mirror of
				https://github.com/ansible-collections/community.mysql.git
				synced 2025-10-25 21:44:02 -07:00 
			
		
		
		
	update doc
This commit is contained in:
		
					parent
					
						
							
								805c3ea248
							
						
					
				
			
			
				commit
				
					
						35285733de
					
				
			
		
					 2 changed files with 15 additions and 14 deletions
				
			
		|  | @ -1,9 +1,9 @@ | ||||||
| """Generate MySQL caching_sha2_password hash for a given password and salt.""" | """Generate MySQL sha256 compatible plugins hash for a given password and salt.""" | ||||||
| 
 | 
 | ||||||
| import hashlib | import hashlib | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| def to64(v: int, n: int) -> str: | def _to64(v: int, n: int) -> str: | ||||||
|     """Convert a 32-bit integer to a base-64 string""" |     """Convert a 32-bit integer to a base-64 string""" | ||||||
|     i64 = ( |     i64 = ( | ||||||
|         [".", "/"] |         [".", "/"] | ||||||
|  | @ -19,18 +19,18 @@ def to64(v: int, n: int) -> str: | ||||||
|     return result |     return result | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| def hashlib_sha256(data: bytes) -> bytes: | def _hashlib_sha256(data: bytes) -> bytes: | ||||||
|     """Return SHA-256 digest from hashlib .""" |     """Return SHA-256 digest from hashlib .""" | ||||||
|     return hashlib.sha256(data).digest() |     return hashlib.sha256(data).digest() | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| def sha256_digest(key: str, salt: str, loops: int) -> str: | def _sha256_digest(key: str, salt: str, loops: int) -> str: | ||||||
|     """Return a SHA-256 digest of the concatenation of the key, the salt, and the key, repeated as necessary.""" |     """Return a SHA-256 digest of the concatenation of the key, the salt, and the key, repeated as necessary.""" | ||||||
|     # https://www.akkadia.org/drepper/SHA-crypt.txt |     # https://www.akkadia.org/drepper/SHA-crypt.txt | ||||||
|     num_bytes: bytes = 32 |     num_bytes: bytes = 32 | ||||||
|     bytes_key: bytes = key.encode() |     bytes_key: bytes = key.encode() | ||||||
|     bytes_salt: bytes = salt.encode() |     bytes_salt: bytes = salt.encode() | ||||||
|     digest_b = hashlib_sha256(bytes_key + bytes_salt + bytes_key) |     digest_b = _hashlib_sha256(bytes_key + bytes_salt + bytes_key) | ||||||
| 
 | 
 | ||||||
|     tmp = bytes_key + bytes_salt |     tmp = bytes_key + bytes_salt | ||||||
|     for i in range(len(bytes_key), 0, -num_bytes): |     for i in range(len(bytes_key), 0, -num_bytes): | ||||||
|  | @ -41,13 +41,13 @@ def sha256_digest(key: str, salt: str, loops: int) -> str: | ||||||
|         tmp += digest_b if (i & 1) != 0 else bytes_key |         tmp += digest_b if (i & 1) != 0 else bytes_key | ||||||
|         i >>= 1 |         i >>= 1 | ||||||
| 
 | 
 | ||||||
|     digest_a = hashlib_sha256(tmp) |     digest_a = _hashlib_sha256(tmp) | ||||||
| 
 | 
 | ||||||
|     tmp = b"" |     tmp = b"" | ||||||
|     for i in range(len(bytes_key)): |     for i in range(len(bytes_key)): | ||||||
|         tmp += bytes_key |         tmp += bytes_key | ||||||
| 
 | 
 | ||||||
|     digest_dp = hashlib_sha256(tmp) |     digest_dp = _hashlib_sha256(tmp) | ||||||
| 
 | 
 | ||||||
|     byte_sequence_p = b"" |     byte_sequence_p = b"" | ||||||
|     for i in range(len(bytes_key), 0, -num_bytes): |     for i in range(len(bytes_key), 0, -num_bytes): | ||||||
|  | @ -59,7 +59,7 @@ def sha256_digest(key: str, salt: str, loops: int) -> str: | ||||||
|     for i in range(til): |     for i in range(til): | ||||||
|         tmp += bytes_salt |         tmp += bytes_salt | ||||||
| 
 | 
 | ||||||
|     digest_ds = hashlib_sha256(tmp) |     digest_ds = _hashlib_sha256(tmp) | ||||||
| 
 | 
 | ||||||
|     byte_sequence_s = b"" |     byte_sequence_s = b"" | ||||||
|     for i in range(len(bytes_salt), 0, -num_bytes): |     for i in range(len(bytes_salt), 0, -num_bytes): | ||||||
|  | @ -74,7 +74,7 @@ def sha256_digest(key: str, salt: str, loops: int) -> str: | ||||||
|         if i % 7: |         if i % 7: | ||||||
|             tmp += byte_sequence_p |             tmp += byte_sequence_p | ||||||
|         tmp += digest_c if (i & 1) else byte_sequence_p |         tmp += digest_c if (i & 1) else byte_sequence_p | ||||||
|         digest_c = hashlib_sha256(tmp) |         digest_c = _hashlib_sha256(tmp) | ||||||
| 
 | 
 | ||||||
|     inc1, inc2, mod, end = (10, 21, 30, 0) |     inc1, inc2, mod, end = (10, 21, 30, 0) | ||||||
| 
 | 
 | ||||||
|  | @ -82,14 +82,14 @@ def sha256_digest(key: str, salt: str, loops: int) -> str: | ||||||
|     tmp = "" |     tmp = "" | ||||||
| 
 | 
 | ||||||
|     while True: |     while True: | ||||||
|         tmp += to64( |         tmp += _to64( | ||||||
|             (digest_c[i] << 16) | (digest_c[(i + inc1) % mod] << 8) | digest_c[(i + inc1 * 2) % mod], 4 |             (digest_c[i] << 16) | (digest_c[(i + inc1) % mod] << 8) | digest_c[(i + inc1 * 2) % mod], 4 | ||||||
|         ) |         ) | ||||||
|         i = (i + inc2) % mod |         i = (i + inc2) % mod | ||||||
|         if i == end: |         if i == end: | ||||||
|             break |             break | ||||||
| 
 | 
 | ||||||
|     tmp += to64((digest_c[31] << 8) | digest_c[30], 3) |     tmp += _to64((digest_c[31] << 8) | digest_c[30], 3) | ||||||
| 
 | 
 | ||||||
|     return tmp |     return tmp | ||||||
| 
 | 
 | ||||||
|  | @ -101,5 +101,5 @@ def mysql_sha256_password_hash_hex(password: str, salt: str) -> str: | ||||||
|     count = 5 |     count = 5 | ||||||
|     iteration = 1000 * count |     iteration = 1000 * count | ||||||
| 
 | 
 | ||||||
|     digest = sha256_digest(password, salt, iteration) |     digest = _sha256_digest(password, salt, iteration) | ||||||
|     return f"$A${count:>03}${salt}{digest}".encode().hex().upper() |     return f"$A${count:>03}${salt}{digest}".encode().hex().upper() | ||||||
|  |  | ||||||
|  | @ -139,13 +139,14 @@ options: | ||||||
|     description: |     description: | ||||||
|       - User's plugin auth_string (``CREATE USER user IDENTIFIED WITH plugin BY plugin_auth_string``). |       - User's plugin auth_string (``CREATE USER user IDENTIFIED WITH plugin BY plugin_auth_string``). | ||||||
|       - If I(plugin) is ``pam`` (MariaDB) or ``auth_pam`` (MySQL) an optional I(plugin_auth_string) can be used to choose a specific PAM service. |       - If I(plugin) is ``pam`` (MariaDB) or ``auth_pam`` (MySQL) an optional I(plugin_auth_string) can be used to choose a specific PAM service. | ||||||
|       - You need to define a I(salt) to have idempotence on password change. |       - You need to define a I(salt) to have idempotence on password change with ``caching_sha2_password`` and ``sha256_password`` plugins. | ||||||
|     type: str |     type: str | ||||||
|     version_added: '0.1.0' |     version_added: '0.1.0' | ||||||
|   salt: |   salt: | ||||||
|     description: |     description: | ||||||
|       - Salt used to generate password hash. |       - Salt used to generate password hash. | ||||||
|       - I(plugin) must be equal to ``caching_sha2_password`` and I(plugin_auth_string) must be defined. |       - Salt length must be 20 characters. | ||||||
|  |       - I(plugin) must be equal to ``caching_sha2_password`` or ``sha256_password`` and I(plugin_auth_string) defined. | ||||||
|     type: str |     type: str | ||||||
|     version_added: '3.10.0' |     version_added: '3.10.0' | ||||||
|   resource_limits: |   resource_limits: | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue