CURRENT_ROLE() function

8122996a · Sergei Golubchik · 1ac0b920 · 8122996a · 8122996a · 8122996a
Commit 8122996a authored Oct 18, 2013 by Sergei Golubchik
21 changed files
--- a/mysql-test/r/acl_roles_set_role-database-recursive.result
+++ b/mysql-test/r/acl_roles_set_role-database-recursive.result
@@ -31,16 +31,28 @@ grant select on mysql.* to test_role2@'';
 flush privileges;
 select * from mysql.roles_mapping;
 ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	NONE
 set role test_role1;
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	test_role1
 select * from mysql.roles_mapping;
 HostFk	UserFk	RoleFk
 	test_role1	test_role2
 localhost	test_user	test_role1
 localhost	test_user	test_role2
 set role none;
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	NONE
 select * from mysql.roles_mapping;
 ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
 set role test_role2;
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	test_role2
 select * from mysql.roles_mapping;
 HostFk	UserFk	RoleFk
 	test_role1	test_role2

--- a/mysql-test/r/acl_roles_set_role-database-simple.result
+++ b/mysql-test/r/acl_roles_set_role-database-simple.result
@@ -17,7 +17,13 @@ grant insert, delete on mysql.roles_mapping to test_role1@'';
 grant reload on *.* to test_role1@'';
 select * from mysql.roles_mapping;
 ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	NONE
 set role test_role1;
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	test_role1
 select * from mysql.roles_mapping;
 HostFk	UserFk	RoleFk
 localhost	test_user	test_role1
@@ -29,6 +35,9 @@ insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost',
 delete from mysql.roles_mapping where RoleFk='test_role2';
 use mysql;
 set role none;
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	NONE
 use mysql;
 ERROR 42000: Access denied for user 'test_user'@'localhost' to database 'mysql'
 select * from mysql.roles_mapping;

--- a/mysql-test/r/acl_roles_set_role-multiple-role.result
+++ b/mysql-test/r/acl_roles_set_role-multiple-role.result
@@ -69,7 +69,13 @@ GRANT r_ins TO 'test_user'@'localhost'
 GRANT r_rld TO 'test_user'@'localhost'
 GRANT r_sel TO 'test_user'@'localhost'
 GRANT r_upd TO 'test_user'@'localhost'
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	NONE
 set role r_sel;
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	r_sel
 show grants;
 Grants for test_user@localhost
 GRANT SELECT ON *.* TO 'r_sel'
@@ -91,6 +97,9 @@ localhost	test_user	r_rld
 localhost	test_user	r_sel
 localhost	test_user	r_upd
 set role r_ins;
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	r_ins
 show grants;
 Grants for test_user@localhost
 GRANT INSERT ON *.* TO 'r_ins'
@@ -110,13 +119,25 @@ insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('',
 flush privileges;
 ERROR 42000: Access denied; you need (at least one of) the RELOAD privilege(s) for this operation
 set role r_rld;
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	r_rld
 flush privileges;
 set role r_sel;
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	r_sel
 flush privileges;
 set role none;
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	NONE
 flush privileges;
 ERROR 42000: Access denied; you need (at least one of) the RELOAD privilege(s) for this operation
 set role r_ins;
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	r_ins
 insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('',
 'r_sel',
 'r_upd');
@@ -133,11 +154,20 @@ insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('',
 'r_del',
 'r_ins');
 set role r_rld;
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	r_rld
 flush privileges;
 set role r_sel;
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	r_sel
 update mysql.roles_mapping set RoleFk='r_ins' where RoleFk='r_ins_wrong';
 flush privileges;
 set role r_sel;
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	r_sel
 create table mysql.random_test_table (id INT);
 insert into mysql.random_test_table values (1);
 select * from mysql.random_test_table;
@@ -146,6 +176,9 @@ id
 delete from mysql.roles_mapping where RoleFk='r_ins';
 flush privileges;
 set role r_sel;
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	r_sel
 insert into mysql.random_test_table values (1);
 ERROR 42000: INSERT command denied to user 'test_user'@'localhost' for table 'random_test_table'
 drop table mysql.random_test_table;

--- a/mysql-test/r/acl_roles_set_role-recursive.result
+++ b/mysql-test/r/acl_roles_set_role-recursive.result
@@ -35,7 +35,13 @@ show grants;
 Grants for test_user@localhost
 GRANT USAGE ON *.* TO 'test_user'@'localhost'
 GRANT test_role1 TO 'test_user'@'localhost'
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	NONE
 set role test_role1;
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	test_role1
 show grants;
 Grants for test_user@localhost
 GRANT SELECT ON *.* TO 'test_role2'
@@ -54,6 +60,9 @@ GRANT USAGE ON *.* TO 'test_user'@'localhost'
 GRANT test_role1 TO 'test_user'@'localhost'
 GRANT test_role2 TO 'test_role1'
 set role none;
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	NONE
 show grants;
 Grants for test_user@localhost
 GRANT USAGE ON *.* TO 'test_user'@'localhost'
@@ -66,6 +75,9 @@ GRANT USAGE ON *.* TO 'test_user'@'localhost'
 GRANT test_role1 TO 'test_user'@'localhost'
 set role test_role2;
 ERROR HY000: The role 'test_role2' has not been granted or is invalid.
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	NONE
 show grants;
 Grants for test_user@localhost
 GRANT USAGE ON *.* TO 'test_user'@'localhost'
@@ -77,6 +89,9 @@ Grants for test_user@localhost
 GRANT USAGE ON *.* TO 'test_user'@'localhost'
 GRANT test_role1 TO 'test_user'@'localhost'
 set role test_role1;
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	test_role1
 show grants;
 Grants for test_user@localhost
 GRANT SELECT ON *.* TO 'test_role2'
@@ -95,6 +110,9 @@ GRANT USAGE ON *.* TO 'test_user'@'localhost'
 GRANT test_role1 TO 'test_user'@'localhost'
 GRANT test_role2 TO 'test_role1'
 set role none;
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	NONE
 show grants;
 Grants for test_user@localhost
 GRANT USAGE ON *.* TO 'test_user'@'localhost'

--- a/mysql-test/r/acl_roles_set_role-routine-simple.result
+++ b/mysql-test/r/acl_roles_set_role-routine-simple.result
@@ -40,7 +40,13 @@ GRANT test_role1 TO 'test_user'@'localhost'
 GRANT test_role3 TO 'test_user'@'localhost'
 use mysql;
 ERROR 42000: Access denied for user 'test_user'@'localhost' to database 'mysql'
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	NONE
 set role test_role1;
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	test_role1
 use mysql;
 call test_proc(@a);
 SELECT @a;
@@ -60,6 +66,9 @@ GRANT test_role1 TO 'test_user'@'localhost'
 GRANT test_role2 TO 'test_role1'
 GRANT test_role3 TO 'test_user'@'localhost'
 set role none;
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	NONE
 show grants;
 Grants for test_user@localhost
 GRANT USAGE ON *.* TO 'test_user'@'localhost'
@@ -70,6 +79,9 @@ ERROR 42000: execute command denied to user 'test_user'@'localhost' for routine
 SELECT test_func('AABBCCDD');
 ERROR 42000: execute command denied to user 'test_user'@'localhost' for routine 'mysql.test_func'
 set role test_role3;
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	test_role3
 show grants;
 Grants for test_user@localhost
 GRANT EXECUTE ON `mysql`.* TO 'test_role3'
@@ -91,10 +103,7 @@ revoke execute on mysql.* from test_role3@'';
 delete from mysql.user where user like'test_%';
 delete from mysql.roles_mapping where RoleFk like 'test%';
 drop function mysql.test_func;
-Warnings:
-Warning	1403	There is no such grant defined for user 'test_role1' on host '' on routine 'test_func'
 drop procedure mysql.test_proc;
 Warnings:
 Warning	1403	There is no such grant defined for user 'test_role1' on host '' on routine 'test_proc'
-Warning	1403	There is no such grant defined for user 'test_role1' on host '' on routine 'test_proc'
 flush privileges;
--- a/mysql-test/r/acl_roles_set_role-simple.result
+++ b/mysql-test/r/acl_roles_set_role-simple.result
@@ -22,7 +22,13 @@ show grants;
 Grants for test_user@localhost
 GRANT USAGE ON *.* TO 'test_user'@'localhost'
 GRANT test_role1 TO 'test_user'@'localhost'
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	NONE
 set role test_role1;
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	test_role1
 show grants;
 Grants for test_user@localhost
 GRANT SELECT ON *.* TO 'test_role1'
@@ -32,6 +38,9 @@ select * from mysql.roles_mapping;
 HostFk	UserFk	RoleFk
 localhost	test_user	test_role1
 set role none;
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	NONE
 select * from mysql.roles_mapping;
 ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
 delete from mysql.user where user='test_role1';

--- a/mysql-test/r/acl_roles_set_role-table-column-priv.result
+++ b/mysql-test/r/acl_roles_set_role-table-column-priv.result
@@ -24,7 +24,13 @@ show grants;
 Grants for test_user@localhost
 GRANT USAGE ON *.* TO 'test_user'@'localhost'
 GRANT test_role1 TO 'test_user'@'localhost'
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	NONE
 set role test_role1;
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	test_role1
 show grants;
 Grants for test_user@localhost
 GRANT SELECT (RoleFk) ON `mysql`.`roles_mapping` TO 'test_role2'
@@ -49,6 +55,9 @@ GRANT test_role1 TO 'test_user'@'localhost'
 GRANT test_role2 TO 'test_role1'
 use mysql;
 set role none;
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	NONE
 select RoleFk from mysql.roles_mapping;
 ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
 drop user 'test_user'@'localhost';

--- a/mysql-test/r/acl_roles_set_role-table-simple.result
+++ b/mysql-test/r/acl_roles_set_role-table-simple.result
@@ -24,7 +24,13 @@ show grants;
 Grants for test_user@localhost
 GRANT USAGE ON *.* TO 'test_user'@'localhost'
 GRANT test_role1 TO 'test_user'@'localhost'
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	NONE
 set role test_role1;
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	test_role1
 show grants;
 Grants for test_user@localhost
 GRANT SELECT ON `mysql`.`roles_mapping` TO 'test_role2'
@@ -47,6 +53,9 @@ GRANT test_role1 TO 'test_user'@'localhost'
 GRANT test_role2 TO 'test_role1'
 use mysql;
 set role none;
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	NONE
 select * from mysql.roles_mapping;
 ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
 drop user 'test_user'@'localhost';

--- a/mysql-test/r/acl_roles_show_grants.result
+++ b/mysql-test/r/acl_roles_show_grants.result
@@ -34,7 +34,13 @@ Grants for test_user@localhost
 GRANT USAGE ON *.* TO 'test_user'@'localhost'
 GRANT test_role1 TO 'test_user'@'localhost'
 GRANT test_role2 TO 'test_user'@'localhost'
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	NONE
 set role test_role1;
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	test_role1
 show grants;
 Grants for test_user@localhost
 GRANT SELECT ON `mysql`.* TO 'test_role2'
@@ -45,6 +51,9 @@ GRANT test_role1 TO 'test_user'@'localhost'
 GRANT test_role2 TO 'test_role1'
 GRANT test_role2 TO 'test_user'@'localhost'
 set role none;
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	NONE
 show grants;
 Grants for test_user@localhost
 GRANT USAGE ON *.* TO 'test_user'@'localhost'
@@ -71,6 +80,9 @@ ERROR 42000: There is no such grant defined for user 'test_user' on host 'localh
 show grants for CURRENT_ROLE();
 ERROR 42000: There is no such grant defined for user 'test_user' on host 'localhost'
 set role test_role2;
+select current_user(), current_role();
+current_user()	current_role()
+test_user@localhost	test_role2
 show grants;
 Grants for test_user@localhost
 GRANT SELECT ON `mysql`.* TO 'test_role2'

--- a/mysql-test/t/acl_roles_set_role-database-recursive.test
+++ b/mysql-test/t/acl_roles_set_role-database-recursive.test
@@ -31,13 +31,17 @@ change_user 'test_user';
 --error ER_TABLEACCESS_DENIED_ERROR
 select * from mysql.roles_mapping;
+select current_user(), current_role();
 set role test_role1;
+select current_user(), current_role();
 --sorted_result
 select * from mysql.roles_mapping;
 set role none;
+select current_user(), current_role();
 --error ER_TABLEACCESS_DENIED_ERROR
 select * from mysql.roles_mapping;
 set role test_role2;
+select current_user(), current_role();
 --sorted_result
 select * from mysql.roles_mapping;

--- a/mysql-test/t/acl_roles_set_role-database-simple.test
+++ b/mysql-test/t/acl_roles_set_role-database-simple.test
@@ -22,7 +22,9 @@ change_user 'test_user';
 --error ER_TABLEACCESS_DENIED_ERROR
 select * from mysql.roles_mapping;
+select current_user(), current_role();
 set role test_role1;
+select current_user(), current_role();
 select * from mysql.roles_mapping;
 --error ER_TABLEACCESS_DENIED_ERROR
 insert into mysql.user (user, host) values ('Dummy', 'Dummy');
@@ -34,6 +36,7 @@ delete from mysql.roles_mapping where RoleFk='test_role2';
 use mysql;
 set role none;
+select current_user(), current_role();
 --error ER_DBACCESS_DENIED_ERROR
 use mysql;

--- a/mysql-test/t/acl_roles_set_role-multiple-role.test
+++ b/mysql-test/t/acl_roles_set_role-multiple-role.test
@@ -59,13 +59,16 @@ select * from mysql.roles_mapping;
 --sorted_result
 show grants;
+select current_user(), current_role();
 set role r_sel;
+select current_user(), current_role();
 --sorted_result
 show grants;
 --sorted_result
 select * from mysql.roles_mapping;
 set role r_ins;
+select current_user(), current_role();
 --sorted_result
 show grants;
 --error ER_TABLEACCESS_DENIED_ERROR
@@ -76,14 +79,18 @@ insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('',
 --error ER_SPECIFIC_ACCESS_DENIED_ERROR
 flush privileges;
 set role r_rld;
+select current_user(), current_role();
 flush privileges;
 set role r_sel;
+select current_user(), current_role();
 flush privileges;
 set role none;
+select current_user(), current_role();
 --error ER_SPECIFIC_ACCESS_DENIED_ERROR
 flush privileges;
 set role r_ins;
+select current_user(), current_role();
 insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('',
                                                                 'r_sel',
                                                                 'r_upd');
@@ -100,11 +107,14 @@ insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('',
                                                                 'r_del',
                                                                 'r_ins');
 set role r_rld;
+select current_user(), current_role();
 flush privileges;
 set role r_sel;
+select current_user(), current_role();
 update mysql.roles_mapping set RoleFk='r_ins' where RoleFk='r_ins_wrong';
 flush privileges;
 set role r_sel;
+select current_user(), current_role();
 create table mysql.random_test_table (id INT);
 insert into mysql.random_test_table values (1);
@@ -113,6 +123,7 @@ select * from mysql.random_test_table;
 delete from mysql.roles_mapping where RoleFk='r_ins';
 flush privileges;
 set role r_sel;
+select current_user(), current_role();
 --error ER_TABLEACCESS_DENIED_ERROR
 insert into mysql.random_test_table values (1);
 drop table mysql.random_test_table;

--- a/mysql-test/t/acl_roles_set_role-recursive.test
+++ b/mysql-test/t/acl_roles_set_role-recursive.test
@@ -35,7 +35,9 @@ select * from mysql.roles_mapping;
 --sorted_result
 show grants;
+select current_user(), current_role();
 set role test_role1;
+select current_user(), current_role();
 --sorted_result
 show grants;
 select * from mysql.roles_mapping where HostFk='';
@@ -43,6 +45,7 @@ select * from mysql.roles_mapping where HostFk='';
 --sorted_result
 show grants;
 set role none;
+select current_user(), current_role();
 --sorted_result
 show grants;
 --error ER_TABLEACCESS_DENIED_ERROR
@@ -52,6 +55,7 @@ select * from mysql.roles_mapping;
 show grants;
 --error ER_INVALID_ROLE
 set role test_role2;
+select current_user(), current_role();
 --sorted_result
 show grants;
 --error ER_TABLEACCESS_DENIED_ERROR
@@ -61,6 +65,7 @@ select * from mysql.roles_mapping;
 --sorted_result
 show grants;
 set role test_role1;
+select current_user(), current_role();
 --sorted_result
 show grants;
 --sorted_result
@@ -69,6 +74,7 @@ select * from mysql.roles_mapping where HostFk='';
 --sorted_result
 show grants;
 set role none;
+select current_user(), current_role();
 --sorted_result
 show grants;
 --error ER_TABLEACCESS_DENIED_ERROR

--- a/mysql-test/t/acl_roles_set_role-routine-simple.test
+++ b/mysql-test/t/acl_roles_set_role-routine-simple.test
@@ -44,7 +44,9 @@ show grants;
 --error ER_DBACCESS_DENIED_ERROR
 use mysql;
+select current_user(), current_role();
 set role test_role1;
+select current_user(), current_role();
 use mysql;
 call test_proc(@a);
@@ -55,6 +57,7 @@ SELECT test_func('AABBCCDD');
 --sorted_result
 show grants;
 set role none;
+select current_user(), current_role();
 --sorted_result
 show grants;
@@ -65,6 +68,7 @@ call test_proc(@a);
 SELECT test_func('AABBCCDD');
 set role test_role3;
+select current_user(), current_role();
 --sorted_result
 show grants;
 call test_proc(@a);

--- a/mysql-test/t/acl_roles_set_role-simple.test
+++ b/mysql-test/t/acl_roles_set_role-simple.test
@@ -23,13 +23,16 @@ select * from mysql.roles_mapping;
 --sorted_result
 show grants;
+select current_user(), current_role();
 set role test_role1;
+select current_user(), current_role();
 --sorted_result
 show grants;
 --sorted_result
 select * from mysql.roles_mapping;
 set role none;
+select current_user(), current_role();
 --error ER_TABLEACCESS_DENIED_ERROR
 select * from mysql.roles_mapping;

--- a/mysql-test/t/acl_roles_set_role-table-column-priv.test
+++ b/mysql-test/t/acl_roles_set_role-table-column-priv.test
@@ -25,7 +25,9 @@ select * from mysql.roles_mapping;
 --sorted_result
 show grants;
+select current_user(), current_role();
 set role test_role1;
+select current_user(), current_role();
 --sorted_result
 show grants;
@@ -42,6 +44,7 @@ show grants;
 use mysql;
 set role none;
+select current_user(), current_role();
 --sorted_result
 --error ER_TABLEACCESS_DENIED_ERROR

--- a/mysql-test/t/acl_roles_set_role-table-simple.test
+++ b/mysql-test/t/acl_roles_set_role-table-simple.test
@@ -25,7 +25,9 @@ select * from mysql.roles_mapping;
 --sorted_result
 show grants;
+select current_user(), current_role();
 set role test_role1;
+select current_user(), current_role();
 --sorted_result
 show grants;
@@ -39,6 +41,7 @@ show grants;
 use mysql;
 set role none;
+select current_user(), current_role();
 --sorted_result
 --error ER_TABLEACCESS_DENIED_ERROR

--- a/mysql-test/t/acl_roles_show_grants.test
+++ b/mysql-test/t/acl_roles_show_grants.test
@@ -30,10 +30,13 @@ change_user 'test_user';
 --sorted_result
 show grants;
+select current_user(), current_role();
 set role test_role1;
+select current_user(), current_role();
 --sorted_result
 show grants;
 set role none;
+select current_user(), current_role();
 --sorted_result
 show grants;
@@ -53,6 +56,7 @@ show grants for CURRENT_ROLE;
 show grants for CURRENT_ROLE();
 set role test_role2;
+select current_user(), current_role();
 --sorted_result
 show grants;
 --sorted_result

--- a/sql/item_strfunc.cc
+++ b/sql/item_strfunc.cc
@@ -2332,16 +2332,28 @@ bool Item_func_current_user::fix_fields(THD *thd, Item **ref)
  if (Item_func_sysconst::fix_fields(thd, ref))
    return TRUE;
-  Security_context *ctx=
+  Security_context *ctx= context->security_ctx
-#ifndef NO_EMBEDDED_ACCESS_CHECKS
+                          ? context->security_ctx : thd->security_ctx;
-                         (context->security_ctx
-                          ? context->security_ctx : thd->security_ctx);
-#else
-                         thd->security_ctx;
-#endif /*NO_EMBEDDED_ACCESS_CHECKS*/
  return init(ctx->priv_user, ctx->priv_host);
 }
+bool Item_func_current_role::fix_fields(THD *thd, Item **ref)
+{
+  if (Item_func_sysconst::fix_fields(thd, ref))
+    return 1;
+  Security_context *ctx= context->security_ctx
+                          ? context->security_ctx : thd->security_ctx;
+  const char *role= ctx->priv_role[0] ? ctx->priv_role : NONE_ROLE;
+  if (str_value.copy(role, strlen(role), system_charset_info))
+    return 1;
+  str_value.mark_as_const();
+  return 0;
+}
 void Item_func_soundex::fix_length_and_dec()
 {

--- a/sql/item_strfunc.h
+++ b/sql/item_strfunc.h
@@ -580,6 +580,28 @@ public:
 };
+class Item_func_current_role :public Item_func_sysconst
+{
+  Name_resolution_context *context;
+public:
+  Item_func_current_role(Name_resolution_context *context_arg)
+    : context(context_arg) {}
+  bool fix_fields(THD *thd, Item **ref);
+  void fix_length_and_dec()
+  { max_length= username_char_length * SYSTEM_CHARSET_MBMAXLEN; }
+  int save_in_field(Field *field, bool no_conversions)
+  { return save_str_value_in_field(field, &str_value); }
+  const char *func_name() const { return "current_role"; }
+  const char *fully_qualified_func_name() const { return "current_role()"; }
+  String *val_str(String *)
+  {
+    DBUG_ASSERT(fixed == 1);
+    return (null_value ? 0 : &str_value);
+  }
+};
 class Item_func_soundex :public Item_str_func
 {
  String tmp_value;

--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -8648,6 +8648,14 @@ function_call_keyword:
            Lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_SYSTEM_FUNCTION);
            Lex->safe_to_cache_query= 0;
          }
+        | CURRENT_ROLE optional_braces
+          {
+            $$= new (thd->mem_root) Item_func_current_role(Lex->current_context());
+            if ($$ == NULL)
+              MYSQL_YYABORT;
+            Lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_SYSTEM_FUNCTION);
+            Lex->safe_to_cache_query= 0;
+          }
        | DATE_SYM '(' expr ')'
          {
            $$= new (thd->mem_root) Item_date_typecast($3);