diff --git a/server/modules/authenticator/MySQLAuth/dbusers.c b/server/modules/authenticator/MySQLAuth/dbusers.c index 06e62ad05..f02f34da4 100644 --- a/server/modules/authenticator/MySQLAuth/dbusers.c +++ b/server/modules/authenticator/MySQLAuth/dbusers.c @@ -27,6 +27,7 @@ #include #include #include +#include #include #include #include @@ -860,6 +861,35 @@ static bool roles_are_available(MYSQL* conn, SERVICE* service, SERVER* server) return rval; } +static void report_mdev13453_problem(MYSQL *con, SERVER *server) +{ + if (server->version >= 100200 && server->version < 100211 && + mxs_pcre2_simple_match("SELECT command denied to user .* for table 'users'", + mysql_error(con), 0, NULL) == MXS_PCRE2_MATCH) + { + char user[256] = ""; // Enough for all user-hostname combinations + const char* quoted_user = "select concat(\"'\", user, \"'@'\", host, \"'\") as user " + "from mysql.user " + "where concat(user, \"@\", host) = current_user()"; + MYSQL_RES *res; + + if (mxs_mysql_query(con, quoted_user) == 0 && (res = mysql_store_result(con))) + { + MYSQL_ROW row = mysql_fetch_row(res); + + if (row && row[0]) + { + snprintf(user, sizeof(user), "%s", row[0]); + } + + mysql_free_result(res); + } + + MXS_ERROR("Due to MDEV-13453, the service user requires extra grants on the `mysql` database. " + "To fix the problem, add the following grant: GRANT SELECT ON `mysql`.* TO %s", user); + } +} + int get_users_from_server(MYSQL *con, SERVER_REF *server_ref, SERVICE *service, SERV_LISTENER *listener) { if (server_ref->server->version_string[0] == 0) @@ -917,7 +947,8 @@ int get_users_from_server(MYSQL *con, SERVER_REF *server_ref, SERVICE *service, } else { - MXS_ERROR("Failed to load users: %s", mysql_error(con)); + MXS_ERROR("Failed to load users from server '%s': %s", server_ref->server->name, mysql_error(con)); + report_mdev13453_problem(con, server_ref->server); } MXS_FREE(query);