config root man

--source include/have_plugin_auth.inc
--source include/not_embedded.inc
--source include/mysql_upgrade_preparation.inc
CALL mtr.add_suppression("Plugin test_plugin_server reported: 'Wrong password supplied for plug_dest'");

query_vertical SELECT PLUGIN_STATUS, PLUGIN_TYPE, PLUGIN_DESCRIPTION
  FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME='test_plugin_server';

SET @old_log_output=          @@global.log_output;
SET @old_general_log=         @@global.general_log;

SET GLOBAL log_output =       'TABLE';
SET GLOBAL general_log=       'ON';

CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
SELECT plugin,authentication_string FROM mysql.user WHERE User='plug';
--echo ## test plugin auth
--disable_query_log
--error ER_ACCESS_DENIED_ERROR : this should fail : no grant
connect(plug_con,localhost,plug,plug_dest);
--enable_query_log

GRANT PROXY ON plug_dest TO plug;
--echo test proxies_priv columns
--replace_column 1 xx 7 xx
SELECT * FROM mysql.proxies_priv WHERE user !='root';
--echo test mysql.proxies_priv;
SHOW CREATE TABLE mysql.proxies_priv;

connect(plug_con,localhost,plug,plug_dest);

connection plug_con;
select USER(),CURRENT_USER();

--echo ## test SET PASSWORD
#--error ER_SET_PASSWORD_AUTH_PLUGIN
--echo Setting password is allowed but it won't affect the authentication mechanism.
SET PASSWORD = 'plug_dest';

connection default;
disconnect plug_con;

--echo ## test bad credentials
--disable_query_log
--error ER_ACCESS_DENIED_ERROR
connect(plug_con,localhost,plug,bad_credentials);
--enable_query_log

--echo ## test bad default plugin : should get CR_AUTH_PLUGIN_CANNOT_LOAD
--disable_result_log
--disable_query_log
--error 2059
connect(plug_con_wrongp,localhost,plug,plug_dest,,,,,wrong_plugin_name);
--enable_query_log
--enable_result_log

--echo ## test correct default plugin
connect(plug_con_rightp,localhost,plug,plug_dest,,,,,auth_test_plugin);
connection plug_con_rightp;
select USER(),CURRENT_USER();
connection default;
disconnect plug_con_rightp;

--echo ## test no_auto_create_user sql mode with plugin users
SET @@sql_mode=no_auto_create_user;
--error 1133
GRANT INSERT ON TEST.* TO grant_user IDENTIFIED WITH 'test_plugin_server';

GRANT INSERT ON TEST.* TO grant_user IDENTIFIED WITH 'test_plugin_server' BY '123';
SET @@sql_mode=default;
DROP USER grant_user;
--echo ## test utf-8 user name
CREATE USER `Ÿ` IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';

GRANT PROXY ON plug_dest TO `Ÿ`;

connect(non_ascii,localhost,Ÿ,plug_dest);
connection non_ascii;
select USER(),CURRENT_USER();

connection default;
disconnect non_ascii;
DROP USER `Ÿ`;

--echo ## test GRANT ... IDENTIFIED WITH/BY ...

CREATE DATABASE test_grant_db;

--echo # create new user via GRANT WITH
GRANT ALL PRIVILEGES ON test_grant_db.* TO new_grant_user 
IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
GRANT PROXY ON plug_dest TO new_grant_user;  

connect(plug_con_grant,localhost,new_grant_user,plug_dest);
connection plug_con_grant;
select USER(),CURRENT_USER();
USE test_grant_db;
CREATE TABLE t1 (a INT);
DROP TABLE t1;
connection default;
disconnect plug_con_grant;
REVOKE ALL PRIVILEGES ON test_grant_db.* FROM new_grant_user;

--echo # try re-create existing user via GRANT IDENTIFIED BY
GRANT ALL PRIVILEGES ON test_grant_db.* TO new_grant_user
  IDENTIFIED BY 'unused_password';

--echo # make sure password doesn't take precendence
--disable_query_log
--error ER_ACCESS_DENIED_ERROR
connect(plug_con_grant_deny,localhost,new_grant_user,unused_password);
--enable_query_log
--echo #make sure plugin auth still available
connect(plug_con_grant,localhost,new_grant_user,plug_dest);
connection plug_con_grant;
select USER(),CURRENT_USER();
USE test_grant_db;
CREATE TABLE t1 (a INT);
DROP TABLE t1;
connection default;
disconnect plug_con_grant;

DROP USER new_grant_user;

--error ER_PARSE_ERROR
REVOKE SELECT on test_grant_db.* FROM joro 
  INDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';

--error ER_PARSE_ERROR
REVOKE SELECT on test_grant_db.* FROM joro 
  INDENTIFIED BY 'plug_dest_passwd';

--error ER_PARSE_ERROR
REVOKE SELECT on test_grant_db.* FROM joro 
  INDENTIFIED BY PASSWORD 'plug_dest_passwd';

DROP DATABASE test_grant_db;

--echo ## GRANT PROXY tests

# Test effect of variabled on the plugin tested here (WL#7724).
SELECT @@global.check_proxy_users;
SELECT @@global.mysql_native_password_proxy_users;
SELECT @@global.sha256_password_proxy_users;

SET @@global.check_proxy_users=ON;
SET @@global.mysql_native_password_proxy_users=ON;
SET @@global.sha256_password_proxy_users=ON;


CREATE USER grant_plug IDENTIFIED WITH 'test_plugin_server' 
  AS 'grant_plug_dest';
CREATE USER grant_plug_dest IDENTIFIED BY 'grant_plug_dest_passwd';
CREATE USER grant_plug_dest2 IDENTIFIED BY 'grant_plug_dest_passwd2';

--echo # ALL PRIVILEGES doesn't include PROXY
GRANT ALL PRIVILEGES ON *.* TO grant_plug;
--disable_query_log
--error ER_ACCESS_DENIED_ERROR : this should fail : no grant
connect(grant_plug_con,localhost,grant_plug,grant_plug_dest);
--enable_query_log

--error ER_PARSE_ERROR : this should fail : can't combine PROXY
GRANT ALL PRIVILEGES,PROXY ON grant_plug_dest TO grant_plug;

--echo this should fail : can't combine PROXY
--error ER_PARSE_ERROR
GRANT ALL SELECT,PROXY ON grant_plug_dest TO grant_plug;

--echo # this should fail : no such grant
--error ER_NONEXISTING_GRANT
REVOKE PROXY ON grant_plug_dest FROM grant_plug;

connect(grant_plug_dest_con,localhost,grant_plug_dest,grant_plug_dest_passwd);
connection grant_plug_dest_con;
--echo in grant_plug_dest_con

--echo ## testing what an ordinary user can grant 
--echo this should fail : no rights to grant all
--error ER_ACCESS_DENIED_NO_PASSWORD_ERROR
GRANT PROXY ON ''@'' TO grant_plug;

--echo this should fail : not the same user
--error ER_ACCESS_DENIED_NO_PASSWORD_ERROR
GRANT PROXY ON grant_plug TO grant_plug_dest;

# Security context in THD contains two pairs of (user,host)
# 1. (user,host) pair referring to inbound connection
# 2. (priv_user,priv_host) pair obtained from mysql.user table after doing
#    authnetication of incoming connection.
# Granting/revoking proxy privileges, privileges should be checked wrt
# (priv_user, priv_host) tuple that is obtained from mysql.user table
# Following is a valid grant because effective user of connection is
# grant_plug_dest@% and statement is trying to grant proxy on the same
# user.
--echo This is a valid grant
GRANT PROXY ON grant_plug_dest TO grant_plug;
REVOKE PROXY ON grant_plug_dest FROM grant_plug;

--echo this should work : same user
GRANT PROXY ON grant_plug_dest TO grant_plug_dest2;
REVOKE PROXY ON grant_plug_dest FROM grant_plug_dest2;

# grant_plug_dest@localhost is not the same as grant_plug_dest@%
# so following grant/revoke should fail
--echo this should fail : not the same user
--error ER_ACCESS_DENIED_NO_PASSWORD_ERROR
GRANT PROXY ON grant_plug_dest@localhost TO grant_plug WITH GRANT OPTION;
--echo this should fail : not the same user
--error ER_ACCESS_DENIED_NO_PASSWORD_ERROR
REVOKE PROXY ON grant_plug_dest@localhost FROM grant_plug;

--echo this should fail : can't create users
--error ER_CANT_CREATE_USER_WITH_GRANT
GRANT PROXY ON grant_plug_dest TO grant_plug@localhost;

connection default;
--echo in default connection
disconnect grant_plug_dest_con;

--echo # test what root can grant

--echo should work : root has PROXY to all users
GRANT PROXY ON ''@'' TO grant_plug;
REVOKE PROXY ON ''@'' FROM grant_plug;

--echo should work : root has PROXY to all users
GRANT PROXY ON ''@'' TO proxy_admin IDENTIFIED BY 'test' 
  WITH GRANT OPTION;

--echo need USAGE : PROXY doesn't contain it.
GRANT USAGE on *.* TO proxy_admin;

connect (proxy_admin_con,localhost,proxy_admin,test);
connection proxy_admin_con;
--echo in proxy_admin_con;

--echo should work : proxy_admin has proxy to ''@''
GRANT PROXY ON future_user TO grant_plug;

connection default;
--echo in default connection
disconnect proxy_admin_con;

SHOW GRANTS FOR grant_plug;
REVOKE PROXY ON future_user FROM grant_plug;
SHOW GRANTS FOR grant_plug;

--echo ## testing drop user
CREATE USER test_drop@localhost;
GRANT PROXY ON future_user TO test_drop@localhost;
SHOW GRANTS FOR test_drop@localhost;
DROP USER test_drop@localhost;
SELECT * FROM mysql.proxies_priv WHERE Host = 'test_drop' AND User = 'localhost';

DROP USER proxy_admin;

DROP USER grant_plug,grant_plug_dest,grant_plug_dest2;

--echo ## END GRANT PROXY tests

--echo ## cleanup
DROP USER plug;
DROP USER plug_dest;

--echo ## @@proxy_user tests
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
GRANT PROXY ON plug_dest TO plug;

SELECT USER(),CURRENT_USER(),@@LOCAL.proxy_user;

--error ER_INCORRECT_GLOBAL_LOCAL_VAR
SELECT @@GLOBAL.proxy_user;
SELECT @@LOCAL.proxy_user;

--error ER_INCORRECT_GLOBAL_LOCAL_VAR
SET GLOBAL proxy_user = 'test';
--error ER_INCORRECT_GLOBAL_LOCAL_VAR
SET LOCAL proxy_user = 'test';
SELECT @@LOCAL.proxy_user;

connect(plug_con,localhost,plug,plug_dest);
connection plug_con;
--echo # in connection plug_con
SELECT @@LOCAL.proxy_user;
connection default;
--echo # in connection default
disconnect plug_con;

SET @@global.check_proxy_users=0;
SET @@global.mysql_native_password_proxy_users=0;
SET @@global.sha256_password_proxy_users=0;

--echo ## cleanup
DROP USER plug;
DROP USER plug_dest;
--echo ## END @@proxy_user tests

--echo ## @@external_user tests
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
GRANT PROXY ON plug_dest TO plug;
SELECT USER(),CURRENT_USER(),@@LOCAL.external_user;

--error ER_INCORRECT_GLOBAL_LOCAL_VAR
SELECT @@GLOBAL.external_user;
SELECT @@LOCAL.external_user;

--error ER_INCORRECT_GLOBAL_LOCAL_VAR
SET GLOBAL external_user = 'test';
--error ER_INCORRECT_GLOBAL_LOCAL_VAR
SET LOCAL external_user = 'test';
SELECT @@LOCAL.external_user;

connect(plug_con,localhost,plug,plug_dest);
connection plug_con;
--echo # in connection plug_con
SELECT @@LOCAL.external_user;
connection default;
--echo # in connection default
disconnect plug_con;

--echo WL#5706 -- show the above got logged/rewritten correctly
SELECT argument FROM mysql.general_log WHERE argument LIKE CONCAT('%IDENTIFIED ','WITH %');

--echo ## cleanup
DROP USER plug;
DROP USER plug_dest;

SET GLOBAL log_output=  @old_log_output;
SET GLOBAL general_log= @old_general_log;
--echo ## END @@external_user tests

--echo #
--echo #  Bug #56798 : Wrong credentials assigned when using a proxy user.
--echo #

set @orig_sql_mode = @@sql_mode;
set sql_mode=(select replace(@@sql_mode,'NO_AUTO_CREATE_USER',''));
GRANT ALL PRIVILEGES ON *.* TO power_user;
set sql_mode= @orig_sql_mode;
GRANT USAGE ON anonymous_db.* TO ''@''
  IDENTIFIED WITH 'test_plugin_server' AS 'power_user';
GRANT PROXY ON power_user TO ''@'';
CREATE DATABASE confidential_db;

connect(plug_con,localhost, test_login_user, power_user, confidential_db);
SELECT user(),current_user(),@@proxy_user;

connection default;
disconnect plug_con;

DROP USER power_user;
DROP USER ''@'';
DROP DATABASE confidential_db;

--echo # Test case #2 (crash with double grant proxy)

CREATE USER ''@'' IDENTIFIED WITH 'test_plugin_server' AS 'standard_user';
CREATE USER standard_user;
CREATE DATABASE shared;
GRANT ALL PRIVILEGES ON shared.* TO standard_user;
GRANT PROXY ON standard_user TO ''@'';
--echo #should not crash
GRANT PROXY ON standard_user TO ''@'';

DROP USER ''@'';
DROP USER standard_user;
DROP DATABASE shared;

--echo #
--echo # Bug #57551 : Live upgrade fails between 5.1.52 -> 5.5.7-rc
--echo #

CALL mtr.add_suppression("Missing system table mysql.proxies_priv.");

DROP TABLE mysql.proxies_priv;

--echo # Must come back with mysql.proxies_priv absent.
--source include/restart_mysqld.inc

--error ER_NO_SUCH_TABLE
SELECT * FROM mysql.proxies_priv;

CREATE USER u1@localhost;
GRANT ALL PRIVILEGES ON *.* TO u1@localhost;
REVOKE ALL PRIVILEGES ON *.* FROM u1@localhost;
GRANT ALL PRIVILEGES ON *.* TO u1@localhost;

CREATE USER u2@localhost;
GRANT ALL PRIVILEGES ON *.* TO u2@localhost;

--echo # access denied because of no privileges to root
--error ER_ACCESS_DENIED_NO_PASSWORD_ERROR
GRANT PROXY ON u2@localhost TO u1@localhost;

--echo # access denied because of no privileges to root
--error ER_ACCESS_DENIED_NO_PASSWORD_ERROR
REVOKE PROXY ON u2@localhost FROM u1@localhost;

--echo # go try graning proxy on itself, so that it will need the table
connect(proxy_granter_con,localhost,u2,);
connection proxy_granter_con;

--error ER_NO_SUCH_TABLE
GRANT PROXY ON u2@localhost TO u1@localhost;
--error ER_NO_SUCH_TABLE
REVOKE PROXY ON u2@localhost FROM u1@localhost;

connection default;
disconnect proxy_granter_con;

--echo # test if REVOKE works without the proxies_priv table
REVOKE ALL PRIVILEGES ON *.* FROM u1@localhost, u2@localhost;

--echo # test if DROP USER work without the proxies_priv table
DROP USER u1@localhost,u2@localhost;

--echo # test if FLUSH PRIVILEGES works without the proxies_priv table
FLUSH PRIVILEGES;

--exec $MYSQL_UPGRADE --skip-verbose --force 2>&1
--query_vertical SELECT Host,User,Proxied_host,Proxied_user,With_grant FROM mysql.proxies_priv
FLUSH PRIVILEGES;

--echo #
--echo # Bug#58139 : default-auth option not recognized in MySQL standard
--echo #             command line clients
--echo #

--echo # Executing 'mysql'
--exec $MYSQL -u root -S $MASTER_MYSOCK -P $MASTER_MYPORT --default-auth=auth_test_plugin $PLUGIN_AUTH_OPT -e "SELECT 1"

--echo # Executing 'mysqladmin'
--exec $MYSQLADMIN --no-defaults -u root -S $MASTER_MYSOCK -P $MASTER_MYPORT --default-auth=auth_test_plugin $PLUGIN_AUTH_OPT ping

--echo # Executing 'mysqldump'
--exec $MYSQL_DUMP -u root -S $MASTER_MYSOCK -P $MASTER_MYPORT --compact --default-auth=auth_test_plugin $PLUGIN_AUTH_OPT test

--echo # Executing 'mysql_upgrade'
--exec $MYSQL_UPGRADE -u root -S $MASTER_MYSOCK -P $MASTER_MYPORT --default-auth=auth_test_plugin $PLUGIN_AUTH_OPT --skip-verbose --force --upgrade-system-tables

--echo #
--echo # Bug #59657: Move the client authentication_pam plugin into the 
--echo #  server repository
--echo #

CREATE USER uplain@localhost IDENTIFIED WITH 'cleartext_plugin_server'
  AS 'cleartext_test';

--echo ## test plugin auth
--disable_query_log
--error ER_ACCESS_DENIED_ERROR : this should fail : no grant
connect(cleartext_fail_con,localhost,uplain,cleartext_test2,,,,CLEARTEXT);
--enable_query_log

connect(cleartext_con,localhost,uplain,cleartext_test,,,,CLEARTEXT);
connection cleartext_con;
select USER(),CURRENT_USER();

connection default;
disconnect cleartext_con;
DROP USER uplain@localhost;

--echo #
--echo # Bug #59038 : mysql.user.authentication_string column 
--echo #   causes configuration wizard to fail

INSERT INTO mysql.user(
  Host, 
  User, 
  Select_priv, 
  Insert_priv,
  Update_priv, 
  Delete_priv, 
  Create_priv, 
  Drop_priv,  
  Reload_priv, 
  Shutdown_priv,
  Process_priv, 
  File_priv, 
  Grant_priv, 
  References_priv,  
  Index_priv, 
  Alter_priv,
  Show_db_priv, 
  Super_priv, 
  Create_tmp_table_priv, 
  Lock_tables_priv,  
  Execute_priv,
  Repl_slave_priv, 
  Repl_client_priv, 
  /*!50001 
  Create_view_priv, 
  Show_view_priv, 
  Create_routine_priv, 
  Alter_routine_priv, 
  Create_user_priv, 
  */ 
  ssl_type, 
  ssl_cipher,
  x509_issuer, 
  x509_subject, 
  max_questions, 
  max_updates, 
  max_connections)
VALUES (
  'localhost', 
  'inserttest',
  'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y',
  'Y', 'Y',  'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 
  /*!50001 'Y', 'Y', 'Y', 'Y', 'Y', */'', '', '', '', '0', '0', '0');
FLUSH PRIVILEGES;
DROP USER inserttest@localhost;
SELECT IS_NULLABLE, COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE 
  COLUMN_NAME IN ('authentication_string', 'plugin') AND 
  TABLE_NAME='user' AND
  TABLE_SCHEMA='mysql'
ORDER BY COLUMN_NAME;


--echo #
--echo # Bug #11936829: diff. between mysql.user (authentication_string) 
--echo #   in fresh and upgraded 5.5.11
--echo #

SELECT IS_NULLABLE, COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS
  WHERE TABLE_SCHEMA= 'mysql' AND TABLE_NAME= 'user' AND
    COLUMN_NAME IN ('plugin', 'authentication_string')
  ORDER BY COLUMN_NAME;
ALTER TABLE mysql.user MODIFY plugin char(64) DEFAULT '' NOT NULL;
ALTER TABLE mysql.user MODIFY authentication_string TEXT NOT NULL;

--echo Run mysql_upgrade on a 5.5.10 external authentication column layout
--exec $MYSQL_UPGRADE --skip-verbose --force 2>&1

SELECT IS_NULLABLE, COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS
  WHERE TABLE_SCHEMA= 'mysql' AND TABLE_NAME= 'user' AND
    COLUMN_NAME IN ('plugin', 'authentication_string')
  ORDER BY COLUMN_NAME;

--echo #
--echo # Bug #12610784: SET PASSWORD INCORRECTLY KEEP AN OLD EMPTY PASSWORD
--echo #

CREATE USER bug12610784@localhost; 
SET PASSWORD FOR bug12610784@localhost = 'secret';
--disable_query_log
--error ER_ACCESS_DENIED_ERROR
connect(b12610784,localhost,bug12610784,,test);
--enable_query_log
connect(b12610784,localhost,bug12610784,secret,test);
connection default;
disconnect b12610784;
DROP USER bug12610784@localhost;

--echo #
--echo # Bug # 11766641: 59792: BIN/MYSQL -UUNKNOWN -PUNKNOWN 
--echo #  .-> USING PASSWORD: NO 

--echo # shoud contain "using password=yes"
--error 1
--exec $MYSQL -uunknown -punknown 2>&1

--echo # shoud contain "using password=no"
--error 1
--exec $MYSQL -uunknown 2>&1

--echo #
--echo # Bug #12818542: PAM: ADDING PASSWORD FOR AN ACCOUNT DISABLES PAM 
--echo #   AUTHENTICATION SETTINGS
--echo #

CREATE USER bug12818542@localhost 
  IDENTIFIED WITH 'test_plugin_server' AS 'bug12818542_dest';
CREATE USER bug12818542_dest@localhost 
  IDENTIFIED BY 'bug12818542_dest_passwd';
GRANT PROXY ON bug12818542_dest@localhost TO bug12818542@localhost;

connect(bug12818542_con,localhost,bug12818542,bug12818542_dest);
connection bug12818542_con;
SELECT USER(),CURRENT_USER();

SET PASSWORD = 'bruhaha';

connection default;
disconnect bug12818542_con;

connect(bug12818542_con2,localhost,bug12818542,bug12818542_dest);
connection bug12818542_con2;
SELECT USER(),CURRENT_USER();

connection default;
disconnect bug12818542_con2;

DROP USER bug12818542@localhost;
DROP USER bug12818542_dest@localhost;

--echo #
--echo # Bug #12818542: PAM: ADDING PASSWORD FOR AN ACCOUNT DISABLES PAM 
--echo #   AUTHENTICATION SETTINGS
--echo #

CREATE USER bug12818542@localhost 
  IDENTIFIED WITH 'test_plugin_server' AS 'bug12818542_dest';
CREATE USER bug12818542_dest@localhost 
  IDENTIFIED BY 'bug12818542_dest_passwd';
GRANT PROXY ON bug12818542_dest@localhost TO bug12818542@localhost;

connect(bug12818542_con,localhost,bug12818542,bug12818542_dest);
connection bug12818542_con;
SELECT USER(),CURRENT_USER();

SET PASSWORD = 'bruhaha';

connection default;
disconnect bug12818542_con;

connect(bug12818542_con2,localhost,bug12818542,bug12818542_dest);
connection bug12818542_con2;
SELECT USER(),CURRENT_USER();

connection default;
disconnect bug12818542_con2;

DROP USER bug12818542@localhost;
DROP USER bug12818542_dest@localhost;


--echo End of 5.5 tests

--echo #
--echo # Bug #18057562: PROXY USERS LOCKED OUT WHEN UNDERLYING PROXIED USER
--echo #                PASSWORD IS EXPIRED
--echo #

--echo # Restart server with disconnect_on_expired_password OFF;

let $restart_file= $MYSQLTEST_VARDIR/tmp/mysqld.1.expect;
--exec echo "wait" > $restart_file
--shutdown_server 
--source include/wait_until_disconnected.inc
--exec echo "restart:--disconnect_on_expired_password=0" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--enable_reconnect
--source include/wait_until_connected_again.inc

CREATE USER 'empl_external'@'localhost' IDENTIFIED WITH test_plugin_server AS 'employee';
CREATE USER 'employee'@'localhost' IDENTIFIED BY 'passkey';
GRANT PROXY ON 'employee'@'localhost' TO 'empl_external'@'localhost';

--echo # Expiring the proxied user's password
ALTER USER employee@localhost PASSWORD EXPIRE;

--echo # Connecting with the proxied user and executing a query after the
--echo # proxied user's password is expired
--error 1, ER_MUST_CHANGE_PASSWORD
--exec $MYSQL -S $MASTER_MYSOCK -u employee --password=passkey -e "SELECT current_user();SELECT user();" 2>&1

--echo # Connecting with the proxy user and executing a query after the proxied
--echo # user's password is expired. Here we are not supposed to get error.
--exec $MYSQL -S $MASTER_MYSOCK -u empl_external $PLUGIN_AUTH_OPT --password=employee -e "SELECT current_user();SELECT user();" 2>&1

#Cleanup
DROP USER 'empl_external'@'localhost', 'employee'@'localhost';

--source include/mysql_upgrade_cleanup.inc

--echo #
--echo # Bug #20537246: SERVER CRASH WHILE CONNECTING WITH CLEARTEXT-PLUGIN
--echo #                USER WITH BLANK PWD
--echo #

CREATE USER bug20537246@localhost
    IDENTIFIED WITH 'cleartext_plugin_server' AS '';

--echo ## test connection
connect(cleartext_con,localhost,bug20537246,,,,,CLEARTEXT);
select USER(),CURRENT_USER();

connection default;
disconnect cleartext_con;
DROP USER bug20537246@localhost;

--echo #
--echo # Bug #20599280 PASSWORD EXPIRED FLAG SET FOR PROXY USER SESSION WHEN
--echo #               IT SET FOR PROXIED USER
--echo #

CREATE USER 'empl_external'@'localhost' IDENTIFIED WITH test_plugin_server AS 'employee';
CREATE USER 'employee'@'localhost' IDENTIFIED BY 'passkey';
GRANT ALL ON *.* TO 'employee'@'localhost';
GRANT PROXY ON 'employee'@'localhost' TO 'empl_external'@'localhost';

connect(plugin_con, localhost, empl_external, employee);
SELECT USER(), CURRENT_USER, @@PROXY_USER;
ALTER USER 'employee'@'localhost' PASSWORD EXPIRE;
SELECT USER(), CURRENT_USER, @@PROXY_USER;
disconnect plugin_con;

connect(plugin_con, localhost, empl_external, employee);
SELECT USER(), CURRENT_USER, @@PROXY_USER;
disconnect plugin_con;

connect(plugin_con, localhost, employee, passkey);
--error ER_MUST_CHANGE_PASSWORD
SELECT USER(), CURRENT_USER, @@PROXY_USER;
disconnect plugin_con;

connection default;
DROP USER 'employee'@'localhost', 'empl_external'@'localhost';

--echo #
--echo # WL#2284: Increase the length of a user name
--echo #

--echo # Testing 32 proxy users

CREATE USER user_name_len_22_01234 IDENTIFIED WITH 'test_plugin_server' AS 'user_name_len_22_0dest';
CREATE USER user_name_len_22_0dest IDENTIFIED BY 'plug_dest_passwd';
SELECT plugin,authentication_string FROM mysql.user WHERE User='plug';
--echo ## test plugin auth
--disable_query_log
--error ER_ACCESS_DENIED_ERROR : this should fail : no grant
connect(plug_user22,localhost,user_name_len_22_01234,user_name_len_22_0dest);
--enable_query_log

GRANT PROXY ON user_name_len_22_0dest TO user_name_len_22_01234;
--echo test proxies_priv columns
--replace_column 1 xx 7 xx
SELECT * FROM mysql.proxies_priv WHERE user !='root';
--echo test mysql.proxies_priv;
SHOW CREATE TABLE mysql.proxies_priv;

connect(plug_user22,localhost,user_name_len_22_01234,user_name_len_22_0dest);

connection plug_user22;
SELECT USER(),CURRENT_USER();
connection default;

--character_set utf8
SET NAMES utf8;

# 32 characters user name
CREATE USER очень_очень_очень_длинный_юзер__ IDENTIFIED WITH 'test_plugin_server' AS 'очень_очень_очень_длинный_дест__';
CREATE USER очень_очень_очень_длинный_дест__ IDENTIFIED BY 'plug_dest_passwd';
SELECT plugin,authentication_string FROM mysql.user WHERE User='plug';
--echo ## test plugin auth
--disable_query_log
--error ER_ACCESS_DENIED_ERROR : this should fail : no grant
connect(plug_user32,localhost,очень_очень_очень_длинный_юзер__,очень_очень_очень_длинный_дест__);
--enable_query_log

GRANT PROXY ON очень_очень_очень_длинный_дест__ TO очень_очень_очень_длинный_юзер__;
--echo test proxies_priv columns
--replace_column 1 xx 7 xx
SELECT * FROM mysql.proxies_priv WHERE user !='root';
--echo test mysql.proxies_priv;
SHOW CREATE TABLE mysql.proxies_priv;

connect(plug_user32,localhost,очень_очень_очень_длинный_юзер__,очень_очень_очень_длинный_дест__);

connection plug_user32;
SELECT USER(),CURRENT_USER();
connection default;

--echo # Testing 32 proxy users cleanup

disconnect plug_user22;
disconnect plug_user32;
DROP USER user_name_len_22_01234;
DROP USER user_name_len_22_0dest;
DROP USER очень_очень_очень_длинный_юзер__;
DROP USER очень_очень_очень_длинный_дест__;
SET NAMES default;

--echo # Testing 32 users with different authentication plugins

CREATE USER user_name_len_22_01234@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string';
--connect(con_user22_sha,localhost, user_name_len_22_01234,'auth_string',,,,SSL)
SELECT CURRENT_USER();

--connection default
--disconnect con_user22_sha
DROP USER user_name_len_22_01234@localhost;

CREATE USER user_name_len_32_012345678901234@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string';
--connect(con_user32_native,localhost, user_name_len_32_012345678901234,'auth_string')
SELECT CURRENT_USER();

--connection default
--disconnect con_user32_native
DROP USER user_name_len_32_012345678901234@localhost;

CREATE USER user_name_len_32_012345678901234@localhost IDENTIFIED WITH 'cleartext_plugin_server' AS 'auth_string';
--connect(con_user32_cleartext,localhost, user_name_len_32_012345678901234,'auth_string',,,,CLEARTEXT)
SELECT CURRENT_USER();

--connection default
--disconnect con_user32_cleartext
DROP USER user_name_len_32_012345678901234@localhost;

--connection default

--echo # Testing 32 users with different authentication plugins WITH REQUIRE SSL

CREATE USER user_name_len_22_01234@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string' REQUIRE SSL;
--connect(con_user22_sha,localhost, user_name_len_22_01234,'auth_string',,,,SSL)
SELECT CURRENT_USER();

--connection default
--disconnect con_user22_sha
DROP USER user_name_len_22_01234@localhost;

CREATE USER user_name_len_32_012345678901234@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string' REQUIRE SSL;
--connect(con_user32_native,localhost, user_name_len_32_012345678901234,'auth_string',,,,SSL)
SELECT CURRENT_USER();

--connection default
--disconnect con_user32_native
DROP USER user_name_len_32_012345678901234@localhost;

CREATE USER user_name_len_32_012345678901234@localhost IDENTIFIED WITH 'cleartext_plugin_server' AS 'auth_string' REQUIRE SSL;
--connect(con_user32_cleartext,localhost, user_name_len_32_012345678901234,'auth_string',,,,SSL CLEARTEXT)
SELECT CURRENT_USER();

--connection default
--disconnect con_user32_cleartext
DROP USER user_name_len_32_012345678901234@localhost;

--echo # Testing 32 utf users with different authentication plugins

--character_set utf8
SET NAMES utf8;

# 32 characters user name
CREATE USER очень_очень_очень_длинный_юзер__@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string';
--connect(con_user32_utf_sha,localhost, очень_очень_очень_длинный_юзер__,'auth_string',,,,SSL)
SELECT CURRENT_USER();

--connection default
--disconnect con_user32_utf_sha
DROP USER очень_очень_очень_длинный_юзер__@localhost;

# 32 characters user name
CREATE USER очень_очень_очень_длинный_юзер__@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string';
--connect(con_user32_utf_native,localhost, очень_очень_очень_длинный_юзер__,'auth_string')
SELECT CURRENT_USER();

--connection default
--disconnect con_user32_utf_native
DROP USER очень_очень_очень_длинный_юзер__@localhost;

CREATE USER очень_очень_очень_длинный_юзер__@localhost IDENTIFIED WITH 'cleartext_plugin_server' AS 'auth_string';
--connect(con_user32_utf_cleartext,localhost, очень_очень_очень_длинный_юзер__,'auth_string',,,,CLEARTEXT)
SELECT CURRENT_USER();

--connection default
--disconnect con_user32_utf_cleartext
DROP USER очень_очень_очень_длинный_юзер__@localhost;

--connection default

--echo # Testing 32 utf users with different authentication plugins WITH REQUIRE SSL

# 32 characters user name
CREATE USER очень_очень_очень_длинный_юзер__@localhost IDENTIFIED WITH 'sha256_password' BY 'auth_string' REQUIRE SSL;
--connect(con_user32_utf_sha,localhost, очень_очень_очень_длинный_юзер__,'auth_string',,,,SSL)
SELECT CURRENT_USER();

--connection default
--disconnect con_user32_utf_sha
DROP USER очень_очень_очень_длинный_юзер__@localhost;

# 32 characters user name
CREATE USER очень_очень_очень_длинный_юзер__@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string' REQUIRE SSL;
--connect(con_user32_utf_native,localhost, очень_очень_очень_длинный_юзер__,'auth_string',,,,SSL)
SELECT CURRENT_USER();

--connection default
--disconnect con_user32_utf_native
DROP USER очень_очень_очень_длинный_юзер__@localhost;

CREATE USER очень_очень_очень_длинный_юзер__@localhost IDENTIFIED WITH 'cleartext_plugin_server' AS 'auth_string' REQUIRE SSL;
--connect(con_user32_utf_cleartext,localhost, очень_очень_очень_длинный_юзер__,'auth_string',,,,SSL CLEARTEXT)
SELECT CURRENT_USER();

--connection default
--disconnect con_user32_utf_cleartext
DROP USER очень_очень_очень_длинный_юзер__@localhost;

--connection default
SET NAMES default;