diff --git a/sql/auth/auth_common.h b/sql/auth/auth_common.h
index b8a24ed1..023cf06e 100644
--- a/sql/auth/auth_common.h
+++ b/sql/auth/auth_common.h
@@ -620,7 +620,8 @@ bool mysql_rename_user(THD *thd, List <LEX_USER> &list);
bool set_and_validate_user_attributes(THD *thd,
LEX_USER *Str,
ulong &what_to_set,
- bool is_privileged_user);
+ bool is_privileged_user,
+ const char * cmd);
/* sql_auth_cache */
int wild_case_compare(CHARSET_INFO *cs, const char *str,const char *wildstr);
diff --git a/sql/auth/sql_authorization.cc b/sql/auth/sql_authorization.cc
index ef5aeb33..910216d9 100644
--- a/sql/auth/sql_authorization.cc
+++ b/sql/auth/sql_authorization.cc
@@ -1321,7 +1321,8 @@ int mysql_table_grant(THD *thd, TABLE_LIST *table_list,
}
if (set_and_validate_user_attributes(thd, Str, what_to_set,
- is_privileged_user))
+ is_privileged_user,
+ revoke_grant?"REVOKE":"GRANT"))
{
result= TRUE;
continue;
@@ -1636,7 +1637,8 @@ bool mysql_routine_grant(THD *thd, TABLE_LIST *table_list, bool is_proc,
}
if (set_and_validate_user_attributes(thd, Str, what_to_set,
- is_privileged_user))
+ is_privileged_user,
+ revoke_grant?"REVOKE":"GRANT"))
{
result= TRUE;
continue;
@@ -1887,7 +1889,8 @@ bool mysql_grant(THD *thd, const char *db, List <LEX_USER> &list,
}
if (set_and_validate_user_attributes(thd, Str, what_to_set,
- is_privileged_user))
+ is_privileged_user,
+ revoke_grant?"REVOKE":"GRANT"))
{
result= TRUE;
continue;
diff --git a/sql/auth/sql_user.cc b/sql/auth/sql_user.cc
index bb8f5dc8..f1fdca64 100644
--- a/sql/auth/sql_user.cc
+++ b/sql/auth/sql_user.cc
@@ -396,6 +396,7 @@ err:
@param what_to_set User attributes
@param is_privileged_user Whether caller has CREATE_USER_ACL
or UPDATE_ACL over mysql.*
+ @param cmd Command information
@retval 0 ok
@retval 1 ERROR;
@@ -404,7 +405,8 @@ err:
bool set_and_validate_user_attributes(THD *thd,
LEX_USER *Str,
ulong &what_to_set,
- bool is_privileged_user)
+ bool is_privileged_user,
+ const char * cmd)
{
bool user_exists= false;
ACL_USER *acl_user;
@@ -573,6 +575,17 @@ bool set_and_validate_user_attributes(THD *thd,
inbuflen))
{
plugin_unlock(0, plugin);
+
+ /*
+ generate_authentication_string may return error status
+ without setting actual error.
+ */
+ if (!thd->is_error())
+ {
+ String error_user;
+ append_user(thd, &error_user, Str, FALSE, FALSE);
+ my_error(ER_CANNOT_USER, MYF(0), cmd, error_user.c_ptr_safe());
+ }
return(1);
}
if (buflen)
@@ -758,7 +771,8 @@ bool change_password(THD *thd, const char *host, const char *user,
thd->slave_thread)
combo->uses_identified_by_clause= false;
- if (set_and_validate_user_attributes(thd, combo, what_to_set, true))
+ if (set_and_validate_user_attributes(thd, combo, what_to_set,
+ true, "SET PASSWORD"))
{
result= 1;
mysql_mutex_unlock(&acl_cache->lock);
@@ -1389,7 +1403,8 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list, bool if_not_exists)
result= TRUE;
continue;
}
- if (set_and_validate_user_attributes(thd, user_name, what_to_update, true))
+ if (set_and_validate_user_attributes(thd, user_name, what_to_update,
+ true, "CREATE USER"))
{
result= TRUE;
continue;
@@ -1897,7 +1912,7 @@ bool mysql_alter_user(THD *thd, List <LEX_USER> &list, bool if_exists)
continue;
}
if (set_and_validate_user_attributes(thd, user_from, what_to_alter,
- is_privileged_user))
+ is_privileged_user, "ALTER USER"))
{
result= true;
continue;