From e14a51031ad9079649168c63c0db1243c69142ec Mon Sep 17 00:00:00 2001
From: Heinz Wiesinger <heinz@m2mobi.com>
Date: Thu, 29 Aug 2019 13:47:10 +0200
Subject: [PATCH] Fix using password hashes with MariaDB

MariaDB always needs the 'PASSWORD' keyword when working with
password hashes, also when ALTER USER is being used.
---
 salt/modules/mysql.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/salt/modules/mysql.py b/salt/modules/mysql.py
index 94f4b4acce1a..a87368a29c3d 100644
--- a/salt/modules/mysql.py
+++ b/salt/modules/mysql.py
@@ -1435,7 +1435,10 @@ def user_create(user,
         args['password'] = six.text_type(password)
     elif password_hash is not None:
         if salt.utils.versions.version_cmp(server_version, compare_version) >= 0:
-            qry += ' IDENTIFIED BY %(password)s'
+            if 'MariaDB' in server_version:
+                qry += ' IDENTIFIED BY PASSWORD %(password)s'
+            else:
+                qry += ' IDENTIFIED BY %(password)s'
         else:
             qry += ' IDENTIFIED BY PASSWORD %(password)s'
         args['password'] = password_hash
@@ -1552,7 +1555,10 @@ def user_chpass(user,
     args['user'] = user
     args['host'] = host
     if salt.utils.versions.version_cmp(server_version, compare_version) >= 0:
-        qry = "ALTER USER %(user)s@%(host)s IDENTIFIED BY %(password)s;"
+        if 'MariaDB' in server_version and password_hash is not None:
+            qry = "ALTER USER %(user)s@%(host)s IDENTIFIED BY PASSWORD %(password)s;"
+        else:
+            qry = "ALTER USER %(user)s@%(host)s IDENTIFIED BY %(password)s;"
     else:
         qry = ('UPDATE mysql.user SET ' + password_column + '=' + password_sql +
                ' WHERE User=%(user)s AND Host = %(host)s;')