[MDBF-1036] pam tests marked as failure although successful - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Duplicate
Affects Version/s: BB V1.04
Fix Version/s: N/A
Component/s: Buildbot
Labels:
None

Description

scripts/pam-test.sh

https://buildbot.mariadb.org/#/builders/703/builds/1350
test PAM (failure)
worker[01] Using MTR_BUILD_THREAD 300, with reserved ports 19000..19029
plugins.pam_cleartext [ pass ] 171
worker[01] > Restart [mysqld.1 - pid: 3565, winpid: 3565] - running with different options '' != '--loose-pam-use-cleartext-plugin'
plugins.pam [ pass ] 211
plugins.pam_v1 [ pass ] 32
--------------------------------------------------------------------------
The servers were restarted 1 times
Spent 0.414 of 11 seconds executing testcases
Completed: All 3 tests were successful.
+ set +e
+ (( res != 0 ))
+ exit 1
program finished with exit code 1
elapsedTime=17.459060

Attachments

Issue Links

is caused by

MDBF-807 Setup for PAM tests in buildbot

Closed

relates to

MDEV-36681 PAM (v2) tests not running successfully on install VMs

Closed

Activity

Ascending order - Click to sort in descending order

Varzaru Razvan-Liviu added a comment - 2025-04-14 07:08 - edited

danblack not sure if something server side caused this or it's the VM's , but:

https://buildbot.mariadb.org/#/builders/695/builds/721/steps/5/logs/stdio

ERROR 1045 (28000): Access denied for user 'buildbot'@'localhost' (using password: NO)

+ res=1

This is where the failure comes from.

faust on VM redeployment on Production,
did you changed something about the buildbot user on VM's (sudo, password)?

Is it assuming the default password set on VM's for buildbot user:

mysql -ubuildbot -ptest -e 'SHOW GRANTS'

which fails with the above error.

Varzaru Razvan-Liviu added a comment - 2025-04-14 07:08 - edited danblack not sure if something server side caused this or it's the VM's , but: https://buildbot.mariadb.org/#/builders/695/builds/721/steps/5/logs/stdio ERROR 1045 ( 28000 ): Access denied for user 'buildbot' @ 'localhost' (using password: NO) + res= 1 This is where the failure comes from. faust on VM redeployment on Production, did you changed something about the buildbot user on VM's (sudo, password)? Is it assuming the default password set on VM's for buildbot user: mysql -ubuildbot -ptest -e 'SHOW GRANTS' which fails with the above error.

Daniel Black added a comment - 2025-04-14 22:36

Quite right - unix password on buildbot user seems likely cause. Failing that something logged in the mariadb.service journal or something system wide.

Daniel Black added a comment - 2025-04-14 22:36 Quite right - unix password on buildbot user seems likely cause. Failing that something logged in the mariadb.service journal or something system wide.

Daniel Black added a comment - 2 days ago

Fixed in server - ~~MDEV-36681~~

Also checked pam_v1 to see if chown/chmod still required. In short, yes it is as the unix_chkpwd is running as the mysql user (real), despite being suid (effective - geteuid) but sets the effective to mysql before attempting to access /etc/shadow.

1947  openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 3

1947  fstat(3, {st_mode=S_IFREG|0644, st_size=1521, ...}) = 0

1947  lseek(3, 0, SEEK_SET)             = 0

1947  read(3, "root:x:0:0:root:/root:/bin/bash\nbin:x:1:1:bin:/bin:/sbin/nologin\ndaemon:x:2:2:daemon:/sbin:/sbin/no"..., 4096) = 1521

1947  close(3)                          = 0

1947  getuid()                          = 991

1947  setuid(991)                       = 0

1947  read(0, "notmypassword\0", 513)         = 13

1947  openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 3

1947  fstat(3, {st_mode=S_IFREG|0644, st_size=1521, ...}) = 0

1947  lseek(3, 0, SEEK_SET)             = 0

1947  read(3, "root:x:0:0:root:/root:/bin/bash\nbin:x:1:1:bin:/bin:/sbin/nologin\ndaemon:x:2:2:daemon:/sbin:/sbin/no"..., 4096) = 1521

1947  close(3)                          = 0

1947  openat(AT_FDCWD, "/etc/shadow", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)

Daniel Black added a comment - 2 days ago Fixed in server - MDEV-36681 Also checked pam_v1 to see if chown/chmod still required. In short, yes it is as the unix_chkpwd is running as the mysql user (real), despite being suid (effective - geteuid) but sets the effective to mysql before attempting to access /etc/shadow. 1947 openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 3 1947 fstat(3, {st_mode=S_IFREG|0644, st_size=1521, ...}) = 0 1947 lseek(3, 0, SEEK_SET) = 0 1947 read(3, "root:x:0:0:root:/root:/bin/bash\nbin:x:1:1:bin:/bin:/sbin/nologin\ndaemon:x:2:2:daemon:/sbin:/sbin/no"..., 4096) = 1521 1947 close(3) = 0 1947 getuid() = 991 1947 setuid(991) = 0 1947 read(0, "notmypassword\0", 513) = 13 1947 openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 3 1947 fstat(3, {st_mode=S_IFREG|0644, st_size=1521, ...}) = 0 1947 lseek(3, 0, SEEK_SET) = 0 1947 read(3, "root:x:0:0:root:/root:/bin/bash\nbin:x:1:1:bin:/bin:/sbin/nologin\ndaemon:x:2:2:daemon:/sbin:/sbin/no"..., 4096) = 1521 1947 close(3) = 0 1947 openat(AT_FDCWD, "/etc/shadow", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)

People

Assignee:: Varzaru Razvan-Liviu

Reporter:: Daniel Black

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2025-04-14 02:44

Updated:: 2 days ago 05:38

Resolved:: 2 days ago 05:38

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

0.5d

MariaDB Foundation Development