[#MXS-2479] Don't throw error for PAM_TEXT_INFO in PAM conversation function

[MXS-2479] Don't throw error for PAM_TEXT_INFO in PAM conversation function Created: 2019-05-10 Updated: 2020-08-25 Resolved: 2019-05-28
Status:	Closed
Project:	MariaDB MaxScale
Component/s:	Authenticator
Affects Version/s:	2.3.6
Fix Version/s:	2.3.8

Type:

Bug

Priority:

Major

Reporter:

Geoff Montee (Inactive)

Assignee:

Esa Korhonen

Resolution:

Fixed

Votes:

Labels:

None

Issue Links:

Relates
relates to	MDEV-19440	Log PAM_ERROR_MSG and PAM_TEXT_INFO m...	Open
relates to	~~MXS-334~~	Enable Pam.d Support	Closed

Sprint:

MXS-SPRINT-82, MXS-SPRINT-83

Description

The PAM conversation function currently throws an error if it encounters any messages that are not PAM_PROMPT_ECHO_OFF or PAM_PROMPT_ECHO_ON:

https://github.com/mariadb-corporation/MaxScale/blob/maxscale-2.3.6/server/modules/authenticator/PAM/PAMAuth/pam_client_session.cc#L117

This means that a user's MaxScale log can fill up with error messages like the following:

2019-05-05 19:40:42   error  : Unexpected PAM message: type='4', contents='Your password will expire in 1 day(s).'

If msg_style=4, then it is of the type PAM_TEXT_INFO:

$ grep "PAM_TEXT_INFO" /usr/include/security/_pam_types.h

#define PAM_TEXT_INFO           4

These appear to be harmless messages:

PAM_TEXT_INFO
Display some text.

http://www.linux-pam.org/Linux-PAM-html/mwg-expected-by-module-item.html#mwg-pam_conv

That doesn't really seem worthy of an error that causes the connection to fail.

It seems like it would be better to log PAM_TEXT_INFO messages with MXS_NOTICE or MXS_INFO instead of MXS_ERROR, and then also return PAM_SUCCESS, so it doesn't count as a failure.

Generated at Thu Feb 08 04:14:26 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MXS-2479] Don't throw error for PAM_TEXT_INFO in PAM conversation function Created: 2019-05-10 Updated: 2020-08-25 Resolved: 2019-05-28