Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
taosdata
TDengine
提交
4c30b53a
T
TDengine
项目概览
taosdata
/
TDengine
大约 1 年 前同步成功
通知
1184
Star
22015
Fork
4786
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
1
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
TDengine
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
1
Issue
1
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
4c30b53a
编写于
5月 09, 2022
作者:
S
Shengliang Guan
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
feat: make grant revoke work
上级
b5cb7cac
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
90 addition
and
68 deletion
+90
-68
include/common/tmsg.h
include/common/tmsg.h
+4
-6
source/dnode/mnode/impl/inc/mndAuth.h
source/dnode/mnode/impl/inc/mndAuth.h
+1
-1
source/dnode/mnode/impl/src/mndAuth.c
source/dnode/mnode/impl/src/mndAuth.c
+3
-14
source/dnode/mnode/impl/src/mndUser.c
source/dnode/mnode/impl/src/mndUser.c
+82
-47
未找到文件。
include/common/tmsg.h
浏览文件 @
4c30b53a
...
...
@@ -131,12 +131,10 @@ typedef enum _mgmt_table {
#define TSDB_ALTER_USER_SUPERUSER 0x2
#define TSDB_ALTER_USER_ADD_READ_DB 0x3
#define TSDB_ALTER_USER_REMOVE_READ_DB 0x4
#define TSDB_ALTER_USER_CLEAR_READ_DB 0x5
#define TSDB_ALTER_USER_ADD_WRITE_DB 0x6
#define TSDB_ALTER_USER_REMOVE_WRITE_DB 0x7
#define TSDB_ALTER_USER_CLEAR_WRITE_DB 0x8
#define TSDB_ALTER_USER_ADD_ALL_DB 0x9
#define TSDB_ALTER_USER_REMOVE_ALL_DB 0xA
#define TSDB_ALTER_USER_ADD_WRITE_DB 0x5
#define TSDB_ALTER_USER_REMOVE_WRITE_DB 0x6
#define TSDB_ALTER_USER_ADD_ALL_DB 0x7
#define TSDB_ALTER_USER_REMOVE_ALL_DB 0x8
#define TSDB_ALTER_USER_PRIVILEGES 0x2
...
...
source/dnode/mnode/impl/inc/mndAuth.h
浏览文件 @
4c30b53a
...
...
@@ -26,7 +26,7 @@ int32_t mndInitAuth(SMnode *pMnode);
void
mndCleanupAuth
(
SMnode
*
pMnode
);
int32_t
mndCheckCreateUserAuth
(
SUserObj
*
pOperUser
);
int32_t
mndCheckAlterUserAuth
(
SUserObj
*
pOperUser
,
SUserObj
*
pUser
,
S
DbObj
*
pDb
,
S
AlterUserReq
*
pAlter
);
int32_t
mndCheckAlterUserAuth
(
SUserObj
*
pOperUser
,
SUserObj
*
pUser
,
SAlterUserReq
*
pAlter
);
int32_t
mndCheckDropUserAuth
(
SUserObj
*
pOperUser
);
int32_t
mndCheckNodeAuth
(
SUserObj
*
pOperUser
);
...
...
source/dnode/mnode/impl/src/mndAuth.c
浏览文件 @
4c30b53a
...
...
@@ -79,14 +79,12 @@ int32_t mndCheckCreateUserAuth(SUserObj *pOperUser) {
return
-
1
;
}
int32_t
mndCheckAlterUserAuth
(
SUserObj
*
pOperUser
,
SUserObj
*
pUser
,
S
DbObj
*
pDb
,
S
AlterUserReq
*
pAlter
)
{
int32_t
mndCheckAlterUserAuth
(
SUserObj
*
pOperUser
,
SUserObj
*
pUser
,
SAlterUserReq
*
pAlter
)
{
if
(
pAlter
->
alterType
==
TSDB_ALTER_USER_PASSWD
)
{
if
(
pOperUser
->
superUser
||
strcmp
(
pUser
->
user
,
pOperUser
->
user
)
==
0
)
{
return
0
;
}
}
if
(
pAlter
->
alterType
==
TSDB_ALTER_USER_SUPERUSER
)
{
}
else
if
(
pAlter
->
alterType
==
TSDB_ALTER_USER_SUPERUSER
)
{
if
(
strcmp
(
pUser
->
user
,
TSDB_DEFAULT_USER
)
==
0
)
{
terrno
=
TSDB_CODE_MND_NO_RIGHTS
;
return
-
1
;
...
...
@@ -95,21 +93,12 @@ int32_t mndCheckAlterUserAuth(SUserObj *pOperUser, SUserObj *pUser, SDbObj *pDb,
if
(
pOperUser
->
superUser
)
{
return
0
;
}
}
if
(
pAlter
->
alterType
==
TSDB_ALTER_USER_CLEAR_WRITE_DB
||
pAlter
->
alterType
==
TSDB_ALTER_USER_CLEAR_READ_DB
)
{
}
else
{
if
(
pOperUser
->
superUser
)
{
return
0
;
}
}
if
(
pAlter
->
alterType
==
TSDB_ALTER_USER_ADD_READ_DB
||
pAlter
->
alterType
==
TSDB_ALTER_USER_REMOVE_READ_DB
||
pAlter
->
alterType
==
TSDB_ALTER_USER_ADD_WRITE_DB
||
pAlter
->
alterType
==
TSDB_ALTER_USER_REMOVE_WRITE_DB
)
{
if
(
pOperUser
->
superUser
||
strcmp
(
pUser
->
user
,
pDb
->
createUser
)
==
0
)
{
return
0
;
}
}
terrno
=
TSDB_CODE_MND_NO_RIGHTS
;
return
-
1
;
}
...
...
source/dnode/mnode/impl/src/mndUser.c
浏览文件 @
4c30b53a
...
...
@@ -394,6 +394,8 @@ static SHashObj *mndDupDbHash(SHashObj *pOld) {
static
int32_t
mndProcessAlterUserReq
(
SNodeMsg
*
pReq
)
{
SMnode
*
pMnode
=
pReq
->
pNode
;
SSdb
*
pSdb
=
pMnode
->
pSdb
;
void
*
pIter
=
NULL
;
int32_t
code
=
-
1
;
SUserObj
*
pUser
=
NULL
;
SUserObj
*
pOperUser
=
NULL
;
...
...
@@ -429,7 +431,13 @@ static int32_t mndProcessAlterUserReq(SNodeMsg *pReq) {
goto
_OVER
;
}
if
(
mndCheckAlterUserAuth
(
pOperUser
,
pUser
,
&
alterReq
)
!=
0
)
{
goto
_OVER
;
}
memcpy
(
&
newUser
,
pUser
,
sizeof
(
SUserObj
));
newUser
.
authVersion
++
;
newUser
.
updateTime
=
taosGetTimestampMs
();
taosRLockLatch
(
&
pUser
->
lock
);
newUser
.
readDbs
=
mndDupDbHash
(
pUser
->
readDbs
);
...
...
@@ -440,63 +448,90 @@ static int32_t mndProcessAlterUserReq(SNodeMsg *pReq) {
goto
_OVER
;
}
int32_t
len
=
strlen
(
alterReq
.
dbname
)
+
1
;
SDbObj
*
pDb
=
mndAcquireDb
(
pMnode
,
alterReq
.
dbname
);
mndReleaseDb
(
pMnode
,
pDb
);
if
(
alterReq
.
alterType
==
TSDB_ALTER_USER_PASSWD
)
{
char
pass
[
TSDB_PASSWORD_LEN
+
1
]
=
{
0
};
taosEncryptPass_c
((
uint8_t
*
)
alterReq
.
pass
,
strlen
(
alterReq
.
pass
),
pass
);
memcpy
(
newUser
.
pass
,
pass
,
TSDB_PASSWORD_LEN
);
}
else
if
(
alterReq
.
alterType
==
TSDB_ALTER_USER_SUPERUSER
)
{
}
if
(
alterReq
.
alterType
==
TSDB_ALTER_USER_SUPERUSER
)
{
newUser
.
superUser
=
alterReq
.
superUser
;
}
else
if
(
alterReq
.
alterType
==
TSDB_ALTER_USER_ADD_READ_DB
)
{
if
(
pDb
==
NULL
)
{
terrno
=
TSDB_CODE_MND_DB_NOT_EXIST
;
goto
_OVER
;
}
if
(
taosHashPut
(
newUser
.
readDbs
,
alterReq
.
dbname
,
len
,
alterReq
.
dbname
,
TSDB_DB_FNAME_LEN
)
!=
0
)
{
terrno
=
TSDB_CODE_OUT_OF_MEMORY
;
goto
_OVER
;
}
newUser
.
authVersion
++
;
}
else
if
(
alterReq
.
alterType
==
TSDB_ALTER_USER_REMOVE_READ_DB
)
{
if
(
taosHashRemove
(
newUser
.
readDbs
,
alterReq
.
dbname
,
len
)
!=
0
)
{
terrno
=
TSDB_CODE_MND_DB_NOT_EXIST
;
goto
_OVER
;
}
newUser
.
authVersion
++
;
}
else
if
(
alterReq
.
alterType
==
TSDB_ALTER_USER_CLEAR_READ_DB
)
{
taosHashClear
(
newUser
.
readDbs
);
newUser
.
authVersion
++
;
}
else
if
(
alterReq
.
alterType
==
TSDB_ALTER_USER_ADD_WRITE_DB
)
{
if
(
pDb
==
NULL
)
{
terrno
=
TSDB_CODE_MND_DB_NOT_EXIST
;
goto
_OVER
;
}
if
(
taosHashPut
(
newUser
.
writeDbs
,
alterReq
.
dbname
,
len
,
alterReq
.
dbname
,
TSDB_DB_FNAME_LEN
)
!=
0
)
{
terrno
=
TSDB_CODE_OUT_OF_MEMORY
;
goto
_OVER
;
}
if
(
alterReq
.
alterType
==
TSDB_ALTER_USER_ADD_READ_DB
||
alterReq
.
alterType
==
TSDB_ALTER_USER_ADD_ALL_DB
)
{
if
(
strcmp
(
alterReq
.
dbname
,
"*"
)
!=
0
)
{
int32_t
len
=
strlen
(
alterReq
.
dbname
)
+
1
;
SDbObj
*
pDb
=
mndAcquireDb
(
pMnode
,
alterReq
.
dbname
);
if
(
pDb
==
NULL
)
{
mndReleaseDb
(
pMnode
,
pDb
);
goto
_OVER
;
}
if
(
taosHashPut
(
newUser
.
readDbs
,
alterReq
.
dbname
,
len
,
alterReq
.
dbname
,
TSDB_DB_FNAME_LEN
)
!=
0
)
{
mndReleaseDb
(
pMnode
,
pDb
);
goto
_OVER
;
}
}
else
{
while
(
1
)
{
SDbObj
*
pDb
=
NULL
;
pIter
=
sdbFetch
(
pSdb
,
SDB_DB
,
pIter
,
(
void
**
)
&
pDb
);
if
(
pIter
==
NULL
)
break
;
int32_t
len
=
strlen
(
pDb
->
name
)
+
1
;
taosHashPut
(
newUser
.
readDbs
,
pDb
->
name
,
len
,
pDb
->
name
,
TSDB_DB_FNAME_LEN
);
sdbRelease
(
pSdb
,
pDb
);
}
}
newUser
.
authVersion
++
;
}
else
if
(
alterReq
.
alterType
==
TSDB_ALTER_USER_REMOVE_WRITE_DB
)
{
if
(
taosHashRemove
(
newUser
.
writeDbs
,
alterReq
.
dbname
,
len
)
!=
0
)
{
terrno
=
TSDB_CODE_MND_DB_NOT_EXIST
;
goto
_OVER
;
}
if
(
alterReq
.
alterType
==
TSDB_ALTER_USER_ADD_WRITE_DB
||
alterReq
.
alterType
==
TSDB_ALTER_USER_ADD_ALL_DB
)
{
if
(
strcmp
(
alterReq
.
dbname
,
"*"
)
!=
0
)
{
int32_t
len
=
strlen
(
alterReq
.
dbname
)
+
1
;
SDbObj
*
pDb
=
mndAcquireDb
(
pMnode
,
alterReq
.
dbname
);
if
(
pDb
==
NULL
)
{
mndReleaseDb
(
pMnode
,
pDb
);
goto
_OVER
;
}
if
(
taosHashPut
(
newUser
.
writeDbs
,
alterReq
.
dbname
,
len
,
alterReq
.
dbname
,
TSDB_DB_FNAME_LEN
)
!=
0
)
{
mndReleaseDb
(
pMnode
,
pDb
);
goto
_OVER
;
}
}
else
{
while
(
1
)
{
SDbObj
*
pDb
=
NULL
;
pIter
=
sdbFetch
(
pSdb
,
SDB_DB
,
pIter
,
(
void
**
)
&
pDb
);
if
(
pIter
==
NULL
)
break
;
int32_t
len
=
strlen
(
pDb
->
name
)
+
1
;
taosHashPut
(
newUser
.
writeDbs
,
pDb
->
name
,
len
,
pDb
->
name
,
TSDB_DB_FNAME_LEN
);
sdbRelease
(
pSdb
,
pDb
);
}
}
newUser
.
authVersion
++
;
}
else
if
(
alterReq
.
alterType
==
TSDB_ALTER_USER_CLEAR_WRITE_DB
)
{
taosHashClear
(
newUser
.
writeDbs
);
newUser
.
authVersion
++
;
}
else
{
terrno
=
TSDB_CODE_MND_INVALID_ALTER_OPER
;
goto
_OVER
;
}
newUser
.
updateTime
=
taosGetTimestampMs
();
if
(
alterReq
.
alterType
==
TSDB_ALTER_USER_REMOVE_READ_DB
||
alterReq
.
alterType
==
TSDB_ALTER_USER_REMOVE_ALL_DB
)
{
if
(
strcmp
(
alterReq
.
dbname
,
"*"
)
!=
0
)
{
int32_t
len
=
strlen
(
alterReq
.
dbname
)
+
1
;
SDbObj
*
pDb
=
mndAcquireDb
(
pMnode
,
alterReq
.
dbname
);
if
(
pDb
==
NULL
)
{
mndReleaseDb
(
pMnode
,
pDb
);
goto
_OVER
;
}
taosHashRemove
(
newUser
.
readDbs
,
alterReq
.
dbname
,
len
);
}
else
{
taosHashClear
(
newUser
.
readDbs
);
}
}
if
(
mndCheckAlterUserAuth
(
pOperUser
,
pUser
,
pDb
,
&
alterReq
)
!=
0
)
{
goto
_OVER
;
if
(
alterReq
.
alterType
==
TSDB_ALTER_USER_REMOVE_WRITE_DB
||
alterReq
.
alterType
==
TSDB_ALTER_USER_REMOVE_ALL_DB
)
{
if
(
strcmp
(
alterReq
.
dbname
,
"*"
)
!=
0
)
{
int32_t
len
=
strlen
(
alterReq
.
dbname
)
+
1
;
SDbObj
*
pDb
=
mndAcquireDb
(
pMnode
,
alterReq
.
dbname
);
if
(
pDb
==
NULL
)
{
mndReleaseDb
(
pMnode
,
pDb
);
goto
_OVER
;
}
taosHashRemove
(
newUser
.
writeDbs
,
alterReq
.
dbname
,
len
);
}
else
{
taosHashClear
(
newUser
.
writeDbs
);
}
}
code
=
mndAlterUser
(
pMnode
,
pUser
,
&
newUser
,
pReq
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录