Bug #21464621: MYSQL CLI SHOULD SUGGEST CONNECT-EXPIRED-PASSWORD WHEN ERROR 1862 OCCURS

When mysql connects to server in batch mode with an expired account and executes
SET PASSWORD statement the returned error message is not meaningfull. Fix is to
report a more descriptive error message.

Author: Bharathy Satish

client/mysql.cc

@@ -73,6 +73,7 @@
 
 #include <algorithm>
 #include <sql_common.h>
+#include <mysqld_error.h>
 
 using std::min;
 using std::max;
@@ -4936,6 +4937,12 @@ sql_real_connect(char *host,char *database,char *user,char *password,
                           database, opt_mysql_port, opt_mysql_unix_port,
                           connect_flag | CLIENT_MULTI_STATEMENTS))
   {
+    if(mysql_errno(&mysql) == ER_MUST_CHANGE_PASSWORD_LOGIN)
+    {
+      tee_fprintf(stdout, "Please use --connect-expired-password option or " \
+                           "invoke mysql in interactive mode.\n");
+      return ignore_errors ? -1 : 1;
+    }
     if (!silent ||
 	(mysql_errno(&mysql) != CR_CONN_HOST_ERROR &&
 	 mysql_errno(&mysql) != CR_CONNECTION_ERROR))

mysql-test/r/connect.result

@@ -333,7 +333,7 @@ CREATE USER wl6587@localhost IDENTIFIED BY 'wl6587';
 ALTER USER wl6587@localhost PASSWORD EXPIRE;
 # non-interactive mysql should fail
 mysql: [Warning] Using a password on the command line interface can be insecure.
-ERROR 1862 (HY000): Your password has expired. To log in you must change it using a client that supports expired passwords.
+Please use --connect-expired-password option or invoke mysql in interactive mode.
 # mysqladmin non-password should fail
 mysqladmin: [Warning] Using a password on the command line interface can be insecure.
 mysqladmin: connect to server at 'localhost' failed

mysql-test/r/disconnect_on_expired_password_default.result

@@ -7,7 +7,7 @@ ALTER USER 'bernt' IDENTIFIED BY 'secret';
 ALTER USER 'bernt' PASSWORD EXPIRE;
 # Attempt to login should fail
 mysql: [Warning] Using a password on the command line interface can be insecure.
-ERROR 1862 (HY000): Your password has expired. To log in you must change it using a client that supports expired passwords.
+Please use --connect-expired-password option or invoke mysql in interactive mode.
 DROP USER 'bernt';
 ## Test mysqltest
 CREATE USER 'bernt';

mysql-test/r/grant.result

@@ -2744,7 +2744,7 @@ UPDATE mysql.user SET password_last_changed = (now() - INTERVAL 3 DAY) where use
 FLUSH PRIVILEGES;
 # Attempt to execute query should fail
 mysql: [Warning] Using a password on the command line interface can be insecure.
-ERROR 1862 (HY000): Your password has expired. To log in you must change it using a client that supports expired passwords.
+Please use --connect-expired-password option or invoke mysql in interactive mode.
 # Doing something should fail
 SELECT 1;
 ERROR HY000: You must reset your password using ALTER USER statement before executing this statement.
@@ -2779,7 +2779,7 @@ NULL
 # This should not pass as default_password_lifetime
 # (which is 2 now) is being used.
 mysql: [Warning] Using a password on the command line interface can be insecure.
-ERROR 1862 (HY000): Your password has expired. To log in you must change it using a client that supports expired passwords.
+Please use --connect-expired-password option or invoke mysql in interactive mode.
 SET GLOBAL default_password_lifetime = 0;
 ALTER USER 'wl7131' PASSWORD EXPIRE INTERVAL 4 DAY;
 # Should report 4
@@ -2788,7 +2788,7 @@ password_lifetime
 4
 # This should not pass.
 mysql: [Warning] Using a password on the command line interface can be insecure.
-ERROR 1862 (HY000): Your password has expired. To log in you must change it using a client that supports expired passwords.
+Please use --connect-expired-password option or invoke mysql in interactive mode.
 SET GLOBAL default_password_lifetime = @saved_value;
 ALTER USER 'wl7131' PASSWORD EXPIRE INTERVAL 6 DAY;
 # Should report 6

mysql-test/r/grant_alter_user.result

@@ -718,7 +718,7 @@ CREATE USER u1@localhost PASSWORD EXPIRE;
 SELECT password_expired FROM mysql.user where user='u1';
 password_expired
 Y
-ERROR 1862 (HY000): Your password has expired. To log in you must change it using a client that supports expired passwords.
+Please use --connect-expired-password option or invoke mysql in interactive mode.
 DROP USER u1@localhost;
 # CREATE USER with password expire attributes for anonymous user
 CREATE USER '' PASSWORD EXPIRE;

mysql-test/r/mysql.result

@@ -525,5 +525,16 @@ a
 #
 mysql: [ERROR] mysql: Empty value for 'port' specified
 mysql: [ERROR] mysql: Empty value for 'port' specified
+#
+# Bug #21464621: MYSQL CLI SHOULD SUGGEST CONNECT-EXPIRED-PASSWORD WHEN ERROR 1862 OCCURS
+#
+CREATE USER bug21464621 IDENTIFIED BY 'password' PASSWORD EXPIRE;
+mysql: [Warning] Using a password on the command line interface can be insecure.
+Please use --connect-expired-password option or invoke mysql in interactive mode.
+mysql: [Warning] Using a password on the command line interface can be insecure.
+mysql: [Warning] Using a password on the command line interface can be insecure.
+user()
+bug21464621@localhost
+DROP USER bug21464621;
 
 End of tests

mysql-test/t/mysql.test

@@ -644,6 +644,19 @@ EOF
 --error 5
 --exec $MYSQL -P "" -e "SELECT 1" 2>&1
 
+--echo #
+--echo # Bug #21464621: MYSQL CLI SHOULD SUGGEST CONNECT-EXPIRED-PASSWORD WHEN ERROR 1862 OCCURS
+--echo #
+
+CREATE USER bug21464621 IDENTIFIED BY 'password' PASSWORD EXPIRE;
+--error 1
+--exec $MYSQL -u bug21464621 --password="password" -e "SET PASSWORD='123';" 2>&1
+# change the password using set password
+--exec $MYSQL -u bug21464621 --password="password" -e "SET PASSWORD='123';" --connect-expired-password 2>&1
+--exec $MYSQL -u bug21464621 --password="123" -e "SELECT user();" 2>&1
+
+#cleanup
+DROP USER bug21464621;
 
 --echo
 --echo End of tests