2021-09-22 08:15:20 +00:00
|
|
|
/*
|
|
|
|
|
* Copyright (c) 2019 TAOS Data, Inc. <jhtao@taosdata.com>
|
|
|
|
|
*
|
|
|
|
|
* This program is free software: you can use, redistribute, and/or modify
|
|
|
|
|
* it under the terms of the GNU Affero General Public License, version 3
|
|
|
|
|
* or later ("AGPL"), as published by the Free Software Foundation.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful, but WITHOUT
|
|
|
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
*/
|
|
|
|
|
|
2021-10-16 07:16:05 +00:00
|
|
|
#define _DEFAULT_SOURCE
|
2021-11-27 14:56:18 +00:00
|
|
|
#include "mndAuth.h"
|
2022-01-23 04:45:54 +00:00
|
|
|
#include "mndUser.h"
|
2021-10-17 03:42:05 +00:00
|
|
|
|
2022-05-16 06:55:31 +00:00
|
|
|
static int32_t mndProcessAuthReq(SRpcMsg *pReq);
|
2021-10-25 02:38:15 +00:00
|
|
|
|
2022-01-19 03:50:18 +00:00
|
|
|
int32_t mndInitAuth(SMnode *pMnode) {
|
|
|
|
|
mndSetMsgHandle(pMnode, TDMT_MND_AUTH, mndProcessAuthReq);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void mndCleanupAuth(SMnode *pMnode) {}
|
|
|
|
|
|
2022-04-14 10:28:05 +00:00
|
|
|
static int32_t mndRetriveAuth(SMnode *pMnode, SAuthRsp *pRsp) {
|
|
|
|
|
SUserObj *pUser = mndAcquireUser(pMnode, pRsp->user);
|
2022-01-23 04:45:54 +00:00
|
|
|
if (pUser == NULL) {
|
2022-04-14 10:28:05 +00:00
|
|
|
*pRsp->secret = 0;
|
|
|
|
|
mError("user:%s, failed to auth user since %s", pRsp->user, terrstr());
|
2022-01-23 04:45:54 +00:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-14 10:28:05 +00:00
|
|
|
pRsp->spi = 1;
|
|
|
|
|
pRsp->encrypt = 0;
|
|
|
|
|
*pRsp->ckey = 0;
|
2022-01-23 04:45:54 +00:00
|
|
|
|
2022-04-14 10:28:05 +00:00
|
|
|
memcpy(pRsp->secret, pUser->pass, TSDB_PASSWORD_LEN);
|
2022-01-23 04:45:54 +00:00
|
|
|
mndReleaseUser(pMnode, pUser);
|
|
|
|
|
|
2022-04-14 10:28:05 +00:00
|
|
|
mDebug("user:%s, auth info is returned", pRsp->user);
|
2022-01-23 04:45:54 +00:00
|
|
|
return 0;
|
|
|
|
|
}
|
2022-01-19 03:50:18 +00:00
|
|
|
|
2022-05-16 06:55:31 +00:00
|
|
|
static int32_t mndProcessAuthReq(SRpcMsg *pReq) {
|
2022-02-16 08:36:05 +00:00
|
|
|
SAuthReq authReq = {0};
|
2022-05-16 06:55:31 +00:00
|
|
|
if (tDeserializeSAuthReq(pReq->pCont, pReq->contLen, &authReq) != 0) {
|
2022-02-16 08:36:05 +00:00
|
|
|
terrno = TSDB_CODE_INVALID_MSG;
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
SAuthReq authRsp = {0};
|
|
|
|
|
memcpy(authRsp.user, authReq.user, TSDB_USER_LEN);
|
2022-01-21 12:20:41 +00:00
|
|
|
|
2022-05-16 06:55:31 +00:00
|
|
|
int32_t code = mndRetriveAuth(pReq->info.node, &authRsp);
|
|
|
|
|
mTrace("user:%s, auth req received, spi:%d encrypt:%d ruser:%s", pReq->conn.user, authRsp.spi, authRsp.encrypt,
|
2022-02-16 08:36:05 +00:00
|
|
|
authRsp.user);
|
|
|
|
|
|
|
|
|
|
int32_t contLen = tSerializeSAuthReq(NULL, 0, &authRsp);
|
|
|
|
|
void *pRsp = rpcMallocCont(contLen);
|
2022-04-14 10:28:05 +00:00
|
|
|
if (pRsp == NULL) {
|
|
|
|
|
terrno = TSDB_CODE_OUT_OF_MEMORY;
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-16 08:36:05 +00:00
|
|
|
tSerializeSAuthReq(pRsp, contLen, &authRsp);
|
2022-04-14 10:28:05 +00:00
|
|
|
|
2022-05-16 06:55:31 +00:00
|
|
|
pReq->info.rsp = pRsp;
|
|
|
|
|
pReq->info.rspLen = contLen;
|
2022-01-21 12:20:41 +00:00
|
|
|
return code;
|
2022-02-11 06:09:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int32_t mndCheckCreateUserAuth(SUserObj *pOperUser) {
|
2022-05-06 15:04:25 +00:00
|
|
|
if (pOperUser->superUser) return 0;
|
2022-02-11 06:09:03 +00:00
|
|
|
terrno = TSDB_CODE_MND_NO_RIGHTS;
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2022-05-09 08:03:31 +00:00
|
|
|
int32_t mndCheckAlterUserAuth(SUserObj *pOperUser, SUserObj *pUser, SAlterUserReq *pAlter) {
|
2022-02-11 06:09:03 +00:00
|
|
|
if (pAlter->alterType == TSDB_ALTER_USER_PASSWD) {
|
|
|
|
|
if (pOperUser->superUser || strcmp(pUser->user, pOperUser->user) == 0) {
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2022-05-09 08:03:31 +00:00
|
|
|
} else if (pAlter->alterType == TSDB_ALTER_USER_SUPERUSER) {
|
2022-02-11 06:09:03 +00:00
|
|
|
if (strcmp(pUser->user, TSDB_DEFAULT_USER) == 0) {
|
|
|
|
|
terrno = TSDB_CODE_MND_NO_RIGHTS;
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (pOperUser->superUser) {
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2022-05-09 08:03:31 +00:00
|
|
|
} else {
|
2022-04-14 10:28:05 +00:00
|
|
|
if (pOperUser->superUser) {
|
|
|
|
|
return 0;
|
2022-02-11 06:09:03 +00:00
|
|
|
}
|
2022-04-14 10:28:05 +00:00
|
|
|
}
|
2022-02-11 06:09:03 +00:00
|
|
|
|
|
|
|
|
terrno = TSDB_CODE_MND_NO_RIGHTS;
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int32_t mndCheckDropUserAuth(SUserObj *pOperUser) {
|
2022-05-06 15:04:25 +00:00
|
|
|
if (pOperUser->superUser) return 0;
|
2022-02-11 06:09:03 +00:00
|
|
|
terrno = TSDB_CODE_MND_NO_RIGHTS;
|
|
|
|
|
return -1;
|
2022-02-12 03:39:58 +00:00
|
|
|
}
|
|
|
|
|
|
2022-02-12 09:00:40 +00:00
|
|
|
int32_t mndCheckNodeAuth(SUserObj *pOperUser) {
|
2022-05-06 15:04:25 +00:00
|
|
|
if (pOperUser->superUser) return 0;
|
2022-02-12 03:39:58 +00:00
|
|
|
terrno = TSDB_CODE_MND_NO_RIGHTS;
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-12 09:00:40 +00:00
|
|
|
int32_t mndCheckFuncAuth(SUserObj *pOperUser) {
|
2022-05-06 15:04:25 +00:00
|
|
|
if (pOperUser->superUser) return 0;
|
|
|
|
|
terrno = TSDB_CODE_MND_NO_RIGHTS;
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2022-02-12 03:39:58 +00:00
|
|
|
|
2022-05-06 15:04:25 +00:00
|
|
|
int32_t mndCheckTransAuth(SUserObj *pOperUser) {
|
|
|
|
|
if (pOperUser->superUser) return 0;
|
2022-02-12 08:28:50 +00:00
|
|
|
terrno = TSDB_CODE_MND_NO_RIGHTS;
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2022-02-12 09:00:40 +00:00
|
|
|
|
|
|
|
|
int32_t mndCheckCreateDbAuth(SUserObj *pOperUser) { return 0; }
|
|
|
|
|
|
2022-04-20 01:47:38 +00:00
|
|
|
int32_t mndCheckAlterDropCompactDbAuth(SUserObj *pOperUser, SDbObj *pDb) {
|
2022-02-12 09:00:40 +00:00
|
|
|
if (pOperUser->superUser || strcmp(pOperUser->user, pDb->createUser) == 0) {
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
terrno = TSDB_CODE_MND_NO_RIGHTS;
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int32_t mndCheckUseDbAuth(SUserObj *pOperUser, SDbObj *pDb) { return 0; }
|
2022-02-15 09:24:34 +00:00
|
|
|
|
|
|
|
|
int32_t mndCheckWriteAuth(SUserObj *pOperUser, SDbObj *pDb) {
|
|
|
|
|
if (pOperUser->superUser || strcmp(pOperUser->user, pDb->createUser) == 0) {
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (taosHashGet(pOperUser->writeDbs, pDb->name, strlen(pDb->name) + 1) != NULL) {
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
terrno = TSDB_CODE_MND_NO_RIGHTS;
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int32_t mndCheckReadAuth(SUserObj *pOperUser, SDbObj *pDb) {
|
|
|
|
|
if (pOperUser->superUser || strcmp(pOperUser->user, pDb->createUser) == 0) {
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (taosHashGet(pOperUser->readDbs, pDb->name, strlen(pDb->name) + 1) != NULL) {
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
terrno = TSDB_CODE_MND_NO_RIGHTS;
|
|
|
|
|
return -1;
|
2022-04-14 10:28:05 +00:00
|
|
|
}
|
