diff options
author | Sergei Golubchik <serg@mariadb.org> | 2019-06-30 17:18:26 +0200 |
---|---|---|
committer | Sergei Golubchik <serg@mariadb.org> | 2019-07-02 14:27:31 +0200 |
commit | 3914a792d89216c9476e7d91a397133f7459ec6c (patch) | |
tree | 648bf33f48a87e1caee99e34778edae842b05134 | |
parent | dd93028dae22f00a6b23ff27d348ff1a4722ee88 (diff) | |
download | mariadb-git-3914a792d89216c9476e7d91a397133f7459ec6c.tar.gz |
MDEV-19880 pam v1: pam password authentication doesn't work at all in MariaDB 10.4
* fix incorrect parentheses
* if there was no password on the command line or in .cnf file,
pkt will be "", and we need to request the user to enter the password
-rw-r--r-- | mysql-test/suite/plugins/r/pam_v1.result | 21 | ||||
-rw-r--r-- | mysql-test/suite/plugins/t/pam_v1.test | 18 | ||||
-rw-r--r-- | plugin/auth_pam/auth_pam_v1.c | 4 |
3 files changed, 37 insertions, 6 deletions
diff --git a/mysql-test/suite/plugins/r/pam_v1.result b/mysql-test/suite/plugins/r/pam_v1.result index bf4c0242df2..66776e3bca7 100644 --- a/mysql-test/suite/plugins/r/pam_v1.result +++ b/mysql-test/suite/plugins/r/pam_v1.result @@ -7,9 +7,9 @@ grant proxy on pam_test to test_pam; # note that current_user() differs from user() # Challenge input first. -Enter: not very secret challenge +Enter: ************************* Now, the magic number! -PIN: **** +PIN: 9225 select user(), current_user(), database(); user() current_user() database() test_pam@localhost pam_test@% test @@ -17,9 +17,22 @@ test_pam@localhost pam_test@% test # athentication is unsuccessful # Challenge input first. -Enter: not very secret challenge +Enter: ************************* Now, the magic number! -PIN: **** +PIN: 9224 +# +# athentication is successful +# +Now, the magic number! +PIN: 9212 +select user(), current_user(), database(); +user() current_user() database() +test_pam@localhost pam_test@% test +# +# athentication is unsuccessful +# +Now, the magic number! +PIN: 9212 drop user test_pam; drop user pam_test; uninstall plugin pam; diff --git a/mysql-test/suite/plugins/t/pam_v1.test b/mysql-test/suite/plugins/t/pam_v1.test index d908e3a4b25..c9c0a97f6a9 100644 --- a/mysql-test/suite/plugins/t/pam_v1.test +++ b/mysql-test/suite/plugins/t/pam_v1.test @@ -13,6 +13,11 @@ not very secret challenge select user(), current_user(), database(); EOF +--write_file $MYSQLTEST_VARDIR/tmp/pam_good2.txt +9212 +select user(), current_user(), database(); +EOF + --echo # --echo # athentication is successful, challenge/pin are ok --echo # note that current_user() differs from user() @@ -25,7 +30,20 @@ EOF --error 1 --exec $MYSQL_TEST -u test_pam --plugin-dir=$plugindir < $MYSQLTEST_VARDIR/tmp/pam_bad.txt +--echo # +--echo # athentication is successful +--echo # +--error 0 +--exec $MYSQL_TEST -u test_pam -pgoodpassword --plugin-dir=$plugindir < $MYSQLTEST_VARDIR/tmp/pam_good2.txt + +--echo # +--echo # athentication is unsuccessful +--echo # +--error 1 +--exec $MYSQL_TEST -u test_pam -pbadpassword --plugin-dir=$plugindir < $MYSQLTEST_VARDIR/tmp/pam_good2.txt + --remove_file $MYSQLTEST_VARDIR/tmp/pam_good.txt +--remove_file $MYSQLTEST_VARDIR/tmp/pam_good2.txt --remove_file $MYSQLTEST_VARDIR/tmp/pam_bad.txt drop user test_pam; drop user pam_test; diff --git a/plugin/auth_pam/auth_pam_v1.c b/plugin/auth_pam/auth_pam_v1.c index 6e0b2ea9991..a38ef8f53ca 100644 --- a/plugin/auth_pam/auth_pam_v1.c +++ b/plugin/auth_pam/auth_pam_v1.c @@ -25,7 +25,7 @@ struct param { static int roundtrip(struct param *param, const unsigned char *buf, int buf_len, unsigned char **pkt) { - if (param->cached && (buf[0] >> 1) == 2) + if (param->cached && *param->cached && (buf[0] >> 1) == 2) { *pkt= param->cached; param->cached= NULL; @@ -47,7 +47,7 @@ static int pam_auth(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info) /* no user name yet ? read the client handshake packet with the user name */ if (info->user_name == 0) { - if ((param.cached_len= vio->read_packet(vio, ¶m.cached) < 0)) + if ((param.cached_len= vio->read_packet(vio, ¶m.cached)) < 0) return CR_ERROR; } else |