MDEV-4636 use mysql_cleartext_plugin from auth_pam

add a new command-line option --pam-use-cleartext-plugin

MDEV-4636 use mysql_cleartext_plugin from auth_pam
add a new command-line option --pam-use-cleartext-plugin
f722b15d · Sergei Golubchik · 43a6831f · f722b15d · f722b15d · f722b15d
Commit f722b15d authored Jun 11, 2013 by Sergei Golubchik
6 changed files
--- a/mysql-test/suite/plugins/r/pam_cleartext.result
+++ b/mysql-test/suite/plugins/r/pam_cleartext.result
+install plugin pam soname 'auth_pam.so';
+create user test_pam identified via pam using 'mariadb_mtr';
+create user pam_test;
+grant proxy on pam_test to test_pam;
+show variables like 'pam%';
+Variable_name	Value
+pam_use_cleartext_plugin	ON
+drop user test_pam;
+drop user pam_test;
+uninstall plugin pam;
--- a/mysql-test/suite/plugins/t/pam.test
+++ b/mysql-test/suite/plugins/t/pam.test
--source include/not_embedded.inc
+--source pam_init.inc
-if (!$AUTH_PAM_SO) {
-  skip No pam auth plugin;
-}
-eval install plugin pam soname '$AUTH_PAM_SO';
-create user test_pam identified via pam using 'mariadb_mtr';
-create user pam_test;
-grant proxy on pam_test to test_pam;
-let $plugindir=`SELECT @@global.plugin_dir`;
 --write_file $MYSQLTEST_VARDIR/tmp/pam_good.txt
 not very secret challenge

--- a/mysql-test/suite/plugins/t/pam_cleartext.opt
+++ b/mysql-test/suite/plugins/t/pam_cleartext.opt
+--loose-pam-use-cleartext-plugin
--- a/mysql-test/suite/plugins/t/pam_cleartext.test
+++ b/mysql-test/suite/plugins/t/pam_cleartext.test
+--source pam_init.inc
+show variables like 'pam%';
+--error 1
+--exec echo FAIL | $MYSQL_TEST -u test_pam --plugin-dir=$plugindir
+drop user test_pam;
+drop user pam_test;
+uninstall plugin pam;
--- a/mysql-test/suite/plugins/t/pam_init.inc
+++ b/mysql-test/suite/plugins/t/pam_init.inc
+--source include/not_embedded.inc
+if (!$AUTH_PAM_SO) {
+  skip No pam auth plugin;
+}
+eval install plugin pam soname '$AUTH_PAM_SO';
+create user test_pam identified via pam using 'mariadb_mtr';
+create user pam_test;
+grant proxy on pam_test to test_pam;
+let $plugindir=`SELECT @@global.plugin_dir`;
--- a/plugin/auth_pam/auth_pam.c
+++ b/plugin/auth_pam/auth_pam.c
@@ -154,6 +154,27 @@ static struct st_mysql_auth info =
  pam_auth
 };
+static char use_cleartext_plugin;
+static MYSQL_SYSVAR_BOOL(use_cleartext_plugin, use_cleartext_plugin,
+       PLUGIN_VAR_NOCMDARG | PLUGIN_VAR_READONLY,
+       "Use mysql_cleartext_plugin on the client side instead of the dialog "
+       "plugin. This may be needed for compatibility reasons, but it only "
+       "supports simple PAM policies that don't require anything besides "
+       "a password", NULL, NULL, 0);
+static struct st_mysql_sys_var* vars[] = {
+  MYSQL_SYSVAR(use_cleartext_plugin),
+  NULL
+};
+static int init(void *p __attribute__((unused)))
+{
+  if (use_cleartext_plugin)
+    info.client_auth_plugin= "mysql_clear_password";
+  return 0;
+}
 maria_declare_plugin(pam)
 {
  MYSQL_AUTHENTICATION_PLUGIN,
@@ -162,11 +183,11 @@ maria_declare_plugin(pam)
  "Sergei Golubchik",
  "PAM based authentication",
  PLUGIN_LICENSE_GPL,
-  NULL,
+  init,
  NULL,
  0x0100,
  NULL,
-  NULL,
+  vars,
  "1.0",
  MariaDB_PLUGIN_MATURITY_BETA
 }