KILL USER and missing privileges

note that `KILL USER foo` should *not* fail with ER_KILL_DENIED_ERROR
when SHOW PROCESSLIST doesn't show connections of that user.
Because no connections exist or because the caller has no PROCESS -
doesn't matter.

also, fix the error message to make sense
("You are not owner of thread <current connection id>" is ridiculous)

3 files changed, 65 insertions, 2 deletions

diff --git a/mysql-test/main/kill-2.result b/mysql-test/main/kill-2.result
index daaba2c092a..919078f3efb 100644
--- a/mysql-test/main/kill-2.result
+++ b/mysql-test/main/kill-2.result
@@ -10,3 +10,34 @@ foo
 root
 kill user foo@'127.0.0.1';
 drop user foo@'127.0.0.1';
+#
+# KILL USER and missing privileges
+#
+create user a@'127.0.0.1';
+create user b@'127.0.0.1';
+grant process on *.* to a@'127.0.0.1';
+grant select on *.* to b@'127.0.0.1';
+connect a,127.0.0.1,a;
+show grants;
+Grants for a@127.0.0.1
+GRANT PROCESS ON *.* TO `a`@`127.0.0.1`
+connect b,127.0.0.1,b;
+show processlist;
+Id	User	Host	db	Command	Time	State	Info	Progress
+#	b	#	test	#	#	Init	show processlist	#
+kill user a;
+kill user x;
+connection a;
+show processlist;
+Id	User	Host	db	Command	Time	State	Info	Progress
+#	root	#	test	#	#	#	#	#
+#	a	#	test	#	#	#	#	#
+#	b	#	test	#	#	#	#	#
+kill user b;
+ERROR HY000: Operation KILL USER failed for b@%
+connection default;
+drop user a@'127.0.0.1';
+drop user b@'127.0.0.1';
+#
+# End of 10.3 tests
+#
diff --git a/mysql-test/main/kill-2.test b/mysql-test/main/kill-2.test
index a30324fac44..1bbe395371c 100644
--- a/mysql-test/main/kill-2.test
+++ b/mysql-test/main/kill-2.test
@@ -28,3 +28,30 @@ let $wait_condition=
 --source include/wait_condition.inc
 drop user foo@'127.0.0.1';
 --enable_service_connection
+
+--echo #
+--echo # KILL USER and missing privileges
+--echo #
+create user a@'127.0.0.1';
+create user b@'127.0.0.1';
+grant process on *.* to a@'127.0.0.1';
+grant select on *.* to b@'127.0.0.1';
+--connect a,127.0.0.1,a
+show grants;
+--connect b,127.0.0.1,b
+--replace_column 1 # 3 # 5 # 6 # 9 #
+show processlist;
+kill user a; # existing connection, but not visible to current_user
+kill user x; # not existing connection
+--connection a
+--replace_column 1 # 3 # 5 # 6 # 7 # 8 # 9 #
+show processlist;
+--error ER_KILL_DENIED_ERROR
+kill user b;
+--connection default
+drop user a@'127.0.0.1';
+drop user b@'127.0.0.1';
+
+--echo #
+--echo # End of 10.3 tests
+--echo #
diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc
index a00e5b82b12..1f1962a5d44 100644
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -9258,7 +9258,9 @@ static my_bool kill_threads_callback(THD *thd, kill_threads_callback_arg *arg)
     {
       if (!(arg->thd->security_ctx->master_access & SUPER_ACL) &&
           !arg->thd->security_ctx->user_matches(thd->security_ctx))
-        return 1;
+      {
+        return MY_TEST(arg->thd->security_ctx->master_access & PROCESS_ACL);
+      }
       if (!arg->threads_to_kill.push_back(thd, arg->thd->mem_root))
       {
         mysql_mutex_lock(&thd->LOCK_thd_kill); // Lock from delete
@@ -9380,7 +9382,10 @@ void sql_kill_user(THD *thd, LEX_USER *user, killed_state state)
     my_ok(thd, rows);
     break;
   case ER_KILL_DENIED_ERROR:
-    my_error(error, MYF(0), (long long) thd->thread_id);
+    char buf[DEFINER_LENGTH+1];
+    strxnmov(buf, sizeof(buf), user->user.str, "@", user->host.str, NULL);
+    my_printf_error(ER_KILL_DENIED_ERROR, ER_THD(thd, ER_CANNOT_USER), MYF(0),
+                    "KILL USER", buf);
     break;
   case ER_OUT_OF_RESOURCES:
   default: