expression:implement function password.

[louishust]

No description provided.

[shenli]

Need to set charset: chs = v.defaultCharset.

[shenli]

Also need to add a test case in typeinferer_test.go

[louishust]

done

[shenli]

LGTM
@XuHuaiyu @tiancaiamao PTAL

[louishust]

@XuHuaiyu @tiancaiamao PTAL

[XuHuaiyu]

Rest LGTM

[XuHuaiyu]

add . at the end of this comment.

[XuHuaiyu]

s/stage/stages

[tiancaiamao]

I see this Note in the document:

This function is deprecated as of MySQL 5.7.6 and will be removed in a future MySQL release.

Should TiDB implement it? @shenli

[louishust]

@tiancaiamao @shenli I think password is a useful function

[shenli]

@tiancaiamao We need this. Some DBAs still use this to generate password.

[tiancaiamao]

But set password for 'user'@'host' = PASSWORD('xxx') will not call this function,
and the algorithm used by TiDB to generate password is not compatible with this method.
@shenli

[louishust]

@tiancaiamao @shenli
It seems that the TIDB store password not in MySQL way!
So if user migrate data from MySQL using mysqldump, the user's password is changed?

[tiancaiamao]

For some historical reasons, TiDB store password not in MySQL way.
Yes, migrate from the mysql.user talbe would have some problem.

The risk of this PR is that, if user change password in this way, he can't login any more:

update mysql.user set password=PASSWORD('xxx') where user='xxx' and host='xxx';

I'll upgrade TiDB to make the stored data compatible with MySQL, so password function
in this PR can be used.

Please wait for while, thank you for your patience! @louishust

[louishust]

@tiancaiamao I'd like to upgrade TiDB to make the stored data compatible with MySQL

[tiancaiamao]

Nice! Feel fun to have a try.

Basically, you would follow those steps:

1. Add function upgradeToVer10 https://github.com/pingcap/tidb/blob/master/bootstrap.go#L367, which update password to the new format.
2. Change util.EncodePassword, it should do Sha1Hash([]byte(pwd)) twice. https://github.com/pingcap/tidb/blob/master/util/auth.go#L53
   change util.CalcPassword, remove this line https://github.com/pingcap/tidb/blob/master/util/auth.go#L32
3. Add test

[louishust]

@tiancaiamao upgradeToVer10 used to upgrade the old format password stored in TIDB to MySQL format? It seems can not upgrade using simple UPDATE statement cause I have to decode the old format to []byte and then SHA1 the []byte. Add an internal function upgrade_password for the upgrade? Or some other ways?

[tiancaiamao]

upgradeToVer10 used to upgrade the old format password stored in TIDB to MySQL format?

Yes, you're right.

It seems can not upgrade using simple UPDATE statement cause I have to decode the old format to []byte and then SHA1 the []byte.

Maybe, but you can have a try.

We don't store the raw password, the stored password in mysql.user currently is sha1(password).
it impossible to get the raw password, but... the upgrade just need to change
sha1(password) to sha1(sha1(password)), i.e. you don't need the raw password, just another sha1 on it.

Add an internal function upgrade_password for the upgrade?

Exactly.

Read the fucking source code would help, including
Auth() in session.go,
util/auth.go,
readHandshakeResponse() in server/conn.go which call Auth(),
ConnectionVerification() in privilege/privileges.go.

Here is the password check procedure (maybe miss information in detail):

1. client connect to server
2. server send handshake packet to client, within the packet there is a random salt
3. client send salt+sha1(sha1(password)) to server
4. server call Auth() function, check salt+sha1(sha1pwd) is the same.

[louishust]

this issue is blocked by #3292 , after #3292 is merged,
this issue can just use the EncodePassword function in #3292

[tiancaiamao]

Please resolve conflict.

[louishust]

@tiancaiamao OK

[tiancaiamao]

LGTM @XuHuaiyu @shenli

[shenli]

LGTM
@louishust Thanks!