-
Rahul Sisondia authored
Description ----------- * This worklog extends the SQL commands as following. ALTER USER [IF EXISTS] user [auth_option] [password_option] auth_option: { IDENTIFIED BY 'auth_string' [REPLACE 'current_auth_string'] IDENTIFIED WITH 'auth_plugin' BY 'auth_string' [REPLACE 'current_auth_string'] } password_option : { PASSWORD REQUIRE CURRENT [DEFAULT | OPTIONAL] } CREATE USER [IF NOT EXISTS] user [auth_option] [password_option] password_option: { PASSWORD REQUIRE CURRENT [DEFAULT | OPTIONAL] } SET PASSWORD [FOR user] = password_option password_option : { 'auth_string' [REPLACE 'auth_string'] } * It adds a new column and a global server variable named 'password_require_current'. * It either enforces or exempts the user from asking the current password as following : -- Column value ------- Global variable value -----------Policy -- N ------- OFF ----------- exempt -- N ------- ON ----------- exempt -- Y ------- OFF ----------- require -- Y ------- ON ----------- require -- NULL ------- OFF ----------- exempt -- NULL ------- ON ----------- require * A flag 'uses_replace_clause' is added in the LEX_USER structure which is set then the password clause is specified. * An instance of enum class Current_password is added in the LEX_ALTER structure which is initialized corresponding to PASSWORD REQUIRE CURRENT statement specified for the user. * A new method 'validate_password_require_current()' is added that's where current password specified in the REPLACE clause is validated. Once current password is validated its in-memory copy is erases. This method is called from set_and_validate_user_attributes() method. * <current password> is changed to <secret> in the SET PASSWORD clause in the general, slow query log and audit logs * <current password> is changed to <secret> in the ALTER USER clause in the general, slow query log and audit logs Review: ------- RB#19346Rahul Sisondia authoredDescription ----------- * This worklog extends the SQL commands as following. ALTER USER [IF EXISTS] user [auth_option] [password_option] auth_option: { IDENTIFIED BY 'auth_string' [REPLACE 'current_auth_string'] IDENTIFIED WITH 'auth_plugin' BY 'auth_string' [REPLACE 'current_auth_string'] } password_option : { PASSWORD REQUIRE CURRENT [DEFAULT | OPTIONAL] } CREATE USER [IF NOT EXISTS] user [auth_option] [password_option] password_option: { PASSWORD REQUIRE CURRENT [DEFAULT | OPTIONAL] } SET PASSWORD [FOR user] = password_option password_option : { 'auth_string' [REPLACE 'auth_string'] } * It adds a new column and a global server variable named 'password_require_current'. * It either enforces or exempts the user from asking the current password as following : -- Column value ------- Global variable value -----------Policy -- N ------- OFF ----------- exempt -- N ------- ON ----------- exempt -- Y ------- OFF ----------- require -- Y ------- ON ----------- require -- NULL ------- OFF ----------- exempt -- NULL ------- ON ----------- require * A flag 'uses_replace_clause' is added in the LEX_USER structure which is set then the password clause is specified. * An instance of enum class Current_password is added in the LEX_ALTER structure which is initialized corresponding to PASSWORD REQUIRE CURRENT statement specified for the user. * A new method 'validate_password_require_current()' is added that's where current password specified in the REPLACE clause is validated. Once current password is validated its in-memory copy is erases. This method is called from set_and_validate_user_attributes() method. * <current password> is changed to <secret> in the SET PASSWORD clause in the general, slow query log and audit logs * <current password> is changed to <secret> in the ALTER USER clause in the general, slow query log and audit logs Review: ------- RB#19346
Loading