MDEV-32218 PASSWORD_EXPIRATION_TIME column

* show it as a datetime, not number of seconds * show all users * show manually expired users as 0000-00-00 00:00:00 * show default expiration interval correctly * numerous test fixes, add more tests * fix compilation of embedded

MDEV-32218 PASSWORD_EXPIRATION_TIME column
* show it as a datetime, not number of seconds * show all users * show manually expired users as 0000-00-00 00:00:00 * show default expiration interval correctly * numerous test fixes, add more tests * fix compilation of embedded
173edf60 · Sergei Golubchik · Nikita Malyavin · d229b4af · 173edf60 · 173edf60
Commit 173edf60 authored Mar 15, 2024 by Sergei Golubchik Committed by Nikita Malyavin May 27, 2024
12 changed files
--- a/mysql-test/main/information_schema-big.result
+++ b/mysql-test/main/information_schema-big.result
@@ -62,6 +62,7 @@ TABLE_CONSTRAINTS	CONSTRAINT_SCHEMA
 TABLE_PRIVILEGES	TABLE_SCHEMA
 TABLE_STATISTICS	TABLE_SCHEMA
 TRIGGERS	TRIGGER_SCHEMA
+USERS	USER
 USER_PRIVILEGES	GRANTEE
 USER_STATISTICS	USER
 VIEWS	TABLE_SCHEMA
@@ -126,6 +127,7 @@ TABLE_CONSTRAINTS	CONSTRAINT_SCHEMA
 TABLE_PRIVILEGES	TABLE_SCHEMA
 TABLE_STATISTICS	TABLE_SCHEMA
 TRIGGERS	TRIGGER_SCHEMA
+USERS	USER
 USER_PRIVILEGES	GRANTEE
 USER_STATISTICS	USER
 VIEWS	TABLE_SCHEMA
--- a/mysql-test/main/information_schema.result
+++ b/mysql-test/main/information_schema.result
@@ -97,6 +97,7 @@ TABLE_CONSTRAINTS
 TABLE_PRIVILEGES
 TABLE_STATISTICS
 TRIGGERS
+USERS
 USER_PRIVILEGES
 USER_STATISTICS
 VIEWS
@@ -963,6 +964,7 @@ TABLES	CREATE_TIME	datetime
 TABLES	UPDATE_TIME	datetime
 TABLES	CHECK_TIME	datetime
 TRIGGERS	CREATED	datetime
+USERS	PASSWORD_EXPIRATION_TIME	datetime
 event	execute_at	datetime
 event	last_executed	datetime
 event	starts	datetime

--- a/mysql-test/main/information_schema_all_engines.result
+++ b/mysql-test/main/information_schema_all_engines.result
@@ -68,6 +68,7 @@ TABLE_CONSTRAINTS
 TABLE_PRIVILEGES
 TABLE_STATISTICS
 TRIGGERS
+USERS
 USER_PRIVILEGES
 USER_STATISTICS
 VIEWS
@@ -153,6 +154,7 @@ TABLE_CONSTRAINTS	CONSTRAINT_SCHEMA
 TABLE_PRIVILEGES	TABLE_SCHEMA
 TABLE_STATISTICS	TABLE_SCHEMA
 TRIGGERS	TRIGGER_SCHEMA
+USERS	USER
 USER_PRIVILEGES	GRANTEE
 USER_STATISTICS	USER
 VIEWS	TABLE_SCHEMA
@@ -238,6 +240,7 @@ TABLE_CONSTRAINTS	CONSTRAINT_SCHEMA
 TABLE_PRIVILEGES	TABLE_SCHEMA
 TABLE_STATISTICS	TABLE_SCHEMA
 TRIGGERS	TRIGGER_SCHEMA
+USERS	USER
 USER_PRIVILEGES	GRANTEE
 USER_STATISTICS	USER
 VIEWS	TABLE_SCHEMA
@@ -326,6 +329,7 @@ TABLE_CONSTRAINTS	information_schema.TABLE_CONSTRAINTS	1
 TABLE_PRIVILEGES	information_schema.TABLE_PRIVILEGES	1
 TABLE_STATISTICS	information_schema.TABLE_STATISTICS	1
 TRIGGERS	information_schema.TRIGGERS	1
+USERS	information_schema.USERS	1
 USER_PRIVILEGES	information_schema.USER_PRIVILEGES	1
 USER_STATISTICS	information_schema.USER_STATISTICS	1
 VIEWS	information_schema.VIEWS	1
@@ -401,6 +405,7 @@ Database: information_schema
 | TABLE_PRIVILEGES                      |
 | TABLE_STATISTICS                      |
 | TRIGGERS                              |
+| USERS                                 |
 | USER_PRIVILEGES                       |
 | USER_STATISTICS                       |
 | VIEWS                                 |
@@ -476,6 +481,7 @@ Database: INFORMATION_SCHEMA
 | TABLE_PRIVILEGES                      |
 | TABLE_STATISTICS                      |
 | TRIGGERS                              |
+| USERS                                 |
 | USER_PRIVILEGES                       |
 | USER_STATISTICS                       |
 | VIEWS                                 |
@@ -487,5 +493,5 @@ Wildcard: inf_rmation_schema
 | information_schema |
 SELECT table_schema, count(*) FROM information_schema.TABLES WHERE table_schema IN ('mysql', 'INFORMATION_SCHEMA', 'test', 'mysqltest') GROUP BY TABLE_SCHEMA;
 table_schema	count(*)
-information_schema	70
+information_schema	71
 mysql	31
--- a/mysql-test/main/information_schema_db.result
+++ b/mysql-test/main/information_schema_db.result
@@ -382,3 +382,134 @@ drop database db;
 #
 # End of 10.4 tests
 #
+#
+# MDEV-23729 INFORMATION_SCHEMA Table info. about user locked due to
+# max_password_errors
+#
+# MDEV-32218 message to notify end-user N-days prior the password get
+# expired
+#
+set @old_max_password_errors=@@max_password_errors;
+set global max_password_errors=2;
+set timestamp= unix_timestamp('2020-01-02 2:3:4');
+create user nice_user;
+create user naughty_user identified by 'naughty_user_passwd';
+alter user naughty_user password expire interval 10 day;
+select * from information_schema.users;
+USER	PASSWORD_ERRORS	PASSWORD_EXPIRATION_TIME
+'mariadb.sys'@'localhost'	0	0000-00-00 00:00:00
+'naughty_user'@'%'	0	2020-01-12 02:03:04
+'nice_user'@'%'	0	NULL
+'root'@'127.0.0.1'	NULL	NULL
+'root'@'::1'	NULL	NULL
+'root'@'localhost'	NULL	NULL
+'root'@HOSTNAME	0	NULL
+alter user nice_user password expire interval 10 day;
+select * from information_schema.users;
+USER	PASSWORD_ERRORS	PASSWORD_EXPIRATION_TIME
+'mariadb.sys'@'localhost'	0	0000-00-00 00:00:00
+'naughty_user'@'%'	0	2020-01-12 02:03:04
+'nice_user'@'%'	0	2020-01-12 02:03:04
+'root'@'127.0.0.1'	NULL	NULL
+'root'@'::1'	NULL	NULL
+'root'@'localhost'	NULL	NULL
+'root'@HOSTNAME	0	NULL
+connect(localhost,naughty_user,wrong_passwd,test,MASTER_PORT,MASTER_SOCKET);
+connect con1, localhost, naughty_user, wrong_passwd;
+ERROR 28000: Access denied for user 'naughty_user'@'localhost' (using password: YES)
+select * from information_schema.users;
+USER	PASSWORD_ERRORS	PASSWORD_EXPIRATION_TIME
+'mariadb.sys'@'localhost'	0	0000-00-00 00:00:00
+'naughty_user'@'%'	1	2020-01-12 02:03:04
+'nice_user'@'%'	0	2020-01-12 02:03:04
+'root'@'127.0.0.1'	NULL	NULL
+'root'@'::1'	NULL	NULL
+'root'@'localhost'	NULL	NULL
+'root'@HOSTNAME	0	NULL
+connect(localhost,naughty_user,wrong_passwd,test,MASTER_PORT,MASTER_SOCKET);
+connect con1, localhost, naughty_user, wrong_passwd;
+ERROR 28000: Access denied for user 'naughty_user'@'localhost' (using password: YES)
+select * from information_schema.users;
+USER	PASSWORD_ERRORS	PASSWORD_EXPIRATION_TIME
+'mariadb.sys'@'localhost'	0	0000-00-00 00:00:00
+'naughty_user'@'%'	2	2020-01-12 02:03:04
+'nice_user'@'%'	0	2020-01-12 02:03:04
+'root'@'127.0.0.1'	NULL	NULL
+'root'@'::1'	NULL	NULL
+'root'@'localhost'	NULL	NULL
+'root'@HOSTNAME	0	NULL
+# Show all users that are blocked due to max_password_errors reached.
+select user from information_schema.users
+where password_errors >= @@global.max_password_errors;
+user
+'naughty_user'@'%'
+set global max_password_errors=3;
+connect con1, localhost, naughty_user, naughty_user_passwd;
+connection default;
+select * from information_schema.users;
+USER	PASSWORD_ERRORS	PASSWORD_EXPIRATION_TIME
+'mariadb.sys'@'localhost'	0	0000-00-00 00:00:00
+'naughty_user'@'%'	0	2020-01-12 02:03:04
+'nice_user'@'%'	0	2020-01-12 02:03:04
+'root'@'127.0.0.1'	NULL	NULL
+'root'@'::1'	NULL	NULL
+'root'@'localhost'	NULL	NULL
+'root'@HOSTNAME	0	NULL
+disconnect con1;
+# test FLUSH PRIVILEGES
+connect(localhost,naughty_user,wrong_passwd,test,MASTER_PORT,MASTER_SOCKET);
+connect con1, localhost, naughty_user, wrong_passwd;
+ERROR 28000: Access denied for user 'naughty_user'@'localhost' (using password: YES)
+select * from information_schema.users where user like '''naughty%';
+USER	PASSWORD_ERRORS	PASSWORD_EXPIRATION_TIME
+'naughty_user'@'%'	1	2020-01-12 02:03:04
+flush privileges;
+select * from information_schema.users where user like '''naughty%';
+USER	PASSWORD_ERRORS	PASSWORD_EXPIRATION_TIME
+'naughty_user'@'%'	0	2020-01-12 02:03:04
+# Test unprivileged output
+connect con2, localhost, nice_user;
+set timestamp= unix_timestamp('2020-01-02 2:3:4');
+set password= password('nice_passwd');
+select * from information_schema.users;
+USER	PASSWORD_ERRORS	PASSWORD_EXPIRATION_TIME
+'nice_user'@'%'	0	2020-01-12 02:03:04
+# Delete user while some connection is still alive, then select.
+connection default;
+drop user nice_user;
+connection con2;
+select * from information_schema.users;
+ERROR 0L000: The current user is invalid
+disconnect con2;
+connection default;
+drop user naughty_user;
+set global max_password_errors=@old_max_password_errors;
+# more password expiration tests
+set global default_password_lifetime= 2;
+create user u1@localhost password expire;
+create user u2@localhost password expire default;
+create user u3@localhost password expire interval 10 day;
+create user u4@localhost password expire interval 20 day;
+create user u5@localhost password expire never;
+set timestamp= unix_timestamp('2020-01-17 2:3:4');
+select * from information_schema.users where user like '''u_''%';
+USER	PASSWORD_ERRORS	PASSWORD_EXPIRATION_TIME
+'u1'@'localhost'	0	0000-00-00 00:00:00
+'u2'@'localhost'	0	2020-01-04 02:03:04
+'u3'@'localhost'	0	2020-01-12 02:03:04
+'u4'@'localhost'	0	2020-01-22 02:03:04
+'u5'@'localhost'	0	NULL
+set global default_password_lifetime= default;
+select * from information_schema.users where user like '''u_''%';
+USER	PASSWORD_ERRORS	PASSWORD_EXPIRATION_TIME
+'u1'@'localhost'	0	0000-00-00 00:00:00
+'u2'@'localhost'	0	NULL
+'u3'@'localhost'	0	2020-01-12 02:03:04
+'u4'@'localhost'	0	2020-01-22 02:03:04
+'u5'@'localhost'	0	NULL
+drop user u1@localhost;
+drop user u2@localhost;
+drop user u3@localhost;
+drop user u4@localhost;
+drop user u5@localhost;
+# End of 10.0 tests
--- a/mysql-test/main/information_schema_db.test
+++ b/mysql-test/main/information_schema_db.test
@@ -331,3 +331,121 @@ drop database db;
 --echo #
 --echo # End of 10.4 tests
 --echo #
+--echo #
+--echo # MDEV-23729 INFORMATION_SCHEMA Table info. about user locked due to
+--echo # max_password_errors
+--echo #
+--echo # MDEV-32218 message to notify end-user N-days prior the password get
+--echo # expired
+--echo #
+--disable_service_connection
+set @old_max_password_errors=@@max_password_errors;
+set global max_password_errors=2;
+# must use replace_regex for case insenstive replacement
+let $hostname_re= `select concat('/@\'', @@hostname, '\'/@HOSTNAME/i')`;
+# set the password_last_changed value
+set timestamp= unix_timestamp('2020-01-02 2:3:4');
+create user nice_user;
+create user naughty_user identified by 'naughty_user_passwd';
+alter user naughty_user password expire interval 10 day;
+--sorted_result
+--replace_regex $hostname_re
+eval select * from information_schema.users;
+alter user nice_user password expire interval 10 day;
+--sorted_result
+--replace_regex $hostname_re
+select * from information_schema.users;
+--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
+--error ER_ACCESS_DENIED_ERROR
+connect(con1, localhost, naughty_user, wrong_passwd);
+--sorted_result
+--replace_regex $hostname_re
+select * from information_schema.users;
+--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
+--error ER_ACCESS_DENIED_ERROR
+connect(con1, localhost, naughty_user, wrong_passwd);
+--sorted_result
+--replace_regex $hostname_re
+select * from information_schema.users;
+--echo # Show all users that are blocked due to max_password_errors reached.
+select user from information_schema.users
+where password_errors >= @@global.max_password_errors;
+set global max_password_errors=3;
+connect(con1, localhost, naughty_user, naughty_user_passwd);
+connection default;
+--sorted_result
+--replace_regex $hostname_re
+select * from information_schema.users;
+disconnect con1;
+--echo # test FLUSH PRIVILEGES
+--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
+--error ER_ACCESS_DENIED_ERROR
+connect(con1, localhost, naughty_user, wrong_passwd);
+select * from information_schema.users where user like '''naughty%';
+flush privileges;
+select * from information_schema.users where user like '''naughty%';
+--echo # Test unprivileged output
+connect(con2, localhost, nice_user);
+set timestamp= unix_timestamp('2020-01-02 2:3:4');
+# timestamp was normal at the login moment, so the password was expired
+set password= password('nice_passwd');
+--sorted_result
+--replace_regex $hostname_re
+select * from information_schema.users;
+--echo # Delete user while some connection is still alive, then select.
+connection default;
+drop user nice_user;
+connection con2;
+# and here you are, select from your table
+--error ER_INVALID_CURRENT_USER
+select * from information_schema.users;
+disconnect con2;
+connection default;
+drop user naughty_user;
+set global max_password_errors=@old_max_password_errors;
+--echo # more password expiration tests
+set global default_password_lifetime= 2;
+create user u1@localhost password expire;
+create user u2@localhost password expire default;
+create user u3@localhost password expire interval 10 day;
+create user u4@localhost password expire interval 20 day;
+create user u5@localhost password expire never;
+set timestamp= unix_timestamp('2020-01-17 2:3:4');
+select * from information_schema.users where user like '''u_''%';
+set global default_password_lifetime= default;
+select * from information_schema.users where user like '''u_''%';
+drop user u1@localhost;
+drop user u2@localhost;
+drop user u3@localhost;
+drop user u4@localhost;
+drop user u5@localhost;
+--enable_service_connection
+--echo # End of 10.0 tests
--- a/mysql-test/main/information_schema_stats.result
+++ b/mysql-test/main/information_schema_stats.result
@@ -83,86 +83,4 @@ TABLE_SCHEMA	TABLE_NAME	INDEX_NAME	ROWS_READ	QUERIES
 select * from information_schema.table_statistics where table_schema='test' and table_name='just_a_test';
 TABLE_SCHEMA	TABLE_NAME	ROWS_READ	ROWS_CHANGED	ROWS_CHANGED_X_INDEXES	ROWS_INSERTED	ROWS_UPDATED	ROWS_DELETED	KEY_READ_HITS	KEY_READ_MISSES
 set global userstat=@save_userstat;
-#
+# End of 11.5 tests
-# MDEV-23729 INFORMATION_SCHEMA Table info. about user locked due to
-# max_password_errors
-#
-# MDEV-32218 message to notify end-user N-days prior the password get
-# expired
-#
-set @old_max_password_errors=@@max_password_errors;
-set global max_password_errors=2;
-select * from information_schema.users;
-USER	PASSWORD_ERRORS	PASSWORD_EXPIRATION_TIME
-'mariadb.sys'@'localhost'	0	NULL
-'root'@'neo'	0	NULL
-set timestamp= 123;
-create user nice_user;
-create user naughty_user identified by 'naughty_user_passwd';
-alter user naughty_user password expire interval 10 day;
-select 3600*24;
-3600*24
-86400
-select * from information_schema.users;
-USER	PASSWORD_ERRORS	PASSWORD_EXPIRATION_TIME
-'mariadb.sys'@'localhost'	0	NULL
-'naughty_user'@'%'	0	864123
-'nice_user'@'%'	0	NULL
-'root'@HOSTNAME	0	NULL
-alter user nice_user password expire interval 10 day;
-select * from information_schema.users;
-USER	PASSWORD_ERRORS	PASSWORD_EXPIRATION_TIME
-'mariadb.sys'@'localhost'	0	NULL
-'naughty_user'@'%'	0	864123
-'nice_user'@'%'	0	864123
-'root'@HOSTNAME	0	NULL
-connect(localhost,naughty_user,wrong_passwd,test,MASTER_PORT,MASTER_SOCKET);
-connect con1, localhost, naughty_user, wrong_passwd;
-ERROR 28000: Access denied for user 'naughty_user'@'localhost' (using password: YES)
-select * from information_schema.users;
-USER	PASSWORD_ERRORS	PASSWORD_EXPIRATION_TIME
-'mariadb.sys'@'localhost'	0	NULL
-'naughty_user'@'%'	1	864123
-'nice_user'@'%'	0	864123
-'root'@HOSTNAME	0	NULL
-connect(localhost,naughty_user,wrong_passwd,test,MASTER_PORT,MASTER_SOCKET);
-connect con1, localhost, naughty_user, wrong_passwd;
-ERROR 28000: Access denied for user 'naughty_user'@'localhost' (using password: YES)
-select * from information_schema.users;
-USER	PASSWORD_ERRORS	PASSWORD_EXPIRATION_TIME
-'mariadb.sys'@'localhost'	0	NULL
-'naughty_user'@'%'	2	864123
-'nice_user'@'%'	0	864123
-'root'@HOSTNAME	0	NULL
-# Show all users that are blocked due to max_password_errors reached.
-select user from information_schema.users
-where password_errors >= @@global.max_password_errors;
-user
-'naughty_user'@'%'
-set global max_password_errors=3;
-connect con1, localhost, naughty_user, naughty_user_passwd;
-connection default;
-select * from information_schema.users;
-USER	PASSWORD_ERRORS	PASSWORD_EXPIRATION_TIME
-'mariadb.sys'@'localhost'	0	NULL
-'naughty_user'@'%'	0	864123
-'nice_user'@'%'	0	864123
-'root'@HOSTNAME	0	NULL
-disconnect con1;
-# Test unprivileged output
-connect con2, localhost, nice_user;
-set timestamp= 123;
-set password= password('nice_passwd');
-select * from information_schema.users;
-USER	PASSWORD_ERRORS	PASSWORD_EXPIRATION_TIME
-'nice_user'@'%'	0	864123
-# Delete user while some connection is still alive, then select.
-connection default;
-drop user nice_user;
-connection con2;
-select * from information_schema.users;
-ERROR 0L000: The current user is invalid
-disconnect con2;
-connection default;
-drop user naughty_user;
-set global max_password_errors=@old_max_password_errors;
--- a/mysql-test/main/information_schema_stats.test
+++ b/mysql-test/main/information_schema_stats.test
@@ -55,88 +55,4 @@ select * from information_schema.table_statistics where table_schema='test' and
 set global userstat=@save_userstat;
 --enable_ps2_protocol
--echo #
+--echo # End of 11.5 tests
--echo # MDEV-23729 INFORMATION_SCHEMA Table info. about user locked due to
--echo # max_password_errors
--echo #
--echo # MDEV-32218 message to notify end-user N-days prior the password get
--echo # expired
--echo #
-set @old_max_password_errors=@@max_password_errors;
-set global max_password_errors=2;
-select * from information_schema.users;
-let $hostname= `select concat('@\'', @@hostname, '\'')`;
-# set the password_last_changed value
-set timestamp= 123;
-create user nice_user;
-create user naughty_user identified by 'naughty_user_passwd';
-alter user naughty_user password expire interval 10 day;
-select 3600*24;
--replace_result $hostname @HOSTNAME
-eval select * from information_schema.users;
-alter user nice_user password expire interval 10 day;
--replace_result $hostname @HOSTNAME
-select * from information_schema.users;
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCESS_DENIED_ERROR
-connect(con1, localhost, naughty_user, wrong_passwd);
--replace_result $hostname @HOSTNAME
-select * from information_schema.users;
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCESS_DENIED_ERROR
-connect(con1, localhost, naughty_user, wrong_passwd);
--replace_result $hostname @HOSTNAME
-select * from information_schema.users;
--echo # Show all users that are blocked due to max_password_errors reached.
-select user from information_schema.users
-where password_errors >= @@global.max_password_errors;
-set global max_password_errors=3;
-connect(con1, localhost, naughty_user, naughty_user_passwd);
-connection default;
--replace_result $hostname @HOSTNAME
-select * from information_schema.users;
-disconnect con1;
--echo # Test unprivileged output
-connect(con2, localhost, nice_user);
-set timestamp= 123;
-# timestamp was normal at the login moment, so the password was expired
-set password= password('nice_passwd');
--replace_result $hostname @HOSTNAME
-select * from information_schema.users;
--echo # Delete user while some connection is still alive, then select.
-connection default;
-drop user nice_user;
-connection con2;
-# and here you are, select from your table
--error ER_INVALID_CURRENT_USER
-select * from information_schema.users;
-disconnect con2;
-connection default;
-drop user naughty_user;
-set global max_password_errors=@old_max_password_errors;
-#
-# End of 11.5 tests
-#
--- a/mysql-test/suite/funcs_1/r/is_columns_is.result
+++ b/mysql-test/suite/funcs_1/r/is_columns_is.result
@@ -501,6 +501,9 @@ def	information_schema	TRIGGERS	SQL_MODE	18	NULL	NO	varchar	8192	24576	NULL	NULL
 def	information_schema	TRIGGERS	TRIGGER_CATALOG	1	NULL	NO	varchar	512	1536	NULL	NULL	NULL	utf8mb3	utf8mb3_general_ci	varchar(512)			select		NEVER	NULL	NO	NO
 def	information_schema	TRIGGERS	TRIGGER_NAME	3	NULL	NO	varchar	64	192	NULL	NULL	NULL	utf8mb3	utf8mb3_general_ci	varchar(64)			select		NEVER	NULL	NO	NO
 def	information_schema	TRIGGERS	TRIGGER_SCHEMA	2	NULL	NO	varchar	64	192	NULL	NULL	NULL	utf8mb3	utf8mb3_general_ci	varchar(64)			select		NEVER	NULL	NO	NO
+def	information_schema	USERS	PASSWORD_ERRORS	2	NULL	YES	bigint	NULL	NULL	19	0	NULL	NULL	NULL	bigint(21)			select		NEVER	NULL	NO	NO
+def	information_schema	USERS	PASSWORD_EXPIRATION_TIME	3	NULL	YES	datetime	NULL	NULL	NULL	NULL	0	NULL	NULL	datetime			select		NEVER	NULL	NO	NO
+def	information_schema	USERS	USER	1	NULL	NO	varchar	385	1155	NULL	NULL	NULL	utf8mb3	utf8mb3_general_ci	varchar(385)			select		NEVER	NULL	NO	NO
 def	information_schema	USER_PRIVILEGES	GRANTEE	1	NULL	NO	varchar	385	1155	NULL	NULL	NULL	utf8mb3	utf8mb3_general_ci	varchar(385)			select		NEVER	NULL	NO	NO
 def	information_schema	USER_PRIVILEGES	IS_GRANTABLE	4	NULL	NO	varchar	3	9	NULL	NULL	NULL	utf8mb3	utf8mb3_general_ci	varchar(3)			select		NEVER	NULL	NO	NO
 def	information_schema	USER_PRIVILEGES	PRIVILEGE_TYPE	3	NULL	NO	varchar	64	192	NULL	NULL	NULL	utf8mb3	utf8mb3_general_ci	varchar(64)			select		NEVER	NULL	NO	NO
@@ -1104,6 +1107,9 @@ NULL	information_schema	TRIGGERS	CREATED	datetime	NULL	NULL	NULL	NULL	datetime(2
 3.0000	information_schema	TRIGGERS	CHARACTER_SET_CLIENT	varchar	32	96	utf8mb3	utf8mb3_general_ci	varchar(32)
 3.0000	information_schema	TRIGGERS	COLLATION_CONNECTION	varchar	64	192	utf8mb3	utf8mb3_general_ci	varchar(64)
 3.0000	information_schema	TRIGGERS	DATABASE_COLLATION	varchar	64	192	utf8mb3	utf8mb3_general_ci	varchar(64)
+3.0000	information_schema	USERS	USER	varchar	385	1155	utf8mb3	utf8mb3_general_ci	varchar(385)
+NULL	information_schema	USERS	PASSWORD_ERRORS	bigint	NULL	NULL	NULL	NULL	bigint(21)
+NULL	information_schema	USERS	PASSWORD_EXPIRATION_TIME	datetime	NULL	NULL	NULL	NULL	datetime
 3.0000	information_schema	USER_PRIVILEGES	GRANTEE	varchar	385	1155	utf8mb3	utf8mb3_general_ci	varchar(385)
 3.0000	information_schema	USER_PRIVILEGES	TABLE_CATALOG	varchar	512	1536	utf8mb3	utf8mb3_general_ci	varchar(512)
 3.0000	information_schema	USER_PRIVILEGES	PRIVILEGE_TYPE	varchar	64	192	utf8mb3	utf8mb3_general_ci	varchar(64)

--- a/mysql-test/suite/funcs_1/r/is_columns_is_embedded.result
+++ b/mysql-test/suite/funcs_1/r/is_columns_is_embedded.result
@@ -501,6 +501,9 @@ def	information_schema	TRIGGERS	SQL_MODE	18	NULL	NO	varchar	8192	24576	NULL	NULL
 def	information_schema	TRIGGERS	TRIGGER_CATALOG	1	NULL	NO	varchar	512	1536	NULL	NULL	NULL	utf8mb3	utf8mb3_general_ci	varchar(512)					NEVER	NULL	NO	NO
 def	information_schema	TRIGGERS	TRIGGER_NAME	3	NULL	NO	varchar	64	192	NULL	NULL	NULL	utf8mb3	utf8mb3_general_ci	varchar(64)					NEVER	NULL	NO	NO
 def	information_schema	TRIGGERS	TRIGGER_SCHEMA	2	NULL	NO	varchar	64	192	NULL	NULL	NULL	utf8mb3	utf8mb3_general_ci	varchar(64)					NEVER	NULL	NO	NO
+def	information_schema	USERS	PASSWORD_ERRORS	2	NULL	YES	bigint	NULL	NULL	19	0	NULL	NULL	NULL	bigint(21)					NEVER	NULL	NO	NO
+def	information_schema	USERS	PASSWORD_EXPIRATION_TIME	3	NULL	YES	datetime	NULL	NULL	NULL	NULL	0	NULL	NULL	datetime					NEVER	NULL	NO	NO
+def	information_schema	USERS	USER	1	NULL	NO	varchar	385	1155	NULL	NULL	NULL	utf8mb3	utf8mb3_general_ci	varchar(385)					NEVER	NULL	NO	NO
 def	information_schema	USER_PRIVILEGES	GRANTEE	1	NULL	NO	varchar	385	1155	NULL	NULL	NULL	utf8mb3	utf8mb3_general_ci	varchar(385)					NEVER	NULL	NO	NO
 def	information_schema	USER_PRIVILEGES	IS_GRANTABLE	4	NULL	NO	varchar	3	9	NULL	NULL	NULL	utf8mb3	utf8mb3_general_ci	varchar(3)					NEVER	NULL	NO	NO
 def	information_schema	USER_PRIVILEGES	PRIVILEGE_TYPE	3	NULL	NO	varchar	64	192	NULL	NULL	NULL	utf8mb3	utf8mb3_general_ci	varchar(64)					NEVER	NULL	NO	NO
@@ -1104,6 +1107,9 @@ NULL	information_schema	TRIGGERS	CREATED	datetime	NULL	NULL	NULL	NULL	datetime(2
 3.0000	information_schema	TRIGGERS	CHARACTER_SET_CLIENT	varchar	32	96	utf8mb3	utf8mb3_general_ci	varchar(32)
 3.0000	information_schema	TRIGGERS	COLLATION_CONNECTION	varchar	64	192	utf8mb3	utf8mb3_general_ci	varchar(64)
 3.0000	information_schema	TRIGGERS	DATABASE_COLLATION	varchar	64	192	utf8mb3	utf8mb3_general_ci	varchar(64)
+3.0000	information_schema	USERS	USER	varchar	385	1155	utf8mb3	utf8mb3_general_ci	varchar(385)
+NULL	information_schema	USERS	PASSWORD_ERRORS	bigint	NULL	NULL	NULL	NULL	bigint(21)
+NULL	information_schema	USERS	PASSWORD_EXPIRATION_TIME	datetime	NULL	NULL	NULL	NULL	datetime
 3.0000	information_schema	USER_PRIVILEGES	GRANTEE	varchar	385	1155	utf8mb3	utf8mb3_general_ci	varchar(385)
 3.0000	information_schema	USER_PRIVILEGES	TABLE_CATALOG	varchar	512	1536	utf8mb3	utf8mb3_general_ci	varchar(512)
 3.0000	information_schema	USER_PRIVILEGES	PRIVILEGE_TYPE	varchar	64	192	utf8mb3	utf8mb3_general_ci	varchar(64)

--- a/mysql-test/suite/funcs_1/r/is_tables_is.result
+++ b/mysql-test/suite/funcs_1/r/is_tables_is.result
@@ -1139,6 +1139,31 @@ user_comment
 Separator	-----------------------------------------------------
 TABLE_CATALOG	def
 TABLE_SCHEMA	information_schema
+TABLE_NAME	USERS
+TABLE_TYPE	SYSTEM VIEW
+ENGINE	MEMORY
+VERSION	11
+ROW_FORMAT	Fixed
+TABLE_ROWS	#TBLR#
+AVG_ROW_LENGTH	#ARL#
+DATA_LENGTH	#DL#
+MAX_DATA_LENGTH	#MDL#
+INDEX_LENGTH	#IL#
+DATA_FREE	#DF#
+AUTO_INCREMENT	NULL
+CREATE_TIME	#CRT#
+UPDATE_TIME	#UT#
+CHECK_TIME	#CT#
+TABLE_COLLATION	utf8mb3_general_ci
+CHECKSUM	NULL
+CREATE_OPTIONS	#CO#
+TABLE_COMMENT	#TC#
+MAX_INDEX_LENGTH	#MIL#
+TEMPORARY	Y
+user_comment	
+Separator	-----------------------------------------------------
+TABLE_CATALOG	def
+TABLE_SCHEMA	information_schema
 TABLE_NAME	USER_PRIVILEGES
 TABLE_TYPE	SYSTEM VIEW
 ENGINE	MEMORY
@@ -2355,6 +2380,31 @@ user_comment
 Separator	-----------------------------------------------------
 TABLE_CATALOG	def
 TABLE_SCHEMA	information_schema
+TABLE_NAME	USERS
+TABLE_TYPE	SYSTEM VIEW
+ENGINE	MEMORY
+VERSION	11
+ROW_FORMAT	Fixed
+TABLE_ROWS	#TBLR#
+AVG_ROW_LENGTH	#ARL#
+DATA_LENGTH	#DL#
+MAX_DATA_LENGTH	#MDL#
+INDEX_LENGTH	#IL#
+DATA_FREE	#DF#
+AUTO_INCREMENT	NULL
+CREATE_TIME	#CRT#
+UPDATE_TIME	#UT#
+CHECK_TIME	#CT#
+TABLE_COLLATION	utf8mb3_general_ci
+CHECKSUM	NULL
+CREATE_OPTIONS	#CO#
+TABLE_COMMENT	#TC#
+MAX_INDEX_LENGTH	#MIL#
+TEMPORARY	Y
+user_comment	
+Separator	-----------------------------------------------------
+TABLE_CATALOG	def
+TABLE_SCHEMA	information_schema
 TABLE_NAME	USER_PRIVILEGES
 TABLE_TYPE	SYSTEM VIEW
 ENGINE	MEMORY

--- a/mysql-test/suite/funcs_1/r/is_tables_is_embedded.result
+++ b/mysql-test/suite/funcs_1/r/is_tables_is_embedded.result
@@ -1139,6 +1139,31 @@ user_comment
 Separator	-----------------------------------------------------
 TABLE_CATALOG	def
 TABLE_SCHEMA	information_schema
+TABLE_NAME	USERS
+TABLE_TYPE	SYSTEM VIEW
+ENGINE	MEMORY
+VERSION	11
+ROW_FORMAT	Fixed
+TABLE_ROWS	#TBLR#
+AVG_ROW_LENGTH	#ARL#
+DATA_LENGTH	#DL#
+MAX_DATA_LENGTH	#MDL#
+INDEX_LENGTH	#IL#
+DATA_FREE	#DF#
+AUTO_INCREMENT	NULL
+CREATE_TIME	#CRT#
+UPDATE_TIME	#UT#
+CHECK_TIME	#CT#
+TABLE_COLLATION	utf8mb3_general_ci
+CHECKSUM	NULL
+CREATE_OPTIONS	#CO#
+TABLE_COMMENT	#TC#
+MAX_INDEX_LENGTH	#MIL#
+TEMPORARY	Y
+user_comment	
+Separator	-----------------------------------------------------
+TABLE_CATALOG	def
+TABLE_SCHEMA	information_schema
 TABLE_NAME	USER_PRIVILEGES
 TABLE_TYPE	SYSTEM VIEW
 ENGINE	MEMORY
@@ -2355,6 +2380,31 @@ user_comment
 Separator	-----------------------------------------------------
 TABLE_CATALOG	def
 TABLE_SCHEMA	information_schema
+TABLE_NAME	USERS
+TABLE_TYPE	SYSTEM VIEW
+ENGINE	MEMORY
+VERSION	11
+ROW_FORMAT	Fixed
+TABLE_ROWS	#TBLR#
+AVG_ROW_LENGTH	#ARL#
+DATA_LENGTH	#DL#
+MAX_DATA_LENGTH	#MDL#
+INDEX_LENGTH	#IL#
+DATA_FREE	#DF#
+AUTO_INCREMENT	NULL
+CREATE_TIME	#CRT#
+UPDATE_TIME	#UT#
+CHECK_TIME	#CT#
+TABLE_COLLATION	utf8mb3_general_ci
+CHECKSUM	NULL
+CREATE_OPTIONS	#CO#
+TABLE_COMMENT	#TC#
+MAX_INDEX_LENGTH	#MIL#
+TEMPORARY	Y
+user_comment	
+Separator	-----------------------------------------------------
+TABLE_CATALOG	def
+TABLE_SCHEMA	information_schema
 TABLE_NAME	USER_PRIVILEGES
 TABLE_TYPE	SYSTEM VIEW
 ENGINE	MEMORY

--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -297,6 +297,7 @@ ulong role_global_merges= 0, role_db_merges= 0, role_table_merges= 0,
 #endif
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
+static bool ignore_max_password_errors(const ACL_USER *acl_user);
 static void update_hostname(acl_host_and_ip *host, const char *hostname);
 static bool show_proxy_grants (THD *, const char *, const char *,
                               char *, size_t);
@@ -13023,13 +13024,12 @@ namespace Show
  {
    Column("USER", Userhost(), NOT_NULL),
    Column("PASSWORD_ERRORS", SLonglong(), NULLABLE),
-    Column("PASSWORD_EXPIRATION_TIME", SLonglong(), NULLABLE),
+    Column("PASSWORD_EXPIRATION_TIME", Datetime(0), NULLABLE),
    CEnd()
  };
 };
-static bool ignore_max_password_errors(const ACL_USER *acl_user);
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
 static int fill_users_schema_record(THD *thd, TABLE * table, ACL_USER *user)
 {
  ulonglong lifetime= user->password_lifetime < 0
@@ -13037,11 +13037,7 @@ static int fill_users_schema_record(THD *thd, TABLE * table, ACL_USER *user)
                      : user->password_lifetime;
  bool ignore_password_errors= ignore_max_password_errors(user);
-  bool ignore_expiration_date= lifetime == 0;
+  bool ignore_expiration_date= lifetime == 0 && !user->password_expired;
-  /* Skip user if nothing to show */
-  if (ignore_password_errors && ignore_expiration_date)
-    return 0;
  Grantee_str grantee(user->user,
                      Lex_cstring_strlen(safe_str(user->host.hostname)));
@@ -13062,12 +13058,16 @@ static int fill_users_schema_record(THD *thd, TABLE * table, ACL_USER *user)
  else
  {
    table->field[2]->set_notnull();
-    table->field[2]->store(user->password_last_changed
+    if (user->password_expired)
-                           + user->password_lifetime * 3600 * 24, true);
+      table->field[2]->store(0, true);
+    else
+      table->field[2]->store_timestamp(user->password_last_changed +
+                                       lifetime * 3600 * 24, 0);
  }
  return schema_table_store_record(thd, table);
 }
+#endif
 int fill_users_schema_table(THD *thd, TABLE_LIST *tables, COND *cond)
 {