database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00
Code Activity

MDEV-15471 Isolate/sandbox PAM modules, so that they can't crash the server

Browse Source 
tests fixed.
This commit is contained in:
Alexey Botchkov
2018-07-04 21:52:01 +04:00
parent de745ecf29
commit 725c3df53e
5 changed files with 29 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
mysql-test/suite/plugins/r/pam_v1.result Normal file
View File

@ -0,0 +1,25 @@
install plugin pam soname 'auth_pam_v1.so';
create user test_pam identified via pam using 'mariadb_mtr';
create user pam_test;
grant proxy on pam_test to test_pam;
#
# athentication is successful, challenge/pin are ok
# note that current_user() differs from user()
#
Challenge input first.
Enter: not very secret challenge
Now, the magic number!
PIN: ****
select user(), current_user(), database();
user() current_user() database()
test_pam@localhost pam_test@% test
#
# athentication is unsuccessful
#
Challenge input first.
Enter: not very secret challenge
Now, the magic number!
PIN: ****
drop user test_pam;
drop user pam_test;
uninstall plugin pam;

2
mysql-test/suite/plugins/t/pam.test
View File

@ -1,4 +1,4 @@
let $PAM_PLUGIN_VERSION= $AUTH_PAM_SO;
--source pam_init.inc --source pam_init.inc
--write_file $MYSQLTEST_VARDIR/tmp/pam_good.txt --write_file $MYSQLTEST_VARDIR/tmp/pam_good.txt

4
mysql-test/suite/plugins/t/pam_init.inc
View File

@ -1,11 +1,11 @@
--source include/not_embedded.inc --source include/not_embedded.inc
if (!$AUTH_PAM_SO) { if (!$PAM_PLUGIN_VERSION) {
skip No pam auth plugin; skip No pam auth plugin;
} }
eval install plugin pam soname '$AUTH_PAM_SO'; eval install plugin pam soname '$PAM_PLUGIN_VERSION';
create user test_pam identified via pam using 'mariadb_mtr'; create user test_pam identified via pam using 'mariadb_mtr';
create user pam_test; create user pam_test;
grant proxy on pam_test to test_pam; grant proxy on pam_test to test_pam;

14
mysql-test/suite/plugins/t/pam_init_v1.inc
View File

@ -1,14 +0,0 @@
--source include/not_embedded.inc
if (!$AUTH_PAM_V1_SO) {
skip No pam auth plugin;
}
eval install plugin pam soname '$AUTH_PAM_V1_SO';
create user test_pam identified via pam using 'mariadb_mtr';
create user pam_test;
grant proxy on pam_test to test_pam;
let $plugindir=`SELECT @@global.plugin_dir`;

8
mysql-test/suite/plugins/t/pam_v1.test
View File

@ -1,4 +1,4 @@
let $PAM_PLUGIN_VERSION= $AUTH_PAM_V1_SO;
--source pam_init.inc --source pam_init.inc
--write_file $MYSQLTEST_VARDIR/tmp/pam_good.txt --write_file $MYSQLTEST_VARDIR/tmp/pam_good.txt
@ -25,12 +25,6 @@ EOF
--error 1 --error 1
--exec $MYSQL_TEST -u test_pam --plugin-dir=$plugindir < $MYSQLTEST_VARDIR/tmp/pam_bad.txt --exec $MYSQL_TEST -u test_pam --plugin-dir=$plugindir < $MYSQLTEST_VARDIR/tmp/pam_bad.txt
--echo #
--echo # pam module crashes
--echo #
--error 1
--exec $MYSQL_TEST -u crash_pam_tool --plugin-dir=$plugindir < $MYSQLTEST_VARDIR/tmp/pam_good.txt
--remove_file $MYSQLTEST_VARDIR/tmp/pam_good.txt --remove_file $MYSQLTEST_VARDIR/tmp/pam_good.txt
--remove_file $MYSQLTEST_VARDIR/tmp/pam_bad.txt --remove_file $MYSQLTEST_VARDIR/tmp/pam_bad.txt
drop user test_pam; drop user test_pam;