database/doris
2
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

[Enhance](fe) Support setting initial root password when FE firstly launch (#27438)

Browse Source
This commit is contained in:
DuRipeng
2023-11-27 11:03:27 +08:00
committed by GitHub
parent d0fea8db27
commit 9aafcf2e22
6 changed files with 81 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
fe/fe-core/src/main/java/org/apache/doris/catalog/Env.java
View File

@ -1423,6 +1423,8 @@ public class Env {
editLog.logAddFirstFrontend(self);
initLowerCaseTableNames();
// Set initial root password if master FE first time launch.
auth.setInitialRootPassword(Config.initial_root_password);
} else {
if (journalVersion <= FeMetaVersion.VERSION_114) {
// if journal version is less than 114, which means it is upgraded from version before 2.0.

25
fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java
View File

@ -55,6 +55,7 @@ import org.apache.doris.datasource.InternalCatalog;
import org.apache.doris.ldap.LdapManager;
import org.apache.doris.ldap.LdapUserInfo;
import org.apache.doris.load.DppConfig;
import org.apache.doris.mysql.MysqlPassword;
import org.apache.doris.persist.AlterUserOperationLog;
import org.apache.doris.persist.LdapInfo;
import org.apache.doris.persist.PrivInfo;
@ -70,6 +71,7 @@ import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
@ -1349,6 +1351,29 @@ public class Auth implements Writable {
}
}
public void setInitialRootPassword(String initialRootPassword) {
// Skip set root password if `initial_root_password` set to empty string
if (StringUtils.isEmpty(initialRootPassword)) {
return;
}
byte[] scramble;
try {
scramble = MysqlPassword.checkPassword(initialRootPassword);
} catch (AnalysisException e) {
// Skip set root password if `initial_root_password` is not valid 2-staged SHA-1 encrypted
LOG.warn("initial_root_password [{}] is not valid 2-staged SHA-1 encrypted, ignore it",
initialRootPassword);
return;
}
UserIdentity rootUser = new UserIdentity(ROOT_USER, "%");
rootUser.setIsAnalyzed();
try {
setPasswordInternal(rootUser, scramble, null, false, false, false);
} catch (DdlException e) {
LOG.warn("Fail to set initial root password, ignore it", e);
}
}
public List<List<String>> getRoleInfo() {
readLock();
try {