From ea91bb6801b1b619d64fa137ea351eca9de683ec Mon Sep 17 00:00:00 2001
From: Sergei Golubchik <serg@mariadb.org>
Date: Tue, 26 Jul 2016 12:34:04 +0200
Subject: [PATCH] MDEV-10361 Crash in pam_securid.so with auth_pam connecting
 from SQLyog

auth_pam: debug output
---
 mysql-test/include/default_mysqld.cnf         |  2 ++
 .../suite/plugins/r/pam_cleartext.result      |  2 +-
 mysql-test/suite/plugins/t/pam_cleartext.test |  2 +-
 plugin/auth_pam/auth_pam.c                    | 30 +++++++++++++++++++
 4 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/mysql-test/include/default_mysqld.cnf b/mysql-test/include/default_mysqld.cnf
index 17b2fd5b2bc..b5b16461781 100644
--- a/mysql-test/include/default_mysqld.cnf
+++ b/mysql-test/include/default_mysqld.cnf
@@ -45,6 +45,8 @@ loose-feedback-debug-startup-interval=20
 loose-feedback-debug-first-interval=60
 loose-feedback-debug-interval=60
 
+loose-pam-debug
+
 loose-innodb_data_file_path=      ibdata1:12M:autoextend
 loose-innodb_buffer_pool_size=    8M
 loose-innodb_lru_scan_depth=      100
diff --git a/mysql-test/suite/plugins/r/pam_cleartext.result b/mysql-test/suite/plugins/r/pam_cleartext.result
index 00e0e94618e..3b7aada16b2 100644
--- a/mysql-test/suite/plugins/r/pam_cleartext.result
+++ b/mysql-test/suite/plugins/r/pam_cleartext.result
@@ -2,7 +2,7 @@ install plugin pam soname 'auth_pam.so';
 create user test_pam identified via pam using 'mariadb_mtr';
 create user pam_test;
 grant proxy on pam_test to test_pam;
-show variables like 'pam%';
+show variables like 'pam_use_%';
 Variable_name	Value
 pam_use_cleartext_plugin	ON
 drop user test_pam;
diff --git a/mysql-test/suite/plugins/t/pam_cleartext.test b/mysql-test/suite/plugins/t/pam_cleartext.test
index 6b9bf087ce5..aade924c43e 100644
--- a/mysql-test/suite/plugins/t/pam_cleartext.test
+++ b/mysql-test/suite/plugins/t/pam_cleartext.test
@@ -1,7 +1,7 @@
 
 --source pam_init.inc
 
-show variables like 'pam%';
+show variables like 'pam_use_%';
 
 --error 1
 --exec echo FAIL | $MYSQL_TEST -u test_pam --plugin-dir=$plugindir
diff --git a/plugin/auth_pam/auth_pam.c b/plugin/auth_pam/auth_pam.c
index 3e3462d3ba0..ac1b3b2da09 100644
--- a/plugin/auth_pam/auth_pam.c
+++ b/plugin/auth_pam/auth_pam.c
@@ -17,6 +17,7 @@
 #define _GNU_SOURCE 1 /* for strndup */
 
 #include <mysql/plugin_auth.h>
+#include <stdio.h>
 #include <string.h>
 #include <security/pam_appl.h>
 #include <security/pam_modules.h>
@@ -44,6 +45,13 @@ char *strndup(const char *from, size_t length)
 }
 #endif
 
+#ifndef DBUG_OFF
+static char pam_debug = 0;
+#define PAM_DEBUG(X)   do { if (pam_debug) { fprintf X; } } while(0)
+#else
+#define PAM_DEBUG(X)   /* no-op */
+#endif
+
 static int conv(int n, const struct pam_message **msg,
                 struct pam_response **resp, void *data)
 {
@@ -91,12 +99,17 @@ static int conv(int n, const struct pam_message **msg,
            4 means "password-like input, echo disabled"
          C'est la vie. */
       param->buf[0] = msg[i]->msg_style == PAM_PROMPT_ECHO_ON ? 2 : 4;
+      PAM_DEBUG((stderr, "PAM: conv: send(%.*s)\n", (int)(param->ptr - param->buf - 1), param->buf));
       if (param->vio->write_packet(param->vio, param->buf, param->ptr - param->buf - 1))
         return PAM_CONV_ERR;
 
       pkt_len = param->vio->read_packet(param->vio, &pkt);
       if (pkt_len < 0)
+      {
+        PAM_DEBUG((stderr, "PAM: conv: recv() ERROR\n"));
         return PAM_CONV_ERR;
+      }
+      PAM_DEBUG((stderr, "PAM: conv: recv(%.*s)\n", pkt_len, pkt));
       /* allocate and copy the reply to the response array */
       if (!((*resp)[i].resp= strndup((char*) pkt, pkt_len)))
         return PAM_CONV_ERR;
@@ -134,9 +147,16 @@ static int pam_auth(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info)
   param.ptr = param.buf + 1;
   param.vio = vio;
 
+  PAM_DEBUG((stderr, "PAM: pam_start(%s, %s)\n", service, info->user_name));
   DO( pam_start(service, info->user_name, &pam_start_arg, &pamh) );
+
+  PAM_DEBUG((stderr, "PAM: pam_authenticate(0)\n"));
   DO( pam_authenticate (pamh, 0) );
+
+  PAM_DEBUG((stderr, "PAM: pam_acct_mgmt(0)\n"));
   DO( pam_acct_mgmt(pamh, 0) );
+
+  PAM_DEBUG((stderr, "PAM: pam_get_item(PAM_USER)\n"));
   DO( pam_get_item(pamh, PAM_USER, (pam_get_item_3_arg) &new_username) );
 
   if (new_username && strcmp(new_username, info->user_name))
@@ -145,6 +165,7 @@ static int pam_auth(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info)
 
 end:
   pam_end(pamh, status);
+  PAM_DEBUG((stderr, "PAM: status = %d user = %s\n", status, new_username));
   return status == PAM_SUCCESS ? CR_OK : CR_ERROR;
 }
 
@@ -163,8 +184,17 @@ static MYSQL_SYSVAR_BOOL(use_cleartext_plugin, use_cleartext_plugin,
        "supports simple PAM policies that don't require anything besides "
        "a password", NULL, NULL, 0);
 
+#ifndef DBUG_OFF
+static MYSQL_SYSVAR_BOOL(debug, pam_debug, PLUGIN_VAR_OPCMDARG,
+       "Log all PAM activity", NULL, NULL, 0);
+#endif
+
+
 static struct st_mysql_sys_var* vars[] = {
   MYSQL_SYSVAR(use_cleartext_plugin),
+#ifndef DBUG_OFF
+  MYSQL_SYSVAR(debug),
+#endif
   NULL
 };