Skip to content

TDengine
TDengine

taosdata / TDengine
11 个月 前同步成功

通知 1179
Star 22014
Fork 4786
TDengine
TDengine

体验新版 GitCode,发现更多精彩内容 >>

提交 6711d794 编写于 作者: S Shengliang Guan
浏览文件
操作

feat: increase enable and sysinfo limits for user privilege

上级 5ea1f351
隐藏空白更改
内联 并排
Showing with 213 addition and 369 deletion
include/util/taoserror.h
浏览文件 @ 6711d794
......@@ -132,7 +132,8 @@ int32_t* taosGetErrno();
#define TSDB_CODE_MND_APP_ERROR TAOS_DEF_ERROR_CODE(0, 0x0300)
#define TSDB_CODE_MND_NOT_READY TAOS_DEF_ERROR_CODE(0, 0x0301)
#define TSDB_CODE_MND_NO_RIGHTS TAOS_DEF_ERROR_CODE(0, 0x0302)
#define TSDB_CODE_MND_INVALID_CONNECTION TAOS_DEF_ERROR_CODE(0, 0x0303)
#define TSDB_CODE_MND_USER_DISABLED TAOS_DEF_ERROR_CODE(0, 0x0303)
#define TSDB_CODE_MND_INVALID_CONNECTION TAOS_DEF_ERROR_CODE(0, 0x0304)
// mnode-show
#define TSDB_CODE_MND_INVALID_SHOWOBJ TAOS_DEF_ERROR_CODE(0, 0x0310)
......
source/dnode/mnode/impl/inc/mndAuth.h
浏览文件 @ 6711d794
......@@ -22,23 +22,42 @@
extern "C" {
#endif
typedef enum {
MND_OPER_CREATE_USER = 1,
MND_OPER_DROP_USER,
MND_OPER_ALTER_USER,
MND_OPER_CREATE_BNODE,
MND_OPER_DROP_BNODE,
MND_OPER_CREATE_DNODE,
MND_OPER_DROP_DNODE,
MND_OPER_CREATE_MNODE,
MND_OPER_DROP_MNODE,
MND_OPER_CREATE_QNODE,
MND_OPER_DROP_QNODE,
MND_OPER_CREATE_SNODE,
MND_OPER_DROP_SNODE,
MND_OPER_REDISTRIBUTE_VGROUP,
MND_OPER_SPLIT_VGROUP,
MND_OPER_BALANCE_VGROUP,
MND_OPER_CREATE_FUNC,
MND_OPER_DROP_FUNC,
MND_OPER_KILL_TRANS,
MND_OPER_CREATE_DB,
MND_OPER_ALTER_DB,
MND_OPER_DROP_DB,
MND_OPER_COMPACT_DB,
MND_OPER_USE_DB,
MND_OPER_WRITE_DB,
MND_OPER_READ_DB,
} EOperType;
int32_t mndInitAuth(SMnode *pMnode);
void mndCleanupAuth(SMnode *pMnode);
int32_t mndCheckCreateUserAuth(SUserObj *pOperUser);
int32_t mndCheckOperAuth(SMnode *pMnode, const char *user, EOperType operType);
int32_t mndCheckDbAuth(SMnode *pMnode, const char *user, EOperType operType, SDbObj *pDb);
int32_t mndCheckShowAuth(SMnode *pMnode, const char *user, int32_t showType);
int32_t mndCheckAlterUserAuth(SUserObj *pOperUser, SUserObj *pUser, SAlterUserReq *pAlter);
int32_t mndCheckDropUserAuth(SUserObj *pOperUser);
int32_t mndCheckNodeAuth(SUserObj *pOperUser);
int32_t mndCheckFuncAuth(SUserObj *pOperUser);
int32_t mndCheckTransAuth(SUserObj *pOperUser);
int32_t mndCheckCreateDbAuth(SUserObj *pOperUser);
int32_t mndCheckAlterDropCompactDbAuth(SUserObj *pOperUser, SDbObj *pDb);
int32_t mndCheckUseDbAuth(SUserObj *pOperUser, SDbObj *pDb);
int32_t mndCheckWriteAuth(SUserObj *pOperUser, SDbObj *pDb);
int32_t mndCheckReadAuth(SUserObj *pOperUser, SDbObj *pDb);
#ifdef __cplusplus
}
......
source/dnode/mnode/impl/src/mndAuth.c
浏览文件 @ 6711d794
......@@ -73,29 +73,44 @@ static int32_t mndProcessAuthReq(SRpcMsg *pReq) {
return code;
}
int32_t mndCheckCreateUserAuth(SUserObj *pOperUser) {
if (pOperUser->superUser) return 0;
int32_t mndCheckOperAuth(SMnode *pMnode, const char *user, EOperType operType) {
int32_t code = 0;
SUserObj *pUser = mndAcquireUser(pMnode, user);
if (pUser == NULL) {
terrno = TSDB_CODE_MND_NO_USER_FROM_CONN;
code = -1;
goto _OVER;
}
if (pUser->superUser) {
goto _OVER;
}
if (!pUser->enable) {
terrno = TSDB_CODE_MND_USER_DISABLED;
code = -1;
goto _OVER;
}
terrno = TSDB_CODE_MND_NO_RIGHTS;
return -1;
code = -1;
_OVER:
mndReleaseUser(pMnode, pUser);
return code;
}
int32_t mndCheckAlterUserAuth(SUserObj *pOperUser, SUserObj *pUser, SAlterUserReq *pAlter) {
if (pAlter->alterType == TSDB_ALTER_USER_PASSWD) {
if (pOperUser->superUser || strcmp(pUser->user, pOperUser->user) == 0) {
return 0;
}
} else if (pAlter->alterType == TSDB_ALTER_USER_SUPERUSER) {
if (strcmp(pUser->user, TSDB_DEFAULT_USER) == 0) {
terrno = TSDB_CODE_MND_NO_RIGHTS;
return -1;
}
if (pOperUser->superUser) return 0;
if (!pOperUser->enable) {
terrno = TSDB_CODE_MND_USER_DISABLED;
return -1;
}
if (pOperUser->superUser) {
return 0;
}
} else {
if (pOperUser->superUser) {
return 0;
if (pAlter->alterType == TSDB_ALTER_USER_PASSWD) {
if (strcmp(pUser->user, pOperUser->user) == 0) {
if (pOperUser->sysInfo) return 0;
}
}
......@@ -103,65 +118,92 @@ int32_t mndCheckAlterUserAuth(SUserObj *pOperUser, SUserObj *pUser, SAlterUserRe
return -1;
}
int32_t mndCheckDropUserAuth(SUserObj *pOperUser) {
if (pOperUser->superUser) return 0;
terrno = TSDB_CODE_MND_NO_RIGHTS;
return -1;
}
int32_t mndCheckShowAuth(SMnode *pMnode, const char *user, int32_t showType) {
int32_t code = 0;
SUserObj *pUser = mndAcquireUser(pMnode, user);
int32_t mndCheckNodeAuth(SUserObj *pOperUser) {
if (pOperUser->superUser) return 0;
terrno = TSDB_CODE_MND_NO_RIGHTS;
return -1;
}
if (pUser == NULL) {
code = -1;
goto _OVER;
}
int32_t mndCheckFuncAuth(SUserObj *pOperUser) {
if (pOperUser->superUser) return 0;
terrno = TSDB_CODE_MND_NO_RIGHTS;
return -1;
}
if (pUser->superUser) {
goto _OVER;
}
if (!pUser->enable) {
terrno = TSDB_CODE_MND_USER_DISABLED;
code = -1;
goto _OVER;
}
if (!pUser->sysInfo) {
terrno = TSDB_CODE_MND_NO_RIGHTS;
code = -1;
goto _OVER;
}
int32_t mndCheckTransAuth(SUserObj *pOperUser) {
if (pOperUser->superUser) return 0;
terrno = TSDB_CODE_MND_NO_RIGHTS;
return -1;
code = -1;
_OVER:
mndReleaseUser(pMnode, pUser);
return code;
}
int32_t mndCheckCreateDbAuth(SUserObj *pOperUser) { return 0; }
int32_t mndCheckDbAuth(SMnode *pMnode, const char *user, EOperType operType, SDbObj *pDb) {
int32_t code = 0;
SUserObj *pUser = mndAcquireUser(pMnode, user);
int32_t mndCheckAlterDropCompactDbAuth(SUserObj *pOperUser, SDbObj *pDb) {
if (pOperUser->superUser || strcmp(pOperUser->user, pDb->createUser) == 0) {
return 0;
if (pUser == NULL) {
code = -1;
goto _OVER;
}
terrno = TSDB_CODE_MND_NO_RIGHTS;
return -1;
}
if (pUser->superUser) goto _OVER;
int32_t mndCheckUseDbAuth(SUserObj *pOperUser, SDbObj *pDb) { return 0; }
if (!pUser->enable) {
terrno = TSDB_CODE_MND_USER_DISABLED;
code = -1;
goto _OVER;
}
int32_t mndCheckWriteAuth(SUserObj *pOperUser, SDbObj *pDb) {
if (pOperUser->superUser || strcmp(pOperUser->user, pDb->createUser) == 0) {
return 0;
if (operType == MND_OPER_CREATE_DB) {
if (pUser->sysInfo) goto _OVER;
}
if (taosHashGet(pOperUser->writeDbs, pDb->name, strlen(pDb->name) + 1) != NULL) {
return 0;
if (operType == MND_OPER_ALTER_DB) {
if (strcmp(pUser->user, pDb->createUser) == 0 && pUser->sysInfo) goto _OVER;
}
terrno = TSDB_CODE_MND_NO_RIGHTS;
return -1;
}
if (operType == MND_OPER_DROP_DB) {
if (strcmp(pUser->user, pDb->createUser) == 0 && pUser->sysInfo) goto _OVER;
}
int32_t mndCheckReadAuth(SUserObj *pOperUser, SDbObj *pDb) {
if (pOperUser->superUser || strcmp(pOperUser->user, pDb->createUser) == 0) {
return 0;
if (operType == MND_OPER_COMPACT_DB) {
if (strcmp(pUser->user, pDb->createUser) == 0 && pUser->sysInfo) goto _OVER;
}
if (taosHashGet(pOperUser->readDbs, pDb->name, strlen(pDb->name) + 1) != NULL) {
return 0;
if (operType == MND_OPER_USE_DB) {
if (strcmp(pUser->user, pDb->createUser) == 0) goto _OVER;
if (taosHashGet(pUser->readDbs, pDb->name, strlen(pDb->name) + 1) != NULL) goto _OVER;
if (taosHashGet(pUser->writeDbs, pDb->name, strlen(pDb->name) + 1) != NULL) goto _OVER;
}
if (operType == MND_OPER_WRITE_DB) {
if (strcmp(pUser->user, pDb->createUser) == 0) goto _OVER;
if (taosHashGet(pUser->writeDbs, pDb->name, strlen(pDb->name) + 1) != NULL) goto _OVER;
}
if (operType == MND_OPER_READ_DB) {
if (strcmp(pUser->user, pDb->createUser) == 0) goto _OVER;
if (taosHashGet(pUser->readDbs, pDb->name, strlen(pDb->name) + 1) != NULL) goto _OVER;
}
terrno = TSDB_CODE_MND_NO_RIGHTS;
return -1;
code = -1;
_OVER:
mndReleaseUser(pMnode, pUser);
return code;
}
source/dnode/mnode/impl/src/mndBnode.c
浏览文件 @ 6711d794
......@@ -269,7 +269,6 @@ static int32_t mndProcessCreateBnodeReq(SRpcMsg *pReq) {
int32_t code = -1;
SBnodeObj *pObj = NULL;
SDnodeObj *pDnode = NULL;
SUserObj *pUser = NULL;
SMCreateBnodeReq createReq = {0};
if (tDeserializeSCreateDropMQSBNodeReq(pReq->pCont, pReq->contLen, &createReq) != 0) {
......@@ -293,13 +292,7 @@ static int32_t mndProcessCreateBnodeReq(SRpcMsg *pReq) {
goto _OVER;
}
pUser = mndAcquireUser(pMnode, pReq->conn.user);
if (pUser == NULL) {
terrno = TSDB_CODE_MND_NO_USER_FROM_CONN;
goto _OVER;
}
if (mndCheckNodeAuth(pUser) != 0) {
if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_CREATE_BNODE) != 0) {
goto _OVER;
}
......@@ -313,7 +306,6 @@ _OVER:
mndReleaseBnode(pMnode, pObj);
mndReleaseDnode(pMnode, pDnode);
mndReleaseUser(pMnode, pUser);
return code;
}
......@@ -382,7 +374,6 @@ _OVER:
static int32_t mndProcessDropBnodeReq(SRpcMsg *pReq) {
SMnode *pMnode = pReq->info.node;
int32_t code = -1;
SUserObj *pUser = NULL;
SBnodeObj *pObj = NULL;
SMDropBnodeReq dropReq = {0};
......@@ -403,13 +394,7 @@ static int32_t mndProcessDropBnodeReq(SRpcMsg *pReq) {
goto _OVER;
}
pUser = mndAcquireUser(pMnode, pReq->conn.user);
if (pUser == NULL) {
terrno = TSDB_CODE_MND_NO_USER_FROM_CONN;
goto _OVER;
}
if (mndCheckNodeAuth(pUser) != 0) {
if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_DROP_BNODE) != 0) {
goto _OVER;
}
......@@ -422,8 +407,6 @@ _OVER:
}
mndReleaseBnode(pMnode, pObj);
mndReleaseUser(pMnode, pUser);
return code;
}
......
source/dnode/mnode/impl/src/mndDb.c
浏览文件 @ 6711d794
......@@ -526,7 +526,7 @@ static int32_t mndProcessCreateDbReq(SRpcMsg *pReq) {
goto _OVER;
}
if (mndCheckCreateDbAuth(pUser) != 0) {
if (mndCheckDbAuth(pMnode, pReq->conn.user, MND_OPER_CREATE_DB, NULL) != 0) {
goto _OVER;
}
......@@ -684,7 +684,6 @@ static int32_t mndProcessAlterDbReq(SRpcMsg *pReq) {
SMnode *pMnode = pReq->info.node;
int32_t code = -1;
SDbObj *pDb = NULL;
SUserObj *pUser = NULL;
SAlterDbReq alterReq = {0};
SDbObj dbObj = {0};
......@@ -701,12 +700,7 @@ static int32_t mndProcessAlterDbReq(SRpcMsg *pReq) {
goto _OVER;
}
pUser = mndAcquireUser(pMnode, pReq->conn.user);
if (pUser == NULL) {
goto _OVER;
}
if (mndCheckAlterDropCompactDbAuth(pUser, pDb) != 0) {
if (mndCheckDbAuth(pMnode, pReq->conn.user, MND_OPER_ALTER_DB, pDb) != 0) {
goto _OVER;
}
......@@ -733,7 +727,6 @@ _OVER:
}
mndReleaseDb(pMnode, pDb);
mndReleaseUser(pMnode, pUser);
taosArrayDestroy(dbObj.cfg.pRetensions);
return code;
......@@ -967,7 +960,6 @@ static int32_t mndProcessDropDbReq(SRpcMsg *pReq) {
SMnode *pMnode = pReq->info.node;
int32_t code = -1;
SDbObj *pDb = NULL;
SUserObj *pUser = NULL;
SDropDbReq dropReq = {0};
if (tDeserializeSDropDbReq(pReq->pCont, pReq->contLen, &dropReq) != 0) {
......@@ -988,12 +980,7 @@ static int32_t mndProcessDropDbReq(SRpcMsg *pReq) {
}
}
pUser = mndAcquireUser(pMnode, pReq->conn.user);
if (pUser == NULL) {
goto _OVER;
}
if (mndCheckAlterDropCompactDbAuth(pUser, pDb) != 0) {
if (mndCheckDbAuth(pMnode, pReq->conn.user, MND_OPER_DROP_DB, pDb) != 0) {
goto _OVER;
}
......@@ -1006,8 +993,6 @@ _OVER:
}
mndReleaseDb(pMnode, pDb);
mndReleaseUser(pMnode, pUser);
return code;
}
......@@ -1103,7 +1088,6 @@ static int32_t mndProcessUseDbReq(SRpcMsg *pReq) {
SMnode *pMnode = pReq->info.node;
int32_t code = -1;
SDbObj *pDb = NULL;
SUserObj *pUser = NULL;
SUseDbReq usedbReq = {0};
SUseDbRsp usedbRsp = {0};
......@@ -1143,12 +1127,7 @@ static int32_t mndProcessUseDbReq(SRpcMsg *pReq) {
mError("db:%s, failed to process use db req since %s", usedbReq.db, terrstr());
} else {
pUser = mndAcquireUser(pMnode, pReq->conn.user);
if (pUser == NULL) {
goto _OVER;
}
if (mndCheckUseDbAuth(pUser, pDb) != 0) {
if (mndCheckDbAuth(pMnode, pReq->conn.user, MND_OPER_USE_DB, pDb) != 0) {
goto _OVER;
}
......@@ -1179,7 +1158,6 @@ _OVER:
}
mndReleaseDb(pMnode, pDb);
mndReleaseUser(pMnode, pUser);
tFreeSUsedbRsp(&usedbRsp);
return code;
......@@ -1260,7 +1238,6 @@ static int32_t mndProcessCompactDbReq(SRpcMsg *pReq) {
SMnode *pMnode = pReq->info.node;
int32_t code = -1;
SDbObj *pDb = NULL;
SUserObj *pUser = NULL;
SCompactDbReq compactReq = {0};
if (tDeserializeSCompactDbReq(pReq->pCont, pReq->contLen, &compactReq) != 0) {
......@@ -1275,12 +1252,7 @@ static int32_t mndProcessCompactDbReq(SRpcMsg *pReq) {
goto _OVER;
}
pUser = mndAcquireUser(pMnode, pReq->conn.user);
if (pUser == NULL) {
goto _OVER;
}
if (mndCheckAlterDropCompactDbAuth(pUser, pDb) != 0) {
if (mndCheckDbAuth(pMnode, pReq->conn.user, MND_OPER_COMPACT_DB, pDb) != 0) {
goto _OVER;
}
......@@ -1292,8 +1264,6 @@ _OVER:
}
mndReleaseDb(pMnode, pDb);
mndReleaseUser(pMnode, pUser);
return code;
}
......
source/dnode/mnode/impl/src/mndDnode.c
浏览文件 @ 6711d794
......@@ -499,7 +499,6 @@ _OVER:
static int32_t mndProcessCreateDnodeReq(SRpcMsg *pReq) {
SMnode *pMnode = pReq->info.node;
int32_t code = -1;
SUserObj *pUser = NULL;
SDnodeObj *pDnode = NULL;
SCreateDnodeReq createReq = {0};
......@@ -522,13 +521,7 @@ static int32_t mndProcessCreateDnodeReq(SRpcMsg *pReq) {
goto _OVER;
}
pUser = mndAcquireUser(pMnode, pReq->conn.user);
if (pUser == NULL) {
terrno = TSDB_CODE_MND_NO_USER_FROM_CONN;
goto _OVER;
}
if (mndCheckNodeAuth(pUser) != 0) {
if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_CREATE_DNODE) != 0) {
goto _OVER;
}
......@@ -541,7 +534,6 @@ _OVER:
}
mndReleaseDnode(pMnode, pDnode);
mndReleaseUser(pMnode, pUser);
return code;
}
......@@ -586,7 +578,6 @@ _OVER:
static int32_t mndProcessDropDnodeReq(SRpcMsg *pReq) {
SMnode *pMnode = pReq->info.node;
int32_t code = -1;
SUserObj *pUser = NULL;
SDnodeObj *pDnode = NULL;
SMnodeObj *pMObj = NULL;
SMDropMnodeReq dropReq = {0};
......@@ -631,13 +622,7 @@ static int32_t mndProcessDropDnodeReq(SRpcMsg *pReq) {
}
}
pUser = mndAcquireUser(pMnode, pReq->conn.user);
if (pUser == NULL) {
terrno = TSDB_CODE_MND_NO_USER_FROM_CONN;
goto _OVER;
}
if (mndCheckNodeAuth(pUser) != 0) {
if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_DROP_MNODE) != 0) {
goto _OVER;
}
......@@ -650,7 +635,6 @@ _OVER:
}
mndReleaseDnode(pMnode, pDnode);
mndReleaseUser(pMnode, pUser);
mndReleaseMnode(pMnode, pMObj);
return code;
}
......
source/dnode/mnode/impl/src/mndFunc.c
浏览文件 @ 6711d794
......@@ -274,7 +274,6 @@ _OVER:
static int32_t mndProcessCreateFuncReq(SRpcMsg *pReq) {
SMnode *pMnode = pReq->info.node;
int32_t code = -1;
SUserObj *pUser = NULL;
SFuncObj *pFunc = NULL;
SCreateFuncReq createReq = {0};
......@@ -309,23 +308,17 @@ static int32_t mndProcessCreateFuncReq(SRpcMsg *pReq) {
goto _OVER;
}
if (createReq.codeLen <= 1) {
terrno = TSDB_CODE_MND_INVALID_FUNC_CODE;
goto _OVER;
}
if (createReq.bufSize < 0 || createReq.bufSize > TSDB_FUNC_BUF_SIZE) {
terrno = TSDB_CODE_MND_INVALID_FUNC_BUFSIZE;
if (createReq.codeLen <= 1) {
terrno = TSDB_CODE_MND_INVALID_FUNC_CODE;
goto _OVER;
}
pUser = mndAcquireUser(pMnode, pReq->conn.user);
if (pUser == NULL) {
terrno = TSDB_CODE_MND_NO_USER_FROM_CONN;
if (createReq.bufSize < 0 || createReq.bufSize > TSDB_FUNC_BUF_SIZE) {
terrno = TSDB_CODE_MND_INVALID_FUNC_BUFSIZE;
goto _OVER;
}
if (mndCheckFuncAuth(pUser)) {
if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_CREATE_FUNC) != 0) {
goto _OVER;
}
......@@ -338,16 +331,13 @@ _OVER:
}
mndReleaseFunc(pMnode, pFunc);
mndReleaseUser(pMnode, pUser);
tFreeSCreateFuncReq(&createReq);
return code;
}
static int32_t mndProcessDropFuncReq(SRpcMsg *pReq) {
SMnode *pMnode = pReq->info.node;
int32_t code = -1;
SUserObj *pUser = NULL;
SFuncObj *pFunc = NULL;
SDropFuncReq dropReq = {0};
......@@ -375,13 +365,7 @@ static int32_t mndProcessDropFuncReq(SRpcMsg *pReq) {
}
}
pUser = mndAcquireUser(pMnode, pReq->conn.user);
if (pUser == NULL) {
terrno = TSDB_CODE_MND_NO_USER_FROM_CONN;
goto _OVER;
}
if (mndCheckFuncAuth(pUser)) {
if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_DROP_FUNC) != 0) {
goto _OVER;
}
......@@ -394,8 +378,6 @@ _OVER:
}
mndReleaseFunc(pMnode, pFunc);
mndReleaseUser(pMnode, pUser);
return code;
}
......
source/dnode/mnode/impl/src/mndMnode.c
浏览文件 @ 6711d794
......@@ -381,7 +381,6 @@ static int32_t mndProcessCreateMnodeReq(SRpcMsg *pReq) {
int32_t code = -1;
SMnodeObj *pObj = NULL;
SDnodeObj *pDnode = NULL;
SUserObj *pUser = NULL;
SMCreateMnodeReq createReq = {0};
if (tDeserializeSCreateDropMQSBNodeReq(pReq->pCont, pReq->contLen, &createReq) != 0) {
......@@ -415,13 +414,7 @@ static int32_t mndProcessCreateMnodeReq(SRpcMsg *pReq) {
goto _OVER;
}
pUser = mndAcquireUser(pMnode, pReq->conn.user);
if (pUser == NULL) {
terrno = TSDB_CODE_MND_NO_USER_FROM_CONN;
goto _OVER;
}
if (mndCheckNodeAuth(pUser) != 0) {
if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_CREATE_MNODE) != 0) {
goto _OVER;
}
......@@ -435,7 +428,6 @@ _OVER:
mndReleaseMnode(pMnode, pObj);
mndReleaseDnode(pMnode, pDnode);
mndReleaseUser(pMnode, pUser);
return code;
}
......@@ -594,7 +586,6 @@ _OVER:
static int32_t mndProcessDropMnodeReq(SRpcMsg *pReq) {
SMnode *pMnode = pReq->info.node;
int32_t code = -1;
SUserObj *pUser = NULL;
SMnodeObj *pObj = NULL;
SMDropMnodeReq dropReq = {0};
......@@ -630,13 +621,7 @@ static int32_t mndProcessDropMnodeReq(SRpcMsg *pReq) {
goto _OVER;
}
pUser = mndAcquireUser(pMnode, pReq->conn.user);
if (pUser == NULL) {
terrno = TSDB_CODE_MND_NO_USER_FROM_CONN;
goto _OVER;
}
if (mndCheckNodeAuth(pUser) != 0) {
if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_DROP_MNODE) != 0) {
goto _OVER;
}
......@@ -649,8 +634,6 @@ _OVER:
}
mndReleaseMnode(pMnode, pObj);
mndReleaseUser(pMnode, pUser);
return code;
}
......
source/dnode/mnode/impl/src/mndQnode.c
浏览文件 @ 6711d794
......@@ -271,7 +271,6 @@ static int32_t mndProcessCreateQnodeReq(SRpcMsg *pReq) {
int32_t code = -1;
SQnodeObj *pObj = NULL;
SDnodeObj *pDnode = NULL;
SUserObj *pUser = NULL;
SMCreateQnodeReq createReq = {0};
if (tDeserializeSCreateDropMQSBNodeReq(pReq->pCont, pReq->contLen, &createReq) != 0) {
......@@ -295,13 +294,7 @@ static int32_t mndProcessCreateQnodeReq(SRpcMsg *pReq) {
goto _OVER;
}
pUser = mndAcquireUser(pMnode, pReq->conn.user);
if (pUser == NULL) {
terrno = TSDB_CODE_MND_NO_USER_FROM_CONN;
goto _OVER;
}
if (mndCheckNodeAuth(pUser) != 0) {
if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_CREATE_QNODE) != 0) {
goto _OVER;
}
......@@ -315,7 +308,6 @@ _OVER:
mndReleaseQnode(pMnode, pObj);
mndReleaseDnode(pMnode, pDnode);
mndReleaseUser(pMnode, pUser);
return code;
}
......@@ -384,7 +376,6 @@ _OVER:
static int32_t mndProcessDropQnodeReq(SRpcMsg *pReq) {
SMnode *pMnode = pReq->info.node;
int32_t code = -1;
SUserObj *pUser = NULL;
SQnodeObj *pObj = NULL;
SMDropQnodeReq dropReq = {0};
......@@ -405,13 +396,7 @@ static int32_t mndProcessDropQnodeReq(SRpcMsg *pReq) {
goto _OVER;
}
pUser = mndAcquireUser(pMnode, pReq->conn.user);
if (pUser == NULL) {
terrno = TSDB_CODE_MND_NO_USER_FROM_CONN;
goto _OVER;
}
if (mndCheckNodeAuth(pUser) != 0) {
if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_DROP_QNODE) != 0) {
goto _OVER;
}
......@@ -424,8 +409,6 @@ _OVER:
}
mndReleaseQnode(pMnode, pObj);
mndReleaseUser(pMnode, pUser);
return code;
}
......
source/dnode/mnode/impl/src/mndShow.c
浏览文件 @ 6711d794
......@@ -16,6 +16,7 @@
#define _DEFAULT_SOURCE
#include "mndShow.h"
#include "systable.h"
#include "mndAuth.h"
#define SHOW_STEP_SIZE 100
......@@ -228,6 +229,8 @@ static int32_t mndProcessRetrieveSysTableReq(SRpcMsg *pReq) {
mDebug("show:0x%" PRIx64 ", start retrieve data, type:%d", pShow->id, pShow->type);
// if (mndCheckShowAuth(pMnode, pReq->conn.user, pShow->type) != 0) return -1;
int32_t numOfCols = pShow->pMeta->numOfColumns;
SSDataBlock *pBlock = taosMemoryCalloc(1, sizeof(SSDataBlock));
pBlock->pDataBlock = taosArrayInit(numOfCols, sizeof(SColumnInfoData));
......
source/dnode/mnode/impl/src/mndSma.c
浏览文件 @ 6711d794
......@@ -628,7 +628,6 @@ static int32_t mndProcessCreateSmaReq(SRpcMsg *pReq) {
SSmaObj *pSma = NULL;
SStreamObj *pStream = NULL;
SDbObj *pDb = NULL;
SUserObj *pUser = NULL;
SMCreateSmaReq createReq = {0};
if (tDeserializeSMCreateSmaReq(pReq->pCont, pReq->contLen, &createReq) != 0) {
......@@ -672,12 +671,7 @@ static int32_t mndProcessCreateSmaReq(SRpcMsg *pReq) {
goto _OVER;
}
pUser = mndAcquireUser(pMnode, pReq->conn.user);
if (pUser == NULL) {
goto _OVER;
}
if (mndCheckWriteAuth(pUser, pDb) != 0) {
if (mndCheckDbAuth(pMnode, pReq->conn.user, MND_OPER_WRITE_DB, pDb) != 0) {
goto _OVER;
}
......@@ -693,7 +687,6 @@ _OVER:
mndReleaseSma(pMnode, pSma);
mndReleaseStream(pMnode, pStream);
mndReleaseDb(pMnode, pDb);
mndReleaseUser(pMnode, pUser);
tFreeSMCreateSmaReq(&createReq);
return code;
......@@ -908,7 +901,6 @@ _OVER:
static int32_t mndProcessDropSmaReq(SRpcMsg *pReq) {
SMnode *pMnode = pReq->info.node;
int32_t code = -1;
SUserObj *pUser = NULL;
SDbObj *pDb = NULL;
SSmaObj *pSma = NULL;
SMDropSmaReq dropReq = {0};
......@@ -938,12 +930,7 @@ static int32_t mndProcessDropSmaReq(SRpcMsg *pReq) {
goto _OVER;
}
pUser = mndAcquireUser(pMnode, pReq->conn.user);
if (pUser == NULL) {
goto _OVER;
}
if (mndCheckWriteAuth(pUser, pDb) != 0) {
if (mndCheckDbAuth(pMnode, pReq->conn.user, MND_OPER_WRITE_DB, pDb) != 0) {
goto _OVER;
}
......@@ -956,9 +943,6 @@ _OVER:
}
mndReleaseDb(pMnode, pDb);
mndReleaseSma(pMnode, pSma);
mndReleaseUser(pMnode, pUser);
return code;
}
......
source/dnode/mnode/impl/src/mndSnode.c
浏览文件 @ 6711d794
......@@ -277,7 +277,6 @@ static int32_t mndProcessCreateSnodeReq(SRpcMsg *pReq) {
int32_t code = -1;
SSnodeObj *pObj = NULL;
SDnodeObj *pDnode = NULL;
SUserObj *pUser = NULL;
SMCreateSnodeReq createReq = {0};
if (tDeserializeSCreateDropMQSBNodeReq(pReq->pCont, pReq->contLen, &createReq) != 0) {
......@@ -301,13 +300,7 @@ static int32_t mndProcessCreateSnodeReq(SRpcMsg *pReq) {
goto _OVER;
}
pUser = mndAcquireUser(pMnode, pReq->conn.user);
if (pUser == NULL) {
terrno = TSDB_CODE_MND_NO_USER_FROM_CONN;
goto _OVER;
}
if (mndCheckNodeAuth(pUser) != 0) {
if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_CREATE_SNODE) != 0) {
goto _OVER;
}
......@@ -322,7 +315,6 @@ _OVER:
mndReleaseSnode(pMnode, pObj);
mndReleaseDnode(pMnode, pDnode);
mndReleaseUser(pMnode, pUser);
return code;
}
......@@ -392,7 +384,6 @@ _OVER:
static int32_t mndProcessDropSnodeReq(SRpcMsg *pReq) {
SMnode *pMnode = pReq->info.node;
int32_t code = -1;
SUserObj *pUser = NULL;
SSnodeObj *pObj = NULL;
SMDropSnodeReq dropReq = {0};
......@@ -413,13 +404,7 @@ static int32_t mndProcessDropSnodeReq(SRpcMsg *pReq) {
goto _OVER;
}
pUser = mndAcquireUser(pMnode, pReq->conn.user);
if (pUser == NULL) {
terrno = TSDB_CODE_MND_NO_USER_FROM_CONN;
goto _OVER;
}
if (mndCheckNodeAuth(pUser) != 0) {
if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_DROP_SNODE) != 0) {
goto _OVER;
}
......@@ -432,8 +417,6 @@ _OVER:
}
mndReleaseSnode(pMnode, pObj);
mndReleaseUser(pMnode, pUser);
return code;
}
......
source/dnode/mnode/impl/src/mndStb.c
浏览文件 @ 6711d794
......@@ -769,7 +769,6 @@ static int32_t mndProcessCreateStbReq(SRpcMsg *pReq) {
int32_t code = -1;
SStbObj *pStb = NULL;
SDbObj *pDb = NULL;
SUserObj *pUser = NULL;
SMCreateStbReq createReq = {0};
if (tDeserializeSMCreateStbReq(pReq->pCont, pReq->contLen, &createReq) != 0) {
......@@ -803,12 +802,7 @@ static int32_t mndProcessCreateStbReq(SRpcMsg *pReq) {
goto _OVER;
}
pUser = mndAcquireUser(pMnode, pReq->conn.user);
if (pUser == NULL) {
goto _OVER;
}
if (mndCheckWriteAuth(pUser, pDb) != 0) {
if (mndCheckDbAuth(pMnode, pReq->conn.user, MND_OPER_WRITE_DB, pDb) != 0) {
goto _OVER;
}
......@@ -832,7 +826,6 @@ _OVER:
mndReleaseStb(pMnode, pStb);
mndReleaseDb(pMnode, pDb);
mndReleaseUser(pMnode, pUser);
tFreeSMCreateStbReq(&createReq);
return code;
......@@ -1427,7 +1420,6 @@ static int32_t mndProcessAlterStbReq(SRpcMsg *pReq) {
int32_t code = -1;
SDbObj *pDb = NULL;
SStbObj *pStb = NULL;
SUserObj *pUser = NULL;
SMAlterStbReq alterReq = {0};
if (tDeserializeSMAlterStbReq(pReq->pCont, pReq->contLen, &alterReq) != 0) {
......@@ -1458,12 +1450,7 @@ static int32_t mndProcessAlterStbReq(SRpcMsg *pReq) {
goto _OVER;
}
pUser = mndAcquireUser(pMnode, pReq->conn.user);
if (pUser == NULL) {
goto _OVER;
}
if (mndCheckWriteAuth(pUser, pDb) != 0) {
if (mndCheckDbAuth(pMnode, pReq->conn.user, MND_OPER_WRITE_DB, pDb) != 0) {
goto _OVER;
}
......@@ -1477,7 +1464,6 @@ _OVER:
mndReleaseStb(pMnode, pStb);
mndReleaseDb(pMnode, pDb);
mndReleaseUser(pMnode, pUser);
taosArrayDestroy(alterReq.pFields);
return code;
......@@ -1565,7 +1551,6 @@ _OVER:
static int32_t mndProcessDropStbReq(SRpcMsg *pReq) {
SMnode *pMnode = pReq->info.node;
int32_t code = -1;
SUserObj *pUser = NULL;
SDbObj *pDb = NULL;
SStbObj *pStb = NULL;
SMDropStbReq dropReq = {0};
......@@ -1595,12 +1580,7 @@ static int32_t mndProcessDropStbReq(SRpcMsg *pReq) {
goto _OVER;
}
pUser = mndAcquireUser(pMnode, pReq->conn.user);
if (pUser == NULL) {
goto _OVER;
}
if (mndCheckWriteAuth(pUser, pDb) != 0) {
if (mndCheckDbAuth(pMnode, pReq->conn.user, MND_OPER_WRITE_DB, pDb) != 0) {
goto _OVER;
}
......@@ -1614,8 +1594,6 @@ _OVER:
mndReleaseDb(pMnode, pDb);
mndReleaseStb(pMnode, pStb);
mndReleaseUser(pMnode, pUser);
return code;
}
......
source/dnode/mnode/impl/src/mndStream.c
浏览文件 @ 6711d794
......@@ -293,7 +293,6 @@ int32_t mndAddStreamToTrans(SMnode *pMnode, SStreamObj *pStream, const char *ast
static int32_t mndCreateStbForStream(SMnode *pMnode, STrans *pTrans, const SStreamObj *pStream, const char *user) {
SStbObj *pStb = NULL;
SDbObj *pDb = NULL;
SUserObj *pUser = NULL;
SMCreateStbReq createReq = {0};
tstrncpy(createReq.name, pStream->targetSTbName, TSDB_TABLE_FNAME_LEN);
......@@ -335,12 +334,8 @@ static int32_t mndCreateStbForStream(SMnode *pMnode, STrans *pTrans, const SStre
goto _OVER;
}
pUser = mndAcquireUser(pMnode, user);
if (pUser == NULL) {
goto _OVER;
}
if (mndCheckWriteAuth(pUser, pDb) != 0) {
if (mndCheckDbAuth(pMnode, user, MND_OPER_WRITE_DB, pDb) != 0) {
goto _OVER;
}
......@@ -368,7 +363,6 @@ static int32_t mndCreateStbForStream(SMnode *pMnode, STrans *pTrans, const SStre
_OVER:
mndReleaseStb(pMnode, pStb);
mndReleaseDb(pMnode, pDb);
mndReleaseUser(pMnode, pUser);
return -1;
}
......@@ -436,19 +430,18 @@ static int32_t mndProcessCreateStreamReq(SRpcMsg *pReq) {
int32_t code = -1;
SStreamObj *pStream = NULL;
SDbObj *pDb = NULL;
SUserObj *pUser = NULL;
SCMCreateStreamReq createStreamReq = {0};
if (tDeserializeSCMCreateStreamReq(pReq->pCont, pReq->contLen, &createStreamReq) != 0) {
terrno = TSDB_CODE_INVALID_MSG;
goto CREATE_STREAM_OVER;
goto _OVER;
}
mDebug("stream:%s, start to create, sql:%s", createStreamReq.name, createStreamReq.sql);
if (mndCheckCreateStreamReq(&createStreamReq) != 0) {
mError("stream:%s, failed to create since %s", createStreamReq.name, terrstr());
goto CREATE_STREAM_OVER;
goto _OVER;
}
pStream = mndAcquireStream(pMnode, createStreamReq.name);
......@@ -456,41 +449,35 @@ static int32_t mndProcessCreateStreamReq(SRpcMsg *pReq) {
if (createStreamReq.igExists) {
mDebug("stream:%s, already exist, ignore exist is set", createStreamReq.name);
code = 0;
goto CREATE_STREAM_OVER;
goto _OVER;
} else {
terrno = TSDB_CODE_MND_STREAM_ALREADY_EXIST;
goto CREATE_STREAM_OVER;
goto _OVER;
}
} else if (terrno != TSDB_CODE_MND_STREAM_NOT_EXIST) {
goto CREATE_STREAM_OVER;
goto _OVER;
}
pDb = mndAcquireDb(pMnode, createStreamReq.sourceDB);
if (pDb == NULL) {
terrno = TSDB_CODE_MND_DB_NOT_SELECTED;
goto CREATE_STREAM_OVER;
}
pUser = mndAcquireUser(pMnode, pReq->conn.user);
if (pUser == NULL) {
goto CREATE_STREAM_OVER;
goto _OVER;
}
if (mndCheckWriteAuth(pUser, pDb) != 0) {
goto CREATE_STREAM_OVER;
if (mndCheckDbAuth(pMnode, pReq->conn.user, MND_OPER_WRITE_DB, pDb) != 0) {
goto _OVER;
}
code = mndCreateStream(pMnode, pReq, &createStreamReq, pDb);
if (code == 0) code = TSDB_CODE_ACTION_IN_PROGRESS;
CREATE_STREAM_OVER:
_OVER:
if (code != 0 && code != TSDB_CODE_ACTION_IN_PROGRESS) {
mError("stream:%s, failed to create since %s", createStreamReq.name, terrstr());
}
mndReleaseStream(pMnode, pStream);
mndReleaseDb(pMnode, pDb);
mndReleaseUser(pMnode, pUser);
tFreeSCMCreateStreamReq(&createStreamReq);
return code;
......
source/dnode/mnode/impl/src/mndTopic.c
浏览文件 @ 6711d794
......@@ -387,7 +387,7 @@ static int32_t mndCreateTopic(SMnode *pMnode, SRpcMsg *pReq, SCMCreateTopicReq *
return -1;
}
if (nodesNodeToString((SNode*)pPlan, false, &topicObj.physicalPlan, NULL) != 0) {
if (nodesNodeToString((SNode *)pPlan, false, &topicObj.physicalPlan, NULL) != 0) {
mError("topic:%s, failed to create since %s", pCreate->name, terrstr());
taosMemoryFree(topicObj.ast);
taosMemoryFree(topicObj.sql);
......@@ -440,19 +440,18 @@ static int32_t mndProcessCreateTopicReq(SRpcMsg *pReq) {
int32_t code = -1;
SMqTopicObj *pTopic = NULL;
SDbObj *pDb = NULL;
SUserObj *pUser = NULL;
SCMCreateTopicReq createTopicReq = {0};
if (tDeserializeSCMCreateTopicReq(pReq->pCont, pReq->contLen, &createTopicReq) != 0) {
terrno = TSDB_CODE_INVALID_MSG;
goto CREATE_TOPIC_OVER;
goto _OVER;
}
mDebug("topic:%s, start to create, sql:%s", createTopicReq.name, createTopicReq.sql);
if (mndCheckCreateTopicReq(&createTopicReq) != 0) {
mError("topic:%s, failed to create since %s", createTopicReq.name, terrstr());
goto CREATE_TOPIC_OVER;
goto _OVER;
}
pTopic = mndAcquireTopic(pMnode, createTopicReq.name);
......@@ -460,41 +459,35 @@ static int32_t mndProcessCreateTopicReq(SRpcMsg *pReq) {
if (createTopicReq.igExists) {
mDebug("topic:%s, already exist, ignore exist is set", createTopicReq.name);
code = 0;
goto CREATE_TOPIC_OVER;
goto _OVER;
} else {
terrno = TSDB_CODE_MND_TOPIC_ALREADY_EXIST;
goto CREATE_TOPIC_OVER;
goto _OVER;
}
} else if (terrno != TSDB_CODE_MND_TOPIC_NOT_EXIST) {
goto CREATE_TOPIC_OVER;
goto _OVER;
}
pDb = mndAcquireDb(pMnode, createTopicReq.subDbName);
if (pDb == NULL) {
terrno = TSDB_CODE_MND_DB_NOT_SELECTED;
goto CREATE_TOPIC_OVER;
goto _OVER;
}
pUser = mndAcquireUser(pMnode, pReq->conn.user);
if (pUser == NULL) {
goto CREATE_TOPIC_OVER;
}
if (mndCheckWriteAuth(pUser, pDb) != 0) {
goto CREATE_TOPIC_OVER;
if (mndCheckDbAuth(pMnode, pReq->conn.user, MND_OPER_WRITE_DB, pDb) != 0) {
goto _OVER;
}
code = mndCreateTopic(pMnode, pReq, &createTopicReq, pDb);
if (code == 0) code = TSDB_CODE_ACTION_IN_PROGRESS;
CREATE_TOPIC_OVER:
_OVER:
if (code != 0 && code != TSDB_CODE_ACTION_IN_PROGRESS) {
mError("topic:%s, failed to create since %s", createTopicReq.name, terrstr());
}
mndReleaseTopic(pMnode, pTopic);
mndReleaseDb(pMnode, pDb);
mndReleaseUser(pMnode, pUser);
tFreeSCMCreateTopicReq(&createTopicReq);
return code;
......
source/dnode/mnode/impl/src/mndTrans.c
浏览文件 @ 6711d794
......@@ -1364,7 +1364,6 @@ static int32_t mndProcessKillTransReq(SRpcMsg *pReq) {
SMnode *pMnode = pReq->info.node;
SKillTransReq killReq = {0};
int32_t code = -1;
SUserObj *pUser = NULL;
STrans *pTrans = NULL;
if (tDeserializeSKillTransReq(pReq->pCont, pReq->contLen, &killReq) != 0) {
......@@ -1374,12 +1373,7 @@ static int32_t mndProcessKillTransReq(SRpcMsg *pReq) {
mInfo("trans:%d, start to kill", killReq.transId);
pUser = mndAcquireUser(pMnode, pReq->conn.user);
if (pUser == NULL) {
goto _OVER;
}
if (mndCheckTransAuth(pUser) != 0) {
if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_KILL_TRANS) != 0) {
goto _OVER;
}
......@@ -1395,7 +1389,6 @@ _OVER:
mError("trans:%d, failed to kill since %s", killReq.transId, terrstr());
}
mndReleaseUser(pMnode, pUser);
mndReleaseTrans(pMnode, pTrans);
return code;
}
......
source/dnode/mnode/impl/src/mndUser.c
浏览文件 @ 6711d794
......@@ -360,7 +360,7 @@ static int32_t mndProcessCreateUserReq(SRpcMsg *pReq) {
goto _OVER;
}
if (mndCheckCreateUserAuth(pOperUser) != 0) {
if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_CREATE_USER) != 0) {
goto _OVER;
}
......@@ -623,7 +623,6 @@ static int32_t mndProcessDropUserReq(SRpcMsg *pReq) {
SMnode *pMnode = pReq->info.node;
int32_t code = -1;
SUserObj *pUser = NULL;
SUserObj *pOperUser = NULL;
SDropUserReq dropReq = {0};
if (tDeserializeSDropUserReq(pReq->pCont, pReq->contLen, &dropReq) != 0) {
......@@ -644,13 +643,7 @@ static int32_t mndProcessDropUserReq(SRpcMsg *pReq) {
goto _OVER;
}
pOperUser = mndAcquireUser(pMnode, pReq->conn.user);
if (pOperUser == NULL) {
terrno = TSDB_CODE_MND_NO_USER_FROM_CONN;
goto _OVER;
}
if (mndCheckDropUserAuth(pOperUser) != 0) {
if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_DROP_USER) != 0) {
goto _OVER;
}
......@@ -662,9 +655,7 @@ _OVER:
mError("user:%s, failed to drop since %s", dropReq.user, terrstr());
}
mndReleaseUser(pMnode, pOperUser);
mndReleaseUser(pMnode, pUser);
return code;
}
......
source/dnode/mnode/impl/src/mndVgroup.c
浏览文件 @ 6711d794
......@@ -1177,7 +1177,6 @@ _OVER:
static int32_t mndProcessRedistributeVgroupMsg(SRpcMsg *pReq) {
SMnode *pMnode = pReq->info.node;
SUserObj *pUser = NULL;
SDnodeObj *pNew1 = NULL;
SDnodeObj *pNew2 = NULL;
SDnodeObj *pNew3 = NULL;
......@@ -1200,13 +1199,8 @@ static int32_t mndProcessRedistributeVgroupMsg(SRpcMsg *pReq) {
}
mInfo("vgId:%d, start to redistribute to dnode %d:%d:%d", req.vgId, req.dnodeId1, req.dnodeId2, req.dnodeId3);
pUser = mndAcquireUser(pMnode, pReq->conn.user);
if (pUser == NULL) {
terrno = TSDB_CODE_MND_NO_USER_FROM_CONN;
goto _OVER;
}
if (mndCheckNodeAuth(pUser) != 0) goto _OVER;
if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_REDISTRIBUTE_VGROUP) != 0) goto _OVER;
pVgroup = mndAcquireVgroup(pMnode, req.vgId);
if (pVgroup == NULL) goto _OVER;
......@@ -1368,7 +1362,6 @@ _OVER:
mndReleaseDnode(pMnode, pOld1);
mndReleaseDnode(pMnode, pOld2);
mndReleaseDnode(pMnode, pOld3);
mndReleaseUser(pMnode, pUser);
mndReleaseVgroup(pMnode, pVgroup);
mndReleaseDb(pMnode, pDb);
......@@ -1493,12 +1486,11 @@ _OVER:
}
static int32_t mndProcessSplitVgroupMsg(SRpcMsg *pReq) {
SMnode *pMnode = pReq->info.node;
int32_t code = -1;
int32_t vgId = 2;
SUserObj *pUser = NULL;
SVgObj *pVgroup = NULL;
SDbObj *pDb = NULL;
SMnode *pMnode = pReq->info.node;
int32_t code = -1;
int32_t vgId = 2;
SVgObj *pVgroup = NULL;
SDbObj *pDb = NULL;
mDebug("vgId:%d, start to split", vgId);
......@@ -1508,19 +1500,12 @@ static int32_t mndProcessSplitVgroupMsg(SRpcMsg *pReq) {
pDb = mndAcquireDb(pMnode, pVgroup->dbName);
if (pDb == NULL) goto _OVER;
pUser = mndAcquireUser(pMnode, pReq->conn.user);
if (pUser == NULL) {
terrno = TSDB_CODE_MND_NO_USER_FROM_CONN;
goto _OVER;
}
if (mndCheckNodeAuth(pUser) != 0) goto _OVER;
if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_SPLIT_VGROUP) != 0) goto _OVER;
code = mndSplitVgroup(pMnode, pReq, pDb, pVgroup);
if (code == 0) code = TSDB_CODE_ACTION_IN_PROGRESS;
_OVER:
mndReleaseUser(pMnode, pUser);
mndReleaseVgroup(pMnode, pVgroup);
mndReleaseDb(pMnode, pDb);
return code;
......@@ -1631,21 +1616,15 @@ _OVER:
}
static int32_t mndProcessBalanceVgroupMsg(SRpcMsg *pReq) {
SMnode *pMnode = pReq->info.node;
int32_t code = -1;
SUserObj *pUser = NULL;
SArray *pArray = NULL;
void *pIter = NULL;
int64_t curMs = taosGetTimestampMs();
SMnode *pMnode = pReq->info.node;
int32_t code = -1;
SArray *pArray = NULL;
void *pIter = NULL;
int64_t curMs = taosGetTimestampMs();
mDebug("start to balance vgroup");
pUser = mndAcquireUser(pMnode, pReq->conn.user);
if (pUser == NULL) {
terrno = TSDB_CODE_MND_NO_USER_FROM_CONN;
goto _OVER;
}
if (mndCheckNodeAuth(pUser) != 0) goto _OVER;
if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_BALANCE_VGROUP) != 0) goto _OVER;
while (1) {
SDnodeObj *pDnode = NULL;
......@@ -1676,7 +1655,6 @@ _OVER:
mError("failed to balance vgroup since %s", terrstr());
}
mndReleaseUser(pMnode, pUser);
taosArrayDestroy(pArray);
return code;
}
\ No newline at end of file
source/util/src/terror.c
浏览文件 @ 6711d794
......@@ -137,6 +137,7 @@ TAOS_DEFINE_ERROR(TSDB_CODE_TSC_STMT_CLAUSE_ERROR, "not supported stmt cl
TAOS_DEFINE_ERROR(TSDB_CODE_MND_APP_ERROR, "Mnode internal error")
TAOS_DEFINE_ERROR(TSDB_CODE_MND_NOT_READY, "Mnode not ready")
TAOS_DEFINE_ERROR(TSDB_CODE_MND_NO_RIGHTS, "Insufficient privilege for operation")
TAOS_DEFINE_ERROR(TSDB_CODE_MND_USER_DISABLED, "User is disabled")
TAOS_DEFINE_ERROR(TSDB_CODE_MND_INVALID_CONNECTION, "Invalid message connection")
// mnode-show
......
tests/system-test/0-others/user_control.py
浏览文件 @ 6711d794
......@@ -246,20 +246,26 @@ class TDTestCase:
user = self.root_user
with taos_connect(user=user.name, passwd=user.passwd) as use:
time.sleep(2)
use.query("use db")
use.query("show tables")
if check_priv == PRIVILEGES_ALL:
use.query("use db")
use.query("show tables")
use.query("select * from ct1")
use.query("insert into t1 (ts) values (now())")
elif check_priv == PRIVILEGES_READ:
use.query("use db")
use.query("show tables")
use.query("select * from ct1")
use.error("insert into t1 (ts) values (now())")
elif check_priv == PRIVILEGES_WRITE:
use.query("use db")
use.query("show tables")
use.error("select * from ct1")
use.query("insert into t1 (ts) values (now())")
elif check_priv is None:
use.error("select * from ct1")
use.error("insert into t1 (ts) values (now())")
use.error("use db")
use.error("show tables")
use.error("select * from db.ct1")
use.error("insert into db.t1 (ts) values (now())")
def __change_user_priv(self, user: User, pre_priv, invoke=False):
if user.priv == pre_priv and invoke :
......@@ -610,7 +616,7 @@ class TDTestCase:
tdLog.printNoPrefix("==========step0: init, user list only has root account")
tdSql.query("show users")
tdSql.checkData(0, 0, "root")
tdSql.checkData(0, 1, "super")
tdSql.checkData(0, 1, "1")
# root用户权限
# 创建用户测试
......@@ -676,7 +682,7 @@ class TDTestCase:
tdSql.query("show users")
tdSql.checkRows(1)
tdSql.checkData(0, 0, "root")
tdSql.checkData(0, 1, "super")
tdSql.checkData(0, 1, "1")
tdDnodes.stop(1)
tdDnodes.start(1)
......@@ -690,7 +696,7 @@ class TDTestCase:
tdSql.query("show users")
tdSql.checkRows(1)
tdSql.checkData(0, 0, "root")
tdSql.checkData(0, 1, "super")
tdSql.checkData(0, 1, "1")
def stop(self):
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册