diff options
author | Sergei Golubchik <serg@mariadb.org> | 2019-06-30 21:29:38 +0200 |
---|---|---|
committer | Sergei Golubchik <serg@mariadb.org> | 2019-07-02 14:27:31 +0200 |
commit | 4f87ad1975fd02bec3a2558069127d8cd1ff1dd7 (patch) | |
tree | f702efda43691dffa15cca5a769ca7b0f65c1e3e | |
parent | 3914a792d89216c9476e7d91a397133f7459ec6c (diff) | |
download | mariadb-git-4f87ad1975fd02bec3a2558069127d8cd1ff1dd7.tar.gz |
MDEV-19879 server can send empty error message to client with pam_use_cleartext_plugin
fixed in MDEV-19878, here just adding tests
-rw-r--r-- | mysql-test/suite/plugins/r/pam_cleartext.result | 8 | ||||
-rw-r--r-- | mysql-test/suite/plugins/t/pam_cleartext.test | 13 | ||||
-rw-r--r-- | plugin/auth_pam/testing/pam_mariadb_mtr.c | 36 |
3 files changed, 42 insertions, 15 deletions
diff --git a/mysql-test/suite/plugins/r/pam_cleartext.result b/mysql-test/suite/plugins/r/pam_cleartext.result index 824e8329cc3..07c379a4b7f 100644 --- a/mysql-test/suite/plugins/r/pam_cleartext.result +++ b/mysql-test/suite/plugins/r/pam_cleartext.result @@ -8,6 +8,14 @@ pam_use_cleartext_plugin ON # # same test as in pam.test now fails # +# +# success +# +user() current_user() database() +test_pam@localhost pam_test@% NULL +# +# failure +# drop user test_pam; drop user pam_test; uninstall plugin pam; diff --git a/mysql-test/suite/plugins/t/pam_cleartext.test b/mysql-test/suite/plugins/t/pam_cleartext.test index 5d137e6b416..7542c8f51f6 100644 --- a/mysql-test/suite/plugins/t/pam_cleartext.test +++ b/mysql-test/suite/plugins/t/pam_cleartext.test @@ -14,9 +14,22 @@ EOF --echo # --error 1 --exec $MYSQL_TEST -u test_pam --plugin-dir=$plugindir < $MYSQLTEST_VARDIR/tmp/pam_good.txt +--error 1 +--exec $MYSQL_TEST -u test_pam --plugin-dir=$plugindir -p'something' < $MYSQLTEST_VARDIR/tmp/pam_good.txt --remove_file $MYSQLTEST_VARDIR/tmp/pam_good.txt +--echo # +--echo # success +--echo # +--exec $MYSQL -u test_pam --plugin-dir=$plugindir -p'cleartext good' -e 'select user(), current_user(), database()' + +--echo # +--echo # failure +--echo # +--error 1 +--exec $MYSQL -u test_pam --plugin-dir=$plugindir -p'cleartext bad' -e 'select user(), current_user(), database()' + drop user test_pam; drop user pam_test; let $count_sessions= 1; diff --git a/plugin/auth_pam/testing/pam_mariadb_mtr.c b/plugin/auth_pam/testing/pam_mariadb_mtr.c index 4613439d79f..0a6b56091d1 100644 --- a/plugin/auth_pam/testing/pam_mariadb_mtr.c +++ b/plugin/auth_pam/testing/pam_mariadb_mtr.c @@ -38,23 +38,29 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, if (pam_err != PAM_SUCCESS || !resp || !((r1= resp[1].resp))) goto ret; - free(resp); - - msg[0].msg_style = PAM_PROMPT_ECHO_ON; - msg[0].msg = "PIN:"; - pam_err = (*conv->conv)(1, msgp, &resp, conv->appdata_ptr); - - if (pam_err != PAM_SUCCESS || !resp || !((r2= resp[0].resp))) - goto ret; - - /* Produce the crash for testing purposes. */ - if (strcmp(r1, "crash pam module") == 0 && atoi(r2) == 616) - abort(); - - if (strlen(r1) == (uint)atoi(r2) % 100) + if (strcmp(r1, "cleartext good") == 0) retval = PAM_SUCCESS; - else + else if (strcmp(r1, "cleartext bad") == 0) retval = PAM_AUTH_ERR; + else + { + free(resp); + msg[0].msg_style = PAM_PROMPT_ECHO_ON; + msg[0].msg = "PIN:"; + pam_err = (*conv->conv)(1, msgp, &resp, conv->appdata_ptr); + + if (pam_err != PAM_SUCCESS || !resp || !((r2= resp[0].resp))) + goto ret; + + /* Produce the crash for testing purposes. */ + if (strcmp(r1, "crash pam module") == 0 && atoi(r2) == 616) + abort(); + + if (strlen(r1) == (uint)atoi(r2) % 100) + retval = PAM_SUCCESS; + else + retval = PAM_AUTH_ERR; + } if (argc > 0 && argv[0]) pam_set_item(pamh, PAM_USER, argv[0]); |