Bug#18660 Can't grant any privileges on single table in database with underscore char

In case of database level grant the database name may be a pattern,
in case of table|column level grant the database name can not be a pattern.
We use 'dont_check_global_grants' as a flag to determine
if it's database level grant command 
(see SQLCOM_GRANT case, mysql_execute_command() function) and
set db_is_pattern according to 'dont_check_global_grants' value.


mysql-test/r/grant2.result:
  test result
mysql-test/t/grant2.test:
  test case
sql/sql_parse.cc:
  In case of database level grant the database name may be a pattern,
  in case of table|column level grant the database name can not be a pattern.
  We use 'dont_check_global_grants' as a flag to determine
  if it's database level grant command 
  (see SQLCOM_GRANT case, mysql_execute_command() function) and
  set db_is_pattern according to 'dont_check_global_grants' value.

mysql-test/r/grant2.result

@@ -403,4 +403,22 @@ use test;
 drop database mysqltest_1;
 drop database mysqltest_2;
 drop user mysqltest_u1@localhost;
+grant all on `mysqltest\_%`.* to mysqltest_1@localhost with grant option;
+grant usage on *.* to mysqltest_2@localhost;
+create database mysqltest_1;
+use mysqltest_1;
+create table t1 (f1 int);
+grant create on `mysqltest\_1`.* to mysqltest_2@localhost;
+grant select on mysqltest_1.t1 to mysqltest_2@localhost;
+create database mysqltest_3;
+ERROR 42000: Access denied for user 'mysqltest_2'@'localhost' to database 'mysqltest_3'
+use mysqltest_1;
+create table t2(f1 int);
+select * from t1;
+f1
+drop database mysqltest_1;
+revoke all privileges, grant option from mysqltest_1@localhost;
+revoke all privileges, grant option from mysqltest_2@localhost;
+drop user mysqltest_1@localhost;
+drop user mysqltest_2@localhost;
 End of 5.0 tests

mysql-test/t/grant2.test

@@ -555,5 +555,35 @@ drop database mysqltest_1;
 drop database mysqltest_2;
 drop user mysqltest_u1@localhost;
 
+#
+# Bug#18660 Can't grant any privileges on single table in database
+#  with underscore char
+#
+grant all on `mysqltest\_%`.* to mysqltest_1@localhost with grant option;
+grant usage on *.* to mysqltest_2@localhost;
+connect (con18600_1,localhost,mysqltest_1,,);
+
+create database mysqltest_1;
+use mysqltest_1;
+create table t1 (f1 int);
+
+grant create on `mysqltest\_1`.* to mysqltest_2@localhost;
+grant select on mysqltest_1.t1 to mysqltest_2@localhost;
+connect (con3,localhost,mysqltest_2,,);
+connection con3;
+--error 1044
+create database mysqltest_3;
+use mysqltest_1;
+create table t2(f1 int);
+select * from t1;
+connection default;
+drop database mysqltest_1;
+
+revoke all privileges, grant option from mysqltest_1@localhost;
+revoke all privileges, grant option from mysqltest_2@localhost;
+drop user mysqltest_1@localhost;
+drop user mysqltest_2@localhost;
+
+
 --echo End of 5.0 tests
 

sql/sql_parse.cc

@@ -5252,7 +5252,17 @@ check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv,
   Security_context *sctx= thd->security_ctx;
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
   ulong db_access;
-  bool  db_is_pattern= test(want_access & GRANT_ACL);
+  /*
+    GRANT command:
+    In case of database level grant the database name may be a pattern,
+    in case of table|column level grant the database name can not be a pattern.
+    We use 'dont_check_global_grants' as a flag to determine
+    if it's database level grant command 
+    (see SQLCOM_GRANT case, mysql_execute_command() function) and
+    set db_is_pattern according to 'dont_check_global_grants' value.
+  */
+  bool  db_is_pattern= (test(want_access & GRANT_ACL) &&
+                        dont_check_global_grants);
 #endif
   ulong dummy;
   DBUG_ENTER("check_access");