[#MDEV-31336] pam_user_map : not supporting username or groupname containing @ character

[MDEV-31336] pam_user_map : not supporting username or groupname containing @ character Created: 2023-05-24 Updated: 2023-07-14 Resolved: 2023-07-14
Status:	Closed
Project:	MariaDB Server
Component/s:	Authentication and Privilege System
Affects Version/s:	10.3.35
Fix Version/s:	10.4.31, 10.5.22, 10.6.15, 10.9.8, 10.10.6, 10.11.5, 11.0.3, 11.1.2, 11.2.1

Type:

Bug

Priority:

Minor

Reporter:

naska

Assignee:

Daniel Black

Resolution:

Fixed

Votes:

Labels:

beginner-friendly

Environment:

OS : RHEL 8.7

Description

Hello,

Unfortunately, it appears that the "pam_user_map" module does not handle usernames or group names containing the "@" character correctly.

I have tried escaping the character in multiple ways but without success.

# cat /etc/security/user_map.conf

# Configuration file for pam_user_map.so

# defines mapping in the form

#       orig_user_name: mapped_user_name

# or (to map all users in a specific group)

#       @group_name: mapped_user_name

# comments and empty lines are ignored

username@company.tld: dbuser

# tail /var/log/secure

May 24 17:21:30 servername mysqld: pam_user_map(mariadb:auth): Opening file '/etc/security/user_map.conf'.

May 24 17:21:30 servername mysqld: pam_user_map(mariadb:auth): Incoming username 'username@company.tld'.

May 24 17:21:30 servername mysqld: pam_user_map(mariadb:auth): Syntax error at /etc/security/user_map.conf:14

Generated at Thu Feb 08 10:23:04 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.