database/doris
2
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

[Enchancement](auth) Forbid to login doris from 127.0.0.1 without password (#18816)

Browse Source 
* forbid to login from 127.0.0.1 without password

* add localhost limit

* rename
This commit is contained in:
WenYao
2023-04-23 13:56:31 +08:00
committed by GitHub
parent 61b44108e2
commit 166bed11d4
5 changed files with 16 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java
View File

@ -38,6 +38,7 @@ import org.apache.doris.cluster.ClusterNamespace;
import org.apache.doris.common.AnalysisException;
import org.apache.doris.common.AuthenticationException;
import org.apache.doris.common.AuthorizationException;
import org.apache.doris.common.Config;
import org.apache.doris.common.DdlException;
import org.apache.doris.common.ErrorCode;
import org.apache.doris.common.ErrorReport;
@ -170,8 +171,9 @@ public class Auth implements Writable {
*/
public void checkPassword(String remoteUser, String remoteHost, byte[] remotePasswd, byte[] randomString,
List<UserIdentity> currentUser) throws AuthenticationException {
if ((remoteUser.equals(ROOT_USER) || remoteUser.equals(ADMIN_USER)) && remoteHost.equals("127.0.0.1")) {
// root and admin user is allowed to login from 127.0.0.1, in case user forget password.
if ((ROOT_USER.equals(remoteUser) || ADMIN_USER.equals(remoteUser)) && Config.skip_localhost_auth_check
&& "127.0.0.1".equals(remoteHost)) {
// in case user forget password.
if (remoteUser.equals(ROOT_USER)) {
currentUser.add(UserIdentity.ROOT);
} else {