MDEV-15471 Isolate/sandbox PAM modules, so that they can't crash the server

tests fixed.

MDEV-15471 Isolate/sandbox PAM modules, so that they can't crash the server
tests fixed.
725c3df5 · Alexey Botchkov · de745ecf · 725c3df5 · 725c3df5 · 725c3df5
Commit 725c3df5 authored Jul 04, 2018 by Alexey Botchkov
5 changed files
--- a/mysql-test/suite/plugins/r/pam_v1.result
+++ b/mysql-test/suite/plugins/r/pam_v1.result
+install plugin pam soname 'auth_pam_v1.so';
+create user test_pam identified via pam using 'mariadb_mtr';
+create user pam_test;
+grant proxy on pam_test to test_pam;
+#
+# athentication is successful, challenge/pin are ok
+# note that current_user() differs from user()
+#
+Challenge input first.
+Enter: not very secret challenge
+Now, the magic number!
+PIN: ****
+select user(), current_user(), database();
+user()	current_user()	database()
+test_pam@localhost	pam_test@%	test
+#
+# athentication is unsuccessful
+#
+Challenge input first.
+Enter: not very secret challenge
+Now, the magic number!
+PIN: ****
+drop user test_pam;
+drop user pam_test;
+uninstall plugin pam;
--- a/mysql-test/suite/plugins/t/pam.test
+++ b/mysql-test/suite/plugins/t/pam.test
-
+let $PAM_PLUGIN_VERSION= $AUTH_PAM_SO;
 --source pam_init.inc

 --write_file $MYSQLTEST_VARDIR/tmp/pam_good.txt

--- a/mysql-test/suite/plugins/t/pam_init.inc
+++ b/mysql-test/suite/plugins/t/pam_init.inc

 --source include/not_embedded.inc

-if (!$AUTH_PAM_SO) {
+if (!$PAM_PLUGIN_VERSION) {
  skip No pam auth plugin;
 }

-eval install plugin pam soname '$AUTH_PAM_SO';
+eval install plugin pam soname '$PAM_PLUGIN_VERSION';
 create user test_pam identified via pam using 'mariadb_mtr';
 create user pam_test;
 grant proxy on pam_test to test_pam;

--- a/mysql-test/suite/plugins/t/pam_init_v1.inc
+++ b/mysql-test/suite/plugins/t/pam_init_v1.inc
-
--source include/not_embedded.inc
-
-if (!$AUTH_PAM_V1_SO) {
-  skip No pam auth plugin;
-}
-
-eval install plugin pam soname '$AUTH_PAM_V1_SO';
-create user test_pam identified via pam using 'mariadb_mtr';
-create user pam_test;
-grant proxy on pam_test to test_pam;
-
-let $plugindir=`SELECT @@global.plugin_dir`;
-
--- a/mysql-test/suite/plugins/t/pam_v1.test
+++ b/mysql-test/suite/plugins/t/pam_v1.test
-
+let $PAM_PLUGIN_VERSION= $AUTH_PAM_V1_SO;
 --source pam_init.inc

 --write_file $MYSQLTEST_VARDIR/tmp/pam_good.txt
@@ -25,12 +25,6 @@ EOF
 --error 1
 --exec $MYSQL_TEST -u test_pam --plugin-dir=$plugindir < $MYSQLTEST_VARDIR/tmp/pam_bad.txt

--echo #
--echo # pam module crashes
--echo #
--error 1
--exec $MYSQL_TEST -u crash_pam_tool --plugin-dir=$plugindir < $MYSQLTEST_VARDIR/tmp/pam_good.txt
-
 --remove_file $MYSQLTEST_VARDIR/tmp/pam_good.txt
 --remove_file $MYSQLTEST_VARDIR/tmp/pam_bad.txt
 drop user test_pam;