ansible-collections/community.mysql
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.mysql.git synced 2025-08-21 05:21:46 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

[ci skip] fix change with hex

Browse source
This commit is contained in:
Matthieu Bourgain 2024-04-22 18:44:21 +02:00
commit 9cc277a60a
No known key found for this signature in database
GPG key ID: 33BA95C808890C39
2 changed files with 13 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

9
plugins/module_utils/implementations/mysql/hash.py
View file

@ -108,8 +108,8 @@ def _sha256_digest(key, salt, loops):
return tmp return tmp
def mysql_sha256_password_hash_hex(password, salt): def mysql_sha256_password_hash(password, salt):
"""Return a MySQL compatible caching_sha2_password hash in hex format.""" """Return a MySQL compatible caching_sha2_password hash in raw format."""
if len(salt) != 20: if len(salt) != 20:
raise ValueError("Salt must be 20 characters long.") raise ValueError("Salt must be 20 characters long.")
@ -118,3 +118,8 @@ def mysql_sha256_password_hash_hex(password, salt):
digest = _sha256_digest(password, salt, iteration) digest = _sha256_digest(password, salt, iteration)
return "$A${0:>03}${1}{2}".format(count, salt, digest).encode().hex().upper() return "$A${0:>03}${1}{2}".format(count, salt, digest).encode().hex().upper()
def mysql_sha256_password_hash_hex(password, salt):
"""Return a MySQL compatible caching_sha2_password hash in hex format."""
return mysql_sha256_password_hash(password, salt).encode().hex().upper()

8
plugins/module_utils/user.py
View file

@ -22,6 +22,7 @@ from ansible_collections.community.mysql.plugins.module_utils.mysql import (
get_server_implementation, get_server_implementation,
) )
from ansible_collections.community.mysql.plugins.module_utils.implementations.mysql.hash import ( from ansible_collections.community.mysql.plugins.module_utils.implementations.mysql.hash import (
mysql_sha256_password_hash,
mysql_sha256_password_hash_hex, mysql_sha256_password_hash_hex,
) )
@ -362,8 +363,7 @@ def user_mod(cursor, user, host, host_all, password, encrypted,
if salt: if salt:
if plugin in ['caching_sha2_password', 'sha256_password']: if plugin in ['caching_sha2_password', 'sha256_password']:
generated_hash_string = mysql_sha256_password_hash_hex(password=plugin_auth_string, salt=salt) if current_plugin[0] != mysql_sha256_password_hash(password=plugin_auth_string, salt=salt):
if current_plugin[0] != generated_hash_string:
update = True update = True
else: else:
module.fail_json(msg="salt not handled for %s authentication plugin" % plugin) module.fail_json(msg="salt not handled for %s authentication plugin" % plugin)
@ -376,6 +376,10 @@ def user_mod(cursor, user, host, host_all, password, encrypted,
if plugin in ('pam', 'ed25519'): if plugin in ('pam', 'ed25519'):
query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s USING %s", (user, host, plugin, plugin_auth_string) query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s USING %s", (user, host, plugin, plugin_auth_string)
elif salt: elif salt:
if plugin in ['caching_sha2_password', 'sha256_password']:
generated_hash_string = mysql_sha256_password_hash_hex(password=plugin_auth_string, salt=salt)
else:
module.fail_json(msg="salt not handled for %s authentication plugin" % plugin)
query_with_args = ("ALTER USER %s@%s IDENTIFIED WITH %s AS 0x" + generated_hash_string), (user, host, plugin) query_with_args = ("ALTER USER %s@%s IDENTIFIED WITH %s AS 0x" + generated_hash_string), (user, host, plugin)
else: else:
query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string) query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string)