Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

server: Remove old handshake support #27768

Merged
merged 4 commits into from
Aug 6, 2022
Merged

Conversation

dveeden
Copy link
Contributor

@dveeden dveeden commented Sep 2, 2021

What problem does this PR solve?

Issue Number: close #36922

Problem Summary:

Remove support for:

This removes support for pre-4.1 MySQL clients. As TiDB doesn't support the old pre-4.1 hashing method I don't think these were ever fully supported.

See also https://dev.mysql.com/doc/refman/5.6/en/password-hashing.html

Check List

Tests

  • Unit test
  • Integration test
  • Manual test (add detailed scripts or steps below)
  • No code

Side effects

  • Performance regression: Consumes more CPU
  • Performance regression: Consumes more Memory
  • Breaking backward compatibility

Documentation

  • Affects user behaviors
  • Contains syntax changes
  • Contains variable changes
  • Contains experimental features
  • Changes MySQL compatibility

Release note

Support for handshake support for pre-4.1 MySQL clients was removed

Questions to reviewers

  • Is removing this functionality that only exists there for old HAProxy versions allowed according to the compatibility policy?

@ti-chi-bot
Copy link
Member

ti-chi-bot commented Sep 2, 2021

[REVIEW NOTIFICATION]

This pull request has been approved by:

  • lysu
  • wjhuang2016

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by submitting an approval review.
Reviewer can cancel approval by submitting a request changes review.

@ti-chi-bot ti-chi-bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Sep 2, 2021
@morgo
Copy link
Contributor

morgo commented Sep 2, 2021

@dveeden I think you are correct that it was never fully supported, but the intended use-case was strictly for HAProxy: #8812

I believe HAProxy's MySQL protocol support does not link against a client API, hence the weird behavior. Please check and make sure it works with this removed :-)

@dveeden dveeden marked this pull request as draft September 2, 2021 14:29
@ti-chi-bot ti-chi-bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Sep 2, 2021
@dveeden
Copy link
Contributor Author

dveeden commented Sep 2, 2021

@dveeden I think you are correct that it was never fully supported, but the intended use-case was strictly for HAProxy: #8812

I believe HAProxy's MySQL protocol support does not link against a client API, hence the weird behavior. Please check and make sure it works with this removed :-)

I'll check that. Let's set this to draft status until that's done

@dveeden
Copy link
Contributor Author

dveeden commented Sep 2, 2021

https://cbonte.github.io/haproxy-dconv/2.4/configuration.html#4.2-option%20mysql-check says this supports both pre-v4.1 and post-v4.1 auth and the default is post-v4.1.

See also: haproxy/haproxy@62f79fe

I've tested with haproxy (compiled from master at bc1223be7) and it does work with the default and with the post-41 option. With pre-41 it fails with this commit and succeeds with tidb from current master.

@dveeden dveeden marked this pull request as ready for review September 2, 2021 15:48
@ti-chi-bot ti-chi-bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Sep 2, 2021
@dveeden
Copy link
Contributor Author

dveeden commented Sep 2, 2021

/cc @morgo

@ti-chi-bot ti-chi-bot requested a review from morgo September 2, 2021 15:49
@dveeden
Copy link
Contributor Author

dveeden commented Sep 2, 2021

/cc @jackysp @lysu

@ti-chi-bot ti-chi-bot requested a review from jackysp September 2, 2021 20:24
@ti-chi-bot
Copy link
Member

@dveeden: GitHub didn't allow me to request PR reviews from the following users: lysu.

Note that only pingcap members and repo collaborators can review this PR, and authors cannot review their own PRs.

In response to this:

/cc @jackysp @lysu

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@ti-chi-bot
Copy link
Member

@lysu: Thanks for your review. The bot only counts approvals from reviewers and higher roles in list, but you're still welcome to leave your comments.

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository.

@ti-chi-bot ti-chi-bot added the status/LGT1 Indicates that a PR has LGTM 1. label Sep 3, 2021
@ti-chi-bot ti-chi-bot added status/LGT2 Indicates that a PR has LGTM 2. and removed status/LGT1 Indicates that a PR has LGTM 1. labels Sep 6, 2021
@lysu
Copy link
Contributor

lysu commented Sep 6, 2021

/merge

@ti-chi-bot
Copy link
Member

This pull request has been accepted and is ready to merge.

Commit hash: 08aa2d0cdabcd94e7c643901ae3a664bedcf1492

@ti-chi-bot ti-chi-bot added the status/can-merge Indicates a PR has been approved by a committer. label Sep 6, 2021
@tisonkun
Copy link
Contributor

tisonkun commented Sep 6, 2021

@lysu I sent an invitation to respect you as a TiDB committer as the consensus in pingcap/community#522 .

You can accept by https://github.com/orgs/pingcap/invitation and approve this PR.

@tisonkun
Copy link
Contributor

tisonkun commented Sep 6, 2021

@lysu oops a race happened :)

@tisonkun
Copy link
Contributor

tisonkun commented Sep 6, 2021

Is removing this functionality that only exists there for old HAProxy versions allowed according to the compatibility policy?

/hold

@lysu @wjhuang2016 @morgo please be aware of the compatibility breaker and unhold merging if no further concern

@ti-chi-bot ti-chi-bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 6, 2021
@bb7133
Copy link
Member

bb7133 commented Sep 21, 2021

/merge

@ti-chi-bot
Copy link
Member

This pull request has been accepted and is ready to merge.

Commit hash: 1915ea191087e4eb3f75cfd6854a5bd74dc14d70

@ti-chi-bot ti-chi-bot added the status/can-merge Indicates a PR has been approved by a committer. label Sep 21, 2021
@ti-chi-bot ti-chi-bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Oct 22, 2021
@ti-chi-bot ti-chi-bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed status/can-merge Indicates a PR has been approved by a committer. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Dec 20, 2021
@dveeden
Copy link
Contributor Author

dveeden commented Dec 20, 2021

/assign @bb7133

@sre-bot
Copy link
Contributor

sre-bot commented Aug 5, 2022

Copy link
Contributor

@morgo morgo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM; removing will help improve security, since an old auth mechanism like this will surely become a target.

@tisonkun
Copy link
Contributor

tisonkun commented Aug 6, 2022

/unhold

@ti-chi-bot ti-chi-bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Aug 6, 2022
@tisonkun
Copy link
Contributor

tisonkun commented Aug 6, 2022

/merge

@ti-chi-bot
Copy link
Member

This pull request has been accepted and is ready to merge.

Commit hash: 009ac3e

@ti-chi-bot ti-chi-bot added the status/can-merge Indicates a PR has been approved by a committer. label Aug 6, 2022
@ti-chi-bot ti-chi-bot merged commit c7b5ca0 into pingcap:master Aug 6, 2022
@sre-bot
Copy link
Contributor

sre-bot commented Aug 6, 2022

TiDB MergeCI notify

✅ Well Done! New fixed [1] after this pr merged.

CI Name Result Duration Compare with Parent commit
idc-jenkins-ci-tidb/common-test 🔴 failed 2, success 9, total 11 13 min Existing failure
idc-jenkins-ci-tidb/integration-common-test ✅ all 17 tests passed 13 min Fixed
idc-jenkins-ci/integration-cdc-test 🟢 all 36 tests passed 27 min Existing passed
idc-jenkins-ci-tidb/tics-test 🟢 all 1 tests passed 5 min 52 sec Existing passed
idc-jenkins-ci-tidb/sqllogic-test-2 🟢 all 28 tests passed 5 min 23 sec Existing passed
idc-jenkins-ci-tidb/integration-ddl-test 🟢 all 6 tests passed 5 min 12 sec Existing passed
idc-jenkins-ci-tidb/sqllogic-test-1 🟢 all 26 tests passed 4 min 43 sec Existing passed
idc-jenkins-ci-tidb/mybatis-test 🟢 all 1 tests passed 3 min 24 sec Existing passed
idc-jenkins-ci-tidb/integration-compatibility-test 🟢 all 1 tests passed 3 min 14 sec Existing passed
idc-jenkins-ci-tidb/plugin-test 🟢 build success, plugin test success 4min Existing passed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
release-note Denotes a PR that will be considered when it comes time to generate release notes. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. status/can-merge Indicates a PR has been approved by a committer. status/LGT2 Indicates that a PR has LGTM 2.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Remove old handshake support
10 participants