xxq250
/
homework-jianmu
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat: table level user auth

This commit is contained in:
dapan1121 2023-04-06 10:01:27 +08:00
parent 7342bde45d
commit d768f49dd7
12 changed files with 272 additions and 152 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
include/libs/catalog/catalog.h
View File

@ -29,6 +29,7 @@ extern "C" {
#include "tmsg.h" #include "tmsg.h"
#include "tname.h" #include "tname.h"
#include "transport.h" #include "transport.h"
#include "nodes.h"
typedef struct SCatalog SCatalog; typedef struct SCatalog SCatalog;
@ -49,10 +50,15 @@ typedef enum {
typedef struct SUserAuthInfo { typedef struct SUserAuthInfo {
char user[TSDB_USER_LEN]; char user[TSDB_USER_LEN];
char dbFName[TSDB_DB_FNAME_LEN]; SName tbName;
AUTH_TYPE type; AUTH_TYPE type;
} SUserAuthInfo; } SUserAuthInfo;
typedef struct SUserAuthRes {
bool pass;
SNode* pCond;
} SUserAuthRes;
typedef struct SDbInfo { typedef struct SDbInfo {
int32_t vgVer; int32_t vgVer;
int32_t tbNum; int32_t tbNum;
@ -96,7 +102,7 @@ typedef struct SMetaData {
SArray* pTableIndex; // pRes = SArray<STableIndexInfo>* SArray* pTableIndex; // pRes = SArray<STableIndexInfo>*
SArray* pUdfList; // pRes = SFuncInfo* SArray* pUdfList; // pRes = SFuncInfo*
SArray* pIndex; // pRes = SIndexInfo* SArray* pIndex; // pRes = SIndexInfo*
SArray* pUser; // pRes = bool* SArray* pUser; // pRes = SUserAuthRes*
SArray* pQnodeList; // pRes = SArray<SQueryNodeLoad>* SArray* pQnodeList; // pRes = SArray<SQueryNodeLoad>*
SArray* pTableCfg; // pRes = STableCfg* SArray* pTableCfg; // pRes = STableCfg*
SArray* pDnodeList; // pRes = SArray<SEpSet>* SArray* pDnodeList; // pRes = SArray<SEpSet>*
@ -312,11 +318,9 @@ int32_t catalogUpdateTableIndex(SCatalog* pCtg, STableIndexRsp* pRsp);
int32_t catalogGetUdfInfo(SCatalog* pCtg, SRequestConnInfo* pConn, const char* funcName, SFuncInfo* pInfo); int32_t catalogGetUdfInfo(SCatalog* pCtg, SRequestConnInfo* pConn, const char* funcName, SFuncInfo* pInfo);
int32_t catalogChkAuth(SCatalog* pCtg, SRequestConnInfo* pConn, const char* user, const char* dbFName, AUTH_TYPE type, int32_t catalogChkAuth(SCatalog* pCtg, SRequestConnInfo* pConn, SUserAuthInfo *pAuth, SUserAuthRes* pRes);
bool* pass);
int32_t catalogChkAuthFromCache(SCatalog* pCtg, const char* user, const char* dbFName, AUTH_TYPE type, bool* pass, int32_t catalogChkAuthFromCache(SCatalog* pCtg, SUserAuthInfo *pAuth, SUserAuthRes* pRes, bool* exists);
bool* exists);
int32_t catalogUpdateUserAuthInfo(SCatalog* pCtg, SGetUserAuthRsp* pAuth); int32_t catalogUpdateUserAuthInfo(SCatalog* pCtg, SGetUserAuthRsp* pAuth);

4
source/libs/catalog/CMakeLists.txt
View File

@ -8,9 +8,9 @@ target_include_directories(
target_link_libraries( target_link_libraries(
catalog catalog
PRIVATE os util transport qcom PRIVATE os util transport qcom nodes
) )
if(${BUILD_TEST}) if(${BUILD_TEST})
ADD_SUBDIRECTORY(test) ADD_SUBDIRECTORY(test)
endif(${BUILD_TEST}) endif(${BUILD_TEST})

25
source/libs/catalog/inc/catalogInt.h
View File

@ -99,6 +99,20 @@ typedef struct SCtgDebug {
uint32_t showCachePeriodSec; uint32_t showCachePeriodSec;
} SCtgDebug; } SCtgDebug;
typedef struct SCtgAuthReq {
SRequestConnInfo* pConn;
SUserAuthInfo* pRawReq;
SGetUserAuthRsp authInfo;
AUTH_TYPE singleType;
bool onlyCache;
} SCtgAuthReq;
typedef struct SCtgAuthRsp {
SUserAuthRes* pRawRes;
bool metaNotExists;
} SCtgAuthRsp;
typedef struct SCtgTbCacheInfo { typedef struct SCtgTbCacheInfo {
bool inCache; bool inCache;
uint64_t dbId; uint64_t dbId;
@ -214,12 +228,8 @@ typedef struct SCtgRentMgmt {
} SCtgRentMgmt; } SCtgRentMgmt;
typedef struct SCtgUserAuth { typedef struct SCtgUserAuth {
int32_t version; SRWLatch lock;
SRWLatch lock; SGetUserAuthRsp userAuth;
bool superUser;
SHashObj* createdDbs;
SHashObj* readDbs;
SHashObj* writeDbs;
} SCtgUserAuth; } SCtgUserAuth;
typedef struct SCatalog { typedef struct SCatalog {
@ -703,7 +713,7 @@ int32_t ctgTbMetaExistInCache(SCatalog* pCtg, char* dbFName, char* tbName, int32
int32_t ctgReadTbMetaFromCache(SCatalog* pCtg, SCtgTbMetaCtx* ctx, STableMeta** pTableMeta); int32_t ctgReadTbMetaFromCache(SCatalog* pCtg, SCtgTbMetaCtx* ctx, STableMeta** pTableMeta);
int32_t ctgReadTbVerFromCache(SCatalog* pCtg, SName* pTableName, int32_t* sver, int32_t* tver, int32_t* tbType, int32_t ctgReadTbVerFromCache(SCatalog* pCtg, SName* pTableName, int32_t* sver, int32_t* tver, int32_t* tbType,
uint64_t* suid, char* stbName); uint64_t* suid, char* stbName);
int32_t ctgChkAuthFromCache(SCatalog* pCtg, char* user, char* dbFName, AUTH_TYPE type, bool* inCache, bool* pass); int32_t ctgChkAuthFromCache(SCatalog *pCtg, SUserAuthInfo *pReq, bool *inCache, SCtgAuthRsp* pRes);
int32_t ctgDropDbCacheEnqueue(SCatalog* pCtg, const char* dbFName, int64_t dbId); int32_t ctgDropDbCacheEnqueue(SCatalog* pCtg, const char* dbFName, int64_t dbId);
int32_t ctgDropDbVgroupEnqueue(SCatalog* pCtg, const char* dbFName, bool syncReq); int32_t ctgDropDbVgroupEnqueue(SCatalog* pCtg, const char* dbFName, bool syncReq);
int32_t ctgDropStbMetaEnqueue(SCatalog* pCtg, const char* dbFName, int64_t dbId, const char* stbName, uint64_t suid, int32_t ctgDropStbMetaEnqueue(SCatalog* pCtg, const char* dbFName, int64_t dbId, const char* stbName, uint64_t suid,
@ -806,6 +816,7 @@ int32_t ctgAcquireVgMetaFromCache(SCatalog *pCtg, const char *dbFName, const cha
int32_t ctgCopyTbMeta(SCatalog *pCtg, SCtgTbMetaCtx *ctx, SCtgDBCache **pDb, SCtgTbCache **pTb, STableMeta **pTableMeta, char* dbFName); int32_t ctgCopyTbMeta(SCatalog *pCtg, SCtgTbMetaCtx *ctx, SCtgDBCache **pDb, SCtgTbCache **pTb, STableMeta **pTableMeta, char* dbFName);
void ctgReleaseVgMetaToCache(SCatalog *pCtg, SCtgDBCache *dbCache, SCtgTbCache *pCache); void ctgReleaseVgMetaToCache(SCatalog *pCtg, SCtgDBCache *dbCache, SCtgTbCache *pCache);
void ctgReleaseTbMetaToCache(SCatalog *pCtg, SCtgDBCache *dbCache, SCtgTbCache *pCache); void ctgReleaseTbMetaToCache(SCatalog *pCtg, SCtgDBCache *dbCache, SCtgTbCache *pCache);
int32_t ctgChkSetAuthRes(SCatalog *pCtg, SCtgAuthReq *req, SCtgAuthRsp* res);
extern SCatalogMgmt gCtgMgmt; extern SCatalogMgmt gCtgMgmt;
extern SCtgDebug gCTGDebug; extern SCtgDebug gCTGDebug;

53
source/libs/catalog/src/catalog.c
View File

@ -319,14 +319,13 @@ _return:
CTG_RET(code); CTG_RET(code);
} }
int32_t ctgChkAuth(SCatalog* pCtg, SRequestConnInfo* pConn, const char* user, const char* dbFName, AUTH_TYPE type, int32_t ctgChkAuth(SCatalog* pCtg, SRequestConnInfo* pConn, SUserAuthInfo *pReq, SUserAuthRes* pRes, bool* exists) {
bool* pass, bool* exists) {
bool inCache = false; bool inCache = false;
int32_t code = 0; int32_t code = 0;
SCtgAuthRsp rsp = {0};
rsp.pRawRes = pRes;
*pass = false; CTG_ERR_RET(ctgChkAuthFromCache(pCtg, pReq, &inCache, &rsp));
CTG_ERR_RET(ctgChkAuthFromCache(pCtg, (char*)user, (char*)dbFName, type, &inCache, pass));
if (inCache) { if (inCache) {
if (exists) { if (exists) {
@ -339,30 +338,22 @@ int32_t ctgChkAuth(SCatalog* pCtg, SRequestConnInfo* pConn, const char* user, co
return TSDB_CODE_SUCCESS; return TSDB_CODE_SUCCESS;
} }
SGetUserAuthRsp authRsp = {0}; SCtgAuthReq req = {0};
CTG_ERR_RET(ctgGetUserDbAuthFromMnode(pCtg, pConn, user, &authRsp, NULL)); req.pRawReq = pReq;
req.pConn = pConn;
req.onlyCache = exists ? true : false;
CTG_ERR_RET(ctgGetUserDbAuthFromMnode(pCtg, pConn, pReq->user, &req.authInfo, NULL));
if (authRsp.superAuth) { CTG_ERR_JRET(ctgChkSetAuthRes(pCtg, &req, &rsp));
*pass = true; if (rsp.metaNotExists && exists) {
goto _return; *exists = false;
}
if (authRsp.createdDbs && taosHashGet(authRsp.createdDbs, dbFName, strlen(dbFName))) {
*pass = true;
goto _return;
}
if (CTG_AUTH_READ(type) && authRsp.readDbs && taosHashGet(authRsp.readDbs, dbFName, strlen(dbFName))) {
*pass = true;
} else if (CTG_AUTH_WRITE(type) && authRsp.writeDbs && taosHashGet(authRsp.writeDbs, dbFName, strlen(dbFName))) {
*pass = true;
} }
_return: _return:
ctgUpdateUserEnqueue(pCtg, &authRsp, false); ctgUpdateUserEnqueue(pCtg, &req.authInfo, false);
return TSDB_CODE_SUCCESS; CTG_RET(code);
} }
int32_t ctgGetTbType(SCatalog* pCtg, SRequestConnInfo* pConn, SName* pTableName, int32_t* tbType) { int32_t ctgGetTbType(SCatalog* pCtg, SRequestConnInfo* pConn, SName* pTableName, int32_t* tbType) {
@ -1368,7 +1359,7 @@ int32_t catalogGetExpiredUsers(SCatalog* pCtg, SUserAuthVersion** users, uint32_
void* key = taosHashGetKey(pAuth, &len); void* key = taosHashGetKey(pAuth, &len);
strncpy((*users)[i].user, key, len); strncpy((*users)[i].user, key, len);
(*users)[i].user[len] = 0; (*users)[i].user[len] = 0;
(*users)[i].version = pAuth->version; (*users)[i].version = pAuth->userAuth.version;
++i; ++i;
if (i >= *num) { if (i >= *num) {
taosHashCancelIterate(pCtg->userCache, pAuth); taosHashCancelIterate(pCtg->userCache, pAuth);
@ -1448,32 +1439,30 @@ _return:
CTG_API_LEAVE(code); CTG_API_LEAVE(code);
} }
int32_t catalogChkAuth(SCatalog* pCtg, SRequestConnInfo* pConn, const char* user, const char* dbFName, AUTH_TYPE type, int32_t catalogChkAuth(SCatalog* pCtg, SRequestConnInfo* pConn, SUserAuthInfo *pAuth, SUserAuthRes* pRes) {
bool* pass) {
CTG_API_ENTER(); CTG_API_ENTER();
if (NULL == pCtg || NULL == pConn || NULL == user || NULL == dbFName || NULL == pass) { if (NULL == pCtg || NULL == pConn || NULL == pAuth || NULL == pRes) {
CTG_API_LEAVE(TSDB_CODE_CTG_INVALID_INPUT); CTG_API_LEAVE(TSDB_CODE_CTG_INVALID_INPUT);
} }
int32_t code = 0; int32_t code = 0;
CTG_ERR_JRET(ctgChkAuth(pCtg, pConn, user, dbFName, type, pass, NULL)); CTG_ERR_JRET(ctgChkAuth(pCtg, pConn, pAuth, pRes, NULL));
_return: _return:
CTG_API_LEAVE(code); CTG_API_LEAVE(code);
} }
int32_t catalogChkAuthFromCache(SCatalog* pCtg, const char* user, const char* dbFName, AUTH_TYPE type, int32_t catalogChkAuthFromCache(SCatalog* pCtg, SUserAuthInfo *pAuth, SUserAuthRes* pRes, bool* exists) {
bool* pass, bool* exists) {
CTG_API_ENTER(); CTG_API_ENTER();
if (NULL == pCtg || NULL == user || NULL == dbFName || NULL == pass || NULL == exists) { if (NULL == pCtg || NULL == pAuth || NULL == pRes || NULL == exists) {
CTG_API_LEAVE(TSDB_CODE_CTG_INVALID_INPUT); CTG_API_LEAVE(TSDB_CODE_CTG_INVALID_INPUT);
} }
int32_t code = 0; int32_t code = 0;
CTG_ERR_JRET(ctgChkAuth(pCtg, NULL, user, dbFName, type, pass, exists)); CTG_ERR_JRET(ctgChkAuth(pCtg, NULL, pAuth, pRes, exists));
_return: _return:

71
source/libs/catalog/src/ctgAsync.c
View File

@ -1550,45 +1550,20 @@ _return:
int32_t ctgHandleGetUserRsp(SCtgTaskReq* tReq, int32_t reqType, const SDataBuf* pMsg, int32_t rspCode) { int32_t ctgHandleGetUserRsp(SCtgTaskReq* tReq, int32_t reqType, const SDataBuf* pMsg, int32_t rspCode) {
int32_t code = 0; int32_t code = 0;
SCtgTask* pTask = tReq->pTask; SCtgTask* pTask = tReq->pTask;
SCtgUserCtx* ctx = (SCtgUserCtx*)pTask->taskCtx;
SCatalog* pCtg = pTask->pJob->pCtg; SCatalog* pCtg = pTask->pJob->pCtg;
bool pass = false;
SGetUserAuthRsp* pOut = (SGetUserAuthRsp*)pTask->msgCtx.out; SGetUserAuthRsp* pOut = (SGetUserAuthRsp*)pTask->msgCtx.out;
CTG_ERR_JRET(ctgProcessRspMsg(pTask->msgCtx.out, reqType, pMsg->pData, pMsg->len, rspCode, pTask->msgCtx.target)); CTG_ERR_JRET(ctgProcessRspMsg(pTask->msgCtx.out, reqType, pMsg->pData, pMsg->len, rspCode, pTask->msgCtx.target));
if (pOut->superAuth) { ctgUpdateUserEnqueue(pCtg, pOut, true);
pass = true; taosMemoryFreeClear(pTask->msgCtx.out);
goto _return;
}
if (pOut->createdDbs && taosHashGet(pOut->createdDbs, ctx->user.dbFName, strlen(ctx->user.dbFName))) { CTG_ERR_JRET((*gCtgAsyncFps[pTask->type].launchFp)(pTask));
pass = true;
goto _return;
}
if (CTG_AUTH_READ(ctx->user.type) && pOut->readDbs && return TSDB_CODE_SUCCESS;
taosHashGet(pOut->readDbs, ctx->user.dbFName, strlen(ctx->user.dbFName))) {
pass = true;
} else if (CTG_AUTH_WRITE(ctx->user.type) && pOut->writeDbs &&
taosHashGet(pOut->writeDbs, ctx->user.dbFName, strlen(ctx->user.dbFName))) {
pass = true;
}
_return: _return:
if (TSDB_CODE_SUCCESS == code) {
pTask->res = taosMemoryCalloc(1, sizeof(bool));
if (NULL == pTask->res) {
code = TSDB_CODE_OUT_OF_MEMORY;
} else {
*(bool*)pTask->res = pass;
}
}
ctgUpdateUserEnqueue(pCtg, pOut, false);
taosMemoryFreeClear(pTask->msgCtx.out);
ctgHandleTaskEnd(pTask, code); ctgHandleTaskEnd(pTask, code);
CTG_RET(code); CTG_RET(code);
@ -2067,31 +2042,39 @@ int32_t ctgLaunchGetUdfTask(SCtgTask* pTask) {
} }
int32_t ctgLaunchGetUserTask(SCtgTask* pTask) { int32_t ctgLaunchGetUserTask(SCtgTask* pTask) {
int32_t code = 0;
SCatalog* pCtg = pTask->pJob->pCtg; SCatalog* pCtg = pTask->pJob->pCtg;
SRequestConnInfo* pConn = &pTask->pJob->conn; SRequestConnInfo* pConn = &pTask->pJob->conn;
SCtgUserCtx* pCtx = (SCtgUserCtx*)pTask->taskCtx; SCtgUserCtx* pCtx = (SCtgUserCtx*)pTask->taskCtx;
bool inCache = false; bool inCache = false;
bool pass = false; SCtgAuthRsp rsp = {0};
SCtgJob* pJob = pTask->pJob; SCtgJob* pJob = pTask->pJob;
SCtgMsgCtx* pMsgCtx = CTG_GET_TASK_MSGCTX(pTask, -1); SCtgMsgCtx* pMsgCtx = CTG_GET_TASK_MSGCTX(pTask, -1);
if (NULL == pMsgCtx->pBatchs) { if (NULL == pMsgCtx->pBatchs) {
pMsgCtx->pBatchs = pJob->pBatchs; pMsgCtx->pBatchs = pJob->pBatchs;
} }
CTG_ERR_RET(ctgChkAuthFromCache(pCtg, pCtx->user.user, pCtx->user.dbFName, pCtx->user.type, &inCache, &pass)); rsp.pRawRes = taosMemoryCalloc(1, sizeof(SUserAuthRes));
if (NULL == rsp.pRawRes) {
CTG_ERR_RET(TSDB_CODE_OUT_OF_MEMORY);
}
CTG_ERR_RET(ctgChkAuthFromCache(pCtg, &pCtx->user, &inCache, &rsp));
if (inCache) { if (inCache) {
pTask->res = taosMemoryCalloc(1, sizeof(bool)); pTask->res = rsp.pRawRes;
if (NULL == pTask->res) {
CTG_ERR_RET(TSDB_CODE_OUT_OF_MEMORY);
}
*(bool*)pTask->res = pass;
CTG_ERR_RET(ctgHandleTaskEnd(pTask, 0)); CTG_ERR_RET(ctgHandleTaskEnd(pTask, 0));
return TSDB_CODE_SUCCESS; return TSDB_CODE_SUCCESS;
} }
CTG_ERR_RET(ctgGetUserDbAuthFromMnode(pCtg, pConn, pCtx->user.user, NULL, pTask)); taosMemoryFreeClear(rsp.pRawRes);
if (rsp.metaNotExists) {
CTG_ERR_RET(ctgLaunchSubTask(pTask, CTG_TASK_GET_TB_META, ctgGetTbCfgCb, &pCtx->user.tbName));
} else {
CTG_ERR_RET(ctgGetUserDbAuthFromMnode(pCtg, pConn, pCtx->user.user, NULL, pTask));
}
return TSDB_CODE_SUCCESS; return TSDB_CODE_SUCCESS;
} }
@ -2139,6 +2122,20 @@ _return:
CTG_RET(ctgHandleTaskEnd(pTask, pTask->subRes.code)); CTG_RET(ctgHandleTaskEnd(pTask, pTask->subRes.code));
} }
int32_t ctgGetUserCb(SCtgTask* pTask) {
int32_t code = 0;
CTG_ERR_JRET(pTask->subRes.code);
CTG_RET(ctgLaunchGetUserTask(pTask));
_return:
CTG_RET(ctgHandleTaskEnd(pTask, pTask->subRes.code));
}
int32_t ctgCompDbVgTasks(SCtgTask* pTask, void* param, bool* equal) { int32_t ctgCompDbVgTasks(SCtgTask* pTask, void* param, bool* equal) {
SCtgDbVgCtx* ctx = pTask->taskCtx; SCtgDbVgCtx* ctx = pTask->taskCtx;

71
source/libs/catalog/src/ctgCache.c
View File

@ -678,55 +678,40 @@ _return:
CTG_RET(code); CTG_RET(code);
} }
int32_t ctgChkAuthFromCache(SCatalog *pCtg, char *user, char *dbFName, AUTH_TYPE type, bool *inCache, bool *pass) { int32_t ctgChkAuthFromCache(SCatalog *pCtg, SUserAuthInfo *pReq, bool *inCache, SCtgAuthRsp* pRes) {
char *p = strchr(dbFName, '.'); if (IS_SYS_DBNAME(pReq->tbName.dbname)) {
if (p) {
++p;
} else {
p = dbFName;
}
if (IS_SYS_DBNAME(p)) {
*inCache = true; *inCache = true;
*pass = true; pRes->pRawRes->pass = true;
ctgDebug("sysdb %s, pass", dbFName); ctgDebug("sysdb %s, pass", pReq->tbName.dbname);
return TSDB_CODE_SUCCESS; return TSDB_CODE_SUCCESS;
} }
SCtgUserAuth *pUser = (SCtgUserAuth *)taosHashGet(pCtg->userCache, user, strlen(user)); SCtgUserAuth *pUser = (SCtgUserAuth *)taosHashGet(pCtg->userCache, pReq->user, strlen(pReq->user));
if (NULL == pUser) { if (NULL == pUser) {
ctgDebug("user not in cache, user:%s", user); ctgDebug("user not in cache, user:%s", pReq->user);
goto _return; goto _return;
} }
*inCache = true; *inCache = true;
ctgDebug("Got user from cache, user:%s", user); ctgDebug("Got user from cache, user:%s", pReq->user);
CTG_CACHE_STAT_INC(numOfUserHit, 1); CTG_CACHE_STAT_INC(numOfUserHit, 1);
if (pUser->superUser) { SCtgAuthReq req = {0};
*pass = true; req.pRawReq = pReq;
return TSDB_CODE_SUCCESS; req.onlyCache = true;
}
CTG_LOCK(CTG_READ, &pUser->lock); CTG_LOCK(CTG_READ, &pUser->lock);
if (pUser->createdDbs && taosHashGet(pUser->createdDbs, dbFName, strlen(dbFName))) { memcpy(&req.authInfo, &pUser->userAuth, sizeof(pUser->userAuth));
*pass = true; int32_t code = ctgChkSetAuthRes(pCtg, &req, pRes);
CTG_UNLOCK(CTG_READ, &pUser->lock);
return TSDB_CODE_SUCCESS;
}
if (pUser->readDbs && taosHashGet(pUser->readDbs, dbFName, strlen(dbFName)) && CTG_AUTH_READ(type)) {
*pass = true;
}
if (pUser->writeDbs && taosHashGet(pUser->writeDbs, dbFName, strlen(dbFName)) && CTG_AUTH_WRITE(type)) {
*pass = true;
}
CTG_UNLOCK(CTG_READ, &pUser->lock); CTG_UNLOCK(CTG_READ, &pUser->lock);
CTG_ERR_JRET(code);
if (pRes->metaNotExists) {
goto _return;
}
return TSDB_CODE_SUCCESS; CTG_RET(code);
_return: _return:
@ -2024,11 +2009,7 @@ int32_t ctgOpUpdateUser(SCtgCacheOperation *operation) {
if (NULL == pUser) { if (NULL == pUser) {
SCtgUserAuth userAuth = {0}; SCtgUserAuth userAuth = {0};
userAuth.version = msg->userAuth.version; memcpy(&userAuth.userAuth, &msg->userAuth, sizeof(msg->userAuth));
userAuth.superUser = msg->userAuth.superAuth;
userAuth.createdDbs = msg->userAuth.createdDbs;
userAuth.readDbs = msg->userAuth.readDbs;
userAuth.writeDbs = msg->userAuth.writeDbs;
if (taosHashPut(pCtg->userCache, msg->userAuth.user, strlen(msg->userAuth.user), &userAuth, sizeof(userAuth))) { if (taosHashPut(pCtg->userCache, msg->userAuth.user, strlen(msg->userAuth.user), &userAuth, sizeof(userAuth))) {
ctgError("taosHashPut user %s to cache failed", msg->userAuth.user); ctgError("taosHashPut user %s to cache failed", msg->userAuth.user);
@ -2040,20 +2021,18 @@ int32_t ctgOpUpdateUser(SCtgCacheOperation *operation) {
return TSDB_CODE_SUCCESS; return TSDB_CODE_SUCCESS;
} }
pUser->version = msg->userAuth.version;
CTG_LOCK(CTG_WRITE, &pUser->lock); CTG_LOCK(CTG_WRITE, &pUser->lock);
taosHashCleanup(pUser->createdDbs); taosHashCleanup(pUser->userAuth.createdDbs);
pUser->createdDbs = msg->userAuth.createdDbs; pUser->userAuth.createdDbs = msg->userAuth.createdDbs;
msg->userAuth.createdDbs = NULL; msg->userAuth.createdDbs = NULL;
taosHashCleanup(pUser->readDbs); taosHashCleanup(pUser->userAuth.readDbs);
pUser->readDbs = msg->userAuth.readDbs; pUser->userAuth.readDbs = msg->userAuth.readDbs;
msg->userAuth.readDbs = NULL; msg->userAuth.readDbs = NULL;
taosHashCleanup(pUser->writeDbs); taosHashCleanup(pUser->userAuth.writeDbs);
pUser->writeDbs = msg->userAuth.writeDbs; pUser->userAuth.writeDbs = msg->userAuth.writeDbs;
msg->userAuth.writeDbs = NULL; msg->userAuth.writeDbs = NULL;
CTG_UNLOCK(CTG_WRITE, &pUser->lock); CTG_UNLOCK(CTG_WRITE, &pUser->lock);

133
source/libs/catalog/src/ctgUtil.c
View File

@ -174,9 +174,11 @@ void ctgFreeSMetaData(SMetaData* pData) {
} }
void ctgFreeSCtgUserAuth(SCtgUserAuth* userCache) { void ctgFreeSCtgUserAuth(SCtgUserAuth* userCache) {
taosHashCleanup(userCache->createdDbs); taosHashCleanup(userCache->userAuth.createdDbs);
taosHashCleanup(userCache->readDbs); taosHashCleanup(userCache->userAuth.readDbs);
taosHashCleanup(userCache->writeDbs); taosHashCleanup(userCache->userAuth.writeDbs);
taosHashCleanup(userCache->userAuth.readTbs);
taosHashCleanup(userCache->userAuth.writeTbs);
} }
void ctgFreeMetaRent(SCtgRentMgmt* mgmt) { void ctgFreeMetaRent(SCtgRentMgmt* mgmt) {
@ -1330,6 +1332,131 @@ static void* ctgCloneDnodeList(void* pSrc) { return taosArrayDup((const SArray*)
static void ctgFreeDnodeList(void* p) { taosArrayDestroy((SArray*)((SMetaRes*)p)->pRes); } static void ctgFreeDnodeList(void* p) { taosArrayDestroy((SArray*)((SMetaRes*)p)->pRes); }
int32_t ctgChkSetTbAuthRes(SCatalog *pCtg, SCtgAuthReq *req, SCtgAuthRsp* res) {
int32_t code = 0;
STableMeta *pMeta = NULL;
SGetUserAuthRsp *pInfo = &req->authInfo;
SHashObj *pTbs = (AUTH_TYPE_READ == req->singleType) ? pInfo->readTbs : pInfo->writeTbs;
char *pCond = taosHashGet(pTbs, req->pRawReq->tbName.tname, strlen(req->pRawReq->tbName.tname));
if (pCond) {
if (strlen(pCond) > 1) {
CTG_RET(nodesStringToNode(pCond, &res->pRawRes->pCond));
}
res->pRawRes->pass = true;
return TSDB_CODE_SUCCESS;
}
CTG_ERR_RET(catalogGetCachedTableMeta(pCtg, &req->pRawReq->tbName, &pMeta));
if (NULL == pMeta) {
if (req->onlyCache) {
res->metaNotExists = true;
ctgDebug("db %s tb %s meta not in cache for auth", req->pRawReq->tbName.dbname, req->pRawReq->tbName.tname);
return TSDB_CODE_SUCCESS;
}
CTG_ERR_RET(catalogGetTableMeta(pCtg, req->pConn, &req->pRawReq->tbName, &pMeta));
}
if (TSDB_SUPER_TABLE == pMeta->tableType || TSDB_NORMAL_TABLE == pMeta->tableType) {
res->pRawRes->pass = false;
goto _return;
}
if (TSDB_CHILD_TABLE == pMeta->tableType) {
res->pRawRes->pass = true;
/*
char stbName[TSDB_TABLE_NAME_LEN] = {0};
CTG_ERR_JRET(ctgGetCachedStbNameFromSuid(pCtg, pMeta->suid, stbName));
if (0 == stbName[0]) {
if (req->onlyCache) {
res->notExists = true;
return TSDB_CODE_SUCCESS;
}
CTG_ERR_RET(catalogRefreshTableMeta(pCtg, req->pConn, &req->pRawReq->tbName, 0));
}
*/
}
_return:
taosMemoryFree(pMeta);
CTG_RET(code);
}
int32_t ctgChkSetAuthRes(SCatalog *pCtg, SCtgAuthReq *req, SCtgAuthRsp* res) {
int32_t code = 0;
SUserAuthInfo* pReq = req->pRawReq;
SUserAuthRes* pRes = res->pRawRes;
SGetUserAuthRsp *pInfo = &req->authInfo;
pRes->pass = false;
pRes->pCond = NULL;
if (!pInfo->enable) {
pRes->pass = false;
return TSDB_CODE_SUCCESS;
}
if (pInfo->superAuth) {
pRes->pass = true;
return TSDB_CODE_SUCCESS;
}
char dbFName[TSDB_DB_FNAME_LEN];
tNameGetFullDbName(&pReq->tbName, dbFName);
if (pInfo->createdDbs && taosHashGet(pInfo->createdDbs, dbFName, strlen(dbFName))) {
pRes->pass = true;
return TSDB_CODE_SUCCESS;
}
switch (pReq->type) {
case AUTH_TYPE_READ: {
if (pInfo->readDbs && taosHashGet(pInfo->readDbs, dbFName, strlen(dbFName))) {
pRes->pass = true;
return TSDB_CODE_SUCCESS;
}
if (pInfo->readTbs && taosHashGetSize(pInfo->readTbs) > 0) {
req->singleType = AUTH_TYPE_READ;
CTG_RET(ctgChkSetTbAuthRes(pCtg, req, res));
}
break;
}
case AUTH_TYPE_WRITE: {
if (pInfo->writeDbs && taosHashGet(pInfo->writeDbs, dbFName, strlen(dbFName))) {
pRes->pass = true;
return TSDB_CODE_SUCCESS;
}
if (pInfo->writeTbs && taosHashGetSize(pInfo->writeTbs) > 0) {
req->singleType = AUTH_TYPE_WRITE;
CTG_RET(ctgChkSetTbAuthRes(pCtg, req, res));
}
break;
}
case AUTH_TYPE_READ_OR_WRITE: {
if ((pInfo->readDbs && taosHashGet(pInfo->readDbs, dbFName, strlen(dbFName))) ||
(pInfo->writeDbs && taosHashGet(pInfo->writeDbs, dbFName, strlen(dbFName)))){
pRes->pass = true;
return TSDB_CODE_SUCCESS;
}
break;
}
default:
break;
}
return TSDB_CODE_SUCCESS;
}
#if 0 #if 0
static int32_t ctgCloneMetaDataArray(SArray* pSrc, __array_item_dup_fn_t copyFunc, SArray** pDst) { static int32_t ctgCloneMetaDataArray(SArray* pSrc, __array_item_dup_fn_t copyFunc, SArray** pDst) {
if (NULL == pSrc) { if (NULL == pSrc) {

18
source/libs/catalog/test/catalogTests.cpp
View File

@ -2800,15 +2800,19 @@ TEST(apiTest, catalogChkAuth_test) {
code = catalogGetHandle(ctgTestClusterId, &pCtg); code = catalogGetHandle(ctgTestClusterId, &pCtg);
ASSERT_EQ(code, 0); ASSERT_EQ(code, 0);
bool pass = false; SUserAuthInfo authInfo = {0};
SUserAuthRes authRes = {0};
strcpy(authInfo.user, ctgTestUsername);
toName(1, ctgTestDbname, ctgTestSTablename, &authInfo.tbName);
authInfo.type = AUTH_TYPE_READ;
bool exists = false; bool exists = false;
code = catalogChkAuthFromCache(pCtg, ctgTestUsername, ctgTestDbname, AUTH_TYPE_READ, &pass, &exists); code = catalogChkAuthFromCache(pCtg, &authInfo, &authRes, &exists);
ASSERT_EQ(code, 0); ASSERT_EQ(code, 0);
ASSERT_EQ(exists, false); ASSERT_EQ(exists, false);
code = catalogChkAuth(pCtg, mockPointer, ctgTestUsername, ctgTestDbname, AUTH_TYPE_READ, &pass); code = catalogChkAuth(pCtg, mockPointer, &authInfo, &authRes);
ASSERT_EQ(code, 0); ASSERT_EQ(code, 0);
ASSERT_EQ(pass, true); ASSERT_EQ(authRes.pass, true);
while (true) { while (true) {
uint64_t n = 0; uint64_t n = 0;
@ -2820,9 +2824,9 @@ TEST(apiTest, catalogChkAuth_test) {
} }
} }
code = catalogChkAuthFromCache(pCtg, ctgTestUsername, ctgTestDbname, AUTH_TYPE_READ, &pass, &exists); code = catalogChkAuthFromCache(pCtg, &authInfo, &authRes, &exists);
ASSERT_EQ(code, 0); ASSERT_EQ(code, 0);
ASSERT_EQ(pass, true); ASSERT_EQ(authRes.pass, true);
ASSERT_EQ(exists, true); ASSERT_EQ(exists, true);
catalogDestroy(); catalogDestroy();

5
source/libs/parser/src/parAuthenticator.c
View File

@ -44,7 +44,10 @@ static int32_t checkAuth(SAuthCxt* pCxt, const char* pDbName, AUTH_TYPE type) {
.requestObjRefId = pParseCxt->requestRid, .requestObjRefId = pParseCxt->requestRid,
.mgmtEps = pParseCxt->mgmtEpSet}; .mgmtEps = pParseCxt->mgmtEpSet};
code = catalogChkAuth(pParseCxt->pCatalog, &conn, pParseCxt->pUser, dbFname, type, &pass); SUserAuthInfo authInfo = {0};
SUserAuthRes authRes = {0};
//code = catalogChkAuth(pParseCxt->pCatalog, &conn, pParseCxt->pUser, dbFname, type, &pass);
code = catalogChkAuth(pParseCxt->pCatalog, &conn, &authInfo, &authRes);
} }
return TSDB_CODE_SUCCESS == code ? (pass ? TSDB_CODE_SUCCESS : TSDB_CODE_PAR_PERMISSION_DENIED) : code; return TSDB_CODE_SUCCESS == code ? (pass ? TSDB_CODE_SUCCESS : TSDB_CODE_PAR_PERMISSION_DENIED) : code;
} }

13
source/libs/parser/src/parInsertSql.c
View File

@ -729,13 +729,20 @@ static int32_t checkAuth(SParseContext* pCxt, SName* pTbName, bool* pMissCache)
bool pass = true; bool pass = true;
bool exists = true; bool exists = true;
if (pCxt->async) { if (pCxt->async) {
code = catalogChkAuthFromCache(pCxt->pCatalog, pCxt->pUser, dbFName, AUTH_TYPE_WRITE, &pass, &exists); SUserAuthInfo authInfo = {0};
SUserAuthRes authRes = {0};
// code = catalogChkAuthFromCache(pCxt->pCatalog, pCxt->pUser, dbFName, AUTH_TYPE_WRITE, &pass, &exists);
code = catalogChkAuthFromCache(pCxt->pCatalog, &authInfo, &authRes, &exists);
} else { } else {
SRequestConnInfo conn = {.pTrans = pCxt->pTransporter, SRequestConnInfo conn = {.pTrans = pCxt->pTransporter,
.requestId = pCxt->requestId, .requestId = pCxt->requestId,
.requestObjRefId = pCxt->requestRid, .requestObjRefId = pCxt->requestRid,
.mgmtEps = pCxt->mgmtEpSet}; .mgmtEps = pCxt->mgmtEpSet};
code = catalogChkAuth(pCxt->pCatalog, &conn, pCxt->pUser, dbFName, AUTH_TYPE_WRITE, &pass); SUserAuthInfo authInfo = {0};
SUserAuthRes authRes = {0};
//code = catalogChkAuth(pCxt->pCatalog, &conn, pCxt->pUser, dbFName, AUTH_TYPE_WRITE, &pass);
code = catalogChkAuth(pCxt->pCatalog, &conn, &authInfo, &authRes);
} }
if (TSDB_CODE_SUCCESS == code) { if (TSDB_CODE_SUCCESS == code) {
if (!exists) { if (!exists) {
@ -1901,7 +1908,7 @@ static int32_t buildInsertUserAuthReq(const char* pUser, SName* pName, SArray**
SUserAuthInfo userAuth = {.type = AUTH_TYPE_WRITE}; SUserAuthInfo userAuth = {.type = AUTH_TYPE_WRITE};
snprintf(userAuth.user, sizeof(userAuth.user), "%s", pUser); snprintf(userAuth.user, sizeof(userAuth.user), "%s", pUser);
tNameGetFullDbName(pName, userAuth.dbFName); //tNameGetFullDbName(pName, userAuth.dbFName);
taosArrayPush(*pUserAuth, &userAuth); taosArrayPush(*pUserAuth, &userAuth);
return TSDB_CODE_SUCCESS; return TSDB_CODE_SUCCESS;

5
source/libs/parser/src/parUtil.c
View File

@ -509,7 +509,7 @@ static void stringToUserAuth(const char* pStr, int32_t len, SUserAuthInfo* pUser
strncpy(pUserAuth->user, pStr, p1 - pStr); strncpy(pUserAuth->user, pStr, p1 - pStr);
++p1; ++p1;
char* p2 = strchr(p1, '*'); char* p2 = strchr(p1, '*');
strncpy(pUserAuth->dbFName, p1, p2 - p1); //strncpy(pUserAuth->dbFName, p1, p2 - p1);
++p2; ++p2;
char buf[10] = {0}; char buf[10] = {0};
strncpy(buf, p2, len - (p2 - pStr)); strncpy(buf, p2, len - (p2 - pStr));
@ -712,7 +712,8 @@ static int32_t putUserAuthToCache(const SArray* pUserAuthReq, const SArray* pUse
for (int32_t i = 0; i < nvgs; ++i) { for (int32_t i = 0; i < nvgs; ++i) {
SUserAuthInfo* pUser = taosArrayGet(pUserAuthReq, i); SUserAuthInfo* pUser = taosArrayGet(pUserAuthReq, i);
char key[USER_AUTH_KEY_MAX_LEN] = {0}; char key[USER_AUTH_KEY_MAX_LEN] = {0};
int32_t len = userAuthToStringExt(pUser->user, pUser->dbFName, pUser->type, key); //int32_t len = userAuthToStringExt(pUser->user, pUser->dbFName, pUser->type, key);
int32_t len = 0;
if (TSDB_CODE_SUCCESS != putMetaDataToHash(key, len, pUserAuthData, i, pUserAuth)) { if (TSDB_CODE_SUCCESS != putMetaDataToHash(key, len, pUserAuthData, i, pUserAuth)) {
return TSDB_CODE_OUT_OF_MEMORY; return TSDB_CODE_OUT_OF_MEMORY;
} }

10
source/libs/parser/test/mockCatalog.cpp
View File

@ -279,15 +279,13 @@ int32_t __catalogGetDBCfg(SCatalog* pCtg, SRequestConnInfo* pConn, const char* d
return g_mockCatalogService->catalogGetDBCfg(dbFName, pDbCfg); return g_mockCatalogService->catalogGetDBCfg(dbFName, pDbCfg);
} }
int32_t __catalogChkAuth(SCatalog* pCtg, SRequestConnInfo* pConn, const char* user, const char* dbFName, AUTH_TYPE type, int32_t __catalogChkAuth(SCatalog* pCtg, SRequestConnInfo* pConn, SUserAuthInfo *pAuth, SUserAuthRes* pRes) {
bool* pass) { pRes->pass = true;
*pass = true;
return 0; return 0;
} }
int32_t __catalogChkAuthFromCache(SCatalog* pCtg, const char* user, const char* dbFName, AUTH_TYPE type, bool* pass, int32_t __catalogChkAuthFromCache(SCatalog* pCtg, SUserAuthInfo *pAuth, SUserAuthRes* pRes, bool* exists) {
bool* exists) { pRes->pass = true;
*pass = true;
*exists = true; *exists = true;
return 0; return 0;
} }