From 126baf46942ae04622e147670d8a1ad11b9acad6 Mon Sep 17 00:00:00 2001 From: Tao Liu Date: Fri, 29 May 2020 14:14:09 +0000 Subject: [PATCH] [TD-424] divide audit tables; --- src/inc/tlog.h | 7 +++++++ src/modules/monitor/src/monitorSystem.c | 26 +++++++++++++++++++++---- src/system/detail/src/mgmtShell.c | 16 +++++++++++++-- 3 files changed, 43 insertions(+), 6 deletions(-) diff --git a/src/inc/tlog.h b/src/inc/tlog.h index 7556cc50a1..44852b10c8 100644 --- a/src/inc/tlog.h +++ b/src/inc/tlog.h @@ -25,11 +25,16 @@ extern "C" { #include #include "tglobalcfg.h" + #define DEBUG_ERROR 1U #define DEBUG_WARN 2U #define DEBUG_TRACE 4U #define DEBUG_DUMP 8U +#define AUDIT_INFO 0 +#define AUDIT_WARN 1 +#define AUDIT_ERROR 2 + #define DEBUG_FILE 0x80 #define DEBUG_SCREEN 0x40 @@ -58,6 +63,8 @@ void taosPrintLongString(const char *const flags, int dflag, const char *const f int taosOpenLogFileWithMaxLines(char *fn, int maxLines, int maxFileNum); +void taosAuditRecord(int level, char * dbuser, char * result, char * content ); + void taosCloseLog(); void taosResetLogFile(); diff --git a/src/modules/monitor/src/monitorSystem.c b/src/modules/monitor/src/monitorSystem.c index 53bf210ed8..896f3bd015 100644 --- a/src/modules/monitor/src/monitorSystem.c +++ b/src/modules/monitor/src/monitorSystem.c @@ -200,13 +200,12 @@ void dnodeBuildMonitorSql(char *sql, int cmd) { } else if (cmd == MONITOR_CMD_CREATE_DB_AUDIT) { char * auditDBname = "audit"; snprintf(sql, SQL_LENGTH, - "create database if not exists %s replica 1 days 10 keep 3650 rows 1024 cache 2048", - auditDBname); + "create database if not exists %s replica 1 days 10 keep 3650 rows 1024 cache 2048 ablocks 2 tblocks 32 tables 32 precision 'us'", auditDBname); } else if (cmd == MONITOR_CMD_CREATE_TB_AUDIT) { snprintf(sql, SQL_LENGTH, "create table if not exists audit.audit(ts timestamp, level tinyint, " - "dbuser binary(%d), result binary(%d), ipaddr binary(%d), content binary(%d))", - TSDB_USER_LEN, LOG_RESULT_LEN, IP_LEN_STR, LOG_LEN_STR); + "dbuser binary(%d), result binary(%d), content binary(%d))", + TSDB_USER_LEN, LOG_RESULT_LEN, LOG_LEN_STR); } } @@ -296,6 +295,16 @@ void dnodeMontiorInsertLogCallback(void *param, TAOS_RES *result, int code) { } } +void dnodeMontiorInsertAuditCallback(void *param, TAOS_RES *result, int code) { + if (code < 0) { + monitorError("monitor:%p, save audit failed, code:%d", monitor->conn, code); + } else if (code == 0) { + monitorError("monitor:%p, save audit failed, affect rows:%d", monitor->conn, code); + } else { + monitorTrace("monitor:%p, save audit info success, code:%d", monitor->conn, code); + } +} + // unit is MB int monitorBuildMemorySql(char *sql) { float sysMemoryUsedMB = 0; @@ -455,3 +464,12 @@ void monitorExecuteSQL(char *sql) { monitorTrace("monitor:%p, execute sql: %s", monitor->conn, sql); taos_query_a(monitor->conn, sql, NULL, NULL); } + +void taosAuditRecord(int level, char * dbuser, char * result, char * content ){ + char sqlcmd[1024] = {0}; + int64_t ts = taosGetTimestampUs(); + + int pos = snprintf(sqlcmd, SQL_LENGTH, "insert into audit.audit values(%" PRId64, ts); + pos += snprintf(sqlcmd + pos, SQL_LENGTH - pos, ", %d, \'%s\' , \'%s\', \'%s\')", level, dbuser, result, content); + taos_query_a(monitor->conn, sqlcmd, dnodeMontiorInsertAuditCallback, "audit"); +} \ No newline at end of file diff --git a/src/system/detail/src/mgmtShell.c b/src/system/detail/src/mgmtShell.c index a3c93cbbce..a076dd5530 100644 --- a/src/system/detail/src/mgmtShell.c +++ b/src/system/detail/src/mgmtShell.c @@ -201,7 +201,7 @@ int mgmtProcessMeterMetaMsg(char *pMsg, int msgLen, SConnObj *pConn) { char db[TSDB_DB_NAME_LEN + 1] = {0}; extractDBName(pInfo->meterId, db); - if(strncasecmp(db,"audit",5) == 0 && pConn->pUser->auditAuth == 0 && pConn->pUser->superAuth == 0) { + if(strncasecmp(db,"audit",5) == 0 && pConn->pUser->auditAuth == 0 && pConn->pUser->superAuth == 0 && strncasecmp(pConn->pUser->user,"monitor",7) != 0) { if ((pStart = mgmtAllocMsg(pConn, size, &pMsg, &pRsp)) == NULL) { taosSendSimpleRsp(pConn->thandle, TSDB_MSG_TYPE_METERINFO_RSP, TSDB_CODE_SERV_OUT_OF_MEMORY); return 0; @@ -215,7 +215,7 @@ int mgmtProcessMeterMetaMsg(char *pMsg, int msgLen, SConnObj *pConn) { taosSendSimpleRsp(pConn->thandle, TSDB_MSG_TYPE_METERINFO_RSP, TSDB_CODE_SERV_OUT_OF_MEMORY); return 0; } - pRsp->code = TSDB_CODE_NO_READ_ACCESS; + pRsp->code = TSDB_CODE_NO_RIGHTS; pMsg++; goto _exit_code; } @@ -590,6 +590,9 @@ int mgmtProcessCreateDbMsg(char *pMsg, int msgLen, SConnObj *pConn) { code = mgmtCreateDb(pConn->pAcct, pCreate); if (code == TSDB_CODE_SUCCESS) { mLPrint("DB:%s is created by %s", pCreate->db, pConn->pUser->user); + char content[1024]; + sprintf(content, "DB:%s is created by %s", pCreate->db, pConn->pUser->user); + taosAuditRecord(AUDIT_INFO, pConn->pUser->user, "success", content); } } @@ -620,6 +623,9 @@ int mgmtProcessAlterDbMsg(char *pMsg, int msgLen, SConnObj *pConn) { code = mgmtAlterDb(pConn->pAcct, pAlter); if (code == TSDB_CODE_SUCCESS) { mLPrint("DB:%s is altered by %s", pAlter->db, pConn->pUser->user); + char content[1024]; + sprintf(content, "DB:%s is altered by %s", pAlter->db, pConn->pUser->user); + taosAuditRecord(AUDIT_INFO, pConn->pUser->user, "success", content); } } @@ -685,6 +691,9 @@ int mgmtProcessCreateUserMsg(char *pMsg, int msgLen, SConnObj *pConn) { code = mgmtCreateUser(pConn->pAcct, pCreate->user, pCreate->pass); if (code == TSDB_CODE_SUCCESS) { mLPrint("user:%s is created by %s", pCreate->user, pConn->pUser->user); + char content[1024]; + sprintf(content, "user:%s is created by %s", pCreate->user, pConn->pUser->user); + taosAuditRecord(AUDIT_INFO, pConn->pUser->user, "success", content); } } else { code = TSDB_CODE_NO_RIGHTS; @@ -745,6 +754,9 @@ int mgmtProcessAlterUserMsg(char *pMsg, int msgLen, SConnObj *pConn) { taosEncryptPass((uint8_t*)pAlter->pass, strlen(pAlter->pass), pUser->pass); code = mgmtUpdateUser(pUser); mLPrint("user:%s password is altered by %s, code:%d", pAlter->user, pConn->pUser->user, code); + char content[1024]; + sprintf(content, "user:%s password is altered by %s, code:%d", pAlter->user, pConn->pUser->user, code); + taosAuditRecord(AUDIT_INFO, pConn->pUser->user, "success", content); } else { code = TSDB_CODE_NO_RIGHTS; } -- GitLab