MDEV-24098 CREATE USER/ALTER USER PASSWORD EXPIRE/LOCK in either orderbb-10.4-danielblack-MDEV-24098-show-create-user-invalid

author: Daniel Black <daniel@mariadb.org> 2020-11-04 15:25:00 +1100
committer: Daniel Black <daniel@mariadb.org> 2020-11-04 15:46:38 +1100
commit: 6104e1c82ce64b883ff34303f44f375cb372ea11 (patch)
tree: 1eeed5c59efce00aa462a7f4b36d5f3b2a88db2b
parent: 74f309fcfa267f3eed55433da226a11145984182 (diff)
download: mariadb-git-bb-10.4-danielblack-MDEV-24098-show-create-user-invalid.tar.gz
3 files changed, 69 insertions, 15 deletions
diff --git a/mysql-test/main/lock_user.result b/mysql-test/main/lock_user.result
index a0d2b40572c..7d9aeebb7aa 100644
--- a/mysql-test/main/lock_user.result
+++ b/mysql-test/main/lock_user.result
@@ -139,4 +139,33 @@ show create user user1@localhost;
 CREATE USER for user1@localhost
 CREATE USER `user1`@`localhost` ACCOUNT LOCK PASSWORD EXPIRE
 drop user user1@localhost;
+#
+# MDEV-24098 CREATE USER/ALTER USER PASSWORD EXPIRE/LOCK in
+# either order.
+#
+create user user1@localhost PASSWORD EXPIRE ACCOUNT LOCK;
+show create user user1@localhost;
+CREATE USER for user1@localhost
+CREATE USER `user1`@`localhost` ACCOUNT LOCK PASSWORD EXPIRE
+drop user user1@localhost;
+create user user1@localhost ACCOUNT LOCK PASSWORD EXPIRE;
+show create user user1@localhost;
+CREATE USER for user1@localhost
+CREATE USER `user1`@`localhost` ACCOUNT LOCK PASSWORD EXPIRE
+alter user user1@localhost  PASSWORD EXPIRE NEVER ACCOUNT UNLOCK ;
+show create user user1@localhost;
+CREATE USER for user1@localhost
+CREATE USER `user1`@`localhost` PASSWORD EXPIRE
+alter user user1@localhost  ACCOUNT LOCK PASSWORD EXPIRE DEFAULT;
+show create user user1@localhost;
+CREATE USER for user1@localhost
+CREATE USER `user1`@`localhost` ACCOUNT LOCK PASSWORD EXPIRE
+alter user user1@localhost  PASSWORD EXPIRE INTERVAL 60 DAY ACCOUNT UNLOCK;
+select * from mysql.global_priv where user='user1';
+Host	User	Priv
+localhost	user1	{"access":0,"plugin":"mysql_native_password","authentication_string":"","account_locked":false,"password_last_changed":0,"password_lifetime":60}
+show create user user1@localhost;
+CREATE USER for user1@localhost
+CREATE USER `user1`@`localhost` PASSWORD EXPIRE
+drop user user1@localhost;
 drop user user2@localhost;
diff --git a/mysql-test/main/lock_user.test b/mysql-test/main/lock_user.test
index 504c6c5ac10..530883f33ef 100644
--- a/mysql-test/main/lock_user.test
+++ b/mysql-test/main/lock_user.test
@@ -143,6 +143,25 @@ alter user user1@localhost account lock;
 --echo #
 alter user user1@localhost PASSWORD EXPIRE;
 show create user user1@localhost;
+drop user user1@localhost;
+
+--echo #
+--echo # MDEV-24098 CREATE USER/ALTER USER PASSWORD EXPIRE/LOCK in
+--echo # either order.
+--echo #
+create user user1@localhost PASSWORD EXPIRE ACCOUNT LOCK;
+show create user user1@localhost;
+drop user user1@localhost;
+create user user1@localhost ACCOUNT LOCK PASSWORD EXPIRE;
+show create user user1@localhost;
+alter user user1@localhost  PASSWORD EXPIRE NEVER ACCOUNT UNLOCK ;
+show create user user1@localhost;
+alter user user1@localhost  ACCOUNT LOCK PASSWORD EXPIRE DEFAULT;
+show create user user1@localhost;
+# note output needs to be corrected by MDEV-24114: password expire users cannot be unexpired
+alter user user1@localhost  PASSWORD EXPIRE INTERVAL 60 DAY ACCOUNT UNLOCK;
+select * from mysql.global_priv where user='user1';
+show create user user1@localhost;
 
 drop user user1@localhost;
 drop user user2@localhost;
diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy
index 3e3674d03ea..84330ca5570 100644
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -2902,7 +2902,7 @@ create:
               MYSQL_YYABORT;
           }
         | create_or_replace USER_SYM opt_if_not_exists clear_privileges
-          grant_list opt_require_clause opt_resource_options opt_account_locking opt_password_expiration
+          grant_list opt_require_clause opt_resource_options opt_account_locking_and_opt_password_expiration
           {
             if (unlikely(Lex->set_command_with_check(SQLCOM_CREATE_USER,
                                                      $1 | $3)))
@@ -8032,7 +8032,7 @@ alter:
           } OPTIONS_SYM '(' server_options_list ')' { }
           /* ALTER USER foo is allowed for MySQL compatibility. */
         | ALTER USER_SYM opt_if_exists clear_privileges grant_list
-          opt_require_clause opt_resource_options opt_account_locking opt_password_expiration
+          opt_require_clause opt_resource_options opt_account_locking_and_opt_password_expiration
           {
             Lex->create_info.set($3);
             Lex->sql_command= SQLCOM_ALTER_USER;
@@ -8071,39 +8071,45 @@ alter:
           }
         ;
 
-opt_account_locking:
-        /* Nothing */ {}
-        | ACCOUNT_SYM LOCK_SYM
+opt_account_locking_option:
+        LOCK_SYM
           {
             Lex->account_options.account_locked= ACCOUNTLOCK_LOCKED;
           }
-        | ACCOUNT_SYM UNLOCK_SYM
+        | UNLOCK_SYM
           {
             Lex->account_options.account_locked= ACCOUNTLOCK_UNLOCKED;
           }
         ;
-opt_password_expiration:
-        /* Nothing */ {}
-        | PASSWORD_SYM EXPIRE_SYM
-          {
+
+opt_password_expire_option:
+        /* empty */ {
             Lex->account_options.password_expire= PASSWORD_EXPIRE_NOW;
           }
-        | PASSWORD_SYM EXPIRE_SYM NEVER_SYM
+        | NEVER_SYM
           {
             Lex->account_options.password_expire= PASSWORD_EXPIRE_NEVER;
           }
-        | PASSWORD_SYM EXPIRE_SYM DEFAULT
+        | DEFAULT
           {
             Lex->account_options.password_expire= PASSWORD_EXPIRE_DEFAULT;
           }
-        | PASSWORD_SYM EXPIRE_SYM INTERVAL_SYM NUM DAY_SYM
+        | INTERVAL_SYM NUM DAY_SYM
           {
             Lex->account_options.password_expire= PASSWORD_EXPIRE_INTERVAL;
-            if (!(Lex->account_options.num_expiration_days= atoi($4.str)))
-              my_yyabort_error((ER_WRONG_VALUE, MYF(0), "DAY", $4.str));
+            if (!(Lex->account_options.num_expiration_days= atoi($2.str)))
+              my_yyabort_error((ER_WRONG_VALUE, MYF(0), "DAY", $2.str));
           }
         ;
 
+opt_account_locking_and_opt_password_expiration:
+        /* Nothing */ {}
+        | ACCOUNT_SYM opt_account_locking_option
+        | PASSWORD_SYM EXPIRE_SYM opt_password_expire_option
+        | ACCOUNT_SYM opt_account_locking_option PASSWORD_SYM EXPIRE_SYM opt_password_expire_option
+        | PASSWORD_SYM EXPIRE_SYM opt_password_expire_option ACCOUNT_SYM opt_account_locking_option
+        ;
+
 ev_alter_on_schedule_completion:
           /* empty */ { $$= 0;}
         | ON SCHEDULE_SYM ev_schedule_time { $$= 1; }
author	Daniel Black <daniel@mariadb.org>	2020-11-04 15:25:00 +1100
committer	Daniel Black <daniel@mariadb.org>	2020-11-04 15:46:38 +1100
commit	6104e1c82ce64b883ff34303f44f375cb372ea11 (patch)
tree	1eeed5c59efce00aa462a7f4b36d5f3b2a88db2b
parent	74f309fcfa267f3eed55433da226a11145984182 (diff)
download	mariadb-git-bb-10.4-danielblack-MDEV-24098-show-create-user-invalid.tar.gz