summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--mysql-test/r/sp-security.result61
-rw-r--r--mysql-test/t/sp-security.test57
-rw-r--r--sql/sql_acl.cc13
3 files changed, 126 insertions, 5 deletions
diff --git a/mysql-test/r/sp-security.result b/mysql-test/r/sp-security.result
index 65c94577a57..5f1d9b94277 100644
--- a/mysql-test/r/sp-security.result
+++ b/mysql-test/r/sp-security.result
@@ -510,4 +510,65 @@ DROP USER mysqltest_u1@localhost;
DROP PROCEDURE p_suid;
DROP FUNCTION f_suid;
DROP TABLE t1;
+#
+# Bug #48872 : Privileges for stored functions ignored if function name
+# is mixed case
+#
+CREATE DATABASE B48872;
+USE B48872;
+CREATE TABLE `TestTab` (id INT);
+INSERT INTO `TestTab` VALUES (1),(2);
+CREATE FUNCTION `f_Test`() RETURNS INT RETURN 123;
+CREATE FUNCTION `f_Test_denied`() RETURNS INT RETURN 123;
+CREATE USER 'tester';
+CREATE USER 'Tester';
+GRANT SELECT ON TABLE `TestTab` TO 'tester';
+GRANT EXECUTE ON FUNCTION `f_Test` TO 'tester';
+GRANT EXECUTE ON FUNCTION `f_Test_denied` TO 'Tester';
+SELECT f_Test();
+f_Test()
+123
+SELECT * FROM TestTab;
+id
+1
+2
+SELECT * FROM TestTab;
+id
+1
+2
+SELECT `f_Test`();
+`f_Test`()
+123
+SELECT `F_TEST`();
+`F_TEST`()
+123
+SELECT f_Test();
+f_Test()
+123
+SELECT F_TEST();
+F_TEST()
+123
+SELECT * FROM TestTab;
+ERROR 42000: SELECT command denied to user 'Tester'@'localhost' for table 'TestTab'
+SELECT `f_Test`();
+ERROR 42000: execute command denied to user 'Tester'@'%' for routine 'B48872.f_Test'
+SELECT `F_TEST`();
+ERROR 42000: execute command denied to user 'Tester'@'%' for routine 'B48872.f_Test'
+SELECT f_Test();
+ERROR 42000: execute command denied to user 'Tester'@'%' for routine 'B48872.f_Test'
+SELECT F_TEST();
+ERROR 42000: execute command denied to user 'Tester'@'%' for routine 'B48872.f_Test'
+SELECT `f_Test_denied`();
+`f_Test_denied`()
+123
+SELECT `F_TEST_DENIED`();
+`F_TEST_DENIED`()
+123
+DROP TABLE `TestTab`;
+DROP FUNCTION `f_Test`;
+DROP FUNCTION `f_Test_denied`;
+USE test;
+DROP USER 'tester';
+DROP USER 'Tester';
+DROP DATABASE B48872;
End of 5.0 tests.
diff --git a/mysql-test/t/sp-security.test b/mysql-test/t/sp-security.test
index a80fe89082a..5e8c75a72e2 100644
--- a/mysql-test/t/sp-security.test
+++ b/mysql-test/t/sp-security.test
@@ -865,6 +865,63 @@ DROP PROCEDURE p_suid;
DROP FUNCTION f_suid;
DROP TABLE t1;
+--echo #
+--echo # Bug #48872 : Privileges for stored functions ignored if function name
+--echo # is mixed case
+--echo #
+
+CREATE DATABASE B48872;
+USE B48872;
+CREATE TABLE `TestTab` (id INT);
+INSERT INTO `TestTab` VALUES (1),(2);
+CREATE FUNCTION `f_Test`() RETURNS INT RETURN 123;
+CREATE FUNCTION `f_Test_denied`() RETURNS INT RETURN 123;
+CREATE USER 'tester';
+CREATE USER 'Tester';
+GRANT SELECT ON TABLE `TestTab` TO 'tester';
+GRANT EXECUTE ON FUNCTION `f_Test` TO 'tester';
+GRANT EXECUTE ON FUNCTION `f_Test_denied` TO 'Tester';
+
+SELECT f_Test();
+SELECT * FROM TestTab;
+
+CONNECT (con_tester,localhost,tester,,B48872);
+CONNECT (con_tester_denied,localhost,Tester,,B48872);
+CONNECTION con_tester;
+
+SELECT * FROM TestTab;
+SELECT `f_Test`();
+SELECT `F_TEST`();
+SELECT f_Test();
+SELECT F_TEST();
+
+CONNECTION con_tester_denied;
+
+--error ER_TABLEACCESS_DENIED_ERROR
+SELECT * FROM TestTab;
+--error ER_PROCACCESS_DENIED_ERROR
+SELECT `f_Test`();
+--error ER_PROCACCESS_DENIED_ERROR
+SELECT `F_TEST`();
+--error ER_PROCACCESS_DENIED_ERROR
+SELECT f_Test();
+--error ER_PROCACCESS_DENIED_ERROR
+SELECT F_TEST();
+SELECT `f_Test_denied`();
+SELECT `F_TEST_DENIED`();
+
+CONNECTION default;
+DISCONNECT con_tester;
+DISCONNECT con_tester_denied;
+DROP TABLE `TestTab`;
+DROP FUNCTION `f_Test`;
+DROP FUNCTION `f_Test_denied`;
+
+USE test;
+DROP USER 'tester';
+DROP USER 'Tester';
+DROP DATABASE B48872;
+
--echo End of 5.0 tests.
# Wait till all disconnects are completed
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index ed9adbd96e1..77c72066429 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -2444,14 +2444,17 @@ static GRANT_NAME *name_hash_search(HASH *name_hash,
const char *host,const char* ip,
const char *db,
const char *user, const char *tname,
- bool exact)
+ bool exact, bool name_tolower)
{
- char helping [NAME_LEN*2+USERNAME_LENGTH+3];
+ char helping [NAME_LEN*2+USERNAME_LENGTH+3], *name_ptr;
uint len;
GRANT_NAME *grant_name,*found=0;
HASH_SEARCH_STATE state;
- len = (uint) (strmov(strmov(strmov(helping,user)+1,db)+1,tname)-helping)+ 1;
+ name_ptr= strmov(strmov(helping, user) + 1, db) + 1;
+ len = (uint) (strmov(name_ptr, tname) - helping) + 1;
+ if (name_tolower)
+ my_casedn_str(files_charset_info, name_ptr);
for (grant_name= (GRANT_NAME*) hash_first(name_hash, (uchar*) helping,
len, &state);
grant_name ;
@@ -2484,7 +2487,7 @@ routine_hash_search(const char *host, const char *ip, const char *db,
{
return (GRANT_TABLE*)
name_hash_search(proc ? &proc_priv_hash : &func_priv_hash,
- host, ip, db, user, tname, exact);
+ host, ip, db, user, tname, exact, TRUE);
}
@@ -2493,7 +2496,7 @@ table_hash_search(const char *host, const char *ip, const char *db,
const char *user, const char *tname, bool exact)
{
return (GRANT_TABLE*) name_hash_search(&column_priv_hash, host, ip, db,
- user, tname, exact);
+ user, tname, exact, FALSE);
}
View Lorry Controller Status