mirror of
https://github.com/MariaDB/server.git
synced 2025-07-29 05:21:33 +03:00
MDEV-34311: Alter USER should reset all account limit counters
This commit introduces a reset of password errors counter on any alter user command for the altered user. This is done so as to not require a complete privilege system reload.
This commit is contained in:
Vicențiu Ciorbaru
committed by
Vicențiu-Marian Ciorbaru
Vicențiu-Marian Ciorbaru
parent
2d8d813941
commit
6382339144
@ -9,10 +9,10 @@ connect con1, localhost, u, bad_pass;
|
||||
ERROR 28000: Access denied for user 'u'@'localhost' (using password: YES)
|
||||
connect(localhost,u,good_pass,test,MASTER_PORT,MASTER_SOCKET);
|
||||
connect con1, localhost, u, good_pass;
|
||||
ERROR HY000: User is blocked because of too many credential errors; unblock with 'FLUSH PRIVILEGES'
|
||||
ERROR HY000: User is blocked because of too many credential errors; unblock with 'ALTER USER / FLUSH PRIVILEGES'
|
||||
connect(localhost,u,bad_pass,test,MASTER_PORT,MASTER_SOCKET);
|
||||
connect con1, localhost, u, bad_pass;
|
||||
ERROR HY000: User is blocked because of too many credential errors; unblock with 'FLUSH PRIVILEGES'
|
||||
ERROR HY000: User is blocked because of too many credential errors; unblock with 'ALTER USER / FLUSH PRIVILEGES'
|
||||
FLUSH PRIVILEGES;
|
||||
connect con1, localhost, u, good_pass;
|
||||
disconnect con1;
|
||||
@ -27,7 +27,7 @@ ERROR 28000: Access denied for user 'u'@'localhost' (using password: YES)
|
||||
connect con1, localhost, u, good_pass;
|
||||
ERROR 28000: Access denied for user 'u'@'localhost' (using password: YES)
|
||||
ERROR 28000: Access denied for user 'u'@'localhost' (using password: YES)
|
||||
ERROR HY000: User is blocked because of too many credential errors; unblock with 'FLUSH PRIVILEGES'
|
||||
ERROR HY000: User is blocked because of too many credential errors; unblock with 'ALTER USER / FLUSH PRIVILEGES'
|
||||
disconnect con1;
|
||||
connection default;
|
||||
FLUSH PRIVILEGES;
|
||||
@ -40,6 +40,21 @@ ERROR 28000: Access denied for user 'root'@'localhost' (using password: YES)
|
||||
connect con1, localhost, u, good_pass;
|
||||
disconnect con1;
|
||||
connection default;
|
||||
connect(localhost,u,bad_password,test,MASTER_PORT,MASTER_SOCKET);
|
||||
connect con1, localhost, u, bad_password;
|
||||
ERROR 28000: Access denied for user 'u'@'localhost' (using password: YES)
|
||||
connect(localhost,u,bad_password,test,MASTER_PORT,MASTER_SOCKET);
|
||||
connect con1, localhost, u, bad_password;
|
||||
ERROR 28000: Access denied for user 'u'@'localhost' (using password: YES)
|
||||
connect(localhost,u,good_pass,test,MASTER_PORT,MASTER_SOCKET);
|
||||
connect con1, localhost, u, good_pass;
|
||||
ERROR HY000: User is blocked because of too many credential errors; unblock with 'ALTER USER / FLUSH PRIVILEGES'
|
||||
ALTER USER u ACCOUNT UNLOCK;
|
||||
connect(localhost,u,bad_password,test,MASTER_PORT,MASTER_SOCKET);
|
||||
connect con1, localhost, u, bad_password;
|
||||
ERROR 28000: Access denied for user 'u'@'localhost' (using password: YES)
|
||||
connect con1, localhost, u, good_pass;
|
||||
disconnect con1;
|
||||
connection default;
|
||||
DROP USER u;
|
||||
FLUSH PRIVILEGES;
|
||||
set global max_password_errors=@old_max_password_errors;
|
||||
|
||||
@ -59,6 +59,28 @@ connect (con1, localhost, root, bad_pass);
|
||||
connect (con1, localhost, u, good_pass);
|
||||
disconnect con1;
|
||||
connection default;
|
||||
|
||||
# Block u again
|
||||
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
|
||||
error ER_ACCESS_DENIED_ERROR;
|
||||
connect(con1, localhost, u, bad_password);
|
||||
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
|
||||
error ER_ACCESS_DENIED_ERROR;
|
||||
connect(con1, localhost, u, bad_password);
|
||||
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
|
||||
error ER_USER_IS_BLOCKED;
|
||||
connect(con1, localhost, u, good_pass);
|
||||
|
||||
# Unblock foo
|
||||
ALTER USER u ACCOUNT UNLOCK;
|
||||
|
||||
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
|
||||
error ER_ACCESS_DENIED_ERROR;
|
||||
connect(con1, localhost, u, bad_password);
|
||||
|
||||
connect(con1, localhost, u, good_pass);
|
||||
disconnect con1;
|
||||
connection default;
|
||||
|
||||
DROP USER u;
|
||||
FLUSH PRIVILEGES;
|
||||
set global max_password_errors=@old_max_password_errors;
|
||||
set global max_password_errors=@old_max_password_errors;
|
||||
|
||||
@ -9922,9 +9922,9 @@ ER_BACKUP_UNKNOWN_STAGE
|
||||
eng "Unknown backup stage: '%s'. Stage should be one of START, FLUSH, BLOCK_DDL, BLOCK_COMMIT or END"
|
||||
spa "Fase de respaldo desconocida: '%s'. La fase debería de ser una de START, FLUSH, BLOCK_DDL, BLOCK_COMMIT o END"
|
||||
ER_USER_IS_BLOCKED
|
||||
chi "由于凭证错误太多,用户被阻止;用'FLUSH PRIVILEGES'解锁"
|
||||
eng "User is blocked because of too many credential errors; unblock with 'FLUSH PRIVILEGES'"
|
||||
spa "El usuario está bloqueado a causa de demasiados errores de credenciales; desbloquee mediante 'FLUSH PRIVILEGES'"
|
||||
chi "由于凭证错误太多,用户被阻止;用'ALTER USER / FLUSH PRIVILEGES'解锁"
|
||||
eng "User is blocked because of too many credential errors; unblock with 'ALTER USER / FLUSH PRIVILEGES'"
|
||||
spa "El usuario está bloqueado a causa de demasiados errores de credenciales; desbloquee mediante 'ALTER USER / FLUSH PRIVILEGES'"
|
||||
ER_ACCOUNT_HAS_BEEN_LOCKED
|
||||
chi "访问拒绝,此帐户已锁定"
|
||||
eng "Access denied, this account is locked"
|
||||
|
||||
@ -263,7 +263,7 @@ public:
|
||||
PASSWD_ERROR_INCREMENT
|
||||
};
|
||||
|
||||
inline void update_password_errors(PASSWD_ERROR_ACTION action)
|
||||
void update_password_errors(PASSWD_ERROR_ACTION action)
|
||||
{
|
||||
switch (action)
|
||||
{
|
||||
@ -3560,6 +3560,9 @@ static int acl_user_update(THD *thd, ACL_USER *acl_user, uint nauth,
|
||||
break;
|
||||
}
|
||||
|
||||
// Any alter user resets password_errors;
|
||||
acl_user->update_password_errors(ACL_USER::PASSWD_ERROR_CLEAR);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user