expression: MySQL compatible current_user function

expression/builtin_info.go

@@ -148,14 +148,12 @@ func (b *builtinCurrentUserSig) Clone() builtinFunc {
 
 // evalString evals a builtinCurrentUserSig.
 // See https://dev.mysql.com/doc/refman/5.7/en/information-functions.html#function_current-user
-// TODO: The value of CURRENT_USER() can differ from the value of USER(). We will finish this after we support grant tables.
 func (b *builtinCurrentUserSig) evalString(row chunk.Row) (string, bool, error) {
 	data := b.ctx.GetSessionVars()
 	if data == nil || data.User == nil {
 		return "", true, errors.Errorf("Missing session variable when eval builtin")
 	}
-
-	return data.User.String(), false, nil
+	return data.User.MatchedIdentityString(), false, nil
 }
 
 type userFunctionClass struct {

expression/builtin_info_test.go

@@ -84,7 +84,7 @@ func (s *testEvaluatorSuite) TestCurrentUser(c *C) {
 	defer testleak.AfterTest(c)()
 	ctx := mock.NewContext()
 	sessionVars := ctx.GetSessionVars()
-	sessionVars.User = &auth.UserIdentity{Username: "root", Hostname: "localhost"}
+	sessionVars.User = &auth.UserIdentity{Username: "root", Hostname: "localhost", MatchedUsername: "root", MatchedHostname: "localhost"}
 
 	fc := funcs[ast.CurrentUser]
 	f, err := fc.getFunction(ctx, nil)

expression/integration_test.go

@@ -2347,13 +2347,13 @@ func (s *testIntegrationSuite) TestInfoBuiltin(c *C) {
 	// for current_user
 	sessionVars := tk.Se.GetSessionVars()
 	originUser := sessionVars.User
-	sessionVars.User = &auth.UserIdentity{Username: "root", Hostname: "localhost"}
+	sessionVars.User = &auth.UserIdentity{Username: "root", Hostname: "localhost", MatchedUsername: "root", MatchedHostname: "127.0.%%"}
 	result = tk.MustQuery("select current_user()")
-	result.Check(testkit.Rows("root@localhost"))
+	result.Check(testkit.Rows("root@127.0.%%"))
 	sessionVars.User = originUser
 
 	// for user
-	sessionVars.User = &auth.UserIdentity{Username: "root", Hostname: "localhost"}
+	sessionVars.User = &auth.UserIdentity{Username: "root", Hostname: "localhost", MatchedUsername: "root", MatchedHostname: "127.0.%%"}
 	result = tk.MustQuery("select user()")
 	result.Check(testkit.Rows("root@localhost"))
 	sessionVars.User = originUser

privilege/privilege.go

@@ -40,6 +40,10 @@ type Manager interface {
 	// ConnectionVerification verifies user privilege for connection.
 	ConnectionVerification(user, host string, auth, salt []byte) bool
 
+	// Returns the actual user+host from the privileges table,
+	// including any wildcard characters.
+	ConnectionMatchIdentity(user, host string) (string, string)
+
 	// DBIsVisible returns true is the database is visible to current user.
 	DBIsVisible(db string) bool
 

privilege/privileges/privileges.go

@@ -116,6 +116,19 @@ func (p *UserPrivileges) ConnectionVerification(user, host string, authenticatio
 	return true
 }
 
+// ConnectionMatchIdentity return the user+host that matched in the priv cache
+func (p *UserPrivileges) ConnectionMatchIdentity(user, host string) (string, string) {
+	if SkipWithGrant {
+		// This is MySQL 5.7 compatible behavior
+		return "skip-grants user", "skip-grants host"
+	}
+
+	mysqlPriv := p.Handle.Get()
+	record := mysqlPriv.connectionVerification(user, host)
+	return record.User, record.Host
+
+}
+
 // DBIsVisible implements the Manager interface.
 func (p *UserPrivileges) DBIsVisible(db string) bool {
 	if SkipWithGrant {

session/session.go

@@ -1000,16 +1000,20 @@ func (s *session) Auth(user *auth.UserIdentity, authentication []byte, salt []by
 
 	// Check IP.
 	if pm.ConnectionVerification(user.Username, user.Hostname, authentication, salt) {
+		user.MatchedUsername, user.MatchedHostname = pm.ConnectionMatchIdentity(user.Username, user.Hostname)
 		s.sessionVars.User = user
 		return true
 	}
 
 	// Check Hostname.
 	for _, addr := range getHostByIP(user.Hostname) {
 		if pm.ConnectionVerification(user.Username, addr, authentication, salt) {
+			u, h := pm.ConnectionMatchIdentity(user.Username, addr)
 			s.sessionVars.User = &auth.UserIdentity{
-				Username: user.Username,
-				Hostname: addr,
+				Username:        user.Username,
+				Hostname:        addr,
+				MatchedUsername: u,
+				MatchedHostname: h,
 			}
 			return true
 		}

util/auth/auth.go

@@ -25,9 +25,11 @@ import (
 
 // UserIdentity represents username and hostname.
 type UserIdentity struct {
-	Username    string
-	Hostname    string
-	CurrentUser bool
+	Username        string
+	Hostname        string
+	CurrentUser     bool
+	MatchedUsername string
+	MatchedHostname string
 }
 
 // String converts UserIdentity to the format user@host.
@@ -36,6 +38,12 @@ func (user *UserIdentity) String() string {
 	return fmt.Sprintf("%s@%s", user.Username, user.Hostname)
 }
 
+// MatchedIdentityString returns matched identity in user@host format
+func (user *UserIdentity) MatchedIdentityString() string {
+	// TODO: Escape username and hostname.
+	return fmt.Sprintf("%s@%s", user.MatchedUsername, user.MatchedHostname)
+}
+
 // CheckScrambledPassword check scrambled password received from client.
 // The new authentication is performed in following manner:
 //   SERVER:  public_seed=create_random_string()