diff --git a/source/dnode/mnode/impl/src/mndAuth.c b/source/dnode/mnode/impl/src/mndAuth.c index d47fb9dfb4bfa18b337672ae01adedbe743615f8..f1f1bbae46de0713dd75b2df66df80c60a128fd7 100644 --- a/source/dnode/mnode/impl/src/mndAuth.c +++ b/source/dnode/mnode/impl/src/mndAuth.c @@ -102,7 +102,13 @@ _OVER: } int32_t mndCheckAlterUserAuth(SUserObj *pOperUser, SUserObj *pUser, SAlterUserReq *pAlter) { + if (pUser->superUser && pAlter->alterType != TSDB_ALTER_USER_PASSWD) { + terrno = TSDB_CODE_MND_NO_RIGHTS; + return -1; + } + if (pOperUser->superUser) return 0; + if (!pOperUser->enable) { terrno = TSDB_CODE_MND_USER_DISABLED; return -1; diff --git a/tests/script/jenkins/basic.txt b/tests/script/jenkins/basic.txt index cc28b19de9816b751d99e63d4b8b046b3be9814a..340d701a99a0daebb3971445a3a047c87c852e9d 100644 --- a/tests/script/jenkins/basic.txt +++ b/tests/script/jenkins/basic.txt @@ -2,12 +2,11 @@ #======================b1-start=============== # ---- user -./test.sh -f tsim/user/basic1.sim -./test.sh -f tsim/user/pass_alter.sim -./test.sh -f tsim/user/pass_len.sim -./test.sh -f tsim/user/user_len.sim -./test.sh -f tsim/user/privilege1.sim -./test.sh -f tsim/user/privilege2.sim +./test.sh -f tsim/user/basic.sim +./test.sh -f tsim/user/password.sim +./test.sh -f tsim/user/privilege_db.sim +#./test.sh -f tsim/user/privilege_enable.sim +#./test.sh -f tsim/user/privilege_sysinfo.sim ## ---- db ./test.sh -f tsim/db/create_all_options.sim diff --git a/tests/script/tsim/user/basic.sim b/tests/script/tsim/user/basic.sim new file mode 100644 index 0000000000000000000000000000000000000000..85d5f8375ea6d1324d5d2a853e57a9210a0c3a26 --- /dev/null +++ b/tests/script/tsim/user/basic.sim @@ -0,0 +1,157 @@ +system sh/stop_dnodes.sh +system sh/deploy.sh -n dnode1 -i 1 +system sh/exec.sh -n dnode1 -s start +sql connect + +print =============== step0 +sql show users +if $data(root)[1] != 1 then + return -1 +endi +if $data(root)[2] != 1 then + return -1 +endi +if $data(root)[3] != 1 then + return -1 +endi + +sql alter user root pass 'taosdata' + +sql_error ALTER USER root SYSINFO 0 +sql_error ALTER USER root SYSINFO 1 +sql_error ALTER USER root enable 0 +sql_error ALTER USER root enable 1 + +sql_error create database db vgroups 1; +sql_error GRANT read ON db.* to root; +sql_error GRANT read ON *.* to root; +sql_error REVOKE read ON db.* from root; +sql_error REVOKE read ON *.* from root; +sql_error GRANT write ON db.* to root; +sql_error GRANT write ON *.* to root; +sql_error REVOKE write ON db.* from root; +sql_error REVOKE write ON *.* from root; +sql_error REVOKE write ON *.* from root; + +sql_error GRANT all ON *.* to root; +sql_error REVOKE all ON *.* from root; +sql_error GRANT read,write ON *.* to root; +sql_error REVOKE read,write ON *.* from root; + +print =============== step1: sysinfo create +sql CREATE USER u1 PASS 'taosdata' SYSINFO 0; +sql show users +if $rows != 2 then + return -1 +endi +if $data(u1)[1] != 0 then + return -1 +endi +if $data(u1)[2] != 1 then + return -1 +endi +if $data(u1)[3] != 0 then + return -1 +endi + +sql CREATE USER u2 PASS 'taosdata' SYSINFO 1; +sql show users +if $rows != 3 then + return -1 +endi +if $data(u2)[1] != 0 then + return -1 +endi +if $data(u2)[2] != 1 then + return -1 +endi +if $data(u2)[3] != 1 then + return -1 +endi + +print =============== step2: sysinfo alter +sql ALTER USER u1 SYSINFO 1 +sql show users +if $data(u1)[1] != 0 then + return -1 +endi +if $data(u1)[2] != 1 then + return -1 +endi +if $data(u1)[3] != 1 then + return -1 +endi + +sql ALTER USER u1 SYSINFO 0 +sql show users +if $data(u1)[1] != 0 then + return -1 +endi +if $data(u1)[2] != 1 then + return -1 +endi +if $data(u1)[3] != 0 then + return -1 +endi + +sql ALTER USER u1 SYSINFO 0 +sql ALTER USER u1 SYSINFO 0 + +sql drop user u1 +sql show users +if $rows != 2 then + return -1 +endi + +print =============== step3: enable alter +sql ALTER USER u2 enable 0 +sql show users +if $rows != 2 then + return -1 +endi +if $data(u2)[1] != 0 then + return -1 +endi +if $data(u2)[2] != 0 then + return -1 +endi +if $data(u2)[3] != 1 then + return -1 +endi + +sql ALTER USER u2 enable 1 +sql show users +if $data(u2)[1] != 0 then + return -1 +endi +if $data(u2)[2] != 1 then + return -1 +endi +if $data(u2)[3] != 1 then + return -1 +endi + +sql ALTER USER u2 enable 1 +sql ALTER USER u2 enable 1 + +print =============== restart taosd +system sh/exec.sh -n dnode1 -s stop +system sh/exec.sh -n dnode1 -s start + +print =============== step4: enable privilege +sql show users +if $rows != 2 then + return -1 +endi +if $data(u2)[1] != 0 then + return -1 +endi +if $data(u2)[2] != 1 then + return -1 +endi +if $data(u2)[3] != 1 then + return -1 +endi + + +system sh/exec.sh -n dnode1 -s stop -x SIGINT \ No newline at end of file diff --git a/tests/script/tsim/user/basic1.sim b/tests/script/tsim/user/basic1.sim deleted file mode 100644 index 06a52c6604fe8b6742f8efcae5f2cdb87628a149..0000000000000000000000000000000000000000 --- a/tests/script/tsim/user/basic1.sim +++ /dev/null @@ -1,74 +0,0 @@ -system sh/stop_dnodes.sh -system sh/deploy.sh -n dnode1 -i 1 -system sh/exec.sh -n dnode1 -s start -sql connect - -print =============== show users -sql show users -if $rows != 1 then - return -1 -endi - -print $data[0][0] $data[0][1] $data[0][2] -print $data[1][0] $data[1][1] $data[1][2] -print $data[2][0] $data[1][2] $data[2][2] - -sql_error show accounts; -sql_error create account a pass "a" -sql_error drop account a -sql_error drop account root - -print =============== create user1 -sql create user user1 PASS 'user1' -sql show users -if $rows != 2 then - return -1 -endi - -print $data[0][0] $data[0][1] $data[0][2] -print $data[1][0] $data[1][1] $data[1][2] -print $data[2][0] $data[1][2] $data[2][2] -print $data[3][0] $data[3][1] $data[3][2] - -print =============== create user2 -sql create user user2 PASS 'user2' -sql show users -if $rows != 3 then - return -1 -endi - -print $data[0][0] $data[0][1] $data[0][2] -print $data[1][0] $data[1][1] $data[1][2] -print $data[2][0] $data[1][2] $data[2][2] -print $data[3][0] $data[3][1] $data[3][2] -print $data40 $data41 $data42 - -print =============== drop user1 -sql drop user user1 -sql show users -if $rows != 2 then - return -1 -endi - -print $data[0][0] $data[0][1] $data[0][2] -print $data[1][0] $data[1][1] $data[1][2] -print $data[2][0] $data[1][2] $data[2][2] -print $data[3][0] $data[3][1] $data[3][2] - -print =============== restart taosd -system sh/exec.sh -n dnode1 -s stop -sleep 1000 -system sh/exec.sh -n dnode1 -s start - -print =============== show users -sql show users -if $rows != 2 then - return -1 -endi - -print $data[0][0] $data[0][1] $data[0][2] -print $data[1][0] $data[1][1] $data[1][2] -print $data[2][0] $data[1][2] $data[2][2] -print $data[3][0] $data[3][1] $data[3][2] - -system sh/exec.sh -n dnode1 -s stop -x SIGINT diff --git a/tests/script/tsim/user/pass_alter.sim b/tests/script/tsim/user/pass_alter.sim deleted file mode 100644 index 33fc9e51bdf9c66844b876e11bdf47fbc386f9c1..0000000000000000000000000000000000000000 --- a/tests/script/tsim/user/pass_alter.sim +++ /dev/null @@ -1,66 +0,0 @@ -system sh/stop_dnodes.sh -system sh/deploy.sh -n dnode1 -i 1 -system sh/exec.sh -n dnode1 -s start -sql connect - -print ============= step1 -sql create user u_read pass 'taosdata1' -sql create user u_write pass 'taosdata1' - -sql alter user u_read pass 'taosdata' -sql alter user u_write pass 'taosdata' - -sql show users -if $rows != 3 then - return -1 -endi - -print ============= step2 -sql close -sleep 2500 -print user u_read login -sql connect u_read -sql alter user u_read pass 'taosdata' -sql alter user u_write pass 'taosdata1' -x step2 - return -1 -step2: - -sql_error create user read1 pass 'taosdata1' -sql_error create user write1 pass 'taosdata1' - -sql show users -if $rows != 3 then - return -1 -endi - -print ============= step3 -sql close -sleep 2500 -print user u_write login -sql connect u_write - -sql_error create user read2 pass 'taosdata1' -sql_error create user write2 pass 'taosdata1' -sql alter user u_write pass 'taosdata' -sql alter user u_read pass 'taosdata' -x step3 - return -1 -step3: - -sql show users -if $rows != 3 then - return -1 -endi - -print ============= step4 -sql close -sleep 2500 -print user root login -sql connect -sql create user oroot pass 'taosdata' - -sql show users -if $rows != 4 then - return -1 -endi - -system sh/exec.sh -n dnode1 -s stop -x SIGINT \ No newline at end of file diff --git a/tests/script/tsim/user/pass_len.sim b/tests/script/tsim/user/pass_len.sim deleted file mode 100644 index 66c378c6cb4a1e5ff84688276551dd100f758272..0000000000000000000000000000000000000000 --- a/tests/script/tsim/user/pass_len.sim +++ /dev/null @@ -1,79 +0,0 @@ -system sh/stop_dnodes.sh -system sh/deploy.sh -n dnode1 -i 1 -system sh/exec.sh -n dnode1 -s start -sql connect - -$i = 0 -$dbPrefix = apdb -$tbPrefix = aptb -$db = $dbPrefix . $i -$tb = $tbPrefix . $i -$userPrefix = apusr - -print =============== step1 -$i = 0 -$user = $userPrefix . $i - -sql drop user $user -x step11 - return -1 -step11: - -sql create user $user PASS -x step12 - return -1 -step12: - -sql create user $user PASS 'taosdata' - -sql show users -if $rows != 2 then - return -1 -endi - -print =============== step2 -$i = 1 -$user = $userPrefix . $i -sql drop user $user -x step2 -step2: -sql create user $user PASS '1' -sql show users -if $rows != 3 then - return -1 -endi - -print =============== step3 -$i = 2 -$user = $userPrefix . $i -sql drop user $user -x step3 -step3: - -sql create user $user PASS 'abc0123456789' -sql show users -if $rows != 4 then - return -1 -endi - -print =============== step4 -$i = 3 -$user = $userPrefix . $i -sql create user $user PASS 'abcd012345678901234567891234567890abcd012345678901234567891234567890abcd012345678901234567891234567890abcd012345678901234567891234567890123' -x step4 - return -1 - -step4: -sql show users -if $rows != 4 then - return -1 -endi - -$i = 0 -while $i < 3 - $user = $userPrefix . $i - sql drop user $user - $i = $i + 1 -endw - -sql show users -if $rows != 1 then - return -1 -endi - -system sh/exec.sh -n dnode1 -s stop -x SIGINT \ No newline at end of file diff --git a/tests/script/tsim/user/password.sim b/tests/script/tsim/user/password.sim new file mode 100644 index 0000000000000000000000000000000000000000..d26b9dbc2e5d30d75b97ea2e9c6b668e5097e49e --- /dev/null +++ b/tests/script/tsim/user/password.sim @@ -0,0 +1,87 @@ +system sh/stop_dnodes.sh +system sh/deploy.sh -n dnode1 -i 1 +system sh/exec.sh -n dnode1 -s start +sql connect + +print ============= step1 +sql create user u_read pass 'taosdata1' +sql create user u_write pass 'taosdata1' + +sql alter user u_read pass 'taosdata' +sql alter user u_write pass 'taosdata' + +sql show users +if $rows != 3 then + return -1 +endi + +print ============= step2 +print user u_read login +sql close +sql connect u_read + +sql alter user u_read pass 'taosdata' +sql_error alter user u_write pass 'taosdata1' + +sql_error create user read1 pass 'taosdata1' +sql_error create user write1 pass 'taosdata1' + +sql show users +if $rows != 3 then + return -1 +endi + +print ============= step3 +print user u_write login +sql close +sql connect u_write + +sql_error create user read2 pass 'taosdata1' +sql_error create user write2 pass 'taosdata1' +sql alter user u_write pass 'taosdata' +sql_error alter user u_read pass 'taosdata' + +sql show users +if $rows != 3 then + return -1 +endi + +print ============= step4 +print user root login +sql close +sql connect +sql create user oroot pass 'taosdata' +sql_error create user $user PASS 'abcd012345678901234567891234567890abcd012345678901234567891234567890abcd012345678901234567891234567890abcd012345678901234567891234567890123' +sql_error create userabcd012345678901234567891234567890abcd01234567890123456789123456789 PASS 'taosdata' +sql_error create user abcd0123456789012345678901234567890111 PASS '123' +sql create user abc01234567890123456789 PASS '123' + +sql show users +if $rows != 5 then + return -1 +endi + +print ============= step5 +sql create database db vgroups 1 +sql_error ALTER USER o_root SYSINFO 0 +sql_error ALTER USER o_root SYSINFO 1 +sql_error ALTER USER o_root enable 0 +sql_error ALTER USER o_root enable 1 + +sql_error create database db vgroups 1; +sql_error GRANT read ON db.* to o_root; +sql_error GRANT read ON *.* to o_root; +sql_error REVOKE read ON db.* from o_root; +sql_error REVOKE read ON *.* from o_root; +sql_error GRANT write ON db.* to o_root; +sql_error GRANT write ON *.* to o_root; +sql_error REVOKE write ON db.* from o_root; +sql_error REVOKE write ON *.* from o_root; +sql_error REVOKE write ON *.* from o_root; + +sql_error GRANT all ON *.* to o_root; +sql_error REVOKE all ON *.* from o_root; +sql_error GRANT read,write ON *.* to o_root; +sql_error REVOKE read,write ON *.* from o_root; + +system sh/exec.sh -n dnode1 -s stop -x SIGINT \ No newline at end of file diff --git a/tests/script/tsim/user/privilege1.sim b/tests/script/tsim/user/privilege_db.sim similarity index 78% rename from tests/script/tsim/user/privilege1.sim rename to tests/script/tsim/user/privilege_db.sim index a7c5d9d13d8509aec58447cd41dcf18f24ae3c3d..a694d21f2f47b512f1d1e5080ec7a04e41d6f5f8 100644 --- a/tests/script/tsim/user/privilege1.sim +++ b/tests/script/tsim/user/privilege_db.sim @@ -3,7 +3,7 @@ system sh/deploy.sh -n dnode1 -i 1 system sh/exec.sh -n dnode1 -s start sql connect -print =============== show users +print =============== create db sql create database d1 vgroups 1; sql create database d2 vgroups 1; sql create database d3 vgroups 1; @@ -68,4 +68,26 @@ sql REVOKE read,write ON d1.* from user1; sql REVOKE read,write ON d2.* from user1; sql REVOKE read,write ON *.* from user1; + +print =============== create users +sql create user u1 PASS 'taosdata' +sql show users +if $rows != 4 then + return -1 +endi + +sql GRANT read ON d1.* to u1; +sql GRANT write ON d2.* to u1; + +print =============== re connect +print user u1 login +sql close +sql connect u1 + +sql_error drop database d1; +sql_error drop database d2; + +sql_error create stable d1.st (ts timestamp, i int) tags (j int) +sql create stable d2.st (ts timestamp, i int) tags (j int) + system sh/exec.sh -n dnode1 -s stop -x SIGINT diff --git a/tests/script/tsim/user/privilege2.sim b/tests/script/tsim/user/privilege_enable.sim similarity index 76% rename from tests/script/tsim/user/privilege2.sim rename to tests/script/tsim/user/privilege_enable.sim index 470f167c50ba79371d28921b64707faa97a72b73..5635e7c95ecf8993e3a8302680a2fd1656cc6d75 100644 --- a/tests/script/tsim/user/privilege2.sim +++ b/tests/script/tsim/user/privilege_enable.sim @@ -3,14 +3,13 @@ system sh/deploy.sh -n dnode1 -i 1 system sh/exec.sh -n dnode1 -s start sql connect -print =============== show users +print =============== create db sql create database d1 vgroups 1; -sql create database d2 vgroups 1; -sql create database d3 vgroups 1; -sql show databases -if $rows != 5 then - return -1 -endi + +print =============== create users +sql create user u1 pass 'taosdata' +sql alter user u1 enable 0 + print =============== create users sql create user user1 PASS 'taosdata' diff --git a/tests/script/tsim/user/privilege_sysinfo.sim b/tests/script/tsim/user/privilege_sysinfo.sim new file mode 100644 index 0000000000000000000000000000000000000000..b7d4195ae143040fca6a97d58edbc5241c584e97 --- /dev/null +++ b/tests/script/tsim/user/privilege_sysinfo.sim @@ -0,0 +1,6 @@ +system sh/stop_dnodes.sh +system sh/deploy.sh -n dnode1 -i 1 +system sh/exec.sh -n dnode1 -s start +sql connect + +system sh/exec.sh -n dnode1 -s stop -x SIGINT \ No newline at end of file diff --git a/tests/script/tsim/user/user_len.sim b/tests/script/tsim/user/user_len.sim deleted file mode 100644 index 0e44f94294c64948e5c9e5f6ac02bd07cab885c7..0000000000000000000000000000000000000000 --- a/tests/script/tsim/user/user_len.sim +++ /dev/null @@ -1,85 +0,0 @@ -system sh/stop_dnodes.sh -system sh/deploy.sh -n dnode1 -i 1 -system sh/exec.sh -n dnode1 -s start -sql connect - -$i = 0 -$dbPrefix = lm_us_db -$tbPrefix = lm_us_tb -$db = $dbPrefix . $i -$tb = $tbPrefix . $i - -print =============== step1 -sql drop user ac -x step0 - return -1 -step0: - -sql create user PASS '123' -x step1 - return -1 -step1: - -sql show users -if $rows != 1 then - return -1 -endi - -print =============== step2 -sql drop user a -x step2 -step2: -sql create user a PASS '123' -sql show users -if $rows != 2 then - return -1 -endi - -sql drop user a -sql show users -if $rows != 1 then - return -1 -endi - -print =============== step3 -sql drop user abc01234567890123456789 -x step3 -step3: - -sql create user abc01234567890123456789 PASS '123' -sql show users -if $rows != 2 then - return -1 -endi - -sql drop user abc01234567890123456789 -sql show users -if $rows != 1 then - return -1 -endi - -print =============== step4 -sql create user abcd0123456789012345678901234567890111 PASS '123' -x step4 - return -1 -step4: -sql show users -if $rows != 1 then - return -1 -endi - -print =============== step5 -sql drop user 123 -x step5 -step5: -sql create user 123 PASS '123' -x step61 - return -1 -step61: - -sql create user a123 PASS '123' -sql show users -if $rows != 2 then - return -1 -endi - -sql drop user a123 -sql show users -if $rows != 1 then - return -1 -endi - -system sh/exec.sh -n dnode1 -s stop -x SIGINT \ No newline at end of file