File: binlog_grant_alter_user.test

package info (click to toggle)
mysql-8.0 8.0.43-3
links: PTS, VCS
area: main
in suites: sid
size: 1,273,924 kB
sloc: cpp: 4,684,605; ansic: 412,450; pascal: 108,398; java: 83,641; perl: 30,221; cs: 27,067; sql: 26,594; sh: 24,181; python: 21,816; yacc: 17,169; php: 11,522; xml: 7,388; javascript: 7,076; makefile: 2,194; lex: 1,075; awk: 670; asm: 520; objc: 183; ruby: 97; lisp: 86
file content (880 lines) | stat: -rw-r--r-- 36,180 bytes
################### suite/binlog/t/binlog_grant_alter_user.test ###################
# Replication Testing CREATE/ALTER/GRANT USER new syntax with New variable        #
# "log-builtin-as-identified-by-password" default value "OFF"                     #
#                                                                                 # 
# Test for WL#6409                                                                #
# created :2015-01-02                                                             #
# Modified:2015-02-04  WL#6054                                                    #
# Author  : Lalit Choudhary                                                       #
#                                                                                 #
###################################################################################

# Save the initial number of concurrent sessions
--source include/count_sessions.inc
--source include/master-slave.inc
--connection master

--echo #
--echo # WL#6409: CREATE/ALTER USER
--echo #

--echo # CREATE USER
--echo
CREATE USER user1;
query_vertical SELECT host,user,plugin
FROM mysql.user WHERE user = 'user1';

--echo
--error ER_PARSE_ERROR
CREATE USER user3@%;

# Sequence of the attributes. provide password first and auth_plugin later on
--error ER_PARSE_ERROR
CREATE USER user3@localhost BY 'auth_string' WITH 'mysql_native_password';

CREATE USER "user2"@'%';
query_vertical SELECT host,user,plugin
FROM mysql.user WHERE user='user2';

--echo
CREATE USER u1@localhost;
query_vertical SELECT user,plugin FROM mysql.user WHERE USER='u1';

CREATE USER u2@localhost IDENTIFIED BY 'auth_string' ACCOUNT LOCK;
query_vertical SELECT user,plugin FROM mysql.user WHERE USER='u2';

--echo
--error ER_PARSE_ERROR
CREATE USER user5@localhost IDENTIFIED  AS 'auth_string';

CREATE USER u3@localhost IDENTIFIED WITH 'mysql_native_password';
query_vertical SELECT user,plugin FROM mysql.user WHERE USER='u3';

CREATE USER u4@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string';
query_vertical SELECT user,plugin FROM mysql.user WHERE USER='u4';

# Testing connection
--connect(con1, localhost, u4,'auth_string')
SELECT USER();
connection default;
disconnect con1;

--echo
CREATE USER user4@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string';
query_vertical SELECT user,plugin FROM mysql.user WHERE USER='user4';
--echo
CREATE USER user6@localhost IDENTIFIED WITH 'mysql_native_password';
query_vertical SELECT user,plugin FROM mysql.user WHERE USER='user6';
--echo
CREATE USER user7@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string#%y'
                            PASSWORD EXPIRE NEVER ACCOUNT UNLOCK;
query_vertical SELECT user,plugin FROM mysql.user WHERE USER='user7';
--echo
# Testing connection
--connect(con1, localhost, user7, 'auth_string#%y')
SELECT USER();
connection default;
disconnect con1;

CREATE USER user8@localhost IDENTIFIED WITH 'mysql_native_password'
                            AS '*67092806AE91BFB6BE72DE6C7BE2B7CCA8CFA9DF';
query_vertical SELECT user,plugin FROM mysql.user WHERE USER='user8';

# Testing connection
--connect(con1, localhost, user8,'auth_string')
SELECT USER();
connection default;
disconnect con1;

# Tesing with mysql_native_password plugin.
CREATE USER tu1@localhost IDENTIFIED WITH 'mysql_native_password';
query_vertical SELECT user,plugin,password_expired,
password_expired  FROM mysql.user WHERE USER='tu1';

CREATE USER tu2@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_@13*';
query_vertical SELECT user,plugin,
password_expired FROM mysql.user WHERE USER='tu2';

--echo
CREATE USER tu3@localhost IDENTIFIED WITH 'mysql_native_password' BY '%auth_O0s-tring';
query_vertical SELECT user,plugin,password_expired
FROM mysql.user WHERE USER='tu3';

--echo

CREATE USER u5@localhost REQUIRE SSL;
query_vertical SELECT user,plugin,ssl_type
FROM mysql.user WHERE USER='u5';

CREATE USER u6@localhost IDENTIFIED BY 'auth_string' REQUIRE X509;
query_vertical SELECT user,plugin,ssl_type
FROM mysql.user WHERE USER='u6';

CREATE USER tu4@localhost IDENTIFIED WITH 'mysql_native_password' BY 'djgsj743$' REQUIRE SSL;
query_vertical SELECT user,plugin,ssl_type FROM mysql.user WHERE USER='tu4';

CREATE USER tu5@localhost IDENTIFIED WITH 'mysql_native_password' BY 'dwh@#ghd$!' REQUIRE X509;
query_vertical SELECT user,plugin,ssl_type FROM mysql.user WHERE USER='tu5';

CREATE USER u7@localhost IDENTIFIED WITH 'mysql_native_password'
            REQUIRE CIPHER 'cipher';
query_vertical SELECT user,plugin,ssl_type,ssl_cipher,
x509_issuer,x509_subject FROM mysql.user WHERE USER='u7';

CREATE USER u8@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string'
            REQUIRE ISSUER '/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA';
query_vertical SELECT user,plugin,ssl_type,ssl_cipher,
x509_issuer,x509_subject FROM mysql.user WHERE USER='u8';


CREATE USER u9@localhost REQUIRE SUBJECT 'sub';
query_vertical SELECT user,plugin,ssl_type,ssl_cipher,
x509_issuer,x509_subject FROM mysql.user WHERE USER='u9';

CREATE USER u10@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string#y'
            REQUIRE CIPHER "ECDHE-RSA-AES128-GCM-SHA256" AND
            SUBJECT "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client"
            ISSUER "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA";
query_vertical SELECT user,plugin,ssl_type,ssl_cipher,
x509_issuer,x509_subject FROM mysql.user WHERE USER='u10';

# Testing connection
--connect(con1, localhost, u10,'auth_string#y',,,,SSL)
SELECT USER();
connection default;
disconnect con1;

CREATE USER tu6@localhost IDENTIFIED WITH 'mysql_native_password' BY '#hGrt0O6'
            REQUIRE CIPHER "ECDHE-RSA-AES128-GCM-SHA256" AND
            SUBJECT "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client"
            ISSUER "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA"
            WITH MAX_QUERIES_PER_HOUR 2 MAX_USER_CONNECTIONS 2;
query_vertical SELECT user,plugin,ssl_type,ssl_cipher,x509_issuer,
x509_subject,max_questions,max_user_connections FROM mysql.user WHERE USER='tu6';


CREATE USER u11@localhost WITH MAX_QUERIES_PER_HOUR 2;
query_vertical SELECT user,plugin,max_questions
FROM mysql.user WHERE USER='u11';

CREATE USER u12@localhost IDENTIFIED BY 'auth_string'  WITH MAX_QUERIES_PER_HOUR 2;
query_vertical SELECT user,plugin,max_questions
FROM mysql.user WHERE USER='u12';

CREATE USER u13@localhost IDENTIFIED WITH 'mysql_native_password'
            WITH MAX_CONNECTIONS_PER_HOUR 2;
query_vertical SELECT user,plugin,max_connections
FROM mysql.user WHERE USER='u13';

CREATE USER u14@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string'
            WITH MAX_USER_CONNECTIONS 2 ACCOUNT LOCK;
query_vertical SELECT user,plugin,max_user_connections
FROM mysql.user WHERE USER='u14';

CREATE USER u15@localhost,
            u16@localhost IDENTIFIED BY 'auth_string',
            u17@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string';
query_vertical SELECT user,plugin FROM mysql.user WHERE USER='u15';
query_vertical SELECT user,plugin FROM mysql.user WHERE USER='u16';
query_vertical SELECT user,plugin FROM mysql.user WHERE USER='u17';
CREATE USER u18@localhost,
            u19@localhost IDENTIFIED BY 'auth_string',
            u20@localhost IDENTIFIED WITH 'mysql_native_password',
            u21@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string',
            u22@localhost IDENTIFIED WITH 'mysql_native_password',
            u23@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_&string'
            REQUIRE SUBJECT '/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client'
            WITH MAX_QUERIES_PER_HOUR 2 MAX_USER_CONNECTIONS 2 ACCOUNT UNLOCK;
query_vertical SELECT user,plugin,ssl_type,ssl_cipher,
x509_issuer,x509_subject,max_questions,max_user_connections FROM mysql.user WHERE USER='u18';
query_vertical SELECT user,plugin,ssl_type,ssl_cipher,
x509_issuer,x509_subject,max_questions,max_user_connections FROM mysql.user WHERE USER='u19';
query_vertical SELECT user,plugin,ssl_type,ssl_cipher,
x509_issuer,x509_subject,max_questions,max_user_connections FROM mysql.user WHERE USER='u20';
query_vertical SELECT user,plugin,ssl_type,ssl_cipher,
x509_issuer,x509_subject,max_questions,max_user_connections FROM mysql.user WHERE USER='u22';
query_vertical SELECT user,plugin,ssl_type,ssl_cipher,
x509_issuer,x509_subject,max_questions,max_user_connections FROM mysql.user WHERE USER='u23';

DROP USER tu1@localhost,tu2@localhost,tu3@localhost,tu4@localhost,tu5@localhost,
          tu6@localhost,user1@'%',user2@'%',user4@localhost,user6@localhost,
          user7@localhost,user8@localhost, u1@localhost,u2@localhost,u3@localhost,
          u4@localhost,u5@localhost,u6@localhost, u7@localhost, u8@localhost,
          u9@localhost, u10@localhost,u11@localhost, u12@localhost,u13@localhost,
          u14@localhost,u15@localhost,u16@localhost,u17@localhost,u18@localhost,
          u19@localhost, u20@localhost,u21@localhost,u22@localhost,u23@localhost;

--echo # ALTER USER

CREATE USER u1@localhost;
--replace_column 8 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime
FROM mysql.user WHERE USER='u1';

--echo # Its a no op
ALTER USER u1@localhost;
--replace_column 8 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime
FROM mysql.user WHERE USER='u1';

CREATE USER u2@localhost IDENTIFIED BY 'password_string';
--replace_column 8 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u2';
ALTER USER u2@localhost IDENTIFIED BY 'new_auth_string';
# Look for auth_string and password last changed field
--replace_column 8 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u2';
# Testing connection
--connect(con1, localhost, u2, new_auth_string)
SELECT USER();
connection default;
disconnect con1;
--echo
CREATE USER u3@localhost IDENTIFIED WITH 'mysql_native_password' ACCOUNT LOCK;
--replace_column 8 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u3';

ALTER USER u3@localhost IDENTIFIED WITH 'mysql_native_password'
                        AS '*67092806AE91BFB6BE72DE6C7BE2B7CCA8CFA9DF'
                        PASSWORD EXPIRE NEVER ACCOUNT UNLOCK;
# Look for plugin,auth_string and password expired field
--replace_column 8 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u3';

# Testing connection
--connect(con1, localhost, u3, 'auth_string')
SELECT USER();
connection default;
disconnect con1;

ALTER USER u3@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string';
--replace_column 8 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u3';

ALTER USER u3@localhost
           REQUIRE SUBJECT '/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client'
           WITH MAX_QUERIES_PER_HOUR 2 MAX_USER_CONNECTIONS 2
           PASSWORD EXPIRE NEVER;

--replace_column 8 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u3';

CREATE USER u4@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string'
            ACCOUNT LOCK PASSWORD EXPIRE DEFAULT;
--replace_column 8 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u4';
ALTER USER u4@localhost IDENTIFIED WITH 'mysql_native_password'
           BY 'auth_string' ACCOUNT UNLOCK;
# Look for plugin,auth_string field
--replace_column 8 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u4';

CREATE USER u5@localhost REQUIRE SSL;
--replace_column 8 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u5';

ALTER USER u5@localhost IDENTIFIED WITH 'mysql_native_password';
# Look for plugin,auth_string, password expired field
--replace_column 8 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u5';

# Testing connection
--connect(con1, localhost, u5,,,,,SSL)
SET PASSWORD='new_auth_string';
SELECT USER();
connection default;
disconnect con1;

CREATE USER u6@localhost IDENTIFIED BY 'auth_string' REQUIRE X509 ACCOUNT UNLOCK ACCOUNT LOCK PASSWORD EXPIRE INTERVAL 80 DAY;
--replace_column 8 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u6';
ALTER USER u6@localhost IDENTIFIED WITH 'mysql_native_password' BY 'new_auth_string' REQUIRE SSL ACCOUNT UNLOCK;
--replace_column 8 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u6';

CREATE USER u7@localhost IDENTIFIED WITH 'mysql_native_password'
            BY 'auth_string' REQUIRE CIPHER 'ECDHE-RSA-AES128-GCM-SHA256';
--replace_column 8 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u7';
ALTER USER u7@localhost IDENTIFIED WITH 'mysql_native_password' BY 'new_auth_string'
            REQUIRE ISSUER '/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA' ACCOUNT UNLOCK;
# Look for plugin,auth_string, password expired, SSL type field
--replace_column 8 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u7';

# Testing connection
--connect(con1, localhost, u7,'new_auth_string',,,,SSL)
SELECT USER();
connection default;
disconnect con1;

CREATE USER u8@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string'
            REQUIRE ISSUER '/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA';
--replace_column 8 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u8';
ALTER USER u8@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string'
            REQUIRE CIPHER "ECDHE-RSA-AES128-GCM-SHA256";
# Look for plugin,auth_string, password expired, SSL fields
--replace_column 8 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u8';
# Testing connection
--connect(con1, localhost, u8,'auth_string',,,,SSL)
SELECT USER();
connection default;
disconnect con1;

CREATE USER tu1@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string'
            REQUIRE ISSUER 'issuer';
--replace_column 8 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='tu1';
ALTER USER tu1@localhost IDENTIFIED WITH 'mysql_native_password'
            REQUIRE CIPHER "ECDHE-RSA-AES128-GCM-SHA256";
# Look for plugin,auth_string, password expired, SSL fields
--replace_column 8 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='tu1';

CREATE USER u9@localhost REQUIRE SUBJECT 'sub';
--replace_column 8 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u9';
ALTER USER u9@localhost REQUIRE ISSUER "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA";
--replace_column 8 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u9';

ALTER USER u9@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string77hg'
                        REQUIRE ISSUER "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA";
--replace_column 8 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u9';

CREATE USER u10@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string'
            REQUIRE CIPHER "ECDHE-RSA-AES128-GCM-SHA256" AND
            SUBJECT "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client"
            ISSUER "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA";
--replace_column 8 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u10';
ALTER USER u10@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string'
            REQUIRE SSL;
--replace_column 8 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u10';

# Testing connection
--connect(con1, localhost, u10,'auth_string',,,,SSL)
SELECT USER();
connection default;
disconnect con1;

CREATE USER u11@localhost WITH MAX_QUERIES_PER_HOUR 2;
--replace_column 8 #
query_vertical SELECT user,max_questions FROM mysql.user WHERE USER='u11';
ALTER USER u11@localhost WITH MAX_QUERIES_PER_HOUR 6;
--replace_column 8 #
query_vertical SELECT user,max_questions FROM mysql.user WHERE USER='u11';

CREATE USER u12@localhost IDENTIFIED BY 'auth_string'
                          WITH MAX_QUERIES_PER_HOUR 2;
--replace_column 8 #
query_vertical SELECT user,max_questions FROM mysql.user WHERE USER='u12';
ALTER USER u12@localhost IDENTIFIED WITH 'mysql_native_password'
                         WITH MAX_QUERIES_PER_HOUR 8;
--replace_column 8 #
query_vertical SELECT user,max_questions FROM mysql.user WHERE USER='u12';

ALTER USER u12@localhost IDENTIFIED WITH 'mysql_native_password'
                         WITH MAX_QUERIES_PER_HOUR 1000;
--replace_column 8 #
query_vertical SELECT user,max_questions FROM mysql.user WHERE USER='u12';

CREATE USER u13@localhost IDENTIFIED WITH 'mysql_native_password'
                          WITH MAX_CONNECTIONS_PER_HOUR 2;
--replace_column 8 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u13';
ALTER USER u13@localhost PASSWORD EXPIRE;
--replace_column 8 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u13';

CREATE USER u14@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string'
            WITH MAX_USER_CONNECTIONS 2;
--replace_column 9 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,max_user_connections,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u14';
ALTER USER u14@localhost WITH MAX_USER_CONNECTIONS 12
                         PASSWORD EXPIRE INTERVAL 365 DAY;
--replace_column 9 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,max_user_connections,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u14';

CREATE USER tu2@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string'
            WITH MAX_USER_CONNECTIONS 2 ;
--replace_column 10 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,max_user_connections,max_questions,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='tu2';
ALTER USER tu2@localhost WITH MAX_USER_CONNECTIONS 12 MAX_QUERIES_PER_HOUR 543
                         PASSWORD EXPIRE INTERVAL 365 DAY;
--replace_column 10 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,max_user_connections,max_questions,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='tu2';

# Testing connection
--connect(con1, localhost, tu2,'auth_string')
SELECT USER();
connection default;
disconnect con1;

CREATE USER u15@localhost,
            u16@localhost IDENTIFIED WITH 'mysql_native_password',
            u17@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string';
--replace_column 8 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user
WHERE USER='u15';
--replace_column 8 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user
WHERE USER='u16';
--replace_column 8 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user
WHERE USER='u17';
ALTER USER u15@localhost IDENTIFIED WITH 'mysql_native_password',
           u16@localhost,
           u17@localhost IDENTIFIED BY 'new_auth_string'
           PASSWORD EXPIRE DEFAULT;
--replace_column 8 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user
WHERE USER='u15';
--replace_column 8 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user
WHERE USER='u16';
--replace_column 8 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user
WHERE USER='u17';

CREATE USER u18@localhost,
            u19@localhost IDENTIFIED BY 'auth_string',
            u20@localhost IDENTIFIED WITH 'mysql_native_password',
            u21@localhost IDENTIFIED WITH 'mysql_native_password' BY '!Y_TOdh6)',
            u22@localhost IDENTIFIED WITH 'mysql_native_password',
            u23@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_&string'
            REQUIRE SUBJECT '/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client'
            WITH MAX_QUERIES_PER_HOUR 2 MAX_USER_CONNECTIONS 2;
--replace_column 10 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,max_user_connections,
max_questions,password_last_changed,password_lifetime FROM mysql.user
WHERE USER='u18';
--replace_column 10 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,max_user_connections,
max_questions,password_last_changed,password_lifetime FROM mysql.user
WHERE USER='u19';
--replace_column 10 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,max_user_connections,
max_questions,password_last_changed,password_lifetime FROM mysql.user
WHERE USER='u20';
--replace_column 10 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,max_user_connections,
max_questions,password_last_changed,password_lifetime FROM mysql.user
WHERE USER='u21';
--replace_column 10 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,max_user_connections,
max_questions,password_last_changed,password_lifetime FROM mysql.user
WHERE USER='u22';
--replace_column 10 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,max_user_connections,
max_questions,password_last_changed,password_lifetime FROM mysql.user
WHERE USER='u23';

ALTER USER u18@localhost, u19@localhost,
           u20@localhost, u21@localhost,
           u22@localhost, u23@localhost
           REQUIRE SUBJECT '/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client'
           WITH MAX_QUERIES_PER_HOUR 2 MAX_USER_CONNECTIONS 2
           PASSWORD EXPIRE NEVER;
--replace_column 10 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,max_user_connections,
max_questions,password_last_changed,password_lifetime FROM mysql.user
WHERE USER='u18';
--replace_column 10 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,max_user_connections,
max_questions,password_last_changed,password_lifetime FROM mysql.user
WHERE USER='u19';
--replace_column 10 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,max_user_connections,
max_questions,password_last_changed,password_lifetime FROM mysql.user
WHERE USER='u20';
--replace_column 10 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,max_user_connections,
max_questions,password_last_changed,password_lifetime FROM mysql.user
WHERE USER='u21';
--replace_column 10 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,max_user_connections,
max_questions,password_last_changed,password_lifetime FROM mysql.user
WHERE USER='u22';
--replace_column 10 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,max_user_connections,
max_questions,password_last_changed,password_lifetime FROM mysql.user
WHERE USER='u23';

DROP USER tu1@localhost,tu2@localhost,u1@localhost, u2@localhost, u3@localhost,
          u4@localhost,u5@localhost,u6@localhost, u7@localhost, u8@localhost,
          u9@localhost,u10@localhost,u11@localhost,u12@localhost,u13@localhost,
          u14@localhost,u15@localhost,u16@localhost,u17@localhost,u18@localhost,
          u19@localhost,u20@localhost,u21@localhost,u22@localhost,u23@localhost;

--echo # ALTER USER with current user

CREATE USER u1@localhost IDENTIFIED BY 'abc';
--connect(con1, localhost, u1, abc)
SELECT USER();
connection default;
ALTER USER u1@localhost PASSWORD EXPIRE;
disconnect con1;

--connect(con1, localhost, u1, abc)
--error ER_MUST_CHANGE_PASSWORD
SELECT USER();
SET PASSWORD = 'def';
--disable_warnings
disconnect con1;
--enable_warnings

--connect(con1, localhost, u1, def)
SELECT USER();
connection default;
ALTER USER u1@localhost PASSWORD EXPIRE;
disconnect con1;

--connect(con1, localhost, u1, def)
--error ER_MUST_CHANGE_PASSWORD
SELECT USER();
# Password set to current user
--disable_ps_protocol
--error ER_PARSE_ERROR
ALTER USER IDENTIFIED BY 'npwd';
ALTER USER USER() IDENTIFIED BY 'abc';
--enable_ps_protocol
disconnect con1;

--connect(con1, localhost, u1, abc)
SELECT USER();
connection default;
ALTER USER u1@localhost PASSWORD EXPIRE;
disconnect con1;

--connect(con1, localhost, u1, abc)
--error ER_MUST_CHANGE_PASSWORD
SELECT USER();
connection default;
ALTER USER u1@localhost IDENTIFIED BY 'def';
disconnect con1;

--connect(con1, localhost, u1, def)
SELECT USER();
connection default;
DROP USER u1@localhost;
disconnect con1;

--echo # ALTER USER with current user is allowed to set only credential information

CREATE USER u1@localhost, u2@localhost IDENTIFIED BY 'abc';
GRANT ALL ON *.* TO u2@localhost;

--connect(con1, localhost, u2, abc)
--error ER_PARSE_ERROR
ALTER USER USER() IDENTIFIED WITH 'sha256_password';
--error ER_PARSE_ERROR
ALTER USER USER() IDENTIFIED BY 'def', u2@localhost PASSWORD EXPIRE;
--error ER_PARSE_ERROR
ALTER USER USER() IDENTIFIED BY 'def' PASSWORD EXPIRE;
--error ER_PARSE_ERROR
ALTER USER ;
ALTER USER u2@localhost IDENTIFIED BY 'auth_string' PASSWORD EXPIRE INTERVAL 45 DAY;
--replace_column 8 #
query_vertical SELECT user,ssl_type,ssl_cipher,x509_issuer,x509_subject,
plugin,password_expired,
password_last_changed,password_lifetime FROM mysql.user WHERE USER='u2';
connection default;
disconnect con1;
DROP USER u1@localhost, u2@localhost;

--echo # SHOW CREATE USER

CREATE USER u1@localhost;
SHOW CREATE USER u1@localhost;

CREATE USER u2@localhost IDENTIFIED BY 'auth_string';
--replace_regex /AS '(.*)' REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER u2@localhost;
--echo # DDL output for SHOW CREATE USER u2@localhost and recreating user
DROP USER u2@localhost;
CREATE USER 'u2'@'localhost' IDENTIFIED WITH 'mysql_native_password'
            AS '*67092806AE91BFB6BE72DE6C7BE2B7CCA8CFA9DF' REQUIRE NONE;

--connect(con1,localhost,u2,auth_string)
SELECT USER();
connection default;
disconnect con1;
--echo

CREATE USER u3@localhost IDENTIFIED WITH 'mysql_native_password';
SHOW CREATE USER u3@localhost;

CREATE USER u4@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string';
--replace_regex /AS '(.*)' REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER u4@localhost;

CREATE USER user1@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string';
--replace_regex /AS '(.*)' REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER user1@localhost;

--echo

CREATE USER user2@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string';
--replace_regex /AS '(.*)' REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER user2@localhost;
--echo
CREATE USER u5@localhost REQUIRE SSL;
SHOW CREATE USER u5@localhost;

CREATE USER u6@localhost IDENTIFIED BY 'auth_string' REQUIRE X509;
--replace_regex /AS '(.*)' REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER u6@localhost;

CREATE USER u7@localhost IDENTIFIED WITH 'mysql_native_password'
            REQUIRE CIPHER 'cipher';
SHOW CREATE USER u7@localhost;

CREATE USER u8@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string'
            REQUIRE ISSUER 'issuer';
--replace_regex /AS '(.*)' REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER u8@localhost;

CREATE USER u9@localhost REQUIRE SUBJECT 'sub';
SHOW CREATE USER u9@localhost;

CREATE USER u10@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string'
            REQUIRE CIPHER "ECDHE-RSA-AES128-GCM-SHA256" AND
            SUBJECT "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client"
            ISSUER "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA";
--replace_regex /AS '(.*)' REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER u10@localhost;

CREATE USER u11@localhost WITH MAX_QUERIES_PER_HOUR 2;
SHOW CREATE USER u11@localhost;

CREATE USER u12@localhost IDENTIFIED BY 'auth_string'  WITH MAX_QUERIES_PER_HOUR 2;
--replace_regex /AS '(.*)' REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER u12@localhost;

CREATE USER u13@localhost IDENTIFIED WITH 'mysql_native_password'
            WITH MAX_CONNECTIONS_PER_HOUR 2;
SHOW CREATE USER u13@localhost;

CREATE USER u14@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string'
            WITH MAX_USER_CONNECTIONS 2;
--replace_regex /AS '(.*)' REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER u14@localhost;

CREATE USER u15@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string'
            REQUIRE SUBJECT '/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client'
            ISSUER "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA"
            CIPHER 'cipher' WITH MAX_QUERIES_PER_HOUR 2 MAX_USER_CONNECTIONS 2;
--replace_regex /AS '(.*)' REQUIRE/AS '<non-deterministic-password-hash>' REQUIRE/
SHOW CREATE USER u15@localhost;

DROP USER user1@localhost,u1@localhost,u2@localhost,u3@localhost,u4@localhost,
          u5@localhost,u6@localhost, u7@localhost, u8@localhost,u9@localhost,
          u10@localhost,u11@localhost,u12@localhost,u13@localhost,u14@localhost,
          u15@localhost;
--echo
--echo # GRANT
--echo
CREATE USER user1@localhost IDENTIFIED WITH 'mysql_native_password'
            AS '*67092806AE91BFB6BE72DE6C7BE2B7CCA8CFA9DF'
            REQUIRE SUBJECT '/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client'
            ISSUER "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA"
            WITH MAX_CONNECTIONS_PER_HOUR 1000 MAX_USER_CONNECTIONS 20
                 MAX_QUERIES_PER_HOUR 60 MAX_UPDATES_PER_HOUR 100;

query_vertical SELECT user,plugin,ssl_type,ssl_cipher,
x509_issuer,x509_subject,max_user_connections,
max_questions,max_updates,max_connections FROM mysql.user
WHERE USER='user1';

--echo
GRANT SELECT ON *.* TO user1@localhost;
GRANT SELECT,INSERT,UPDATE ON mysql.* TO user1@localhost;

--echo
SHOW GRANTS FOR user1@localhost;
--echo
REVOKE INSERT,UPDATE ON mysql.* FROM user1@localhost;

SHOW GRANTS FOR user1@localhost;
--echo

GRANT SELECT,INSERT,UPDATE ON *.* TO user2@localhost;
ALTER USER user2@localhost IDENTIFIED BY 'admin'
      REQUIRE SUBJECT '/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=Client'
      ISSUER "/C=SE/ST=Stockholm/L=Stockholm/O=Oracle/OU=MySQL/CN=CA"
      WITH MAX_CONNECTIONS_PER_HOUR 1000 MAX_USER_CONNECTIONS 20
           MAX_QUERIES_PER_HOUR 60 MAX_UPDATES_PER_HOUR 100;

query_vertical SELECT user,plugin,ssl_type,ssl_cipher,
x509_issuer,x509_subject,max_user_connections,
max_questions,max_updates,max_connections FROM mysql.user WHERE USER='user2';

CREATE USER user3@localhost IDENTIFIED BY 'auth_string';

--echo # Cleanup
DROP USER user1@localhost,user2@localhost,user3@localhost;

--echo
--echo # SET PASSWORD Tests
--echo
CREATE USER user1@localhost IDENTIFIED BY 'auth_string';
CREATE USER user2@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string1';

SET PASSWORD FOR user1@localhost='auth_xyz@';
SET PASSWORD FOR user2@localhost='gd636@gj';

--echo
CREATE USER user4@localhost;
ALTER USER user4@localhost PASSWORD EXPIRE;
SET PASSWORD FOR user4@localhost='';

CREATE USER user3@localhost IDENTIFIED  BY 'auth_string';
CREATE USER user5@localhost IDENTIFIED WITH 'mysql_native_password' BY 'auth_string1';

SET PASSWORD FOR user3@localhost='auth_abc';
GRANT SELECT ON *.* TO user3@localhost;

--connect(con1, localhost, user3, auth_abc)
SELECT USER();
SET PASSWORD='auth_xyz';
query_vertical SELECT user,plugin,ssl_type,password_expired,
password_lifetime FROM mysql.user WHERE user='user3';
connection default;
disconnect con1;

--echo
SET PASSWORD FOR user4@localhost='auth_xyz';
query_vertical SELECT user,plugin,ssl_type,password_expired,
password_lifetime FROM mysql.user WHERE user='user4';
--echo
SET PASSWORD FOR user5@localhost='auth_dhsga5';
query_vertical SELECT user,plugin,ssl_type,password_expired,
password_lifetime FROM mysql.user WHERE user='user5';

--echo
CREATE USER user6@localhost IDENTIFIED BY 'auth_string';
query_vertical SELECT user,plugin,password_expired
FROM mysql.user WHERE USER='user6';

ALTER USER user6@localhost IDENTIFIED WITH 'mysql_native_password';
query_vertical SELECT user,plugin,password_expired
FROM mysql.user WHERE USER='user6';

SET PASSWORD FOR user6@localhost='plaintext_password';
query_vertical SELECT user,plugin
FROM mysql.user WHERE USER='user6';

# Testing connection
--connect(con1, localhost, user6, 'plaintext_password')
SELECT USER();
connection default;
disconnect con1;

--echo
--echo # Cleanup
DROP USER user1@localhost,user2@localhost,user3@localhost,
          user4@localhost,user5@localhost,user6@localhost;

--source include/sync_slave_sql_with_master.inc
--echo [On Slave]
--let $mask_user_password_events=1
--let $mask_grant_as_events=1
--source include/show_binlog_events.inc
--let $mask_user_password_events=0
--source include/rpl_end.inc

--echo
--echo End of 5.7 tests!
--echo