diff options
| author | Dmitry Shulga <dmitry.shulga@mariadb.com> | 2021-03-20 18:49:21 +0700 |
|---|---|---|
| committer | Dmitry Shulga <dmitry.shulga@mariadb.com> | 2021-03-20 18:49:21 +0700 |
| commit | 3b2c3bad1e93b676a816647df2f65ad3226e2f04 (patch) | |
| tree | 158c4226d48872eaeb477f894b47c53019572980 /sql/key.h | |
| parent | 550cf13eb3e8a25826a0fa67935fc28ee7adb0c8 (diff) | |
| download | mariadb-git-bb-10.4-MDEV-25197.tar.gz | |
MDEV-25197: The statement set password=password('') executed in PS mode fails in case it is run by a user with expired passwordbb-10.4-MDEV-25197
A user connected to a server with an expired password
can't change password with the statement "SET password=..."
if this statement is run in PS mode. In mentioned use case a user
gets the error ER_MUST_CHANGE_PASSWORD on attempt to run
the statement PREPARE stmt FOR "SET password=...";
The reason of failure to reset password by a locked user using the
statement PREPARE stmt FOR "SET password=..." is that PS-related
statements are not listed among the commands allowed for execution
by a user with expired password. However, simple adding of PS-related
statements (PREPARE FOR/EXECUTE/DEALLOCATE PREPARE ) to the list of
statements allowed for execution by a locked user is not enough
to solve problems, since it opens the opportunity for a locked user
to execute any statement in the PS mode.
To exclude this opportunity, additional checking that the statement
being prepared for execution in PS-mode is the SET statement has to be added.
This extra checking has been added by this patch into the method
Prepared_statement::prepared() that executed on preparing any statement
for execution in PS-mode.
Diffstat (limited to 'sql/key.h')
0 files changed, 0 insertions, 0 deletions