From 354971bf6b3fc711cf68365b74c986055308f62d Mon Sep 17 00:00:00 2001
From: cbcwestwolf <1004626265@qq.com>
Date: Sun, 18 Sep 2022 12:56:31 +0800
Subject: [PATCH 1/2] server: change the compatibility of tidb_sm3_password

---
 server/conn.go | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/server/conn.go b/server/conn.go
index 9a69b5b1eaec9..ca6d2678cd7c5 100644
--- a/server/conn.go
+++ b/server/conn.go
@@ -923,11 +923,6 @@ func (cc *clientConn) checkAuthPlugin(ctx context.Context, resp *handshakeRespon
 	// method to match the one configured for that specific user.
 	if (cc.authPlugin != userplugin) || (cc.authPlugin != resp.AuthPlugin) {
 		if resp.Capability&mysql.ClientPluginAuth > 0 {
-			// For compatibility, since most mysql client doesn't support 'tidb_sm3_password',
-			// they can connect to TiDB using a `tidb_sm3_password` user with a 'caching_sha2_password' plugin.
-			if userplugin == mysql.AuthTiDBSM3Password {
-				userplugin = mysql.AuthCachingSha2Password
-			}
 			authData, err := cc.authSwitchRequest(ctx, userplugin)
 			if err != nil {
 				return nil, err

From f2541c466508a58cd607a66500185a7296dc6e4f Mon Sep 17 00:00:00 2001
From: cbcwestwolf <1004626265@qq.com>
Date: Mon, 19 Sep 2022 11:12:05 +0800
Subject: [PATCH 2/2] Fix UT

---
 server/conn_test.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/server/conn_test.go b/server/conn_test.go
index 3acc67c7ff4f5..3c6edcf30bba7 100644
--- a/server/conn_test.go
+++ b/server/conn_test.go
@@ -1288,7 +1288,7 @@ func TestHandleAuthPlugin(t *testing.T) {
 	}
 	err = cc.handleAuthPlugin(ctx, &resp)
 	require.NoError(t, err)
-	require.Equal(t, []byte(mysql.AuthCachingSha2Password), resp.Auth)
+	require.Equal(t, []byte(mysql.AuthTiDBSM3Password), resp.Auth)
 	require.NoError(t, failpoint.Disable("github.com/pingcap/tidb/server/FakeAuthSwitch"))
 
 	// 8.0 or newer client trying to authenticate with caching_sha2_password
@@ -1311,7 +1311,7 @@ func TestHandleAuthPlugin(t *testing.T) {
 	}
 	err = cc.handleAuthPlugin(ctx, &resp)
 	require.NoError(t, err)
-	require.Equal(t, []byte(mysql.AuthCachingSha2Password), resp.Auth)
+	require.Equal(t, []byte(mysql.AuthTiDBSM3Password), resp.Auth)
 	require.NoError(t, failpoint.Disable("github.com/pingcap/tidb/server/FakeAuthSwitch"))
 
 	// client trying to authenticate with tidb_sm3_password
@@ -1334,7 +1334,7 @@ func TestHandleAuthPlugin(t *testing.T) {
 	}
 	err = cc.handleAuthPlugin(ctx, &resp)
 	require.NoError(t, err)
-	require.Equal(t, []byte(mysql.AuthCachingSha2Password), resp.Auth)
+	require.Equal(t, []byte(mysql.AuthTiDBSM3Password), resp.Auth)
 	require.NoError(t, failpoint.Disable("github.com/pingcap/tidb/server/FakeAuthSwitch"))
 
 	// MySQL 5.1 or older client, without authplugin support