diff --git a/source/dnode/mgmt/node_util/src/dmFile.c b/source/dnode/mgmt/node_util/src/dmFile.c index 2185adc18b..9ec17a18b5 100644 --- a/source/dnode/mgmt/node_util/src/dmFile.c +++ b/source/dnode/mgmt/node_util/src/dmFile.c @@ -133,10 +133,10 @@ TdFilePtr dmCheckRunning(const char *dataDir) { ret = taosLockFile(pFile); if (ret == 0) break; terrno = TAOS_SYSTEM_ERROR(errno); - taosMsleep(100); + taosMsleep(1000); retryTimes++; dError("failed to lock file:%s since %s, retryTimes:%d", filepath, terrstr(), retryTimes); - } while (retryTimes < 120); + } while (retryTimes < 12); if (ret < 0) { terrno = TAOS_SYSTEM_ERROR(errno); diff --git a/source/dnode/mnode/impl/inc/mndAuth.h b/source/dnode/mnode/impl/inc/mndAuth.h index 45841ca367..9af4792665 100644 --- a/source/dnode/mnode/impl/inc/mndAuth.h +++ b/source/dnode/mnode/impl/inc/mndAuth.h @@ -23,7 +23,8 @@ extern "C" { #endif typedef enum { - MND_OPER_CREATE_USER = 1, + MND_OPER_CONNECT = 1, + MND_OPER_CREATE_USER, MND_OPER_DROP_USER, MND_OPER_ALTER_USER, MND_OPER_CREATE_BNODE, diff --git a/source/dnode/mnode/impl/src/mndAuth.c b/source/dnode/mnode/impl/src/mndAuth.c index d47fb9dfb4..4445e3b9f7 100644 --- a/source/dnode/mnode/impl/src/mndAuth.c +++ b/source/dnode/mnode/impl/src/mndAuth.c @@ -93,8 +93,13 @@ int32_t mndCheckOperAuth(SMnode *pMnode, const char *user, EOperType operType) { goto _OVER; } - terrno = TSDB_CODE_MND_NO_RIGHTS; - code = -1; + switch (operType) { + case MND_OPER_CONNECT: + break; + default: + terrno = TSDB_CODE_MND_NO_RIGHTS; + code = -1; + } _OVER: mndReleaseUser(pMnode, pUser); @@ -102,7 +107,13 @@ _OVER: } int32_t mndCheckAlterUserAuth(SUserObj *pOperUser, SUserObj *pUser, SAlterUserReq *pAlter) { + if (pUser->superUser && pAlter->alterType != TSDB_ALTER_USER_PASSWD) { + terrno = TSDB_CODE_MND_NO_RIGHTS; + return -1; + } + if (pOperUser->superUser) return 0; + if (!pOperUser->enable) { terrno = TSDB_CODE_MND_USER_DISABLED; return -1; diff --git a/source/dnode/mnode/impl/src/mndMain.c b/source/dnode/mnode/impl/src/mndMain.c index 000e1041d0..d07de7c048 100644 --- a/source/dnode/mnode/impl/src/mndMain.c +++ b/source/dnode/mnode/impl/src/mndMain.c @@ -529,16 +529,20 @@ static int32_t mndCheckMnodeState(SRpcMsg *pMsg) { if (!IsReq(pMsg)) return 0; if (mndAcquireRpcRef(pMsg->info.node) == 0) return 0; if (pMsg->msgType == TDMT_MND_MQ_TIMER || pMsg->msgType == TDMT_MND_TELEM_TIMER || - pMsg->msgType == TDMT_MND_TRANS_TIMER || TDMT_MND_TTL_TIMER) { + pMsg->msgType == TDMT_MND_TRANS_TIMER || pMsg->msgType == TDMT_MND_TTL_TIMER) { return -1; } - const STraceId *trace = &pMsg->info.traceId; - mError("msg:%p, failed to check mnode state since %s, type:%s", pMsg, terrstr(), TMSG_INFO(pMsg->msgType)); - SEpSet epSet = {0}; mndGetMnodeEpSet(pMsg->info.node, &epSet); + const STraceId *trace = &pMsg->info.traceId; + mError("msg:%p, failed to check mnode state since %s, type:%s, numOfMnodes:%d inUse:%d", pMsg, terrstr(), + TMSG_INFO(pMsg->msgType), epSet.numOfEps, epSet.inUse); + for (int32_t i = 0; i < epSet.numOfEps; ++i) { + mInfo("mnode index:%d, ep:%s:%u", i, epSet.eps[i].fqdn, epSet.eps[i].port); + } + int32_t contLen = tSerializeSEpSet(NULL, 0, &epSet); pMsg->info.rsp = rpcMallocCont(contLen); if (pMsg->info.rsp != NULL) { @@ -555,10 +559,10 @@ static int32_t mndCheckMnodeState(SRpcMsg *pMsg) { static int32_t mndCheckMsgContent(SRpcMsg *pMsg) { if (!IsReq(pMsg)) return 0; if (pMsg->contLen != 0 && pMsg->pCont != NULL) return 0; - + const STraceId *trace = &pMsg->info.traceId; mGError("msg:%p, failed to check msg, cont:%p contLen:%d, app:%p type:%s", pMsg, pMsg->pCont, pMsg->contLen, - pMsg->info.ahandle, TMSG_INFO(pMsg->msgType)); + pMsg->info.ahandle, TMSG_INFO(pMsg->msgType)); terrno = TSDB_CODE_INVALID_MSG_LEN; return -1; } @@ -723,7 +727,7 @@ int32_t mndGetMonitorInfo(SMnode *pMnode, SMonClusterInfo *pClusterInfo, SMonVgr pIter = sdbFetch(pSdb, SDB_STB, pIter, (void **)&pStb); if (pIter == NULL) break; - SMonStbDesc desc = {0}; + SMonStbDesc desc = {0}; SName name1 = {0}; tNameFromString(&name1, pStb->db, T_NAME_ACCT | T_NAME_DB | T_NAME_TABLE); diff --git a/source/dnode/mnode/impl/src/mndProfile.c b/source/dnode/mnode/impl/src/mndProfile.c index acbbf993fd..e9df4ae1d0 100644 --- a/source/dnode/mnode/impl/src/mndProfile.c +++ b/source/dnode/mnode/impl/src/mndProfile.c @@ -15,6 +15,7 @@ #define _DEFAULT_SOURCE #include "mndProfile.h" +#include "mndAuth.h" #include "mndDb.h" #include "mndDnode.h" #include "mndMnode.h" @@ -217,36 +218,42 @@ static int32_t mndProcessConnectReq(SRpcMsg *pReq) { SConnObj *pConn = NULL; int32_t code = -1; SConnectReq connReq = {0}; - char ip[30] = {0}; + char ip[24] = {0}; const STraceId *trace = &pReq->info.traceId; if (tDeserializeSConnectReq(pReq->pCont, pReq->contLen, &connReq) != 0) { terrno = TSDB_CODE_INVALID_MSG; - goto CONN_OVER; + goto _OVER; } taosIp2String(pReq->info.conn.clientIp, ip); pUser = mndAcquireUser(pMnode, pReq->info.conn.user); if (pUser == NULL) { - mGError("user:%s, failed to login while acquire user since %s", pReq->info.conn.user, terrstr()); - goto CONN_OVER; + mGError("user:%s, failed to login from %s while acquire user since %s", pReq->info.conn.user, ip, terrstr()); + goto _OVER; } - if (0 != strncmp(connReq.passwd, pUser->pass, TSDB_PASSWORD_LEN - 1)) { - mGError("user:%s, failed to auth while acquire user, input:%s", pReq->info.conn.user, connReq.passwd); + + if (strncmp(connReq.passwd, pUser->pass, TSDB_PASSWORD_LEN - 1) != 0) { + mGError("user:%s, failed to login from %s since invalid pass, input:%s", pReq->info.conn.user, ip, connReq.passwd); code = TSDB_CODE_RPC_AUTH_FAILURE; - goto CONN_OVER; + goto _OVER; + } + + if (mndCheckOperAuth(pMnode, pReq->info.conn.user, MND_OPER_CONNECT) != 0) { + mGError("user:%s, failed to login from %s since %s", pReq->info.conn.user, ip, terrstr()); + goto _OVER; } if (connReq.db[0]) { - char db[TSDB_DB_FNAME_LEN]; + char db[TSDB_DB_FNAME_LEN] = {0}; snprintf(db, TSDB_DB_FNAME_LEN, "%d%s%s", pUser->acctId, TS_PATH_DELIMITER, connReq.db); pDb = mndAcquireDb(pMnode, db); if (pDb == NULL) { terrno = TSDB_CODE_MND_INVALID_DB; mGError("user:%s, failed to login from %s while use db:%s since %s", pReq->info.conn.user, ip, connReq.db, terrstr()); - goto CONN_OVER; + goto _OVER; } } @@ -254,7 +261,7 @@ static int32_t mndProcessConnectReq(SRpcMsg *pReq) { pReq->info.conn.clientPort, connReq.pid, connReq.app, connReq.startTime); if (pConn == NULL) { mGError("user:%s, failed to login from %s while create connection since %s", pReq->info.conn.user, ip, terrstr()); - goto CONN_OVER; + goto _OVER; } SConnectRsp connectRsp = {0}; @@ -271,9 +278,9 @@ static int32_t mndProcessConnectReq(SRpcMsg *pReq) { mndGetMnodeEpSet(pMnode, &connectRsp.epSet); int32_t contLen = tSerializeSConnectRsp(NULL, 0, &connectRsp); - if (contLen < 0) goto CONN_OVER; + if (contLen < 0) goto _OVER; void *pRsp = rpcMallocCont(contLen); - if (pRsp == NULL) goto CONN_OVER; + if (pRsp == NULL) goto _OVER; tSerializeSConnectRsp(pRsp, contLen, &connectRsp); pReq->info.rspLen = contLen; @@ -283,7 +290,7 @@ static int32_t mndProcessConnectReq(SRpcMsg *pReq) { code = 0; -CONN_OVER: +_OVER: mndReleaseUser(pMnode, pUser); mndReleaseDb(pMnode, pDb); diff --git a/source/dnode/mnode/impl/src/mndUser.c b/source/dnode/mnode/impl/src/mndUser.c index eb0a818a60..03c9647bfe 100644 --- a/source/dnode/mnode/impl/src/mndUser.c +++ b/source/dnode/mnode/impl/src/mndUser.c @@ -295,7 +295,7 @@ static int32_t mndCreateUser(SMnode *pMnode, char *acct, SCreateUserReq *pCreate tstrncpy(userObj.acct, acct, TSDB_USER_LEN); userObj.createdTime = taosGetTimestampMs(); userObj.updateTime = userObj.createdTime; - userObj.superUser = pCreate->superUser; + userObj.superUser = 0;//pCreate->superUser; userObj.sysInfo = pCreate->sysInfo; userObj.enable = pCreate->enable; diff --git a/source/dnode/mnode/impl/test/user/user.cpp b/source/dnode/mnode/impl/test/user/user.cpp index 6aa28a9007..3b1a5fa3c5 100644 --- a/source/dnode/mnode/impl/test/user/user.cpp +++ b/source/dnode/mnode/impl/test/user/user.cpp @@ -33,6 +33,8 @@ TEST_F(MndTestUser, 01_Show_User) { TEST_F(MndTestUser, 02_Create_User) { { SCreateUserReq createReq = {0}; + createReq.enable = 1; + createReq.sysInfo = 1; strcpy(createReq.user, ""); strcpy(createReq.pass, "p1"); @@ -47,6 +49,8 @@ TEST_F(MndTestUser, 02_Create_User) { { SCreateUserReq createReq = {0}; + createReq.enable = 1; + createReq.sysInfo = 1; strcpy(createReq.user, "u1"); strcpy(createReq.pass, ""); @@ -61,6 +65,8 @@ TEST_F(MndTestUser, 02_Create_User) { { SCreateUserReq createReq = {0}; + createReq.enable = 1; + createReq.sysInfo = 1; strcpy(createReq.user, "root"); strcpy(createReq.pass, "1"); @@ -75,6 +81,8 @@ TEST_F(MndTestUser, 02_Create_User) { { SCreateUserReq createReq = {0}; + createReq.enable = 1; + createReq.sysInfo = 1; strcpy(createReq.user, "u1"); strcpy(createReq.pass, "p1"); @@ -108,9 +116,11 @@ TEST_F(MndTestUser, 02_Create_User) { { SCreateUserReq createReq = {0}; + createReq.enable = 1; + createReq.sysInfo = 1; strcpy(createReq.user, "u2"); strcpy(createReq.pass, "p1"); - createReq.superUser = 1; + createReq.superUser = 0; int32_t contLen = tSerializeSCreateUserReq(NULL, 0, &createReq); void* pReq = rpcMallocCont(contLen); @@ -144,9 +154,11 @@ TEST_F(MndTestUser, 02_Create_User) { TEST_F(MndTestUser, 03_Alter_User) { { SCreateUserReq createReq = {0}; + createReq.enable = 1; + createReq.sysInfo = 1; strcpy(createReq.user, "u3"); strcpy(createReq.pass, "p1"); - createReq.superUser = 1; + createReq.superUser = 0; int32_t contLen = tSerializeSCreateUserReq(NULL, 0, &createReq); void* pReq = rpcMallocCont(contLen); @@ -225,7 +237,7 @@ TEST_F(MndTestUser, 03_Alter_User) { alterReq.alterType = TSDB_ALTER_USER_SUPERUSER; strcpy(alterReq.user, "u3"); strcpy(alterReq.pass, "1"); - alterReq.superUser = 1; + alterReq.superUser = 0; int32_t contLen = tSerializeSAlterUserReq(NULL, 0, &alterReq); void* pReq = rpcMallocCont(contLen); @@ -361,7 +373,7 @@ TEST_F(MndTestUser, 03_Alter_User) { SGetUserAuthRsp authRsp = {0}; tDeserializeSGetUserAuthRsp(pRsp->pCont, pRsp->contLen, &authRsp); EXPECT_STREQ(authRsp.user, "u3"); - EXPECT_EQ(authRsp.superAuth, 1); + EXPECT_EQ(authRsp.superAuth, 0); int32_t numOfReadDbs = taosHashGetSize(authRsp.readDbs); int32_t numOfWriteDbs = taosHashGetSize(authRsp.writeDbs); EXPECT_EQ(numOfReadDbs, 1); @@ -436,6 +448,8 @@ TEST_F(MndTestUser, 05_Drop_User) { { SCreateUserReq createReq = {0}; + createReq.enable = 1; + createReq.sysInfo = 1; strcpy(createReq.user, "u1"); strcpy(createReq.pass, "p1"); @@ -468,6 +482,8 @@ TEST_F(MndTestUser, 05_Drop_User) { TEST_F(MndTestUser, 06_Create_Drop_Alter_User) { { SCreateUserReq createReq = {0}; + createReq.enable = 1; + createReq.sysInfo = 1; strcpy(createReq.user, "u1"); strcpy(createReq.pass, "p1"); @@ -482,6 +498,8 @@ TEST_F(MndTestUser, 06_Create_Drop_Alter_User) { { SCreateUserReq createReq = {0}; + createReq.enable = 1; + createReq.sysInfo = 1; strcpy(createReq.user, "u2"); strcpy(createReq.pass, "p2"); diff --git a/tests/script/jenkins/basic.txt b/tests/script/jenkins/basic.txt index a6c74f5d4d..a21da2c212 100644 --- a/tests/script/jenkins/basic.txt +++ b/tests/script/jenkins/basic.txt @@ -2,12 +2,10 @@ #======================b1-start=============== # ---- user -./test.sh -f tsim/user/basic1.sim -./test.sh -f tsim/user/pass_alter.sim -./test.sh -f tsim/user/pass_len.sim -./test.sh -f tsim/user/user_len.sim -./test.sh -f tsim/user/privilege1.sim -./test.sh -f tsim/user/privilege2.sim +./test.sh -f tsim/user/basic.sim +./test.sh -f tsim/user/password.sim +./test.sh -f tsim/user/privilege_db.sim +./test.sh -f tsim/user/privilege_sysinfo.sim ## ---- db ./test.sh -f tsim/db/create_all_options.sim @@ -135,7 +133,7 @@ ./test.sh -f tsim/stable/tag_filter.sim # --- for multi process mode -./test.sh -f tsim/user/basic1.sim -m +./test.sh -f tsim/user/basic.sim -m ./test.sh -f tsim/db/basic3.sim -m ./test.sh -f tsim/db/error1.sim -m ./test.sh -f tsim/insert/backquote.sim -m diff --git a/tests/script/tsim/user/basic.sim b/tests/script/tsim/user/basic.sim new file mode 100644 index 0000000000..85d5f8375e --- /dev/null +++ b/tests/script/tsim/user/basic.sim @@ -0,0 +1,157 @@ +system sh/stop_dnodes.sh +system sh/deploy.sh -n dnode1 -i 1 +system sh/exec.sh -n dnode1 -s start +sql connect + +print =============== step0 +sql show users +if $data(root)[1] != 1 then + return -1 +endi +if $data(root)[2] != 1 then + return -1 +endi +if $data(root)[3] != 1 then + return -1 +endi + +sql alter user root pass 'taosdata' + +sql_error ALTER USER root SYSINFO 0 +sql_error ALTER USER root SYSINFO 1 +sql_error ALTER USER root enable 0 +sql_error ALTER USER root enable 1 + +sql_error create database db vgroups 1; +sql_error GRANT read ON db.* to root; +sql_error GRANT read ON *.* to root; +sql_error REVOKE read ON db.* from root; +sql_error REVOKE read ON *.* from root; +sql_error GRANT write ON db.* to root; +sql_error GRANT write ON *.* to root; +sql_error REVOKE write ON db.* from root; +sql_error REVOKE write ON *.* from root; +sql_error REVOKE write ON *.* from root; + +sql_error GRANT all ON *.* to root; +sql_error REVOKE all ON *.* from root; +sql_error GRANT read,write ON *.* to root; +sql_error REVOKE read,write ON *.* from root; + +print =============== step1: sysinfo create +sql CREATE USER u1 PASS 'taosdata' SYSINFO 0; +sql show users +if $rows != 2 then + return -1 +endi +if $data(u1)[1] != 0 then + return -1 +endi +if $data(u1)[2] != 1 then + return -1 +endi +if $data(u1)[3] != 0 then + return -1 +endi + +sql CREATE USER u2 PASS 'taosdata' SYSINFO 1; +sql show users +if $rows != 3 then + return -1 +endi +if $data(u2)[1] != 0 then + return -1 +endi +if $data(u2)[2] != 1 then + return -1 +endi +if $data(u2)[3] != 1 then + return -1 +endi + +print =============== step2: sysinfo alter +sql ALTER USER u1 SYSINFO 1 +sql show users +if $data(u1)[1] != 0 then + return -1 +endi +if $data(u1)[2] != 1 then + return -1 +endi +if $data(u1)[3] != 1 then + return -1 +endi + +sql ALTER USER u1 SYSINFO 0 +sql show users +if $data(u1)[1] != 0 then + return -1 +endi +if $data(u1)[2] != 1 then + return -1 +endi +if $data(u1)[3] != 0 then + return -1 +endi + +sql ALTER USER u1 SYSINFO 0 +sql ALTER USER u1 SYSINFO 0 + +sql drop user u1 +sql show users +if $rows != 2 then + return -1 +endi + +print =============== step3: enable alter +sql ALTER USER u2 enable 0 +sql show users +if $rows != 2 then + return -1 +endi +if $data(u2)[1] != 0 then + return -1 +endi +if $data(u2)[2] != 0 then + return -1 +endi +if $data(u2)[3] != 1 then + return -1 +endi + +sql ALTER USER u2 enable 1 +sql show users +if $data(u2)[1] != 0 then + return -1 +endi +if $data(u2)[2] != 1 then + return -1 +endi +if $data(u2)[3] != 1 then + return -1 +endi + +sql ALTER USER u2 enable 1 +sql ALTER USER u2 enable 1 + +print =============== restart taosd +system sh/exec.sh -n dnode1 -s stop +system sh/exec.sh -n dnode1 -s start + +print =============== step4: enable privilege +sql show users +if $rows != 2 then + return -1 +endi +if $data(u2)[1] != 0 then + return -1 +endi +if $data(u2)[2] != 1 then + return -1 +endi +if $data(u2)[3] != 1 then + return -1 +endi + + +system sh/exec.sh -n dnode1 -s stop -x SIGINT \ No newline at end of file diff --git a/tests/script/tsim/user/basic1.sim b/tests/script/tsim/user/basic1.sim deleted file mode 100644 index 06a52c6604..0000000000 --- a/tests/script/tsim/user/basic1.sim +++ /dev/null @@ -1,74 +0,0 @@ -system sh/stop_dnodes.sh -system sh/deploy.sh -n dnode1 -i 1 -system sh/exec.sh -n dnode1 -s start -sql connect - -print =============== show users -sql show users -if $rows != 1 then - return -1 -endi - -print $data[0][0] $data[0][1] $data[0][2] -print $data[1][0] $data[1][1] $data[1][2] -print $data[2][0] $data[1][2] $data[2][2] - -sql_error show accounts; -sql_error create account a pass "a" -sql_error drop account a -sql_error drop account root - -print =============== create user1 -sql create user user1 PASS 'user1' -sql show users -if $rows != 2 then - return -1 -endi - -print $data[0][0] $data[0][1] $data[0][2] -print $data[1][0] $data[1][1] $data[1][2] -print $data[2][0] $data[1][2] $data[2][2] -print $data[3][0] $data[3][1] $data[3][2] - -print =============== create user2 -sql create user user2 PASS 'user2' -sql show users -if $rows != 3 then - return -1 -endi - -print $data[0][0] $data[0][1] $data[0][2] -print $data[1][0] $data[1][1] $data[1][2] -print $data[2][0] $data[1][2] $data[2][2] -print $data[3][0] $data[3][1] $data[3][2] -print $data40 $data41 $data42 - -print =============== drop user1 -sql drop user user1 -sql show users -if $rows != 2 then - return -1 -endi - -print $data[0][0] $data[0][1] $data[0][2] -print $data[1][0] $data[1][1] $data[1][2] -print $data[2][0] $data[1][2] $data[2][2] -print $data[3][0] $data[3][1] $data[3][2] - -print =============== restart taosd -system sh/exec.sh -n dnode1 -s stop -sleep 1000 -system sh/exec.sh -n dnode1 -s start - -print =============== show users -sql show users -if $rows != 2 then - return -1 -endi - -print $data[0][0] $data[0][1] $data[0][2] -print $data[1][0] $data[1][1] $data[1][2] -print $data[2][0] $data[1][2] $data[2][2] -print $data[3][0] $data[3][1] $data[3][2] - -system sh/exec.sh -n dnode1 -s stop -x SIGINT diff --git a/tests/script/tsim/user/pass_alter.sim b/tests/script/tsim/user/pass_alter.sim deleted file mode 100644 index 33fc9e51bd..0000000000 --- a/tests/script/tsim/user/pass_alter.sim +++ /dev/null @@ -1,66 +0,0 @@ -system sh/stop_dnodes.sh -system sh/deploy.sh -n dnode1 -i 1 -system sh/exec.sh -n dnode1 -s start -sql connect - -print ============= step1 -sql create user u_read pass 'taosdata1' -sql create user u_write pass 'taosdata1' - -sql alter user u_read pass 'taosdata' -sql alter user u_write pass 'taosdata' - -sql show users -if $rows != 3 then - return -1 -endi - -print ============= step2 -sql close -sleep 2500 -print user u_read login -sql connect u_read -sql alter user u_read pass 'taosdata' -sql alter user u_write pass 'taosdata1' -x step2 - return -1 -step2: - -sql_error create user read1 pass 'taosdata1' -sql_error create user write1 pass 'taosdata1' - -sql show users -if $rows != 3 then - return -1 -endi - -print ============= step3 -sql close -sleep 2500 -print user u_write login -sql connect u_write - -sql_error create user read2 pass 'taosdata1' -sql_error create user write2 pass 'taosdata1' -sql alter user u_write pass 'taosdata' -sql alter user u_read pass 'taosdata' -x step3 - return -1 -step3: - -sql show users -if $rows != 3 then - return -1 -endi - -print ============= step4 -sql close -sleep 2500 -print user root login -sql connect -sql create user oroot pass 'taosdata' - -sql show users -if $rows != 4 then - return -1 -endi - -system sh/exec.sh -n dnode1 -s stop -x SIGINT \ No newline at end of file diff --git a/tests/script/tsim/user/pass_len.sim b/tests/script/tsim/user/pass_len.sim deleted file mode 100644 index 66c378c6cb..0000000000 --- a/tests/script/tsim/user/pass_len.sim +++ /dev/null @@ -1,79 +0,0 @@ -system sh/stop_dnodes.sh -system sh/deploy.sh -n dnode1 -i 1 -system sh/exec.sh -n dnode1 -s start -sql connect - -$i = 0 -$dbPrefix = apdb -$tbPrefix = aptb -$db = $dbPrefix . $i -$tb = $tbPrefix . $i -$userPrefix = apusr - -print =============== step1 -$i = 0 -$user = $userPrefix . $i - -sql drop user $user -x step11 - return -1 -step11: - -sql create user $user PASS -x step12 - return -1 -step12: - -sql create user $user PASS 'taosdata' - -sql show users -if $rows != 2 then - return -1 -endi - -print =============== step2 -$i = 1 -$user = $userPrefix . $i -sql drop user $user -x step2 -step2: -sql create user $user PASS '1' -sql show users -if $rows != 3 then - return -1 -endi - -print =============== step3 -$i = 2 -$user = $userPrefix . $i -sql drop user $user -x step3 -step3: - -sql create user $user PASS 'abc0123456789' -sql show users -if $rows != 4 then - return -1 -endi - -print =============== step4 -$i = 3 -$user = $userPrefix . $i -sql create user $user PASS 'abcd012345678901234567891234567890abcd012345678901234567891234567890abcd012345678901234567891234567890abcd012345678901234567891234567890123' -x step4 - return -1 - -step4: -sql show users -if $rows != 4 then - return -1 -endi - -$i = 0 -while $i < 3 - $user = $userPrefix . $i - sql drop user $user - $i = $i + 1 -endw - -sql show users -if $rows != 1 then - return -1 -endi - -system sh/exec.sh -n dnode1 -s stop -x SIGINT \ No newline at end of file diff --git a/tests/script/tsim/user/password.sim b/tests/script/tsim/user/password.sim new file mode 100644 index 0000000000..d26b9dbc2e --- /dev/null +++ b/tests/script/tsim/user/password.sim @@ -0,0 +1,87 @@ +system sh/stop_dnodes.sh +system sh/deploy.sh -n dnode1 -i 1 +system sh/exec.sh -n dnode1 -s start +sql connect + +print ============= step1 +sql create user u_read pass 'taosdata1' +sql create user u_write pass 'taosdata1' + +sql alter user u_read pass 'taosdata' +sql alter user u_write pass 'taosdata' + +sql show users +if $rows != 3 then + return -1 +endi + +print ============= step2 +print user u_read login +sql close +sql connect u_read + +sql alter user u_read pass 'taosdata' +sql_error alter user u_write pass 'taosdata1' + +sql_error create user read1 pass 'taosdata1' +sql_error create user write1 pass 'taosdata1' + +sql show users +if $rows != 3 then + return -1 +endi + +print ============= step3 +print user u_write login +sql close +sql connect u_write + +sql_error create user read2 pass 'taosdata1' +sql_error create user write2 pass 'taosdata1' +sql alter user u_write pass 'taosdata' +sql_error alter user u_read pass 'taosdata' + +sql show users +if $rows != 3 then + return -1 +endi + +print ============= step4 +print user root login +sql close +sql connect +sql create user oroot pass 'taosdata' +sql_error create user $user PASS 'abcd012345678901234567891234567890abcd012345678901234567891234567890abcd012345678901234567891234567890abcd012345678901234567891234567890123' +sql_error create userabcd012345678901234567891234567890abcd01234567890123456789123456789 PASS 'taosdata' +sql_error create user abcd0123456789012345678901234567890111 PASS '123' +sql create user abc01234567890123456789 PASS '123' + +sql show users +if $rows != 5 then + return -1 +endi + +print ============= step5 +sql create database db vgroups 1 +sql_error ALTER USER o_root SYSINFO 0 +sql_error ALTER USER o_root SYSINFO 1 +sql_error ALTER USER o_root enable 0 +sql_error ALTER USER o_root enable 1 + +sql_error create database db vgroups 1; +sql_error GRANT read ON db.* to o_root; +sql_error GRANT read ON *.* to o_root; +sql_error REVOKE read ON db.* from o_root; +sql_error REVOKE read ON *.* from o_root; +sql_error GRANT write ON db.* to o_root; +sql_error GRANT write ON *.* to o_root; +sql_error REVOKE write ON db.* from o_root; +sql_error REVOKE write ON *.* from o_root; +sql_error REVOKE write ON *.* from o_root; + +sql_error GRANT all ON *.* to o_root; +sql_error REVOKE all ON *.* from o_root; +sql_error GRANT read,write ON *.* to o_root; +sql_error REVOKE read,write ON *.* from o_root; + +system sh/exec.sh -n dnode1 -s stop -x SIGINT \ No newline at end of file diff --git a/tests/script/tsim/user/privilege2.sim b/tests/script/tsim/user/privilege2.sim deleted file mode 100644 index 470f167c50..0000000000 --- a/tests/script/tsim/user/privilege2.sim +++ /dev/null @@ -1,38 +0,0 @@ -system sh/stop_dnodes.sh -system sh/deploy.sh -n dnode1 -i 1 -system sh/exec.sh -n dnode1 -s start -sql connect - -print =============== show users -sql create database d1 vgroups 1; -sql create database d2 vgroups 1; -sql create database d3 vgroups 1; -sql show databases -if $rows != 5 then - return -1 -endi - -print =============== create users -sql create user user1 PASS 'taosdata' -sql create user user2 PASS 'taosdata' -sql show users -if $rows != 3 then - return -1 -endi - -sql GRANT read ON d1.* to user1; -sql GRANT write ON d2.* to user1; - -print =============== re connect -sql close -sleep 2500 -print user user1 login -sql connect user1 - -sql_error drop database d1; -sql_error drop database d2; - -sql_error create stable d1.st (ts timestamp, i int) tags (j int) -sql create stable d2.st (ts timestamp, i int) tags (j int) - -system sh/exec.sh -n dnode1 -s stop -x SIGINT \ No newline at end of file diff --git a/tests/script/tsim/user/privilege1.sim b/tests/script/tsim/user/privilege_db.sim similarity index 78% rename from tests/script/tsim/user/privilege1.sim rename to tests/script/tsim/user/privilege_db.sim index a7c5d9d13d..a694d21f2f 100644 --- a/tests/script/tsim/user/privilege1.sim +++ b/tests/script/tsim/user/privilege_db.sim @@ -3,7 +3,7 @@ system sh/deploy.sh -n dnode1 -i 1 system sh/exec.sh -n dnode1 -s start sql connect -print =============== show users +print =============== create db sql create database d1 vgroups 1; sql create database d2 vgroups 1; sql create database d3 vgroups 1; @@ -68,4 +68,26 @@ sql REVOKE read,write ON d1.* from user1; sql REVOKE read,write ON d2.* from user1; sql REVOKE read,write ON *.* from user1; + +print =============== create users +sql create user u1 PASS 'taosdata' +sql show users +if $rows != 4 then + return -1 +endi + +sql GRANT read ON d1.* to u1; +sql GRANT write ON d2.* to u1; + +print =============== re connect +print user u1 login +sql close +sql connect u1 + +sql_error drop database d1; +sql_error drop database d2; + +sql_error create stable d1.st (ts timestamp, i int) tags (j int) +sql create stable d2.st (ts timestamp, i int) tags (j int) + system sh/exec.sh -n dnode1 -s stop -x SIGINT diff --git a/tests/script/tsim/user/privilege_sysinfo.sim b/tests/script/tsim/user/privilege_sysinfo.sim new file mode 100644 index 0000000000..9ddfce8a97 --- /dev/null +++ b/tests/script/tsim/user/privilege_sysinfo.sim @@ -0,0 +1,26 @@ +system sh/stop_dnodes.sh +system sh/deploy.sh -n dnode1 -i 1 +system sh/exec.sh -n dnode1 -s start +sql connect + +print =============== create user and login +sql create user sysinfo0 pass 'taosdata' +sql create user sysinfo1 pass 'taosdata' +sql alter user sysinfo0 sysinfo 0 +sql alter user sysinfo1 sysinfo 1 + +print user sysinfo0 login +sql close +sql connect sysinfo0 + +system sh/exec.sh -n dnode1 -s stop +return + +print =============== check oper +sql_error create user u1 pass 'u1' +sql_error drop user sysinfo1 +sql_error alter user sysinfo1 pass '1' +sql_error alter user sysinfo0 pass '1' + + +system sh/exec.sh -n dnode1 -s stop -x SIGINT \ No newline at end of file diff --git a/tests/script/tsim/user/user_len.sim b/tests/script/tsim/user/user_len.sim deleted file mode 100644 index 0e44f94294..0000000000 --- a/tests/script/tsim/user/user_len.sim +++ /dev/null @@ -1,85 +0,0 @@ -system sh/stop_dnodes.sh -system sh/deploy.sh -n dnode1 -i 1 -system sh/exec.sh -n dnode1 -s start -sql connect - -$i = 0 -$dbPrefix = lm_us_db -$tbPrefix = lm_us_tb -$db = $dbPrefix . $i -$tb = $tbPrefix . $i - -print =============== step1 -sql drop user ac -x step0 - return -1 -step0: - -sql create user PASS '123' -x step1 - return -1 -step1: - -sql show users -if $rows != 1 then - return -1 -endi - -print =============== step2 -sql drop user a -x step2 -step2: -sql create user a PASS '123' -sql show users -if $rows != 2 then - return -1 -endi - -sql drop user a -sql show users -if $rows != 1 then - return -1 -endi - -print =============== step3 -sql drop user abc01234567890123456789 -x step3 -step3: - -sql create user abc01234567890123456789 PASS '123' -sql show users -if $rows != 2 then - return -1 -endi - -sql drop user abc01234567890123456789 -sql show users -if $rows != 1 then - return -1 -endi - -print =============== step4 -sql create user abcd0123456789012345678901234567890111 PASS '123' -x step4 - return -1 -step4: -sql show users -if $rows != 1 then - return -1 -endi - -print =============== step5 -sql drop user 123 -x step5 -step5: -sql create user 123 PASS '123' -x step61 - return -1 -step61: - -sql create user a123 PASS '123' -sql show users -if $rows != 2 then - return -1 -endi - -sql drop user a123 -sql show users -if $rows != 1 then - return -1 -endi - -system sh/exec.sh -n dnode1 -s stop -x SIGINT \ No newline at end of file