Skip to content
Permalink
Browse files

MDEV-19880 pam v1: pam password authentication doesn't work at all in…

… MariaDB 10.4

* fix incorrect parentheses
* if there was no password on the command line or in .cnf file,
  pkt will be "", and we need to request the user to enter the password
  • Loading branch information...
vuvova committed Jun 30, 2019
1 parent dd93028 commit 3914a792d89216c9476e7d91a397133f7459ec6c
Showing with 37 additions and 6 deletions.
  1. +17 −4 mysql-test/suite/plugins/r/pam_v1.result
  2. +18 −0 mysql-test/suite/plugins/t/pam_v1.test
  3. +2 −2 plugin/auth_pam/auth_pam_v1.c
@@ -7,19 +7,32 @@ grant proxy on pam_test to test_pam;
# note that current_user() differs from user()
#
Challenge input first.
Enter: not very secret challenge
Enter: *************************
Now, the magic number!
PIN: ****
PIN: 9225
select user(), current_user(), database();
user() current_user() database()
test_pam@localhost pam_test@% test
#
# athentication is unsuccessful
#
Challenge input first.
Enter: not very secret challenge
Enter: *************************
Now, the magic number!
PIN: ****
PIN: 9224
#
# athentication is successful
#
Now, the magic number!
PIN: 9212
select user(), current_user(), database();
user() current_user() database()
test_pam@localhost pam_test@% test
#
# athentication is unsuccessful
#
Now, the magic number!
PIN: 9212
drop user test_pam;
drop user pam_test;
uninstall plugin pam;
@@ -13,6 +13,11 @@ not very secret challenge
select user(), current_user(), database();
EOF

--write_file $MYSQLTEST_VARDIR/tmp/pam_good2.txt
9212
select user(), current_user(), database();
EOF

--echo #
--echo # athentication is successful, challenge/pin are ok
--echo # note that current_user() differs from user()
@@ -25,7 +30,20 @@ EOF
--error 1
--exec $MYSQL_TEST -u test_pam --plugin-dir=$plugindir < $MYSQLTEST_VARDIR/tmp/pam_bad.txt

--echo #
--echo # athentication is successful
--echo #
--error 0
--exec $MYSQL_TEST -u test_pam -pgoodpassword --plugin-dir=$plugindir < $MYSQLTEST_VARDIR/tmp/pam_good2.txt

--echo #
--echo # athentication is unsuccessful
--echo #
--error 1
--exec $MYSQL_TEST -u test_pam -pbadpassword --plugin-dir=$plugindir < $MYSQLTEST_VARDIR/tmp/pam_good2.txt

--remove_file $MYSQLTEST_VARDIR/tmp/pam_good.txt
--remove_file $MYSQLTEST_VARDIR/tmp/pam_good2.txt
--remove_file $MYSQLTEST_VARDIR/tmp/pam_bad.txt
drop user test_pam;
drop user pam_test;
@@ -25,7 +25,7 @@ struct param {
static int roundtrip(struct param *param, const unsigned char *buf,
int buf_len, unsigned char **pkt)
{
if (param->cached && (buf[0] >> 1) == 2)
if (param->cached && *param->cached && (buf[0] >> 1) == 2)
{
*pkt= param->cached;
param->cached= NULL;
@@ -47,7 +47,7 @@ static int pam_auth(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info)
/* no user name yet ? read the client handshake packet with the user name */
if (info->user_name == 0)
{
if ((param.cached_len= vio->read_packet(vio, &param.cached) < 0))
if ((param.cached_len= vio->read_packet(vio, &param.cached)) < 0)
return CR_ERROR;
}
else

0 comments on commit 3914a79

Please sign in to comment.
You can’t perform that action at this time.