Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

*: support password validation options and variables #38953

Merged
merged 33 commits into from
Nov 24, 2022

Conversation

CbcWestwolf
Copy link
Member

@CbcWestwolf CbcWestwolf commented Nov 7, 2022

What problem does this PR solve?

Issue Number: close #38928 #38924

Problem Summary:

We need to improve the compatibility with MySQL in password validation.

What is changed and how it works?

Most of the feature is the same as MySQL's, except that:

  1. Since TiDB does not have a mechanism like components in MySQL, we add a new global variable validate_password.enable to turn on/off the validation.
  2. We introduce validate_password.dictionary instead of validate_password.dictionary_file, since it is hard to upload the dictionary file to the tidb-servers's local file systems.

Check List

Tests

  • Unit test
  • Integration test
  • Manual test (add detailed scripts or steps below)
  • No code

Side effects

  • Performance regression: Consumes more CPU
  • Performance regression: Consumes more Memory
  • Breaking backward compatibility

Documentation

  • Affects user behaviors
  • Contains syntax changes
  • Contains variable changes
  • Contains experimental features
  • Changes MySQL compatibility

Release note

Please refer to Release Notes Language Style Guide to write a quality release note.

1. support password validation when `create user`, `alter user` and `set password`
3. introduce system variables about password validation
4. support system function `validate_password_strength`

@ti-chi-bot
Copy link
Member

ti-chi-bot commented Nov 7, 2022

[REVIEW NOTIFICATION]

This pull request has been approved by:

  • bb7133
  • wjhuang2016

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by submitting an approval review.
Reviewer can cancel approval by submitting a request changes review.

@ti-chi-bot ti-chi-bot added do-not-merge/invalid-title do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. release-note-none Denotes a PR that doesn't merit a release note. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Nov 7, 2022
@CbcWestwolf CbcWestwolf changed the title Add system variables *: support password validation options and variables Nov 7, 2022
@ti-chi-bot ti-chi-bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Nov 8, 2022
@ti-chi-bot ti-chi-bot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Nov 8, 2022
@ti-chi-bot ti-chi-bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed release-note-none Denotes a PR that doesn't merit a release note. labels Nov 9, 2022
@CbcWestwolf CbcWestwolf marked this pull request as ready for review November 9, 2022 08:39
@CbcWestwolf CbcWestwolf requested a review from a team as a code owner November 9, 2022 08:39
@ti-chi-bot ti-chi-bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Nov 9, 2022
@CbcWestwolf
Copy link
Member Author

/cc wjhuang2016 xhebox

@CbcWestwolf
Copy link
Member Author

/cc xiongjiwei

@ti-chi-bot ti-chi-bot requested a review from xiongjiwei November 9, 2022 08:43
@ti-chi-bot ti-chi-bot added the status/LGT1 Indicates that a PR has LGTM 1. label Nov 18, 2022
executor/simple.go Outdated Show resolved Hide resolved
return false
}

func (e *SimpleExec) enableValidatePassword() bool {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
func (e *SimpleExec) enableValidatePassword() bool {
func (e *SimpleExec) isValidatePasswordenabled() bool {

Comment on lines 36 to 39
pwdLength := len(pwd)
if err != nil {
return false, err
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
pwdLength := len(pwd)
if err != nil {
return false, err
}
if err != nil {
return false, err
}
pwdLength := len(pwd)

if len(words) == 0 {
return true, nil
}
cache := make(map[string]interface{}, len(words))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
cache := make(map[string]interface{}, len(words))
cache := make(map[string]struct{}, len(words))

for _, word := range words {
word = strings.ToLower(word)
if len(word) >= minPwdValidationLength && len(word) <= maxPwdValidationLength {
cache[word] = nil
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
cache[word] = nil
cache[word] = struct{}{}

Copy link
Member

@bb7133 bb7133 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ti-chi-bot ti-chi-bot added status/LGT2 Indicates that a PR has LGTM 2. and removed status/LGT1 Indicates that a PR has LGTM 1. labels Nov 24, 2022
@@ -117,7 +115,6 @@ var noopSysVars = []*SysVar{
{Scope: ScopeNone, Name: "innodb_log_group_home_dir", Value: "./"},
{Scope: ScopeNone, Name: "performance_schema_events_statements_history_size", Value: "10"},
{Scope: ScopeGlobal, Name: GeneralLog, Value: Off, Type: TypeBool},
{Scope: ScopeGlobal, Name: "validate_password_dictionary_file", Value: ""},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this variable is still noop in tidb

PasswordValidtaionNumberCount.Store(int32(TidbOptInt64(val, 1)))
return nil
}, GetGlobal: func(_ context.Context, s *SessionVars) (string, error) {
return fmt.Sprintf("%d", PasswordValidtaionNumberCount.Load()), nil
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

strconv.FormatInt(PasswordValidtaionNumberCount.Load(), 10) has better performance

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Modified :-)

@xiongjiwei
Copy link
Contributor

/merge

@ti-chi-bot
Copy link
Member

This pull request has been accepted and is ready to merge.

Commit hash: 9b7e323

@ti-chi-bot ti-chi-bot added the status/can-merge Indicates a PR has been approved by a committer. label Nov 24, 2022
@CbcWestwolf
Copy link
Member Author

/run-unit-test

@ti-chi-bot ti-chi-bot merged commit e205f93 into pingcap:master Nov 24, 2022
@sre-bot
Copy link
Contributor

sre-bot commented Nov 24, 2022

TiDB MergeCI notify

✅ Well Done! New fixed [2] after this pr merged.

CI Name Result Duration Compare with Parent commit
idc-jenkins-ci-tidb/mybatis-test 🔴 failed 1, success 0, total 1 11 min Existing failure
idc-jenkins-ci-tidb/integration-ddl-test 🔴 failed 1, success 5, total 6 4 min 59 sec Existing failure
idc-jenkins-ci/integration-cdc-test ✅ all 39 tests passed 19 min Fixed
idc-jenkins-ci-tidb/common-test ✅ all 11 tests passed 13 min Fixed
idc-jenkins-ci-tidb/sqllogic-test-2 🟢 all 28 tests passed 32 min Existing passed
idc-jenkins-ci-tidb/integration-common-test 🟢 all 17 tests passed 14 min Existing passed
idc-jenkins-ci-tidb/tics-test 🟢 all 1 tests passed 5 min 39 sec Existing passed
idc-jenkins-ci-tidb/sqllogic-test-1 🟢 all 26 tests passed 5 min 9 sec Existing passed
idc-jenkins-ci-tidb/integration-compatibility-test 🟢 all 1 tests passed 2 min 40 sec Existing passed
idc-jenkins-ci-tidb/plugin-test 🟢 build success, plugin test success 4min Existing passed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. status/can-merge Indicates a PR has been approved by a committer. status/LGT2 Indicates that a PR has LGTM 2.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Support Password Validation Options and Variables
6 participants