Abandon encrypt_key when setting log_archive_dest/data_backup_dest/log_restore_source

2023-09-22 07:40:07 +00:00 · 2023-09-22 07:40:07 +00:00 · 6ec6205533
commit 6ec6205533
parent 08105af756
5 changed files with 32 additions and 3 deletions
--- a/src/rootserver/restore/ob_restore_util.cpp
+++ b/src/rootserver/restore/ob_restore_util.cpp
@ -264,7 +264,7 @@ int ObRestoreUtil::get_encrypt_backup_dest_format_str(
    int64_t pos = 0;
    for (int i = 0; OB_SUCC(ret) && i < original_dest_list.count(); i++) {
      const common::ObString &item = original_dest_list.at(i);
-      if (OB_FAIL(dest.set(item))) {
+      if (OB_FAIL(dest.set_without_decryption(item))) {
        LOG_WARN("failed to push back", KR(ret), K(item));
      } else if (OB_FAIL(dest.get_backup_dest_str(encrypt_str, sizeof(encrypt_str)))) {
        LOG_WARN("failed to get backup dest str", KR(ret), K(item));
--- a/src/share/backup/ob_backup_config.cpp
+++ b/src/share/backup/ob_backup_config.cpp
@ -402,7 +402,7 @@ int ObDataBackupDestConfigParser::parse_from(const common::ObSqlString &value)
  share::BackupConfigItemPair pair;
  ObBackupPathString path;
  if (value.empty()) { // allow user to set backup_data_dest = "";
-  } else if (OB_FAIL(backup_dest.set(value.ptr()))) {
+  } else if (OB_FAIL(backup_dest.set_without_decryption(value.string()))) {
    LOG_WARN("fail to set backup dest", K(ret));
  } else if (OB_FAIL(backup_dest.get_backup_dest_str(path.ptr(), path.capacity()))) {
    LOG_WARN("fail to get path", K(ret));
--- a/src/share/backup/ob_backup_struct.cpp
+++ b/src/share/backup/ob_backup_struct.cpp
@ -1528,6 +1528,28 @@ int ObBackupDest::set(const char *root_path, const ObBackupStorageInfo *storage_
  return ret;
 }

+// check if backup_dest contains "encrypt_key=" then set
+int ObBackupDest::set_without_decryption(const common::ObString &backup_dest) {
+  int ret = OB_SUCCESS;
+  ObArenaAllocator allocator;
+  char *backup_dest_str = nullptr;
+  char *result = nullptr;
+  if (OB_ISNULL(backup_dest_str = reinterpret_cast<char *>(allocator.alloc(backup_dest.length() + 1)))) {
+    ret = OB_ALLOCATE_MEMORY_FAILED;
+    LOG_WARN("allocate memory failed" ,KR(ret));
+  } else {
+    MEMCPY(backup_dest_str, backup_dest.ptr(), backup_dest.length());
+    backup_dest_str[backup_dest.length()] = '\0';
+    if (OB_NOT_NULL(result = strstr(backup_dest_str, ENCRYPT_KEY))) {
+      ret = OB_INVALID_BACKUP_DEST;
+      LOG_WARN("backup destination should not contain encrypt_key", K(ret), K(backup_dest_str));
+      LOG_USER_ERROR(OB_INVALID_BACKUP_DEST, "backup destination contains encrypt_key, which");
+    } else if (OB_FAIL(set(backup_dest_str))) {
+      LOG_WARN("fail to set backup dest", K(ret));
+    }
+  }
+  return ret;
+}

 void ObBackupDest::root_path_trim_()
 {
@ -4034,7 +4056,7 @@ int ObLogArchiveDestAtrr::set_log_archive_dest(const common::ObString &str)
  if (str.empty()) {
    ret = OB_INVALID_ARGUMENT;
     LOG_WARN("invalid args", K(ret), K(str));
-  } else if (OB_FAIL(dest_.set(str.ptr()))) {
+  } else if (OB_FAIL(dest_.set_without_decryption(str))) {
    LOG_WARN("fail to set dest", K(ret));
  }
  return ret;
--- a/src/share/backup/ob_backup_struct.h
+++ b/src/share/backup/ob_backup_struct.h
@ -909,6 +909,7 @@ public:
      const char *extension);
  int set(const char *root_path, const char *storage_info);
  int set(const char *root_path, const ObBackupStorageInfo *storage_info);
+  int set_without_decryption(const common::ObString &backup_dest);
  void reset();
  bool is_valid() const;
  bool is_root_path_equal(const ObBackupDest &backup_dest) const;
--- a/unittest/share/backup/test_backup_struct.cpp
+++ b/unittest/share/backup/test_backup_struct.cpp
@ -132,6 +132,9 @@ TEST(ObBackupDest, oss_encrypt)
  ObBackupDest dest1;
  ASSERT_EQ(OB_SUCCESS, dest1.set(path, endpoint, authorization, extension));
  ASSERT_TRUE(dest == dest1);
+  ObString backup_test_str(backup_test);
+  ObBackupDest dest2;
+  ASSERT_EQ(OB_INVALID_BACKUP_DEST, dest2.set_without_decryption(backup_test_str));

  char backup_dest_str[OB_MAX_BACKUP_DEST_LENGTH] = { 0 };
  char backup_path_str[OB_MAX_BACKUP_DEST_LENGTH] = { 0 };
@ -199,6 +202,9 @@ TEST(ObBackupDest, cos_encrypt)
  ObBackupDest dest1;
  ASSERT_EQ(OB_SUCCESS, dest1.set(path, endpoint, authorization, extension));
  ASSERT_TRUE(dest == dest1);
+  ObString backup_test_str(backup_test);
+  ObBackupDest dest2;
+  ASSERT_EQ(OB_INVALID_BACKUP_DEST, dest2.set_without_decryption(backup_test_str));

  char backup_dest_str[OB_MAX_BACKUP_DEST_LENGTH] = { 0 };
  char backup_path_str[OB_MAX_BACKUP_DEST_LENGTH] = { 0 };