maria-developers team mailing list archive

Thread
Date

Re: 95e1c46: MDEV-9898 SET ROLE NONE can crash mysqld.

To: Alexey Botchkov <holyfoot@xxxxxxxxxxx>
From: Sergei Golubchik <serg@xxxxxxxxxxx>
Date: Mon, 2 May 2016 11:29:51 +0200
Cc: maria-developers <maria-developers@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CAEJroGV3gcZpQk-sLUDb2t+trR_eR=awPO96=iUi4Jc3a5NtPQ@mail.gmail.com>
User-agent: Mutt/1.5.24 (2015-08-30)

Hi, Alexey!

On May 02, Alexey Botchkov wrote:
> Fine.
> But can you please explain the logic here? When connected to the server,
> the user is authenticated with the
> find_user_or_anon(). But when we check permissions for the SET ROLE NONE,
> we use find_user_wild().
> Why is that?

Because 'user' is thd->security_ctx->priv_user in this case, not
thd->security_ctx->user. find_user_or_anon() works with user/host pair,
using wildcard matching for both user and host values.
While find_user_exact() works with priv_user/priv_host pairs, using
exact matching for both user and host values.

The very weird find_user_wild() works with inconsistent priv_user/host
pairs, using wildcards only for the host, not for the user.
This pair make no sense to me, but this is the historical MySQL behavior
that I didn't risk to break :(
It's MDEV-5233

Regards,
Sergei

References

Re: 95e1c46: MDEV-9898 SET ROLE NONE can crash mysqld.
From: Sergei Golubchik, 2016-04-29