MDEV-3915 COM_CHANGE_USER allows fast password brute-forcing

allow only three failed change_user per connection. successful change_user do NOT reset the counter tests/mysql_client_test.c: make --error to work for --change_user errors
author: Sergei Golubchik <sergii@pisem.net> 2013-01-25 00:17:39 +0100
committer: Sergei Golubchik <sergii@pisem.net> 2013-01-25 00:17:39 +0100
commit: bfc71e63a77972fa4ab934855b6ab712bea323a1 (patch)
tree: dee331666634538a0855e3f0a3674285b2978b10 /client
parent: 8127e631de90dddc25b3cdffe59e147333eb6c74 (diff)
download: mariadb-git-bfc71e63a77972fa4ab934855b6ab712bea323a1.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/client/mysqltest.cc b/client/mysqltest.cc
index fa5f2b566c2..fa3ade1a7c1 100644
--- a/client/mysqltest.cc
+++ b/client/mysqltest.cc
@@ -3908,7 +3908,10 @@ void do_change_user(struct st_command *command)
                       cur_con->name, ds_user.str, ds_passwd.str, ds_db.str));
 
   if (mysql_change_user(mysql, ds_user.str, ds_passwd.str, ds_db.str))
-    die("change user failed: %s", mysql_error(mysql));
+    handle_error(command, mysql_errno(mysql), mysql_error(mysql),
+		 mysql_sqlstate(mysql), &ds_res);
+  else
+    handle_no_error(command);
 
   dynstr_free(&ds_user);
   dynstr_free(&ds_passwd);
author	Sergei Golubchik <sergii@pisem.net>	2013-01-25 00:17:39 +0100
committer	Sergei Golubchik <sergii@pisem.net>	2013-01-25 00:17:39 +0100
commit	bfc71e63a77972fa4ab934855b6ab712bea323a1 (patch)
tree	dee331666634538a0855e3f0a3674285b2978b10 /client
parent	8127e631de90dddc25b3cdffe59e147333eb6c74 (diff)
download	mariadb-git-bfc71e63a77972fa4ab934855b6ab712bea323a1.tar.gz