Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
MariaDB
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
MariaDB
Commits
25410d44
Commit
25410d44
authored
Jul 14, 2018
by
Alexey Botchkov
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
MDEV-15473 Isolate/sandbox PAM modules, so that they can't crash the server.
mysql_install_db.sh script fixed.
parent
7fda6161
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
26 additions
and
1 deletion
+26
-1
plugin/auth_pam/CMakeLists.txt
plugin/auth_pam/CMakeLists.txt
+6
-1
scripts/mysql_install_db.sh
scripts/mysql_install_db.sh
+20
-0
No files found.
plugin/auth_pam/CMakeLists.txt
View file @
25410d44
...
...
@@ -11,7 +11,12 @@ IF(HAVE_PAM_APPL_H)
ADD_DEFINITIONS
(
-D_GNU_SOURCE
)
MYSQL_ADD_PLUGIN
(
auth_pam_v1 auth_pam_v1.c LINK_LIBRARIES pam MODULE_ONLY
)
MYSQL_ADD_PLUGIN
(
auth_pam auth_pam.c LINK_LIBRARIES pam dl MODULE_ONLY
)
MYSQL_ADD_EXECUTABLE
(
auth_pam_tool auth_pam_tool.c DESTINATION
${
INSTALL_PLUGINDIR
}
/auth_pam_tool_dir COMPONENT Server
)
MYSQL_ADD_EXECUTABLE
(
auth_pam_tool auth_pam_tool.c DESTINATION
${
INSTALL_PLUGINDIR
}
/auth_pam_tool_dir COMPONENT Server
)
TARGET_LINK_LIBRARIES
(
auth_pam_tool pam
)
INSTALL
(
CODE
"EXECUTE_PROCESS(
COMMAND chmod u=rwx,g=,o= auth_pam_tool_dir
COMMAND chmod u=rwxs,g=rx,o=rx auth_pam_tool_dir/auth_pam_tool
WORKING_DIRECTORY
\$
ENV{DESTDIR}
\$
{CMAKE_INSTALL_PREFIX}/
${
INSTALL_PLUGINDIR
}
/)"
COMPONENT Server
)
ENDIF
(
HAVE_PAM_APPL_H
)
scripts/mysql_install_db.sh
View file @
25410d44
...
...
@@ -308,6 +308,7 @@ then
srcpkgdatadir
=
"
$srcdir
/scripts"
buildpkgdatadir
=
"
$builddir
/scripts"
plugindir
=
"
$builddir
/plugin/auth_socket"
pamtooldir
=
"
$builddir
/plugin/auth_pam"
elif
test
-n
"
$basedir
"
then
bindir
=
"
$basedir
/bin"
# only used in the help text
...
...
@@ -337,6 +338,7 @@ then
exit
1
fi
plugindir
=
`
find_in_dirs
--dir
auth_socket.so
$basedir
/lib
*
/plugin
$basedir
/lib
*
/mysql/plugin
`
pamtooldir
=
$plugindir
else
basedir
=
"@prefix@"
bindir
=
"@bindir@"
...
...
@@ -345,6 +347,7 @@ else
srcpkgdatadir
=
"@pkgdatadir@"
buildpkgdatadir
=
"@pkgdatadir@"
plugindir
=
"@pkgplugindir@"
pamtooldir
=
"@pkgplugindir@"
fi
# Set up paths to SQL scripts required for bootstrap
...
...
@@ -445,6 +448,23 @@ done
if
test
-n
"
$user
"
then
chown
$user
"
$pamtooldir
/auth_pam_tool_dir"
if
test
$?
-ne
0
then
echo
"Cannot change ownership of the '
$pamtooldir
/auth_pam_tool_dir' directory"
echo
" to the '
$user
' user. Check that you have the necessary permissions and try again."
exit
1
fi
if
test
-z
"
$srcdir
"
then
chown
0
"
$pamtooldir
/auth_pam_tool_dir/auth_pam_tool"
if
test
$?
-ne
0
then
echo
"Couldn't set an owner to '
$pamtooldir
/auth_pam_tool_dir/auth_pam_tool'."
echo
" It must be root, the PAM authentication plugin doesn't work otherwise.."
echo
fi
fi
args
=
"
$args
--user=
$user
"
fi
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment