Commit f9986f28 authored by Sergei Golubchik's avatar Sergei Golubchik

MDEV-4636 use mysql_cleartext_plugin from auth_pam

add a new command-line option --pam-use-cleartext-plugin
parent 96c85130
install plugin pam soname 'auth_pam.so';
create user test_pam identified via pam using 'mariadb_mtr';
create user pam_test;
grant proxy on pam_test to test_pam;
show variables like 'pam%';
Variable_name Value
pam_use_cleartext_plugin ON
drop user test_pam;
drop user pam_test;
uninstall plugin pam;
--source include/not_embedded.inc
if (!$AUTH_PAM_SO) {
skip No pam auth plugin;
}
eval install plugin pam soname '$AUTH_PAM_SO';
create user test_pam identified via pam using 'mariadb_mtr';
create user pam_test;
grant proxy on pam_test to test_pam;
let $plugindir=`SELECT @@global.plugin_dir`;
--source pam_init.inc
--write_file $MYSQLTEST_VARDIR/tmp/pam_good.txt
not very secret challenge
......
--loose-pam-use-cleartext-plugin
--source pam_init.inc
show variables like 'pam%';
--error 1
--exec echo FAIL | $MYSQL_TEST -u test_pam --plugin-dir=$plugindir
drop user test_pam;
drop user pam_test;
uninstall plugin pam;
--source include/not_embedded.inc
if (!$AUTH_PAM_SO) {
skip No pam auth plugin;
}
eval install plugin pam soname '$AUTH_PAM_SO';
create user test_pam identified via pam using 'mariadb_mtr';
create user pam_test;
grant proxy on pam_test to test_pam;
let $plugindir=`SELECT @@global.plugin_dir`;
......@@ -154,6 +154,27 @@ static struct st_mysql_auth info =
pam_auth
};
static char use_cleartext_plugin;
static MYSQL_SYSVAR_BOOL(use_cleartext_plugin, use_cleartext_plugin,
PLUGIN_VAR_NOCMDARG | PLUGIN_VAR_READONLY,
"Use mysql_cleartext_plugin on the client side instead of the dialog "
"plugin. This may be needed for compatibility reasons, but it only "
"supports simple PAM policies that don't require anything besides "
"a password", NULL, NULL, 0);
static struct st_mysql_sys_var* vars[] = {
MYSQL_SYSVAR(use_cleartext_plugin),
NULL
};
static int init(void *p __attribute__((unused)))
{
if (use_cleartext_plugin)
info.client_auth_plugin= "mysql_clear_password";
return 0;
}
maria_declare_plugin(pam)
{
MYSQL_AUTHENTICATION_PLUGIN,
......@@ -162,11 +183,11 @@ maria_declare_plugin(pam)
"Sergei Golubchik",
"PAM based authentication",
PLUGIN_LICENSE_GPL,
NULL,
init,
NULL,
0x0100,
NULL,
NULL,
vars,
"1.0",
MariaDB_PLUGIN_MATURITY_BETA
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment