Merged
Conversation
Contributor
|
/LGTM |
tiancaiamao
reviewed
Jun 1, 2021
This allows validating passwords against the `authentication_string` data that MySQL stores for caching_sha2 passwords. Related: - pingcap/tidb#9411
Contributor
Author
|
I think we should clone this PR and continue with #1236 which includes the work from this PR |
Collaborator
|
/LGTM |
ti-srebot
approved these changes
Jun 2, 2021
Collaborator
|
I'd rather merge this on first, 400 lines changes is already quite large. |
Collaborator
|
/merge |
Contributor
|
/run-all-tests |
Contributor
|
@dveeden merge failed. |
dveeden
added a commit
to dveeden/tidb
that referenced
this pull request
Jun 30, 2021
Issue link: pingcap#9411 What this does: - Check the `plugin` column of the `mysql.user` table. - Based on the plugin from the user record and the plugin the client sent we may need to switch the authentication plugin to match the one from the user record - For accounts with `caching_sha2_password` send the "fast authentication failed" response to trigger full authentication. - call `auth.CheckShaPassword` to validate the user. Implemented functionality: - Full authentication with `caching_sha2_password` over TLS - The `default_authentication_plugin` variable - `CREATE USER... IDENTIFIED WITH 'caching_sha2_password'...` - `SET PASSWORD...` - `ALTER USER ... IDENTIFIED BY...` Missing functionality: - Support for the RSA public key request packet & response - Support for RSA key based secret exchange - Fast authentication (validate against cached entry) Related: - Requires pingcap/parser#1232 - pingcap#24141 makes testing of this easier, but this is not required.
8 tasks
8 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What problem does this PR solve?
For improved compatibility with MySQL 8.0 TiDB needs to support the
caching_sha2authentication method.This implements the validation of passwords for this authentication format.
Related:
What is changed and how it works?
mysql_native_passwordrelated code fromauth/auth.gocaching_sha2code.Check List
Tests
Side effects