From 14ddcb1ff27dbb7248c63a01756852404b6d5209 Mon Sep 17 00:00:00 2001
From: Sergei Golubchik <serg@mariadb.org>
Date: Thu, 2 Aug 2018 22:28:04 +0200
Subject: [PATCH] Bug#27407480: AUTOMATIC_SP_PRIVILEGES REQUIRES NEED THE
 INSERT PRIVILEGES FOR MYSQL.USER TABLE

A test case and a followup fix
---
 mysql-test/r/sp-security.result | 21 +++++++++++++++++++++
 mysql-test/t/sp-security.test   | 19 ++++++++++++++++++-
 sql/sql_acl.cc                  |  2 +-
 3 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/mysql-test/r/sp-security.result b/mysql-test/r/sp-security.result
index 88908b05f46..39237b7f322 100644
--- a/mysql-test/r/sp-security.result
+++ b/mysql-test/r/sp-security.result
@@ -617,3 +617,24 @@ SELECT 1	latin1	latin1_swedish_ci	latin1_swedish_ci
 # Connection default
 DROP USER user2@localhost;
 DROP DATABASE db1;
+create user foo@local_ost;
+create user foo@`local\_ost` identified by 'nevermore';
+create database foodb;
+grant create routine on foodb.* to foo@local_ost;
+select user(), current_user();
+user()	current_user()
+foo@localhost	foo@local_ost
+show grants;
+Grants for foo@local_ost
+GRANT USAGE ON *.* TO 'foo'@'local_ost'
+GRANT CREATE ROUTINE ON `foodb`.* TO 'foo'@'local_ost'
+create procedure fooproc() select 'i am fooproc';
+show grants;
+Grants for foo@local_ost
+GRANT USAGE ON *.* TO 'foo'@'local_ost'
+GRANT CREATE ROUTINE ON `foodb`.* TO 'foo'@'local_ost'
+GRANT EXECUTE, ALTER ROUTINE ON PROCEDURE `test`.`fooproc` TO 'foo'@'local_ost'
+drop user foo@local_ost;
+drop user foo@`local\_ost`;
+drop procedure fooproc;
+drop database foodb;
diff --git a/mysql-test/t/sp-security.test b/mysql-test/t/sp-security.test
index ca4e6b04f13..3769bb3b4bf 100644
--- a/mysql-test/t/sp-security.test
+++ b/mysql-test/t/sp-security.test
@@ -995,7 +995,24 @@ disconnect con2;
 DROP USER user2@localhost;
 DROP DATABASE db1;
 
+#
+# Bug#27407480: AUTOMATIC_SP_PRIVILEGES REQUIRES NEED THE INSERT PRIVILEGES FOR MYSQL.USER TABLE
+#
+create user foo@local_ost;
+create user foo@`local\_ost` identified by 'nevermore';
+create database foodb;
+grant create routine on foodb.* to foo@local_ost;
+connect con1,localhost,foo;
+select user(), current_user();
+show grants;
+create procedure fooproc() select 'i am fooproc';
+show grants;
+disconnect con1;
+connection default;
+drop user foo@local_ost;
+drop user foo@`local\_ost`;
+drop procedure fooproc;
+drop database foodb;
 
 # Wait till all disconnects are completed
 --source include/wait_until_count_sessions.inc
-
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index 24740a0695a..066e7e4c7f4 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -7190,7 +7190,7 @@ bool sp_grant_privileges(THD *thd, const char *sp_db, const char *sp_name,
   mysql_mutex_lock(&acl_cache->lock);
 
  if ((au= find_acl_user(combo->host.str= (char *) sctx->priv_host,
-                        combo->user.str, FALSE)))
+                        combo->user.str, TRUE)))
     goto found_acl;
 
   mysql_mutex_unlock(&acl_cache->lock);