Skip to content

Commit

Permalink
manager user will not check blacklist #260
Browse files Browse the repository at this point in the history
  • Loading branch information
@yanhuqing666
yanhuqing666 committed Sep 12, 2017
1 parent 1dcaadf commit 5b2200d
Show file tree
Hide file tree
Showing 5 changed files with 25 additions and 25 deletions.
28 changes: 17 additions & 11 deletions src/main/java/com/actiontech/dble/config/ServerPrivileges.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,23 +99,19 @@ public int getBenchmark(String user) {
}

protected boolean checkManagerPrivilege(String user) {
// normal user don't neet manager privilege
// normal user don't need manager privilege
return true;
}

@Override
public boolean checkFirewallWhiteHostPolicy(String user, String host) {

ServerConfig config = DbleServer.getInstance().getConfig();
FirewallConfig firewallConfig = config.getFirewall();

if (!checkManagerPrivilege(user)) {
// return and don't trigger firewall alarm
// normal user try to login by manager port
return false;
}

boolean isPassed = false;

ServerConfig config = DbleServer.getInstance().getConfig();
FirewallConfig firewallConfig = config.getFirewall();
Map<String, List<UserConfig>> whitehost = firewallConfig.getWhitehost();
if (whitehost == null || whitehost.size() == 0) {
Map<String, UserConfig> users = config.getUsers();
Expand Down Expand Up @@ -143,17 +139,21 @@ public boolean checkFirewallWhiteHostPolicy(String user, String host) {


/**
* @see https://github.com/alibaba/druid/wiki/%E9%85%8D%E7%BD%AE-wallfilter
*
* @see <a href="https://github.com/alibaba/druid/wiki/%E9%85%8D%E7%BD%AE-wallfilter">wallfilter config guide</a>
*/
@Override
public boolean checkFirewallSQLPolicy(String user, String sql) {

if (isManagerUser(user)) {
// manager User will ignore firewall blacklist
return true;
}
boolean isPassed = true;

if (CONTEXT_LOCAL.get() == null) {
FirewallConfig firewallConfig = DbleServer.getInstance().getConfig().getFirewall();
if (firewallConfig != null) {
if (firewallConfig.isCheck()) {
if (firewallConfig.isBlackListCheck()) {
CONTEXT_LOCAL.set(firewallConfig.getProvider());
check = true;
}
Expand All @@ -171,6 +171,12 @@ public boolean checkFirewallSQLPolicy(String user, String sql) {
return isPassed;
}

protected boolean isManagerUser(String user) {
ServerConfig conf = DbleServer.getInstance().getConfig();
UserConfig uc = conf.getUsers().get(user);
return uc != null && uc.isManager();
}

public enum Checktype {
INSERT, UPDATE, SELECT, DELETE
}
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/com/actiontech/dble/config/loader/xml/XMLServerLoader.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ private void loadFirewall(Element root) throws IllegalAccessException, Invocatio
Element e = (Element) node;
String check = e.getAttribute("check");
if (null != check) {
firewall.setCheck(Boolean.parseBoolean(check));
firewall.setBlackListCheck(Boolean.parseBoolean(check));
}

Map<String, Object> props = ConfigUtil.loadElements((Element) node);
Expand Down
12 changes: 6 additions & 6 deletions src/main/java/com/actiontech/dble/config/model/FirewallConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ public final class FirewallConfig {
private static final Logger LOGGER = LoggerFactory.getLogger(FirewallConfig.class);

private Map<String, List<UserConfig>> whitehost;
private boolean check = false;
private boolean blackListCheck = false;

private WallConfig wallConfig = new WallConfig();

Expand All @@ -35,7 +35,7 @@ public FirewallConfig() {
}

public void init() {
if (check) {
if (blackListCheck) {
provider = new MySqlWallProvider(wallConfig);
provider.setBlackListEnable(true);
}
Expand Down Expand Up @@ -71,12 +71,12 @@ public void setWallConfig(WallConfig wallConfig) {

}

public boolean isCheck() {
return this.check;
public boolean isBlackListCheck() {
return this.blackListCheck;
}

public void setCheck(boolean check) {
this.check = check;
public void setBlackListCheck(boolean blackListCheck) {
this.blackListCheck = blackListCheck;
}

}
7 changes: 1 addition & 6 deletions src/main/java/com/actiontech/dble/manager/ManagerPrivileges.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,7 @@
*/
package com.actiontech.dble.manager;

import com.actiontech.dble.DbleServer;
import com.actiontech.dble.config.ServerConfig;
import com.actiontech.dble.config.ServerPrivileges;
import com.actiontech.dble.config.model.UserConfig;

/**
* @author mycat
Expand All @@ -25,9 +22,7 @@ private ManagerPrivileges() {
}

protected boolean checkManagerPrivilege(String user) {
ServerConfig config = DbleServer.getInstance().getConfig();
UserConfig rUser = config.getUsers().get(user);
// Manager privilege must be assign explicitly
return rUser != null && rUser.isManager();
return isManagerUser(user);
}
}
1 change: 0 additions & 1 deletion src/main/java/com/actiontech/dble/net/handler/FrontendPrivileges.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,5 +62,4 @@ public interface FrontendPrivileges {
* @return
*/
boolean checkFirewallSQLPolicy(String user, String sql);

}

0 comments on commit 5b2200d

Please sign in to comment.