maria-developers team mailing list archive
Mailing list archive
Re: 95e1c46: MDEV-9898 SET ROLE NONE can crash mysqld.
On May 02, Alexey Botchkov wrote:
> But can you please explain the logic here? When connected to the server,
> the user is authenticated with the
> find_user_or_anon(). But when we check permissions for the SET ROLE NONE,
> we use find_user_wild().
> Why is that?
Because 'user' is thd->security_ctx->priv_user in this case, not
thd->security_ctx->user. find_user_or_anon() works with user/host pair,
using wildcard matching for both user and host values.
While find_user_exact() works with priv_user/priv_host pairs, using
exact matching for both user and host values.
The very weird find_user_wild() works with inconsistent priv_user/host
pairs, using wildcards only for the host, not for the user.
This pair make no sense to me, but this is the historical MySQL behavior
that I didn't risk to break :(