MXS-1716 Reduce the amount of duplicate elements in users db for PAM

The database-level query now only takes rows with either a global select privileges or non-null database privileges. The table-level query only accepts non-null databases and no global privileges, as users with global select are added by the previous section.
mariadb-corporation · Mar 19, 2018 · aa260cf · aa260cf
1 parent 04666b4
commit aa260cf
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/server/modules/authenticator/PAM/PAMAuth/pam_instance.cc b/server/modules/authenticator/PAM/PAMAuth/pam_instance.cc
@@ -174,12 +174,12 @@ int PamInstance::load_users(SERVICE* service)
     /** Query that gets all users that authenticate via the pam plugin */
     const char PAM_USERS_QUERY[] =
         "SELECT u.user, u.host, d.db, u.select_priv, u.authentication_string FROM "
-        "mysql.user AS u LEFT JOIN mysql.db AS d "
-        "ON (u.user = d.user AND u.host = d.host) WHERE u.plugin = 'pam' "
+        "mysql.user AS u LEFT JOIN mysql.db AS d ON (u.user = d.user AND u.host = d.host) WHERE "
+        "(u.plugin = 'pam' AND (d.db IS NOT NULL OR u.select_priv = 'Y')) "
         "UNION "
         "SELECT u.user, u.host, t.db, u.select_priv, u.authentication_string FROM "
-        "mysql.user AS u LEFT JOIN mysql.tables_priv AS t "
-        "ON (u.user = t.user AND u.host = t.host) WHERE u.plugin = 'pam' "
+        "mysql.user AS u LEFT JOIN mysql.tables_priv AS t ON (u.user = t.user AND u.host = t.host) WHERE "
+        "(u.plugin = 'pam' AND t.db IS NOT NULL AND u.select_priv = 'N') "
         "ORDER BY user";
 #if defined(SS_DEBUG)
     const unsigned int PAM_USERS_QUERY_NUM_FIELDS  = 5;