Make SESSION_USER() comparable with CURRENT_USER()

Update `SESSION_USER()` behaviour to be comparable with `CURRENT_USER()`.
`SESSION_USER()` will return the user and host columns from `mysql.user`
used to authenticate the user when the session was created.

Historically `SESSION_USER()` was an alias of `USER()` function. The
main difference with `USER()` behaviour after this changes is that
`SESSION_USER()` now returns the host column from `mysql.user` instead of
the client host or ip.

NOTE: `SESSION_USER_IS_USER` old mode is added to make the change
backward compatible.

All new code of the whole pull request, including one or several files
that are either new files or modified ones, are contributed under the
BSD-new license. I am contributing on behalf of my employer
Amazon Web Services, Inc.

mysql-test/main/mysqld--help.result

@@ -749,7 +749,8 @@ The following specify which files/extra groups are read (specified before remain
  ZERO_DATE_TIME_CAST, UTF8_IS_UTF8MB3, 
  IGNORE_INDEX_ONLY_FOR_JOIN, COMPAT_5_1_CHECKSUM, 
  NO_NULL_COLLATION_IDS, LOCK_ALTER_TABLE_COPY, 
- OLD_FLUSH_STATUS, or ALL to set all combinations
+ OLD_FLUSH_STATUS, SESSION_USER_IS_USER, or ALL to set all
+ combinations
  --old-passwords     Use old password encryption method (needed for 4.0 and
  older clients)
  --old-style-user-limits 

mysql-test/main/session_user.result

@@ -0,0 +1,56 @@
+# Create a stored procedure which calls the different functions to retrieve the user
+CREATE FUNCTION test.func_session_user() RETURNS CHAR(80) SQL SECURITY DEFINER RETURN CONCAT(USER(), '; ', CURRENT_USER(), '; ', SESSION_USER());
+# Create a view which calls the different functions to retrieve the user
+CREATE SQL SECURITY DEFINER VIEW test.view_session_user AS SELECT USER(), CURRENT_USER(), SESSION_USER();
+# Create test_user
+CREATE USER 'test_user'@'%';
+GRANT EXECUTE, CREATE, DROP, SELECT ON test.* TO 'test_user'@'%';
+# Connect as test_user
+connect  test_user_con,localhost,test_user,,;
+# Check the function called directly
+SELECT USER(), CURRENT_USER(), SESSION_USER();
+USER()	CURRENT_USER()	SESSION_USER()
+test_user@localhost	test_user@%	test_user@%
+# Check the function inside of a stored procedure
+SELECT test.func_session_user();
+test.func_session_user()
+test_user@localhost; root@localhost; test_user@%
+# Check the function inside of a view
+SELECT * FROM test.view_session_user;
+USER()	CURRENT_USER()	SESSION_USER()
+test_user@localhost	root@localhost	test_user@%
+# Check SESSION_USER is allowed in virtual columns
+CREATE OR REPLACE TABLE t1 (a int, b varchar(100) GENERATED ALWAYS AS (SESSION_USER()));
+# Check SESSION_USER is not allowed for indexed virtual columns
+CREATE OR REPLACE TABLE t1 (a int, b varchar(100) GENERATED ALWAYS AS (SESSION_USER()), INDEX idx (b));
+ERROR HY000: Function or expression 'session_user()' cannot be used in the GENERATED ALWAYS AS clause of `b`
+# Check SESSION_USER is not allowed in virtual columns when CHECK constrains are provided
+CREATE OR REPLACE TABLE t1 (a int, b varchar(100) GENERATED ALWAYS AS (SESSION_USER()) CHECK (b <> ''));
+ERROR HY000: Function or expression 'b' cannot be used in the CHECK clause of `b`
+# Check SESSION_USER is not allowed for stored virtual columns
+CREATE OR REPLACE TABLE t1 (a int, b varchar(100) GENERATED ALWAYS AS (SESSION_USER()) STORED);
+ERROR HY000: Function or expression 'session_user()' cannot be used in the GENERATED ALWAYS AS clause of `b`
+# Check SESSION_USER is allowed as default
+CREATE OR REPLACE TABLE t1 (a int, b varchar(100) DEFAULT (SESSION_USER()));
+# Test old mode SESSION_USER_IS_USER behaves properly
+SELECT @@OLD_MODE, @@GLOBAL.OLD_MODE;
+@@OLD_MODE	@@GLOBAL.OLD_MODE
+UTF8_IS_UTF8MB3	UTF8_IS_UTF8MB3
+SELECT USER(), SESSION_USER();
+USER()	SESSION_USER()
+test_user@localhost	test_user@%
+SET @@OLD_MODE = CONCAT(@@OLD_MODE, ',SESSION_USER_IS_USER');
+Warnings:
+Warning	1287	'SESSION_USER_IS_USER' is deprecated and will be removed in a future release
+SELECT @@OLD_MODE, @@GLOBAL.OLD_MODE;
+@@OLD_MODE	@@GLOBAL.OLD_MODE
+UTF8_IS_UTF8MB3,SESSION_USER_IS_USER	UTF8_IS_UTF8MB3
+SELECT USER(), SESSION_USER();
+USER()	SESSION_USER()
+test_user@localhost	test_user@localhost
+# Cleanup
+connection default;
+DROP USER 'test_user'@'%';
+DROP FUNCTION test.func_session_user;
+DROP VIEW test.view_session_user;
+DROP TABLE test.t1;

mysql-test/main/session_user.test

@@ -0,0 +1,54 @@
+# MDEV-30908 - Test SESSION_USER() function
+#
+# Check that SESSION_USER() returns the right user and host matching the
+# content of`mysql.user` table for the user executing the stored procedure.
+
+-- source include/not_embedded.inc
+
+--echo # Create a stored procedure which calls the different functions to retrieve the user
+CREATE FUNCTION test.func_session_user() RETURNS CHAR(80) SQL SECURITY DEFINER RETURN CONCAT(USER(), '; ', CURRENT_USER(), '; ', SESSION_USER());
+--echo # Create a view which calls the different functions to retrieve the user
+CREATE SQL SECURITY DEFINER VIEW test.view_session_user AS SELECT USER(), CURRENT_USER(), SESSION_USER();
+
+--echo # Create test_user
+CREATE USER 'test_user'@'%';
+GRANT EXECUTE, CREATE, DROP, SELECT ON test.* TO 'test_user'@'%';
+
+--echo # Connect as test_user
+connect (test_user_con,localhost,test_user,,);
+
+--echo # Check the function called directly
+SELECT USER(), CURRENT_USER(), SESSION_USER();
+--echo # Check the function inside of a stored procedure
+SELECT test.func_session_user();
+--echo # Check the function inside of a view
+SELECT * FROM test.view_session_user;
+
+--echo # Check SESSION_USER is allowed in virtual columns
+CREATE OR REPLACE TABLE t1 (a int, b varchar(100) GENERATED ALWAYS AS (SESSION_USER()));
+--echo # Check SESSION_USER is not allowed for indexed virtual columns
+--error ER_GENERATED_COLUMN_FUNCTION_IS_NOT_ALLOWED
+CREATE OR REPLACE TABLE t1 (a int, b varchar(100) GENERATED ALWAYS AS (SESSION_USER()), INDEX idx (b));
+--echo # Check SESSION_USER is not allowed in virtual columns when CHECK constrains are provided
+--error ER_GENERATED_COLUMN_FUNCTION_IS_NOT_ALLOWED
+CREATE OR REPLACE TABLE t1 (a int, b varchar(100) GENERATED ALWAYS AS (SESSION_USER()) CHECK (b <> ''));
+--echo # Check SESSION_USER is not allowed for stored virtual columns
+--error ER_GENERATED_COLUMN_FUNCTION_IS_NOT_ALLOWED
+CREATE OR REPLACE TABLE t1 (a int, b varchar(100) GENERATED ALWAYS AS (SESSION_USER()) STORED);
+
+--echo # Check SESSION_USER is allowed as default
+CREATE OR REPLACE TABLE t1 (a int, b varchar(100) DEFAULT (SESSION_USER()));
+
+--echo # Test old mode SESSION_USER_IS_USER behaves properly
+SELECT @@OLD_MODE, @@GLOBAL.OLD_MODE;
+SELECT USER(), SESSION_USER();
+SET @@OLD_MODE = CONCAT(@@OLD_MODE, ',SESSION_USER_IS_USER');
+SELECT @@OLD_MODE, @@GLOBAL.OLD_MODE;
+SELECT USER(), SESSION_USER();
+
+--echo # Cleanup
+--connection default
+DROP USER 'test_user'@'%';
+DROP FUNCTION test.func_session_user;
+DROP VIEW test.view_session_user;
+DROP TABLE test.t1;

mysql-test/suite/sys_vars/r/sysvars_server_embedded.result

@@ -2349,7 +2349,7 @@ VARIABLE_COMMENT	Used to emulate old behavior from earlier MariaDB or MySQL vers
 NUMERIC_MIN_VALUE	NULL
 NUMERIC_MAX_VALUE	NULL
 NUMERIC_BLOCK_SIZE	NULL
-ENUM_VALUE_LIST	NO_DUP_KEY_WARNINGS_WITH_IGNORE,NO_PROGRESS_INFO,ZERO_DATE_TIME_CAST,UTF8_IS_UTF8MB3,IGNORE_INDEX_ONLY_FOR_JOIN,COMPAT_5_1_CHECKSUM,NO_NULL_COLLATION_IDS,LOCK_ALTER_TABLE_COPY,OLD_FLUSH_STATUS
+ENUM_VALUE_LIST	NO_DUP_KEY_WARNINGS_WITH_IGNORE,NO_PROGRESS_INFO,ZERO_DATE_TIME_CAST,UTF8_IS_UTF8MB3,IGNORE_INDEX_ONLY_FOR_JOIN,COMPAT_5_1_CHECKSUM,NO_NULL_COLLATION_IDS,LOCK_ALTER_TABLE_COPY,OLD_FLUSH_STATUS,SESSION_USER_IS_USER
 READ_ONLY	NO
 COMMAND_LINE_ARGUMENT	REQUIRED
 VARIABLE_NAME	OLD_PASSWORDS

mysql-test/suite/sys_vars/r/sysvars_server_notembedded.result

@@ -2559,7 +2559,7 @@ VARIABLE_COMMENT	Used to emulate old behavior from earlier MariaDB or MySQL vers
 NUMERIC_MIN_VALUE	NULL
 NUMERIC_MAX_VALUE	NULL
 NUMERIC_BLOCK_SIZE	NULL
-ENUM_VALUE_LIST	NO_DUP_KEY_WARNINGS_WITH_IGNORE,NO_PROGRESS_INFO,ZERO_DATE_TIME_CAST,UTF8_IS_UTF8MB3,IGNORE_INDEX_ONLY_FOR_JOIN,COMPAT_5_1_CHECKSUM,NO_NULL_COLLATION_IDS,LOCK_ALTER_TABLE_COPY,OLD_FLUSH_STATUS
+ENUM_VALUE_LIST	NO_DUP_KEY_WARNINGS_WITH_IGNORE,NO_PROGRESS_INFO,ZERO_DATE_TIME_CAST,UTF8_IS_UTF8MB3,IGNORE_INDEX_ONLY_FOR_JOIN,COMPAT_5_1_CHECKSUM,NO_NULL_COLLATION_IDS,LOCK_ALTER_TABLE_COPY,OLD_FLUSH_STATUS,SESSION_USER_IS_USER
 READ_ONLY	NO
 COMMAND_LINE_ARGUMENT	REQUIRED
 VARIABLE_NAME	OLD_PASSWORDS

mysql-test/suite/vcol/r/vcol_blocked_sql_funcs.result

@@ -119,7 +119,7 @@ create or replace table t1 (a varchar(32) as (schema()) PERSISTENT);
 ERROR HY000: Function or expression 'database()' cannot be used in the GENERATED ALWAYS AS clause of `a`
 # SESSION_USER()
 create or replace table t1 (a varchar(32) as (session_user()) PERSISTENT);
-ERROR HY000: Function or expression 'user()' cannot be used in the GENERATED ALWAYS AS clause of `a`
+ERROR HY000: Function or expression 'session_user()' cannot be used in the GENERATED ALWAYS AS clause of `a`
 # SLEEP()
 create or replace table t1 (a int, b int as (sleep(a)));
 ERROR HY000: Function or expression 'sleep()' cannot be used in the GENERATED ALWAYS AS clause of `b`

sql/deprecation.h

@@ -30,7 +30,7 @@ template<uint V> static inline void check_deprecated_version(void)
      V <= 1004 ? MYSQL_VERSION_ID < 110500 :   /* until 10.4  EOL */
      V <= 1005 ? MYSQL_VERSION_ID < 120100 :   /* until 10.5  EOL */
      V <= 1010 ? MYSQL_VERSION_ID < 120500 :   /* until 10.6  EOL */
-     V <= 1106 ? MYSQL_VERSION_ID < 130400 :   /* until 10.11 EOL */
+     V <= 1107 ? MYSQL_VERSION_ID < 130400 :   /* until 10.11 EOL */
      V == 999999,    /* only for sys_var::do_deprecated_warning() */
      "check_deprecated_version failed"
   );

sql/item_strfunc.cc

@@ -2896,6 +2896,17 @@ bool Item_func_current_user::fix_fields(THD *thd, Item **ref)
   return init(ctx->priv_user, ctx->priv_host);
 }
 
+bool Item_func_session_user::fix_fields(THD *thd, Item **ref)
+{
+  if (thd->variables.old_behavior & OLD_MODE_SESSION_USER_IS_USER)
+    return Item_func_user::fix_fields(thd, ref);
+
+  if (Item_func_sysconst::fix_fields(thd, ref))
+    return TRUE;
+
+  return init(thd->main_security_ctx.priv_user, thd->main_security_ctx.priv_host);
+}
+
 bool Item_func_current_role::fix_fields(THD *thd, Item **ref)
 {
   if (Item_func_sysconst::fix_fields(thd, ref))

sql/item_strfunc.h

@@ -1283,6 +1283,23 @@ public:
   }
 };
 
+class Item_func_session_user :public Item_func_user
+{
+public:
+  Item_func_session_user(THD *thd):
+    Item_func_user(thd) {}
+  bool fix_fields(THD *thd, Item **ref) override;
+  LEX_CSTRING func_name_cstring() const override
+  {
+    static LEX_CSTRING name= {STRING_WITH_LEN("session_user") };
+    return name;
+  }
+  const Lex_ident_routine fully_qualified_func_name() const override
+  { return Lex_ident_routine("session_user()"_LEX_CSTRING); }
+  Item *do_get_copy(THD *thd) const override
+  { return get_item_copy<Item_func_session_user>(thd, this); }
+};
+
 
 class Item_func_current_role :public Item_func_sysconst
 {

sql/lex.h

@@ -785,7 +785,7 @@ SYMBOL sql_functions[] = {
   { "PERCENTILE_CONT",  SYM(PERCENTILE_CONT_SYM)},
   { "PERCENTILE_DISC",  SYM(PERCENTILE_DISC_SYM)},
   { "RANK",             SYM(RANK_SYM)},
-  { "SESSION_USER",     SYM(USER_SYM)},
+  { "SESSION_USER",     SYM(SESSION_USER_SYM)},
   { "STD",		SYM(STD_SYM)},
   { "STDDEV",		SYM(STD_SYM)},
   { "STDDEV_POP",	SYM(STD_SYM)},

sql/sql_class.h

@@ -208,6 +208,7 @@ enum enum_binlog_row_image {
 #define OLD_MODE_NO_NULL_COLLATION_IDS  (1 << 6)
 #define OLD_MODE_LOCK_ALTER_TABLE_COPY  (1 << 7)
 #define OLD_MODE_OLD_FLUSH_STATUS       (1 << 8)
+#define OLD_MODE_SESSION_USER_IS_USER   (1 << 9)
 
 #define OLD_MODE_DEFAULT_VALUE          OLD_MODE_UTF8_IS_UTF8MB3
 

sql/sql_yacc.yy

@@ -1078,6 +1078,7 @@ bool my_yyoverflow(short **a, YYSTYPE **b, size_t *yystacksize);
 %token  <kwd>  SERIALIZABLE_SYM              /* SQL-2003-N */
 %token  <kwd>  SERIAL_SYM
 %token  <kwd>  SESSION_SYM                   /* SQL-2003-N */
+%token  <kwd>  SESSION_USER_SYM              /* SQL-2003-R */
 %token  <kwd>  SERVER_SYM
 %token  <kwd>  SETVAL_SYM                    /* PostgreSQL sequence function */
 %token  <kwd>  SHARE_SYM
@@ -10275,6 +10276,14 @@ function_call_keyword:
             Lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_SYSTEM_FUNCTION);
             Lex->safe_to_cache_query= 0;
           }
+        | SESSION_USER_SYM '(' ')'
+          {
+            $$= new (thd->mem_root) Item_func_session_user(thd);
+            if (unlikely($$ == NULL))
+              MYSQL_YYABORT;
+            Lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_SYSTEM_FUNCTION);
+            Lex->safe_to_cache_query=0;
+          }
         | TIME_SYM '(' expr ')'
           {
             $$= new (thd->mem_root) Item_time_typecast(thd, $3,
@@ -16438,6 +16447,7 @@ keyword_sp_var_and_label:
         | USER_SYM           %prec PREC_BELOW_CONTRACTION_TOKEN2
         | VALUE_SYM
         | WEIGHT_STRING_SYM
+        | SESSION_USER_SYM
         ;
 
 

sql/sys_vars.cc

@@ -3992,6 +3992,7 @@ static const char *old_mode_names[]=
   "NO_NULL_COLLATION_IDS",              // 6: deprecated since 11.3
   "LOCK_ALTER_TABLE_COPY",              // 7: deprecated since 11.3
   "OLD_FLUSH_STATUS",                   // 8: deprecated since 11.5
+  "SESSION_USER_IS_USER",               // 9: deprecated since 11.7
   0
 };
 
@@ -4014,6 +4015,9 @@ static bool old_mode_deprecated(sys_var *self, THD *thd, set_var *var)
   for (; i <= 8; i++)
     if ((1ULL<<i) & v)
       warn_deprecated<1105>(thd, old_mode_names[i]);
+  for (; i <= 9; i++)
+    if ((1ULL<<i) & v)
+      warn_deprecated<1107>(thd, old_mode_names[i]);
   return false;
 }