-
Notifications
You must be signed in to change notification settings - Fork 795
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ability to use hex hash with caching_sha2_password plugin #1612
base: main
Are you sure you want to change the base?
Add ability to use hex hash with caching_sha2_password plugin #1612
Conversation
This would be a very useful improvement ❤ To add to this, looking at the defined type I've quickly modified I'm not sure if the new Note that, in |
Hey @Jimadine , I encountered a bug which I will focus first and come back to the request later. :) |
Can we get this merged? Would be helpful for us, we use this branch in prod already, and we want to be able to update without losing the changes. |
@C24-AK thanks for the PR! Can you take a look at the rubocop annotations and rebase against the latest main branch (not a merge commit)? |
52e36b6
to
491fca1
Compare
@bastelfreak done! Looking forward for the review |
@C24-AK - Do you think you'd be able to add a |
Done, I appreciate if you could test the changes and see if everything works as expected |
Thank you! I've looked at your changes and they look good. I'm attempting to test, but am facing a problem related to setting the mysql root password:
I'm not sure if this problem relates to the changes in this PR, but I tried
Apologies - I guess this is likely a problem limited to the specific scenario (an internal module) where I'm using the module! Hopefully I'll work it out. |
Hey, I appreciate testing this PR! |
Thank you, your recent commit d2e2b29 fixed it! 😃 I guess it would mean yet another change to allow changing the authentication plugin for the root user? I think it would mean a new param in |
Good to hear that it works :) @Jimadine I appreciate if you could test the root plugin :) |
Thank you! I've tested it and it appears to be trying to change the plugin for root, but it's returning the following errors:
|
I think I revert this commit since I cant actually test it right now, maybe we can implement this in another PR |
Yeah, I agree, best to revert. FWIW, the same error was apparent when attempting to set root's plugin to
|
Good morning @bastelfreak, is there anything else to do for this PR? |
Any Reviewers available? @bastelfreak @alexjfisher |
@C24-AK thanks for the patch! Is there a chance for you to add a test for this change? |
@C24-AK, it's a good job, I am very glad that someone has started implementing this important thing, but I think we can do a little better. We don't need to run mysql to convert a string to HEX
Instead of running an external binary, you can use ruby like this:
Or even we can immediately get the HEX from the MYSQL something like this, and then decode it back if necessary (since mysql_native_password is promised to be completely disabled in future versions of mysql, then this may be the best option)
|
We can also replace this general regexp:
with a more explicit one:
The magic sequence |
Hello, |
…ith more explicit one
dcafc70
to
9d1bb5f
Compare
Push |
@C24-AK any chance you can add a test for this? |
As I mentioned above I am not familiar with acceptance tests and was looking forward for help here. |
This has been going back and forth for 3/4 of a year - what is missing to get it merged? We use this branch on prod since December and need to always check to make sure not to overwrite it when we do module updates - would be nice to have it in the main branch. :-D Thank you for the module! |
Co-authored-by: Ben Ford <[email protected]>
Co-authored-by: Gregoire Menuel <[email protected]>
…e/caching_sha2_password_hash
I tried to add tests to this, but unfortunately the instances are coming with mariadb. I tested this in my own dev setup thoroughly. |
Summary
This is a pull request to add the ability for users to use hex hashes to authenticate with caching_sha2_password plugin.
How does it work:
As for now, you can't use plain passwords, since the module does not create a valid hash for you.
But it is possible to use a generated hex hash.
Why not the original authentication string?
The original authentication string when printed out contains non-printable binary characters.
Since the hex format always contains a unique string with printable characters, this is working.
How to generate this hash?
Locally I used this to generate my hash and then use it in puppet:
This gives you the output. It is necessary to have the 0x prefix in front of the hash, so mysql syntax will not be broken.
I appreciate every commit and help for this PR. I am by no mean a ruby expert and used it for the first time.