ansible-collections/community.mysql
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.mysql.git synced 2025-08-21 05:21:46 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

[ci skip] handle change

Browse source
This commit is contained in:
Matthieu Bourgain 2024-04-22 18:26:51 +02:00
commit 51f2c05ea4
No known key found for this signature in database
GPG key ID: 33BA95C808890C39
2 changed files with 11 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

12
plugins/module_utils/user.py
View file

@ -360,6 +360,14 @@ def user_mod(cursor, user, host, host_all, password, encrypted,
# a check, so I prefer to update more often than never
update = True
if salt:
if plugin in ['caching_sha2_password', 'sha256_password']:
generated_hash_string = mysql_sha256_password_hash_hex(password=plugin_auth_string, salt=salt)
if current_plugin[0] != generated_hash_string:
update = True
else:
module.fail_json(msg="salt not handled for %s authentication plugin" % plugin)
if update:
if plugin_hash_string:
query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, plugin_hash_string)
@ -368,10 +376,6 @@ def user_mod(cursor, user, host, host_all, password, encrypted,
if plugin in ('pam', 'ed25519'):
query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s USING %s", (user, host, plugin, plugin_auth_string)
elif salt:
if plugin in ['caching_sha2_password', 'sha256_password']:
generated_hash_string = mysql_sha256_password_hash_hex(password=plugin_auth_string, salt=salt)
else:
module.fail_json(msg="salt not handled for %s authentication plugin" % plugin)
query_with_args = ("ALTER USER %s@%s IDENTIFIED WITH %s AS 0x" + generated_hash_string), (user, host, plugin)
else:
query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string)

4
plugins/modules/mysql_user.py
View file

@ -517,8 +517,10 @@ def main():
should be positive number")
if salt:
if not plugin_auth_string:
module.fail_json(msg="salt requires plugin_auth_string")
if len(salt) != 20:
module.fail_json(msg="Salt must be 20 characters long")
module.fail_json(msg="salt must be 20 characters long")
if plugin not in ['caching_sha2_password', 'sha256_password']:
module.fail_json(msg="salt requires caching_sha2_password or sha256_password plugin")