etcdserver: don't let InternalAuthenticateRequest have password

etcd-io · Jun 23, 2020 · 5858140 · 5858140
1 parent c511894
commit 5858140
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/etcdserver/v3_server.go b/etcdserver/v3_server.go
@@ -378,9 +378,10 @@ func (s *EtcdServer) Authenticate(ctx context.Context, r *pb.AuthenticateRequest
 			return nil, err
 		}
 
+		// internalReq doesn't need to have Password because the above s.AuthStore().CheckPassword() already did it.
+		// In addition, it will let a WAL entry not record password as a plain text.
 		internalReq := &pb.InternalAuthenticateRequest{
 			Name:        r.Name,
-			Password:    r.Password,
 			SimpleToken: st,
 		}