From cf3fb56827cfea35f3060524dcb4c2005863ddde Mon Sep 17 00:00:00 2001
From: hubiongithub <79990207+hubiongithub@users.noreply.github.com>
Date: Mon, 9 Sep 2024 10:15:58 +0200
Subject: [PATCH] Update user.py

Added correct syntax to ed25519 password plugin.
on create user
on update user
This only accepts cleartext passwords (PASSWORD(%s)) not pregenerated ed25519 hashes.
---
 plugins/module_utils/user.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/plugins/module_utils/user.py b/plugins/module_utils/user.py
index 58ed6071..534e4ea8 100644
--- a/plugins/module_utils/user.py
+++ b/plugins/module_utils/user.py
@@ -212,8 +212,10 @@ def user_add(cursor, user, host, host_all, password, encrypted,
         query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, plugin_hash_string)
     elif plugin and plugin_auth_string:
         # Mysql and MariaDB differ in naming pam plugin and Syntax to set it
-        if plugin in ('pam', 'ed25519'):  # Used by MariaDB which requires the USING keyword, not BY
+        if plugin in ('pam'):  # Used by MariaDB which requires the USING keyword, not BY
             query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s USING %s", (user, host, plugin, plugin_auth_string)
+        elif plugin in ('ed25519'):  # Used by MariaDB which requires the USING keyword, not BY
+            query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s USING PASSWORD(%s)", (user, host, plugin, plugin_auth_string)
         elif salt:
             if plugin in ['caching_sha2_password', 'sha256_password']:
                 generated_hash_string = mysql_sha256_password_hash_hex(password=plugin_auth_string, salt=salt)
@@ -398,8 +400,10 @@ def user_mod(cursor, user, host, host_all, password, encrypted,
                     query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, plugin_hash_string)
                 elif plugin_auth_string:
                     # Mysql and MariaDB differ in naming pam plugin and syntax to set it
-                    if plugin in ('pam', 'ed25519'):
+                    if plugin in ('pam'):                                                
                         query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s USING %s", (user, host, plugin, plugin_auth_string)
+                    elif plugin in ('ed25519'):                                                
+                        query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s USING PASSWORD(%s)", (user, host, plugin, plugin_auth_string)
                     elif salt:
                         if plugin in ['caching_sha2_password', 'sha256_password']:
                             generated_hash_string = mysql_sha256_password_hash_hex(password=plugin_auth_string, salt=salt)