MDEV-30908 Make SESSION_USER() comparable with CURRENT_USER()

[christian7007]

• The Jira issue number for this PR is: MDEV-30908

Description

Update SESSION_USER() behaviour to be comparable with CURRENT_USER(). SESSION_USER() will return the user and host columns from mysql.user used to authenticate the user when the session was created.

Historically SESSION_USER() was an alias of USER() function. The main difference with USER() behaviour after this change is that SESSION_USER() now returns the host column from mysql.user instead of the client host or ip.

This will allow to retrieve the user and host from the session used to call a stored procedure when SQL SECURITY DEFINER is set. With the previous behaviour the host used by the client was returned instead of the value of the host column from mysql.user table making it harder to know exactly which row from mysql.user was used to authenticate the user.

Below there is an example of the output of this function compared with the existing alternatives, if we create mysql.user_function_demo() like:

CREATE PROCEDURE mysql.user_function_demo() SQL SECURITY DEFINER BEGIN
SELECT CURRENT_USER(), USER(), SESSION_USER();
END

use the command below to connect to the server:

$ mariadb -u test_user -h 127.0.0.1   # force connection to be over TCP, not Unix socket

and then execute the procedure:

CURRENT_USER()	USER()	                   SESSION_USER()
root@localhost	[email protected]:12345  test_user@%

NOTE: SESSION_USER_IS_USER old mode is added to make the change backward compatible.

How can this PR be tested?

This PR adds a new MTR test for testing this new function.

Basing the PR against the correct MariaDB version

• This is a new feature and the PR is based against the latest MariaDB development branch.

PR quality check

• I checked the CODING_STANDARDS.md file and my PR conforms to this where appropriate.
• For any trivial modifications to the PR, I am ok with the reviewer making the changes themselves.

Copyright

All new code of the whole pull request, including one or several files
that are either new files or modified ones, are contributed under the
BSD-new license. I am contributing on behalf of my employer
Amazon Web Services, Inc.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[christian7007]

The changes on this PR were previously discussed with @vuvova and @grooverdan at: #2928

[christian7007]

@vuvova regarding your comment about optional parenthesis here: christian7007@4c9ec81#r135239559.

The first version I pushed for this PR allowing option parenthesis broke main.parser test at:

server/mysql-test/main/parser.test

Line 116 in c0c1c80

create table SESSION_USER(a int);

Maybe I'm missing something, but after some research my understanding is that the failure came from supporting SESSION_USER with optional parenthesis (if we add SESSION_USER_SYM as keyword_sp_var_and_label using optional_braces it will cause ambiguity and will make the parser building to fail). This was not supported before, and as adding this will break backward compatibility I pushed a new version for the changes making parenthesis mandatory for SESSION_USER() again.

Please, let me know if you think I'm missing something or if you think there is a better way of addressing this.

[christian7007]

I also updated some MTR tests, there are still some CI failures but after looking at them I don't think they are related with my changes.

[vuvova]

I've marked MDEV-30908 as being IN-REVIEW, assigned to myself. But I'll only look at it next month. There's still enough time for it to get into the next release (deadline is mid-March).

[ottok]

We know you @vuvova are busy, but perhaps you could do a superficial review to let us know if you agree with this change in principle?

[vuvova]

Looks fine to me. Note a couple of minor comments. And please rebase on top of 11.6, you'll have old-mode related conflicts.

[vuvova]

when you'll rebase it on top of 11.6, you'll see a conflict here, see how the new old mode OLD_FLUSH_STATUS was added and add yours in the same way with a correct deprecation version.

[vuvova]

get_copy() ?

[vuvova]

doesn't seem to be necessary? Item_func_sysconst (two classes up the hierarchy) has exactly that.