Revert "Xdb 402 decode password (#201)" (#202)

This reverts commit 8530321.

Author: MarkSh1

fdbcli/fdbcli.actor.cpp

@@ -104,8 +104,7 @@ enum {
 	OPT_DEBUG_TLS,
 	OPT_API_VERSION,
 	OPT_MEMORY,
-	OPT_USE_FUTURE_PROTOCOL_VERSION,
-    OPT_ENCRYPT
+	OPT_USE_FUTURE_PROTOCOL_VERSION
 };
 
 CSimpleOpt::SOption g_rgOptions[] = { { OPT_CONNFILE, "-C", SO_REQ_SEP },
@@ -131,7 +130,6 @@ CSimpleOpt::SOption g_rgOptions[] = { { OPT_CONNFILE, "-C", SO_REQ_SEP },
 	                                  { OPT_API_VERSION, "--api-version", SO_REQ_SEP },
 	                                  { OPT_MEMORY, "--memory", SO_REQ_SEP },
 	                                  { OPT_USE_FUTURE_PROTOCOL_VERSION, "--use-future-protocol-version", SO_NONE },
-                                      { OPT_ENCRYPT, "--encrypt", SO_REQ_SEP },
 	                                  TLS_OPTION_FLAGS,
 	                                  SO_END_OF_OPTIONS };
 
@@ -505,11 +503,6 @@ static void printProgramUsage(const char* name) {
 	       "  --use-future-protocol-version\n"
 	       "                 Use the simulated future protocol version to connect to the cluster.\n"
 	       "                 This option can be used testing purposes only!\n"
-	       "  --encrypt PASSWORD\n"
-	       "                 Encrypts the specified password and prints the encrypted password\n"
-	       "                 with the `encrypted:' prefix. The encrypted password can be used\n"
-	       "                 with --tls-password option. This option causes fdbcli to encrypt\n"
-	       "                 the password and exit.\n"
 	       "  -v, --version  Print FoundationDB CLI version information and exit.\n"
 	       "  -h, --help     Display this help and exit.\n");
 }
@@ -906,6 +899,7 @@ void LogCommand(std::string line, UID randomID, std::string errMsg) {
 	printf("%s\n", errMsg.c_str());
 	TraceEvent(SevInfo, "CLICommandLog", randomID).detail("Command", line).detail("Error", errMsg);
 }
+
 struct CLIOptions {
 	std::string program_name;
 	int exit_code = -1;
@@ -929,7 +923,6 @@ struct CLIOptions {
 	std::string tlsCAPath;
 	std::string tlsPassword;
 	uint64_t memLimit = 8uLL << 30;
-    Optional<std::string> encrypt;
 
 	std::vector<std::pair<std::string, std::string>> knobs;
 
@@ -1069,9 +1062,6 @@ struct CLIOptions {
 			knobs.emplace_back(knobName.get(), args.OptionArg());
 			break;
 		}
-		case OPT_ENCRYPT:
-			encrypt = args.OptionArg();
-			break;
 		case OPT_DEBUG_TLS:
 			debugTLS = true;
 			break;
@@ -2395,16 +2385,6 @@ int main(int argc, char** argv) {
 	if (opt.exit_code != -1)
 		return opt.exit_code;
 
-	if (opt.encrypt.present()) {
-		std::string encrypted;
-		if (!TLSConfig::encodePassword(opt.encrypt.get(), encrypted)) {
-			fprintf(stderr, "ERROR: Failed to encrypt password\n");
-			return 1;
-		}
-		printf("%s\n", encrypted.c_str());
-		return 0;
-	}
-
 	if (opt.trace) {
 		if (opt.traceDir.empty())
 			setNetworkOption(FDBNetworkOptions::TRACE_ENABLE);

flow/TLSConfig.actor.cpp

@@ -832,78 +832,3 @@ bool TLSPolicy::verify_peer(bool preverified, X509_STORE_CTX* store_ctx) {
 	}
 	return rc;
 }
-struct CryptoLibHandle {
-	void* lib = nullptr;
-	void* func = nullptr;
-
-	CryptoLibHandle(std::string_view funcName) {
-		const char* libName = "libnscipher-crypto.so";
-		lib = loadLibrary(libName);
-		if (!lib) {
-			TraceEvent(SevError, "ExternalLibLoadError").detail("Library", libName);
-			return;
-		}
-		func = loadFunction(lib, funcName.data());
-		if (!func) {
-			TraceEvent(SevError, "ExternalLibFunctionLoadError")
-			    .detail("Function", funcName)
-			    .detail("Library", libName);
-			fprintf(stderr, "ERROR: Failed to load '%s' function\n", funcName.data());
-			closeLibrary(lib);
-			lib = nullptr;
-		}
-	}
-	explicit operator bool() const { return func != nullptr; }
-	~CryptoLibHandle() {
-		if (lib)
-			closeLibrary(lib);
-	}
-};
-
-static bool processWithCrypto(std::string_view funcName, const std::string& input, std::string& output) {
-	constexpr int bufLen = 1024; // Assume max size of encrypted and decrypted password is 1024
-	CryptoLibHandle cryptoHandle(funcName);
-
-	if (!cryptoHandle) {
-		return false;
-	}
-
-	int outputLen = bufLen;
-
-	char buf[bufLen]{};
-
-	auto func = reinterpret_cast<int (*)(const char*, char*, int*)>(cryptoHandle.func);
-	if (int rc = func(input.c_str(), buf, &outputLen); rc != 0) {
-		fprintf(stderr, "ERROR: Failed to exec function (rc=%d)\n", rc);
-		TraceEvent(SevError, "ErrorExecFunction").detail("ReturnCode", rc);
-		return false;
-	}
-	output.assign(buf, outputLen);
-	return true;
-}
-
-constexpr std::string_view encryptedPrefix = "encrypted:";
-
-bool TLSConfig::encodePassword(const std::string& plainPassword, std::string& encoded) {
-	if (processWithCrypto("crypt", plainPassword, encoded)) {
-		encoded.insert(0, encryptedPrefix);
-		return true;
-	}
-	return false;
-}
-
-void TLSConfig::setPassword(const std::string& password) {
-	if (password.size() > encryptedPrefix.size() && password.starts_with(encryptedPrefix)) {
-
-		std::string decoded;
-
-		if (processWithCrypto("decrypt", password.substr(encryptedPrefix.size()), decoded)) {
-			tlsPassword = std::move(decoded);
-		} else {
-			tlsPassword.clear();
-			TraceEvent(SevError, "FailedToDecryptPassword");
-		}
-	} else {
-		tlsPassword = password;
-	}
-}

flow/include/flow/TLSConfig.actor.h

@@ -173,9 +173,7 @@ class TLSConfig {
 		tlsCAPath = "";
 	}
 
-	void setPassword(const std::string& password);
-
-	static bool encodePassword(const std::string& plainPassword, std::string& encoded);
+	void setPassword(const std::string& password) { tlsPassword = password; }
 
 	void clearVerifyPeers() { tlsVerifyPeers.clear(); }