MDEV-4636 use mysql_cleartext_plugin from auth_pam

add a new command-line option --pam-use-cleartext-plugin
2025-07-29 05:21:33 +03:00 · 2013-06-11 12:53:35 +02:00
parent 43a6831fe0
commit f722b15dc2
6 changed files with 61 additions and 14 deletions
--- a/mysql-test/suite/plugins/r/pam_cleartext.result
+++ b/mysql-test/suite/plugins/r/pam_cleartext.result
@ -0,0 +1,10 @@
+install plugin pam soname 'auth_pam.so';
+create user test_pam identified via pam using 'mariadb_mtr';
+create user pam_test;
+grant proxy on pam_test to test_pam;
+show variables like 'pam%';
+Variable_name	Value
+pam_use_cleartext_plugin	ON
+drop user test_pam;
+drop user pam_test;
+uninstall plugin pam;
--- a/mysql-test/suite/plugins/t/pam.test
+++ b/mysql-test/suite/plugins/t/pam.test
@ -1,16 +1,5 @@

--source include/not_embedded.inc
-
-if (!$AUTH_PAM_SO) {
-  skip No pam auth plugin;
-}
-
-eval install plugin pam soname '$AUTH_PAM_SO';
-create user test_pam identified via pam using 'mariadb_mtr';
-create user pam_test;
-grant proxy on pam_test to test_pam;
-
-let $plugindir=`SELECT @@global.plugin_dir`;
+--source pam_init.inc

 --write_file $MYSQLTEST_VARDIR/tmp/pam_good.txt
 not very secret challenge
--- a/mysql-test/suite/plugins/t/pam_cleartext.opt
+++ b/mysql-test/suite/plugins/t/pam_cleartext.opt
@ -0,0 +1 @@
+--loose-pam-use-cleartext-plugin
--- a/mysql-test/suite/plugins/t/pam_cleartext.test
+++ b/mysql-test/suite/plugins/t/pam_cleartext.test
@ -0,0 +1,12 @@
+
+--source pam_init.inc
+
+show variables like 'pam%';
+
+--error 1
+--exec echo FAIL | $MYSQL_TEST -u test_pam --plugin-dir=$plugindir
+
+drop user test_pam;
+drop user pam_test;
+uninstall plugin pam;
+
--- a/mysql-test/suite/plugins/t/pam_init.inc
+++ b/mysql-test/suite/plugins/t/pam_init.inc
@ -0,0 +1,14 @@
+
+--source include/not_embedded.inc
+
+if (!$AUTH_PAM_SO) {
+  skip No pam auth plugin;
+}
+
+eval install plugin pam soname '$AUTH_PAM_SO';
+create user test_pam identified via pam using 'mariadb_mtr';
+create user pam_test;
+grant proxy on pam_test to test_pam;
+
+let $plugindir=`SELECT @@global.plugin_dir`;
+
--- a/plugin/auth_pam/auth_pam.c
+++ b/plugin/auth_pam/auth_pam.c
@ -154,6 +154,27 @@ static struct st_mysql_auth info =
  pam_auth
 };

+static char use_cleartext_plugin;
+static MYSQL_SYSVAR_BOOL(use_cleartext_plugin, use_cleartext_plugin,
+       PLUGIN_VAR_NOCMDARG | PLUGIN_VAR_READONLY,
+       "Use mysql_cleartext_plugin on the client side instead of the dialog "
+       "plugin. This may be needed for compatibility reasons, but it only "
+       "supports simple PAM policies that don't require anything besides "
+       "a password", NULL, NULL, 0);
+
+static struct st_mysql_sys_var* vars[] = {
+  MYSQL_SYSVAR(use_cleartext_plugin),
+  NULL
+};
+
+
+static int init(void *p __attribute__((unused)))
+{
+  if (use_cleartext_plugin)
+    info.client_auth_plugin= "mysql_clear_password";
+  return 0;
+}
+
 maria_declare_plugin(pam)
 {
  MYSQL_AUTHENTICATION_PLUGIN,
@ -162,11 +183,11 @@ maria_declare_plugin(pam)
  "Sergei Golubchik",
  "PAM based authentication",
  PLUGIN_LICENSE_GPL,
-  NULL,
+  init,
  NULL,
  0x0100,
  NULL,
-  NULL,
+  vars,
  "1.0",
  MariaDB_PLUGIN_MATURITY_BETA
 }