Merge pull request #22888 from taosdata/enh/TD-26272

enh: prevent accessing ins_users&ins_user_privileges without sysinfo
taosdata · Sep 14, 2023 · 8654012 · 8654012
2 parents 5296207 + 90a6fb3
commit 8654012
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 4 deletions.
diff --git a/source/common/src/systable.c b/source/common/src/systable.c
@@ -326,7 +326,7 @@ static const SSysTableMeta infosMeta[] = {
     {TSDB_INS_TABLE_TAGS, userTagsSchema, tListLen(userTagsSchema), false},
     {TSDB_INS_TABLE_COLS, userColsSchema, tListLen(userColsSchema), false},
     // {TSDB_INS_TABLE_TABLE_DISTRIBUTED, userTblDistSchema, tListLen(userTblDistSchema)},
-    {TSDB_INS_TABLE_USERS, userUsersSchema, tListLen(userUsersSchema), false},
+    {TSDB_INS_TABLE_USERS, userUsersSchema, tListLen(userUsersSchema), true},
     {TSDB_INS_TABLE_LICENCES, grantsSchema, tListLen(grantsSchema), true},
     {TSDB_INS_TABLE_VGROUPS, vgroupsSchema, tListLen(vgroupsSchema), true},
     {TSDB_INS_TABLE_CONFIGS, configSchema, tListLen(configSchema), false},
@@ -336,7 +336,7 @@ static const SSysTableMeta infosMeta[] = {
     {TSDB_INS_TABLE_STREAMS, streamSchema, tListLen(streamSchema), false},
     {TSDB_INS_TABLE_STREAM_TASKS, streamTaskSchema, tListLen(streamTaskSchema), false},
     {TSDB_INS_TABLE_VNODES, vnodesSchema, tListLen(vnodesSchema), true},
-    {TSDB_INS_TABLE_USER_PRIVILEGES, userUserPrivilegesSchema, tListLen(userUserPrivilegesSchema), false},
+    {TSDB_INS_TABLE_USER_PRIVILEGES, userUserPrivilegesSchema, tListLen(userUserPrivilegesSchema), true},
 };
 
 static const SSysDbTableSchema connectionsSchema[] = {

diff --git a/source/dnode/mnode/impl/src/mndInfoSchema.c b/source/dnode/mnode/impl/src/mndInfoSchema.c
@@ -76,12 +76,19 @@ int32_t mndBuildInsTableSchema(SMnode *pMnode, const char *dbFName, const char *
   }
 
   STableMetaRsp *pMeta = taosHashGet(pMnode->infosMeta, tbName, strlen(tbName));
-  if (NULL == pMeta || (!sysinfo && pMeta->sysInfo)) {
+  if (NULL == pMeta) {
     mError("invalid information schema table name:%s", tbName);
     terrno = TSDB_CODE_MND_INVALID_SYS_TABLENAME;
     return -1;
   }
 
+  if (!sysinfo && pMeta->sysInfo) {
+    mError("no permission to get schema of table name:%s", tbName);
+    terrno = TSDB_CODE_PAR_PERMISSION_DENIED;
+    return -1;
+  }
+
+
   *pRsp = *pMeta;
 
   pRsp->pSchemas = taosMemoryCalloc(pMeta->numOfColumns, sizeof(SSchema));

diff --git a/tests/script/tsim/user/privilege_sysinfo.sim b/tests/script/tsim/user/privilege_sysinfo.sim
@@ -154,13 +154,14 @@ sql_error select * from information_schema.ins_mnodes
 sql_error select * from information_schema.ins_modules
 sql_error select * from information_schema.ins_qnodes
 sql_error select * from information_schema.ins_cluster
+sql_error select * from information_schema.ins_users
+sql_error select * from information_schema.ins_user_privilege
 sql select * from information_schema.ins_databases
 sql select * from information_schema.ins_functions
 sql select * from information_schema.ins_indexes
 sql select * from information_schema.ins_stables
 sql select * from information_schema.ins_tables
 sql select * from information_schema.ins_tags
-sql select * from information_schema.ins_users
 sql select * from information_schema.ins_topics
 sql select * from information_schema.ins_subscriptions
 sql select * from information_schema.ins_streams