xxq250
/
homework-jianmu
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Merge pull request #29649 from taosdata/feat/TS-5927-long-password 

feat:[TS-5927]long-password
This commit is contained in:
Simon Guan 2025-03-06 17:25:48 +08:00 committed by GitHub
parent c10eec0a33 e5fb75797a
commit c00d772492
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
29 changed files with 266 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/en/08-operation/14-user.md
View File

@ -18,7 +18,10 @@ create user user_name pass'password' [sysinfo {1|0}] [createdb {1|0}]
The parameters are explained as follows.
- user_name: Up to 23 B long.
- password: The password must be between 8 and 16 characters long and include at least three types of characters from the following: uppercase letters, lowercase letters, numbers, and special characters. Special characters include `! @ # $ % ^ & * ( ) - _ + = [ ] { } : ; > < ? | ~ , .`.
- password: The password must be between 8 and 255 characters long. The password include at least three types of characters from the following: uppercase letters, lowercase letters, numbers, and special characters, special characters include `! @ # $ % ^ & * ( ) - _ + = [ ] { } : ; > < ? | ~ , .`, and this reqirement is able to be closed by adding enableStrongPassword 0 in taos.cfg, or by the following SQL:
```sql
alter all dnode 'EnableStrongPassword' '0'
```
- sysinfo: Whether the user can view system information. 1 means they can view it, 0 means they cannot. System information includes server configuration information, various node information such as dnode, query node (qnode), etc., as well as storage-related information, etc. The default is to view system information.
- createdb: Whether the user can create databases. 1 means they can create databases, 0 means they cannot. The default value is 0. // Supported starting from TDengine Enterprise version 3.3.2.0

2
docs/en/14-reference/03-taos-sql/19-limit.md
View File

@ -37,6 +37,6 @@ Removed `` ‘“`\ `` (single and double quotes, apostrophe, backslash, space)
- Number of databases, supertables, and tables are not limited by the system, only by system resources
- Number of replicas for a database can only be set to 1 or 3
- Maximum length of username is 23 bytes
- Maximum length of user password is 31 bytes
- Maximum length of user password is 255 bytes
- Total number of data rows depends on available resources
- Maximum number of virtual nodes for a single database is 1024

5
docs/zh/08-operation/14-user.md
View File

@ -17,7 +17,10 @@ create user user_name pass'password' [sysinfo {1|0}] [createdb {1|0}]
相关参数说明如下。
- user_name用户名最长不超过 23 个字节。
- password密码长度必须为 8 到 16 位,并且至少包含大写字母、小写字母、数字、特殊字符中的三类。特殊字符包括 `! @ # $ % ^ & * ( ) - _ + = [ ] { } : ; > < ? | ~ , .`。(始自 3.3.5.0 版本)
- password密码长度必须为 8 到 255 。密码要符合一个要求:至少包含大写字母、小写字母、数字、特殊字符中的三类。特殊字符包括 `! @ # $ % ^ & * ( ) - _ + = [ ] { } : ; > < ? | ~ , .`(始自 3.3.5.0 版本可以通过在taos.cfg中添加参数enableStrongPassword 0关闭这个强制要求或者通过如下SQL关闭这个强制要求始自 3.3.6.0 版本)。
```sql
alter all dnode 'EnableStrongPassword' '0'
```
- sysinfo 用户是否可以查看系统信息。1 表示可以查看0 表示不可以查看。系统信息包括服务端配置信息、服务端各种节点信息,如 dnode、查询节点qnode以及与存储相关的信息等。默认为可以查看系统信息。
- createdb用户是否可以创建数据库。1 表示可以创建0 表示不可以创建。缺省值为 0。// 从 TDengine 企业版 3.3.2.0 开始支持

2
docs/zh/14-reference/03-taos-sql/19-limit.md
View File

@ -37,6 +37,6 @@ description: 合法字符集和命名中的限制规则
- 库的数目,超级表的数目、表的数目,系统不做限制,仅受系统资源限制
- 数据库的副本数只能设置为 1 或 3
- 用户名的最大长度是 23 字节
- 用户密码的长度范围是 8-16 字节
- 用户密码的长度范围是 8-255 字节
- 总数据行数取决于可用资源
- 单个数据库的虚拟结点数上限为 1024

1
include/common/tglobal.h
View File

@ -69,6 +69,7 @@ extern EEncryptAlgor tsiEncryptAlgorithm;
extern EEncryptScope tsiEncryptScope;
// extern char tsAuthCode[];
extern char tsEncryptKey[];
extern int8_t tsEnableStrongPassword;
// common
extern int32_t tsMaxShellConns;

3
include/common/tmsg.h
View File

@ -1091,6 +1091,7 @@ typedef struct {
char* sql;
int8_t isImport;
int8_t createDb;
int8_t passIsMd5;
} SCreateUserReq;
int32_t tSerializeSCreateUserReq(void* buf, int32_t bufLen, SCreateUserReq* pReq);
@ -1161,6 +1162,7 @@ typedef struct {
int64_t privileges;
int32_t sqlLen;
char* sql;
int8_t passIsMd5;
} SAlterUserReq;
int32_t tSerializeSAlterUserReq(void* buf, int32_t bufLen, SAlterUserReq* pReq);
@ -3571,6 +3573,7 @@ typedef struct {
SArray* rsps; // SArray<SClientHbRsp>
SMonitorParas monitorParas;
int8_t enableAuditDelete;
int8_t enableStrongPass;
} SClientHbBatchRsp;
static FORCE_INLINE uint32_t hbKeyHashFunc(const char* key, uint32_t keyLen) { return taosIntHash_64(key, keyLen); }

4
include/libs/nodes/cmdnodes.h
View File

@ -301,7 +301,7 @@ typedef struct SAlterTableMultiStmt {
typedef struct SCreateUserStmt {
ENodeType type;
char userName[TSDB_USER_LEN];
char password[TSDB_USET_PASSWORD_LEN];
char password[TSDB_USET_PASSWORD_LONGLEN];
int8_t sysinfo;
int8_t createDb;
int8_t isImport;
@ -315,7 +315,7 @@ typedef struct SAlterUserStmt {
ENodeType type;
char userName[TSDB_USER_LEN];
int8_t alterType;
char password[TSDB_USET_PASSWORD_LEN];
char password[TSDB_USET_PASSWORD_LONGLEN];
int8_t enable;
int8_t sysinfo;
int8_t createdb;

3
include/util/tdef.h
View File

@ -292,9 +292,10 @@ typedef enum ELogicConditionType {
#define TSDB_AUTH_LEN 16
#define TSDB_PASSWORD_MIN_LEN 8
#define TSDB_PASSWORD_MAX_LEN 16
#define TSDB_PASSWORD_MAX_LEN 255
#define TSDB_PASSWORD_LEN 32
#define TSDB_USET_PASSWORD_LEN 129
#define TSDB_USET_PASSWORD_LONGLEN 256
#define TSDB_VERSION_LEN 32
#define TSDB_LABEL_LEN 16
#define TSDB_JOB_STATUS_LEN 32

1
source/client/inc/clientInt.h
View File

@ -115,6 +115,7 @@ typedef struct SQueryExecMetric {
typedef struct {
SMonitorParas monitorParas;
int8_t enableAuditDelete;
int8_t enableStrongPass;
} SAppInstServerCFG;
struct SAppInstInfo {
int64_t numOfConns;

2
source/client/src/clientHb.c
View File

@ -608,6 +608,8 @@ static int32_t hbAsyncCallBack(void *param, SDataBuf *pMsg, int32_t code) {
pInst->serverCfg.monitorParas = pRsp.monitorParas;
pInst->serverCfg.enableAuditDelete = pRsp.enableAuditDelete;
pInst->serverCfg.enableStrongPass = pRsp.enableStrongPass;
tsEnableStrongPassword = pInst->serverCfg.enableStrongPass;
tscDebug("monitor paras from hb, clusterId:0x%" PRIx64 ", threshold:%d scope:%d", pInst->clusterId,
pRsp.monitorParas.tsSlowLogThreshold, pRsp.monitorParas.tsSlowLogScope);

2
source/client/src/clientImpl.c
View File

@ -54,7 +54,7 @@ static bool stringLengthCheck(const char* str, size_t maxsize) {
static bool validateUserName(const char* user) { return stringLengthCheck(user, TSDB_USER_LEN - 1); }
static bool validatePassword(const char* passwd) { return stringLengthCheck(passwd, TSDB_PASSWORD_LEN - 1); }
static bool validatePassword(const char* passwd) { return stringLengthCheck(passwd, TSDB_PASSWORD_MAX_LEN); }
static bool validateDbName(const char* db) { return stringLengthCheck(db, TSDB_DB_NAME_LEN - 1); }

15
source/common/src/msg/tmsg.c
View File

@ -575,6 +575,7 @@ int32_t tSerializeSClientHbBatchRsp(void *buf, int32_t bufLen, const SClientHbBa
}
TAOS_CHECK_EXIT(tSerializeSMonitorParas(&encoder, &pBatchRsp->monitorParas));
TAOS_CHECK_EXIT(tEncodeI8(&encoder, pBatchRsp->enableAuditDelete));
TAOS_CHECK_EXIT(tEncodeI8(&encoder, pBatchRsp->enableStrongPass));
tEndEncode(&encoder);
_exit:
@ -623,6 +624,12 @@ int32_t tDeserializeSClientHbBatchRsp(void *buf, int32_t bufLen, SClientHbBatchR
pBatchRsp->enableAuditDelete = 0;
}
if (!tDecodeIsEnd(&decoder)) {
TAOS_CHECK_EXIT(tDecodeI8(&decoder, &pBatchRsp->enableStrongPass));
} else {
pBatchRsp->enableStrongPass = 1;
}
tEndDecode(&decoder);
_exit:
@ -2028,6 +2035,7 @@ int32_t tSerializeSCreateUserReq(void *buf, int32_t bufLen, SCreateUserReq *pReq
ENCODESQL();
TAOS_CHECK_EXIT(tEncodeI8(&encoder, pReq->isImport));
TAOS_CHECK_EXIT(tEncodeI8(&encoder, pReq->createDb));
TAOS_CHECK_EXIT(tEncodeI8(&encoder, pReq->passIsMd5));
tEndEncode(&encoder);
@ -2068,6 +2076,9 @@ int32_t tDeserializeSCreateUserReq(void *buf, int32_t bufLen, SCreateUserReq *pR
TAOS_CHECK_EXIT(tDecodeI8(&decoder, &pReq->createDb));
TAOS_CHECK_EXIT(tDecodeI8(&decoder, &pReq->isImport));
}
if (!tDecodeIsEnd(&decoder)) {
TAOS_CHECK_EXIT(tDecodeI8(&decoder, &pReq->passIsMd5));
}
tEndDecode(&decoder);
@ -2423,6 +2434,7 @@ int32_t tSerializeSAlterUserReq(void *buf, int32_t bufLen, SAlterUserReq *pReq)
TAOS_CHECK_EXIT(tEncodeI64(&encoder, pReq->privileges));
ENCODESQL();
TAOS_CHECK_EXIT(tEncodeU8(&encoder, pReq->flag));
TAOS_CHECK_EXIT(tEncodeU8(&encoder, pReq->passIsMd5));
tEndEncode(&encoder);
_exit:
@ -2474,6 +2486,9 @@ int32_t tDeserializeSAlterUserReq(void *buf, int32_t bufLen, SAlterUserReq *pReq
if (!tDecodeIsEnd(&decoder)) {
TAOS_CHECK_EXIT(tDecodeU8(&decoder, &pReq->flag));
}
if (!tDecodeIsEnd(&decoder)) {
TAOS_CHECK_EXIT(tDecodeU8(&decoder, &pReq->passIsMd5));
}
tEndDecode(&decoder);
_exit:

8
source/common/src/tglobal.c
View File

@ -55,6 +55,7 @@ EEncryptScope tsiEncryptScope = 0;
// char tsAuthCode[500] = {0};
// char tsEncryptKey[17] = {0};
char tsEncryptKey[17] = {0};
int8_t tsEnableStrongPassword = 1;
// common
int32_t tsMaxShellConns = 50000;
@ -838,6 +839,7 @@ static int32_t taosAddServerCfg(SConfig *pCfg) {
TAOS_CHECK_RETURN(cfgAddString(pCfg, "encryptAlgorithm", tsEncryptAlgorithm, CFG_SCOPE_SERVER, CFG_DYN_NONE, CFG_CATEGORY_GLOBAL));
TAOS_CHECK_RETURN(cfgAddString(pCfg, "encryptScope", tsEncryptScope, CFG_SCOPE_SERVER, CFG_DYN_NONE,CFG_CATEGORY_GLOBAL));
TAOS_CHECK_RETURN(cfgAddBool(pCfg, "enableStrongPassword", tsEnableStrongPassword, CFG_SCOPE_SERVER, CFG_DYN_SERVER,CFG_CATEGORY_GLOBAL));
TAOS_CHECK_RETURN(cfgAddInt32(pCfg, "statusInterval", tsStatusInterval, 1, 30, CFG_SCOPE_SERVER, CFG_DYN_SERVER_LAZY,CFG_CATEGORY_GLOBAL));
TAOS_CHECK_RETURN(cfgAddInt32(pCfg, "maxShellConns", tsMaxShellConns, 10, 50000000, CFG_SCOPE_SERVER, CFG_DYN_SERVER_LAZY, CFG_CATEGORY_LOCAL));
@ -1530,6 +1532,9 @@ static int32_t taosSetServerCfg(SConfig *pCfg) {
TAOS_CHECK_RETURN(taosCheckCfgStrValueLen(pItem->name, pItem->str, 100));
tstrncpy(tsEncryptScope, pItem->str, 100);
TAOS_CHECK_GET_CFG_ITEM(pCfg, pItem, "enableStrongPassword");
tsEnableStrongPassword = pItem->i32;
TAOS_CHECK_GET_CFG_ITEM(pCfg, pItem, "numOfRpcThreads");
tsNumOfRpcThreads = pItem->i32;
@ -2527,7 +2532,8 @@ static int32_t taosCfgDynamicOptionsForServer(SConfig *pCfg, const char *name) {
{"arbHeartBeatIntervalSec", &tsArbHeartBeatIntervalSec},
{"arbCheckSyncIntervalSec", &tsArbCheckSyncIntervalSec},
{"arbSetAssignedTimeoutSec", &tsArbSetAssignedTimeoutSec},
{"queryNoFetchTimeoutSec", &tsQueryNoFetchTimeoutSec}};
{"queryNoFetchTimeoutSec", &tsQueryNoFetchTimeoutSec},
{"enableStrongPassword", &tsEnableStrongPassword}};
if ((code = taosCfgSetOption(debugOptions, tListLen(debugOptions), pItem, true)) != TSDB_CODE_SUCCESS) {
code = taosCfgSetOption(options, tListLen(options), pItem, false);

1
source/dnode/mnode/impl/src/mndProfile.c
View File

@ -722,6 +722,7 @@ static int32_t mndProcessHeartBeatReq(SRpcMsg *pReq) {
batchRsp.monitorParas.tsSlowLogMaxLen = tsSlowLogMaxLen;
batchRsp.monitorParas.tsSlowLogScope = tsSlowLogScope;
batchRsp.enableAuditDelete = tsEnableAuditDelete;
batchRsp.enableStrongPass = tsEnableStrongPassword;
int32_t sz = taosArrayGetSize(batchReq.reqs);
for (int i = 0; i < sz; i++) {

70
source/dnode/mnode/impl/src/mndUser.c
View File

@ -1705,12 +1705,18 @@ static int32_t mndCreateUser(SMnode *pMnode, char *acct, SCreateUserReq *pCreate
int32_t code = 0;
int32_t lino = 0;
SUserObj userObj = {0};
if (pCreate->isImport != 1) {
taosEncryptPass_c((uint8_t *)pCreate->pass, strlen(pCreate->pass), userObj.pass);
} else {
// mInfo("pCreate->pass:%s", pCreate->eass)
if (pCreate->passIsMd5 == 1) {
memcpy(userObj.pass, pCreate->pass, TSDB_PASSWORD_LEN);
} else {
if (pCreate->isImport != 1) {
taosEncryptPass_c((uint8_t *)pCreate->pass, strlen(pCreate->pass), userObj.pass);
} else {
// mInfo("pCreate->pass:%s", pCreate->eass)
memcpy(userObj.pass, pCreate->pass, TSDB_PASSWORD_LEN);
}
}
tstrncpy(userObj.user, pCreate->user, TSDB_USER_LEN);
tstrncpy(userObj.acct, acct, TSDB_USER_LEN);
userObj.createdTime = taosGetTimestampMs();
@ -1884,16 +1890,18 @@ static int32_t mndProcessCreateUserReq(SRpcMsg *pReq) {
TAOS_CHECK_GOTO(TSDB_CODE_MND_INVALID_USER_FORMAT, &lino, _OVER);
}
int32_t len = strlen(createReq.pass);
if (createReq.isImport != 1) {
if (mndCheckPasswordMinLen(createReq.pass, len) != 0) {
TAOS_CHECK_GOTO(TSDB_CODE_PAR_PASSWD_TOO_SHORT_OR_EMPTY, &lino, _OVER);
}
if (mndCheckPasswordMaxLen(createReq.pass, len) != 0) {
TAOS_CHECK_GOTO(TSDB_CODE_PAR_NAME_OR_PASSWD_TOO_LONG, &lino, _OVER);
}
if (mndCheckPasswordFmt(createReq.pass, len) != 0) {
TAOS_CHECK_GOTO(TSDB_CODE_MND_INVALID_PASS_FORMAT, &lino, _OVER);
if(createReq.passIsMd5 == 0){
int32_t len = strlen(createReq.pass);
if (createReq.isImport != 1) {
if (mndCheckPasswordMinLen(createReq.pass, len) != 0) {
TAOS_CHECK_GOTO(TSDB_CODE_PAR_PASSWD_TOO_SHORT_OR_EMPTY, &lino, _OVER);
}
if (mndCheckPasswordMaxLen(createReq.pass, len) != 0) {
TAOS_CHECK_GOTO(TSDB_CODE_PAR_NAME_OR_PASSWD_TOO_LONG, &lino, _OVER);
}
if (mndCheckPasswordFmt(createReq.pass, len) != 0) {
TAOS_CHECK_GOTO(TSDB_CODE_MND_INVALID_PASS_FORMAT, &lino, _OVER);
}
}
}
@ -2375,17 +2383,18 @@ static int32_t mndProcessAlterUserReq(SRpcMsg *pReq) {
if (alterReq.user[0] == 0) {
TAOS_CHECK_GOTO(TSDB_CODE_MND_INVALID_USER_FORMAT, &lino, _OVER);
}
if (TSDB_ALTER_USER_PASSWD == alterReq.alterType) {
int32_t len = strlen(alterReq.pass);
if (mndCheckPasswordMinLen(alterReq.pass, len) != 0) {
TAOS_CHECK_GOTO(TSDB_CODE_PAR_PASSWD_TOO_SHORT_OR_EMPTY, &lino, _OVER);
}
if (mndCheckPasswordMaxLen(alterReq.pass, len) != 0) {
TAOS_CHECK_GOTO(TSDB_CODE_PAR_NAME_OR_PASSWD_TOO_LONG, &lino, _OVER);
}
if (mndCheckPasswordFmt(alterReq.pass, len) != 0) {
TAOS_CHECK_GOTO(TSDB_CODE_MND_INVALID_PASS_FORMAT, &lino, _OVER);
if(alterReq.passIsMd5 == 0){
if (TSDB_ALTER_USER_PASSWD == alterReq.alterType) {
int32_t len = strlen(alterReq.pass);
if (mndCheckPasswordMinLen(alterReq.pass, len) != 0) {
TAOS_CHECK_GOTO(TSDB_CODE_PAR_PASSWD_TOO_SHORT_OR_EMPTY, &lino, _OVER);
}
if (mndCheckPasswordMaxLen(alterReq.pass, len) != 0) {
TAOS_CHECK_GOTO(TSDB_CODE_PAR_NAME_OR_PASSWD_TOO_LONG, &lino, _OVER);
}
if (mndCheckPasswordFmt(alterReq.pass, len) != 0) {
TAOS_CHECK_GOTO(TSDB_CODE_MND_INVALID_PASS_FORMAT, &lino, _OVER);
}
}
}
@ -2401,10 +2410,13 @@ static int32_t mndProcessAlterUserReq(SRpcMsg *pReq) {
TAOS_CHECK_GOTO(mndUserDupObj(pUser, &newUser), &lino, _OVER);
if (alterReq.alterType == TSDB_ALTER_USER_PASSWD) {
char pass[TSDB_PASSWORD_LEN + 1] = {0};
taosEncryptPass_c((uint8_t *)alterReq.pass, strlen(alterReq.pass), pass);
(void)memcpy(newUser.pass, pass, TSDB_PASSWORD_LEN);
if (0 != strncmp(pUser->pass, pass, TSDB_PASSWORD_LEN)) {
if (alterReq.passIsMd5 == 1) {
(void)memcpy(newUser.pass, alterReq.pass, TSDB_PASSWORD_LEN);
} else {
taosEncryptPass_c((uint8_t *)alterReq.pass, strlen(alterReq.pass), newUser.pass);
}
if (0 != strncmp(pUser->pass, newUser.pass, TSDB_PASSWORD_LEN)) {
++newUser.passVersion;
}
}

2
source/libs/parser/inc/sql.y
View File

@ -119,7 +119,7 @@ is_import_opt(A) ::= IS_IMPORT NK_INTEGER(B).
is_createdb_opt(A) ::= . { A = 0; }
is_createdb_opt(A) ::= CREATEDB NK_INTEGER(B). { A = taosStr2Int8(B.z, NULL, 10); }
/************************************************ create/alter/drop user **********************************************/
cmd ::= CREATE USER user_name(A) PASS NK_STRING(B) sysinfo_opt(C) is_createdb_opt(F) is_import_opt(E)
cmd ::= CREATE USER user_name(A) PASS NK_STRING(B) sysinfo_opt(C) is_createdb_opt(E) is_import_opt(F)
white_list_opt(D). {
pCxt->pRootNode = createCreateUserStmt(pCxt, &A, &B, C, E, F);
pCxt->pRootNode = addCreateUserStmtWhiteList(pCxt, pCxt->pRootNode, D);

86
source/libs/parser/src/parAstCreater.c
View File

@ -108,18 +108,73 @@ static bool invalidPassword(const char* pPassword) {
return 0 == res;
}
static bool invalidStrongPassword(const char* pPassword) {
if (strcmp(pPassword, "taosdata") == 0) {
return false;
}
bool charTypes[4] = {0};
for (int32_t i = 0; i < strlen(pPassword); ++i) {
if (taosIsBigChar(pPassword[i])) {
charTypes[0] = true;
} else if (taosIsSmallChar(pPassword[i])) {
charTypes[1] = true;
} else if (taosIsNumberChar(pPassword[i])) {
charTypes[2] = true;
} else if (taosIsSpecialChar(pPassword[i])) {
charTypes[3] = true;
} else {
return true;
}
}
int32_t numOfTypes = 0;
for (int32_t i = 0; i < 4; ++i) {
numOfTypes += charTypes[i];
}
if (numOfTypes < 3) {
return true;
}
return false;
}
static bool checkPassword(SAstCreateContext* pCxt, const SToken* pPasswordToken, char* pPassword) {
if (NULL == pPasswordToken) {
pCxt->errCode = TSDB_CODE_PAR_SYNTAX_ERROR;
} else if (pPasswordToken->n >= (TSDB_USET_PASSWORD_LEN + 2)) {
} else if (pPasswordToken->n >= (TSDB_USET_PASSWORD_LONGLEN + 2)) {
pCxt->errCode = generateSyntaxErrMsg(&pCxt->msgBuf, TSDB_CODE_PAR_NAME_OR_PASSWD_TOO_LONG);
} else {
strncpy(pPassword, pPasswordToken->z, pPasswordToken->n);
(void)strdequote(pPassword);
if (strtrim(pPassword) <= 0) {
if (strtrim(pPassword) < TSDB_PASSWORD_MIN_LEN) {
pCxt->errCode = generateSyntaxErrMsg(&pCxt->msgBuf, TSDB_CODE_PAR_PASSWD_TOO_SHORT_OR_EMPTY);
} else {
if (tsEnableStrongPassword) {
if (invalidStrongPassword(pPassword)) {
pCxt->errCode = generateSyntaxErrMsg(&pCxt->msgBuf, TSDB_CODE_PAR_INVALID_PASSWD);
}
} else {
if (invalidPassword(pPassword)) {
pCxt->errCode = generateSyntaxErrMsg(&pCxt->msgBuf, TSDB_CODE_PAR_INVALID_PASSWD);
}
}
}
}
return TSDB_CODE_SUCCESS == pCxt->errCode;
}
static bool checkImportPassword(SAstCreateContext* pCxt, const SToken* pPasswordToken, char* pPassword) {
if (NULL == pPasswordToken) {
pCxt->errCode = TSDB_CODE_PAR_SYNTAX_ERROR;
} else if (pPasswordToken->n > (32 + 2)) {
pCxt->errCode = generateSyntaxErrMsg(&pCxt->msgBuf, TSDB_CODE_PAR_NAME_OR_PASSWD_TOO_LONG);
} else {
strncpy(pPassword, pPasswordToken->z, pPasswordToken->n);
(void)strdequote(pPassword);
if (strtrim(pPassword) < 32) {
pCxt->errCode = generateSyntaxErrMsg(&pCxt->msgBuf, TSDB_CODE_PAR_PASSWD_TOO_SHORT_OR_EMPTY);
} else if (invalidPassword(pPassword)) {
pCxt->errCode = generateSyntaxErrMsg(&pCxt->msgBuf, TSDB_CODE_PAR_INVALID_PASSWD);
}
}
return TSDB_CODE_SUCCESS == pCxt->errCode;
@ -3051,7 +3106,14 @@ static int32_t fillIpRangesFromWhiteList(SAstCreateContext* pCxt, SNodeList* pIp
}
SNode* addCreateUserStmtWhiteList(SAstCreateContext* pCxt, SNode* pCreateUserStmt, SNodeList* pIpRangesNodeList) {
if (NULL == pCreateUserStmt || NULL == pIpRangesNodeList) {
if (NULL == pCreateUserStmt) {
if (pIpRangesNodeList != NULL) {
nodesDestroyList(pIpRangesNodeList);
}
return NULL;
}
if (NULL == pIpRangesNodeList) {
return pCreateUserStmt;
}
@ -3074,14 +3136,18 @@ _err:
SNode* createCreateUserStmt(SAstCreateContext* pCxt, SToken* pUserName, const SToken* pPassword, int8_t sysinfo,
int8_t createDb, int8_t is_import) {
CHECK_PARSER_STATUS(pCxt);
char password[TSDB_USET_PASSWORD_LEN + 3] = {0};
char password[TSDB_USET_PASSWORD_LONGLEN + 3] = {0};
CHECK_NAME(checkUserName(pCxt, pUserName));
CHECK_NAME(checkPassword(pCxt, pPassword, password));
if (is_import == 0) {
CHECK_NAME(checkPassword(pCxt, pPassword, password));
} else {
CHECK_NAME(checkImportPassword(pCxt, pPassword, password));
}
SCreateUserStmt* pStmt = NULL;
pCxt->errCode = nodesMakeNode(QUERY_NODE_CREATE_USER_STMT, (SNode**)&pStmt);
CHECK_MAKE_NODE(pStmt);
COPY_STRING_FORM_ID_TOKEN(pStmt->userName, pUserName);
tstrncpy(pStmt->password, password, TSDB_USET_PASSWORD_LEN);
tstrncpy(pStmt->password, password, TSDB_USET_PASSWORD_LONGLEN);
pStmt->sysinfo = sysinfo;
pStmt->createDb = createDb;
pStmt->isImport = is_import;
@ -3100,10 +3166,10 @@ SNode* createAlterUserStmt(SAstCreateContext* pCxt, SToken* pUserName, int8_t al
pStmt->alterType = alterType;
switch (alterType) {
case TSDB_ALTER_USER_PASSWD: {
char password[TSDB_USET_PASSWORD_LEN] = {0};
char password[TSDB_USET_PASSWORD_LONGLEN] = {0};
SToken* pVal = pAlterInfo;
CHECK_NAME(checkPassword(pCxt, pVal, password));
tstrncpy(pStmt->password, password, TSDB_USET_PASSWORD_LEN);
tstrncpy(pStmt->password, password, TSDB_USET_PASSWORD_LONGLEN);
break;
}
case TSDB_ALTER_USER_ENABLE: {

18
source/libs/parser/src/parTranslater.c
View File

@ -10503,10 +10503,18 @@ static int32_t translateCreateUser(STranslateContext* pCxt, SCreateUserStmt* pSt
createReq.superUser = 0;
createReq.sysInfo = pStmt->sysinfo;
createReq.enable = 1;
tstrncpy(createReq.pass, pStmt->password, TSDB_USET_PASSWORD_LEN);
createReq.isImport = pStmt->isImport;
createReq.createDb = pStmt->createDb;
if(pStmt->isImport == 1){
tstrncpy(createReq.pass, pStmt->password, TSDB_USET_PASSWORD_LEN);
}
else{
taosEncryptPass_c((uint8_t*)pStmt->password, strlen(pStmt->password), createReq.pass);
}
createReq.passIsMd5 = 1;
createReq.numIpRanges = pStmt->numIpRanges;
if (pStmt->numIpRanges > 0) {
createReq.pIpRanges = taosMemoryMalloc(createReq.numIpRanges * sizeof(SIpV4Range));
@ -10548,7 +10556,13 @@ static int32_t translateAlterUser(STranslateContext* pCxt, SAlterUserStmt* pStmt
alterReq.enable = pStmt->enable;
alterReq.sysInfo = pStmt->sysinfo;
alterReq.createdb = pStmt->createdb ? 1 : 0;
snprintf(alterReq.pass, sizeof(alterReq.pass), "%s", pStmt->password);
int32_t len = strlen(pStmt->password);
if (len > 0) {
taosEncryptPass_c((uint8_t*)pStmt->password, len, alterReq.pass);
alterReq.passIsMd5 = 1;
}
if (NULL != pCxt->pParseCxt->db) {
snprintf(alterReq.objname, sizeof(alterReq.objname), "%s", pCxt->pParseCxt->db);
}

6
source/libs/parser/test/parAlterToBalanceTest.cpp
View File

@ -817,7 +817,7 @@ TEST_F(ParserInitialATest, alterUser) {
expect.sysInfo = sysInfo;
expect.enable = enable;
if (nullptr != pPass) {
strcpy(expect.pass, pPass);
taosEncryptPass_c((uint8_t*)pPass, strlen(pPass), expect.pass);
}
strcpy(expect.objname, "test");
};
@ -838,8 +838,8 @@ TEST_F(ParserInitialATest, alterUser) {
tFreeSAlterUserReq(&req);
});
setAlterUserReq("wxy", TSDB_ALTER_USER_PASSWD, "123456");
run("ALTER USER wxy PASS '123456'");
setAlterUserReq("wxy", TSDB_ALTER_USER_PASSWD, "12345678@Abc");
run("ALTER USER wxy PASS '12345678@Abc'");
clearAlterUserReq();
setAlterUserReq("wxy", TSDB_ALTER_USER_ENABLE, nullptr, 0, 1);

10
source/libs/parser/test/parInitialCTest.cpp
View File

@ -1345,11 +1345,11 @@ TEST_F(ParserInitialCTest, createUser) {
auto setCreateUserReq = [&](const char* pUser, const char* pPass, int8_t sysInfo = 1) {
strcpy(expect.user, pUser);
strcpy(expect.pass, pPass);
expect.createType = 0;
expect.superUser = 0;
expect.sysInfo = sysInfo;
expect.enable = 1;
taosEncryptPass_c((uint8_t*)pPass, strlen(pPass), expect.pass);
};
setCheckDdlFunc([&](const SQuery* pQuery, ParserStage stage) {
@ -1366,12 +1366,12 @@ TEST_F(ParserInitialCTest, createUser) {
tFreeSCreateUserReq(&req);
});
setCreateUserReq("wxy", "123456");
run("CREATE USER wxy PASS '123456'");
setCreateUserReq("wxy", "12345678@Abc");
run("CREATE USER wxy PASS '12345678@Abc'");
clearCreateUserReq();
setCreateUserReq("wxy1", "a123456", 1);
run("CREATE USER wxy1 PASS 'a123456' SYSINFO 1");
setCreateUserReq("wxy1", "12345678@Abc", 1);
run("CREATE USER wxy1 PASS '12345678@Abc' SYSINFO 1");
clearCreateUserReq();
}

4
source/util/src/terror.c
View File

@ -130,7 +130,7 @@ TAOS_DEFINE_ERROR(TSDB_CODE_TSC_INVALID_VERSION, "Invalid client versio
TAOS_DEFINE_ERROR(TSDB_CODE_TSC_INVALID_IE, "Invalid client ie")
TAOS_DEFINE_ERROR(TSDB_CODE_TSC_INVALID_FQDN, "Invalid host name")
TAOS_DEFINE_ERROR(TSDB_CODE_TSC_INVALID_USER_LENGTH, "Invalid user name")
TAOS_DEFINE_ERROR(TSDB_CODE_TSC_INVALID_PASS_LENGTH, "Invalid password")
TAOS_DEFINE_ERROR(TSDB_CODE_TSC_INVALID_PASS_LENGTH, "Invalid password length")
TAOS_DEFINE_ERROR(TSDB_CODE_TSC_INVALID_DB_LENGTH, "Database name too long")
TAOS_DEFINE_ERROR(TSDB_CODE_TSC_INVALID_TABLE_ID_LENGTH, "Table name too long")
TAOS_DEFINE_ERROR(TSDB_CODE_TSC_INVALID_CONNECTION, "Invalid connection")
@ -695,7 +695,7 @@ TAOS_DEFINE_ERROR(TSDB_CODE_PAR_PERMISSION_DENIED, "Permission denied o
TAOS_DEFINE_ERROR(TSDB_CODE_PAR_INVALID_STREAM_QUERY, "Invalid stream query")
TAOS_DEFINE_ERROR(TSDB_CODE_PAR_INVALID_INTERNAL_PK, "Invalid _c0 or _rowts expression")
TAOS_DEFINE_ERROR(TSDB_CODE_PAR_INVALID_TIMELINE_FUNC, "Invalid timeline function")
TAOS_DEFINE_ERROR(TSDB_CODE_PAR_INVALID_PASSWD, "Invalid password")
TAOS_DEFINE_ERROR(TSDB_CODE_PAR_INVALID_PASSWD, "Invalid password 2")
TAOS_DEFINE_ERROR(TSDB_CODE_PAR_INVALID_ALTER_TABLE, "Invalid alter table statement")
TAOS_DEFINE_ERROR(TSDB_CODE_PAR_CANNOT_DROP_PRIMARY_KEY, "Primary timestamp column cannot be dropped")
TAOS_DEFINE_ERROR(TSDB_CODE_PAR_INVALID_MODIFY_COL, "Only varbinary/binary/nchar/geometry column length could be modified, and the length can only be increased, not decreased")

68
tests/army/cluster/strongPassword.py Normal file
View File

@ -0,0 +1,68 @@
import taos
import sys
import os
import subprocess
import glob
import shutil
import time
from frame.log import *
from frame.cases import *
from frame.sql import *
from frame.srvCtl import *
from frame.caseBase import *
from frame import *
from frame.autogen import *
from frame import epath
# from frame.server.dnodes import *
# from frame.server.cluster import *
class TDTestCase(TBase):
def init(self, conn, logSql, replicaVar=1):
super(TDTestCase, self).init(conn, logSql, replicaVar=1, checkColName="c1")
tdSql.init(conn.cursor(), logSql)
def run(self):
# strong
tdSql.error("create user test pass '12345678' sysinfo 0;", expectErrInfo="Invalid password")
tdSql.execute("create user test pass '12345678@Abc' sysinfo 0;")
tdSql.error("alter user test pass '23456789'", expectErrInfo="Invalid password")
tdSql.execute("alter user test pass '23456789@Abc';")
# change setting
tdSql.execute("ALTER ALL DNODES 'enableStrongPassword' '0'")
time.sleep(3)
# weak
tdSql.execute("create user test1 pass '12345678' sysinfo 0;")
tdSql.execute("alter user test1 pass '12345678';")
# pass length
tdSql.error("alter user test1 pass '1234567';", expectErrInfo="Password too short or empty")
tdSql.error("create user test2 pass '1234567' sysinfo 0;", expectErrInfo="Password too short or empty")
tdSql.error("create user test2 pass '1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456' sysinfo 0;", expectErrInfo="Name or password too long")
tdSql.execute("create user test2 pass '123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345' sysinfo 0;")
cmd = "taos -u test2 -p123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345 -s 'show databases;'"
if os.system(cmd) != 0:
raise Exception("failed to execute system command. cmd: %s" % cmd)
tdSql.error("alter user test2 pass '1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456';", expectErrInfo="Name or password too long")
def stop(self):
tdSql.close()
tdLog.success(f"{__file__} successfully executed")
tdCases.addLinux(__file__, TDTestCase())
tdCases.addWindows(__file__, TDTestCase())

1
tests/parallel_test/cases.task
View File

@ -46,6 +46,7 @@
,,y,army,./pytest.sh python3 ./test.py -f cluster/incSnapshot.py -N 3
,,y,army,./pytest.sh python3 ./test.py -f cluster/clusterBasic.py -N 5
,,y,army,./pytest.sh python3 ./test.py -f cluster/tsdbSnapshot.py -N 3 -M 3
,,y,army,./pytest.sh python3 ./test.py -f cluster/strongPassword.py
,,y,army,./pytest.sh python3 ./test.py -f query/query_basic.py -N 3
,,y,army,./pytest.sh python3 ./test.py -f query/accuracy/test_query_accuracy.py
,,y,army,./pytest.sh python3 ./test.py -f query/accuracy/test_ts5400.py

2
tests/script/tsim/show/basic.sim
View File

@ -230,7 +230,7 @@ endi
sql_error show create stable t0;
sql show variables;
if $rows != 87 then
if $rows != 88 then
return -1
endi

6
tests/script/tsim/user/password.sim
View File

@ -86,7 +86,7 @@ sql create user user_p6 pass 'abcd!@123456'
sql create user user_p7 pass 'abcd!@1234567'
sql create user user_p8 pass 'abcd!@123456789'
sql create user user_p9 pass 'abcd!@1234567890'
sql_error create user user_p10 pass 'abcd!@1234567890T'
sql_error create user user_p10 pass 'abcd!@123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345T'
sql drop user user_p2
sql drop user user_p3
sql drop user user_p4
@ -273,9 +273,9 @@ sql create user u27 pass 'taosdata1.'
sql CREATE USER `_xTest1` PASS '2729c41a99b2c5222aa7dd9fc1ce3de7' SYSINFO 1 CREATEDB 0 IS_IMPORT 1 HOST '127.0.0.1';
sql_error CREATE USER `_xTest2` PASS '2729c41a99b2c5222aa7dd9fc1ce3de7' SYSINFO 1 CREATEDB 0 IS_IMPORT 0 HOST '127.0.0.1';
sql CREATE USER `_xTest3` PASS '2729c41' SYSINFO 1 CREATEDB 0 IS_IMPORT 1 HOST '127.0.0.1';
sql_error CREATE USER `_xTest3` PASS '2729c41' SYSINFO 1 CREATEDB 0 IS_IMPORT 1 HOST '127.0.0.1';
sql_error CREATE USER `_xTest4` PASS '2729c417' SYSINFO 1 CREATEDB 0 IS_IMPORT 0 HOST '127.0.0.1';
sql CREATE USER `_xTest5` PASS '2xF' SYSINFO 1 CREATEDB 0 IS_IMPORT 1 HOST '127.0.0.1';
sql_error CREATE USER `_xTest5` PASS '2xF' SYSINFO 1 CREATEDB 0 IS_IMPORT 1' HOST '127.0.0.1';
sql_error CREATE USER `_xTest6` PASS '2xF' SYSINFO 1 CREATEDB 0 IS_IMPORT 0 HOST '127.0.0.1';

2
tests/script/tsim/valgrind/checkError1.sim
View File

@ -120,7 +120,7 @@ if $rows != 3 then
endi
sql show variables;
if $rows != 87 then
if $rows != 88 then
return -1
endi

2
tests/system-test/1-insert/boundary.py
View File

@ -33,7 +33,7 @@ class TDTestCase:
self.colname_length_boundary = self.boundary.COL_KEY_MAX_LENGTH
self.tagname_length_boundary = self.boundary.TAG_KEY_MAX_LENGTH
self.username_length_boundary = 23
self.password_length_boundary = 14
self.password_length_boundary = 253
def dbname_length_check(self):
dbname_length = randint(1,self.dbname_length_boundary-1)
for dbname in [tdCom.get_long_name(self.dbname_length_boundary),tdCom.get_long_name(dbname_length)]:

2
tests/system-test/2-query/db.py
View File

@ -47,7 +47,7 @@ class TDTestCase:
def case2(self):
tdSql.query("show variables")
tdSql.checkRows(87)
tdSql.checkRows(88)
for i in range(self.replicaVar):
tdSql.query("show dnode %d variables like 'debugFlag'" % (i + 1))

2
tools/shell/inc/shellInt.h
View File

@ -65,7 +65,7 @@ typedef struct {
const char* commands;
const char* netrole;
char file[PATH_MAX];
char password[TSDB_USET_PASSWORD_LEN];
char password[TSDB_USET_PASSWORD_LONGLEN];
bool is_gen_auth;
bool is_bi_mode;
bool is_raw_time;