MDEV-19880 pam v1: pam password authentication doesn't work at all in MariaDB 10.4

* fix incorrect parentheses
* if there was no password on the command line or in .cnf file,
  pkt will be "", and we need to request the user to enter the password

3 files changed, 37 insertions, 6 deletions

diff --git a/mysql-test/suite/plugins/r/pam_v1.result b/mysql-test/suite/plugins/r/pam_v1.result
index bf4c0242df2..66776e3bca7 100644
--- a/mysql-test/suite/plugins/r/pam_v1.result
+++ b/mysql-test/suite/plugins/r/pam_v1.result
@@ -7,9 +7,9 @@ grant proxy on pam_test to test_pam;
 # note that current_user() differs from user()
 #
 Challenge input first.
-Enter: not very secret challenge
+Enter: *************************
 Now, the magic number!
-PIN: ****
+PIN: 9225
 select user(), current_user(), database();
 user()	current_user()	database()
 test_pam@localhost	pam_test@%	test
@@ -17,9 +17,22 @@ test_pam@localhost	pam_test@%	test
 # athentication is unsuccessful
 #
 Challenge input first.
-Enter: not very secret challenge
+Enter: *************************
 Now, the magic number!
-PIN: ****
+PIN: 9224
+#
+# athentication is successful
+#
+Now, the magic number!
+PIN: 9212
+select user(), current_user(), database();
+user()	current_user()	database()
+test_pam@localhost	pam_test@%	test
+#
+# athentication is unsuccessful
+#
+Now, the magic number!
+PIN: 9212
 drop user test_pam;
 drop user pam_test;
 uninstall plugin pam;
diff --git a/mysql-test/suite/plugins/t/pam_v1.test b/mysql-test/suite/plugins/t/pam_v1.test
index d908e3a4b25..c9c0a97f6a9 100644
--- a/mysql-test/suite/plugins/t/pam_v1.test
+++ b/mysql-test/suite/plugins/t/pam_v1.test
@@ -13,6 +13,11 @@ not very secret challenge
 select user(), current_user(), database();
 EOF
 
+--write_file $MYSQLTEST_VARDIR/tmp/pam_good2.txt
+9212
+select user(), current_user(), database();
+EOF
+
 --echo #
 --echo # athentication is successful, challenge/pin are ok
 --echo # note that current_user() differs from user()
@@ -25,7 +30,20 @@ EOF
 --error 1
 --exec $MYSQL_TEST -u test_pam --plugin-dir=$plugindir < $MYSQLTEST_VARDIR/tmp/pam_bad.txt
 
+--echo #
+--echo # athentication is successful
+--echo #
+--error 0
+--exec $MYSQL_TEST -u test_pam -pgoodpassword --plugin-dir=$plugindir < $MYSQLTEST_VARDIR/tmp/pam_good2.txt
+
+--echo #
+--echo # athentication is unsuccessful
+--echo #
+--error 1
+--exec $MYSQL_TEST -u test_pam -pbadpassword --plugin-dir=$plugindir < $MYSQLTEST_VARDIR/tmp/pam_good2.txt
+
 --remove_file $MYSQLTEST_VARDIR/tmp/pam_good.txt
+--remove_file $MYSQLTEST_VARDIR/tmp/pam_good2.txt
 --remove_file $MYSQLTEST_VARDIR/tmp/pam_bad.txt
 drop user test_pam;
 drop user pam_test;
diff --git a/plugin/auth_pam/auth_pam_v1.c b/plugin/auth_pam/auth_pam_v1.c
index 6e0b2ea9991..a38ef8f53ca 100644
--- a/plugin/auth_pam/auth_pam_v1.c
+++ b/plugin/auth_pam/auth_pam_v1.c
@@ -25,7 +25,7 @@ struct param {
 static int roundtrip(struct param *param, const unsigned char *buf,
                      int buf_len, unsigned char **pkt)
 {
-  if (param->cached && (buf[0] >> 1) == 2)
+  if (param->cached && *param->cached && (buf[0] >> 1) == 2)
   {
     *pkt= param->cached;
     param->cached= NULL;
@@ -47,7 +47,7 @@ static int pam_auth(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info)
   /* no user name yet ? read the client handshake packet with the user name */
   if (info->user_name == 0)
   {
-    if ((param.cached_len= vio->read_packet(vio, &param.cached) < 0))
+    if ((param.cached_len= vio->read_packet(vio, &param.cached)) < 0)
       return CR_ERROR;
   }
   else