From 26934679012033e1d635f4500431297cad31f600 Mon Sep 17 00:00:00 2001 From: Cary Xu Date: Tue, 19 Oct 2021 00:18:32 +0800 Subject: [PATCH] [TS-463] grant check for query while not for write --- src/mnode/src/mnodeDb.c | 7 ++++++- src/mnode/src/mnodeDnode.c | 3 ++- src/mnode/src/mnodeFunc.c | 6 ++++-- src/mnode/src/mnodeTable.c | 4 +++- src/mnode/src/mnodeUser.c | 4 +++- src/mnode/src/mnodeWrite.c | 4 +++- src/vnode/src/vnodeRead.c | 11 +++++++++++ 7 files changed, 32 insertions(+), 7 deletions(-) diff --git a/src/mnode/src/mnodeDb.c b/src/mnode/src/mnodeDb.c index 9602e16483..3be81bad94 100644 --- a/src/mnode/src/mnodeDb.c +++ b/src/mnode/src/mnodeDb.c @@ -429,8 +429,10 @@ static int32_t mnodeCreateDb(SAcctObj *pAcct, SCreateDbMsg *pCreate, SMnodeMsg * } } +#ifdef GRANT_CHECK_WRITE code = grantCheck(TSDB_GRANT_DB); if (code != 0) return code; +#endif pDb = calloc(1, sizeof(SDbObj)); tstrncpy(pDb->name, pCreate->db, sizeof(pDb->name)); @@ -927,9 +929,12 @@ static int32_t mnodeProcessCreateDbMsg(SMnodeMsg *pMsg) { pCreate->maxRowsPerFileBlock = htonl(pCreate->maxRowsPerFileBlock); int32_t code; +#ifdef GRANT_CHECK_WRITE if (grantCheck(TSDB_GRANT_TIME) != TSDB_CODE_SUCCESS) { code = TSDB_CODE_GRANT_EXPIRED; - } else if (!pMsg->pUser->writeAuth) { + } else +#endif + if (!pMsg->pUser->writeAuth) { code = TSDB_CODE_MND_NO_RIGHTS; } else { code = mnodeCreateDb(pMsg->pUser->pAcct, pCreate, pMsg); diff --git a/src/mnode/src/mnodeDnode.c b/src/mnode/src/mnodeDnode.c index 7dd199cca4..e5ecec6e32 100644 --- a/src/mnode/src/mnodeDnode.c +++ b/src/mnode/src/mnodeDnode.c @@ -663,11 +663,12 @@ static int32_t mnodeProcessDnodeStatusMsg(SMnodeMsg *pMsg) { } static int32_t mnodeCreateDnode(char *ep, SMnodeMsg *pMsg) { +#ifndef GRANT_CHECK_WRITE int32_t grantCode = grantCheck(TSDB_GRANT_DNODE); if (grantCode != TSDB_CODE_SUCCESS) { return grantCode; } - +#endif char dnodeEp[TSDB_EP_LEN] = {0}; tstrncpy(dnodeEp, ep, TSDB_EP_LEN); strtrim(dnodeEp); diff --git a/src/mnode/src/mnodeFunc.c b/src/mnode/src/mnodeFunc.c index 253958efbe..7faf98bccc 100644 --- a/src/mnode/src/mnodeFunc.c +++ b/src/mnode/src/mnodeFunc.c @@ -191,9 +191,11 @@ static int32_t mnodeUpdateFunc(SFuncObj *pFunc, void *pMsg) { } */ int32_t mnodeCreateFunc(SAcctObj *pAcct, char *name, int32_t codeLen, char *codeScript, char *path, uint8_t outputType, int16_t outputLen, int32_t funcType, int32_t bufSize, SMnodeMsg *pMsg) { +#ifdef GRANT_CHECK_WRITE if (grantCheck(TSDB_GRANT_TIME) != TSDB_CODE_SUCCESS) { return TSDB_CODE_GRANT_EXPIRED; } +#endif if (!pMsg->pUser->writeAuth) { return TSDB_CODE_MND_NO_RIGHTS; @@ -203,12 +205,12 @@ int32_t mnodeCreateFunc(SAcctObj *pAcct, char *name, int32_t codeLen, char *code if (code != TSDB_CODE_SUCCESS) { return code; } - +#ifdef GRANT_CHECK_WRITE code = grantCheck(TSDB_GRANT_USER); if (code != TSDB_CODE_SUCCESS) { return code; } - +#endif if (name[0] == 0) { return TSDB_CODE_MND_INVALID_FUNC_NAME; } diff --git a/src/mnode/src/mnodeTable.c b/src/mnode/src/mnodeTable.c index 960dab6a5b..85f3ee191f 100644 --- a/src/mnode/src/mnodeTable.c +++ b/src/mnode/src/mnodeTable.c @@ -2216,18 +2216,20 @@ static int32_t mnodeProcessCreateChildTableMsg(SMnodeMsg *pMsg) { //SCMCreateTableMsg* p1 = pMsg->rpcMsg.pCont; // there are several tables here. SCreateTableMsg* pCreate = (SCreateTableMsg*)((char *)pMsg->rpcMsg.pCont + sizeof(SCMCreateTableMsg)); +#ifdef GRANT_CHECK_WRITE int32_t code = grantCheck(TSDB_GRANT_TIMESERIES); if (code != TSDB_CODE_SUCCESS) { mError("msg:%p, app:%p table:%s, failed to create, grant timeseries failed", pMsg, pMsg->rpcMsg.ahandle, pCreate->tableName); return code; } +#endif if (pMsg->retry == 0) { if (pMsg->pTable == NULL) { SVgObj *pVgroup = NULL; int32_t tid = 0; - code = mnodeGetAvailableVgroup(pMsg, &pVgroup, &tid); + int32_t code = mnodeGetAvailableVgroup(pMsg, &pVgroup, &tid); if (code != TSDB_CODE_SUCCESS) { mDebug("msg:%p, app:%p table:%s, failed to get available vgroup, reason:%s", pMsg, pMsg->rpcMsg.ahandle, pCreate->tableName, tstrerror(code)); diff --git a/src/mnode/src/mnodeUser.c b/src/mnode/src/mnodeUser.c index c5c54791cf..9e06a4bef3 100644 --- a/src/mnode/src/mnodeUser.c +++ b/src/mnode/src/mnodeUser.c @@ -249,11 +249,13 @@ int32_t mnodeCreateUser(SAcctObj *pAcct, char *name, char *pass, void *pMsg) { mnodeDecUserRef(pUser); return TSDB_CODE_MND_USER_ALREADY_EXIST; } - + +#ifdef GRANT_CHECK_WRITE code = grantCheck(TSDB_GRANT_USER); if (code != TSDB_CODE_SUCCESS) { return code; } +#endif pUser = calloc(1, sizeof(SUserObj)); tstrncpy(pUser->user, name, TSDB_USER_LEN); diff --git a/src/mnode/src/mnodeWrite.c b/src/mnode/src/mnodeWrite.c index 9a993dfaaf..a954ecb5c2 100644 --- a/src/mnode/src/mnodeWrite.c +++ b/src/mnode/src/mnodeWrite.c @@ -65,14 +65,16 @@ int32_t mnodeProcessWrite(SMnodeMsg *pMsg) { return TSDB_CODE_MND_MSG_NOT_PROCESSED; } +#ifdef GRANT_CHECK_WRITE int32_t code = grantCheck(TSDB_GRANT_TIME); if (code != TSDB_CODE_SUCCESS) { mError("msg:%p, app:%p type:%s not processed, reason:%s", pMsg, pMsg->rpcMsg.ahandle, taosMsg[pMsg->rpcMsg.msgType], tstrerror(code)); return code; } +#endif - code = mnodeInitMsg(pMsg); + int32_t code = mnodeInitMsg(pMsg); if (code != TSDB_CODE_SUCCESS) { mError("msg:%p, app:%p type:%s not processed, reason:%s", pMsg, pMsg->rpcMsg.ahandle, taosMsg[pMsg->rpcMsg.msgType], tstrerror(code)); diff --git a/src/vnode/src/vnodeRead.c b/src/vnode/src/vnodeRead.c index 64f87ba5ca..291c7d7ea4 100644 --- a/src/vnode/src/vnodeRead.c +++ b/src/vnode/src/vnodeRead.c @@ -20,6 +20,7 @@ #include "tglobal.h" #include "query.h" #include "vnodeStatus.h" +#include "tgrant.h" int32_t vNumOfExistedQHandle; // current initialized and existed query handle in current dnode @@ -227,6 +228,16 @@ static int32_t vnodeProcessQueryMsg(SVnodeObj *pVnode, SVReadMsg *pRead) { vError("error rpc msg in query, %s", tstrerror(pRead->code)); } + if (grantCheck(TSDB_GRANT_TIME) != TSDB_CODE_SUCCESS) { + SQueryTableRsp *pRsp = (SQueryTableRsp *)rpcMallocCont(sizeof(SQueryTableRsp)); + pRsp->code = TSDB_CODE_GRANT_EXPIRED; + pRsp->qId = 0; + + pRet->len = sizeof(SQueryTableRsp); + pRet->rsp = pRsp; + return pRsp->code; + } + int32_t code = TSDB_CODE_SUCCESS; void ** handle = NULL; -- GitLab