Merge pull request #21470 from taosdata/feature/TD-24070

feat:add privilege for schemaless

Merge pull request #21470 from taosdata/feature/TD-24070
feat:add privilege for schemaless
b932fdb5 · Haojun Liao · GitHub · cd2fdf49 · f6fef3e9 · b932fdb5
Showing with 252 addition and 67 deletion

source/client/inc/clientSml.h source/client/inc/clientSml.h +3 -3

source/client/src/clientSml.c source/client/src/clientSml.c +98 -64

utils/test/c/sml_test.c utils/test/c/sml_test.c +151 -0

未找到文件。
--- a/source/client/inc/clientSml.h
+++ b/source/client/inc/clientSml.h
@@ -232,9 +232,9 @@ int           smlJsonParseObjFirst(char **start, SSmlLineInfo *element, int8_t *
 int           smlJsonParseObj(char **start, SSmlLineInfo *element, int8_t *offset);
 //SArray       *smlJsonParseTags(char *start, char *end);
 bool          smlParseNumberOld(SSmlKv *kvVal, SSmlMsgBuf *msg);
-void*         nodeListGet(NodeList* list, const void *key, int32_t len, _equal_fn_sml fn);
+//void*         nodeListGet(NodeList* list, const void *key, int32_t len, _equal_fn_sml fn);
-int           nodeListSet(NodeList** list, const void *key, int32_t len, void* value, _equal_fn_sml fn);
+//int           nodeListSet(NodeList** list, const void *key, int32_t len, void* value, _equal_fn_sml fn);
-int           nodeListSize(NodeList* list);
+//int           nodeListSize(NodeList* list);
 bool          smlDoubleToInt64OverFlow(double num);
 int32_t       smlBuildInvalidDataMsg(SSmlMsgBuf *pBuf, const char *msg1, const char *msg2);
 bool          smlParseNumber(SSmlKv *kvVal, SSmlMsgBuf *msg);

--- a/source/client/src/clientSml.c
+++ b/source/client/src/clientSml.c
@@ -24,72 +24,91 @@ int64_t smlToMilli[3] = {3600000LL, 60000LL, 1000LL};
 int64_t smlFactorNS[3] = {NANOSECOND_PER_MSEC, NANOSECOND_PER_USEC, 1};
 int64_t smlFactorS[3] = {1000LL, 1000000LL, 1000000000LL};
-void *nodeListGet(NodeList *list, const void *key, int32_t len, _equal_fn_sml fn) {
+//void *nodeListGet(NodeList *list, const void *key, int32_t len, _equal_fn_sml fn) {
-  NodeList *tmp = list;
+//  NodeList *tmp = list;
-  while (tmp) {
+//  while (tmp) {
-    if (fn == NULL) {
+//    if (fn == NULL) {
-      if (tmp->data.used && tmp->data.keyLen == len && memcmp(tmp->data.key, key, len) == 0) {
+//      if (tmp->data.used && tmp->data.keyLen == len && memcmp(tmp->data.key, key, len) == 0) {
-        return tmp->data.value;
+//        return tmp->data.value;
-      }
+//      }
-    } else {
+//    } else {
-      if (tmp->data.used && fn(tmp->data.key, key) == 0) {
+//      if (tmp->data.used && fn(tmp->data.key, key) == 0) {
-        return tmp->data.value;
+//        return tmp->data.value;
-      }
+//      }
-    }
+//    }
+//
-    tmp = tmp->next;
+//    tmp = tmp->next;
+//  }
+//  return NULL;
+//}
+//
+//int nodeListSet(NodeList **list, const void *key, int32_t len, void *value, _equal_fn_sml fn) {
+//  NodeList *tmp = *list;
+//  while (tmp) {
+//    if (!tmp->data.used) break;
+//    if (fn == NULL) {
+//      if (tmp->data.keyLen == len && memcmp(tmp->data.key, key, len) == 0) {
+//        return -1;
+//      }
+//    } else {
+//      if (tmp->data.keyLen == len && fn(tmp->data.key, key) == 0) {
+//        return -1;
+//      }
+//    }
+//
+//    tmp = tmp->next;
+//  }
+//  if (tmp) {
+//    tmp->data.key = key;
+//    tmp->data.keyLen = len;
+//    tmp->data.value = value;
+//    tmp->data.used = true;
+//  } else {
+//    NodeList *newNode = (NodeList *)taosMemoryCalloc(1, sizeof(NodeList));
+//    if (newNode == NULL) {
+//      return -1;
+//    }
+//    newNode->data.key = key;
+//    newNode->data.keyLen = len;
+//    newNode->data.value = value;
+//    newNode->data.used = true;
+//    newNode->next = *list;
+//    *list = newNode;
+//  }
+//  return 0;
+//}
+//
+//int nodeListSize(NodeList *list) {
+//  int cnt = 0;
+//  while (list) {
+//    if (list->data.used)
+//      cnt++;
+//    else
+//      break;
+//    list = list->next;
+//  }
+//  return cnt;
+//}
+static int32_t smlCheckAuth(SSmlHandle *info,  SRequestConnInfo* conn, const char* pTabName, AUTH_TYPE type){
+  SUserAuthInfo pAuth = {0};
+  snprintf(pAuth.user, sizeof(pAuth.user), "%s", info->taos->user);
+  if (NULL == pTabName) {
+    tNameSetDbName(&pAuth.tbName, info->taos->acctId, info->pRequest->pDb, strlen(info->pRequest->pDb));
+  } else {
+    toName(info->taos->acctId, info->pRequest->pDb, pTabName, &pAuth.tbName);
  }
-  return NULL;
+  pAuth.type = type;
-}
-int nodeListSet(NodeList **list, const void *key, int32_t len, void *value, _equal_fn_sml fn) {
+  int32_t      code = TSDB_CODE_SUCCESS;
-  NodeList *tmp = *list;
+  SUserAuthRes authRes = {0};
-  while (tmp) {
-    if (!tmp->data.used) break;
-    if (fn == NULL) {
-      if (tmp->data.keyLen == len && memcmp(tmp->data.key, key, len) == 0) {
-        return -1;
-      }
-    } else {
-      if (tmp->data.keyLen == len && fn(tmp->data.key, key) == 0) {
-        return -1;
-      }
-    }
-    tmp = tmp->next;
+  code = catalogChkAuth(info->pCatalog, conn, &pAuth, &authRes);
-  }
-  if (tmp) {
-    tmp->data.key = key;
-    tmp->data.keyLen = len;
-    tmp->data.value = value;
-    tmp->data.used = true;
-  } else {
-    NodeList *newNode = (NodeList *)taosMemoryCalloc(1, sizeof(NodeList));
-    if (newNode == NULL) {
-      return -1;
-    }
-    newNode->data.key = key;
-    newNode->data.keyLen = len;
-    newNode->data.value = value;
-    newNode->data.used = true;
-    newNode->next = *list;
-    *list = newNode;
-  }
-  return 0;
-}
-int nodeListSize(NodeList *list) {
-  int cnt = 0;
-  while (list) {
-    if (list->data.used)
-      cnt++;
-    else
-      break;
-    list = list->next;
-  }
-  return cnt;
-}
+  return (code == TSDB_CODE_SUCCESS) ? (authRes.pass ? TSDB_CODE_SUCCESS : TSDB_CODE_PAR_PERMISSION_DENIED) : code;
+}
 inline bool smlDoubleToInt64OverFlow(double num) {
  if (num >= (double)INT64_MAX || num <= (double)INT64_MIN) return true;
  return false;
@@ -813,6 +832,10 @@ static int32_t smlModifyDBSchemas(SSmlHandle *info) {
    code = catalogGetSTableMeta(info->pCatalog, &conn, &pName, &pTableMeta);
    if (code == TSDB_CODE_PAR_TABLE_NOT_EXIST || code == TSDB_CODE_MND_STB_NOT_EXIST) {
+      code = smlCheckAuth(info, &conn, NULL, AUTH_TYPE_WRITE);
+      if(code != TSDB_CODE_SUCCESS){
+        goto end;
+      }
      uDebug("SML:0x%" PRIx64 " smlModifyDBSchemas create table:%s", info->id, pName.tname);
      SArray *pColumns = taosArrayInit(taosArrayGetSize(sTableData->cols), sizeof(SField));
      SArray *pTags = taosArrayInit(taosArrayGetSize(sTableData->tags), sizeof(SField));
@@ -857,6 +880,10 @@ static int32_t smlModifyDBSchemas(SSmlHandle *info) {
        goto end;
      }
      if (action != SCHEMA_ACTION_NULL) {
+        code = smlCheckAuth(info, &conn, pName.tname, AUTH_TYPE_WRITE);
+        if(code != TSDB_CODE_SUCCESS){
+          goto end;
+        }
        uDebug("SML:0x%" PRIx64 " smlModifyDBSchemas change table tag, table:%s, action:%d", info->id, pName.tname,
               action);
        SArray *pColumns =
@@ -927,6 +954,10 @@ static int32_t smlModifyDBSchemas(SSmlHandle *info) {
        goto end;
      }
      if (action != SCHEMA_ACTION_NULL) {
+        code = smlCheckAuth(info, &conn, pName.tname, AUTH_TYPE_WRITE);
+        if(code != TSDB_CODE_SUCCESS){
+          goto end;
+        }
        uDebug("SML:0x%" PRIx64 " smlModifyDBSchemas change table col, table:%s, action:%d", info->id, pName.tname,
               action);
        SArray *pColumns =
@@ -1367,6 +1398,11 @@ static int32_t smlInsertData(SSmlHandle *info) {
    conn.requestObjRefId = info->pRequest->self;
    conn.mgmtEps = getEpSet_s(&info->taos->pAppInfo->mgmtEp);
+    code = smlCheckAuth(info, &conn, pName.tname, AUTH_TYPE_WRITE);
+    if(code != TSDB_CODE_SUCCESS){
+      return code;
+    }
    SVgroupInfo vg;
    code = catalogGetTableHashVgroup(info->pCatalog, &conn, &pName, &vg);
    if (code != TSDB_CODE_SUCCESS) {
@@ -1586,9 +1622,7 @@ static int smlProcess(SSmlHandle *info, char *lines[], char *rawLine, char *rawL
  do {
    code = smlModifyDBSchemas(info);
-    if (code == 0 || code == TSDB_CODE_SML_INVALID_DATA || code == TSDB_CODE_PAR_TOO_MANY_COLUMNS
+    if (code != TSDB_CODE_TDB_INVALID_TABLE_SCHEMA_VER && code != TSDB_CODE_SDB_OBJ_CREATING && code != TSDB_CODE_MND_TRANS_CONFLICT) {
-        || code == TSDB_CODE_PAR_INVALID_TAGS_NUM || code == TSDB_CODE_PAR_INVALID_TAGS_LENGTH
-        || code == TSDB_CODE_PAR_INVALID_ROW_LENGTH || code == TSDB_CODE_MND_FIELD_VALUE_OVERFLOW) {
      break;
    }
    taosMsleep(100);

--- a/utils/test/c/sml_test.c
+++ b/utils/test/c/sml_test.c
@@ -1132,6 +1132,155 @@ int sml_td22900_Test() {
  return code;
 }
+int sml_td24070_Test() {
+  TAOS *taos = taos_connect("localhost", "root", "taosdata", NULL, 0);
+  TAOS_RES *pRes = taos_query(taos, "CREATE user test_db pass 'test'");
+  ASSERT(taos_errno(pRes) == 0);
+  taos_free_result(pRes);
+  pRes = taos_query(taos, "CREATE DATABASE IF NOT EXISTS td24070_read");
+  ASSERT(taos_errno(pRes) == 0);
+  taos_free_result(pRes);
+  pRes = taos_query(taos, "grant read on td24070_read to test_db");
+  ASSERT(taos_errno(pRes) == 0);
+  taos_free_result(pRes);
+  pRes = taos_query(taos, "CREATE DATABASE IF NOT EXISTS td24070_write");
+  ASSERT(taos_errno(pRes) == 0);
+  taos_free_result(pRes);
+  pRes = taos_query(taos, "grant write on td24070_write to test_db");
+  ASSERT(taos_errno(pRes) == 0);
+  taos_free_result(pRes);
+  taos_close(taos);
+  // test db privilege
+  taos = taos_connect("localhost", "test_db", "test", NULL, 0);
+  const char* sql[] = {"stb2,t1=1,dataModelName=t0 f1=283i32 1632299372000"};
+  pRes = taos_query(taos, "use td24070_read");
+  taos_free_result(pRes);
+  pRes = taos_schemaless_insert(taos, (char **)sql, sizeof(sql) / sizeof(sql[0]), TSDB_SML_LINE_PROTOCOL,
+                                TSDB_SML_TIMESTAMP_MILLI_SECONDS);
+  printf("%s result:%s\n", __FUNCTION__, taos_errstr(pRes));
+  int code = taos_errno(pRes);
+  ASSERT(code != 0);
+  taos_free_result(pRes);
+  pRes = taos_query(taos, "use td24070_write");
+  taos_free_result(pRes);
+  pRes = taos_schemaless_insert(taos, (char **)sql, sizeof(sql) / sizeof(sql[0]), TSDB_SML_LINE_PROTOCOL,
+                                TSDB_SML_TIMESTAMP_MILLI_SECONDS);
+  printf("%s result:%s\n", __FUNCTION__, taos_errstr(pRes));
+  code = taos_errno(pRes);
+  ASSERT(code == 0);
+  taos_free_result(pRes);
+  taos_close(taos);
+  // test db privilege end
+  // test stable privilege
+  taos = taos_connect("localhost", "root", "taosdata", NULL, 0);
+  pRes = taos_query(taos, "CREATE user test_stb_read pass 'test'");
+  ASSERT(taos_errno(pRes) == 0);
+  taos_free_result(pRes);
+  pRes = taos_query(taos, "CREATE user test_stb_write pass 'test'");
+  ASSERT(taos_errno(pRes) == 0);
+  taos_free_result(pRes);
+  pRes = taos_query(taos, "grant read on td24070_write.stb2 to test_stb_read");
+  ASSERT(taos_errno(pRes) == 0);
+  taos_free_result(pRes);
+  pRes = taos_query(taos, "grant write on td24070_write.stb2 to test_stb_write");
+  ASSERT(taos_errno(pRes) == 0);
+  taos_free_result(pRes);
+  taos_close(taos);
+  taos = taos_connect("localhost", "test_stb_read", "test", "td24070_write", 0);
+  const char* sql1[] = {"stb2,t1=1,dataModelName=t0 f1=283i32 1632299373000"};
+  pRes = taos_schemaless_insert(taos, (char **)sql1, sizeof(sql1) / sizeof(sql1[0]), TSDB_SML_LINE_PROTOCOL,
+                                TSDB_SML_TIMESTAMP_MILLI_SECONDS);
+  printf("%s result:%s\n", __FUNCTION__, taos_errstr(pRes));
+  code = taos_errno(pRes);
+  ASSERT(code != 0);
+  taos_free_result(pRes);
+  taos_close(taos);
+  taos = taos_connect("localhost", "test_stb_write", "test", "td24070_write", 0);
+  const char* sql2[] = {"stb2,t1=1,dataModelName=t0 f1=283i32 1632299373000"};
+  pRes = taos_schemaless_insert(taos, (char **)sql2, sizeof(sql2) / sizeof(sql2[0]), TSDB_SML_LINE_PROTOCOL,
+                                TSDB_SML_TIMESTAMP_MILLI_SECONDS);
+  printf("%s result:%s\n", __FUNCTION__, taos_errstr(pRes));
+  code = taos_errno(pRes);
+  ASSERT(code == 0);
+  taos_free_result(pRes);
+  taos_close(taos);
+  // test stable privilege
+  // test table privilege
+  taos = taos_connect("localhost", "root", "taosdata", NULL, 0);
+  pRes = taos_query(taos, "CREATE user test_tb_read pass 'test'");
+  ASSERT(taos_errno(pRes) == 0);
+  taos_free_result(pRes);
+  pRes = taos_query(taos, "CREATE user test_tb_write pass 'test'");
+  ASSERT(taos_errno(pRes) == 0);
+  taos_free_result(pRes);
+  pRes = taos_query(taos, "grant read on td24070_write.stb2 with t1=1 to test_tb_read");
+  ASSERT(taos_errno(pRes) == 0);
+  taos_free_result(pRes);
+  pRes = taos_query(taos, "grant write on td24070_write.stb2 with t1=1 to test_tb_write");
+  ASSERT(taos_errno(pRes) == 0);
+  taos_free_result(pRes);
+  taos_close(taos);
+  taos = taos_connect("localhost", "test_tb_read", "test", "td24070_write", 0);
+  const char* sql3[] = {"stb2,t1=1,dataModelName=t0 f1=283i32 1632299374000"};
+  pRes = taos_schemaless_insert(taos, (char **)sql3, sizeof(sql3) / sizeof(sql3[0]), TSDB_SML_LINE_PROTOCOL,
+                                TSDB_SML_TIMESTAMP_MILLI_SECONDS);
+  printf("%s result:%s\n", __FUNCTION__, taos_errstr(pRes));
+  code = taos_errno(pRes);
+  ASSERT(code != 0);
+  taos_free_result(pRes);
+  taos_close(taos);
+  taos = taos_connect("localhost", "test_tb_write", "test", "td24070_write", 0);
+  const char* sql4[] = {"stb2,t1=1,dataModelName=t0 f1=283i32 1632299374000"};
+  pRes = taos_schemaless_insert(taos, (char **)sql4, sizeof(sql4) / sizeof(sql4[0]), TSDB_SML_LINE_PROTOCOL,
+                                TSDB_SML_TIMESTAMP_MILLI_SECONDS);
+  printf("%s result:%s\n", __FUNCTION__, taos_errstr(pRes));
+  code = taos_errno(pRes);
+  ASSERT(code == 0);
+  taos_free_result(pRes);
+  taos_close(taos);
+  // test table privilege
+  return code;
+}
 int sml_td23881_Test() {
  TAOS *taos = taos_connect("localhost", "root", "taosdata", NULL, 0);
@@ -1379,6 +1528,8 @@ int main(int argc, char *argv[]) {
  }
  int ret = 0;
+  ret = sml_td24070_Test();
+  ASSERT(!ret);
  ret = sml_td23881_Test();
  ASSERT(ret);
  ret = sml_escape_Test();