Merge pull request #8319 from taosdata/feature/TS-463

Feature/ts 463: grant check for query while not for write/show

Merge pull request #8319 from taosdata/feature/TS-463
Feature/ts 463: grant check for query while not for write/show
003d509d · Shengliang Guan · GitHub · 9c8f5a03 · 33111276 · 003d509d
9 changed file
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -18,6 +18,7 @@ ENDIF ()
 SET(TD_ACCOUNT FALSE)
 SET(TD_ADMIN FALSE)
 SET(TD_GRANT FALSE)
+SET(TD_USB_DONGLE FALSE)
 SET(TD_MQTT FALSE)
 SET(TD_TSDB_PLUGINS FALSE)
 SET(TD_STORAGE FALSE)

--- a/cmake/define.inc
+++ b/cmake/define.inc
@@ -13,6 +13,10 @@ IF (TD_GRANT)
  ADD_DEFINITIONS(-D_GRANT)
 ENDIF ()

+IF (TD_USB_DONGLE)
+  ADD_DEFINITIONS(-D_USB_DONGLE)
+ENDIF ()
+
 IF (TD_MQTT)
  ADD_DEFINITIONS(-D_MQTT)
 ENDIF ()

--- a/src/dnode/CMakeLists.txt
+++ b/src/dnode/CMakeLists.txt
@@ -39,6 +39,10 @@ IF (TD_GRANT)
  TARGET_LINK_LIBRARIES(taosd grant)
 ENDIF ()

+IF (TD_USB_DONGLE)
+  TARGET_LINK_LIBRARIES(taosd usb_dongle)
+ENDIF ()
+
 IF (TD_MQTT)
  TARGET_LINK_LIBRARIES(taosd mqtt)
 ENDIF ()

--- a/src/dnode/src/dnodeMain.c
+++ b/src/dnode/src/dnodeMain.c
@@ -23,6 +23,7 @@
 #include "twal.h"
 #include "tfs.h"
 #include "tsync.h"
+#include "tgrant.h"
 #include "dnodeStep.h"
 #include "dnodePeer.h"
 #include "dnodeModule.h"
@@ -88,6 +89,7 @@ static SStep tsDnodeSteps[] = {
  {"dnode-statustmr", dnodeInitStatusTimer,dnodeCleanupStatusTimer},
  {"dnode-telemetry", dnodeInitTelemetry,  dnodeCleanupTelemetry},
  {"dnode-script",    scriptEnvPoolInit,   scriptEnvPoolCleanup},
+  {"dnode-grant",     grantInit,           grantCleanUp},
 };

 static SStep tsDnodeCompactSteps[] = {

--- a/src/mnode/src/mnodeDb.c
+++ b/src/mnode/src/mnodeDb.c
@@ -927,9 +927,12 @@ static int32_t mnodeProcessCreateDbMsg(SMnodeMsg *pMsg) {
  pCreate->maxRowsPerFileBlock = htonl(pCreate->maxRowsPerFileBlock);
  
  int32_t code;
+#ifdef GRANT_CHECK_WRITE
  if (grantCheck(TSDB_GRANT_TIME) != TSDB_CODE_SUCCESS) {
    code = TSDB_CODE_GRANT_EXPIRED;
-  } else if (!pMsg->pUser->writeAuth) {
+  } // else
+#endif
+  if (!pMsg->pUser->writeAuth) {
    code = TSDB_CODE_MND_NO_RIGHTS;
  } else {
    code = mnodeCreateDb(pMsg->pUser->pAcct, pCreate, pMsg);

--- a/src/mnode/src/mnodeFunc.c
+++ b/src/mnode/src/mnodeFunc.c
@@ -191,9 +191,11 @@ static int32_t mnodeUpdateFunc(SFuncObj *pFunc, void *pMsg) {
 }
 */
 int32_t mnodeCreateFunc(SAcctObj *pAcct, char *name, int32_t codeLen, char *codeScript, char *path, uint8_t outputType, int16_t outputLen, int32_t funcType, int32_t bufSize, SMnodeMsg *pMsg) {
+#ifdef GRANT_CHECK_WRITE
  if (grantCheck(TSDB_GRANT_TIME) != TSDB_CODE_SUCCESS) {
    return TSDB_CODE_GRANT_EXPIRED;
  }
+#endif

  if (!pMsg->pUser->writeAuth) {
    return TSDB_CODE_MND_NO_RIGHTS;

--- a/src/mnode/src/mnodeMain.c
+++ b/src/mnode/src/mnodeMain.c
@@ -55,7 +55,7 @@ static SStep tsMnodeSteps[] = {
  {"mnodes",  mnodeInitMnodes,  mnodeCleanupMnodes},
  {"sdb",     sdbInit,          sdbCleanUp},
  {"balance", bnInit,           bnCleanUp},
-  {"grant",   grantInit,        grantCleanUp},
+  // {"grant",   grantInit,        grantCleanUp},
  {"show",    mnodeInitShow,    mnodeCleanUpShow}
 };


--- a/src/mnode/src/mnodeWrite.c
+++ b/src/mnode/src/mnodeWrite.c
@@ -65,14 +65,16 @@ int32_t mnodeProcessWrite(SMnodeMsg *pMsg) {
    return TSDB_CODE_MND_MSG_NOT_PROCESSED;
  }

+#ifdef GRANT_CHECK_WRITE
  int32_t code = grantCheck(TSDB_GRANT_TIME);
  if (code != TSDB_CODE_SUCCESS) {
    mError("msg:%p, app:%p type:%s not processed, reason:%s", pMsg, pMsg->rpcMsg.ahandle, taosMsg[pMsg->rpcMsg.msgType],
           tstrerror(code));
    return code;
  }
+#endif

-  code = mnodeInitMsg(pMsg);
+  int32_t code = mnodeInitMsg(pMsg);
  if (code != TSDB_CODE_SUCCESS) {
    mError("msg:%p, app:%p type:%s not processed, reason:%s", pMsg, pMsg->rpcMsg.ahandle, taosMsg[pMsg->rpcMsg.msgType],
           tstrerror(code));

--- a/src/vnode/src/vnodeRead.c
+++ b/src/vnode/src/vnodeRead.c
@@ -20,6 +20,7 @@
 #include "tglobal.h"
 #include "query.h"
 #include "vnodeStatus.h"
+#include "tgrant.h"

 int32_t vNumOfExistedQHandle;   // current initialized and existed query handle in current dnode

@@ -55,6 +56,11 @@ int32_t vnodeProcessRead(void *vparam, SVReadMsg *pRead) {
 }

 static int32_t vnodeCheckRead(SVnodeObj *pVnode) {
+  if (grantCheck(TSDB_GRANT_TIME) != TSDB_CODE_SUCCESS) {
+    vDebug("vgId:%d, grant expired, refCount:%d pVnode:%p", pVnode->vgId, pVnode->refCount, pVnode);
+    return TSDB_CODE_GRANT_EXPIRED;
+  }
+
  if (!vnodeInReadyStatus(pVnode)) {
    vDebug("vgId:%d, vnode status is %s, refCount:%d pVnode:%p", pVnode->vgId, vnodeStatus[pVnode->status],
           pVnode->refCount, pVnode);