From 5035e48bb528d2c7a68e769bb62edafaa3aeb93f Mon Sep 17 00:00:00 2001 From: Gao Zhiyuan Date: Mon, 26 Nov 2018 10:03:37 -0500 Subject: [PATCH] executor, sessionctx: add checks for system variable validate_password_xxxx (#8227) --- executor/set_test.go | 9 +++++++++ go.sum | 2 ++ sessionctx/variable/sysvar.go | 7 +++++-- sessionctx/variable/varsutil.go | 2 ++ 4 files changed, 18 insertions(+), 2 deletions(-) diff --git a/executor/set_test.go b/executor/set_test.go index b82cf70eb4..f3e6eacbf8 100644 --- a/executor/set_test.go +++ b/executor/set_test.go @@ -516,6 +516,15 @@ func (s *testSuite) TestValidateSetVar(c *C) { tk.MustExec("set @@innodb_lock_wait_timeout = 1073741825") tk.MustQuery("show warnings").Check(testutil.RowsWithSep("|", "Warning|1292|Truncated incorrect innodb_lock_wait_timeout value: '1073741825'")) + tk.MustExec("set @@global.validate_password_number_count=-1") + tk.MustQuery("show warnings").Check(testutil.RowsWithSep("|", "Warning|1292|Truncated incorrect validate_password_number_count value: '-1'")) + + tk.MustExec("set @@global.validate_password_length=-1") + tk.MustQuery("show warnings").Check(testutil.RowsWithSep("|", "Warning|1292|Truncated incorrect validate_password_length value: '-1'")) + + tk.MustExec("set @@global.validate_password_length=8") + tk.MustQuery("show warnings").Check(testkit.Rows()) + _, err = tk.Exec("set @@tx_isolation=''") c.Assert(terror.ErrorEqual(err, variable.ErrWrongValueForVar), IsTrue, Commentf("err %v", err)) diff --git a/go.sum b/go.sum index f40c13547d..2fd165738a 100644 --- a/go.sum +++ b/go.sum @@ -7,6 +7,8 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03 github.com/Shopify/sarama v1.16.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= github.com/Shopify/toxiproxy v2.1.3+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= +github.com/alapha23/parser v0.0.0-20181126070418-f5119577d517 h1:TfOLSy1ypCKqWjSwpV9zx4yyX5GNoJvsQM3KBReoT6Y= +github.com/alapha23/parser v0.0.0-20181126070418-f5119577d517/go.mod h1:43oaFTPY5wIvNxt3TSa+1SZtJ645w/1AlsDmSioWtuQ= github.com/apache/thrift v0.0.0-20161221203622-b2a4d4ae21c7 h1:CZI8h5fmYwCCvd2RMSsjLqHN6OqABlWJweFKxz4vdEs= github.com/apache/thrift v0.0.0-20161221203622-b2a4d4ae21c7/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/beorn7/perks v0.0.0-20160229213445-3ac7bf7a47d1/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= diff --git a/sessionctx/variable/sysvar.go b/sessionctx/variable/sysvar.go index 07c60956c3..d702dd66b7 100644 --- a/sessionctx/variable/sysvar.go +++ b/sessionctx/variable/sysvar.go @@ -127,6 +127,7 @@ var defaultSysVars = []*SysVar{ {ScopeGlobal, "slave_pending_jobs_size_max", "16777216"}, {ScopeNone, "innodb_sync_array_size", "1"}, {ScopeSession, "rand_seed2", ""}, + {ScopeGlobal, "validate_password_check_user_name", "OFF"}, {ScopeGlobal, "validate_password_number_count", "1"}, {ScopeSession, "gtid_next", ""}, {ScopeGlobal | ScopeSession, SQLSelectLimit, "18446744073709551615"}, @@ -270,7 +271,6 @@ var defaultSysVars = []*SysVar{ {ScopeNone, "performance_schema_max_file_classes", "50"}, {ScopeGlobal, "expire_logs_days", "0"}, {ScopeGlobal | ScopeSession, "binlog_rows_query_log_events", "OFF"}, - {ScopeGlobal, "validate_password_policy", "1"}, {ScopeGlobal, "default_password_lifetime", ""}, {ScopeNone, "pid_file", "/usr/local/mysql/data/localhost.pid"}, {ScopeNone, "innodb_undo_tablespaces", "0"}, @@ -597,7 +597,6 @@ var defaultSysVars = []*SysVar{ {ScopeNone, "innodb_ft_max_token_size", "84"}, {ScopeGlobal, "validate_password_length", "8"}, {ScopeGlobal, "ndb_log_binlog_index", ""}, - {ScopeGlobal, "validate_password_mixed_case_count", "1"}, {ScopeGlobal, "innodb_api_bk_commit_interval", "5"}, {ScopeNone, "innodb_undo_directory", "."}, {ScopeNone, "bind_address", "*"}, @@ -775,6 +774,10 @@ const ( SyncBinlog = "sync_binlog" // BlockEncryptionMode is the name for 'block_encryption_mode' system variable. BlockEncryptionMode = "block_encryption_mode" + // ValidatePasswordNumberCount is the name of 'validate_password_number_count' system variable. + ValidatePasswordNumberCount = "validate_password_number_count" + // ValidatePasswordLength is the name of 'validate_password_length' system variable. + ValidatePasswordLength = "validate_password_length" ) // GlobalVarAccessor is the interface for accessing global scope system and status variables. diff --git a/sessionctx/variable/varsutil.go b/sessionctx/variable/varsutil.go index 28d5671921..79143d0155 100644 --- a/sessionctx/variable/varsutil.go +++ b/sessionctx/variable/varsutil.go @@ -295,6 +295,8 @@ func ValidateSetSystemVar(vars *SessionVars, name string, value string) (string, return "SYSTEM", nil } return value, nil + case ValidatePasswordLength, ValidatePasswordNumberCount: + return checkUInt64SystemVar(name, value, 0, math.MaxUint64, vars) case WarningCount, ErrorCount: return value, ErrReadOnly.GenWithStackByArgs(name) case GeneralLog, TiDBGeneralLog, AvoidTemporalUpgrade, BigTables, CheckProxyUsers, CoreFile, EndMakersInJSON, SQLLogBin, OfflineMode,