SET GLOBAL SQL_MODE="";
SET LOCAL SQL_MODE="";
SELECT PLUGIN_STATUS, PLUGIN_TYPE, PLUGIN_DESCRIPTION
FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME='test_plugin_server';
PLUGIN_STATUS	ACTIVE
PLUGIN_TYPE	AUTHENTICATION
PLUGIN_DESCRIPTION	plugin API test plugin
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
SELECT plugin,authentication_string FROM mysql.user WHERE User='plug';
plugin	authentication_string
test_plugin_server	plug_dest
## test plugin auth
connect(localhost,plug,plug_dest,,MYSQL_PORT,MYSQL_SOCK);
connect plug_con,localhost,plug,plug_dest,"*NO-ONE*";
ERROR 28000: Access denied for user 'plug'@'localhost' (using password: YES)
GRANT PROXY ON plug_dest TO plug;
test proxies_priv columns
SELECT * FROM mysql.proxies_priv WHERE user !='root';
Host	User	Proxied_host	Proxied_user	With_grant	Grantor	Timestamp
xx	plug	%	plug_dest	0	root@localhost	xx
test mysql.proxies_priv;
SHOW CREATE TABLE mysql.proxies_priv;
Table	Create Table
proxies_priv	CREATE TABLE `proxies_priv` (
  `Host` char(255) NOT NULL DEFAULT '',
  `User` char(128) NOT NULL DEFAULT '',
  `Proxied_host` char(255) NOT NULL DEFAULT '',
  `Proxied_user` char(128) NOT NULL DEFAULT '',
  `With_grant` tinyint(1) NOT NULL DEFAULT 0,
  `Grantor` varchar(384) NOT NULL DEFAULT '',
  `Timestamp` timestamp NOT NULL DEFAULT current_timestamp() ON UPDATE current_timestamp(),
  PRIMARY KEY (`Host`,`User`,`Proxied_host`,`Proxied_user`),
  KEY `Grantor` (`Grantor`)
) ENGINE=Aria DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_bin PAGE_CHECKSUM=1 TRANSACTIONAL=1 COMMENT='User proxy privileges'
connect plug_con,localhost,plug,plug_dest,"*NO-ONE*";
select USER(),CURRENT_USER();
USER()	CURRENT_USER()
plug@localhost	plug_dest@%
## test SET PASSWORD
SET PASSWORD = PASSWORD('plug_dest');
connection default;
disconnect plug_con;
## test bad credentials
connect(localhost,plug,bad_credentials,test,MYSQL_PORT,MYSQL_SOCK);
connect plug_con,localhost,plug,bad_credentials;
ERROR 28000: Access denied for user 'plug'@'localhost' (using password: YES)
## test bad default plugin : nothing bad happens, as that plugin was't required by the server
connect plug_con_wrongp,localhost,plug,plug_dest,"*NO-ONE*",,,,wrong_plugin_name;
select USER(),CURRENT_USER();
USER()	CURRENT_USER()
plug@localhost	plug_dest@%
connection default;
disconnect plug_con_wrongp;
## test correct default plugin
connect plug_con_rightp,localhost,plug,plug_dest,"*NO-ONE*",,,,auth_test_plugin;
select USER(),CURRENT_USER();
USER()	CURRENT_USER()
plug@localhost	plug_dest@%
connection default;
disconnect plug_con_rightp;
## test no_auto_create_user sql mode with plugin users
SET @@sql_mode=no_auto_create_user;
GRANT INSERT ON TEST.* TO grant_user IDENTIFIED WITH 'test_plugin_server';
SET @@sql_mode="";
DROP USER grant_user;
## test utf-8 user name
CREATE USER `Ÿ` IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
GRANT PROXY ON plug_dest TO `Ÿ`;
connect non_ascii,localhost,Ÿ,plug_dest,"*NO-ONE*";
select USER(),CURRENT_USER();
USER()	CURRENT_USER()
Ÿ@localhost	plug_dest@%
connection default;
disconnect non_ascii;
DROP USER `Ÿ`;
## test GRANT ... IDENTIFIED WITH/BY ...
CREATE DATABASE test_grant_db;
# create new user via GRANT WITH
GRANT ALL PRIVILEGES ON test_grant_db.* TO new_grant_user 
IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
GRANT PROXY ON plug_dest TO new_grant_user;
GRANT CREATE, DROP ON test_grant_db.* TO 'plug_dest'@'%';
connect plug_con_grant,localhost,new_grant_user,plug_dest,"*NO-ONE*";
select USER(),CURRENT_USER();
USER()	CURRENT_USER()
new_grant_user@localhost	plug_dest@%
USE test_grant_db;
CREATE TABLE t1 (a INT);
DROP TABLE t1;
connection default;
disconnect plug_con_grant;
REVOKE ALL PRIVILEGES ON test_grant_db.* FROM new_grant_user;
# try re-create existing user via GRANT IDENTIFIED BY
GRANT ALL PRIVILEGES ON test_grant_db.* TO new_grant_user
IDENTIFIED BY 'new_password';
connect(localhost,new_grant_user,plug_dest,test,MYSQL_PORT,MYSQL_SOCK);
connect plug_con_grant_deny,localhost,new_grant_user,plug_dest;
ERROR 28000: Access denied for user 'new_grant_user'@'localhost' (using password: YES)
connect plug_con_grant,localhost,new_grant_user,new_password,test_grant_db;
select USER(),CURRENT_USER();
USER()	CURRENT_USER()
new_grant_user@localhost	new_grant_user@%
CREATE TABLE t1 (a INT);
DROP TABLE t1;
connection default;
disconnect plug_con_grant;
DROP USER new_grant_user;
# try re-create existing user via GRANT IDENTIFIED WITH
GRANT ALL PRIVILEGES ON test_grant_db.* TO plug
IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
GRANT ALL PRIVILEGES ON test_grant_db.* TO plug_dest
IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
REVOKE SELECT on test_grant_db.* FROM joro 
INDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'INDENTIFIED WITH 'test_plugin_server' AS 'plug_dest'' at line 2
REVOKE SELECT on test_grant_db.* FROM joro 
INDENTIFIED BY 'plug_dest_passwd';
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'INDENTIFIED BY 'plug_dest_passwd'' at line 2
REVOKE SELECT on test_grant_db.* FROM joro 
INDENTIFIED BY PASSWORD 'plug_dest_passwd';
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'INDENTIFIED BY PASSWORD 'plug_dest_passwd'' at line 2
DROP DATABASE test_grant_db;
## GRANT PROXY tests
CREATE USER grant_plug IDENTIFIED WITH 'test_plugin_server' 
AS 'grant_plug_dest';
CREATE USER grant_plug_dest IDENTIFIED BY 'grant_plug_dest_passwd';
CREATE USER grant_plug_dest2 IDENTIFIED BY 'grant_plug_dest_passwd2';
# ALL PRIVILEGES doesn't include PROXY
GRANT ALL PRIVILEGES ON *.* TO grant_plug;
ERROR 28000: Access denied for user 'grant_plug'@'localhost' (using password: YES)
GRANT ALL PRIVILEGES,PROXY ON grant_plug_dest TO grant_plug;
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'PROXY ON grant_plug_dest TO grant_plug' at line 1
this should fail : can't combine PROXY
GRANT ALL SELECT,PROXY ON grant_plug_dest TO grant_plug;
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'SELECT,PROXY ON grant_plug_dest TO grant_plug' at line 1
# this should fail : no such grant
REVOKE PROXY ON grant_plug_dest FROM grant_plug;
ERROR 42000: There is no such grant defined for user 'grant_plug' on host '%'
connect grant_plug_dest_con,localhost,grant_plug_dest,grant_plug_dest_passwd,"*NO-ONE*";
## testing what an ordinary user can grant 
this should fail : no rights to grant all
GRANT PROXY ON ''@'%%' TO grant_plug;
ERROR 28000: Access denied for user 'grant_plug_dest'@'localhost'
this should fail : not the same user
GRANT PROXY ON grant_plug TO grant_plug_dest;
ERROR 28000: Access denied for user 'grant_plug_dest'@'localhost'
This is a valid grant
GRANT PROXY ON grant_plug_dest TO grant_plug;
REVOKE PROXY ON grant_plug_dest FROM grant_plug;
this should work : same user
GRANT PROXY ON grant_plug_dest TO grant_plug_dest2;
REVOKE PROXY ON grant_plug_dest FROM grant_plug_dest2;
this should fail : not the same user
GRANT PROXY ON grant_plug_dest@localhost TO grant_plug WITH GRANT OPTION;
ERROR 28000: Access denied for user 'grant_plug_dest'@'localhost'
this should fail : not the same user
REVOKE PROXY ON grant_plug_dest@localhost FROM grant_plug;
ERROR 28000: Access denied for user 'grant_plug_dest'@'localhost'
this should fail : can't create users
GRANT PROXY ON grant_plug_dest TO grant_plug@localhost;
ERROR 42000: You are not allowed to create a user with GRANT
connection default;
disconnect grant_plug_dest_con;
# test what root can grant
should work : root has PROXY to all users
GRANT PROXY ON ''@'%%' TO grant_plug;
REVOKE PROXY ON ''@'%%' FROM grant_plug;
should work : root has PROXY to all users
GRANT PROXY ON ''@'%%' TO proxy_admin IDENTIFIED BY 'test' 
WITH GRANT OPTION;
need USAGE : PROXY doesn't contain it.
GRANT USAGE on *.* TO proxy_admin;
connect  proxy_admin_con,localhost,proxy_admin,test;
should work : proxy_admin has proxy to ''@'%%'
GRANT PROXY ON future_user TO grant_plug;
connection default;
disconnect proxy_admin_con;
SHOW GRANTS FOR grant_plug;
Grants for grant_plug@%
GRANT ALL PRIVILEGES ON *.* TO `grant_plug`@`%` IDENTIFIED VIA test_plugin_server USING 'grant_plug_dest'
GRANT PROXY ON 'future_user'@'%' TO 'grant_plug'@'%'
REVOKE PROXY ON future_user FROM grant_plug;
SHOW GRANTS FOR grant_plug;
Grants for grant_plug@%
GRANT ALL PRIVILEGES ON *.* TO `grant_plug`@`%` IDENTIFIED VIA test_plugin_server USING 'grant_plug_dest'
## testing drop user
CREATE USER test_drop@localhost;
GRANT PROXY ON future_user TO test_drop@localhost;
SHOW GRANTS FOR test_drop@localhost;
Grants for test_drop@localhost
GRANT USAGE ON *.* TO `test_drop`@`localhost`
GRANT PROXY ON 'future_user'@'%' TO 'test_drop'@'localhost'
DROP USER test_drop@localhost;
SELECT * FROM mysql.proxies_priv WHERE Host = 'test_drop' AND User = 'localhost';
Host	User	Proxied_host	Proxied_user	With_grant	Grantor	Timestamp
DROP USER proxy_admin;
DROP USER grant_plug,grant_plug_dest,grant_plug_dest2;
## END GRANT PROXY tests
## cleanup
DROP USER plug;
DROP USER plug_dest;
## @@proxy_user tests
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
GRANT PROXY ON plug_dest TO plug;
SELECT USER(),CURRENT_USER(),@@LOCAL.proxy_user;
USER()	CURRENT_USER()	@@LOCAL.proxy_user
root@localhost	root@localhost	NULL
SELECT @@GLOBAL.proxy_user;
ERROR HY000: Variable 'proxy_user' is a SESSION variable
SELECT @@LOCAL.proxy_user;
@@LOCAL.proxy_user
NULL
SET GLOBAL proxy_user = 'test';
ERROR HY000: Variable 'proxy_user' is a read only variable
SET LOCAL proxy_user = 'test';
ERROR HY000: Variable 'proxy_user' is a read only variable
SELECT @@LOCAL.proxy_user;
@@LOCAL.proxy_user
NULL
connect plug_con,localhost,plug,plug_dest,"*NO-ONE*";
SELECT @@LOCAL.proxy_user;
@@LOCAL.proxy_user
'plug'@'%'
connection default;
disconnect plug_con;
## cleanup
DROP USER plug;
DROP USER plug_dest;
## END @@proxy_user tests
## @@external_user tests
CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
GRANT PROXY ON plug_dest TO plug;
SELECT USER(),CURRENT_USER(),@@LOCAL.external_user;
USER()	CURRENT_USER()	@@LOCAL.external_user
root@localhost	root@localhost	NULL
SELECT @@GLOBAL.external_user;
ERROR HY000: Variable 'external_user' is a SESSION variable
SELECT @@LOCAL.external_user;
@@LOCAL.external_user
NULL
SET GLOBAL external_user = 'test';
ERROR HY000: Variable 'external_user' is a read only variable
SET LOCAL external_user = 'test';
ERROR HY000: Variable 'external_user' is a read only variable
SELECT @@LOCAL.external_user;
@@LOCAL.external_user
NULL
connect plug_con,localhost,plug,plug_dest,"*NO-ONE*";
SELECT @@LOCAL.external_user;
@@LOCAL.external_user
plug_dest
connection default;
disconnect plug_con;
## cleanup
DROP USER plug;
DROP USER plug_dest;
## END @@external_user tests
#
#  Bug #56798 : Wrong credentials assigned when using a proxy user.
#
GRANT ALL PRIVILEGES ON *.* TO power_user;
GRANT USAGE ON anonymous_db.* TO ''@'%%'
  IDENTIFIED WITH 'test_plugin_server' AS 'power_user';
GRANT PROXY ON power_user TO ''@'%%';
CREATE DATABASE confidential_db;
connect plug_con,localhost, test_login_user, power_user, confidential_db;
SELECT user(),current_user(),@@proxy_user;
user()	current_user()	@@proxy_user
test_login_user@localhost	power_user@%	''@'%%'
connection default;
disconnect plug_con;
DROP USER power_user;
DROP USER ''@'%%';
DROP DATABASE confidential_db;
# Test case #2 (crash with double grant proxy)
CREATE USER ''@'%%' IDENTIFIED WITH 'test_plugin_server' AS 'standard_user';
CREATE USER standard_user;
CREATE DATABASE shared;
GRANT ALL PRIVILEGES ON shared.* TO standard_user;
GRANT PROXY ON standard_user TO ''@'%%';
#should not crash
GRANT PROXY ON standard_user TO ''@'%%';
DROP USER ''@'%%';
DROP USER standard_user;
DROP DATABASE shared;
#
# Bug #57551 : Live upgrade fails between 5.1.52 -> 5.5.7-rc
#
CALL mtr.add_suppression("Missing system table mysql.proxies_priv.");
DROP TABLE mysql.proxies_priv;
# Must come back with mysql.proxies_priv absent.
# restart
SELECT * FROM mysql.proxies_priv;
ERROR 42S02: Table 'mysql.proxies_priv' doesn't exist
CREATE USER u1@localhost;
GRANT ALL PRIVILEGES ON *.* TO u1@localhost;
REVOKE ALL PRIVILEGES ON *.* FROM u1@localhost;
GRANT ALL PRIVILEGES ON *.* TO u1@localhost;
CREATE USER u2@localhost;
GRANT ALL PRIVILEGES ON *.* TO u2@localhost;
# access denied because of no privileges to root
GRANT PROXY ON u2@localhost TO u1@localhost;
ERROR 28000: Access denied for user 'root'@'localhost'
# access denied because of no privileges to root
REVOKE PROXY ON u2@localhost FROM u1@localhost;
ERROR 28000: Access denied for user 'root'@'localhost'
# go try graning proxy on itself, so that it will need the table
connect proxy_granter_con,localhost,u2,;
GRANT PROXY ON u2@localhost TO u1@localhost;
ERROR 42S02: Table 'mysql.proxies_priv' doesn't exist
REVOKE PROXY ON u2@localhost FROM u1@localhost;
ERROR 42S02: Table 'mysql.proxies_priv' doesn't exist
connection default;
disconnect proxy_granter_con;
# test if REVOKE works without the proxies_priv table
REVOKE ALL PRIVILEGES ON *.* FROM u1@localhost, u2@localhost;
# test if DROP USER work without the proxies_priv table
DROP USER u1@localhost,u2@localhost;
# test if FLUSH PRIVILEGES works without the proxies_priv table
FLUSH PRIVILEGES;
SELECT Host,User,Proxied_host,Proxied_user,With_grant FROM mysql.proxies_priv;
Host	localhost
User	root
Proxied_host	
Proxied_user	
With_grant	1
FLUSH PRIVILEGES;
#
# Bug#58139 : default-auth option not recognized in MySQL standard
#             command line clients
#
# Executing 'mysql'
1
1
# Executing 'mysqladmin'
mysqld is alive
# Executing 'mysqldump'
# Executing 'mysql_upgrade'
#
# Bug #59657: Move the client authentication_pam plugin into the 
#  server repository
#
CREATE USER uplain@localhost IDENTIFIED WITH 'cleartext_plugin_server'
  AS 'cleartext_test';
## test plugin auth
ERROR 28000: Access denied for user 'uplain'@'localhost' (using password: YES)
connect cleartext_con,localhost,uplain,cleartext_test,"*NO-ONE*";
select USER(),CURRENT_USER();
USER()	CURRENT_USER()
uplain@localhost	uplain@localhost
connection default;
disconnect cleartext_con;
DROP USER uplain@localhost;
# switching from mysql.global_priv to mysql.user
drop view mysql.user_bak;
#
# Bug #59038 : mysql.user.authentication_string column 
#   causes configuration wizard to fail
INSERT IGNORE INTO mysql.user(
Host, 
User, 
Password,  
Select_priv, 
Insert_priv,
Update_priv, 
Delete_priv, 
Create_priv, 
Drop_priv,  
Reload_priv, 
Shutdown_priv,
Process_priv, 
File_priv, 
Grant_priv, 
References_priv,  
Index_priv, 
Alter_priv,
Show_db_priv, 
Super_priv, 
Create_tmp_table_priv, 
Lock_tables_priv,  
Execute_priv,
Repl_slave_priv, 
Repl_client_priv, 
/*!50001 
Create_view_priv, 
Show_view_priv, 
Create_routine_priv, 
Alter_routine_priv, 
Create_user_priv, 
*/ 
ssl_type, 
ssl_cipher,
x509_issuer, 
x509_subject, 
max_questions, 
max_updates, 
max_connections)
VALUES (
'localhost', 
'inserttest', '', 
'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y',
'Y', 'Y',  'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 
/*!50001 'Y', 'Y', 'Y', 'Y', 'Y', */'', '', '', '', '0', '0', '0');
Warnings:
Warning	1364	Field 'authentication_string' doesn't have a default value
FLUSH PRIVILEGES;
DROP USER inserttest@localhost;
SELECT IS_NULLABLE, COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE 
COLUMN_NAME IN ('authentication_string', 'plugin') AND 
TABLE_NAME='user' AND
TABLE_SCHEMA='mysql'
ORDER BY COLUMN_NAME;
IS_NULLABLE	COLUMN_NAME
NO	authentication_string
NO	plugin
#
# Bug #11936829: diff. between mysql.user (authentication_string) 
#   in fresh and upgraded 5.5.11
#
SELECT IS_NULLABLE, COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS
WHERE TABLE_SCHEMA= 'mysql' AND TABLE_NAME= 'user' AND
COLUMN_NAME IN ('plugin', 'authentication_string')
ORDER BY COLUMN_NAME;
IS_NULLABLE	COLUMN_NAME
NO	authentication_string
NO	plugin
ALTER TABLE mysql.user MODIFY plugin char(64) DEFAULT '' NOT NULL;
ALTER TABLE mysql.user MODIFY authentication_string TEXT NOT NULL;
Run mysql_upgrade on a 5.5.10 external authentication column layout
SELECT IS_NULLABLE, COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS
WHERE TABLE_SCHEMA= 'mysql' AND TABLE_NAME= 'user' AND
COLUMN_NAME IN ('plugin', 'authentication_string')
ORDER BY COLUMN_NAME;
IS_NULLABLE	COLUMN_NAME
NO	authentication_string
NO	plugin
drop table mysql.global_priv;
rename table mysql.global_priv_bak to mysql.global_priv;
#
# Bug # 11766641: 59792: BIN/MYSQL -UUNKNOWN -PUNKNOWN 
#  .-> USING PASSWORD: NO 
#
# shoud contain "using password=yes"
ERROR 1045 (28000): Access denied for user 'unknown'@'localhost' (using password: YES)
# shoud contain "using password=no"
ERROR 1045 (28000): Access denied for user 'unknown'@'localhost' (using password: NO)
#
# Bug #12610784: SET PASSWORD INCORRECTLY KEEP AN OLD EMPTY PASSWORD
#
CREATE USER bug12610784@localhost;
SET PASSWORD FOR bug12610784@localhost = PASSWORD('secret');
ERROR 28000: Access denied for user 'bug12610784'@'localhost' (using password: NO)
connect b12610784,localhost,bug12610784,secret,"*NO-ONE*";
connection default;
disconnect b12610784;
DROP USER bug12610784@localhost;
#
# Bug #12818542: PAM: ADDING PASSWORD FOR AN ACCOUNT DISABLES PAM 
#   AUTHENTICATION SETTINGS
#
CREATE USER bug12818542@localhost 
IDENTIFIED WITH 'test_plugin_server' AS 'bug12818542_dest';
CREATE USER bug12818542_dest@localhost 
IDENTIFIED BY 'bug12818542_dest_passwd';
GRANT PROXY ON bug12818542_dest@localhost TO bug12818542@localhost;
connect bug12818542_con,localhost,bug12818542,bug12818542_dest,"*NO-ONE*";
SELECT USER(),CURRENT_USER();
USER()	CURRENT_USER()
bug12818542@localhost	bug12818542_dest@localhost
SET PASSWORD = PASSWORD('bruhaha');
connection default;
disconnect bug12818542_con;
connect bug12818542_con2,localhost,bug12818542,bug12818542_dest,"*NO-ONE*";
SELECT USER(),CURRENT_USER();
USER()	CURRENT_USER()
bug12818542@localhost	bug12818542_dest@localhost
connection default;
disconnect bug12818542_con2;
DROP USER bug12818542@localhost;
DROP USER bug12818542_dest@localhost;
SET GLOBAL SQL_MODE=default;
End of 5.5 tests