未验证 提交 d129e3bf 编写于 作者: P plum-lihui 提交者: GitHub

Merge pull request #923 from taosdata/hotfix/#921

#921
...@@ -677,77 +677,164 @@ int mgmtProcessAlterUserMsg(char *pMsg, int msgLen, SConnObj *pConn) { ...@@ -677,77 +677,164 @@ int mgmtProcessAlterUserMsg(char *pMsg, int msgLen, SConnObj *pConn) {
SAlterUserMsg *pAlter = (SAlterUserMsg *)pMsg; SAlterUserMsg *pAlter = (SAlterUserMsg *)pMsg;
int code = 0; int code = 0;
SUserObj * pUser; SUserObj * pUser;
SUserObj * pOperUser;
if (mgmtCheckRedirectMsg(pConn, TSDB_MSG_TYPE_ALTER_USER_RSP) != 0) { if (mgmtCheckRedirectMsg(pConn, TSDB_MSG_TYPE_ALTER_USER_RSP) != 0) {
return 0; return 0;
} }
pUser = mgmtGetUser(pAlter->user); pUser = mgmtGetUser(pAlter->user);
pOperUser = mgmtGetUser(pConn->pUser->user);
if (pUser == NULL) { if (pUser == NULL) {
taosSendSimpleRsp(pConn->thandle, TSDB_MSG_TYPE_ALTER_USER_RSP, TSDB_CODE_INVALID_USER); taosSendSimpleRsp(pConn->thandle, TSDB_MSG_TYPE_ALTER_USER_RSP, TSDB_CODE_INVALID_USER);
return 0; return 0;
} }
if (strcmp(pUser->user, "monitor") == 0 || strcmp(pUser->user, "stream") == 0) { if (pOperUser == NULL) {
taosSendSimpleRsp(pConn->thandle, TSDB_MSG_TYPE_ALTER_USER_RSP, TSDB_CODE_INVALID_USER);
return 0;
}
if (strcmp(pUser->user, "monitor") == 0 || (strcmp(pUser->user + 1, pUser->acct) == 0 && pUser->user[0] == '_')) {
code = TSDB_CODE_NO_RIGHTS; code = TSDB_CODE_NO_RIGHTS;
} else if ((strcmp(pUser->user, pConn->pUser->user) == 0) || taosSendSimpleRsp(pConn->thandle, TSDB_MSG_TYPE_ALTER_USER_RSP, code);
((strcmp(pUser->acct, pConn->pAcct->user) == 0) && pConn->superAuth) || return 0;
(strcmp(pConn->pUser->user, "root") == 0)) { }
if ((pAlter->flag & TSDB_ALTER_USER_PASSWD) != 0) {
if ((pAlter->flag & TSDB_ALTER_USER_PASSWD) != 0) {
bool hasRight = false;
if (strcmp(pOperUser->user, "root") == 0) {
hasRight = true;
} else if (strcmp(pUser->user, pOperUser->user) == 0) {
hasRight = true;
} else if (pOperUser->superAuth) {
if (strcmp(pUser->user, "root") == 0) {
hasRight = false;
} else if (strcmp(pOperUser->acct, pUser->acct) != 0) {
hasRight = false;
} else {
hasRight = true;
}
}
if (hasRight) {
memset(pUser->pass, 0, sizeof(pUser->pass)); memset(pUser->pass, 0, sizeof(pUser->pass));
taosEncryptPass(pAlter->pass, strlen(pAlter->pass), pUser->pass); taosEncryptPass(pAlter->pass, strlen(pAlter->pass), pUser->pass);
code = mgmtUpdateUser(pUser);
mLPrint("user:%s password is altered by %s, code:%d", pAlter->user, pConn->pUser->user, code);
} else {
code = TSDB_CODE_NO_RIGHTS;
} }
if ((pAlter->flag & TSDB_ALTER_USER_PRIVILEGES) != 0) {
if (pAlter->privilege == 1) { // super taosSendSimpleRsp(pConn->thandle, TSDB_MSG_TYPE_ALTER_USER_RSP, code);
pUser->superAuth = 1; return 0;
pUser->writeAuth = 1; }
}
if (pAlter->privilege == 2) { // read if ((pAlter->flag & TSDB_ALTER_USER_PRIVILEGES) != 0) {
pUser->superAuth = 0; bool hasRight = false;
pUser->writeAuth = 0; if (strcmp(pUser->user, "root") == 0) {
hasRight = false;
} else if (strcmp(pOperUser->user, "root") == 0) {
hasRight = true;
} else if (strcmp(pUser->user, pOperUser->user) == 0) {
hasRight = false;
} else if (pOperUser->superAuth) {
if (strcmp(pUser->user, "root") == 0) {
hasRight = false;
} else if (strcmp(pOperUser->acct, pUser->acct) != 0) {
hasRight = false;
} else {
hasRight = true;
} }
if (pAlter->privilege == 3) { // write }
pUser->superAuth = 0;
pUser->writeAuth = 1; if (hasRight) {
if ((pAlter->flag & TSDB_ALTER_USER_PRIVILEGES) != 0) {
if (pAlter->privilege == 1) { // super
pUser->superAuth = 1;
pUser->writeAuth = 1;
}
if (pAlter->privilege == 2) { // read
pUser->superAuth = 0;
pUser->writeAuth = 0;
}
if (pAlter->privilege == 3) { // write
pUser->superAuth = 0;
pUser->writeAuth = 1;
}
} }
code = mgmtUpdateUser(pUser);
mLPrint("user:%s privilege is altered by %s, code:%d", pAlter->user, pConn->pUser->user, code);
} else {
code = TSDB_CODE_NO_RIGHTS;
} }
code = mgmtUpdateUser(pUser); taosSendSimpleRsp(pConn->thandle, TSDB_MSG_TYPE_ALTER_USER_RSP, code);
mLPrint("user:%s is altered by %s", pAlter->user, pConn->pUser->user); return 0;
} else {
code = TSDB_CODE_NO_RIGHTS;
} }
code = TSDB_CODE_NO_RIGHTS;
taosSendSimpleRsp(pConn->thandle, TSDB_MSG_TYPE_ALTER_USER_RSP, code); taosSendSimpleRsp(pConn->thandle, TSDB_MSG_TYPE_ALTER_USER_RSP, code);
return 0; return 0;
} }
int mgmtProcessDropUserMsg(char *pMsg, int msgLen, SConnObj *pConn) { int mgmtProcessDropUserMsg(char *pMsg, int msgLen, SConnObj *pConn) {
SDropUserMsg *pDrop = (SDropUserMsg *)pMsg; SDropUserMsg *pDrop = (SDropUserMsg *)pMsg;
int code = 0; int code = 0;
SUserObj * pUser;
SUserObj * pOperUser;
if (mgmtCheckRedirectMsg(pConn, TSDB_MSG_TYPE_DROP_USER_RSP) != 0) { if (mgmtCheckRedirectMsg(pConn, TSDB_MSG_TYPE_DROP_USER_RSP) != 0) {
return 0; return 0;
} }
if (strcmp(pConn->pUser->user, pDrop->user) == 0) { pUser = mgmtGetUser(pDrop->user);
code = TSDB_CODE_NO_RIGHTS; pOperUser = mgmtGetUser(pConn->pUser->user);
} else if (strcmp(pDrop->user, "monitor") == 0 || strcmp(pDrop->user, "stream") == 0) {
if (pUser == NULL) {
taosSendSimpleRsp(pConn->thandle, TSDB_MSG_TYPE_DROP_USER_RSP, TSDB_CODE_INVALID_USER);
return 0;
}
if (pOperUser == NULL) {
taosSendSimpleRsp(pConn->thandle, TSDB_MSG_TYPE_DROP_USER_RSP, TSDB_CODE_INVALID_USER);
return 0;
}
if (strcmp(pUser->user, "monitor") == 0 || (strcmp(pUser->user + 1, pUser->acct) == 0 && pUser->user[0] == '_')) {
code = TSDB_CODE_NO_RIGHTS; code = TSDB_CODE_NO_RIGHTS;
} else { taosSendSimpleRsp(pConn->thandle, TSDB_MSG_TYPE_DROP_USER_RSP, code);
if (pConn->superAuth) { return 0;
code = mgmtDropUser(pConn->pAcct, pDrop->user); }
if (code == 0) {
mLPrint("user:%s is dropped by %s", pDrop->user, pConn->pUser->user); bool hasRight = false;
} if (strcmp(pUser->user, "root") == 0) {
hasRight = false;
} else if (strcmp(pOperUser->user, "root") == 0) {
hasRight = true;
} else if (strcmp(pUser->user, pOperUser->user) == 0) {
hasRight = false;
} else if (pOperUser->superAuth) {
if (strcmp(pUser->user, "root") == 0) {
hasRight = false;
} else if (strcmp(pOperUser->acct, pUser->acct) != 0) {
hasRight = false;
} else { } else {
code = TSDB_CODE_NO_RIGHTS; hasRight = true;
} }
} }
taosSendSimpleRsp(pConn->thandle, TSDB_MSG_TYPE_DROP_USER_RSP, code); if (hasRight) {
code = mgmtDropUser(pConn->pAcct, pDrop->user);
if (code == 0) {
mLPrint("user:%s is dropped by %s", pDrop->user, pConn->pUser->user);
}
} else {
code = TSDB_CODE_NO_RIGHTS;
}
taosSendSimpleRsp(pConn->thandle, TSDB_MSG_TYPE_DROP_USER_RSP, code);
return 0; return 0;
} }
...@@ -1121,7 +1208,7 @@ void mgmtEstablishConn(SConnObj *pConn) { ...@@ -1121,7 +1208,7 @@ void mgmtEstablishConn(SConnObj *pConn) {
atomic_fetch_add_32(&sdbExtConns, 1); atomic_fetch_add_32(&sdbExtConns, 1);
pConn->stime = taosGetTimestampMs(); pConn->stime = taosGetTimestampMs();
if (strcmp(pConn->pUser->user, "root") == 0 || strcmp(pConn->pUser->user, pConn->pAcct->user) == 0) { if (strcmp(pConn->pUser->user, "root") == 0) {
pConn->superAuth = 1; pConn->superAuth = 1;
pConn->writeAuth = 1; pConn->writeAuth = 1;
} else { } else {
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册