authentication plugin: SET PASSWORD support

authentication plugin: SET PASSWORD support.

The syntax could stay the as before:

SET PASSWORD [ FOR user ] = { "hash" | PASSWORD("password") }

The PASSWORD() syntax will need to use the plugin-specific password hashing callback. There is no need to have per-plugin password hashing function. For example, writing PASSWORD() for the user, who uses mysql_old_password will be the same as using OLD_PASSWORD() function in earlier MySQL/MariaDB versions. OLD_PASSWORD() syntax could stay or, better, could be removed as nobody should be using that plugin anymore.

The same syntax can be used for CREATE USER and GRANT:

CREATE USER name IDENTIFIED WITH plugin AS PASSWORD("foo")

This makes the standalone PASSWORD function will become somewhat confusing, because it'll use double-SHA1 hashing, it cannot use the "corresponding user's auth plugin", because it's not run in the user context. Possible solutions:

• Add an optional second argument to specify a plugin, or
• Keep it that way, it's good that one cannot arbitrarily invoke plugin's password hashing function. We've had a lot of issues [*] before when users tried to use PASSWORD() as a generic password-hashing function for their applications. It is not, it's an internal MariaDB authentication plugin dependent password hashing, only to be used for MariaDB authentication. Not allowing a user to use plugin hashing directly will create less possibilities for abusing it.

[*] In MySQL 4.0.0 (or 4.1.0?) we've tried to salt passwords, so that PASSWORD() would use a random salt. Got huge number of complains about PASSWORD() being non-deterministic, it broke all applications where users did, like

SELECT ... FROM user_table WHERE user_name="name_input_field" AND

                                 user_password=PASSWORD("password_input_field")