Merge pull request #15470 from taosdata/fix/mnode

refactor: privilege code
2022-07-27 17:54:02 +08:00 · 2022-07-27 17:54:02 +08:00 · f2dbf0ade3
parent b5c6d56323 d786d85d65
commit f2dbf0ade3
5 changed files with 30 additions and 212 deletions
--- a/source/dnode/mnode/impl/CMakeLists.txt
+++ b/source/dnode/mnode/impl/CMakeLists.txt
@ -1,4 +1,11 @@
 aux_source_directory(src MNODE_SRC)
+IF (TD_PRIVILEGE)
+  ADD_DEFINITIONS(-D_PRIVILEGE)
+ENDIF ()
+IF (TD_PRIVILEGE)
+  LIST(APPEND MNODE_SRC ${TD_ENTERPRISE_DIR}/src/plugins/privilege/src/privilege.c)
+ENDIF ()
+
 add_library(mnode STATIC ${MNODE_SRC})
 target_include_directories(
    mnode
@ -8,11 +15,8 @@ target_include_directories(
 target_link_libraries(
    mnode scheduler sdb wal transport cjson sync monitor executor qworker stream parser
 )
-
 IF (TD_GRANT)
  TARGET_LINK_LIBRARIES(mnode grant)
-ENDIF ()
-IF (TD_GRANT)
  ADD_DEFINITIONS(-D_GRANT)
 ENDIF ()

--- a/source/dnode/mnode/impl/inc/mndPrivilege.h
+++ b/source/dnode/mnode/impl/inc/mndPrivilege.h
@ -30,6 +30,7 @@ int32_t mndCheckDbPrivilege(SMnode *pMnode, const char *user, EOperType operType
 int32_t mndCheckDbPrivilegeByName(SMnode *pMnode, const char *user, EOperType operType, const char *dbname);
 int32_t mndCheckShowPrivilege(SMnode *pMnode, const char *user, EShowType showType, const char *dbname);
 int32_t mndCheckAlterUserPrivilege(SUserObj *pOperUser, SUserObj *pUser, SAlterUserReq *pAlter);
+int32_t mndSetUserAuthRsp(SMnode *pMnode, SUserObj *pUser, SGetUserAuthRsp *pRsp);

 #ifdef __cplusplus
 }
--- a/source/dnode/mnode/impl/inc/mndUser.h
+++ b/source/dnode/mnode/impl/inc/mndUser.h
@ -17,6 +17,7 @@
 #define _TD_MND_USER_H_

 #include "mndInt.h"
+#include "thash.h"

 #ifdef __cplusplus
 extern "C" {
@ -28,9 +29,10 @@ SUserObj *mndAcquireUser(SMnode *pMnode, const char *userName);
 void      mndReleaseUser(SMnode *pMnode, SUserObj *pUser);

 // for trans test
-SSdbRaw *mndUserActionEncode(SUserObj *pUser);
-int32_t  mndValidateUserAuthInfo(SMnode *pMnode, SUserAuthVersion *pUsers, int32_t numOfUses, void **ppRsp,
-                                 int32_t *pRspLen);
+SSdbRaw  *mndUserActionEncode(SUserObj *pUser);
+SHashObj *mndDupDbHash(SHashObj *pOld);
+int32_t   mndValidateUserAuthInfo(SMnode *pMnode, SUserAuthVersion *pUsers, int32_t numOfUses, void **ppRsp,
+                                  int32_t *pRspLen);

 #ifdef __cplusplus
 }
--- a/source/dnode/mnode/impl/src/mndPrivilege.c
+++ b/source/dnode/mnode/impl/src/mndPrivilege.c
@ -18,177 +18,20 @@
 #include "mndDb.h"
 #include "mndUser.h"

+#ifndef _PRIVILEGE
 int32_t mndInitPrivilege(SMnode *pMnode) { return 0; }
-
-void mndCleanupPrivilege(SMnode *pMnode) {}
-
-int32_t mndCheckOperPrivilege(SMnode *pMnode, const char *user, EOperType operType) {
-  int32_t   code = 0;
-  SUserObj *pUser = mndAcquireUser(pMnode, user);
-
-  if (pUser == NULL) {
-    terrno = TSDB_CODE_MND_NO_USER_FROM_CONN;
-    code = -1;
-    goto _OVER;
-  }
-
-  if (pUser->superUser) {
-    goto _OVER;
-  }
-
-  if (!pUser->enable) {
-    terrno = TSDB_CODE_MND_USER_DISABLED;
-    code = -1;
-    goto _OVER;
-  }
-
-  switch (operType) {
-    case MND_OPER_CONNECT:
-    case MND_OPER_CREATE_FUNC:
-    case MND_OPER_DROP_FUNC:
-    case MND_OPER_SHOW_VARIBALES:
-      break;
-    default:
-      terrno = TSDB_CODE_MND_NO_RIGHTS;
-      code = -1;
-  }
-
-_OVER:
-  mndReleaseUser(pMnode, pUser);
-  return code;
-}
-
-int32_t mndCheckAlterUserPrivilege(SUserObj *pOperUser, SUserObj *pUser, SAlterUserReq *pAlter) {
-  if (pUser->superUser && pAlter->alterType != TSDB_ALTER_USER_PASSWD) {
-    terrno = TSDB_CODE_MND_NO_RIGHTS;
-    return -1;
-  }
-
-  if (pOperUser->superUser) return 0;
-
-  if (!pOperUser->enable) {
-    terrno = TSDB_CODE_MND_USER_DISABLED;
-    return -1;
-  }
-
-  if (pAlter->alterType == TSDB_ALTER_USER_PASSWD) {
-    if (strcmp(pUser->user, pOperUser->user) == 0) {
-      if (pOperUser->sysInfo) return 0;
-    }
-  }
-
-  terrno = TSDB_CODE_MND_NO_RIGHTS;
-  return -1;
-}
-
-int32_t mndCheckShowPrivilege(SMnode *pMnode, const char *user, EShowType showType, const char *dbname) {
-  int32_t   code = 0;
-  SUserObj *pUser = mndAcquireUser(pMnode, user);
-
-  if (pUser == NULL) {
-    code = -1;
-    goto _OVER;
-  }
-
-  if (pUser->superUser) {
-    goto _OVER;
-  }
-
-  if (!pUser->enable) {
-    terrno = TSDB_CODE_MND_USER_DISABLED;
-    code = -1;
-    goto _OVER;
-  }
-
-  if (pUser->sysInfo) {
-    goto _OVER;
-  }
-
-  switch (showType) {
-    case TSDB_MGMT_TABLE_DB:
-    case TSDB_MGMT_TABLE_STB:
-    case TSDB_MGMT_TABLE_INDEX:
-    case TSDB_MGMT_TABLE_STREAMS:
-    case TSDB_MGMT_TABLE_CONSUMERS:
-    case TSDB_MGMT_TABLE_TOPICS:
-    case TSDB_MGMT_TABLE_SUBSCRIPTIONS:
-    case TSDB_MGMT_TABLE_FUNC:
-    case TSDB_MGMT_TABLE_QUERIES:
-    case TSDB_MGMT_TABLE_CONNS:
-    case TSDB_MGMT_TABLE_APPS:
-    case TSDB_MGMT_TABLE_TRANS:
-      code = 0;
-      break;
-    default:
-      terrno = TSDB_CODE_MND_NO_RIGHTS;
-      code = -1;
-      goto _OVER;
-  }
-
-  if (showType == TSDB_MGMT_TABLE_STB || showType == TSDB_MGMT_TABLE_VGROUP || showType == TSDB_MGMT_TABLE_INDEX) {
-    code = mndCheckDbPrivilegeByName(pMnode, user, MND_OPER_READ_OR_WRITE_DB, dbname);
-  }
-
-_OVER:
-  mndReleaseUser(pMnode, pUser);
-  return code;
-}
-
-int32_t mndCheckDbPrivilege(SMnode *pMnode, const char *user, EOperType operType, SDbObj *pDb) {
-  int32_t   code = 0;
-  SUserObj *pUser = mndAcquireUser(pMnode, user);
-
-  if (pUser == NULL) {
-    code = -1;
-    goto _OVER;
-  }
-
-  if (pUser->superUser) goto _OVER;
-
-  if (!pUser->enable) {
-    terrno = TSDB_CODE_MND_USER_DISABLED;
-    code = -1;
-    goto _OVER;
-  }
-
-  if (operType == MND_OPER_CREATE_DB) {
-    if (pUser->sysInfo) goto _OVER;
-  }
-
-  if (operType == MND_OPER_ALTER_DB || operType == MND_OPER_DROP_DB || operType == MND_OPER_COMPACT_DB ||
-      operType == MND_OPER_TRIM_DB) {
-    if (strcmp(pUser->user, pDb->createUser) == 0 && pUser->sysInfo) goto _OVER;
-  }
-
-  if (operType == MND_OPER_USE_DB || operType == MND_OPER_READ_OR_WRITE_DB) {
-    if (strcmp(pUser->user, pDb->createUser) == 0) goto _OVER;
-    if (taosHashGet(pUser->readDbs, pDb->name, strlen(pDb->name) + 1) != NULL) goto _OVER;
-    if (taosHashGet(pUser->writeDbs, pDb->name, strlen(pDb->name) + 1) != NULL) goto _OVER;
-  }
-
-  if (operType == MND_OPER_WRITE_DB) {
-    if (strcmp(pUser->user, pDb->createUser) == 0) goto _OVER;
-    if (taosHashGet(pUser->writeDbs, pDb->name, strlen(pDb->name) + 1) != NULL) goto _OVER;
-  }
-
-  if (operType == MND_OPER_READ_DB) {
-    if (strcmp(pUser->user, pDb->createUser) == 0) goto _OVER;
-    if (taosHashGet(pUser->readDbs, pDb->name, strlen(pDb->name) + 1) != NULL) goto _OVER;
-  }
-
-  terrno = TSDB_CODE_MND_NO_RIGHTS;
-  code = -1;
-
-_OVER:
-  mndReleaseUser(pMnode, pUser);
-  return code;
-}
-
+void    mndCleanupPrivilege(SMnode *pMnode) {}
+int32_t mndCheckOperPrivilege(SMnode *pMnode, const char *user, EOperType operType) { return 0; }
+int32_t mndCheckAlterUserPrivilege(SUserObj *pOperUser, SUserObj *pUser, SAlterUserReq *pAlter) { return 0; }
+int32_t mndCheckShowPrivilege(SMnode *pMnode, const char *user, EShowType showType, const char *dbname) { return 0; }
+int32_t mndCheckDbPrivilege(SMnode *pMnode, const char *user, EOperType operType, SDbObj *pDb) { return 0; }
 int32_t mndCheckDbPrivilegeByName(SMnode *pMnode, const char *user, EOperType operType, const char *dbname) {
-  SDbObj *pDb = mndAcquireDb(pMnode, dbname);
-  if (pDb == NULL) return -1;
-
-  int32_t code = mndCheckDbPrivilege(pMnode, user, operType, pDb);
-  mndReleaseDb(pMnode, pDb);
-  return code;
-}
+  return 0;
+}
+int32_t mndSetUserAuthRsp(SMnode *pMnode, SUserObj *pUser, SGetUserAuthRsp *pRsp) {
+  memcpy(pRsp->user, pUser->user, TSDB_USER_LEN);
+  pRsp->superAuth = 1;
+  pRsp->version = pUser->authVersion;
+  return 0;
+}
+#endif
--- a/source/dnode/mnode/impl/src/mndUser.c
+++ b/source/dnode/mnode/impl/src/mndUser.c
@ -15,8 +15,8 @@

 #define _DEFAULT_SOURCE
 #include "mndUser.h"
-#include "mndPrivilege.h"
 #include "mndDb.h"
+#include "mndPrivilege.h"
 #include "mndShow.h"
 #include "mndTrans.h"
 #include "tbase64.h"
@ -408,7 +408,7 @@ static int32_t mndAlterUser(SMnode *pMnode, SUserObj *pOld, SUserObj *pNew, SRpc
  return 0;
 }

-static SHashObj *mndDupDbHash(SHashObj *pOld) {
+SHashObj *mndDupDbHash(SHashObj *pOld) {
  SHashObj *pNew =
      taosHashInit(taosHashGetSize(pOld), taosGetDefaultHashFunction(TSDB_DATA_TYPE_BINARY), true, HASH_ENTRY_LOCK);
  if (pNew == NULL) {
@ -662,38 +662,6 @@ _OVER:
  return code;
 }

-static int32_t mndSetUserAuthRsp(SMnode *pMnode, SUserObj *pUser, SGetUserAuthRsp *pRsp) {
-  memcpy(pRsp->user, pUser->user, TSDB_USER_LEN);
-  pRsp->superAuth = pUser->superUser;
-  pRsp->version = pUser->authVersion;
-  taosRLockLatch(&pUser->lock);
-  pRsp->readDbs = mndDupDbHash(pUser->readDbs);
-  pRsp->writeDbs = mndDupDbHash(pUser->writeDbs);
-  taosRUnLockLatch(&pUser->lock);
-  pRsp->createdDbs = taosHashInit(4, taosGetDefaultHashFunction(TSDB_DATA_TYPE_BINARY), true, HASH_NO_LOCK);
-  if (NULL == pRsp->createdDbs) {
-    terrno = TSDB_CODE_OUT_OF_MEMORY;
-    return -1;
-  }
-
-  SSdb *pSdb = pMnode->pSdb;
-  void *pIter = NULL;
-  while (1) {
-    SDbObj *pDb = NULL;
-    pIter = sdbFetch(pSdb, SDB_DB, pIter, (void **)&pDb);
-    if (pIter == NULL) break;
-
-    if (strcmp(pDb->createUser, pUser->user) == 0) {
-      int32_t len = strlen(pDb->name) + 1;
-      taosHashPut(pRsp->createdDbs, pDb->name, len, pDb->name, len);
-    }
-
-    sdbRelease(pSdb, pDb);
-  }
-
-  return 0;
-}
-
 static int32_t mndProcessGetUserAuthReq(SRpcMsg *pReq) {
  SMnode         *pMnode = pReq->info.node;
  int32_t         code = -1;