Merge branch 'mysql-8.0' into mysql-trunk

RahulSisondia · RahulSisondia · commit 01995e722580 · 2020-04-15T08:59:05.000+02:00
diff --git a/plugin/x/src/sql_data_context.cc b/plugin/x/src/sql_data_context.cc
@@ -305,19 +305,6 @@ ngs::Error_code Sql_data_context::authenticate_internal(
     std::string user_name = get_user_name();
     std::string host_or_ip = get_host_or_ip();
 
-    /*
-      Instead of modifying the current security context in switch_user()
-      method above, we must create a security_context to do the
-      security_context_lookup() on newly created security_context then set
-      that in the THD. Until that happens, we have to get the existing security
-      context and set that again in the THD. The latter opertion is nedded as
-      it may toggle the system_user flag in THD iff security_context has
-      SYSTEM_USER privilege.
-    */
-    MYSQL_SECURITY_CONTEXT scontext;
-    thd_get_security_context(get_thd(), &scontext);
-    thd_set_security_context(get_thd(), scontext);
-
 #ifdef HAVE_PSI_THREAD_INTERFACE
     PSI_THREAD_CALL(set_thread_account)
     (user_name.c_str(), static_cast<int>(user_name.length()),
diff --git a/sql/auth/service_security_context.cc b/sql/auth/service_security_context.cc
@@ -1,4 +1,4 @@
-/* Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2.0,
@@ -82,6 +82,7 @@ my_svc_bool thd_set_security_context(MYSQL_THD _thd,
   try {
     if (in_ctx) {
       thd->set_security_context(in_ctx);
+      in_ctx->set_thd(thd);
       // Turn ON the flag in THD iff the user is granted SYSTEM_USER privilege
       set_system_user_flag(thd);
     }
@@ -182,6 +183,12 @@ my_svc_bool security_context_lookup(MYSQL_SECURITY_CONTEXT ctx,
   retval = acl_getroot(tmp_thd ? tmp_thd : current_thd, ctx, user, host, ip, db)
                ? true
                : false;
+  /*
+    If it is not a new security context then update the
+    system_user flag in its referenced THD.
+  */
+  THD *sctx_thd = ctx->get_thd();
+  if (sctx_thd) set_system_user_flag(sctx_thd);
 
   if (tmp_thd) {
     destroy_thd(tmp_thd);
diff --git a/sql/auth/sql_security_ctx.cc b/sql/auth/sql_security_ctx.cc
@@ -630,8 +630,13 @@ std::pair<bool, bool> Security_context::has_global_grant(const char *priv,
   std::string privilege(priv, priv_len);
 
   if (m_acl_map == nullptr) {
-    Acl_cache_lock_guard acl_cache_lock(current_thd,
-                                        Acl_cache_lock_mode::READ_MODE);
+    THD *thd = m_thd ? m_thd : current_thd;
+    if (thd == nullptr) {
+      DBUG_PRINT("error", ("Security Context must have valid THD handle to"
+                           " probe grants.\n"));
+      return {false, false};
+    }
+    Acl_cache_lock_guard acl_cache_lock(thd, Acl_cache_lock_mode::READ_MODE);
     if (!acl_cache_lock.lock(false)) return std::make_pair(false, false);
     Role_id key(&m_priv_user[0], m_priv_user_length, &m_priv_host[0],
                 m_priv_host_length);
diff --git a/sql/auth/sql_security_ctx.h b/sql/auth/sql_security_ctx.h
@@ -1,4 +1,4 @@
-/* Copyright (c) 2014, 2019, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2014, 2020, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2.0,
@@ -299,6 +299,10 @@ class Security_context {
 
   void clear_db_restrictions();
 
+  void set_thd(THD *thd);
+
+  THD *get_thd();
+
  private:
   void init();
   void destroy();
@@ -481,4 +485,8 @@ inline void Security_context::clear_db_restrictions() {
   m_restrictions.clear_db();
 }
 
+inline void Security_context::set_thd(THD *thd) { m_thd = thd; }
+
+inline THD *Security_context::get_thd() { return m_thd; }
+
 #endif /* SQL_SECURITY_CTX_INCLUDED */
diff --git a/sql/server_component/security_context_imp.cc b/sql/server_component/security_context_imp.cc
@@ -70,6 +70,8 @@ DEFINE_BOOL_METHOD(mysql_security_context_imp::set,
     Security_context *in_sctx = reinterpret_cast<Security_context *>(in_ctx);
     if (in_sctx) {
       thd->set_security_context(in_sctx);
+      in_sctx->set_thd(thd);
+
       // Turn ON the flag in THD iff the user is granted SYSTEM_USER privilege
       set_system_user_flag(thd);
     }
@@ -179,6 +181,14 @@ DEFINE_BOOL_METHOD(mysql_security_context_imp::lookup,
                  ? true
                  : false;
 
+    /*
+      If it is not a new security context then update the
+      system_user flag in its referenced THD.
+    */
+    Security_context *sctx = reinterpret_cast<Security_context *>(ctx);
+    THD *sctx_thd = sctx->get_thd();
+    if (sctx_thd) set_system_user_flag(sctx_thd);
+
     if (tmp_thd) {
       destroy_thd(tmp_thd);
       tmp_thd = nullptr;
