diff --git a/source/dnode/mnode/impl/CMakeLists.txt b/source/dnode/mnode/impl/CMakeLists.txt index a4bd12a7f7627307cd1473d4ef973657c1c4fb49..c740ea1397e7b406f0b832d3d63aa88b9accd4e0 100644 --- a/source/dnode/mnode/impl/CMakeLists.txt +++ b/source/dnode/mnode/impl/CMakeLists.txt @@ -1,4 +1,11 @@ aux_source_directory(src MNODE_SRC) +IF (TD_PRIVILEGE) + ADD_DEFINITIONS(-D_PRIVILEGE) +ENDIF () +IF (TD_PRIVILEGE) + LIST(APPEND MNODE_SRC ${TD_ENTERPRISE_DIR}/src/plugins/privilege/src/privilege.c) +ENDIF () + add_library(mnode STATIC ${MNODE_SRC}) target_include_directories( mnode @@ -8,11 +15,8 @@ target_include_directories( target_link_libraries( mnode scheduler sdb wal transport cjson sync monitor executor qworker stream parser ) - IF (TD_GRANT) TARGET_LINK_LIBRARIES(mnode grant) -ENDIF () -IF (TD_GRANT) ADD_DEFINITIONS(-D_GRANT) ENDIF () diff --git a/source/dnode/mnode/impl/inc/mndPrivilege.h b/source/dnode/mnode/impl/inc/mndPrivilege.h index f6002e3be8ba98e3867cef6034161545430f2a9d..dc88b25f51adbbbd1e813401645b51a4e3ba0089 100644 --- a/source/dnode/mnode/impl/inc/mndPrivilege.h +++ b/source/dnode/mnode/impl/inc/mndPrivilege.h @@ -30,6 +30,7 @@ int32_t mndCheckDbPrivilege(SMnode *pMnode, const char *user, EOperType operType int32_t mndCheckDbPrivilegeByName(SMnode *pMnode, const char *user, EOperType operType, const char *dbname); int32_t mndCheckShowPrivilege(SMnode *pMnode, const char *user, EShowType showType, const char *dbname); int32_t mndCheckAlterUserPrivilege(SUserObj *pOperUser, SUserObj *pUser, SAlterUserReq *pAlter); +int32_t mndSetUserAuthRsp(SMnode *pMnode, SUserObj *pUser, SGetUserAuthRsp *pRsp); #ifdef __cplusplus } diff --git a/source/dnode/mnode/impl/src/mndPrivilege.c b/source/dnode/mnode/impl/src/mndPrivilege.c index e4422c480f5b37874f20d36eb77ae99dbb027d51..151a2a64042bfab4cdbc5be38ef30b11680750a5 100644 --- a/source/dnode/mnode/impl/src/mndPrivilege.c +++ b/source/dnode/mnode/impl/src/mndPrivilege.c @@ -18,177 +18,20 @@ #include "mndDb.h" #include "mndUser.h" +#ifndef _PRIVILEGE int32_t mndInitPrivilege(SMnode *pMnode) { return 0; } - -void mndCleanupPrivilege(SMnode *pMnode) {} - -int32_t mndCheckOperPrivilege(SMnode *pMnode, const char *user, EOperType operType) { - int32_t code = 0; - SUserObj *pUser = mndAcquireUser(pMnode, user); - - if (pUser == NULL) { - terrno = TSDB_CODE_MND_NO_USER_FROM_CONN; - code = -1; - goto _OVER; - } - - if (pUser->superUser) { - goto _OVER; - } - - if (!pUser->enable) { - terrno = TSDB_CODE_MND_USER_DISABLED; - code = -1; - goto _OVER; - } - - switch (operType) { - case MND_OPER_CONNECT: - case MND_OPER_CREATE_FUNC: - case MND_OPER_DROP_FUNC: - case MND_OPER_SHOW_VARIBALES: - break; - default: - terrno = TSDB_CODE_MND_NO_RIGHTS; - code = -1; - } - -_OVER: - mndReleaseUser(pMnode, pUser); - return code; -} - -int32_t mndCheckAlterUserPrivilege(SUserObj *pOperUser, SUserObj *pUser, SAlterUserReq *pAlter) { - if (pUser->superUser && pAlter->alterType != TSDB_ALTER_USER_PASSWD) { - terrno = TSDB_CODE_MND_NO_RIGHTS; - return -1; - } - - if (pOperUser->superUser) return 0; - - if (!pOperUser->enable) { - terrno = TSDB_CODE_MND_USER_DISABLED; - return -1; - } - - if (pAlter->alterType == TSDB_ALTER_USER_PASSWD) { - if (strcmp(pUser->user, pOperUser->user) == 0) { - if (pOperUser->sysInfo) return 0; - } - } - - terrno = TSDB_CODE_MND_NO_RIGHTS; - return -1; -} - -int32_t mndCheckShowPrivilege(SMnode *pMnode, const char *user, EShowType showType, const char *dbname) { - int32_t code = 0; - SUserObj *pUser = mndAcquireUser(pMnode, user); - - if (pUser == NULL) { - code = -1; - goto _OVER; - } - - if (pUser->superUser) { - goto _OVER; - } - - if (!pUser->enable) { - terrno = TSDB_CODE_MND_USER_DISABLED; - code = -1; - goto _OVER; - } - - if (pUser->sysInfo) { - goto _OVER; - } - - switch (showType) { - case TSDB_MGMT_TABLE_DB: - case TSDB_MGMT_TABLE_STB: - case TSDB_MGMT_TABLE_INDEX: - case TSDB_MGMT_TABLE_STREAMS: - case TSDB_MGMT_TABLE_CONSUMERS: - case TSDB_MGMT_TABLE_TOPICS: - case TSDB_MGMT_TABLE_SUBSCRIPTIONS: - case TSDB_MGMT_TABLE_FUNC: - case TSDB_MGMT_TABLE_QUERIES: - case TSDB_MGMT_TABLE_CONNS: - case TSDB_MGMT_TABLE_APPS: - case TSDB_MGMT_TABLE_TRANS: - code = 0; - break; - default: - terrno = TSDB_CODE_MND_NO_RIGHTS; - code = -1; - goto _OVER; - } - - if (showType == TSDB_MGMT_TABLE_STB || showType == TSDB_MGMT_TABLE_VGROUP || showType == TSDB_MGMT_TABLE_INDEX) { - code = mndCheckDbPrivilegeByName(pMnode, user, MND_OPER_READ_OR_WRITE_DB, dbname); - } - -_OVER: - mndReleaseUser(pMnode, pUser); - return code; +void mndCleanupPrivilege(SMnode *pMnode) {} +int32_t mndCheckOperPrivilege(SMnode *pMnode, const char *user, EOperType operType) { return 0; } +int32_t mndCheckAlterUserPrivilege(SUserObj *pOperUser, SUserObj *pUser, SAlterUserReq *pAlter) { return 0; } +int32_t mndCheckShowPrivilege(SMnode *pMnode, const char *user, EShowType showType, const char *dbname) { return 0; } +int32_t mndCheckDbPrivilege(SMnode *pMnode, const char *user, EOperType operType, SDbObj *pDb) { return 0; } +int32_t mndCheckDbPrivilegeByName(SMnode *pMnode, const char *user, EOperType operType, const char *dbname) { + return 0; } - -int32_t mndCheckDbPrivilege(SMnode *pMnode, const char *user, EOperType operType, SDbObj *pDb) { - int32_t code = 0; - SUserObj *pUser = mndAcquireUser(pMnode, user); - - if (pUser == NULL) { - code = -1; - goto _OVER; - } - - if (pUser->superUser) goto _OVER; - - if (!pUser->enable) { - terrno = TSDB_CODE_MND_USER_DISABLED; - code = -1; - goto _OVER; - } - - if (operType == MND_OPER_CREATE_DB) { - if (pUser->sysInfo) goto _OVER; - } - - if (operType == MND_OPER_ALTER_DB || operType == MND_OPER_DROP_DB || operType == MND_OPER_COMPACT_DB || - operType == MND_OPER_TRIM_DB) { - if (strcmp(pUser->user, pDb->createUser) == 0 && pUser->sysInfo) goto _OVER; - } - - if (operType == MND_OPER_USE_DB || operType == MND_OPER_READ_OR_WRITE_DB) { - if (strcmp(pUser->user, pDb->createUser) == 0) goto _OVER; - if (taosHashGet(pUser->readDbs, pDb->name, strlen(pDb->name) + 1) != NULL) goto _OVER; - if (taosHashGet(pUser->writeDbs, pDb->name, strlen(pDb->name) + 1) != NULL) goto _OVER; - } - - if (operType == MND_OPER_WRITE_DB) { - if (strcmp(pUser->user, pDb->createUser) == 0) goto _OVER; - if (taosHashGet(pUser->writeDbs, pDb->name, strlen(pDb->name) + 1) != NULL) goto _OVER; - } - - if (operType == MND_OPER_READ_DB) { - if (strcmp(pUser->user, pDb->createUser) == 0) goto _OVER; - if (taosHashGet(pUser->readDbs, pDb->name, strlen(pDb->name) + 1) != NULL) goto _OVER; - } - - terrno = TSDB_CODE_MND_NO_RIGHTS; - code = -1; - -_OVER: - mndReleaseUser(pMnode, pUser); - return code; +int32_t mndSetUserAuthRsp(SMnode *pMnode, SUserObj *pUser, SGetUserAuthRsp *pRsp) { + memcpy(pRsp->user, pUser->user, TSDB_USER_LEN); + pRsp->superAuth = 1; + pRsp->version = pUser->authVersion; + return 0; } - -int32_t mndCheckDbPrivilegeByName(SMnode *pMnode, const char *user, EOperType operType, const char *dbname) { - SDbObj *pDb = mndAcquireDb(pMnode, dbname); - if (pDb == NULL) return -1; - - int32_t code = mndCheckDbPrivilege(pMnode, user, operType, pDb); - mndReleaseDb(pMnode, pDb); - return code; -} \ No newline at end of file +#endif \ No newline at end of file diff --git a/source/dnode/mnode/impl/src/mndUser.c b/source/dnode/mnode/impl/src/mndUser.c index 0452659d47ab333be6de7da5350787b7c09102a9..5da119bb30af5bb27fb40d1dc42391893fb98c43 100644 --- a/source/dnode/mnode/impl/src/mndUser.c +++ b/source/dnode/mnode/impl/src/mndUser.c @@ -15,8 +15,8 @@ #define _DEFAULT_SOURCE #include "mndUser.h" -#include "mndPrivilege.h" #include "mndDb.h" +#include "mndPrivilege.h" #include "mndShow.h" #include "mndTrans.h" #include "tbase64.h" @@ -408,7 +408,7 @@ static int32_t mndAlterUser(SMnode *pMnode, SUserObj *pOld, SUserObj *pNew, SRpc return 0; } -static SHashObj *mndDupDbHash(SHashObj *pOld) { +SHashObj *mndDupDbHash(SHashObj *pOld) { SHashObj *pNew = taosHashInit(taosHashGetSize(pOld), taosGetDefaultHashFunction(TSDB_DATA_TYPE_BINARY), true, HASH_ENTRY_LOCK); if (pNew == NULL) { @@ -662,38 +662,6 @@ _OVER: return code; } -static int32_t mndSetUserAuthRsp(SMnode *pMnode, SUserObj *pUser, SGetUserAuthRsp *pRsp) { - memcpy(pRsp->user, pUser->user, TSDB_USER_LEN); - pRsp->superAuth = pUser->superUser; - pRsp->version = pUser->authVersion; - taosRLockLatch(&pUser->lock); - pRsp->readDbs = mndDupDbHash(pUser->readDbs); - pRsp->writeDbs = mndDupDbHash(pUser->writeDbs); - taosRUnLockLatch(&pUser->lock); - pRsp->createdDbs = taosHashInit(4, taosGetDefaultHashFunction(TSDB_DATA_TYPE_BINARY), true, HASH_NO_LOCK); - if (NULL == pRsp->createdDbs) { - terrno = TSDB_CODE_OUT_OF_MEMORY; - return -1; - } - - SSdb *pSdb = pMnode->pSdb; - void *pIter = NULL; - while (1) { - SDbObj *pDb = NULL; - pIter = sdbFetch(pSdb, SDB_DB, pIter, (void **)&pDb); - if (pIter == NULL) break; - - if (strcmp(pDb->createUser, pUser->user) == 0) { - int32_t len = strlen(pDb->name) + 1; - taosHashPut(pRsp->createdDbs, pDb->name, len, pDb->name, len); - } - - sdbRelease(pSdb, pDb); - } - - return 0; -} - static int32_t mndProcessGetUserAuthReq(SRpcMsg *pReq) { SMnode *pMnode = pReq->info.node; int32_t code = -1;