source include/platform.inc;
source include/not_embedded.inc;
source include/count_sessions.inc;

if (`select count(*) = 0 from information_schema.plugins where plugin_name = 'parsec'`)
{
  --skip Needs parsec plugin
}

if (!$PARSEC_SO) {
  skip No auth_parsec plugin;
}
--error ER_PASSWD_LENGTH
create user test1@'%' identified via parsec using 'pwd';
create user test1@'%' identified via parsec using PASSWORD('pwd');
--replace_regex /:[A-Za-z0-9+\/]{43}'/:password'/ /:[A-Za-z0-9+\/]{24}:/:salt:/
show grants for test1@'%';
connect con1, localhost, test1, pwd;
select 1, USER(), CURRENT_USER();
disconnect con1;
connect con2, localhost, test1, pwd;
select 2, USER(), CURRENT_USER();
disconnect con2;
--replace_result $MASTER_MYSOCK MASTER_MYSOCK $MASTER_MYPORT MASTER_MYPORT
--error ER_ACCESS_DENIED_ERROR
connect con3, localhost, test1, wrong_pwd;

connection default;

create function have_ssl() returns char(3)
  return (select if(variable_value > '','yes','no') as 'have_ssl'
  from information_schema.session_status
  where variable_name='ssl_cipher');
grant execute on test.* to test1@'%';

let host=;
if ($MTR_COMBINATION_WIN) {
  # see ssl_autoverify.test
  let host=--host=127.0.0.2;
}

--echo # mysql -utest1 -ppwd --ssl-verify-server-cert -e "select test.have_ssl()"
--exec $MYSQL --protocol tcp $host -utest1 -ppwd --ssl-verify-server-cert -e "select test.have_ssl()" 2>&1

source include/wait_until_count_sessions.inc;
drop function have_ssl;
drop user test1@'%';


--echo # MDEV-34854 Parsec sends garbage when using an empty password
create user test2@'%' identified via parsec using PASSWORD('');
--replace_regex /:[A-Za-z0-9+\/]{43}'/:password'/ /:[A-Za-z0-9+\/]{24}:/:salt:/
show grants for test2@'%';
connect con4, localhost, test2,;
select 4, USER(), CURRENT_USER();
disconnect con4;

--replace_result $MASTER_MYSOCK MASTER_MYSOCK $MASTER_MYPORT MASTER_MYPORT
--error ER_ACCESS_DENIED_ERROR
connect con5, localhost, test2, "wrong_pwd";
connection default;
source include/wait_until_count_sessions.inc;
drop user test2@'%';