Implement automatic creation of temporary accounts for SST and pass
account credentials to SST script via socket as opposed to environment
variables. Delete the user after the SST script returns,

Respect wsrep_sst_auth set by the adminitrator in case some additional
privilege grants are needed for particular SST method.

mysqldump SST requires significant change to make use of the new
automatic user generation facility. For now just make it compatible
by ignoring automatically generated user and rely only on wsrep_sst_auth
setting on the joiner node to keep backward compatibility.

Adapt mysqldump SST to automatic SST user generation changes:
 - disable special treatment for mysqldump SST on donor
 - make mysqldump SST script compatible with the new SST script
   interface.

Differentiate user privileges for different SST methods:
 - grant minimum required privileges for clone and xtrabackup SST
   accounts
 - grant all privileges to custom SST accounts as it is not known what
   is needed.
 - disable SST account generation for rsync SST since it is not needed.

MTR tests:
 - add MTR tests for clone and xtrabackup SSTs without wsrep_sst_auth,
 - add MTR test for testing masking of wsrep_sst_auth.
 - don't attmept to restore original wsrep_sst_auth in MTR tests as it
   is always masked.
Signed-off-by: Julius Goryavsky <julius.goryavsky@mariadb.com>

Signed-off-by: Julius Goryavsky <julius.goryavsky@mariadb.com>

Add two-way communication between parent and child in wsp::proc class.
Refactor wsp::thd class to call my_thread_init() conditionally.
Signed-off-by: Julius Goryavsky <julius.goryavsky@mariadb.com>

If mariabackup does not get the password on command line or from
the [mariabackup] section of the config file, it initializes the
internal opt_password variable to empty string and considers it
as set in a subsequent check, therefore ignoring the value of
MYSQL_PWD envronment variable. At the same time MariDB server
considers empty string passwords as no password.

Fixing this is necessary to use automatically generated SST users
because mariabackup needs --default-file option to use the same
config as the server and that option does not allow to supply any
extra config files, so using the automatically generated config
with [mariabackup] section is out of question.

Modify check for set password to treat empty string as unset
and fall back to the MYSQL_PWD value if present.
Signed-off-by: Julius Goryavsky <julius.goryavsky@mariadb.com>

		tablespace truncation

- InnoDB fails with out of bound write error after temporary
tablespace truncation. This issue caused by
commit c507678b (MDEV-28699).
InnoDB fail to clear freed ranges if shrinking size
is the last offset of the freed range.

Now that we do not pollute systemd's environment but write private
environment files running these as root is not longer required. So
let's drop `PermissionsStartOnly=true`.

Debian adds extra `ExecStartPre=` and `ExecStartPost=`, though.
Use special executable prefix for full privileges there. (See
systemd.service(5) for details.)

Support in service file was dropped in 91f16948
(systemd: multi-instance not for Galera, User/Group flexible).

Now that the systemd unit files use an environment file to pass
_WSREP_START_POSITION we have to update galera_new_cluster as well.

We used to run `systemctl set-environment` to pass
_WSREP_START_POSITION. This is bad because:

* it clutter systemd's environment (yes, pid 1)
* it requires root privileges
* options (like LimitNOFILE=) are not applied

Let's just create an environment file in ExecStartPre=, that is read
before ExecStart= kicks in. We have _WSREP_START_POSITION around for the
main process without any downsides.

mysqldump --dir produces unexpected sql output on stdout.
All sql should go into .sql files (and data to .txt files)

A cleanup for MDEV-25829.

Using /WX (warning as error) during configuration step caused
HAVE_OPENSSL_APPLINK_C to be OFF

This made client utilities fail with "Applink not found" during runtime.

Hardcode -DHAVE_OPENSSL_APPLINK_C=1 for CMake for now, fix connector
later.

* show it as a datetime, not number of seconds
* show all users
* show manually expired users as 0000-00-00 00:00:00
* show default expiration interval correctly
* numerous test fixes, add more tests
* fix compilation of embedded

* A new table INFORMATION_SCHEMA.USERS is introduced.
* It stores auxiliary user data
* An unprivileged user can access their own data, and that is the main
  difference with what mysql.global_priv provides
* The fields are currently: USER, PASSWORD_ERRORS, PASSWORD_EXPIRATION_TIME
* If password_errors is ignored for the user, PASSWORD_ERRORS is NULL
* PASSWORD_EXPIRATION_TIME is a timestamp with exact point in time, calculated
from password_last_changed and password_lifetime (i.e. days) stored for the user

Columns added to TABLE_STATISTICS
- ROWS_INSERTED, ROWS_DELETED, ROWS_UPDATED, KEY_READ_HITS and
  KEY_READ_MISSES.

Columns added to CLIENT_STATISTICS and USER_STATISTICS:
- KEY_READ_HITS and KEY_READ_MISSES.

User visible changes (except new columns):
- CLIENT_STATISTICS and USER_STATISTICS has columns KEY_READ_HITS and
  KEY_READ_MISSES added after column ROWS_UPDATED before SELECT_COMMANDS.

Other changes:
- Do not collect table statistics for system tables like index_stats
  table_stats, performance_schema, information_schema etc as the user
  has no control of these and the generate noice in the statistics.
- All row variables that are part of user_stats are moved to
  'struct rows_stats' to make it easy to clear all of them at once.
- ha_read_key_misses added to STATUS_VAR

Notes:
- userstat.result has a change of numbers of rows for handler_read_key.
  This is because use-stat-tables is now disabled for the test.

fixes a failure of period.create on bintar-centos74-amd64

EE_ numbers occupy the same range as OS Exxx errors and
my_errno is generally for OS errors. And for HA_ERR_ handler errors
which occupy a different range, so can be freely mixed with OS errors.

add a test case

reinit_io_cache() resets and restores MY_TRACK_WITH_LIMIT internally

and make it static

and rephrase memory accounting error message to match tmp_space one
(besides, memory accounting error could - and did - happen when all
memory was actually freed)

MDEV-34150 Assertion failure in Diagnostics_area::set_error_status upon binary logging hitting tmp space limit

- Moved writing to binlog_cache from close_thread_tables() to
  binlog_commit().
- In select_create() delete cached row events instead of flushing them
  to disk. This was done to avoid possible disk write error in this code.

MDEV-34054 Memory leak in Window_func_runner::exec after encountering "temporary space limit reached" error

Changes:
- Fixed that MyISAM and Aria parallel repair works with tmp file limit.
  This required to add current_thd to all parallel workers and add
  protection in my_malloc_size_cb_func() and temp_file_size_cb_func() to
  be able to handle shared THD's.  I removed the old code in MyISAM to
  set current_thd() as only worked when using with virtal indexed
  columns and I wanted to keep the Aria and MyISAM code identical.

Other things:
- Improved error messages from Aria parallel repair and
  create_internal_tmp_table_from_heap().