Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
taosdata
TDengine
提交
60100a0f
T
TDengine
项目概览
taosdata
/
TDengine
大约 1 年 前同步成功
通知
1184
Star
22015
Fork
4786
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
1
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
TDengine
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
1
Issue
1
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
60100a0f
编写于
5月 31, 2023
作者:
W
wangjiaming0909
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
feature: add user priv when create db, remove priv check with create_dbs
上级
64e89620
变更
6
显示空白变更内容
内联
并排
Showing
6 changed file
with
125 addition
and
4 deletion
+125
-4
source/dnode/mnode/impl/inc/mndUser.h
source/dnode/mnode/impl/inc/mndUser.h
+2
-0
source/dnode/mnode/impl/src/mndDb.c
source/dnode/mnode/impl/src/mndDb.c
+20
-2
source/dnode/mnode/impl/src/mndUser.c
source/dnode/mnode/impl/src/mndUser.c
+2
-2
source/libs/catalog/src/ctgUtil.c
source/libs/catalog/src/ctgUtil.c
+3
-0
tests/script/tsim/user/privilege_create_db.sim
tests/script/tsim/user/privilege_create_db.sim
+97
-0
tests/script/win-test-file
tests/script/win-test-file
+1
-0
未找到文件。
source/dnode/mnode/impl/inc/mndUser.h
浏览文件 @
60100a0f
...
...
@@ -40,6 +40,8 @@ int32_t mndValidateUserPassInfo(SMnode *pMnode, SUserPassVersion *pUsers, int3
int32_t
mndUserRemoveDb
(
SMnode
*
pMnode
,
STrans
*
pTrans
,
char
*
db
);
int32_t
mndUserRemoveTopic
(
SMnode
*
pMnode
,
STrans
*
pTrans
,
char
*
topic
);
int32_t
mndUserDupObj
(
SUserObj
*
pUser
,
SUserObj
*
pNew
);
void
mndUserFreeObj
(
SUserObj
*
pUser
);
#ifdef __cplusplus
}
#endif
...
...
source/dnode/mnode/impl/src/mndDb.c
浏览文件 @
60100a0f
...
...
@@ -446,7 +446,8 @@ static int32_t mndSetCreateDbUndoLogs(SMnode *pMnode, STrans *pTrans, SDbObj *pD
return
0
;
}
static
int32_t
mndSetCreateDbCommitLogs
(
SMnode
*
pMnode
,
STrans
*
pTrans
,
SDbObj
*
pDb
,
SVgObj
*
pVgroups
)
{
static
int32_t
mndSetCreateDbCommitLogs
(
SMnode
*
pMnode
,
STrans
*
pTrans
,
SDbObj
*
pDb
,
SVgObj
*
pVgroups
,
SUserObj
*
pUserDuped
)
{
SSdbRaw
*
pDbRaw
=
mndDbActionEncode
(
pDb
);
if
(
pDbRaw
==
NULL
)
return
-
1
;
if
(
mndTransAppendCommitlog
(
pTrans
,
pDbRaw
)
!=
0
)
return
-
1
;
...
...
@@ -459,6 +460,13 @@ static int32_t mndSetCreateDbCommitLogs(SMnode *pMnode, STrans *pTrans, SDbObj *
if
(
sdbSetRawStatus
(
pVgRaw
,
SDB_STATUS_READY
)
!=
0
)
return
-
1
;
}
if
(
pUserDuped
)
{
SSdbRaw
*
pUserRaw
=
mndUserActionEncode
(
pUserDuped
);
if
(
pUserRaw
==
NULL
)
return
-
1
;
if
(
mndTransAppendCommitlog
(
pTrans
,
pUserRaw
)
!=
0
)
return
-
1
;
if
(
sdbSetRawStatus
(
pUserRaw
,
SDB_STATUS_READY
)
!=
0
)
return
-
1
;
}
return
0
;
}
...
...
@@ -565,6 +573,15 @@ static int32_t mndCreateDb(SMnode *pMnode, SRpcMsg *pReq, SCreateDbReq *pCreate,
return
-
1
;
}
// add database privileges for user
SUserObj
newUserObj
=
{
0
},
*
pNewUserDuped
=
NULL
;
if
(
!
pUser
->
superUser
)
{
if
(
mndUserDupObj
(
pUser
,
&
newUserObj
)
!=
0
)
goto
_OVER
;
taosHashPut
(
newUserObj
.
readDbs
,
dbObj
.
name
,
strlen
(
dbObj
.
name
)
+
1
,
dbObj
.
name
,
TSDB_FILENAME_LEN
);
taosHashPut
(
newUserObj
.
writeDbs
,
dbObj
.
name
,
strlen
(
dbObj
.
name
)
+
1
,
dbObj
.
name
,
TSDB_FILENAME_LEN
);
pNewUserDuped
=
&
newUserObj
;
}
int32_t
code
=
-
1
;
STrans
*
pTrans
=
mndTransCreate
(
pMnode
,
TRN_POLICY_RETRY
,
TRN_CONFLICT_DB
,
pReq
,
"create-db"
);
if
(
pTrans
==
NULL
)
goto
_OVER
;
...
...
@@ -577,7 +594,7 @@ static int32_t mndCreateDb(SMnode *pMnode, SRpcMsg *pReq, SCreateDbReq *pCreate,
mndTransSetOper
(
pTrans
,
MND_OPER_CREATE_DB
);
if
(
mndSetCreateDbRedoLogs
(
pMnode
,
pTrans
,
&
dbObj
,
pVgroups
)
!=
0
)
goto
_OVER
;
if
(
mndSetCreateDbUndoLogs
(
pMnode
,
pTrans
,
&
dbObj
,
pVgroups
)
!=
0
)
goto
_OVER
;
if
(
mndSetCreateDbCommitLogs
(
pMnode
,
pTrans
,
&
dbObj
,
pVgroups
)
!=
0
)
goto
_OVER
;
if
(
mndSetCreateDbCommitLogs
(
pMnode
,
pTrans
,
&
dbObj
,
pVgroups
,
pNewUserDuped
)
!=
0
)
goto
_OVER
;
if
(
mndSetCreateDbRedoActions
(
pMnode
,
pTrans
,
&
dbObj
,
pVgroups
)
!=
0
)
goto
_OVER
;
if
(
mndSetCreateDbUndoActions
(
pMnode
,
pTrans
,
&
dbObj
,
pVgroups
)
!=
0
)
goto
_OVER
;
if
(
mndTransPrepare
(
pMnode
,
pTrans
)
!=
0
)
goto
_OVER
;
...
...
@@ -586,6 +603,7 @@ static int32_t mndCreateDb(SMnode *pMnode, SRpcMsg *pReq, SCreateDbReq *pCreate,
_OVER:
taosMemoryFree
(
pVgroups
);
mndUserFreeObj
(
&
newUserObj
);
mndTransDrop
(
pTrans
);
return
code
;
}
...
...
source/dnode/mnode/impl/src/mndUser.c
浏览文件 @
60100a0f
...
...
@@ -488,7 +488,7 @@ SHashObj *mndDupUseDbHash(SHashObj *pOld) {
return
pNew
;
}
static
int32_t
mndUserDupObj
(
SUserObj
*
pUser
,
SUserObj
*
pNew
)
{
int32_t
mndUserDupObj
(
SUserObj
*
pUser
,
SUserObj
*
pNew
)
{
memcpy
(
pNew
,
pUser
,
sizeof
(
SUserObj
));
pNew
->
authVersion
++
;
pNew
->
updateTime
=
taosGetTimestampMs
();
...
...
@@ -508,7 +508,7 @@ static int32_t mndUserDupObj(SUserObj *pUser, SUserObj *pNew) {
return
0
;
}
static
void
mndUserFreeObj
(
SUserObj
*
pUser
)
{
void
mndUserFreeObj
(
SUserObj
*
pUser
)
{
taosHashCleanup
(
pUser
->
readDbs
);
taosHashCleanup
(
pUser
->
writeDbs
);
taosHashCleanup
(
pUser
->
topics
);
...
...
source/libs/catalog/src/ctgUtil.c
浏览文件 @
60100a0f
...
...
@@ -1555,10 +1555,13 @@ int32_t ctgChkSetAuthRes(SCatalog* pCtg, SCtgAuthReq* req, SCtgAuthRsp* res) {
char
dbFName
[
TSDB_DB_FNAME_LEN
];
tNameGetFullDbName
(
&
pReq
->
tbName
,
dbFName
);
// since that we add read/write previliges when create db, there is no need to check createdDbs
#if 0
if (pInfo->createdDbs && taosHashGet(pInfo->createdDbs, dbFName, strlen(dbFName))) {
pRes->pass = true;
return TSDB_CODE_SUCCESS;
}
#endif
switch
(
pReq
->
type
)
{
case
AUTH_TYPE_READ
:
{
...
...
tests/script/tsim/user/privilege_create_db.sim
0 → 100644
浏览文件 @
60100a0f
system sh/stop_dnodes.sh
system sh/deploy.sh -n dnode1 -i 1
system sh/exec.sh -n dnode1 -s start
sql connect
print ========================root user create user
sql create user u1 pass "taosdata"
sql create user u2 pass "taosdata"
sql create database test
sql select * from information_schema.ins_user_privileges where user_name == "root"
if $rows != 1 then
return -1
endi
print =============connect with u1
sql connect u1
sql create database u1_d1
sql use u1_d1
sql create table u1_d1.t1(ts timestamp, c2 int)
sql use information_schema
sql select * from ins_user_privileges where user_name == "u1" order by privilege
if $rows != 2 then
return -1
endi
if $data01 != read then
return -1
endi
if $data11 != write then
return -1
endi
if $data02 != u1_d1 then
return -1
endi
if $data12 != u1_d1 then
return -1
endi
sql_error grant all on *.* to u1
sql_error grant all on test.* to u1
print =============connect with u2
sql connect u2
sql create database u2_d1
sql use u2_d1
sql create table u2_d1.t1(ts timestamp, c2 int)
sql use information_schema
sql select * from ins_user_privileges where user_name == "u2" order by privilege
if $rows != 2 then
return -1
endi
if $data01 != read then
return -1
endi
if $data11 != write then
return -1
endi
if $data02 != u2_d1 then
return -1
endi
if $data12 != u2_d1 then
return -1
endi
sql_error select * from u1_d1.t1
sql_error revoke read on u2_d1.* from u2
print =============connect with root, revoke read from u1, all from u2
sql connect
sql revoke read on u1_d1.* from u1
sql revoke all on u2_d1.* from u2
sleep 1000
print =============connect with u1
sql connect u1
sql insert into u1_d1.t1 values(now, 1)
sql_error select * from u1_d1.t1;
print =============connect with u2
sql connect u2
sql_error select * from u2_d1.t1;
sql_error insert into u2_d1.t1 values(now, 1)
print =============connect with root, grant read to u1, all to u2
sql connect
sql grant read on u1_d1.* to u1
sql grant all on u2_d1.* to u2
sleep 1000
print =============connect with u1
sql connect u1
sql select * from u1_d1.t1;
sql insert into u1_d1.t1 values(now, 2)
print =============connect with u2
sql connect u2
sql select * from u2_d1.t1;
sql insert into u2_d1.t1 values(now, 2)
tests/script/win-test-file
浏览文件 @
60100a0f
...
...
@@ -4,6 +4,7 @@
./test.sh -f tsim/user/privilege_sysinfo.sim
./test.sh -f tsim/user/privilege_topic.sim
./test.sh -f tsim/user/privilege_table.sim
./test.sh -f tsim/user/privilege_create_db.sim
./test.sh -f tsim/db/alter_option.sim
rem ./test.sh -f tsim/db/alter_replica_13.sim
./test.sh -f tsim/db/alter_replica_31.sim
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录