/**
Only the plugins that are known to use the mysql.user table
to store their passwords support password expiration atm.
TODO: create a service and extend the plugin API to support
password expiration for external plugins.
if (!auth_plugin_supports_expiration(user.plugin.str))
{ sql_print_warning("'user' entry '%s@%s' has the password ignore " "flag raised, but its authentication plugin " "doesn't support password expiration. " "The user id will be ignored.", user.user ? user.user : "", user.host.get_host() ? user.host.get_host() : ""); continue;
} password_expired= true;
}
}
But probably correct flag would be AUTH_FLAG_USES_INTERNAL_STORAGE and one place actually is using it for that purpose (set_and_validate_user_attributes in sql_user.cc):
if (!(auth->authentication_flags & AUTH_FLAG_USES_INTERNAL_STORAGE))
{
if (thd->lex->sql_command == SQLCOM_SET_OPTION)
{
/*
A plugin that does not use internal storage and
hence does not support SET PASSWORD
*/
char warning_buffer[MYSQL_ERRMSG_SIZE]; my_snprintf(warning_buffer, sizeof(warning_buffer), "SET PASSWORD has no significance for user '%s'@'%s' as " "authentication plugin does not support it.", Str->user.str, Str->host.str); warning_buffer[MYSQL_ERRMSG_SIZE-1]= '\0'; push_warning(thd, Sql_condition::SL_NOTE, ER_SET_PASSWORD_AUTH_PLUGIN, warning_buffer); plugin_unlock(0, plugin); what_to_set= NONE_ATTR;
return (0);
}
}
Laurynas,
Hmm... actually it is not even flag:
/**
Only the plugins that are known to use the mysql.user table
to store their passwords support password expiration atm.
TODO: create a service and extend the plugin API to support
password expiration for external plugins.
@retval false expiration not supported supports_ expiration( const char *plugin_name)
plugin_ name == native_ password_ plugin_ name.str HAVE_OPENSSL) password_ plugin_ name.str
@retval true expiration supported
*/
bool auth_plugin_
{
return (!plugin_name || !*plugin_name ||
#if defined(
|| plugin_name == sha256_
#endif
);
}
It is checked in sql_auth_cache.cc / acl_load():
if (table->s->fields > table_schema- >password_ expired_ idx()) &global_ acl_memory,
table- >field[ table_schema- >password_ expired_ idx()]) ;
user. password_ expired= true;
{
char *tmpstr= get_field(
if (tmpstr && (*tmpstr == 'Y' || *tmpstr == 'y'))
{
if (!auth_ plugin_ supports_ expiration( user.plugin. str))
sql_print_ warning( "'user' entry '%s@%s' has the password ignore "
"flag raised, but its authentication plugin "
"doesn' t support password expiration. "
"The user id will be ignored.",
user. user ? user.user : "",
user. host.get_ host() ? user.host. get_host( ) : "");
continue;
password_ expired= true;
{
}
}
}
But probably correct flag would be AUTH_FLAG_ USES_INTERNAL_ STORAGE and one place actually is using it for that purpose (set_and_ validate_ user_attributes in sql_user.cc):
if (!(auth- >authentication _flags & AUTH_FLAG_ USES_INTERNAL_ STORAGE) ) >sql_command == SQLCOM_SET_OPTION) buffer[ MYSQL_ERRMSG_ SIZE];
my_snprintf( warning_ buffer, sizeof( warning_ buffer) ,
" SET PASSWORD has no significance for user '%s'@'%s' as "
" authentication plugin does not support it.",
Str- >user.str, Str->host.str);
warning_ buffer[ MYSQL_ERRMSG_ SIZE-1] = '\0';
push_warning( thd, Sql_condition: :SL_NOTE,
ER_SET_ PASSWORD_ AUTH_PLUGIN,
warning_ buffer) ;
plugin_ unlock( 0, plugin);
what_to_ set= NONE_ATTR;
{
if (thd->lex-
{
/*
A plugin that does not use internal storage and
hence does not support SET PASSWORD
*/
char warning_
return (0);
}
}