--source include/not_embedded.inc
--source include/have_ssl.inc

CREATE USER 'kristofer';
# Bootstrap did not follow the startup variables while creating root account,
# hence need to change old_passwords variable.
SET old_passwords=2;
SET PASSWORD FOR 'kristofer'=PASSWORD('secret');
SELECT user, plugin FROM mysql.user;
connect(con1,localhost,kristofer,secret,,,,SSL);
connection con1;
SELECT USER(),CURRENT_USER();
connection default;
disconnect con1;
DROP USER 'kristofer';

GRANT ALL ON *.* TO 'kristofer'@'localhost' IDENTIFIED WITH 'sha256_password';
GRANT ALL ON *.* TO 'kristofer2'@'localhost' IDENTIFIED WITH 'sha256_password';
SET PASSWORD FOR 'kristofer'@'localhost'=PASSWORD('secret2');
SET PASSWORD FOR 'kristofer2'@'localhost'=PASSWORD('secret2');
connect(con2,localhost,kristofer,secret2,,,,SSL);
connection con2;
SELECT USER(),CURRENT_USER();
--replace_regex /PASSWORD .*$/PASSWORD '<non-deterministic-password-hash>'/
SHOW GRANTS FOR 'kristofer'@'localhost';

--echo Change user (should succeed)
change_user kristofer2,secret2;
SELECT USER(),CURRENT_USER();

connection default;
disconnect con2;
--echo **** Client default_auth=sha_256_password and server default auth=sha256_password
--echo #### Test is disabled because it requires RSA-keys and this only works 
--echo #### with OpenSSL. The reason is that the current client library
--echo #### framework can't know if SSL was attempted or not when the default
--echo #### client auth is switched and hence it will only report that the 
--echo #### connection is unencrypted.
# --exec xterm -e gdb --args $MYSQL -ukristofer -psecret2 --default_auth=sha256_password --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "select user(), current_user()"
--echo **** Client default_auth=native and server default auth=sha256_password
--exec $MYSQL -ukristofer -psecret2 --default_auth=mysql_native_password --ssl-ca=$MYSQL_TEST_DIR/std_data/cacert.pem --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "select user(), current_user()"

DROP USER 'kristofer'@'localhost';
DROP USER 'kristofer2'@'localhost';

GRANT ALL ON *.* TO 'kristofer'@'localhost';
SET PASSWORD FOR 'kristofer'@'localhost'=PASSWORD('');
connect(con3,localhost,kristofer,,,,,SSL);
connection con3;
SELECT USER(),CURRENT_USER();
--replace_regex /PASSWORD .*$/PASSWORD '<non-deterministic-password-hash>'/
SHOW GRANTS FOR 'kristofer'@'localhost';
connection default;
disconnect con3;
DROP USER 'kristofer'@'localhost';

GRANT ALL ON *.* TO 'kristofer'@'33.33.33.33';
SET PASSWORD FOR 'kristofer'@'33.33.33.33'=PASSWORD('');
--echo Connection should fail for localhost
--replace_result $MASTER_MYSOCK MASTER_MYSOCK
--disable_query_log
--error ER_ACCESS_DENIED_ERROR
connect(con4,127.0.0.1,kristofer,,,,,SSL);
--enable_query_log
DROP USER 'kristofer'@'33.33.33.33';

GRANT ALL ON *.* TO 'kristofer'@'localhost' IDENTIFIED BY 'awesomeness';
connect(con3,localhost,kristofer,awesomeness,,,,SSL);
connection con3;
SELECT USER(),CURRENT_USER();
--replace_regex /PASSWORD .*$/PASSWORD '<non-deterministic-password-hash>'/
SHOW GRANTS FOR 'kristofer'@'localhost';
connection default;
disconnect con3;
# Setting password for kristofer@localhost using old_passwords=0 will fail.
SET @@OLD_PASSWORDS= 0;
--error ER_PASSWORD_FORMAT
SET PASSWORD FOR 'kristofer'@'localhost'= PASSWORD('error');
DROP USER 'kristofer'@'localhost';