未验证 提交 b932fdb5 编写于 作者: H Haojun Liao 提交者: GitHub

Merge pull request #21470 from taosdata/feature/TD-24070

feat:add privilege for schemaless
...@@ -232,9 +232,9 @@ int smlJsonParseObjFirst(char **start, SSmlLineInfo *element, int8_t * ...@@ -232,9 +232,9 @@ int smlJsonParseObjFirst(char **start, SSmlLineInfo *element, int8_t *
int smlJsonParseObj(char **start, SSmlLineInfo *element, int8_t *offset); int smlJsonParseObj(char **start, SSmlLineInfo *element, int8_t *offset);
//SArray *smlJsonParseTags(char *start, char *end); //SArray *smlJsonParseTags(char *start, char *end);
bool smlParseNumberOld(SSmlKv *kvVal, SSmlMsgBuf *msg); bool smlParseNumberOld(SSmlKv *kvVal, SSmlMsgBuf *msg);
void* nodeListGet(NodeList* list, const void *key, int32_t len, _equal_fn_sml fn); //void* nodeListGet(NodeList* list, const void *key, int32_t len, _equal_fn_sml fn);
int nodeListSet(NodeList** list, const void *key, int32_t len, void* value, _equal_fn_sml fn); //int nodeListSet(NodeList** list, const void *key, int32_t len, void* value, _equal_fn_sml fn);
int nodeListSize(NodeList* list); //int nodeListSize(NodeList* list);
bool smlDoubleToInt64OverFlow(double num); bool smlDoubleToInt64OverFlow(double num);
int32_t smlBuildInvalidDataMsg(SSmlMsgBuf *pBuf, const char *msg1, const char *msg2); int32_t smlBuildInvalidDataMsg(SSmlMsgBuf *pBuf, const char *msg1, const char *msg2);
bool smlParseNumber(SSmlKv *kvVal, SSmlMsgBuf *msg); bool smlParseNumber(SSmlKv *kvVal, SSmlMsgBuf *msg);
......
...@@ -24,72 +24,91 @@ int64_t smlToMilli[3] = {3600000LL, 60000LL, 1000LL}; ...@@ -24,72 +24,91 @@ int64_t smlToMilli[3] = {3600000LL, 60000LL, 1000LL};
int64_t smlFactorNS[3] = {NANOSECOND_PER_MSEC, NANOSECOND_PER_USEC, 1}; int64_t smlFactorNS[3] = {NANOSECOND_PER_MSEC, NANOSECOND_PER_USEC, 1};
int64_t smlFactorS[3] = {1000LL, 1000000LL, 1000000000LL}; int64_t smlFactorS[3] = {1000LL, 1000000LL, 1000000000LL};
void *nodeListGet(NodeList *list, const void *key, int32_t len, _equal_fn_sml fn) { //void *nodeListGet(NodeList *list, const void *key, int32_t len, _equal_fn_sml fn) {
NodeList *tmp = list; // NodeList *tmp = list;
while (tmp) { // while (tmp) {
if (fn == NULL) { // if (fn == NULL) {
if (tmp->data.used && tmp->data.keyLen == len && memcmp(tmp->data.key, key, len) == 0) { // if (tmp->data.used && tmp->data.keyLen == len && memcmp(tmp->data.key, key, len) == 0) {
return tmp->data.value; // return tmp->data.value;
} // }
} else { // } else {
if (tmp->data.used && fn(tmp->data.key, key) == 0) { // if (tmp->data.used && fn(tmp->data.key, key) == 0) {
return tmp->data.value; // return tmp->data.value;
} // }
} // }
//
tmp = tmp->next; // tmp = tmp->next;
// }
// return NULL;
//}
//
//int nodeListSet(NodeList **list, const void *key, int32_t len, void *value, _equal_fn_sml fn) {
// NodeList *tmp = *list;
// while (tmp) {
// if (!tmp->data.used) break;
// if (fn == NULL) {
// if (tmp->data.keyLen == len && memcmp(tmp->data.key, key, len) == 0) {
// return -1;
// }
// } else {
// if (tmp->data.keyLen == len && fn(tmp->data.key, key) == 0) {
// return -1;
// }
// }
//
// tmp = tmp->next;
// }
// if (tmp) {
// tmp->data.key = key;
// tmp->data.keyLen = len;
// tmp->data.value = value;
// tmp->data.used = true;
// } else {
// NodeList *newNode = (NodeList *)taosMemoryCalloc(1, sizeof(NodeList));
// if (newNode == NULL) {
// return -1;
// }
// newNode->data.key = key;
// newNode->data.keyLen = len;
// newNode->data.value = value;
// newNode->data.used = true;
// newNode->next = *list;
// *list = newNode;
// }
// return 0;
//}
//
//int nodeListSize(NodeList *list) {
// int cnt = 0;
// while (list) {
// if (list->data.used)
// cnt++;
// else
// break;
// list = list->next;
// }
// return cnt;
//}
static int32_t smlCheckAuth(SSmlHandle *info, SRequestConnInfo* conn, const char* pTabName, AUTH_TYPE type){
SUserAuthInfo pAuth = {0};
snprintf(pAuth.user, sizeof(pAuth.user), "%s", info->taos->user);
if (NULL == pTabName) {
tNameSetDbName(&pAuth.tbName, info->taos->acctId, info->pRequest->pDb, strlen(info->pRequest->pDb));
} else {
toName(info->taos->acctId, info->pRequest->pDb, pTabName, &pAuth.tbName);
} }
return NULL; pAuth.type = type;
}
int nodeListSet(NodeList **list, const void *key, int32_t len, void *value, _equal_fn_sml fn) { int32_t code = TSDB_CODE_SUCCESS;
NodeList *tmp = *list; SUserAuthRes authRes = {0};
while (tmp) {
if (!tmp->data.used) break;
if (fn == NULL) {
if (tmp->data.keyLen == len && memcmp(tmp->data.key, key, len) == 0) {
return -1;
}
} else {
if (tmp->data.keyLen == len && fn(tmp->data.key, key) == 0) {
return -1;
}
}
tmp = tmp->next; code = catalogChkAuth(info->pCatalog, conn, &pAuth, &authRes);
}
if (tmp) {
tmp->data.key = key;
tmp->data.keyLen = len;
tmp->data.value = value;
tmp->data.used = true;
} else {
NodeList *newNode = (NodeList *)taosMemoryCalloc(1, sizeof(NodeList));
if (newNode == NULL) {
return -1;
}
newNode->data.key = key;
newNode->data.keyLen = len;
newNode->data.value = value;
newNode->data.used = true;
newNode->next = *list;
*list = newNode;
}
return 0;
}
int nodeListSize(NodeList *list) {
int cnt = 0;
while (list) {
if (list->data.used)
cnt++;
else
break;
list = list->next;
}
return cnt;
}
return (code == TSDB_CODE_SUCCESS) ? (authRes.pass ? TSDB_CODE_SUCCESS : TSDB_CODE_PAR_PERMISSION_DENIED) : code;
}
inline bool smlDoubleToInt64OverFlow(double num) { inline bool smlDoubleToInt64OverFlow(double num) {
if (num >= (double)INT64_MAX || num <= (double)INT64_MIN) return true; if (num >= (double)INT64_MAX || num <= (double)INT64_MIN) return true;
return false; return false;
...@@ -813,6 +832,10 @@ static int32_t smlModifyDBSchemas(SSmlHandle *info) { ...@@ -813,6 +832,10 @@ static int32_t smlModifyDBSchemas(SSmlHandle *info) {
code = catalogGetSTableMeta(info->pCatalog, &conn, &pName, &pTableMeta); code = catalogGetSTableMeta(info->pCatalog, &conn, &pName, &pTableMeta);
if (code == TSDB_CODE_PAR_TABLE_NOT_EXIST || code == TSDB_CODE_MND_STB_NOT_EXIST) { if (code == TSDB_CODE_PAR_TABLE_NOT_EXIST || code == TSDB_CODE_MND_STB_NOT_EXIST) {
code = smlCheckAuth(info, &conn, NULL, AUTH_TYPE_WRITE);
if(code != TSDB_CODE_SUCCESS){
goto end;
}
uDebug("SML:0x%" PRIx64 " smlModifyDBSchemas create table:%s", info->id, pName.tname); uDebug("SML:0x%" PRIx64 " smlModifyDBSchemas create table:%s", info->id, pName.tname);
SArray *pColumns = taosArrayInit(taosArrayGetSize(sTableData->cols), sizeof(SField)); SArray *pColumns = taosArrayInit(taosArrayGetSize(sTableData->cols), sizeof(SField));
SArray *pTags = taosArrayInit(taosArrayGetSize(sTableData->tags), sizeof(SField)); SArray *pTags = taosArrayInit(taosArrayGetSize(sTableData->tags), sizeof(SField));
...@@ -857,6 +880,10 @@ static int32_t smlModifyDBSchemas(SSmlHandle *info) { ...@@ -857,6 +880,10 @@ static int32_t smlModifyDBSchemas(SSmlHandle *info) {
goto end; goto end;
} }
if (action != SCHEMA_ACTION_NULL) { if (action != SCHEMA_ACTION_NULL) {
code = smlCheckAuth(info, &conn, pName.tname, AUTH_TYPE_WRITE);
if(code != TSDB_CODE_SUCCESS){
goto end;
}
uDebug("SML:0x%" PRIx64 " smlModifyDBSchemas change table tag, table:%s, action:%d", info->id, pName.tname, uDebug("SML:0x%" PRIx64 " smlModifyDBSchemas change table tag, table:%s, action:%d", info->id, pName.tname,
action); action);
SArray *pColumns = SArray *pColumns =
...@@ -927,6 +954,10 @@ static int32_t smlModifyDBSchemas(SSmlHandle *info) { ...@@ -927,6 +954,10 @@ static int32_t smlModifyDBSchemas(SSmlHandle *info) {
goto end; goto end;
} }
if (action != SCHEMA_ACTION_NULL) { if (action != SCHEMA_ACTION_NULL) {
code = smlCheckAuth(info, &conn, pName.tname, AUTH_TYPE_WRITE);
if(code != TSDB_CODE_SUCCESS){
goto end;
}
uDebug("SML:0x%" PRIx64 " smlModifyDBSchemas change table col, table:%s, action:%d", info->id, pName.tname, uDebug("SML:0x%" PRIx64 " smlModifyDBSchemas change table col, table:%s, action:%d", info->id, pName.tname,
action); action);
SArray *pColumns = SArray *pColumns =
...@@ -1367,6 +1398,11 @@ static int32_t smlInsertData(SSmlHandle *info) { ...@@ -1367,6 +1398,11 @@ static int32_t smlInsertData(SSmlHandle *info) {
conn.requestObjRefId = info->pRequest->self; conn.requestObjRefId = info->pRequest->self;
conn.mgmtEps = getEpSet_s(&info->taos->pAppInfo->mgmtEp); conn.mgmtEps = getEpSet_s(&info->taos->pAppInfo->mgmtEp);
code = smlCheckAuth(info, &conn, pName.tname, AUTH_TYPE_WRITE);
if(code != TSDB_CODE_SUCCESS){
return code;
}
SVgroupInfo vg; SVgroupInfo vg;
code = catalogGetTableHashVgroup(info->pCatalog, &conn, &pName, &vg); code = catalogGetTableHashVgroup(info->pCatalog, &conn, &pName, &vg);
if (code != TSDB_CODE_SUCCESS) { if (code != TSDB_CODE_SUCCESS) {
...@@ -1586,9 +1622,7 @@ static int smlProcess(SSmlHandle *info, char *lines[], char *rawLine, char *rawL ...@@ -1586,9 +1622,7 @@ static int smlProcess(SSmlHandle *info, char *lines[], char *rawLine, char *rawL
do { do {
code = smlModifyDBSchemas(info); code = smlModifyDBSchemas(info);
if (code == 0 || code == TSDB_CODE_SML_INVALID_DATA || code == TSDB_CODE_PAR_TOO_MANY_COLUMNS if (code != TSDB_CODE_TDB_INVALID_TABLE_SCHEMA_VER && code != TSDB_CODE_SDB_OBJ_CREATING && code != TSDB_CODE_MND_TRANS_CONFLICT) {
|| code == TSDB_CODE_PAR_INVALID_TAGS_NUM || code == TSDB_CODE_PAR_INVALID_TAGS_LENGTH
|| code == TSDB_CODE_PAR_INVALID_ROW_LENGTH || code == TSDB_CODE_MND_FIELD_VALUE_OVERFLOW) {
break; break;
} }
taosMsleep(100); taosMsleep(100);
......
...@@ -1132,6 +1132,155 @@ int sml_td22900_Test() { ...@@ -1132,6 +1132,155 @@ int sml_td22900_Test() {
return code; return code;
} }
int sml_td24070_Test() {
TAOS *taos = taos_connect("localhost", "root", "taosdata", NULL, 0);
TAOS_RES *pRes = taos_query(taos, "CREATE user test_db pass 'test'");
ASSERT(taos_errno(pRes) == 0);
taos_free_result(pRes);
pRes = taos_query(taos, "CREATE DATABASE IF NOT EXISTS td24070_read");
ASSERT(taos_errno(pRes) == 0);
taos_free_result(pRes);
pRes = taos_query(taos, "grant read on td24070_read to test_db");
ASSERT(taos_errno(pRes) == 0);
taos_free_result(pRes);
pRes = taos_query(taos, "CREATE DATABASE IF NOT EXISTS td24070_write");
ASSERT(taos_errno(pRes) == 0);
taos_free_result(pRes);
pRes = taos_query(taos, "grant write on td24070_write to test_db");
ASSERT(taos_errno(pRes) == 0);
taos_free_result(pRes);
taos_close(taos);
// test db privilege
taos = taos_connect("localhost", "test_db", "test", NULL, 0);
const char* sql[] = {"stb2,t1=1,dataModelName=t0 f1=283i32 1632299372000"};
pRes = taos_query(taos, "use td24070_read");
taos_free_result(pRes);
pRes = taos_schemaless_insert(taos, (char **)sql, sizeof(sql) / sizeof(sql[0]), TSDB_SML_LINE_PROTOCOL,
TSDB_SML_TIMESTAMP_MILLI_SECONDS);
printf("%s result:%s\n", __FUNCTION__, taos_errstr(pRes));
int code = taos_errno(pRes);
ASSERT(code != 0);
taos_free_result(pRes);
pRes = taos_query(taos, "use td24070_write");
taos_free_result(pRes);
pRes = taos_schemaless_insert(taos, (char **)sql, sizeof(sql) / sizeof(sql[0]), TSDB_SML_LINE_PROTOCOL,
TSDB_SML_TIMESTAMP_MILLI_SECONDS);
printf("%s result:%s\n", __FUNCTION__, taos_errstr(pRes));
code = taos_errno(pRes);
ASSERT(code == 0);
taos_free_result(pRes);
taos_close(taos);
// test db privilege end
// test stable privilege
taos = taos_connect("localhost", "root", "taosdata", NULL, 0);
pRes = taos_query(taos, "CREATE user test_stb_read pass 'test'");
ASSERT(taos_errno(pRes) == 0);
taos_free_result(pRes);
pRes = taos_query(taos, "CREATE user test_stb_write pass 'test'");
ASSERT(taos_errno(pRes) == 0);
taos_free_result(pRes);
pRes = taos_query(taos, "grant read on td24070_write.stb2 to test_stb_read");
ASSERT(taos_errno(pRes) == 0);
taos_free_result(pRes);
pRes = taos_query(taos, "grant write on td24070_write.stb2 to test_stb_write");
ASSERT(taos_errno(pRes) == 0);
taos_free_result(pRes);
taos_close(taos);
taos = taos_connect("localhost", "test_stb_read", "test", "td24070_write", 0);
const char* sql1[] = {"stb2,t1=1,dataModelName=t0 f1=283i32 1632299373000"};
pRes = taos_schemaless_insert(taos, (char **)sql1, sizeof(sql1) / sizeof(sql1[0]), TSDB_SML_LINE_PROTOCOL,
TSDB_SML_TIMESTAMP_MILLI_SECONDS);
printf("%s result:%s\n", __FUNCTION__, taos_errstr(pRes));
code = taos_errno(pRes);
ASSERT(code != 0);
taos_free_result(pRes);
taos_close(taos);
taos = taos_connect("localhost", "test_stb_write", "test", "td24070_write", 0);
const char* sql2[] = {"stb2,t1=1,dataModelName=t0 f1=283i32 1632299373000"};
pRes = taos_schemaless_insert(taos, (char **)sql2, sizeof(sql2) / sizeof(sql2[0]), TSDB_SML_LINE_PROTOCOL,
TSDB_SML_TIMESTAMP_MILLI_SECONDS);
printf("%s result:%s\n", __FUNCTION__, taos_errstr(pRes));
code = taos_errno(pRes);
ASSERT(code == 0);
taos_free_result(pRes);
taos_close(taos);
// test stable privilege
// test table privilege
taos = taos_connect("localhost", "root", "taosdata", NULL, 0);
pRes = taos_query(taos, "CREATE user test_tb_read pass 'test'");
ASSERT(taos_errno(pRes) == 0);
taos_free_result(pRes);
pRes = taos_query(taos, "CREATE user test_tb_write pass 'test'");
ASSERT(taos_errno(pRes) == 0);
taos_free_result(pRes);
pRes = taos_query(taos, "grant read on td24070_write.stb2 with t1=1 to test_tb_read");
ASSERT(taos_errno(pRes) == 0);
taos_free_result(pRes);
pRes = taos_query(taos, "grant write on td24070_write.stb2 with t1=1 to test_tb_write");
ASSERT(taos_errno(pRes) == 0);
taos_free_result(pRes);
taos_close(taos);
taos = taos_connect("localhost", "test_tb_read", "test", "td24070_write", 0);
const char* sql3[] = {"stb2,t1=1,dataModelName=t0 f1=283i32 1632299374000"};
pRes = taos_schemaless_insert(taos, (char **)sql3, sizeof(sql3) / sizeof(sql3[0]), TSDB_SML_LINE_PROTOCOL,
TSDB_SML_TIMESTAMP_MILLI_SECONDS);
printf("%s result:%s\n", __FUNCTION__, taos_errstr(pRes));
code = taos_errno(pRes);
ASSERT(code != 0);
taos_free_result(pRes);
taos_close(taos);
taos = taos_connect("localhost", "test_tb_write", "test", "td24070_write", 0);
const char* sql4[] = {"stb2,t1=1,dataModelName=t0 f1=283i32 1632299374000"};
pRes = taos_schemaless_insert(taos, (char **)sql4, sizeof(sql4) / sizeof(sql4[0]), TSDB_SML_LINE_PROTOCOL,
TSDB_SML_TIMESTAMP_MILLI_SECONDS);
printf("%s result:%s\n", __FUNCTION__, taos_errstr(pRes));
code = taos_errno(pRes);
ASSERT(code == 0);
taos_free_result(pRes);
taos_close(taos);
// test table privilege
return code;
}
int sml_td23881_Test() { int sml_td23881_Test() {
TAOS *taos = taos_connect("localhost", "root", "taosdata", NULL, 0); TAOS *taos = taos_connect("localhost", "root", "taosdata", NULL, 0);
...@@ -1379,6 +1528,8 @@ int main(int argc, char *argv[]) { ...@@ -1379,6 +1528,8 @@ int main(int argc, char *argv[]) {
} }
int ret = 0; int ret = 0;
ret = sml_td24070_Test();
ASSERT(!ret);
ret = sml_td23881_Test(); ret = sml_td23881_Test();
ASSERT(ret); ASSERT(ret);
ret = sml_escape_Test(); ret = sml_escape_Test();
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册