From ce7ab467dbdfb5fc83a22bd53d923f7d0d1c6a3e Mon Sep 17 00:00:00 2001 From: Dmitry Shulga Date: Wed, 28 May 2025 00:05:05 +0700 Subject: [PATCH] MDEV-35617: DROP USER should leave no active session for that user DROP USER looks for sessions by the do-be-dropped user and if found: * fails with ER_CANNOT_USER in Oracle mode * continues with ER_ACTIVE_CONNECTIONS_FOR_USER_TO_DROP warning otherwise Every user being dropped is marked with flag that disallow establishing a new connections on behalf this user. --- mysql-test/main/auth_rpl.test | 2 + mysql-test/main/create_drop_user.result | 77 ++++++++++++ mysql-test/main/create_drop_user.test | 91 ++++++++++++++ mysql-test/main/grant.result | 2 + mysql-test/main/grant_utf8_cli.test | 2 + mysql-test/main/information_schema_db.result | 2 + mysql-test/main/lock_view.test | 2 + mysql-test/main/mysql.test | 2 + mysql-test/main/mysqlbinlog.test | 3 + mysql-test/main/mysqldump-system.test | 2 + mysql-test/main/mysqldump.result | 2 + mysql-test/main/mysqldump.test | 4 + mysql-test/main/password_expiration.test | 6 + .../main/password_expiration_unix_socket.test | 2 + mysql-test/main/plugin_auth_qa_1.test | 6 + mysql-test/main/plugin_auth_qa_2.test | 10 +- mysql-test/main/ssl_autoverify.test | 2 + mysql-test/main/ssl_cipher.test | 3 + mysql-test/main/upgrade_MDEV-19650.result | 2 + mysql-test/main/user_limits.test | 6 + mysql-test/main/view_grant.result | 2 + mysql-test/suite/binlog/t/binlog_grant.test | 2 + .../suite/binlog_encryption/rpl_ssl.result | 2 + .../engines/funcs/r/rpl_slave_status.result | 2 + mysql-test/suite/events/events_bugs.result | 2 + .../suite/federated/federated_bug_25714.test | 2 + .../suite/federated/federated_server.test | 2 + mysql-test/suite/federated/update.test | 2 + mysql-test/suite/galera/r/MW-416.result | 2 + .../suite/galera/r/galera_read_only.result | 2 + mysql-test/suite/galera/r/galera_roles.result | 2 + mysql-test/suite/galera/r/rename.result | 2 + mysql-test/suite/plugins/t/multiauth.test | 9 ++ mysql-test/suite/plugins/t/pam.test | 4 + mysql-test/suite/plugins/t/parsec.test | 3 + .../roles/create_and_drop_current.result | 2 + mysql-test/suite/roles/definer.result | 2 + mysql-test/suite/roles/definer.test | 2 + .../suite/roles/drop_current_user-5176.result | 2 + .../rpl/r/rpl_password_boundaries.result | 2 + .../r/rpl_perfschema_connect_config.result | 2 + .../rpl/r/rpl_slave_alias_replica.result | 2 + .../r/rpl_slave_restart_long_password.result | 2 + .../suite/rpl/r/rpl_slave_status.result | 2 + mysql-test/suite/rpl/r/rpl_ssl.result | 4 +- mysql-test/suite/rpl/r/rpl_ssl1.result | 2 + mysql-test/suite/rpl/t/rpl_ssl1.test | 2 + sql/share/errmsg-utf8.txt | 4 +- sql/sql_acl.cc | 114 +++++++++++++++++- .../bugfix/r/direct_sql_with_comma_pwd.result | 2 + .../spider/bugfix/t/mdev_34589.test | 2 + 51 files changed, 410 insertions(+), 6 deletions(-) diff --git a/mysql-test/main/auth_rpl.test b/mysql-test/main/auth_rpl.test index 9b2c4357cf0..bfabc83aba5 100644 --- a/mysql-test/main/auth_rpl.test +++ b/mysql-test/main/auth_rpl.test @@ -57,7 +57,9 @@ DROP USER 'plug_user'; --echo # Cleanup (on master). --connection master +--disable_warnings DROP USER 'plug_user'; +--enable_warnings --let $rpl_only_running_threads= 1 --source include/rpl_end.inc diff --git a/mysql-test/main/create_drop_user.result b/mysql-test/main/create_drop_user.result index 67717f3e4e0..16653196e37 100644 --- a/mysql-test/main/create_drop_user.result +++ b/mysql-test/main/create_drop_user.result @@ -41,3 +41,80 @@ Warnings: Note 1974 Can't drop user 'u1'@'%'; it doesn't exist DROP USER u2; ERROR HY000: Operation DROP USER failed for 'u2'@'%' +# +# MDEV-35617: DROP USER should leave no active session for that user +# +CREATE USER u1; +CREATE USER u2; +CREATE USER u3; +GRANT ALL on test.* to u1; +GRANT ALL on test.* to u2; +GRANT ALL on test.* to u3; +# Establish two connections on behalf the users u1, u3 +# A connection on behalf the user u2 isn't established intentionally +connect con1, localhost, u1, , test; +connect con3, localhost, u3, , test; +# Drop the users u1, u2, u3. Since the users u1 and u3 have active +# connections to the server, the warning about it will be output +connection default; +DROP USER u1, u2, u3; +Warnings: +Note 4227 Dropped users 'u1'@'%','u3'@'%' have active connections. Use KILL CONNECTION if they should not be used anymore. +# None of the users u1, u2, u3 should be present in the system +SELECT user, host FROM mysql.user WHERE user IN ('u1', 'u2', 'u3'); +User Host +disconnect con1; +disconnect con3; +# Check behaviour of the DROP USER statement in +# oracle compatibility mode +SET @save_sql_mode = @@sql_mode; +SET sql_mode="oracle"; +CREATE USER u1; +CREATE USER u2; +CREATE USER u3; +GRANT ALL on test.* to u1; +GRANT ALL on test.* to u2; +GRANT ALL on test.* to u3; +# Established two connections on behalf the users u1, u3; +# A connection on behalf the user u2 isn't established intentionally +connect con1, localhost, u1, , test; +connect con3, localhost, u3, , test; +connection default; +# In oracle compatibility mode, DROP USER fails in case +# there are connections on behalf the users being dropped. +DROP USER u1, u2, u3; +ERROR HY000: Operation DROP USER failed for 'u1'@'%','u3'@'%' +# It is expected to see two users in output of the query: u1 and u3, +# u2 should be dropped since it doesn't have active connection at the moment +SELECT user, host FROM mysql.user WHERE user IN ('u1', 'u2', 'u3'); +User Host +u1 % +u3 % +SET sql_mode= @save_sql_mode; +disconnect con1; +disconnect con3; +# Clean up +# Clean up +DROP USER u1, u3; +CREATE USER u@localhost; +CREATE USER u@'%'; +connect u,localhost,u; +connection default; +DROP USER u@'%'; +disconnect u; +DROP USER u@localhost; +CREATE USER u@localhost; +SET sql_mode=oracle; +connect u,localhost,u; +connection default; +DROP USER u@'%'; +ERROR HY000: Operation DROP USER failed for 'u'@'%' +disconnect u; +connect u,localhost,u; +SELECT user(), current_user(); +user() current_user() +u@localhost u@localhost +disconnect u; +connection default; +# Clean up +DROP USER u@localhost; diff --git a/mysql-test/main/create_drop_user.test b/mysql-test/main/create_drop_user.test index 234383fb4ca..635eacb43d8 100644 --- a/mysql-test/main/create_drop_user.test +++ b/mysql-test/main/create_drop_user.test @@ -44,3 +44,94 @@ DROP USER IF EXISTS u1, u2; --error ER_CANNOT_USER DROP USER u2; + +--echo # +--echo # MDEV-35617: DROP USER should leave no active session for that user +--echo # + +CREATE USER u1; +CREATE USER u2; +CREATE USER u3; + +GRANT ALL on test.* to u1; +GRANT ALL on test.* to u2; +GRANT ALL on test.* to u3; + +--echo # Establish two connections on behalf the users u1, u3 +--echo # A connection on behalf the user u2 isn't established intentionally +--connect (con1, localhost, u1, , test) +--connect (con3, localhost, u3, , test) + +--echo # Drop the users u1, u2, u3. Since the users u1 and u3 have active +--echo # connections to the server, the warning about it will be output +--connection default +DROP USER u1, u2, u3; + +--echo # None of the users u1, u2, u3 should be present in the system +SELECT user, host FROM mysql.user WHERE user IN ('u1', 'u2', 'u3'); + +--disconnect con1 +--disconnect con3 + +--echo # Check behaviour of the DROP USER statement in +--echo # oracle compatibility mode +SET @save_sql_mode = @@sql_mode; +SET sql_mode="oracle"; +CREATE USER u1; +CREATE USER u2; +CREATE USER u3; + +GRANT ALL on test.* to u1; +GRANT ALL on test.* to u2; +GRANT ALL on test.* to u3; + +--echo # Established two connections on behalf the users u1, u3; +--echo # A connection on behalf the user u2 isn't established intentionally +--connect (con1, localhost, u1, , test) +--connect (con3, localhost, u3, , test) + +--connection default +--echo # In oracle compatibility mode, DROP USER fails in case +--echo # there are connections on behalf the users being dropped. +--error ER_CANNOT_USER +DROP USER u1, u2, u3; + +--echo # It is expected to see two users in output of the query: u1 and u3, +--echo # u2 should be dropped since it doesn't have active connection at the moment +SELECT user, host FROM mysql.user WHERE user IN ('u1', 'u2', 'u3'); +SET sql_mode= @save_sql_mode; + +--disconnect con1 +--disconnect con3 +--echo # Clean up +--disable_warnings +--echo # Clean up +DROP USER u1, u3; +--enable_warnings + +CREATE USER u@localhost; +CREATE USER u@'%'; +--connect u,localhost,u +--connection default +DROP USER u@'%'; + +--disconnect u +--disable_warnings +DROP USER u@localhost; +--enable_warnings + +CREATE USER u@localhost; +SET sql_mode=oracle; +--connect u,localhost,u +--connection default +--error ER_CANNOT_USER +DROP USER u@'%'; +--disconnect u + +--connect u,localhost,u +SELECT user(), current_user(); + +--disconnect u +--connection default +--echo # Clean up +DROP USER u@localhost; diff --git a/mysql-test/main/grant.result b/mysql-test/main/grant.result index 6631ef7fc21..f392cd8fe25 100644 --- a/mysql-test/main/grant.result +++ b/mysql-test/main/grant.result @@ -1585,6 +1585,8 @@ mysqltest1.f1() 0 connection default; drop user mysqluser1@localhost; +Warnings: +Note 4227 Dropped users 'mysqluser1'@'localhost' have active connections. Use KILL CONNECTION if they should not be used anymore. # # Test that dropping of user is properly reflected in # both privilege tables and in in-memory structures. diff --git a/mysql-test/main/grant_utf8_cli.test b/mysql-test/main/grant_utf8_cli.test index 2fe7c9ad94c..58e3bb53797 100644 --- a/mysql-test/main/grant_utf8_cli.test +++ b/mysql-test/main/grant_utf8_cli.test @@ -8,5 +8,7 @@ set names utf8; create user юзер_юзер@localhost; grant select on test.* to юзер_юзер@localhost; --exec $MYSQL --default-character-set=utf8 --user=юзер_юзер -e "select user()" +--disable_warnings drop user юзер_юзер@localhost; +--enable_warnings set names default; diff --git a/mysql-test/main/information_schema_db.result b/mysql-test/main/information_schema_db.result index 05114d945dc..7acb9ff5ad1 100644 --- a/mysql-test/main/information_schema_db.result +++ b/mysql-test/main/information_schema_db.result @@ -473,6 +473,8 @@ USER PASSWORD_ERRORS PASSWORD_EXPIRATION_TIME # Delete user while some connection is still alive, then select. connection default; drop user nice_user; +Warnings: +Note 4227 Dropped users 'nice_user'@'%' have active connections. Use KILL CONNECTION if they should not be used anymore. connection con2; select * from information_schema.users; ERROR 0L000: The current user is invalid diff --git a/mysql-test/main/lock_view.test b/mysql-test/main/lock_view.test index 4a2c66edfbe..536b4c4fbb0 100644 --- a/mysql-test/main/lock_view.test +++ b/mysql-test/main/lock_view.test @@ -94,5 +94,7 @@ connection default; exec $MYSQL_DUMP --no-autocommit=0 test v1 -uu1 --compact; drop view v1; drop table t1; +--disable_warnings drop user u1@localhost; +--enable_warnings --enable_service_connection diff --git a/mysql-test/main/mysql.test b/mysql-test/main/mysql.test index 73436c0307f..3b88b00adf4 100644 --- a/mysql-test/main/mysql.test +++ b/mysql-test/main/mysql.test @@ -792,7 +792,9 @@ create user ser@localhost identified by "ass"; --echo MYSQL --ssl-verify-server-cert -e "\\s" --replace_regex /^.[^S].*// /\b[-A-Z_0-9]+,/XXX,/ --exec $MYSQL -user -pass --ssl-verify-server-cert -e "\\s" +--disable_warnings drop user ser@localhost; +--enable_warnings --echo # --echo # MDEV-32473 --disable-ssl doesn't disable it diff --git a/mysql-test/main/mysqlbinlog.test b/mysql-test/main/mysqlbinlog.test index 0bc273a6457..b1ebf16223a 100644 --- a/mysql-test/main/mysqlbinlog.test +++ b/mysql-test/main/mysqlbinlog.test @@ -4,6 +4,7 @@ -- source include/have_log_bin.inc -- source include/binlog_start_pos.inc +-- source include/count_sessions.inc --disable_query_log CALL mtr.add_suppression("Unsafe statement written to the binary log using statement format since BINLOG_FORMAT = STATEMENT"); @@ -365,6 +366,7 @@ echo mysql mysqltest1 -uuntrusted < var/tmp/bug31611.sql; error 1; exec $MYSQL mysqltest1 -uuntrusted < $MYSQLTEST_VARDIR/tmp/bug31611.sql; --remove_file $MYSQLTEST_VARDIR/tmp/bug31611.sql + connection unsecure; error ER_TABLEACCESS_DENIED_ERROR; INSERT INTO t1 VALUES (1,USER()); @@ -373,6 +375,7 @@ SELECT * FROM t1; connection default; disconnect unsecure; DROP DATABASE mysqltest1; +--source include/wait_until_count_sessions.inc DROP USER untrusted@localhost; --echo # Bug#32580 mysqlbinlog cannot read binlog event with user variables diff --git a/mysql-test/main/mysqldump-system.test b/mysql-test/main/mysqldump-system.test index dc338cbe7e8..d23bd18c5d5 100644 --- a/mysql-test/main/mysqldump-system.test +++ b/mysql-test/main/mysqldump-system.test @@ -125,7 +125,9 @@ set time_zone= @@global.time_zone; --echo # Restore from mysqldump --exec $MYSQL --user mariadb_test_restore --password=getitback --show-warnings < $MYSQLTEST_VARDIR/tmp/dump1.sql +--disable_warnings DROP USER mariadb_test_restore; +--enable_warnings # successful restore? diff --git a/mysql-test/main/mysqldump.result b/mysql-test/main/mysqldump.result index 8e2eb790763..15c6e7f1af9 100644 --- a/mysql-test/main/mysqldump.result +++ b/mysql-test/main/mysqldump.result @@ -3934,6 +3934,8 @@ drop table t1; drop table u1; revoke all privileges on mysqldump_myDB.* from myDB_User@localhost; drop user myDB_User@localhost; +Warnings: +Note 4227 Dropped users 'myDB_User'@'localhost' have active connections. Use KILL CONNECTION if they should not be used anymore. drop database mysqldump_myDB; flush privileges; # Bug#21424 continues from here. diff --git a/mysql-test/main/mysqldump.test b/mysql-test/main/mysqldump.test index 00f54c8e6ee..fa6c06a200a 100644 --- a/mysql-test/main/mysqldump.test +++ b/mysql-test/main/mysqldump.test @@ -1617,8 +1617,10 @@ drop procedure sp1; connection default; disconnect user27293; +--disable_warnings drop user user1; drop user user2; +--enable_warnings drop database mysqldump_test_db; @@ -2348,7 +2350,9 @@ connection conn_1; connection default; disconnect conn_1; +--disable_warnings DROP USER user1; +--enable_warnings DROP DATABASE BUG52792; --echo # UTF-8 CREATE DATABASE BUG52792; diff --git a/mysql-test/main/password_expiration.test b/mysql-test/main/password_expiration.test index b7d1269537a..efa0369cf27 100644 --- a/mysql-test/main/password_expiration.test +++ b/mysql-test/main/password_expiration.test @@ -3,6 +3,7 @@ # --source include/not_embedded.inc +--source include/count_sessions.inc --echo # --echo # Only privileged users should be able to expire passwords @@ -54,6 +55,7 @@ set global disconnect_on_expired_password=ON; connect(con1,localhost,user1); --exec $MYSQL --connect-expired-password -u user1 -e "set password=password('');" +--source include/wait_until_count_sessions.inc drop user user1@localhost; --echo # @@ -65,6 +67,7 @@ set global disconnect_on_expired_password=ON; --replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK --error ER_MUST_CHANGE_PASSWORD_LOGIN connect(con1,localhost,user1); +--source include/wait_until_count_sessions.inc drop user user1@localhost; --echo # @@ -94,6 +97,7 @@ flush privileges; --replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK --error ER_MUST_CHANGE_PASSWORD_LOGIN connect(con1,localhost,user1); +--source include/wait_until_count_sessions.inc drop user user1@localhost; --echo # @@ -215,6 +219,7 @@ flush privileges; --replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK --error ER_MUST_CHANGE_PASSWORD_LOGIN connect(con1,localhost,user1); +--source include/wait_until_count_sessions.inc drop user user1@localhost; --echo # @@ -237,6 +242,7 @@ flush privileges; --replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK --error ER_MUST_CHANGE_PASSWORD_LOGIN connect(con1,localhost,user1); +--source include/wait_until_count_sessions.inc drop user user1@localhost; --echo # diff --git a/mysql-test/main/password_expiration_unix_socket.test b/mysql-test/main/password_expiration_unix_socket.test index d936d65bc21..928b1d7e5ab 100644 --- a/mysql-test/main/password_expiration_unix_socket.test +++ b/mysql-test/main/password_expiration_unix_socket.test @@ -21,4 +21,6 @@ --let $replace=drop user '$USER' --replace_result $replace "drop user 'USER'" +--disable_warnings --eval drop user '$USER' +--enable_warnings diff --git a/mysql-test/main/plugin_auth_qa_1.test b/mysql-test/main/plugin_auth_qa_1.test index 2c605a52b01..03c7039c607 100644 --- a/mysql-test/main/plugin_auth_qa_1.test +++ b/mysql-test/main/plugin_auth_qa_1.test @@ -4,6 +4,7 @@ --source include/not_embedded.inc #enable view protocol after fix MDEV-29542 --source include/no_view_protocol.inc +--source include/count_sessions.inc CREATE DATABASE test_user_db; @@ -27,6 +28,7 @@ GRANT ALL ON test_user_db.* TO 'plug_dest'@'%'; REVOKE PROXY ON plug_dest FROM plug_user; --error 1 --exec $MYSQL -u plug_user --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1 +--source include/wait_until_count_sessions.inc DROP USER plug_user,plug_dest; # # GRANT...WITH @@ -48,6 +50,7 @@ REVOKE PROXY ON plug_dest FROM plug_user; --echo 3) --error 1 --exec $MYSQL -u plug_user --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1 +--source include/wait_until_count_sessions.inc DROP USER plug_user,plug_dest; # # GRANT...WITH/CREATE...BY @@ -62,6 +65,7 @@ GRANT ALL ON test_user_db.* TO 'plug_dest'@'%'; --echo 2) --replace_result $MASTER_MYSOCK MASTER_MYSOCK --exec $MYSQL -u plug_user --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1 +--source include/wait_until_count_sessions.inc DROP USER plug_user,plug_dest; --echo ========== test 1.2 ======================================== @@ -81,6 +85,7 @@ GRANT PROXY ON new_dest TO plug_user; --exec $MYSQL -u plug_user --password=new_dest -e "SELECT current_user();SELECT user();" 2>&1 --sorted_result SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +--source include/wait_until_count_sessions.inc DROP USER plug_user,new_dest; # CREATE...WITH/CREATE...BY @@ -100,6 +105,7 @@ GRANT PROXY ON new_dest TO plug_user; --exec $MYSQL -u plug_user --password=new_dest -e "SELECT current_user();SELECT user();" 2>&1 --sorted_result SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +--source include/wait_until_count_sessions.inc DROP USER plug_user,new_dest; # CREATE...WITH CREATE USER plug_user diff --git a/mysql-test/main/plugin_auth_qa_2.test b/mysql-test/main/plugin_auth_qa_2.test index bed5eec59e9..f6c813e287d 100644 --- a/mysql-test/main/plugin_auth_qa_2.test +++ b/mysql-test/main/plugin_auth_qa_2.test @@ -7,6 +7,7 @@ --source include/not_embedded.inc #enable view protocol after fix MDEV-29542 --source include/no_view_protocol.inc +--source include/count_sessions.inc CREATE DATABASE test_user_db; @@ -29,6 +30,7 @@ SELECT @@external_user; --sorted_result SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +--source include/wait_until_count_sessions.inc DROP USER qa_test_1_user; DROP USER qa_test_1_dest; @@ -52,6 +54,7 @@ SELECT @@external_user; --sorted_result SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; +--source include/wait_until_count_sessions.inc DROP USER qa_test_2_user; DROP USER qa_test_2_dest; DROP USER authenticated_as; @@ -66,6 +69,7 @@ GRANT PROXY ON qa_test_3_dest TO qa_test_3_user; --echo exec MYSQL -h localhost -u qa_test_3_user --password=qa_test_3_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 --exec $MYSQL -h localhost -u qa_test_3_user --password=qa_test_3_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +--source include/wait_until_count_sessions.inc DROP USER qa_test_3_user; DROP USER qa_test_3_dest; @@ -79,6 +83,7 @@ GRANT PROXY ON qa_test_4_dest TO qa_test_4_user; --echo exec MYSQL -h localhost -u qa_test_4_user --password=qa_test_4_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 --exec $MYSQL -h localhost -u qa_test_4_user --password=qa_test_4_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +--source include/wait_until_count_sessions.inc DROP USER qa_test_4_user; DROP USER qa_test_4_dest; @@ -99,6 +104,7 @@ SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != --error 1 --exec $MYSQL -h localhost --user=qa_test_5_user --password=qa_test_5_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +--source include/wait_until_count_sessions.inc DROP USER qa_test_5_user; DROP USER qa_test_5_dest; DROP USER ''@'localhost'; @@ -133,6 +139,7 @@ SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root'; --error 1 --exec $MYSQL -h localhost --user=root --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +--source include/wait_until_count_sessions.inc DROP USER qa_test_6_user; DROP USER qa_test_6_dest; DELETE FROM mysql.user WHERE user='root' AND plugin='qa_auth_interface'; @@ -151,7 +158,6 @@ GRANT PROXY ON qa_test_11_dest TO qa_test_11_user; --error 1 --exec $MYSQL --default_auth=qa_auth_client -h localhost -u qa_test_11_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1 +--source include/wait_until_count_sessions.inc DROP USER qa_test_11_user, qa_test_11_dest; DROP DATABASE test_user_db; - ---exit diff --git a/mysql-test/main/ssl_autoverify.test b/mysql-test/main/ssl_autoverify.test index 0417f6eb76b..e4a05c0d55f 100644 --- a/mysql-test/main/ssl_autoverify.test +++ b/mysql-test/main/ssl_autoverify.test @@ -121,9 +121,11 @@ inc $mitm_port; } drop function have_ssl; +--disable_warnings drop user native@'%'; drop user ed@'%'; drop user nohash@'%'; drop user multi@'%'; +--enable_warnings uninstall plugin ed25519; uninstall plugin three_attempts; diff --git a/mysql-test/main/ssl_cipher.test b/mysql-test/main/ssl_cipher.test index ba5db603acd..20b011fd4a0 100644 --- a/mysql-test/main/ssl_cipher.test +++ b/mysql-test/main/ssl_cipher.test @@ -8,6 +8,7 @@ CALL mtr.add_suppression("are insecure"); --enable_query_log --source include/have_ssl_communication.inc +--source include/count_sessions.inc if (`select @@version_ssl_library like 'OpenSSL 1.1.1%'`) { skip OpenSSL 1.1.1; @@ -43,6 +44,7 @@ connection con4; SHOW STATUS LIKE 'Ssl_cipher'; disconnect con4; connection default; +--source include/wait_until_count_sessions.inc drop user ssl_user1@localhost, ssl_user2@localhost, ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost; # @@ -93,6 +95,7 @@ select 'is still running; no cipher request crashed the server' as result from d create user mysqltest_1@localhost; grant usage on mysqltest.* to mysqltest_1@localhost require cipher "AES256-SHA"; --exec $MYSQL -umysqltest_1 --ssl-cipher=AES256-SHA -e "show status like 'ssl_cipher'" 2>&1 +--source include/wait_until_count_sessions.inc drop user mysqltest_1@localhost; # diff --git a/mysql-test/main/upgrade_MDEV-19650.result b/mysql-test/main/upgrade_MDEV-19650.result index cf02bbc43c4..a7fccf718b6 100644 --- a/mysql-test/main/upgrade_MDEV-19650.result +++ b/mysql-test/main/upgrade_MDEV-19650.result @@ -279,6 +279,8 @@ GRANT PROXY ON ''@'%' TO 'not_root'@'localhost' WITH GRANT OPTION; connect con1,localhost,not_root,,; connection con1; DROP USER 'root'@'localhost'; +Warnings: +Note 4227 Dropped users 'root'@'localhost' have active connections. Use KILL CONNECTION if they should not be used anymore. DROP USER 'root'@'127.0.0.1'; DROP USER 'root'@'::1'; use mysqltest1; diff --git a/mysql-test/main/user_limits.test b/mysql-test/main/user_limits.test index 0399af6a353..299d5a73ae9 100644 --- a/mysql-test/main/user_limits.test +++ b/mysql-test/main/user_limits.test @@ -89,7 +89,9 @@ disconnect mcph2; connect (mcph3, localhost, mysqltest_1,,); # Cleanup connection default; +--disable_warnings drop user mysqltest_1@localhost; +--enable_warnings # Test of MAX_USER_CONNECTIONS limit # We need this to reset internal mqh_used variable @@ -135,7 +137,9 @@ connect (muc5, localhost, mysqltest_1,,); disconnect muc2; disconnect muc3; disconnect muc4; +--disable_warnings drop user mysqltest_1@localhost; +--enable_warnings # Now let us test interaction between global and per-account # max_user_connections limits @@ -201,7 +205,9 @@ connect (muca2, localhost, mysqltest_1,,); connect (muca3, localhost, mysqltest_1,,); disconnect muca2; connection default; +--disable_warnings drop user mysqltest_1@localhost; +--enable_warnings # Final cleanup drop table t1; diff --git a/mysql-test/main/view_grant.result b/mysql-test/main/view_grant.result index 8ee590c0a2f..41414543ddd 100644 --- a/mysql-test/main/view_grant.result +++ b/mysql-test/main/view_grant.result @@ -789,6 +789,8 @@ CREATE VIEW v1 AS SELECT * FROM t1; connection root; GRANT SELECT ON db17254.v1 TO inv_17254@localhost; DROP USER def_17254@localhost; +Warnings: +Note 4227 Dropped users 'def_17254'@'localhost' have active connections. Use KILL CONNECTION if they should not be used anymore. connect inv,localhost,inv_17254,,db17254; connection inv; for a user without SET USER diff --git a/mysql-test/suite/binlog/t/binlog_grant.test b/mysql-test/suite/binlog/t/binlog_grant.test index 5a46c7b3168..7e5eb1df6f9 100644 --- a/mysql-test/suite/binlog/t/binlog_grant.test +++ b/mysql-test/suite/binlog/t/binlog_grant.test @@ -195,7 +195,9 @@ call mtr.add_suppression("Access denied; you need (at least one of) the BINLOG R --remove_file $MYSQLTEST_VARDIR/tmp/mysqlbinlog.sql --disconnect user1 DROP TABLE t2,t1; +--disable_warnings DROP USER user1@localhost; +--enable_warnings --echo # --echo # End of 10.5 test diff --git a/mysql-test/suite/binlog_encryption/rpl_ssl.result b/mysql-test/suite/binlog_encryption/rpl_ssl.result index a8f2d78ecdf..1266bfdaf3f 100644 --- a/mysql-test/suite/binlog_encryption/rpl_ssl.result +++ b/mysql-test/suite/binlog_encryption/rpl_ssl.result @@ -46,6 +46,8 @@ Master_SSL_Key = 'MYSQL_TEST_DIR/std_data/client-key.pem' include/check_slave_is_running.inc connection master; drop user replssl@localhost; +Warnings: +Note 4227 Dropped users 'replssl'@'localhost' have active connections. Use KILL CONNECTION if they should not be used anymore. drop table t1; connection slave; include/stop_slave.inc diff --git a/mysql-test/suite/engines/funcs/r/rpl_slave_status.result b/mysql-test/suite/engines/funcs/r/rpl_slave_status.result index ef122b9ca92..73875665526 100644 --- a/mysql-test/suite/engines/funcs/r/rpl_slave_status.result +++ b/mysql-test/suite/engines/funcs/r/rpl_slave_status.result @@ -30,6 +30,8 @@ n ==== Delete new replication user ==== connection master; DROP USER rpl@127.0.0.1; +Warnings: +Note 4240 Dropped users 'rpl'@'127.0.0.1' have active connections. Use KILL CONNECTION if they should not be used anymore. FLUSH PRIVILEGES; connection slave; ==== Restart slave without privileges ===== diff --git a/mysql-test/suite/events/events_bugs.result b/mysql-test/suite/events/events_bugs.result index 49c8b9dd2d1..90c7848af7b 100644 --- a/mysql-test/suite/events/events_bugs.result +++ b/mysql-test/suite/events/events_bugs.result @@ -659,6 +659,8 @@ Expect 1 1 connection default; DROP USER evtest1@localhost; +Warnings: +Note 4227 Dropped users 'evtest1'@'localhost' have active connections. Use KILL CONNECTION if they should not be used anymore. Sleep 4 seconds SELECT COUNT(*) INTO @row_cnt FROM events_test.event_log; Sleep 4 seconds diff --git a/mysql-test/suite/federated/federated_bug_25714.test b/mysql-test/suite/federated/federated_bug_25714.test index c979e55aa8a..dc8cea6c65c 100644 --- a/mysql-test/suite/federated/federated_bug_25714.test +++ b/mysql-test/suite/federated/federated_bug_25714.test @@ -57,7 +57,9 @@ SELECT LAST_INSERT_ID(); SELECT * from federated.t1; DROP TABLE federated.t1; +--disable_warnings drop user fed@127.0.0.1; +--enable_warnings SET @@GLOBAL.CONCURRENT_INSERT= @OLD_MASTER_CONCURRENT_INSERT; connection slave; DROP TABLE federated.t1; diff --git a/mysql-test/suite/federated/federated_server.test b/mysql-test/suite/federated/federated_server.test index 18a734422d2..aa1b928909b 100644 --- a/mysql-test/suite/federated/federated_server.test +++ b/mysql-test/suite/federated/federated_server.test @@ -274,7 +274,9 @@ select * from federated.t1; # clean up test connection slave; +disable_warnings; drop user test_fed@localhost; +enable_warnings; drop database db_legitimate; drop database db_bogus; diff --git a/mysql-test/suite/federated/update.test b/mysql-test/suite/federated/update.test index 5a0414f1e1a..bf610fe84c2 100644 --- a/mysql-test/suite/federated/update.test +++ b/mysql-test/suite/federated/update.test @@ -25,7 +25,9 @@ drop table tt1; connection slave; drop database db1; +disable_warnings; drop user my@localhost; +enable_warnings; source include/federated_cleanup.inc; diff --git a/mysql-test/suite/galera/r/MW-416.result b/mysql-test/suite/galera/r/MW-416.result index 4c88808c2c8..ea0ca763603 100644 --- a/mysql-test/suite/galera/r/MW-416.result +++ b/mysql-test/suite/galera/r/MW-416.result @@ -92,6 +92,8 @@ UNINSTALL PLUGIN plg; Got one of the listed errors connection node_1; DROP USER 'userMW416'@'localhost'; +Warnings: +Note 4226 Dropped users 'userMW416'@'localhost' have active connections. Use KILL CONNECTION if they should not be used anymore. SHOW DATABASES; Database information_schema diff --git a/mysql-test/suite/galera/r/galera_read_only.result b/mysql-test/suite/galera/r/galera_read_only.result index 1dc910dc8fe..e76dc15b9cd 100644 --- a/mysql-test/suite/galera/r/galera_read_only.result +++ b/mysql-test/suite/galera/r/galera_read_only.result @@ -33,3 +33,5 @@ DROP TABLE t2; SET GLOBAL read_only=FALSE; DROP TABLE t1; DROP USER foo@localhost; +Warnings: +Note 4226 Dropped users 'foo'@'localhost' have active connections. Use KILL CONNECTION if they should not be used anymore. diff --git a/mysql-test/suite/galera/r/galera_roles.result b/mysql-test/suite/galera/r/galera_roles.result index fccef1637f6..ebad1a6bedc 100644 --- a/mysql-test/suite/galera/r/galera_roles.result +++ b/mysql-test/suite/galera/r/galera_roles.result @@ -167,6 +167,8 @@ disconnect foo_node_2; # Connect with node_1 connection node_1; DROP USER foo@localhost; +Warnings: +Note 4226 Dropped users 'foo'@'localhost' have active connections. Use KILL CONNECTION if they should not be used anymore. DROP DATABASE test1; # # MDEV-10566: Create role statement replicated inconsistently in Galera Cluster diff --git a/mysql-test/suite/galera/r/rename.result b/mysql-test/suite/galera/r/rename.result index c4a70a61159..61a36979729 100644 --- a/mysql-test/suite/galera/r/rename.result +++ b/mysql-test/suite/galera/r/rename.result @@ -44,5 +44,7 @@ i 1 connection node_1; DROP USER foo@localhost; +Warnings: +Note 4226 Dropped users 'foo'@'localhost' have active connections. Use KILL CONNECTION if they should not be used anymore. DROP TABLE t2; # End of tests diff --git a/mysql-test/suite/plugins/t/multiauth.test b/mysql-test/suite/plugins/t/multiauth.test index 6ae50b2b3ba..18cad406e91 100644 --- a/mysql-test/suite/plugins/t/multiauth.test +++ b/mysql-test/suite/plugins/t/multiauth.test @@ -1,4 +1,5 @@ --source include/not_ubsan.inc +--source include/count_sessions.inc let $REGEX_VERSION_ID=/$mysql_get_server_version/VERSION_ID/; let $REGEX_PASSWORD_LAST_CHANGED=/password_last_changed": [0-9]*/password_last_changed": #/; @@ -48,6 +49,7 @@ show create user mysqltest1; --echo # name does not match, password bad = failure --error 1 --exec $try_auth -u mysqltest1 -pbad +--source include/wait_until_count_sessions.inc --replace_result $dreplace "drop user 'USER'" eval $dreplace, mysqltest1; @@ -68,6 +70,7 @@ show create user mysqltest1; --echo # name does not match, password bad = failure --error 1 --exec $try_auth -u mysqltest1 -pbad +--source include/wait_until_count_sessions.inc --replace_result $dreplace "drop user 'USER'" eval $dreplace, mysqltest1; @@ -88,6 +91,7 @@ show create user mysqltest1; --echo # name does not match, password bad = failure --error 1 --exec $try_auth -u mysqltest1 -pbad +--source include/wait_until_count_sessions.inc --replace_result $dreplace "drop user 'USER'" eval $dreplace, mysqltest1; @@ -108,6 +112,7 @@ show create user mysqltest1; --echo # name does not match, password bad = failure --error 1 --exec $try_auth -u mysqltest1 -pbad +--source include/wait_until_count_sessions.inc --replace_result $dreplace "drop user 'USER'" eval $dreplace, mysqltest1; @@ -130,6 +135,7 @@ show create user mysqltest1; --echo # name does not match, password bad = failure --error 1 --exec $try_auth -u mysqltest1 -pbad +--source include/wait_until_count_sessions.inc --replace_result $dreplace "drop user 'USER'" eval $dreplace, mysqltest1; @@ -146,6 +152,7 @@ show create user mysqltest1; --echo # password bad = failure --error 1 --exec $try_auth -u mysqltest1 -pbad +--source include/wait_until_count_sessions.inc drop user mysqltest1; # @@ -198,6 +205,7 @@ show create user mysqltest1; --echo # SET PASSWORD helps set password for mysqltest1 = password('bla'); --exec $try_auth -u mysqltest1 -pbla +--source include/wait_until_count_sessions.inc --replace_result $dreplace "drop user 'USER'" eval $dreplace, mysqltest1; @@ -219,6 +227,7 @@ show create user mysqltest1; --exec $try_auth -u mysqltest1 -pgood --plugin-dir=$plugindir/no --echo # no plugin, second password works = ok --exec $try_auth -u mysqltest1 -pworks --plugin-dir=$plugindir/no +--source include/wait_until_count_sessions.inc drop user mysqltest1; uninstall soname 'auth_ed25519'; diff --git a/mysql-test/suite/plugins/t/pam.test b/mysql-test/suite/plugins/t/pam.test index fbe299186e9..f2c910f0ee3 100644 --- a/mysql-test/suite/plugins/t/pam.test +++ b/mysql-test/suite/plugins/t/pam.test @@ -1,5 +1,6 @@ let $PAM_PLUGIN_VERSION= $AUTH_PAM_SO; --source pam_init.inc +--source include/count_sessions.inc --write_file $MYSQLTEST_VARDIR/tmp/pam_good.txt not very secret challenge @@ -83,6 +84,7 @@ alter user test_pam password expire; --error 1 --exec $MYSQL_TEST -u test_pam -pgoodpassword < $MYSQLTEST_VARDIR/tmp/pam_good2.txt +--source include/wait_until_count_sessions.inc drop user test_pam; drop user pam_test; create user PAM_TEST identified via pam using 'mariadb_mtr'; @@ -104,6 +106,7 @@ set global pam_winbind_workaround=1; --remove_file $MYSQLTEST_VARDIR/tmp/pam_good2.txt --remove_file $MYSQLTEST_VARDIR/tmp/pam_bad.txt --remove_file $MYSQLTEST_VARDIR/tmp/pam_ugly.txt +--source include/wait_until_count_sessions.inc drop user PAM_TEST; --echo # @@ -121,6 +124,7 @@ show create user; EOF --exec $MYSQL_TEST -u pam_test < $MYSQLTEST_VARDIR/tmp/setpwd.txt --remove_file $MYSQLTEST_VARDIR/tmp/setpwd.txt +--source include/wait_until_count_sessions.inc drop user pam_test; let $count_sessions= 1; diff --git a/mysql-test/suite/plugins/t/parsec.test b/mysql-test/suite/plugins/t/parsec.test index f021b1d1007..f3b2a91cd9f 100644 --- a/mysql-test/suite/plugins/t/parsec.test +++ b/mysql-test/suite/plugins/t/parsec.test @@ -1,5 +1,6 @@ source include/platform.inc; source include/not_embedded.inc; +source include/count_sessions.inc; if (`select count(*) = 0 from information_schema.plugins where plugin_name = 'parsec'`) { @@ -41,6 +42,7 @@ if ($MTR_COMBINATION_WIN) { --echo # mysql -utest1 -ppwd --ssl-verify-server-cert -e "select test.have_ssl()" --exec $MYSQL --protocol tcp $host -utest1 -ppwd --ssl-verify-server-cert -e "select test.have_ssl()" 2>&1 +source include/wait_until_count_sessions.inc; drop function have_ssl; drop user test1@'%'; @@ -57,4 +59,5 @@ disconnect con4; --error ER_ACCESS_DENIED_ERROR connect con5, localhost, test2, "wrong_pwd"; connection default; +source include/wait_until_count_sessions.inc; drop user test2@'%'; diff --git a/mysql-test/suite/roles/create_and_drop_current.result b/mysql-test/suite/roles/create_and_drop_current.result index 02b784e6dff..16fe89f0d8c 100644 --- a/mysql-test/suite/roles/create_and_drop_current.result +++ b/mysql-test/suite/roles/create_and_drop_current.result @@ -10,6 +10,8 @@ ERROR 42000: You have an error in your SQL syntax; check the manual that corresp create role current_role; ERROR HY000: Operation CREATE ROLE failed for CURRENT_ROLE drop user current_user; +Warnings: +Note 4227 Dropped users 'foo'@'localhost' have active connections. Use KILL CONNECTION if they should not be used anymore. drop user current_role; ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'current_role' at line 1 drop role current_user; diff --git a/mysql-test/suite/roles/definer.result b/mysql-test/suite/roles/definer.result index 5c7d86c1a1e..20b4c8597ad 100644 --- a/mysql-test/suite/roles/definer.result +++ b/mysql-test/suite/roles/definer.result @@ -620,6 +620,8 @@ drop view test.v1, test.v2, test.v3, test.v4, test.v5; drop table t1, t2; drop role role1, role2; drop user foo@localhost; +Warnings: +Note 4227 Dropped users 'foo'@'localhost' have active connections. Use KILL CONNECTION if they should not be used anymore. drop database mysqltest1; use test; create user utest; diff --git a/mysql-test/suite/roles/definer.test b/mysql-test/suite/roles/definer.test index 7a473e1cf1e..5130d9e32d6 100644 --- a/mysql-test/suite/roles/definer.test +++ b/mysql-test/suite/roles/definer.test @@ -327,7 +327,9 @@ drop view test.v1, test.v2, test.v3, test.v4, test.v5; drop table t1, t2; drop role role1, role2; drop user foo@localhost; +--disable_warnings drop database mysqltest1; +--enable_warnings use test; ################################################## diff --git a/mysql-test/suite/roles/drop_current_user-5176.result b/mysql-test/suite/roles/drop_current_user-5176.result index 9c4041a0d1e..20d1c384a20 100644 --- a/mysql-test/suite/roles/drop_current_user-5176.result +++ b/mysql-test/suite/roles/drop_current_user-5176.result @@ -2,6 +2,8 @@ create user foo@localhost; grant create user on *.* to foo@localhost; connect foo,localhost,foo,,; drop user foo@localhost; +Warnings: +Note 4227 Dropped users 'foo'@'localhost' have active connections. Use KILL CONNECTION if they should not be used anymore. select * from information_schema.applicable_roles; GRANTEE ROLE_NAME IS_GRANTABLE IS_DEFAULT show grants; diff --git a/mysql-test/suite/rpl/r/rpl_password_boundaries.result b/mysql-test/suite/rpl/r/rpl_password_boundaries.result index ed05ebbfd68..a0c80ef7089 100644 --- a/mysql-test/suite/rpl/r/rpl_password_boundaries.result +++ b/mysql-test/suite/rpl/r/rpl_password_boundaries.result @@ -54,6 +54,8 @@ ERROR HY000: String 'воттакойужпарольвоттакойужпар connection master; set sql_log_bin=0; drop user rpl32@127.0.0.1, rpl33@127.0.0.1, rpl16cyr@127.0.0.1, rpl17mix@127.0.0.1; +Warnings: +Note 4227 Dropped users 'rpl16cyr'@'127.0.0.1' have active connections. Use KILL CONNECTION if they should not be used anymore. set sql_log_bin=1; connection slave; change master to master_user='root',master_password=''; diff --git a/mysql-test/suite/rpl/r/rpl_perfschema_connect_config.result b/mysql-test/suite/rpl/r/rpl_perfschema_connect_config.result index 07af2e2616a..c8e643e547a 100644 --- a/mysql-test/suite/rpl/r/rpl_perfschema_connect_config.result +++ b/mysql-test/suite/rpl/r/rpl_perfschema_connect_config.result @@ -57,6 +57,8 @@ include/assert.inc [Value returned by SSS and PS table for SSL_Key should be sam include/assert.inc [Value returned by SSS and PS table for SSL_Verify_Server_Certificate should be same.] connection master; drop user replssl@localhost; +Warnings: +Note 4227 Dropped users 'replssl'@'localhost' have active connections. Use KILL CONNECTION if they should not be used anymore. connection slave; include/stop_slave.inc CHANGE MASTER TO diff --git a/mysql-test/suite/rpl/r/rpl_slave_alias_replica.result b/mysql-test/suite/rpl/r/rpl_slave_alias_replica.result index 0ede17132df..db06e8295b4 100644 --- a/mysql-test/suite/rpl/r/rpl_slave_alias_replica.result +++ b/mysql-test/suite/rpl/r/rpl_slave_alias_replica.result @@ -22,6 +22,8 @@ connection slave; connection master; "Command: SHOW SLAVE HOSTS --> SHOW REPLICA HOSTS" DROP USER 'repl_user'; +Warnings: +Note 4227 Dropped users 'repl_user'@'%' have active connections. Use KILL CONNECTION if they should not be used anymore. connection slave; "Command: SHOW SLAVE IO/SQL THREAD --> SHOW REPLICA IO/SQL THREAD" STOP REPLICA IO_THREAD; diff --git a/mysql-test/suite/rpl/r/rpl_slave_restart_long_password.result b/mysql-test/suite/rpl/r/rpl_slave_restart_long_password.result index 52686c1b6ee..93303546da1 100644 --- a/mysql-test/suite/rpl/r/rpl_slave_restart_long_password.result +++ b/mysql-test/suite/rpl/r/rpl_slave_restart_long_password.result @@ -18,6 +18,8 @@ include/check_slave_param.inc [Slave_IO_Running] connection master; SET SQL_LOG_BIN=0; DROP USER rpl@127.0.0.1; +Warnings: +Note 4227 Dropped users 'rpl'@'127.0.0.1' have active connections. Use KILL CONNECTION if they should not be used anymore. FLUSH PRIVILEGES; SET SQL_LOG_BIN=1; connection slave; diff --git a/mysql-test/suite/rpl/r/rpl_slave_status.result b/mysql-test/suite/rpl/r/rpl_slave_status.result index ef122b9ca92..d3a8f638af8 100644 --- a/mysql-test/suite/rpl/r/rpl_slave_status.result +++ b/mysql-test/suite/rpl/r/rpl_slave_status.result @@ -30,6 +30,8 @@ n ==== Delete new replication user ==== connection master; DROP USER rpl@127.0.0.1; +Warnings: +Note 4227 Dropped users 'rpl'@'127.0.0.1' have active connections. Use KILL CONNECTION if they should not be used anymore. FLUSH PRIVILEGES; connection slave; ==== Restart slave without privileges ===== diff --git a/mysql-test/suite/rpl/r/rpl_ssl.result b/mysql-test/suite/rpl/r/rpl_ssl.result index 8c696f25752..1266bfdaf3f 100644 --- a/mysql-test/suite/rpl/r/rpl_ssl.result +++ b/mysql-test/suite/rpl/r/rpl_ssl.result @@ -46,6 +46,8 @@ Master_SSL_Key = 'MYSQL_TEST_DIR/std_data/client-key.pem' include/check_slave_is_running.inc connection master; drop user replssl@localhost; +Warnings: +Note 4227 Dropped users 'replssl'@'localhost' have active connections. Use KILL CONNECTION if they should not be used anymore. drop table t1; connection slave; include/stop_slave.inc @@ -55,5 +57,5 @@ master_ssl = 1, master_ssl_ca = '', master_ssl_cert = '', master_ssl_key = ''; -End of 5.0 tests +# End of 5.0 tests include/rpl_end.inc diff --git a/mysql-test/suite/rpl/r/rpl_ssl1.result b/mysql-test/suite/rpl/r/rpl_ssl1.result index 80d27c074de..a6459d4abe8 100644 --- a/mysql-test/suite/rpl/r/rpl_ssl1.result +++ b/mysql-test/suite/rpl/r/rpl_ssl1.result @@ -112,6 +112,8 @@ master_ssl_verify_server_cert=0, master_ssl=1; connection master; drop user replssl@127.0.0.1; +Warnings: +Note 4227 Dropped users 'replssl'@'127.0.0.1' have active connections. Use KILL CONNECTION if they should not be used anymore. connection slave; drop user replssl@127.0.0.1; include/rpl_end.inc diff --git a/mysql-test/suite/rpl/t/rpl_ssl1.test b/mysql-test/suite/rpl/t/rpl_ssl1.test index d4ef97d4e7d..10af3b03125 100644 --- a/mysql-test/suite/rpl/t/rpl_ssl1.test +++ b/mysql-test/suite/rpl/t/rpl_ssl1.test @@ -61,7 +61,9 @@ change master to master_user='root',master_password='', master_ssl=0; start slave; --source include/wait_for_slave_to_start.inc connection master; +disable_warnings; drop user replssl@localhost; +enable_warnings; drop table t1; sync_slave_with_master; diff --git a/sql/share/errmsg-utf8.txt b/sql/share/errmsg-utf8.txt index 6cd5e086871..65cb6526a43 100644 --- a/sql/share/errmsg-utf8.txt +++ b/sql/share/errmsg-utf8.txt @@ -12329,4 +12329,6 @@ ER_WARN_MALFORMED_HINT ER_WARN_HINTS_ON_INSERT_PART_OF_INSERT_SELECT eng "Optimizer hints at the INSERT part of a INSERT..SELECT statement are not supported" ER_INIT_SLAVE_ERROR - eng "Slave SQL thread aborted. Can't execute init_slave query due to error code %u: %s" + eng "Slave SQL thread aborted. Can't execute init_slave query due to error code %u: %s" +ER_ACTIVE_CONNECTIONS_FOR_USER_TO_DROP + eng "Dropped users %s have active connections. Use KILL CONNECTION if they should not be used anymore." diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 921eefff51b..c8c31250fdf 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -172,7 +172,7 @@ public: LEX_CSTRING user; /* list to hold references to granted roles (ACL_ROLE instances) */ DYNAMIC_ARRAY role_grants; - const char *get_username() { return user.str; } + const char *get_username() const { return user.str; } }; class ACL_USER_PARAM @@ -205,6 +205,23 @@ public: DBUG_ASSERT(host.hostname[hostname_length] == '\0'); return Lex_ident_host(host.hostname, hostname_length); } + + void disable_new_connections() + { + dont_accept_conn= true; + } + + bool dont_accept_new_connections() const + { + return dont_accept_conn; + } + +protected: + /* + Ephemeral state (meaning it is not stored anywhere in the Data Dictionary) + to disable establishing sessions in case the user is being dropped. + */ + bool dont_accept_conn= false; }; @@ -11345,6 +11362,66 @@ bool mysql_create_user(THD *thd, List &list, bool handle_as_role) DBUG_RETURN(result); } + +/** + Callback function invoked for every active THD to find a first session + established by specified user + + @param[in] thd Thread context + @param arg Account info for that checks presence of an active + connection + + @return true on matching, else false +*/ + +static my_bool count_threads_callback(THD *thd, + LEX_USER *arg) +{ + if (thd->security_ctx->user) + { + /* + Check that hostname (if given) and user name matches. + */ + if (!strcmp(arg->host.str, thd->main_security_ctx.priv_host) && + !strcmp(arg->user.str, thd->main_security_ctx.priv_user) && + (thd->killed & ~KILL_HARD_BIT) != KILL_CONNECTION) + return true; + } + return false; +} + + +/** + Check presence of an active connection established on behalf the user + + @param[in] user User credential for that checks presence of an active + connection + + @return true on presence connection, else false +*/ + +static bool exist_active_sessions_for_user(LEX_USER *user) +{ + return server_threads.iterate(count_threads_callback, user); +} + + +/** + Find the specified user and mark it as not accepting incoming sessions + + @param user_name the user for that accept of incoming connections + should be disabled +*/ + +static void disable_connections_for_user(LEX_USER *user) +{ + ACL_USER *found_user= find_user_exact(user->host, user->user); + + if (found_user != nullptr) + found_user->disable_new_connections(); +} + + /* Drop a list of users and all their privileges. @@ -11381,6 +11458,11 @@ bool mysql_drop_user(THD *thd, List &list, bool handle_as_role) mysql_rwlock_wrlock(&LOCK_grant); mysql_mutex_lock(&acl_cache->lock); + /* + String for storing a comma separated list of users that specified + at the DROP USER statement being processed and have active connections + */ + String connected_users; while ((tmp_user_name= user_list++)) { int rc; @@ -11403,6 +11485,28 @@ bool mysql_drop_user(THD *thd, List &list, bool handle_as_role) continue; } + if (!handle_as_role) + { + if (exist_active_sessions_for_user(user_name)) + { + + if ((thd->variables.sql_mode & MODE_ORACLE)) + { + append_user(thd, &wrong_users, user_name); + result= TRUE; + continue; + } + else + append_user(thd, &connected_users, user_name); + } + + /* + Prevent new connections to be established on behalf the user + being dropped. + */ + disable_connections_for_user(user_name); + } + if ((rc= handle_grant_data(thd, tables, 1, user_name, NULL)) > 0) { // The user or role was successfully deleted @@ -11431,6 +11535,12 @@ bool mysql_drop_user(THD *thd, List &list, bool handle_as_role) result= TRUE; } + if (!connected_users.is_empty()) + push_warning_printf(thd, Sql_condition::WARN_LEVEL_NOTE, + ER_ACTIVE_CONNECTIONS_FOR_USER_TO_DROP, + ER_THD(thd, ER_ACTIVE_CONNECTIONS_FOR_USER_TO_DROP), + connected_users.c_ptr_safe()); + if (!handle_as_role) { /* Rebuild 'acl_check_hosts' since 'acl_users' has been modified */ @@ -13917,7 +14027,7 @@ static bool find_mpvio_user(MPVIO_EXT *mpvio) ACL_USER *user= find_user_or_anon(sctx->host, sctx->user, sctx->ip); - if (user) + if (user && !user->dont_accept_new_connections()) mpvio->acl_user= user->copy(mpvio->auth_info.thd->mem_root); mysql_mutex_unlock(&acl_cache->lock); diff --git a/storage/spider/mysql-test/spider/bugfix/r/direct_sql_with_comma_pwd.result b/storage/spider/mysql-test/spider/bugfix/r/direct_sql_with_comma_pwd.result index 7d18527351e..a1cb1c7dc9a 100644 --- a/storage/spider/mysql-test/spider/bugfix/r/direct_sql_with_comma_pwd.result +++ b/storage/spider/mysql-test/spider/bugfix/r/direct_sql_with_comma_pwd.result @@ -27,6 +27,8 @@ connection master_1; DROP DATABASE IF EXISTS auto_test_local; connection child2_1; DROP USER tu@'%'; +Warnings: +Note 4227 Dropped users 'tu'@'%' have active connections. Use KILL CONNECTION if they should not be used anymore. for master_1 for child2 child2_1 diff --git a/storage/spider/mysql-test/spider/bugfix/t/mdev_34589.test b/storage/spider/mysql-test/spider/bugfix/t/mdev_34589.test index dd465b52db1..b4b2c9947d9 100644 --- a/storage/spider/mysql-test/spider/bugfix/t/mdev_34589.test +++ b/storage/spider/mysql-test/spider/bugfix/t/mdev_34589.test @@ -15,7 +15,9 @@ CREATE TABLE t2 (c INT) ENGINE=Spider COMMENT='WRAPPER "mysql", SRV "srv", TABLE CHECK TABLE t2; drop table t1, t2; drop server srv; +--disable_warnings drop user spider@localhost; +--enable_warnings --disable_query_log --disable_result_log