Exact hostnames grants take precedence over wildcard grants

MariaDB and others match grants first by exact hostname/IP and then by
wildcard. If there are no exact matches, the wildcard grant should be
picked. This can be tested by having different passwords for localhost and
remote address.

The SQLite based authentication should first check for an exact match and
then only after that should it try to match the hostname to a wildcard
grant.

server/modules/authenticator/MySQLAuth/dbusers.c

@@ -463,7 +463,7 @@ bool validate_mysql_user(sqlite3 *handle, DCB *dcb, MYSQL_session *session,
     char *err;
 
     sprintf(sql, mysqlauth_validate_user_query, session->user, dcb->remote,
-            session->db, session->db);
+            dcb->remote, session->db, session->db);
 
     struct user_query_result res = {};
 
@@ -482,7 +482,7 @@ bool validate_mysql_user(sqlite3 *handle, DCB *dcb, MYSQL_session *session,
         char client_hostname[MYSQL_HOST_MAXLEN];
         wildcard_domain_match(dcb->remote, client_hostname);
         sprintf(sql, mysqlauth_validate_user_query, session->user, client_hostname,
-                session->db, session->db);
+                client_hostname, session->db, session->db);
 
         if (sqlite3_exec(handle, sql, auth_cb, &res, &err) != SQLITE_OK)
         {

server/modules/authenticator/MySQLAuth/mysql_auth.h

@@ -61,7 +61,7 @@ static const char databases_create_sql[] =
 /** Query that checks if there's a grant for the user being authenticated */
 static const char mysqlauth_validate_user_query[] =
     "SELECT password FROM " MYSQLAUTH_USERS_TABLE_NAME
-    " WHERE user = '%s' AND '%s' LIKE host AND (anydb = '1' OR '%s' = '' OR '%s' LIKE db)"
+    " WHERE user = '%s' AND ( '%s' = host OR '%s' LIKE host) AND (anydb = '1' OR '%s' = '' OR '%s' LIKE db)"
     " LIMIT 1";
 
 /** Query that checks that the database exists */