From d22abc8d8ca494ce448a236d45f7aab91f9e8eab Mon Sep 17 00:00:00 2001
From: Hangjie Mo <mohangjie1995@gmail.com>
Date: Mon, 17 Mar 2025 11:12:54 +0800
Subject: [PATCH] privileges: `user@''` is different with `user@'%'` (#60082)

close pingcap/tidb#33174
---
 pkg/executor/grant.go             |  4 ++++
 pkg/executor/simple.go            | 12 ------------
 pkg/privilege/privileges/cache.go |  7 ++++---
 3 files changed, 8 insertions(+), 15 deletions(-)

diff --git a/pkg/executor/grant.go b/pkg/executor/grant.go
index dbdcd7d2ca..218f38a53c 100644
--- a/pkg/executor/grant.go
+++ b/pkg/executor/grant.go
@@ -160,6 +160,10 @@ func (e *GrantExec) Next(ctx context.Context, _ *chunk.Chunk) error {
 	}
 	// Check which user is not exist.
 	for _, user := range e.Users {
+		if user.User.CurrentUser {
+			user.User.Username = e.Ctx().GetSessionVars().User.AuthUsername
+			user.User.Hostname = e.Ctx().GetSessionVars().User.AuthHostname
+		}
 		exists, err := userExists(ctx, e.Ctx(), user.User.Username, user.User.Hostname)
 		if err != nil {
 			return err
diff --git a/pkg/executor/simple.go b/pkg/executor/simple.go
index 141a62c963..7fb671e785 100644
--- a/pkg/executor/simple.go
+++ b/pkg/executor/simple.go
@@ -220,9 +220,6 @@ func (e *SimpleExec) setDefaultRoleNone(s *ast.SetDefaultRoleStmt) error {
 	}
 	sql := new(strings.Builder)
 	for _, u := range s.UserList {
-		if u.Hostname == "" {
-			u.Hostname = "%"
-		}
 		sql.Reset()
 		sqlescape.MustFormatSQL(sql, "DELETE IGNORE FROM mysql.default_roles WHERE USER=%? AND HOST=%?;", u.Username, u.Hostname)
 		if _, err := sqlExecutor.ExecuteInternal(ctx, sql.String()); err != nil {
@@ -271,9 +268,6 @@ func (e *SimpleExec) setDefaultRoleRegular(ctx context.Context, s *ast.SetDefaul
 	}
 	sql := new(strings.Builder)
 	for _, user := range s.UserList {
-		if user.Hostname == "" {
-			user.Hostname = "%"
-		}
 		sql.Reset()
 		sqlescape.MustFormatSQL(sql, "DELETE IGNORE FROM mysql.default_roles WHERE USER=%? AND HOST=%?;", user.Username, user.Hostname)
 		if _, err := sqlExecutor.ExecuteInternal(internalCtx, sql.String()); err != nil {
@@ -331,9 +325,6 @@ func (e *SimpleExec) setDefaultRoleAll(ctx context.Context, s *ast.SetDefaultRol
 	}
 	sql := new(strings.Builder)
 	for _, user := range s.UserList {
-		if user.Hostname == "" {
-			user.Hostname = "%"
-		}
 		sql.Reset()
 		sqlescape.MustFormatSQL(sql, "DELETE IGNORE FROM mysql.default_roles WHERE USER=%? AND HOST=%?;", user.Username, user.Hostname)
 		if _, err := sqlExecutor.ExecuteInternal(internalCtx, sql.String()); err != nil {
@@ -362,9 +353,6 @@ func (e *SimpleExec) setDefaultRoleAll(ctx context.Context, s *ast.SetDefaultRol
 func (e *SimpleExec) setDefaultRoleForCurrentUser(ctx context.Context, s *ast.SetDefaultRoleStmt) (err error) {
 	checker := privilege.GetPrivilegeManager(e.Ctx())
 	user := s.UserList[0]
-	if user.Hostname == "" {
-		user.Hostname = "%"
-	}
 	restrictedCtx, err := e.GetSysSession()
 	if err != nil {
 		return err
diff --git a/pkg/privilege/privileges/cache.go b/pkg/privilege/privileges/cache.go
index 0b7a299e81..ba7e359dff 100644
--- a/pkg/privilege/privileges/cache.go
+++ b/pkg/privilege/privileges/cache.go
@@ -256,9 +256,6 @@ type roleGraphEdgesTable struct {
 
 // Find method is used to find role from table
 func (g roleGraphEdgesTable) Find(user, host string) bool {
-	if host == "" {
-		host = "%"
-	}
 	if g.roleList == nil {
 		return false
 	}
@@ -267,6 +264,10 @@ func (g roleGraphEdgesTable) Find(user, host string) bool {
 		Hostname: host,
 	}
 	_, ok := g.roleList[key]
+	if !ok && key.Hostname == "" {
+		key.Hostname = "%"
+		_, ok = g.roleList[key]
+	}
 	return ok
 }