From ed61b63d5181b081ed7173dff5426f0fdd2de772 Mon Sep 17 00:00:00 2001 From: openGaussDev Date: Mon, 2 Sep 2024 16:00:52 +0800 Subject: [PATCH] =?UTF-8?q?modify=20the=20max=20password=20length=20of=20'?= =?UTF-8?q?gs=5Fguc=20encrypt/generate'=20from=2016=20to=2015=20=EF=BC=88c?= =?UTF-8?q?herry=20picked=20commit=20from=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/bin/gs_guc/pg_guc.cpp | 24 ++++++++++--------- src/common/port/cipher.cpp | 6 ++--- src/include/cipher.h | 3 ++- src/test/regress/output/gs_encrypt.source | 4 ++-- src/test/regress/output/gs_guc.source | 4 ++-- .../regress/wastebin/output/guc_help.source | 4 ++-- 6 files changed, 24 insertions(+), 21 deletions(-) diff --git a/src/bin/gs_guc/pg_guc.cpp b/src/bin/gs_guc/pg_guc.cpp index 635ddabbd..1bf7ab648 100644 --- a/src/bin/gs_guc/pg_guc.cpp +++ b/src/bin/gs_guc/pg_guc.cpp @@ -1985,7 +1985,8 @@ static void do_help_encrypt_options(void) (void)printf(_("\nOptions for encrypt: \n")); (void)printf(_(" -M, --keymode=MODE the cipher files will be applies in server, client or source,default " "value is server mode\n")); - (void)printf(_(" -K PASSWORD the plain password you want to encrypt, which length should between 8~16 and at least 3 different types of characters\n")); + (void)printf(_(" -K PASSWORD the plain password you want to encrypt, which length should between " + "8~15 and at least 3 different types of characters\n")); (void)printf(_(" -U, --keyuser=USER if appointed, the cipher files will name with the user name\n")); (void)printf(_(" -R RANDFILEDIR set the dir that put the rand file\n")); (void)printf(_(" -C CIPHERFILEDIR set the dir that put the cipher file\n")); @@ -1997,7 +1998,8 @@ static void do_help_generate_options(void) (void)printf(_("\nOptions for generate: \n")); (void)printf(_(" -o PREFIX the cipher files prefix. default value is obsserver\n")); - (void)printf(_(" -S CIPHERKEY the plain password you want to encrypt, which length should between 8~16 and at least 3 different types of characters\n")); + (void)printf(_(" -S CIPHERKEY the plain password you want to encrypt, which length should between " + "8~15 and at least 3 different types of characters\n")); } /* @@ -2367,11 +2369,11 @@ void checkDataDir(const char* datadir) void checkCipherkey() { if (g_cipherkey == NULL) { - g_cipherkey = simple_prompt("Password: ", MAX_KEY_LEN + 1, false); - if (!check_input_password(g_cipherkey)) { + g_cipherkey = simple_prompt("Password: ", MAX_GUC_PASS_LEN + 1, false); + if (!check_input_password(g_cipherkey, MAX_GUC_PASS_LEN)) { write_stderr(_("%s: The input key must be %d~%d bytes and " "contain at least three kinds of characters!\n"), - progname, MIN_KEY_LEN, MAX_KEY_LEN); + progname, MIN_KEY_LEN, MAX_GUC_PASS_LEN); do_advice(); exit(1); } @@ -2421,10 +2423,10 @@ void doGenerateOperation(const char* datadir, const char* loginfo) OPENSSL_free(g_cipherkey); g_cipherkey = NULL; } else { - if (!check_input_password(g_cipherkey)) { + if (!check_input_password(g_cipherkey, MAX_GUC_PASS_LEN)) { write_stderr(_("%s: The input key must be %d~%d bytes and " "contain at least three kinds of characters!\n"), - progname, MIN_KEY_LEN, MAX_KEY_LEN); + progname, MIN_KEY_LEN, MAX_GUC_PASS_LEN); GS_FREE(g_cipherkey); do_advice(); exit(1); @@ -2848,7 +2850,7 @@ int main(int argc, char** argv) } case 'K': { char key_str[MAX_KEY_LEN] = {0}; - if (!check_input_password(optarg)) { + if (!check_input_password(optarg, MAX_GUC_PASS_LEN)) { do_advice(); exit(1); } @@ -3749,11 +3751,11 @@ static void check_encrypt_options(void) return; } if (g_plainkey == NULL) { - g_plainkey = simple_prompt("Password: ", MAX_KEY_LEN + 1, false); - if (!check_input_password(g_plainkey)) { + g_plainkey = simple_prompt("Password: ", MAX_GUC_PASS_LEN + 1, false); + if (!check_input_password(g_plainkey, MAX_GUC_PASS_LEN)) { write_stderr(_("%s: The input key must be %d~%d bytes and " "contain at least three kinds of characters!\n"), - progname, MIN_KEY_LEN, MAX_KEY_LEN); + progname, MIN_KEY_LEN, MAX_GUC_PASS_LEN); do_advice(); exit(1); } diff --git a/src/common/port/cipher.cpp b/src/common/port/cipher.cpp index ba93f0ade..910fa0991 100644 --- a/src/common/port/cipher.cpp +++ b/src/common/port/cipher.cpp @@ -102,7 +102,7 @@ bool init_vector_random(GS_UCHAR* init_vector, size_t vector_len) } /* check whether the input password(for key derivation) meet the requirements of the length and complexity */ -bool check_input_password(const char* password) +bool check_input_password(const char* password, int maxlen) { #define PASSWD_KINDS 4 int key_input_len = 0; @@ -119,8 +119,8 @@ bool check_input_password(const char* password) (void)fprintf(stderr, _("Invalid password,it must contain at least eight characters\n")); return false; } - if (key_input_len > MAX_KEY_LEN) { - (void)fprintf(stderr, _("Invalid password,the length exceed %d\n"), MAX_KEY_LEN); + if (key_input_len > maxlen) { + (void)fprintf(stderr, _("Invalid password,the length exceed %d\n"), maxlen); return false; } ptr = password; diff --git a/src/include/cipher.h b/src/include/cipher.h index d5b48e4ae..baab58841 100644 --- a/src/include/cipher.h +++ b/src/include/cipher.h @@ -65,6 +65,7 @@ typedef unsigned char GS_UCHAR; #define MAC_LEN 20 #define MIN_KEY_LEN 8 #define MAX_KEY_LEN 16 +#define MAX_GUC_PASS_LEN 15 #define AK_LEN 512 #define SK_LEN 512 #define AK_VALID_CHRS "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" @@ -119,7 +120,7 @@ extern void gen_cipher_rand_files( KeyMode mode, const char* plain_key, const char* user_name, const char* datadir, const char* preStr); extern void decode_cipher_files( KeyMode mode, const char* user_name, const char* datadir, GS_UCHAR* plainpwd, bool obs_server_mode = false); -extern bool check_input_password(const char* password); +extern bool check_input_password(const char* password, int maxlen = MAX_KEY_LEN); extern bool EncryptInputKey(GS_UCHAR* pucPlainText, GS_UCHAR* initrand, GS_UCHAR* keySaltVector, GS_UCHAR* encryptVector, GS_UCHAR* pucCipherText, GS_UINT32* pulCLen); extern bool ReadContentFromFile(const char* filename, void* content, size_t csize); diff --git a/src/test/regress/output/gs_encrypt.source b/src/test/regress/output/gs_encrypt.source index 5aa3daf68..22695620d 100644 --- a/src/test/regress/output/gs_encrypt.source +++ b/src/test/regress/output/gs_encrypt.source @@ -36,9 +36,9 @@ --?.* \! @abs_bindir@/gs_encrypt -B MTIzNDU2Nzg5MGFiY2RlZg== -v 0123456789abcdef plaintext Invalid password,it must contain at least three kinds of characters -gs_encrypt: The input key must be 8~16 bytes and contain at least three kinds of characters! +gs_encrypt: The input key must be 8~15 bytes and contain at least three kinds of characters! \! @abs_bindir@/gs_encrypt -B MTIzNDU2Nzg5MGFiY2RlZg== -D MTIzNDU2Nzg5MGFiY2RlZg== plaintext Invalid password,it must contain at least three kinds of characters -gs_encrypt: The input key must be 8~16 bytes and contain at least three kinds of characters! +gs_encrypt: The input key must be 8~15 bytes and contain at least three kinds of characters! \! rm -f @abs_bindir@/tde.key.cipher \! rm -f @abs_bindir@/tde.key.rand diff --git a/src/test/regress/output/gs_guc.source b/src/test/regress/output/gs_guc.source index a2f0b7d4e..eb4aacd79 100644 --- a/src/test/regress/output/gs_guc.source +++ b/src/test/regress/output/gs_guc.source @@ -68,7 +68,7 @@ Options for set and reload with -h host-auth-policy: Options for encrypt: -M, --keymode=MODE the cipher files will be applies in server, client or source,default value is server mode - -K PASSWORD the plain password you want to encrypt, which length should between 8~16 and at least 3 different types of characters + -K PASSWORD the plain password you want to encrypt, which length should between 8~15 and at least 3 different types of characters -U, --keyuser=USER if appointed, the cipher files will name with the user name -R RANDFILEDIR set the dir that put the rand file -C CIPHERFILEDIR set the dir that put the cipher file @@ -76,7 +76,7 @@ Options for encrypt: Options for generate: -o PREFIX the cipher files prefix. default value is obsserver - -S CIPHERKEY the plain password you want to encrypt, which length should between 8~16 and at least 3 different types of characters + -S CIPHERKEY the plain password you want to encrypt, which length should between 8~15 and at least 3 different types of characters -----Check(GUC) \! /usr3/data1/jiangyan/openGauss-server/src/test/regress/./tmp_check/install//data1/jiangyan/openGauss-server//dest/bin/gs_guc check -D /usr3/data1/jiangyan/openGauss-server/src/test/regress/tmp_check/datanode1/ -c cstore_buffers The gs_guc run with the following arguments: [/usr3/data1/jiangyan/openGauss-server/src/test/regress/./tmp_check/install//data1/jiangyan/openGauss-server//dest/bin/gs_guc -D /usr3/data1/jiangyan/openGauss-server/src/test/regress/tmp_check/datanode1/ -c cstore_buffers check ]. diff --git a/src/test/regress/wastebin/output/guc_help.source b/src/test/regress/wastebin/output/guc_help.source index 05d95c797..45c808c7c 100644 --- a/src/test/regress/wastebin/output/guc_help.source +++ b/src/test/regress/wastebin/output/guc_help.source @@ -53,7 +53,7 @@ Options for set and reload with -h host-auth-policy: Options for encrypt: -M, --keymode=MODE the cipher files will be applies in server, client or source,default value is server mode - -K PASSWORD the plain password you want to encrypt, which length should between 8~16 and at least 3 different types of characters + -K PASSWORD the plain password you want to encrypt, which length should between 8~15 and at least 3 different types of characters -U, --keyuser=USER if appointed, the cipher files will name with the user name -R RANDFILEDIR set the dir that put the rand file -C CIPHERFILEDIR set the dir that put the cipher file @@ -61,4 +61,4 @@ Options for encrypt: Options for generate: -o PREFIX the cipher files prefix. default value is obsserver - -S CIPHERKEY the plain password you want to encrypt, which length should between 8~16 and at least 3 different types of characters + -S CIPHERKEY the plain password you want to encrypt, which length should between 8~15 and at least 3 different types of characters