Skip to content

TDengine
TDengine

冷面1992 / TDengine
与 Fork 源项目一致

Fork自 taosdata / TDengine

通知 1
Star 0
Fork 0
TDengine
TDengine

体验新版 GitCode,发现更多精彩内容 >>

未验证 提交 13f1aaee 编写于 作者: P plum-lihui 提交者: GitHub
浏览文件
操作

Merge pull request #920 from taosdata/hotfix/TBASE-1305 

Hotfix/tbase 1305
上级 7a50c51c 0c4cda92
显示空白变更内容
内联 并排
Showing with 121 addition and 34 deletion
src/system/detail/src/mgmtShell.c
浏览文件 @ 13f1aaee
...@@ -678,26 +678,79 @@ int mgmtProcessAlterUserMsg(char *pMsg, int msgLen, SConnObj *pConn) { ...@@ -678,26 +678,79 @@ int mgmtProcessAlterUserMsg(char *pMsg, int msgLen, SConnObj *pConn) {
SAlterUserMsg *pAlter = (SAlterUserMsg *)pMsg; SAlterUserMsg *pAlter = (SAlterUserMsg *)pMsg;
int code = 0; int code = 0;
SUserObj * pUser; SUserObj * pUser;
SUserObj * pOperUser;
if (mgmtCheckRedirectMsg(pConn, TSDB_MSG_TYPE_ALTER_USER_RSP) != 0) { if (mgmtCheckRedirectMsg(pConn, TSDB_MSG_TYPE_ALTER_USER_RSP) != 0) {
return 0; return 0;
} }
pUser = mgmtGetUser(pAlter->user); pUser = mgmtGetUser(pAlter->user);
pOperUser = mgmtGetUser(pConn->pUser->user);
if (pUser == NULL) { if (pUser == NULL) {
taosSendSimpleRsp(pConn->thandle, TSDB_MSG_TYPE_ALTER_USER_RSP, TSDB_CODE_INVALID_USER); taosSendSimpleRsp(pConn->thandle, TSDB_MSG_TYPE_ALTER_USER_RSP, TSDB_CODE_INVALID_USER);
return 0; return 0;
} }
if (strcmp(pUser->user, "monitor") == 0 || strcmp(pUser->user, "stream") == 0) { if (pOperUser == NULL) {
taosSendSimpleRsp(pConn->thandle, TSDB_MSG_TYPE_ALTER_USER_RSP, TSDB_CODE_INVALID_USER);
return 0;
}
if (strcmp(pUser->user, "monitor") == 0 || (strcmp(pUser->user + 1, pUser->acct) == 0 && pUser->user[0] == '_')) {
code = TSDB_CODE_NO_RIGHTS; code = TSDB_CODE_NO_RIGHTS;
} else if ((strcmp(pUser->user, pConn->pUser->user) == 0) || taosSendSimpleRsp(pConn->thandle, TSDB_MSG_TYPE_ALTER_USER_RSP, code);
((strcmp(pUser->acct, pConn->pAcct->user) == 0) && pConn->superAuth) || return 0;
(strcmp(pConn->pUser->user, "root") == 0)) { }
if ((pAlter->flag & TSDB_ALTER_USER_PASSWD) != 0) { if ((pAlter->flag & TSDB_ALTER_USER_PASSWD) != 0) {
bool hasRight = false;
if (strcmp(pOperUser->user, "root") == 0) {
hasRight = true;
} else if (strcmp(pUser->user, pOperUser->user) == 0) {
hasRight = true;
} else if (pOperUser->superAuth) {
if (strcmp(pUser->user, "root") == 0) {
hasRight = false;
} else if (strcmp(pOperUser->acct, pUser->acct) != 0) {
hasRight = false;
} else {
hasRight = true;
}
}
if (hasRight) {
memset(pUser->pass, 0, sizeof(pUser->pass)); memset(pUser->pass, 0, sizeof(pUser->pass));
taosEncryptPass((uint8_t *)pAlter->pass, strlen(pAlter->pass), pUser->pass); taosEncryptPass(pAlter->pass, strlen(pAlter->pass), pUser->pass);
code = mgmtUpdateUser(pUser);
mLPrint("user:%s password is altered by %s, code:%d", pAlter->user, pConn->pUser->user, code);
} else {
code = TSDB_CODE_NO_RIGHTS;
}
taosSendSimpleRsp(pConn->thandle, TSDB_MSG_TYPE_ALTER_USER_RSP, code);
return 0;
} }
if ((pAlter->flag & TSDB_ALTER_USER_PRIVILEGES) != 0) {
bool hasRight = false;
if (strcmp(pUser->user, "root") == 0) {
hasRight = false;
} else if (strcmp(pOperUser->user, "root") == 0) {
hasRight = true;
} else if (strcmp(pUser->user, pOperUser->user) == 0) {
hasRight = false;
} else if (pOperUser->superAuth) {
if (strcmp(pUser->user, "root") == 0) {
hasRight = false;
} else if (strcmp(pOperUser->acct, pUser->acct) != 0) {
hasRight = false;
} else {
hasRight = true;
}
}
if (hasRight) {
if ((pAlter->flag & TSDB_ALTER_USER_PRIVILEGES) != 0) { if ((pAlter->flag & TSDB_ALTER_USER_PRIVILEGES) != 0) {
if (pAlter->privilege == 1) { // super if (pAlter->privilege == 1) { // super
pUser->superAuth = 1; pUser->superAuth = 1;
...@@ -712,32 +765,68 @@ int mgmtProcessAlterUserMsg(char *pMsg, int msgLen, SConnObj *pConn) { ...@@ -712,32 +765,68 @@ int mgmtProcessAlterUserMsg(char *pMsg, int msgLen, SConnObj *pConn) {
pUser->writeAuth = 1; pUser->writeAuth = 1;
} }
} }
code = mgmtUpdateUser(pUser); code = mgmtUpdateUser(pUser);
mLPrint("user:%s is altered by %s", pAlter->user, pConn->pUser->user); mLPrint("user:%s privilege is altered by %s, code:%d", pAlter->user, pConn->pUser->user, code);
} else { } else {
code = TSDB_CODE_NO_RIGHTS; code = TSDB_CODE_NO_RIGHTS;
} }
taosSendSimpleRsp(pConn->thandle, TSDB_MSG_TYPE_ALTER_USER_RSP, code); taosSendSimpleRsp(pConn->thandle, TSDB_MSG_TYPE_ALTER_USER_RSP, code);
return 0;
}
code = TSDB_CODE_NO_RIGHTS;
taosSendSimpleRsp(pConn->thandle, TSDB_MSG_TYPE_ALTER_USER_RSP, code);
return 0; return 0;
} }
int mgmtProcessDropUserMsg(char *pMsg, int msgLen, SConnObj *pConn) { int mgmtProcessDropUserMsg(char *pMsg, int msgLen, SConnObj *pConn) {
SDropUserMsg *pDrop = (SDropUserMsg *)pMsg; SDropUserMsg *pDrop = (SDropUserMsg *)pMsg;
int code = 0; int code = 0;
SUserObj * pUser;
SUserObj * pOperUser;
if (mgmtCheckRedirectMsg(pConn, TSDB_MSG_TYPE_DROP_USER_RSP) != 0) { if (mgmtCheckRedirectMsg(pConn, TSDB_MSG_TYPE_DROP_USER_RSP) != 0) {
return 0; return 0;
} }
if (strcmp(pConn->pUser->user, pDrop->user) == 0) { pUser = mgmtGetUser(pDrop->user);
code = TSDB_CODE_NO_RIGHTS; pOperUser = mgmtGetUser(pConn->pUser->user);
} else if (strcmp(pDrop->user, "monitor") == 0 || strcmp(pDrop->user, "stream") == 0) {
if (pUser == NULL) {
taosSendSimpleRsp(pConn->thandle, TSDB_MSG_TYPE_DROP_USER_RSP, TSDB_CODE_INVALID_USER);
return 0;
}
if (pOperUser == NULL) {
taosSendSimpleRsp(pConn->thandle, TSDB_MSG_TYPE_DROP_USER_RSP, TSDB_CODE_INVALID_USER);
return 0;
}
if (strcmp(pUser->user, "monitor") == 0 || (strcmp(pUser->user + 1, pUser->acct) == 0 && pUser->user[0] == '_')) {
code = TSDB_CODE_NO_RIGHTS; code = TSDB_CODE_NO_RIGHTS;
taosSendSimpleRsp(pConn->thandle, TSDB_MSG_TYPE_DROP_USER_RSP, code);
return 0;
}
bool hasRight = false;
if (strcmp(pUser->user, "root") == 0) {
hasRight = false;
} else if (strcmp(pOperUser->user, "root") == 0) {
hasRight = true;
} else if (strcmp(pUser->user, pOperUser->user) == 0) {
hasRight = false;
} else if (pOperUser->superAuth) {
if (strcmp(pUser->user, "root") == 0) {
hasRight = false;
} else if (strcmp(pOperUser->acct, pUser->acct) != 0) {
hasRight = false;
} else { } else {
if (pConn->superAuth) { hasRight = true;
}
}
if (hasRight) {
code = mgmtDropUser(pConn->pAcct, pDrop->user); code = mgmtDropUser(pConn->pAcct, pDrop->user);
if (code == 0) { if (code == 0) {
mLPrint("user:%s is dropped by %s", pDrop->user, pConn->pUser->user); mLPrint("user:%s is dropped by %s", pDrop->user, pConn->pUser->user);
...@@ -745,10 +834,8 @@ int mgmtProcessDropUserMsg(char *pMsg, int msgLen, SConnObj *pConn) { ...@@ -745,10 +834,8 @@ int mgmtProcessDropUserMsg(char *pMsg, int msgLen, SConnObj *pConn) {
} else { } else {
code = TSDB_CODE_NO_RIGHTS; code = TSDB_CODE_NO_RIGHTS;
} }
}
taosSendSimpleRsp(pConn->thandle, TSDB_MSG_TYPE_DROP_USER_RSP, code); taosSendSimpleRsp(pConn->thandle, TSDB_MSG_TYPE_DROP_USER_RSP, code);
return 0; return 0;
} }
...@@ -1136,7 +1223,7 @@ void mgmtEstablishConn(SConnObj *pConn) { ...@@ -1136,7 +1223,7 @@ void mgmtEstablishConn(SConnObj *pConn) {
atomic_fetch_add_32(&sdbExtConns, 1); atomic_fetch_add_32(&sdbExtConns, 1);
pConn->stime = taosGetTimestampMs(); pConn->stime = taosGetTimestampMs();
if (strcmp(pConn->pUser->user, "root") == 0 || strcmp(pConn->pUser->user, pConn->pAcct->user) == 0) { if (strcmp(pConn->pUser->user, "root") == 0) {
pConn->superAuth = 1; pConn->superAuth = 1;
pConn->writeAuth = 1; pConn->writeAuth = 1;
} else { } else {
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册