MDEV-7597 Expiration of user passwords

This patch adds support for expiring user passwords. The following statements are extended: CREATE USER user@localhost PASSWORD EXPIRE [option] ALTER USER user@localhost PASSWORD EXPIRE [option] If no option is specified, the password is expired with immediate effect. If option is DEFAULT, global policy applies according to the default_password_lifetime system var (if 0, password never expires, if N, password expires every N days). If option is NEVER, the password never expires and if option is INTERVAL N DAY, the password expires every N days. The feature also supports the disconnect_on_expired_password system var and the --connect-expired-password client option. Closes #1166
2025-08-01 03:47:19 +03:00 · 2019-01-16 19:44:30 +02:00
parent 83de75d66d
commit 90ad4dbd17
34 changed files with 1259 additions and 99 deletions
--- a/mysql-test/suite/funcs_1/r/is_user_privileges.result
+++ b/mysql-test/suite/funcs_1/r/is_user_privileges.result
@ -91,21 +91,27 @@ user	testuser1
 json_detailed(priv)	{
    "access": 0,
    "plugin": "mysql_native_password",
-    "authentication_string": ""
+    "authentication_string": "",
+    "password_last_changed": 0,
+    "password_lifetime": -1
 }
 host	localhost
 user	testuser2
 json_detailed(priv)	{
    "access": 6,
    "plugin": "mysql_native_password",
-    "authentication_string": ""
+    "authentication_string": "",
+    "password_last_changed": 0,
+    "password_lifetime": -1
 }
 host	localhost
 user	testuser3
 json_detailed(priv)	{
    "access": 0,
    "plugin": "mysql_native_password",
-    "authentication_string": ""
+    "authentication_string": "",
+    "password_last_changed": 0,
+    "password_lifetime": -1
 }
 #
 # Add GRANT OPTION db_datadict.* to testuser1;
@ -136,21 +142,27 @@ user	testuser1
 json_detailed(priv)	{
    "access": 0,
    "plugin": "mysql_native_password",
-    "authentication_string": ""
+    "authentication_string": "",
+    "password_last_changed": 0,
+    "password_lifetime": -1
 }
 host	localhost
 user	testuser2
 json_detailed(priv)	{
    "access": 6,
    "plugin": "mysql_native_password",
-    "authentication_string": ""
+    "authentication_string": "",
+    "password_last_changed": 0,
+    "password_lifetime": -1
 }
 host	localhost
 user	testuser3
 json_detailed(priv)	{
    "access": 0,
    "plugin": "mysql_native_password",
-    "authentication_string": ""
+    "authentication_string": "",
+    "password_last_changed": 0,
+    "password_lifetime": -1
 }
 connect  testuser1, localhost, testuser1, , db_datadict;
 SELECT * FROM information_schema.user_privileges
@ -167,21 +179,27 @@ user	testuser1
 json_detailed(priv)	{
    "access": 0,
    "plugin": "mysql_native_password",
-    "authentication_string": ""
+    "authentication_string": "",
+    "password_last_changed": 0,
+    "password_lifetime": -1
 }
 host	localhost
 user	testuser2
 json_detailed(priv)	{
    "access": 6,
    "plugin": "mysql_native_password",
-    "authentication_string": ""
+    "authentication_string": "",
+    "password_last_changed": 0,
+    "password_lifetime": -1
 }
 host	localhost
 user	testuser3
 json_detailed(priv)	{
    "access": 0,
    "plugin": "mysql_native_password",
-    "authentication_string": ""
+    "authentication_string": "",
+    "password_last_changed": 0,
+    "password_lifetime": -1
 }
 SHOW GRANTS;
 Grants for testuser1@localhost
@ -220,21 +238,27 @@ user	testuser1
 json_detailed(priv)	{
    "access": 1,
    "plugin": "mysql_native_password",
-    "authentication_string": ""
+    "authentication_string": "",
+    "password_last_changed": 0,
+    "password_lifetime": -1
 }
 host	localhost
 user	testuser2
 json_detailed(priv)	{
    "access": 6,
    "plugin": "mysql_native_password",
-    "authentication_string": ""
+    "authentication_string": "",
+    "password_last_changed": 0,
+    "password_lifetime": -1
 }
 host	localhost
 user	testuser3
 json_detailed(priv)	{
    "access": 0,
    "plugin": "mysql_native_password",
-    "authentication_string": ""
+    "authentication_string": "",
+    "password_last_changed": 0,
+    "password_lifetime": -1
 }
 GRANT SELECT ON *.* TO 'testuser1'@'localhost' WITH GRANT OPTION;
 #
@ -265,21 +289,27 @@ user	testuser1
 json_detailed(priv)	{
    "access": 1025,
    "plugin": "mysql_native_password",
-    "authentication_string": ""
+    "authentication_string": "",
+    "password_last_changed": 0,
+    "password_lifetime": -1
 }
 host	localhost
 user	testuser2
 json_detailed(priv)	{
    "access": 6,
    "plugin": "mysql_native_password",
-    "authentication_string": ""
+    "authentication_string": "",
+    "password_last_changed": 0,
+    "password_lifetime": -1
 }
 host	localhost
 user	testuser3
 json_detailed(priv)	{
    "access": 0,
    "plugin": "mysql_native_password",
-    "authentication_string": ""
+    "authentication_string": "",
+    "password_last_changed": 0,
+    "password_lifetime": -1
 }
 connection testuser1;
 SELECT * FROM information_schema.user_privileges
@ -296,21 +326,27 @@ user	testuser1
 json_detailed(priv)	{
    "access": 1025,
    "plugin": "mysql_native_password",
-    "authentication_string": ""
+    "authentication_string": "",
+    "password_last_changed": 0,
+    "password_lifetime": -1
 }
 host	localhost
 user	testuser2
 json_detailed(priv)	{
    "access": 6,
    "plugin": "mysql_native_password",
-    "authentication_string": ""
+    "authentication_string": "",
+    "password_last_changed": 0,
+    "password_lifetime": -1
 }
 host	localhost
 user	testuser3
 json_detailed(priv)	{
    "access": 0,
    "plugin": "mysql_native_password",
-    "authentication_string": ""
+    "authentication_string": "",
+    "password_last_changed": 0,
+    "password_lifetime": -1
 }
 SHOW GRANTS;
 Grants for testuser1@localhost
@ -379,21 +415,27 @@ user	testuser1
 json_detailed(priv)	{
    "access": 0,
    "plugin": "mysql_native_password",
-    "authentication_string": ""
+    "authentication_string": "",
+    "password_last_changed": 0,
+    "password_lifetime": -1
 }
 host	localhost
 user	testuser2
 json_detailed(priv)	{
    "access": 6,
    "plugin": "mysql_native_password",
-    "authentication_string": ""
+    "authentication_string": "",
+    "password_last_changed": 0,
+    "password_lifetime": -1
 }
 host	localhost
 user	testuser3
 json_detailed(priv)	{
    "access": 0,
    "plugin": "mysql_native_password",
-    "authentication_string": ""
+    "authentication_string": "",
+    "password_last_changed": 0,
+    "password_lifetime": -1
 }
 connection testuser1;
 SELECT * FROM information_schema.user_privileges
@ -457,21 +499,27 @@ user	testuser1
 json_detailed(priv)	{
    "access": 0,
    "plugin": "mysql_native_password",
-    "authentication_string": ""
+    "authentication_string": "",
+    "password_last_changed": 0,
+    "password_lifetime": -1
 }
 host	localhost
 user	testuser2
 json_detailed(priv)	{
    "access": 6,
    "plugin": "mysql_native_password",
-    "authentication_string": ""
+    "authentication_string": "",
+    "password_last_changed": 0,
+    "password_lifetime": -1
 }
 host	localhost
 user	testuser3
 json_detailed(priv)	{
    "access": 0,
    "plugin": "mysql_native_password",
-    "authentication_string": ""
+    "authentication_string": "",
+    "password_last_changed": 0,
+    "password_lifetime": -1
 }
 connection testuser1;
 SELECT * FROM information_schema.user_privileges
@ -488,21 +536,27 @@ user	testuser1
 json_detailed(priv)	{
    "access": 0,
    "plugin": "mysql_native_password",
-    "authentication_string": ""
+    "authentication_string": "",
+    "password_last_changed": 0,
+    "password_lifetime": -1
 }
 host	localhost
 user	testuser2
 json_detailed(priv)	{
    "access": 6,
    "plugin": "mysql_native_password",
-    "authentication_string": ""
+    "authentication_string": "",
+    "password_last_changed": 0,
+    "password_lifetime": -1
 }
 host	localhost
 user	testuser3
 json_detailed(priv)	{
    "access": 0,
    "plugin": "mysql_native_password",
-    "authentication_string": ""
+    "authentication_string": "",
+    "password_last_changed": 0,
+    "password_lifetime": -1
 }
 SHOW GRANTS;
 Grants for testuser1@localhost
@ -526,21 +580,27 @@ user	testuser1
 json_detailed(priv)	{
    "access": 0,
    "plugin": "mysql_native_password",
-    "authentication_string": ""
+    "authentication_string": "",
+    "password_last_changed": 0,
+    "password_lifetime": -1
 }
 host	localhost
 user	testuser2
 json_detailed(priv)	{
    "access": 6,
    "plugin": "mysql_native_password",
-    "authentication_string": ""
+    "authentication_string": "",
+    "password_last_changed": 0,
+    "password_lifetime": -1
 }
 host	localhost
 user	testuser3
 json_detailed(priv)	{
    "access": 0,
    "plugin": "mysql_native_password",
-    "authentication_string": ""
+    "authentication_string": "",
+    "password_last_changed": 0,
+    "password_lifetime": -1
 }
 SHOW GRANTS;
 Grants for testuser1@localhost
@ -579,21 +639,27 @@ user	testuser1
 json_detailed(priv)	{
    "access": 0,
    "plugin": "mysql_native_password",
-    "authentication_string": ""
+    "authentication_string": "",
+    "password_last_changed": 0,
+    "password_lifetime": -1
 }
 host	localhost
 user	testuser2
 json_detailed(priv)	{
    "access": 6,
    "plugin": "mysql_native_password",
-    "authentication_string": ""
+    "authentication_string": "",
+    "password_last_changed": 0,
+    "password_lifetime": -1
 }
 host	localhost
 user	testuser3
 json_detailed(priv)	{
    "access": 0,
    "plugin": "mysql_native_password",
-    "authentication_string": ""
+    "authentication_string": "",
+    "password_last_changed": 0,
+    "password_lifetime": -1
 }
 connection testuser1;
 SELECT * FROM information_schema.user_privileges