Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

executor: Fix losing the auth string on changing SSL/TLS requirements (#25268) #25349

Merged
merged 4 commits into from
Jun 11, 2021
Merged

executor: Fix losing the auth string on changing SSL/TLS requirements (#25268) #25349

merged 4 commits into from
Jun 11, 2021

Conversation

ti-srebot
Copy link
Contributor

@ti-srebot ti-srebot commented Jun 10, 2021
edited
Loading

cherry-pick #25268 to release-5.1
You can switch your code base to this Pull Request by using git-extras:

# In tidb repo:
git pr https://github.com/pingcap/tidb/pull/25349

After apply modifications, you can push your change to this PR via:

git push [email protected]:ti-srebot/tidb.git pr/25349:release-5.1-faf139eae1f1

What problem does this PR solve?

Issue Number: close #25225

Problem Summary: An ALTER USER ... REQUIRE SSL would cause the authentication string of the user to get overwritten with an empty string

What is changed and how it works?

How it Works:

  • Don't change the authentication_string unless we have an AuthOpt
  • Check for SUPER when changing other accounts auth options.

Check List

Tests

  • Unit test (more might be useful, but there is one already)

Release note

  • Important security issue for handling ALTER USER statements

@ti-srebot ti-srebot requested a review from a team as a code owner June 10, 2021 15:24
@ti-srebot ti-srebot requested review from lzmhhh123 and removed request for a team June 10, 2021 15:24
@ti-srebot
Copy link
Contributor Author

/run-all-tests

@ti-srebot ti-srebot mentioned this pull request Jun 10, 2021
Merged
@ti-srebot ti-srebot added sig/execution SIG execution sig/sql-infra SIG: SQL Infra size/M Denotes a PR that changes 30-99 lines, ignoring generated files. type/5.1-cherry-pick labels Jun 10, 2021
@ti-srebot
Copy link
Contributor Author

@dveeden please accept the invitation then you can push to the cherry-pick pull requests.
https://github.com/ti-srebot/tidb/invitations

@ti-chi-bot ti-chi-bot added the status/LGT1 Indicates that a PR has LGTM 1. label Jun 10, 2021
@zhouqiang-cl zhouqiang-cl added the cherry-pick-approved Cherry pick PR approved by release team. label Jun 11, 2021
@zhouqiang-cl
Copy link
Contributor

/merge

@ti-chi-bot
Copy link
Member

@zhouqiang-cl: /merge in this pull request requires 2 approval(s).

In response to this:

/merge

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository.

@ti-chi-bot
Copy link
Member

[REVIEW NOTIFICATION]

This pull request has been approved by:

  • morgo
  • tiancaiamao

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by submitting an approval review.
Reviewer can cancel approval by submitting a request changes review.

@ti-chi-bot ti-chi-bot added status/LGT2 Indicates that a PR has LGTM 2. and removed status/LGT1 Indicates that a PR has LGTM 1. labels Jun 11, 2021
@zhouqiang-cl
Copy link
Contributor

/merge

@ti-chi-bot
Copy link
Member

This pull request has been accepted and is ready to merge.

Commit hash: 3484640

@ti-chi-bot ti-chi-bot added the status/can-merge Indicates a PR has been approved by a committer. label Jun 11, 2021
@ti-chi-bot
Copy link
Member

@ti-srebot: Your PR was out of date, I have automatically updated it for you.

At the same time I will also trigger all tests for you:

/run-all-tests

If the CI test fails, you just re-trigger the test that failed and the bot will merge the PR for you after the CI passes.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository.

@time-and-fate
Copy link
Member

/run-check_dev

@ti-chi-bot ti-chi-bot merged commit 3ec1ba5 into pingcap:release-5.1 Jun 11, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tiancaiamao tiancaiamao tiancaiamao approved these changes

@morgo morgo morgo approved these changes

@lzmhhh123 lzmhhh123 Awaiting requested review from lzmhhh123

@qw4990 qw4990 Awaiting requested review from qw4990

Assignees

@dveeden dveeden

Labels
cherry-pick-approved Cherry pick PR approved by release team. sig/execution SIG execution sig/sql-infra SIG: SQL Infra size/M Denotes a PR that changes 30-99 lines, ignoring generated files. status/can-merge Indicates a PR has been approved by a committer. status/LGT2 Indicates that a PR has LGTM 2. type/5.1-cherry-pick
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@ti-srebot @zhouqiang-cl @ti-chi-bot @time-and-fate @morgo @tiancaiamao @dveeden