TDengine/source/dnode/mnode/impl/src/mndPrivilege.c
2026-01-15 17:22:22 +08:00

148 lines
6 KiB
C

/*
* Copyright (c) 2019 TAOS Data, Inc. <jhtao@taosdata.com>
*
* This program is free software: you can use, redistribute, and/or modify
* it under the terms of the GNU Affero General Public License, version 3
* or later ("AGPL"), as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#define _DEFAULT_SOURCE
#include "mndPrivilege.h"
#include "mndDb.h"
#include "mndUser.h"
#include "mndDef.h"
#include "mndToken.h"
#ifndef _PRIVILEGE
int32_t mndInitPrivilege(SMnode *pMnode) { return 0; }
void mndCleanupPrivilege(SMnode *pMnode) {}
int32_t mndCheckConnectPrivilege(SMnode *pMnode, SUserObj *pUser, const char* token, const SLoginInfo *pLoginInfo) {
if ((!pUser->superUser) && (!pUser->enable)) {
return TSDB_CODE_MND_USER_DISABLED;
}
return 0;
}
int32_t mndCheckOperPrivilege(SMnode *pMnode, const char *user, const char* token, EOperType operType) {
int32_t code = 0;
SUserObj *pUser = NULL;
TAOS_CHECK_GOTO(mndAcquireUser(pMnode, user, &pUser), NULL, _OVER);
if ((!pUser->superUser) && (!pUser->enable)) {
TAOS_CHECK_GOTO(TSDB_CODE_MND_USER_DISABLED, NULL, _OVER);
}
_OVER:
mndReleaseUser(pMnode, pUser);
TAOS_RETURN(code);
}
int32_t mndCheckSysObjPrivilege(SMnode *pMnode, SUserObj *pUser, EPrivType privType, EPrivObjType objType,
int64_t ownerId, const char *objFName, const char *tbName) {
return 0;
}
int32_t mndCheckObjPrivilegeRec(SMnode *pMnode, SUserObj *pUser, EPrivType privType, EPrivObjType objType,
int64_t ownerId, int32_t acctId, const char *objName, const char *tbName) {
return 0;
}
int32_t mndCheckObjPrivilegeRecF(SMnode *pMnode, SUserObj *pUser, EPrivType privType, EPrivObjType objType,
int64_t ownerId, const char *objFName, const char *tbName) {
return 0;
}
int32_t mndCheckAlterUserPrivilege(SMnode* pMnode, const char *opUser, const char* opToken, SUserObj *pUser, SAlterUserReq *pAlter) { return 0; }
int32_t mndCheckTotpSecretPrivilege(SMnode* pMnode, const char *opUser, const char* opToken, SUserObj *pUser) { return 0; }
int32_t mndCheckShowPrivilege(SMnode *pMnode, const char *user, const char* token, EShowType showType, const char *dbname) { return 0; }
int32_t mndCheckDbPrivilege(SMnode *pMnode, const char *user, const char* token, EOperType operType, SDbObj *pDb) { return 0; }
int32_t mndCheckDbPrivilegeByName(SMnode *pMnode, const char *user, const char* token, EOperType operType, const char *dbname) { return 0; }
int32_t mndCheckDbPrivilegeByNameRecF(SMnode *pMnode, SUserObj *pUser, EPrivType privType, EPrivObjType objType, const char *objFName,
const char *tbName) {
return 0;
}
int32_t mndCheckStbPrivilege(SMnode *pMnode, SUserObj *pUser, const char* token, EOperType operType, SStbObj *pStb) { return 0; }
int32_t mndCheckTopicPrivilege(SMnode *pMnode, const char *user, const char* token, EOperType operType, SMqTopicObj *pTopic) { return 0; }
int32_t mndCheckTokenPrivilege(SMnode* pMnode, const char* opUser, const char* opToken, const char* user, const char* token) { return 0; }
int32_t mndSetUserIpWhiteListDualRsp(SMnode *pMnode, SUserObj *pUser, SGetUserIpWhiteListRsp *pWhiteListRsp) {
int32_t code = 0;
memcpy(pWhiteListRsp->user, pUser->user, TSDB_USER_LEN);
pWhiteListRsp->numWhiteLists = 2;
pWhiteListRsp->pWhiteListsDual = taosMemoryMalloc(pWhiteListRsp->numWhiteLists * sizeof(SIpRange));
if (pWhiteListRsp->pWhiteListsDual == NULL) {
return terrno;
}
memset(pWhiteListRsp->pWhiteListsDual, 0, pWhiteListRsp->numWhiteLists * sizeof(SIpRange));
pWhiteListRsp->pWhiteListsDual[0].type = 0; //
pWhiteListRsp->pWhiteListsDual[1].type = 1;
return 0;
}
int32_t mndSetUserDateTimeWhiteListRsp(SMnode *pMnode, SUserObj *pUser, SUserDateTimeWhiteList *pWhiteListRsp) {
(void)memcpy(pWhiteListRsp->user, pUser->user, TSDB_USER_LEN);
pWhiteListRsp->ver = 0;
pWhiteListRsp->numWhiteLists = 0;
TAOS_RETURN(0);
}
int32_t mndSetUserIpWhiteListRsp(SMnode *pMnode, SUserObj *pUser, SGetUserIpWhiteListRsp *pWhiteListRsp) {
int32_t code = 0;
memcpy(pWhiteListRsp->user, pUser->user, TSDB_USER_LEN);
pWhiteListRsp->numWhiteLists = 1;
SIpWhiteList *pWhiteList = NULL;
code = cvtIpWhiteListDualToV4(pUser->pIpWhiteListDual, &pWhiteList);
if (code != 0) {
return code;
}
pWhiteListRsp->pWhiteLists = taosMemoryMalloc(pWhiteList->num * sizeof(SIpV4Range));
if (pWhiteListRsp->pWhiteLists == NULL) {
taosMemoryFreeClear(pWhiteList);
return terrno;
}
memset(pWhiteListRsp->pWhiteLists, 0, pWhiteList->num * sizeof(SIpV4Range));
taosMemoryFreeClear(pWhiteList);
return code;
}
int32_t mndSetUserAuthRsp(SMnode *pMnode, SUserObj *pUser, SGetUserAuthRsp *pRsp) {
memcpy(pRsp->user, pUser->user, TSDB_USER_LEN);
pRsp->superAuth = 1;
pRsp->enable = pUser->enable;
pRsp->sysInfo = pUser->sysInfo;
pRsp->version = pUser->authVersion;
pRsp->passVer = pUser->passVersion;
pRsp->whiteListVer = pMnode->ipWhiteVer;
pRsp->userId = pUser->uid;
SUserSessCfg sessCfg = {.sessPerUser = pUser->sessionPerUser,
.sessConnTime = pUser->connectTime,
.sessConnIdleTime = pUser->connectIdleTime,
.sessMaxConcurrency = pUser->callPerSession,
.sessMaxCallVnodeNum = pUser->vnodePerCall};
memcpy(&pRsp->sessCfg, &sessCfg, sizeof(SUserSessCfg));
pRsp->timeWhiteListVer = pMnode->timeWhiteVer;
return mndGetUserTokenStatuses(pUser->user, &pRsp->tokens);
}
int32_t mndEnableIpWhiteList(SMnode *pMnode) { return 0; }
int32_t mndEnableTimeWhiteList(SMnode *pMnode) { return 0; }
int32_t mndFetchIpWhiteList(SIpWhiteList *ipList, char **buf) {
*buf = NULL;
return 0;
}
#endif