misc cleanups

* remove dead code (from .yy)
* remove redundant commands from the test
* extract common code into a reusable function
  (get_auth_plugin, push_new_user)
* rename update_user_table->update_user_table_password
* simplify acl_update_user
* don't strdup a string that's already in a memroot
  (in ACL_ROLE::ACL_ROLE(ACL_USER*))
* create parent_grantee and role_grants dynamic arrays with size 0.
  to avoid any memory allocations when roles aren't used.

mysql-test/main/connect.result

@@ -102,7 +102,6 @@ update mysql.user set plugin="", authentication_string="", password=old_password
 flush privileges;
 connect  con10,localhost,test,gambling2,;
 connect  con5,localhost,test,gambling2,mysql;
-connection con5;
 set password="";
 set password='gambling3';
 ERROR HY000: Password hash should be a 41-digit hexadecimal number
@@ -161,7 +160,6 @@ ERROR 28000: Access denied for user 'test'@'localhost' (using password: YES)
 delete from mysql.user where user=_binary"test";
 flush privileges;
 connect  con7,localhost,root,,test;
-connection con7;
 create table t1 (id integer not null auto_increment primary key);
 create temporary table t2(id integer not null auto_increment primary key);
 set @id := 1;
@@ -302,12 +300,10 @@ SET GLOBAL event_scheduler = OFF;
 # -- End of Bug#35074.
 
 connect extracon,127.0.0.1,root,,test,$MASTER_EXTRA_PORT,;
-connection extracon;
 SELECT 'Connection on extra port ok';
 Connection on extra port ok
 Connection on extra port ok
 connect extracon2,127.0.0.1,root,,test,$MASTER_EXTRA_PORT,;
-connection extracon2;
 SELECT 'Connection on extra port 2 ok';
 Connection on extra port 2 ok
 Connection on extra port 2 ok
@@ -338,7 +334,6 @@ connect(localhost,mysqltest_up1,foo,test,MASTER_PORT,MASTER_SOCKET);
 connect pcon1,localhost,mysqltest_up1,foo,,$MASTER_MYPORT,;
 ERROR 28000: Access denied for user 'mysqltest_up1'@'localhost' (using password: YES)
 connect pcon2,localhost,mysqltest_up1,bar,,$MASTER_MYPORT,;
-connection pcon2;
 select user(), current_user();
 user()	current_user()
 mysqltest_up1@localhost	mysqltest_up1@%
@@ -347,7 +342,6 @@ connect(localhost,mysqltest_up2,newpw,test,MASTER_PORT,MASTER_SOCKET);
 connect pcon3,localhost,mysqltest_up2,newpw,,$MASTER_MYPORT,;
 ERROR 28000: Access denied for user 'mysqltest_up2'@'localhost' (using password: YES)
 connect pcon4,localhost,mysqltest_up2,oldpw,,$MASTER_MYPORT,;
-connection pcon4;
 select user(), current_user();
 user()	current_user()
 mysqltest_up2@localhost	mysqltest_up2@%
@@ -368,13 +362,11 @@ mysqltest_up1		mysql_native_password	*E8D46CE25265E545D225A8A6F1BAF642FEBEE5CB
 mysqltest_up2		mysql_old_password	09301740536db389
 flush privileges;
 connect pcon6,localhost,mysqltest_up1,bar,,$MASTER_MYPORT,;
-connection pcon6;
 select user(), current_user();
 user()	current_user()
 mysqltest_up1@localhost	mysqltest_up1@%
 disconnect pcon6;
 connect pcon7,localhost,mysqltest_up2,oldpw,,$MASTER_MYPORT,;
-connection pcon7;
 select user(), current_user();
 user()	current_user()
 mysqltest_up2@localhost	mysqltest_up2@%

mysql-test/main/connect.test

@@ -71,7 +71,6 @@ flush privileges;
 
 connect (con10,localhost,test,gambling2,);
 connect (con5,localhost,test,gambling2,mysql);
-connection con5;
 set password="";
 --error ER_PASSWD_LENGTH
 set password='gambling3';
@@ -108,7 +107,6 @@ flush privileges;
 # Bug#12517 Clear user variables and replication events before
 #           closing temp tables in thread cleanup.
 connect (con7,localhost,root,,test);
-connection con7;
 let $connection_id= `select connection_id()`;
 create table t1 (id integer not null auto_increment primary key);
 create temporary table t2(id integer not null auto_increment primary key);
@@ -314,11 +312,9 @@ SET GLOBAL event_scheduler = OFF;
 # Test connections to the extra port.
 
 connect(extracon,127.0.0.1,root,,test,$MASTER_EXTRA_PORT,);
-connection extracon;
 SELECT 'Connection on extra port ok';
 
 connect(extracon2,127.0.0.1,root,,test,$MASTER_EXTRA_PORT,);
-connection extracon2;
 SELECT 'Connection on extra port 2 ok';
 
 --disable_abort_on_error
@@ -349,7 +345,6 @@ GRANT ALL ON test.* TO 'O1234567890123456789012345678901234567890123456789012345
 
 FLUSH PRIVILEGES;
 
---replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
 connect (con1,localhost,O1234567890123456789012345678901234567890123456789012345678901234567890123456789x,test123,test);
 disconnect con1;
 
@@ -380,18 +375,14 @@ CREATE USER mysqltest_up2 IDENTIFIED VIA mysql_old_password using '09301740536db
 --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
 --error ER_ACCESS_DENIED_ERROR
 connect(pcon1,localhost,mysqltest_up1,foo,,$MASTER_MYPORT,);
---replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
 connect(pcon2,localhost,mysqltest_up1,bar,,$MASTER_MYPORT,);
-connection pcon2;
 select user(), current_user();
 disconnect pcon2;
 
 --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
 --error ER_ACCESS_DENIED_ERROR
 connect(pcon3,localhost,mysqltest_up2,newpw,,$MASTER_MYPORT,);
---replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
 connect(pcon4,localhost,mysqltest_up2,oldpw,,$MASTER_MYPORT,);
-connection pcon4;
 select user(), current_user();
 disconnect pcon4;
 
@@ -421,15 +412,11 @@ select user, password, plugin, authentication_string from mysql.user
                   where user like 'mysqltest_up_';
 flush privileges;
 
---replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
 connect(pcon6,localhost,mysqltest_up1,bar,,$MASTER_MYPORT,);
-connection pcon6;
 select user(), current_user();
 disconnect pcon6;
 
---replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
 connect(pcon7,localhost,mysqltest_up2,oldpw,,$MASTER_MYPORT,);
-connection pcon7;
 select user(), current_user();
 disconnect pcon7;
 connection default;

sql/sql_acl.cc

@@ -85,11 +85,19 @@ LEX_CSTRING current_role= { STRING_WITH_LEN("*current_role") };
 LEX_CSTRING current_user_and_current_role= { STRING_WITH_LEN("*current_user_and_current_role") };
 
 
-#ifndef NO_EMBEDDED_ACCESS_CHECKS
 static plugin_ref old_password_plugin;
-#endif
 static plugin_ref native_password_plugin;
 
+static plugin_ref get_auth_plugin(THD *thd, const LEX_CSTRING &name, bool *locked)
+{
+  if (name.str == native_password_plugin_name.str)
+    return native_password_plugin;
+  else if (name.str == old_password_plugin_name.str)
+    return old_password_plugin;
+  *locked=true;
+  return my_plugin_lock_by_name(thd, &name, MYSQL_AUTHENTICATION_PLUGIN);
+}
+
 /* Classes */
 
 struct acl_host_and_ip
@@ -610,7 +618,7 @@ static ACL_USER *find_user_wild(const char *host, const char *user, const char *
 static ACL_ROLE *find_acl_role(const char *user);
 static ROLE_GRANT_PAIR *find_role_grant_pair(const LEX_CSTRING *u, const LEX_CSTRING *h, const LEX_CSTRING *r);
 static ACL_USER_BASE *find_acl_user_base(const char *user, const char *host);
-static bool update_user_table(THD *, const User_table &, const char *,
+static bool update_user_table_password(THD *, const User_table &, const char *,
                                        const char *, const LEX_CSTRING &);
 static bool acl_load(THD *thd, const Grant_tables& grant_tables);
 static inline void get_grantor(THD *thd, char* grantor);
@@ -1325,7 +1333,7 @@ ACL_ROLE::ACL_ROLE(ACL_USER *user, MEM_ROOT *root) : counter(0)
   access= user->access;
   /* set initial role access the same as the table row privileges */
   initial_role_access= user->access;
-  this->user= safe_lexcstrdup_root(root, user->user);
+  this->user= user->user;
   bzero(&role_grants, sizeof(role_grants));
   bzero(&parent_grantee, sizeof(parent_grantee));
   flags= IS_ROLE;
@@ -1645,6 +1653,15 @@ static bool set_user_plugin (ACL_USER *user, size_t password_len)
 }
 
 
+static void push_new_user(const ACL_USER &user)
+{
+  push_dynamic(&acl_users, &user);
+  if (!user.host.hostname ||
+      (user.host.hostname[0] == wild_many && !user.host.hostname[1]))
+    allow_all_hosts=1;                  // Anyone can connect
+}
+
+
 /*
   Initialize structures responsible for user/db-level privilege checking
   and load information about grants from open privilege tables.
@@ -1964,8 +1981,7 @@ static bool acl_load(THD *thd, const Grant_tables& tables)
 #endif
     }
 
-    (void) my_init_dynamic_array(&user.role_grants,sizeof(ACL_ROLE *),
-                                 8, 8, MYF(0));
+    my_init_dynamic_array(&user.role_grants, sizeof(ACL_ROLE *), 0, 8, MYF(0));
 
     /* check default role, if any */
     if (!is_role && user_table.default_role())
@@ -1980,20 +1996,14 @@ static bool acl_load(THD *thd, const Grant_tables& tables)
       DBUG_PRINT("info", ("Found role %s", user.user.str));
       ACL_ROLE *entry= new (&acl_memroot) ACL_ROLE(&user, &acl_memroot);
       entry->role_grants = user.role_grants;
-      (void) my_init_dynamic_array(&entry->parent_grantee,
-                                   sizeof(ACL_USER_BASE *), 8, 8, MYF(0));
+      my_init_dynamic_array(&entry->parent_grantee,
+                            sizeof(ACL_USER_BASE *), 0, 8, MYF(0));
       my_hash_insert(&acl_roles, (uchar *)entry);
 
       continue;
     }
-    else
-    {
     DBUG_PRINT("info", ("Found user %s", user.user.str));
-      (void) push_dynamic(&acl_users,(uchar*) &user);
-    }
-    if (!user.host.hostname ||
-        (user.host.hostname[0] == wild_many && !user.host.hostname[1]))
-      allow_all_hosts=1;			// Anyone can connect
+    push_new_user(user);
   }
   my_qsort((uchar*) dynamic_element(&acl_users,0,ACL_USER*),acl_users.elements,
 	   sizeof(ACL_USER),(qsort_cmp) acl_compare);
@@ -2576,13 +2586,9 @@ static void acl_update_user(const LEX_USER &combo, enum SSL_type ssl_type,
                             const char *x509_subject, USER_RESOURCES  *mqh,
                             ulong privileges)
 {
-  mysql_mutex_assert_owner(&acl_cache->lock);
-
-  for (uint i=0 ; i < acl_users.elements ; i++)
-  {
-    ACL_USER *acl_user=dynamic_element(&acl_users,i,ACL_USER*);
-    if (acl_user->eq(combo.user.str, combo.host.str))
-    {
+  ACL_USER *acl_user= find_user_exact(combo.host.str, combo.user.str);
+  if (!acl_user)
+    return;
   if (combo.plugin.length)
   {
     acl_user->plugin= combo.plugin;
@@ -2604,16 +2610,9 @@ static void acl_update_user(const LEX_USER &combo, enum SSL_type ssl_type,
   if (ssl_type != SSL_TYPE_NOT_SPECIFIED)
   {
     acl_user->ssl_type= ssl_type;
-        acl_user->ssl_cipher= (ssl_cipher ? strdup_root(&acl_memroot,ssl_cipher) :
-                               0);
-        acl_user->x509_issuer= (x509_issuer ? strdup_root(&acl_memroot,x509_issuer) :
-                                0);
-        acl_user->x509_subject= (x509_subject ?
-                                 strdup_root(&acl_memroot,x509_subject) : 0);
-      }
-      /* search complete: */
-      break;
-    }
+    acl_user->ssl_cipher= safe_strdup_root(&acl_memroot,ssl_cipher);
+    acl_user->x509_issuer= safe_strdup_root(&acl_memroot,x509_issuer);
+    acl_user->x509_subject= safe_strdup_root(&acl_memroot,x509_subject);
   }
 }
 
@@ -2624,10 +2623,9 @@ static void acl_insert_role(const char *rolename, ulong privileges)
 
   mysql_mutex_assert_owner(&acl_cache->lock);
   entry= new (&acl_memroot) ACL_ROLE(rolename, privileges, &acl_memroot);
-  (void) my_init_dynamic_array(&entry->parent_grantee,
-                               sizeof(ACL_USER_BASE *), 8, 8, MYF(0));
-  (void) my_init_dynamic_array(&entry->role_grants,sizeof(ACL_ROLE *),
-                               8, 8, MYF(0));
+  my_init_dynamic_array(&entry->parent_grantee,
+                        sizeof(ACL_USER_BASE *), 0, 8, MYF(0));
+  my_init_dynamic_array(&entry->role_grants, sizeof(ACL_ROLE *), 0, 8, MYF(0));
 
   my_hash_insert(&acl_roles, (uchar *)entry);
 }
@@ -2669,14 +2667,10 @@ static void acl_insert_user(const LEX_USER &combo, enum SSL_type ssl_type,
   acl_user.ssl_cipher=	ssl_cipher   ? strdup_root(&acl_memroot,ssl_cipher) : 0;
   acl_user.x509_issuer= x509_issuer  ? strdup_root(&acl_memroot,x509_issuer) : 0;
   acl_user.x509_subject=x509_subject ? strdup_root(&acl_memroot,x509_subject) : 0;
-  (void) my_init_dynamic_array(&acl_user.role_grants, sizeof(ACL_USER *),
-                               8, 8, MYF(0));
+  my_init_dynamic_array(&acl_user.role_grants, sizeof(ACL_USER *), 0, 8, MYF(0));
 
-  (void) push_dynamic(&acl_users,(uchar*) &acl_user);
-  if (!acl_user.host.hostname ||
-      (acl_user.host.hostname[0] == wild_many && !acl_user.host.hostname[1]))
-    allow_all_hosts=1;		// Anyone can connect /* purecov: tested */
-  my_qsort((uchar*) dynamic_element(&acl_users,0,ACL_USER*),acl_users.elements,
+  push_new_user(acl_user);
+  my_qsort(dynamic_element(&acl_users, 0, ACL_USER*), acl_users.elements,
 	   sizeof(ACL_USER),(qsort_cmp) acl_compare);
 
   /* Rebuild 'acl_check_hosts' since 'acl_users' has been modified */
@@ -3242,7 +3236,7 @@ bool change_password(THD *thd, LEX_USER *user)
                  ER_SET_PASSWORD_AUTH_PLUGIN,
                  ER_THD(thd, ER_SET_PASSWORD_AUTH_PLUGIN));
 
-  if (update_user_table(thd, tables.user_table(),
+  if (update_user_table_password(thd, tables.user_table(),
                                  safe_str(acl_user->host.hostname),
                                  acl_user->user.str, user->auth))
   {
@@ -3502,13 +3496,13 @@ static ACL_USER *find_user_or_anon(const char *host, const char *user, const cha
 /*
   Find first entry that matches the specified user@host pair
 */
-static ACL_USER * find_user_exact(const char *host, const char *user)
+static ACL_USER *find_user_exact(const char *host, const char *user)
 {
   mysql_mutex_assert_owner(&acl_cache->lock);
 
   for (uint i=0 ; i < acl_users.elements ; i++)
   {
-    ACL_USER *acl_user=dynamic_element(&acl_users,i,ACL_USER*);
+    ACL_USER *acl_user=dynamic_element(&acl_users, i, ACL_USER*);
     if (acl_user->eq(user, host))
       return acl_user;
   }
@@ -3730,13 +3724,13 @@ static void set_plugin_from_password(const User_table& user_table,
   @see change_password
 */
 
-static bool update_user_table(THD *thd, const User_table& user_table,
+static bool update_user_table_password(THD *thd, const User_table& user_table,
                                        const char *host, const char *user,
                                        const LEX_CSTRING &new_password)
 {
   char user_key[MAX_KEY_LENGTH];
   int error;
-  DBUG_ENTER("update_user_table");
+  DBUG_ENTER("update_user_table_password");
   DBUG_PRINT("enter",("user: %s  host: %s",user,host));
 
   TABLE *table= user_table.table();
@@ -11198,7 +11192,7 @@ bool check_role_is_granted(const char *username,
   ACL_USER_BASE *root;
   mysql_mutex_lock(&acl_cache->lock);
   if (hostname)
-    root= find_user_exact(username, hostname);
+    root= find_user_exact(hostname, username);
   else
     root= find_acl_role(username);
 
@@ -13027,17 +13021,7 @@ static int do_auth_once(THD *thd, const LEX_CSTRING *auth_plugin_name,
 {
   int res= CR_OK, old_status= MPVIO_EXT::FAILURE;
   bool unlock_plugin= false;
-  plugin_ref plugin= NULL;
-
-  if (auth_plugin_name->str == native_password_plugin_name.str)
-    plugin= native_password_plugin;
-#ifndef EMBEDDED_LIBRARY
-  else if (auth_plugin_name->str == old_password_plugin_name.str)
-    plugin= old_password_plugin;
-  else if ((plugin= my_plugin_lock_by_name(thd, auth_plugin_name,
-                                           MYSQL_AUTHENTICATION_PLUGIN)))
-    unlock_plugin= true;
-#endif
+  plugin_ref plugin= get_auth_plugin(thd, *auth_plugin_name, &unlock_plugin);
 
   mpvio->plugin= plugin;
   old_status= mpvio->status;

sql/sql_yacc.yy

@@ -16819,8 +16819,6 @@ grant_user:
           {
             $$= $1;
             $1->pwtext= $4;
-            if (unlikely(Lex->sql_command == SQLCOM_REVOKE))
-              MYSQL_YYABORT;
           }
         | user IDENTIFIED_SYM BY PASSWORD_SYM TEXT_STRING
           { 

sql/sql_yacc_ora.yy

@@ -17172,8 +17172,6 @@ grant_user:
           {
             $$= $1;
             $1->pwtext= $4;
-            if (unlikely(Lex->sql_command == SQLCOM_REVOKE))
-              MYSQL_YYABORT;
           }
         | user IDENTIFIED_SYM BY PASSWORD_SYM TEXT_STRING
           {