Update user.py (#676)

* Update user.py Added correct syntax to ed25519 password plugin. on create user on update user This only accepts cleartext passwords (PASSWORD(%s)) not pregenerated ed25519 hashes. * Update plugins/module_utils/user.py Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> * Update plugins/module_utils/user.py Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> * Update plugins/module_utils/user.py Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> * Update plugins/module_utils/user.py Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> * Update plugins/module_utils/user.py * Update plugins/module_utils/user.py --------- Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
2025-04-05 02:00:31 -07:00 · 2024-09-09 15:01:26 +02:00 · 2024-09-09 15:01:26 +02:00 · eec6e7091f
commit eec6e7091f
parent 7188bea0c8
1 changed files with 6 additions and 2 deletions
--- a/plugins/module_utils/user.py
+++ b/plugins/module_utils/user.py
@ -212,8 +212,10 @@ def user_add(cursor, user, host, host_all, password, encrypted,
        query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, plugin_hash_string)
    elif plugin and plugin_auth_string:
        # Mysql and MariaDB differ in naming pam plugin and Syntax to set it
-        if plugin in ('pam', 'ed25519'):  # Used by MariaDB which requires the USING keyword, not BY
+        if plugin == 'pam':  # Used by MariaDB which requires the USING keyword, not BY
            query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s USING %s", (user, host, plugin, plugin_auth_string)
+        elif plugin == 'ed25519':  # Used by MariaDB which requires the USING keyword, not BY
+            query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s USING PASSWORD(%s)", (user, host, plugin, plugin_auth_string)
        elif salt:
            if plugin in ['caching_sha2_password', 'sha256_password']:
                generated_hash_string = mysql_sha256_password_hash_hex(password=plugin_auth_string, salt=salt)
@ -398,8 +400,10 @@ def user_mod(cursor, user, host, host_all, password, encrypted,
                    query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, plugin_hash_string)
                elif plugin_auth_string:
                    # Mysql and MariaDB differ in naming pam plugin and syntax to set it
-                    if plugin in ('pam', 'ed25519'):
+                    if plugin == 'pam':
                        query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s USING %s", (user, host, plugin, plugin_auth_string)
+                    elif plugin == 'ed25519':
+                        query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s USING PASSWORD(%s)", (user, host, plugin, plugin_auth_string)
                    elif salt:
                        if plugin in ['caching_sha2_password', 'sha256_password']:
                            generated_hash_string = mysql_sha256_password_hash_hex(password=plugin_auth_string, salt=salt)