ddeecbd288 100644 --- a/source/libs/parser/src/parAstCreater.c +++ b/source/libs/parser/src/parAstCreater.c @@ -1696,6 +1696,27 @@ static int32_t getIpV4RangeFromWhitelistItem(char* ipRange, SIpV4Range* pIpRange return TSDB_CODE_SUCCESS; } +static int32_t fillIpRangesFromWhiteList(SAstCreateContext* pCxt, SNodeList* pIpRangesNodeList, SIpV4Range* pIpRanges) { + int32_t i = 0; + int32_t code = 0; + + SNode* pNode = NULL; + FOREACH(pNode, pIpRangesNodeList) { + if (QUERY_NODE_VALUE != nodeType(pNode)) { + pCxt->errCode = TSDB_CODE_PAR_INVALID_IP_RANGE; + return TSDB_CODE_PAR_INVALID_IP_RANGE; + } + SValueNode* pValNode = (SValueNode*)(pNode); + code = getIpV4RangeFromWhitelistItem(pValNode->literal, pIpRanges + i); + ++i; + if (code != TSDB_CODE_SUCCESS) { + pCxt->errCode = generateSyntaxErrMsg(&pCxt->msgBuf, code, pValNode->literal); + return code; + } + } + return TSDB_CODE_SUCCESS; +} + SNode* addCreateUserStmtWhiteList(SAstCreateContext* pCxt, SNode* pCreateUserStmt, SNodeList* pIpRangesNodeList) { if (pIpRangesNodeList == NULL) { return pCreateUserStmt; @@ -1703,19 +1724,16 @@ SNode* addCreateUserStmtWhiteList(SAstCreateContext* pCxt, SNode* pCreateUserStm SCreateUserStmt* pCreateUser = (SCreateUserStmt*)pCreateUserStmt; pCreateUser->numIpRanges = LIST_LENGTH(pIpRangesNodeList); pCreateUser->pIpRanges = taosMemoryMalloc(pCreateUser->numIpRanges * sizeof(SIpV4Range)); - int32_t i = 0; - int32_t code = 0; + if (NULL == pCreateUser->pIpRanges) { + pCxt->errCode = TSDB_CODE_OUT_OF_MEMORY; + nodesDestroyNode(pCreateUserStmt); + return NULL; + } - SNode* pNode = NULL; - FOREACH(pNode, pIpRangesNodeList) { - SValueNode* pValNode = (SValueNode*)(pNode); - code = getIpV4RangeFromWhitelistItem(pValNode->literal, pCreateUser->pIpRanges + i); - if (code != TSDB_CODE_SUCCESS) { - //TODO: see check user name/pass to return error no - taosMemoryFree(pCreateUser->pIpRanges); - nodesDestroyNode(pCreateUserStmt); - return NULL; - } + int32_t code = fillIpRangesFromWhiteList(pCxt, pIpRangesNodeList, pCreateUser->pIpRanges); + if (TSDB_CODE_SUCCESS != code) { + nodesDestroyNode(pCreateUserStmt); + return NULL; } return pCreateUserStmt; } @@ -1753,13 +1771,20 @@ SNode* createAlterUserStmt(SAstCreateContext* pCxt, SToken* pUserName, int8_t al case TSDB_ALTER_USER_ADD_WHITE_LIST: case TSDB_ALTER_USER_DROP_WHITE_LIST: { SNodeList* pIpRangesNodeList = pAlterInfo; - SNode* pNode = NULL; - FOREACH(pNode, pIpRangesNodeList) { - char* pStr = NULL; - nodesNodeToString(pNode, false, &pStr, NULL); - printf("%s\n", pStr); - taosMemoryFree(pStr); - } + pStmt->numIpRanges = LIST_LENGTH(pIpRangesNodeList); + pStmt->pIpRanges = taosMemoryMalloc(pStmt->numIpRanges * sizeof(SIpV4Range)); + if (NULL == pStmt->pIpRanges) { + pCxt->errCode = TSDB_CODE_OUT_OF_MEMORY; + nodesDestroyNode(pStmt); + return NULL; + } + + int32_t code = fillIpRangesFromWhiteList(pCxt, pIpRangesNodeList, pStmt->pIpRanges); + if (TSDB_CODE_SUCCESS != code) { + nodesDestroyNode(pStmt); + return NULL; + } + break; } default: break; diff --git a/source/libs/parser/src/parTranslater.c b/source/libs/parser/src/parTranslater.c index e973694a04..62930fc388 100644 --- a/source/libs/parser/src/parTranslater.c +++ b/source/libs/parser/src/parTranslater.c @@ -5712,6 +5712,9 @@ static int32_t translateCreateUser(STranslateContext* pCxt, SCreateUserStmt* pSt createReq.sysInfo = pStmt->sysinfo; createReq.enable = 1; strcpy(createReq.pass, pStmt->password); + createReq.numIpRanges = pStmt->numIpRanges; + createReq.pIpRanges = taosMemoryMalloc(createReq.numIpRanges); + memcpy(createReq.pIpRanges, pStmt->pIpRanges, sizeof(SIpV4Range) * createReq.numIpRanges); return buildCmdMsg(pCxt, TDMT_MND_CREATE_USER, (FSerializeFunc)tSerializeSCreateUserReq, &createReq); } @@ -5727,6 +5730,9 @@ static int32_t translateAlterUser(STranslateContext* pCxt, SAlterUserStmt* pStmt if (NULL != pCxt->pParseCxt->db) { snprintf(alterReq.objname, sizeof(alterReq.objname), "%s", pCxt->pParseCxt->db); } + alterReq.numIpRanges = pStmt->numIpRanges; + alterReq.pIpRanges = taosMemoryMalloc(alterReq.numIpRanges); + memcpy(alterReq.pIpRanges, pStmt->pIpRanges, sizeof(SIpV4Range) * alterReq.numIpRanges); return buildCmdMsg(pCxt, TDMT_MND_ALTER_USER, (FSerializeFunc)tSerializeSAlterUserReq, &alterReq); } diff --git a/source/util/src/terror.c b/source/util/src/terror.c index e1dfdc8cf7..9281eaae11 100644 --- a/source/util/src/terror.c +++ b/source/util/src/terror.c @@ -556,7 +556,6 @@ TAOS_DEFINE_ERROR(TSDB_CODE_PAR_NOT_ALLOWED_WIN_QUERY, "Window query not su TAOS_DEFINE_ERROR(TSDB_CODE_PAR_INVALID_DROP_COL, "No columns can be dropped") TAOS_DEFINE_ERROR(TSDB_CODE_PAR_INVALID_COL_JSON, "Only tag can be json type") TAOS_DEFINE_ERROR(TSDB_CODE_PAR_VALUE_TOO_LONG, "Value too long for column/tag") -TAOS_DEFINE_ERROR(TSDB_CODE_PAR_INVALID_VARBINARY, "Invalidate varbinary type") TAOS_DEFINE_ERROR(TSDB_CODE_PAR_INVALID_DELETE_WHERE, "The DELETE statement must have a definite time window range") TAOS_DEFINE_ERROR(TSDB_CODE_PAR_INVALID_REDISTRIBUTE_VG, "The REDISTRIBUTE VGROUP statement only support 1 to 3 dnodes") TAOS_DEFINE_ERROR(TSDB_CODE_PAR_FILL_NOT_ALLOWED_FUNC, "Fill not allowed") @@ -573,6 +572,8 @@ TAOS_DEFINE_ERROR(TSDB_CODE_PAR_GET_META_ERROR, "Fail to get table i TAOS_DEFINE_ERROR(TSDB_CODE_PAR_NOT_UNIQUE_TABLE_ALIAS, "Not unique table/alias") TAOS_DEFINE_ERROR(TSDB_CODE_PAR_SYSTABLE_NOT_ALLOWED_FUNC, "System table not allowed") TAOS_DEFINE_ERROR(TSDB_CODE_PAR_SYSTABLE_NOT_ALLOWED, "System table not allowed") +TAOS_DEFINE_ERROR(TSDB_CODE_PAR_INVALID_VARBINARY, "Invalidate varbinary type") +TAOS_DEFINE_ERROR(TSDB_CODE_PAR_INVALID_IP_RANGE, "Invalid IPV4 address ranges") TAOS_DEFINE_ERROR(TSDB_CODE_PAR_INTERNAL_ERROR, "Parser internal error") //planner