From f722b15dc23e6a0ca587553d35982e0936b1de9f Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Tue, 11 Jun 2013 12:53:35 +0200 Subject: [PATCH] MDEV-4636 use mysql_cleartext_plugin from auth_pam add a new command-line option --pam-use-cleartext-plugin --- .../suite/plugins/r/pam_cleartext.result | 10 ++++++++ mysql-test/suite/plugins/t/pam.test | 13 +--------- mysql-test/suite/plugins/t/pam_cleartext.opt | 1 + mysql-test/suite/plugins/t/pam_cleartext.test | 12 +++++++++ mysql-test/suite/plugins/t/pam_init.inc | 14 +++++++++++ plugin/auth_pam/auth_pam.c | 25 +++++++++++++++++-- 6 files changed, 61 insertions(+), 14 deletions(-) create mode 100644 mysql-test/suite/plugins/r/pam_cleartext.result create mode 100644 mysql-test/suite/plugins/t/pam_cleartext.opt create mode 100644 mysql-test/suite/plugins/t/pam_cleartext.test create mode 100644 mysql-test/suite/plugins/t/pam_init.inc diff --git a/mysql-test/suite/plugins/r/pam_cleartext.result b/mysql-test/suite/plugins/r/pam_cleartext.result new file mode 100644 index 00000000000..00e0e94618e --- /dev/null +++ b/mysql-test/suite/plugins/r/pam_cleartext.result @@ -0,0 +1,10 @@ +install plugin pam soname 'auth_pam.so'; +create user test_pam identified via pam using 'mariadb_mtr'; +create user pam_test; +grant proxy on pam_test to test_pam; +show variables like 'pam%'; +Variable_name Value +pam_use_cleartext_plugin ON +drop user test_pam; +drop user pam_test; +uninstall plugin pam; diff --git a/mysql-test/suite/plugins/t/pam.test b/mysql-test/suite/plugins/t/pam.test index 68fa349a444..1871e5801a3 100644 --- a/mysql-test/suite/plugins/t/pam.test +++ b/mysql-test/suite/plugins/t/pam.test @@ -1,16 +1,5 @@ ---source include/not_embedded.inc - -if (!$AUTH_PAM_SO) { - skip No pam auth plugin; -} - -eval install plugin pam soname '$AUTH_PAM_SO'; -create user test_pam identified via pam using 'mariadb_mtr'; -create user pam_test; -grant proxy on pam_test to test_pam; - -let $plugindir=`SELECT @@global.plugin_dir`; +--source pam_init.inc --write_file $MYSQLTEST_VARDIR/tmp/pam_good.txt not very secret challenge diff --git a/mysql-test/suite/plugins/t/pam_cleartext.opt b/mysql-test/suite/plugins/t/pam_cleartext.opt new file mode 100644 index 00000000000..aa270885f0e --- /dev/null +++ b/mysql-test/suite/plugins/t/pam_cleartext.opt @@ -0,0 +1 @@ +--loose-pam-use-cleartext-plugin diff --git a/mysql-test/suite/plugins/t/pam_cleartext.test b/mysql-test/suite/plugins/t/pam_cleartext.test new file mode 100644 index 00000000000..e80cff5f476 --- /dev/null +++ b/mysql-test/suite/plugins/t/pam_cleartext.test @@ -0,0 +1,12 @@ + +--source pam_init.inc + +show variables like 'pam%'; + +--error 1 +--exec echo FAIL | $MYSQL_TEST -u test_pam --plugin-dir=$plugindir + +drop user test_pam; +drop user pam_test; +uninstall plugin pam; + diff --git a/mysql-test/suite/plugins/t/pam_init.inc b/mysql-test/suite/plugins/t/pam_init.inc new file mode 100644 index 00000000000..281666d51a6 --- /dev/null +++ b/mysql-test/suite/plugins/t/pam_init.inc @@ -0,0 +1,14 @@ + +--source include/not_embedded.inc + +if (!$AUTH_PAM_SO) { + skip No pam auth plugin; +} + +eval install plugin pam soname '$AUTH_PAM_SO'; +create user test_pam identified via pam using 'mariadb_mtr'; +create user pam_test; +grant proxy on pam_test to test_pam; + +let $plugindir=`SELECT @@global.plugin_dir`; + diff --git a/plugin/auth_pam/auth_pam.c b/plugin/auth_pam/auth_pam.c index 4f549142e72..2a06b6a01a6 100644 --- a/plugin/auth_pam/auth_pam.c +++ b/plugin/auth_pam/auth_pam.c @@ -154,6 +154,27 @@ static struct st_mysql_auth info = pam_auth }; +static char use_cleartext_plugin; +static MYSQL_SYSVAR_BOOL(use_cleartext_plugin, use_cleartext_plugin, + PLUGIN_VAR_NOCMDARG | PLUGIN_VAR_READONLY, + "Use mysql_cleartext_plugin on the client side instead of the dialog " + "plugin. This may be needed for compatibility reasons, but it only " + "supports simple PAM policies that don't require anything besides " + "a password", NULL, NULL, 0); + +static struct st_mysql_sys_var* vars[] = { + MYSQL_SYSVAR(use_cleartext_plugin), + NULL +}; + + +static int init(void *p __attribute__((unused))) +{ + if (use_cleartext_plugin) + info.client_auth_plugin= "mysql_clear_password"; + return 0; +} + maria_declare_plugin(pam) { MYSQL_AUTHENTICATION_PLUGIN, @@ -162,11 +183,11 @@ maria_declare_plugin(pam) "Sergei Golubchik", "PAM based authentication", PLUGIN_LICENSE_GPL, - NULL, + init, NULL, 0x0100, NULL, - NULL, + vars, "1.0", MariaDB_PLUGIN_MATURITY_BETA }