#4335

Committed 20 Jun 2025 05:45AM UTC coverage: 60.571% (-2.3%) from 62.916%

Build # #4335

Build Type

push

travis-ci

Committed by

web-flow

Commit Message

fix: compatibility ci problems. (#31430)

Run Details

149119 of 315107 branches covered (47.32%)

Branch coverage included in aggregate %.

231167 of 312731 relevant lines covered (73.92%)

6342953.77 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

81.72

/source/libs/parser/src/parAuthenticator.c

/*
 * Copyright (c) 2019 TAOS Data, Inc. <jhtao@taosdata.com>
 *
 * This program is free software: you can use, redistribute, and/or modify
 * it under the terms of the GNU Affero General Public License, version 3
 * or later ("AGPL"), as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */

#include "catalog.h"
#include "cmdnodes.h"
#include "parInt.h"

typedef struct SAuthCxt {
  SParseContext*   pParseCxt;
  SParseMetaCache* pMetaCache;
  int32_t          errCode;
} SAuthCxt;

typedef struct SSelectAuthCxt {
  SAuthCxt*    pAuthCxt;
  SSelectStmt* pSelect;
} SSelectAuthCxt;

typedef struct SAuthRewriteCxt {
  STableNode* pTarget;
} SAuthRewriteCxt;

static int32_t authQuery(SAuthCxt* pCxt, SNode* pStmt);

static int32_t setUserAuthInfo(SParseContext* pCxt, const char* pDbName, const char* pTabName, AUTH_TYPE type,
                               bool isView, bool effective, SUserAuthInfo* pAuth) {
  if (effective) {
    snprintf(pAuth->user, sizeof(pAuth->user), "%s", pCxt->pEffectiveUser ? pCxt->pEffectiveUser : "");
  } else {
    snprintf(pAuth->user, sizeof(pAuth->user), "%s", pCxt->pUser);
  }

  if (NULL == pTabName) {
    int32_t code = tNameSetDbName(&pAuth->tbName, pCxt->acctId, pDbName, strlen(pDbName));
    if (TSDB_CODE_SUCCESS != code) return code;
  } else {
    toName(pCxt->acctId, pDbName, pTabName, &pAuth->tbName);
  }
  pAuth->type = type;
  pAuth->isView = isView;
  return TSDB_CODE_SUCCESS;
}

static int32_t checkAuthImpl(SAuthCxt* pCxt, const char* pDbName, const char* pTabName, AUTH_TYPE type, SNode** pCond,
                             bool isView, bool effective) {
  SParseContext* pParseCxt = pCxt->pParseCxt;
  if (pParseCxt->isSuperUser) {
    return TSDB_CODE_SUCCESS;
  }

  AUTH_RES_TYPE auth_res_type = isView ? AUTH_RES_VIEW : AUTH_RES_BASIC;
  SUserAuthInfo authInfo = {0};
  int32_t       code = setUserAuthInfo(pCxt->pParseCxt, pDbName, pTabName, type, isView, effective, &authInfo);
  if (TSDB_CODE_SUCCESS != code) return code;
  SUserAuthRes authRes = {0};
  if (NULL != pCxt->pMetaCache) {
    code = getUserAuthFromCache(pCxt->pMetaCache, &authInfo, &authRes);
#ifdef TD_ENTERPRISE
    if (isView && TSDB_CODE_PAR_INTERNAL_ERROR == code) {
      authInfo.isView = false;
      code = getUserAuthFromCache(pCxt->pMetaCache, &authInfo, &authRes);
    }
#endif
  } else {
    SRequestConnInfo conn = {.pTrans = pParseCxt->pTransporter,
                             .requestId = pParseCxt->requestId,
                             .requestObjRefId = pParseCxt->requestRid,
                             .mgmtEps = pParseCxt->mgmtEpSet};
    code = catalogChkAuth(pParseCxt->pCatalog, &conn, &authInfo, &authRes);
  }
  if (TSDB_CODE_SUCCESS == code && NULL != pCond) {
    *pCond = authRes.pCond[auth_res_type];
  }
  return TSDB_CODE_SUCCESS == code ? (authRes.pass[auth_res_type] ? TSDB_CODE_SUCCESS : TSDB_CODE_PAR_PERMISSION_DENIED)
                                   : code;
}

static int32_t checkAuth(SAuthCxt* pCxt, const char* pDbName, const char* pTabName, AUTH_TYPE type, SNode** pCond) {
  return checkAuthImpl(pCxt, pDbName, pTabName, type, pCond, false, false);
}

static int32_t checkEffectiveAuth(SAuthCxt* pCxt, const char* pDbName, const char* pTabName, AUTH_TYPE type,
                                  SNode** pCond) {
  return checkAuthImpl(pCxt, pDbName, pTabName, type, NULL, false, true);
}

static int32_t checkViewAuth(SAuthCxt* pCxt, const char* pDbName, const char* pTabName, AUTH_TYPE type, SNode** pCond) {
  return checkAuthImpl(pCxt, pDbName, pTabName, type, NULL, true, false);
}

static int32_t checkViewEffectiveAuth(SAuthCxt* pCxt, const char* pDbName, const char* pTabName, AUTH_TYPE type,
                                      SNode** pCond) {
  return checkAuthImpl(pCxt, pDbName, pTabName, type, NULL, true, true);
}

static EDealRes authSubquery(SAuthCxt* pCxt, SNode* pStmt) {
  return TSDB_CODE_SUCCESS == authQuery(pCxt, pStmt) ? DEAL_RES_CONTINUE : DEAL_RES_ERROR;
}

static int32_t mergeStableTagCond(SNode** pWhere, SNode* pTagCond) {
  SLogicConditionNode* pLogicCond = NULL;
  int32_t              code = nodesMakeNode(QUERY_NODE_LOGIC_CONDITION, (SNode**)&pLogicCond);
  if (NULL == pLogicCond) {
    return code;
  }
  pLogicCond->node.resType.type = TSDB_DATA_TYPE_BOOL;
  pLogicCond->node.resType.bytes = tDataTypes[TSDB_DATA_TYPE_BOOL].bytes;
  pLogicCond->condType = LOGIC_COND_TYPE_AND;
  code = nodesListMakeStrictAppend(&pLogicCond->pParameterList, pTagCond);
  if (TSDB_CODE_SUCCESS == code) {
    code = nodesListMakeAppend(&pLogicCond->pParameterList, *pWhere);
  }
  if (TSDB_CODE_SUCCESS == code) {
    *pWhere = (SNode*)pLogicCond;
  } else {
    nodesDestroyNode((SNode*)pLogicCond);
  }
  return code;
}

EDealRes rewriteAuthTable(SNode* pNode, void* pContext) {
  if (QUERY_NODE_COLUMN == nodeType(pNode)) {
    SColumnNode*     pCol = (SColumnNode*)pNode;
    SAuthRewriteCxt* pCxt = (SAuthRewriteCxt*)pContext;
    tstrncpy(pCol->tableName, pCxt->pTarget->tableName, TSDB_TABLE_NAME_LEN);
    tstrncpy(pCol->tableAlias, pCxt->pTarget->tableAlias, TSDB_TABLE_NAME_LEN);
  }

  return DEAL_RES_CONTINUE;
}

static int32_t rewriteAppendStableTagCond(SNode** pWhere, SNode* pTagCond, STableNode* pTable) {
  SNode*  pTagCondCopy = NULL;
  int32_t code = nodesCloneNode(pTagCond, &pTagCondCopy);
  if (NULL == pTagCondCopy) {
    return code;
  }

  SAuthRewriteCxt cxt = {.pTarget = pTable};
  nodesWalkExpr(pTagCondCopy, rewriteAuthTable, &cxt);

  if (NULL == *pWhere) {
    *pWhere = pTagCondCopy;
    return TSDB_CODE_SUCCESS;
  }

  if (QUERY_NODE_LOGIC_CONDITION == nodeType(*pWhere) &&
      LOGIC_COND_TYPE_AND == ((SLogicConditionNode*)*pWhere)->condType) {
    return nodesListStrictAppend(((SLogicConditionNode*)*pWhere)->pParameterList, pTagCondCopy);
  }

  return mergeStableTagCond(pWhere, pTagCondCopy);
}

static EDealRes authSelectImpl(SNode* pNode, void* pContext) {
  SSelectAuthCxt* pCxt = pContext;
  SAuthCxt*       pAuthCxt = pCxt->pAuthCxt;
  bool            isView = false;
  if (QUERY_NODE_REAL_TABLE == nodeType(pNode)) {
    SNode*      pTagCond = NULL;
    STableNode* pTable = (STableNode*)pNode;
#ifdef TD_ENTERPRISE
    SName name = {0};
    toName(pAuthCxt->pParseCxt->acctId, pTable->dbName, pTable->tableName, &name);
    STableMeta* pTableMeta = NULL;
    toName(pAuthCxt->pParseCxt->acctId, pTable->dbName, pTable->tableName, &name);
    int32_t code = getTargetMetaImpl(
        pAuthCxt->pParseCxt, pAuthCxt->pMetaCache, &name, &pTableMeta, true);
    if (TSDB_CODE_SUCCESS == code && TSDB_VIEW_TABLE == pTableMeta->tableType) {
      isView = true;
    }
    taosMemoryFree(pTableMeta);
#endif
    if (!isView) {
      pAuthCxt->errCode = checkAuth(pAuthCxt, pTable->dbName, pTable->tableName, AUTH_TYPE_READ, &pTagCond);
      if (TSDB_CODE_SUCCESS != pAuthCxt->errCode && NULL != pAuthCxt->pParseCxt->pEffectiveUser) {
        pAuthCxt->errCode = checkEffectiveAuth(pAuthCxt, pTable->dbName, pTable->tableName, AUTH_TYPE_READ, NULL);
      }
      if (TSDB_CODE_SUCCESS == pAuthCxt->errCode && NULL != pTagCond) {
        pAuthCxt->errCode = rewriteAppendStableTagCond(&pCxt->pSelect->pWhere, pTagCond, pTable);
      }
    } else {
      pAuthCxt->errCode = checkViewAuth(pAuthCxt, pTable->dbName, pTable->tableName, AUTH_TYPE_READ, NULL);
      if (TSDB_CODE_SUCCESS != pAuthCxt->errCode && NULL != pAuthCxt->pParseCxt->pEffectiveUser) {
        pAuthCxt->errCode = checkViewEffectiveAuth(pAuthCxt, pTable->dbName, pTable->tableName, AUTH_TYPE_READ, NULL);
      }
    }
    return TSDB_CODE_SUCCESS == pAuthCxt->errCode ? DEAL_RES_CONTINUE : DEAL_RES_ERROR;
  } else if (QUERY_NODE_TEMP_TABLE == nodeType(pNode)) {
    return authSubquery(pAuthCxt, ((STempTableNode*)pNode)->pSubquery);
  }
  return DEAL_RES_CONTINUE;
}

static int32_t authSelect(SAuthCxt* pCxt, SSelectStmt* pSelect) {
  SSelectAuthCxt cxt = {.pAuthCxt = pCxt, .pSelect = pSelect};
  nodesWalkSelectStmt(pSelect, SQL_CLAUSE_FROM, authSelectImpl, &cxt);
  return pCxt->errCode;
}

static int32_t authSetOperator(SAuthCxt* pCxt, SSetOperator* pSetOper) {
  int32_t code = authQuery(pCxt, pSetOper->pLeft);
  if (TSDB_CODE_SUCCESS == code) {
    code = authQuery(pCxt, pSetOper->pRight);
  }
  return code;
}

static int32_t authDropUser(SAuthCxt* pCxt, SDropUserStmt* pStmt) {
  if (!pCxt->pParseCxt->isSuperUser || 0 == strcmp(pStmt->userName, TSDB_DEFAULT_USER)) {
    return TSDB_CODE_PAR_PERMISSION_DENIED;
  }
  return TSDB_CODE_SUCCESS;
}

static int32_t authDelete(SAuthCxt* pCxt, SDeleteStmt* pDelete) {
  SNode*      pTagCond = NULL;
  STableNode* pTable = (STableNode*)pDelete->pFromTable;
  int32_t     code = checkAuth(pCxt, pTable->dbName, pTable->tableName, AUTH_TYPE_WRITE, &pTagCond);
  if (TSDB_CODE_SUCCESS == code && NULL != pTagCond) {
    code = rewriteAppendStableTagCond(&pDelete->pWhere, pTagCond, pTable);
  }
  return code;
}

static int32_t authInsert(SAuthCxt* pCxt, SInsertStmt* pInsert) {
  SNode*      pTagCond = NULL;
  STableNode* pTable = (STableNode*)pInsert->pTable;
  // todo check tag condition for subtable
  int32_t code = checkAuth(pCxt, pTable->dbName, pTable->tableName, AUTH_TYPE_WRITE, &pTagCond);
  if (TSDB_CODE_SUCCESS == code) {
    code = authQuery(pCxt, pInsert->pQuery);
  }
  return code;
}

static int32_t authShowTables(SAuthCxt* pCxt, SShowStmt* pStmt) {
  return checkAuth(pCxt, ((SValueNode*)pStmt->pDbName)->literal, NULL, AUTH_TYPE_READ_OR_WRITE, NULL);
}

static int32_t authShowVtables(SAuthCxt* pCxt, SShowStmt* pStmt) {
  return authShowTables(pCxt, pStmt);
}

static int32_t authShowUsage(SAuthCxt* pCxt, SShowStmt* pStmt) {
  return checkAuth(pCxt, ((SValueNode*)pStmt->pDbName)->literal, NULL, AUTH_TYPE_READ_OR_WRITE, NULL);
}

static int32_t authShowCreateTable(SAuthCxt* pCxt, SShowCreateTableStmt* pStmt) {
  SNode* pTagCond = NULL;
  // todo check tag condition for subtable
  return checkAuth(pCxt, pStmt->dbName, pStmt->tableName, AUTH_TYPE_READ, &pTagCond);
}

static int32_t authShowCreateView(SAuthCxt* pCxt, SShowCreateViewStmt* pStmt) {
#ifndef TD_ENTERPRISE
  return TSDB_CODE_OPS_NOT_SUPPORT;
#endif

  return TSDB_CODE_SUCCESS;
}

static int32_t authCreateTable(SAuthCxt* pCxt, SCreateTableStmt* pStmt) {
  SNode* pTagCond = NULL;
  // todo check tag condition for subtable
  return checkAuth(pCxt, pStmt->dbName, NULL, AUTH_TYPE_WRITE, &pTagCond);
}

static int32_t authCreateVTable(SAuthCxt* pCxt, SCreateVTableStmt* pStmt) {
  PAR_ERR_RET(checkAuth(pCxt, pStmt->dbName, NULL, AUTH_TYPE_WRITE, NULL));
  SNode  *pCol = NULL;
  FOREACH(pCol, pStmt->pCols) {
    SColumnDefNode *pColDef = (SColumnDefNode*)pCol;
    if (NULL == pColDef) {
      PAR_ERR_RET(TSDB_CODE_PAR_INVALID_COLUMN);
    }
    SColumnOptions *pOptions = (SColumnOptions*)pColDef->pOptions;
    if (pOptions && pOptions->hasRef) {
      PAR_ERR_RET(checkAuth(pCxt, pOptions->refDb, pOptions->refTable, AUTH_TYPE_READ, NULL));
    }
  }
  return TSDB_CODE_SUCCESS;
}

static int32_t authCreateVSubTable(SAuthCxt* pCxt, SCreateVSubTableStmt* pStmt) {
  int32_t   code = TSDB_CODE_SUCCESS;
  SNode     *pNode = NULL;
  SNodeList* pTmpList = pStmt->pSpecificColRefs ? pStmt->pSpecificColRefs : pStmt->pColRefs;
  PAR_ERR_RET(checkAuth(pCxt, pStmt->dbName, NULL, AUTH_TYPE_WRITE, NULL));
  if (NULL == pTmpList) {
    // no column reference
    return TSDB_CODE_SUCCESS;
  }

  FOREACH(pNode, pTmpList) {
    SColumnRefNode *pColRef = (SColumnRefNode*)pNode;
    if (NULL == pColRef) {
      PAR_ERR_RET(TSDB_CODE_PAR_INVALID_COLUMN);
    }
    PAR_ERR_RET(checkAuth(pCxt, pColRef->refDbName, pColRef->refTableName, AUTH_TYPE_READ, NULL));
  }
  return code;
}

static int32_t authCreateMultiTable(SAuthCxt* pCxt, SCreateMultiTablesStmt* pStmt) {
  int32_t code = TSDB_CODE_SUCCESS;
  SNode*  pNode = NULL;
  FOREACH(pNode, pStmt->pSubTables) {
    if (pNode->type == QUERY_NODE_CREATE_SUBTABLE_CLAUSE) {
      SCreateSubTableClause* pClause = (SCreateSubTableClause*)pNode;
      code = checkAuth(pCxt, pClause->dbName, NULL, AUTH_TYPE_WRITE, NULL);
      if (TSDB_CODE_SUCCESS != code) {
        break;
      }
    } else {
      SCreateSubTableFromFileClause* pClause = (SCreateSubTableFromFileClause*)pNode;
      code = checkAuth(pCxt, pClause->useDbName, NULL, AUTH_TYPE_WRITE, NULL);
      if (TSDB_CODE_SUCCESS != code) {
        break;
      }
    }
  }
  return code;
}

static int32_t authDropTable(SAuthCxt* pCxt, SDropTableStmt* pStmt) {
  int32_t code = TSDB_CODE_SUCCESS;
  if (pStmt->withOpt && !pCxt->pParseCxt->isSuperUser) {
    return TSDB_CODE_PAR_PERMISSION_DENIED;
  }
  SNode* pNode = NULL;
  FOREACH(pNode, pStmt->pTables) {
    SDropTableClause* pClause = (SDropTableClause*)pNode;
    code = checkAuth(pCxt, pClause->dbName, pClause->tableName, AUTH_TYPE_WRITE, NULL);
    if (TSDB_CODE_SUCCESS != code) {
      break;
    }
  }
  return code;
}

static int32_t authDropStable(SAuthCxt* pCxt, SDropSuperTableStmt* pStmt) {
  if (pStmt->withOpt && !pCxt->pParseCxt->isSuperUser) {
    return TSDB_CODE_PAR_PERMISSION_DENIED;
  }
  return checkAuth(pCxt, pStmt->dbName, pStmt->tableName, AUTH_TYPE_WRITE, NULL);
}

static int32_t authDropVtable(SAuthCxt* pCxt, SDropVirtualTableStmt* pStmt) {
  if (pStmt->withOpt && !pCxt->pParseCxt->isSuperUser) {
    return TSDB_CODE_PAR_PERMISSION_DENIED;
  }
  return checkAuth(pCxt, pStmt->dbName, pStmt->tableName, AUTH_TYPE_WRITE, NULL);
}

static int32_t authAlterTable(SAuthCxt* pCxt, SAlterTableStmt* pStmt) {
  SNode* pTagCond = NULL;
  // todo check tag condition for subtable
  return checkAuth(pCxt, pStmt->dbName, pStmt->tableName, AUTH_TYPE_WRITE, NULL);
}

static int32_t authAlterVTable(SAuthCxt* pCxt, SAlterTableStmt* pStmt) {
  PAR_ERR_RET(checkAuth(pCxt, pStmt->dbName, pStmt->tableName, AUTH_TYPE_WRITE, NULL));
  if (pStmt->alterType == TSDB_ALTER_TABLE_ADD_COLUMN_WITH_COLUMN_REF ||
      pStmt->alterType == TSDB_ALTER_TABLE_ALTER_COLUMN_REF) {
    PAR_ERR_RET(checkAuth(pCxt, pStmt->dbName, pStmt->refTableName, AUTH_TYPE_READ, NULL));
  }
  PAR_RET(TSDB_CODE_SUCCESS);
}

static int32_t authCreateView(SAuthCxt* pCxt, SCreateViewStmt* pStmt) {
#ifndef TD_ENTERPRISE
  return TSDB_CODE_OPS_NOT_SUPPORT;
#endif
  return checkAuth(pCxt, pStmt->dbName, NULL, AUTH_TYPE_WRITE, NULL);
}

static int32_t authDropView(SAuthCxt* pCxt, SDropViewStmt* pStmt) {
#ifndef TD_ENTERPRISE
  return TSDB_CODE_OPS_NOT_SUPPORT;
#endif
  return checkViewAuth(pCxt, pStmt->dbName, pStmt->viewName, AUTH_TYPE_ALTER, NULL);
}

static int32_t authQuery(SAuthCxt* pCxt, SNode* pStmt) {
  switch (nodeType(pStmt)) {
    case QUERY_NODE_SET_OPERATOR:
      return authSetOperator(pCxt, (SSetOperator*)pStmt);
    case QUERY_NODE_SELECT_STMT:
      return authSelect(pCxt, (SSelectStmt*)pStmt);
    case QUERY_NODE_DROP_USER_STMT:
      return authDropUser(pCxt, (SDropUserStmt*)pStmt);
    case QUERY_NODE_DELETE_STMT:
      return authDelete(pCxt, (SDeleteStmt*)pStmt);
    case QUERY_NODE_INSERT_STMT:
      return authInsert(pCxt, (SInsertStmt*)pStmt);
    case QUERY_NODE_CREATE_TABLE_STMT:
      return authCreateTable(pCxt, (SCreateTableStmt*)pStmt);
    case QUERY_NODE_CREATE_VIRTUAL_TABLE_STMT:
      return authCreateVTable(pCxt, (SCreateVTableStmt*)pStmt);
    case QUERY_NODE_CREATE_VIRTUAL_SUBTABLE_STMT:
      return authCreateVSubTable(pCxt, (SCreateVSubTableStmt*)pStmt);
    case QUERY_NODE_CREATE_MULTI_TABLES_STMT:
      return authCreateMultiTable(pCxt, (SCreateMultiTablesStmt*)pStmt);
    case QUERY_NODE_DROP_TABLE_STMT:
      return authDropTable(pCxt, (SDropTableStmt*)pStmt);
    case QUERY_NODE_DROP_SUPER_TABLE_STMT:
      return authDropStable(pCxt, (SDropSuperTableStmt*)pStmt);
    case QUERY_NODE_DROP_VIRTUAL_TABLE_STMT:
      return authDropVtable(pCxt, (SDropVirtualTableStmt*)pStmt);
    case QUERY_NODE_ALTER_TABLE_STMT:
    case QUERY_NODE_ALTER_SUPER_TABLE_STMT:
      return authAlterTable(pCxt, (SAlterTableStmt*)pStmt);
    case QUERY_NODE_ALTER_VIRTUAL_TABLE_STMT:
      return authAlterVTable(pCxt, (SAlterTableStmt*)pStmt);
    case QUERY_NODE_SHOW_DNODES_STMT:
    case QUERY_NODE_SHOW_MNODES_STMT:
    case QUERY_NODE_SHOW_MODULES_STMT:
    case QUERY_NODE_SHOW_QNODES_STMT:
    case QUERY_NODE_SHOW_SNODES_STMT:
    case QUERY_NODE_SHOW_BNODES_STMT:
    case QUERY_NODE_SHOW_CLUSTER_STMT:
    case QUERY_NODE_SHOW_LICENCES_STMT:
    case QUERY_NODE_SHOW_VGROUPS_STMT:
    case QUERY_NODE_SHOW_DB_ALIVE_STMT:
    case QUERY_NODE_SHOW_CLUSTER_ALIVE_STMT:
    case QUERY_NODE_SHOW_CREATE_DATABASE_STMT:
    case QUERY_NODE_SHOW_TABLE_DISTRIBUTED_STMT:
    case QUERY_NODE_SHOW_DNODE_VARIABLES_STMT:
    case QUERY_NODE_SHOW_VNODES_STMT:
    case QUERY_NODE_SHOW_SCORES_STMT:
    case QUERY_NODE_SHOW_USERS_STMT:
    case QUERY_NODE_SHOW_USERS_FULL_STMT:
    case QUERY_NODE_SHOW_USER_PRIVILEGES_STMT:
    case QUERY_NODE_SHOW_GRANTS_FULL_STMT:
    case QUERY_NODE_SHOW_GRANTS_LOGS_STMT:
    case QUERY_NODE_SHOW_CLUSTER_MACHINES_STMT:
    case QUERY_NODE_SHOW_ARBGROUPS_STMT:
    case QUERY_NODE_SHOW_ENCRYPTIONS_STMT:
      return !pCxt->pParseCxt->enableSysInfo ? TSDB_CODE_PAR_PERMISSION_DENIED : TSDB_CODE_SUCCESS;
    case QUERY_NODE_SHOW_USAGE_STMT:
    case QUERY_NODE_SHOW_ANODES_STMT:
    case QUERY_NODE_SHOW_ANODES_FULL_STMT:
      return TSDB_CODE_SUCCESS;
    case QUERY_NODE_SHOW_TABLES_STMT:
    case QUERY_NODE_SHOW_STABLES_STMT:
      return authShowTables(pCxt, (SShowStmt*)pStmt);
    case QUERY_NODE_SHOW_VTABLES_STMT:
      return authShowVtables(pCxt, (SShowStmt*)pStmt);
    case QUERY_NODE_SHOW_CREATE_TABLE_STMT:
    case QUERY_NODE_SHOW_CREATE_VTABLE_STMT:
    case QUERY_NODE_SHOW_CREATE_STABLE_STMT:
      return authShowCreateTable(pCxt, (SShowCreateTableStmt*)pStmt);
      //    case QUERY_NODE_SHOW_CREATE_VIEW_STMT:
      //      return authShowCreateView(pCxt, (SShowCreateViewStmt*)pStmt);
    case QUERY_NODE_CREATE_VIEW_STMT:
      return authCreateView(pCxt, (SCreateViewStmt*)pStmt);
    case QUERY_NODE_DROP_VIEW_STMT:
      return authDropView(pCxt, (SDropViewStmt*)pStmt);
    default:
      break;
  }

  return TSDB_CODE_SUCCESS;
}

int32_t authenticate(SParseContext* pParseCxt, SQuery* pQuery, SParseMetaCache* pMetaCache) {
  SAuthCxt cxt = {.pParseCxt = pParseCxt, .pMetaCache = pMetaCache, .errCode = TSDB_CODE_SUCCESS};
  return authQuery(&cxt, pQuery->pRoot);
}

1	/*
2	* Copyright (c) 2019 TAOS Data, Inc. <jhtao@taosdata.com>
3	*
4	* This program is free software: you can use, redistribute, and/or modify
5	* it under the terms of the GNU Affero General Public License, version 3
6	* or later ("AGPL"), as published by the Free Software Foundation.
7	*
8	* This program is distributed in the hope that it will be useful, but WITHOUT
9	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
10	* FITNESS FOR A PARTICULAR PURPOSE.
11	*
12	* You should have received a copy of the GNU Affero General Public License
13	* along with this program. If not, see <http://www.gnu.org/licenses/>.
14	*/
15
16	#include "catalog.h"
17	#include "cmdnodes.h"
18	#include "parInt.h"
19
20	typedef struct SAuthCxt {
21	SParseContext* pParseCxt;
22	SParseMetaCache* pMetaCache;
23	int32_t errCode;
24	} SAuthCxt;
25
26	typedef struct SSelectAuthCxt {
27	SAuthCxt* pAuthCxt;
28	SSelectStmt* pSelect;
29	} SSelectAuthCxt;
30
31	typedef struct SAuthRewriteCxt {
32	STableNode* pTarget;
33	} SAuthRewriteCxt;
34
35	static int32_t authQuery(SAuthCxt* pCxt, SNode* pStmt);
36
37	static int32_t setUserAuthInfo(SParseContext* pCxt, const char* pDbName, const char* pTabName, AUTH_TYPE type,	1,982✔
38	bool isView, bool effective, SUserAuthInfo* pAuth) {
39	if (effective) {	1,982✔
40	snprintf(pAuth->user, sizeof(pAuth->user), "%s", pCxt->pEffectiveUser ? pCxt->pEffectiveUser : "");	70!
41	} else {
42	snprintf(pAuth->user, sizeof(pAuth->user), "%s", pCxt->pUser);	1,912✔
43	}
44
45	if (NULL == pTabName) {	1,982✔
46	int32_t code = tNameSetDbName(&pAuth->tbName, pCxt->acctId, pDbName, strlen(pDbName));	156✔
47	if (TSDB_CODE_SUCCESS != code) return code;	156!
48	} else {
49	toName(pCxt->acctId, pDbName, pTabName, &pAuth->tbName);	1,826✔
50	}
51	pAuth->type = type;	1,982✔
52	pAuth->isView = isView;	1,982✔
53	return TSDB_CODE_SUCCESS;	1,982✔
54	}
55
56	static int32_t checkAuthImpl(SAuthCxt* pCxt, const char* pDbName, const char* pTabName, AUTH_TYPE type, SNode** pCond,	1,034,937✔
57	bool isView, bool effective) {
58	SParseContext* pParseCxt = pCxt->pParseCxt;	1,034,937✔
59	if (pParseCxt->isSuperUser) {	1,034,937✔
60	return TSDB_CODE_SUCCESS;	1,032,955✔
61	}
62
63	AUTH_RES_TYPE auth_res_type = isView ? AUTH_RES_VIEW : AUTH_RES_BASIC;	1,982✔
64	SUserAuthInfo authInfo = {0};	1,982✔
65	int32_t code = setUserAuthInfo(pCxt->pParseCxt, pDbName, pTabName, type, isView, effective, &authInfo);	1,982✔
66	if (TSDB_CODE_SUCCESS != code) return code;	1,982!
67	SUserAuthRes authRes = {0};	1,982✔
68	if (NULL != pCxt->pMetaCache) {	1,982✔
69	code = getUserAuthFromCache(pCxt->pMetaCache, &authInfo, &authRes);	1,219✔
70	#ifdef TD_ENTERPRISE
71	if (isView && TSDB_CODE_PAR_INTERNAL_ERROR == code) {	1,219✔
72	authInfo.isView = false;	106✔
73	code = getUserAuthFromCache(pCxt->pMetaCache, &authInfo, &authRes);	106✔
74	}
75	#endif
76	} else {
77	SRequestConnInfo conn = {.pTrans = pParseCxt->pTransporter,	763✔
78	.requestId = pParseCxt->requestId,	763✔
79	.requestObjRefId = pParseCxt->requestRid,	763✔
80	.mgmtEps = pParseCxt->mgmtEpSet};
81	code = catalogChkAuth(pParseCxt->pCatalog, &conn, &authInfo, &authRes);	763✔
82	}
83	if (TSDB_CODE_SUCCESS == code && NULL != pCond) {	1,982!
84	*pCond = authRes.pCond[auth_res_type];	1,569✔
85	}
86	return TSDB_CODE_SUCCESS == code ? (authRes.pass[auth_res_type] ? TSDB_CODE_SUCCESS : TSDB_CODE_PAR_PERMISSION_DENIED)	1,982✔
87	: code;	1,982!
88	}
89
90	static int32_t checkAuth(SAuthCxt* pCxt, const char* pDbName, const char* pTabName, AUTH_TYPE type, SNode** pCond) {	1,033,963✔
91	return checkAuthImpl(pCxt, pDbName, pTabName, type, pCond, false, false);	1,033,963✔
92	}
93
94	static int32_t checkEffectiveAuth(SAuthCxt* pCxt, const char* pDbName, const char* pTabName, AUTH_TYPE type,	46✔
95	SNode** pCond) {
96	return checkAuthImpl(pCxt, pDbName, pTabName, type, NULL, false, true);	46✔
97	}
98
99	static int32_t checkViewAuth(SAuthCxt* pCxt, const char* pDbName, const char* pTabName, AUTH_TYPE type, SNode** pCond) {	909✔
100	return checkAuthImpl(pCxt, pDbName, pTabName, type, NULL, true, false);	909✔
101	}
102
103	static int32_t checkViewEffectiveAuth(SAuthCxt* pCxt, const char* pDbName, const char* pTabName, AUTH_TYPE type,	24✔
104	SNode** pCond) {
105	return checkAuthImpl(pCxt, pDbName, pTabName, type, NULL, true, true);	24✔
106	}
107
108	static EDealRes authSubquery(SAuthCxt* pCxt, SNode* pStmt) {	209,654✔
109	return TSDB_CODE_SUCCESS == authQuery(pCxt, pStmt) ? DEAL_RES_CONTINUE : DEAL_RES_ERROR;	209,654!
110	}
111
112	static int32_t mergeStableTagCond(SNode** pWhere, SNode* pTagCond) {	1✔
113	SLogicConditionNode* pLogicCond = NULL;	1✔
114	int32_t code = nodesMakeNode(QUERY_NODE_LOGIC_CONDITION, (SNode**)&pLogicCond);	1✔
115	if (NULL == pLogicCond) {	1!
116	return code;	×
117	}
118	pLogicCond->node.resType.type = TSDB_DATA_TYPE_BOOL;	1✔
119	pLogicCond->node.resType.bytes = tDataTypes[TSDB_DATA_TYPE_BOOL].bytes;	1✔
120	pLogicCond->condType = LOGIC_COND_TYPE_AND;	1✔
121	code = nodesListMakeStrictAppend(&pLogicCond->pParameterList, pTagCond);	1✔
122	if (TSDB_CODE_SUCCESS == code) {	1!
123	code = nodesListMakeAppend(&pLogicCond->pParameterList, *pWhere);	1✔
124	}
125	if (TSDB_CODE_SUCCESS == code) {	1!
126	pWhere = (SNode)pLogicCond;	1✔
127	} else {
128	nodesDestroyNode((SNode*)pLogicCond);	×
129	}
130	return code;	1✔
131	}
132
133	EDealRes rewriteAuthTable(SNode* pNode, void* pContext) {	60✔
134	if (QUERY_NODE_COLUMN == nodeType(pNode)) {	60✔
135	SColumnNode* pCol = (SColumnNode*)pNode;	19✔
136	SAuthRewriteCxt* pCxt = (SAuthRewriteCxt*)pContext;	19✔
137	tstrncpy(pCol->tableName, pCxt->pTarget->tableName, TSDB_TABLE_NAME_LEN);	19✔
138	tstrncpy(pCol->tableAlias, pCxt->pTarget->tableAlias, TSDB_TABLE_NAME_LEN);	19✔
139	}
140
141	return DEAL_RES_CONTINUE;	60✔
142	}
143
144	static int32_t rewriteAppendStableTagCond(SNode** pWhere, SNode* pTagCond, STableNode* pTable) {	16✔
145	SNode* pTagCondCopy = NULL;	16✔
146	int32_t code = nodesCloneNode(pTagCond, &pTagCondCopy);	16✔
147	if (NULL == pTagCondCopy) {	16!
148	return code;	×
149	}
150
151	SAuthRewriteCxt cxt = {.pTarget = pTable};	16✔
152	nodesWalkExpr(pTagCondCopy, rewriteAuthTable, &cxt);	16✔
153
154	if (NULL == *pWhere) {	16✔
155	*pWhere = pTagCondCopy;	15✔
156	return TSDB_CODE_SUCCESS;	15✔
157	}
158
159	if (QUERY_NODE_LOGIC_CONDITION == nodeType(*pWhere) &&	1!
160	LOGIC_COND_TYPE_AND == ((SLogicConditionNode)pWhere)->condType) {	×
161	return nodesListStrictAppend(((SLogicConditionNode)pWhere)->pParameterList, pTagCondCopy);	×
162	}
163
164	return mergeStableTagCond(pWhere, pTagCondCopy);	1✔
165	}
166
167	static EDealRes authSelectImpl(SNode* pNode, void* pContext) {	11,763,785✔
168	SSelectAuthCxt* pCxt = pContext;	11,763,785✔
169	SAuthCxt* pAuthCxt = pCxt->pAuthCxt;	11,763,785✔
170	bool isView = false;	11,763,785✔
171	if (QUERY_NODE_REAL_TABLE == nodeType(pNode)) {	11,763,785✔
172	SNode* pTagCond = NULL;	889,832✔
173	STableNode* pTable = (STableNode*)pNode;	889,832✔
174	#ifdef TD_ENTERPRISE
175	SName name = {0};	889,832✔
176	toName(pAuthCxt->pParseCxt->acctId, pTable->dbName, pTable->tableName, &name);	889,832✔
177	STableMeta* pTableMeta = NULL;	889,833✔
178	toName(pAuthCxt->pParseCxt->acctId, pTable->dbName, pTable->tableName, &name);	889,833✔
179	int32_t code = getTargetMetaImpl(	889,833✔
180	pAuthCxt->pParseCxt, pAuthCxt->pMetaCache, &name, &pTableMeta, true);
181	if (TSDB_CODE_SUCCESS == code && TSDB_VIEW_TABLE == pTableMeta->tableType) {	889,830✔
182	isView = true;	497✔
183	}
184	taosMemoryFree(pTableMeta);	889,830!
185	#endif
186	if (!isView) {	889,832✔
187	pAuthCxt->errCode = checkAuth(pAuthCxt, pTable->dbName, pTable->tableName, AUTH_TYPE_READ, &pTagCond);	889,335✔
188	if (TSDB_CODE_SUCCESS != pAuthCxt->errCode && NULL != pAuthCxt->pParseCxt->pEffectiveUser) {	889,333✔
189	pAuthCxt->errCode = checkEffectiveAuth(pAuthCxt, pTable->dbName, pTable->tableName, AUTH_TYPE_READ, NULL);	46✔
190	}
191	if (TSDB_CODE_SUCCESS == pAuthCxt->errCode && NULL != pTagCond) {	889,333✔
192	pAuthCxt->errCode = rewriteAppendStableTagCond(&pCxt->pSelect->pWhere, pTagCond, pTable);	16✔
193	}
194	} else {
195	pAuthCxt->errCode = checkViewAuth(pAuthCxt, pTable->dbName, pTable->tableName, AUTH_TYPE_READ, NULL);	497✔
196	if (TSDB_CODE_SUCCESS != pAuthCxt->errCode && NULL != pAuthCxt->pParseCxt->pEffectiveUser) {	497✔
197	pAuthCxt->errCode = checkViewEffectiveAuth(pAuthCxt, pTable->dbName, pTable->tableName, AUTH_TYPE_READ, NULL);	24✔
198	}
199	}
200	return TSDB_CODE_SUCCESS == pAuthCxt->errCode ? DEAL_RES_CONTINUE : DEAL_RES_ERROR;	889,830✔
201	} else if (QUERY_NODE_TEMP_TABLE == nodeType(pNode)) {	10,873,953✔
202	return authSubquery(pAuthCxt, ((STempTableNode*)pNode)->pSubquery);	209,654✔
203	}
204	return DEAL_RES_CONTINUE;	10,664,299✔
205	}
206
207	static int32_t authSelect(SAuthCxt* pCxt, SSelectStmt* pSelect) {	1,112,178✔
208	SSelectAuthCxt cxt = {.pAuthCxt = pCxt, .pSelect = pSelect};	1,112,178✔
209	nodesWalkSelectStmt(pSelect, SQL_CLAUSE_FROM, authSelectImpl, &cxt);	1,112,178✔
210	return pCxt->errCode;	1,112,179✔
211	}
212
213	static int32_t authSetOperator(SAuthCxt* pCxt, SSetOperator* pSetOper) {	65,503✔
214	int32_t code = authQuery(pCxt, pSetOper->pLeft);	65,503✔
215	if (TSDB_CODE_SUCCESS == code) {	65,503!
216	code = authQuery(pCxt, pSetOper->pRight);	65,503✔
217	}
218	return code;	65,503✔
219	}
220
221	static int32_t authDropUser(SAuthCxt* pCxt, SDropUserStmt* pStmt) {	67✔
222	if (!pCxt->pParseCxt->isSuperUser \|\| 0 == strcmp(pStmt->userName, TSDB_DEFAULT_USER)) {	67!
223	return TSDB_CODE_PAR_PERMISSION_DENIED;	1✔
224	}
225	return TSDB_CODE_SUCCESS;	66✔
226	}
227
228	static int32_t authDelete(SAuthCxt* pCxt, SDeleteStmt* pDelete) {	7,827✔
229	SNode* pTagCond = NULL;	7,827✔
230	STableNode* pTable = (STableNode*)pDelete->pFromTable;	7,827✔
231	int32_t code = checkAuth(pCxt, pTable->dbName, pTable->tableName, AUTH_TYPE_WRITE, &pTagCond);	7,827✔
232	if (TSDB_CODE_SUCCESS == code && NULL != pTagCond) {	7,827!
233	code = rewriteAppendStableTagCond(&pDelete->pWhere, pTagCond, pTable);	×
234	}
235	return code;	7,827✔
236	}
237
238	static int32_t authInsert(SAuthCxt* pCxt, SInsertStmt* pInsert) {	185✔
239	SNode* pTagCond = NULL;	185✔
240	STableNode* pTable = (STableNode*)pInsert->pTable;	185✔
241	// todo check tag condition for subtable
242	int32_t code = checkAuth(pCxt, pTable->dbName, pTable->tableName, AUTH_TYPE_WRITE, &pTagCond);	185✔
243	if (TSDB_CODE_SUCCESS == code) {	185!
244	code = authQuery(pCxt, pInsert->pQuery);	185✔
245	}
246	return code;	185✔
247	}
248
249	static int32_t authShowTables(SAuthCxt* pCxt, SShowStmt* pStmt) {	2,070✔
250	return checkAuth(pCxt, ((SValueNode*)pStmt->pDbName)->literal, NULL, AUTH_TYPE_READ_OR_WRITE, NULL);	2,070✔
251	}
252
253	static int32_t authShowVtables(SAuthCxt* pCxt, SShowStmt* pStmt) {	30✔
254	return authShowTables(pCxt, pStmt);	30✔
255	}
256
257	static int32_t authShowUsage(SAuthCxt* pCxt, SShowStmt* pStmt) {	×
258	return checkAuth(pCxt, ((SValueNode*)pStmt->pDbName)->literal, NULL, AUTH_TYPE_READ_OR_WRITE, NULL);	×
259	}
260
261	static int32_t authShowCreateTable(SAuthCxt* pCxt, SShowCreateTableStmt* pStmt) {	266✔
262	SNode* pTagCond = NULL;	266✔
263	// todo check tag condition for subtable
264	return checkAuth(pCxt, pStmt->dbName, pStmt->tableName, AUTH_TYPE_READ, &pTagCond);	266✔
265	}
266
267	static int32_t authShowCreateView(SAuthCxt* pCxt, SShowCreateViewStmt* pStmt) {	×
268	#ifndef TD_ENTERPRISE
269	return TSDB_CODE_OPS_NOT_SUPPORT;
270	#endif
271
272	return TSDB_CODE_SUCCESS;	×
273	}
274
275	static int32_t authCreateTable(SAuthCxt* pCxt, SCreateTableStmt* pStmt) {	20,630✔
276	SNode* pTagCond = NULL;	20,630✔
277	// todo check tag condition for subtable
278	return checkAuth(pCxt, pStmt->dbName, NULL, AUTH_TYPE_WRITE, &pTagCond);	20,630✔
279	}
280
281	static int32_t authCreateVTable(SAuthCxt* pCxt, SCreateVTableStmt* pStmt) {	12✔
282	PAR_ERR_RET(checkAuth(pCxt, pStmt->dbName, NULL, AUTH_TYPE_WRITE, NULL));	12!
283	SNode *pCol = NULL;	12✔
284	FOREACH(pCol, pStmt->pCols) {	61!
285	SColumnDefNode pColDef = (SColumnDefNode)pCol;	49✔
286	if (NULL == pColDef) {	49!
287	PAR_ERR_RET(TSDB_CODE_PAR_INVALID_COLUMN);	×
288	}
289	SColumnOptions pOptions = (SColumnOptions)pColDef->pOptions;	49✔
290	if (pOptions && pOptions->hasRef) {	49!
291	PAR_ERR_RET(checkAuth(pCxt, pOptions->refDb, pOptions->refTable, AUTH_TYPE_READ, NULL));	23!
292	}
293	}
294	return TSDB_CODE_SUCCESS;	12✔
295	}
296
297	static int32_t authCreateVSubTable(SAuthCxt* pCxt, SCreateVSubTableStmt* pStmt) {	12✔
298	int32_t code = TSDB_CODE_SUCCESS;	12✔
299	SNode *pNode = NULL;	12✔
300	SNodeList* pTmpList = pStmt->pSpecificColRefs ? pStmt->pSpecificColRefs : pStmt->pColRefs;	12✔
301	PAR_ERR_RET(checkAuth(pCxt, pStmt->dbName, NULL, AUTH_TYPE_WRITE, NULL));	12!
302	if (NULL == pTmpList) {	12!
303	// no column reference
304	return TSDB_CODE_SUCCESS;	×
305	}
306
307	FOREACH(pNode, pTmpList) {	35!
308	SColumnRefNode pColRef = (SColumnRefNode)pNode;	23✔
309	if (NULL == pColRef) {	23!
310	PAR_ERR_RET(TSDB_CODE_PAR_INVALID_COLUMN);	×
311	}
312	PAR_ERR_RET(checkAuth(pCxt, pColRef->refDbName, pColRef->refTableName, AUTH_TYPE_READ, NULL));	23!
313	}
314	return code;	12✔
315	}
316
317	static int32_t authCreateMultiTable(SAuthCxt* pCxt, SCreateMultiTablesStmt* pStmt) {	56,815✔
318	int32_t code = TSDB_CODE_SUCCESS;	56,815✔
319	SNode* pNode = NULL;	56,815✔
320	FOREACH(pNode, pStmt->pSubTables) {	134,224!
321	if (pNode->type == QUERY_NODE_CREATE_SUBTABLE_CLAUSE) {	77,417!
322	SCreateSubTableClause* pClause = (SCreateSubTableClause*)pNode;	77,417✔
323	code = checkAuth(pCxt, pClause->dbName, NULL, AUTH_TYPE_WRITE, NULL);	77,417✔
324	if (TSDB_CODE_SUCCESS != code) {	77,410✔
325	break;	1✔
326	}
327	} else {
328	SCreateSubTableFromFileClause* pClause = (SCreateSubTableFromFileClause*)pNode;	×
329	code = checkAuth(pCxt, pClause->useDbName, NULL, AUTH_TYPE_WRITE, NULL);	×
330	if (TSDB_CODE_SUCCESS != code) {	×
331	break;	×
332	}
333	}
334	}
335	return code;	56,808✔
336	}
337
338	static int32_t authDropTable(SAuthCxt* pCxt, SDropTableStmt* pStmt) {	17,651✔
339	int32_t code = TSDB_CODE_SUCCESS;	17,651✔
340	if (pStmt->withOpt && !pCxt->pParseCxt->isSuperUser) {	17,651!
341	return TSDB_CODE_PAR_PERMISSION_DENIED;	×
342	}
343	SNode* pNode = NULL;	17,651✔
344	FOREACH(pNode, pStmt->pTables) {	35,421!
345	SDropTableClause* pClause = (SDropTableClause*)pNode;	17,771✔
346	code = checkAuth(pCxt, pClause->dbName, pClause->tableName, AUTH_TYPE_WRITE, NULL);	17,771✔
347	if (TSDB_CODE_SUCCESS != code) {	17,771✔
348	break;	1✔
349	}
350	}
351	return code;	17,651✔
352	}
353
354	static int32_t authDropStable(SAuthCxt* pCxt, SDropSuperTableStmt* pStmt) {	376✔
355	if (pStmt->withOpt && !pCxt->pParseCxt->isSuperUser) {	376!
356	return TSDB_CODE_PAR_PERMISSION_DENIED;	×
357	}
358	return checkAuth(pCxt, pStmt->dbName, pStmt->tableName, AUTH_TYPE_WRITE, NULL);	376✔
359	}
360
361	static int32_t authDropVtable(SAuthCxt* pCxt, SDropVirtualTableStmt* pStmt) {	8✔
362	if (pStmt->withOpt && !pCxt->pParseCxt->isSuperUser) {	8!
363	return TSDB_CODE_PAR_PERMISSION_DENIED;	×
364	}
365	return checkAuth(pCxt, pStmt->dbName, pStmt->tableName, AUTH_TYPE_WRITE, NULL);	8✔
366	}
367
368	static int32_t authAlterTable(SAuthCxt* pCxt, SAlterTableStmt* pStmt) {	17,500✔
369	SNode* pTagCond = NULL;	17,500✔
370	// todo check tag condition for subtable
371	return checkAuth(pCxt, pStmt->dbName, pStmt->tableName, AUTH_TYPE_WRITE, NULL);	17,500✔
372	}
373
374	static int32_t authAlterVTable(SAuthCxt* pCxt, SAlterTableStmt* pStmt) {	×
375	PAR_ERR_RET(checkAuth(pCxt, pStmt->dbName, pStmt->tableName, AUTH_TYPE_WRITE, NULL));	×
376	if (pStmt->alterType == TSDB_ALTER_TABLE_ADD_COLUMN_WITH_COLUMN_REF \|\|	×
377	pStmt->alterType == TSDB_ALTER_TABLE_ALTER_COLUMN_REF) {	×
378	PAR_ERR_RET(checkAuth(pCxt, pStmt->dbName, pStmt->refTableName, AUTH_TYPE_READ, NULL));	×
379	}
380	PAR_RET(TSDB_CODE_SUCCESS);	×
381	}
382
383	static int32_t authCreateView(SAuthCxt* pCxt, SCreateViewStmt* pStmt) {	513✔
384	#ifndef TD_ENTERPRISE
385	return TSDB_CODE_OPS_NOT_SUPPORT;
386	#endif
387	return checkAuth(pCxt, pStmt->dbName, NULL, AUTH_TYPE_WRITE, NULL);	513✔
388	}
389
390	static int32_t authDropView(SAuthCxt* pCxt, SDropViewStmt* pStmt) {	412✔
391	#ifndef TD_ENTERPRISE
392	return TSDB_CODE_OPS_NOT_SUPPORT;
393	#endif
394	return checkViewAuth(pCxt, pStmt->dbName, pStmt->viewName, AUTH_TYPE_ALTER, NULL);	412✔
395	}
396
397	static int32_t authQuery(SAuthCxt* pCxt, SNode* pStmt) {	1,478,347✔
398	switch (nodeType(pStmt)) {	1,478,347!
399	case QUERY_NODE_SET_OPERATOR:	65,503✔
400	return authSetOperator(pCxt, (SSetOperator*)pStmt);	65,503✔
401	case QUERY_NODE_SELECT_STMT:	1,112,178✔
402	return authSelect(pCxt, (SSelectStmt*)pStmt);	1,112,178✔
403	case QUERY_NODE_DROP_USER_STMT:	67✔
404	return authDropUser(pCxt, (SDropUserStmt*)pStmt);	67✔
405	case QUERY_NODE_DELETE_STMT:	7,827✔
406	return authDelete(pCxt, (SDeleteStmt*)pStmt);	7,827✔
407	case QUERY_NODE_INSERT_STMT:	185✔
408	return authInsert(pCxt, (SInsertStmt*)pStmt);	185✔
409	case QUERY_NODE_CREATE_TABLE_STMT:	20,630✔
410	return authCreateTable(pCxt, (SCreateTableStmt*)pStmt);	20,630✔
411	case QUERY_NODE_CREATE_VIRTUAL_TABLE_STMT:	12✔
412	return authCreateVTable(pCxt, (SCreateVTableStmt*)pStmt);	12✔
413	case QUERY_NODE_CREATE_VIRTUAL_SUBTABLE_STMT:	12✔
414	return authCreateVSubTable(pCxt, (SCreateVSubTableStmt*)pStmt);	12✔
415	case QUERY_NODE_CREATE_MULTI_TABLES_STMT:	56,816✔
416	return authCreateMultiTable(pCxt, (SCreateMultiTablesStmt*)pStmt);	56,816✔
417	case QUERY_NODE_DROP_TABLE_STMT:	17,651✔
418	return authDropTable(pCxt, (SDropTableStmt*)pStmt);	17,651✔
419	case QUERY_NODE_DROP_SUPER_TABLE_STMT:	376✔
420	return authDropStable(pCxt, (SDropSuperTableStmt*)pStmt);	376✔
421	case QUERY_NODE_DROP_VIRTUAL_TABLE_STMT:	8✔
422	return authDropVtable(pCxt, (SDropVirtualTableStmt*)pStmt);	8✔
423	case QUERY_NODE_ALTER_TABLE_STMT:	17,500✔
424	case QUERY_NODE_ALTER_SUPER_TABLE_STMT:
425	return authAlterTable(pCxt, (SAlterTableStmt*)pStmt);	17,500✔
426	case QUERY_NODE_ALTER_VIRTUAL_TABLE_STMT:	×
427	return authAlterVTable(pCxt, (SAlterTableStmt*)pStmt);	×
428	case QUERY_NODE_SHOW_DNODES_STMT:	1,363✔
429	case QUERY_NODE_SHOW_MNODES_STMT:
430	case QUERY_NODE_SHOW_MODULES_STMT:
431	case QUERY_NODE_SHOW_QNODES_STMT:
432	case QUERY_NODE_SHOW_SNODES_STMT:
433	case QUERY_NODE_SHOW_BNODES_STMT:
434	case QUERY_NODE_SHOW_CLUSTER_STMT:
435	case QUERY_NODE_SHOW_LICENCES_STMT:
436	case QUERY_NODE_SHOW_VGROUPS_STMT:
437	case QUERY_NODE_SHOW_DB_ALIVE_STMT:
438	case QUERY_NODE_SHOW_CLUSTER_ALIVE_STMT:
439	case QUERY_NODE_SHOW_CREATE_DATABASE_STMT:
440	case QUERY_NODE_SHOW_TABLE_DISTRIBUTED_STMT:
441	case QUERY_NODE_SHOW_DNODE_VARIABLES_STMT:
442	case QUERY_NODE_SHOW_VNODES_STMT:
443	case QUERY_NODE_SHOW_SCORES_STMT:
444	case QUERY_NODE_SHOW_USERS_STMT:
445	case QUERY_NODE_SHOW_USERS_FULL_STMT:
446	case QUERY_NODE_SHOW_USER_PRIVILEGES_STMT:
447	case QUERY_NODE_SHOW_GRANTS_FULL_STMT:
448	case QUERY_NODE_SHOW_GRANTS_LOGS_STMT:
449	case QUERY_NODE_SHOW_CLUSTER_MACHINES_STMT:
450	case QUERY_NODE_SHOW_ARBGROUPS_STMT:
451	case QUERY_NODE_SHOW_ENCRYPTIONS_STMT:
452	return !pCxt->pParseCxt->enableSysInfo ? TSDB_CODE_PAR_PERMISSION_DENIED : TSDB_CODE_SUCCESS;	1,363✔
453	case QUERY_NODE_SHOW_USAGE_STMT:	9✔
454	case QUERY_NODE_SHOW_ANODES_STMT:
455	case QUERY_NODE_SHOW_ANODES_FULL_STMT:
456	return TSDB_CODE_SUCCESS;	9✔
457	case QUERY_NODE_SHOW_TABLES_STMT:	2,040✔
458	case QUERY_NODE_SHOW_STABLES_STMT:
459	return authShowTables(pCxt, (SShowStmt*)pStmt);	2,040✔
460	case QUERY_NODE_SHOW_VTABLES_STMT:	30✔
461	return authShowVtables(pCxt, (SShowStmt*)pStmt);	30✔
462	case QUERY_NODE_SHOW_CREATE_TABLE_STMT:	266✔
463	case QUERY_NODE_SHOW_CREATE_VTABLE_STMT:
464	case QUERY_NODE_SHOW_CREATE_STABLE_STMT:
465	return authShowCreateTable(pCxt, (SShowCreateTableStmt*)pStmt);	266✔
466	// case QUERY_NODE_SHOW_CREATE_VIEW_STMT:
467	// return authShowCreateView(pCxt, (SShowCreateViewStmt*)pStmt);
468	case QUERY_NODE_CREATE_VIEW_STMT:	513✔
469	return authCreateView(pCxt, (SCreateViewStmt*)pStmt);	513✔
470	case QUERY_NODE_DROP_VIEW_STMT:	412✔
471	return authDropView(pCxt, (SDropViewStmt*)pStmt);	412✔
472	default:	174,949✔
473	break;	174,949✔
474	}
475
476	return TSDB_CODE_SUCCESS;	174,949✔
477	}
478
479	int32_t authenticate(SParseContext* pParseCxt, SQuery* pQuery, SParseMetaCache* pMetaCache) {	1,137,494✔
480	SAuthCxt cxt = {.pParseCxt = pParseCxt, .pMetaCache = pMetaCache, .errCode = TSDB_CODE_SUCCESS};	1,137,494✔
481	return authQuery(&cxt, pQuery->pRoot);	1,137,494✔
482	}

taosdata / TDengine / #4335

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous