-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MDEV-30908 Make SESSION_USER() comparable with CURRENT_USER() #2985
base: 11.4
Are you sure you want to change the base?
Conversation
|
The changes on this PR were previously discussed with @vuvova and @grooverdan at: #2928 |
4588115
to
db9b3e4
Compare
@vuvova regarding your comment about optional parenthesis here: christian7007@4c9ec81#r135239559. The first version I pushed for this PR allowing option parenthesis broke server/mysql-test/main/parser.test Line 116 in c0c1c80
Maybe I'm missing something, but after some research my understanding is that the failure came from supporting Please, let me know if you think I'm missing something or if you think there is a better way of addressing this. |
I also updated some MTR tests, there are still some CI failures but after looking at them I don't think they are related with my changes. |
I've marked MDEV-30908 as being IN-REVIEW, assigned to myself. But I'll only look at it next month. There's still enough time for it to get into the next release (deadline is mid-March). |
Update `SESSION_USER()` behaviour to be comparable with `CURRENT_USER()`. `SESSION_USER()` will return the user and host columns from `mysql.user` used to authenticate the user when the session was created. Historically `SESSION_USER()` was an alias of `USER()` function. The main difference with `USER()` behaviour after this changes is that `SESSION_USER()` now returns the host column from `mysql.user` instead of the client host or ip. NOTE: `SESSION_USER_IS_USER` old mode is added to make the change backward compatible. All new code of the whole pull request, including one or several files that are either new files or modified ones, are contributed under the BSD-new license. I am contributing on behalf of my employer Amazon Web Services, Inc.
db9b3e4
to
b8d3117
Compare
We know you @vuvova are busy, but perhaps you could do a superficial review to let us know if you agree with this change in principle? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks fine to me. Note a couple of minor comments. And please rebase on top of 11.6, you'll have old-mode related conflicts.
@@ -3889,6 +3889,7 @@ static const char *old_mode_names[]= | |||
"COMPAT_5_1_CHECKSUM", // deprecated since 11.3 | |||
"NO_NULL_COLLATION_IDS", // deprecated since 11.3 | |||
"LOCK_ALTER_TABLE_COPY", // deprecated since 11.3 | |||
"SESSION_USER_IS_USER", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
when you'll rebase it on top of 11.6, you'll see a conflict here, see how the new old mode OLD_FLUSH_STATUS
was added and add yours in the same way with a correct deprecation version.
{ | ||
return mark_unsupported_function(fully_qualified_func_name(), arg, | ||
VCOL_SESSION_FUNC); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
get_copy()
?
} | ||
const char *fully_qualified_func_name() const override | ||
{ return "session_user()"; } | ||
bool check_vcol_func_processor(void *arg) override |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
doesn't seem to be necessary? Item_func_sysconst
(two classes up the hierarchy) has exactly that.
Description
Update
SESSION_USER()
behaviour to be comparable withCURRENT_USER()
.SESSION_USER()
will return the user and host columns frommysql.user
used to authenticate the user when the session was created.Historically
SESSION_USER()
was an alias ofUSER()
function. The main difference withUSER()
behaviour after this change is thatSESSION_USER()
now returns the host column frommysql.user
instead of the client host or ip.This will allow to retrieve the user and host from the session used to call a stored procedure when
SQL SECURITY DEFINER
is set. With the previous behaviour the host used by the client was returned instead of the value of thehost
column frommysql.user
table making it harder to know exactly which row frommysql.user
was used to authenticate the user.Below there is an example of the output of this function compared with the existing alternatives, if we create
mysql.user_function_demo()
like:use the command below to connect to the server:
and then execute the procedure:
NOTE:
SESSION_USER_IS_USER
old mode is added to make the change backward compatible.How can this PR be tested?
This PR adds a new MTR test for testing this new function.
Basing the PR against the correct MariaDB version
PR quality check
Copyright
All new code of the whole pull request, including one or several files
that are either new files or modified ones, are contributed under the
BSD-new license. I am contributing on behalf of my employer
Amazon Web Services, Inc.