server: Remove old handshake support

[dveeden]

What problem does this PR solve?

Issue Number: close #36922

Problem Summary:

Remove support for:

• Protocol::HandshakeV9
• Protocol::HandshakeResponse320

This removes support for pre-4.1 MySQL clients. As TiDB doesn't support the old pre-4.1 hashing method I don't think these were ever fully supported.

See also https://dev.mysql.com/doc/refman/5.6/en/password-hashing.html

Check List

Tests

• Unit test
• Integration test
• Manual test (add detailed scripts or steps below)
• No code

Side effects

• Performance regression: Consumes more CPU
• Performance regression: Consumes more Memory
• Breaking backward compatibility

Documentation

• Affects user behaviors
• Contains syntax changes
• Contains variable changes
• Contains experimental features
• Changes MySQL compatibility

Release note

Support for handshake support for pre-4.1 MySQL clients was removed

Questions to reviewers

• Is removing this functionality that only exists there for old HAProxy versions allowed according to the compatibility policy?

[ti-chi-bot]

[REVIEW NOTIFICATION]

This pull request has been approved by:

• lysu
• wjhuang2016

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by submitting an approval review.
Reviewer can cancel approval by submitting a request changes review.

[morgo]

@dveeden I think you are correct that it was never fully supported, but the intended use-case was strictly for HAProxy: #8812

I believe HAProxy's MySQL protocol support does not link against a client API, hence the weird behavior. Please check and make sure it works with this removed :-)

[dveeden]

@dveeden I think you are correct that it was never fully supported, but the intended use-case was strictly for HAProxy: #8812

I believe HAProxy's MySQL protocol support does not link against a client API, hence the weird behavior. Please check and make sure it works with this removed :-)

I'll check that. Let's set this to draft status until that's done

[dveeden]

https://cbonte.github.io/haproxy-dconv/2.4/configuration.html#4.2-option%20mysql-check says this supports both pre-v4.1 and post-v4.1 auth and the default is post-v4.1.

See also: haproxy/haproxy@62f79fe

I've tested with haproxy (compiled from master at bc1223be7) and it does work with the default and with the post-41 option. With pre-41 it fails with this commit and succeeds with tidb from current master.

[dveeden]

/cc @morgo

[dveeden]

/cc @jackysp @lysu

[ti-chi-bot]

@dveeden: GitHub didn't allow me to request PR reviews from the following users: lysu.

Note that only pingcap members and repo collaborators can review this PR, and authors cannot review their own PRs.

In response to this:

/cc @jackysp @lysu

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[ti-chi-bot]

@lysu: Thanks for your review. The bot only counts approvals from reviewers and higher roles in list, but you're still welcome to leave your comments.

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository.

[lysu]

/merge

[ti-chi-bot]

This pull request has been accepted and is ready to merge.

Commit hash: 08aa2d0cdabcd94e7c643901ae3a664bedcf1492

[tisonkun]

@lysu I sent an invitation to respect you as a TiDB committer as the consensus in pingcap/community#522 .

You can accept by https://github.com/orgs/pingcap/invitation and approve this PR.

[tisonkun]

@lysu oops a race happened :)

[tisonkun]

Is removing this functionality that only exists there for old HAProxy versions allowed according to the compatibility policy?

/hold

@lysu @wjhuang2016 @morgo please be aware of the compatibility breaker and unhold merging if no further concern

[bb7133]

/merge

[ti-chi-bot]

This pull request has been accepted and is ready to merge.

Commit hash: 1915ea191087e4eb3f75cfd6854a5bd74dc14d70

[dveeden]

/assign @bb7133

[sre-bot]

Code Coverage Details: https://codecov.io/github/pingcap/tidb/commit/14f4daf800ba5531a175bddd70f5823406594a72

[morgo]

LGTM; removing will help improve security, since an old auth mechanism like this will surely become a target.

[tisonkun]

/unhold

[tisonkun]

/merge

[ti-chi-bot]

This pull request has been accepted and is ready to merge.

Commit hash: 009ac3e

[sre-bot]

TiDB MergeCI notify

✅ Well Done! New fixed [1] after this pr merged.

CI Name	Result	Duration	Compare with Parent commit
idc-jenkins-ci-tidb/common-test	🔴 failed 2, success 9, total 11	13 min	Existing failure
idc-jenkins-ci-tidb/integration-common-test	✅ all 17 tests passed	13 min	Fixed
idc-jenkins-ci/integration-cdc-test	🟢 all 36 tests passed	27 min	Existing passed
idc-jenkins-ci-tidb/tics-test	🟢 all 1 tests passed	5 min 52 sec	Existing passed
idc-jenkins-ci-tidb/sqllogic-test-2	🟢 all 28 tests passed	5 min 23 sec	Existing passed
idc-jenkins-ci-tidb/integration-ddl-test	🟢 all 6 tests passed	5 min 12 sec	Existing passed
idc-jenkins-ci-tidb/sqllogic-test-1	🟢 all 26 tests passed	4 min 43 sec	Existing passed
idc-jenkins-ci-tidb/mybatis-test	🟢 all 1 tests passed	3 min 24 sec	Existing passed
idc-jenkins-ci-tidb/integration-compatibility-test	🟢 all 1 tests passed	3 min 14 sec	Existing passed
idc-jenkins-ci-tidb/plugin-test	🟢 build success, plugin test success	4min	Existing passed