ansible-collections/community.mysql
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.mysql.git synced 2025-08-21 21:41:46 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

update doc

Browse source
This commit is contained in:
Matthieu Bourgain 2024-04-19 09:57:19 +02:00
commit 35285733de
No known key found for this signature in database
GPG key ID: 33BA95C808890C39
2 changed files with 15 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

24
plugins/module_utils/implementations/mysql/hash.py
View file

@ -1,9 +1,9 @@
"""Generate MySQL caching_sha2_password hash for a given password and salt.""" """Generate MySQL sha256 compatible plugins hash for a given password and salt."""
import hashlib import hashlib
def to64(v: int, n: int) -> str: def _to64(v: int, n: int) -> str:
"""Convert a 32-bit integer to a base-64 string""" """Convert a 32-bit integer to a base-64 string"""
i64 = ( i64 = (
[".", "/"] [".", "/"]
@ -19,18 +19,18 @@ def to64(v: int, n: int) -> str:
return result return result
def hashlib_sha256(data: bytes) -> bytes: def _hashlib_sha256(data: bytes) -> bytes:
"""Return SHA-256 digest from hashlib .""" """Return SHA-256 digest from hashlib ."""
return hashlib.sha256(data).digest() return hashlib.sha256(data).digest()
def sha256_digest(key: str, salt: str, loops: int) -> str: def _sha256_digest(key: str, salt: str, loops: int) -> str:
"""Return a SHA-256 digest of the concatenation of the key, the salt, and the key, repeated as necessary.""" """Return a SHA-256 digest of the concatenation of the key, the salt, and the key, repeated as necessary."""
# https://www.akkadia.org/drepper/SHA-crypt.txt # https://www.akkadia.org/drepper/SHA-crypt.txt
num_bytes: bytes = 32 num_bytes: bytes = 32
bytes_key: bytes = key.encode() bytes_key: bytes = key.encode()
bytes_salt: bytes = salt.encode() bytes_salt: bytes = salt.encode()
digest_b = hashlib_sha256(bytes_key + bytes_salt + bytes_key) digest_b = _hashlib_sha256(bytes_key + bytes_salt + bytes_key)
tmp = bytes_key + bytes_salt tmp = bytes_key + bytes_salt
for i in range(len(bytes_key), 0, -num_bytes): for i in range(len(bytes_key), 0, -num_bytes):
@ -41,13 +41,13 @@ def sha256_digest(key: str, salt: str, loops: int) -> str:
tmp += digest_b if (i & 1) != 0 else bytes_key tmp += digest_b if (i & 1) != 0 else bytes_key
i >>= 1 i >>= 1
digest_a = hashlib_sha256(tmp) digest_a = _hashlib_sha256(tmp)
tmp = b"" tmp = b""
for i in range(len(bytes_key)): for i in range(len(bytes_key)):
tmp += bytes_key tmp += bytes_key
digest_dp = hashlib_sha256(tmp) digest_dp = _hashlib_sha256(tmp)
byte_sequence_p = b"" byte_sequence_p = b""
for i in range(len(bytes_key), 0, -num_bytes): for i in range(len(bytes_key), 0, -num_bytes):
@ -59,7 +59,7 @@ def sha256_digest(key: str, salt: str, loops: int) -> str:
for i in range(til): for i in range(til):
tmp += bytes_salt tmp += bytes_salt
digest_ds = hashlib_sha256(tmp) digest_ds = _hashlib_sha256(tmp)
byte_sequence_s = b"" byte_sequence_s = b""
for i in range(len(bytes_salt), 0, -num_bytes): for i in range(len(bytes_salt), 0, -num_bytes):
@ -74,7 +74,7 @@ def sha256_digest(key: str, salt: str, loops: int) -> str:
if i % 7: if i % 7:
tmp += byte_sequence_p tmp += byte_sequence_p
tmp += digest_c if (i & 1) else byte_sequence_p tmp += digest_c if (i & 1) else byte_sequence_p
digest_c = hashlib_sha256(tmp) digest_c = _hashlib_sha256(tmp)
inc1, inc2, mod, end = (10, 21, 30, 0) inc1, inc2, mod, end = (10, 21, 30, 0)
@ -82,14 +82,14 @@ def sha256_digest(key: str, salt: str, loops: int) -> str:
tmp = "" tmp = ""
while True: while True:
tmp += to64( tmp += _to64(
(digest_c[i] << 16) | (digest_c[(i + inc1) % mod] << 8) | digest_c[(i + inc1 * 2) % mod], 4 (digest_c[i] << 16) | (digest_c[(i + inc1) % mod] << 8) | digest_c[(i + inc1 * 2) % mod], 4
) )
i = (i + inc2) % mod i = (i + inc2) % mod
if i == end: if i == end:
break break
tmp += to64((digest_c[31] << 8) | digest_c[30], 3) tmp += _to64((digest_c[31] << 8) | digest_c[30], 3)
return tmp return tmp
@ -101,5 +101,5 @@ def mysql_sha256_password_hash_hex(password: str, salt: str) -> str:
count = 5 count = 5
iteration = 1000 * count iteration = 1000 * count
digest = sha256_digest(password, salt, iteration) digest = _sha256_digest(password, salt, iteration)
return f"$A${count:>03}${salt}{digest}".encode().hex().upper() return f"$A${count:>03}${salt}{digest}".encode().hex().upper()

5
plugins/modules/mysql_user.py
View file

@ -139,13 +139,14 @@ options:
description: description:
- User's plugin auth_string (``CREATE USER user IDENTIFIED WITH plugin BY plugin_auth_string``). - User's plugin auth_string (``CREATE USER user IDENTIFIED WITH plugin BY plugin_auth_string``).
- If I(plugin) is ``pam`` (MariaDB) or ``auth_pam`` (MySQL) an optional I(plugin_auth_string) can be used to choose a specific PAM service. - If I(plugin) is ``pam`` (MariaDB) or ``auth_pam`` (MySQL) an optional I(plugin_auth_string) can be used to choose a specific PAM service.
- You need to define a I(salt) to have idempotence on password change. - You need to define a I(salt) to have idempotence on password change with ``caching_sha2_password`` and ``sha256_password`` plugins.
type: str type: str
version_added: '0.1.0' version_added: '0.1.0'
salt: salt:
description: description:
- Salt used to generate password hash. - Salt used to generate password hash.
- I(plugin) must be equal to ``caching_sha2_password`` and I(plugin_auth_string) must be defined. - Salt length must be 20 characters.
- I(plugin) must be equal to ``caching_sha2_password`` or ``sha256_password`` and I(plugin_auth_string) defined.
type: str type: str
version_added: '3.10.0' version_added: '3.10.0'
resource_limits: resource_limits: