Example 1 with UserPrivilegesConfig
use of io.mycat.config.model.UserPrivilegesConfig in project Mycat_plus by coderczp.
the class MycatPrivileges method checkDmlPrivilege.
// 审计SQL权限
@Override
public boolean checkDmlPrivilege(String user, String schema, String sql) {
if (schema == null) {
return true;
}
boolean isPassed = false;
MycatConfig conf = MycatServer.getInstance().getConfig();
UserConfig userConfig = conf.getUsers().get(user);
if (userConfig != null) {
UserPrivilegesConfig userPrivilege = userConfig.getPrivilegesConfig();
if (userPrivilege != null && userPrivilege.isCheck()) {
UserPrivilegesConfig.SchemaPrivilege schemaPrivilege = userPrivilege.getSchemaPrivilege(schema);
if (schemaPrivilege != null) {
String tableName = null;
int index = -1;
// com.alibaba.druid.sql.parser.ParserException: syntax error, error in :'begin',expect END, actual EOF begin
if (sql != null && sql.length() == 5 && sql.equalsIgnoreCase("begin")) {
return true;
}
SQLStatementParser parser = new MycatStatementParser(sql);
SQLStatement stmt = parser.parseStatement();
if (stmt instanceof MySqlReplaceStatement || stmt instanceof SQLInsertStatement) {
index = 0;
} else if (stmt instanceof SQLUpdateStatement) {
index = 1;
} else if (stmt instanceof SQLSelectStatement) {
index = 2;
} else if (stmt instanceof SQLDeleteStatement) {
index = 3;
}
if (index > -1) {
SchemaStatVisitor schemaStatVisitor = new MycatSchemaStatVisitor();
stmt.accept(schemaStatVisitor);
String key = schemaStatVisitor.getCurrentTable();
if (key != null) {
if (key.contains("`")) {
key = key.replaceAll("`", "");
}
int dotIndex = key.indexOf(".");
if (dotIndex > 0) {
tableName = key.substring(dotIndex + 1);
} else {
tableName = key;
}
// 获取table 权限, 此处不需要检测空值, 无设置则自动继承父级权限
UserPrivilegesConfig.TablePrivilege tablePrivilege = schemaPrivilege.getTablePrivilege(tableName);
if (tablePrivilege.getDml()[index] > 0) {
isPassed = true;
}
} else {
// skip
isPassed = true;
}
} else {
// skip
isPassed = true;
}
} else {
// skip
isPassed = true;
}
} else {
// skip
isPassed = true;
}
} else {
// skip
isPassed = true;
}
if (!isPassed) {
ALARM.error(new StringBuilder().append(Alarms.DML_ATTACK).append("[sql=").append(sql).append(",user=").append(user).append(']').toString());
}
return isPassed;
}
Also used :
SQLStatementParser(com.alibaba.druid.sql.parser.SQLStatementParser)
MycatStatementParser(io.mycat.route.parser.druid.MycatStatementParser)
MycatSchemaStatVisitor(io.mycat.route.parser.druid.MycatSchemaStatVisitor)
SQLUpdateStatement(com.alibaba.druid.sql.ast.statement.SQLUpdateStatement)
UserConfig(io.mycat.config.model.UserConfig)
UserPrivilegesConfig(io.mycat.config.model.UserPrivilegesConfig)
SQLStatement(com.alibaba.druid.sql.ast.SQLStatement)
MySqlReplaceStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlReplaceStatement)
SQLDeleteStatement(com.alibaba.druid.sql.ast.statement.SQLDeleteStatement)
SQLInsertStatement(com.alibaba.druid.sql.ast.statement.SQLInsertStatement)
SQLSelectStatement(com.alibaba.druid.sql.ast.statement.SQLSelectStatement)
SchemaStatVisitor(com.alibaba.druid.sql.visitor.SchemaStatVisitor)
MycatSchemaStatVisitor(io.mycat.route.parser.druid.MycatSchemaStatVisitor)
Example 2 with UserPrivilegesConfig
use of io.mycat.config.model.UserPrivilegesConfig in project Mycat-Server by MyCATApache.
the class XMLServerLoader method loadPrivileges.
private void loadPrivileges(UserConfig userConfig, Element node) {
UserPrivilegesConfig privilegesConfig = new UserPrivilegesConfig();
NodeList privilegesNodes = node.getElementsByTagName("privileges");
int privilegesNodesLength = privilegesNodes.getLength();
for (int i = 0; i < privilegesNodesLength; ++i) {
Element privilegesNode = (Element) privilegesNodes.item(i);
String check = privilegesNode.getAttribute("check");
if (null != check) {
privilegesConfig.setCheck(Boolean.valueOf(check));
}
NodeList schemaNodes = privilegesNode.getElementsByTagName("schema");
int schemaNodeLength = schemaNodes.getLength();
for (int j = 0; j < schemaNodeLength; j++) {
Element schemaNode = (Element) schemaNodes.item(j);
String name1 = schemaNode.getAttribute("name");
String dml1 = schemaNode.getAttribute("dml");
int[] dml1Array = new int[dml1.length()];
for (int offset1 = 0; offset1 < dml1.length(); offset1++) {
dml1Array[offset1] = Character.getNumericValue(dml1.charAt(offset1));
}
UserPrivilegesConfig.SchemaPrivilege schemaPrivilege = new UserPrivilegesConfig.SchemaPrivilege();
schemaPrivilege.setName(name1);
schemaPrivilege.setDml(dml1Array);
NodeList tableNodes = schemaNode.getElementsByTagName("table");
int tableNodeLength = tableNodes.getLength();
for (int z = 0; z < tableNodeLength; z++) {
UserPrivilegesConfig.TablePrivilege tablePrivilege = new UserPrivilegesConfig.TablePrivilege();
Element tableNode = (Element) tableNodes.item(z);
String name2 = tableNode.getAttribute("name");
String dml2 = tableNode.getAttribute("dml");
int[] dml2Array = new int[dml2.length()];
for (int offset2 = 0; offset2 < dml2.length(); offset2++) {
dml2Array[offset2] = Character.getNumericValue(dml2.charAt(offset2));
}
tablePrivilege.setName(name2);
tablePrivilege.setDml(dml2Array);
schemaPrivilege.addTablePrivilege(name2, tablePrivilege);
}
privilegesConfig.addSchemaPrivilege(name1, schemaPrivilege);
}
}
userConfig.setPrivilegesConfig(privilegesConfig);
}
Also used :
NodeList(org.w3c.dom.NodeList)
Element(org.w3c.dom.Element)
UserPrivilegesConfig(io.mycat.config.model.UserPrivilegesConfig)
Example 3 with UserPrivilegesConfig
use of io.mycat.config.model.UserPrivilegesConfig in project Mycat-Server by MyCATApache.
the class MycatPrivileges method checkDmlPrivilege.
// 审计SQL权限
@Override
public boolean checkDmlPrivilege(String user, String schema, String sql) {
if (schema == null) {
return true;
}
boolean isPassed = false;
MycatConfig conf = MycatServer.getInstance().getConfig();
UserConfig userConfig = conf.getUsers().get(user);
if (userConfig != null) {
UserPrivilegesConfig userPrivilege = userConfig.getPrivilegesConfig();
if (userPrivilege != null && userPrivilege.isCheck()) {
UserPrivilegesConfig.SchemaPrivilege schemaPrivilege = userPrivilege.getSchemaPrivilege(schema);
if (schemaPrivilege != null) {
String tableName = null;
int index = -1;
// com.alibaba.druid.sql.parser.ParserException: syntax error, error in :'begin',expect END, actual EOF begin
if (sql != null && sql.length() == 5 && sql.equalsIgnoreCase("begin")) {
return true;
}
SQLStatementParser parser = new MycatStatementParser(sql);
SQLStatement stmt = parser.parseStatement();
if (stmt instanceof MySqlReplaceStatement || stmt instanceof SQLInsertStatement) {
index = 0;
} else if (stmt instanceof SQLUpdateStatement) {
index = 1;
} else if (stmt instanceof SQLSelectStatement) {
index = 2;
} else if (stmt instanceof SQLDeleteStatement) {
index = 3;
}
if (index > -1) {
SchemaStatVisitor schemaStatVisitor = new MycatSchemaStatVisitor();
stmt.accept(schemaStatVisitor);
String key = schemaStatVisitor.getCurrentTable();
if (key != null) {
if (key.contains("`")) {
key = key.replaceAll("`", "");
}
int dotIndex = key.indexOf(".");
if (dotIndex > 0) {
tableName = key.substring(dotIndex + 1);
} else {
tableName = key;
}
// 获取table 权限, 此处不需要检测空值, 无设置则自动继承父级权限
UserPrivilegesConfig.TablePrivilege tablePrivilege = schemaPrivilege.getTablePrivilege(tableName);
if (tablePrivilege.getDml()[index] > 0) {
isPassed = true;
}
} else {
// skip
isPassed = true;
}
} else {
// skip
isPassed = true;
}
} else {
// skip
isPassed = true;
}
} else {
// skip
isPassed = true;
}
} else {
// skip
isPassed = true;
}
if (!isPassed) {
ALARM.error(new StringBuilder().append(Alarms.DML_ATTACK).append("[sql=").append(sql).append(",user=").append(user).append(']').toString());
}
return isPassed;
}
Also used :
SQLStatementParser(com.alibaba.druid.sql.parser.SQLStatementParser)
MycatStatementParser(io.mycat.route.parser.druid.MycatStatementParser)
MycatSchemaStatVisitor(io.mycat.route.parser.druid.MycatSchemaStatVisitor)
SQLUpdateStatement(com.alibaba.druid.sql.ast.statement.SQLUpdateStatement)
UserConfig(io.mycat.config.model.UserConfig)
UserPrivilegesConfig(io.mycat.config.model.UserPrivilegesConfig)
SQLStatement(com.alibaba.druid.sql.ast.SQLStatement)
MySqlReplaceStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlReplaceStatement)
SQLDeleteStatement(com.alibaba.druid.sql.ast.statement.SQLDeleteStatement)
SQLInsertStatement(com.alibaba.druid.sql.ast.statement.SQLInsertStatement)
SQLSelectStatement(com.alibaba.druid.sql.ast.statement.SQLSelectStatement)
SchemaStatVisitor(com.alibaba.druid.sql.visitor.SchemaStatVisitor)
MycatSchemaStatVisitor(io.mycat.route.parser.druid.MycatSchemaStatVisitor)
Example 4 with UserPrivilegesConfig
use of io.mycat.config.model.UserPrivilegesConfig in project Mycat_plus by coderczp.
the class XMLServerLoader method loadPrivileges.
private void loadPrivileges(UserConfig userConfig, Element node) {
UserPrivilegesConfig privilegesConfig = new UserPrivilegesConfig();
NodeList privilegesNodes = node.getElementsByTagName("privileges");
int privilegesNodesLength = privilegesNodes.getLength();
for (int i = 0; i < privilegesNodesLength; ++i) {
Element privilegesNode = (Element) privilegesNodes.item(i);
String check = privilegesNode.getAttribute("check");
if (null != check) {
privilegesConfig.setCheck(Boolean.valueOf(check));
}
NodeList schemaNodes = privilegesNode.getElementsByTagName("schema");
int schemaNodeLength = schemaNodes.getLength();
for (int j = 0; j < schemaNodeLength; j++) {
Element schemaNode = (Element) schemaNodes.item(j);
String name1 = schemaNode.getAttribute("name");
String dml1 = schemaNode.getAttribute("dml");
int[] dml1Array = new int[dml1.length()];
for (int offset1 = 0; offset1 < dml1.length(); offset1++) {
dml1Array[offset1] = Character.getNumericValue(dml1.charAt(offset1));
}
UserPrivilegesConfig.SchemaPrivilege schemaPrivilege = new UserPrivilegesConfig.SchemaPrivilege();
schemaPrivilege.setName(name1);
schemaPrivilege.setDml(dml1Array);
NodeList tableNodes = schemaNode.getElementsByTagName("table");
int tableNodeLength = tableNodes.getLength();
for (int z = 0; z < tableNodeLength; z++) {
UserPrivilegesConfig.TablePrivilege tablePrivilege = new UserPrivilegesConfig.TablePrivilege();
Element tableNode = (Element) tableNodes.item(z);
String name2 = tableNode.getAttribute("name");
String dml2 = tableNode.getAttribute("dml");
int[] dml2Array = new int[dml2.length()];
for (int offset2 = 0; offset2 < dml2.length(); offset2++) {
dml2Array[offset2] = Character.getNumericValue(dml2.charAt(offset2));
}
tablePrivilege.setName(name2);
tablePrivilege.setDml(dml2Array);
schemaPrivilege.addTablePrivilege(name2, tablePrivilege);
}
privilegesConfig.addSchemaPrivilege(name1, schemaPrivilege);
}
}
userConfig.setPrivilegesConfig(privilegesConfig);
}
Also used :
NodeList(org.w3c.dom.NodeList)
Element(org.w3c.dom.Element)
UserPrivilegesConfig(io.mycat.config.model.UserPrivilegesConfig)
Aggregations
UserPrivilegesConfig (io.mycat.config.model.UserPrivilegesConfig)4
SQLStatement (com.alibaba.druid.sql.ast.SQLStatement)2
SQLDeleteStatement (com.alibaba.druid.sql.ast.statement.SQLDeleteStatement)2
SQLInsertStatement (com.alibaba.druid.sql.ast.statement.SQLInsertStatement)2
SQLSelectStatement (com.alibaba.druid.sql.ast.statement.SQLSelectStatement)2
SQLUpdateStatement (com.alibaba.druid.sql.ast.statement.SQLUpdateStatement)2
MySqlReplaceStatement (com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlReplaceStatement)2
SQLStatementParser (com.alibaba.druid.sql.parser.SQLStatementParser)2
SchemaStatVisitor (com.alibaba.druid.sql.visitor.SchemaStatVisitor)2
UserConfig (io.mycat.config.model.UserConfig)2
MycatSchemaStatVisitor (io.mycat.route.parser.druid.MycatSchemaStatVisitor)2
MycatStatementParser (io.mycat.route.parser.druid.MycatStatementParser)2
Element (org.w3c.dom.Element)2
NodeList (org.w3c.dom.NodeList)2
