From ddbd770ddad2bcf0123d5dd94e2a1f885b8b2d26 Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Tue, 20 Aug 2024 21:28:39 -0700
Subject: [PATCH] Add field for setting plugin

---
 mysql/edit_user.cgi |  9 +++++++++
 mysql/lang/en       |  1 +
 mysql/mysql-lib.pl  | 18 +++++++++++++++---
 mysql/save_user.cgi |  7 +++++--
 4 files changed, 30 insertions(+), 5 deletions(-)

diff --git a/mysql/edit_user.cgi b/mysql/edit_user.cgi
index 8946aa8ac..653781d5b 100755
--- a/mysql/edit_user.cgi
+++ b/mysql/edit_user.cgi
@@ -78,6 +78,15 @@ print &ui_table_row($text{'user_pass'},
 		    [ 0, $text{'user_set'} ] ])." ".
 	&ui_password("mysqlpass", undef, 20));
 
+# Plugin for setting password
+my @plugins = &list_authentication_plugins();
+if (@plugins) {
+	print &ui_table_row($text{'user_plugin'},
+		&ui_select("plugin", $plugin && $u->[$plugin], 
+			   [ [ '', $text{'default'} ],
+			     @plugins ]));
+	}
+
 # Allowed host / network
 print &ui_table_row($text{'user_host'},
 	&ui_opt_textbox("host", $u->[0] eq '%' ? '' : $u->[0], 40,
diff --git a/mysql/lang/en b/mysql/lang/en
index 4b38f85d2..1602f7cb1 100644
--- a/mysql/lang/en
+++ b/mysql/lang/en
@@ -268,6 +268,7 @@ user_all=Anonymous user
 user_pass=Password
 user_leave=Don't change
 user_locked=Locked
+user_plugin=Authentication type
 user_none=None
 user_any=Any
 user_set=Set to..
diff --git a/mysql/mysql-lib.pl b/mysql/mysql-lib.pl
index c78ea5b69..cd65a9235 100755
--- a/mysql/mysql-lib.pl
+++ b/mysql/mysql-lib.pl
@@ -1908,14 +1908,14 @@ else {
 	}
 }
 
-# change_user_password(plainpass, user, host)
+# change_user_password(plainpass, user, host, plugin)
 # Change user password
 sub change_user_password
 {
-my ($plainpass, $user, $host) = @_;
+my ($plainpass, $user, $host, $plugin) = @_;
 
 my ($ver, $variant) = &get_remote_mysql_variant();
-my $plugin = &get_mysql_plugin();
+$plugin ||= &get_mysql_plugin();
 $plugin = $plugin ? "with $plugin" : "";
 my $lock_supported = $variant eq "mysql" && &compare_version_numbers($ver, "8.0.19");
 my $mysql_mariadb_with_auth_string = 
@@ -2129,6 +2129,18 @@ return 'password' if ($@);	# Old version without plugins
 return $rv->{'data'}->[0]->[0] =~ /unix_socket/i ? 'socket' : 'password';
 }
 
+# list_authentication_plugins()
+# Returns a list of supported authentication plugins for setting passwords
+sub list_authentication_plugins
+{
+my ($ver, $variant) = &get_remote_mysql_variant();
+if ($variant eq "mariadb" && &compare_version_numbers($ver, "10.4") >= 0 ||
+    $variant eq "mysql" && &compare_version_numbers($ver, "5.7.6") >= 0) {
+	return ('mysql_native_password', 'caching_sha2_password', 'unix_socket');
+	}
+return ();
+}
+
 # format_privs(&privs, &privs_fields)
 # Returns best formatted string for a set of privileges
 sub format_privs
diff --git a/mysql/save_user.cgi b/mysql/save_user.cgi
index f67b1016c..c71813210 100755
--- a/mysql/save_user.cgi
+++ b/mysql/save_user.cgi
@@ -48,6 +48,7 @@ else {
 			'host', $host,
 			'perms', \%perms,
 			'pfields', \@pfields,
+			'plugin', $in{'plugin'},
 			'ssl_field_names', \@ssl_field_names,
 			'ssl_field_values', \@ssl_field_values,
 			'other_field_names', \@other_field_names,
@@ -73,12 +74,14 @@ else {
 		# Update user password, if requested
 		if ($in{'mysqlpass_mode'} == 4) {
 			# Never used for admin accounts
-			&change_user_password(undef, $olduser, $oldhost);
+			&change_user_password(undef, $olduser, $oldhost,
+					      $in{'plugin'});
 			}
 		elsif ($in{'mysqlpass_mode'} != 1) {
 			($in{'mysqlpass_mode'} eq '0' && !$in{'mysqlpass'}) && &error($text{'root_epass1'});
 			my $pass = $in{'mysqlpass'} || '';
-			&change_user_password($pass, $olduser, $oldhost);
+			&change_user_password($pass, $olduser, $oldhost,
+					      $in{'plugin'});
 			}
 
 		&update_privileges({