diff options
-rw-r--r-- | mysql-test/main/lock_user.result | 2 | ||||
-rw-r--r-- | mysql-test/main/password_expiration.result | 5 | ||||
-rw-r--r-- | mysql-test/main/system_mysql_db_507.result | 1 | ||||
-rw-r--r-- | sql/sql_acl.cc | 42 |
4 files changed, 42 insertions, 8 deletions
diff --git a/mysql-test/main/lock_user.result b/mysql-test/main/lock_user.result index 7d9aeebb7aa..560ae6ce425 100644 --- a/mysql-test/main/lock_user.result +++ b/mysql-test/main/lock_user.result @@ -156,6 +156,7 @@ alter user user1@localhost PASSWORD EXPIRE NEVER ACCOUNT UNLOCK ; show create user user1@localhost; CREATE USER for user1@localhost CREATE USER `user1`@`localhost` PASSWORD EXPIRE +ALTER USER `user1`@`localhost` PASSWORD EXPIRE NEVER alter user user1@localhost ACCOUNT LOCK PASSWORD EXPIRE DEFAULT; show create user user1@localhost; CREATE USER for user1@localhost @@ -167,5 +168,6 @@ localhost user1 {"access":0,"plugin":"mysql_native_password","authentication_str show create user user1@localhost; CREATE USER for user1@localhost CREATE USER `user1`@`localhost` PASSWORD EXPIRE +ALTER USER `user1`@`localhost` PASSWORD EXPIRE INTERVAL 60 DAY drop user user1@localhost; drop user user2@localhost; diff --git a/mysql-test/main/password_expiration.result b/mysql-test/main/password_expiration.result index d05f6b3b5d0..897811bb4ad 100644 --- a/mysql-test/main/password_expiration.result +++ b/mysql-test/main/password_expiration.result @@ -125,6 +125,7 @@ alter user user1@localhost password expire; show create user user1@localhost; CREATE USER for user1@localhost CREATE USER `user1`@`localhost` PASSWORD EXPIRE +ALTER USER `user1`@`localhost` PASSWORD EXPIRE INTERVAL 123 DAY set password for user1@localhost= password(''); show create user user1@localhost; CREATE USER for user1@localhost @@ -151,10 +152,12 @@ alter user user1@localhost password expire; show create user user1@localhost; CREATE USER for user1@localhost CREATE USER `user1`@`localhost` PASSWORD EXPIRE +ALTER USER `user1`@`localhost` PASSWORD EXPIRE NEVER flush privileges; show create user user1@localhost; CREATE USER for user1@localhost CREATE USER `user1`@`localhost` PASSWORD EXPIRE +ALTER USER `user1`@`localhost` PASSWORD EXPIRE NEVER set password for user1@localhost= password(''); alter user user1@localhost password expire default; show create user user1@localhost; @@ -184,10 +187,12 @@ alter user user1@localhost password expire; show create user user1@localhost; CREATE USER for user1@localhost CREATE USER `user1`@`localhost` PASSWORD EXPIRE +ALTER USER `user1`@`localhost` PASSWORD EXPIRE NEVER flush privileges; show create user user1@localhost; CREATE USER for user1@localhost CREATE USER `user1`@`localhost` PASSWORD EXPIRE +ALTER USER `user1`@`localhost` PASSWORD EXPIRE NEVER set global disconnect_on_expired_password=ON; connect(localhost,user1,,test,MYSQL_PORT,MYSQL_SOCK); connect con1,localhost,user1; diff --git a/mysql-test/main/system_mysql_db_507.result b/mysql-test/main/system_mysql_db_507.result index 2d68dc82529..8069405aa3a 100644 --- a/mysql-test/main/system_mysql_db_507.result +++ b/mysql-test/main/system_mysql_db_507.result @@ -214,6 +214,7 @@ alter user user@localhost password expire; show create user user@localhost; CREATE USER for user@localhost CREATE USER `user`@`localhost` PASSWORD EXPIRE +ALTER USER `user`@`localhost` PASSWORD EXPIRE INTERVAL 123 DAY set password for user@localhost= password(''); show create user user@localhost; CREATE USER for user@localhost diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index e56361bc424..85f4b178b36 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -8902,6 +8902,16 @@ static bool print_grants_for_role(THD *thd, ACL_ROLE * role) } +static void append_auto_expiration_policy(ACL_USER *acl_user, String *r) { + if (!acl_user->password_lifetime) + r->append(STRING_WITH_LEN(" PASSWORD EXPIRE NEVER")); + else if (acl_user->password_lifetime > 0) + { + r->append(STRING_WITH_LEN(" PASSWORD EXPIRE INTERVAL ")); + r->append_longlong(acl_user->password_lifetime); + r->append(STRING_WITH_LEN(" DAY")); + } +} bool mysql_show_create_user(THD *thd, LEX_USER *lex_user) { @@ -8961,14 +8971,8 @@ bool mysql_show_create_user(THD *thd, LEX_USER *lex_user) if (acl_user->password_expired) result.append(STRING_WITH_LEN(" PASSWORD EXPIRE")); - else if (!acl_user->password_lifetime) - result.append(STRING_WITH_LEN(" PASSWORD EXPIRE NEVER")); - else if (acl_user->password_lifetime > 0) - { - result.append(STRING_WITH_LEN(" PASSWORD EXPIRE INTERVAL ")); - result.append_longlong(acl_user->password_lifetime); - result.append(STRING_WITH_LEN(" DAY")); - } + else + append_auto_expiration_policy(acl_user, &result); protocol->prepare_for_resend(); protocol->store(result.ptr(), result.length(), result.charset()); @@ -8976,6 +8980,28 @@ bool mysql_show_create_user(THD *thd, LEX_USER *lex_user) { error= true; } + + /* MDEV-24114 - PASSWORD EXPIRE and PASSWORD EXPIRE [NEVER | INTERVAL X DAY] + are two different mechanisms. To make sure a tool can restore the state + of a user account, including both the manual expiration state of the + account and the automatic expiration policy attached to it, we should + print two statements here, a CREATE USER (printed above) and an ALTER USER */ + if (acl_user->password_expired && acl_user->password_lifetime > -1) { + result.length(0); + result.append("ALTER USER "); + append_identifier(thd, &result, username, strlen(username)); + result.append('@'); + append_identifier(thd, &result, acl_user->host.hostname, + acl_user->hostname_length); + append_auto_expiration_policy(acl_user, &result); + protocol->prepare_for_resend(); + protocol->store(result.ptr(), result.length(), result.charset()); + if (protocol->write()) + { + error= true; + } + } + my_eof(thd); end: |