diff options
21 files changed, 213 insertions, 10 deletions
diff --git a/mysql-test/r/acl_roles_set_role-database-recursive.result b/mysql-test/r/acl_roles_set_role-database-recursive.result index cbfb50cdf5a..f6d3418f9b6 100644 --- a/mysql-test/r/acl_roles_set_role-database-recursive.result +++ b/mysql-test/r/acl_roles_set_role-database-recursive.result @@ -31,16 +31,28 @@ grant select on mysql.* to test_role2@''; flush privileges; select * from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping' +select current_user(), current_role(); +current_user() current_role() +test_user@localhost NONE set role test_role1; +select current_user(), current_role(); +current_user() current_role() +test_user@localhost test_role1 select * from mysql.roles_mapping; HostFk UserFk RoleFk test_role1 test_role2 localhost test_user test_role1 localhost test_user test_role2 set role none; +select current_user(), current_role(); +current_user() current_role() +test_user@localhost NONE select * from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping' set role test_role2; +select current_user(), current_role(); +current_user() current_role() +test_user@localhost test_role2 select * from mysql.roles_mapping; HostFk UserFk RoleFk test_role1 test_role2 diff --git a/mysql-test/r/acl_roles_set_role-database-simple.result b/mysql-test/r/acl_roles_set_role-database-simple.result index 758bc7340f2..a243b11fc33 100644 --- a/mysql-test/r/acl_roles_set_role-database-simple.result +++ b/mysql-test/r/acl_roles_set_role-database-simple.result @@ -17,7 +17,13 @@ grant insert, delete on mysql.roles_mapping to test_role1@''; grant reload on *.* to test_role1@''; select * from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping' +select current_user(), current_role(); +current_user() current_role() +test_user@localhost NONE set role test_role1; +select current_user(), current_role(); +current_user() current_role() +test_user@localhost test_role1 select * from mysql.roles_mapping; HostFk UserFk RoleFk localhost test_user test_role1 @@ -29,6 +35,9 @@ insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost', delete from mysql.roles_mapping where RoleFk='test_role2'; use mysql; set role none; +select current_user(), current_role(); +current_user() current_role() +test_user@localhost NONE use mysql; ERROR 42000: Access denied for user 'test_user'@'localhost' to database 'mysql' select * from mysql.roles_mapping; diff --git a/mysql-test/r/acl_roles_set_role-multiple-role.result b/mysql-test/r/acl_roles_set_role-multiple-role.result index e795ecbf27b..0aa105ec0d4 100644 --- a/mysql-test/r/acl_roles_set_role-multiple-role.result +++ b/mysql-test/r/acl_roles_set_role-multiple-role.result @@ -69,7 +69,13 @@ GRANT r_ins TO 'test_user'@'localhost' GRANT r_rld TO 'test_user'@'localhost' GRANT r_sel TO 'test_user'@'localhost' GRANT r_upd TO 'test_user'@'localhost' +select current_user(), current_role(); +current_user() current_role() +test_user@localhost NONE set role r_sel; +select current_user(), current_role(); +current_user() current_role() +test_user@localhost r_sel show grants; Grants for test_user@localhost GRANT SELECT ON *.* TO 'r_sel' @@ -91,6 +97,9 @@ localhost test_user r_rld localhost test_user r_sel localhost test_user r_upd set role r_ins; +select current_user(), current_role(); +current_user() current_role() +test_user@localhost r_ins show grants; Grants for test_user@localhost GRANT INSERT ON *.* TO 'r_ins' @@ -110,13 +119,25 @@ insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('', flush privileges; ERROR 42000: Access denied; you need (at least one of) the RELOAD privilege(s) for this operation set role r_rld; +select current_user(), current_role(); +current_user() current_role() +test_user@localhost r_rld flush privileges; set role r_sel; +select current_user(), current_role(); +current_user() current_role() +test_user@localhost r_sel flush privileges; set role none; +select current_user(), current_role(); +current_user() current_role() +test_user@localhost NONE flush privileges; ERROR 42000: Access denied; you need (at least one of) the RELOAD privilege(s) for this operation set role r_ins; +select current_user(), current_role(); +current_user() current_role() +test_user@localhost r_ins insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('', 'r_sel', 'r_upd'); @@ -133,11 +154,20 @@ insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('', 'r_del', 'r_ins'); set role r_rld; +select current_user(), current_role(); +current_user() current_role() +test_user@localhost r_rld flush privileges; set role r_sel; +select current_user(), current_role(); +current_user() current_role() +test_user@localhost r_sel update mysql.roles_mapping set RoleFk='r_ins' where RoleFk='r_ins_wrong'; flush privileges; set role r_sel; +select current_user(), current_role(); +current_user() current_role() +test_user@localhost r_sel create table mysql.random_test_table (id INT); insert into mysql.random_test_table values (1); select * from mysql.random_test_table; @@ -146,6 +176,9 @@ id delete from mysql.roles_mapping where RoleFk='r_ins'; flush privileges; set role r_sel; +select current_user(), current_role(); +current_user() current_role() +test_user@localhost r_sel insert into mysql.random_test_table values (1); ERROR 42000: INSERT command denied to user 'test_user'@'localhost' for table 'random_test_table' drop table mysql.random_test_table; diff --git a/mysql-test/r/acl_roles_set_role-recursive.result b/mysql-test/r/acl_roles_set_role-recursive.result index 8971cd1bf8a..505e1f5f730 100644 --- a/mysql-test/r/acl_roles_set_role-recursive.result +++ b/mysql-test/r/acl_roles_set_role-recursive.result @@ -35,7 +35,13 @@ show grants; Grants for test_user@localhost GRANT USAGE ON *.* TO 'test_user'@'localhost' GRANT test_role1 TO 'test_user'@'localhost' +select current_user(), current_role(); +current_user() current_role() +test_user@localhost NONE set role test_role1; +select current_user(), current_role(); +current_user() current_role() +test_user@localhost test_role1 show grants; Grants for test_user@localhost GRANT SELECT ON *.* TO 'test_role2' @@ -54,6 +60,9 @@ GRANT USAGE ON *.* TO 'test_user'@'localhost' GRANT test_role1 TO 'test_user'@'localhost' GRANT test_role2 TO 'test_role1' set role none; +select current_user(), current_role(); +current_user() current_role() +test_user@localhost NONE show grants; Grants for test_user@localhost GRANT USAGE ON *.* TO 'test_user'@'localhost' @@ -66,6 +75,9 @@ GRANT USAGE ON *.* TO 'test_user'@'localhost' GRANT test_role1 TO 'test_user'@'localhost' set role test_role2; ERROR HY000: The role 'test_role2' has not been granted or is invalid. +select current_user(), current_role(); +current_user() current_role() +test_user@localhost NONE show grants; Grants for test_user@localhost GRANT USAGE ON *.* TO 'test_user'@'localhost' @@ -77,6 +89,9 @@ Grants for test_user@localhost GRANT USAGE ON *.* TO 'test_user'@'localhost' GRANT test_role1 TO 'test_user'@'localhost' set role test_role1; +select current_user(), current_role(); +current_user() current_role() +test_user@localhost test_role1 show grants; Grants for test_user@localhost GRANT SELECT ON *.* TO 'test_role2' @@ -95,6 +110,9 @@ GRANT USAGE ON *.* TO 'test_user'@'localhost' GRANT test_role1 TO 'test_user'@'localhost' GRANT test_role2 TO 'test_role1' set role none; +select current_user(), current_role(); +current_user() current_role() +test_user@localhost NONE show grants; Grants for test_user@localhost GRANT USAGE ON *.* TO 'test_user'@'localhost' diff --git a/mysql-test/r/acl_roles_set_role-routine-simple.result b/mysql-test/r/acl_roles_set_role-routine-simple.result index 5933a3e174d..29f8abb9995 100644 --- a/mysql-test/r/acl_roles_set_role-routine-simple.result +++ b/mysql-test/r/acl_roles_set_role-routine-simple.result @@ -40,7 +40,13 @@ GRANT test_role1 TO 'test_user'@'localhost' GRANT test_role3 TO 'test_user'@'localhost' use mysql; ERROR 42000: Access denied for user 'test_user'@'localhost' to database 'mysql' +select current_user(), current_role(); +current_user() current_role() +test_user@localhost NONE set role test_role1; +select current_user(), current_role(); +current_user() current_role() +test_user@localhost test_role1 use mysql; call test_proc(@a); SELECT @a; @@ -60,6 +66,9 @@ GRANT test_role1 TO 'test_user'@'localhost' GRANT test_role2 TO 'test_role1' GRANT test_role3 TO 'test_user'@'localhost' set role none; +select current_user(), current_role(); +current_user() current_role() +test_user@localhost NONE show grants; Grants for test_user@localhost GRANT USAGE ON *.* TO 'test_user'@'localhost' @@ -70,6 +79,9 @@ ERROR 42000: execute command denied to user 'test_user'@'localhost' for routine SELECT test_func('AABBCCDD'); ERROR 42000: execute command denied to user 'test_user'@'localhost' for routine 'mysql.test_func' set role test_role3; +select current_user(), current_role(); +current_user() current_role() +test_user@localhost test_role3 show grants; Grants for test_user@localhost GRANT EXECUTE ON `mysql`.* TO 'test_role3' @@ -91,10 +103,7 @@ revoke execute on mysql.* from test_role3@''; delete from mysql.user where user like'test_%'; delete from mysql.roles_mapping where RoleFk like 'test%'; drop function mysql.test_func; -Warnings: -Warning 1403 There is no such grant defined for user 'test_role1' on host '' on routine 'test_func' drop procedure mysql.test_proc; Warnings: Warning 1403 There is no such grant defined for user 'test_role1' on host '' on routine 'test_proc' -Warning 1403 There is no such grant defined for user 'test_role1' on host '' on routine 'test_proc' flush privileges; diff --git a/mysql-test/r/acl_roles_set_role-simple.result b/mysql-test/r/acl_roles_set_role-simple.result index db54592333d..aa68052ae18 100644 --- a/mysql-test/r/acl_roles_set_role-simple.result +++ b/mysql-test/r/acl_roles_set_role-simple.result @@ -22,7 +22,13 @@ show grants; Grants for test_user@localhost GRANT USAGE ON *.* TO 'test_user'@'localhost' GRANT test_role1 TO 'test_user'@'localhost' +select current_user(), current_role(); +current_user() current_role() +test_user@localhost NONE set role test_role1; +select current_user(), current_role(); +current_user() current_role() +test_user@localhost test_role1 show grants; Grants for test_user@localhost GRANT SELECT ON *.* TO 'test_role1' @@ -32,6 +38,9 @@ select * from mysql.roles_mapping; HostFk UserFk RoleFk localhost test_user test_role1 set role none; +select current_user(), current_role(); +current_user() current_role() +test_user@localhost NONE select * from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping' delete from mysql.user where user='test_role1'; diff --git a/mysql-test/r/acl_roles_set_role-table-column-priv.result b/mysql-test/r/acl_roles_set_role-table-column-priv.result index 651a57be36a..bbb964b5d20 100644 --- a/mysql-test/r/acl_roles_set_role-table-column-priv.result +++ b/mysql-test/r/acl_roles_set_role-table-column-priv.result @@ -24,7 +24,13 @@ show grants; Grants for test_user@localhost GRANT USAGE ON *.* TO 'test_user'@'localhost' GRANT test_role1 TO 'test_user'@'localhost' +select current_user(), current_role(); +current_user() current_role() +test_user@localhost NONE set role test_role1; +select current_user(), current_role(); +current_user() current_role() +test_user@localhost test_role1 show grants; Grants for test_user@localhost GRANT SELECT (RoleFk) ON `mysql`.`roles_mapping` TO 'test_role2' @@ -49,6 +55,9 @@ GRANT test_role1 TO 'test_user'@'localhost' GRANT test_role2 TO 'test_role1' use mysql; set role none; +select current_user(), current_role(); +current_user() current_role() +test_user@localhost NONE select RoleFk from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping' drop user 'test_user'@'localhost'; diff --git a/mysql-test/r/acl_roles_set_role-table-simple.result b/mysql-test/r/acl_roles_set_role-table-simple.result index a009ce75515..02730a61e3e 100644 --- a/mysql-test/r/acl_roles_set_role-table-simple.result +++ b/mysql-test/r/acl_roles_set_role-table-simple.result @@ -24,7 +24,13 @@ show grants; Grants for test_user@localhost GRANT USAGE ON *.* TO 'test_user'@'localhost' GRANT test_role1 TO 'test_user'@'localhost' +select current_user(), current_role(); +current_user() current_role() +test_user@localhost NONE set role test_role1; +select current_user(), current_role(); +current_user() current_role() +test_user@localhost test_role1 show grants; Grants for test_user@localhost GRANT SELECT ON `mysql`.`roles_mapping` TO 'test_role2' @@ -47,6 +53,9 @@ GRANT test_role1 TO 'test_user'@'localhost' GRANT test_role2 TO 'test_role1' use mysql; set role none; +select current_user(), current_role(); +current_user() current_role() +test_user@localhost NONE select * from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping' drop user 'test_user'@'localhost'; diff --git a/mysql-test/r/acl_roles_show_grants.result b/mysql-test/r/acl_roles_show_grants.result index 641964bdcee..a28330379b5 100644 --- a/mysql-test/r/acl_roles_show_grants.result +++ b/mysql-test/r/acl_roles_show_grants.result @@ -34,7 +34,13 @@ Grants for test_user@localhost GRANT USAGE ON *.* TO 'test_user'@'localhost' GRANT test_role1 TO 'test_user'@'localhost' GRANT test_role2 TO 'test_user'@'localhost' +select current_user(), current_role(); +current_user() current_role() +test_user@localhost NONE set role test_role1; +select current_user(), current_role(); +current_user() current_role() +test_user@localhost test_role1 show grants; Grants for test_user@localhost GRANT SELECT ON `mysql`.* TO 'test_role2' @@ -45,6 +51,9 @@ GRANT test_role1 TO 'test_user'@'localhost' GRANT test_role2 TO 'test_role1' GRANT test_role2 TO 'test_user'@'localhost' set role none; +select current_user(), current_role(); +current_user() current_role() +test_user@localhost NONE show grants; Grants for test_user@localhost GRANT USAGE ON *.* TO 'test_user'@'localhost' @@ -71,6 +80,9 @@ ERROR 42000: There is no such grant defined for user 'test_user' on host 'localh show grants for CURRENT_ROLE(); ERROR 42000: There is no such grant defined for user 'test_user' on host 'localhost' set role test_role2; +select current_user(), current_role(); +current_user() current_role() +test_user@localhost test_role2 show grants; Grants for test_user@localhost GRANT SELECT ON `mysql`.* TO 'test_role2' diff --git a/mysql-test/t/acl_roles_set_role-database-recursive.test b/mysql-test/t/acl_roles_set_role-database-recursive.test index c91c7fc5d3f..98b2e76cb08 100644 --- a/mysql-test/t/acl_roles_set_role-database-recursive.test +++ b/mysql-test/t/acl_roles_set_role-database-recursive.test @@ -31,13 +31,17 @@ change_user 'test_user'; --error ER_TABLEACCESS_DENIED_ERROR select * from mysql.roles_mapping; +select current_user(), current_role(); set role test_role1; +select current_user(), current_role(); --sorted_result select * from mysql.roles_mapping; set role none; +select current_user(), current_role(); --error ER_TABLEACCESS_DENIED_ERROR select * from mysql.roles_mapping; set role test_role2; +select current_user(), current_role(); --sorted_result select * from mysql.roles_mapping; diff --git a/mysql-test/t/acl_roles_set_role-database-simple.test b/mysql-test/t/acl_roles_set_role-database-simple.test index 56237f38949..fdcd4cfceef 100644 --- a/mysql-test/t/acl_roles_set_role-database-simple.test +++ b/mysql-test/t/acl_roles_set_role-database-simple.test @@ -22,7 +22,9 @@ change_user 'test_user'; --error ER_TABLEACCESS_DENIED_ERROR select * from mysql.roles_mapping; +select current_user(), current_role(); set role test_role1; +select current_user(), current_role(); select * from mysql.roles_mapping; --error ER_TABLEACCESS_DENIED_ERROR insert into mysql.user (user, host) values ('Dummy', 'Dummy'); @@ -34,6 +36,7 @@ delete from mysql.roles_mapping where RoleFk='test_role2'; use mysql; set role none; +select current_user(), current_role(); --error ER_DBACCESS_DENIED_ERROR use mysql; diff --git a/mysql-test/t/acl_roles_set_role-multiple-role.test b/mysql-test/t/acl_roles_set_role-multiple-role.test index 3d5de6bd7fc..ce406301f4e 100644 --- a/mysql-test/t/acl_roles_set_role-multiple-role.test +++ b/mysql-test/t/acl_roles_set_role-multiple-role.test @@ -59,13 +59,16 @@ select * from mysql.roles_mapping; --sorted_result show grants; +select current_user(), current_role(); set role r_sel; +select current_user(), current_role(); --sorted_result show grants; --sorted_result select * from mysql.roles_mapping; set role r_ins; +select current_user(), current_role(); --sorted_result show grants; --error ER_TABLEACCESS_DENIED_ERROR @@ -76,14 +79,18 @@ insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('', --error ER_SPECIFIC_ACCESS_DENIED_ERROR flush privileges; set role r_rld; +select current_user(), current_role(); flush privileges; set role r_sel; +select current_user(), current_role(); flush privileges; set role none; +select current_user(), current_role(); --error ER_SPECIFIC_ACCESS_DENIED_ERROR flush privileges; set role r_ins; +select current_user(), current_role(); insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('', 'r_sel', 'r_upd'); @@ -100,11 +107,14 @@ insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('', 'r_del', 'r_ins'); set role r_rld; +select current_user(), current_role(); flush privileges; set role r_sel; +select current_user(), current_role(); update mysql.roles_mapping set RoleFk='r_ins' where RoleFk='r_ins_wrong'; flush privileges; set role r_sel; +select current_user(), current_role(); create table mysql.random_test_table (id INT); insert into mysql.random_test_table values (1); @@ -113,6 +123,7 @@ select * from mysql.random_test_table; delete from mysql.roles_mapping where RoleFk='r_ins'; flush privileges; set role r_sel; +select current_user(), current_role(); --error ER_TABLEACCESS_DENIED_ERROR insert into mysql.random_test_table values (1); drop table mysql.random_test_table; diff --git a/mysql-test/t/acl_roles_set_role-recursive.test b/mysql-test/t/acl_roles_set_role-recursive.test index 0a7ba637c85..b3d09bc8d53 100644 --- a/mysql-test/t/acl_roles_set_role-recursive.test +++ b/mysql-test/t/acl_roles_set_role-recursive.test @@ -35,7 +35,9 @@ select * from mysql.roles_mapping; --sorted_result show grants; +select current_user(), current_role(); set role test_role1; +select current_user(), current_role(); --sorted_result show grants; select * from mysql.roles_mapping where HostFk=''; @@ -43,6 +45,7 @@ select * from mysql.roles_mapping where HostFk=''; --sorted_result show grants; set role none; +select current_user(), current_role(); --sorted_result show grants; --error ER_TABLEACCESS_DENIED_ERROR @@ -52,6 +55,7 @@ select * from mysql.roles_mapping; show grants; --error ER_INVALID_ROLE set role test_role2; +select current_user(), current_role(); --sorted_result show grants; --error ER_TABLEACCESS_DENIED_ERROR @@ -61,6 +65,7 @@ select * from mysql.roles_mapping; --sorted_result show grants; set role test_role1; +select current_user(), current_role(); --sorted_result show grants; --sorted_result @@ -69,6 +74,7 @@ select * from mysql.roles_mapping where HostFk=''; --sorted_result show grants; set role none; +select current_user(), current_role(); --sorted_result show grants; --error ER_TABLEACCESS_DENIED_ERROR diff --git a/mysql-test/t/acl_roles_set_role-routine-simple.test b/mysql-test/t/acl_roles_set_role-routine-simple.test index e731c4dee10..eb4174a9882 100644 --- a/mysql-test/t/acl_roles_set_role-routine-simple.test +++ b/mysql-test/t/acl_roles_set_role-routine-simple.test @@ -44,7 +44,9 @@ show grants; --error ER_DBACCESS_DENIED_ERROR use mysql; +select current_user(), current_role(); set role test_role1; +select current_user(), current_role(); use mysql; call test_proc(@a); @@ -55,6 +57,7 @@ SELECT test_func('AABBCCDD'); --sorted_result show grants; set role none; +select current_user(), current_role(); --sorted_result show grants; @@ -65,6 +68,7 @@ call test_proc(@a); SELECT test_func('AABBCCDD'); set role test_role3; +select current_user(), current_role(); --sorted_result show grants; call test_proc(@a); diff --git a/mysql-test/t/acl_roles_set_role-simple.test b/mysql-test/t/acl_roles_set_role-simple.test index b09bbc02b97..210623e7d78 100644 --- a/mysql-test/t/acl_roles_set_role-simple.test +++ b/mysql-test/t/acl_roles_set_role-simple.test @@ -23,13 +23,16 @@ select * from mysql.roles_mapping; --sorted_result show grants; +select current_user(), current_role(); set role test_role1; +select current_user(), current_role(); --sorted_result show grants; --sorted_result select * from mysql.roles_mapping; set role none; +select current_user(), current_role(); --error ER_TABLEACCESS_DENIED_ERROR select * from mysql.roles_mapping; diff --git a/mysql-test/t/acl_roles_set_role-table-column-priv.test b/mysql-test/t/acl_roles_set_role-table-column-priv.test index 3424ac8b7e4..11969758f0c 100644 --- a/mysql-test/t/acl_roles_set_role-table-column-priv.test +++ b/mysql-test/t/acl_roles_set_role-table-column-priv.test @@ -25,7 +25,9 @@ select * from mysql.roles_mapping; --sorted_result show grants; +select current_user(), current_role(); set role test_role1; +select current_user(), current_role(); --sorted_result show grants; @@ -42,6 +44,7 @@ show grants; use mysql; set role none; +select current_user(), current_role(); --sorted_result --error ER_TABLEACCESS_DENIED_ERROR diff --git a/mysql-test/t/acl_roles_set_role-table-simple.test b/mysql-test/t/acl_roles_set_role-table-simple.test index 00aa5528fe6..0a212178409 100644 --- a/mysql-test/t/acl_roles_set_role-table-simple.test +++ b/mysql-test/t/acl_roles_set_role-table-simple.test @@ -25,7 +25,9 @@ select * from mysql.roles_mapping; --sorted_result show grants; +select current_user(), current_role(); set role test_role1; +select current_user(), current_role(); --sorted_result show grants; @@ -39,6 +41,7 @@ show grants; use mysql; set role none; +select current_user(), current_role(); --sorted_result --error ER_TABLEACCESS_DENIED_ERROR diff --git a/mysql-test/t/acl_roles_show_grants.test b/mysql-test/t/acl_roles_show_grants.test index 3d8ac80cdc1..38b20e627a2 100644 --- a/mysql-test/t/acl_roles_show_grants.test +++ b/mysql-test/t/acl_roles_show_grants.test @@ -30,10 +30,13 @@ change_user 'test_user'; --sorted_result show grants; +select current_user(), current_role(); set role test_role1; +select current_user(), current_role(); --sorted_result show grants; set role none; +select current_user(), current_role(); --sorted_result show grants; @@ -53,6 +56,7 @@ show grants for CURRENT_ROLE; show grants for CURRENT_ROLE(); set role test_role2; +select current_user(), current_role(); --sorted_result show grants; --sorted_result diff --git a/sql/item_strfunc.cc b/sql/item_strfunc.cc index 02d64952459..66fae0bed10 100644 --- a/sql/item_strfunc.cc +++ b/sql/item_strfunc.cc @@ -2332,16 +2332,28 @@ bool Item_func_current_user::fix_fields(THD *thd, Item **ref) if (Item_func_sysconst::fix_fields(thd, ref)) return TRUE; - Security_context *ctx= -#ifndef NO_EMBEDDED_ACCESS_CHECKS - (context->security_ctx - ? context->security_ctx : thd->security_ctx); -#else - thd->security_ctx; -#endif /*NO_EMBEDDED_ACCESS_CHECKS*/ + Security_context *ctx= context->security_ctx + ? context->security_ctx : thd->security_ctx; return init(ctx->priv_user, ctx->priv_host); } +bool Item_func_current_role::fix_fields(THD *thd, Item **ref) +{ + if (Item_func_sysconst::fix_fields(thd, ref)) + return 1; + + Security_context *ctx= context->security_ctx + ? context->security_ctx : thd->security_ctx; + + const char *role= ctx->priv_role[0] ? ctx->priv_role : NONE_ROLE; + + if (str_value.copy(role, strlen(role), system_charset_info)) + return 1; + + str_value.mark_as_const(); + return 0; +} + void Item_func_soundex::fix_length_and_dec() { diff --git a/sql/item_strfunc.h b/sql/item_strfunc.h index e09dee18d4f..8d9bda4902e 100644 --- a/sql/item_strfunc.h +++ b/sql/item_strfunc.h @@ -580,6 +580,28 @@ public: }; +class Item_func_current_role :public Item_func_sysconst +{ + Name_resolution_context *context; + +public: + Item_func_current_role(Name_resolution_context *context_arg) + : context(context_arg) {} + bool fix_fields(THD *thd, Item **ref); + void fix_length_and_dec() + { max_length= username_char_length * SYSTEM_CHARSET_MBMAXLEN; } + int save_in_field(Field *field, bool no_conversions) + { return save_str_value_in_field(field, &str_value); } + const char *func_name() const { return "current_role"; } + const char *fully_qualified_func_name() const { return "current_role()"; } + String *val_str(String *) + { + DBUG_ASSERT(fixed == 1); + return (null_value ? 0 : &str_value); + } +}; + + class Item_func_soundex :public Item_str_func { String tmp_value; diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy index 38f9709f180..9ed7e8e8173 100644 --- a/sql/sql_yacc.yy +++ b/sql/sql_yacc.yy @@ -8648,6 +8648,14 @@ function_call_keyword: Lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_SYSTEM_FUNCTION); Lex->safe_to_cache_query= 0; } + | CURRENT_ROLE optional_braces + { + $$= new (thd->mem_root) Item_func_current_role(Lex->current_context()); + if ($$ == NULL) + MYSQL_YYABORT; + Lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_SYSTEM_FUNCTION); + Lex->safe_to_cache_query= 0; + } | DATE_SYM '(' expr ')' { $$= new (thd->mem_root) Item_date_typecast($3); |