# The numbers represent test cases of the test plan.

--source include/have_plugin_auth.inc
--source include/not_embedded.inc
#enable view protocol after fix MDEV-29542
--source include/no_view_protocol.inc

CREATE DATABASE test_user_db;

--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';

--echo ========== test 1.1.3.2 ====================================

# CREATE...WITH/CREATE...BY/GRANT
CREATE USER plug_user IDENTIFIED WITH test_plugin_server AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
GRANT PROXY ON `plug%dest` TO plug_user;
GRANT ALL ON test_user_db.* TO plug_user;
--error 1
--exec $MYSQL -u plug_user --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1
REVOKE PROXY ON `plug%dest` FROM plug_user;
GRANT PROXY ON plug_dest TO plug_user;
GRANT ALL ON test_user_db.* TO 'plug_dest'@'%';
--replace_result $MASTER_MYSOCK MASTER_MYSOCK
--exec $MYSQL -u plug_user --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1
REVOKE PROXY ON plug_dest FROM plug_user;
--error 1
--exec $MYSQL -u plug_user --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1
DROP USER plug_user,plug_dest;
#
# GRANT...WITH
GRANT ALL PRIVILEGES ON test_user_db.* TO plug_user
  IDENTIFIED WITH test_plugin_server AS 'plug_dest';
GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest IDENTIFIED BY 'plug_dest_passwd';
GRANT PROXY ON plug_dest TO plug_user;

--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
--echo 1)
--replace_result $MASTER_MYSOCK MASTER_MYSOCK
--exec $MYSQL -u plug_user --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1
REVOKE ALL PRIVILEGES ON test_user_db.* FROM 'plug_user';
--echo 2)
--replace_result $MASTER_MYSOCK MASTER_MYSOCK
--exec $MYSQL -u plug_user --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1
REVOKE PROXY ON plug_dest FROM plug_user;
--echo 3)
--error 1
--exec $MYSQL -u plug_user --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1
DROP USER plug_user,plug_dest;
#
# GRANT...WITH/CREATE...BY
GRANT ALL PRIVILEGES ON test_user_db.* TO plug_user
  IDENTIFIED WITH test_plugin_server AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
--echo 1)
--error 1
--exec $MYSQL -u plug_user --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1
GRANT PROXY ON plug_dest TO plug_user;
GRANT ALL ON test_user_db.* TO 'plug_dest'@'%';
--echo 2)
--replace_result $MASTER_MYSOCK MASTER_MYSOCK
--exec $MYSQL -u plug_user --password=plug_dest -e "SELECT current_user();SELECT user();USE test_user_db;CREATE TABLE t1(a int);SHOW TABLES;DROP TABLE t1;" 2>&1
REVOKE ALL PRIVILEGES ON test_user_db.* FROM 'plug_user';
#REVOKE ALL PRIVILEGES ON test_user_db.* FROM 'plug_dest'';
DROP USER plug_user,plug_dest;

--echo ========== test 1.2 ========================================

# GRANT...WITH/CREATE...BY
GRANT ALL PRIVILEGES ON test_user_db.* TO plug_user
  IDENTIFIED WITH test_plugin_server AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
GRANT PROXY ON plug_dest TO plug_user;
--replace_result $MASTER_MYSOCK MASTER_MYSOCK
--exec $MYSQL -u plug_user --password=plug_dest -e "SELECT current_user();SELECT user();" 2>&1
RENAME USER plug_dest TO new_dest;
--error 1
--exec $MYSQL -u plug_user --password=plug_dest -e "SELECT current_user();SELECT user();" 2>&1
GRANT PROXY ON new_dest TO plug_user;
--error 1
--exec $MYSQL -u plug_user --password=new_dest -e "SELECT current_user();SELECT user();" 2>&1
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER plug_user,new_dest;

# CREATE...WITH/CREATE...BY
CREATE USER plug_user
  IDENTIFIED WITH test_plugin_server AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
--error 1
--exec $MYSQL -u plug_user --password=plug_dest -e "SELECT current_user();SELECT user();" 2>&1
GRANT PROXY ON plug_dest TO plug_user;
--replace_result $MASTER_MYSOCK MASTER_MYSOCK
--exec $MYSQL -u plug_user --password=plug_dest -e "SELECT current_user();SELECT user();" 2>&1
RENAME USER plug_dest TO new_dest;
--error 1
--exec $MYSQL -u plug_user --password=plug_dest -e "SELECT current_user();SELECT user();" 2>&1
GRANT PROXY ON new_dest TO plug_user;
--error 1
--exec $MYSQL -u plug_user --password=new_dest -e "SELECT current_user();SELECT user();" 2>&1
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER plug_user,new_dest;
# CREATE...WITH
CREATE USER plug_user
  IDENTIFIED WITH test_plugin_server AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
GRANT PROXY ON plug_dest TO plug_user;
connect(plug_user,localhost,plug_user,plug_dest,"*NO-ONE*");
select USER(),CURRENT_USER();
connection default;
disconnect plug_user;
RENAME USER plug_user TO new_user;
connect(plug_user,localhost,new_user,plug_dest,"*NO-ONE*");
select USER(),CURRENT_USER();
connection default;
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
disconnect plug_user;
UPDATE mysql.global_priv SET user='plug_user' WHERE user='new_user';
FLUSH PRIVILEGES;
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
DROP USER plug_dest,plug_user;
--echo ========== test 1.3 ========================================

#
CREATE USER plug_user
  IDENTIFIED WITH test_plugin_server AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
GRANT PROXY ON plug_dest TO plug_user;
connect(plug_user,localhost,plug_user,plug_dest,"*NO-ONE*");
select USER(),CURRENT_USER();
connection default;
disconnect plug_user;
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
UPDATE mysql.global_priv SET user='new_user' WHERE user='plug_user';
FLUSH PRIVILEGES;
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
UPDATE mysql.global_priv SET priv=JSON_SET(priv, '$.authentication_string', 'new_dest') WHERE user='new_user';
FLUSH PRIVILEGES;
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
UPDATE mysql.global_priv SET priv=JSON_SET(priv, '$.plugin', 'new_plugin_server') WHERE user='new_user';
FLUSH PRIVILEGES;
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
--disable_query_log
--error ER_PLUGIN_IS_NOT_LOADED
connect(plug_user,localhost,new_user,new_dest);
--enable_query_log
UPDATE mysql.global_priv SET priv=JSON_SET(priv, '$.plugin', 'test_plugin_server') WHERE user='new_user';
UPDATE mysql.global_priv SET user='new_dest' WHERE user='plug_dest';
FLUSH PRIVILEGES;
GRANT PROXY ON new_dest TO new_user;
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
connect(plug_user,localhost,new_user,new_dest,"*NO-ONE*");
select USER(),CURRENT_USER();
connection default;
disconnect plug_user;
UPDATE mysql.global_priv SET user='plug_dest' WHERE user='new_dest';
FLUSH PRIVILEGES;
CREATE USER new_dest IDENTIFIED BY 'new_dest_passwd';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
GRANT ALL PRIVILEGES ON test.* TO new_user;
connect(plug_user,localhost,new_dest,new_dest_passwd,"*NO-ONE*");
select USER(),CURRENT_USER();
connection default;
disconnect plug_user;
DROP USER new_user,new_dest,plug_dest;

--echo ========== test 2, 2.1, 2.2 ================================

CREATE USER ''@'%%' IDENTIFIED WITH test_plugin_server AS 'proxied_user';
CREATE USER proxied_user IDENTIFIED BY 'proxied_user_passwd';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
connect(proxy_con,localhost,proxied_user,proxied_user_passwd,"*NO-ONE*");
SELECT USER(),CURRENT_USER();
--echo ========== test 2.2.1 ======================================
SELECT @@proxy_user;
connection default;
disconnect proxy_con;
--disable_query_log
--error ER_ACCESS_DENIED_ERROR : this should fail : no grant
connect(proxy_con,localhost,proxy_user,proxied_user);
--enable_query_log
GRANT PROXY ON proxied_user TO ''@'%%';
connect(proxy_con,localhost,proxied_user,proxied_user_passwd,"*NO-ONE*");
SELECT USER(),CURRENT_USER();
connection default;
disconnect proxy_con;
connect(proxy_con,localhost,proxy_user,proxied_user,"*NO-ONE*");
SELECT USER(),CURRENT_USER();
--echo ========== test 2.2.1 ======================================
SELECT @@proxy_user;
connection default;
disconnect proxy_con;
DROP USER ''@'%%',proxied_user;
#
GRANT ALL PRIVILEGES ON test_user_db.* TO ''@'%%' 
                     IDENTIFIED WITH test_plugin_server AS 'proxied_user';
CREATE USER proxied_user IDENTIFIED BY 'proxied_user_passwd';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
connect(proxy_con,localhost,proxied_user,proxied_user_passwd,"*NO-ONE*");
SELECT USER(),CURRENT_USER();
SELECT @@proxy_user;
connection default;
disconnect proxy_con;
--disable_query_log
--error ER_ACCESS_DENIED_ERROR : this should fail : no grant
connect(proxy_con,localhost,proxy_user,proxied_user);
--enable_query_log
GRANT PROXY ON proxied_user TO ''@'%%';
connect(proxy_con,localhost,proxied_user,proxied_user_passwd,"*NO-ONE*");
SELECT USER(),CURRENT_USER();
connection default;
disconnect proxy_con;
connect(proxy_con,localhost,proxy_user,proxied_user,"*NO-ONE*");
SELECT USER(),CURRENT_USER();
SELECT @@proxy_user;
connection default;
disconnect proxy_con;
DROP USER ''@'%%',proxied_user;
#
CREATE USER ''@'%%' IDENTIFIED WITH test_plugin_server AS 'proxied_user';
CREATE USER proxied_user_1 IDENTIFIED BY 'proxied_user_1_pwd';
CREATE USER proxied_user_2 IDENTIFIED BY 'proxied_user_2_pwd';
CREATE USER proxied_user_3 IDENTIFIED BY 'proxied_user_3_pwd';
CREATE USER proxied_user_4 IDENTIFIED BY 'proxied_user_4_pwd';
CREATE USER proxied_user_5 IDENTIFIED BY 'proxied_user_5_pwd';
GRANT PROXY ON proxied_user_1 TO ''@'%%';
GRANT PROXY ON proxied_user_2 TO ''@'%%';
GRANT PROXY ON proxied_user_3 TO ''@'%%';
GRANT PROXY ON proxied_user_4 TO ''@'%%';
GRANT PROXY ON proxied_user_5 TO ''@'%%';
--sorted_result
SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
connect(proxy_con_1,localhost,proxied_user_1,'proxied_user_1_pwd',"*NO-ONE*");
connect(proxy_con_2,localhost,proxied_user_2,proxied_user_2_pwd,"*NO-ONE*");
connect(proxy_con_3,localhost,proxied_user_3,proxied_user_3_pwd,"*NO-ONE*");
connect(proxy_con_4,localhost,proxied_user_4,proxied_user_4_pwd,"*NO-ONE*");
connect(proxy_con_5,localhost,proxied_user_5,proxied_user_5_pwd,"*NO-ONE*");
connection proxy_con_1;
SELECT USER(),CURRENT_USER();
SELECT @@proxy_user;
connection proxy_con_2;
SELECT USER(),CURRENT_USER();
SELECT @@proxy_user;
connection proxy_con_3;
SELECT USER(),CURRENT_USER();
SELECT @@proxy_user;
connection proxy_con_4;
SELECT USER(),CURRENT_USER();
SELECT @@proxy_user;
connection proxy_con_5;
SELECT USER(),CURRENT_USER();
SELECT @@proxy_user;
connection default;
disconnect proxy_con_1;
disconnect proxy_con_2;
disconnect proxy_con_3;
disconnect proxy_con_4;
disconnect proxy_con_5;
DROP USER ''@'%%',proxied_user_1,proxied_user_2,proxied_user_3,proxied_user_4,proxied_user_5;

--echo ========== test 3 ==========================================

GRANT ALL PRIVILEGES ON *.* TO plug_user
  IDENTIFIED WITH test_plugin_server AS 'plug_dest';
CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
GRANT PROXY ON plug_dest TO plug_user;
FLUSH PRIVILEGES;

# Not working with the patch.

#--replace_result $MYSQLADMIN MYSQLADMIN $MASTER_MYPORT MYPORT $MASTER_MYSOCK MYSOCK
#--exec $MYSQLADMIN -h localhost  -u plug_user --password=plug_dest ping 2>&1
#--replace_result $MYSQL_CHECK MYSQL_CHECK $MASTER_MYPORT MYPORT
#--exec $MYSQL_CHECK -h localhost  -u plug_user --password=plug_dest test
#--replace_result $MYSQL_DUMP MYSQL_DUMP $MASTER_MYPORT MYPORT
#--exec $MYSQL_DUMP -h localhost -u plug_user --password=plug_dest test
#--replace_result $MYSQL_SHOW MYSQL_SHOW $MASTER_MYPORT MYPORT
#--exec $MYSQL_SHOW -h localhost --plugin_dir=../plugin/auth -u plug_user --password=plug_dest 2>&1
DROP USER plug_user, plug_dest;
DROP DATABASE test_user_db;
--exit