1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
let $PAM_PLUGIN_VERSION= $AUTH_PAM_SO;
--source pam_init.inc
--write_file $MYSQLTEST_VARDIR/tmp/pam_good.txt
not very secret challenge
9225
select user(), current_user(), database();
EOF
--write_file $MYSQLTEST_VARDIR/tmp/pam_bad.txt
not very secret challenge
9224
select user(), current_user(), database();
EOF
--write_file $MYSQLTEST_VARDIR/tmp/pam_ugly.txt
crash pam module
616
select user(), current_user(), database();
EOF
--write_file $MYSQLTEST_VARDIR/tmp/pam_good2.txt
9212
select user(), current_user(), database();
EOF
--echo #
--echo # athentication is successful, challenge/pin are ok
--echo # note that current_user() differs from user()
--echo #
--exec $MYSQL_TEST -u test_pam < $MYSQLTEST_VARDIR/tmp/pam_good.txt
--echo #
--echo # athentication is unsuccessful
--echo #
--error 1
--exec $MYSQL_TEST -u test_pam < $MYSQLTEST_VARDIR/tmp/pam_bad.txt
--echo #
--echo # athentication is unsuccessful
--echo #
--error 1
--exec $MYSQL_TEST -u test_pam < $MYSQLTEST_VARDIR/tmp/pam_ugly.txt
--echo #
--echo # athentication is successful
--echo #
--exec $MYSQL_TEST -u test_pam -pgoodpassword < $MYSQLTEST_VARDIR/tmp/pam_good2.txt
--echo #
--echo # athentication is unsuccessful
--echo #
--error 1
--exec $MYSQL_TEST -u test_pam -pbadpassword < $MYSQLTEST_VARDIR/tmp/pam_good2.txt
--echo #
--echo # MDEV-26339 Account specifics to be handled before proxying
--echo #
# one can connect if the proxy account is locked
alter user pam_test account lock;
alter user pam_test require subject 'foobar';
alter user pam_test password expire;
--error 0
--exec $MYSQL_TEST -u test_pam -pgoodpassword < $MYSQLTEST_VARDIR/tmp/pam_good2.txt
alter user pam_test account unlock;
alter user pam_test require none;
alter user pam_test identified by '';
show create user pam_test;
#one cannot connect if the proxied account is locked
alter user test_pam account lock;
--error 1
--exec $MYSQL_TEST -u test_pam -pgoodpassword < $MYSQLTEST_VARDIR/tmp/pam_good2.txt
alter user test_pam account unlock;
alter user test_pam require subject 'foobar';
--error 1
--exec $MYSQL_TEST -u test_pam -pgoodpassword < $MYSQLTEST_VARDIR/tmp/pam_good2.txt
alter user test_pam require none;
alter user test_pam password expire;
--error 1
--exec $MYSQL_TEST -u test_pam -pgoodpassword < $MYSQLTEST_VARDIR/tmp/pam_good2.txt
drop user test_pam;
drop user pam_test;
create user PAM_TEST identified via pam using 'mariadb_mtr';
grant all on test.* to PAM_TEST;
--echo #
--echo # athentication is unsuccessful
--echo #
--error 1
--exec $MYSQL_TEST -u PAM_TEST < $MYSQLTEST_VARDIR/tmp/pam_good.txt
set global pam_winbind_workaround=1;
--echo #
--echo # athentication is successful
--echo #
--exec $MYSQL_TEST -u PAM_TEST < $MYSQLTEST_VARDIR/tmp/pam_good.txt
--remove_file $MYSQLTEST_VARDIR/tmp/pam_good.txt
--remove_file $MYSQLTEST_VARDIR/tmp/pam_good2.txt
--remove_file $MYSQLTEST_VARDIR/tmp/pam_bad.txt
--remove_file $MYSQLTEST_VARDIR/tmp/pam_ugly.txt
drop user PAM_TEST;
--echo #
--echo # MDEV-27341 Use SET PASSWORD to change PAM service
--echo #
create user pam_test identified via pam using 'mariadb_mtr';
grant all on test.* to pam_test;
--write_file $MYSQLTEST_VARDIR/tmp/setpwd.txt
not very secret challenge
9225
select user(), current_user(), database();
error ER_SET_PASSWORD_AUTH_PLUGIN;
set password='foo';
show create user;
EOF
--exec $MYSQL_TEST -u pam_test < $MYSQLTEST_VARDIR/tmp/setpwd.txt
--remove_file $MYSQLTEST_VARDIR/tmp/setpwd.txt
drop user pam_test;
let $count_sessions= 1;
--source include/wait_until_count_sessions.inc
uninstall plugin pam;
|
