diff options
| author | Sergei Golubchik <serg@mariadb.org> | 2016-07-26 12:34:04 +0200 |
|---|---|---|
| committer | Sergei Golubchik <serg@mariadb.org> | 2016-08-24 20:41:26 +0200 |
| commit | ea91bb6801b1b619d64fa137ea351eca9de683ec (patch) | |
| tree | bcfa04a55541d53d4dbd9abbf8b3d4cb698d3c67 /plugin/auth_pam | |
| parent | d0d99dec914d409d7889fcec2efd126edad10bde (diff) | |
| download | mariadb-git-ea91bb6801b1b619d64fa137ea351eca9de683ec.tar.gz | |
MDEV-10361 Crash in pam_securid.so with auth_pam connecting from SQLyog
auth_pam: debug output
Diffstat (limited to 'plugin/auth_pam')
| -rw-r--r-- | plugin/auth_pam/auth_pam.c | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/plugin/auth_pam/auth_pam.c b/plugin/auth_pam/auth_pam.c index 3e3462d3ba0..ac1b3b2da09 100644 --- a/plugin/auth_pam/auth_pam.c +++ b/plugin/auth_pam/auth_pam.c @@ -17,6 +17,7 @@ #define _GNU_SOURCE 1 /* for strndup */ #include <mysql/plugin_auth.h> +#include <stdio.h> #include <string.h> #include <security/pam_appl.h> #include <security/pam_modules.h> @@ -44,6 +45,13 @@ char *strndup(const char *from, size_t length) } #endif +#ifndef DBUG_OFF +static char pam_debug = 0; +#define PAM_DEBUG(X) do { if (pam_debug) { fprintf X; } } while(0) +#else +#define PAM_DEBUG(X) /* no-op */ +#endif + static int conv(int n, const struct pam_message **msg, struct pam_response **resp, void *data) { @@ -91,12 +99,17 @@ static int conv(int n, const struct pam_message **msg, 4 means "password-like input, echo disabled" C'est la vie. */ param->buf[0] = msg[i]->msg_style == PAM_PROMPT_ECHO_ON ? 2 : 4; + PAM_DEBUG((stderr, "PAM: conv: send(%.*s)\n", (int)(param->ptr - param->buf - 1), param->buf)); if (param->vio->write_packet(param->vio, param->buf, param->ptr - param->buf - 1)) return PAM_CONV_ERR; pkt_len = param->vio->read_packet(param->vio, &pkt); if (pkt_len < 0) + { + PAM_DEBUG((stderr, "PAM: conv: recv() ERROR\n")); return PAM_CONV_ERR; + } + PAM_DEBUG((stderr, "PAM: conv: recv(%.*s)\n", pkt_len, pkt)); /* allocate and copy the reply to the response array */ if (!((*resp)[i].resp= strndup((char*) pkt, pkt_len))) return PAM_CONV_ERR; @@ -134,9 +147,16 @@ static int pam_auth(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info) param.ptr = param.buf + 1; param.vio = vio; + PAM_DEBUG((stderr, "PAM: pam_start(%s, %s)\n", service, info->user_name)); DO( pam_start(service, info->user_name, &pam_start_arg, &pamh) ); + + PAM_DEBUG((stderr, "PAM: pam_authenticate(0)\n")); DO( pam_authenticate (pamh, 0) ); + + PAM_DEBUG((stderr, "PAM: pam_acct_mgmt(0)\n")); DO( pam_acct_mgmt(pamh, 0) ); + + PAM_DEBUG((stderr, "PAM: pam_get_item(PAM_USER)\n")); DO( pam_get_item(pamh, PAM_USER, (pam_get_item_3_arg) &new_username) ); if (new_username && strcmp(new_username, info->user_name)) @@ -145,6 +165,7 @@ static int pam_auth(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info) end: pam_end(pamh, status); + PAM_DEBUG((stderr, "PAM: status = %d user = %s\n", status, new_username)); return status == PAM_SUCCESS ? CR_OK : CR_ERROR; } @@ -163,8 +184,17 @@ static MYSQL_SYSVAR_BOOL(use_cleartext_plugin, use_cleartext_plugin, "supports simple PAM policies that don't require anything besides " "a password", NULL, NULL, 0); +#ifndef DBUG_OFF +static MYSQL_SYSVAR_BOOL(debug, pam_debug, PLUGIN_VAR_OPCMDARG, + "Log all PAM activity", NULL, NULL, 0); +#endif + + static struct st_mysql_sys_var* vars[] = { MYSQL_SYSVAR(use_cleartext_plugin), +#ifndef DBUG_OFF + MYSQL_SYSVAR(debug), +#endif NULL }; |