mirror of
https://github.com/MariaDB/server.git
synced 2025-07-29 05:21:33 +03:00
MDEV-34311: Alter USER should reset all account limit counters
This commit introduces a reset of password errors counter on any alter user command for the altered user. This is done so as to not require a complete privilege system reload.
This commit is contained in:
Vicențiu Ciorbaru
committed by
Vicențiu-Marian Ciorbaru
Vicențiu-Marian Ciorbaru
parent
2d8d813941
commit
6382339144
@ -9,10 +9,10 @@ connect con1, localhost, u, bad_pass;
|
|||||||
ERROR 28000: Access denied for user 'u'@'localhost' (using password: YES)
|
ERROR 28000: Access denied for user 'u'@'localhost' (using password: YES)
|
||||||
connect(localhost,u,good_pass,test,MASTER_PORT,MASTER_SOCKET);
|
connect(localhost,u,good_pass,test,MASTER_PORT,MASTER_SOCKET);
|
||||||
connect con1, localhost, u, good_pass;
|
connect con1, localhost, u, good_pass;
|
||||||
ERROR HY000: User is blocked because of too many credential errors; unblock with 'FLUSH PRIVILEGES'
|
ERROR HY000: User is blocked because of too many credential errors; unblock with 'ALTER USER / FLUSH PRIVILEGES'
|
||||||
connect(localhost,u,bad_pass,test,MASTER_PORT,MASTER_SOCKET);
|
connect(localhost,u,bad_pass,test,MASTER_PORT,MASTER_SOCKET);
|
||||||
connect con1, localhost, u, bad_pass;
|
connect con1, localhost, u, bad_pass;
|
||||||
ERROR HY000: User is blocked because of too many credential errors; unblock with 'FLUSH PRIVILEGES'
|
ERROR HY000: User is blocked because of too many credential errors; unblock with 'ALTER USER / FLUSH PRIVILEGES'
|
||||||
FLUSH PRIVILEGES;
|
FLUSH PRIVILEGES;
|
||||||
connect con1, localhost, u, good_pass;
|
connect con1, localhost, u, good_pass;
|
||||||
disconnect con1;
|
disconnect con1;
|
||||||
@ -27,7 +27,7 @@ ERROR 28000: Access denied for user 'u'@'localhost' (using password: YES)
|
|||||||
connect con1, localhost, u, good_pass;
|
connect con1, localhost, u, good_pass;
|
||||||
ERROR 28000: Access denied for user 'u'@'localhost' (using password: YES)
|
ERROR 28000: Access denied for user 'u'@'localhost' (using password: YES)
|
||||||
ERROR 28000: Access denied for user 'u'@'localhost' (using password: YES)
|
ERROR 28000: Access denied for user 'u'@'localhost' (using password: YES)
|
||||||
ERROR HY000: User is blocked because of too many credential errors; unblock with 'FLUSH PRIVILEGES'
|
ERROR HY000: User is blocked because of too many credential errors; unblock with 'ALTER USER / FLUSH PRIVILEGES'
|
||||||
disconnect con1;
|
disconnect con1;
|
||||||
connection default;
|
connection default;
|
||||||
FLUSH PRIVILEGES;
|
FLUSH PRIVILEGES;
|
||||||
@ -40,6 +40,21 @@ ERROR 28000: Access denied for user 'root'@'localhost' (using password: YES)
|
|||||||
connect con1, localhost, u, good_pass;
|
connect con1, localhost, u, good_pass;
|
||||||
disconnect con1;
|
disconnect con1;
|
||||||
connection default;
|
connection default;
|
||||||
|
connect(localhost,u,bad_password,test,MASTER_PORT,MASTER_SOCKET);
|
||||||
|
connect con1, localhost, u, bad_password;
|
||||||
|
ERROR 28000: Access denied for user 'u'@'localhost' (using password: YES)
|
||||||
|
connect(localhost,u,bad_password,test,MASTER_PORT,MASTER_SOCKET);
|
||||||
|
connect con1, localhost, u, bad_password;
|
||||||
|
ERROR 28000: Access denied for user 'u'@'localhost' (using password: YES)
|
||||||
|
connect(localhost,u,good_pass,test,MASTER_PORT,MASTER_SOCKET);
|
||||||
|
connect con1, localhost, u, good_pass;
|
||||||
|
ERROR HY000: User is blocked because of too many credential errors; unblock with 'ALTER USER / FLUSH PRIVILEGES'
|
||||||
|
ALTER USER u ACCOUNT UNLOCK;
|
||||||
|
connect(localhost,u,bad_password,test,MASTER_PORT,MASTER_SOCKET);
|
||||||
|
connect con1, localhost, u, bad_password;
|
||||||
|
ERROR 28000: Access denied for user 'u'@'localhost' (using password: YES)
|
||||||
|
connect con1, localhost, u, good_pass;
|
||||||
|
disconnect con1;
|
||||||
|
connection default;
|
||||||
DROP USER u;
|
DROP USER u;
|
||||||
FLUSH PRIVILEGES;
|
|
||||||
set global max_password_errors=@old_max_password_errors;
|
set global max_password_errors=@old_max_password_errors;
|
||||||
|
|||||||
@ -59,6 +59,28 @@ connect (con1, localhost, root, bad_pass);
|
|||||||
connect (con1, localhost, u, good_pass);
|
connect (con1, localhost, u, good_pass);
|
||||||
disconnect con1;
|
disconnect con1;
|
||||||
connection default;
|
connection default;
|
||||||
|
|
||||||
|
# Block u again
|
||||||
|
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
|
||||||
|
error ER_ACCESS_DENIED_ERROR;
|
||||||
|
connect(con1, localhost, u, bad_password);
|
||||||
|
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
|
||||||
|
error ER_ACCESS_DENIED_ERROR;
|
||||||
|
connect(con1, localhost, u, bad_password);
|
||||||
|
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
|
||||||
|
error ER_USER_IS_BLOCKED;
|
||||||
|
connect(con1, localhost, u, good_pass);
|
||||||
|
|
||||||
|
# Unblock foo
|
||||||
|
ALTER USER u ACCOUNT UNLOCK;
|
||||||
|
|
||||||
|
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
|
||||||
|
error ER_ACCESS_DENIED_ERROR;
|
||||||
|
connect(con1, localhost, u, bad_password);
|
||||||
|
|
||||||
|
connect(con1, localhost, u, good_pass);
|
||||||
|
disconnect con1;
|
||||||
|
connection default;
|
||||||
|
|
||||||
DROP USER u;
|
DROP USER u;
|
||||||
FLUSH PRIVILEGES;
|
set global max_password_errors=@old_max_password_errors;
|
||||||
set global max_password_errors=@old_max_password_errors;
|
|
||||||
|
|||||||
@ -9922,9 +9922,9 @@ ER_BACKUP_UNKNOWN_STAGE
|
|||||||
eng "Unknown backup stage: '%s'. Stage should be one of START, FLUSH, BLOCK_DDL, BLOCK_COMMIT or END"
|
eng "Unknown backup stage: '%s'. Stage should be one of START, FLUSH, BLOCK_DDL, BLOCK_COMMIT or END"
|
||||||
spa "Fase de respaldo desconocida: '%s'. La fase debería de ser una de START, FLUSH, BLOCK_DDL, BLOCK_COMMIT o END"
|
spa "Fase de respaldo desconocida: '%s'. La fase debería de ser una de START, FLUSH, BLOCK_DDL, BLOCK_COMMIT o END"
|
||||||
ER_USER_IS_BLOCKED
|
ER_USER_IS_BLOCKED
|
||||||
chi "由于凭证错误太多,用户被阻止;用'FLUSH PRIVILEGES'解锁"
|
chi "由于凭证错误太多,用户被阻止;用'ALTER USER / FLUSH PRIVILEGES'解锁"
|
||||||
eng "User is blocked because of too many credential errors; unblock with 'FLUSH PRIVILEGES'"
|
eng "User is blocked because of too many credential errors; unblock with 'ALTER USER / FLUSH PRIVILEGES'"
|
||||||
spa "El usuario está bloqueado a causa de demasiados errores de credenciales; desbloquee mediante 'FLUSH PRIVILEGES'"
|
spa "El usuario está bloqueado a causa de demasiados errores de credenciales; desbloquee mediante 'ALTER USER / FLUSH PRIVILEGES'"
|
||||||
ER_ACCOUNT_HAS_BEEN_LOCKED
|
ER_ACCOUNT_HAS_BEEN_LOCKED
|
||||||
chi "访问拒绝,此帐户已锁定"
|
chi "访问拒绝,此帐户已锁定"
|
||||||
eng "Access denied, this account is locked"
|
eng "Access denied, this account is locked"
|
||||||
|
|||||||
@ -263,7 +263,7 @@ public:
|
|||||||
PASSWD_ERROR_INCREMENT
|
PASSWD_ERROR_INCREMENT
|
||||||
};
|
};
|
||||||
|
|
||||||
inline void update_password_errors(PASSWD_ERROR_ACTION action)
|
void update_password_errors(PASSWD_ERROR_ACTION action)
|
||||||
{
|
{
|
||||||
switch (action)
|
switch (action)
|
||||||
{
|
{
|
||||||
@ -3560,6 +3560,9 @@ static int acl_user_update(THD *thd, ACL_USER *acl_user, uint nauth,
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Any alter user resets password_errors;
|
||||||
|
acl_user->update_password_errors(ACL_USER::PASSWD_ERROR_CLEAR);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user