Hi, Alexey! On May 02, Alexey Botchkov wrote:
Fine. But can you please explain the logic here? When connected to the server, the user is authenticated with the find_user_or_anon(). But when we check permissions for the SET ROLE NONE, we use find_user_wild(). Why is that?
Because 'user' is thd->security_ctx->priv_user in this case, not thd->security_ctx->user. find_user_or_anon() works with user/host pair, using wildcard matching for both user and host values. While find_user_exact() works with priv_user/priv_host pairs, using exact matching for both user and host values. The very weird find_user_wild() works with inconsistent priv_user/host pairs, using wildcards only for the host, not for the user. This pair make no sense to me, but this is the historical MySQL behavior that I didn't risk to break :( It's MDEV-5233 Regards, Sergei