mirror of
https://github.com/MariaDB/server.git
synced 2025-07-30 16:24:05 +03:00
MDEV-19879 server can send empty error message to client with pam_use_cleartext_plugin
fixed in MDEV-19878, here just adding tests
This commit is contained in:
Sergei Golubchik
@ -8,6 +8,14 @@ pam_use_cleartext_plugin ON
|
|||||||
#
|
#
|
||||||
# same test as in pam.test now fails
|
# same test as in pam.test now fails
|
||||||
#
|
#
|
||||||
|
#
|
||||||
|
# success
|
||||||
|
#
|
||||||
|
user() current_user() database()
|
||||||
|
test_pam@localhost pam_test@% NULL
|
||||||
|
#
|
||||||
|
# failure
|
||||||
|
#
|
||||||
drop user test_pam;
|
drop user test_pam;
|
||||||
drop user pam_test;
|
drop user pam_test;
|
||||||
uninstall plugin pam;
|
uninstall plugin pam;
|
||||||
|
|||||||
@ -14,9 +14,22 @@ EOF
|
|||||||
--echo #
|
--echo #
|
||||||
--error 1
|
--error 1
|
||||||
--exec $MYSQL_TEST -u test_pam --plugin-dir=$plugindir < $MYSQLTEST_VARDIR/tmp/pam_good.txt
|
--exec $MYSQL_TEST -u test_pam --plugin-dir=$plugindir < $MYSQLTEST_VARDIR/tmp/pam_good.txt
|
||||||
|
--error 1
|
||||||
|
--exec $MYSQL_TEST -u test_pam --plugin-dir=$plugindir -p'something' < $MYSQLTEST_VARDIR/tmp/pam_good.txt
|
||||||
|
|
||||||
--remove_file $MYSQLTEST_VARDIR/tmp/pam_good.txt
|
--remove_file $MYSQLTEST_VARDIR/tmp/pam_good.txt
|
||||||
|
|
||||||
|
--echo #
|
||||||
|
--echo # success
|
||||||
|
--echo #
|
||||||
|
--exec $MYSQL -u test_pam --plugin-dir=$plugindir -p'cleartext good' -e 'select user(), current_user(), database()'
|
||||||
|
|
||||||
|
--echo #
|
||||||
|
--echo # failure
|
||||||
|
--echo #
|
||||||
|
--error 1
|
||||||
|
--exec $MYSQL -u test_pam --plugin-dir=$plugindir -p'cleartext bad' -e 'select user(), current_user(), database()'
|
||||||
|
|
||||||
drop user test_pam;
|
drop user test_pam;
|
||||||
drop user pam_test;
|
drop user pam_test;
|
||||||
let $count_sessions= 1;
|
let $count_sessions= 1;
|
||||||
|
|||||||
@ -38,23 +38,29 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
|
|||||||
if (pam_err != PAM_SUCCESS || !resp || !((r1= resp[1].resp)))
|
if (pam_err != PAM_SUCCESS || !resp || !((r1= resp[1].resp)))
|
||||||
goto ret;
|
goto ret;
|
||||||
|
|
||||||
free(resp);
|
if (strcmp(r1, "cleartext good") == 0)
|
||||||
|
|
||||||
msg[0].msg_style = PAM_PROMPT_ECHO_ON;
|
|
||||||
msg[0].msg = "PIN:";
|
|
||||||
pam_err = (*conv->conv)(1, msgp, &resp, conv->appdata_ptr);
|
|
||||||
|
|
||||||
if (pam_err != PAM_SUCCESS || !resp || !((r2= resp[0].resp)))
|
|
||||||
goto ret;
|
|
||||||
|
|
||||||
/* Produce the crash for testing purposes. */
|
|
||||||
if (strcmp(r1, "crash pam module") == 0 && atoi(r2) == 616)
|
|
||||||
abort();
|
|
||||||
|
|
||||||
if (strlen(r1) == (uint)atoi(r2) % 100)
|
|
||||||
retval = PAM_SUCCESS;
|
retval = PAM_SUCCESS;
|
||||||
else
|
else if (strcmp(r1, "cleartext bad") == 0)
|
||||||
retval = PAM_AUTH_ERR;
|
retval = PAM_AUTH_ERR;
|
||||||
|
else
|
||||||
|
{
|
||||||
|
free(resp);
|
||||||
|
msg[0].msg_style = PAM_PROMPT_ECHO_ON;
|
||||||
|
msg[0].msg = "PIN:";
|
||||||
|
pam_err = (*conv->conv)(1, msgp, &resp, conv->appdata_ptr);
|
||||||
|
|
||||||
|
if (pam_err != PAM_SUCCESS || !resp || !((r2= resp[0].resp)))
|
||||||
|
goto ret;
|
||||||
|
|
||||||
|
/* Produce the crash for testing purposes. */
|
||||||
|
if (strcmp(r1, "crash pam module") == 0 && atoi(r2) == 616)
|
||||||
|
abort();
|
||||||
|
|
||||||
|
if (strlen(r1) == (uint)atoi(r2) % 100)
|
||||||
|
retval = PAM_SUCCESS;
|
||||||
|
else
|
||||||
|
retval = PAM_AUTH_ERR;
|
||||||
|
}
|
||||||
|
|
||||||
if (argc > 0 && argv[0])
|
if (argc > 0 && argv[0])
|
||||||
pam_set_item(pamh, PAM_USER, argv[0]);
|
pam_set_item(pamh, PAM_USER, argv[0]);
|
||||||
|
|||||||
Reference in New Issue
Block a user