Add field for setting plugin

2026-03-20 16:50:24 +00:00 · 2024-08-20 21:28:39 -07:00
parent 6bf6553ff0
commit ddbd770dda
4 changed files with 30 additions and 5 deletions
--- a/mysql/edit_user.cgi
+++ b/mysql/edit_user.cgi
@@ -78,6 +78,15 @@ print &ui_table_row($text{'user_pass'},
 		    [ 0, $text{'user_set'} ] ])." ".
 	&ui_password("mysqlpass", undef, 20));

+# Plugin for setting password
+my @plugins = &list_authentication_plugins();
+if (@plugins) {
+	print &ui_table_row($text{'user_plugin'},
+		&ui_select("plugin", $plugin && $u->[$plugin], 
+			   [ [ '', $text{'default'} ],
+			     @plugins ]));
+	}
+
 # Allowed host / network
 print &ui_table_row($text{'user_host'},
 	&ui_opt_textbox("host", $u->[0] eq '%' ? '' : $u->[0], 40,
--- a/mysql/lang/en
+++ b/mysql/lang/en
@@ -268,6 +268,7 @@ user_all=Anonymous user
 user_pass=Password
 user_leave=Don't change
 user_locked=Locked
+user_plugin=Authentication type
 user_none=None
 user_any=Any
 user_set=Set to..
--- a/mysql/mysql-lib.pl
+++ b/mysql/mysql-lib.pl
@@ -1908,14 +1908,14 @@ else {
 	}
 }

-# change_user_password(plainpass, user, host)
+# change_user_password(plainpass, user, host, plugin)
 # Change user password
 sub change_user_password
 {
-my ($plainpass, $user, $host) = @_;
+my ($plainpass, $user, $host, $plugin) = @_;

 my ($ver, $variant) = &get_remote_mysql_variant();
-my $plugin = &get_mysql_plugin();
+$plugin ||= &get_mysql_plugin();
 $plugin = $plugin ? "with $plugin" : "";
 my $lock_supported = $variant eq "mysql" && &compare_version_numbers($ver, "8.0.19");
 my $mysql_mariadb_with_auth_string = 
@@ -2129,6 +2129,18 @@ return 'password' if ($@);	# Old version without plugins
 return $rv->{'data'}->[0]->[0] =~ /unix_socket/i ? 'socket' : 'password';
 }

+# list_authentication_plugins()
+# Returns a list of supported authentication plugins for setting passwords
+sub list_authentication_plugins
+{
+my ($ver, $variant) = &get_remote_mysql_variant();
+if ($variant eq "mariadb" && &compare_version_numbers($ver, "10.4") >= 0 ||
+    $variant eq "mysql" && &compare_version_numbers($ver, "5.7.6") >= 0) {
+	return ('mysql_native_password', 'caching_sha2_password', 'unix_socket');
+	}
+return ();
+}
+
 # format_privs(&privs, &privs_fields)
 # Returns best formatted string for a set of privileges
 sub format_privs
--- a/mysql/save_user.cgi
+++ b/mysql/save_user.cgi
@@ -48,6 +48,7 @@ else {
 			'host', $host,
 			'perms', \%perms,
 			'pfields', \@pfields,
+			'plugin', $in{'plugin'},
 			'ssl_field_names', \@ssl_field_names,
 			'ssl_field_values', \@ssl_field_values,
 			'other_field_names', \@other_field_names,
@@ -73,12 +74,14 @@ else {
 		# Update user password, if requested
 		if ($in{'mysqlpass_mode'} == 4) {
 			# Never used for admin accounts
-			&change_user_password(undef, $olduser, $oldhost);
+			&change_user_password(undef, $olduser, $oldhost,
+					      $in{'plugin'});
 			}
 		elsif ($in{'mysqlpass_mode'} != 1) {
 			($in{'mysqlpass_mode'} eq '0' && !$in{'mysqlpass'}) && &error($text{'root_epass1'});
 			my $pass = $in{'mysqlpass'} || '';
-			&change_user_password($pass, $olduser, $oldhost);
+			&change_user_password($pass, $olduser, $oldhost,
+					      $in{'plugin'});
 			}

 		&update_privileges({