# Horst Hunger
# Created: 2010-10-06
# 
# Test of the authentification interface. The plugin checks the expected values set
# by this application and the application checks the values set the the plugin.
--source include/have_plugin_interface.inc
--source include/not_embedded.inc
#enable view protocol after fix MDEV-29542
--source include/no_view_protocol.inc

CREATE DATABASE test_user_db;

--echo ========== test 1.1.3.2 ====================================
--echo === check contens of components of info ====================

CREATE USER qa_test_1_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_1_dest';
CREATE USER qa_test_1_dest IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_1_dest identified by 'dest_passwd';
GRANT PROXY ON qa_test_1_dest TO qa_test_1_user;
GRANT ALL ON test_user_db.* TO 'qa_test_1_user'@'%';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
SELECT @@proxy_user;
SELECT @@external_user;

--echo exec MYSQL -h localhost -u qa_test_1_user --password=qa_test_1_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--exec $MYSQL -h localhost -u qa_test_1_user --password=qa_test_1_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1

--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';

DROP USER qa_test_1_user;
DROP USER qa_test_1_dest;

--echo === Assign values to components of info ====================

CREATE USER qa_test_2_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_2_dest';
CREATE USER qa_test_2_dest IDENTIFIED BY 'dest_passwd';
CREATE USER authenticated_as IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_2_dest identified by 'dest_passwd';
GRANT PROXY ON qa_test_2_dest TO qa_test_2_user;
GRANT PROXY ON authenticated_as TO qa_test_2_user;
GRANT ALL ON test_user_db.* TO 'authenticated_as'@'%';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
SELECT @@proxy_user;
SELECT @@external_user;

--echo exec MYSQL -h localhost -u qa_test_2_user --password=qa_test_2_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--exec $MYSQL -h localhost -u qa_test_2_user --password=qa_test_2_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1

--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';

DROP USER qa_test_2_user;
DROP USER qa_test_2_dest;
DROP USER authenticated_as;

--echo === Assign too high values for *length, which should have no effect ====

CREATE USER qa_test_3_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_3_dest';
CREATE USER qa_test_3_dest IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_3_dest identified by 'dest_passwd';
GRANT PROXY ON qa_test_3_dest TO qa_test_3_user;

--echo exec MYSQL -h localhost -u qa_test_3_user --password=qa_test_3_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--exec $MYSQL -h localhost -u qa_test_3_user --password=qa_test_3_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1

DROP USER qa_test_3_user;
DROP USER qa_test_3_dest;

--echo === Assign too low values for *length, which should have no effect ====

CREATE USER qa_test_4_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_4_dest';
CREATE USER qa_test_4_dest IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_4_dest identified by 'dest_passwd';
GRANT PROXY ON qa_test_4_dest TO qa_test_4_user;

--echo exec MYSQL -h localhost -u qa_test_4_user --password=qa_test_4_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--exec $MYSQL -h localhost -u qa_test_4_user --password=qa_test_4_dest  test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1

DROP USER qa_test_4_user;
DROP USER qa_test_4_dest;

--echo === Assign empty string especially to authenticated_as (in plugin) ====

CREATE USER qa_test_5_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_5_dest';
CREATE USER qa_test_5_dest IDENTIFIED BY 'dest_passwd';
CREATE USER ''@'localhost' IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_5_dest identified by 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO ''@'localhost' identified by 'dest_passwd';
GRANT PROXY ON qa_test_5_dest TO qa_test_5_user;
GRANT PROXY ON qa_test_5_dest TO ''@'localhost';

--sorted_result
SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';

--echo exec MYSQL -h localhost --user=qa_test_5_user  --password=qa_test_5_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--error 1
--exec $MYSQL -h localhost --user=qa_test_5_user --password=qa_test_5_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1

DROP USER qa_test_5_user;
DROP USER qa_test_5_dest;
DROP USER ''@'localhost';

--echo === Assign 'root' especially to authenticated_as (in plugin) ====

CREATE USER qa_test_6_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_6_dest';
CREATE USER qa_test_6_dest IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_6_dest identified by 'dest_passwd';
GRANT PROXY ON qa_test_6_dest TO qa_test_6_user;

--sorted_result
SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';

--echo exec MYSQL -h localhost --user=qa_test_6_user  --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--error 1
--exec $MYSQL -h localhost --user=qa_test_6_user --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1

GRANT PROXY ON qa_test_6_dest TO root IDENTIFIED WITH qa_auth_interface AS 'qa_test_6_dest';
--sorted_result
SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';

--echo exec MYSQL -h localhost --user=root  --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--error 1
--exec $MYSQL -h localhost --user=root --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1

REVOKE PROXY ON qa_test_6_dest FROM root;
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';

--echo exec MYSQL -h localhost --user=root  --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--error 1
--exec $MYSQL -h localhost --user=root --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1

DROP USER qa_test_6_user;
DROP USER qa_test_6_dest;
DELETE FROM mysql.user WHERE user='root' AND plugin='qa_auth_interface';
--sorted_result
SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';


--echo === Test of the --default_auth option for clients ====

CREATE USER qa_test_11_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_11_dest';
CREATE USER qa_test_11_dest IDENTIFIED BY 'dest_passwd';
GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_11_dest identified by 'dest_passwd';
GRANT PROXY ON qa_test_11_dest TO qa_test_11_user;

--echo exec MYSQL --default_auth=qa_auth_client -h localhost -u qa_test_11_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
--error 1
--exec $MYSQL --default_auth=qa_auth_client -h localhost -u qa_test_11_user --password=qa_test_11_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1

DROP USER qa_test_11_user, qa_test_11_dest;
DROP DATABASE test_user_db;

--exit