database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-29 05:21:33 +03:00
Code Activity

MDEV-4636 use mysql_cleartext_plugin from auth_pam

Browse Source 
add a new command-line option --pam-use-cleartext-plugin
This commit is contained in:
Sergei Golubchik
2013-06-11 12:53:35 +02:00
parent 43a6831fe0
commit f722b15dc2
6 changed files with 61 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
mysql-test/suite/plugins/r/pam_cleartext.result Normal file
View File

@ -0,0 +1,10 @@
install plugin pam soname 'auth_pam.so';
create user test_pam identified via pam using 'mariadb_mtr';
create user pam_test;
grant proxy on pam_test to test_pam;
show variables like 'pam%';
Variable_name Value
pam_use_cleartext_plugin ON
drop user test_pam;
drop user pam_test;
uninstall plugin pam;

13
mysql-test/suite/plugins/t/pam.test
View File

@ -1,16 +1,5 @@
--source include/not_embedded.inc --source pam_init.inc
if (!$AUTH_PAM_SO) {
skip No pam auth plugin;
}
eval install plugin pam soname '$AUTH_PAM_SO';
create user test_pam identified via pam using 'mariadb_mtr';
create user pam_test;
grant proxy on pam_test to test_pam;
let $plugindir=`SELECT @@global.plugin_dir`;
--write_file $MYSQLTEST_VARDIR/tmp/pam_good.txt --write_file $MYSQLTEST_VARDIR/tmp/pam_good.txt
not very secret challenge not very secret challenge

1
mysql-test/suite/plugins/t/pam_cleartext.opt Normal file
View File

@ -0,0 +1 @@
--loose-pam-use-cleartext-plugin

12
mysql-test/suite/plugins/t/pam_cleartext.test Normal file
View File

@ -0,0 +1,12 @@
--source pam_init.inc
show variables like 'pam%';
--error 1
--exec echo FAIL | $MYSQL_TEST -u test_pam --plugin-dir=$plugindir
drop user test_pam;
drop user pam_test;
uninstall plugin pam;

14
mysql-test/suite/plugins/t/pam_init.inc Normal file
View File

@ -0,0 +1,14 @@
--source include/not_embedded.inc
if (!$AUTH_PAM_SO) {
skip No pam auth plugin;
}
eval install plugin pam soname '$AUTH_PAM_SO';
create user test_pam identified via pam using 'mariadb_mtr';
create user pam_test;
grant proxy on pam_test to test_pam;
let $plugindir=`SELECT @@global.plugin_dir`;

25
plugin/auth_pam/auth_pam.c
View File

@ -154,6 +154,27 @@ static struct st_mysql_auth info =
pam_auth pam_auth
}; };
static char use_cleartext_plugin;
static MYSQL_SYSVAR_BOOL(use_cleartext_plugin, use_cleartext_plugin,
PLUGIN_VAR_NOCMDARG | PLUGIN_VAR_READONLY,
"Use mysql_cleartext_plugin on the client side instead of the dialog "
"plugin. This may be needed for compatibility reasons, but it only "
"supports simple PAM policies that don't require anything besides "
"a password", NULL, NULL, 0);
static struct st_mysql_sys_var* vars[] = {
MYSQL_SYSVAR(use_cleartext_plugin),
NULL
};
static int init(void *p __attribute__((unused)))
{
if (use_cleartext_plugin)
info.client_auth_plugin= "mysql_clear_password";
return 0;
}
maria_declare_plugin(pam) maria_declare_plugin(pam)
{ {
MYSQL_AUTHENTICATION_PLUGIN, MYSQL_AUTHENTICATION_PLUGIN,
@ -162,11 +183,11 @@ maria_declare_plugin(pam)
"Sergei Golubchik", "Sergei Golubchik",
"PAM based authentication", "PAM based authentication",
PLUGIN_LICENSE_GPL, PLUGIN_LICENSE_GPL,
NULL, init,
NULL, NULL,
0x0100, 0x0100,
NULL, NULL,
NULL, vars,
"1.0", "1.0",
MariaDB_PLUGIN_MATURITY_BETA MariaDB_PLUGIN_MATURITY_BETA
} }