From b1daecfc45145ce9e259a893ffed01e77af7217b Mon Sep 17 00:00:00 2001
From: Sergei Golubchik <serg@mariadb.org>
Date: Sun, 13 Jul 2025 09:36:08 +0200
Subject: [PATCH] MDEV-30190 Password check plugin prevents changing grants for
 CURRENT_USER

CURRENT_USER should not initialize $$->auth, just like explicitly
specified user name doesn't.
---
 .../plugins/r/simple_password_check.result     | 18 +++++++++++++++++-
 .../suite/plugins/t/simple_password_check.test | 15 ++++++++++++++-
 sql/sql_yacc.yy                                |  1 -
 3 files changed, 31 insertions(+), 3 deletions(-)

diff --git a/mysql-test/suite/plugins/r/simple_password_check.result b/mysql-test/suite/plugins/r/simple_password_check.result
index 0826b7f6637..8046761d708 100644
--- a/mysql-test/suite/plugins/r/simple_password_check.result
+++ b/mysql-test/suite/plugins/r/simple_password_check.result
@@ -261,6 +261,22 @@ install soname "simple_password_check";
 MARIADB-ADMIN: unable to change password; error: 'The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement'
 # All done
 uninstall plugin simple_password_check;
-#
 # End of 10.4 tests
 #
+# MDEV-30190 Password check plugin prevents changing grants for CURRENT_USER
+#
+select priv into @old_priv from mysql.global_priv where user='root' and host='localhost';
+install soname "simple_password_check";
+grant all on db1.* to current_user;
+select current_user;
+current_user
+root@localhost
+show grants;
+Grants for root@localhost
+GRANT ALL PRIVILEGES ON *.* TO `root`@`localhost` WITH GRANT OPTION
+GRANT ALL PRIVILEGES ON `db1`.* TO `root`@`localhost`
+GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
+revoke all on db1.* from current_user;
+uninstall plugin simple_password_check;
+update mysql.global_priv set priv=@old_priv where user='root' and host='localhost';
+# End of 10.11 tests
diff --git a/mysql-test/suite/plugins/t/simple_password_check.test b/mysql-test/suite/plugins/t/simple_password_check.test
index 442585e89d4..5b55512591e 100644
--- a/mysql-test/suite/plugins/t/simple_password_check.test
+++ b/mysql-test/suite/plugins/t/simple_password_check.test
@@ -165,6 +165,19 @@ install soname "simple_password_check";
 --echo # All done
 uninstall plugin simple_password_check;
 
---echo #
 --echo # End of 10.4 tests
+
 --echo #
+--echo # MDEV-30190 Password check plugin prevents changing grants for CURRENT_USER
+--echo #
+select priv into @old_priv from mysql.global_priv where user='root' and host='localhost';
+install soname "simple_password_check";
+grant all on db1.* to current_user;
+select current_user;
+show grants;
+revoke all on db1.* from current_user;
+uninstall plugin simple_password_check;
+#cleanup
+update mysql.global_priv set priv=@old_priv where user='root' and host='localhost';
+
+--echo # End of 10.11 tests
diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy
index b2b8aca2eb6..ed1942ff70b 100644
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -15505,7 +15505,6 @@ user_maybe_role:
             if (unlikely(!($$=(LEX_USER*)thd->calloc(sizeof(LEX_USER)))))
               MYSQL_YYABORT;
             $$->user= current_user;
-            $$->auth= new (thd->mem_root) USER_AUTH();
           }
         ;