maria-developers team mailing list archive

Thread
Date

Re: 02587f61f40: MDEV-13095 Implement User Account locking

To: Robert Bindar <robert@xxxxxxxxxxx>
From: Sergei Golubchik <serg@xxxxxxxxxxx>
Date: Mon, 21 Jan 2019 10:29:47 +0100
Cc: maria-developers@xxxxxxxxxxxxxxxxxxx
In-reply-to: <2f4c072a-dab0-2a05-019f-65b3c966a466@mariadb.org>
User-agent: Mutt/1.7.2 (2016-11-26)

Hi, Robert!

On Jan 21, Robert Bindar wrote:
> Hi Sergei! Thanks for reviewing this :-)
> >
> > You could simply add accessors like
> >
> >    longlong get_password_lifetime() const
> >    {
> >      Field *f= get_field(end_priv_columns + 11, MYSQL_TYPE_LONG);
> >      return f ? f->val_int() : 0;
> >    }
> >
> > without changing anything else in User_table_tabular.
> 
> Correct me if I'm mistaken. Let's assume we index like that,
> 
> then get_is_role will become:
> 
>     bool get_is_role() const
>     {
>         Field *f = get_field(end_priv_columns + 14, MYSQL_TYPE_ENUM);
>         return f ? f->val_int() - 1 : 0;
>     }
> 
> If we'll start the server with a 10.4.1 datadir for instance,
> get_is_role will go beyond num_fields() and thus will always return
> false. From my understanding so far, this means we won't be able to
> support previous MariaDB datadirs without upgrading. Is this the
> intended behavior?

You've missed that I also suggested _not_ to add any more columns to the
mysql.user table :) So you can never have is_role and password_lifetime
in the same table. It's either 5.7 structure or 10.3 structure. And
get_is_role() stays as it was:

   bool get_is_role() const
   {
       Field *f = get_field(end_priv_columns + 11, MYSQL_TYPE_ENUM);
       return f ? f->val_int() - 1 : 0;
   }

That's exactly what I meant by "without changing anything else in
User_table_tabular"

Regards,
Sergei
Chief Architect MariaDB
and security@xxxxxxxxxxx

References

Re: 02587f61f40: MDEV-13095 Implement User Account locking
From: Sergei Golubchik, 2019-01-20