From a94b20a8e0d9e64eeaabdaaa7a3e03fcdb8a686e Mon Sep 17 00:00:00 2001
From: Sergei Golubchik <serg@mariadb.org>
Date: Tue, 19 Feb 2019 01:03:16 +0100
Subject: [PATCH] don't consider the password "expired" if authentication is
 passwordless

---
 .../password_expiration_unix_socket.result    |  8 +++++++
 .../main/password_expiration_unix_socket.test | 24 +++++++++++++++++++
 sql/sql_acl.cc                                |  5 ++--
 3 files changed, 35 insertions(+), 2 deletions(-)
 create mode 100644 mysql-test/main/password_expiration_unix_socket.result
 create mode 100644 mysql-test/main/password_expiration_unix_socket.test

diff --git a/mysql-test/main/password_expiration_unix_socket.result b/mysql-test/main/password_expiration_unix_socket.result
new file mode 100644
index 00000000000..5feee17f205
--- /dev/null
+++ b/mysql-test/main/password_expiration_unix_socket.result
@@ -0,0 +1,8 @@
+#
+# A password cannot expire, if there is no password
+#
+create user USER identified via unix_socket;
+alter user USER password expire;
+1
+1
+drop user USER;
diff --git a/mysql-test/main/password_expiration_unix_socket.test b/mysql-test/main/password_expiration_unix_socket.test
new file mode 100644
index 00000000000..f2579aaf18f
--- /dev/null
+++ b/mysql-test/main/password_expiration_unix_socket.test
@@ -0,0 +1,24 @@
+#
+# Test password expiration
+#
+
+--source include/not_embedded.inc
+--source include/have_unix_socket.inc
+
+--echo #
+--echo # A password cannot expire, if there is no password
+--echo #
+
+--let $replace=create user $USER
+--replace_result $replace "create user USER"
+--eval create user $USER identified via unix_socket
+
+--let $replace=alter user $USER
+--replace_result $replace "alter user USER"
+--eval alter user $USER password expire
+
+--exec $MYSQL -u $USER -e 'select 1'
+
+--let $replace=drop user $USER
+--replace_result $replace "drop user USER"
+--eval drop user $USER
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index 0a5b2d3a226..ee07bfd2680 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -13843,8 +13843,9 @@ bool acl_authenticate(THD *thd, uint com_change_user_pkt_len)
 
     bool client_can_handle_exp_pass= thd->client_capabilities &
                                      CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS;
-    bool password_expired= acl_user->password_expired ||
-                           check_password_lifetime(thd, *acl_user);
+    bool password_expired= thd->password != PASSWORD_USED_NO_MENTION
+                           && (acl_user->password_expired ||
+                               check_password_lifetime(thd, *acl_user));
 
     if (!client_can_handle_exp_pass && disconnect_on_expired_password &&
         password_expired)