Merge 10.3 into 10.4

plugin/auth_pam/CMakeLists.txt

@@ -5,27 +5,35 @@ CHECK_INCLUDE_FILES (security/pam_ext.h  HAVE_PAM_EXT_H)
 CHECK_INCLUDE_FILES (security/pam_appl.h HAVE_PAM_APPL_H)
 CHECK_FUNCTION_EXISTS (strndup HAVE_STRNDUP)
 
+INCLUDE_DIRECTORIES(${CMAKE_CURRENT_BINARY_DIR})
+
+# Check whether getgrouplist uses git_t for second and third arguments.
+SET(CMAKE_REQUIRED_FLAGS -Werror)
+CHECK_C_SOURCE_COMPILES(
+"
+#include <grp.h>
+#include <unistd.h>
+int main() {
+  char *arg_1;
+  gid_t arg_2, arg_3;
+  int arg_4;
+  (void)getgrouplist(arg_1,arg_2,&arg_3,&arg_4);
+  return 0;
+}
+"
+HAVE_POSIX_GETGROUPLIST
+)
+SET(CMAKE_REQUIRED_FLAGS)
+
 SET(CMAKE_REQUIRED_LIBRARIES pam)
 CHECK_FUNCTION_EXISTS(pam_syslog HAVE_PAM_SYSLOG)
 SET(CMAKE_REQUIRED_LIBRARIES)
 
-IF(HAVE_PAM_SYSLOG)
-  ADD_DEFINITIONS(-DHAVE_PAM_SYSLOG)
-ENDIF()
-
-IF(HAVE_PAM_EXT_H)
-  ADD_DEFINITIONS(-DHAVE_PAM_EXT_H)
-ENDIF()
-
 IF(HAVE_PAM_APPL_H)
-  ADD_DEFINITIONS(-DHAVE_PAM_APPL_H)
-  IF(HAVE_STRNDUP)
-    ADD_DEFINITIONS(-DHAVE_STRNDUP)
-  ENDIF(HAVE_STRNDUP)
   FIND_LIBRARY(PAM_LIBRARY pam) # for srpm build-depends detection
   ADD_DEFINITIONS(-D_GNU_SOURCE)
   MYSQL_ADD_PLUGIN(auth_pam_v1 auth_pam_v1.c LINK_LIBRARIES pam MODULE_ONLY)
-  MYSQL_ADD_PLUGIN(auth_pam auth_pam.c LINK_LIBRARIES pam ${LIBDL} MODULE_ONLY)
+  MYSQL_ADD_PLUGIN(auth_pam auth_pam.c LINK_LIBRARIES pam ${CMAKE_DL_LIBS} MODULE_ONLY)
   IF (TARGET auth_pam)
     MYSQL_ADD_EXECUTABLE(auth_pam_tool auth_pam_tool.c DESTINATION ${INSTALL_PLUGINDIR}/auth_pam_tool_dir COMPONENT Server)
     TARGET_LINK_LIBRARIES(auth_pam_tool pam)
@@ -47,3 +55,6 @@ IF(HAVE_PAM_APPL_H)
     ENDIF()
   ENDIF()
 ENDIF(HAVE_PAM_APPL_H)
+
+CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/config.h.cmake
+               ${CMAKE_CURRENT_BINARY_DIR}/config_auth_pam.h)

plugin/auth_pam/auth_pam.c

@@ -1,5 +1,5 @@
 /*
-   Copyright (c) 2011, 2019, MariaDB Corporation.
+   Copyright (c) 2011, 2020, MariaDB Corporation.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -15,6 +15,7 @@
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA */
 
 
+#include <config_auth_pam.h>
 #include <unistd.h>
 #include <string.h>
 #include <sys/types.h>

plugin/auth_pam/auth_pam_base.c

@@ -30,6 +30,7 @@
   static int read_packet(struct param *param, unsigned char **pkt)
 */
 
+#include <config_auth_pam.h>
 #include <stdio.h>
 #include <string.h>
 #include <security/pam_appl.h>

plugin/auth_pam/config.h.cmake

@@ -0,0 +1,5 @@
+#cmakedefine HAVE_POSIX_GETGROUPLIST 1
+#cmakedefine HAVE_PAM_SYSLOG 1
+#cmakedefine HAVE_PAM_EXT_H 1
+#cmakedefine HAVE_PAM_APPL_H 1
+#cmakedefine HAVE_STRNDUP 1

plugin/auth_pam/mapper/pam_user_map.c

@@ -31,6 +31,7 @@ These comments are written to the syslog as 'authpriv.debug'
 and usually end up in /var/log/secure file.
 */
 
+#include <config_auth_pam.h>
 #include <stdlib.h>
 #include <stdio.h>
 #include <ctype.h>
@@ -70,10 +71,16 @@ pam_syslog (const pam_handle_t *pamh, int priority,
 #define GROUP_BUFFER_SIZE 100
 static const char debug_keyword[]= "debug";
 
-static int populate_user_groups(const char *user, gid_t **groups)
+#ifdef HAVE_POSIX_GETGROUPLIST
+typedef gid_t my_gid_t;
+#else
+typedef int my_gid_t;
+#endif
+
+static int populate_user_groups(const char *user, my_gid_t **groups)
 {
-  gid_t user_group_id;
-  gid_t *loc_groups= *groups;
+  my_gid_t user_group_id;
+  my_gid_t *loc_groups= *groups;
   int ng;
 
   {
@@ -88,22 +95,23 @@ static int populate_user_groups(const char *user, gid_t **groups)
   {
     /* The rare case when the user is present in more than */
     /* GROUP_BUFFER_SIZE groups.                           */
-    loc_groups= (gid_t *) malloc(ng * sizeof (gid_t));
+    loc_groups= (my_gid_t *) malloc(ng * sizeof (my_gid_t));
+
     if (!loc_groups)
       return 0;
 
     (void) getgrouplist(user, user_group_id, loc_groups, &ng);
-    *groups= loc_groups;
+    *groups= (my_gid_t*)loc_groups;
   }
 
   return ng;
 }
 
 
-static int user_in_group(const gid_t *user_groups, int ng,const char *group)
+static int user_in_group(const my_gid_t *user_groups, int ng,const char *group)
 {
-  gid_t group_id;
-  const gid_t *groups_end = user_groups + ng;
+  my_gid_t group_id;
+  const my_gid_t *groups_end = user_groups + ng;
 
   {
     struct group *g= getgrnam(group);
@@ -122,7 +130,7 @@ static int user_in_group(const gid_t *user_groups, int ng,const char *group)
 }
 
 
-static void print_groups(pam_handle_t *pamh, const gid_t *user_groups, int ng)
+static void print_groups(pam_handle_t *pamh, const my_gid_t *user_groups, int ng)
 {
   char buf[256];
   char *c_buf= buf, *buf_end= buf+sizeof(buf)-2;
@@ -158,8 +166,8 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
   const char *username;
   char buf[256];
   FILE *f;
-  gid_t group_buffer[GROUP_BUFFER_SIZE];
-  gid_t *groups= group_buffer;
+  my_gid_t group_buffer[GROUP_BUFFER_SIZE];
+  my_gid_t *groups= group_buffer;
   int n_groups= -1;
 
   for (; argc > 0; argc--)