diff --git a/include/util/taoserror.h b/include/util/taoserror.h index 23897c7c7233eb40bb89c1d4f0bc6fdfccf27d8f..538d6c58c0527a6e32fc6f27e534f5b2cba16092 100644 --- a/include/util/taoserror.h +++ b/include/util/taoserror.h @@ -132,7 +132,8 @@ int32_t* taosGetErrno(); #define TSDB_CODE_MND_APP_ERROR TAOS_DEF_ERROR_CODE(0, 0x0300) #define TSDB_CODE_MND_NOT_READY TAOS_DEF_ERROR_CODE(0, 0x0301) #define TSDB_CODE_MND_NO_RIGHTS TAOS_DEF_ERROR_CODE(0, 0x0302) -#define TSDB_CODE_MND_INVALID_CONNECTION TAOS_DEF_ERROR_CODE(0, 0x0303) +#define TSDB_CODE_MND_USER_DISABLED TAOS_DEF_ERROR_CODE(0, 0x0303) +#define TSDB_CODE_MND_INVALID_CONNECTION TAOS_DEF_ERROR_CODE(0, 0x0304) // mnode-show #define TSDB_CODE_MND_INVALID_SHOWOBJ TAOS_DEF_ERROR_CODE(0, 0x0310) diff --git a/source/dnode/mnode/impl/inc/mndAuth.h b/source/dnode/mnode/impl/inc/mndAuth.h index de59a11cd735dfc1eec1b8abf744afabe1694269..45841ca367c880f93caf35cee57a197c87d3fea3 100644 --- a/source/dnode/mnode/impl/inc/mndAuth.h +++ b/source/dnode/mnode/impl/inc/mndAuth.h @@ -22,23 +22,42 @@ extern "C" { #endif +typedef enum { + MND_OPER_CREATE_USER = 1, + MND_OPER_DROP_USER, + MND_OPER_ALTER_USER, + MND_OPER_CREATE_BNODE, + MND_OPER_DROP_BNODE, + MND_OPER_CREATE_DNODE, + MND_OPER_DROP_DNODE, + MND_OPER_CREATE_MNODE, + MND_OPER_DROP_MNODE, + MND_OPER_CREATE_QNODE, + MND_OPER_DROP_QNODE, + MND_OPER_CREATE_SNODE, + MND_OPER_DROP_SNODE, + MND_OPER_REDISTRIBUTE_VGROUP, + MND_OPER_SPLIT_VGROUP, + MND_OPER_BALANCE_VGROUP, + MND_OPER_CREATE_FUNC, + MND_OPER_DROP_FUNC, + MND_OPER_KILL_TRANS, + MND_OPER_CREATE_DB, + MND_OPER_ALTER_DB, + MND_OPER_DROP_DB, + MND_OPER_COMPACT_DB, + MND_OPER_USE_DB, + MND_OPER_WRITE_DB, + MND_OPER_READ_DB, +} EOperType; + int32_t mndInitAuth(SMnode *pMnode); void mndCleanupAuth(SMnode *pMnode); -int32_t mndCheckCreateUserAuth(SUserObj *pOperUser); +int32_t mndCheckOperAuth(SMnode *pMnode, const char *user, EOperType operType); +int32_t mndCheckDbAuth(SMnode *pMnode, const char *user, EOperType operType, SDbObj *pDb); +int32_t mndCheckShowAuth(SMnode *pMnode, const char *user, int32_t showType); int32_t mndCheckAlterUserAuth(SUserObj *pOperUser, SUserObj *pUser, SAlterUserReq *pAlter); -int32_t mndCheckDropUserAuth(SUserObj *pOperUser); - -int32_t mndCheckNodeAuth(SUserObj *pOperUser); -int32_t mndCheckFuncAuth(SUserObj *pOperUser); -int32_t mndCheckTransAuth(SUserObj *pOperUser); - -int32_t mndCheckCreateDbAuth(SUserObj *pOperUser); -int32_t mndCheckAlterDropCompactDbAuth(SUserObj *pOperUser, SDbObj *pDb); -int32_t mndCheckUseDbAuth(SUserObj *pOperUser, SDbObj *pDb); - -int32_t mndCheckWriteAuth(SUserObj *pOperUser, SDbObj *pDb); -int32_t mndCheckReadAuth(SUserObj *pOperUser, SDbObj *pDb); #ifdef __cplusplus } diff --git a/source/dnode/mnode/impl/src/mndAuth.c b/source/dnode/mnode/impl/src/mndAuth.c index 1532fcc140ee10da7272d4eef49d130192b30280..f036fc48f7b26a6dd71296b3f2bf7a765d911d99 100644 --- a/source/dnode/mnode/impl/src/mndAuth.c +++ b/source/dnode/mnode/impl/src/mndAuth.c @@ -73,29 +73,44 @@ static int32_t mndProcessAuthReq(SRpcMsg *pReq) { return code; } -int32_t mndCheckCreateUserAuth(SUserObj *pOperUser) { - if (pOperUser->superUser) return 0; +int32_t mndCheckOperAuth(SMnode *pMnode, const char *user, EOperType operType) { + int32_t code = 0; + SUserObj *pUser = mndAcquireUser(pMnode, user); + + if (pUser == NULL) { + terrno = TSDB_CODE_MND_NO_USER_FROM_CONN; + code = -1; + goto _OVER; + } + + if (pUser->superUser) { + goto _OVER; + } + + if (!pUser->enable) { + terrno = TSDB_CODE_MND_USER_DISABLED; + code = -1; + goto _OVER; + } + terrno = TSDB_CODE_MND_NO_RIGHTS; - return -1; + code = -1; + +_OVER: + mndReleaseUser(pMnode, pUser); + return code; } int32_t mndCheckAlterUserAuth(SUserObj *pOperUser, SUserObj *pUser, SAlterUserReq *pAlter) { - if (pAlter->alterType == TSDB_ALTER_USER_PASSWD) { - if (pOperUser->superUser || strcmp(pUser->user, pOperUser->user) == 0) { - return 0; - } - } else if (pAlter->alterType == TSDB_ALTER_USER_SUPERUSER) { - if (strcmp(pUser->user, TSDB_DEFAULT_USER) == 0) { - terrno = TSDB_CODE_MND_NO_RIGHTS; - return -1; - } + if (pOperUser->superUser) return 0; + if (!pOperUser->enable) { + terrno = TSDB_CODE_MND_USER_DISABLED; + return -1; + } - if (pOperUser->superUser) { - return 0; - } - } else { - if (pOperUser->superUser) { - return 0; + if (pAlter->alterType == TSDB_ALTER_USER_PASSWD) { + if (strcmp(pUser->user, pOperUser->user) == 0) { + if (pOperUser->sysInfo) return 0; } } @@ -103,65 +118,92 @@ int32_t mndCheckAlterUserAuth(SUserObj *pOperUser, SUserObj *pUser, SAlterUserRe return -1; } -int32_t mndCheckDropUserAuth(SUserObj *pOperUser) { - if (pOperUser->superUser) return 0; - terrno = TSDB_CODE_MND_NO_RIGHTS; - return -1; -} +int32_t mndCheckShowAuth(SMnode *pMnode, const char *user, int32_t showType) { + int32_t code = 0; + SUserObj *pUser = mndAcquireUser(pMnode, user); -int32_t mndCheckNodeAuth(SUserObj *pOperUser) { - if (pOperUser->superUser) return 0; - terrno = TSDB_CODE_MND_NO_RIGHTS; - return -1; -} + if (pUser == NULL) { + code = -1; + goto _OVER; + } -int32_t mndCheckFuncAuth(SUserObj *pOperUser) { - if (pOperUser->superUser) return 0; - terrno = TSDB_CODE_MND_NO_RIGHTS; - return -1; -} + if (pUser->superUser) { + goto _OVER; + } + + if (!pUser->enable) { + terrno = TSDB_CODE_MND_USER_DISABLED; + code = -1; + goto _OVER; + } + + if (!pUser->sysInfo) { + terrno = TSDB_CODE_MND_NO_RIGHTS; + code = -1; + goto _OVER; + } -int32_t mndCheckTransAuth(SUserObj *pOperUser) { - if (pOperUser->superUser) return 0; terrno = TSDB_CODE_MND_NO_RIGHTS; - return -1; + code = -1; + +_OVER: + mndReleaseUser(pMnode, pUser); + return code; } -int32_t mndCheckCreateDbAuth(SUserObj *pOperUser) { return 0; } +int32_t mndCheckDbAuth(SMnode *pMnode, const char *user, EOperType operType, SDbObj *pDb) { + int32_t code = 0; + SUserObj *pUser = mndAcquireUser(pMnode, user); -int32_t mndCheckAlterDropCompactDbAuth(SUserObj *pOperUser, SDbObj *pDb) { - if (pOperUser->superUser || strcmp(pOperUser->user, pDb->createUser) == 0) { - return 0; + if (pUser == NULL) { + code = -1; + goto _OVER; } - terrno = TSDB_CODE_MND_NO_RIGHTS; - return -1; -} + if (pUser->superUser) goto _OVER; -int32_t mndCheckUseDbAuth(SUserObj *pOperUser, SDbObj *pDb) { return 0; } + if (!pUser->enable) { + terrno = TSDB_CODE_MND_USER_DISABLED; + code = -1; + goto _OVER; + } -int32_t mndCheckWriteAuth(SUserObj *pOperUser, SDbObj *pDb) { - if (pOperUser->superUser || strcmp(pOperUser->user, pDb->createUser) == 0) { - return 0; + if (operType == MND_OPER_CREATE_DB) { + if (pUser->sysInfo) goto _OVER; } - if (taosHashGet(pOperUser->writeDbs, pDb->name, strlen(pDb->name) + 1) != NULL) { - return 0; + if (operType == MND_OPER_ALTER_DB) { + if (strcmp(pUser->user, pDb->createUser) == 0 && pUser->sysInfo) goto _OVER; } - terrno = TSDB_CODE_MND_NO_RIGHTS; - return -1; -} + if (operType == MND_OPER_DROP_DB) { + if (strcmp(pUser->user, pDb->createUser) == 0 && pUser->sysInfo) goto _OVER; + } -int32_t mndCheckReadAuth(SUserObj *pOperUser, SDbObj *pDb) { - if (pOperUser->superUser || strcmp(pOperUser->user, pDb->createUser) == 0) { - return 0; + if (operType == MND_OPER_COMPACT_DB) { + if (strcmp(pUser->user, pDb->createUser) == 0 && pUser->sysInfo) goto _OVER; } - if (taosHashGet(pOperUser->readDbs, pDb->name, strlen(pDb->name) + 1) != NULL) { - return 0; + if (operType == MND_OPER_USE_DB) { + if (strcmp(pUser->user, pDb->createUser) == 0) goto _OVER; + if (taosHashGet(pUser->readDbs, pDb->name, strlen(pDb->name) + 1) != NULL) goto _OVER; + if (taosHashGet(pUser->writeDbs, pDb->name, strlen(pDb->name) + 1) != NULL) goto _OVER; + } + + if (operType == MND_OPER_WRITE_DB) { + if (strcmp(pUser->user, pDb->createUser) == 0) goto _OVER; + if (taosHashGet(pUser->writeDbs, pDb->name, strlen(pDb->name) + 1) != NULL) goto _OVER; + } + + if (operType == MND_OPER_READ_DB) { + if (strcmp(pUser->user, pDb->createUser) == 0) goto _OVER; + if (taosHashGet(pUser->readDbs, pDb->name, strlen(pDb->name) + 1) != NULL) goto _OVER; } terrno = TSDB_CODE_MND_NO_RIGHTS; - return -1; + code = -1; + +_OVER: + mndReleaseUser(pMnode, pUser); + return code; } diff --git a/source/dnode/mnode/impl/src/mndBnode.c b/source/dnode/mnode/impl/src/mndBnode.c index ed07e15c6351a41b6d284f39c9189a51f2ec47fd..aa908b983dd7530974b9f24b80a24c6387eb9f18 100644 --- a/source/dnode/mnode/impl/src/mndBnode.c +++ b/source/dnode/mnode/impl/src/mndBnode.c @@ -269,7 +269,6 @@ static int32_t mndProcessCreateBnodeReq(SRpcMsg *pReq) { int32_t code = -1; SBnodeObj *pObj = NULL; SDnodeObj *pDnode = NULL; - SUserObj *pUser = NULL; SMCreateBnodeReq createReq = {0}; if (tDeserializeSCreateDropMQSBNodeReq(pReq->pCont, pReq->contLen, &createReq) != 0) { @@ -293,13 +292,7 @@ static int32_t mndProcessCreateBnodeReq(SRpcMsg *pReq) { goto _OVER; } - pUser = mndAcquireUser(pMnode, pReq->conn.user); - if (pUser == NULL) { - terrno = TSDB_CODE_MND_NO_USER_FROM_CONN; - goto _OVER; - } - - if (mndCheckNodeAuth(pUser) != 0) { + if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_CREATE_BNODE) != 0) { goto _OVER; } @@ -313,7 +306,6 @@ _OVER: mndReleaseBnode(pMnode, pObj); mndReleaseDnode(pMnode, pDnode); - mndReleaseUser(pMnode, pUser); return code; } @@ -382,7 +374,6 @@ _OVER: static int32_t mndProcessDropBnodeReq(SRpcMsg *pReq) { SMnode *pMnode = pReq->info.node; int32_t code = -1; - SUserObj *pUser = NULL; SBnodeObj *pObj = NULL; SMDropBnodeReq dropReq = {0}; @@ -403,13 +394,7 @@ static int32_t mndProcessDropBnodeReq(SRpcMsg *pReq) { goto _OVER; } - pUser = mndAcquireUser(pMnode, pReq->conn.user); - if (pUser == NULL) { - terrno = TSDB_CODE_MND_NO_USER_FROM_CONN; - goto _OVER; - } - - if (mndCheckNodeAuth(pUser) != 0) { + if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_DROP_BNODE) != 0) { goto _OVER; } @@ -422,8 +407,6 @@ _OVER: } mndReleaseBnode(pMnode, pObj); - mndReleaseUser(pMnode, pUser); - return code; } diff --git a/source/dnode/mnode/impl/src/mndDb.c b/source/dnode/mnode/impl/src/mndDb.c index 43263af5733d89cca8cac82b1a584b6e07d31cc1..80f88b1060f6e86d4b22af681697cb1c9fe213ce 100644 --- a/source/dnode/mnode/impl/src/mndDb.c +++ b/source/dnode/mnode/impl/src/mndDb.c @@ -526,7 +526,7 @@ static int32_t mndProcessCreateDbReq(SRpcMsg *pReq) { goto _OVER; } - if (mndCheckCreateDbAuth(pUser) != 0) { + if (mndCheckDbAuth(pMnode, pReq->conn.user, MND_OPER_CREATE_DB, NULL) != 0) { goto _OVER; } @@ -684,7 +684,6 @@ static int32_t mndProcessAlterDbReq(SRpcMsg *pReq) { SMnode *pMnode = pReq->info.node; int32_t code = -1; SDbObj *pDb = NULL; - SUserObj *pUser = NULL; SAlterDbReq alterReq = {0}; SDbObj dbObj = {0}; @@ -701,12 +700,7 @@ static int32_t mndProcessAlterDbReq(SRpcMsg *pReq) { goto _OVER; } - pUser = mndAcquireUser(pMnode, pReq->conn.user); - if (pUser == NULL) { - goto _OVER; - } - - if (mndCheckAlterDropCompactDbAuth(pUser, pDb) != 0) { + if (mndCheckDbAuth(pMnode, pReq->conn.user, MND_OPER_ALTER_DB, pDb) != 0) { goto _OVER; } @@ -733,7 +727,6 @@ _OVER: } mndReleaseDb(pMnode, pDb); - mndReleaseUser(pMnode, pUser); taosArrayDestroy(dbObj.cfg.pRetensions); return code; @@ -967,7 +960,6 @@ static int32_t mndProcessDropDbReq(SRpcMsg *pReq) { SMnode *pMnode = pReq->info.node; int32_t code = -1; SDbObj *pDb = NULL; - SUserObj *pUser = NULL; SDropDbReq dropReq = {0}; if (tDeserializeSDropDbReq(pReq->pCont, pReq->contLen, &dropReq) != 0) { @@ -988,12 +980,7 @@ static int32_t mndProcessDropDbReq(SRpcMsg *pReq) { } } - pUser = mndAcquireUser(pMnode, pReq->conn.user); - if (pUser == NULL) { - goto _OVER; - } - - if (mndCheckAlterDropCompactDbAuth(pUser, pDb) != 0) { + if (mndCheckDbAuth(pMnode, pReq->conn.user, MND_OPER_DROP_DB, pDb) != 0) { goto _OVER; } @@ -1006,8 +993,6 @@ _OVER: } mndReleaseDb(pMnode, pDb); - mndReleaseUser(pMnode, pUser); - return code; } @@ -1103,7 +1088,6 @@ static int32_t mndProcessUseDbReq(SRpcMsg *pReq) { SMnode *pMnode = pReq->info.node; int32_t code = -1; SDbObj *pDb = NULL; - SUserObj *pUser = NULL; SUseDbReq usedbReq = {0}; SUseDbRsp usedbRsp = {0}; @@ -1143,12 +1127,7 @@ static int32_t mndProcessUseDbReq(SRpcMsg *pReq) { mError("db:%s, failed to process use db req since %s", usedbReq.db, terrstr()); } else { - pUser = mndAcquireUser(pMnode, pReq->conn.user); - if (pUser == NULL) { - goto _OVER; - } - - if (mndCheckUseDbAuth(pUser, pDb) != 0) { + if (mndCheckDbAuth(pMnode, pReq->conn.user, MND_OPER_USE_DB, pDb) != 0) { goto _OVER; } @@ -1179,7 +1158,6 @@ _OVER: } mndReleaseDb(pMnode, pDb); - mndReleaseUser(pMnode, pUser); tFreeSUsedbRsp(&usedbRsp); return code; @@ -1260,7 +1238,6 @@ static int32_t mndProcessCompactDbReq(SRpcMsg *pReq) { SMnode *pMnode = pReq->info.node; int32_t code = -1; SDbObj *pDb = NULL; - SUserObj *pUser = NULL; SCompactDbReq compactReq = {0}; if (tDeserializeSCompactDbReq(pReq->pCont, pReq->contLen, &compactReq) != 0) { @@ -1275,12 +1252,7 @@ static int32_t mndProcessCompactDbReq(SRpcMsg *pReq) { goto _OVER; } - pUser = mndAcquireUser(pMnode, pReq->conn.user); - if (pUser == NULL) { - goto _OVER; - } - - if (mndCheckAlterDropCompactDbAuth(pUser, pDb) != 0) { + if (mndCheckDbAuth(pMnode, pReq->conn.user, MND_OPER_COMPACT_DB, pDb) != 0) { goto _OVER; } @@ -1292,8 +1264,6 @@ _OVER: } mndReleaseDb(pMnode, pDb); - mndReleaseUser(pMnode, pUser); - return code; } diff --git a/source/dnode/mnode/impl/src/mndDnode.c b/source/dnode/mnode/impl/src/mndDnode.c index c936c0f93deaf63f943635189b01bb14a025f7ef..53cbb9b669e6d0eda40821d6bcf21f107d0cefc3 100644 --- a/source/dnode/mnode/impl/src/mndDnode.c +++ b/source/dnode/mnode/impl/src/mndDnode.c @@ -499,7 +499,6 @@ _OVER: static int32_t mndProcessCreateDnodeReq(SRpcMsg *pReq) { SMnode *pMnode = pReq->info.node; int32_t code = -1; - SUserObj *pUser = NULL; SDnodeObj *pDnode = NULL; SCreateDnodeReq createReq = {0}; @@ -522,13 +521,7 @@ static int32_t mndProcessCreateDnodeReq(SRpcMsg *pReq) { goto _OVER; } - pUser = mndAcquireUser(pMnode, pReq->conn.user); - if (pUser == NULL) { - terrno = TSDB_CODE_MND_NO_USER_FROM_CONN; - goto _OVER; - } - - if (mndCheckNodeAuth(pUser) != 0) { + if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_CREATE_DNODE) != 0) { goto _OVER; } @@ -541,7 +534,6 @@ _OVER: } mndReleaseDnode(pMnode, pDnode); - mndReleaseUser(pMnode, pUser); return code; } @@ -586,7 +578,6 @@ _OVER: static int32_t mndProcessDropDnodeReq(SRpcMsg *pReq) { SMnode *pMnode = pReq->info.node; int32_t code = -1; - SUserObj *pUser = NULL; SDnodeObj *pDnode = NULL; SMnodeObj *pMObj = NULL; SMDropMnodeReq dropReq = {0}; @@ -631,13 +622,7 @@ static int32_t mndProcessDropDnodeReq(SRpcMsg *pReq) { } } - pUser = mndAcquireUser(pMnode, pReq->conn.user); - if (pUser == NULL) { - terrno = TSDB_CODE_MND_NO_USER_FROM_CONN; - goto _OVER; - } - - if (mndCheckNodeAuth(pUser) != 0) { + if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_DROP_MNODE) != 0) { goto _OVER; } @@ -650,7 +635,6 @@ _OVER: } mndReleaseDnode(pMnode, pDnode); - mndReleaseUser(pMnode, pUser); mndReleaseMnode(pMnode, pMObj); return code; } diff --git a/source/dnode/mnode/impl/src/mndFunc.c b/source/dnode/mnode/impl/src/mndFunc.c index 7e5dbb95660dd3ec89ffc8b6dbdf93a4c3b9f619..dfdc0a3c1abe282a75aa4b3e3523ec35daf792cc 100644 --- a/source/dnode/mnode/impl/src/mndFunc.c +++ b/source/dnode/mnode/impl/src/mndFunc.c @@ -274,7 +274,6 @@ _OVER: static int32_t mndProcessCreateFuncReq(SRpcMsg *pReq) { SMnode *pMnode = pReq->info.node; int32_t code = -1; - SUserObj *pUser = NULL; SFuncObj *pFunc = NULL; SCreateFuncReq createReq = {0}; @@ -309,23 +308,17 @@ static int32_t mndProcessCreateFuncReq(SRpcMsg *pReq) { goto _OVER; } - if (createReq.codeLen <= 1) { - terrno = TSDB_CODE_MND_INVALID_FUNC_CODE; - goto _OVER; - } - - if (createReq.bufSize < 0 || createReq.bufSize > TSDB_FUNC_BUF_SIZE) { - terrno = TSDB_CODE_MND_INVALID_FUNC_BUFSIZE; + if (createReq.codeLen <= 1) { + terrno = TSDB_CODE_MND_INVALID_FUNC_CODE; goto _OVER; } - pUser = mndAcquireUser(pMnode, pReq->conn.user); - if (pUser == NULL) { - terrno = TSDB_CODE_MND_NO_USER_FROM_CONN; + if (createReq.bufSize < 0 || createReq.bufSize > TSDB_FUNC_BUF_SIZE) { + terrno = TSDB_CODE_MND_INVALID_FUNC_BUFSIZE; goto _OVER; } - if (mndCheckFuncAuth(pUser)) { + if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_CREATE_FUNC) != 0) { goto _OVER; } @@ -338,16 +331,13 @@ _OVER: } mndReleaseFunc(pMnode, pFunc); - mndReleaseUser(pMnode, pUser); tFreeSCreateFuncReq(&createReq); - return code; } static int32_t mndProcessDropFuncReq(SRpcMsg *pReq) { SMnode *pMnode = pReq->info.node; int32_t code = -1; - SUserObj *pUser = NULL; SFuncObj *pFunc = NULL; SDropFuncReq dropReq = {0}; @@ -375,13 +365,7 @@ static int32_t mndProcessDropFuncReq(SRpcMsg *pReq) { } } - pUser = mndAcquireUser(pMnode, pReq->conn.user); - if (pUser == NULL) { - terrno = TSDB_CODE_MND_NO_USER_FROM_CONN; - goto _OVER; - } - - if (mndCheckFuncAuth(pUser)) { + if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_DROP_FUNC) != 0) { goto _OVER; } @@ -394,8 +378,6 @@ _OVER: } mndReleaseFunc(pMnode, pFunc); - mndReleaseUser(pMnode, pUser); - return code; } diff --git a/source/dnode/mnode/impl/src/mndMnode.c b/source/dnode/mnode/impl/src/mndMnode.c index f6cef945e27ccf9254267173ba749723476f05e1..7ec490d52f9a57ff9a7f6cc33768f2f64b841dfa 100644 --- a/source/dnode/mnode/impl/src/mndMnode.c +++ b/source/dnode/mnode/impl/src/mndMnode.c @@ -381,7 +381,6 @@ static int32_t mndProcessCreateMnodeReq(SRpcMsg *pReq) { int32_t code = -1; SMnodeObj *pObj = NULL; SDnodeObj *pDnode = NULL; - SUserObj *pUser = NULL; SMCreateMnodeReq createReq = {0}; if (tDeserializeSCreateDropMQSBNodeReq(pReq->pCont, pReq->contLen, &createReq) != 0) { @@ -415,13 +414,7 @@ static int32_t mndProcessCreateMnodeReq(SRpcMsg *pReq) { goto _OVER; } - pUser = mndAcquireUser(pMnode, pReq->conn.user); - if (pUser == NULL) { - terrno = TSDB_CODE_MND_NO_USER_FROM_CONN; - goto _OVER; - } - - if (mndCheckNodeAuth(pUser) != 0) { + if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_CREATE_MNODE) != 0) { goto _OVER; } @@ -435,7 +428,6 @@ _OVER: mndReleaseMnode(pMnode, pObj); mndReleaseDnode(pMnode, pDnode); - mndReleaseUser(pMnode, pUser); return code; } @@ -594,7 +586,6 @@ _OVER: static int32_t mndProcessDropMnodeReq(SRpcMsg *pReq) { SMnode *pMnode = pReq->info.node; int32_t code = -1; - SUserObj *pUser = NULL; SMnodeObj *pObj = NULL; SMDropMnodeReq dropReq = {0}; @@ -630,13 +621,7 @@ static int32_t mndProcessDropMnodeReq(SRpcMsg *pReq) { goto _OVER; } - pUser = mndAcquireUser(pMnode, pReq->conn.user); - if (pUser == NULL) { - terrno = TSDB_CODE_MND_NO_USER_FROM_CONN; - goto _OVER; - } - - if (mndCheckNodeAuth(pUser) != 0) { + if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_DROP_MNODE) != 0) { goto _OVER; } @@ -649,8 +634,6 @@ _OVER: } mndReleaseMnode(pMnode, pObj); - mndReleaseUser(pMnode, pUser); - return code; } diff --git a/source/dnode/mnode/impl/src/mndQnode.c b/source/dnode/mnode/impl/src/mndQnode.c index aac6eaba470aa5aa08658d5cf77ab8d7778c5a53..595287a3af9515fecc0e73345208606925152994 100644 --- a/source/dnode/mnode/impl/src/mndQnode.c +++ b/source/dnode/mnode/impl/src/mndQnode.c @@ -271,7 +271,6 @@ static int32_t mndProcessCreateQnodeReq(SRpcMsg *pReq) { int32_t code = -1; SQnodeObj *pObj = NULL; SDnodeObj *pDnode = NULL; - SUserObj *pUser = NULL; SMCreateQnodeReq createReq = {0}; if (tDeserializeSCreateDropMQSBNodeReq(pReq->pCont, pReq->contLen, &createReq) != 0) { @@ -295,13 +294,7 @@ static int32_t mndProcessCreateQnodeReq(SRpcMsg *pReq) { goto _OVER; } - pUser = mndAcquireUser(pMnode, pReq->conn.user); - if (pUser == NULL) { - terrno = TSDB_CODE_MND_NO_USER_FROM_CONN; - goto _OVER; - } - - if (mndCheckNodeAuth(pUser) != 0) { + if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_CREATE_QNODE) != 0) { goto _OVER; } @@ -315,7 +308,6 @@ _OVER: mndReleaseQnode(pMnode, pObj); mndReleaseDnode(pMnode, pDnode); - mndReleaseUser(pMnode, pUser); return code; } @@ -384,7 +376,6 @@ _OVER: static int32_t mndProcessDropQnodeReq(SRpcMsg *pReq) { SMnode *pMnode = pReq->info.node; int32_t code = -1; - SUserObj *pUser = NULL; SQnodeObj *pObj = NULL; SMDropQnodeReq dropReq = {0}; @@ -405,13 +396,7 @@ static int32_t mndProcessDropQnodeReq(SRpcMsg *pReq) { goto _OVER; } - pUser = mndAcquireUser(pMnode, pReq->conn.user); - if (pUser == NULL) { - terrno = TSDB_CODE_MND_NO_USER_FROM_CONN; - goto _OVER; - } - - if (mndCheckNodeAuth(pUser) != 0) { + if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_DROP_QNODE) != 0) { goto _OVER; } @@ -424,8 +409,6 @@ _OVER: } mndReleaseQnode(pMnode, pObj); - mndReleaseUser(pMnode, pUser); - return code; } diff --git a/source/dnode/mnode/impl/src/mndShow.c b/source/dnode/mnode/impl/src/mndShow.c index 6e569a04ccdf3a5654fda65aebf9c8806c21049c..d312955202946ca530a4f583484177c9913b6ddf 100644 --- a/source/dnode/mnode/impl/src/mndShow.c +++ b/source/dnode/mnode/impl/src/mndShow.c @@ -16,6 +16,7 @@ #define _DEFAULT_SOURCE #include "mndShow.h" #include "systable.h" +#include "mndAuth.h" #define SHOW_STEP_SIZE 100 @@ -228,6 +229,8 @@ static int32_t mndProcessRetrieveSysTableReq(SRpcMsg *pReq) { mDebug("show:0x%" PRIx64 ", start retrieve data, type:%d", pShow->id, pShow->type); + // if (mndCheckShowAuth(pMnode, pReq->conn.user, pShow->type) != 0) return -1; + int32_t numOfCols = pShow->pMeta->numOfColumns; SSDataBlock *pBlock = taosMemoryCalloc(1, sizeof(SSDataBlock)); pBlock->pDataBlock = taosArrayInit(numOfCols, sizeof(SColumnInfoData)); diff --git a/source/dnode/mnode/impl/src/mndSma.c b/source/dnode/mnode/impl/src/mndSma.c index a14eb78ffefafb44fb3a498bb2bb947a11073e5c..fa36670dbc73af6a8c6432657d285c7f8e261a47 100644 --- a/source/dnode/mnode/impl/src/mndSma.c +++ b/source/dnode/mnode/impl/src/mndSma.c @@ -628,7 +628,6 @@ static int32_t mndProcessCreateSmaReq(SRpcMsg *pReq) { SSmaObj *pSma = NULL; SStreamObj *pStream = NULL; SDbObj *pDb = NULL; - SUserObj *pUser = NULL; SMCreateSmaReq createReq = {0}; if (tDeserializeSMCreateSmaReq(pReq->pCont, pReq->contLen, &createReq) != 0) { @@ -672,12 +671,7 @@ static int32_t mndProcessCreateSmaReq(SRpcMsg *pReq) { goto _OVER; } - pUser = mndAcquireUser(pMnode, pReq->conn.user); - if (pUser == NULL) { - goto _OVER; - } - - if (mndCheckWriteAuth(pUser, pDb) != 0) { + if (mndCheckDbAuth(pMnode, pReq->conn.user, MND_OPER_WRITE_DB, pDb) != 0) { goto _OVER; } @@ -693,7 +687,6 @@ _OVER: mndReleaseSma(pMnode, pSma); mndReleaseStream(pMnode, pStream); mndReleaseDb(pMnode, pDb); - mndReleaseUser(pMnode, pUser); tFreeSMCreateSmaReq(&createReq); return code; @@ -908,7 +901,6 @@ _OVER: static int32_t mndProcessDropSmaReq(SRpcMsg *pReq) { SMnode *pMnode = pReq->info.node; int32_t code = -1; - SUserObj *pUser = NULL; SDbObj *pDb = NULL; SSmaObj *pSma = NULL; SMDropSmaReq dropReq = {0}; @@ -938,12 +930,7 @@ static int32_t mndProcessDropSmaReq(SRpcMsg *pReq) { goto _OVER; } - pUser = mndAcquireUser(pMnode, pReq->conn.user); - if (pUser == NULL) { - goto _OVER; - } - - if (mndCheckWriteAuth(pUser, pDb) != 0) { + if (mndCheckDbAuth(pMnode, pReq->conn.user, MND_OPER_WRITE_DB, pDb) != 0) { goto _OVER; } @@ -956,9 +943,6 @@ _OVER: } mndReleaseDb(pMnode, pDb); - mndReleaseSma(pMnode, pSma); - mndReleaseUser(pMnode, pUser); - return code; } diff --git a/source/dnode/mnode/impl/src/mndSnode.c b/source/dnode/mnode/impl/src/mndSnode.c index 7d215282609ef9f8756ca047575fc6250db8d7f3..c84dc2f3ddc3d52b43c6a47fef3f8bf5c3f3d97b 100644 --- a/source/dnode/mnode/impl/src/mndSnode.c +++ b/source/dnode/mnode/impl/src/mndSnode.c @@ -277,7 +277,6 @@ static int32_t mndProcessCreateSnodeReq(SRpcMsg *pReq) { int32_t code = -1; SSnodeObj *pObj = NULL; SDnodeObj *pDnode = NULL; - SUserObj *pUser = NULL; SMCreateSnodeReq createReq = {0}; if (tDeserializeSCreateDropMQSBNodeReq(pReq->pCont, pReq->contLen, &createReq) != 0) { @@ -301,13 +300,7 @@ static int32_t mndProcessCreateSnodeReq(SRpcMsg *pReq) { goto _OVER; } - pUser = mndAcquireUser(pMnode, pReq->conn.user); - if (pUser == NULL) { - terrno = TSDB_CODE_MND_NO_USER_FROM_CONN; - goto _OVER; - } - - if (mndCheckNodeAuth(pUser) != 0) { + if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_CREATE_SNODE) != 0) { goto _OVER; } @@ -322,7 +315,6 @@ _OVER: mndReleaseSnode(pMnode, pObj); mndReleaseDnode(pMnode, pDnode); - mndReleaseUser(pMnode, pUser); return code; } @@ -392,7 +384,6 @@ _OVER: static int32_t mndProcessDropSnodeReq(SRpcMsg *pReq) { SMnode *pMnode = pReq->info.node; int32_t code = -1; - SUserObj *pUser = NULL; SSnodeObj *pObj = NULL; SMDropSnodeReq dropReq = {0}; @@ -413,13 +404,7 @@ static int32_t mndProcessDropSnodeReq(SRpcMsg *pReq) { goto _OVER; } - pUser = mndAcquireUser(pMnode, pReq->conn.user); - if (pUser == NULL) { - terrno = TSDB_CODE_MND_NO_USER_FROM_CONN; - goto _OVER; - } - - if (mndCheckNodeAuth(pUser) != 0) { + if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_DROP_SNODE) != 0) { goto _OVER; } @@ -432,8 +417,6 @@ _OVER: } mndReleaseSnode(pMnode, pObj); - mndReleaseUser(pMnode, pUser); - return code; } diff --git a/source/dnode/mnode/impl/src/mndStb.c b/source/dnode/mnode/impl/src/mndStb.c index 3e91bfa926545a8b0d4bb3bc0f20dc689ad35fb8..1abf31729b7c26578be40c9231553116fc7910a4 100644 --- a/source/dnode/mnode/impl/src/mndStb.c +++ b/source/dnode/mnode/impl/src/mndStb.c @@ -769,7 +769,6 @@ static int32_t mndProcessCreateStbReq(SRpcMsg *pReq) { int32_t code = -1; SStbObj *pStb = NULL; SDbObj *pDb = NULL; - SUserObj *pUser = NULL; SMCreateStbReq createReq = {0}; if (tDeserializeSMCreateStbReq(pReq->pCont, pReq->contLen, &createReq) != 0) { @@ -803,12 +802,7 @@ static int32_t mndProcessCreateStbReq(SRpcMsg *pReq) { goto _OVER; } - pUser = mndAcquireUser(pMnode, pReq->conn.user); - if (pUser == NULL) { - goto _OVER; - } - - if (mndCheckWriteAuth(pUser, pDb) != 0) { + if (mndCheckDbAuth(pMnode, pReq->conn.user, MND_OPER_WRITE_DB, pDb) != 0) { goto _OVER; } @@ -832,7 +826,6 @@ _OVER: mndReleaseStb(pMnode, pStb); mndReleaseDb(pMnode, pDb); - mndReleaseUser(pMnode, pUser); tFreeSMCreateStbReq(&createReq); return code; @@ -1427,7 +1420,6 @@ static int32_t mndProcessAlterStbReq(SRpcMsg *pReq) { int32_t code = -1; SDbObj *pDb = NULL; SStbObj *pStb = NULL; - SUserObj *pUser = NULL; SMAlterStbReq alterReq = {0}; if (tDeserializeSMAlterStbReq(pReq->pCont, pReq->contLen, &alterReq) != 0) { @@ -1458,12 +1450,7 @@ static int32_t mndProcessAlterStbReq(SRpcMsg *pReq) { goto _OVER; } - pUser = mndAcquireUser(pMnode, pReq->conn.user); - if (pUser == NULL) { - goto _OVER; - } - - if (mndCheckWriteAuth(pUser, pDb) != 0) { + if (mndCheckDbAuth(pMnode, pReq->conn.user, MND_OPER_WRITE_DB, pDb) != 0) { goto _OVER; } @@ -1477,7 +1464,6 @@ _OVER: mndReleaseStb(pMnode, pStb); mndReleaseDb(pMnode, pDb); - mndReleaseUser(pMnode, pUser); taosArrayDestroy(alterReq.pFields); return code; @@ -1565,7 +1551,6 @@ _OVER: static int32_t mndProcessDropStbReq(SRpcMsg *pReq) { SMnode *pMnode = pReq->info.node; int32_t code = -1; - SUserObj *pUser = NULL; SDbObj *pDb = NULL; SStbObj *pStb = NULL; SMDropStbReq dropReq = {0}; @@ -1595,12 +1580,7 @@ static int32_t mndProcessDropStbReq(SRpcMsg *pReq) { goto _OVER; } - pUser = mndAcquireUser(pMnode, pReq->conn.user); - if (pUser == NULL) { - goto _OVER; - } - - if (mndCheckWriteAuth(pUser, pDb) != 0) { + if (mndCheckDbAuth(pMnode, pReq->conn.user, MND_OPER_WRITE_DB, pDb) != 0) { goto _OVER; } @@ -1614,8 +1594,6 @@ _OVER: mndReleaseDb(pMnode, pDb); mndReleaseStb(pMnode, pStb); - mndReleaseUser(pMnode, pUser); - return code; } diff --git a/source/dnode/mnode/impl/src/mndStream.c b/source/dnode/mnode/impl/src/mndStream.c index 96d199fcb6e6a79b61f58ce1e96f7c2e2aea2ea8..d1bc059d52b6f9e1e8a7e36af727afe5611a9792 100644 --- a/source/dnode/mnode/impl/src/mndStream.c +++ b/source/dnode/mnode/impl/src/mndStream.c @@ -293,7 +293,6 @@ int32_t mndAddStreamToTrans(SMnode *pMnode, SStreamObj *pStream, const char *ast static int32_t mndCreateStbForStream(SMnode *pMnode, STrans *pTrans, const SStreamObj *pStream, const char *user) { SStbObj *pStb = NULL; SDbObj *pDb = NULL; - SUserObj *pUser = NULL; SMCreateStbReq createReq = {0}; tstrncpy(createReq.name, pStream->targetSTbName, TSDB_TABLE_FNAME_LEN); @@ -335,12 +334,8 @@ static int32_t mndCreateStbForStream(SMnode *pMnode, STrans *pTrans, const SStre goto _OVER; } - pUser = mndAcquireUser(pMnode, user); - if (pUser == NULL) { - goto _OVER; - } - if (mndCheckWriteAuth(pUser, pDb) != 0) { + if (mndCheckDbAuth(pMnode, user, MND_OPER_WRITE_DB, pDb) != 0) { goto _OVER; } @@ -368,7 +363,6 @@ static int32_t mndCreateStbForStream(SMnode *pMnode, STrans *pTrans, const SStre _OVER: mndReleaseStb(pMnode, pStb); mndReleaseDb(pMnode, pDb); - mndReleaseUser(pMnode, pUser); return -1; } @@ -436,19 +430,18 @@ static int32_t mndProcessCreateStreamReq(SRpcMsg *pReq) { int32_t code = -1; SStreamObj *pStream = NULL; SDbObj *pDb = NULL; - SUserObj *pUser = NULL; SCMCreateStreamReq createStreamReq = {0}; if (tDeserializeSCMCreateStreamReq(pReq->pCont, pReq->contLen, &createStreamReq) != 0) { terrno = TSDB_CODE_INVALID_MSG; - goto CREATE_STREAM_OVER; + goto _OVER; } mDebug("stream:%s, start to create, sql:%s", createStreamReq.name, createStreamReq.sql); if (mndCheckCreateStreamReq(&createStreamReq) != 0) { mError("stream:%s, failed to create since %s", createStreamReq.name, terrstr()); - goto CREATE_STREAM_OVER; + goto _OVER; } pStream = mndAcquireStream(pMnode, createStreamReq.name); @@ -456,41 +449,35 @@ static int32_t mndProcessCreateStreamReq(SRpcMsg *pReq) { if (createStreamReq.igExists) { mDebug("stream:%s, already exist, ignore exist is set", createStreamReq.name); code = 0; - goto CREATE_STREAM_OVER; + goto _OVER; } else { terrno = TSDB_CODE_MND_STREAM_ALREADY_EXIST; - goto CREATE_STREAM_OVER; + goto _OVER; } } else if (terrno != TSDB_CODE_MND_STREAM_NOT_EXIST) { - goto CREATE_STREAM_OVER; + goto _OVER; } pDb = mndAcquireDb(pMnode, createStreamReq.sourceDB); if (pDb == NULL) { terrno = TSDB_CODE_MND_DB_NOT_SELECTED; - goto CREATE_STREAM_OVER; - } - - pUser = mndAcquireUser(pMnode, pReq->conn.user); - if (pUser == NULL) { - goto CREATE_STREAM_OVER; + goto _OVER; } - if (mndCheckWriteAuth(pUser, pDb) != 0) { - goto CREATE_STREAM_OVER; + if (mndCheckDbAuth(pMnode, pReq->conn.user, MND_OPER_WRITE_DB, pDb) != 0) { + goto _OVER; } code = mndCreateStream(pMnode, pReq, &createStreamReq, pDb); if (code == 0) code = TSDB_CODE_ACTION_IN_PROGRESS; -CREATE_STREAM_OVER: +_OVER: if (code != 0 && code != TSDB_CODE_ACTION_IN_PROGRESS) { mError("stream:%s, failed to create since %s", createStreamReq.name, terrstr()); } mndReleaseStream(pMnode, pStream); mndReleaseDb(pMnode, pDb); - mndReleaseUser(pMnode, pUser); tFreeSCMCreateStreamReq(&createStreamReq); return code; diff --git a/source/dnode/mnode/impl/src/mndTopic.c b/source/dnode/mnode/impl/src/mndTopic.c index 3247008d584546f123a1a9c91f53782ddb8d5e28..4c2730ce9432bbc0827d23da7b9b58df8938580f 100644 --- a/source/dnode/mnode/impl/src/mndTopic.c +++ b/source/dnode/mnode/impl/src/mndTopic.c @@ -387,7 +387,7 @@ static int32_t mndCreateTopic(SMnode *pMnode, SRpcMsg *pReq, SCMCreateTopicReq * return -1; } - if (nodesNodeToString((SNode*)pPlan, false, &topicObj.physicalPlan, NULL) != 0) { + if (nodesNodeToString((SNode *)pPlan, false, &topicObj.physicalPlan, NULL) != 0) { mError("topic:%s, failed to create since %s", pCreate->name, terrstr()); taosMemoryFree(topicObj.ast); taosMemoryFree(topicObj.sql); @@ -440,19 +440,18 @@ static int32_t mndProcessCreateTopicReq(SRpcMsg *pReq) { int32_t code = -1; SMqTopicObj *pTopic = NULL; SDbObj *pDb = NULL; - SUserObj *pUser = NULL; SCMCreateTopicReq createTopicReq = {0}; if (tDeserializeSCMCreateTopicReq(pReq->pCont, pReq->contLen, &createTopicReq) != 0) { terrno = TSDB_CODE_INVALID_MSG; - goto CREATE_TOPIC_OVER; + goto _OVER; } mDebug("topic:%s, start to create, sql:%s", createTopicReq.name, createTopicReq.sql); if (mndCheckCreateTopicReq(&createTopicReq) != 0) { mError("topic:%s, failed to create since %s", createTopicReq.name, terrstr()); - goto CREATE_TOPIC_OVER; + goto _OVER; } pTopic = mndAcquireTopic(pMnode, createTopicReq.name); @@ -460,41 +459,35 @@ static int32_t mndProcessCreateTopicReq(SRpcMsg *pReq) { if (createTopicReq.igExists) { mDebug("topic:%s, already exist, ignore exist is set", createTopicReq.name); code = 0; - goto CREATE_TOPIC_OVER; + goto _OVER; } else { terrno = TSDB_CODE_MND_TOPIC_ALREADY_EXIST; - goto CREATE_TOPIC_OVER; + goto _OVER; } } else if (terrno != TSDB_CODE_MND_TOPIC_NOT_EXIST) { - goto CREATE_TOPIC_OVER; + goto _OVER; } pDb = mndAcquireDb(pMnode, createTopicReq.subDbName); if (pDb == NULL) { terrno = TSDB_CODE_MND_DB_NOT_SELECTED; - goto CREATE_TOPIC_OVER; + goto _OVER; } - pUser = mndAcquireUser(pMnode, pReq->conn.user); - if (pUser == NULL) { - goto CREATE_TOPIC_OVER; - } - - if (mndCheckWriteAuth(pUser, pDb) != 0) { - goto CREATE_TOPIC_OVER; + if (mndCheckDbAuth(pMnode, pReq->conn.user, MND_OPER_WRITE_DB, pDb) != 0) { + goto _OVER; } code = mndCreateTopic(pMnode, pReq, &createTopicReq, pDb); if (code == 0) code = TSDB_CODE_ACTION_IN_PROGRESS; -CREATE_TOPIC_OVER: +_OVER: if (code != 0 && code != TSDB_CODE_ACTION_IN_PROGRESS) { mError("topic:%s, failed to create since %s", createTopicReq.name, terrstr()); } mndReleaseTopic(pMnode, pTopic); mndReleaseDb(pMnode, pDb); - mndReleaseUser(pMnode, pUser); tFreeSCMCreateTopicReq(&createTopicReq); return code; diff --git a/source/dnode/mnode/impl/src/mndTrans.c b/source/dnode/mnode/impl/src/mndTrans.c index 1ec479941902205049b2169a1b5041567a7bdd02..2e9124e5144e3af3fee8cf850368ac0f1e9779be 100644 --- a/source/dnode/mnode/impl/src/mndTrans.c +++ b/source/dnode/mnode/impl/src/mndTrans.c @@ -1364,7 +1364,6 @@ static int32_t mndProcessKillTransReq(SRpcMsg *pReq) { SMnode *pMnode = pReq->info.node; SKillTransReq killReq = {0}; int32_t code = -1; - SUserObj *pUser = NULL; STrans *pTrans = NULL; if (tDeserializeSKillTransReq(pReq->pCont, pReq->contLen, &killReq) != 0) { @@ -1374,12 +1373,7 @@ static int32_t mndProcessKillTransReq(SRpcMsg *pReq) { mInfo("trans:%d, start to kill", killReq.transId); - pUser = mndAcquireUser(pMnode, pReq->conn.user); - if (pUser == NULL) { - goto _OVER; - } - - if (mndCheckTransAuth(pUser) != 0) { + if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_KILL_TRANS) != 0) { goto _OVER; } @@ -1395,7 +1389,6 @@ _OVER: mError("trans:%d, failed to kill since %s", killReq.transId, terrstr()); } - mndReleaseUser(pMnode, pUser); mndReleaseTrans(pMnode, pTrans); return code; } diff --git a/source/dnode/mnode/impl/src/mndUser.c b/source/dnode/mnode/impl/src/mndUser.c index a86b9c904e4f7e39b11fe49dbbee749061510325..9590823106124ecd8595052d31a608adf1226a46 100644 --- a/source/dnode/mnode/impl/src/mndUser.c +++ b/source/dnode/mnode/impl/src/mndUser.c @@ -360,7 +360,7 @@ static int32_t mndProcessCreateUserReq(SRpcMsg *pReq) { goto _OVER; } - if (mndCheckCreateUserAuth(pOperUser) != 0) { + if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_CREATE_USER) != 0) { goto _OVER; } @@ -623,7 +623,6 @@ static int32_t mndProcessDropUserReq(SRpcMsg *pReq) { SMnode *pMnode = pReq->info.node; int32_t code = -1; SUserObj *pUser = NULL; - SUserObj *pOperUser = NULL; SDropUserReq dropReq = {0}; if (tDeserializeSDropUserReq(pReq->pCont, pReq->contLen, &dropReq) != 0) { @@ -644,13 +643,7 @@ static int32_t mndProcessDropUserReq(SRpcMsg *pReq) { goto _OVER; } - pOperUser = mndAcquireUser(pMnode, pReq->conn.user); - if (pOperUser == NULL) { - terrno = TSDB_CODE_MND_NO_USER_FROM_CONN; - goto _OVER; - } - - if (mndCheckDropUserAuth(pOperUser) != 0) { + if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_DROP_USER) != 0) { goto _OVER; } @@ -662,9 +655,7 @@ _OVER: mError("user:%s, failed to drop since %s", dropReq.user, terrstr()); } - mndReleaseUser(pMnode, pOperUser); mndReleaseUser(pMnode, pUser); - return code; } diff --git a/source/dnode/mnode/impl/src/mndVgroup.c b/source/dnode/mnode/impl/src/mndVgroup.c index cd1d93084630390f9c1d053983529283d7b36fbf..755f4ef0b2afd3b63c634b94ef369eb8ed18d1f9 100644 --- a/source/dnode/mnode/impl/src/mndVgroup.c +++ b/source/dnode/mnode/impl/src/mndVgroup.c @@ -1177,7 +1177,6 @@ _OVER: static int32_t mndProcessRedistributeVgroupMsg(SRpcMsg *pReq) { SMnode *pMnode = pReq->info.node; - SUserObj *pUser = NULL; SDnodeObj *pNew1 = NULL; SDnodeObj *pNew2 = NULL; SDnodeObj *pNew3 = NULL; @@ -1200,13 +1199,8 @@ static int32_t mndProcessRedistributeVgroupMsg(SRpcMsg *pReq) { } mInfo("vgId:%d, start to redistribute to dnode %d:%d:%d", req.vgId, req.dnodeId1, req.dnodeId2, req.dnodeId3); - pUser = mndAcquireUser(pMnode, pReq->conn.user); - if (pUser == NULL) { - terrno = TSDB_CODE_MND_NO_USER_FROM_CONN; - goto _OVER; - } - if (mndCheckNodeAuth(pUser) != 0) goto _OVER; + if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_REDISTRIBUTE_VGROUP) != 0) goto _OVER; pVgroup = mndAcquireVgroup(pMnode, req.vgId); if (pVgroup == NULL) goto _OVER; @@ -1368,7 +1362,6 @@ _OVER: mndReleaseDnode(pMnode, pOld1); mndReleaseDnode(pMnode, pOld2); mndReleaseDnode(pMnode, pOld3); - mndReleaseUser(pMnode, pUser); mndReleaseVgroup(pMnode, pVgroup); mndReleaseDb(pMnode, pDb); @@ -1493,12 +1486,11 @@ _OVER: } static int32_t mndProcessSplitVgroupMsg(SRpcMsg *pReq) { - SMnode *pMnode = pReq->info.node; - int32_t code = -1; - int32_t vgId = 2; - SUserObj *pUser = NULL; - SVgObj *pVgroup = NULL; - SDbObj *pDb = NULL; + SMnode *pMnode = pReq->info.node; + int32_t code = -1; + int32_t vgId = 2; + SVgObj *pVgroup = NULL; + SDbObj *pDb = NULL; mDebug("vgId:%d, start to split", vgId); @@ -1508,19 +1500,12 @@ static int32_t mndProcessSplitVgroupMsg(SRpcMsg *pReq) { pDb = mndAcquireDb(pMnode, pVgroup->dbName); if (pDb == NULL) goto _OVER; - pUser = mndAcquireUser(pMnode, pReq->conn.user); - if (pUser == NULL) { - terrno = TSDB_CODE_MND_NO_USER_FROM_CONN; - goto _OVER; - } - - if (mndCheckNodeAuth(pUser) != 0) goto _OVER; + if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_SPLIT_VGROUP) != 0) goto _OVER; code = mndSplitVgroup(pMnode, pReq, pDb, pVgroup); if (code == 0) code = TSDB_CODE_ACTION_IN_PROGRESS; _OVER: - mndReleaseUser(pMnode, pUser); mndReleaseVgroup(pMnode, pVgroup); mndReleaseDb(pMnode, pDb); return code; @@ -1631,21 +1616,15 @@ _OVER: } static int32_t mndProcessBalanceVgroupMsg(SRpcMsg *pReq) { - SMnode *pMnode = pReq->info.node; - int32_t code = -1; - SUserObj *pUser = NULL; - SArray *pArray = NULL; - void *pIter = NULL; - int64_t curMs = taosGetTimestampMs(); + SMnode *pMnode = pReq->info.node; + int32_t code = -1; + SArray *pArray = NULL; + void *pIter = NULL; + int64_t curMs = taosGetTimestampMs(); mDebug("start to balance vgroup"); - pUser = mndAcquireUser(pMnode, pReq->conn.user); - if (pUser == NULL) { - terrno = TSDB_CODE_MND_NO_USER_FROM_CONN; - goto _OVER; - } - if (mndCheckNodeAuth(pUser) != 0) goto _OVER; + if (mndCheckOperAuth(pMnode, pReq->conn.user, MND_OPER_BALANCE_VGROUP) != 0) goto _OVER; while (1) { SDnodeObj *pDnode = NULL; @@ -1676,7 +1655,6 @@ _OVER: mError("failed to balance vgroup since %s", terrstr()); } - mndReleaseUser(pMnode, pUser); taosArrayDestroy(pArray); return code; } \ No newline at end of file diff --git a/source/util/src/terror.c b/source/util/src/terror.c index 079d5ef5904ef25178d7c3298ab5a999a5613e59..8694f760dac5d7f7a7cc4dc30f72e512ee2cf0bd 100644 --- a/source/util/src/terror.c +++ b/source/util/src/terror.c @@ -137,6 +137,7 @@ TAOS_DEFINE_ERROR(TSDB_CODE_TSC_STMT_CLAUSE_ERROR, "not supported stmt cl TAOS_DEFINE_ERROR(TSDB_CODE_MND_APP_ERROR, "Mnode internal error") TAOS_DEFINE_ERROR(TSDB_CODE_MND_NOT_READY, "Mnode not ready") TAOS_DEFINE_ERROR(TSDB_CODE_MND_NO_RIGHTS, "Insufficient privilege for operation") +TAOS_DEFINE_ERROR(TSDB_CODE_MND_USER_DISABLED, "User is disabled") TAOS_DEFINE_ERROR(TSDB_CODE_MND_INVALID_CONNECTION, "Invalid message connection") // mnode-show diff --git a/tests/system-test/0-others/user_control.py b/tests/system-test/0-others/user_control.py index 4d59129b91dc62eec744ca2e33498a6cf9e9cb04..ce8ac6941b1464d8bf05ee516c3a57d97403414a 100644 --- a/tests/system-test/0-others/user_control.py +++ b/tests/system-test/0-others/user_control.py @@ -246,20 +246,26 @@ class TDTestCase: user = self.root_user with taos_connect(user=user.name, passwd=user.passwd) as use: time.sleep(2) - use.query("use db") - use.query("show tables") if check_priv == PRIVILEGES_ALL: + use.query("use db") + use.query("show tables") use.query("select * from ct1") use.query("insert into t1 (ts) values (now())") elif check_priv == PRIVILEGES_READ: + use.query("use db") + use.query("show tables") use.query("select * from ct1") use.error("insert into t1 (ts) values (now())") elif check_priv == PRIVILEGES_WRITE: + use.query("use db") + use.query("show tables") use.error("select * from ct1") use.query("insert into t1 (ts) values (now())") elif check_priv is None: - use.error("select * from ct1") - use.error("insert into t1 (ts) values (now())") + use.error("use db") + use.error("show tables") + use.error("select * from db.ct1") + use.error("insert into db.t1 (ts) values (now())") def __change_user_priv(self, user: User, pre_priv, invoke=False): if user.priv == pre_priv and invoke : @@ -610,7 +616,7 @@ class TDTestCase: tdLog.printNoPrefix("==========step0: init, user list only has root account") tdSql.query("show users") tdSql.checkData(0, 0, "root") - tdSql.checkData(0, 1, "super") + tdSql.checkData(0, 1, "1") # root用户权限 # 创建用户测试 @@ -676,7 +682,7 @@ class TDTestCase: tdSql.query("show users") tdSql.checkRows(1) tdSql.checkData(0, 0, "root") - tdSql.checkData(0, 1, "super") + tdSql.checkData(0, 1, "1") tdDnodes.stop(1) tdDnodes.start(1) @@ -690,7 +696,7 @@ class TDTestCase: tdSql.query("show users") tdSql.checkRows(1) tdSql.checkData(0, 0, "root") - tdSql.checkData(0, 1, "super") + tdSql.checkData(0, 1, "1") def stop(self):