Skip to content

Commit 79d8fa7

Browse files
authored
Auth: Fixed potential NPE problems && Added clear cache option to clear the stale auth cache (#17426)
* fix * clear
1 parent 3931c05 commit 79d8fa7

File tree

12 files changed

+32
-9
lines changed

12 files changed

+32
-9
lines changed

integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBSystemPermissionIT.java

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -213,6 +213,7 @@ public void maintainOperationsTest() {
213213
grantUserSystemPrivileges("test6", PrivilegeType.SYSTEM);
214214
executeNonQuery("flush", "test6", "test123123456");
215215
executeNonQuery("clear cache", "test6", "test123123456");
216+
executeNonQuery("clear auth cache", "test6", "test123123456");
216217
executeNonQuery("set system to readonly", "test6", "test123123456");
217218
executeNonQuery("set system to running", "test6", "test123123456");
218219
executeNonQuery(

iotdb-core/antlr/src/main/antlr4/org/apache/iotdb/db/qp/sql/IdentifierParser.g4

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -291,6 +291,7 @@ keyWords
291291
| WRITABLE
292292
| WRITE
293293
| AUDIT
294+
| AUTH
294295
| OPTION
295296
| INF
296297
| CURRENT_TIMESTAMP

iotdb-core/antlr/src/main/antlr4/org/apache/iotdb/db/qp/sql/IoTDBSqlParser.g4

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1211,7 +1211,7 @@ flush
12111211

12121212
// Clear Cache
12131213
clearCache
1214-
: CLEAR (SCHEMA | QUERY | ALL)? CACHE (ON (LOCAL | CLUSTER))?
1214+
: CLEAR (SCHEMA | QUERY | AUTH | ALL)? CACHE (ON (LOCAL | CLUSTER))?
12151215
;
12161216

12171217
// Set Configuration

iotdb-core/antlr/src/main/antlr4/org/apache/iotdb/db/qp/sql/SqlLexer.g4

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1195,6 +1195,10 @@ AUDIT
11951195
: A U D I T
11961196
;
11971197

1198+
AUTH
1199+
: A U T H
1200+
;
1201+
11981202
REPAIR
11991203
: R E P A I R
12001204
;

iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -133,6 +133,10 @@ public static boolean invalidateCache(String username, String roleName) {
133133
return authorityFetcher.get().getAuthorCache().invalidateCache(username, roleName);
134134
}
135135

136+
public static void invalidateAllCache() {
137+
authorityFetcher.get().getAuthorCache().invalidAllCache();
138+
}
139+
136140
public static User getUser(String username) {
137141
return authorityFetcher.get().getUser(username);
138142
}

iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/BasicAuthorityCache.java

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -81,8 +81,9 @@ public void putRoleCache(String roleName, Role role) {
8181
@Override
8282
public boolean invalidateCache(final String userName, final String roleName) {
8383
if (userName != null) {
84-
if (userCache.getIfPresent(userName) != null) {
85-
Set<String> roleSet = userCache.getIfPresent(userName).getRoleSet();
84+
final User user = userCache.getIfPresent(userName);
85+
if (user != null) {
86+
final Set<String> roleSet = user.getRoleSet();
8687
if (!roleSet.isEmpty()) {
8788
roleCache.invalidateAll(roleSet);
8889
}

iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/thrift/impl/DataNodeInternalRPCServiceImpl.java

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2454,6 +2454,9 @@ public TSStatus clearCacheImpl(final Set<CacheClearOptions> options) {
24542454
|| options.contains(CacheClearOptions.QUERY)) {
24552455
storageEngine.clearCache();
24562456
}
2457+
if (options.contains(CacheClearOptions.AUTH)) {
2458+
AuthorityChecker.invalidateAllCache();
2459+
}
24572460
if (options.contains(CacheClearOptions.QUERY)
24582461
&& options.contains(CacheClearOptions.TABLE_ATTRIBUTE)
24592462
&& options.contains(CacheClearOptions.TREE_SCHEMA)) {

iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/parser/ASTVisitor.java

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3703,13 +3703,16 @@ public Statement visitClearCache(IoTDBSqlParser.ClearCacheContext ctx) {
37033703
clearCacheStatement.setOptions(Collections.singleton(CacheClearOptions.TREE_SCHEMA));
37043704
} else if (ctx.QUERY() != null) {
37053705
clearCacheStatement.setOptions(Collections.singleton(CacheClearOptions.QUERY));
3706+
} else if (ctx.AUTH() != null) {
3707+
clearCacheStatement.setOptions(Collections.singleton(CacheClearOptions.AUTH));
37063708
} else if (ctx.ALL() != null) {
37073709
clearCacheStatement.setOptions(
37083710
new HashSet<>(
37093711
Arrays.asList(
37103712
CacheClearOptions.TABLE_ATTRIBUTE,
37113713
CacheClearOptions.TREE_SCHEMA,
3712-
CacheClearOptions.QUERY)));
3714+
CacheClearOptions.QUERY,
3715+
CacheClearOptions.AUTH)));
37133716
} else {
37143717
clearCacheStatement.setOptions(Collections.singleton(CacheClearOptions.DEFAULT));
37153718
}

iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/sql/parser/AstBuilder.java

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1605,13 +1605,16 @@ public Node visitClearCacheStatement(final RelationalSqlParser.ClearCacheStateme
16051605
options = Collections.singleton(CacheClearOptions.TABLE_ATTRIBUTE);
16061606
} else if (context.QUERY() != null) {
16071607
options = Collections.singleton(CacheClearOptions.QUERY);
1608+
} else if (context.AUTH() != null) {
1609+
options = Collections.singleton(CacheClearOptions.AUTH);
16081610
} else {
16091611
options =
16101612
new HashSet<>(
16111613
Arrays.asList(
16121614
CacheClearOptions.TABLE_ATTRIBUTE,
16131615
CacheClearOptions.TREE_SCHEMA,
1614-
CacheClearOptions.QUERY));
1616+
CacheClearOptions.QUERY,
1617+
CacheClearOptions.AUTH));
16151618
}
16161619
return new ClearCache(
16171620
Objects.isNull(ctx.localOrClusterMode())

iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/BasicAuthorizer.java

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -136,12 +136,12 @@ public boolean login(
136136
@Override
137137
public String login4Pipe(final String username, final String password) {
138138
final User user = userManager.getEntity(username);
139-
if (Objects.isNull(password)) {
140-
return user.getPassword();
141-
}
142139
if (user == null) {
143140
return null;
144141
}
142+
if (Objects.isNull(password)) {
143+
return user.getPassword();
144+
}
145145
if (AuthUtils.validatePassword(
146146
password, user.getPassword(), AsymmetricEncrypt.DigestAlgorithm.SHA_256)) {
147147
return user.getPassword();

0 commit comments

Comments
 (0)