MDEV-8627: SHOW GRANTS does not work for a replicated role

The bug was caused by accessing uninitialized fields within the LEX related to
ssl by mysql_show_grants() -> get_current_user() -> has_auth() function.

3 files changed, 99 insertions, 1 deletions

diff --git a/mysql-test/suite/roles/show_grants_replicated.result b/mysql-test/suite/roles/show_grants_replicated.result
new file mode 100644
index 00000000000..0b2e38d3630
--- /dev/null
+++ b/mysql-test/suite/roles/show_grants_replicated.result
@@ -0,0 +1,57 @@
+include/master-slave.inc
+[connection master]
+create user u1;
+create role r1;
+#
+# On master SHOW GRANTS work both for the user and the role:
+show grants for u1;
+Grants for u1@%
+GRANT USAGE ON *.* TO 'u1'@'%'
+show grants for r1;
+Grants for r1
+GRANT USAGE ON *.* TO 'r1'
+#
+connection slave;
+#
+# The role has been replicated,
+# it's visible in mysql.user and I_S:
+#
+select user, host, is_role from mysql.user where user in ('u1', 'r1');
+user	host	is_role
+r1		Y
+u1	%	N
+select * from information_schema.applicable_roles;
+GRANTEE	ROLE_NAME	IS_GRANTABLE	IS_DEFAULT
+root@localhost	r1	YES	NO
+#
+# Check show grants for the new user.
+show grants for u1;
+Grants for u1@%
+GRANT USAGE ON *.* TO 'u1'@'%'
+#
+# Check show grants for the new role.
+show grants for r1;
+Grants for r1
+GRANT USAGE ON *.* TO 'r1'
+#
+# Check if flushing privileges preserves the state.
+flush privileges;
+show grants for r1;
+Grants for r1
+GRANT USAGE ON *.* TO 'r1'
+#
+# Check SHOW GRANTS after setting the role.
+set role r1;
+show grants;
+Grants for root@localhost
+GRANT r1 TO 'root'@'localhost' WITH ADMIN OPTION
+GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
+GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
+GRANT USAGE ON *.* TO 'r1'
+show grants for r1;
+Grants for r1
+GRANT USAGE ON *.* TO 'r1'
+connection master;
+drop role r1;
+drop user u1;
+include/rpl_end.inc
diff --git a/mysql-test/suite/roles/show_grants_replicated.test b/mysql-test/suite/roles/show_grants_replicated.test
new file mode 100644
index 00000000000..1d4572bb297
--- /dev/null
+++ b/mysql-test/suite/roles/show_grants_replicated.test
@@ -0,0 +1,41 @@
+--source include/master-slave.inc
+
+--enable_connect_log
+
+create user u1;
+create role r1;
+--echo #
+--echo # On master SHOW GRANTS work both for the user and the role:
+show grants for u1;
+show grants for r1;
+--echo #
+--sync_slave_with_master
+--echo #
+--echo # The role has been replicated,
+--echo # it's visible in mysql.user and I_S:
+--echo #
+--sorted_result
+select user, host, is_role from mysql.user where user in ('u1', 'r1');
+select * from information_schema.applicable_roles;
+--echo #
+--echo # Check show grants for the new user.
+show grants for u1;
+--echo #
+--echo # Check show grants for the new role.
+show grants for r1;
+--echo #
+--echo # Check if flushing privileges preserves the state.
+flush privileges;
+show grants for r1;
+--echo #
+--echo # Check SHOW GRANTS after setting the role.
+set role r1;
+show grants;
+show grants for r1;
+
+connection master;
+drop role r1;
+drop user u1;
+--disable_connect_log
+--sync_slave_with_master
+--source include/rpl_end.inc
diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy
index a5a62aeeafb..302c2fda7f0 100644
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -12696,7 +12696,7 @@ show_param:
               MYSQL_YYABORT;
             Lex->grant_user->user= current_user_and_current_role;
           }
-        | GRANTS FOR_SYM user_or_role
+        | GRANTS FOR_SYM user_or_role clear_privileges
           {
             LEX *lex=Lex;
             lex->sql_command= SQLCOM_SHOW_GRANTS;