MDEV-24098 CREATE USER/ALTER USER PASSWORD EXPIRE/LOCK in either order

Reviewed-by: vicentiu@mariadb.org

MDEV-24098 CREATE USER/ALTER USER PASSWORD EXPIRE/LOCK in either order
Reviewed-by: vicentiu@mariadb.org
add67826 · Daniel Black · fd7569ea · add67826 · add67826 · add67826
Commit add67826 authored Nov 04, 2020 by Daniel Black
Showing with 69 additions and 14 deletions

mysql-test/main/lock_user.result mysql-test/main/lock_user.result +29 -0

mysql-test/main/lock_user.test mysql-test/main/lock_user.test +19 -0

sql/sql_yacc.yy sql/sql_yacc.yy +21 -14

No files found.
--- a/mysql-test/main/lock_user.result
+++ b/mysql-test/main/lock_user.result
@@ -139,4 +139,33 @@ show create user user1@localhost;
 CREATE USER for user1@localhost
 CREATE USER `user1`@`localhost` ACCOUNT LOCK PASSWORD EXPIRE
 drop user user1@localhost;
+#
+# MDEV-24098 CREATE USER/ALTER USER PASSWORD EXPIRE/LOCK in
+# either order.
+#
+create user user1@localhost PASSWORD EXPIRE ACCOUNT LOCK;
+show create user user1@localhost;
+CREATE USER for user1@localhost
+CREATE USER `user1`@`localhost` ACCOUNT LOCK PASSWORD EXPIRE
+drop user user1@localhost;
+create user user1@localhost ACCOUNT LOCK PASSWORD EXPIRE;
+show create user user1@localhost;
+CREATE USER for user1@localhost
+CREATE USER `user1`@`localhost` ACCOUNT LOCK PASSWORD EXPIRE
+alter user user1@localhost  PASSWORD EXPIRE NEVER ACCOUNT UNLOCK ;
+show create user user1@localhost;
+CREATE USER for user1@localhost
+CREATE USER `user1`@`localhost` PASSWORD EXPIRE
+alter user user1@localhost  ACCOUNT LOCK PASSWORD EXPIRE DEFAULT;
+show create user user1@localhost;
+CREATE USER for user1@localhost
+CREATE USER `user1`@`localhost` ACCOUNT LOCK PASSWORD EXPIRE
+alter user user1@localhost  PASSWORD EXPIRE INTERVAL 60 DAY ACCOUNT UNLOCK;
+select * from mysql.global_priv where user='user1';
+Host	User	Priv
+localhost	user1	{"access":0,"plugin":"mysql_native_password","authentication_string":"","account_locked":false,"password_last_changed":0,"password_lifetime":60}
+show create user user1@localhost;
+CREATE USER for user1@localhost
+CREATE USER `user1`@`localhost` PASSWORD EXPIRE
+drop user user1@localhost;
 drop user user2@localhost;
--- a/mysql-test/main/lock_user.test
+++ b/mysql-test/main/lock_user.test
@@ -143,6 +143,25 @@ alter user user1@localhost account lock;
 --echo #
 alter user user1@localhost PASSWORD EXPIRE;
 show create user user1@localhost;
+drop user user1@localhost;
+--echo #
+--echo # MDEV-24098 CREATE USER/ALTER USER PASSWORD EXPIRE/LOCK in
+--echo # either order.
+--echo #
+create user user1@localhost PASSWORD EXPIRE ACCOUNT LOCK;
+show create user user1@localhost;
+drop user user1@localhost;
+create user user1@localhost ACCOUNT LOCK PASSWORD EXPIRE;
+show create user user1@localhost;
+alter user user1@localhost  PASSWORD EXPIRE NEVER ACCOUNT UNLOCK ;
+show create user user1@localhost;
+alter user user1@localhost  ACCOUNT LOCK PASSWORD EXPIRE DEFAULT;
+show create user user1@localhost;
+# note output needs to be corrected by MDEV-24114: password expire users cannot be unexpired
+alter user user1@localhost  PASSWORD EXPIRE INTERVAL 60 DAY ACCOUNT UNLOCK;
+select * from mysql.global_priv where user='user1';
+show create user user1@localhost;
 drop user user1@localhost;
 drop user user2@localhost;

--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -2902,7 +2902,7 @@ create:
              MYSQL_YYABORT;
          }
        | create_or_replace USER_SYM opt_if_not_exists clear_privileges
-          grant_list opt_require_clause opt_resource_options opt_account_locking opt_password_expiration
+          grant_list opt_require_clause opt_resource_options opt_account_locking_and_opt_password_expiration
          {
            if (unlikely(Lex->set_command_with_check(SQLCOM_CREATE_USER,
                                                     $1 | $3)))
@@ -8032,7 +8032,7 @@ alter:
          } OPTIONS_SYM '(' server_options_list ')' { }
          /* ALTER USER foo is allowed for MySQL compatibility. */
        | ALTER USER_SYM opt_if_exists clear_privileges grant_list
-          opt_require_clause opt_resource_options opt_account_locking opt_password_expiration
+          opt_require_clause opt_resource_options opt_account_locking_and_opt_password_expiration
          {
            Lex->create_info.set($3);
            Lex->sql_command= SQLCOM_ALTER_USER;
@@ -8071,39 +8071,46 @@ alter:
          }
        ;
-opt_account_locking:
+account_locking_option:
-        /* Nothing */ {}
+          LOCK_SYM
-        | ACCOUNT_SYM LOCK_SYM
          {
            Lex->account_options.account_locked= ACCOUNTLOCK_LOCKED;
          }
-        | ACCOUNT_SYM UNLOCK_SYM
+        | UNLOCK_SYM
          {
            Lex->account_options.account_locked= ACCOUNTLOCK_UNLOCKED;
          }
        ;
-opt_password_expiration:
-        /* Nothing */ {}
+opt_password_expire_option:
-        | PASSWORD_SYM EXPIRE_SYM
+          /* empty */
          {
            Lex->account_options.password_expire= PASSWORD_EXPIRE_NOW;
          }
-        | PASSWORD_SYM EXPIRE_SYM NEVER_SYM
+        | NEVER_SYM
          {
            Lex->account_options.password_expire= PASSWORD_EXPIRE_NEVER;
          }
-        | PASSWORD_SYM EXPIRE_SYM DEFAULT
+        | DEFAULT
          {
            Lex->account_options.password_expire= PASSWORD_EXPIRE_DEFAULT;
          }
-        | PASSWORD_SYM EXPIRE_SYM INTERVAL_SYM NUM DAY_SYM
+        | INTERVAL_SYM NUM DAY_SYM
          {
            Lex->account_options.password_expire= PASSWORD_EXPIRE_INTERVAL;
-            if (!(Lex->account_options.num_expiration_days= atoi($4.str)))
+            if (!(Lex->account_options.num_expiration_days= atoi($2.str)))
-              my_yyabort_error((ER_WRONG_VALUE, MYF(0), "DAY", $4.str));
+              my_yyabort_error((ER_WRONG_VALUE, MYF(0), "DAY", $2.str));
          }
        ;
+opt_account_locking_and_opt_password_expiration:
+          /* empty */
+        | ACCOUNT_SYM account_locking_option
+        | PASSWORD_SYM EXPIRE_SYM opt_password_expire_option
+        | ACCOUNT_SYM account_locking_option PASSWORD_SYM EXPIRE_SYM opt_password_expire_option
+        | PASSWORD_SYM EXPIRE_SYM opt_password_expire_option ACCOUNT_SYM account_locking_option
+        ;
 ev_alter_on_schedule_completion:
          /* empty */ { $$= 0;}
        | ON SCHEDULE_SYM ev_schedule_time { $$= 1; }