From 154d88084687db594f8ad71c571bb7ff05bae5e6 Mon Sep 17 00:00:00 2001 From: Laurent Indermuehle Date: Thu, 12 Oct 2023 13:46:27 +0200 Subject: [PATCH] fix case when a account as same user but different host and password --- plugins/module_utils/user.py | 14 +++++----- plugins/modules/mysql_info.py | 2 +- .../tasks/filter_users_privs.yml | 27 +++++++++++++++++++ 3 files changed, 36 insertions(+), 7 deletions(-) diff --git a/plugins/module_utils/user.py b/plugins/module_utils/user.py index b3c13ce..a88b32e 100644 --- a/plugins/module_utils/user.py +++ b/plugins/module_utils/user.py @@ -112,7 +112,7 @@ def get_grants(cursor, user, host): return grants.split(", ") -def get_existing_authentication(cursor, user): +def get_existing_authentication(cursor, user, host): # Return the plugin and auth_string if there is exactly one distinct existing plugin and auth_string. cursor.execute("SELECT VERSION()") srv_type = cursor.fetchone() @@ -126,12 +126,14 @@ def get_existing_authentication(cursor, user): # when using mysql_native_password cursor.execute("""select plugin, auth from ( select plugin, password as auth from mysql.user where user=%(user)s + and host=%(host)s union select plugin, authentication_string as auth from mysql.user where user=%(user)s - ) x group by plugin, auth limit 2 - """, {'user': user}) + and host=%(host)s) x group by plugin, auth limit 2 + """, {'user': user, 'host': host}) else: - cursor.execute("""select plugin, authentication_string as auth from mysql.user where user=%(user)s - group by plugin, authentication_string limit 2""", {'user': user}) + cursor.execute("""select plugin, authentication_string as auth + from mysql.user where user=%(user)s and host=%(host)s + group by plugin, authentication_string limit 2""", {'user': user, 'host': host}) rows = cursor.fetchall() # Mysql_info use a DictCursor so we must convert back to a list @@ -164,7 +166,7 @@ def user_add(cursor, user, host, host_all, password, encrypted, used_existing_password = False if reuse_existing_password: - existing_auth = get_existing_authentication(cursor, user) + existing_auth = get_existing_authentication(cursor, user, host) if existing_auth: plugin = existing_auth['plugin'] plugin_hash_string = existing_auth['auth_string'] diff --git a/plugins/modules/mysql_info.py b/plugins/modules/mysql_info.py index 16cd65b..03e5ea6 100644 --- a/plugins/modules/mysql_info.py +++ b/plugins/modules/mysql_info.py @@ -605,7 +605,7 @@ class MySQL_Info(object): if len(output_dict['resource_limits']) == 0: del output_dict['resource_limits'] - authentications = get_existing_authentication(self.cursor, user) + authentications = get_existing_authentication(self.cursor, user, host) if authentications: output_dict.update(authentications) diff --git a/tests/integration/targets/test_mysql_info/tasks/filter_users_privs.yml b/tests/integration/targets/test_mysql_info/tasks/filter_users_privs.yml index 08e4191..73a09d3 100644 --- a/tests/integration/targets/test_mysql_info/tasks/filter_users_privs.yml +++ b/tests/integration/targets/test_mysql_info/tasks/filter_users_privs.yml @@ -120,6 +120,33 @@ GRANT SELECT,UPDATE(name1,NAME2,Name3) ON users_privs_db.T_UPPER TO users_privs_columns_uppercase@'users_privs.com' + - >- + CREATE USER users_privs_multi_hosts@'%' + IDENTIFIED WITH mysql_native_password AS + '*6C387FC3893DBA1E3BA155E74754DA6682D04747' + - GRANT SELECT ON users_privs_db.* TO users_privs_multi_hosts@'%' + + - >- + CREATE USER users_privs_multi_hosts@'localhost' + IDENTIFIED WITH mysql_native_password AS + '*6C387FC3893DBA1E3BA155E74754DA6682D04747' + - >- + GRANT SELECT ON users_privs_db.* TO + users_privs_multi_hosts@'localhost' + + - >- + CREATE USER users_privs_multi_hosts@'host1' + IDENTIFIED WITH mysql_native_password AS + '*6C387FC3893DBA1E3BA155E74754DA6682D04747' + - GRANT SELECT ON users_privs_db.* TO users_privs_multi_hosts@'host1' + + # Different password than the others users_privs_multi_hosts + - >- + CREATE USER users_privs_multi_hosts@'host2' + IDENTIFIED WITH mysql_native_password AS + '*CB3326D5279DE7915FE5D743232165EE887883CA' + - GRANT SELECT ON users_privs_db.* TO users_privs_multi_hosts@'host2' + - name: Mysql_info users_privs | Prepare tests users for MariaDB community.mysql.mysql_user: name: "{{ item.name }}"