database/mariadb-columnstore-engine
1
0
Fork 0
mirror of https://github.com/mariadb-corporation/mariadb-columnstore-engine.git synced 2025-07-29 08:21:15 +03:00
Code Activity

MCOL-1175: add ability to encrypt CEJ password and use in Columnstore.xml (#2045)

Browse Source
This commit is contained in:
benthompson15
2021-07-13 11:42:36 -05:00
committed by GitHub
parent d802407c50
commit 2ae3da45eb
10 changed files with 1204 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

81
tools/passwd/secrets.h Normal file
View File

@ -0,0 +1,81 @@
/*
* Copyright (c) 2018 MariaDB Corporation Ab
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file and at www.mariadb.com/bsl11.
*
* Change Date: 2025-05-25
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2 or later of the General
* Public License.
*/
#include <vector>
#include <string>
#include "idberrorinfo.h"
#include "logger.h"
class CSPasswdLogging
{
public:
static CSPasswdLogging *get();
~CSPasswdLogging();
void log(int priority, const char *format, ...);
private:
CSPasswdLogging();
};
/**
* Decrypt an encrypted password using the key loaded at startup. If the password is not encrypted,
* ie is not a HEX string, return the original.
*
* @param input The encrypted password
* @return The decrypted password.
*/
std::string decrypt_password(const std::string& input);
#include <memory>
using ByteVec = std::vector<uint8_t>;
struct evp_cipher_st;
extern const char* const SECRETS_FILENAME;
/**
* Returns the cipher used for password encryption.
*
* @return Cipher
*/
const evp_cipher_st* secrets_cipher();
/**
* Returns encryption key length.
*
* @return Encryption key length
*/
int secrets_keylen();
/**
* Returns initialization vector length.
*
* @return initialization vector length
*/
int secrets_ivlen();
bool load_encryption_keys();
std::string encrypt_password_old(const ByteVec& key, const ByteVec& iv, const std::string& input);
std::string encrypt_password(const ByteVec& key, const std::string& input);
std::string decrypt_password_old(const ByteVec& key, const ByteVec& iv, const std::string& input);
std::string decrypt_password(const ByteVec& key, const std::string& input);
struct ReadKeyResult
{
bool ok {false};
ByteVec key;
ByteVec iv;
};
ReadKeyResult secrets_readkeys(const std::string& filepath);
bool secrets_write_keys(const ByteVec& key, const std::string& filepath, const std::string& owner);