Bug #48872 : Privileges for stored functions ignored if function name

is mixed case

Transcode the procedure name to lowercase when searching for it in the 
hash. This is the missing part of the fix for bug #41049.

mysql-test/r/sp-security.result

@@ -519,4 +519,65 @@ DROP USER mysqltest_u1@localhost;
 DROP PROCEDURE p_suid;
 DROP FUNCTION f_suid;
 DROP TABLE t1;
+#
+# Bug #48872 : Privileges for stored functions ignored if function name 
+#  is mixed case
+#
+CREATE DATABASE B48872;
+USE B48872;
+CREATE TABLE `TestTab` (id INT);
+INSERT INTO `TestTab` VALUES (1),(2);
+CREATE FUNCTION `f_Test`() RETURNS INT RETURN 123;
+CREATE FUNCTION `f_Test_denied`() RETURNS INT RETURN 123;
+CREATE USER 'tester';
+CREATE USER 'Tester';
+GRANT SELECT ON TABLE `TestTab` TO 'tester';
+GRANT EXECUTE ON FUNCTION `f_Test` TO 'tester';
+GRANT EXECUTE ON FUNCTION `f_Test_denied` TO 'Tester';
+SELECT f_Test();
+f_Test()
+123
+SELECT * FROM TestTab;
+id
+1
+2
+SELECT * FROM TestTab;
+id
+1
+2
+SELECT `f_Test`();
+`f_Test`()
+123
+SELECT `F_TEST`();
+`F_TEST`()
+123
+SELECT f_Test();
+f_Test()
+123
+SELECT F_TEST();
+F_TEST()
+123
+SELECT * FROM TestTab;
+ERROR 42000: SELECT command denied to user 'Tester'@'localhost' for table 'TestTab'
+SELECT `f_Test`();
+ERROR 42000: execute command denied to user 'Tester'@'%' for routine 'B48872.f_Test'
+SELECT `F_TEST`();
+ERROR 42000: execute command denied to user 'Tester'@'%' for routine 'B48872.f_Test'
+SELECT f_Test();
+ERROR 42000: execute command denied to user 'Tester'@'%' for routine 'B48872.f_Test'
+SELECT F_TEST();
+ERROR 42000: execute command denied to user 'Tester'@'%' for routine 'B48872.f_Test'
+SELECT `f_Test_denied`();
+`f_Test_denied`()
+123
+SELECT `F_TEST_DENIED`();
+`F_TEST_DENIED`()
+123
+DROP TABLE `TestTab`;
+DROP FUNCTION `f_Test`;
+DROP FUNCTION `f_Test_denied`;
+USE test;
+DROP USER 'tester';
+DROP USER 'Tester';
+DROP DATABASE B48872;
 End of 5.0 tests.

mysql-test/t/sp-security.test

@@ -889,6 +889,63 @@ DROP PROCEDURE p_suid;
 DROP FUNCTION f_suid;
 DROP TABLE t1;
 
+--echo #
+--echo # Bug #48872 : Privileges for stored functions ignored if function name 
+--echo #  is mixed case
+--echo #
+
+CREATE DATABASE B48872;
+USE B48872;
+CREATE TABLE `TestTab` (id INT);
+INSERT INTO `TestTab` VALUES (1),(2);
+CREATE FUNCTION `f_Test`() RETURNS INT RETURN 123;
+CREATE FUNCTION `f_Test_denied`() RETURNS INT RETURN 123;
+CREATE USER 'tester';
+CREATE USER 'Tester';
+GRANT SELECT ON TABLE `TestTab` TO 'tester';
+GRANT EXECUTE ON FUNCTION `f_Test` TO 'tester';
+GRANT EXECUTE ON FUNCTION `f_Test_denied` TO 'Tester';
+
+SELECT f_Test();
+SELECT * FROM TestTab;
+
+CONNECT (con_tester,localhost,tester,,B48872);
+CONNECT (con_tester_denied,localhost,Tester,,B48872);
+CONNECTION con_tester;
+
+SELECT * FROM TestTab;
+SELECT `f_Test`();
+SELECT `F_TEST`();
+SELECT f_Test();
+SELECT F_TEST();
+
+CONNECTION con_tester_denied;
+
+--error ER_TABLEACCESS_DENIED_ERROR
+SELECT * FROM TestTab;
+--error ER_PROCACCESS_DENIED_ERROR
+SELECT `f_Test`();
+--error ER_PROCACCESS_DENIED_ERROR
+SELECT `F_TEST`();
+--error ER_PROCACCESS_DENIED_ERROR
+SELECT f_Test();
+--error ER_PROCACCESS_DENIED_ERROR
+SELECT F_TEST();
+SELECT `f_Test_denied`();
+SELECT `F_TEST_DENIED`();
+
+CONNECTION default;
+DISCONNECT con_tester;
+DISCONNECT con_tester_denied;
+DROP TABLE `TestTab`;
+DROP FUNCTION `f_Test`;
+DROP FUNCTION `f_Test_denied`;
+
+USE test;
+DROP USER 'tester';
+DROP USER 'Tester';
+DROP DATABASE B48872;
+
 --echo End of 5.0 tests.
 
 # Wait till all disconnects are completed

sql/sql_acl.cc

@@ -2280,14 +2280,17 @@ static GRANT_NAME *name_hash_search(HASH *name_hash,
 				      const char *host,const char* ip,
 				      const char *db,
 				      const char *user, const char *tname,
-				      bool exact)
+				      bool exact, bool name_tolower)
 {
-  char helping [NAME_LEN*2+USERNAME_LENGTH+3];
+  char helping [NAME_LEN*2+USERNAME_LENGTH+3], *name_ptr;
   uint len;
   GRANT_NAME *grant_name,*found=0;
   HASH_SEARCH_STATE state;
 
-  len  = (uint) (strmov(strmov(strmov(helping,user)+1,db)+1,tname)-helping)+ 1;
+  name_ptr= strmov(strmov(helping, user) + 1, db) + 1;
+  len  = (uint) (strmov(name_ptr, tname) - helping) + 1;
+  if (name_tolower)
+    my_casedn_str(files_charset_info, name_ptr);
   for (grant_name= (GRANT_NAME*) hash_first(name_hash, (byte*) helping,
                                             len, &state);
        grant_name ;
@@ -2320,7 +2323,7 @@ routine_hash_search(const char *host, const char *ip, const char *db,
 {
   return (GRANT_TABLE*)
     name_hash_search(proc ? &proc_priv_hash : &func_priv_hash,
-		     host, ip, db, user, tname, exact);
+		     host, ip, db, user, tname, exact, TRUE);
 }
 
 
@@ -2329,7 +2332,7 @@ table_hash_search(const char *host, const char *ip, const char *db,
 		  const char *user, const char *tname, bool exact)
 {
   return (GRANT_TABLE*) name_hash_search(&column_priv_hash, host, ip, db,
-					 user, tname, exact);
+					 user, tname, exact, FALSE);
 }