[MDEV-19882] pam v2: auth_pam_tool truncates passwords that are not null-terminated - Jira

Geoff Montee (Inactive) created issue - 2019-06-27 05:39

Geoff Montee (Inactive) made changes - 2019-06-27 05:39

Field	Original Value	New Value
Link		This issue is caused by ~~MDEV-7032~~ [ ~~MDEV-7032~~ ]

Geoff Montee (Inactive) made changes - 2019-06-27 05:39

Link

This issue is caused by ~~MDEV-15473~~ [ ~~MDEV-15473~~ ]

Geoff Montee (Inactive) made changes - 2019-06-27 05:40

Link

This issue relates to ~~MDEV-19878~~ [ ~~MDEV-19878~~ ]

Geoff Montee (Inactive) made changes - 2019-06-27 05:40

Link

This issue relates to MDEV-19881 [ MDEV-19881 ]

Geoff Montee (Inactive) made changes - 2019-06-27 05:40

Link

This issue relates to ~~MDEV-19879~~ [ ~~MDEV-19879~~ ]

Geoff Montee (Inactive) made changes - 2019-06-27 05:40

Link

This issue relates to ~~MDEV-19876~~ [ ~~MDEV-19876~~ ]

Geoff Montee (Inactive) made changes - 2019-06-27 05:40

Link

This issue relates to MDEV-19877 [ MDEV-19877 ]

Geoff Montee (Inactive) made changes - 2019-06-27 05:40

Link

This issue relates to ~~MDEV-19880~~ [ ~~MDEV-19880~~ ]

Geoff Montee (Inactive) made changes - 2019-06-27 05:40

Link

This issue blocks MENT-75 [ MENT-75 ]

Geoff Montee (Inactive) made changes - 2019-06-27 06:12

Description

In MariaDB 10.4, version 2 of the pam plugin is provided. This plugin forks a new process and executes the auth_pam_tool utility that is now bundled with the server.

Unfortunately, it seems to truncate the password.

To reproduce this, let's use the steps from MDEV-19877:

Create a Unix user account and set a password for the user:

{noformat}
sudo useradd alice
sudo passwd alice
{noformat}

Create the PAM service configuration:

{noformat}
tee /etc/pam.d/mariadb <<EOF
auth required pam_unix.so audit
account required pam_unix.so audit
EOF
{noformat}

And then you might need to execute some commands to work around ~~MDEV-19876~~:

{noformat}
sudo chmod 0755 /usr/lib64/mysql/plugin/auth_pam_tool_dir/
sudo chmod 4755 /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

Next, let's try using the tool.

Let's say that I create a file with this text:

{noformat}
echo -n -e '0\0\005alice\0\007mariadb\0\014alicemariadb' > input.txt
{noformat}

And then confirm the contents of the file:

{noformat}
$ hexdump -c input.txt
0000000 0 \0 005 a l i c e \0 \a m a r i a d
0000010 b \0 \f a l i c e m a r i a d b
000001f
{noformat}

And then try to redirect the tool's stdin to this file:

{noformat}
cat input.txt | /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

The syslog shows an authentication failure, so it does seem to be running the tool:

{noformat}
Jun 27 05:24:12 ip-172-30-0-123 unix_chkpwd[4526]: password check failed for user (alice)
Jun 27 05:24:12 ip-172-30-0-123 auth_pam_tool: pam_unix(mariadb:auth): authentication failure; logname= uid=1000 euid=0 tty= ruser= rhost= user=alice
{noformat}

Let's run it with strace:

{noformat}
cat input.txt | strace -s 500 -o ./strace/auth_pam_tool_strace.log -ff /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

The output shows that the correct passwird ("alicemariadb") is received, but then it is truncated:

{noformat}
read(0, "\0\f", 2) = 2
read(0, "alicemariadb", 12) = 12
...
pipe([3, 4]) = 0
rt_sigaction(SIGCHLD, {SIG_DFL, [], SA_RESTORER, 0x7f9a94f9c5d0}, {SIG_DFL, [], 0}, 8) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f9a953bfa50) = 4535
write(4, "alicemariad", 11) = 11
write(4, "\0", 1) = 1
...
sendto(3, "<85>Jun 27 05:25:42 auth_pam_tool: pam_unix(mariadb:auth): authentication failure; logname= uid=1000 euid=1000 tty= ruser= rhost= user=alice", 141, MSG_NOSIGNAL, NULL, 0) = 141
{noformat}

The strace output for the second process spawned by the tool to execute unix_chkpwd also shows the truncated password:

{noformat}
read(0, "alicemariad\0", 513) = 12
{noformat}

In MariaDB 10.4, version 2 of the pam plugin is provided. This plugin forks a new process and executes the auth_pam_tool utility that is now bundled with the server.

Unfortunately, it seems to truncate the password.

To reproduce this, let's use the steps from MDEV-19877:

Create a Unix user account and set a password for the user:

{noformat}
sudo useradd alice
sudo passwd alice
{noformat}

Create the PAM service configuration:

{noformat}
sudo tee /etc/pam.d/mariadb <<EOF
auth required pam_unix.so audit
account required pam_unix.so audit
EOF
{noformat}

And then you might need to execute some commands to work around ~~MDEV-19876~~:

{noformat}
sudo chmod 0755 /usr/lib64/mysql/plugin/auth_pam_tool_dir/
sudo chmod 4755 /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

Next, let's try using the tool.

Let's say that I create a file with this text:

{noformat}
echo -n -e '0\0\005alice\0\007mariadb\0\014alicemariadb' > input.txt
{noformat}

And then confirm the contents of the file:

{noformat}
$ hexdump -c input.txt
0000000 0 \0 005 a l i c e \0 \a m a r i a d
0000010 b \0 \f a l i c e m a r i a d b
000001f
{noformat}

And then try to redirect the tool's stdin to this file:

{noformat}
cat input.txt | /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

The syslog shows an authentication failure, so it does seem to be running the tool:

{noformat}
Jun 27 05:24:12 ip-172-30-0-123 unix_chkpwd[4526]: password check failed for user (alice)
Jun 27 05:24:12 ip-172-30-0-123 auth_pam_tool: pam_unix(mariadb:auth): authentication failure; logname= uid=1000 euid=0 tty= ruser= rhost= user=alice
{noformat}

Let's run it with strace:

{noformat}
cat input.txt | strace -s 500 -o ./strace/auth_pam_tool_strace.log -ff /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

The output shows that the correct passwird ("alicemariadb") is received, but then it is truncated:

{noformat}
read(0, "\0\f", 2) = 2
read(0, "alicemariadb", 12) = 12
...
pipe([3, 4]) = 0
rt_sigaction(SIGCHLD, {SIG_DFL, [], SA_RESTORER, 0x7f9a94f9c5d0}, {SIG_DFL, [], 0}, 8) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f9a953bfa50) = 4535
write(4, "alicemariad", 11) = 11
write(4, "\0", 1) = 1
...
sendto(3, "<85>Jun 27 05:25:42 auth_pam_tool: pam_unix(mariadb:auth): authentication failure; logname= uid=1000 euid=1000 tty= ruser= rhost= user=alice", 141, MSG_NOSIGNAL, NULL, 0) = 141
{noformat}

The strace output for the second process spawned by the tool to execute unix_chkpwd also shows the truncated password:

{noformat}
read(0, "alicemariad\0", 513) = 12
{noformat}

Sergei Golubchik made changes - 2019-06-28 08:50

Link

This issue relates to MDEV-19898 [ MDEV-19898 ]

Sergei Golubchik added a comment - 2019-06-30 09:10 - edited

I didn't try to repeat all these steps with strace, but I tried a 64-character password and it worked.
(after fixing ~~MDEV-19876~~ and ~~MDEV-19878~~)

Sergei Golubchik added a comment - 2019-06-30 09:10 - edited I didn't try to repeat all these steps with strace, but I tried a 64-character password and it worked. (after fixing MDEV-19876 and MDEV-19878 )

Sergei Golubchik made changes - 2019-06-30 09:10

Fix Version/s		N/A [ 14700 ]
Fix Version/s	10.4 [ 22408 ]
Resolution		Cannot Reproduce [ 5 ]
Status	Open [ 1 ]	Closed [ 6 ]

Geoff Montee (Inactive) made changes - 2019-10-15 22:45

Resolution	Cannot Reproduce [ 5 ]
Status	Closed [ 6 ]	Stalled [ 10000 ]

Geoff Montee (Inactive) made changes - 2019-10-15 22:45

Affects Version/s

10.4.8 [ 23721 ]

Geoff Montee (Inactive) added a comment - 2019-10-15 22:55

This bug is still present. See ~~MDEV-20571~~.

Geoff Montee (Inactive) added a comment - 2019-10-15 22:55 This bug is still present. See MDEV-20571 .

Geoff Montee (Inactive) made changes - 2019-10-15 22:55

Link

This issue is duplicated by ~~MDEV-20571~~ [ ~~MDEV-20571~~ ]

Geoff Montee (Inactive) made changes - 2019-10-16 02:10

Summary

pam v2: auth_pam_tool truncates password

pam v2: auth_pam_tool truncates passwords that are not null-terminated

Geoff Montee (Inactive) made changes - 2019-10-16 02:11

Description

In MariaDB 10.4, version 2 of the pam plugin is provided. This plugin forks a new process and executes the auth_pam_tool utility that is now bundled with the server.

Unfortunately, it seems to truncate the password.

To reproduce this, let's use the steps from MDEV-19877:

Create a Unix user account and set a password for the user:

{noformat}
sudo useradd alice
sudo passwd alice
{noformat}

Create the PAM service configuration:

{noformat}
sudo tee /etc/pam.d/mariadb <<EOF
auth required pam_unix.so audit
account required pam_unix.so audit
EOF
{noformat}

And then you might need to execute some commands to work around ~~MDEV-19876~~:

{noformat}
sudo chmod 0755 /usr/lib64/mysql/plugin/auth_pam_tool_dir/
sudo chmod 4755 /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

Next, let's try using the tool.

Let's say that I create a file with this text:

{noformat}
echo -n -e '0\0\005alice\0\007mariadb\0\014alicemariadb' > input.txt
{noformat}

And then confirm the contents of the file:

{noformat}
$ hexdump -c input.txt
0000000 0 \0 005 a l i c e \0 \a m a r i a d
0000010 b \0 \f a l i c e m a r i a d b
000001f
{noformat}

And then try to redirect the tool's stdin to this file:

{noformat}
cat input.txt | /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

The syslog shows an authentication failure, so it does seem to be running the tool:

{noformat}
Jun 27 05:24:12 ip-172-30-0-123 unix_chkpwd[4526]: password check failed for user (alice)
Jun 27 05:24:12 ip-172-30-0-123 auth_pam_tool: pam_unix(mariadb:auth): authentication failure; logname= uid=1000 euid=0 tty= ruser= rhost= user=alice
{noformat}

Let's run it with strace:

{noformat}
cat input.txt | strace -s 500 -o ./strace/auth_pam_tool_strace.log -ff /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

The output shows that the correct passwird ("alicemariadb") is received, but then it is truncated:

{noformat}
read(0, "\0\f", 2) = 2
read(0, "alicemariadb", 12) = 12
...
pipe([3, 4]) = 0
rt_sigaction(SIGCHLD, {SIG_DFL, [], SA_RESTORER, 0x7f9a94f9c5d0}, {SIG_DFL, [], 0}, 8) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f9a953bfa50) = 4535
write(4, "alicemariad", 11) = 11
write(4, "\0", 1) = 1
...
sendto(3, "<85>Jun 27 05:25:42 auth_pam_tool: pam_unix(mariadb:auth): authentication failure; logname= uid=1000 euid=1000 tty= ruser= rhost= user=alice", 141, MSG_NOSIGNAL, NULL, 0) = 141
{noformat}

The strace output for the second process spawned by the tool to execute unix_chkpwd also shows the truncated password:

{noformat}
read(0, "alicemariad\0", 513) = 12
{noformat}

In MariaDB 10.4, version 2 of the pam plugin is provided. This plugin forks a new process and executes the auth_pam_tool utility that is now bundled with the server.

Unfortunately, it seems to truncate passwords that are not null-terminated, because it always seems to assume that the last character is the NULL terminator.

To reproduce this, let's use the steps from MDEV-19877:

Create a Unix user account and set a password for the user:

{noformat}
sudo useradd alice
sudo passwd alice
{noformat}

Create the PAM service configuration:

{noformat}
sudo tee /etc/pam.d/mariadb <<EOF
auth required pam_unix.so audit
account required pam_unix.so audit
EOF
{noformat}

And then you might need to execute some commands to work around ~~MDEV-19876~~:

{noformat}
sudo chmod 0755 /usr/lib64/mysql/plugin/auth_pam_tool_dir/
sudo chmod 4755 /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

Next, let's try using the tool.

Let's say that I create a file with this text:

{noformat}
echo -n -e '0\0\005alice\0\007mariadb\0\014alicemariadb' > input.txt
{noformat}

And then confirm the contents of the file:

{noformat}
$ hexdump -c input.txt
0000000 0 \0 005 a l i c e \0 \a m a r i a d
0000010 b \0 \f a l i c e m a r i a d b
000001f
{noformat}

And then try to redirect the tool's stdin to this file:

{noformat}
cat input.txt | /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

The syslog shows an authentication failure, so it does seem to be running the tool:

{noformat}
Jun 27 05:24:12 ip-172-30-0-123 unix_chkpwd[4526]: password check failed for user (alice)
Jun 27 05:24:12 ip-172-30-0-123 auth_pam_tool: pam_unix(mariadb:auth): authentication failure; logname= uid=1000 euid=0 tty= ruser= rhost= user=alice
{noformat}

Let's run it with strace:

{noformat}
cat input.txt | strace -s 500 -o ./strace/auth_pam_tool_strace.log -ff /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

The output shows that the correct passwird ("alicemariadb") is received, but then it is truncated:

{noformat}
read(0, "\0\f", 2) = 2
read(0, "alicemariadb", 12) = 12
...
pipe([3, 4]) = 0
rt_sigaction(SIGCHLD, {SIG_DFL, [], SA_RESTORER, 0x7f9a94f9c5d0}, {SIG_DFL, [], 0}, 8) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f9a953bfa50) = 4535
write(4, "alicemariad", 11) = 11
write(4, "\0", 1) = 1
...
sendto(3, "<85>Jun 27 05:25:42 auth_pam_tool: pam_unix(mariadb:auth): authentication failure; logname= uid=1000 euid=1000 tty= ruser= rhost= user=alice", 141, MSG_NOSIGNAL, NULL, 0) = 141
{noformat}

The strace output for the second process spawned by the tool to execute unix_chkpwd also shows the truncated password:

{noformat}
read(0, "alicemariad\0", 513) = 12
{noformat}

Geoff Montee (Inactive) made changes - 2019-10-16 02:26

Description

In MariaDB 10.4, version 2 of the pam plugin is provided. This plugin forks a new process and executes the auth_pam_tool utility that is now bundled with the server.

Unfortunately, it seems to truncate passwords that are not null-terminated, because it always seems to assume that the last character is the NULL terminator.

To reproduce this, let's use the steps from MDEV-19877:

Create a Unix user account and set a password for the user:

{noformat}
sudo useradd alice
sudo passwd alice
{noformat}

Create the PAM service configuration:

{noformat}
sudo tee /etc/pam.d/mariadb <<EOF
auth required pam_unix.so audit
account required pam_unix.so audit
EOF
{noformat}

And then you might need to execute some commands to work around ~~MDEV-19876~~:

{noformat}
sudo chmod 0755 /usr/lib64/mysql/plugin/auth_pam_tool_dir/
sudo chmod 4755 /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

Next, let's try using the tool.

Let's say that I create a file with this text:

{noformat}
echo -n -e '0\0\005alice\0\007mariadb\0\014alicemariadb' > input.txt
{noformat}

And then confirm the contents of the file:

{noformat}
$ hexdump -c input.txt
0000000 0 \0 005 a l i c e \0 \a m a r i a d
0000010 b \0 \f a l i c e m a r i a d b
000001f
{noformat}

And then try to redirect the tool's stdin to this file:

{noformat}
cat input.txt | /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

The syslog shows an authentication failure, so it does seem to be running the tool:

{noformat}
Jun 27 05:24:12 ip-172-30-0-123 unix_chkpwd[4526]: password check failed for user (alice)
Jun 27 05:24:12 ip-172-30-0-123 auth_pam_tool: pam_unix(mariadb:auth): authentication failure; logname= uid=1000 euid=0 tty= ruser= rhost= user=alice
{noformat}

Let's run it with strace:

{noformat}
cat input.txt | strace -s 500 -o ./strace/auth_pam_tool_strace.log -ff /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

The output shows that the correct passwird ("alicemariadb") is received, but then it is truncated:

{noformat}
read(0, "\0\f", 2) = 2
read(0, "alicemariadb", 12) = 12
...
pipe([3, 4]) = 0
rt_sigaction(SIGCHLD, {SIG_DFL, [], SA_RESTORER, 0x7f9a94f9c5d0}, {SIG_DFL, [], 0}, 8) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f9a953bfa50) = 4535
write(4, "alicemariad", 11) = 11
write(4, "\0", 1) = 1
...
sendto(3, "<85>Jun 27 05:25:42 auth_pam_tool: pam_unix(mariadb:auth): authentication failure; logname= uid=1000 euid=1000 tty= ruser= rhost= user=alice", 141, MSG_NOSIGNAL, NULL, 0) = 141
{noformat}

The strace output for the second process spawned by the tool to execute unix_chkpwd also shows the truncated password:

{noformat}
read(0, "alicemariad\0", 513) = 12
{noformat}

In MariaDB 10.4, version 2 of the pam plugin is provided. This plugin forks a new process and executes the auth_pam_tool utility that is now bundled with the server.

Unfortunately, it seems to truncate passwords that are not null-terminated, because it always seems to assume that the last character is the NULL terminator.

To reproduce this, let's use the steps from MDEV-19877:

Create a Unix user account and set a password for the user:

{noformat}
sudo useradd alice
sudo passwd alice
{noformat}

Create the PAM service configuration:

{noformat}
sudo tee /etc/pam.d/mariadb <<EOF
auth required pam_unix.so audit
account required pam_unix.so audit
EOF
{noformat}

And then you might need to execute some commands to work around ~~MDEV-19876~~:

{noformat}
sudo chmod 0755 /usr/lib64/mysql/plugin/auth_pam_tool_dir/
sudo chmod 4755 /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

Next, let's try using the tool.

Let's assume that the {{alice}} user's password is {{uGBXHxID3dJRALw2}}.

Let's create input with a null-terminated password:

{noformat}
echo -n -e '0\0\x05alice\0\x07mariadb\0\x11uGBXHxID3dJRALw2\0' > good_input.txt
{noformat}

And let's also create input with a password that is not null-terminated:

{noformat}
echo -n -e '0\0\x05alice\0\x07mariadb\0\x10uGBXHxID3dJRALw2' > bad_input.txt
{noformat}

And then confirm the contents of each file:

{noformat}
$ hexdump -c good_input.txt
0000000 0 \0 005 a l i c e \0 \a m a r i a d
0000010 b \0 021 u G B X H x I D 3 d J R A
0000020 L w 2 \0
0000024
$ hexdump -c bad_input.txt
0000000 0 \0 005 a l i c e \0 \a m a r i a d
0000010 b \0 020 u G B X H x I D 3 d J R A
0000020 L w 2
0000023
{noformat}

And then try to redirect the tool's stdin to these files.

Let's do it with strace, so we can see what's happening.

First, the good input:

{noformat}
cat good_input.txt | sudo strace -o strace_good_input.out -f -ff /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

This input is properly read and passed to PAM:

{noformat}
write(1, "C", 1) = 1
write(1, "\0\v", 2) = 2
write(1, "\4Password: ", 11) = 11
read(0, "\0\21", 2) = 2
read(0, "uGBXHxID3dJRALw2\0", 17) = 17
...
write(4, "uGBXHxID3dJRALw2", 16) = 16
write(4, "\0", 1) = 1
{noformat}

Next, the bad input:

{noformat}
cat bad_input.txt | sudo strace -o strace_bad_input.out -f -ff /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

This input is properly read, but it is truncated when it is passed to PAM:

{noformat}
write(1, "C", 1) = 1
write(1, "\0\v", 2) = 2
write(1, "\4Password: ", 11) = 11
read(0, "\0\20", 2) = 2
read(0, "uGBXHxID3dJRALw2", 16) = 16
...
write(4, "uGBXHxID3dJRALw", 15) = 15
write(4, "\0", 1) = 1
{noformat}

The syslog also shows an authentication failure, since the full password was not passed to PAM:

{noformat}
Oct 16 02:24:14 ip-172-30-0-123 unix_chkpwd[11398]: password check failed for user (alice)
Oct 16 02:24:14 ip-172-30-0-123 auth_pam_tool: pam_unix(mariadb:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=alice
{noformat}

Geoff Montee (Inactive) made changes - 2019-10-16 08:59

Description

In MariaDB 10.4, version 2 of the pam plugin is provided. This plugin forks a new process and executes the auth_pam_tool utility that is now bundled with the server.

Unfortunately, it seems to truncate passwords that are not null-terminated, because it always seems to assume that the last character is the NULL terminator.

To reproduce this, let's use the steps from MDEV-19877:

Create a Unix user account and set a password for the user:

{noformat}
sudo useradd alice
sudo passwd alice
{noformat}

Create the PAM service configuration:

{noformat}
sudo tee /etc/pam.d/mariadb <<EOF
auth required pam_unix.so audit
account required pam_unix.so audit
EOF
{noformat}

And then you might need to execute some commands to work around ~~MDEV-19876~~:

{noformat}
sudo chmod 0755 /usr/lib64/mysql/plugin/auth_pam_tool_dir/
sudo chmod 4755 /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

Next, let's try using the tool.

Let's assume that the {{alice}} user's password is {{uGBXHxID3dJRALw2}}.

Let's create input with a null-terminated password:

{noformat}
echo -n -e '0\0\x05alice\0\x07mariadb\0\x11uGBXHxID3dJRALw2\0' > good_input.txt
{noformat}

And let's also create input with a password that is not null-terminated:

{noformat}
echo -n -e '0\0\x05alice\0\x07mariadb\0\x10uGBXHxID3dJRALw2' > bad_input.txt
{noformat}

And then confirm the contents of each file:

{noformat}
$ hexdump -c good_input.txt
0000000 0 \0 005 a l i c e \0 \a m a r i a d
0000010 b \0 021 u G B X H x I D 3 d J R A
0000020 L w 2 \0
0000024
$ hexdump -c bad_input.txt
0000000 0 \0 005 a l i c e \0 \a m a r i a d
0000010 b \0 020 u G B X H x I D 3 d J R A
0000020 L w 2
0000023
{noformat}

And then try to redirect the tool's stdin to these files.

Let's do it with strace, so we can see what's happening.

First, the good input:

{noformat}
cat good_input.txt | sudo strace -o strace_good_input.out -f -ff /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

This input is properly read and passed to PAM:

{noformat}
write(1, "C", 1) = 1
write(1, "\0\v", 2) = 2
write(1, "\4Password: ", 11) = 11
read(0, "\0\21", 2) = 2
read(0, "uGBXHxID3dJRALw2\0", 17) = 17
...
write(4, "uGBXHxID3dJRALw2", 16) = 16
write(4, "\0", 1) = 1
{noformat}

Next, the bad input:

{noformat}
cat bad_input.txt | sudo strace -o strace_bad_input.out -f -ff /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

This input is properly read, but it is truncated when it is passed to PAM:

{noformat}
write(1, "C", 1) = 1
write(1, "\0\v", 2) = 2
write(1, "\4Password: ", 11) = 11
read(0, "\0\20", 2) = 2
read(0, "uGBXHxID3dJRALw2", 16) = 16
...
write(4, "uGBXHxID3dJRALw", 15) = 15
write(4, "\0", 1) = 1
{noformat}

The syslog also shows an authentication failure, since the full password was not passed to PAM:

{noformat}
Oct 16 02:24:14 ip-172-30-0-123 unix_chkpwd[11398]: password check failed for user (alice)
Oct 16 02:24:14 ip-172-30-0-123 auth_pam_tool: pam_unix(mariadb:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=alice
{noformat}

In MariaDB 10.4, version 2 of the {{pam}} plugin is provided. This plugin forks a new process and executes the {{auth_pam_tool}} utility that is now bundled with the server.

Unfortunately, it seems to truncate passwords that are not null-terminated, because it always seems to assume that the last character is the NULL terminator.

This is a problem because some implementations of {{mysql_clear_password}} don't seem to null-terminate passwords.

The problem is fairly easy to reproduce.

h3. Configuring PAM

We can configure PAM using the steps from MDEV-19877.

Create a Unix user account and set a password for the user:

{noformat}
sudo useradd alice
sudo passwd alice
{noformat}

Create the PAM service configuration:

{noformat}
sudo tee /etc/pam.d/mariadb <<EOF
auth required pam_unix.so audit
account required pam_unix.so audit
EOF
{noformat}

And then you might need to execute some commands to work around ~~MDEV-19876~~:

{noformat}
sudo chmod 0755 /usr/lib64/mysql/plugin/auth_pam_tool_dir/
sudo chmod 4755 /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

h3. Constructing the Input

We can construct the input for the {{auth_pam_tool}} tool using the information from MDEV-19877.

Let's assume that the {{alice}} user's password is {{uGBXHxID3dJRALw2}}.

Let's create input with a null-terminated password:

{noformat}
echo -n -e '0\0\x05alice\0\x07mariadb\0\x11uGBXHxID3dJRALw2\0' > good_input.txt
{noformat}

And let's also create input with a password that is not null-terminated:

{noformat}
echo -n -e '0\0\x05alice\0\x07mariadb\0\x10uGBXHxID3dJRALw2' > bad_input.txt
{noformat}

And then confirm the contents of each file:

{noformat}
$ hexdump -c good_input.txt
0000000 0 \0 005 a l i c e \0 \a m a r i a d
0000010 b \0 021 u G B X H x I D 3 d J R A
0000020 L w 2 \0
0000024
$ hexdump -c bad_input.txt
0000000 0 \0 005 a l i c e \0 \a m a r i a d
0000010 b \0 020 u G B X H x I D 3 d J R A
0000020 L w 2
0000023
{noformat}

h3. Running the Tool

Next, we can run the {{auth_pam_tool}} tool and redirect the tool's {{stdin}} to the input files that we constructed.

We can also attach {{strace}} to the process, so we can passwords the tool is reading and writing.

First, run the tool with the good input:

{noformat}
cat good_input.txt | sudo strace -o strace_good_input.out -f -ff /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

The null-terminated password is properly read and passed to PAM:

{noformat}
write(1, "C", 1) = 1
write(1, "\0\v", 2) = 2
write(1, "\4Password: ", 11) = 11
read(0, "\0\21", 2) = 2
read(0, "uGBXHxID3dJRALw2\0", 17) = 17
...
write(4, "uGBXHxID3dJRALw2", 16) = 16
write(4, "\0", 1) = 1
{noformat}

Next, run the tool with the bad input:

{noformat}
cat bad_input.txt | sudo strace -o strace_bad_input.out -f -ff /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

The non-null-terminated password is properly read, but its last character is truncated when it is passed to PAM:

{noformat}
write(1, "C", 1) = 1
write(1, "\0\v", 2) = 2
write(1, "\4Password: ", 11) = 11
read(0, "\0\20", 2) = 2
read(0, "uGBXHxID3dJRALw2", 16) = 16
...
write(4, "uGBXHxID3dJRALw", 15) = 15
write(4, "\0", 1) = 1
{noformat}

h3. Checking Syslog

The syslog (i.e. {{/var/log/secure}} on RHEL or {{/var/log/auth.log}} on Debian/Ubuntu) also shows an authentication failure, since the {{auth_pam_tool}}
tool provided a truncated password to PAM:

{noformat}
Oct 16 02:24:14 ip-172-30-0-123 unix_chkpwd[11398]: password check failed for user (alice)
Oct 16 02:24:14 ip-172-30-0-123 auth_pam_tool: pam_unix(mariadb:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=alice
{noformat}

Sergei Golubchik made changes - 2019-10-16 11:11

Fix Version/s

N/A [ 14700 ]

Sergei Golubchik made changes - 2019-10-16 11:11

Fix Version/s

10.4 [ 22408 ]

Geoff Montee (Inactive) made changes - 2019-10-17 18:01

Description

In MariaDB 10.4, version 2 of the {{pam}} plugin is provided. This plugin forks a new process and executes the {{auth_pam_tool}} utility that is now bundled with the server.

Unfortunately, it seems to truncate passwords that are not null-terminated, because it always seems to assume that the last character is the NULL terminator.

This is a problem because some implementations of {{mysql_clear_password}} don't seem to null-terminate passwords.

The problem is fairly easy to reproduce.

h3. Configuring PAM

We can configure PAM using the steps from MDEV-19877.

Create a Unix user account and set a password for the user:

{noformat}
sudo useradd alice
sudo passwd alice
{noformat}

Create the PAM service configuration:

{noformat}
sudo tee /etc/pam.d/mariadb <<EOF
auth required pam_unix.so audit
account required pam_unix.so audit
EOF
{noformat}

And then you might need to execute some commands to work around ~~MDEV-19876~~:

{noformat}
sudo chmod 0755 /usr/lib64/mysql/plugin/auth_pam_tool_dir/
sudo chmod 4755 /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

h3. Constructing the Input

We can construct the input for the {{auth_pam_tool}} tool using the information from MDEV-19877.

Let's assume that the {{alice}} user's password is {{uGBXHxID3dJRALw2}}.

Let's create input with a null-terminated password:

{noformat}
echo -n -e '0\0\x05alice\0\x07mariadb\0\x11uGBXHxID3dJRALw2\0' > good_input.txt
{noformat}

And let's also create input with a password that is not null-terminated:

{noformat}
echo -n -e '0\0\x05alice\0\x07mariadb\0\x10uGBXHxID3dJRALw2' > bad_input.txt
{noformat}

And then confirm the contents of each file:

{noformat}
$ hexdump -c good_input.txt
0000000 0 \0 005 a l i c e \0 \a m a r i a d
0000010 b \0 021 u G B X H x I D 3 d J R A
0000020 L w 2 \0
0000024
$ hexdump -c bad_input.txt
0000000 0 \0 005 a l i c e \0 \a m a r i a d
0000010 b \0 020 u G B X H x I D 3 d J R A
0000020 L w 2
0000023
{noformat}

h3. Running the Tool

Next, we can run the {{auth_pam_tool}} tool and redirect the tool's {{stdin}} to the input files that we constructed.

We can also attach {{strace}} to the process, so we can passwords the tool is reading and writing.

First, run the tool with the good input:

{noformat}
cat good_input.txt | sudo strace -o strace_good_input.out -f -ff /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

The null-terminated password is properly read and passed to PAM:

{noformat}
write(1, "C", 1) = 1
write(1, "\0\v", 2) = 2
write(1, "\4Password: ", 11) = 11
read(0, "\0\21", 2) = 2
read(0, "uGBXHxID3dJRALw2\0", 17) = 17
...
write(4, "uGBXHxID3dJRALw2", 16) = 16
write(4, "\0", 1) = 1
{noformat}

Next, run the tool with the bad input:

{noformat}
cat bad_input.txt | sudo strace -o strace_bad_input.out -f -ff /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

The non-null-terminated password is properly read, but its last character is truncated when it is passed to PAM:

{noformat}
write(1, "C", 1) = 1
write(1, "\0\v", 2) = 2
write(1, "\4Password: ", 11) = 11
read(0, "\0\20", 2) = 2
read(0, "uGBXHxID3dJRALw2", 16) = 16
...
write(4, "uGBXHxID3dJRALw", 15) = 15
write(4, "\0", 1) = 1
{noformat}

h3. Checking Syslog

The syslog (i.e. {{/var/log/secure}} on RHEL or {{/var/log/auth.log}} on Debian/Ubuntu) also shows an authentication failure, since the {{auth_pam_tool}}
tool provided a truncated password to PAM:

{noformat}
Oct 16 02:24:14 ip-172-30-0-123 unix_chkpwd[11398]: password check failed for user (alice)
Oct 16 02:24:14 ip-172-30-0-123 auth_pam_tool: pam_unix(mariadb:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=alice
{noformat}

In MariaDB 10.4, version 2 of the {{pam}} plugin is provided. This plugin forks a new process and executes the {{auth_pam_tool}} utility that is now bundled with the server.

Unfortunately, it seems to truncate passwords that are not null-terminated, because it always seems to assume that the last character is the NULL terminator.

This is a problem because some implementations of {{mysql_clear_password}} don't seem to null-terminate passwords.

The problem is fairly easy to reproduce.

h3. Configuring PAM

We can configure PAM using the steps from MDEV-19877.

Create a Unix user account and set a password for the user:

{noformat}
sudo useradd alice
sudo passwd alice
{noformat}

Create the PAM service configuration:

{noformat}
sudo tee /etc/pam.d/mariadb <<EOF
auth required pam_unix.so audit
account required pam_unix.so audit
EOF
{noformat}

And then you might need to execute some commands to work around ~~MDEV-19876~~:

{noformat}
sudo chmod 0755 /usr/lib64/mysql/plugin/auth_pam_tool_dir/
sudo chmod 4755 /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

h3. Configuring MariaDB

We can configure PAM using the steps from MDEV-19877.

Let's install the {{pam}} plugin:

{noformat}
INSTALL SONAME 'auth_pam';
{noformat}

And let's create the relevant user:

{noformat}
CREATE USER 'alice'@'localhost' IDENTIFIED VIA pam USING 'mariadb'
{noformat}

h3. Constructing the Input

We can construct the input for the {{auth_pam_tool}} tool using the information from MDEV-19877.

Let's assume that the {{alice}} user's password is {{uGBXHxID3dJRALw2}}.

Let's create input with a null-terminated password:

{noformat}
echo -n -e '0\0\x05alice\0\x07mariadb\0\x11uGBXHxID3dJRALw2\0' > good_input.txt
{noformat}

And let's also create input with a password that is not null-terminated:

{noformat}
echo -n -e '0\0\x05alice\0\x07mariadb\0\x10uGBXHxID3dJRALw2' > bad_input.txt
{noformat}

And then confirm the contents of each file:

{noformat}
$ hexdump -c good_input.txt
0000000 0 \0 005 a l i c e \0 \a m a r i a d
0000010 b \0 021 u G B X H x I D 3 d J R A
0000020 L w 2 \0
0000024
$ hexdump -c bad_input.txt
0000000 0 \0 005 a l i c e \0 \a m a r i a d
0000010 b \0 020 u G B X H x I D 3 d J R A
0000020 L w 2
0000023
{noformat}

h3. Running the Tool

Next, we can run the {{auth_pam_tool}} tool and redirect the tool's {{stdin}} to the input files that we constructed.

We can also attach {{strace}} to the process, so we can passwords the tool is reading and writing.

First, run the tool with the good input:

{noformat}
cat good_input.txt | sudo strace -o strace_good_input.out -f -ff /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

The null-terminated password is properly read and passed to PAM:

{noformat}
write(1, "C", 1) = 1
write(1, "\0\v", 2) = 2
write(1, "\4Password: ", 11) = 11
read(0, "\0\21", 2) = 2
read(0, "uGBXHxID3dJRALw2\0", 17) = 17
...
write(4, "uGBXHxID3dJRALw2", 16) = 16
write(4, "\0", 1) = 1
{noformat}

Next, run the tool with the bad input:

{noformat}
cat bad_input.txt | sudo strace -o strace_bad_input.out -f -ff /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

The non-null-terminated password is properly read, but its last character is truncated when it is passed to PAM:

{noformat}
write(1, "C", 1) = 1
write(1, "\0\v", 2) = 2
write(1, "\4Password: ", 11) = 11
read(0, "\0\20", 2) = 2
read(0, "uGBXHxID3dJRALw2", 16) = 16
...
write(4, "uGBXHxID3dJRALw", 15) = 15
write(4, "\0", 1) = 1
{noformat}

h3. Checking Syslog

The syslog (i.e. {{/var/log/secure}} on RHEL or {{/var/log/auth.log}} on Debian/Ubuntu) also shows an authentication failure, since the {{auth_pam_tool}}
tool provided a truncated password to PAM:

{noformat}
Oct 16 02:24:14 ip-172-30-0-123 unix_chkpwd[11398]: password check failed for user (alice)
Oct 16 02:24:14 ip-172-30-0-123 auth_pam_tool: pam_unix(mariadb:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=alice
{noformat}

Geoff Montee (Inactive) made changes - 2019-10-17 18:02

Description

In MariaDB 10.4, version 2 of the {{pam}} plugin is provided. This plugin forks a new process and executes the {{auth_pam_tool}} utility that is now bundled with the server.

Unfortunately, it seems to truncate passwords that are not null-terminated, because it always seems to assume that the last character is the NULL terminator.

This is a problem because some implementations of {{mysql_clear_password}} don't seem to null-terminate passwords.

The problem is fairly easy to reproduce.

h3. Configuring PAM

We can configure PAM using the steps from MDEV-19877.

Create a Unix user account and set a password for the user:

{noformat}
sudo useradd alice
sudo passwd alice
{noformat}

Create the PAM service configuration:

{noformat}
sudo tee /etc/pam.d/mariadb <<EOF
auth required pam_unix.so audit
account required pam_unix.so audit
EOF
{noformat}

And then you might need to execute some commands to work around ~~MDEV-19876~~:

{noformat}
sudo chmod 0755 /usr/lib64/mysql/plugin/auth_pam_tool_dir/
sudo chmod 4755 /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

h3. Configuring MariaDB

We can configure PAM using the steps from MDEV-19877.

Let's install the {{pam}} plugin:

{noformat}
INSTALL SONAME 'auth_pam';
{noformat}

And let's create the relevant user:

{noformat}
CREATE USER 'alice'@'localhost' IDENTIFIED VIA pam USING 'mariadb'
{noformat}

h3. Constructing the Input

We can construct the input for the {{auth_pam_tool}} tool using the information from MDEV-19877.

Let's assume that the {{alice}} user's password is {{uGBXHxID3dJRALw2}}.

Let's create input with a null-terminated password:

{noformat}
echo -n -e '0\0\x05alice\0\x07mariadb\0\x11uGBXHxID3dJRALw2\0' > good_input.txt
{noformat}

And let's also create input with a password that is not null-terminated:

{noformat}
echo -n -e '0\0\x05alice\0\x07mariadb\0\x10uGBXHxID3dJRALw2' > bad_input.txt
{noformat}

And then confirm the contents of each file:

{noformat}
$ hexdump -c good_input.txt
0000000 0 \0 005 a l i c e \0 \a m a r i a d
0000010 b \0 021 u G B X H x I D 3 d J R A
0000020 L w 2 \0
0000024
$ hexdump -c bad_input.txt
0000000 0 \0 005 a l i c e \0 \a m a r i a d
0000010 b \0 020 u G B X H x I D 3 d J R A
0000020 L w 2
0000023
{noformat}

h3. Running the Tool

Next, we can run the {{auth_pam_tool}} tool and redirect the tool's {{stdin}} to the input files that we constructed.

We can also attach {{strace}} to the process, so we can passwords the tool is reading and writing.

First, run the tool with the good input:

{noformat}
cat good_input.txt | sudo strace -o strace_good_input.out -f -ff /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

The null-terminated password is properly read and passed to PAM:

{noformat}
write(1, "C", 1) = 1
write(1, "\0\v", 2) = 2
write(1, "\4Password: ", 11) = 11
read(0, "\0\21", 2) = 2
read(0, "uGBXHxID3dJRALw2\0", 17) = 17
...
write(4, "uGBXHxID3dJRALw2", 16) = 16
write(4, "\0", 1) = 1
{noformat}

Next, run the tool with the bad input:

{noformat}
cat bad_input.txt | sudo strace -o strace_bad_input.out -f -ff /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

The non-null-terminated password is properly read, but its last character is truncated when it is passed to PAM:

{noformat}
write(1, "C", 1) = 1
write(1, "\0\v", 2) = 2
write(1, "\4Password: ", 11) = 11
read(0, "\0\20", 2) = 2
read(0, "uGBXHxID3dJRALw2", 16) = 16
...
write(4, "uGBXHxID3dJRALw", 15) = 15
write(4, "\0", 1) = 1
{noformat}

h3. Checking Syslog

The syslog (i.e. {{/var/log/secure}} on RHEL or {{/var/log/auth.log}} on Debian/Ubuntu) also shows an authentication failure, since the {{auth_pam_tool}}
tool provided a truncated password to PAM:

{noformat}
Oct 16 02:24:14 ip-172-30-0-123 unix_chkpwd[11398]: password check failed for user (alice)
Oct 16 02:24:14 ip-172-30-0-123 auth_pam_tool: pam_unix(mariadb:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=alice
{noformat}

In MariaDB 10.4, version 2 of the {{pam}} plugin is provided. This plugin forks a new process and executes the {{auth_pam_tool}} utility that is now bundled with the server.

Unfortunately, it seems to truncate passwords that are not null-terminated, because it always seems to assume that the last character is the NULL terminator.

This is a problem because some implementations of {{mysql_clear_password}} don't seem to null-terminate passwords.

The problem is fairly easy to reproduce.

h3. Configuring PAM

We can configure PAM using the steps from MDEV-19877.

Create a Unix user account and set a password for the user:

{noformat}
sudo useradd alice
sudo passwd alice
{noformat}

Create the PAM service configuration:

{noformat}
sudo tee /etc/pam.d/mariadb <<EOF
auth required pam_unix.so audit
account required pam_unix.so audit
EOF
{noformat}

And then you might need to execute some commands to work around ~~MDEV-19876~~:

{noformat}
sudo chmod 0755 /usr/lib64/mysql/plugin/auth_pam_tool_dir/
sudo chmod 4755 /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

h3. Configuring MariaDB

We can configure PAM to use PAM authentication for this user account using the steps from MDEV-19877.

Let's install the {{pam}} plugin:

{noformat}
INSTALL SONAME 'auth_pam';
{noformat}

And let's create the relevant user:

{noformat}
CREATE USER 'alice'@'localhost' IDENTIFIED VIA pam USING 'mariadb'
{noformat}

h3. Constructing the Input

We can construct the input for the {{auth_pam_tool}} tool using the information from MDEV-19877.

Let's assume that the {{alice}} user's password is {{uGBXHxID3dJRALw2}}.

Let's create input with a null-terminated password:

{noformat}
echo -n -e '0\0\x05alice\0\x07mariadb\0\x11uGBXHxID3dJRALw2\0' > good_input.txt
{noformat}

And let's also create input with a password that is not null-terminated:

{noformat}
echo -n -e '0\0\x05alice\0\x07mariadb\0\x10uGBXHxID3dJRALw2' > bad_input.txt
{noformat}

And then confirm the contents of each file:

{noformat}
$ hexdump -c good_input.txt
0000000 0 \0 005 a l i c e \0 \a m a r i a d
0000010 b \0 021 u G B X H x I D 3 d J R A
0000020 L w 2 \0
0000024
$ hexdump -c bad_input.txt
0000000 0 \0 005 a l i c e \0 \a m a r i a d
0000010 b \0 020 u G B X H x I D 3 d J R A
0000020 L w 2
0000023
{noformat}

h3. Running the Tool

Next, we can run the {{auth_pam_tool}} tool and redirect the tool's {{stdin}} to the input files that we constructed.

We can also attach {{strace}} to the process, so we can passwords the tool is reading and writing.

First, run the tool with the good input:

{noformat}
cat good_input.txt | sudo strace -o strace_good_input.out -f -ff /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

The null-terminated password is properly read and passed to PAM:

{noformat}
write(1, "C", 1) = 1
write(1, "\0\v", 2) = 2
write(1, "\4Password: ", 11) = 11
read(0, "\0\21", 2) = 2
read(0, "uGBXHxID3dJRALw2\0", 17) = 17
...
write(4, "uGBXHxID3dJRALw2", 16) = 16
write(4, "\0", 1) = 1
{noformat}

Next, run the tool with the bad input:

{noformat}
cat bad_input.txt | sudo strace -o strace_bad_input.out -f -ff /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
{noformat}

The non-null-terminated password is properly read, but its last character is truncated when it is passed to PAM:

{noformat}
write(1, "C", 1) = 1
write(1, "\0\v", 2) = 2
write(1, "\4Password: ", 11) = 11
read(0, "\0\20", 2) = 2
read(0, "uGBXHxID3dJRALw2", 16) = 16
...
write(4, "uGBXHxID3dJRALw", 15) = 15
write(4, "\0", 1) = 1
{noformat}

h3. Checking Syslog

The syslog (i.e. {{/var/log/secure}} on RHEL or {{/var/log/auth.log}} on Debian/Ubuntu) also shows an authentication failure, since the {{auth_pam_tool}}
tool provided a truncated password to PAM:

{noformat}
Oct 16 02:24:14 ip-172-30-0-123 unix_chkpwd[11398]: password check failed for user (alice)
Oct 16 02:24:14 ip-172-30-0-123 auth_pam_tool: pam_unix(mariadb:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=alice
{noformat}

Sergei Golubchik made changes - 2019-10-28 23:27

Fix Version/s		10.4.9 [ 23906 ]
Fix Version/s	10.4 [ 22408 ]
Resolution		Fixed [ 1 ]
Status	Stalled [ 10000 ]	Closed [ 6 ]

Daniel Black added a comment - 2021-02-12 00:43

Upstream php-7.4+ fix approved - https://github.com/php/php-src/pull/6667

Daniel Black added a comment - 2021-02-12 00:43 Upstream php-7.4+ fix approved - https://github.com/php/php-src/pull/6667

Sergei Golubchik made changes - 2021-12-06 21:49

Workflow

MariaDB v3 [ 97787 ]

MariaDB v4 [ 156402 ]

Jira Automation (IT) made changes - 2024-07-04 03:50

Zendesk Related Tickets

153797

MariaDB Server

pam v2: auth_pam_tool truncates passwords that are not null-terminated

Details

Description

Configuring PAM

Configuring MariaDB

Constructing the Input

Running the Tool

Checking Syslog

Attachments

Issue Links

Activity

People

Dates

Git Integration