Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-20571

pam_auth_v2 still doesn't work in 10.4.8

    XMLWordPrintable

    Details

      Description

      Per https://mariadb.com/kb/en/library/authentication-plugin-pam/

      modified to echo the password

      tee /tmp/pam_log_script.sh <<EOF
      #!/bin/bash
      PASS=$(cat -)
      echo $PASS
      echo "\${PAM_SERVICE}:\${PAM_TYPE} - \${PAM_RUSER}@\${PAM_RHOST} is authenticating as \${PAM_USER}" 
      EOF
      chmod 0775 /tmp/pam_log_script.sh
      

      Added the following into /etc/pam.d/mysql so it will send password too

      auth optional pam_exec.so debug expose_authtok log=/tmp/pam_output.txt /tmp/pam_log_script.sh
      

      V1 test:

      INSTALL SONAME 'auth_pam_v1'
      <authenticate from PHP with mysqli_connect("mariadb-alpine", "test_account", "uGBXHxID3dJRALw2", "test_account")>
      # cat /tmp/pam_output.txt
      *** Thu Sep 12 13:16:11 2019
      /tmp/pam_log_script.sh: line 2: warning: command substitution: ignored null byte in input
      uGBXHxID3dJRALw2
      mysql:auth - @ is authenticating as test_account
      

      V2 test:

      UNINSTALL SONAME 'auth_pam_v1'
      INSTALL SONAME 'auth_pam'
      <authenticate from PHP with mysqli_connect("mariadb-alpine", "test_account", "uGBXHxID3dJRALw2", "test_account")>
      # cat /tmp/pam_output.txt
      *** Thu Sep 12 13:16:35 2019
      /tmp/pam_log_script.sh: line 2: warning: command substitution: ignored null byte in input
      uGBXHxID3dJRALw  <<<< LAST CHARACTER MISSING
      mysql:auth - @ is authenticating as test_account
      

      Auth fails ofc. Where did the last character from the password go?

      Please fix. Thanks

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              serg Sergei Golubchik
              Reporter:
              laca Laszlo Soos
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: