diff --git a/sql/auth/auth_common.h b/sql/auth/auth_common.h index b8a24ed1..023cf06e 100644 --- a/sql/auth/auth_common.h +++ b/sql/auth/auth_common.h @@ -620,7 +620,8 @@ bool mysql_rename_user(THD *thd, List <LEX_USER> &list); bool set_and_validate_user_attributes(THD *thd, LEX_USER *Str, ulong &what_to_set, - bool is_privileged_user); + bool is_privileged_user, + const char * cmd); /* sql_auth_cache */ int wild_case_compare(CHARSET_INFO *cs, const char *str,const char *wildstr); diff --git a/sql/auth/sql_authorization.cc b/sql/auth/sql_authorization.cc index ef5aeb33..910216d9 100644 --- a/sql/auth/sql_authorization.cc +++ b/sql/auth/sql_authorization.cc @@ -1321,7 +1321,8 @@ int mysql_table_grant(THD *thd, TABLE_LIST *table_list, } if (set_and_validate_user_attributes(thd, Str, what_to_set, - is_privileged_user)) + is_privileged_user, + revoke_grant?"REVOKE":"GRANT")) { result= TRUE; continue; @@ -1636,7 +1637,8 @@ bool mysql_routine_grant(THD *thd, TABLE_LIST *table_list, bool is_proc, } if (set_and_validate_user_attributes(thd, Str, what_to_set, - is_privileged_user)) + is_privileged_user, + revoke_grant?"REVOKE":"GRANT")) { result= TRUE; continue; @@ -1887,7 +1889,8 @@ bool mysql_grant(THD *thd, const char *db, List <LEX_USER> &list, } if (set_and_validate_user_attributes(thd, Str, what_to_set, - is_privileged_user)) + is_privileged_user, + revoke_grant?"REVOKE":"GRANT")) { result= TRUE; continue; diff --git a/sql/auth/sql_user.cc b/sql/auth/sql_user.cc index bb8f5dc8..f1fdca64 100644 --- a/sql/auth/sql_user.cc +++ b/sql/auth/sql_user.cc @@ -396,6 +396,7 @@ err: @param what_to_set User attributes @param is_privileged_user Whether caller has CREATE_USER_ACL or UPDATE_ACL over mysql.* + @param cmd Command information @retval 0 ok @retval 1 ERROR; @@ -404,7 +405,8 @@ err: bool set_and_validate_user_attributes(THD *thd, LEX_USER *Str, ulong &what_to_set, - bool is_privileged_user) + bool is_privileged_user, + const char * cmd) { bool user_exists= false; ACL_USER *acl_user; @@ -573,6 +575,17 @@ bool set_and_validate_user_attributes(THD *thd, inbuflen)) { plugin_unlock(0, plugin); + + /* + generate_authentication_string may return error status + without setting actual error. + */ + if (!thd->is_error()) + { + String error_user; + append_user(thd, &error_user, Str, FALSE, FALSE); + my_error(ER_CANNOT_USER, MYF(0), cmd, error_user.c_ptr_safe()); + } return(1); } if (buflen) @@ -758,7 +771,8 @@ bool change_password(THD *thd, const char *host, const char *user, thd->slave_thread) combo->uses_identified_by_clause= false; - if (set_and_validate_user_attributes(thd, combo, what_to_set, true)) + if (set_and_validate_user_attributes(thd, combo, what_to_set, + true, "SET PASSWORD")) { result= 1; mysql_mutex_unlock(&acl_cache->lock); @@ -1389,7 +1403,8 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool if_not_exists) result= TRUE; continue; } - if (set_and_validate_user_attributes(thd, user_name, what_to_update, true)) + if (set_and_validate_user_attributes(thd, user_name, what_to_update, + true, "CREATE USER")) { result= TRUE; continue; @@ -1897,7 +1912,7 @@ bool mysql_alter_user(THD *thd, List <LEX_USER> &list, bool if_exists) continue; } if (set_and_validate_user_attributes(thd, user_from, what_to_alter, - is_privileged_user)) + is_privileged_user, "ALTER USER")) { result= true; continue;