From 95a3830dc6768e5feff9c72036e9019acc402ff2 Mon Sep 17 00:00:00 2001 From: codeman <68629395+aakejiang@users.noreply.github.com> Date: Wed, 29 Jun 2022 20:02:18 +0800 Subject: [PATCH] fix password comparison too slow (#17874) (#17897) Signed-off-by: kejiang Co-authored-by: kejiang --- .gitignore | 3 + internal/proto/internal.proto | 3 + internal/proto/internalpb/internal.pb.go | 287 ++++++++++--------- internal/proto/proxy.proto | 1 + internal/proto/proxypb/proxy.pb.go | 13 +- internal/proto/root_coord.proto | 2 +- internal/proto/rootcoordpb/root_coord.pb.go | 2 +- internal/proxy/authentication_interceptor.go | 2 +- internal/proxy/impl.go | 8 +- internal/proxy/meta_cache.go | 9 +- internal/proxy/proxy_test.go | 4 +- internal/rootcoord/root_coord.go | 51 ++-- internal/util/crypto/crypto.go | 28 +- internal/util/crypto/crypto_test.go | 73 +++-- 14 files changed, 274 insertions(+), 212 deletions(-) diff --git a/.gitignore b/.gitignore index 6df0593d37..ed54ca864a 100644 --- a/.gitignore +++ b/.gitignore @@ -14,6 +14,8 @@ internal/core/build/* **/.idea/* internal/msgstream/pulsarms/client-cpp/build/ internal/msgstream/pulsarms/client-cpp/build/* +internal/kv/rocksdb/cwrapper/output/ +tests/python_client/default.etcd/ # vscode generated files .vscode @@ -55,6 +57,7 @@ lib/ .DS_Store *.sw[po] cwrapper_build +cwrapper_rocksdb_build/ **/.clangd/* **/compile_commands.json **/.lint diff --git a/internal/proto/internal.proto b/internal/proto/internal.proto index 27be877f93..1bb93787e3 100644 --- a/internal/proto/internal.proto +++ b/internal/proto/internal.proto @@ -280,9 +280,12 @@ message ClearCredUsersCacheRequest { message CredentialInfo { string username = 1; + // encrypted by bcrypt (for higher security level) string encrypted_password = 2; string tenant = 3; bool is_super = 4; + // encrypted by sha256 (for good performance in cache mapping) + string sha256_password = 5; } message ListPolicyRequest { diff --git a/internal/proto/internalpb/internal.pb.go b/internal/proto/internalpb/internal.pb.go index e4589b626e..4eff3ca92b 100644 --- a/internal/proto/internalpb/internal.pb.go +++ b/internal/proto/internalpb/internal.pb.go @@ -2361,10 +2361,13 @@ func (m *ClearCredUsersCacheRequest) XXX_DiscardUnknown() { var xxx_messageInfo_ClearCredUsersCacheRequest proto.InternalMessageInfo type CredentialInfo struct { - Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"` - EncryptedPassword string `protobuf:"bytes,2,opt,name=encrypted_password,json=encryptedPassword,proto3" json:"encrypted_password,omitempty"` - Tenant string `protobuf:"bytes,3,opt,name=tenant,proto3" json:"tenant,omitempty"` - IsSuper bool `protobuf:"varint,4,opt,name=is_super,json=isSuper,proto3" json:"is_super,omitempty"` + Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"` + // encrypted by bcrypt (for higher security level) + EncryptedPassword string `protobuf:"bytes,2,opt,name=encrypted_password,json=encryptedPassword,proto3" json:"encrypted_password,omitempty"` + Tenant string `protobuf:"bytes,3,opt,name=tenant,proto3" json:"tenant,omitempty"` + IsSuper bool `protobuf:"varint,4,opt,name=is_super,json=isSuper,proto3" json:"is_super,omitempty"` + // encrypted by sha256 (for good performance in cache mapping) + Sha256Password string `protobuf:"bytes,5,opt,name=sha256_password,json=sha256Password,proto3" json:"sha256_password,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -2423,6 +2426,13 @@ func (m *CredentialInfo) GetIsSuper() bool { return false } +func (m *CredentialInfo) GetSha256Password() string { + if m != nil { + return m.Sha256Password + } + return "" +} + type ListPolicyRequest struct { // Not useful for now Base *commonpb.MsgBase `protobuf:"bytes,1,opt,name=base,proto3" json:"base,omitempty"` @@ -2554,139 +2564,140 @@ func init() { func init() { proto.RegisterFile("internal.proto", fileDescriptor_41f4a519b878ee3b) } var fileDescriptor_41f4a519b878ee3b = []byte{ - // 2137 bytes of a gzipped FileDescriptorProto + // 2153 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x59, 0xcd, 0x73, 0x1c, 0x47, - 0x15, 0xcf, 0xec, 0xac, 0xb4, 0xbb, 0x6f, 0x57, 0xab, 0x55, 0x5b, 0x76, 0xc6, 0xb2, 0x93, 0xc8, - 0x93, 0x00, 0xc2, 0x26, 0xb6, 0x51, 0x42, 0x92, 0x02, 0x0a, 0xc7, 0xd2, 0x06, 0xb3, 0xe5, 0x0f, - 0xc4, 0xc8, 0x71, 0x15, 0x5c, 0xa6, 0x7a, 0x77, 0x5a, 0xab, 0xc6, 0x33, 0xd3, 0xe3, 0xee, 0x1e, - 0xc9, 0xeb, 0x13, 0x07, 0x4e, 0x50, 0x70, 0xe3, 0x42, 0x15, 0x9c, 0xf9, 0x0f, 0xb8, 0x41, 0x15, - 0xa7, 0x9c, 0x38, 0x71, 0xe1, 0x5f, 0xa1, 0x38, 0x50, 0xfd, 0x31, 0xbb, 0xb3, 0xab, 0x95, 0x2c, - 0x29, 0x15, 0xe2, 0x54, 0xe5, 0x36, 0xfd, 0xde, 0xeb, 0xee, 0xf7, 0xf1, 0x7b, 0xaf, 0xdf, 0xdb, - 0x85, 0x36, 0x4d, 0x25, 0xe1, 0x29, 0x8e, 0x6f, 0x66, 0x9c, 0x49, 0x86, 0x2e, 0x26, 0x34, 0x3e, - 0xc8, 0x85, 0x59, 0xdd, 0x2c, 0x98, 0x6b, 0xad, 0x01, 0x4b, 0x12, 0x96, 0x1a, 0xf2, 0x5a, 0x4b, - 0x0c, 0xf6, 0x49, 0x82, 0xcd, 0xca, 0xff, 0x9b, 0x03, 0x4b, 0xdb, 0x2c, 0xc9, 0x58, 0x4a, 0x52, - 0xd9, 0x4b, 0xf7, 0x18, 0xba, 0x04, 0x8b, 0x29, 0x8b, 0x48, 0xaf, 0xeb, 0x39, 0xeb, 0xce, 0x86, - 0x1b, 0xd8, 0x15, 0x42, 0x50, 0xe5, 0x2c, 0x26, 0x5e, 0x65, 0xdd, 0xd9, 0x68, 0x04, 0xfa, 0x1b, - 0xdd, 0x01, 0x10, 0x12, 0x4b, 0x12, 0x0e, 0x58, 0x44, 0x3c, 0x77, 0xdd, 0xd9, 0x68, 0x6f, 0xae, - 0xdf, 0x9c, 0xab, 0xc5, 0xcd, 0x5d, 0x25, 0xb8, 0xcd, 0x22, 0x12, 0x34, 0x44, 0xf1, 0x89, 0x3e, - 0x06, 0x20, 0xcf, 0x25, 0xc7, 0x21, 0x4d, 0xf7, 0x98, 0x57, 0x5d, 0x77, 0x37, 0x9a, 0x9b, 0xd7, - 0xa6, 0x0f, 0xb0, 0xca, 0xdf, 0x27, 0xa3, 0x27, 0x38, 0xce, 0xc9, 0x0e, 0xa6, 0x3c, 0x68, 0xe8, - 0x4d, 0x4a, 0x5d, 0xff, 0xdf, 0x0e, 0x2c, 0x8f, 0x0d, 0xd0, 0x77, 0x08, 0xf4, 0x7d, 0x58, 0xd0, - 0x57, 0x68, 0x0b, 0x9a, 0x9b, 0xef, 0x1c, 0xa3, 0xd1, 0x94, 0xdd, 0x81, 0xd9, 0x82, 0x3e, 0x85, - 0x0b, 0x22, 0xef, 0x0f, 0x0a, 0x56, 0xa8, 0xa9, 0xc2, 0xab, 0x68, 0xd5, 0x4e, 0x77, 0x12, 0x2a, - 0x1f, 0x60, 0x55, 0x7a, 0x0f, 0x16, 0xd5, 0x49, 0xb9, 0xd0, 0x5e, 0x6a, 0x6e, 0x5e, 0x99, 0x6b, - 0xe4, 0xae, 0x16, 0x09, 0xac, 0xa8, 0x7f, 0x05, 0x2e, 0xdf, 0x23, 0x72, 0xc6, 0xba, 0x80, 0x3c, - 0xcb, 0x89, 0x90, 0x96, 0xf9, 0x98, 0x26, 0xe4, 0x31, 0x1d, 0x3c, 0xdd, 0xde, 0xc7, 0x69, 0x4a, - 0xe2, 0x82, 0xf9, 0x06, 0x5c, 0xb9, 0x47, 0xf4, 0x06, 0x2a, 0x24, 0x1d, 0x88, 0x19, 0xf6, 0x45, - 0xb8, 0x70, 0x8f, 0xc8, 0x6e, 0x34, 0x43, 0x7e, 0x02, 0xf5, 0x47, 0x2a, 0xd8, 0x0a, 0x06, 0x1f, - 0x40, 0x0d, 0x47, 0x11, 0x27, 0x42, 0x58, 0x2f, 0x5e, 0x9d, 0xab, 0xf1, 0x5d, 0x23, 0x13, 0x14, - 0xc2, 0xf3, 0x60, 0xe2, 0xff, 0x12, 0xa0, 0x97, 0x52, 0xb9, 0x83, 0x39, 0x4e, 0xc4, 0xb1, 0x00, - 0xeb, 0x42, 0x4b, 0x48, 0xcc, 0x65, 0x98, 0x69, 0x39, 0xeb, 0xf2, 0x53, 0xa0, 0xa1, 0xa9, 0xb7, - 0x99, 0xd3, 0xfd, 0x9f, 0x03, 0xec, 0x4a, 0x4e, 0xd3, 0xe1, 0x03, 0x2a, 0xa4, 0xba, 0xeb, 0x40, - 0xc9, 0x29, 0x23, 0xdc, 0x8d, 0x46, 0x60, 0x57, 0xa5, 0x70, 0x54, 0x4e, 0x1f, 0x8e, 0x3b, 0xd0, - 0x2c, 0xdc, 0xfd, 0x50, 0x0c, 0xd1, 0x6d, 0xa8, 0xf6, 0xb1, 0x20, 0x27, 0xba, 0xe7, 0xa1, 0x18, - 0x6e, 0x61, 0x41, 0x02, 0x2d, 0xe9, 0xff, 0xc6, 0x85, 0xd7, 0xb7, 0x39, 0xd1, 0xe0, 0x8f, 0x63, - 0x32, 0x90, 0x94, 0xa5, 0xd6, 0xf7, 0x67, 0x3f, 0x0d, 0xbd, 0x0e, 0xb5, 0xa8, 0x1f, 0xa6, 0x38, - 0x29, 0x9c, 0xbd, 0x18, 0xf5, 0x1f, 0xe1, 0x84, 0xa0, 0x6f, 0x42, 0x7b, 0x30, 0x3e, 0x5f, 0x51, - 0x34, 0xe6, 0x1a, 0xc1, 0x0c, 0x15, 0xbd, 0x03, 0x4b, 0x19, 0xe6, 0x92, 0x8e, 0xc5, 0xaa, 0x5a, - 0x6c, 0x9a, 0xa8, 0x02, 0x1a, 0xf5, 0x7b, 0x5d, 0x6f, 0x41, 0x07, 0x4b, 0x7f, 0x23, 0x1f, 0x5a, - 0x93, 0xb3, 0x7a, 0x5d, 0x6f, 0x51, 0xf3, 0xa6, 0x68, 0x68, 0x1d, 0x9a, 0xe3, 0x83, 0x7a, 0x5d, - 0xaf, 0xa6, 0x45, 0xca, 0x24, 0x15, 0x1c, 0x53, 0x8b, 0xbc, 0xfa, 0xba, 0xb3, 0xd1, 0x0a, 0xec, - 0x0a, 0xdd, 0x86, 0x0b, 0x07, 0x94, 0xcb, 0x1c, 0xc7, 0x16, 0x9f, 0x4a, 0x0f, 0xe1, 0x35, 0x74, - 0x04, 0xe7, 0xb1, 0xd0, 0x26, 0xac, 0x66, 0xfb, 0x23, 0x41, 0x07, 0x33, 0x5b, 0x40, 0x6f, 0x99, - 0xcb, 0xf3, 0xff, 0xe1, 0xc0, 0xc5, 0x2e, 0x67, 0xd9, 0x2b, 0x11, 0x8a, 0xc2, 0xc9, 0xd5, 0x13, - 0x9c, 0xbc, 0x70, 0xd4, 0xc9, 0xfe, 0xef, 0x2a, 0x70, 0xc9, 0x20, 0x6a, 0xa7, 0x70, 0xec, 0x17, - 0x60, 0xc5, 0xb7, 0x60, 0x79, 0x72, 0xab, 0x11, 0x98, 0x6f, 0xc6, 0x37, 0xa0, 0x3d, 0x0e, 0xb0, - 0x91, 0xfb, 0xff, 0x42, 0xca, 0xff, 0x6d, 0x05, 0x56, 0x55, 0x50, 0xbf, 0xf6, 0x86, 0xf2, 0xc6, - 0x9f, 0x1d, 0x40, 0x06, 0x1d, 0x77, 0x63, 0x8a, 0xc5, 0x97, 0xe9, 0x8b, 0x55, 0x58, 0xc0, 0x4a, - 0x07, 0xeb, 0x02, 0xb3, 0xf0, 0x05, 0x74, 0x54, 0xb4, 0xbe, 0x28, 0xed, 0xc6, 0x97, 0xba, 0xe5, - 0x4b, 0xff, 0xe4, 0xc0, 0xca, 0xdd, 0x58, 0x12, 0xfe, 0x8a, 0x3a, 0xe5, 0xef, 0x95, 0x22, 0x6a, - 0xbd, 0x34, 0x22, 0xcf, 0xbf, 0x4c, 0x05, 0xdf, 0x00, 0xd8, 0xa3, 0x24, 0x8e, 0xca, 0xe8, 0x6d, - 0x68, 0xca, 0xe7, 0x42, 0xae, 0x07, 0x35, 0x7d, 0xc8, 0x18, 0xb5, 0xc5, 0x52, 0xf5, 0x00, 0xa6, - 0x1f, 0xb4, 0x3d, 0x40, 0xfd, 0xd4, 0x3d, 0x80, 0xde, 0x66, 0x7b, 0x80, 0x7f, 0x56, 0x61, 0xa9, - 0x97, 0x0a, 0xc2, 0xe5, 0xf9, 0x9d, 0x77, 0x15, 0x1a, 0x62, 0x1f, 0x73, 0x6d, 0xa8, 0x75, 0xdf, - 0x84, 0x50, 0x76, 0xad, 0xfb, 0x32, 0xd7, 0x56, 0x4f, 0x59, 0x1c, 0x16, 0x4e, 0x2a, 0x0e, 0x8b, - 0x27, 0xb8, 0xb8, 0xf6, 0xf2, 0xe2, 0x50, 0x3f, 0xfa, 0xfa, 0x2a, 0x03, 0xc9, 0x30, 0x51, 0x4d, - 0x6b, 0xd7, 0x6b, 0x68, 0xfe, 0x84, 0x80, 0xde, 0x04, 0x90, 0x34, 0x21, 0x42, 0xe2, 0x24, 0x33, - 0xef, 0x68, 0x35, 0x28, 0x51, 0xd4, 0xdb, 0xcd, 0xd9, 0x61, 0xaf, 0x2b, 0xbc, 0xe6, 0xba, 0xab, - 0x9a, 0x38, 0xb3, 0x42, 0xef, 0x43, 0x9d, 0xb3, 0xc3, 0x30, 0xc2, 0x12, 0x7b, 0x2d, 0x1d, 0xbc, - 0xcb, 0x73, 0x9d, 0xbd, 0x15, 0xb3, 0x7e, 0x50, 0xe3, 0xec, 0xb0, 0x8b, 0x25, 0x46, 0x77, 0xa0, - 0xa9, 0x11, 0x20, 0xcc, 0xc6, 0x25, 0xbd, 0xf1, 0xcd, 0xe9, 0x8d, 0x76, 0x6c, 0xf9, 0xb1, 0x92, - 0x53, 0x9b, 0x02, 0x03, 0x4d, 0xa1, 0x0f, 0xb8, 0x0c, 0xf5, 0x34, 0x4f, 0x42, 0xce, 0x0e, 0x85, - 0xd7, 0x5e, 0x77, 0x36, 0xaa, 0x41, 0x2d, 0xcd, 0x93, 0x80, 0x1d, 0x0a, 0xb4, 0x05, 0xb5, 0x03, - 0xc2, 0x05, 0x65, 0xa9, 0xb7, 0xac, 0x07, 0x94, 0x8d, 0x63, 0x9a, 0x78, 0x83, 0x18, 0x75, 0xdc, - 0x13, 0x23, 0x1f, 0x14, 0x1b, 0xfd, 0x7f, 0x55, 0x61, 0x69, 0x97, 0x60, 0x3e, 0xd8, 0x3f, 0x3f, - 0xa0, 0x56, 0x61, 0x81, 0x93, 0x67, 0xbd, 0xae, 0x06, 0x93, 0x1b, 0x98, 0xc5, 0x38, 0xbe, 0xee, - 0x09, 0xf1, 0xad, 0xce, 0x89, 0xaf, 0x0f, 0xad, 0x52, 0x30, 0x85, 0xb7, 0xa0, 0xa3, 0x30, 0x45, - 0x43, 0x1d, 0x70, 0x23, 0x11, 0x6b, 0xe8, 0x34, 0x02, 0xf5, 0x89, 0x6e, 0xc0, 0x4a, 0x16, 0xe3, - 0x01, 0xd9, 0x67, 0x71, 0x44, 0x78, 0x38, 0xe4, 0x2c, 0xcf, 0x34, 0x7c, 0x5a, 0x41, 0xa7, 0xc4, - 0xb8, 0xa7, 0xe8, 0xe8, 0x43, 0xa8, 0x47, 0x22, 0x0e, 0xe5, 0x28, 0x23, 0x1a, 0x3f, 0xed, 0x63, - 0xcc, 0xec, 0x8a, 0xf8, 0xf1, 0x28, 0x23, 0x41, 0x2d, 0x32, 0x1f, 0xe8, 0x36, 0xac, 0x0a, 0xc2, - 0x29, 0x8e, 0xe9, 0x0b, 0x12, 0x85, 0xe4, 0x79, 0xc6, 0xc3, 0x2c, 0xc6, 0xa9, 0x06, 0x59, 0x2b, - 0x40, 0x13, 0xde, 0x27, 0xcf, 0x33, 0xbe, 0x13, 0xe3, 0x14, 0x6d, 0x40, 0x87, 0xe5, 0x32, 0xcb, - 0x65, 0x68, 0x61, 0x40, 0x23, 0x8d, 0x39, 0x37, 0x68, 0x1b, 0xba, 0x8e, 0xba, 0xe8, 0x45, 0xe8, - 0xdb, 0xd0, 0x91, 0x1c, 0x1f, 0x90, 0x38, 0x1c, 0x83, 0xd1, 0x6b, 0xea, 0x80, 0x2f, 0x1b, 0xfa, - 0xe3, 0x82, 0x8c, 0x6e, 0xc1, 0x85, 0x61, 0x8e, 0x39, 0x4e, 0x25, 0x21, 0x25, 0xe9, 0x96, 0x96, - 0x46, 0x63, 0xd6, 0x64, 0xc3, 0x0d, 0x58, 0x51, 0x62, 0x2c, 0x97, 0x25, 0xf1, 0x25, 0x2d, 0xde, - 0xb1, 0x8c, 0x89, 0x70, 0x1b, 0x2a, 0xe9, 0x33, 0x8d, 0x35, 0x37, 0xa8, 0xa4, 0xcf, 0x54, 0x20, - 0x25, 0xcb, 0x9e, 0x6a, 0x8c, 0xb9, 0x81, 0xfe, 0x56, 0x49, 0x94, 0x10, 0xc9, 0xe9, 0x40, 0xb9, - 0xc5, 0xeb, 0xe8, 0x38, 0x94, 0x28, 0xfe, 0x7f, 0xdd, 0x09, 0xac, 0x44, 0x1e, 0x4b, 0x71, 0x0e, - 0x58, 0x9d, 0x67, 0x92, 0x99, 0x60, 0xd1, 0x2d, 0x63, 0xf1, 0x2d, 0x68, 0x1a, 0xe5, 0x4c, 0xcc, - 0xab, 0xb3, 0xfa, 0x2a, 0x01, 0x95, 0x65, 0xcf, 0x72, 0xc2, 0x29, 0x11, 0xb6, 0xec, 0x43, 0x9a, - 0x27, 0x3f, 0x33, 0x14, 0x74, 0x01, 0x16, 0x24, 0xcb, 0xc2, 0xa7, 0x45, 0xb9, 0x92, 0x2c, 0xbb, - 0x8f, 0x7e, 0x08, 0x6b, 0x82, 0xe0, 0x98, 0x44, 0xe1, 0xb8, 0xbc, 0x88, 0x50, 0x68, 0xb3, 0x49, - 0xe4, 0xd5, 0x74, 0x98, 0x3d, 0x23, 0xb1, 0x3b, 0x16, 0xd8, 0xb5, 0x7c, 0x15, 0xc5, 0x81, 0x69, - 0xdb, 0xa7, 0xb6, 0xd5, 0x75, 0x67, 0x8f, 0x26, 0xac, 0xf1, 0x86, 0x8f, 0xc0, 0x1b, 0xc6, 0xac, - 0x8f, 0xe3, 0xf0, 0xc8, 0xad, 0x7a, 0x84, 0x70, 0x83, 0x4b, 0x86, 0xbf, 0x3b, 0x73, 0xa5, 0x32, - 0x4f, 0xc4, 0x74, 0x40, 0xa2, 0xb0, 0x1f, 0xb3, 0xbe, 0x07, 0x1a, 0xae, 0x60, 0x48, 0xaa, 0x5e, - 0x29, 0x98, 0x5a, 0x01, 0xe5, 0x86, 0x01, 0xcb, 0x53, 0xa9, 0xc1, 0xe7, 0x06, 0x6d, 0x43, 0x7f, - 0x94, 0x27, 0xdb, 0x8a, 0x8a, 0xde, 0x86, 0x25, 0x2b, 0xc9, 0xf6, 0xf6, 0x04, 0x91, 0x1a, 0x75, - 0x6e, 0xd0, 0x32, 0xc4, 0x9f, 0x6a, 0x9a, 0xff, 0x47, 0x17, 0x96, 0x03, 0xe5, 0x5d, 0x72, 0x40, - 0xbe, 0x4a, 0x75, 0xe5, 0xb8, 0xfc, 0x5e, 0x3c, 0x53, 0x7e, 0xd7, 0x4e, 0x9d, 0xdf, 0xf5, 0x33, - 0xe5, 0x77, 0xe3, 0x6c, 0xf9, 0x0d, 0xf3, 0xf3, 0xdb, 0xff, 0xcb, 0x54, 0x70, 0x5e, 0x81, 0xec, - 0xbc, 0x0e, 0x2e, 0x8d, 0x4c, 0xab, 0xd8, 0xdc, 0xf4, 0xe6, 0xbe, 0x8d, 0xbd, 0xae, 0x08, 0x94, - 0xd0, 0xec, 0x7b, 0xba, 0x70, 0xe6, 0xf7, 0xf4, 0x47, 0x70, 0xe5, 0x68, 0xce, 0x72, 0xeb, 0x8e, - 0xc8, 0x5b, 0xd4, 0xb1, 0xbb, 0x3c, 0x9b, 0xb4, 0x85, 0xbf, 0x22, 0xf4, 0x5d, 0x58, 0x2d, 0x65, - 0xed, 0x64, 0x63, 0xcd, 0xcc, 0xf0, 0x13, 0xde, 0x64, 0xcb, 0x49, 0x79, 0x5b, 0x3f, 0x29, 0x6f, - 0xfd, 0xcf, 0x5c, 0x58, 0xea, 0x92, 0x98, 0x48, 0xf2, 0x75, 0xbb, 0x77, 0x6c, 0xbb, 0xf7, 0x1d, - 0x40, 0x34, 0x95, 0x1f, 0xbc, 0x1f, 0x66, 0x9c, 0x26, 0x98, 0x8f, 0xc2, 0xa7, 0x64, 0x54, 0x14, - 0xc4, 0x8e, 0xe6, 0xec, 0x18, 0xc6, 0x7d, 0x32, 0x12, 0x2f, 0x6d, 0xff, 0xca, 0xfd, 0x96, 0xa9, - 0x80, 0xe3, 0x7e, 0xeb, 0x07, 0xd0, 0x9a, 0xba, 0xa2, 0xf5, 0x12, 0xc0, 0x36, 0xb3, 0xc9, 0xbd, - 0xfe, 0x7f, 0x1c, 0x68, 0x3c, 0x60, 0x38, 0xd2, 0x93, 0xcf, 0x39, 0xc3, 0x38, 0x6e, 0x6a, 0x2b, - 0xb3, 0x4d, 0xed, 0x55, 0x98, 0x0c, 0x2f, 0x36, 0x90, 0xa5, 0x69, 0xa6, 0x34, 0x95, 0x54, 0xa7, - 0xa7, 0x92, 0xb7, 0xa0, 0x49, 0x95, 0x42, 0x61, 0x86, 0xe5, 0xbe, 0xa9, 0x89, 0x8d, 0x00, 0x34, - 0x69, 0x47, 0x51, 0xd4, 0xd8, 0x52, 0x08, 0xe8, 0xb1, 0x65, 0xf1, 0xd4, 0x63, 0x8b, 0x3d, 0x44, - 0x8f, 0x2d, 0xbf, 0x76, 0x00, 0xb4, 0xe1, 0xaa, 0x1e, 0x1c, 0x3d, 0xd4, 0x39, 0xcf, 0xa1, 0xaa, - 0x58, 0xeb, 0x48, 0x91, 0x18, 0xcb, 0x49, 0x52, 0x09, 0xeb, 0x1c, 0xa4, 0xa2, 0x66, 0x58, 0x36, - 0xa1, 0x84, 0xff, 0x7b, 0x07, 0x40, 0x57, 0x05, 0xa3, 0xc6, 0x2c, 0xfc, 0x9c, 0x93, 0x07, 0xba, - 0xca, 0xb4, 0xeb, 0xb6, 0x0a, 0xd7, 0xa9, 0xda, 0xa6, 0x06, 0xf1, 0x39, 0x36, 0x94, 0x3a, 0xf0, - 0xc2, 0x78, 0xeb, 0x5d, 0xfd, 0xed, 0xff, 0xc1, 0x81, 0x96, 0xd5, 0xce, 0xa8, 0x34, 0x15, 0x65, - 0x67, 0x36, 0xca, 0xba, 0x8d, 0x49, 0x18, 0x1f, 0x85, 0x82, 0xbe, 0x20, 0x56, 0x21, 0x30, 0xa4, - 0x5d, 0xfa, 0x82, 0x4c, 0x81, 0xd7, 0x9d, 0x06, 0xef, 0x0d, 0x58, 0xe1, 0x64, 0x40, 0x52, 0x19, - 0x8f, 0xc2, 0x84, 0x45, 0x74, 0x8f, 0x92, 0x48, 0xa3, 0xa1, 0x1e, 0x74, 0x0a, 0xc6, 0x43, 0x4b, - 0xf7, 0x3f, 0x73, 0xa0, 0xad, 0x3a, 0x9f, 0xd1, 0x23, 0x16, 0x11, 0xa3, 0xd9, 0xd9, 0x11, 0xfb, - 0xb1, 0xb6, 0xc5, 0xba, 0xc7, 0xfc, 0xe4, 0xfd, 0xf6, 0x71, 0xff, 0xa0, 0x94, 0x7c, 0x10, 0xd4, - 0x05, 0x19, 0x9a, 0x3b, 0xb7, 0x6c, 0xb1, 0x3f, 0x95, 0x8b, 0x27, 0x81, 0xb5, 0xf5, 0xde, 0xb8, - 0xf8, 0x57, 0x0e, 0x34, 0x1f, 0x8a, 0xe1, 0x0e, 0x13, 0xba, 0x5e, 0xa0, 0x6b, 0xd0, 0xb2, 0x35, - 0xda, 0x14, 0x2b, 0x47, 0x27, 0x4b, 0x73, 0x30, 0xf9, 0x01, 0x55, 0xbd, 0x52, 0x89, 0x18, 0xda, - 0x88, 0xb7, 0x02, 0xb3, 0x40, 0x6b, 0x50, 0x4f, 0xc4, 0x50, 0x0f, 0x10, 0x36, 0xc3, 0xc6, 0x6b, - 0x15, 0xb6, 0xc9, 0xbb, 0x5b, 0xd5, 0xef, 0xee, 0x84, 0xe0, 0xff, 0xd5, 0x01, 0x64, 0x7f, 0xa0, - 0xfd, 0x5c, 0xbf, 0xb2, 0x6b, 0xc0, 0x96, 0x7f, 0x04, 0xae, 0xe8, 0x74, 0x9d, 0xa2, 0xcd, 0xd4, - 0x37, 0xf7, 0x48, 0x7d, 0xbb, 0x01, 0x2b, 0x11, 0xd9, 0xc3, 0x79, 0x5c, 0x6e, 0x15, 0x8c, 0xca, - 0x1d, 0xcb, 0x98, 0xb4, 0x0a, 0x57, 0x61, 0x6d, 0x3b, 0x26, 0x98, 0x6f, 0x73, 0x12, 0x7d, 0x2a, - 0x08, 0x17, 0xdb, 0x78, 0xb0, 0x5f, 0xbc, 0x45, 0x2a, 0x9d, 0xda, 0x8a, 0x43, 0x52, 0x49, 0x71, - 0xac, 0xff, 0x5b, 0x59, 0x83, 0x7a, 0x2e, 0x54, 0x3c, 0xc6, 0x9e, 0x1d, 0xaf, 0xd1, 0xbb, 0x80, - 0x48, 0x3a, 0xe0, 0xa3, 0x4c, 0x65, 0x6b, 0x86, 0x85, 0x38, 0x64, 0x3c, 0xb2, 0x2f, 0xd2, 0xca, - 0x98, 0xb3, 0x63, 0x19, 0x6a, 0x0e, 0x97, 0x24, 0xc5, 0xa9, 0x2c, 0x1e, 0x26, 0xb3, 0x52, 0x18, - 0xa7, 0x22, 0x14, 0x79, 0x46, 0xb8, 0xc5, 0x6f, 0x8d, 0x8a, 0x5d, 0xb5, 0xf4, 0x3f, 0x81, 0x95, - 0x07, 0x54, 0xc8, 0x1d, 0x16, 0xd3, 0xc1, 0xe8, 0xdc, 0x2f, 0xa6, 0x1f, 0x03, 0x2a, 0x1f, 0x23, - 0x32, 0x96, 0x4e, 0x35, 0x3c, 0xce, 0xe9, 0x1b, 0x9e, 0x6b, 0xd0, 0xca, 0xf4, 0x31, 0xfa, 0x6f, - 0xc0, 0x22, 0x62, 0x4d, 0x43, 0x53, 0x1e, 0x13, 0xd7, 0x3f, 0x82, 0xc6, 0xf8, 0x0f, 0x44, 0xd4, - 0x81, 0x56, 0x2f, 0xa5, 0x52, 0x77, 0x99, 0x34, 0x1d, 0x76, 0x5e, 0x43, 0x4d, 0xa8, 0xfd, 0x84, - 0xe0, 0x58, 0xee, 0x8f, 0x3a, 0x0e, 0x6a, 0x41, 0xfd, 0x6e, 0x3f, 0x65, 0x3c, 0xc1, 0x71, 0xa7, - 0x72, 0x7d, 0x13, 0x56, 0x8e, 0x4c, 0xf6, 0x4a, 0x24, 0x60, 0x87, 0xca, 0x9a, 0xa8, 0xf3, 0x1a, - 0x5a, 0x86, 0xe6, 0x36, 0x8b, 0xf3, 0x24, 0x35, 0x04, 0x67, 0xeb, 0xc3, 0x5f, 0x7c, 0x6f, 0x48, - 0xe5, 0x7e, 0xde, 0x57, 0x0a, 0xdf, 0x32, 0x16, 0xbc, 0x4b, 0x99, 0xfd, 0xba, 0x55, 0x64, 0xd3, - 0x2d, 0x6d, 0xd4, 0x78, 0x99, 0xf5, 0xfb, 0x8b, 0x9a, 0xf2, 0xde, 0xff, 0x02, 0x00, 0x00, 0xff, - 0xff, 0x0e, 0x5f, 0x80, 0x10, 0x9a, 0x1d, 0x00, 0x00, + 0x15, 0xcf, 0xec, 0xac, 0xb4, 0xbb, 0x6f, 0x57, 0xab, 0x55, 0x5b, 0x71, 0xc6, 0xb2, 0x93, 0xc8, + 0x93, 0x00, 0xc2, 0x26, 0xb6, 0x51, 0x12, 0x27, 0x05, 0x14, 0x8e, 0xa5, 0x0d, 0x66, 0xcb, 0x1f, + 0x88, 0x91, 0xe3, 0x2a, 0xb8, 0x4c, 0xf5, 0xee, 0xb4, 0x56, 0x83, 0x67, 0xa6, 0xc7, 0xdd, 0x3d, + 0x92, 0xd7, 0x27, 0x0e, 0x9c, 0xa0, 0xe0, 0xc6, 0x85, 0x2a, 0x38, 0xf3, 0x1f, 0x70, 0x83, 0x2a, + 0x4e, 0x39, 0x71, 0xe2, 0xc2, 0xbf, 0x42, 0x71, 0xa0, 0xfa, 0x63, 0x3e, 0x76, 0xb5, 0x92, 0x25, + 0xa5, 0x42, 0x4c, 0x55, 0x6e, 0xd3, 0xef, 0xbd, 0x7e, 0xfd, 0x3e, 0x7e, 0xef, 0xf5, 0xeb, 0x5d, + 0xe8, 0x86, 0x89, 0x20, 0x2c, 0xc1, 0xd1, 0x8d, 0x94, 0x51, 0x41, 0xd1, 0xeb, 0x71, 0x18, 0x1d, + 0x64, 0x5c, 0xaf, 0x6e, 0xe4, 0xcc, 0xb5, 0xce, 0x88, 0xc6, 0x31, 0x4d, 0x34, 0x79, 0xad, 0xc3, + 0x47, 0xfb, 0x24, 0xc6, 0x7a, 0xe5, 0xfe, 0xd5, 0x82, 0xa5, 0x6d, 0x1a, 0xa7, 0x34, 0x21, 0x89, + 0x18, 0x24, 0x7b, 0x14, 0x5d, 0x84, 0xc5, 0x84, 0x06, 0x64, 0xd0, 0x77, 0xac, 0x75, 0x6b, 0xc3, + 0xf6, 0xcc, 0x0a, 0x21, 0xa8, 0x33, 0x1a, 0x11, 0xa7, 0xb6, 0x6e, 0x6d, 0xb4, 0x3c, 0xf5, 0x8d, + 0xee, 0x00, 0x70, 0x81, 0x05, 0xf1, 0x47, 0x34, 0x20, 0x8e, 0xbd, 0x6e, 0x6d, 0x74, 0x37, 0xd7, + 0x6f, 0xcc, 0xb5, 0xe2, 0xc6, 0xae, 0x14, 0xdc, 0xa6, 0x01, 0xf1, 0x5a, 0x3c, 0xff, 0x44, 0x9f, + 0x00, 0x90, 0xe7, 0x82, 0x61, 0x3f, 0x4c, 0xf6, 0xa8, 0x53, 0x5f, 0xb7, 0x37, 0xda, 0x9b, 0x57, + 0xa7, 0x15, 0x18, 0xe3, 0xef, 0x93, 0xc9, 0x13, 0x1c, 0x65, 0x64, 0x07, 0x87, 0xcc, 0x6b, 0xa9, + 0x4d, 0xd2, 0x5c, 0xf7, 0x5f, 0x16, 0x2c, 0x17, 0x0e, 0xa8, 0x33, 0x38, 0xfa, 0x1e, 0x2c, 0xa8, + 0x23, 0x94, 0x07, 0xed, 0xcd, 0x77, 0x8f, 0xb1, 0x68, 0xca, 0x6f, 0x4f, 0x6f, 0x41, 0x9f, 0xc1, + 0x05, 0x9e, 0x0d, 0x47, 0x39, 0xcb, 0x57, 0x54, 0xee, 0xd4, 0x94, 0x69, 0xa7, 0xd3, 0x84, 0xaa, + 0x0a, 0x8c, 0x49, 0xef, 0xc3, 0xa2, 0xd4, 0x94, 0x71, 0x15, 0xa5, 0xf6, 0xe6, 0xe5, 0xb9, 0x4e, + 0xee, 0x2a, 0x11, 0xcf, 0x88, 0xba, 0x97, 0xe1, 0xd2, 0x3d, 0x22, 0x66, 0xbc, 0xf3, 0xc8, 0xb3, + 0x8c, 0x70, 0x61, 0x98, 0x8f, 0xc3, 0x98, 0x3c, 0x0e, 0x47, 0x4f, 0xb7, 0xf7, 0x71, 0x92, 0x90, + 0x28, 0x67, 0xbe, 0x09, 0x97, 0xef, 0x11, 0xb5, 0x21, 0xe4, 0x22, 0x1c, 0xf1, 0x19, 0xf6, 0xeb, + 0x70, 0xe1, 0x1e, 0x11, 0xfd, 0x60, 0x86, 0xfc, 0x04, 0x9a, 0x8f, 0x64, 0xb2, 0x25, 0x0c, 0x6e, + 0x43, 0x03, 0x07, 0x01, 0x23, 0x9c, 0x9b, 0x28, 0x5e, 0x99, 0x6b, 0xf1, 0x5d, 0x2d, 0xe3, 0xe5, + 0xc2, 0xf3, 0x60, 0xe2, 0xfe, 0x02, 0x60, 0x90, 0x84, 0x62, 0x07, 0x33, 0x1c, 0xf3, 0x63, 0x01, + 0xd6, 0x87, 0x0e, 0x17, 0x98, 0x09, 0x3f, 0x55, 0x72, 0x26, 0xe4, 0xa7, 0x40, 0x43, 0x5b, 0x6d, + 0xd3, 0xda, 0xdd, 0x9f, 0x01, 0xec, 0x0a, 0x16, 0x26, 0xe3, 0x07, 0x21, 0x17, 0xf2, 0xac, 0x03, + 0x29, 0x27, 0x9d, 0xb0, 0x37, 0x5a, 0x9e, 0x59, 0x55, 0xd2, 0x51, 0x3b, 0x7d, 0x3a, 0xee, 0x40, + 0x3b, 0x0f, 0xf7, 0x43, 0x3e, 0x46, 0xb7, 0xa0, 0x3e, 0xc4, 0x9c, 0x9c, 0x18, 0x9e, 0x87, 0x7c, + 0xbc, 0x85, 0x39, 0xf1, 0x94, 0xa4, 0xfb, 0x6b, 0x1b, 0xde, 0xd8, 0x66, 0x44, 0x81, 0x3f, 0x8a, + 0xc8, 0x48, 0x84, 0x34, 0x31, 0xb1, 0x3f, 0xbb, 0x36, 0xf4, 0x06, 0x34, 0x82, 0xa1, 0x9f, 0xe0, + 0x38, 0x0f, 0xf6, 0x62, 0x30, 0x7c, 0x84, 0x63, 0x82, 0xbe, 0x09, 0xdd, 0x51, 0xa1, 0x5f, 0x52, + 0x14, 0xe6, 0x5a, 0xde, 0x0c, 0x15, 0xbd, 0x0b, 0x4b, 0x29, 0x66, 0x22, 0x2c, 0xc4, 0xea, 0x4a, + 0x6c, 0x9a, 0x28, 0x13, 0x1a, 0x0c, 0x07, 0x7d, 0x67, 0x41, 0x25, 0x4b, 0x7d, 0x23, 0x17, 0x3a, + 0xa5, 0xae, 0x41, 0xdf, 0x59, 0x54, 0xbc, 0x29, 0x1a, 0x5a, 0x87, 0x76, 0xa1, 0x68, 0xd0, 0x77, + 0x1a, 0x4a, 0xa4, 0x4a, 0x92, 0xc9, 0xd1, 0xbd, 0xc8, 0x69, 0xae, 0x5b, 0x1b, 0x1d, 0xcf, 0xac, + 0xd0, 0x2d, 0xb8, 0x70, 0x10, 0x32, 0x91, 0xe1, 0xc8, 0xe0, 0x53, 0xda, 0xc1, 0x9d, 0x96, 0xca, + 0xe0, 0x3c, 0x16, 0xda, 0x84, 0xd5, 0x74, 0x7f, 0xc2, 0xc3, 0xd1, 0xcc, 0x16, 0x50, 0x5b, 0xe6, + 0xf2, 0xdc, 0xbf, 0x5b, 0xf0, 0x7a, 0x9f, 0xd1, 0xf4, 0x95, 0x48, 0x45, 0x1e, 0xe4, 0xfa, 0x09, + 0x41, 0x5e, 0x38, 0x1a, 0x64, 0xf7, 0xb7, 0x35, 0xb8, 0xa8, 0x11, 0xb5, 0x93, 0x07, 0xf6, 0x4b, + 0xf0, 0xe2, 0x5b, 0xb0, 0x5c, 0x9e, 0xaa, 0x05, 0xe6, 0xbb, 0xf1, 0x0d, 0xe8, 0x16, 0x09, 0xd6, + 0x72, 0xff, 0x5b, 0x48, 0xb9, 0xbf, 0xa9, 0xc1, 0xaa, 0x4c, 0xea, 0xd7, 0xd1, 0x90, 0xd1, 0xf8, + 0x93, 0x05, 0x48, 0xa3, 0xe3, 0x6e, 0x14, 0x62, 0xfe, 0x55, 0xc6, 0x62, 0x15, 0x16, 0xb0, 0xb4, + 0xc1, 0x84, 0x40, 0x2f, 0x5c, 0x0e, 0x3d, 0x99, 0xad, 0x2f, 0xcb, 0xba, 0xe2, 0x50, 0xbb, 0x7a, + 0xe8, 0x1f, 0x2d, 0x58, 0xb9, 0x1b, 0x09, 0xc2, 0x5e, 0xd1, 0xa0, 0xfc, 0xad, 0x96, 0x67, 0x6d, + 0x90, 0x04, 0xe4, 0xf9, 0x57, 0x69, 0xe0, 0x9b, 0x00, 0x7b, 0x21, 0x89, 0x82, 0x2a, 0x7a, 0x5b, + 0x8a, 0xf2, 0x85, 0x90, 0xeb, 0x40, 0x43, 0x29, 0x29, 0x50, 0x9b, 0x2f, 0xe5, 0x0c, 0xa0, 0xe7, + 0x41, 0x33, 0x03, 0x34, 0x4f, 0x3d, 0x03, 0xa8, 0x6d, 0x66, 0x06, 0xf8, 0x47, 0x1d, 0x96, 0x06, + 0x09, 0x27, 0x4c, 0x9c, 0x3f, 0x78, 0x57, 0xa0, 0xc5, 0xf7, 0x31, 0x53, 0x8e, 0x9a, 0xf0, 0x95, + 0x84, 0x6a, 0x68, 0xed, 0x97, 0x85, 0xb6, 0x7e, 0xca, 0xe6, 0xb0, 0x70, 0x52, 0x73, 0x58, 0x3c, + 0x21, 0xc4, 0x8d, 0x97, 0x37, 0x87, 0xe6, 0xd1, 0xdb, 0x57, 0x3a, 0x48, 0xc6, 0xb1, 0x1c, 0x5a, + 0xfb, 0x4e, 0x4b, 0xf1, 0x4b, 0x02, 0x7a, 0x0b, 0x40, 0x84, 0x31, 0xe1, 0x02, 0xc7, 0xa9, 0xbe, + 0x47, 0xeb, 0x5e, 0x85, 0x22, 0xef, 0x6e, 0x46, 0x0f, 0x07, 0x7d, 0xee, 0xb4, 0xd7, 0x6d, 0x39, + 0xc4, 0xe9, 0x15, 0xfa, 0x00, 0x9a, 0x8c, 0x1e, 0xfa, 0x01, 0x16, 0xd8, 0xe9, 0xa8, 0xe4, 0x5d, + 0x9a, 0x1b, 0xec, 0xad, 0x88, 0x0e, 0xbd, 0x06, 0xa3, 0x87, 0x7d, 0x2c, 0x30, 0xba, 0x03, 0x6d, + 0x85, 0x00, 0xae, 0x37, 0x2e, 0xa9, 0x8d, 0x6f, 0x4d, 0x6f, 0x34, 0xcf, 0x96, 0x1f, 0x49, 0x39, + 0xb9, 0xc9, 0xd3, 0xd0, 0xe4, 0x4a, 0xc1, 0x25, 0x68, 0x26, 0x59, 0xec, 0x33, 0x7a, 0xc8, 0x9d, + 0xee, 0xba, 0xb5, 0x51, 0xf7, 0x1a, 0x49, 0x16, 0x7b, 0xf4, 0x90, 0xa3, 0x2d, 0x68, 0x1c, 0x10, + 0xc6, 0x43, 0x9a, 0x38, 0xcb, 0xea, 0x81, 0xb2, 0x71, 0xcc, 0x10, 0xaf, 0x11, 0x23, 0xd5, 0x3d, + 0xd1, 0xf2, 0x5e, 0xbe, 0xd1, 0xfd, 0x67, 0x1d, 0x96, 0x76, 0x09, 0x66, 0xa3, 0xfd, 0xf3, 0x03, + 0x6a, 0x15, 0x16, 0x18, 0x79, 0x36, 0xe8, 0x2b, 0x30, 0xd9, 0x9e, 0x5e, 0x14, 0xf9, 0xb5, 0x4f, + 0xc8, 0x6f, 0x7d, 0x4e, 0x7e, 0x5d, 0xe8, 0x54, 0x92, 0xc9, 0x9d, 0x05, 0x95, 0x85, 0x29, 0x1a, + 0xea, 0x81, 0x1d, 0xf0, 0x48, 0x41, 0xa7, 0xe5, 0xc9, 0x4f, 0x74, 0x1d, 0x56, 0xd2, 0x08, 0x8f, + 0xc8, 0x3e, 0x8d, 0x02, 0xc2, 0xfc, 0x31, 0xa3, 0x59, 0xaa, 0xe0, 0xd3, 0xf1, 0x7a, 0x15, 0xc6, + 0x3d, 0x49, 0x47, 0x1f, 0x41, 0x33, 0xe0, 0x91, 0x2f, 0x26, 0x29, 0x51, 0xf8, 0xe9, 0x1e, 0xe3, + 0x66, 0x9f, 0x47, 0x8f, 0x27, 0x29, 0xf1, 0x1a, 0x81, 0xfe, 0x40, 0xb7, 0x60, 0x95, 0x13, 0x16, + 0xe2, 0x28, 0x7c, 0x41, 0x02, 0x9f, 0x3c, 0x4f, 0x99, 0x9f, 0x46, 0x38, 0x51, 0x20, 0xeb, 0x78, + 0xa8, 0xe4, 0x7d, 0xfa, 0x3c, 0x65, 0x3b, 0x11, 0x4e, 0xd0, 0x06, 0xf4, 0x68, 0x26, 0xd2, 0x4c, + 0xf8, 0x06, 0x06, 0x61, 0xa0, 0x30, 0x67, 0x7b, 0x5d, 0x4d, 0x57, 0x59, 0xe7, 0x83, 0x00, 0x7d, + 0x1b, 0x7a, 0x82, 0xe1, 0x03, 0x12, 0xf9, 0x05, 0x18, 0x9d, 0xb6, 0x4a, 0xf8, 0xb2, 0xa6, 0x3f, + 0xce, 0xc9, 0xe8, 0x26, 0x5c, 0x18, 0x67, 0x98, 0xe1, 0x44, 0x10, 0x52, 0x91, 0xee, 0x28, 0x69, + 0x54, 0xb0, 0xca, 0x0d, 0xd7, 0x61, 0x45, 0x8a, 0xd1, 0x4c, 0x54, 0xc4, 0x97, 0x94, 0x78, 0xcf, + 0x30, 0x4a, 0xe1, 0x2e, 0xd4, 0x92, 0x67, 0x0a, 0x6b, 0xb6, 0x57, 0x4b, 0x9e, 0xc9, 0x44, 0x0a, + 0x9a, 0x3e, 0x55, 0x18, 0xb3, 0x3d, 0xf5, 0x2d, 0x8b, 0x28, 0x26, 0x82, 0x85, 0x23, 0x19, 0x16, + 0xa7, 0xa7, 0xf2, 0x50, 0xa1, 0xb8, 0xff, 0xb1, 0x4b, 0x58, 0xf1, 0x2c, 0x12, 0xfc, 0x1c, 0xb0, + 0x3a, 0xcf, 0x4b, 0xa6, 0xc4, 0xa2, 0x5d, 0xc5, 0xe2, 0xdb, 0xd0, 0xd6, 0xc6, 0xe9, 0x9c, 0xd7, + 0x67, 0xed, 0x95, 0x02, 0xb2, 0xca, 0x9e, 0x65, 0x84, 0x85, 0x84, 0x9b, 0xb6, 0x0f, 0x49, 0x16, + 0xff, 0x54, 0x53, 0xd0, 0x05, 0x58, 0x10, 0x34, 0xf5, 0x9f, 0xe6, 0xed, 0x4a, 0xd0, 0xf4, 0x3e, + 0xfa, 0x01, 0xac, 0x71, 0x82, 0x23, 0x12, 0xf8, 0x45, 0x7b, 0xe1, 0x3e, 0x57, 0x6e, 0x93, 0xc0, + 0x69, 0xa8, 0x34, 0x3b, 0x5a, 0x62, 0xb7, 0x10, 0xd8, 0x35, 0x7c, 0x99, 0xc5, 0x91, 0x1e, 0xdb, + 0xa7, 0xb6, 0x35, 0xd5, 0x64, 0x8f, 0x4a, 0x56, 0xb1, 0xe1, 0x63, 0x70, 0xc6, 0x11, 0x1d, 0xe2, + 0xc8, 0x3f, 0x72, 0xaa, 0x7a, 0x42, 0xd8, 0xde, 0x45, 0xcd, 0xdf, 0x9d, 0x39, 0x52, 0xba, 0xc7, + 0xa3, 0x70, 0x44, 0x02, 0x7f, 0x18, 0xd1, 0xa1, 0x03, 0x0a, 0xae, 0xa0, 0x49, 0xb2, 0x5f, 0x49, + 0x98, 0x1a, 0x01, 0x19, 0x86, 0x11, 0xcd, 0x12, 0xa1, 0xc0, 0x67, 0x7b, 0x5d, 0x4d, 0x7f, 0x94, + 0xc5, 0xdb, 0x92, 0x8a, 0xde, 0x81, 0x25, 0x23, 0x49, 0xf7, 0xf6, 0x38, 0x11, 0x0a, 0x75, 0xb6, + 0xd7, 0xd1, 0xc4, 0x9f, 0x28, 0x9a, 0xfb, 0x07, 0x1b, 0x96, 0x3d, 0x19, 0x5d, 0x72, 0x40, 0xfe, + 0x9f, 0xfa, 0xca, 0x71, 0xf5, 0xbd, 0x78, 0xa6, 0xfa, 0x6e, 0x9c, 0xba, 0xbe, 0x9b, 0x67, 0xaa, + 0xef, 0xd6, 0xd9, 0xea, 0x1b, 0xe6, 0xd7, 0xb7, 0xfb, 0xe7, 0xa9, 0xe4, 0xbc, 0x02, 0xd5, 0x79, + 0x0d, 0xec, 0x30, 0xd0, 0xa3, 0x62, 0x7b, 0xd3, 0x99, 0x7b, 0x37, 0x0e, 0xfa, 0xdc, 0x93, 0x42, + 0xb3, 0xf7, 0xe9, 0xc2, 0x99, 0xef, 0xd3, 0x1f, 0xc2, 0xe5, 0xa3, 0x35, 0xcb, 0x4c, 0x38, 0x02, + 0x67, 0x51, 0xe5, 0xee, 0xd2, 0x6c, 0xd1, 0xe6, 0xf1, 0x0a, 0xd0, 0x77, 0x61, 0xb5, 0x52, 0xb5, + 0xe5, 0xc6, 0x86, 0x7e, 0xc3, 0x97, 0xbc, 0x72, 0xcb, 0x49, 0x75, 0xdb, 0x3c, 0xa9, 0x6e, 0xdd, + 0xcf, 0x6d, 0x58, 0xea, 0x93, 0x88, 0x08, 0xf2, 0xf5, 0xb8, 0x77, 0xec, 0xb8, 0xf7, 0x1d, 0x40, + 0x61, 0x22, 0x6e, 0x7f, 0xe0, 0xa7, 0x2c, 0x8c, 0x31, 0x9b, 0xf8, 0x4f, 0xc9, 0x24, 0x6f, 0x88, + 0x3d, 0xc5, 0xd9, 0xd1, 0x8c, 0xfb, 0x64, 0xc2, 0x5f, 0x3a, 0xfe, 0x55, 0xe7, 0x2d, 0xdd, 0x01, + 0x8b, 0x79, 0xeb, 0xfb, 0xd0, 0x99, 0x3a, 0xa2, 0xf3, 0x12, 0xc0, 0xb6, 0xd3, 0xf2, 0x5c, 0xf7, + 0xdf, 0x16, 0xb4, 0x1e, 0x50, 0x1c, 0xa8, 0x97, 0xcf, 0x39, 0xd3, 0x58, 0x0c, 0xb5, 0xb5, 0xd9, + 0xa1, 0xf6, 0x0a, 0x94, 0x8f, 0x17, 0x93, 0xc8, 0xca, 0x6b, 0xa6, 0xf2, 0x2a, 0xa9, 0x4f, 0xbf, + 0x4a, 0xde, 0x86, 0x76, 0x28, 0x0d, 0xf2, 0x53, 0x2c, 0xf6, 0x75, 0x4f, 0x6c, 0x79, 0xa0, 0x48, + 0x3b, 0x92, 0x22, 0x9f, 0x2d, 0xb9, 0x80, 0x7a, 0xb6, 0x2c, 0x9e, 0xfa, 0xd9, 0x62, 0x94, 0xa8, + 0x67, 0xcb, 0xaf, 0x2c, 0x00, 0xe5, 0xb8, 0xec, 0x07, 0x47, 0x95, 0x5a, 0xe7, 0x51, 0x2a, 0x9b, + 0xb5, 0xca, 0x14, 0x89, 0xb0, 0x28, 0x8b, 0x8a, 0x9b, 0xe0, 0x20, 0x99, 0x35, 0xcd, 0x32, 0x05, + 0xc5, 0xdd, 0xdf, 0x59, 0x00, 0xaa, 0x2b, 0x68, 0x33, 0x66, 0xe1, 0x67, 0x9d, 0xfc, 0xa0, 0xab, + 0x4d, 0x87, 0x6e, 0x2b, 0x0f, 0x9d, 0xec, 0x6d, 0xf2, 0x21, 0x3e, 0xc7, 0x87, 0xca, 0x04, 0x9e, + 0x3b, 0x6f, 0xa2, 0xab, 0xbe, 0xdd, 0xdf, 0x5b, 0xd0, 0x31, 0xd6, 0x69, 0x93, 0xa6, 0xb2, 0x6c, + 0xcd, 0x66, 0x59, 0x8d, 0x31, 0x31, 0x65, 0x13, 0x9f, 0x87, 0x2f, 0x88, 0x31, 0x08, 0x34, 0x69, + 0x37, 0x7c, 0x41, 0xa6, 0xc0, 0x6b, 0x4f, 0x83, 0xf7, 0x3a, 0xac, 0x30, 0x32, 0x22, 0x89, 0x88, + 0x26, 0x7e, 0x4c, 0x83, 0x70, 0x2f, 0x24, 0x81, 0x42, 0x43, 0xd3, 0xeb, 0xe5, 0x8c, 0x87, 0x86, + 0xee, 0x7e, 0x6e, 0x41, 0x57, 0x4e, 0x3e, 0x93, 0x47, 0x34, 0x20, 0xda, 0xb2, 0xb3, 0x23, 0xf6, + 0x13, 0xe5, 0x8b, 0x09, 0x8f, 0xfe, 0xc9, 0xfb, 0x9d, 0xe3, 0xfe, 0x41, 0xa9, 0xc4, 0xc0, 0x6b, + 0x72, 0x32, 0xd6, 0x67, 0x6e, 0x99, 0x66, 0x7f, 0xaa, 0x10, 0x97, 0x89, 0x35, 0xfd, 0x5e, 0x87, + 0xf8, 0x97, 0x16, 0xb4, 0x1f, 0xf2, 0xf1, 0x0e, 0xe5, 0xaa, 0x5f, 0xa0, 0xab, 0xd0, 0x31, 0x3d, + 0x5a, 0x37, 0x2b, 0x4b, 0x15, 0x4b, 0x7b, 0x54, 0xfe, 0x80, 0x2a, 0x6f, 0xa9, 0x98, 0x8f, 0x4d, + 0xc6, 0x3b, 0x9e, 0x5e, 0xa0, 0x35, 0x68, 0xc6, 0x7c, 0xac, 0x1e, 0x10, 0xa6, 0xc2, 0x8a, 0xb5, + 0x4c, 0x5b, 0x79, 0xef, 0xd6, 0xd5, 0xbd, 0x5b, 0x12, 0xdc, 0xbf, 0x58, 0x80, 0xcc, 0x0f, 0xb4, + 0x5f, 0xe8, 0x57, 0x76, 0x05, 0xd8, 0xea, 0x8f, 0xc0, 0x35, 0x55, 0xae, 0x53, 0xb4, 0x99, 0xfe, + 0x66, 0x1f, 0xe9, 0x6f, 0xd7, 0x61, 0x25, 0x20, 0x7b, 0x38, 0x8b, 0xaa, 0xa3, 0x82, 0x36, 0xb9, + 0x67, 0x18, 0xe5, 0xa8, 0x70, 0x05, 0xd6, 0xb6, 0x23, 0x82, 0xd9, 0x36, 0x23, 0xc1, 0x67, 0x9c, + 0x30, 0xbe, 0x8d, 0x47, 0xfb, 0xf9, 0x5d, 0x24, 0xfd, 0xea, 0x4a, 0x0e, 0x49, 0x44, 0x88, 0x23, + 0xf5, 0xdf, 0xca, 0x1a, 0x34, 0x33, 0x2e, 0xf3, 0x51, 0x44, 0xb6, 0x58, 0xa3, 0xf7, 0x00, 0x91, + 0x64, 0xc4, 0x26, 0xa9, 0xac, 0xd6, 0x14, 0x73, 0x7e, 0x48, 0x59, 0x60, 0x6e, 0xa4, 0x95, 0x82, + 0xb3, 0x63, 0x18, 0xf2, 0x1d, 0x2e, 0x48, 0x82, 0x13, 0x91, 0x5f, 0x4c, 0x7a, 0x25, 0x31, 0x1e, + 0x72, 0x9f, 0x67, 0x29, 0x61, 0x06, 0xbf, 0x8d, 0x90, 0xef, 0xca, 0xa5, 0xbc, 0xb3, 0xf8, 0x3e, + 0xde, 0xfc, 0xf0, 0x76, 0xa9, 0x5e, 0xdf, 0x45, 0x5d, 0x4d, 0xce, 0x75, 0xbb, 0x9f, 0xc2, 0xca, + 0x83, 0x90, 0x8b, 0x1d, 0x1a, 0x85, 0xa3, 0xc9, 0xb9, 0xaf, 0x56, 0x37, 0x02, 0x54, 0x55, 0xc3, + 0x53, 0x9a, 0x4c, 0x4d, 0x46, 0xd6, 0xe9, 0x27, 0xa3, 0xab, 0xd0, 0x49, 0x95, 0x1a, 0xf5, 0x7f, + 0x61, 0x9e, 0xda, 0xb6, 0xa6, 0xc9, 0xd0, 0xf2, 0x6b, 0x1f, 0x43, 0xab, 0xf8, 0xa7, 0x11, 0xf5, + 0xa0, 0x33, 0x48, 0x42, 0xa1, 0xc6, 0xd1, 0x30, 0x19, 0xf7, 0x5e, 0x43, 0x6d, 0x68, 0xfc, 0x98, + 0xe0, 0x48, 0xec, 0x4f, 0x7a, 0x16, 0xea, 0x40, 0xf3, 0xee, 0x30, 0xa1, 0x2c, 0xc6, 0x51, 0xaf, + 0x76, 0x6d, 0x13, 0x56, 0x8e, 0xfc, 0x04, 0x20, 0x45, 0x3c, 0x7a, 0x28, 0xbd, 0x09, 0x7a, 0xaf, + 0xa1, 0x65, 0x68, 0x6f, 0xd3, 0x28, 0x8b, 0x13, 0x4d, 0xb0, 0xb6, 0x3e, 0xfa, 0xf9, 0x87, 0xe3, + 0x50, 0xec, 0x67, 0x43, 0x69, 0xf0, 0x4d, 0xed, 0xc1, 0x7b, 0x21, 0x35, 0x5f, 0x37, 0xf3, 0xb2, + 0xbb, 0xa9, 0x9c, 0x2a, 0x96, 0xe9, 0x70, 0xb8, 0xa8, 0x28, 0xef, 0xff, 0x37, 0x00, 0x00, 0xff, + 0xff, 0xbf, 0xfd, 0xd1, 0x3d, 0xc3, 0x1d, 0x00, 0x00, } diff --git a/internal/proto/proxy.proto b/internal/proto/proxy.proto index 94b18ad402..f6d1e17031 100644 --- a/internal/proto/proxy.proto +++ b/internal/proto/proxy.proto @@ -47,6 +47,7 @@ message InvalidateCredCacheRequest { message UpdateCredCacheRequest { common.MsgBase base = 1; string username = 2; + // password stored in cache string password = 3; } diff --git a/internal/proto/proxypb/proxy.pb.go b/internal/proto/proxypb/proxy.pb.go index abb56c8ac4..b7fef8d839 100644 --- a/internal/proto/proxypb/proxy.pb.go +++ b/internal/proto/proxypb/proxy.pb.go @@ -193,12 +193,13 @@ func (m *InvalidateCredCacheRequest) GetUsername() string { } type UpdateCredCacheRequest struct { - Base *commonpb.MsgBase `protobuf:"bytes,1,opt,name=base,proto3" json:"base,omitempty"` - Username string `protobuf:"bytes,2,opt,name=username,proto3" json:"username,omitempty"` - Password string `protobuf:"bytes,3,opt,name=password,proto3" json:"password,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + Base *commonpb.MsgBase `protobuf:"bytes,1,opt,name=base,proto3" json:"base,omitempty"` + Username string `protobuf:"bytes,2,opt,name=username,proto3" json:"username,omitempty"` + // password stored in cache + Password string `protobuf:"bytes,3,opt,name=password,proto3" json:"password,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *UpdateCredCacheRequest) Reset() { *m = UpdateCredCacheRequest{} } diff --git a/internal/proto/root_coord.proto b/internal/proto/root_coord.proto index 1d534bcefa..bdcda9e1aa 100644 --- a/internal/proto/root_coord.proto +++ b/internal/proto/root_coord.proto @@ -208,6 +208,6 @@ message GetCredentialResponse { common.Status status = 1; // username string username = 2; - // password + // password stored in etcd/mysql string password = 3; } \ No newline at end of file diff --git a/internal/proto/rootcoordpb/root_coord.pb.go b/internal/proto/rootcoordpb/root_coord.pb.go index cb4087b85b..ec1e377fad 100644 --- a/internal/proto/rootcoordpb/root_coord.pb.go +++ b/internal/proto/rootcoordpb/root_coord.pb.go @@ -604,7 +604,7 @@ type GetCredentialResponse struct { Status *commonpb.Status `protobuf:"bytes,1,opt,name=status,proto3" json:"status,omitempty"` // username Username string `protobuf:"bytes,2,opt,name=username,proto3" json:"username,omitempty"` - // password + // password stored in etcd/mysql Password string `protobuf:"bytes,3,opt,name=password,proto3" json:"password,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` diff --git a/internal/proxy/authentication_interceptor.go b/internal/proxy/authentication_interceptor.go index a06ed9b690..77c232de1a 100644 --- a/internal/proxy/authentication_interceptor.go +++ b/internal/proxy/authentication_interceptor.go @@ -37,7 +37,7 @@ func validAuth(ctx context.Context, authorization []string) bool { return false } - return crypto.PasswordVerify(password, credInfo.EncryptedPassword) + return crypto.PasswordVerify(password, credInfo) } func validSourceID(ctx context.Context, authorization []string) bool { diff --git a/internal/proxy/impl.go b/internal/proxy/impl.go index 4f5ef68f22..d83ae908da 100644 --- a/internal/proxy/impl.go +++ b/internal/proxy/impl.go @@ -3726,8 +3726,8 @@ func (node *Proxy) UpdateCredentialCache(ctx context.Context, request *proxypb.U zap.String("username", request.Username)) credInfo := &internalpb.CredentialInfo{ - Username: request.Username, - EncryptedPassword: request.Password, + Username: request.Username, + Sha256Password: request.Password, } if globalMetaCache != nil { globalMetaCache.UpdateCredential(credInfo) // no need to return error, though credential may be not cached @@ -3795,6 +3795,7 @@ func (node *Proxy) CreateCredential(ctx context.Context, req *milvuspb.CreateCre credInfo := &internalpb.CredentialInfo{ Username: req.Username, EncryptedPassword: encryptedPassword, + Sha256Password: crypto.SHA256(rawPassword, req.Username), } result, err := node.rootCoord.CreateCredential(ctx, credInfo) if err != nil { // for error like conntext timeout etc. @@ -3842,7 +3843,7 @@ func (node *Proxy) UpdateCredential(ctx context.Context, req *milvuspb.UpdateCre Reason: "found no credential:" + req.Username, }, nil } - if !crypto.PasswordVerify(rawOldPassword, oldCredInfo.EncryptedPassword) { + if !crypto.PasswordVerify(rawOldPassword, oldCredInfo) { return &commonpb.Status{ ErrorCode: commonpb.ErrorCode_UpdateCredentialFailure, Reason: "old password is not correct:" + req.Username, @@ -3859,6 +3860,7 @@ func (node *Proxy) UpdateCredential(ctx context.Context, req *milvuspb.UpdateCre } updateCredReq := &internalpb.CredentialInfo{ Username: req.Username, + Sha256Password: crypto.SHA256(rawNewPassword, req.Username), EncryptedPassword: encryptedPassword, } result, err := node.rootCoord.UpdateCredential(ctx, updateCredReq) diff --git a/internal/proxy/meta_cache.go b/internal/proxy/meta_cache.go index bc57c4288a..9415f1f0e2 100644 --- a/internal/proxy/meta_cache.go +++ b/internal/proxy/meta_cache.go @@ -518,11 +518,12 @@ func (m *MetaCache) GetCredentialInfo(ctx context.Context, username string) (*in EncryptedPassword: resp.Password, } m.UpdateCredential(credInfo) + return credInfo, nil } return &internalpb.CredentialInfo{ - Username: credInfo.Username, - EncryptedPassword: credInfo.EncryptedPassword, + Username: credInfo.Username, + Sha256Password: credInfo.Sha256Password, }, nil } @@ -547,13 +548,13 @@ func (m *MetaCache) UpdateCredential(credInfo *internalpb.CredentialInfo) { defer m.credMut.Unlock() // update credMap username := credInfo.Username - password := credInfo.EncryptedPassword _, ok := m.credMap[username] if !ok { m.credMap[username] = &internalpb.CredentialInfo{} } m.credMap[username].Username = username - m.credMap[username].EncryptedPassword = password + m.credMap[username].Sha256Password = credInfo.Sha256Password + m.credMap[username].EncryptedPassword = credInfo.EncryptedPassword } func (m *MetaCache) UpdateCredUsersListCache(usernames []string) { diff --git a/internal/proxy/proxy_test.go b/internal/proxy/proxy_test.go index 26889a47c9..e770187def 100644 --- a/internal/proxy/proxy_test.go +++ b/internal/proxy/proxy_test.go @@ -2082,7 +2082,9 @@ func TestProxy(t *testing.T) { getResp, err := rootCoordClient.GetCredential(ctx, getCredentialReq) assert.NoError(t, err) assert.Equal(t, commonpb.ErrorCode_Success, getResp.Status.ErrorCode) - assert.True(t, crypto.PasswordVerify(newPassword, getResp.Password)) + assert.True(t, crypto.PasswordVerify(newPassword, &internalpb.CredentialInfo{ + EncryptedPassword: getResp.Password, + })) getCredentialReq.Username = "(" getResp, err = rootCoordClient.GetCredential(ctx, getCredentialReq) diff --git a/internal/rootcoord/root_coord.go b/internal/rootcoord/root_coord.go index 34f3cfd7cd..ddbc15bff3 100644 --- a/internal/rootcoord/root_coord.go +++ b/internal/rootcoord/root_coord.go @@ -2837,7 +2837,7 @@ func (c *Core) UpdateCredCache(ctx context.Context, credInfo *internalpb.Credent SourceID: c.session.ServerID, }, Username: credInfo.Username, - Password: credInfo.EncryptedPassword, + Password: credInfo.Sha256Password, } return c.proxyClientManager.UpdateCredentialCache(ctx, &req) } @@ -2862,22 +2862,21 @@ func (c *Core) CreateCredential(ctx context.Context, credInfo *internalpb.Creden if cred, _ := c.MetaTable.getCredential(credInfo.Username); cred != nil { return failStatus(commonpb.ErrorCode_CreateCredentialFailure, "user already exists:"+credInfo.Username), nil } - // update proxy's local cache - err := c.ClearCredUsersCache(ctx) - if err != nil { - log.Error("CreateCredential clear credential username list cache failed", zap.String("role", typeutil.RootCoordRole), - zap.String("username", credInfo.Username), zap.Error(err)) - metrics.RootCoordDDLReqCounter.WithLabelValues(method, metrics.FailLabel).Inc() - return failStatus(commonpb.ErrorCode_CreateCredentialFailure, "CreateCredential failed: "+err.Error()), nil - } // insert to db - err = c.MetaTable.AddCredential(credInfo) + err := c.MetaTable.AddCredential(credInfo) if err != nil { log.Error("CreateCredential save credential failed", zap.String("role", typeutil.RootCoordRole), zap.String("username", credInfo.Username), zap.Error(err)) metrics.RootCoordDDLReqCounter.WithLabelValues(method, metrics.FailLabel).Inc() return failStatus(commonpb.ErrorCode_CreateCredentialFailure, "CreateCredential failed: "+err.Error()), nil } + // update proxy's local cache + err = c.UpdateCredCache(ctx, credInfo) + if err != nil { + log.Warn("CreateCredential add cache failed", zap.String("role", typeutil.RootCoordRole), + zap.String("username", credInfo.Username), zap.Error(err)) + metrics.RootCoordDDLReqCounter.WithLabelValues(method, metrics.FailLabel).Inc() + } log.Debug("CreateCredential success", zap.String("role", typeutil.RootCoordRole), zap.String("username", credInfo.Username)) @@ -2923,18 +2922,18 @@ func (c *Core) UpdateCredential(ctx context.Context, credInfo *internalpb.Creden tr := timerecord.NewTimeRecorder(method) log.Debug("UpdateCredential", zap.String("role", typeutil.RootCoordRole), zap.String("username", credInfo.Username)) - // update proxy's local cache - err := c.UpdateCredCache(ctx, credInfo) + // update data on storage + err := c.MetaTable.AddCredential(credInfo) if err != nil { - log.Error("UpdateCredential update credential cache failed", zap.String("role", typeutil.RootCoordRole), + log.Error("UpdateCredential save credential failed", zap.String("role", typeutil.RootCoordRole), zap.String("username", credInfo.Username), zap.Error(err)) metrics.RootCoordDDLReqCounter.WithLabelValues(method, metrics.FailLabel).Inc() return failStatus(commonpb.ErrorCode_UpdateCredentialFailure, "UpdateCredential failed: "+err.Error()), nil } - // update data on storage - err = c.MetaTable.AddCredential(credInfo) + // update proxy's local cache + err = c.UpdateCredCache(ctx, credInfo) if err != nil { - log.Error("UpdateCredential save credential failed", zap.String("role", typeutil.RootCoordRole), + log.Error("UpdateCredential update cache failed", zap.String("role", typeutil.RootCoordRole), zap.String("username", credInfo.Username), zap.Error(err)) metrics.RootCoordDDLReqCounter.WithLabelValues(method, metrics.FailLabel).Inc() return failStatus(commonpb.ErrorCode_UpdateCredentialFailure, "UpdateCredential failed: "+err.Error()), nil @@ -2953,24 +2952,22 @@ func (c *Core) DeleteCredential(ctx context.Context, in *milvuspb.DeleteCredenti metrics.RootCoordDDLReqCounter.WithLabelValues(method, metrics.TotalLabel).Inc() tr := timerecord.NewTimeRecorder(method) - log.Debug("DeleteCredential", zap.String("role", typeutil.RootCoordRole), - zap.String("username", in.Username)) - // invalidate proxy's local cache - err := c.ExpireCredCache(ctx, in.Username) - if err != nil { - log.Error("DeleteCredential expire credential cache failed", zap.String("role", typeutil.RootCoordRole), - zap.String("username", in.Username), zap.Error(err)) - metrics.RootCoordDDLReqCounter.WithLabelValues(method, metrics.FailLabel).Inc() - return failStatus(commonpb.ErrorCode_DeleteCredentialFailure, "DeleteCredential failed: "+err.Error()), nil - } // delete data on storage - err = c.MetaTable.DeleteCredential(in.Username) + err := c.MetaTable.DeleteCredential(in.Username) if err != nil { log.Error("DeleteCredential remove credential failed", zap.String("role", typeutil.RootCoordRole), zap.String("username", in.Username), zap.Error(err)) metrics.RootCoordDDLReqCounter.WithLabelValues(method, metrics.FailLabel).Inc() return failStatus(commonpb.ErrorCode_DeleteCredentialFailure, "DeleteCredential failed: "+err.Error()), err } + // invalidate proxy's local cache + err = c.ExpireCredCache(ctx, in.Username) + if err != nil { + log.Error("DeleteCredential expire credential cache failed", zap.String("role", typeutil.RootCoordRole), + zap.String("username", in.Username), zap.Error(err)) + metrics.RootCoordDDLReqCounter.WithLabelValues(method, metrics.FailLabel).Inc() + return failStatus(commonpb.ErrorCode_DeleteCredentialFailure, "DeleteCredential failed: "+err.Error()), nil + } log.Debug("DeleteCredential success", zap.String("role", typeutil.RootCoordRole), zap.String("username", in.Username)) diff --git a/internal/util/crypto/crypto.go b/internal/util/crypto/crypto.go index 99e4101398..2e8e1e15fd 100644 --- a/internal/util/crypto/crypto.go +++ b/internal/util/crypto/crypto.go @@ -1,17 +1,28 @@ package crypto import ( + "crypto/sha256" "encoding/base64" + "encoding/hex" "github.com/milvus-io/milvus/internal/log" + "github.com/milvus-io/milvus/internal/proto/internalpb" "go.uber.org/zap" - "golang.org/x/crypto/bcrypt" ) +func SHA256(src string, salt string) string { + h := sha256.New() + h.Write([]byte(src + salt)) + sum := h.Sum(nil) + s := hex.EncodeToString(sum) + + return s +} + // PasswordEncrypt encrypt password func PasswordEncrypt(pwd string) (string, error) { - bytes, err := bcrypt.GenerateFromPassword([]byte(pwd), bcrypt.DefaultCost) + bytes, err := bcrypt.GenerateFromPassword([]byte(pwd), bcrypt.MinCost) if err != nil { return "", err } @@ -19,9 +30,16 @@ func PasswordEncrypt(pwd string) (string, error) { return string(bytes), err } -// PasswordVerify verify encrypted password -func PasswordVerify(pwd, hashPwd string) bool { - err := bcrypt.CompareHashAndPassword([]byte(hashPwd), []byte(pwd)) +// PasswordVerify verify password +func PasswordVerify(rawPwd string, credInfo *internalpb.CredentialInfo) bool { + // 1. hit cache + if credInfo.Sha256Password != "" { + encryped := SHA256(rawPwd, credInfo.Username) + return encryped == credInfo.Sha256Password + } + + // 2. miss cache, verify against encrypted password from etcd + err := bcrypt.CompareHashAndPassword([]byte(credInfo.EncryptedPassword), []byte(rawPwd)) if err != nil { log.Error("Verify password failed", zap.Error(err)) } diff --git a/internal/util/crypto/crypto_test.go b/internal/util/crypto/crypto_test.go index 58c3e24cb7..286a7bcd03 100644 --- a/internal/util/crypto/crypto_test.go +++ b/internal/util/crypto/crypto_test.go @@ -1,42 +1,65 @@ package crypto import ( - "encoding/json" - "fmt" "testing" - "github.com/golang/protobuf/proto" "github.com/milvus-io/milvus/internal/proto/internalpb" - "github.com/milvus-io/milvus/internal/util" "github.com/stretchr/testify/assert" + "golang.org/x/crypto/bcrypt" ) -func TestPasswordVerify(t *testing.T) { +func TestPasswordVerify_HitCache(t *testing.T) { wrongPassword := "test_my_name" correctPassword := "test_my_pass_new" - hashedPass, _ := PasswordEncrypt(correctPassword) - assert.True(t, PasswordVerify(correctPassword, "$2a$10$3H9DLiHyPxJ29bMWRNyueOrGkbzJfE3BAR159ju3UetytAoKk7Ne2")) - assert.False(t, PasswordVerify(wrongPassword, hashedPass)) + credInfo := &internalpb.CredentialInfo{ + Username: "root", + Sha256Password: "bcca79df9650cef1d7ed9f63449d7f8a27843d2678f5666f38ca65ab77d99a13", + } + assert.True(t, PasswordVerify(correctPassword, credInfo)) + assert.False(t, PasswordVerify(wrongPassword, credInfo)) } -func TestMarshalAndPasswordVerify(t *testing.T) { - encryptedRootPassword, _ := PasswordEncrypt(util.DefaultRootPassword) - credInfo := &internalpb.CredentialInfo{Username: util.UserRoot, EncryptedPassword: encryptedRootPassword} - v, _ := proto.Marshal(&internalpb.CredentialInfo{EncryptedPassword: credInfo.EncryptedPassword}) - fmt.Println(string(v)) - - credentialInfo := internalpb.CredentialInfo{} - proto.Unmarshal(v, &credentialInfo) - assert.True(t, PasswordVerify(util.DefaultRootPassword, credentialInfo.EncryptedPassword)) +func TestPasswordVerify_MissCache(t *testing.T) { + wrongPassword := "test_my_name" + correctPassword := "test_my_pass_new" + credInfo := &internalpb.CredentialInfo{ + EncryptedPassword: "$2a$10$3H9DLiHyPxJ29bMWRNyueOrGkbzJfE3BAR159ju3UetytAoKk7Ne2", + } + assert.True(t, PasswordVerify(correctPassword, credInfo)) + assert.False(t, PasswordVerify(wrongPassword, credInfo)) } -func TestJsonMarshalAndPasswordVerify(t *testing.T) { - encryptedRootPassword, _ := PasswordEncrypt(util.DefaultRootPassword) - credInfo := &internalpb.CredentialInfo{Username: util.UserRoot, EncryptedPassword: encryptedRootPassword} - v, _ := json.Marshal(&internalpb.CredentialInfo{EncryptedPassword: credInfo.EncryptedPassword}) - fmt.Println(string(v)) +//func BenchmarkPasswordVerify(b *testing.B) { +// correctPassword := "test_my_pass_new" +// credInfo := &internalpb.CredentialInfo{ +// Username: "root", +// Sha256Password: "bcca79df9650cef1d7ed9f63449d7f8a27843d2678f5666f38ca65ab77d99a13", +// } +// b.ResetTimer() +// for n := 0; n < b.N; n++ { +// PasswordVerify(correctPassword, credInfo) +// } +//} - credentialInfo := internalpb.CredentialInfo{} - json.Unmarshal(v, &credentialInfo) - assert.True(t, PasswordVerify(util.DefaultRootPassword, credentialInfo.EncryptedPassword)) +func TestBcryptCompare(t *testing.T) { + wrongPassword := "test_my_name" + correctPassword := "test_my_pass_new" + + err := bcrypt.CompareHashAndPassword([]byte("$2a$10$3H9DLiHyPxJ29bMWRNyueOrGkbzJfE3BAR159ju3UetytAoKk7Ne2"), []byte(correctPassword)) + assert.NoError(t, err) + + err = bcrypt.CompareHashAndPassword([]byte("$2a$10$3H9DLiHyPxJ29bMWRNyueOrGkbzJfE3BAR159ju3UetytAoKk7Ne2"), []byte(wrongPassword)) + assert.Error(t, err) +} + +func TestBcryptCost(t *testing.T) { + correctPassword := "test_my_pass_new" + + bytes, _ := bcrypt.GenerateFromPassword([]byte(correctPassword), bcrypt.DefaultCost) + err := bcrypt.CompareHashAndPassword(bytes, []byte(correctPassword)) + assert.NoError(t, err) + + bytes, _ = bcrypt.GenerateFromPassword([]byte(correctPassword), bcrypt.MinCost) + err = bcrypt.CompareHashAndPassword(bytes, []byte(correctPassword)) + assert.NoError(t, err) }