[TD-424] divide audit tables;

src/inc/tlog.h

@@ -25,11 +25,16 @@ extern "C" {
 #include <string.h>
 #include "tglobalcfg.h"
 
+
 #define DEBUG_ERROR 1U
 #define DEBUG_WARN  2U
 #define DEBUG_TRACE 4U
 #define DEBUG_DUMP  8U
 
+#define AUDIT_INFO  0
+#define AUDIT_WARN  1
+#define AUDIT_ERROR 2
+
 #define DEBUG_FILE   0x80
 #define DEBUG_SCREEN 0x40
 
@@ -58,6 +63,8 @@ void taosPrintLongString(const char *const flags, int dflag, const char *const f
 
 int taosOpenLogFileWithMaxLines(char *fn, int maxLines, int maxFileNum);
 
+void taosAuditRecord(int level, char * dbuser, char * result, char * content );
+
 void taosCloseLog();
 
 void taosResetLogFile();

src/modules/monitor/src/monitorSystem.c

@@ -200,13 +200,12 @@ void dnodeBuildMonitorSql(char *sql, int cmd) {
   } else if (cmd == MONITOR_CMD_CREATE_DB_AUDIT) {
     char * auditDBname = "audit";
     snprintf(sql, SQL_LENGTH,
-             "create database if not exists %s replica 1 days 10 keep 3650 rows 1024 cache 2048",
-            auditDBname);    
+             "create database if not exists %s replica 1 days 10 keep 3650 rows 1024 cache 2048 ablocks 2 tblocks 32 tables 32 precision 'us'", auditDBname);    
   } else if (cmd == MONITOR_CMD_CREATE_TB_AUDIT) {
     snprintf(sql, SQL_LENGTH,
              "create table if not exists audit.audit(ts timestamp, level tinyint, "
-             "dbuser binary(%d), result binary(%d), ipaddr binary(%d), content binary(%d))",
-             TSDB_USER_LEN, LOG_RESULT_LEN, IP_LEN_STR, LOG_LEN_STR);    
+             "dbuser binary(%d), result binary(%d), content binary(%d))",
+             TSDB_USER_LEN, LOG_RESULT_LEN, LOG_LEN_STR);    
   }
 
 }
@@ -296,6 +295,16 @@ void dnodeMontiorInsertLogCallback(void *param, TAOS_RES *result, int code) {
   }
 }
 
+void dnodeMontiorInsertAuditCallback(void *param, TAOS_RES *result, int code) {
+  if (code < 0) {
+    monitorError("monitor:%p, save audit failed, code:%d", monitor->conn, code);
+  } else if (code == 0) {
+    monitorError("monitor:%p, save audit failed, affect rows:%d", monitor->conn, code);
+  } else {
+    monitorTrace("monitor:%p, save audit info success, code:%d", monitor->conn, code);
+  }
+}
+
 // unit is MB
 int monitorBuildMemorySql(char *sql) {
   float sysMemoryUsedMB = 0;
@@ -455,3 +464,12 @@ void monitorExecuteSQL(char *sql) {
   monitorTrace("monitor:%p, execute sql: %s", monitor->conn, sql);
   taos_query_a(monitor->conn, sql, NULL, NULL);
 }
+
+void taosAuditRecord(int level, char * dbuser, char * result, char * content ){
+  char sqlcmd[1024] = {0};
+  int64_t ts = taosGetTimestampUs();
+
+  int pos = snprintf(sqlcmd, SQL_LENGTH, "insert into audit.audit values(%" PRId64, ts);
+  pos += snprintf(sqlcmd + pos, SQL_LENGTH - pos, ", %d, \'%s\' , \'%s\', \'%s\')", level, dbuser, result, content);
+  taos_query_a(monitor->conn, sqlcmd, dnodeMontiorInsertAuditCallback, "audit");  
+}
\ No newline at end of file

src/system/detail/src/mgmtShell.c

@@ -201,7 +201,7 @@ int mgmtProcessMeterMetaMsg(char *pMsg, int msgLen, SConnObj *pConn) {
 
   char db[TSDB_DB_NAME_LEN + 1] = {0};
   extractDBName(pInfo->meterId, db);
-  if(strncasecmp(db,"audit",5) == 0 && pConn->pUser->auditAuth == 0 && pConn->pUser->superAuth == 0) {
+  if(strncasecmp(db,"audit",5) == 0 && pConn->pUser->auditAuth == 0 && pConn->pUser->superAuth == 0 && strncasecmp(pConn->pUser->user,"monitor",7) != 0) {
     if ((pStart = mgmtAllocMsg(pConn, size, &pMsg, &pRsp)) == NULL) {
       taosSendSimpleRsp(pConn->thandle, TSDB_MSG_TYPE_METERINFO_RSP, TSDB_CODE_SERV_OUT_OF_MEMORY);
 	    return 0;
@@ -215,7 +215,7 @@ int mgmtProcessMeterMetaMsg(char *pMsg, int msgLen, SConnObj *pConn) {
       taosSendSimpleRsp(pConn->thandle, TSDB_MSG_TYPE_METERINFO_RSP, TSDB_CODE_SERV_OUT_OF_MEMORY);
 	    return 0;
     }
-    pRsp->code = TSDB_CODE_NO_READ_ACCESS;
+    pRsp->code = TSDB_CODE_NO_RIGHTS;
     pMsg++;
     goto _exit_code;
   }
@@ -590,6 +590,9 @@ int mgmtProcessCreateDbMsg(char *pMsg, int msgLen, SConnObj *pConn) {
     code = mgmtCreateDb(pConn->pAcct, pCreate);
     if (code == TSDB_CODE_SUCCESS) {
       mLPrint("DB:%s is created by %s", pCreate->db, pConn->pUser->user);
+      char content[1024];
+      sprintf(content, "DB:%s is created by %s", pCreate->db, pConn->pUser->user);
+      taosAuditRecord(AUDIT_INFO, pConn->pUser->user, "success", content);
     }
   }
 
@@ -620,6 +623,9 @@ int mgmtProcessAlterDbMsg(char *pMsg, int msgLen, SConnObj *pConn) {
     code = mgmtAlterDb(pConn->pAcct, pAlter);
     if (code == TSDB_CODE_SUCCESS) {
       mLPrint("DB:%s is altered by %s", pAlter->db, pConn->pUser->user);
+      char content[1024];
+      sprintf(content, "DB:%s is altered by %s", pAlter->db, pConn->pUser->user);
+      taosAuditRecord(AUDIT_INFO, pConn->pUser->user, "success", content);      
     }
   }
 
@@ -685,6 +691,9 @@ int mgmtProcessCreateUserMsg(char *pMsg, int msgLen, SConnObj *pConn) {
     code = mgmtCreateUser(pConn->pAcct, pCreate->user, pCreate->pass);
     if (code == TSDB_CODE_SUCCESS) {
       mLPrint("user:%s is created by %s", pCreate->user, pConn->pUser->user);
+      char content[1024];
+      sprintf(content, "user:%s is created by %s", pCreate->user, pConn->pUser->user);
+      taosAuditRecord(AUDIT_INFO, pConn->pUser->user, "success", content);  
     }
   } else {
     code = TSDB_CODE_NO_RIGHTS;
@@ -745,6 +754,9 @@ int mgmtProcessAlterUserMsg(char *pMsg, int msgLen, SConnObj *pConn) {
       taosEncryptPass((uint8_t*)pAlter->pass, strlen(pAlter->pass), pUser->pass);
       code = mgmtUpdateUser(pUser);
       mLPrint("user:%s password is altered by %s, code:%d", pAlter->user, pConn->pUser->user, code);
+      char content[1024];
+      sprintf(content, "user:%s password is altered by %s, code:%d", pAlter->user, pConn->pUser->user, code);
+      taosAuditRecord(AUDIT_INFO, pConn->pUser->user, "success", content);        
     } else {
       code = TSDB_CODE_NO_RIGHTS;
     }