MDEV-10744: Roles are not fully case sensitive

Due to the collation used on the roles_mapping_hash, key comparison
would work in a case-insensitive manner. This is incorrect from the
roles mapping perspective. Make use of a case-sensitive collation for that hash,
the same one used for the acl_roles hash.

mysql-test/suite/roles/role_case_sensitive-10744.result

@@ -0,0 +1,58 @@
+#
+# MDEV-10744 Roles are not fully case-sensitive
+#
+#
+# Test creating two case-different roles.
+#
+create user test_user@'%';
+create role test_ROLE;
+create role test_role;
+#
+# Test if mysql.user has the roles created.
+#
+select user, host from mysql.user where is_role='y' and user like 'test%';
+user	host
+test_ROLE	
+test_role	
+create database secret_db;
+create table secret_db.t1 (secret varchar(100));
+insert into secret_db.t1 values ("Some Secret P4ssw0rd");
+grant select on secret_db.* to test_role;
+grant test_role to test_user;
+show grants for test_user;
+Grants for test_user@%
+GRANT test_role TO 'test_user'@'%'
+GRANT USAGE ON *.* TO 'test_user'@'%'
+#
+# Now test the UPPER case role.
+#
+grant test_ROLE to test_user;
+grant insert on secret_db.t1 to test_ROLE;
+show grants for test_user;
+Grants for test_user@%
+GRANT test_role TO 'test_user'@'%'
+GRANT test_ROLE TO 'test_user'@'%'
+GRANT USAGE ON *.* TO 'test_user'@'%'
+#
+# Test users privileges when interacting with those roles;
+#
+show tables from secret_db;
+ERROR 42000: Access denied for user 'test_user'@'%' to database 'secret_db'
+set role test_ROLE;
+show tables from secret_db;
+Tables_in_secret_db
+t1
+select * from secret_db.t1;
+ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 't1'
+insert into secret_db.t1 values ("|-|4><");
+set role test_role;
+select * from secret_db.t1 order by secret;
+secret
+Some Secret P4ssw0rd
+|-|4><
+insert into secret_db.t1 values ("|_33T|-|4><");
+ERROR 42000: INSERT command denied to user 'test_user'@'localhost' for table 't1'
+drop role test_ROLE;
+drop role test_role;
+drop user test_user;
+drop database secret_db;

mysql-test/suite/roles/role_case_sensitive-10744.test

@@ -0,0 +1,54 @@
+--source include/not_embedded.inc
+--echo #
+--echo # MDEV-10744 Roles are not fully case-sensitive
+--echo #
+
+--echo #
+--echo # Test creating two case-different roles.
+--echo #
+create user test_user@'%';
+create role test_ROLE;
+create role test_role;
+--echo #
+--echo # Test if mysql.user has the roles created.
+--echo #
+--sorted_result
+select user, host from mysql.user where is_role='y' and user like 'test%';
+
+create database secret_db;
+create table secret_db.t1 (secret varchar(100));
+insert into secret_db.t1 values ("Some Secret P4ssw0rd");
+
+grant select on secret_db.* to test_role;
+grant test_role to test_user;
+show grants for test_user;
+--echo #
+--echo # Now test the UPPER case role.
+--echo #
+grant test_ROLE to test_user;
+grant insert on secret_db.t1 to test_ROLE;
+show grants for test_user;
+connect (test_user,localhost,test_user);
+
+--echo #
+--echo # Test users privileges when interacting with those roles;
+--echo #
+--error ER_DBACCESS_DENIED_ERROR
+show tables from secret_db;
+set role test_ROLE;
+show tables from secret_db;
+--error ER_TABLEACCESS_DENIED_ERROR
+select * from secret_db.t1;
+insert into secret_db.t1 values ("|-|4><");
+set role test_role;
+select * from secret_db.t1 order by secret;
+--error ER_TABLEACCESS_DENIED_ERROR
+insert into secret_db.t1 values ("|_33T|-|4><");
+
+connection default;
+
+
+drop role test_ROLE;
+drop role test_role;
+drop user test_user;
+drop database secret_db;

sql/sql_acl.cc

@@ -1600,7 +1600,7 @@ my_bool acl_reload(THD *thd)
   my_hash_init2(&acl_roles,50, &my_charset_utf8_bin,
                 0, 0, 0, (my_hash_get_key) acl_role_get_key, 0,
                 (void (*)(void *))free_acl_role, 0);
-  my_hash_init2(&acl_roles_mappings, 50, system_charset_info, 0, 0, 0,
+  my_hash_init2(&acl_roles_mappings, 50, &my_charset_utf8_bin, 0, 0, 0,
                 (my_hash_get_key) acl_role_map_get_key, 0, 0, 0);
   old_mem= acl_memroot;
   delete_dynamic(&acl_wild_hosts);