diff options
author | Sergei Golubchik <serg@mariadb.org> | 2019-02-19 01:03:16 +0100 |
---|---|---|
committer | Sergei Golubchik <serg@mariadb.org> | 2019-02-21 15:04:03 +0100 |
commit | a94b20a8e0d9e64eeaabdaaa7a3e03fcdb8a686e (patch) | |
tree | b063f80d564f27d639b61945af420d3262483d54 | |
parent | 1e6210161dc3085f9e387416b804e0f2e9e82238 (diff) | |
download | mariadb-git-a94b20a8e0d9e64eeaabdaaa7a3e03fcdb8a686e.tar.gz |
don't consider the password "expired" if authentication is passwordless
-rw-r--r-- | mysql-test/main/password_expiration_unix_socket.result | 8 | ||||
-rw-r--r-- | mysql-test/main/password_expiration_unix_socket.test | 24 | ||||
-rw-r--r-- | sql/sql_acl.cc | 5 |
3 files changed, 35 insertions, 2 deletions
diff --git a/mysql-test/main/password_expiration_unix_socket.result b/mysql-test/main/password_expiration_unix_socket.result new file mode 100644 index 00000000000..5feee17f205 --- /dev/null +++ b/mysql-test/main/password_expiration_unix_socket.result @@ -0,0 +1,8 @@ +# +# A password cannot expire, if there is no password +# +create user USER identified via unix_socket; +alter user USER password expire; +1 +1 +drop user USER; diff --git a/mysql-test/main/password_expiration_unix_socket.test b/mysql-test/main/password_expiration_unix_socket.test new file mode 100644 index 00000000000..f2579aaf18f --- /dev/null +++ b/mysql-test/main/password_expiration_unix_socket.test @@ -0,0 +1,24 @@ +# +# Test password expiration +# + +--source include/not_embedded.inc +--source include/have_unix_socket.inc + +--echo # +--echo # A password cannot expire, if there is no password +--echo # + +--let $replace=create user $USER +--replace_result $replace "create user USER" +--eval create user $USER identified via unix_socket + +--let $replace=alter user $USER +--replace_result $replace "alter user USER" +--eval alter user $USER password expire + +--exec $MYSQL -u $USER -e 'select 1' + +--let $replace=drop user $USER +--replace_result $replace "drop user USER" +--eval drop user $USER diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 0a5b2d3a226..ee07bfd2680 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -13843,8 +13843,9 @@ bool acl_authenticate(THD *thd, uint com_change_user_pkt_len) bool client_can_handle_exp_pass= thd->client_capabilities & CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS; - bool password_expired= acl_user->password_expired || - check_password_lifetime(thd, *acl_user); + bool password_expired= thd->password != PASSWORD_USED_NO_MENTION + && (acl_user->password_expired || + check_password_lifetime(thd, *acl_user)); if (!client_can_handle_exp_pass && disconnect_on_expired_password && password_expired) |