mirror of
https://github.com/GreptimeTeam/greptimedb.git
synced 2026-07-03 20:40:37 +00:00
* feat: add password verifier formats Signed-off-by: Dennis Zhuang <killme2008@gmail.com> * fix: harden password verifier parsing and auth config errors - Reject pbkdf2_sha256 verifiers whose hash is not 32 bytes and bound the salt length, preventing short-hash verifiers from matching on a prefix. - Verify pbkdf2_sha256 with a stack-allocated buffer. - Report only the length, not the bytes, when a mysql native password verifier has an illegal length. - Map empty frontend_auth credentials to an invalid-config error instead of an internal error. Signed-off-by: Dennis Zhuang <killme2008@gmail.com> * chore: update config.md Signed-off-by: Dennis Zhuang <killme2008@gmail.com> * fix: skip non-plain verifiers in get_one_user_pwd Pick the first plain-text credential instead of failing when the first user happens to hold a hashed verifier. Signed-off-by: Dennis Zhuang <killme2008@gmail.com> * fix: format Signed-off-by: Dennis Zhuang <killme2008@gmail.com> * chore: remove unused get_one_user_pwd Internal flownode-to-frontend communication no longer authenticates (see #8244), so the plain-text credential export path is dead code. Drop get_one_user_pwd, its now-orphan as_plain_text helper, and the related tests. Signed-off-by: Dennis Zhuang <killme2008@gmail.com> --------- Signed-off-by: Dennis Zhuang <killme2008@gmail.com>