diff --git a/source/common/src/systable.c b/source/common/src/systable.c index 1aa84191ec..4cf4baa60f 100644 --- a/source/common/src/systable.c +++ b/source/common/src/systable.c @@ -221,6 +221,7 @@ static const SSysDbTableSchema userUsersSchema[] = { {.name = "enable", .bytes = 1, .type = TSDB_DATA_TYPE_TINYINT, .sysInfo = false}, {.name = "sysinfo", .bytes = 1, .type = TSDB_DATA_TYPE_TINYINT, .sysInfo = false}, {.name = "create_time", .bytes = 8, .type = TSDB_DATA_TYPE_TIMESTAMP, .sysInfo = false}, + {.name = "host", .bytes = TSDB_PRIVILEDGE_HOST_LEN + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR, .sysInfo = false}, }; GRANTS_SCHEMA; @@ -309,7 +310,6 @@ static const SSysDbTableSchema userUserPrivilegesSchema[] = { {.name = "db_name", .bytes = TSDB_DB_NAME_LEN + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR, .sysInfo = false}, {.name = "table_name", .bytes = TSDB_TABLE_NAME_LEN + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR, .sysInfo = false}, {.name = "condition", .bytes = TSDB_PRIVILEDGE_CONDITION_LEN + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR, .sysInfo = false}, - {.name = "host", .bytes = TSDB_PRIVILEDGE_HOST_LEN + VARSTR_HEADER_SIZE, .type = TSDB_DATA_TYPE_VARCHAR, .sysInfo = false}, }; static const SSysTableMeta infosMeta[] = { diff --git a/source/dnode/mnode/impl/src/mndUser.c b/source/dnode/mnode/impl/src/mndUser.c index 0b73d1b2d6..fe39b8636f 100644 --- a/source/dnode/mnode/impl/src/mndUser.c +++ b/source/dnode/mnode/impl/src/mndUser.c @@ -14,6 +14,8 @@ */ #define _DEFAULT_SOURCE +// clang-format off +#include #include "mndUser.h" #include "audit.h" #include "mndDb.h" @@ -24,6 +26,8 @@ #include "mndTrans.h" #include "tbase64.h" +// clang-format on + #define USER_VER_NUMBER 5 #define USER_RESERVE_SIZE 64 @@ -69,27 +73,30 @@ int32_t mndInitUser(SMnode *pMnode) { void mndCleanupUser(SMnode *pMnode) {} static void ipRangeToStr(SIpV4Range *range, char *buf) { - char ipstr[24] = {0}; - tinet_ntoa(ipstr, range->ip); + struct in_addr addr; + addr.s_addr = range->ip; - if (range->mask == 0) { - sprintf(buf, "%s", ipstr); - } else { - sprintf(buf, "%s/%d", ipstr, range->mask); + uv_inet_ntop(AF_INET, &addr, buf, 32); + if (range->mask != 0) { + sprintf(buf + strlen(buf), "/%d", range->mask); } + return; } static void ipRangeListToStr(SIpV4Range *range, int32_t num, char *buf) { int32_t len = 0; for (int i = 0; i < num; i++) { - char tbuf[24] = {0}; + char tbuf[36] = {0}; ipRangeToStr(&range[i], tbuf); - len = sprintf(buf + len, "%s,", tbuf); + len += sprintf(buf + len, "%s,", tbuf); } - buf[len - 1] = 0; + if (len > 0) buf[len - 1] = 0; } int32_t convertIpWhiteListToStr(SIpWhiteList *pList, char **buf) { - *buf = taosMemoryCalloc(1, pList->num * (sizeof(SIpV4Range) + 1)); - + if (pList->num == 0) { + *buf = NULL; + return 0; + } + *buf = taosMemoryCalloc(1, pList->num * 36 + 4); ipRangeListToStr(pList->pIpRange, pList->num, *buf); return strlen(*buf); } @@ -145,48 +152,16 @@ SIpWhiteList *createIpWhiteList(void *buf, int32_t len) { return p; } -int32_t ipRangeListCvtIp2Int(char *ip, int16_t *dest) { - int k = 0; - char *start = ip; - char *end = start; - - for (k = 0; *start != 0; start = end) { - for (end = start; *end != '.' && *end != '/' && *end != 0; end++) { - } - if (*end == '.' || *end == '/') { - *end = 0; - end++; - } - dest[k++] = atoi(start); - } - return k; -} -uint32_t util_cvtIp2Int(char *ip, uint32_t *mask) { - int16_t dst[5] = {0}; - char buf[20] = {0}; - memcpy(buf, ip, strlen(ip)); - int32_t sz = ipRangeListCvtIp2Int(buf, dst); - uint32_t ret = 0; - - for (int i = 0; i < 4; i++) { - uint8_t n = dst[i]; - ret |= (n & 0xFF) << 8 * (4 - i - 1); - } - if (sz >= 5) { - *mask = dst[4]; - } else { - *mask = 0; - } - return ret; -} static SIpWhiteList *createDefaultIpWhiteList() { SIpWhiteList *pWhiteList = taosMemoryCalloc(1, sizeof(SIpWhiteList) + sizeof(SIpV4Range) * 1); pWhiteList->num = 1; - // pWhiteList->pIpRange = - SIpV4Range *range = &(pWhiteList->pIpRange[0]); - range->ip = util_cvtIp2Int("127.0.0.1", &range->mask); // refactor later + struct in_addr addr; + if (uv_inet_pton(AF_INET, "127.0.0.1", &addr) == 0) { + range->ip = addr.s_addr; + range->mask = 0; + } return pWhiteList; } static bool isRangeInIpWhiteList(SIpWhiteList *pList, SIpV4Range *tgt) { @@ -208,6 +183,7 @@ static int32_t mndCreateDefaultUser(SMnode *pMnode, char *acct, char *user, char userObj.updateTime = userObj.createdTime; userObj.sysInfo = 1; userObj.enable = 1; + userObj.pIpWhiteList = createDefaultIpWhiteList(); if (strcmp(user, TSDB_DEFAULT_USER) == 0) { userObj.superUser = 1; @@ -255,6 +231,8 @@ static int32_t mndCreateDefaultUsers(SMnode *pMnode) { SSdbRaw *mndUserActionEncode(SUserObj *pUser) { terrno = TSDB_CODE_OUT_OF_MEMORY; + int32_t ipWhiteReserve = + pUser->pIpWhiteList ? (sizeof(SIpV4Range) * pUser->pIpWhiteList->num + sizeof(SIpWhiteList) + 4) : 4; int32_t numOfReadDbs = taosHashGetSize(pUser->readDbs); int32_t numOfWriteDbs = taosHashGetSize(pUser->writeDbs); int32_t numOfReadStbs = taosHashGetSize(pUser->readTbs); @@ -262,7 +240,8 @@ SSdbRaw *mndUserActionEncode(SUserObj *pUser) { int32_t numOfTopics = taosHashGetSize(pUser->topics); int32_t numOfUseDbs = taosHashGetSize(pUser->useDbs); int32_t size = sizeof(SUserObj) + USER_RESERVE_SIZE + - (numOfReadDbs + numOfWriteDbs + numOfUseDbs) * TSDB_DB_FNAME_LEN + numOfTopics * TSDB_TOPIC_FNAME_LEN; + (numOfReadDbs + numOfWriteDbs + numOfUseDbs) * TSDB_DB_FNAME_LEN + numOfTopics * TSDB_TOPIC_FNAME_LEN + + ipWhiteReserve; char *stb = taosHashIterate(pUser->readTbs, NULL); while (stb != NULL) { @@ -374,7 +353,7 @@ SSdbRaw *mndUserActionEncode(SUserObj *pUser) { // save white list int32_t num = pUser->pIpWhiteList->num; - int32_t tlen = sizeof(SIpWhiteList) + num * sizeof(SIpV4Range); + int32_t tlen = sizeof(SIpWhiteList) + num * sizeof(SIpV4Range) + 4; char *buf = taosMemoryCalloc(1, tlen); int32_t len = tSerializeIpWhiteList(buf, tlen, pUser->pIpWhiteList); @@ -704,6 +683,12 @@ static int32_t mndUserActionUpdate(SSdb *pSdb, SUserObj *pOld, SUserObj *pNew) { TSWAP(pOld->readTbs, pNew->readTbs); TSWAP(pOld->writeTbs, pNew->writeTbs); TSWAP(pOld->useDbs, pNew->useDbs); + + int32_t sz = pNew->pIpWhiteList->num * sizeof(SIpV4Range) + sizeof(SIpWhiteList); + char *pWhiteList = taosMemoryCalloc(1, sz); + pOld->pIpWhiteList = taosMemoryRealloc(pOld->pIpWhiteList, sz); + memcpy(pOld->pIpWhiteList, pNew->pIpWhiteList, sz); + taosWUnLockLatch(&pOld->lock); return 0; @@ -1229,23 +1214,29 @@ static int32_t mndProcessAlterUserReq(SRpcMsg *pReq) { continue; } } - pNew->num = idx + 1; + pNew->num = idx; newUser.pIpWhiteList = pNew; } if (alterReq.alterType == TSDB_ALTER_USER_DROP_WHITE_LIST) { int32_t num = pUser->pIpWhiteList->num; SIpWhiteList *pNew = taosMemoryCalloc(1, sizeof(SIpWhiteList) + sizeof(SIpV4Range) * num); - int idx = 0; - for (int i = 0; i < alterReq.numIpRanges; i++) { - SIpV4Range *range = &(alterReq.pIpRanges[i]); - if (!isRangeInIpWhiteList(pUser->pIpWhiteList, range)) { - // already exist, just ignore; - memcpy(&pNew->pIpRange[idx], &pUser->pIpWhiteList->pIpRange[i], sizeof(SIpV4Range)); - idx++; + if (pUser->pIpWhiteList->num > 0) { + int idx = 0; + for (int i = 0; i < alterReq.numIpRanges; i++) { + SIpV4Range *range = &(alterReq.pIpRanges[i]); + if (!isRangeInIpWhiteList(pUser->pIpWhiteList, range)) { + // already exist, just ignore; + memcpy(&pNew->pIpRange[idx], &pUser->pIpWhiteList->pIpRange[i], sizeof(SIpV4Range)); + idx++; + } } + pNew->num = idx; + newUser.pIpWhiteList = pNew; + } else { + pNew->num = 0; + newUser.pIpWhiteList = pNew; } - pNew->num = idx + 1; } code = mndAlterUser(pMnode, pUser, &newUser, pReq); @@ -1449,19 +1440,24 @@ static int32_t mndRetrieveUsers(SRpcMsg *pReq, SShowObj *pShow, SSDataBlock *pBl pColInfo = taosArrayGet(pBlock->pDataBlock, cols); colDataSetVal(pColInfo, numOfRows, (const char *)&pUser->createdTime, false); + cols++; + char *buf = NULL; int32_t tlen = convertIpWhiteListToStr(pUser->pIpWhiteList, &buf); + if (tlen != 0) { + char *varstr = taosMemoryCalloc(1, VARSTR_HEADER_SIZE + tlen); + varDataSetLen(varstr, tlen); + memcpy(varDataVal(varstr), buf, tlen); - char *varstr = taosMemoryCalloc(1, VARSTR_HEADER_SIZE + tlen); - varDataSetLen(varstr, tlen); - memcpy(varDataVal(varstr), buf, tlen); + pColInfo = taosArrayGet(pBlock->pDataBlock, cols); + colDataSetVal(pColInfo, numOfRows, (const char *)varstr, false); - cols++; - pColInfo = taosArrayGet(pBlock->pDataBlock, cols); - colDataSetVal(pColInfo, numOfRows, (const char *)buf, false); - - taosMemoryFree(varstr); - taosMemoryFree(buf); + taosMemoryFree(varstr); + taosMemoryFree(buf); + } else { + pColInfo = taosArrayGet(pBlock->pDataBlock, cols); + colDataSetVal(pColInfo, numOfRows, (const char *)NULL, true); + } numOfRows++; sdbRelease(pSdb, pUser); diff --git a/source/libs/parser/src/parAstCreater.c b/source/libs/parser/src/parAstCreater.c index 2a3235b4f5..27fec4cf10 100644 --- a/source/libs/parser/src/parAstCreater.c +++ b/source/libs/parser/src/parAstCreater.c @@ -13,8 +13,8 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -#include #include +#include #include "parAst.h" #include "parUtil.h" @@ -1655,8 +1655,8 @@ SNode* createShowTableTagsStmt(SAstCreateContext* pCxt, SNode* pTbName, SNode* p static int32_t getIpV4RangeFromWhitelistItem(char* ipRange, SIpV4Range* pIpRange) { int32_t code = TSDB_CODE_SUCCESS; - char* ipCopy = taosStrdup(ipRange); - char* slash = strchr(ipCopy, '/'); + char* ipCopy = taosStrdup(ipRange); + char* slash = strchr(ipCopy, '/'); if (slash) { *slash = '\0'; struct in_addr addr; @@ -1664,11 +1664,9 @@ static int32_t getIpV4RangeFromWhitelistItem(char* ipRange, SIpV4Range* pIpRange int prefix = atoi(slash + 1); if (prefix < 0 || prefix > 32) { code = TSDB_CODE_PAR_INVALID_IP_RANGE; - } else { + } else { pIpRange->ip = addr.s_addr; - uint32_t mask = (1 << (32 - prefix)) - 1; - mask = htonl(~mask); - pIpRange->mask = mask; + pIpRange->mask = prefix; code = TSDB_CODE_SUCCESS; } } else { @@ -1678,7 +1676,7 @@ static int32_t getIpV4RangeFromWhitelistItem(char* ipRange, SIpV4Range* pIpRange struct in_addr addr; if (uv_inet_pton(AF_INET, ipCopy, &addr) == 0) { pIpRange->ip = addr.s_addr; - pIpRange->mask = 0xFFFFFFFF; + pIpRange->mask = 0; code = TSDB_CODE_SUCCESS; } else { code = TSDB_CODE_PAR_INVALID_IP_RANGE; @@ -1686,7 +1684,7 @@ static int32_t getIpV4RangeFromWhitelistItem(char* ipRange, SIpV4Range* pIpRange } taosMemoryFreeClear(ipCopy); - return code; + return code; } static int32_t fillIpRangesFromWhiteList(SAstCreateContext* pCxt, SNodeList* pIpRangesNodeList, SIpV4Range* pIpRanges) { @@ -1758,7 +1756,7 @@ SNode* createAlterUserStmt(SAstCreateContext* pCxt, SToken* pUserName, int8_t al pStmt->alterType = alterType; switch (alterType) { case TSDB_ALTER_USER_PASSWD: { - char password[TSDB_USET_PASSWORD_LEN] = {0}; + char password[TSDB_USET_PASSWORD_LEN] = {0}; SToken* pVal = pAlterInfo; if (!checkPassword(pCxt, pVal, password)) { nodesDestroyNode((SNode*)pStmt); @@ -1777,7 +1775,7 @@ SNode* createAlterUserStmt(SAstCreateContext* pCxt, SToken* pUserName, int8_t al pStmt->sysinfo = taosStr2Int8(pVal->z, NULL, 10); break; } - case TSDB_ALTER_USER_ADD_WHITE_LIST: + case TSDB_ALTER_USER_ADD_WHITE_LIST: case TSDB_ALTER_USER_DROP_WHITE_LIST: { SNodeList* pIpRangesNodeList = pAlterInfo; pStmt->pNodeListIpRanges = pIpRangesNodeList;