From 2dda013646352d318b1a834283a7f722e655115a Mon Sep 17 00:00:00 2001 From: Shengliang Guan Date: Fri, 20 Dec 2024 10:13:53 +0800 Subject: [PATCH 1/3] enh: skil password check if create user with is_import --- docs/zh/14-reference/09-error-code.md | 2 +- include/util/taoserror.h | 2 +- source/dnode/mnode/impl/src/mndUser.c | 41 +++++++++++++++++++------- source/libs/parser/src/parAstCreater.c | 2 +- source/libs/parser/src/parUtil.c | 4 +-- source/util/src/terror.c | 2 +- source/util/test/errorCodeTable.ini | 2 +- tests/script/tsim/user/password.sim | 8 ++++- 8 files changed, 45 insertions(+), 18 deletions(-) diff --git a/docs/zh/14-reference/09-error-code.md b/docs/zh/14-reference/09-error-code.md index 2bebe2406b..51453cef4c 100644 --- a/docs/zh/14-reference/09-error-code.md +++ b/docs/zh/14-reference/09-error-code.md @@ -403,7 +403,7 @@ description: TDengine 服务端的错误码列表和详细说明 | 0x8000260D | Tags number not matched | tag列个数不匹配 | 检查并修正SQL语句 | | 0x8000260E | Invalid tag name | 无效或不存在的tag名 | 检查并修正SQL语句 | | 0x80002610 | Value is too long | 值长度超出限制 | 检查并修正SQL语句或API参数 | -| 0x80002611 | Password can not be empty | 密码为空 | 使用合法的密码 | +| 0x80002611 | Password too short or empty | 密码为空或少于 8 个字符 | 使用合法的密码 | | 0x80002612 | Port should be an integer that is less than 65535 and greater than 0 | 端口号非法 | 检查并修正端口号 | | 0x80002613 | Endpoint should be in the format of 'fqdn:port' | 地址格式错误 | 检查并修正地址信息 | | 0x80002614 | This statement is no longer supported | 功能已经废弃 | 参考功能文档说明 | diff --git a/include/util/taoserror.h b/include/util/taoserror.h index 64ef0b3829..e317fdd65a 100644 --- a/include/util/taoserror.h +++ b/include/util/taoserror.h @@ -801,7 +801,7 @@ int32_t taosGetErrSize(); #define TSDB_CODE_PAR_TAGS_NOT_MATCHED TAOS_DEF_ERROR_CODE(0, 0x260D) #define TSDB_CODE_PAR_INVALID_TAG_NAME TAOS_DEF_ERROR_CODE(0, 0x260E) #define TSDB_CODE_PAR_NAME_OR_PASSWD_TOO_LONG TAOS_DEF_ERROR_CODE(0, 0x2610) -#define TSDB_CODE_PAR_PASSWD_EMPTY TAOS_DEF_ERROR_CODE(0, 0x2611) +#define TSDB_CODE_PAR_PASSWD_TOO_SHORT_OR_EMPTY TAOS_DEF_ERROR_CODE(0, 0x2611) #define TSDB_CODE_PAR_INVALID_PORT TAOS_DEF_ERROR_CODE(0, 0x2612) #define TSDB_CODE_PAR_INVALID_ENDPOINT TAOS_DEF_ERROR_CODE(0, 0x2613) #define TSDB_CODE_PAR_EXPRIE_STATEMENT TAOS_DEF_ERROR_CODE(0, 0x2614) diff --git a/source/dnode/mnode/impl/src/mndUser.c b/source/dnode/mnode/impl/src/mndUser.c index e1518d3752..5b2a5fa8aa 100644 --- a/source/dnode/mnode/impl/src/mndUser.c +++ b/source/dnode/mnode/impl/src/mndUser.c @@ -1805,12 +1805,21 @@ _OVER: TAOS_RETURN(code); } -static int32_t mndCheckPasswordFmt(const char *pwd) { - int32_t len = strlen(pwd); - if (len < TSDB_PASSWORD_MIN_LEN || len > TSDB_PASSWORD_MAX_LEN) { +static int32_t mndCheckPasswordMinLen(const char *pwd, int32_t len) { + if (len < TSDB_PASSWORD_MIN_LEN) { return -1; } + return 0; +} +static int32_t mndCheckPasswordMaxLen(const char *pwd, int32_t len) { + if (len > TSDB_PASSWORD_MAX_LEN) { + return -1; + } + return 0; +} + +static int32_t mndCheckPasswordFmt(const char *pwd, int32_t len) { if (strcmp(pwd, "taosdata") == 0) { return 0; } @@ -1875,14 +1884,17 @@ static int32_t mndProcessCreateUserReq(SRpcMsg *pReq) { TAOS_CHECK_GOTO(TSDB_CODE_MND_INVALID_USER_FORMAT, &lino, _OVER); } - if (mndCheckPasswordFmt(createReq.pass) != 0) { - TAOS_CHECK_GOTO(TSDB_CODE_MND_INVALID_PASS_FORMAT, &lino, _OVER); - } - + int32_t len = strlen(createReq.pass); if (createReq.isImport != 1) { - if (strlen(createReq.pass) >= TSDB_PASSWORD_LEN) { + if (mndCheckPasswordMinLen(createReq.pass, len) != 0) { + TAOS_CHECK_GOTO(TSDB_CODE_PAR_PASSWD_TOO_SHORT_OR_EMPTY, &lino, _OVER); + } + if (mndCheckPasswordMaxLen(createReq.pass, len) != 0) { TAOS_CHECK_GOTO(TSDB_CODE_PAR_NAME_OR_PASSWD_TOO_LONG, &lino, _OVER); } + if (mndCheckPasswordFmt(createReq.pass, len) != 0) { + TAOS_CHECK_GOTO(TSDB_CODE_MND_INVALID_PASS_FORMAT, &lino, _OVER); + } } code = mndAcquireUser(pMnode, createReq.user, &pUser); @@ -2364,8 +2376,17 @@ static int32_t mndProcessAlterUserReq(SRpcMsg *pReq) { TAOS_CHECK_GOTO(TSDB_CODE_MND_INVALID_USER_FORMAT, &lino, _OVER); } - if (TSDB_ALTER_USER_PASSWD == alterReq.alterType && mndCheckPasswordFmt(alterReq.pass) != 0) { - TAOS_CHECK_GOTO(TSDB_CODE_MND_INVALID_PASS_FORMAT, &lino, _OVER); + if (TSDB_ALTER_USER_PASSWD == alterReq.alterType) { + int32_t len = strlen(alterReq.pass); + if (mndCheckPasswordMinLen(alterReq.pass, len) != 0) { + TAOS_CHECK_GOTO(TSDB_CODE_PAR_PASSWD_TOO_SHORT_OR_EMPTY, &lino, _OVER); + } + if (mndCheckPasswordMaxLen(alterReq.pass, len) != 0) { + TAOS_CHECK_GOTO(TSDB_CODE_PAR_NAME_OR_PASSWD_TOO_LONG, &lino, _OVER); + } + if (mndCheckPasswordFmt(alterReq.pass, len) != 0) { + TAOS_CHECK_GOTO(TSDB_CODE_MND_INVALID_PASS_FORMAT, &lino, _OVER); + } } TAOS_CHECK_GOTO(mndAcquireUser(pMnode, alterReq.user, &pUser), &lino, _OVER); diff --git a/source/libs/parser/src/parAstCreater.c b/source/libs/parser/src/parAstCreater.c index a13472620b..fa656667af 100644 --- a/source/libs/parser/src/parAstCreater.c +++ b/source/libs/parser/src/parAstCreater.c @@ -116,7 +116,7 @@ static bool checkPassword(SAstCreateContext* pCxt, const SToken* pPasswordToken, strncpy(pPassword, pPasswordToken->z, pPasswordToken->n); (void)strdequote(pPassword); if (strtrim(pPassword) <= 0) { - pCxt->errCode = generateSyntaxErrMsg(&pCxt->msgBuf, TSDB_CODE_PAR_PASSWD_EMPTY); + pCxt->errCode = generateSyntaxErrMsg(&pCxt->msgBuf, TSDB_CODE_PAR_PASSWD_TOO_SHORT_OR_EMPTY); } else if (invalidPassword(pPassword)) { pCxt->errCode = generateSyntaxErrMsg(&pCxt->msgBuf, TSDB_CODE_PAR_INVALID_PASSWD); } diff --git a/source/libs/parser/src/parUtil.c b/source/libs/parser/src/parUtil.c index 9706644324..0cda428487 100644 --- a/source/libs/parser/src/parUtil.c +++ b/source/libs/parser/src/parUtil.c @@ -57,8 +57,8 @@ static char* getSyntaxErrFormat(int32_t errCode) { return "Invalid tag name: %s"; case TSDB_CODE_PAR_NAME_OR_PASSWD_TOO_LONG: return "Name or password too long"; - case TSDB_CODE_PAR_PASSWD_EMPTY: - return "Password can not be empty"; + case TSDB_CODE_PAR_PASSWD_TOO_SHORT_OR_EMPTY: + return "Password too short or empty"; case TSDB_CODE_PAR_INVALID_PORT: return "Port should be an integer that is less than 65535 and greater than 0"; case TSDB_CODE_PAR_INVALID_ENDPOINT: diff --git a/source/util/src/terror.c b/source/util/src/terror.c index 195cb21618..d2d551a539 100644 --- a/source/util/src/terror.c +++ b/source/util/src/terror.c @@ -648,7 +648,7 @@ TAOS_DEFINE_ERROR(TSDB_CODE_PAR_NOT_SINGLE_GROUP, "Not a single-group g TAOS_DEFINE_ERROR(TSDB_CODE_PAR_TAGS_NOT_MATCHED, "Tags number not matched") TAOS_DEFINE_ERROR(TSDB_CODE_PAR_INVALID_TAG_NAME, "Invalid tag name") TAOS_DEFINE_ERROR(TSDB_CODE_PAR_NAME_OR_PASSWD_TOO_LONG, "Name or password too long") -TAOS_DEFINE_ERROR(TSDB_CODE_PAR_PASSWD_EMPTY, "Password can not be empty") +TAOS_DEFINE_ERROR(TSDB_CODE_PAR_PASSWD_TOO_SHORT_OR_EMPTY, "Password too short or empty") TAOS_DEFINE_ERROR(TSDB_CODE_PAR_INVALID_PORT, "Port should be an integer that is less than 65535 and greater than 0") TAOS_DEFINE_ERROR(TSDB_CODE_PAR_INVALID_ENDPOINT, "Endpoint should be in the format of 'fqdn:port'") TAOS_DEFINE_ERROR(TSDB_CODE_PAR_EXPRIE_STATEMENT, "This statement is no longer supported") diff --git a/source/util/test/errorCodeTable.ini b/source/util/test/errorCodeTable.ini index e837954a0b..f67c8ab834 100644 --- a/source/util/test/errorCodeTable.ini +++ b/source/util/test/errorCodeTable.ini @@ -463,7 +463,7 @@ TSDB_CODE_PAR_NOT_SINGLE_GROUP = 0x8000260C TSDB_CODE_PAR_TAGS_NOT_MATCHED = 0x8000260D TSDB_CODE_PAR_INVALID_TAG_NAME = 0x8000260E TSDB_CODE_PAR_NAME_OR_PASSWD_TOO_LONG = 0x80002610 -TSDB_CODE_PAR_PASSWD_EMPTY = 0x80002611 +TSDB_CODE_PAR_PASSWD_TOO_SHORT_OR_EMPTY = 0x80002611 TSDB_CODE_PAR_INVALID_PORT = 0x80002612 TSDB_CODE_PAR_INVALID_ENDPOINT = 0x80002613 TSDB_CODE_PAR_EXPRIE_STATEMENT = 0x80002614 diff --git a/tests/script/tsim/user/password.sim b/tests/script/tsim/user/password.sim index 729097e7e1..fbbe7f26f4 100644 --- a/tests/script/tsim/user/password.sim +++ b/tests/script/tsim/user/password.sim @@ -271,5 +271,11 @@ sql create user u25 pass 'taosdata1~' sql create user u26 pass 'taosdata1,' sql create user u27 pass 'taosdata1.' -return +sql CREATE USER `_xTest1` PASS '2729c41a99b2c5222aa7dd9fc1ce3de7' SYSINFO 1 CREATEDB 0 IS_IMPORT 1 HOST '127.0.0.1'; +sql_error CREATE USER `_xTest2` PASS '2729c41a99b2c5222aa7dd9fc1ce3de7' SYSINFO 1 CREATEDB 0 IS_IMPORT 0 HOST '127.0.0.1'; +sql CREATE USER `_xTest3` PASS '2729c41' SYSINFO 1 CREATEDB 0 IS_IMPORT 1 HOST '127.0.0.1'; +sql_error CREATE USER `_xTest4` PASS '2729c417' SYSINFO 1 CREATEDB 0 IS_IMPORT 0 HOST '127.0.0.1'; +sql CREATE USER `_xTest5` PASS '2xF' SYSINFO 1 CREATEDB 0 IS_IMPORT 1 HOST '127.0.0.1'; +sql_error CREATE USER `_xTest6` PASS '2xF' SYSINFO 1 CREATEDB 0 IS_IMPORT 0 HOST '127.0.0.1'; + system sh/exec.sh -n dnode1 -s stop -x SIGINT \ No newline at end of file From 761281628dc43b936cd048a38404bd6173a750b4 Mon Sep 17 00:00:00 2001 From: Shengliang Guan Date: Fri, 20 Dec 2024 10:17:42 +0800 Subject: [PATCH 2/3] enh: minor changes --- tests/script/tsim/user/password.sim | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/script/tsim/user/password.sim b/tests/script/tsim/user/password.sim index fbbe7f26f4..7d1eff2f0b 100644 --- a/tests/script/tsim/user/password.sim +++ b/tests/script/tsim/user/password.sim @@ -278,4 +278,9 @@ sql_error CREATE USER `_xTest4` PASS '2729c417' SYSINFO 1 CREATEDB 0 IS_IMPORT 0 sql CREATE USER `_xTest5` PASS '2xF' SYSINFO 1 CREATEDB 0 IS_IMPORT 1 HOST '127.0.0.1'; sql_error CREATE USER `_xTest6` PASS '2xF' SYSINFO 1 CREATEDB 0 IS_IMPORT 0 HOST '127.0.0.1'; + +sql_error alter USER `_xTest1` PASS '2729c41a99b2c5222aa7dd9fc1ce3de7'; +sql_error alter USER `_xTest1` PASS '2729c417'; +sql_error alter USER `_xTest1` PASS '2xF'; + system sh/exec.sh -n dnode1 -s stop -x SIGINT \ No newline at end of file From a1d088ad8a1324538b773c9e4b094b4355cacbf6 Mon Sep 17 00:00:00 2001 From: Shengliang Guan Date: Fri, 20 Dec 2024 13:45:10 +0800 Subject: [PATCH 3/3] fix: ci errors --- docs/en/14-reference/09-error-code.md | 2 +- tests/system-test/1-insert/boundary.py | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/docs/en/14-reference/09-error-code.md b/docs/en/14-reference/09-error-code.md index 1d3ea3f9a1..2bbd8f9305 100644 --- a/docs/en/14-reference/09-error-code.md +++ b/docs/en/14-reference/09-error-code.md @@ -386,7 +386,7 @@ This document details the server error codes that may be encountered when using | 0x8000260D | Tags number not matched | Mismatched number of tag columns | Check and correct the SQL statement | | 0x8000260E | Invalid tag name | Invalid or non-existent tag name | Check and correct the SQL statement | | 0x80002610 | Value is too long | Value length exceeds limit | Check and correct the SQL statement or API parameters | -| 0x80002611 | Password can not be empty | Password is empty | Use a valid password | +| 0x80002611 | Password too short or empty | Password is empty or less than 8 chars | Use a valid password | | 0x80002612 | Port should be an integer that is less than 65535 and greater than 0 | Illegal port number | Check and correct the port number | | 0x80002613 | Endpoint should be in the format of 'fqdn:port' | Incorrect address format | Check and correct the address information | | 0x80002614 | This statement is no longer supported | Feature has been deprecated | Refer to the feature documentation | diff --git a/tests/system-test/1-insert/boundary.py b/tests/system-test/1-insert/boundary.py index 25782fd0c3..129b0f275c 100644 --- a/tests/system-test/1-insert/boundary.py +++ b/tests/system-test/1-insert/boundary.py @@ -130,6 +130,8 @@ class TDTestCase: tdSql.error(f'create user {username} pass "test123@#$"') if "Name or password too long" in tdSql.error_info: tdLog.info("error info is true!") + elif "Password too short or empty" in tdSql.error_info: + tdLog.info("error info is true!") else: tdLog.exit("error info is not true") @@ -146,6 +148,10 @@ class TDTestCase: tdSql.error(f'create user {username} pass "{password}@1"') if "Invalid password format" in tdSql.error_info: tdLog.info("error info is true!") + elif "Name or password too long" in tdSql.error_info: + tdLog.info("error info is true!") + elif "Password too short or empty" in tdSql.error_info: + tdLog.info("error info is true!") else: tdLog.exit("error info is not true") def sql_length_check(self):