From 847ce989e65b48e989e3c09795871866e6d30707 Mon Sep 17 00:00:00 2001 From: David <8039876+AmoebaProtozoa@users.noreply.github.com> Date: Fri, 7 Jul 2023 15:11:35 +0800 Subject: [PATCH] turn on validate password and set special char count to 0 (#464) * serverless version 16 Signed-off-by: AmoebaProtozoa <8039876+AmoebaProtozoa@users.noreply.github.com> * fix typo in comments Signed-off-by: AmoebaProtozoa <8039876+AmoebaProtozoa@users.noreply.github.com> * set special char to 0 Signed-off-by: AmoebaProtozoa <8039876+AmoebaProtozoa@users.noreply.github.com> --------- Signed-off-by: AmoebaProtozoa <8039876+AmoebaProtozoa@users.noreply.github.com> --- session/bootstrap_serverless.go | 21 +++++++++++++++++++-- util/sem/strict_sem.go | 2 -- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/session/bootstrap_serverless.go b/session/bootstrap_serverless.go index ad526ca1f6704..b4bb3dd757087 100644 --- a/session/bootstrap_serverless.go +++ b/session/bootstrap_serverless.go @@ -60,8 +60,10 @@ const ( serverlessVersion13 = 13 // serverlessVersion14 reverts the change of serverlessVersion11. serverlessVersion14 = 14 - // serverlessVersion10 rename user cloud_admin to prefix.cloud_admin`. + // serverlessVersion15 rename user cloud_admin to prefix.cloud_admin`. serverlessVersion15 = 15 + // serverlessVersion16 sets the global variable `validate_password.Enable` to `ON`. + serverlessVersion16 = 16 ) const ( @@ -75,7 +77,7 @@ const ( // currentServerlessVersion is defined as a variable, so we can modify its value for testing. // please make sure this is the largest version -var currentServerlessVersion int64 = serverlessVersion15 +var currentServerlessVersion int64 = serverlessVersion16 var bootstrapServerlessVersion = []func(Session, int64){ upgradeToServerlessVer2, @@ -92,6 +94,7 @@ var bootstrapServerlessVersion = []func(Session, int64){ upgradeToServerlessVer13, upgradeToServerlessVer14, upgradeToServerlessVer15, + upgradeToServerlessVer16, } // updateServerlessVersion updates serverless version variable in mysql.TiDB table. @@ -407,6 +410,14 @@ func upgradeToServerlessVer15(s Session, ver int64) { } } +func upgradeToServerlessVer16(s Session, ver int64) { + if ver >= serverlessVersion16 { + return + } + mustExecute(s, "set @@global.validate_password.special_char_count = 0") + mustExecute(s, "set @@global.validate_password.enable = ON") +} + // Serverless bootstrap procedures. // NOTE: The following methods will only be executed once at doDMLWorks during TiDB Bootstrap, // therefore any modification of it requires addition to the serverless version upgrade function above @@ -449,6 +460,12 @@ func bootstrapServerlessVariables(s Session) { defaultMaxExecutionTime, defaultMaxExecutionTime, ) + mustExecute(s, `INSERT HIGH_PRIORITY INTO %n.%n VALUES(%?, %?) ON DUPLICATE KEY UPDATE VARIABLE_VALUE=%?`, + mysql.SystemDB, mysql.GlobalVariablesTable, variable.ValidatePasswordSpecialCharCount, 0, 0, + ) + mustExecute(s, `INSERT HIGH_PRIORITY INTO %n.%n VALUES(%?, %?) ON DUPLICATE KEY UPDATE VARIABLE_VALUE=%?`, + mysql.SystemDB, mysql.GlobalVariablesTable, variable.ValidatePasswordEnable, variable.On, variable.On, + ) } // bootstrapServerlessRoot writes root user's privilege into mysql.user. diff --git a/util/sem/strict_sem.go b/util/sem/strict_sem.go index 38c488eaeb759..812ddd6dbfffa 100644 --- a/util/sem/strict_sem.go +++ b/util/sem/strict_sem.go @@ -27,7 +27,6 @@ func enableStrictMode() { variable.SetSysVarMin(variable.ValidatePasswordMixedCaseCount, 1) variable.SetSysVarMin(variable.ValidatePasswordNumberCount, 1) variable.SetSysVarPossibleValues(variable.ValidatePasswordPolicy, []string{"MEDIUM", "STRONG"}) - variable.SetSysVarMin(variable.ValidatePasswordSpecialCharCount, 1) } // disableStrictMode changes variable's default value and restrictions back to normal. @@ -36,7 +35,6 @@ func disableStrictMode() { variable.SetSysVarMin(variable.ValidatePasswordMixedCaseCount, 0) variable.SetSysVarMin(variable.ValidatePasswordNumberCount, 0) variable.SetSysVarPossibleValues(variable.ValidatePasswordPolicy, []string{"LOW", "MEDIUM", "STRONG"}) - variable.SetSysVarMin(variable.ValidatePasswordSpecialCharCount, 0) } // IsStrictMode checks if sem is in strict mode.