From 585814082b8c8b7db272b30b365b81d27df4a4cb Mon Sep 17 00:00:00 2001 From: Hitoshi Mitake Date: Sun, 26 Apr 2020 23:23:02 +0900 Subject: [PATCH] etcdserver: don't let InternalAuthenticateRequest have password --- etcdserver/v3_server.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/etcdserver/v3_server.go b/etcdserver/v3_server.go index 76ca8dee0..74e679c3b 100644 --- a/etcdserver/v3_server.go +++ b/etcdserver/v3_server.go @@ -378,9 +378,10 @@ func (s *EtcdServer) Authenticate(ctx context.Context, r *pb.AuthenticateRequest return nil, err } + // internalReq doesn't need to have Password because the above s.AuthStore().CheckPassword() already did it. + // In addition, it will let a WAL entry not record password as a plain text. internalReq := &pb.InternalAuthenticateRequest{ Name: r.Name, - Password: r.Password, SimpleToken: st, }