Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
taosdata
TDengine
提交
d768f49d
T
TDengine
项目概览
taosdata
/
TDengine
11 个月 前同步成功
通知
1178
Star
22014
Fork
4786
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
1
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
TDengine
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
1
Issue
1
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
d768f49d
编写于
4月 06, 2023
作者:
D
dapan1121
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
feat: table level user auth
上级
7342bde4
变更
12
隐藏空白更改
内联
并排
Showing
12 changed file
with
272 addition
and
152 deletion
+272
-152
include/libs/catalog/catalog.h
include/libs/catalog/catalog.h
+10
-6
source/libs/catalog/CMakeLists.txt
source/libs/catalog/CMakeLists.txt
+2
-2
source/libs/catalog/inc/catalogInt.h
source/libs/catalog/inc/catalogInt.h
+18
-7
source/libs/catalog/src/catalog.c
source/libs/catalog/src/catalog.c
+21
-32
source/libs/catalog/src/ctgAsync.c
source/libs/catalog/src/ctgAsync.c
+34
-37
source/libs/catalog/src/ctgCache.c
source/libs/catalog/src/ctgCache.c
+25
-46
source/libs/catalog/src/ctgUtil.c
source/libs/catalog/src/ctgUtil.c
+130
-3
source/libs/catalog/test/catalogTests.cpp
source/libs/catalog/test/catalogTests.cpp
+11
-7
source/libs/parser/src/parAuthenticator.c
source/libs/parser/src/parAuthenticator.c
+4
-1
source/libs/parser/src/parInsertSql.c
source/libs/parser/src/parInsertSql.c
+10
-3
source/libs/parser/src/parUtil.c
source/libs/parser/src/parUtil.c
+3
-2
source/libs/parser/test/mockCatalog.cpp
source/libs/parser/test/mockCatalog.cpp
+4
-6
未找到文件。
include/libs/catalog/catalog.h
浏览文件 @
d768f49d
...
...
@@ -29,6 +29,7 @@ extern "C" {
#include "tmsg.h"
#include "tname.h"
#include "transport.h"
#include "nodes.h"
typedef
struct
SCatalog
SCatalog
;
...
...
@@ -49,10 +50,15 @@ typedef enum {
typedef
struct
SUserAuthInfo
{
char
user
[
TSDB_USER_LEN
];
char
dbFName
[
TSDB_DB_FNAME_LEN
]
;
SName
tbName
;
AUTH_TYPE
type
;
}
SUserAuthInfo
;
typedef
struct
SUserAuthRes
{
bool
pass
;
SNode
*
pCond
;
}
SUserAuthRes
;
typedef
struct
SDbInfo
{
int32_t
vgVer
;
int32_t
tbNum
;
...
...
@@ -96,7 +102,7 @@ typedef struct SMetaData {
SArray
*
pTableIndex
;
// pRes = SArray<STableIndexInfo>*
SArray
*
pUdfList
;
// pRes = SFuncInfo*
SArray
*
pIndex
;
// pRes = SIndexInfo*
SArray
*
pUser
;
// pRes =
bool
*
SArray
*
pUser
;
// pRes =
SUserAuthRes
*
SArray
*
pQnodeList
;
// pRes = SArray<SQueryNodeLoad>*
SArray
*
pTableCfg
;
// pRes = STableCfg*
SArray
*
pDnodeList
;
// pRes = SArray<SEpSet>*
...
...
@@ -312,11 +318,9 @@ int32_t catalogUpdateTableIndex(SCatalog* pCtg, STableIndexRsp* pRsp);
int32_t
catalogGetUdfInfo
(
SCatalog
*
pCtg
,
SRequestConnInfo
*
pConn
,
const
char
*
funcName
,
SFuncInfo
*
pInfo
);
int32_t
catalogChkAuth
(
SCatalog
*
pCtg
,
SRequestConnInfo
*
pConn
,
const
char
*
user
,
const
char
*
dbFName
,
AUTH_TYPE
type
,
bool
*
pass
);
int32_t
catalogChkAuth
(
SCatalog
*
pCtg
,
SRequestConnInfo
*
pConn
,
SUserAuthInfo
*
pAuth
,
SUserAuthRes
*
pRes
);
int32_t
catalogChkAuthFromCache
(
SCatalog
*
pCtg
,
const
char
*
user
,
const
char
*
dbFName
,
AUTH_TYPE
type
,
bool
*
pass
,
bool
*
exists
);
int32_t
catalogChkAuthFromCache
(
SCatalog
*
pCtg
,
SUserAuthInfo
*
pAuth
,
SUserAuthRes
*
pRes
,
bool
*
exists
);
int32_t
catalogUpdateUserAuthInfo
(
SCatalog
*
pCtg
,
SGetUserAuthRsp
*
pAuth
);
...
...
source/libs/catalog/CMakeLists.txt
浏览文件 @
d768f49d
...
...
@@ -8,9 +8,9 @@ target_include_directories(
target_link_libraries
(
catalog
PRIVATE os util transport qcom
PRIVATE os util transport qcom
nodes
)
if
(
${
BUILD_TEST
}
)
ADD_SUBDIRECTORY
(
test
)
endif
(
${
BUILD_TEST
}
)
\ No newline at end of file
endif
(
${
BUILD_TEST
}
)
source/libs/catalog/inc/catalogInt.h
浏览文件 @
d768f49d
...
...
@@ -99,6 +99,20 @@ typedef struct SCtgDebug {
uint32_t
showCachePeriodSec
;
}
SCtgDebug
;
typedef
struct
SCtgAuthReq
{
SRequestConnInfo
*
pConn
;
SUserAuthInfo
*
pRawReq
;
SGetUserAuthRsp
authInfo
;
AUTH_TYPE
singleType
;
bool
onlyCache
;
}
SCtgAuthReq
;
typedef
struct
SCtgAuthRsp
{
SUserAuthRes
*
pRawRes
;
bool
metaNotExists
;
}
SCtgAuthRsp
;
typedef
struct
SCtgTbCacheInfo
{
bool
inCache
;
uint64_t
dbId
;
...
...
@@ -214,12 +228,8 @@ typedef struct SCtgRentMgmt {
}
SCtgRentMgmt
;
typedef
struct
SCtgUserAuth
{
int32_t
version
;
SRWLatch
lock
;
bool
superUser
;
SHashObj
*
createdDbs
;
SHashObj
*
readDbs
;
SHashObj
*
writeDbs
;
SRWLatch
lock
;
SGetUserAuthRsp
userAuth
;
}
SCtgUserAuth
;
typedef
struct
SCatalog
{
...
...
@@ -703,7 +713,7 @@ int32_t ctgTbMetaExistInCache(SCatalog* pCtg, char* dbFName, char* tbName, int32
int32_t
ctgReadTbMetaFromCache
(
SCatalog
*
pCtg
,
SCtgTbMetaCtx
*
ctx
,
STableMeta
**
pTableMeta
);
int32_t
ctgReadTbVerFromCache
(
SCatalog
*
pCtg
,
SName
*
pTableName
,
int32_t
*
sver
,
int32_t
*
tver
,
int32_t
*
tbType
,
uint64_t
*
suid
,
char
*
stbName
);
int32_t
ctgChkAuthFromCache
(
SCatalog
*
pCtg
,
char
*
user
,
char
*
dbFName
,
AUTH_TYPE
type
,
bool
*
inCache
,
bool
*
pas
s
);
int32_t
ctgChkAuthFromCache
(
SCatalog
*
pCtg
,
SUserAuthInfo
*
pReq
,
bool
*
inCache
,
SCtgAuthRsp
*
pRe
s
);
int32_t
ctgDropDbCacheEnqueue
(
SCatalog
*
pCtg
,
const
char
*
dbFName
,
int64_t
dbId
);
int32_t
ctgDropDbVgroupEnqueue
(
SCatalog
*
pCtg
,
const
char
*
dbFName
,
bool
syncReq
);
int32_t
ctgDropStbMetaEnqueue
(
SCatalog
*
pCtg
,
const
char
*
dbFName
,
int64_t
dbId
,
const
char
*
stbName
,
uint64_t
suid
,
...
...
@@ -806,6 +816,7 @@ int32_t ctgAcquireVgMetaFromCache(SCatalog *pCtg, const char *dbFName, const cha
int32_t
ctgCopyTbMeta
(
SCatalog
*
pCtg
,
SCtgTbMetaCtx
*
ctx
,
SCtgDBCache
**
pDb
,
SCtgTbCache
**
pTb
,
STableMeta
**
pTableMeta
,
char
*
dbFName
);
void
ctgReleaseVgMetaToCache
(
SCatalog
*
pCtg
,
SCtgDBCache
*
dbCache
,
SCtgTbCache
*
pCache
);
void
ctgReleaseTbMetaToCache
(
SCatalog
*
pCtg
,
SCtgDBCache
*
dbCache
,
SCtgTbCache
*
pCache
);
int32_t
ctgChkSetAuthRes
(
SCatalog
*
pCtg
,
SCtgAuthReq
*
req
,
SCtgAuthRsp
*
res
);
extern
SCatalogMgmt
gCtgMgmt
;
extern
SCtgDebug
gCTGDebug
;
...
...
source/libs/catalog/src/catalog.c
浏览文件 @
d768f49d
...
...
@@ -319,14 +319,13 @@ _return:
CTG_RET
(
code
);
}
int32_t
ctgChkAuth
(
SCatalog
*
pCtg
,
SRequestConnInfo
*
pConn
,
const
char
*
user
,
const
char
*
dbFName
,
AUTH_TYPE
type
,
bool
*
pass
,
bool
*
exists
)
{
int32_t
ctgChkAuth
(
SCatalog
*
pCtg
,
SRequestConnInfo
*
pConn
,
SUserAuthInfo
*
pReq
,
SUserAuthRes
*
pRes
,
bool
*
exists
)
{
bool
inCache
=
false
;
int32_t
code
=
0
;
SCtgAuthRsp
rsp
=
{
0
};
rsp
.
pRawRes
=
pRes
;
*
pass
=
false
;
CTG_ERR_RET
(
ctgChkAuthFromCache
(
pCtg
,
(
char
*
)
user
,
(
char
*
)
dbFName
,
type
,
&
inCache
,
pass
));
CTG_ERR_RET
(
ctgChkAuthFromCache
(
pCtg
,
pReq
,
&
inCache
,
&
rsp
));
if
(
inCache
)
{
if
(
exists
)
{
...
...
@@ -339,30 +338,22 @@ int32_t ctgChkAuth(SCatalog* pCtg, SRequestConnInfo* pConn, const char* user, co
return
TSDB_CODE_SUCCESS
;
}
SGetUserAuthRsp
authRsp
=
{
0
};
CTG_ERR_RET
(
ctgGetUserDbAuthFromMnode
(
pCtg
,
pConn
,
user
,
&
authRsp
,
NULL
));
if
(
authRsp
.
superAuth
)
{
*
pass
=
true
;
goto
_return
;
}
if
(
authRsp
.
createdDbs
&&
taosHashGet
(
authRsp
.
createdDbs
,
dbFName
,
strlen
(
dbFName
)))
{
*
pass
=
true
;
goto
_return
;
}
SCtgAuthReq
req
=
{
0
};
req
.
pRawReq
=
pReq
;
req
.
pConn
=
pConn
;
req
.
onlyCache
=
exists
?
true
:
false
;
CTG_ERR_RET
(
ctgGetUserDbAuthFromMnode
(
pCtg
,
pConn
,
pReq
->
user
,
&
req
.
authInfo
,
NULL
));
if
(
CTG_AUTH_READ
(
type
)
&&
authRsp
.
readDbs
&&
taosHashGet
(
authRsp
.
readDbs
,
dbFName
,
strlen
(
dbFName
)))
{
*
pass
=
true
;
}
else
if
(
CTG_AUTH_WRITE
(
type
)
&&
authRsp
.
writeDbs
&&
taosHashGet
(
authRsp
.
writeDbs
,
dbFName
,
strlen
(
dbFName
)))
{
*
pass
=
true
;
CTG_ERR_JRET
(
ctgChkSetAuthRes
(
pCtg
,
&
req
,
&
rsp
));
if
(
rsp
.
metaNotExists
&&
exists
)
{
*
exists
=
false
;
}
_return:
ctgUpdateUserEnqueue
(
pCtg
,
&
authRsp
,
false
);
ctgUpdateUserEnqueue
(
pCtg
,
&
req
.
authInfo
,
false
);
return
TSDB_CODE_SUCCESS
;
CTG_RET
(
code
)
;
}
int32_t
ctgGetTbType
(
SCatalog
*
pCtg
,
SRequestConnInfo
*
pConn
,
SName
*
pTableName
,
int32_t
*
tbType
)
{
...
...
@@ -1368,7 +1359,7 @@ int32_t catalogGetExpiredUsers(SCatalog* pCtg, SUserAuthVersion** users, uint32_
void
*
key
=
taosHashGetKey
(
pAuth
,
&
len
);
strncpy
((
*
users
)[
i
].
user
,
key
,
len
);
(
*
users
)[
i
].
user
[
len
]
=
0
;
(
*
users
)[
i
].
version
=
pAuth
->
version
;
(
*
users
)[
i
].
version
=
pAuth
->
userAuth
.
version
;
++
i
;
if
(
i
>=
*
num
)
{
taosHashCancelIterate
(
pCtg
->
userCache
,
pAuth
);
...
...
@@ -1448,32 +1439,30 @@ _return:
CTG_API_LEAVE
(
code
);
}
int32_t
catalogChkAuth
(
SCatalog
*
pCtg
,
SRequestConnInfo
*
pConn
,
const
char
*
user
,
const
char
*
dbFName
,
AUTH_TYPE
type
,
bool
*
pass
)
{
int32_t
catalogChkAuth
(
SCatalog
*
pCtg
,
SRequestConnInfo
*
pConn
,
SUserAuthInfo
*
pAuth
,
SUserAuthRes
*
pRes
)
{
CTG_API_ENTER
();
if
(
NULL
==
pCtg
||
NULL
==
pConn
||
NULL
==
user
||
NULL
==
dbFName
||
NULL
==
pas
s
)
{
if
(
NULL
==
pCtg
||
NULL
==
pConn
||
NULL
==
pAuth
||
NULL
==
pRe
s
)
{
CTG_API_LEAVE
(
TSDB_CODE_CTG_INVALID_INPUT
);
}
int32_t
code
=
0
;
CTG_ERR_JRET
(
ctgChkAuth
(
pCtg
,
pConn
,
user
,
dbFName
,
type
,
pas
s
,
NULL
));
CTG_ERR_JRET
(
ctgChkAuth
(
pCtg
,
pConn
,
pAuth
,
pRe
s
,
NULL
));
_return:
CTG_API_LEAVE
(
code
);
}
int32_t
catalogChkAuthFromCache
(
SCatalog
*
pCtg
,
const
char
*
user
,
const
char
*
dbFName
,
AUTH_TYPE
type
,
bool
*
pass
,
bool
*
exists
)
{
int32_t
catalogChkAuthFromCache
(
SCatalog
*
pCtg
,
SUserAuthInfo
*
pAuth
,
SUserAuthRes
*
pRes
,
bool
*
exists
)
{
CTG_API_ENTER
();
if
(
NULL
==
pCtg
||
NULL
==
user
||
NULL
==
dbFName
||
NULL
==
pas
s
||
NULL
==
exists
)
{
if
(
NULL
==
pCtg
||
NULL
==
pAuth
||
NULL
==
pRe
s
||
NULL
==
exists
)
{
CTG_API_LEAVE
(
TSDB_CODE_CTG_INVALID_INPUT
);
}
int32_t
code
=
0
;
CTG_ERR_JRET
(
ctgChkAuth
(
pCtg
,
NULL
,
user
,
dbFName
,
type
,
pas
s
,
exists
));
CTG_ERR_JRET
(
ctgChkAuth
(
pCtg
,
NULL
,
pAuth
,
pRe
s
,
exists
));
_return:
...
...
source/libs/catalog/src/ctgAsync.c
浏览文件 @
d768f49d
...
...
@@ -1550,45 +1550,20 @@ _return:
int32_t
ctgHandleGetUserRsp
(
SCtgTaskReq
*
tReq
,
int32_t
reqType
,
const
SDataBuf
*
pMsg
,
int32_t
rspCode
)
{
int32_t
code
=
0
;
SCtgTask
*
pTask
=
tReq
->
pTask
;
SCtgUserCtx
*
ctx
=
(
SCtgUserCtx
*
)
pTask
->
taskCtx
;
SCatalog
*
pCtg
=
pTask
->
pJob
->
pCtg
;
bool
pass
=
false
;
SGetUserAuthRsp
*
pOut
=
(
SGetUserAuthRsp
*
)
pTask
->
msgCtx
.
out
;
CTG_ERR_JRET
(
ctgProcessRspMsg
(
pTask
->
msgCtx
.
out
,
reqType
,
pMsg
->
pData
,
pMsg
->
len
,
rspCode
,
pTask
->
msgCtx
.
target
));
if
(
pOut
->
superAuth
)
{
pass
=
true
;
goto
_return
;
}
ctgUpdateUserEnqueue
(
pCtg
,
pOut
,
true
);
taosMemoryFreeClear
(
pTask
->
msgCtx
.
out
);
if
(
pOut
->
createdDbs
&&
taosHashGet
(
pOut
->
createdDbs
,
ctx
->
user
.
dbFName
,
strlen
(
ctx
->
user
.
dbFName
)))
{
pass
=
true
;
goto
_return
;
}
CTG_ERR_JRET
((
*
gCtgAsyncFps
[
pTask
->
type
].
launchFp
)(
pTask
));
if
(
CTG_AUTH_READ
(
ctx
->
user
.
type
)
&&
pOut
->
readDbs
&&
taosHashGet
(
pOut
->
readDbs
,
ctx
->
user
.
dbFName
,
strlen
(
ctx
->
user
.
dbFName
)))
{
pass
=
true
;
}
else
if
(
CTG_AUTH_WRITE
(
ctx
->
user
.
type
)
&&
pOut
->
writeDbs
&&
taosHashGet
(
pOut
->
writeDbs
,
ctx
->
user
.
dbFName
,
strlen
(
ctx
->
user
.
dbFName
)))
{
pass
=
true
;
}
return
TSDB_CODE_SUCCESS
;
_return:
if
(
TSDB_CODE_SUCCESS
==
code
)
{
pTask
->
res
=
taosMemoryCalloc
(
1
,
sizeof
(
bool
));
if
(
NULL
==
pTask
->
res
)
{
code
=
TSDB_CODE_OUT_OF_MEMORY
;
}
else
{
*
(
bool
*
)
pTask
->
res
=
pass
;
}
}
ctgUpdateUserEnqueue
(
pCtg
,
pOut
,
false
);
taosMemoryFreeClear
(
pTask
->
msgCtx
.
out
);
ctgHandleTaskEnd
(
pTask
,
code
);
CTG_RET
(
code
);
...
...
@@ -2067,31 +2042,39 @@ int32_t ctgLaunchGetUdfTask(SCtgTask* pTask) {
}
int32_t
ctgLaunchGetUserTask
(
SCtgTask
*
pTask
)
{
int32_t
code
=
0
;
SCatalog
*
pCtg
=
pTask
->
pJob
->
pCtg
;
SRequestConnInfo
*
pConn
=
&
pTask
->
pJob
->
conn
;
SCtgUserCtx
*
pCtx
=
(
SCtgUserCtx
*
)
pTask
->
taskCtx
;
bool
inCache
=
false
;
bool
pass
=
false
;
SCtgAuthRsp
rsp
=
{
0
}
;
SCtgJob
*
pJob
=
pTask
->
pJob
;
SCtgMsgCtx
*
pMsgCtx
=
CTG_GET_TASK_MSGCTX
(
pTask
,
-
1
);
if
(
NULL
==
pMsgCtx
->
pBatchs
)
{
pMsgCtx
->
pBatchs
=
pJob
->
pBatchs
;
}
CTG_ERR_RET
(
ctgChkAuthFromCache
(
pCtg
,
pCtx
->
user
.
user
,
pCtx
->
user
.
dbFName
,
pCtx
->
user
.
type
,
&
inCache
,
&
pass
));
rsp
.
pRawRes
=
taosMemoryCalloc
(
1
,
sizeof
(
SUserAuthRes
));
if
(
NULL
==
rsp
.
pRawRes
)
{
CTG_ERR_RET
(
TSDB_CODE_OUT_OF_MEMORY
);
}
CTG_ERR_RET
(
ctgChkAuthFromCache
(
pCtg
,
&
pCtx
->
user
,
&
inCache
,
&
rsp
));
if
(
inCache
)
{
pTask
->
res
=
taosMemoryCalloc
(
1
,
sizeof
(
bool
));
if
(
NULL
==
pTask
->
res
)
{
CTG_ERR_RET
(
TSDB_CODE_OUT_OF_MEMORY
);
}
*
(
bool
*
)
pTask
->
res
=
pass
;
pTask
->
res
=
rsp
.
pRawRes
;
CTG_ERR_RET
(
ctgHandleTaskEnd
(
pTask
,
0
));
return
TSDB_CODE_SUCCESS
;
}
CTG_ERR_RET
(
ctgGetUserDbAuthFromMnode
(
pCtg
,
pConn
,
pCtx
->
user
.
user
,
NULL
,
pTask
)
);
taosMemoryFreeClear
(
rsp
.
pRawRes
);
if
(
rsp
.
metaNotExists
)
{
CTG_ERR_RET
(
ctgLaunchSubTask
(
pTask
,
CTG_TASK_GET_TB_META
,
ctgGetTbCfgCb
,
&
pCtx
->
user
.
tbName
));
}
else
{
CTG_ERR_RET
(
ctgGetUserDbAuthFromMnode
(
pCtg
,
pConn
,
pCtx
->
user
.
user
,
NULL
,
pTask
));
}
return
TSDB_CODE_SUCCESS
;
}
...
...
@@ -2139,6 +2122,20 @@ _return:
CTG_RET
(
ctgHandleTaskEnd
(
pTask
,
pTask
->
subRes
.
code
));
}
int32_t
ctgGetUserCb
(
SCtgTask
*
pTask
)
{
int32_t
code
=
0
;
CTG_ERR_JRET
(
pTask
->
subRes
.
code
);
CTG_RET
(
ctgLaunchGetUserTask
(
pTask
));
_return:
CTG_RET
(
ctgHandleTaskEnd
(
pTask
,
pTask
->
subRes
.
code
));
}
int32_t
ctgCompDbVgTasks
(
SCtgTask
*
pTask
,
void
*
param
,
bool
*
equal
)
{
SCtgDbVgCtx
*
ctx
=
pTask
->
taskCtx
;
...
...
source/libs/catalog/src/ctgCache.c
浏览文件 @
d768f49d
...
...
@@ -678,55 +678,40 @@ _return:
CTG_RET
(
code
);
}
int32_t
ctgChkAuthFromCache
(
SCatalog
*
pCtg
,
char
*
user
,
char
*
dbFName
,
AUTH_TYPE
type
,
bool
*
inCache
,
bool
*
pass
)
{
char
*
p
=
strchr
(
dbFName
,
'.'
);
if
(
p
)
{
++
p
;
}
else
{
p
=
dbFName
;
}
if
(
IS_SYS_DBNAME
(
p
))
{
int32_t
ctgChkAuthFromCache
(
SCatalog
*
pCtg
,
SUserAuthInfo
*
pReq
,
bool
*
inCache
,
SCtgAuthRsp
*
pRes
)
{
if
(
IS_SYS_DBNAME
(
pReq
->
tbName
.
dbname
))
{
*
inCache
=
true
;
*
pass
=
true
;
ctgDebug
(
"sysdb %s, pass"
,
dbFN
ame
);
pRes
->
pRawRes
->
pass
=
true
;
ctgDebug
(
"sysdb %s, pass"
,
pReq
->
tbName
.
dbn
ame
);
return
TSDB_CODE_SUCCESS
;
}
SCtgUserAuth
*
pUser
=
(
SCtgUserAuth
*
)
taosHashGet
(
pCtg
->
userCache
,
user
,
strlen
(
user
));
SCtgUserAuth
*
pUser
=
(
SCtgUserAuth
*
)
taosHashGet
(
pCtg
->
userCache
,
pReq
->
user
,
strlen
(
pReq
->
user
));
if
(
NULL
==
pUser
)
{
ctgDebug
(
"user not in cache, user:%s"
,
user
);
ctgDebug
(
"user not in cache, user:%s"
,
pReq
->
user
);
goto
_return
;
}
*
inCache
=
true
;
ctgDebug
(
"Got user from cache, user:%s"
,
user
);
ctgDebug
(
"Got user from cache, user:%s"
,
pReq
->
user
);
CTG_CACHE_STAT_INC
(
numOfUserHit
,
1
);
if
(
pUser
->
superUser
)
{
*
pass
=
true
;
return
TSDB_CODE_SUCCESS
;
}
SCtgAuthReq
req
=
{
0
};
req
.
pRawReq
=
pReq
;
req
.
onlyCache
=
true
;
CTG_LOCK
(
CTG_READ
,
&
pUser
->
lock
);
if
(
pUser
->
createdDbs
&&
taosHashGet
(
pUser
->
createdDbs
,
dbFName
,
strlen
(
dbFName
)))
{
*
pass
=
true
;
CTG_UNLOCK
(
CTG_READ
,
&
pUser
->
lock
);
return
TSDB_CODE_SUCCESS
;
}
if
(
pUser
->
readDbs
&&
taosHashGet
(
pUser
->
readDbs
,
dbFName
,
strlen
(
dbFName
))
&&
CTG_AUTH_READ
(
type
))
{
*
pass
=
true
;
}
if
(
pUser
->
writeDbs
&&
taosHashGet
(
pUser
->
writeDbs
,
dbFName
,
strlen
(
dbFName
))
&&
CTG_AUTH_WRITE
(
type
))
{
*
pass
=
true
;
}
memcpy
(
&
req
.
authInfo
,
&
pUser
->
userAuth
,
sizeof
(
pUser
->
userAuth
));
int32_t
code
=
ctgChkSetAuthRes
(
pCtg
,
&
req
,
pRes
);
CTG_UNLOCK
(
CTG_READ
,
&
pUser
->
lock
);
CTG_ERR_JRET
(
code
);
if
(
pRes
->
metaNotExists
)
{
goto
_return
;
}
return
TSDB_CODE_SUCCESS
;
CTG_RET
(
code
)
;
_return:
...
...
@@ -2024,11 +2009,7 @@ int32_t ctgOpUpdateUser(SCtgCacheOperation *operation) {
if
(
NULL
==
pUser
)
{
SCtgUserAuth
userAuth
=
{
0
};
userAuth
.
version
=
msg
->
userAuth
.
version
;
userAuth
.
superUser
=
msg
->
userAuth
.
superAuth
;
userAuth
.
createdDbs
=
msg
->
userAuth
.
createdDbs
;
userAuth
.
readDbs
=
msg
->
userAuth
.
readDbs
;
userAuth
.
writeDbs
=
msg
->
userAuth
.
writeDbs
;
memcpy
(
&
userAuth
.
userAuth
,
&
msg
->
userAuth
,
sizeof
(
msg
->
userAuth
));
if
(
taosHashPut
(
pCtg
->
userCache
,
msg
->
userAuth
.
user
,
strlen
(
msg
->
userAuth
.
user
),
&
userAuth
,
sizeof
(
userAuth
)))
{
ctgError
(
"taosHashPut user %s to cache failed"
,
msg
->
userAuth
.
user
);
...
...
@@ -2040,20 +2021,18 @@ int32_t ctgOpUpdateUser(SCtgCacheOperation *operation) {
return
TSDB_CODE_SUCCESS
;
}
pUser
->
version
=
msg
->
userAuth
.
version
;
CTG_LOCK
(
CTG_WRITE
,
&
pUser
->
lock
);
taosHashCleanup
(
pUser
->
createdDbs
);
pUser
->
createdDbs
=
msg
->
userAuth
.
createdDbs
;
taosHashCleanup
(
pUser
->
userAuth
.
createdDbs
);
pUser
->
userAuth
.
createdDbs
=
msg
->
userAuth
.
createdDbs
;
msg
->
userAuth
.
createdDbs
=
NULL
;
taosHashCleanup
(
pUser
->
readDbs
);
pUser
->
readDbs
=
msg
->
userAuth
.
readDbs
;
taosHashCleanup
(
pUser
->
userAuth
.
readDbs
);
pUser
->
userAuth
.
readDbs
=
msg
->
userAuth
.
readDbs
;
msg
->
userAuth
.
readDbs
=
NULL
;
taosHashCleanup
(
pUser
->
writeDbs
);
pUser
->
writeDbs
=
msg
->
userAuth
.
writeDbs
;
taosHashCleanup
(
pUser
->
userAuth
.
writeDbs
);
pUser
->
userAuth
.
writeDbs
=
msg
->
userAuth
.
writeDbs
;
msg
->
userAuth
.
writeDbs
=
NULL
;
CTG_UNLOCK
(
CTG_WRITE
,
&
pUser
->
lock
);
...
...
source/libs/catalog/src/ctgUtil.c
浏览文件 @
d768f49d
...
...
@@ -174,9 +174,11 @@ void ctgFreeSMetaData(SMetaData* pData) {
}
void
ctgFreeSCtgUserAuth
(
SCtgUserAuth
*
userCache
)
{
taosHashCleanup
(
userCache
->
createdDbs
);
taosHashCleanup
(
userCache
->
readDbs
);
taosHashCleanup
(
userCache
->
writeDbs
);
taosHashCleanup
(
userCache
->
userAuth
.
createdDbs
);
taosHashCleanup
(
userCache
->
userAuth
.
readDbs
);
taosHashCleanup
(
userCache
->
userAuth
.
writeDbs
);
taosHashCleanup
(
userCache
->
userAuth
.
readTbs
);
taosHashCleanup
(
userCache
->
userAuth
.
writeTbs
);
}
void
ctgFreeMetaRent
(
SCtgRentMgmt
*
mgmt
)
{
...
...
@@ -1330,6 +1332,131 @@ static void* ctgCloneDnodeList(void* pSrc) { return taosArrayDup((const SArray*)
static
void
ctgFreeDnodeList
(
void
*
p
)
{
taosArrayDestroy
((
SArray
*
)((
SMetaRes
*
)
p
)
->
pRes
);
}
int32_t
ctgChkSetTbAuthRes
(
SCatalog
*
pCtg
,
SCtgAuthReq
*
req
,
SCtgAuthRsp
*
res
)
{
int32_t
code
=
0
;
STableMeta
*
pMeta
=
NULL
;
SGetUserAuthRsp
*
pInfo
=
&
req
->
authInfo
;
SHashObj
*
pTbs
=
(
AUTH_TYPE_READ
==
req
->
singleType
)
?
pInfo
->
readTbs
:
pInfo
->
writeTbs
;
char
*
pCond
=
taosHashGet
(
pTbs
,
req
->
pRawReq
->
tbName
.
tname
,
strlen
(
req
->
pRawReq
->
tbName
.
tname
));
if
(
pCond
)
{
if
(
strlen
(
pCond
)
>
1
)
{
CTG_RET
(
nodesStringToNode
(
pCond
,
&
res
->
pRawRes
->
pCond
));
}
res
->
pRawRes
->
pass
=
true
;
return
TSDB_CODE_SUCCESS
;
}
CTG_ERR_RET
(
catalogGetCachedTableMeta
(
pCtg
,
&
req
->
pRawReq
->
tbName
,
&
pMeta
));
if
(
NULL
==
pMeta
)
{
if
(
req
->
onlyCache
)
{
res
->
metaNotExists
=
true
;
ctgDebug
(
"db %s tb %s meta not in cache for auth"
,
req
->
pRawReq
->
tbName
.
dbname
,
req
->
pRawReq
->
tbName
.
tname
);
return
TSDB_CODE_SUCCESS
;
}
CTG_ERR_RET
(
catalogGetTableMeta
(
pCtg
,
req
->
pConn
,
&
req
->
pRawReq
->
tbName
,
&
pMeta
));
}
if
(
TSDB_SUPER_TABLE
==
pMeta
->
tableType
||
TSDB_NORMAL_TABLE
==
pMeta
->
tableType
)
{
res
->
pRawRes
->
pass
=
false
;
goto
_return
;
}
if
(
TSDB_CHILD_TABLE
==
pMeta
->
tableType
)
{
res
->
pRawRes
->
pass
=
true
;
/*
char stbName[TSDB_TABLE_NAME_LEN] = {0};
CTG_ERR_JRET(ctgGetCachedStbNameFromSuid(pCtg, pMeta->suid, stbName));
if (0 == stbName[0]) {
if (req->onlyCache) {
res->notExists = true;
return TSDB_CODE_SUCCESS;
}
CTG_ERR_RET(catalogRefreshTableMeta(pCtg, req->pConn, &req->pRawReq->tbName, 0));
}
*/
}
_return:
taosMemoryFree
(
pMeta
);
CTG_RET
(
code
);
}
int32_t
ctgChkSetAuthRes
(
SCatalog
*
pCtg
,
SCtgAuthReq
*
req
,
SCtgAuthRsp
*
res
)
{
int32_t
code
=
0
;
SUserAuthInfo
*
pReq
=
req
->
pRawReq
;
SUserAuthRes
*
pRes
=
res
->
pRawRes
;
SGetUserAuthRsp
*
pInfo
=
&
req
->
authInfo
;
pRes
->
pass
=
false
;
pRes
->
pCond
=
NULL
;
if
(
!
pInfo
->
enable
)
{
pRes
->
pass
=
false
;
return
TSDB_CODE_SUCCESS
;
}
if
(
pInfo
->
superAuth
)
{
pRes
->
pass
=
true
;
return
TSDB_CODE_SUCCESS
;
}
char
dbFName
[
TSDB_DB_FNAME_LEN
];
tNameGetFullDbName
(
&
pReq
->
tbName
,
dbFName
);
if
(
pInfo
->
createdDbs
&&
taosHashGet
(
pInfo
->
createdDbs
,
dbFName
,
strlen
(
dbFName
)))
{
pRes
->
pass
=
true
;
return
TSDB_CODE_SUCCESS
;
}
switch
(
pReq
->
type
)
{
case
AUTH_TYPE_READ
:
{
if
(
pInfo
->
readDbs
&&
taosHashGet
(
pInfo
->
readDbs
,
dbFName
,
strlen
(
dbFName
)))
{
pRes
->
pass
=
true
;
return
TSDB_CODE_SUCCESS
;
}
if
(
pInfo
->
readTbs
&&
taosHashGetSize
(
pInfo
->
readTbs
)
>
0
)
{
req
->
singleType
=
AUTH_TYPE_READ
;
CTG_RET
(
ctgChkSetTbAuthRes
(
pCtg
,
req
,
res
));
}
break
;
}
case
AUTH_TYPE_WRITE
:
{
if
(
pInfo
->
writeDbs
&&
taosHashGet
(
pInfo
->
writeDbs
,
dbFName
,
strlen
(
dbFName
)))
{
pRes
->
pass
=
true
;
return
TSDB_CODE_SUCCESS
;
}
if
(
pInfo
->
writeTbs
&&
taosHashGetSize
(
pInfo
->
writeTbs
)
>
0
)
{
req
->
singleType
=
AUTH_TYPE_WRITE
;
CTG_RET
(
ctgChkSetTbAuthRes
(
pCtg
,
req
,
res
));
}
break
;
}
case
AUTH_TYPE_READ_OR_WRITE
:
{
if
((
pInfo
->
readDbs
&&
taosHashGet
(
pInfo
->
readDbs
,
dbFName
,
strlen
(
dbFName
)))
||
(
pInfo
->
writeDbs
&&
taosHashGet
(
pInfo
->
writeDbs
,
dbFName
,
strlen
(
dbFName
)))){
pRes
->
pass
=
true
;
return
TSDB_CODE_SUCCESS
;
}
break
;
}
default:
break
;
}
return
TSDB_CODE_SUCCESS
;
}
#if 0
static int32_t ctgCloneMetaDataArray(SArray* pSrc, __array_item_dup_fn_t copyFunc, SArray** pDst) {
if (NULL == pSrc) {
...
...
source/libs/catalog/test/catalogTests.cpp
浏览文件 @
d768f49d
...
...
@@ -2800,15 +2800,19 @@ TEST(apiTest, catalogChkAuth_test) {
code
=
catalogGetHandle
(
ctgTestClusterId
,
&
pCtg
);
ASSERT_EQ
(
code
,
0
);
bool
pass
=
false
;
SUserAuthInfo
authInfo
=
{
0
};
SUserAuthRes
authRes
=
{
0
};
strcpy
(
authInfo
.
user
,
ctgTestUsername
);
toName
(
1
,
ctgTestDbname
,
ctgTestSTablename
,
&
authInfo
.
tbName
);
authInfo
.
type
=
AUTH_TYPE_READ
;
bool
exists
=
false
;
code
=
catalogChkAuthFromCache
(
pCtg
,
ctgTestUsername
,
ctgTestDbname
,
AUTH_TYPE_READ
,
&
pas
s
,
&
exists
);
code
=
catalogChkAuthFromCache
(
pCtg
,
&
authInfo
,
&
authRe
s
,
&
exists
);
ASSERT_EQ
(
code
,
0
);
ASSERT_EQ
(
exists
,
false
);
code
=
catalogChkAuth
(
pCtg
,
mockPointer
,
ctgTestUsername
,
ctgTestDbname
,
AUTH_TYPE_READ
,
&
pas
s
);
code
=
catalogChkAuth
(
pCtg
,
mockPointer
,
&
authInfo
,
&
authRe
s
);
ASSERT_EQ
(
code
,
0
);
ASSERT_EQ
(
pass
,
true
);
ASSERT_EQ
(
authRes
.
pass
,
true
);
while
(
true
)
{
uint64_t
n
=
0
;
...
...
@@ -2820,9 +2824,9 @@ TEST(apiTest, catalogChkAuth_test) {
}
}
code
=
catalogChkAuthFromCache
(
pCtg
,
ctgTestUsername
,
ctgTestDbname
,
AUTH_TYPE_READ
,
&
pas
s
,
&
exists
);
code
=
catalogChkAuthFromCache
(
pCtg
,
&
authInfo
,
&
authRe
s
,
&
exists
);
ASSERT_EQ
(
code
,
0
);
ASSERT_EQ
(
pass
,
true
);
ASSERT_EQ
(
authRes
.
pass
,
true
);
ASSERT_EQ
(
exists
,
true
);
catalogDestroy
();
...
...
source/libs/parser/src/parAuthenticator.c
浏览文件 @
d768f49d
...
...
@@ -44,7 +44,10 @@ static int32_t checkAuth(SAuthCxt* pCxt, const char* pDbName, AUTH_TYPE type) {
.
requestObjRefId
=
pParseCxt
->
requestRid
,
.
mgmtEps
=
pParseCxt
->
mgmtEpSet
};
code
=
catalogChkAuth
(
pParseCxt
->
pCatalog
,
&
conn
,
pParseCxt
->
pUser
,
dbFname
,
type
,
&
pass
);
SUserAuthInfo
authInfo
=
{
0
};
SUserAuthRes
authRes
=
{
0
};
//code = catalogChkAuth(pParseCxt->pCatalog, &conn, pParseCxt->pUser, dbFname, type, &pass);
code
=
catalogChkAuth
(
pParseCxt
->
pCatalog
,
&
conn
,
&
authInfo
,
&
authRes
);
}
return
TSDB_CODE_SUCCESS
==
code
?
(
pass
?
TSDB_CODE_SUCCESS
:
TSDB_CODE_PAR_PERMISSION_DENIED
)
:
code
;
}
...
...
source/libs/parser/src/parInsertSql.c
浏览文件 @
d768f49d
...
...
@@ -729,13 +729,20 @@ static int32_t checkAuth(SParseContext* pCxt, SName* pTbName, bool* pMissCache)
bool
pass
=
true
;
bool
exists
=
true
;
if
(
pCxt
->
async
)
{
code
=
catalogChkAuthFromCache
(
pCxt
->
pCatalog
,
pCxt
->
pUser
,
dbFName
,
AUTH_TYPE_WRITE
,
&
pass
,
&
exists
);
SUserAuthInfo
authInfo
=
{
0
};
SUserAuthRes
authRes
=
{
0
};
// code = catalogChkAuthFromCache(pCxt->pCatalog, pCxt->pUser, dbFName, AUTH_TYPE_WRITE, &pass, &exists);
code
=
catalogChkAuthFromCache
(
pCxt
->
pCatalog
,
&
authInfo
,
&
authRes
,
&
exists
);
}
else
{
SRequestConnInfo
conn
=
{.
pTrans
=
pCxt
->
pTransporter
,
.
requestId
=
pCxt
->
requestId
,
.
requestObjRefId
=
pCxt
->
requestRid
,
.
mgmtEps
=
pCxt
->
mgmtEpSet
};
code
=
catalogChkAuth
(
pCxt
->
pCatalog
,
&
conn
,
pCxt
->
pUser
,
dbFName
,
AUTH_TYPE_WRITE
,
&
pass
);
SUserAuthInfo
authInfo
=
{
0
};
SUserAuthRes
authRes
=
{
0
};
//code = catalogChkAuth(pCxt->pCatalog, &conn, pCxt->pUser, dbFName, AUTH_TYPE_WRITE, &pass);
code
=
catalogChkAuth
(
pCxt
->
pCatalog
,
&
conn
,
&
authInfo
,
&
authRes
);
}
if
(
TSDB_CODE_SUCCESS
==
code
)
{
if
(
!
exists
)
{
...
...
@@ -1901,7 +1908,7 @@ static int32_t buildInsertUserAuthReq(const char* pUser, SName* pName, SArray**
SUserAuthInfo
userAuth
=
{.
type
=
AUTH_TYPE_WRITE
};
snprintf
(
userAuth
.
user
,
sizeof
(
userAuth
.
user
),
"%s"
,
pUser
);
tNameGetFullDbName
(
pName
,
userAuth
.
dbFName
);
//
tNameGetFullDbName(pName, userAuth.dbFName);
taosArrayPush
(
*
pUserAuth
,
&
userAuth
);
return
TSDB_CODE_SUCCESS
;
...
...
source/libs/parser/src/parUtil.c
浏览文件 @
d768f49d
...
...
@@ -509,7 +509,7 @@ static void stringToUserAuth(const char* pStr, int32_t len, SUserAuthInfo* pUser
strncpy
(
pUserAuth
->
user
,
pStr
,
p1
-
pStr
);
++
p1
;
char
*
p2
=
strchr
(
p1
,
'*'
);
strncpy
(
pUserAuth
->
dbFName
,
p1
,
p2
-
p1
);
//
strncpy(pUserAuth->dbFName, p1, p2 - p1);
++
p2
;
char
buf
[
10
]
=
{
0
};
strncpy
(
buf
,
p2
,
len
-
(
p2
-
pStr
));
...
...
@@ -712,7 +712,8 @@ static int32_t putUserAuthToCache(const SArray* pUserAuthReq, const SArray* pUse
for
(
int32_t
i
=
0
;
i
<
nvgs
;
++
i
)
{
SUserAuthInfo
*
pUser
=
taosArrayGet
(
pUserAuthReq
,
i
);
char
key
[
USER_AUTH_KEY_MAX_LEN
]
=
{
0
};
int32_t
len
=
userAuthToStringExt
(
pUser
->
user
,
pUser
->
dbFName
,
pUser
->
type
,
key
);
//int32_t len = userAuthToStringExt(pUser->user, pUser->dbFName, pUser->type, key);
int32_t
len
=
0
;
if
(
TSDB_CODE_SUCCESS
!=
putMetaDataToHash
(
key
,
len
,
pUserAuthData
,
i
,
pUserAuth
))
{
return
TSDB_CODE_OUT_OF_MEMORY
;
}
...
...
source/libs/parser/test/mockCatalog.cpp
浏览文件 @
d768f49d
...
...
@@ -279,15 +279,13 @@ int32_t __catalogGetDBCfg(SCatalog* pCtg, SRequestConnInfo* pConn, const char* d
return
g_mockCatalogService
->
catalogGetDBCfg
(
dbFName
,
pDbCfg
);
}
int32_t
__catalogChkAuth
(
SCatalog
*
pCtg
,
SRequestConnInfo
*
pConn
,
const
char
*
user
,
const
char
*
dbFName
,
AUTH_TYPE
type
,
bool
*
pass
)
{
*
pass
=
true
;
int32_t
__catalogChkAuth
(
SCatalog
*
pCtg
,
SRequestConnInfo
*
pConn
,
SUserAuthInfo
*
pAuth
,
SUserAuthRes
*
pRes
)
{
pRes
->
pass
=
true
;
return
0
;
}
int32_t
__catalogChkAuthFromCache
(
SCatalog
*
pCtg
,
const
char
*
user
,
const
char
*
dbFName
,
AUTH_TYPE
type
,
bool
*
pass
,
bool
*
exists
)
{
*
pass
=
true
;
int32_t
__catalogChkAuthFromCache
(
SCatalog
*
pCtg
,
SUserAuthInfo
*
pAuth
,
SUserAuthRes
*
pRes
,
bool
*
exists
)
{
pRes
->
pass
=
true
;
*
exists
=
true
;
return
0
;
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录