Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-19440

Log PAM_ERROR_MSG and PAM_TEXT_INFO messages types in PAM conversation function

    XMLWordPrintable

Details

    Description

      The PAM authentication plugin's conversation function may be throwing away some information that may be useful for diagnostic purposes because it does not seem to log messages of the following types:

      PAM_ERROR_MSG
      Display an error message.

      PAM_TEXT_INFO
      Display some text.

      http://www.linux-pam.org/Linux-PAM-html/mwg-expected-by-module-item.html#mwg-pam_conv

      See here:

      https://github.com/MariaDB/server/blob/mariadb-10.4.4/plugin/auth_pam/auth_pam_base.c#L63

      I think it might always make sense to log messages of the type PAM_ERROR_MSG.

      Maybe it could be optional to log messages of the type PAM_TEXT_INFO. Would it make sense to base that on log_warnings? Or maybe on another new system variable defined by the plugin? Like pam_log_text_info or something?

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MXS-2479 Don't throw error for PAM_TEXT_INFO in PAM conversation function

          • Major - Major loss of function.
          • Closed

          Activity

            People

              serg Sergei Golubchik
              GeoffMontee Geoff Montee (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.