Skip to content

branch-4.1: [fix](password) password lock failed after invalid login #61592#61656

Open
github-actions[bot] wants to merge 1 commit intobranch-4.1from
auto-pick-61592-branch-4.1
Open

branch-4.1: [fix](password) password lock failed after invalid login #61592#61656
github-actions[bot] wants to merge 1 commit intobranch-4.1from
auto-pick-61592-branch-4.1

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Mar 24, 2026

Cherry-picked from #61592

@morningman
[fix](password) password lock failed after invalid login (#61592)
f816bea 
### What problem does this PR solve?

#### Problem Summary:

When a user is created with `FAILED_LOGIN_ATTEMPTS N PASSWORD_LOCK_TIME
T`,
the account locks correctly after N consecutive wrong passwords.
However,
after the lock expires (or after admin `ACCOUNT_UNLOCK`), entering N
wrong
passwords again never triggers a lock again.

Root cause: In `FailedLoginPolicy.onFailedLogin()`, when
`failedLoginCounter`
has reached
[numFailedLogin](cci:1://file:///Users/morningman/workspace/git/doris/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/PasswordPolicy.java:421:8-428:9)
and the lock has expired, the method returned
`true` without resetting the counter or updating `lockTime`. Since
[isLocked()](cci:1://file:///Users/morningman/workspace/git/doris/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/PasswordPolicy.java:373:8-375:9)
correctly returned `false` (lock expired), the account could never be
re-locked.

Fix: When the counter has reached the limit but the lock has expired,
call

[unlock()](cci:1://file:///Users/morningman/workspace/git/doris/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/PasswordPolicy.java:406:8-409:9)
to reset both counter and lockTime, then continue counting new
failed attempts from zero.
@github-actions github-actions bot requested a review from yiguolei as a code owner March 24, 2026 06:17
@hello-stephen
Copy link
Contributor

hello-stephen commented Mar 24, 2026

Thank you for your contribution to Apache Doris.
Don't know what should be done next? See How to process your PR.

Please clearly describe your PR:

  1. What problem was fixed (it's best to include specific error reporting information). How it was fixed.
  2. Which behaviors were modified. What was the previous behavior, what is it now, why was it modified, and what possible impacts might there be.
  3. What features were added. Why was this function added?
  4. Which code was refactored and why was this part of the code refactored?
  5. Which functions were optimized and what is the difference before and after the optimization?

@dataroaring dataroaring reopened this Mar 24, 2026
@hello-stephen
Copy link
Contributor

hello-stephen commented Mar 24, 2026

run buildall

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yiguolei yiguolei Awaiting requested review from yiguolei yiguolei is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hello-stephen @dataroaring @morningman