1 files changed, 15 insertions, 9 deletions

diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index 1bdca7167e8..598ff153cad 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -590,7 +590,6 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
 
   /* OK. User found and password checked continue validation */
 
-#ifdef HAVE_OPENSSL
   {
     Vio *vio=thd->net.vio;
     /*
@@ -604,6 +603,7 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
     case SSL_TYPE_NONE: /* SSL is not required to connect */
       user_access=acl_user->access;
       break;
+#ifdef HAVE_OPENSSL
     case SSL_TYPE_ANY: /* Any kind of SSL is good enough */
       if (vio_type(vio) == VIO_TYPE_SSL)
 	user_access=acl_user->access;
@@ -686,11 +686,17 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
 	free(ptr);
       }
       break;
+#else /* HAVE_OPENSSL */
+    default: 
+      /*
+         If we don't have SSL but SSL is required for this user the 
+         authentication should fail.
+       */
+      break;
+#endif /* HAVE_OPENSSL */
     }
   }
-#else  /* HAVE_OPENSSL */
-  user_access=acl_user->access;
-#endif /* HAVE_OPENSSL */
+
   *mqh=acl_user->user_resource;
   if (!acl_user->user)
     *priv_user=(char*) "";	// Change to anonymous user /* purecov: inspected */
@@ -877,7 +883,7 @@ static void acl_insert_db(const char *user, const char *host, const char *db,
 *****************************************************************************/
 
 ulong acl_get(const char *host, const char *ip, const char *bin_ip,
-	     const char *user, const char *db)
+	     const char *user, const char *db, my_bool db_is_pattern)
 {
   ulong host_access,db_access;
   uint i,key_length;
@@ -911,7 +917,7 @@ ulong acl_get(const char *host, const char *ip, const char *bin_ip,
     {
       if (compare_hostname(&acl_db->host,host,ip))
       {
-	if (!acl_db->db || !wild_compare(db,acl_db->db))
+	if (!acl_db->db || !wild_compare(db,acl_db->db,db_is_pattern))
 	{
 	  db_access=acl_db->access;
 	  if (acl_db->host.hostname)
@@ -933,7 +939,7 @@ ulong acl_get(const char *host, const char *ip, const char *bin_ip,
     ACL_HOST *acl_host=dynamic_element(&acl_hosts,i,ACL_HOST*);
     if (compare_hostname(&acl_host->host,host,ip))
     {
-      if (!acl_host->db || !wild_compare(db,acl_host->db))
+      if (!acl_host->db || !wild_compare(db,acl_host->db,db_is_pattern))
       {
 	host_access=acl_host->access;		// Fully specified. Take it
 	break;
@@ -1271,7 +1277,7 @@ static bool compare_hostname(const acl_host_and_ip *host, const char *hostname,
   return (!host->hostname ||
 	  (hostname && !wild_case_compare(&my_charset_latin1,
                                           hostname,host->hostname)) ||
-	  (ip && !wild_compare(ip,host->hostname)));
+	  (ip && !wild_compare(ip,host->hostname,0)));
 }
 
 
@@ -1331,7 +1337,7 @@ static bool test_if_create_new_users(THD *thd)
     tl.db=	   (char*) "mysql";
     tl.real_name=  (char*) "user";
     db_access=acl_get(thd->host, thd->ip, (char*) &thd->remote.sin_addr,
-		      thd->priv_user, tl.db);
+		      thd->priv_user, tl.db, 0);
     if (!(db_access & INSERT_ACL))
     {
       if (check_grant(thd,INSERT_ACL,&tl,0,1))