File: grant.test

package info (click to toggle)
mysql-8.0 8.0.43-3
links: PTS, VCS
area: main
in suites:
size: 1,273,924 kB
sloc: cpp: 4,684,605; ansic: 412,450; pascal: 108,398; java: 83,641; perl: 30,221; cs: 27,067; sql: 26,594; sh: 24,181; python: 21,816; yacc: 17,169; php: 11,522; xml: 7,388; javascript: 7,076; makefile: 2,194; lex: 1,075; awk: 670; asm: 520; objc: 183; ruby: 97; lisp: 86
file content (3224 lines) | stat: -rw-r--r-- 100,648 bytes
# Store the time of password_last_changed column from mysql.user table
# to restore it back later for the different users.
let $date_to_restore_root=`SELECT password_last_changed from mysql.user where user='root'`;
let $date_to_restore_sys=`SELECT password_last_changed from mysql.user where user='mysql.sys'`;
let $date_to_restore_session_user=`SELECT password_last_changed from mysql.user where user='mysql.session'`;
let $date_to_restore_inf_schema_user=`SELECT password_last_changed from mysql.user where user='mysql.infoschema'`;

# Test of GRANT commands

# Save the initial number of concurrent sessions
--source include/count_sessions.inc

SET @old_log_bin_trust_function_creators= @@global.log_bin_trust_function_creators;
SET GLOBAL log_bin_trust_function_creators = 1;

set @orig_sql_mode_session= @@SESSION.sql_mode;
set @orig_sql_mode_global= @@GLOBAL.sql_mode;

connect (master,localhost,root,,);
connection master;
SET NAMES binary;
#
# Test that the new db privileges are stored/retrieved correctly
#
create user mysqltest_1@localhost;
grant CREATE TEMPORARY TABLES, LOCK TABLES on mysqltest.* to mysqltest_1@localhost;
show grants for mysqltest_1@localhost;
flush privileges;
show grants for mysqltest_1@localhost;
revoke CREATE TEMPORARY TABLES on mysqltest.* from mysqltest_1@localhost;
show grants for mysqltest_1@localhost;
grant ALL PRIVILEGES on mysqltest.* to mysqltest_1@localhost with GRANT OPTION;
flush privileges;
show grants for mysqltest_1@localhost;
revoke LOCK TABLES, ALTER on mysqltest.* from mysqltest_1@localhost;
show grants for mysqltest_1@localhost;
revoke all privileges on mysqltest.* from mysqltest_1@localhost;
drop user  mysqltest_1@localhost;
flush privileges;
create user mysqltest_1@localhost;
grant usage on test.* to mysqltest_1@localhost with grant option;
show grants for mysqltest_1@localhost;
delete from mysql.user where user='mysqltest_1';
delete from mysql.db where user='mysqltest_1';
delete from mysql.tables_priv where user='mysqltest_1';
delete from mysql.columns_priv where user='mysqltest_1';
flush privileges;
--error ER_NONEXISTING_GRANT
show grants for mysqltest_1@localhost;

#
# Test what happens when you have same table and colum level grants
#

create user mysqltest_1@localhost;
create table t1 (a int);
GRANT select,update,insert on t1 to mysqltest_1@localhost;
GRANT select (a), update (a),insert(a), references(a) on t1 to mysqltest_1@localhost;
show grants for mysqltest_1@localhost;
select table_priv,column_priv from mysql.tables_priv where user="mysqltest_1";
REVOKE select (a), update on t1 from mysqltest_1@localhost;
show grants for mysqltest_1@localhost;
REVOKE select,update,insert,insert (a) on t1 from mysqltest_1@localhost;
show grants for mysqltest_1@localhost;
GRANT select,references on t1 to mysqltest_1@localhost;
select table_priv,column_priv from mysql.tables_priv where user="mysqltest_1";
create user mysqltest_2@localhost, mysqltest_3@localhost;
grant all on test.* to mysqltest_3@localhost with grant option;
revoke all on test.* from mysqltest_3@localhost;
show grants for mysqltest_3@localhost;
revoke grant option on test.* from mysqltest_3@localhost;
show grants for mysqltest_3@localhost;
grant all on test.t1 to mysqltest_2@localhost with grant option;
revoke all on test.t1 from mysqltest_2@localhost;
show grants for mysqltest_2@localhost;
revoke grant option on test.t1 from mysqltest_2@localhost;
show grants for mysqltest_2@localhost;
delete from mysql.user where user='mysqltest_1' or user="mysqltest_2" or user="mysqltest_3";
delete from mysql.db where user='mysqltest_1' or user="mysqltest_2" or user="mysqltest_3";
delete from mysql.tables_priv where user='mysqltest_1' or user="mysqltest_2" or user="mysqltest_3";
delete from mysql.columns_priv where user='mysqltest_1' or user="mysqltest_2" or user="mysqltest_3";
flush privileges;
drop table t1;

#
# Test grants on long column names (causes std::string to allocate memory)
#
create user mysqltest_1@localhost;
create table t1 (abcdefghijklmnopqrstuvwxyz int);
GRANT select (abcdefghijklmnopqrstuvwxyz) on t1 to mysqltest_1@localhost;
show grants for mysqltest_1@localhost;
select table_priv,column_priv from mysql.tables_priv where user="mysqltest_1";
drop table t1;

#
# Test some error conditions
#
--error ER_WRONG_USAGE
GRANT FILE on mysqltest.*  to mysqltest_1@localhost;
select 1;     # To test that the previous command didn't cause problems
drop user mysqltest_1@localhost;

#
# Bug#4898 User privileges depending on ORDER BY Settings of table db
#
insert ignore into mysql.user (host, user) values ('localhost', 'test11');
insert into mysql.db (host, db, user, select_priv) values
('localhost', 'a%', 'test11', 'Y'), ('localhost', 'ab%', 'test11', 'Y');
alter table mysql.db order by db asc;
flush privileges;
show grants for test11@localhost;
alter table mysql.db order by db desc;
flush privileges;
show grants for test11@localhost;
delete from mysql.user where user='test11';
delete from mysql.db where user='test11';

#
# Bug#6123 GRANT USAGE inserts useless Db row
#
create user test6123 identified by 'magic123';
create database mysqltest1;
grant usage on mysqltest1.* to test6123;
select host,db,user,select_priv,insert_priv from mysql.db where db="mysqltest1";
delete from mysql.user where user='test6123';
drop database mysqltest1;
flush privileges;

#
# Test for 'drop user', 'revoke privileges, grant'
#

create user drop_user@localhost, drop_user2@localhost;
create table t1 (a int);
grant ALL PRIVILEGES on *.* to drop_user2@localhost with GRANT OPTION;
show grants for drop_user2@localhost;
revoke all privileges, grant option from drop_user2@localhost;

grant ALL PRIVILEGES on *.* to drop_user@localhost with GRANT OPTION;
grant ALL PRIVILEGES on test.* to drop_user@localhost with GRANT OPTION;
grant select(a) on test.t1 to drop_user@localhost;
show grants for drop_user@localhost;

#
# Bug#3086 SHOW GRANTS doesn't follow ANSI_QUOTES
#
set sql_mode=ansi_quotes;
show grants for drop_user@localhost;
set sql_mode=default;

set sql_quote_show_create=0;
show grants for drop_user@localhost;
set sql_mode="ansi_quotes";
show grants for drop_user@localhost;
set sql_quote_show_create=1;
show grants for drop_user@localhost;
set sql_mode="";
show grants for drop_user@localhost;

revoke all privileges, grant option from drop_user@localhost;
show grants for drop_user@localhost;
drop user drop_user@localhost;
--error ER_REVOKE_GRANTS
revoke all privileges, grant option from drop_user@localhost;

create user drop_user1@localhost, drop_user3@localhost, drop_user4@localhost;
grant select(a) on test.t1 to drop_user1@localhost;
grant select on test.t1 to drop_user2@localhost;
grant select on test.* to drop_user3@localhost;
grant select on *.* to drop_user4@localhost;
# Drop user now implicitly revokes all privileges.
drop user drop_user1@localhost, drop_user2@localhost, drop_user3@localhost,
drop_user4@localhost;
--error ER_REVOKE_GRANTS
revoke all privileges, grant option from drop_user1@localhost, drop_user2@localhost,
drop_user3@localhost, drop_user4@localhost;
--error ER_CANNOT_USER
drop user drop_user1@localhost, drop_user2@localhost, drop_user3@localhost,
drop_user4@localhost;
drop table t1;
create user mysqltest_1@localhost identified by "password";
grant select, update, insert on test.* to mysqltest_1@localhost;
show grants for mysqltest_1@localhost;
drop user mysqltest_1@localhost;

#
# Bug#3403 Wrong encoding in SHOW GRANTS output
#
SET NAMES koi8r;
--character_set koi8r
CREATE DATABASE ;
USE ;
CREATE TABLE  ( INT);

CREATE USER @localhost;
GRANT SELECT ON .* TO @localhost;
SHOW GRANTS FOR @localhost;
REVOKE SELECT ON .* FROM @localhost;

GRANT SELECT ON . TO @localhost;
SHOW GRANTS FOR @localhost;
REVOKE SELECT ON . FROM @localhost;

GRANT SELECT () ON . TO @localhost;
SHOW GRANTS FOR @localhost;
REVOKE SELECT () ON . FROM @localhost;

# Revoke does not drop user. Leave a clean user table for the next tests.
DROP USER @localhost;

DROP DATABASE ;
--character_set utf8mb4
SET NAMES latin1;

#
# Bug#5831 REVOKE ALL PRIVILEGES, GRANT OPTION does not revoke everything
#
USE test;
create user testuser@localhost;
CREATE TABLE t1 (a int );
CREATE TABLE t2 LIKE t1;
CREATE TABLE t3 LIKE t1;
CREATE TABLE t4 LIKE t1;
CREATE TABLE t5 LIKE t1;
CREATE TABLE t6 LIKE t1;
CREATE TABLE t7 LIKE t1;
CREATE TABLE t8 LIKE t1;
CREATE TABLE t9 LIKE t1;
CREATE TABLE t10 LIKE t1;
CREATE DATABASE testdb1;
CREATE DATABASE testdb2;
CREATE DATABASE testdb3;
CREATE DATABASE testdb4;
CREATE DATABASE testdb5;
CREATE DATABASE testdb6;
CREATE DATABASE testdb7;
CREATE DATABASE testdb8;
CREATE DATABASE testdb9;
CREATE DATABASE testdb10;
GRANT ALL ON testdb1.* TO testuser@localhost;
GRANT ALL ON testdb2.* TO testuser@localhost;
GRANT ALL ON testdb3.* TO testuser@localhost;
GRANT ALL ON testdb4.* TO testuser@localhost;
GRANT ALL ON testdb5.* TO testuser@localhost;
GRANT ALL ON testdb6.* TO testuser@localhost;
GRANT ALL ON testdb7.* TO testuser@localhost;
GRANT ALL ON testdb8.* TO testuser@localhost;
GRANT ALL ON testdb9.* TO testuser@localhost;
GRANT ALL ON testdb10.* TO testuser@localhost;
GRANT SELECT ON test.t1 TO testuser@localhost;
GRANT SELECT ON test.t2 TO testuser@localhost;
GRANT SELECT ON test.t3 TO testuser@localhost;
GRANT SELECT ON test.t4 TO testuser@localhost;
GRANT SELECT ON test.t5 TO testuser@localhost;
GRANT SELECT ON test.t6 TO testuser@localhost;
GRANT SELECT ON test.t7 TO testuser@localhost;
GRANT SELECT ON test.t8 TO testuser@localhost;
GRANT SELECT ON test.t9 TO testuser@localhost;
GRANT SELECT ON test.t10 TO testuser@localhost;
GRANT SELECT (a) ON test.t1 TO testuser@localhost;
GRANT SELECT (a) ON test.t2 TO testuser@localhost;
GRANT SELECT (a) ON test.t3 TO testuser@localhost;
GRANT SELECT (a) ON test.t4 TO testuser@localhost;
GRANT SELECT (a) ON test.t5 TO testuser@localhost;
GRANT SELECT (a) ON test.t6 TO testuser@localhost;
GRANT SELECT (a) ON test.t7 TO testuser@localhost;
GRANT SELECT (a) ON test.t8 TO testuser@localhost;
GRANT SELECT (a) ON test.t9 TO testuser@localhost;
GRANT SELECT (a) ON test.t10 TO testuser@localhost;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM testuser@localhost;
SHOW GRANTS FOR testuser@localhost;
DROP USER testuser@localhost;
DROP TABLE t1,t2,t3,t4,t5,t6,t7,t8,t9,t10;
DROP DATABASE testdb1;
DROP DATABASE testdb2;
DROP DATABASE testdb3;
DROP DATABASE testdb4;
DROP DATABASE testdb5;
DROP DATABASE testdb6;
DROP DATABASE testdb7;
DROP DATABASE testdb8;
DROP DATABASE testdb9;
DROP DATABASE testdb10;

#
# Bug#6932 a problem with 'revoke ALL PRIVILEGES'
#

create table t1(a int, b int, c int, d int);
create user grant_user@localhost;
grant insert(b), insert(c), insert(d), insert(a) on t1 to grant_user@localhost;
show grants for grant_user@localhost;
select Host,Db,User,Table_name,Column_name,Column_priv from mysql.columns_priv order by Column_name;
revoke ALL PRIVILEGES on t1 from grant_user@localhost;
show grants for grant_user@localhost;
select Host,Db,User,Table_name,Column_name,Column_priv from mysql.columns_priv;
drop user grant_user@localhost;
drop table t1;

#
# Bug#7391 Cross-database multi-table UPDATE security problem
#
create database mysqltest_1;
create database mysqltest_2;
create table mysqltest_1.t1 select 1 a, 2 q;
create table mysqltest_1.t2 select 1 b, 2 r;
create table mysqltest_2.t1 select 1 c, 2 s;
create table mysqltest_2.t2 select 1 d, 2 t;

# test the column privileges
create user mysqltest_3@localhost;
grant update (a) on mysqltest_1.t1 to mysqltest_3@localhost;
grant select (b) on mysqltest_1.t2 to mysqltest_3@localhost;
grant select (c) on mysqltest_2.t1 to mysqltest_3@localhost;
grant update (d) on mysqltest_2.t2 to mysqltest_3@localhost;
connect (conn1,localhost,mysqltest_3,,);
connection conn1;
SELECT * FROM INFORMATION_SCHEMA.COLUMN_PRIVILEGES
 WHERE GRANTEE = '''mysqltest_3''@''localhost'''
 ORDER BY TABLE_NAME,COLUMN_NAME,PRIVILEGE_TYPE;
SELECT * FROM INFORMATION_SCHEMA.TABLE_PRIVILEGES
 WHERE GRANTEE = '''mysqltest_3''@''localhost'''
 ORDER BY TABLE_NAME,PRIVILEGE_TYPE;
SELECT * from INFORMATION_SCHEMA.SCHEMA_PRIVILEGES
 WHERE GRANTEE = '''mysqltest_3''@''localhost'''
 ORDER BY TABLE_SCHEMA,PRIVILEGE_TYPE;
SELECT * from INFORMATION_SCHEMA.USER_PRIVILEGES
 WHERE GRANTEE = '''mysqltest_3''@''localhost'''
 ORDER BY TABLE_CATALOG,PRIVILEGE_TYPE;
--error ER_COLUMNACCESS_DENIED_ERROR
update mysqltest_1.t1, mysqltest_1.t2 set q=10 where b=1;
--error ER_COLUMNACCESS_DENIED_ERROR
update mysqltest_1.t2, mysqltest_2.t2 set d=20 where d=1;
--error ER_COLUMNACCESS_DENIED_ERROR
update mysqltest_1.t1, mysqltest_2.t2 set d=20 where d=1;
--error ER_COLUMNACCESS_DENIED_ERROR
update mysqltest_2.t1, mysqltest_1.t2 set c=20 where b=1;
--error ER_COLUMNACCESS_DENIED_ERROR
update mysqltest_2.t1, mysqltest_2.t2 set d=10 where s=2;
# the following two should work
update mysqltest_1.t1, mysqltest_2.t2 set a=10,d=10;
update mysqltest_1.t1, mysqltest_2.t1 set a=20 where c=20;
connection master;
select t1.*,t2.* from mysqltest_1.t1,mysqltest_1.t2;
select t1.*,t2.* from mysqltest_2.t1,mysqltest_2.t2;
revoke all on mysqltest_1.t1 from mysqltest_3@localhost;
revoke all on mysqltest_1.t2 from mysqltest_3@localhost;
revoke all on mysqltest_2.t1 from mysqltest_3@localhost;
revoke all on mysqltest_2.t2 from mysqltest_3@localhost;

# test the db/table level privileges
grant all on mysqltest_2.* to mysqltest_3@localhost;
grant select on *.* to mysqltest_3@localhost;
# Next grant is needed to trigger bug#7391. Do not optimize!
grant select on mysqltest_2.t1 to mysqltest_3@localhost;
flush privileges;
disconnect conn1;
connect (conn2,localhost,mysqltest_3,,);
connection conn2;
use mysqltest_1;
update mysqltest_2.t1, mysqltest_2.t2 set c=500,d=600;
# the following failed before, should fail now.
--error ER_COLUMNACCESS_DENIED_ERROR
update mysqltest_1.t1, mysqltest_1.t2 set a=100,b=200;
use mysqltest_2;
# the following used to succeed, it must fail now.
--error ER_COLUMNACCESS_DENIED_ERROR
update mysqltest_1.t1, mysqltest_1.t2 set a=100,b=200;
--error ER_COLUMNACCESS_DENIED_ERROR
update mysqltest_2.t1, mysqltest_1.t2 set c=100,b=200;
--error ER_COLUMNACCESS_DENIED_ERROR
update mysqltest_1.t1, mysqltest_2.t2 set a=100,d=200;
# lets see the result
connection master;
select t1.*,t2.* from mysqltest_1.t1,mysqltest_1.t2;
select t1.*,t2.* from mysqltest_2.t1,mysqltest_2.t2;

delete from mysql.user where user='mysqltest_3';
delete from mysql.db where user="mysqltest_3";
delete from mysql.tables_priv where user="mysqltest_3";
delete from mysql.columns_priv where user="mysqltest_3";
delete from mysql.global_grants where user="mysqltest_3";
flush privileges;
drop database mysqltest_1;
drop database mysqltest_2;
disconnect conn2;

#
# just SHOW PRIVILEGES test
#
--sorted_result
SHOW PRIVILEGES;

#
# Rights for renaming test (Bug#3270)
#
connect (root,localhost,root,,test,$MASTER_MYPORT,$MASTER_MYSOCK);
connection root;
create database mysqltest;
create table mysqltest.t1 (a int,b int,c int);
create user mysqltest_1@localhost;
grant all on mysqltest.t1 to mysqltest_1@localhost;
connect (user1,localhost,mysqltest_1,,mysqltest,$MASTER_MYPORT,$MASTER_MYSOCK);
connection user1;
-- error ER_TABLEACCESS_DENIED_ERROR
alter table t1 rename t2;
disconnect user1;
connection root;
revoke all privileges on mysqltest.t1 from mysqltest_1@localhost;
delete from mysql.user where user=_binary'mysqltest_1';
drop database mysqltest;
connection default;
disconnect root;

#
# check all new table privileges
#
CREATE USER dummy@localhost;
CREATE DATABASE mysqltest;
CREATE TABLE mysqltest.dummytable (dummyfield INT);
CREATE VIEW mysqltest.dummyview AS SELECT dummyfield FROM mysqltest.dummytable;
GRANT ALL PRIVILEGES ON mysqltest.dummytable TO dummy@localhost;
GRANT ALL PRIVILEGES ON mysqltest.dummyview TO dummy@localhost;
--sorted_result
SHOW GRANTS FOR dummy@localhost;
use INFORMATION_SCHEMA;
SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY
PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE
= '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;
FLUSH PRIVILEGES;
--sorted_result
SHOW GRANTS FOR dummy@localhost;
SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY
PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE
= '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;
SHOW FIELDS FROM mysql.tables_priv;
use test;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM dummy@localhost;
DROP USER dummy@localhost;
DROP DATABASE mysqltest;
# check view only privileges
CREATE USER dummy@localhost;
CREATE DATABASE mysqltest;
CREATE TABLE mysqltest.dummytable (dummyfield INT);
CREATE VIEW mysqltest.dummyview AS SELECT dummyfield FROM mysqltest.dummytable;
GRANT CREATE VIEW ON mysqltest.dummytable TO dummy@localhost;
GRANT CREATE VIEW ON mysqltest.dummyview TO dummy@localhost;
--sorted_result
SHOW GRANTS FOR dummy@localhost;
use INFORMATION_SCHEMA;
SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY
PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE
= '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;
FLUSH PRIVILEGES;
--sorted_result
SHOW GRANTS FOR dummy@localhost;
SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY
PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE
= '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;
use test;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM dummy@localhost;
DROP USER dummy@localhost;
DROP DATABASE mysqltest;
CREATE USER dummy@localhost;
CREATE DATABASE mysqltest;
CREATE TABLE mysqltest.dummytable (dummyfield INT);
CREATE VIEW mysqltest.dummyview AS SELECT dummyfield FROM mysqltest.dummytable;
GRANT SHOW VIEW ON mysqltest.dummytable TO dummy@localhost;
GRANT SHOW VIEW ON mysqltest.dummyview TO dummy@localhost;
--sorted_result
SHOW GRANTS FOR dummy@localhost;
use INFORMATION_SCHEMA;
SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY
PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE
= '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;
FLUSH PRIVILEGES;
--sorted_result
SHOW GRANTS FOR dummy@localhost;
SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY
PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE
= '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;
use test;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM dummy@localhost;
DROP USER dummy@localhost;
DROP DATABASE mysqltest;
#
# Bug#11330 Entry in tables_priv with host = '' causes crash
#
connection default;
use mysql;
insert into tables_priv values ('','test_db','mysqltest_1','test_table','test_grantor',CURRENT_TIMESTAMP,'Select','Select');
flush privileges;
delete from tables_priv where host = '' and user = 'mysqltest_1';
flush privileges;
use test;

#
# Bug#10892 user variables not auto cast for comparisons
# Check that we don't get illegal mix of collations
#
set @user123="non-existent";
select * from mysql.db where user=@user123;

set names koi8r;
create database ;
grant select on .* to root@localhost;
select hex(Db) from mysql.db where Db='';
show grants for root@localhost;
flush privileges;
show grants for root@localhost;
drop database ;
revoke select on .* from root@localhost;
show grants for root@localhost;
set names latin1;

#
# Bug#15598 Server crashes in specific case during setting new password
# - Caused by a user with host ''
#
create user mysqltest_7@;
alter user mysqltest_7@ identified by 'systpass';
show grants for mysqltest_7@;
drop user mysqltest_7@;
--error ER_NONEXISTING_GRANT
show grants for mysqltest_7@;

#
# Bug#14385 GRANT and mapping to correct user account problems
#
create database mysqltest;
use mysqltest;
create table t1(f1 int);
CREATE USER mysqltest1@'%', mysqltest1@'192.%';
GRANT DELETE ON mysqltest.t1 TO mysqltest1@'%';
GRANT SELECT ON mysqltest.t1 TO mysqltest1@'192.%';
show grants for mysqltest1@'192.%';
show grants for mysqltest1@'%';
delete from mysql.user where user='mysqltest1';
delete from mysql.db where user='mysqltest1';
delete from mysql.tables_priv where user='mysqltest1';
flush privileges;
drop database mysqltest;

#
# Bug#27515 DROP previlege is not required for RENAME TABLE
#
connection master;
create database db27515;
use db27515;
create table t1 (a int);
create user user27515@localhost;
grant alter on db27515.t1 to user27515@localhost;
grant insert, create on db27515.t2 to user27515@localhost;

connect (conn27515, localhost, user27515, , db27515);
connection conn27515;
--error ER_TABLEACCESS_DENIED_ERROR
rename table t1 to t2;
disconnect conn27515;

connection master;
revoke all privileges, grant option from user27515@localhost;
drop user user27515@localhost;
drop database db27515;

--echo End of 4.1 tests

#
# Bug#16297 In memory grant tables not flushed when users's hostname is ""
#
use test;
create table t1 (a int);

# Backup anonymous users and remove them. (They get in the way of
# the one we test with here otherwise.)
create table t2 as select * from mysql.user where user='';
delete from mysql.user where user='';
flush privileges;

# Create some users with different hostnames
create user mysqltest_8@'';
create user mysqltest_8;
create user mysqltest_8@host8;

# Try to create them again
--error ER_CANNOT_USER
create user mysqltest_8@'';
--error ER_CANNOT_USER
create user mysqltest_8;
--error ER_CANNOT_USER
create user mysqltest_8@host8;

select user, QUOTE(host) from mysql.user where user="mysqltest_8";

--echo Schema privileges
grant select on mysqltest.* to mysqltest_8@'';
show grants for mysqltest_8@'';
grant select on mysqltest.* to mysqltest_8@;
show grants for mysqltest_8@;
grant select on mysqltest.* to mysqltest_8;
show grants for mysqltest_8;
--sorted_result
select * from  information_schema.schema_privileges
where grantee like "'mysqltest_8'%";
connect (conn3,localhost,mysqltest_8,,);
select * from t1;
disconnect conn3;
connection master;
revoke select on mysqltest.* from mysqltest_8@'';
revoke select on mysqltest.* from mysqltest_8;
show grants for mysqltest_8@'';
show grants for mysqltest_8;
--sorted_result
select * from  information_schema.schema_privileges
where grantee like "'mysqltest_8'%";
flush privileges;
show grants for mysqltest_8@'';
show grants for mysqltest_8@;
grant select on mysqltest.* to mysqltest_8@'';
flush privileges;
show grants for mysqltest_8@;
revoke select on mysqltest.* from mysqltest_8@'';
flush privileges;

--echo Column privileges
grant update (a) on t1 to mysqltest_8@'';
grant update (a) on t1 to mysqltest_8;
show grants for mysqltest_8@'';
show grants for mysqltest_8;
flush privileges;
show grants for mysqltest_8@'';
show grants for mysqltest_8;
--sorted_result
select * from  information_schema.column_privileges;
connect (conn4,localhost,mysqltest_8,,);
select * from t1;
disconnect conn4;
connection master;
revoke update (a) on t1 from mysqltest_8@'';
revoke update (a) on t1 from mysqltest_8;
show grants for mysqltest_8@'';
show grants for mysqltest_8;
--sorted_result
select * from  information_schema.column_privileges;
flush privileges;
show grants for mysqltest_8@'';
show grants for mysqltest_8;

--echo Table privileges
grant update on t1 to mysqltest_8@'';
grant update on t1 to mysqltest_8;
show grants for mysqltest_8@'';
show grants for mysqltest_8;
flush privileges;
show grants for mysqltest_8@'';
show grants for mysqltest_8;
--sorted_result
select * from  information_schema.table_privileges where table_schema NOT IN ('sys','mysql');
connect (conn5,localhost,mysqltest_8,,);
select * from t1;
disconnect conn5;
connection master;
revoke update on t1 from mysqltest_8@'';
revoke update on t1 from mysqltest_8;
show grants for mysqltest_8@'';
show grants for mysqltest_8;
--sorted_result
select * from  information_schema.table_privileges where table_schema NOT IN ('sys','mysql');
flush privileges;
show grants for mysqltest_8@'';
show grants for mysqltest_8;

--echo "DROP USER" should clear privileges
grant all privileges on mysqltest.* to mysqltest_8@'';
grant select on mysqltest.* to mysqltest_8@'';
grant update on t1 to mysqltest_8@'';
grant update (a) on t1 to mysqltest_8@'';
grant all privileges on mysqltest.* to mysqltest_8;
show grants for mysqltest_8@'';
show grants for mysqltest_8;
--sorted_result
select * from  information_schema.user_privileges
where grantee like "'mysqltest_8'%";
connect (conn5,localhost,mysqltest_8,,);
select * from t1;
disconnect conn5;
connection master;
flush privileges;
show grants for mysqltest_8@'';
show grants for mysqltest_8;
drop user mysqltest_8@'';
--error ER_NONEXISTING_GRANT
show grants for mysqltest_8@'';
show grants for mysqltest_8;
--sorted_result
select * from  information_schema.user_privileges
where grantee like "'mysqltest_8'%";
drop user mysqltest_8;
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCESS_DENIED_ERROR
connect (conn6,localhost,mysqltest_8,,);
connection master;
--error ER_NONEXISTING_GRANT
show grants for mysqltest_8;
drop user mysqltest_8@host8;
--error ER_NONEXISTING_GRANT
show grants for mysqltest_8@host8;

# Restore the anonymous users.
insert into mysql.user select * from t2;
flush privileges;
drop table t2;
drop table t1;

#
# Bug#20214 Incorrect error when user calls SHOW CREATE VIEW on non
#           privileged view
#

connection master;

CREATE DATABASE mysqltest3;
USE mysqltest3;

CREATE TABLE t_nn (c1 INT);
CREATE VIEW  v_nn AS SELECT * FROM t_nn;

CREATE DATABASE mysqltest2;
USE mysqltest2;

CREATE TABLE t_nn (c1 INT);
CREATE VIEW  v_nn AS SELECT * FROM t_nn;
CREATE VIEW  v_yn AS SELECT * FROM t_nn;
CREATE VIEW  v_gy AS SELECT * FROM t_nn;
CREATE VIEW  v_ny AS SELECT * FROM t_nn;
CREATE VIEW  v_yy AS SELECT * FROM t_nn WHERE c1=55;
CREATE USER 'mysqltest_1'@'localhost' IDENTIFIED BY 'mysqltest_1';
GRANT SHOW VIEW        ON mysqltest2.v_ny TO 'mysqltest_1'@'localhost';
GRANT SELECT           ON mysqltest2.v_yn TO 'mysqltest_1'@'localhost';
GRANT SELECT           ON mysqltest2.*    TO 'mysqltest_1'@'localhost';
GRANT SHOW VIEW,SELECT ON mysqltest2.v_yy TO 'mysqltest_1'@'localhost';

connect (mysqltest_1, localhost, mysqltest_1, mysqltest_1,);

# fail because of missing SHOW VIEW (have generic SELECT)
--error ER_TABLEACCESS_DENIED_ERROR
SHOW CREATE VIEW  mysqltest2.v_nn;
--error ER_TABLEACCESS_DENIED_ERROR
SHOW CREATE TABLE mysqltest2.v_nn;

# fail because of missing SHOW VIEW
--error ER_TABLEACCESS_DENIED_ERROR
SHOW CREATE VIEW  mysqltest2.v_yn;
--error ER_TABLEACCESS_DENIED_ERROR
SHOW CREATE TABLE mysqltest2.v_yn;

# succeed (despite of missing SELECT, having SHOW VIEW bails us out)
SHOW CREATE TABLE mysqltest2.v_ny;

# succeed (despite of missing SELECT, having SHOW VIEW bails us out)
SHOW CREATE VIEW  mysqltest2.v_ny;

# fail because of missing (specific or generic) SELECT
--error ER_TABLEACCESS_DENIED_ERROR
SHOW CREATE TABLE mysqltest3.t_nn;

# fail because of missing (specific or generic) SELECT (not because it's not a view!)
--error ER_TABLEACCESS_DENIED_ERROR
SHOW CREATE VIEW  mysqltest3.t_nn;

# fail because of missing missing (specific or generic) SELECT (and SHOW VIEW)
--error ER_TABLEACCESS_DENIED_ERROR
SHOW CREATE VIEW  mysqltest3.v_nn;
--error ER_TABLEACCESS_DENIED_ERROR
SHOW CREATE TABLE mysqltest3.v_nn;

# succeed thanks to generic SELECT
SHOW CREATE TABLE mysqltest2.t_nn;

# fail because it's not a view!  (have generic SELECT though)
--error ER_WRONG_OBJECT
SHOW CREATE VIEW  mysqltest2.t_nn;

# succeed, have SELECT and SHOW VIEW
SHOW CREATE VIEW mysqltest2.v_yy;

# succeed, have SELECT and SHOW VIEW
SHOW CREATE TABLE mysqltest2.v_yy;

# clean-up
connection master;

# succeed, we're root
SHOW CREATE TABLE mysqltest2.v_nn;
SHOW CREATE VIEW  mysqltest2.v_nn;

SHOW CREATE TABLE mysqltest2.t_nn;

# fail because it's not a view!
--error ER_WRONG_OBJECT
SHOW CREATE VIEW mysqltest2.t_nn;

DROP VIEW  mysqltest2.v_nn;
DROP VIEW  mysqltest2.v_yn;
DROP VIEW  mysqltest2.v_ny;
DROP VIEW  mysqltest2.v_yy;
DROP TABLE mysqltest2.t_nn;
DROP DATABASE mysqltest2;
DROP VIEW  mysqltest3.v_nn;
DROP TABLE mysqltest3.t_nn;
DROP DATABASE mysqltest3;
disconnect mysqltest_1;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'mysqltest_1'@'localhost';
DROP USER 'mysqltest_1'@'localhost';

# restore the original database
USE test;
connection default;
disconnect master;


#
# Bug#10668 CREATE USER does not enforce username length limit
#
--error ER_WRONG_STRING_LENGTH
create user mysqltest1_thisisreallyreallyreallyreallyreallyireallyreallytoolong;

#
# Test for Bug#16899 Possible buffer overflow in handling of DEFINER-clause.
#
# These checks are intended to ensure that appropriate errors are risen when
# illegal user name or hostname is specified in user-clause of GRANT/REVOKE
# statements.
#

#
# Bug#22369 Alter table rename combined with other alterations causes lost tables
#
CREATE DATABASE mysqltest1;
CREATE TABLE mysqltest1.t1 (
  int_field INTEGER UNSIGNED NOT NULL,
  char_field CHAR(10),
  INDEX(`int_field`)
);
CREATE TABLE mysqltest1.t2 (int_field INT);

--echo "Now check that we require equivalent grants for "
--echo "RENAME TABLE and ALTER TABLE"
CREATE USER mysqltest_1@localhost;
GRANT SELECT ON mysqltest1.t1 TO mysqltest_1@localhost;

connect (conn42,localhost,mysqltest_1,,mysqltest1);
SELECT USER();
SHOW GRANTS;
--error ER_TABLEACCESS_DENIED_ERROR
RENAME TABLE t1 TO t2;
--error ER_TABLEACCESS_DENIED_ERROR
ALTER TABLE t1 RENAME TO t2;
--disconnect conn42
--connection default
GRANT DROP ON mysqltest1.t1 TO mysqltest_1@localhost;

connect (conn42,localhost,mysqltest_1,,mysqltest1);
--error ER_TABLEACCESS_DENIED_ERROR
RENAME TABLE t1 TO t2;
--error ER_TABLEACCESS_DENIED_ERROR
ALTER TABLE t1 RENAME TO t2;
--disconnect conn42
--connection default
GRANT ALTER ON mysqltest1.t1 TO mysqltest_1@localhost;

connect (conn42,localhost,mysqltest_1,,mysqltest1);
SHOW GRANTS;
--error ER_TABLEACCESS_DENIED_ERROR
RENAME TABLE t1 TO t2;
--error ER_TABLEACCESS_DENIED_ERROR
ALTER TABLE t1 RENAME TO t2;
--disconnect conn42
--connection default
GRANT INSERT, CREATE ON mysqltest1.t1 TO mysqltest_1@localhost;
connect (conn42,localhost,mysqltest_1,,mysqltest1);
SHOW GRANTS;
--error ER_TABLEACCESS_DENIED_ERROR
--disconnect conn42
--connection default
GRANT INSERT, SELECT, CREATE, ALTER, DROP ON mysqltest1.t2 TO mysqltest_1@localhost;
DROP TABLE mysqltest1.t2;

connect (conn42,localhost,mysqltest_1,,mysqltest1);
SHOW GRANTS;
RENAME TABLE t1 TO t2;
RENAME TABLE t2 TO t1;
ALTER TABLE t1 RENAME TO t2;
ALTER TABLE t2 RENAME TO t1;
--disconnect conn42
--connection default
REVOKE DROP, INSERT ON mysqltest1.t1 FROM mysqltest_1@localhost;
REVOKE DROP, INSERT ON mysqltest1.t2 FROM mysqltest_1@localhost;

connect (conn42,localhost,mysqltest_1,,mysqltest1);
SHOW GRANTS;
--error ER_TABLEACCESS_DENIED_ERROR
RENAME TABLE t1 TO t2;
--error ER_TABLEACCESS_DENIED_ERROR
ALTER TABLE t1 RENAME TO t2;
--disconnect conn42
--connection default

DROP USER mysqltest_1@localhost;
DROP DATABASE mysqltest1;
USE test;

# Working with database-level privileges.

--error ER_WRONG_STRING_LENGTH
GRANT CREATE ON mysqltest.* TO 1234567890abcdefGHIKL1234567890abcdefGHIKL@localhost;

--error ER_WRONG_STRING_LENGTH
GRANT CREATE ON mysqltest.* TO some_user_name@host_1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890X;

--error ER_WRONG_STRING_LENGTH
REVOKE CREATE ON mysqltest.* FROM 1234567890abcdefGHIKL1234567890abcdefGHIKL@localhost;

--error ER_WRONG_STRING_LENGTH
REVOKE CREATE ON mysqltest.* FROM some_user_name@host_1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890X;

# Working with table-level privileges.

--error ER_WRONG_STRING_LENGTH
GRANT CREATE ON t1 TO 1234567890abcdefGHIKL1234567890abcdefGHIKL@localhost;

--error ER_WRONG_STRING_LENGTH
GRANT CREATE ON t1 TO some_user_name@host_1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890X;

--error ER_WRONG_STRING_LENGTH
REVOKE CREATE ON t1 FROM 1234567890abcdefGHIKL1234567890abcdefGHIKL@localhost;

--error ER_WRONG_STRING_LENGTH
REVOKE CREATE ON t1 FROM some_user_name@host_1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890X;

# Working with routine-level privileges.

--error ER_WRONG_STRING_LENGTH
GRANT EXECUTE ON PROCEDURE p1 TO 1234567890abcdefGHIKL1234567890abcdefGHIKL@localhost;

--error ER_WRONG_STRING_LENGTH
GRANT EXECUTE ON PROCEDURE p1 TO some_user_name@host_1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890X;

--error ER_WRONG_STRING_LENGTH
REVOKE EXECUTE ON PROCEDURE p1 FROM 1234567890abcdefGHIKL1234567890abcdefGHIKL@localhost;

--error ER_WRONG_STRING_LENGTH
REVOKE EXECUTE ON PROCEDURE t1 FROM some_user_name@host_1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890X;


#
# Bug#23556 TRUNCATE TABLE still maps to DELETE
#
CREATE USER bug23556@localhost;
CREATE DATABASE bug23556;
GRANT SELECT ON bug23556.* TO bug23556@localhost;
connect (bug23556,localhost,bug23556,,bug23556);

connection default;
USE bug23556;
CREATE TABLE t1 (a INT PRIMARY KEY); INSERT INTO t1 VALUES (1),(2),(3),(4),(5);
GRANT DELETE ON t1 TO bug23556@localhost;

connection bug23556;
USE bug23556;
--error ER_TABLEACCESS_DENIED_ERROR
TRUNCATE t1;

connection default;
USE bug23556;
REVOKE DELETE ON t1 FROM bug23556@localhost;
GRANT DROP ON t1 TO bug23556@localhost;

connection bug23556;
USE bug23556;
TRUNCATE t1;

connection default;
USE bug23556;
DROP TABLE t1;
USE test;
DROP DATABASE bug23556;
DROP USER bug23556@localhost;
connection default;
disconnect bug23556;


#
# Bug#6774 Replication fails with Wrong usage of DB GRANT and GLOBAL PRIVILEGES
#
# Check if GRANT ... ON * ... fails when no database is selected
connect (con1, localhost, root,,*NO-ONE*);
connection con1;
--error ER_NO_DB_ERROR
GRANT PROCESS ON * TO user@localhost;
disconnect con1;
connection default;


#
# Bug#9504 Stored procedures: execute privilege doesn't make 'use database'
# okay.
#

# Prepare.

CREATE DATABASE mysqltest1;
CREATE DATABASE mysqltest2;
CREATE DATABASE mysqltest3;
CREATE DATABASE mysqltest4;

CREATE PROCEDURE mysqltest1.p_def() SQL SECURITY DEFINER
  SELECT 1;

CREATE PROCEDURE mysqltest2.p_inv() SQL SECURITY INVOKER
  SELECT 1;

CREATE FUNCTION mysqltest3.f_def() RETURNS INT SQL SECURITY DEFINER
  RETURN 1;

CREATE FUNCTION mysqltest4.f_inv() RETURNS INT SQL SECURITY INVOKER
  RETURN 1;

CREATE USER mysqltest_1@localhost;
GRANT EXECUTE ON PROCEDURE mysqltest1.p_def TO mysqltest_1@localhost;
GRANT EXECUTE ON PROCEDURE mysqltest2.p_inv TO mysqltest_1@localhost;
GRANT EXECUTE ON FUNCTION mysqltest3.f_def TO mysqltest_1@localhost;
GRANT EXECUTE ON FUNCTION mysqltest4.f_inv TO mysqltest_1@localhost;

GRANT ALL PRIVILEGES ON test.* TO mysqltest_1@localhost;

# Test.

--connect (bug9504_con1,localhost,mysqltest_1,,)
--echo
--echo ---> connection: bug9504_con1

# - Check that we can switch to the db;

use mysqltest1;

use mysqltest2;

use mysqltest3;

use mysqltest4;

# - Check that we can call stored routines;

use test;

CALL mysqltest1.p_def();

CALL mysqltest2.p_inv();

SELECT mysqltest3.f_def();

SELECT mysqltest4.f_inv();

# Cleanup.

--connection default
--echo
--echo ---> connection: default

--disconnect bug9504_con1

DROP DATABASE mysqltest1;
DROP DATABASE mysqltest2;
DROP DATABASE mysqltest3;
DROP DATABASE mysqltest4;

DROP USER mysqltest_1@localhost;


#
# Bug#27337 Privileges are not restored properly.
#
# Actually, the patch for this bugs fixes two problems. So, here are two test
# cases.

# Test case 1: privileges are not restored properly after calling a stored
# routine defined with SQL SECURITY INVOKER clause.

# Prepare.

CREATE DATABASE mysqltest1;
CREATE DATABASE mysqltest2;

CREATE USER mysqltest_1@localhost;
GRANT ALL PRIVILEGES ON mysqltest1.* TO mysqltest_1@localhost;
GRANT SELECT ON mysqltest2.* TO mysqltest_1@localhost;

CREATE PROCEDURE mysqltest1.p1() SQL SECURITY INVOKER
  SELECT 1;

# Test.

--connect (bug27337_con1,localhost,mysqltest_1,,mysqltest2)
--echo
--echo ---> connection: bug27337_con1

--error ER_TABLEACCESS_DENIED_ERROR
CREATE TABLE t1(c INT);

CALL mysqltest1.p1();

--error ER_TABLEACCESS_DENIED_ERROR
CREATE TABLE t1(c INT);

--disconnect bug27337_con1

--connect (bug27337_con2,localhost,mysqltest_1,,mysqltest2)
--echo
--echo ---> connection: bug27337_con2

--error ER_TABLEACCESS_DENIED_ERROR
CREATE TABLE t1(c INT);

SHOW TABLES;

# Cleanup.

--connection default
--echo
--echo ---> connection: default

--disconnect bug27337_con2

DROP DATABASE mysqltest1;
DROP DATABASE mysqltest2;

DROP USER mysqltest_1@localhost;

# Test case 2: privileges are not checked properly for prepared statements.

# Prepare.

CREATE DATABASE mysqltest1;
CREATE DATABASE mysqltest2;

CREATE TABLE mysqltest1.t1(c INT);
CREATE TABLE mysqltest2.t2(c INT);

CREATE USER mysqltest_1@localhost, mysqltest_2@localhost;
GRANT SELECT ON mysqltest1.t1 TO mysqltest_1@localhost;
GRANT SELECT ON mysqltest2.t2 TO mysqltest_2@localhost;

# Test.

--connect (bug27337_con1,localhost,mysqltest_1,,mysqltest1)
--echo
--echo ---> connection: bug27337_con1

SHOW TABLES FROM mysqltest1;

PREPARE stmt1 FROM 'SHOW TABLES FROM mysqltest1';

EXECUTE stmt1;

--connect (bug27337_con2,localhost,mysqltest_2,,mysqltest2)
--echo
--echo ---> connection: bug27337_con2

SHOW COLUMNS FROM mysqltest2.t2;

PREPARE stmt2 FROM 'SHOW COLUMNS FROM mysqltest2.t2';

EXECUTE stmt2;

--connection default
--echo
--echo ---> connection: default

REVOKE SELECT ON mysqltest1.t1 FROM mysqltest_1@localhost;
REVOKE SELECT ON mysqltest2.t2 FROM mysqltest_2@localhost;

--connection bug27337_con1
--echo
--echo ---> connection: bug27337_con1

--error ER_DBACCESS_DENIED_ERROR
SHOW TABLES FROM mysqltest1;

--error ER_DBACCESS_DENIED_ERROR
EXECUTE stmt1;

--connection bug27337_con2
--echo
--echo ---> connection: bug27337_con2

--error ER_TABLEACCESS_DENIED_ERROR
SHOW COLUMNS FROM mysqltest2.t2;

--error ER_TABLEACCESS_DENIED_ERROR
EXECUTE stmt2;

# Cleanup.

--connection default
--echo
--echo ---> connection: default

--disconnect bug27337_con1
--disconnect bug27337_con2

DROP DATABASE mysqltest1;
DROP DATABASE mysqltest2;

DROP USER mysqltest_1@localhost;
DROP USER mysqltest_2@localhost;

#
# Bug#27878 Unchecked privileges on a view referring to a table from another
#           database.
#
USE test;
CREATE TABLE t1 (f1 int, f2 int);
INSERT INTO t1 VALUES(1,1), (2,2);
CREATE DATABASE db27878;
CREATE USER 'mysqltest_1'@'localhost';
GRANT UPDATE(f1) ON t1 TO 'mysqltest_1'@'localhost';
GRANT SELECT ON `test`.* TO 'mysqltest_1'@'localhost';
GRANT ALL ON db27878.* TO 'mysqltest_1'@'localhost';
USE db27878;
CREATE SQL SECURITY INVOKER VIEW db27878.v1 AS SELECT * FROM test.t1;
connect (user1,localhost,mysqltest_1,,test);
connection user1;
USE db27878;
SET sql_mode = 'NO_ENGINE_SUBSTITUTION';
--error 1356
UPDATE v1 SET f2 = 4;
SET sql_mode = default;
SELECT * FROM test.t1;
disconnect user1;
connection default;
REVOKE UPDATE (f1) ON `test`.`t1` FROM 'mysqltest_1'@'localhost';
REVOKE SELECT ON `test`.* FROM 'mysqltest_1'@'localhost';
REVOKE ALL ON db27878.* FROM 'mysqltest_1'@'localhost';
DROP USER mysqltest_1@localhost;
DROP DATABASE db27878;
USE test;
DROP TABLE t1;

--echo #
--echo #  Bug#33275 Server crash when creating temporary table mysql.user
--echo #
CREATE TEMPORARY TABLE mysql.user (id INT);
FLUSH PRIVILEGES;
DROP TABLE mysql.user;


#
# Bug#33201 Crash occurs when granting update privilege on one column of a view
#
drop table if exists test;
drop function if exists test_function;
drop view if exists v1;
create table test (col1 varchar(30));
delimiter |;
create function test_function() returns varchar(30)
begin
        declare tmp varchar(30);
        select col1 from test limit 1 into tmp;
        return '1';
end|
delimiter ;|
create view v1 as select test.* from test where test.col1=test_function();
create user 'greg'@'localhost';
grant update (col1) on v1 to 'greg'@'localhost';
drop user 'greg'@'localhost';
drop view v1;
drop table test;
drop function test_function;

#
# Bug#41456 SET PASSWORD hates CURRENT_USER()
#
SELECT CURRENT_USER();
SET PASSWORD FOR CURRENT_USER() = "admin";
SET PASSWORD FOR CURRENT_USER() = "";

#
# Bug#57952: privilege change is not taken into account by EXECUTE.
#

--echo
--echo # Bug#57952
--echo

CREATE DATABASE mysqltest1;
CREATE DATABASE mysqltest2;

use mysqltest1;
CREATE TABLE t1(a INT, b INT);
INSERT INTO t1 VALUES (1, 1);

CREATE TABLE t2(a INT);
INSERT INTO t2 VALUES (2);

CREATE TABLE mysqltest2.t3(a INT);
INSERT INTO mysqltest2.t3 VALUES (4);

CREATE USER testuser@localhost;
GRANT CREATE ROUTINE, EXECUTE ON mysqltest1.* TO testuser@localhost;
GRANT SELECT(b) ON t1 TO testuser@localhost;
GRANT SELECT    ON t2 TO testuser@localhost;
GRANT SELECT    ON mysqltest2.* TO testuser@localhost;

--echo
--echo # Connection: bug57952_con1 (testuser@localhost, db: mysqltest1)
--connect (bug57952_con1,localhost,testuser,,mysqltest1)
PREPARE s1 FROM 'SELECT b FROM t1';
PREPARE s2 FROM 'SELECT a FROM t2';
PREPARE s3 FROM 'SHOW TABLES FROM mysqltest2';

CREATE PROCEDURE p1() SELECT b FROM t1;
CREATE PROCEDURE p2() SELECT a FROM t2;
CREATE PROCEDURE p3() SHOW TABLES FROM mysqltest2;

CALL p1;
CALL p2;
CALL p3;

--echo
--echo # Connection: default
--connection default
REVOKE SELECT ON t1 FROM testuser@localhost;
GRANT SELECT(a) ON t1 TO testuser@localhost;
REVOKE SELECT ON t2 FROM testuser@localhost;
REVOKE SELECT ON mysqltest2.* FROM testuser@localhost;

--echo
--echo # Connection: bug57952_con1 (testuser@localhost, db: mysqltest1)
--connection bug57952_con1
--echo #   - Check column-level privileges...
--error ER_COLUMNACCESS_DENIED_ERROR
EXECUTE s1;

--error ER_COLUMNACCESS_DENIED_ERROR
SELECT b FROM t1;
--error ER_COLUMNACCESS_DENIED_ERROR
SELECT SUM(b) OVER () FROM t1;

--error ER_COLUMNACCESS_DENIED_ERROR
EXECUTE s1;

--error ER_COLUMNACCESS_DENIED_ERROR
CALL p1;

--echo #   - Check table-level privileges...
--error ER_TABLEACCESS_DENIED_ERROR
SELECT a FROM t2;

--error ER_TABLEACCESS_DENIED_ERROR
EXECUTE s2;

--error ER_TABLEACCESS_DENIED_ERROR
CALL p2;

--echo #   - Check database-level privileges...
--error ER_DBACCESS_DENIED_ERROR
SHOW TABLES FROM mysqltest2;

--error ER_DBACCESS_DENIED_ERROR
EXECUTE s3;

--error ER_DBACCESS_DENIED_ERROR
CALL p3;

--echo
--echo # Connection: default
--connection default
--disconnect bug57952_con1
DROP DATABASE mysqltest1;
DROP DATABASE mysqltest2;
DROP USER testuser@localhost;
use test;
--echo


--echo #
--echo # Test for bug #36544 "DROP USER does not remove stored function
--echo #                      privileges".
--echo #
create database mysqltest1;
create function mysqltest1.f1() returns int return 0;
create procedure mysqltest1.p1() begin end;
--echo #
--echo # 1) Check that DROP USER properly removes privileges on both
--echo #    stored procedures and functions.
--echo #
create user mysqluser1@localhost;
grant execute on function mysqltest1.f1 to mysqluser1@localhost;
grant execute on procedure mysqltest1.p1 to mysqluser1@localhost;

--echo # Quick test that granted privileges are properly reflected
--echo # in privilege tables and in in-memory structures.
show grants for mysqluser1@localhost;
select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser1' and host='localhost';
--echo #
--echo # Create connection 'bug_36544_con1' as 'mysqluser1@localhost'.
--connect (bug36544_con1,localhost,mysqluser1,,)
call mysqltest1.p1();
select mysqltest1.f1();

--echo #
--echo # Switch to connection 'default'.
--connection default
drop user mysqluser1@localhost;

--echo #
--echo # Test that dropping of user is properly reflected in
--echo # both privilege tables and in in-memory structures.
--echo #
--echo # Switch to connection 'bug36544_con1'.
--connection bug36544_con1
--echo # The connection cold be alive but should not be able to
--echo # access to any of the stored routines.
--error ER_PROCACCESS_DENIED_ERROR
call mysqltest1.p1();
--error ER_PROCACCESS_DENIED_ERROR
select mysqltest1.f1();
--disconnect bug36544_con1

--echo #
--echo # Switch to connection 'default'.
--connection default
--echo #
--echo # Now create user with the same name and check that he
--echo # has not inherited privileges.
create user mysqluser1@localhost;
show grants for mysqluser1@localhost;
select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser1' and host='localhost';
--echo #
--echo # Create connection 'bug_36544_con2' as 'mysqluser1@localhost'.
--connect (bug36544_con2,localhost,mysqluser1,,)
--echo # Newly created user should not be able to access any of the routines.
--error ER_PROCACCESS_DENIED_ERROR
call mysqltest1.p1();
--error ER_PROCACCESS_DENIED_ERROR
select mysqltest1.f1();
--echo #
--echo # Switch to connection 'default'.
--connection default

--echo #
--echo # 2) Check that RENAME USER properly updates privileges on both
--echo #    stored procedures and functions.
--echo #
grant execute on function mysqltest1.f1 to mysqluser1@localhost;
grant execute on procedure mysqltest1.p1 to mysqluser1@localhost;
--echo #
--echo # Create one more user to make in-memory hashes non-trivial.
--echo # User names 'mysqluser11' and 'mysqluser10' were selected
--echo # to trigger bug discovered during code inspection.
create user mysqluser11@localhost;
grant execute on function mysqltest1.f1 to mysqluser11@localhost;
grant execute on procedure mysqltest1.p1 to mysqluser11@localhost;
--echo # Also create a couple of tables to test for another bug
--echo # discovered during code inspection (again table names were
--echo # chosen especially to trigger the bug).
create table mysqltest1.t11 (i int);
create table mysqltest1.t22 (i int);
grant select on mysqltest1.t22 to mysqluser1@localhost;
grant select on mysqltest1.t11 to mysqluser1@localhost;

--echo # Quick test that granted privileges are properly reflected
--echo # in privilege tables and in in-memory structures.
show grants for mysqluser1@localhost;
select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser1' and host='localhost';
select db, table_name, table_priv from mysql.tables_priv where user='mysqluser1' and host='localhost';
--echo #
--echo # Switch to connection 'bug36544_con2'.
--connection bug36544_con2
call mysqltest1.p1();
select mysqltest1.f1();
select * from mysqltest1.t11;
select * from mysqltest1.t22;

--echo #
--echo # Switch to connection 'default'.
--connection default
rename user mysqluser1@localhost to mysqluser10@localhost;

--echo #
--echo # Test that there are no privileges left for mysqluser1.
--echo #
--echo # Switch to connection 'bug36544_con2'.
--connection bug36544_con2
--echo # The connection cold be alive but should not be able to
--echo # access to any of the stored routines or tables.
--error ER_PROCACCESS_DENIED_ERROR
call mysqltest1.p1();
--error ER_PROCACCESS_DENIED_ERROR
select mysqltest1.f1();
--error ER_TABLEACCESS_DENIED_ERROR
select * from mysqltest1.t11;
--error ER_TABLEACCESS_DENIED_ERROR
select * from mysqltest1.t22;
--disconnect bug36544_con2

--echo #
--echo # Switch to connection 'default'.
--connection default
--echo #
--echo # Now create user with the old name and check that he
--echo # has not inherited privileges.
create user mysqluser1@localhost;
show grants for mysqluser1@localhost;
select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser1' and host='localhost';
select db, table_name, table_priv from mysql.tables_priv where user='mysqluser1' and host='localhost';
--echo #
--echo # Create connection 'bug_36544_con3' as 'mysqluser1@localhost'.
--connect (bug36544_con3,localhost,mysqluser1,,)
--echo # Newly created user should not be able to access to any of the
--echo # stored routines or tables.
--error ER_PROCACCESS_DENIED_ERROR
call mysqltest1.p1();
--error ER_PROCACCESS_DENIED_ERROR
select mysqltest1.f1();
--error ER_TABLEACCESS_DENIED_ERROR
select * from mysqltest1.t11;
--error ER_TABLEACCESS_DENIED_ERROR
select * from mysqltest1.t22;
--disconnect bug36544_con3

--echo #
--echo # Switch to connection 'default'.
--connection default
--echo #
--echo # Now check that privileges became associated with a new user
--echo # name - mysqluser10.
--echo #
show grants for mysqluser10@localhost;
select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser10' and host='localhost';
select db, table_name, table_priv from mysql.tables_priv where user='mysqluser10' and host='localhost';
--echo #
--echo # Create connection 'bug_36544_con4' as 'mysqluser10@localhost'.
--connect (bug36544_con4,localhost,mysqluser10,,)
call mysqltest1.p1();
select mysqltest1.f1();
select * from mysqltest1.t11;
select * from mysqltest1.t22;
--disconnect bug36544_con4

--echo #
--echo # Switch to connection 'default'.
--connection default
--echo #
--echo # Clean-up.
drop user mysqluser1@localhost;
drop user mysqluser10@localhost;
drop user mysqluser11@localhost;
drop database mysqltest1;


--echo End of 5.0 tests

#
# Bug#21432 Database/Table name limited to 64 bytes, not chars, problems with multi-byte
#
--character_set utf8
set names utf8;
create user юзер_юзер@localhost;
grant select on test.* to юзер_юзер@localhost;
--execw $MYSQL --default-character-set=utf8 --user=юзер_юзер -e "select user()"
revoke all on test.* from юзер_юзер@localhost;
drop user юзер_юзер@localhost;
--error ER_WRONG_STRING_LENGTH
grant select on test.* to очень_длинный_юзер_very_long_user@localhost;
set names default;

#
# Bug#20901 CREATE privilege is enough to insert into a table
#

create database mysqltest;
use mysqltest;

create user mysqltest@localhost;
grant create on mysqltest.* to mysqltest@localhost;
create table t1 (i INT);

connect (user1,localhost,mysqltest,,mysqltest);
connection user1;
# show we don't have INSERT
--error ER_TABLEACCESS_DENIED_ERROR
insert into t1 values (1);
# show we have CREATE
create table t2 (i INT);
create table t4 (i INT);

connection default;
grant select, insert on mysqltest.t2 to mysqltest@localhost;
grant         insert on mysqltest.t4 to mysqltest@localhost;
# to specify ACLs for non-existent objects, must explictly |CREATE
grant create, insert on mysqltest.t5 to mysqltest@localhost;
grant create, insert on mysqltest.t6 to mysqltest@localhost;
flush privileges;

connection user1;
insert into t2 values (1);


# CREATE IF NOT EXISTS...SELECT, t1 exists, no INSERT, must fail
--error ER_TABLEACCESS_DENIED_ERROR
create table if not exists t1 select * from t2;

# CREATE IF NOT EXISTS...SELECT, no t3 yet, no INSERT, must fail
--error ER_TABLEACCESS_DENIED_ERROR
create table if not exists t3 select * from t2;

# CREATE IF NOT EXISTS...SELECT, t4 exists, have INSERT, must succeed
create table if not exists t4 select * from t2;

# CREATE IF NOT EXISTS...SELECT, no t5 yet, have INSERT, must succeed
create table if not exists t5 select * from t2;


# CREATE...SELECT, no t6 yet, have INSERT, must succeed
create table t6 select * from t2;

# CREATE...SELECT, no t7 yet, no INSERT, must fail
--error ER_TABLEACCESS_DENIED_ERROR
create table t7 select * from t2;

# CREATE...SELECT, t4 exists, have INSERT, must still fail (exists)
--error 1050
create table t4 select * from t2;

# CREATE...SELECT, t1 exists, no INSERT, must fail
--error ER_TABLEACCESS_DENIED_ERROR
create table t1 select * from t2;


connection default;
drop table t1,t2,t4,t5,t6;

revoke create         on mysqltest.*  from mysqltest@localhost;
revoke select, insert on mysqltest.t2 from mysqltest@localhost;
revoke insert         on mysqltest.t4 from mysqltest@localhost;
revoke create, insert on mysqltest.t5 from mysqltest@localhost;
revoke create, insert on mysqltest.t6 from mysqltest@localhost;
drop user mysqltest@localhost;

disconnect user1;
drop database mysqltest;
use test;


#
# Bug#16470 crash on grant if old grant tables
#

call mtr.add_suppression("Can't open and lock privilege tables");

--echo FLUSH PRIVILEGES without procs_priv table.
RENAME TABLE mysql.procs_priv TO mysql.procs_gone;
--error ER_NO_SUCH_TABLE
FLUSH PRIVILEGES;
--echo Assigning privileges without procs_priv table.
CREATE DATABASE mysqltest1;
CREATE PROCEDURE mysqltest1.test() SQL SECURITY DEFINER
  SELECT 1;
CREATE FUNCTION mysqltest1.test() RETURNS INT RETURN 1;
--error ER_NO_SUCH_TABLE
GRANT EXECUTE ON FUNCTION mysqltest1.test TO mysqltest_1@localhost;
--error ER_NO_SUCH_TABLE
GRANT ALL PRIVILEGES ON test.* TO mysqltest_1@localhost;
CALL mysqltest1.test();
DROP DATABASE mysqltest1;
RENAME TABLE mysql.procs_gone TO mysql.procs_priv;
FLUSH PRIVILEGES;


#
# Bug#33464 DROP FUNCTION caused a crash.
#
CREATE DATABASE dbbug33464;
CREATE USER 'userbug33464'@'localhost';

GRANT CREATE ROUTINE ON dbbug33464.* TO 'userbug33464'@'localhost';

--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
connect (connbug33464, localhost, userbug33464, , dbbug33464);
--source suite/funcs_1/include/show_connection.inc

delimiter //;
CREATE PROCEDURE sp3(v1 char(20))
BEGIN
   SELECT * from dbbug33464.t6 where t6.f2= 'xyz';
END//
delimiter ;//

delimiter //;
CREATE FUNCTION fn1() returns char(50) SQL SECURITY INVOKER
BEGIN
   return 1;
END//
delimiter ;//

delimiter //;
CREATE FUNCTION fn2() returns char(50) SQL SECURITY DEFINER
BEGIN
   return 2;
END//
delimiter ;//

disconnect connbug33464;

# cleanup
connection default;
USE dbbug33464;
--source suite/funcs_1/include/show_connection.inc

SELECT fn1();
SELECT fn2();

--error 0, ER_CANNOT_USER
DROP USER 'userbug33464'@'localhost';

DROP FUNCTION fn1;
DROP FUNCTION fn2;
DROP PROCEDURE sp3;

--error 0, ER_CANNOT_USER
DROP USER 'userbug33464'@'localhost';

USE test;
DROP DATABASE dbbug33464;


SET @@global.log_bin_trust_function_creators= @old_log_bin_trust_function_creators;

#
# Bug#44658 Create procedure makes server crash when user does not have ALL privilege
#
CREATE USER user1@localhost;
CREATE USER user2;
GRANT CREATE ON db1.* TO 'user1'@'localhost';
GRANT CREATE ROUTINE ON db1.* TO 'user1'@'localhost';
GRANT CREATE ON db1.* TO 'user2'@'%';
GRANT CREATE ROUTINE ON db1.* TO 'user2'@'%';
FLUSH PRIVILEGES;
SHOW GRANTS FOR 'user1'@'localhost';
connect (con1,localhost,user1,,);
--echo ** Connect as user1 and create a procedure.
--echo ** The creation will imply implicitly assigned
--echo ** EXECUTE and ALTER ROUTINE privileges to
--echo ** the current user user1@localhost. 
SELECT @@GLOBAL.sql_mode;
SELECT @@SESSION.sql_mode;
CREATE DATABASE db1;
DELIMITER ||;
CREATE PROCEDURE db1.proc1(p1 INT)
 BEGIN
 SET @x = 0;
 REPEAT SET @x = @x + 1; UNTIL @x > p1 END REPEAT;
 END ;||
DELIMITER ;||

connect (con2,localhost,user2,,);
--echo ** Connect as user2 and create a procedure.
--echo ** Implicitly assignment of privileges will
--echo ** fail because the user2@localhost is an
--echo ** unknown user.
DELIMITER ||;
CREATE PROCEDURE db1.proc2(p1 INT)
 BEGIN
 SET @x = 0;
 REPEAT SET @x = @x + 1; UNTIL @x > p1 END REPEAT;
 END ;||
DELIMITER ;||

connection default;
SHOW GRANTS FOR 'user1'@'localhost';
SHOW GRANTS FOR 'user2';
disconnect con1;
disconnect con2;
DROP PROCEDURE db1.proc1;
DROP PROCEDURE db1.proc2;
REVOKE ALL ON db1.* FROM 'user1'@'localhost';
REVOKE ALL ON db1.* FROM 'user2'@'%';
DROP USER 'user1'@'localhost';
DROP USER 'user2';
DROP DATABASE db1;


--echo #
--echo # Bug #25863 No database selected error, but documentation 
--echo #            says * for global allowed
--echo #

connect(conn1,localhost,root,,*NO-ONE*);

--error ER_NO_DB_ERROR
GRANT ALL ON * TO mysqltest_1;

CREATE USER mysqltest_1;
GRANT ALL ON *.* TO mysqltest_1;
SHOW GRANTS FOR mysqltest_1;
DROP USER mysqltest_1;

USE test;

CREATE USER mysqltest_1;
GRANT ALL ON * TO mysqltest_1;
SHOW GRANTS FOR mysqltest_1;
DROP USER mysqltest_1;

CREATE USER mysqltest_1;
GRANT ALL ON *.* TO mysqltest_1;
SHOW GRANTS FOR mysqltest_1;
DROP USER mysqltest_1;

connection default;
disconnect conn1;


#
# Bug #53371: COM_FIELD_LIST can be abused to bypass table level grants.
#

CREATE DATABASE db1;
CREATE DATABASE db2;
CREATE USER 'testbug'@localhost;
GRANT SELECT ON db1.* to 'testbug'@localhost;
USE db2;
CREATE TABLE t1 (a INT);
USE test;
connect (con1,localhost,testbug,,db1);
--error ER_NO_SUCH_TABLE
SELECT * FROM `../db2/tb2`;
--error ER_TABLEACCESS_DENIED_ERROR
SELECT * FROM `../db2`.tb2;
--error ER_NO_SUCH_TABLE
SELECT * FROM `#mysql50#/../db2/tb2`;
connection default;
disconnect con1;
DROP USER 'testbug'@localhost;
DROP TABLE db2.t1;
DROP DATABASE db1;
DROP DATABASE db2;

--echo #
--echo # Bug #36742
--echo #
create user myuser@Localhost identified by 'foo';
grant usage on Foo.* to myuser@Localhost;
grant select on Foo.* to myuser@localhost;
select host,user from mysql.user where User='myuser';
revoke select on Foo.* from myuser@localhost;
delete from mysql.user where User='myuser';
flush privileges;

--echo #########################################################################
--echo #
--echo # Bug#38347: ALTER ROUTINE privilege allows SHOW CREATE TABLE.
--echo #
--echo #########################################################################

--echo
--echo # --
--echo # -- Prepare the environment.
--echo # --

DELETE FROM mysql.user WHERE User LIKE 'mysqltest_%';
DELETE FROM mysql.db WHERE User LIKE 'mysqltest_%';
DELETE FROM mysql.tables_priv WHERE User LIKE 'mysqltest_%';
DELETE FROM mysql.columns_priv WHERE User LIKE 'mysqltest_%';
FLUSH PRIVILEGES;

CREATE DATABASE mysqltest_db1;

CREATE TABLE mysqltest_db1.t1(a INT);

--echo
--echo # --
--echo # -- Check that following privileges don't allow SHOW CREATE TABLE.
--echo # --
CREATE USER mysqltest_u1@localhost;
GRANT EVENT                   ON mysqltest_db1.* TO mysqltest_u1@localhost;
GRANT CREATE TEMPORARY TABLES ON mysqltest_db1.* TO mysqltest_u1@localhost;
GRANT LOCK TABLES             ON mysqltest_db1.* TO mysqltest_u1@localhost;
GRANT ALTER ROUTINE           ON mysqltest_db1.* TO mysqltest_u1@localhost;
GRANT CREATE ROUTINE          ON mysqltest_db1.* TO mysqltest_u1@localhost;
GRANT EXECUTE                 ON mysqltest_db1.* TO mysqltest_u1@localhost;
GRANT GRANT OPTION            ON mysqltest_db1.* TO mysqltest_u1@localhost;
GRANT GRANT OPTION            ON mysqltest_db1.t1 TO mysqltest_u1@localhost;

GRANT FILE                    ON *.* TO mysqltest_u1@localhost;
GRANT CREATE USER             ON *.* TO mysqltest_u1@localhost;
GRANT PROCESS                 ON *.* TO mysqltest_u1@localhost;
GRANT RELOAD                  ON *.* TO mysqltest_u1@localhost;
GRANT REPLICATION CLIENT      ON *.* TO mysqltest_u1@localhost;
GRANT REPLICATION SLAVE       ON *.* TO mysqltest_u1@localhost;
GRANT SHOW DATABASES          ON *.* TO mysqltest_u1@localhost;
GRANT SHUTDOWN                ON *.* TO mysqltest_u1@localhost;
GRANT USAGE                   ON *.* TO mysqltest_u1@localhost;

--echo
SHOW GRANTS FOR mysqltest_u1@localhost;

--echo
--echo # connection: con1 (mysqltest_u1@mysqltest_db1)
--connect (con1,localhost,mysqltest_u1,,mysqltest_db1)
--connection con1

--echo
--error ER_TABLEACCESS_DENIED_ERROR
SHOW CREATE TABLE t1;

--echo
--echo # connection: default
--connection default

--disconnect con1

--echo
REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;

--echo
--echo # -- 
--echo # -- Check that DB-level SELECT allows SHOW CREATE TABLE.
--echo # -- 

--echo
GRANT SELECT ON mysqltest_db1.* TO mysqltest_u1@localhost;

--source include/bug38347.inc

--echo
--echo # -- 
--echo # -- Check that DB-level INSERT allows SHOW CREATE TABLE.
--echo # -- 

--echo
GRANT INSERT ON mysqltest_db1.* TO mysqltest_u1@localhost;

--source include/bug38347.inc

--echo
--echo # -- 
--echo # -- Check that DB-level UPDATE allows SHOW CREATE TABLE.
--echo # -- 

--echo
GRANT UPDATE ON mysqltest_db1.* TO mysqltest_u1@localhost;

--source include/bug38347.inc

--echo
--echo # -- 
--echo # -- Check that DB-level DELETE allows SHOW CREATE TABLE.
--echo # -- 

--echo
GRANT DELETE ON mysqltest_db1.* TO mysqltest_u1@localhost;

--source include/bug38347.inc

--echo
--echo # -- 
--echo # -- Check that DB-level CREATE allows SHOW CREATE TABLE.
--echo # -- 

--echo
GRANT CREATE ON mysqltest_db1.* TO mysqltest_u1@localhost;

--source include/bug38347.inc

--echo
--echo # -- 
--echo # -- Check that DB-level DROP allows SHOW CREATE TABLE.
--echo # -- 

--echo
GRANT DROP ON mysqltest_db1.* TO mysqltest_u1@localhost;

--source include/bug38347.inc

--echo
--echo # -- 
--echo # -- Check that DB-level ALTER allows SHOW CREATE TABLE.
--echo # -- 

--echo
GRANT ALTER ON mysqltest_db1.* TO mysqltest_u1@localhost;

--source include/bug38347.inc

--echo
--echo # -- 
--echo # -- Check that DB-level INDEX allows SHOW CREATE TABLE.
--echo # -- 

--echo
GRANT INDEX ON mysqltest_db1.* TO mysqltest_u1@localhost;

--source include/bug38347.inc

--echo
--echo # -- 
--echo # -- Check that DB-level REFERENCES allows SHOW CREATE TABLE.
--echo # -- 

--echo
GRANT REFERENCES ON mysqltest_db1.* TO mysqltest_u1@localhost;

--source include/bug38347.inc

--echo
--echo # -- 
--echo # -- Check that DB-level CREATE VIEW allows SHOW CREATE TABLE.
--echo # -- 

--echo
GRANT CREATE VIEW ON mysqltest_db1.* TO mysqltest_u1@localhost;

--source include/bug38347.inc

--echo
--echo # -- 
--echo # -- Check that DB-level SHOW VIEW allows SHOW CREATE TABLE.
--echo # -- 

--echo
GRANT SHOW VIEW ON mysqltest_db1.* TO mysqltest_u1@localhost;

--source include/bug38347.inc

--echo
--echo # -- 
--echo # -- Check that table-level SELECT allows SHOW CREATE TABLE.
--echo # -- 

--echo
GRANT SELECT ON mysqltest_db1.t1 TO mysqltest_u1@localhost;

--source include/bug38347.inc

--echo
--echo # -- 
--echo # -- Check that table-level INSERT allows SHOW CREATE TABLE.
--echo # -- 

--echo
GRANT INSERT ON mysqltest_db1.t1 TO mysqltest_u1@localhost;

--source include/bug38347.inc

--echo
--echo # -- 
--echo # -- Check that table-level UPDATE allows SHOW CREATE TABLE.
--echo # -- 

--echo
GRANT UPDATE ON mysqltest_db1.t1 TO mysqltest_u1@localhost;

--source include/bug38347.inc

--echo
--echo # -- 
--echo # -- Check that table-level DELETE allows SHOW CREATE TABLE.
--echo # -- 

--echo
GRANT DELETE ON mysqltest_db1.t1 TO mysqltest_u1@localhost;

--source include/bug38347.inc

--echo
--echo # -- 
--echo # -- Check that table-level CREATE allows SHOW CREATE TABLE.
--echo # -- 

--echo
GRANT CREATE ON mysqltest_db1.t1 TO mysqltest_u1@localhost;

--source include/bug38347.inc

--echo
--echo # -- 
--echo # -- Check that table-level DROP allows SHOW CREATE TABLE.
--echo # -- 

--echo
GRANT DROP ON mysqltest_db1.t1 TO mysqltest_u1@localhost;

--source include/bug38347.inc

--echo
--echo # -- 
--echo # -- Check that table-level ALTER allows SHOW CREATE TABLE.
--echo # -- 

--echo
GRANT ALTER ON mysqltest_db1.t1 TO mysqltest_u1@localhost;

--source include/bug38347.inc

--echo
--echo # -- 
--echo # -- Check that table-level INDEX allows SHOW CREATE TABLE.
--echo # -- 

--echo
GRANT INDEX ON mysqltest_db1.t1 TO mysqltest_u1@localhost;

--source include/bug38347.inc

--echo
--echo # -- 
--echo # -- Check that table-level REFERENCES allows SHOW CREATE TABLE.
--echo # -- 

--echo
GRANT REFERENCES ON mysqltest_db1.t1 TO mysqltest_u1@localhost;

--source include/bug38347.inc

--echo
--echo # -- 
--echo # -- Check that table-level CREATE VIEW allows SHOW CREATE TABLE.
--echo # -- 

--echo
GRANT CREATE VIEW ON mysqltest_db1.t1 TO mysqltest_u1@localhost;

--source include/bug38347.inc

--echo
--echo # -- 
--echo # -- Check that table-level SHOW VIEW allows SHOW CREATE TABLE.
--echo # -- 

--echo
GRANT SHOW VIEW ON mysqltest_db1.t1 TO mysqltest_u1@localhost;

--source include/bug38347.inc

--echo
--echo # -- 
--echo # -- Cleanup.
--echo # -- 

--echo
DROP DATABASE mysqltest_db1;

DROP USER mysqltest_u1@localhost;

--echo
--echo # End of Bug#38347.
--echo


--echo #
--echo # BUG#11759114 - '51401: GRANT TREATS NONEXISTENT FUNCTIONS/PRIVILEGES
--echo #                 DIFFERENTLY'.
--echo #
create database mysqltest_db1;
create user mysqltest_u1;
--echo # Both GRANT statements below should fail with the same error.
--error ER_SP_DOES_NOT_EXIST
grant execute on function mysqltest_db1.f1 to mysqltest_u1;
--error ER_SP_DOES_NOT_EXIST
grant execute on procedure mysqltest_db1.p1 to mysqltest_u1;
--echo # Let us show that GRANT behaviour for routines is consistent
--echo # with GRANT behaviour for tables. Attempt to grant privilege
--echo # on non-existent table also results in an error.
--error ER_NO_SUCH_TABLE
grant select on mysqltest_db1.t1 to mysqltest_u1;
show grants for mysqltest_u1;
drop database mysqltest_db1;
drop user mysqltest_u1;


--echo #
--echo # Bug#11756966 - 48958: STORED PROCEDURES CAN BE LEVERAGED TO BYPASS
--echo #                DATABASE SECURITY
--echo #

CREATE DATABASE secret;
CREATE USER 'untrusted'@localhost;
GRANT USAGE ON *.* TO 'untrusted'@localhost;

--echo # Connection con1
connect (con1, localhost, untrusted);
SHOW GRANTS;
SHOW DATABASES;

--echo # Both statements below should fail with the same error.
--echo # They used to give different errors, thereby
--echo # hinting that the secret database exists.
--error ER_DBACCESS_DENIED_ERROR
CREATE PROCEDURE no_such_db.foo() BEGIN END;
--error ER_DBACCESS_DENIED_ERROR
CREATE PROCEDURE secret.peek_at_secret() BEGIN END;

--echo # Connection default
--connection default
disconnect con1;
DROP USER 'untrusted'@localhost;
DROP DATABASE secret;

--echo #
--echo # Bug#12766319 - 61865: RENAME USER DOES NOT WORK CORRECTLY - 
--echo #                       REQUIRES FLUSH PRIVILEGES
--echo #

CREATE USER foo@'127.0.0.1';
GRANT ALL ON *.* TO foo@'127.0.0.1';

--echo # First attempt, should connect successfully 
connect (conn1, '127.0.0.1', foo,,test); 
SELECT user(), current_user(); 

--echo # Rename the user
RENAME USER foo@'127.0.0.1' to foo@'127.0.0.0/255.0.0.0';

--echo # Second attempt, should connect successfully as its valid mask
--echo # This was failing without fix 
connect (conn2, '127.0.0.1', foo,,test); 
SELECT user(), current_user(); 

--echo # Rename the user back to original
RENAME USER foo@'127.0.0.0/255.0.0.0' to foo@'127.0.0.1';

--echo # Third attempt, should connect successfully 
connect (conn3, '127.0.0.1', foo,,test); 
SELECT user(), current_user(); 

--echo # Clean-up
connection default;
disconnect conn1;
disconnect conn2;
disconnect conn3;
DROP USER foo@'127.0.0.1'; 

--echo # End of Bug#12766319


--echo #
--echo # WL#7131: Add timestamp in mysql.user on the last time the
--echo #          password was changed and implement password rotation.
--echo #

SET @saved_value = @@global.default_password_lifetime;
SET GLOBAL default_password_lifetime = 2;
SHOW VARIABLES LIKE 'default_password_lifetime';

CREATE USER 'wl7131' IDENTIFIED BY 'wl7131';
--echo # This should report 1.
# The difference should be but less than a threshold (2 seconds).
SELECT (SELECT now()-(SELECT password_last_changed from mysql.user where user='wl7131')) <= 2;
# Update password_last_changed manually so that user
# is forced to use SET PASSWORD.
UPDATE mysql.user SET password_last_changed = (now() - INTERVAL 3 DAY) where user='wl7131';
FLUSH PRIVILEGES;
--echo # Attempt to execute query should fail
--error 1
--exec $MYSQL -uwl7131 -pwl7131 -e "EXIT" 2>&1

connect(con1,localhost,wl7131,wl7131,,);
--echo # Doing something should fail
--error 1820
SELECT 1;
--echo # Setting password should work
--disable_ps_protocol
ALTER USER wl7131 IDENTIFIED BY 'new_wl7131';
--enable_ps_protocol
--echo # Doing something should pass
SELECT 1;
disconnect con1;

--echo # Reconnecting with same user should pass now
connect(con1,localhost,wl7131,new_wl7131,,);
SELECT 1;
disconnect con1;

connection default;
DROP USER 'wl7131';

CREATE USER 'wl7131' IDENTIFIED BY 'wl7131';
--echo # Issue alter user and check the value of
--echo # password_lifetime column
ALTER USER 'wl7131' PASSWORD EXPIRE NEVER;
--echo # This should report 0
SELECT password_lifetime FROM mysql.user where user='wl7131';
UPDATE mysql.user SET password_last_changed = (now() - INTERVAL 5 DAY) where user='wl7131';
FLUSH PRIVILEGES;

--echo # This should pass as password is never expired.
--exec $MYSQL -uwl7131 -pwl7131 -e "EXIT" 2>&1

ALTER USER 'wl7131' PASSWORD EXPIRE DEFAULT;
--echo # This should report NULL
SELECT password_lifetime FROM mysql.user where user='wl7131';

--echo # This should not pass as default_password_lifetime
--echo # (which is 2 now) is being used.
--error 1
--exec $MYSQL -uwl7131 -pwl7131 -e "EXIT" 2>&1

SET GLOBAL default_password_lifetime = 0;

ALTER USER 'wl7131' PASSWORD EXPIRE INTERVAL 4 DAY;
--echo # Should report 4
SELECT password_lifetime FROM mysql.user where user='wl7131';
--echo # This should not pass.
--error 1
--exec $MYSQL -uwl7131 -pwl7131 -e "EXIT" 2>&1

SET GLOBAL default_password_lifetime = @saved_value;

ALTER USER 'wl7131' PASSWORD EXPIRE INTERVAL 6 DAY;
--echo # Should report 6
select password_lifetime from mysql.user where user='wl7131';
--echo # This should pass.
--exec $MYSQL -uwl7131 -pwl7131 -e "EXIT" 2>&1
DROP USER 'wl7131';

CREATE USER 'wl7131';
let $password_change_time_1=`SELECT password_last_changed FROM mysql.user where user='wl7131'`;
--echo # This should not report NULL
--replace_regex /[0-9]*-[0-9]*-[0-9]* [0-9]*:[0-9]*:[0-9]*/DTVALUE/
--disable_query_log ONCE
--eval SELECT '$password_change_time_1' IS NOT NULL
--sleep 1
ALTER USER 'wl7131' REQUIRE SSL;
let $password_change_time_2=`SELECT password_last_changed FROM mysql.user where user='wl7131'`;
--echo # This should report 0 as it must have the same value as above
--replace_regex /[0-9]*-[0-9]*-[0-9]* [0-9]*:[0-9]*:[0-9]*/DTVALUE/
--disable_query_log ONCE
--eval SELECT TIMESTAMPDIFF(SECOND,'$password_change_time_1','$password_change_time_2') <> 0

--echo # Should report errors
--error 1064
ALTER USER 'wl7131' PASSWORD EXPIRE INTERVAL -2 DAY;
--error 1525
ALTER USER 'wl7131' PASSWORD EXPIRE INTERVAL 0 DAY;
--error 1525
ALTER USER 'wl7131' PASSWORD EXPIRE INTERVAL 65536 DAY;

--echo # Setting an empty password. It should update the timestamp column.
ALTER USER 'wl7131' IDENTIFIED BY '';
--echo # This should report 1.
# The difference should be but less than a threshold (2 seconds).
SELECT (SELECT now()-(SELECT password_last_changed from mysql.user where user='wl7131')) <= 2;
DROP USER 'wl7131';

CREATE USER 'wl7131'@'localhost' IDENTIFIED BY 'wl7131';

--echo # Must report 1
SELECT (SELECT password_last_changed FROM mysql.user where user='wl7131') IS NOT NULL;

DROP USER 'wl7131'@'localhost';

--disable_query_log
--eval UPDATE mysql.user SET password_last_changed= '$date_to_restore_root'
--eval UPDATE mysql.user SET password_last_changed= '$date_to_restore_sys' WHERE USER= 'mysql.sys'
--eval UPDATE mysql.user SET password_last_changed= '$date_to_restore_session_user' WHERE USER= 'mysql.session'
--eval UPDATE mysql.user SET password_last_changed= '$date_to_restore_inf_schema_user' WHERE USER= 'mysql.infoschema'
--enable_query_log
--echo # mysql.user table restored to original values.

set GLOBAL sql_mode= @orig_sql_mode_global;
set SESSION sql_mode= @orig_sql_mode_session;

# Wait till we reached the initial number of concurrent sessions
--source include/wait_until_count_sessions.inc

--echo #
--echo # WL#2284: Increase the length of a user name
--echo #

CREATE TABLE t1 (
  int_field INTEGER UNSIGNED NOT NULL,
  char_field CHAR(10),
  INDEX(`int_field`)
);

CREATE PROCEDURE p1() SELECT b FROM t1;

CREATE USER user_name_len_16@localhost;
CREATE USER user_name_len_22_01234@localhost;
CREATE USER user_name_len_32_012345678901234@localhost;

--error ER_WRONG_STRING_LENGTH
CREATE USER user_name_len_33_0123456789012345@localhost;

--error ER_WRONG_STRING_LENGTH
CREATE USER user_name_len_40_01234567890123456789012@localhost;

# Working with database-level privileges.

GRANT CREATE ON mysqltest.* TO user_name_len_16@localhost;
GRANT CREATE ON mysqltest.* TO user_name_len_22_01234@localhost;
GRANT CREATE ON mysqltest.* TO user_name_len_32_012345678901234@localhost;

--error ER_WRONG_STRING_LENGTH
GRANT CREATE ON mysqltest.* TO user_name_len_33_0123456789012345@localhost;

--error ER_WRONG_STRING_LENGTH
GRANT CREATE ON mysqltest.* TO user_name_len_40_01234567890123456789012@localhost;

REVOKE CREATE ON mysqltest.* FROM user_name_len_16@localhost;
REVOKE CREATE ON mysqltest.* FROM user_name_len_22_01234@localhost;
REVOKE CREATE ON mysqltest.* FROM user_name_len_32_012345678901234@localhost;

--error ER_WRONG_STRING_LENGTH
REVOKE CREATE ON mysqltest.* FROM user_name_len_33_0123456789012345@localhost;

--error ER_WRONG_STRING_LENGTH
REVOKE CREATE ON mysqltest.* FROM user_name_len_40_01234567890123456789012@localhost;

# Working with table-level privileges.

GRANT CREATE ON t1 TO user_name_len_16@localhost;
GRANT CREATE ON t1 TO user_name_len_22_01234@localhost;
GRANT CREATE ON t1 TO user_name_len_32_012345678901234@localhost;

--error ER_WRONG_STRING_LENGTH
GRANT CREATE ON t1 TO user_name_len_33_0123456789012345@localhost;

--error ER_WRONG_STRING_LENGTH
GRANT CREATE ON t1 TO user_name_len_40_01234567890123456789012@localhost;

REVOKE CREATE ON t1 FROM user_name_len_16@localhost;
REVOKE CREATE ON t1 FROM user_name_len_22_01234@localhost;
REVOKE CREATE ON t1 FROM user_name_len_32_012345678901234@localhost;

--error ER_WRONG_STRING_LENGTH
REVOKE CREATE ON t1 FROM user_name_len_33_0123456789012345@localhost;

--error ER_WRONG_STRING_LENGTH
REVOKE CREATE ON t1 FROM user_name_len_40_01234567890123456789012@localhost;

GRANT SELECT ON t1 TO user_name_len_16@localhost;
GRANT SELECT ON t1 TO user_name_len_22_01234@localhost;
GRANT SELECT ON t1 TO user_name_len_32_012345678901234@localhost;

--error ER_WRONG_STRING_LENGTH
GRANT SELECT ON t1 TO user_name_len_33_0123456789012345@localhost;

--error ER_WRONG_STRING_LENGTH
GRANT SELECT ON t1 TO user_name_len_40_01234567890123456789012@localhost;

REVOKE SELECT ON t1 FROM user_name_len_16@localhost;
REVOKE SELECT ON t1 FROM user_name_len_22_01234@localhost;
REVOKE SELECT ON t1 FROM user_name_len_32_012345678901234@localhost;

--error ER_WRONG_STRING_LENGTH
REVOKE SELECT ON t1 FROM user_name_len_33_0123456789012345@localhost;

--error ER_WRONG_STRING_LENGTH
REVOKE SELECT ON t1 FROM user_name_len_40_01234567890123456789012@localhost;

# Working with routine-level privileges.

GRANT EXECUTE ON PROCEDURE p1 TO user_name_len_16@localhost;
GRANT EXECUTE ON PROCEDURE p1 TO user_name_len_22_01234@localhost;
GRANT EXECUTE ON PROCEDURE p1 TO user_name_len_32_012345678901234@localhost;

--error ER_WRONG_STRING_LENGTH
GRANT EXECUTE ON PROCEDURE p1 TO user_name_len_33_0123456789012345@localhost;

--error ER_WRONG_STRING_LENGTH
GRANT EXECUTE ON PROCEDURE p1 TO user_name_len_40_01234567890123456789012@localhost;

REVOKE EXECUTE ON PROCEDURE p1 FROM user_name_len_16@localhost;
REVOKE EXECUTE ON PROCEDURE p1 FROM user_name_len_22_01234@localhost;
REVOKE EXECUTE ON PROCEDURE p1 FROM user_name_len_32_012345678901234@localhost;

--error ER_WRONG_STRING_LENGTH
REVOKE EXECUTE ON PROCEDURE p1 FROM user_name_len_33_0123456789012345@localhost;

--error ER_WRONG_STRING_LENGTH
REVOKE EXECUTE ON PROCEDURE p1 FROM user_name_len_40_01234567890123456789012@localhost;

--error ER_WRONG_STRING_LENGTH
DROP USER user_name_len_40_01234567890123456789012@localhost;

--character_set utf8
set names utf8;

# 16 characters user name
CREATE USER очень_длинный_юз@localhost;
# 24 characters user name
CREATE USER очень_очень_длинный_юзер@localhost;
# 32 characters user name
CREATE USER очень_очень_очень_длинный_юзер__@localhost;
# 36 characters user name
--error ER_WRONG_STRING_LENGTH
CREATE USER очень_очень_очень_очень_длинный_юзер@localhost;

GRANT CREATE ON mysqltest.* TO очень_длинный_юз@localhost;
GRANT CREATE ON mysqltest.* TO очень_очень_длинный_юзер@localhost;
GRANT CREATE ON mysqltest.* TO очень_очень_очень_длинный_юзер__@localhost;

--error ER_WRONG_STRING_LENGTH
GRANT CREATE ON mysqltest.* TO очень_очень_очень_очень_длинный_юзер@localhost;

REVOKE CREATE ON mysqltest.* FROM очень_длинный_юз@localhost;
REVOKE CREATE ON mysqltest.* FROM очень_очень_длинный_юзер@localhost;
REVOKE CREATE ON mysqltest.* FROM очень_очень_очень_длинный_юзер__@localhost;

--error ER_WRONG_STRING_LENGTH
REVOKE CREATE ON mysqltest.* FROM очень_очень_очень_очень_длинный_юзер@localhost;

GRANT CREATE ON t1 TO очень_длинный_юз@localhost;
GRANT CREATE ON t1 TO очень_очень_длинный_юзер@localhost;
GRANT CREATE ON t1 TO очень_очень_очень_длинный_юзер__@localhost;

--error ER_WRONG_STRING_LENGTH
GRANT CREATE ON t1 TO очень_очень_очень_очень_длинный_юзер@localhost;

REVOKE CREATE ON t1 FROM очень_длинный_юз@localhost;
REVOKE CREATE ON t1 FROM очень_очень_длинный_юзер@localhost;
REVOKE CREATE ON t1 FROM очень_очень_очень_длинный_юзер__@localhost;

--error ER_WRONG_STRING_LENGTH
REVOKE CREATE ON t1 FROM очень_очень_очень_очень_длинный_юзер@localhost;

GRANT SELECT ON t1 TO очень_длинный_юз@localhost;
GRANT SELECT ON t1 TO очень_очень_длинный_юзер@localhost;
GRANT SELECT ON t1 TO очень_очень_очень_длинный_юзер__@localhost;

--error ER_WRONG_STRING_LENGTH
GRANT SELECT ON t1 TO очень_очень_очень_очень_длинный_юзер@localhost;

REVOKE SELECT ON t1 FROM очень_длинный_юз@localhost;
REVOKE SELECT ON t1 FROM очень_очень_длинный_юзер@localhost;
REVOKE SELECT ON t1 FROM очень_очень_очень_длинный_юзер__@localhost;

--error ER_WRONG_STRING_LENGTH
REVOKE SELECT ON t1 FROM очень_очень_очень_очень_длинный_юзер@localhost;

GRANT EXECUTE ON PROCEDURE p1 TO очень_длинный_юз@localhost;
GRANT EXECUTE ON PROCEDURE p1 TO очень_очень_длинный_юзер@localhost;
GRANT EXECUTE ON PROCEDURE p1 TO очень_очень_очень_длинный_юзер__@localhost;

--error ER_WRONG_STRING_LENGTH
GRANT EXECUTE ON PROCEDURE p1 TO очень_очень_очень_очень_длинный_юзер@localhost;

REVOKE EXECUTE ON PROCEDURE p1 FROM очень_длинный_юз@localhost;
REVOKE EXECUTE ON PROCEDURE p1 FROM очень_очень_длинный_юзер@localhost;
REVOKE EXECUTE ON PROCEDURE p1 FROM очень_очень_очень_длинный_юзер__@localhost;

--error ER_WRONG_STRING_LENGTH
REVOKE EXECUTE ON PROCEDURE p1 FROM очень_очень_очень_очень_длинный_юзер@localhost;


--echo # Create a user, assign privileges, try to connect and use the granted
--echo # privileges. Trying out different connections (socket/TCP/SSL).


CREATE USER user_name_len_25_01234567@localhost;
GRANT CREATE ON * . * TO user_name_len_25_01234567@localhost;

--echo # Connecting via socket
connect (con_grant,localhost,user_name_len_25_01234567,,);

CREATE DATABASE db_1;

CREATE TABLE db_1.test_table (name varchar(15) not null, surname varchar(20) not null, 
email varchar(50) null, street varchar(50) null, city varchar(50) null, 
is_active int default 1 );

connection con_grant;
--error ER_TABLEACCESS_DENIED_ERROR
INSERT INTO db_1.test_table values('rob', 'g', 'robg@oracle.com', 'couldbeworse_street',
'couldbeworse_city', 1);

connection default;
GRANT INSERT ON db_1.test_table TO user_name_len_25_01234567@localhost;

disconnect con_grant;
--echo # Connecting via TCP/IP
connect (con_grant,127.0.0.1,user_name_len_25_01234567,,db_1,$MASTER_MYPORT);
INSERT INTO db_1.test_table values('rob', 'g', 'robg@oracle.com', 'couldbeworse_street',
'couldbeworse_city', 1);

INSERT INTO db_1.test_table values('kam', 'g', 'kamg@oracle.com', 'couldbeworse_street',
'couldbeworse_city', 1);

--error ER_TABLEACCESS_DENIED_ERROR
SELECT * FROM db_1.test_table;

connection default;
GRANT SELECT ON db_1.test_table TO user_name_len_25_01234567@localhost;

disconnect con_grant;
--echo # Connecting via socket/SSL
connect (con_grant,localhost,user_name_len_25_01234567,,,,,SSL);
SELECT * FROM db_1.test_table;

--error ER_TABLEACCESS_DENIED_ERROR
UPDATE db_1.test_table SET street='couldbemuchworse_street' WHERE name='rob'; 

connection default;
GRANT UPDATE ON db_1.test_table TO user_name_len_25_01234567@localhost;

connection con_grant;
UPDATE db_1.test_table SET street='couldbemuchworse_street' WHERE name='rob'; 
--error ER_TABLEACCESS_DENIED_ERROR
DELETE FROM db_1.test_table WHERE name='rob';

connection default;
GRANT DELETE ON db_1.test_table TO user_name_len_25_01234567@localhost;

connection con_grant;
DELETE FROM db_1.test_table WHERE name='rob';
--error ER_TABLEACCESS_DENIED_ERROR
DROP TABLE db_1.test_table;

connection default;
GRANT DROP ON db_1.* TO user_name_len_25_01234567@localhost;

disconnect con_grant;
--echo # Connecting via TCP/IP/SSL
connect (con_grant,127.0.0.1,user_name_len_25_01234567,,db_1,$MASTER_MYPORT,,SSL);

DROP TABLE db_1.test_table;
DROP DATABASE db_1;

connection default;
disconnect con_grant;

# cleanup

DROP USER очень_длинный_юз@localhost;
DROP USER очень_очень_длинный_юзер@localhost;
DROP USER очень_очень_очень_длинный_юзер__@localhost;
--error ER_WRONG_STRING_LENGTH
DROP USER очень_очень_очень_очень_длинный_юзер@localhost;

set names default;

DROP USER user_name_len_16@localhost;
DROP USER user_name_len_22_01234@localhost;
DROP USER user_name_len_32_012345678901234@localhost;
DROP USER user_name_len_25_01234567@localhost;

DROP TABLE t1;
DROP PROCEDURE p1;

#
# Bug#21762656 AFTER RUNNING MYSQL_UPGRADE PROXIES_PRIV USER COLUMNS ARE NOT UPDATED TO 32
#

CREATE USER user_name_len_22_01234@localhost;
GRANT ALL PRIVILEGES ON *.* TO user_name_len_22_01234@localhost WITH GRANT OPTION;
GRANT PROXY ON ''@'' TO user_name_len_22_01234@localhost WITH GRANT OPTION;
CONNECT (conn_su,localhost,user_name_len_22_01234,,);

CREATE USER user_name_len_32_012345678901234@localhost;
GRANT SELECT ON *.* TO user_name_len_32_012345678901234@localhost;
--echo ** Creating new proxy user **
CREATE USER proxy_native_0123456789@localhost IDENTIFIED WITH mysql_native_password;
GRANT PROXY ON user_name_len_32_012345678901234@localhost TO proxy_native_0123456789@localhost;
SELECT USER, PROXIED_USER, GRANTOR FROM mysql.proxies_priv WHERE Proxied_host='localhost';

connection default;
disconnect conn_su;
DROP USER user_name_len_22_01234@localhost;
DROP USER user_name_len_32_012345678901234@localhost;
DROP USER proxy_native_0123456789@localhost;

--echo #
--echo # Regression test added in WL#8657
--echo #

CREATE DATABASE db8657;
CREATE TABLE db8657.t1 (i INT);

CREATE USER 'untrusted8657'@'localhost';

--echo # Connection con1
connect (con1, localhost, untrusted8657);

--error ER_TABLEACCESS_DENIED_ERROR
CREATE INDEX idx1 ON db8657.t1 (i);

--error ER_TABLEACCESS_DENIED_ERROR
PREPARE stmt FROM 'CREATE TABLE db8657.t2 (i INT)';

disconnect con1;
connection default;

SHOW CREATE TABLE db8657.t1;

DROP USER 'untrusted8657'@localhost;
DROP DATABASE db8657;

--echo #
--echo # Regression test added in WL#8063
--echo #

CREATE DATABASE db8063;
CREATE TABLE db8063.t1(a VARCHAR(20));

CREATE USER 'untrusted8063'@'localhost';


--echo # Connection con1
connect (con1, localhost, untrusted8063);

--error ER_ACCESS_DENIED_ERROR
LOAD DATA INFILE '../../std_data/loaddata_utf8.dat' INTO TABLE db8063.t1;

disconnect con1;
connection default;

SHOW CREATE TABLE db8063.t1;

DROP USER 'untrusted8063'@localhost;
DROP DATABASE db8063;

--echo #
--echo # Bug#30542333 CASE INSENSITIVE COMPARISON OF
--echo # VIEW DEFINER USERNAME IN INFORMATION_SCHEMA
--echo #

--echo # Create testing database
CREATE DATABASE mysqltest_1;

--echo # Create users with same username with different character case
CREATE USER mysqluser1@localhost, MySQLuser1@localhost;

--echo # Grant create view on testing database to both users
GRANT CREATE VIEW ON mysqltest_1.* TO mysqluser1@localhost;
GRANT SELECT ON mysqltest_1.* TO MySQLuser1@localhost;

--echo # Connect to first user
connect (conn1,localhost,mysqluser1,,);

--echo # Define a view
CREATE VIEW mysqltest_1.v1 AS SELECT 1;
SELECT view_definition
  FROM information_schema.views
  WHERE table_schema='mysqltest_1' AND table_name='v1';

disconnect conn1;

--echo # Connect to second user
connect (conn1,localhost,MySQLuser1,,);

--echo # Try to access the view definition, view definition
--echo # should not be visible with the fix.
SELECT view_definition FROM information_schema.views
  WHERE table_schema='mysqltest_1' AND table_name='v1';

disconnect conn1;

--echo # Cleanup
connection default;
DROP USER mysqluser1@localhost, MySQLuser1@localhost;
DROP DATABASE mysqltest_1;

# Wait till we reached the initial number of concurrent sessions
--source include/wait_until_count_sessions.inc

--echo #
--echo # Test prepared statements and REVOKE between PREPARE and EXECUTE
--echo #

CREATE DATABASE mysqltest;

CREATE USER mysqltest@localhost;

CREATE TABLE mysqltest.visible(s INTEGER, u INTEGER, d INTEGER);

GRANT ALL PRIVILEGES ON mysqltest.visible TO mysqltest@localhost;

CREATE VIEW mysqltest.v0 AS SELECT s, u, d FROM mysqltest.visible;

GRANT ALL PRIVILEGES ON mysqltest.v0 TO mysqltest@localhost;

CREATE TABLE mysqltest.cols(
 s1 INTEGER, s2 INTEGER,
 u1 INTEGER, u2 INTEGER,
 i1 INTEGER, i2 INTEGER);

GRANT SELECT(s1, s2, u1, u2, i1, i2) ON mysqltest.cols TO mysqltest@localhost;
GRANT INSERT(s1, s2, u1, u2, i1, i2) ON mysqltest.cols TO mysqltest@localhost;
GRANT UPDATE(u1, u2) ON mysqltest.cols TO mysqltest@localhost;
GRANT DELETE ON mysqltest.cols TO mysqltest@localhost;

CREATE TABLE mysqltest.ins(i1 INTEGER, i2 INTEGER, i3 INTEGER);

GRANT SELECT(i1, i2, i3) ON mysqltest.ins TO mysqltest@localhost;
GRANT INSERT(i1, i2, i3) ON mysqltest.ins TO mysqltest@localhost;
GRANT UPDATE(i1, i2, i3) ON mysqltest.ins TO mysqltest@localhost;

CREATE TABLE mysqltest.source(b1 INTEGER, b2 INTEGER);

INSERT INTO mysqltest.source VALUES(1, 1);

GRANT SELECT(b1, b2) ON mysqltest.source TO mysqltest@localhost;

CREATE VIEW mysqltest.v1 AS
SELECT s1, s2, u1, u2, i1, i2 FROM mysqltest.cols;

GRANT SELECT(s1, s2, u1, u2, i1, i2) ON mysqltest.v1 TO mysqltest@localhost;
GRANT INSERT(s1, s2, u1, u2, i1, i2) ON mysqltest.v1 TO mysqltest@localhost;
GRANT UPDATE(u1, u2) ON mysqltest.v1 TO mysqltest@localhost;
GRANT DELETE ON mysqltest.v1 TO mysqltest@localhost;

CREATE FUNCTION mysqltest.f1() RETURNS INTEGER DETERMINISTIC RETURN 1;

GRANT EXECUTE ON FUNCTION mysqltest.f1 TO mysqltest@localhost;

CREATE PROCEDURE mysqltest.p1(a INTEGER) SELECT a;

GRANT EXECUTE ON PROCEDURE mysqltest.p1 TO mysqltest@localhost;

CREATE PROCEDURE mysqltest.p2(a INTEGER) SELECT a;

GRANT EXECUTE ON PROCEDURE mysqltest.p2 TO mysqltest@localhost;

--connect (con1,localhost,mysqltest,,mysqltest)

PREPARE stmt_i0 FROM 'INSERT INTO mysqltest.visible VALUES(1, 1, 1)';
PREPARE stmt_s0 FROM 'SELECT s FROM mysqltest.visible';
PREPARE stmt_u0 FROM 'UPDATE mysqltest.visible SET u=1';
PREPARE stmt_d0 FROM 'DELETE FROM mysqltest.visible WHERE d=1';

PREPARE stmt_i0v FROM 'INSERT INTO mysqltest.v0 VALUES(1, 1, 1)';
PREPARE stmt_s0v FROM 'SELECT s FROM mysqltest.v0';
PREPARE stmt_u0v FROM 'UPDATE mysqltest.v0 SET u=1';
PREPARE stmt_d0v FROM 'DELETE FROM mysqltest.v0 WHERE d=1';

PREPARE stmt_i1 FROM 'INSERT INTO mysqltest.cols(i1, s1, u1) VALUES(1, 1, 1)';
PREPARE stmt_i2 FROM 'INSERT INTO mysqltest.cols(i2, s2, u2) VALUES(1, 1, 1)';
PREPARE stmt_iv1 FROM
'INSERT INTO mysqltest.cols(i1) VALUES((SELECT b1 FROM mysqltest.source))';
PREPARE stmt_iv2 FROM
'INSERT INTO mysqltest.cols(i1) VALUES((SELECT b2 FROM mysqltest.source))';
PREPARE stmt_is1 FROM
'INSERT INTO mysqltest.cols(i1) SELECT b1 FROM mysqltest.source';
PREPARE stmt_is2 FROM
'INSERT INTO mysqltest.cols(i1) SELECT b2 FROM mysqltest.source';
PREPARE stmt_ii1 FROM 'INSERT INTO mysqltest.ins(i1, i3) VALUES(1, i1)';
PREPARE stmt_ii2 FROM 'INSERT INTO mysqltest.ins(i2, i3) VALUES(1, i2)';
PREPARE stmt_iu1 FROM
'INSERT INTO mysqltest.ins(i1)
 VALUES(1) ON DUPLICATE KEY UPDATE i1=i1+VALUES(i1)';
PREPARE stmt_iu2 FROM
'INSERT INTO mysqltest.ins(i2)
 VALUES(1) ON DUPLICATE KEY UPDATE i2=i2+VALUES(i2)';
PREPARE stmt_s1 FROM 'SELECT s1 FROM mysqltest.cols';
PREPARE stmt_s2 FROM 'SELECT s2 FROM mysqltest.cols';
PREPARE stmt_sw1 FROM 'SELECT 1 FROM mysqltest.cols WHERE s1=1';
PREPARE stmt_sw2 FROM 'SELECT 1 FROM mysqltest.cols WHERE s2=1';
PREPARE stmt_su1 FROM
'SELECT 1 FROM mysqltest.cols AS a JOIN mysqltest.cols AS b USING (s1)';
PREPARE stmt_su2 FROM
'SELECT 1 FROM mysqltest.cols AS a JOIN mysqltest.cols AS b USING (s2)';
PREPARE stmt_sj1 FROM
'SELECT 1 FROM mysqltest.cols AS a JOIN mysqltest.cols AS b ON a.s1=b.s1';
PREPARE stmt_sj2 FROM
'SELECT 1 FROM mysqltest.cols AS a JOIN mysqltest.cols AS b ON a.s2=b.s2';
PREPARE stmt_sg1 FROM 'SELECT 1 FROM mysqltest.cols GROUP BY s1';
PREPARE stmt_sg2 FROM 'SELECT 1 FROM mysqltest.cols GROUP BY s2';
PREPARE stmt_sh1 FROM 'SELECT 1 FROM mysqltest.cols HAVING SUM(s1)=1';
PREPARE stmt_sh2 FROM 'SELECT 1 FROM mysqltest.cols HAVING SUM(s2)=1';
PREPARE stmt_so1 FROM 'SELECT 1 FROM mysqltest.cols ORDER BY s1';
PREPARE stmt_so2 FROM 'SELECT 1 FROM mysqltest.cols ORDER BY s2';
PREPARE stmt_sr1 FROM 'SELECT SUM(1) OVER (ORDER BY s1) FROM mysqltest.cols';
PREPARE stmt_sr2 FROM 'SELECT SUM(1) OVER (ORDER BY s2) FROM mysqltest.cols';
PREPARE stmt_sp1 FROM
'SELECT SUM(1) OVER (PARTITION BY s1) FROM mysqltest.cols';
PREPARE stmt_sp2 FROM
'SELECT SUM(1) OVER (PARTITION BY s2) FROM mysqltest.cols';
PREPARE stmt_sq1 FROM
'SELECT 1 FROM mysqltest.cols WHERE s1 IN (SELECT s1 FROM mysqltest.cols)';
PREPARE stmt_sq2 FROM
'SELECT 1 FROM mysqltest.cols WHERE s1 IN (SELECT s2 FROM mysqltest.cols)';
PREPARE stmt_u1 FROM 'UPDATE mysqltest.cols SET u1=1';
PREPARE stmt_u2 FROM 'UPDATE mysqltest.cols SET u2=1';
PREPARE stmt_us1 FROM 'UPDATE mysqltest.cols SET u1=s1';
PREPARE stmt_us2 FROM 'UPDATE mysqltest.cols SET u1=s2';
PREPARE stmt_uj1 FROM
'UPDATE mysqltest.cols AS a JOIN mysqltest.cols AS b ON a.s1=b.s1 SET a.u1=1';
PREPARE stmt_uj2 FROM
'UPDATE mysqltest.cols AS a JOIN mysqltest.cols AS b ON a.s2=b.s2 SET a.u1=1';
PREPARE stmt_uw1 FROM 'UPDATE mysqltest.cols SET u1=1 WHERE s1=1';
PREPARE stmt_uw2 FROM 'UPDATE mysqltest.cols SET u1=1 WHERE s2=1';
PREPARE stmt_uo1 FROM 'UPDATE mysqltest.cols SET u1=1 ORDER BY s1';
PREPARE stmt_uo2 FROM 'UPDATE mysqltest.cols SET u1=1 ORDER BY s2';
PREPARE stmt_d1 FROM 'DELETE FROM mysqltest.cols WHERE s1=1';
PREPARE stmt_d2 FROM 'DELETE FROM mysqltest.cols WHERE s2=1';
PREPARE stmt_dj1 FROM
'DELETE a FROM mysqltest.cols AS a JOIN mysqltest.cols AS b ON a.s1=b.s1';
PREPARE stmt_dj2 FROM
'DELETE a FROM mysqltest.cols AS a JOIN mysqltest.cols AS b ON a.s2=b.s2';
PREPARE stmt_do1 FROM 'DELETE FROM mysqltest.cols WHERE s1=1 ORDER BY s1';
PREPARE stmt_do2 FROM 'DELETE FROM mysqltest.cols WHERE s1=1 ORDER BY s2';

PREPARE stmt_set1 FROM 'SET @a = (SELECT COUNT(s1) FROM mysqltest.cols)';
PREPARE stmt_set2 FROM 'SET @b = (SELECT COUNT(s2) FROM mysqltest.cols)';

PREPARE stmt_i1v FROM 'INSERT INTO mysqltest.v1(i1, s1, u1) VALUES(1, 1, 1)';
PREPARE stmt_i2v FROM 'INSERT INTO mysqltest.v1(i2, s2, u2) VALUES(1, 1, 1)';
PREPARE stmt_s1v FROM 'SELECT s1 FROM mysqltest.v1';
PREPARE stmt_s2v FROM 'SELECT s2 FROM mysqltest.v1';
PREPARE stmt_u1v FROM 'UPDATE mysqltest.v1 SET u1=1';
PREPARE stmt_u2v FROM 'UPDATE mysqltest.v1 SET u2=1';
PREPARE stmt_d1v FROM 'DELETE FROM mysqltest.v1 WHERE s1=1';
PREPARE stmt_d2v FROM 'DELETE FROM mysqltest.v1 WHERE s2=1';

PREPARE stmt_f1 FROM 'SELECT mysqltest.f1()';

PREPARE stmt_p1 FROM 'CALL mysqltest.p1(10)';

PREPARE stmt_c1 FROM 'CALL mysqltest.p2((SELECT b1 FROM mysqltest.source))';
PREPARE stmt_c2 FROM 'CALL mysqltest.p2((SELECT b2 FROM mysqltest.source))';

EXECUTE stmt_i0;
EXECUTE stmt_s0;
EXECUTE stmt_u0;
EXECUTE stmt_d0;

EXECUTE stmt_i0v;
EXECUTE stmt_s0v;
EXECUTE stmt_u0v;
EXECUTE stmt_d0v;

EXECUTE stmt_i1;
EXECUTE stmt_i2;
EXECUTE stmt_iv1;
EXECUTE stmt_iv2;
EXECUTE stmt_is1;
EXECUTE stmt_is2;
EXECUTE stmt_ii1;
EXECUTE stmt_ii2;
EXECUTE stmt_iu1;
EXECUTE stmt_iu2;
EXECUTE stmt_s1;
EXECUTE stmt_s2;
EXECUTE stmt_sw1;
EXECUTE stmt_sw2;
EXECUTE stmt_su1;
EXECUTE stmt_su2;
EXECUTE stmt_sj1;
EXECUTE stmt_sj2;
EXECUTE stmt_sg1;
EXECUTE stmt_sg2;
EXECUTE stmt_sh1;
EXECUTE stmt_sh2;
EXECUTE stmt_so1;
EXECUTE stmt_so2;
EXECUTE stmt_sr1;
EXECUTE stmt_sr2;
EXECUTE stmt_sp1;
EXECUTE stmt_sp2;
EXECUTE stmt_sq1;
EXECUTE stmt_sq2;
EXECUTE stmt_u1;
EXECUTE stmt_u2;
EXECUTE stmt_us1;
EXECUTE stmt_us2;
EXECUTE stmt_uj1;
EXECUTE stmt_uj2;
EXECUTE stmt_uw1;
EXECUTE stmt_uw2;
EXECUTE stmt_uo1;
EXECUTE stmt_uo2;
EXECUTE stmt_d1;
EXECUTE stmt_d2;
EXECUTE stmt_dj1;
EXECUTE stmt_dj2;
EXECUTE stmt_do1;
EXECUTE stmt_do2;

EXECUTE stmt_set1;
EXECUTE stmt_set2;

EXECUTE stmt_i1v;
EXECUTE stmt_i2v;
EXECUTE stmt_s1v;
EXECUTE stmt_s2v;
EXECUTE stmt_u1v;
EXECUTE stmt_u2v;
EXECUTE stmt_d1v;
EXECUTE stmt_d2v;

EXECUTE stmt_f1;

EXECUTE stmt_p1;

EXECUTE stmt_c1;
EXECUTE stmt_c2;

--connection default

REVOKE ALL PRIVILEGES ON mysqltest.v0 FROM mysqltest@localhost;
REVOKE SELECT(s2) ON mysqltest.v1 FROM mysqltest@localhost;
REVOKE INSERT(i2,s2,u2) ON mysqltest.v1 FROM mysqltest@localhost;
REVOKE UPDATE(u2) ON mysqltest.v1 FROM mysqltest@localhost;

--connection con1

--error ER_TABLEACCESS_DENIED_ERROR
EXECUTE stmt_i0v;
--error ER_TABLEACCESS_DENIED_ERROR
EXECUTE stmt_s0v;
--error ER_TABLEACCESS_DENIED_ERROR
EXECUTE stmt_u0v;
--error ER_TABLEACCESS_DENIED_ERROR
EXECUTE stmt_d0v;

EXECUTE stmt_i1v;
EXECUTE stmt_s1v;
EXECUTE stmt_u1v;
EXECUTE stmt_d1v;

--error ER_COLUMNACCESS_DENIED_ERROR
EXECUTE stmt_i2v;
--error ER_COLUMNACCESS_DENIED_ERROR
EXECUTE stmt_s2v;
--error ER_COLUMNACCESS_DENIED_ERROR
EXECUTE stmt_u2v;
--error ER_COLUMNACCESS_DENIED_ERROR
EXECUTE stmt_d2v;

--connection default

REVOKE ALL PRIVILEGES ON mysqltest.visible FROM mysqltest@localhost;
REVOKE SELECT(s2) ON mysqltest.cols FROM mysqltest@localhost;
REVOKE INSERT(i2,s2,u2) ON mysqltest.cols FROM mysqltest@localhost;
REVOKE UPDATE(u2) ON mysqltest.cols FROM mysqltest@localhost;
REVOKE SELECT(i2) ON mysqltest.ins FROM mysqltest@localhost;
REVOKE SELECT(b2) ON mysqltest.source FROM mysqltest@localhost;
REVOKE EXECUTE ON FUNCTION mysqltest.f1 FROM mysqltest@localhost;
REVOKE EXECUTE ON PROCEDURE mysqltest.p1 FROM mysqltest@localhost;

--connection con1

--error ER_TABLEACCESS_DENIED_ERROR
EXECUTE stmt_i0;
--error ER_TABLEACCESS_DENIED_ERROR
EXECUTE stmt_s0;
--error ER_TABLEACCESS_DENIED_ERROR
EXECUTE stmt_u0;
--error ER_TABLEACCESS_DENIED_ERROR
EXECUTE stmt_d0;

EXECUTE stmt_i1;
EXECUTE stmt_iv1;
EXECUTE stmt_is1;
EXECUTE stmt_ii1;
EXECUTE stmt_iu1;
EXECUTE stmt_s1;
EXECUTE stmt_sw1;
EXECUTE stmt_su1;
EXECUTE stmt_sj1;
EXECUTE stmt_sg1;
EXECUTE stmt_sh1;
EXECUTE stmt_so1;
EXECUTE stmt_sp1;
EXECUTE stmt_sr1;
EXECUTE stmt_sq1;
EXECUTE stmt_u1;
EXECUTE stmt_us1;
EXECUTE stmt_uj1;
EXECUTE stmt_uw1;
EXECUTE stmt_uo1;
EXECUTE stmt_d1;
EXECUTE stmt_dj1;
EXECUTE stmt_do1;
EXECUTE stmt_set1;
EXECUTE stmt_c1;

--error ER_COLUMNACCESS_DENIED_ERROR
EXECUTE stmt_i2;
--error ER_COLUMNACCESS_DENIED_ERROR
EXECUTE stmt_iv2;
--error ER_COLUMNACCESS_DENIED_ERROR
EXECUTE stmt_is2;
--error ER_COLUMNACCESS_DENIED_ERROR
EXECUTE stmt_ii2;
--error ER_COLUMNACCESS_DENIED_ERROR
EXECUTE stmt_iu2;
--error ER_COLUMNACCESS_DENIED_ERROR
EXECUTE stmt_s2;
--error ER_COLUMNACCESS_DENIED_ERROR
EXECUTE stmt_sw2;
--error ER_COLUMNACCESS_DENIED_ERROR
EXECUTE stmt_su2;
--error ER_COLUMNACCESS_DENIED_ERROR
EXECUTE stmt_sj2;
--error ER_COLUMNACCESS_DENIED_ERROR
EXECUTE stmt_sg2;
--error ER_COLUMNACCESS_DENIED_ERROR
EXECUTE stmt_sh2;
--error ER_COLUMNACCESS_DENIED_ERROR
EXECUTE stmt_so2;
--error ER_COLUMNACCESS_DENIED_ERROR
EXECUTE stmt_sp2;
--error ER_COLUMNACCESS_DENIED_ERROR
EXECUTE stmt_sr2;
--error ER_COLUMNACCESS_DENIED_ERROR
EXECUTE stmt_sq2;
--error ER_COLUMNACCESS_DENIED_ERROR
EXECUTE stmt_u2;
--error ER_COLUMNACCESS_DENIED_ERROR
EXECUTE stmt_us2;
--error ER_COLUMNACCESS_DENIED_ERROR
EXECUTE stmt_uj2;
--error ER_COLUMNACCESS_DENIED_ERROR
EXECUTE stmt_uw2;
--error ER_COLUMNACCESS_DENIED_ERROR
EXECUTE stmt_uo2;
--error ER_COLUMNACCESS_DENIED_ERROR
EXECUTE stmt_d2;
--error ER_COLUMNACCESS_DENIED_ERROR
EXECUTE stmt_dj2;
--error ER_COLUMNACCESS_DENIED_ERROR
EXECUTE stmt_do2;
--error ER_COLUMNACCESS_DENIED_ERROR
EXECUTE stmt_set2;

--error ER_PROCACCESS_DENIED_ERROR
EXECUTE stmt_f1;

--error ER_PROCACCESS_DENIED_ERROR
EXECUTE stmt_p1;

--error ER_COLUMNACCESS_DENIED_ERROR
EXECUTE stmt_c2;

--connection default
--disconnect con1

DROP TABLE mysqltest.visible, mysqltest.cols, mysqltest.source, mysqltest.ins;
DROP VIEW mysqltest.v0, mysqltest.v1;
DROP FUNCTION mysqltest.f1;
DROP PROCEDURE mysqltest.p1;
DROP PROCEDURE mysqltest.p2;

DROP DATABASE mysqltest;

DROP USER mysqltest@localhost;

--echo #
--echo # Bug#33064461 - WRONGLY HANDLED DEFINER FOR TRIGGERS WHEN PS USED
--echo #
CREATE USER 'user01'@'localhost' IDENTIFIED BY '';
CREATE USER 'user02'@'localhost' IDENTIFIED BY '';
GRANT ALL PRIVILEGES ON *.* to 'user01'@'localhost';

CREATE DATABASE test01;
CREATE TABLE test01.c (id int primary key, a varchar(100));
INSERT INTO test01.c SET id = 1, a = "xyz";

CREATE DATABASE test02;
CREATE TABLE test02.tbl01 (id int primary key, a varchar(100));
INSERT INTO test02.tbl01 SET id = 1, a = "xyz";
CREATE TABLE test02.tbl02 (id int primary key, a varchar(100));

CREATE DEFINER='user01'@'localhost' TRIGGER test02.trg01
  AFTER UPDATE ON test02.tbl01 FOR EACH ROW
    UPDATE test02.tbl02 SET a = (SELECT a FROM test01.c WHERE id = 1) WHERE id = NEW.id;

DELIMITER $;
CREATE DEFINER='user01'@'localhost' FUNCTION test02.sf() RETURNS INT
BEGIN
   SELECT tbl02.id FROM test02.tbl02 as tbl02, test01.c as c
                   WHERE tbl02.id  = c.id INTO @a;
   RETURN 1;
END$
DELIMITER ;$

GRANT SELECT, UPDATE, INSERT on test02.tbl01 TO 'user02'@'localhost';
GRANT EXECUTE ON FUNCTION test02.sf to 'user02'@'localhost';

connect (con1, localhost, user02,, test02);
PREPARE stmt from 'update tbl01 set a = "xyz"';
--echo # Without fix, execution of prepared statement fails as it incorrectly
--echo # uses security context of INVOKER instead of DEFINER for the trigger.
--echo # With fix, DEFINER security context is used for the trigger.
EXECUTE stmt;
EXECUTE stmt;
DROP PREPARE stmt;

PREPARE stmt from 'select sf()';
--echo # Without fix, execution of prepared statement fails as it incorrectly
--echo # uses security context of INVOKER instead of DEFINER for the stored function.
--echo # With fix, DEFINER security context is used for the stored function.
EXECUTE stmt;
EXECUTE stmt;
DROP PREPARE stmt;

#CLEANUP
connection default;
disconnect con1;
DROP DATABASE test01;
DROP DATABASE test02;
DROP USER 'user01'@'localhost';
DROP USER 'user02'@'localhost';

--echo #
--echo # Bug#33578113: DROP privilege on performance_schema.* can't be revoked
--echo #
connection default;

CREATE USER bug33578113;

GRANT DROP ON performance_schema.* TO bug33578113;
REVOKE DROP ON performance_schema.* FROM bug33578113;

DROP USER bug33578113;

# Wait till we reached the initial number of concurrent sessions
--source include/wait_until_count_sessions.inc