server: Fix authentication with MySQL 5.1 and older clients

[dveeden]

What problem does this PR solve?

Issue Number: close #29725

Problem Summary:

handleAuthPlugin checks for the ClientPluginAuth capability but this didn't set the AuthPlugin causing readOptionalSSLRequestAndHandshakeResponse to return an error.

Note that this allows authentication for users that use mysql_native_password to work, but users using caching_sha2_passwords won't work.

This does now return a more specific error in case authentication with caching_sha2_password is used.

[dvaneeden@dve-carbon ~]$ ~/opt/mysql/5.1.73/bin/mysql -h 127.0.0.1 -u sha -P 4000 -psha
ERROR 1105 (HY000): ERROR 1251 (08004): Client does not support authentication protocol requested by server; consider upgrading MySQL client

Check List

Tests

• Unit test
• Integration test
• Manual test (add detailed scripts or steps below)
• No code

Side effects

• Performance regression: Consumes more CPU
• Performance regression: Consumes more Memory
• Breaking backward compatibility

Documentation

• Affects user behaviors
• Contains syntax changes
• Contains variable changes
• Contains experimental features
• Changes MySQL compatibility

Release note

None

[ti-chi-bot]

[REVIEW NOTIFICATION]

This pull request has not been approved.

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Details

Reviewer can indicate their review by submitting an approval review.
Reviewer can cancel approval by submitting a request changes review.

[dveeden]

This will need careful merging with #29577

[bb7133]

Note that this allows authentication for users that use mysql_native_password to work, but users using caching_sha2_passwords won't work.

This does now return a more specific error in case authentication with caching_sha2_password is used.

So your point is, if a user with caching_sha2_password authentication is defined, login with old MySQL client(v5.1) will not be allowed, right?

[bb7133]

Please add a test case for your change, if it can be a functional test for handleAuthPlugin() only, that would be great :)

[djshow832]

There are no such test cases in TiDB, which is the reason why there are many fix-on-a-fix problems.
Can you try to add a test case so that future modifications won't break the compatibility?

[djshow832]

Also, please add a release note so that users can figure out from the user doc that the bugfix is contained in which versions.

[djshow832]

There are no such test cases in TiDB, which is the reason why there are many fix-on-a-fix problems. Can you try to add a test case so that future modifications won't break the compatibility?

Will any authentication test cases be ported from the MySQL test? @morgo

[dveeden]

Closing this as this is now part of #29738