Hi, Dmitri, Mostly looks good. As I said on slack, I'll do a cleanup of tests before your commit so there will be a lot less changed tests in yours. On Jun 06, Sergei Golubchik via developers wrote:
Hi, Dmitri,
commit b69bd351c1f Author: Dmitri Shulga <dmitry.shulga@mariadb.com> Date: Wed May 28 00:05:05 2025 +0700
MDEV-35617: DROP USER should leave no active session for that user ... + if (acl_user->dont_accept_new_connections()) + { + my_error(ER_CONNECT_WHILE_DROP_USER_IN_PROGRESS, MYF(0), + acl_user->get_username());
I'd just say user not found. That is, no need to a special error, but find_mpvio_user() can simply skip entries that are being dropped.
Also, how can a connection see a user being dropped, if mysql_drop_user() takes acl_cache->lock and doesn't release it until everything is dropped?
You didn't do this change. But now I realize, it's just a simplification, but your behavior is actually incorrect. Consider CREATE USER foo@'%'; CREATE USER foo@localhost; ... DROP USER foo@localhost; Note that both before and after DROP USER, one can connect from localhost as foo: mariadb -u foo -h localhost That is, at no point in time there is no valid account to connect. So one should never get an error, not even during DROP USER. The correct behavior is to skip to-be-deleted entry and continue searching for a valid usable account. I admit, though, it's a rather obscure corner case, for now I just removed a new error message. Regards, Sergei Chief Architect, MariaDB Server and security@mariadb.org