taosdata / TDengine / #4898

static int32_t dmDecodeFile(SJson *pJson, bool *deployed) {

  int32_t code = 0;

  int32_t value = 0;

  tjsonGetInt32ValueFromDouble(pJson, "deployed", value, code);

  if (code < 0) return code;

  *deployed = (value != 0);

  return code;

int32_t dmReadFile(const char *path, const char *name, bool *pDeployed) {

  int32_t   code = -1;

  char     *content = NULL;

  int32_t   contentLen = 0;

  SJson    *pJson = NULL;

  char      file[PATH_MAX] = {0};

  int32_t   nBytes = snprintf(file, sizeof(file), "%s%s%s.json", path, TD_DIRSEP, name);

  if (nBytes <= 0 || nBytes >= PATH_MAX) {

  if (taosStatFile(file, NULL, NULL, NULL) < 0) {

    dInfo("file:%s not exist", file);

    code = 0;

    goto _OVER;

  code = taosReadCfgFile(file, &content, &contentLen);

  if (code != 0) {

  pJson = tjsonParse(content);

  if (pJson == NULL) {

  if (dmDecodeFile(pJson, pDeployed) < 0) {

  code = 0;

  dInfo("succceed to read mnode file %s", file);

_OVER:

  if (content != NULL) taosMemoryFree(content);

  if (pJson != NULL) cJSON_Delete(pJson);

  if (code != 0) {

  return code;

int32_t dmReadFileJson(const char *path, const char *name, SJson **ppJson, bool* deployed) {

  int32_t   code = -1;

  char     *content = NULL;

  int32_t   contentLen = 0;

  char      file[PATH_MAX] = {0};

  int32_t   nBytes = snprintf(file, sizeof(file), "%s%s%s.json", path, TD_DIRSEP, name);

  if (nBytes <= 0 || nBytes >= PATH_MAX) {

  if (taosStatFile(file, NULL, NULL, NULL) < 0) {

    dInfo("file:%s not exist", file);

    code = 0;

    goto _OVER;

  code = taosReadCfgFile(file, &content, &contentLen);

  if (code != 0) {

  *ppJson = tjsonParse(content);

  if (*ppJson == NULL) {

  if (dmDecodeFile(*ppJson, deployed) < 0) {

  code = 0;

  dInfo("succceed to read mnode file %s", file);

_OVER:

  if (content != NULL) taosMemoryFree(content);

  if (code != 0) {

  return code;

static int32_t dmEncodeFile(SJson *pJson, bool deployed) {

  if (tjsonAddDoubleToObject(pJson, "deployed", deployed) < 0) return TSDB_CODE_INVALID_JSON_FORMAT;

  return 0;

int32_t dmWriteFile(const char *path, const char *name, bool deployed) {

  int32_t   code = -1;

  char     *buffer = NULL;

  SJson    *pJson = NULL;

  char      realfile[PATH_MAX] = {0};

  int32_t nBytes = snprintf(realfile, sizeof(realfile), "%s%s%s.json", path, TD_DIRSEP, name);

  if (nBytes <= 0 || nBytes >= PATH_MAX) {

  pJson = tjsonCreateObject();

  if (pJson == NULL) {

  if ((code = dmEncodeFile(pJson, deployed)) != 0) goto _OVER;

  buffer = tjsonToString(pJson);

  if (buffer == NULL) {

  int32_t len = strlen(buffer);

  code = taosWriteCfgFile(realfile, buffer, len);

  if (code != 0) {

  dInfo("succeed to write file:%s", realfile);

_OVER:

  if (pJson != NULL) tjsonDelete(pJson);

  if (buffer != NULL) taosMemoryFree(buffer);

  if (code != 0) {

  return code;

int32_t dmWriteFileJson(const char *path, const char *name, SJson *pJson) {

  int32_t   code = -1;

  char     *buffer = NULL;

  char      realfile[PATH_MAX] = {0};

  int32_t nBytes = snprintf(realfile, sizeof(realfile), "%s%s%s.json", path, TD_DIRSEP, name);

  if (nBytes <= 0 || nBytes >= PATH_MAX) {

  buffer = tjsonToString(pJson);

  if (buffer == NULL) {

  int32_t len = strlen(buffer);

  code = taosWriteCfgFile(realfile, buffer, len);

  if (code != 0) {

  dInfo("succeed to write file:%s", realfile);

_OVER:

  if (pJson != NULL) tjsonDelete(pJson);

  if (buffer != NULL) taosMemoryFree(buffer);

  if (code != 0) {

  return code;

int32_t dmCheckRunning(const char *dataDir, TdFilePtr *pFile) {

  int32_t code = 0;

  char    filepath[PATH_MAX] = {0};

  snprintf(filepath, sizeof(filepath), "%s%s.running", dataDir, TD_DIRSEP);

  *pFile = taosOpenFile(filepath, TD_FILE_CREATE | TD_FILE_WRITE | TD_FILE_TRUNC | TD_FILE_CLOEXEC);

  if (*pFile == NULL) {

  int32_t retryTimes = 0;

  int32_t ret = 0;

    ret = taosLockFile(*pFile);

    if (ret == 0) break;

    code = terrno;

    taosMsleep(1000);

    retryTimes++;

    dError("failed to lock file:%s since %s, retryTimes:%d", filepath, tstrerror(code), retryTimes);

  } while (retryTimes < 12);

  if (ret < 0) {

    code = TAOS_SYSTEM_ERROR(ERRNO);

    (void)taosCloseFile(pFile);

    *pFile = NULL;

    return code;

  dDebug("lock file:%s to prevent repeated starts", filepath);

  return code;

static int32_t dmWriteCheckCodeFile(char *file, char *realfile, char *key, bool toLogFile) {

  TdFilePtr pFile = NULL;

  char     *result = NULL;

  int32_t   code = -1;

  int32_t len = ENCRYPTED_LEN(sizeof(DM_KEY_INDICATOR));

  result = taosMemoryMalloc(len);

  if (result == NULL) {

  SCryptOpts opts = {0};

  tstrncpy(opts.key, key, ENCRYPT_KEY_LEN + 1);

  opts.len = len;

  opts.source = DM_KEY_INDICATOR;

  opts.result = result;

  opts.unitLen = 16;

  if (Builtin_CBC_Encrypt(&opts) <= 0) {

  pFile = taosOpenFile(file, TD_FILE_CREATE | TD_FILE_WRITE | TD_FILE_TRUNC | TD_FILE_WRITE_THROUGH);

  if (pFile == NULL) {

  if (taosWriteFile(pFile, opts.result, len) <= 0) {

  if (taosFsyncFile(pFile) < 0) {

  if (taosCloseFile(&pFile) != 0) {

  TAOS_CHECK_GOTO(taosRenameFile(file, realfile), NULL, _OVER);

  encryptDebug("succeed to write checkCode file:%s", realfile);

  code = 0;

_OVER:

  if (pFile != NULL) taosCloseFile(&pFile);

  if (result != NULL) taosMemoryFree(result);

  return code;

static int32_t dmWriteEncryptCodeFile(char *file, char *realfile, char *encryptCode, bool toLogFile) {

  TdFilePtr pFile = NULL;

  int32_t   code = -1;

  pFile = taosOpenFile(file, TD_FILE_CREATE | TD_FILE_WRITE | TD_FILE_TRUNC | TD_FILE_WRITE_THROUGH);

  if (pFile == NULL) {

  int32_t len = strlen(encryptCode);

  if (taosWriteFile(pFile, encryptCode, len) <= 0) {

  if (taosFsyncFile(pFile) < 0) {

  if (taosCloseFile(&pFile) != 0) {

  TAOS_CHECK_GOTO(taosRenameFile(file, realfile), NULL, _OVER);

  encryptDebug("succeed to write encryptCode file:%s", realfile);

  code = 0;

_OVER:

  if (pFile != NULL) taosCloseFile(&pFile);

  return code;

int32_t dmUpdateEncryptKey(char *key, bool toLogFile) {

  int32_t code = -1;

  int32_t lino = 0;

  char   *machineId = NULL;

  char   *encryptCode = NULL;

  char folder[PATH_MAX] = {0};

  char encryptFile[PATH_MAX] = {0};

  char realEncryptFile[PATH_MAX] = {0};

  char checkFile[PATH_MAX] = {0};

  char realCheckFile[PATH_MAX] = {0};

  int32_t nBytes = snprintf(folder, sizeof(folder), "%s%sdnode", tsDataDir, TD_DIRSEP);

  if (nBytes <= 0 || nBytes >= PATH_MAX) {

  nBytes = snprintf(encryptFile, sizeof(realEncryptFile), "%s%s%s.bak", folder, TD_DIRSEP, DM_ENCRYPT_CODE_FILE);

  if (nBytes <= 0 || nBytes >= PATH_MAX) {

  nBytes = snprintf(realEncryptFile, sizeof(realEncryptFile), "%s%s%s", folder, TD_DIRSEP, DM_ENCRYPT_CODE_FILE);

  if (nBytes <= 0 || nBytes >= PATH_MAX) {

  nBytes = snprintf(checkFile, sizeof(checkFile), "%s%s%s.bak", folder, TD_DIRSEP, DM_CHECK_CODE_FILE);

  if (nBytes <= 0 || nBytes >= PATH_MAX) {

  snprintf(realCheckFile, sizeof(realCheckFile), "%s%s%s", folder, TD_DIRSEP, DM_CHECK_CODE_FILE);

  if (nBytes <= 0 || nBytes >= PATH_MAX) {

  if (taosMkDir(folder) != 0) {

  if (taosCheckExistFile(realCheckFile)) {

  TAOS_CHECK_GOTO(tGetMachineId(&machineId), &lino, _OVER);

  TAOS_CHECK_GOTO(generateEncryptCode(key, machineId, &encryptCode), &lino, _OVER);

  if ((code = dmWriteEncryptCodeFile(encryptFile, realEncryptFile, encryptCode, toLogFile)) != 0) {

  if ((code = dmWriteCheckCodeFile(checkFile, realCheckFile, key, toLogFile)) != 0) {

  encryptInfo("Succeed to update encrypt key\n");

  code = 0;

_OVER:

  taosMemoryFree(encryptCode);

  taosMemoryFree(machineId);

  if (code != 0) {

  TAOS_RETURN(code);

int32_t dmGetEncryptKeyFromTaosk() {

  char keyFileDir[PATH_MAX] = {0};

  char masterKeyFile[PATH_MAX] = {0};

  char derivedKeyFile[PATH_MAX] = {0};

  int32_t nBytes = snprintf(keyFileDir, sizeof(keyFileDir), "%s%sdnode%sconfig", tsDataDir, TD_DIRSEP, TD_DIRSEP);

  if (nBytes <= 0 || nBytes >= sizeof(keyFileDir)) {

  nBytes = snprintf(masterKeyFile, sizeof(masterKeyFile), "%s%smaster.bin", keyFileDir, TD_DIRSEP);

  if (nBytes <= 0 || nBytes >= sizeof(masterKeyFile)) {

  nBytes = snprintf(derivedKeyFile, sizeof(derivedKeyFile), "%s%sderived.bin", keyFileDir, TD_DIRSEP);

  if (nBytes <= 0 || nBytes >= sizeof(derivedKeyFile)) {

  if (!taosCheckExistFile(masterKeyFile)) {

    dInfo("taosk master key file not found: %s, encryption not configured", masterKeyFile);

    return TSDB_CODE_DNODE_INVALID_ENCRYPT_CONFIG;

int32_t dmGetEncryptKey() {

  int32_t code = -1;

  char    encryptFile[PATH_MAX] = {0};

  char    checkFile[PATH_MAX] = {0};

  char   *machineId = NULL;

  char   *encryptKey = NULL;

  char   *content = NULL;

  code = dmGetEncryptKeyFromTaosk();

  if (code == 0) {

  tsEncryptKeysStatus = TSDB_ENCRYPT_KEY_STAT_NOT_EXIST;

  dInfo("falling back to legacy encryptCode.cfg format");

  int32_t nBytes = snprintf(encryptFile, sizeof(encryptFile), "%s%sdnode%s%s", tsDataDir, TD_DIRSEP, TD_DIRSEP,

  if (nBytes <= 0 || nBytes >= sizeof(encryptFile)) {

  nBytes = snprintf(checkFile, sizeof(checkFile), "%s%sdnode%s%s", tsDataDir, TD_DIRSEP, TD_DIRSEP, DM_CHECK_CODE_FILE);

  if (nBytes <= 0 || nBytes >= sizeof(checkFile)) {

  if (!taosCheckExistFile(encryptFile)) {

    code = TSDB_CODE_DNODE_INVALID_ENCRYPT_CONFIG;

    dInfo("no exist, checkCode file:%s", encryptFile);

    return 0;