don't consider the password "expired" if authentication is passwordless

2025-01-29 02:05:57 +01:00 · 2019-02-19 01:03:16 +01:00 · 2019-02-19 01:03:16 +01:00 · a94b20a8e0
commit a94b20a8e0
parent 1e6210161d
3 changed files with 35 additions and 2 deletions
--- a/mysql-test/main/password_expiration_unix_socket.result
+++ b/mysql-test/main/password_expiration_unix_socket.result
@ -0,0 +1,8 @@
+#
+# A password cannot expire, if there is no password
+#
+create user USER identified via unix_socket;
+alter user USER password expire;
+1
+1
+drop user USER;
--- a/mysql-test/main/password_expiration_unix_socket.test
+++ b/mysql-test/main/password_expiration_unix_socket.test
@ -0,0 +1,24 @@
+#
+# Test password expiration
+#
+
+--source include/not_embedded.inc
+--source include/have_unix_socket.inc
+
+--echo #
+--echo # A password cannot expire, if there is no password
+--echo #
+
+--let $replace=create user $USER
+--replace_result $replace "create user USER"
+--eval create user $USER identified via unix_socket
+
+--let $replace=alter user $USER
+--replace_result $replace "alter user USER"
+--eval alter user $USER password expire
+
+--exec $MYSQL -u $USER -e 'select 1'
+
+--let $replace=drop user $USER
+--replace_result $replace "drop user USER"
+--eval drop user $USER
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@ -13843,8 +13843,9 @@ bool acl_authenticate(THD *thd, uint com_change_user_pkt_len)

    bool client_can_handle_exp_pass= thd->client_capabilities &
                                     CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS;
-    bool password_expired= acl_user->password_expired ||
-                           check_password_lifetime(thd, *acl_user);
+    bool password_expired= thd->password != PASSWORD_USED_NO_MENTION
+                           && (acl_user->password_expired ||
+                               check_password_lifetime(thd, *acl_user));

    if (!client_can_handle_exp_pass && disconnect_on_expired_password &&
        password_expired)