You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@servicecomb.apache.org by ti...@apache.org on 2021/03/16 06:46:42 UTC

[servicecomb-service-center] branch master updated: password can be decrypted (#897)

This is an automated email from the ASF dual-hosted git repository.

tianxiaoliang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/servicecomb-service-center.git


The following commit(s) were added to refs/heads/master by this push:
     new 1ace350  password can be decrypted (#897)
1ace350 is described below

commit 1ace3502372be568f8bae4df29210f4571ed5287
Author: Shawn <xi...@gmail.com>
AuthorDate: Tue Mar 16 14:46:36 2021 +0800

    password can be decrypted (#897)
---
 server/service/rbac/rbac.go | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/server/service/rbac/rbac.go b/server/service/rbac/rbac.go
index 67ca5f1..4268c38 100644
--- a/server/service/rbac/rbac.go
+++ b/server/service/rbac/rbac.go
@@ -46,6 +46,7 @@ var (
 	ErrNoPermChangeAccount  = errors.New("can not change other account password")
 	ErrWrongPassword        = errors.New("current pwd is wrong")
 	ErrSamePassword         = errors.New("the password can not be same as old one")
+	ErrEmptyPassword        = errors.New("empty password")
 )
 
 //Init decide whether enable rbac function and save root account to db
@@ -110,8 +111,8 @@ func readPublicKey() {
 }
 func initFirstTime(admin string) {
 	//handle root account
-	pwd := archaius.GetString(InitPassword, "")
-	if pwd == "" {
+	pwd, err := getPassword()
+	if err != nil {
 		log.Fatal("can not enable rbac, password is empty", nil)
 	}
 	a := &rbac.Account{
@@ -119,7 +120,7 @@ func initFirstTime(admin string) {
 		Password: pwd,
 		Roles:    []string{rbacframe.RoleAdmin},
 	}
-	err := service.ValidateCreateAccount(a)
+	err = service.ValidateCreateAccount(a)
 	if err != nil {
 		log.Fatal("invalid pwd", err)
 		return
@@ -134,6 +135,20 @@ func initFirstTime(admin string) {
 	log.Info("root account init success")
 }
 
+func getPassword() (string, error) {
+	p := archaius.GetString(InitPassword, "")
+	if p == "" {
+		log.Fatal("can not enable rbac, password is empty", nil)
+		return "", ErrEmptyPassword
+	}
+	d, err := cipher.Decrypt(p)
+	if err != nil {
+		log.Warn("cipher fallback: " + err.Error())
+		return p, nil
+	}
+	return d, nil
+}
+
 func Enabled() bool {
 	return config.GetRBAC().EnableRBAC
 }
@@ -148,6 +163,7 @@ func privateKey() string {
 	ep := archaius.GetString("rbac_private_key", "")
 	p, err := cipher.Decrypt(ep)
 	if err != nil {
+		log.Warn("cipher fallback: " + err.Error())
 		return ep
 	}
 	return p