mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2026-05-15 19:37:16 +02:00
Code Issues Projects Releases Packages Wiki Activity

MDEV-17950 SHOW GRANTS FOR does not work for a user identified with non-existing plugin

Browse source 
Revert the side effect of 7c40996cc8.
Do not convert password hash to its binary representation when a user
entry is loaded. Do it lazily on the first authenticatation attempt.

As a collateral - force all authentication plugins to follow the
protocol and read_packet at least once before accessing info->username
(username is not available before first client handshake packet is read).

Fix PAM and GSSAPI plugins to behave.
This commit is contained in:
Sergei Golubchik 2019-01-12 15:56:25 +01:00
commit c94ec9fc67
13 changed files with 186 additions and 145 deletions
Download patch file Download diff file Expand all files Collapse all files

32
plugin/auth_pam/auth_pam.c
View file

@ -36,8 +36,8 @@ static int pam_auth(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info)
{
int p_to_c[2], c_to_p[2]; /* Parent-to-child and child-to-parent pipes. */
pid_t proc_id;
int result= CR_ERROR;
unsigned char field;
int result= CR_ERROR, pkt_len;
unsigned char field, *pkt;
PAM_DEBUG((stderr, "PAM: opening pipes.\n"));
if (pipe(p_to_c) < 0 || pipe(c_to_p) < 0)
@ -96,6 +96,14 @@ static int pam_auth(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info)
close(c_to_p[1]) < 0)
goto error_ret;
/* no user name yet ? read the client handshake packet with the user name */
if (info->user_name == 0)
{
if ((pkt_len= vio->read_packet(vio, &pkt) < 0))
return CR_ERROR;
}
else
pkt= NULL;
PAM_DEBUG((stderr, "PAM: parent sends user data [%s], [%s].\n",
info->user_name, info->auth_string));
@ -140,23 +148,27 @@ static int pam_auth(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info)
{
unsigned char buf[10240];
int buf_len;
unsigned char *pkt;
PAM_DEBUG((stderr, "PAM: getting CONV string.\n"));
if ((buf_len= read_string(c_to_p[0], (char *) buf, sizeof(buf))) < 0)
goto error_ret;
PAM_DEBUG((stderr, "PAM: sending CONV string.\n"));
if (vio->write_packet(vio, buf, buf_len))
goto error_ret;
if (!pkt || (buf[0] >> 1) != 2)
{
PAM_DEBUG((stderr, "PAM: sending CONV string.\n"));
if (vio->write_packet(vio, buf, buf_len))
goto error_ret;
PAM_DEBUG((stderr, "PAM: reading CONV answer.\n"));
if ((buf_len= vio->read_packet(vio, &pkt)) < 0)
goto error_ret;
PAM_DEBUG((stderr, "PAM: reading CONV answer.\n"));
if ((pkt_len= vio->read_packet(vio, &pkt)) < 0)
goto error_ret;
}
PAM_DEBUG((stderr, "PAM: answering CONV.\n"));
if (write_string(p_to_c[1], pkt, buf_len))
if (write_string(p_to_c[1], pkt, pkt_len))
goto error_ret;
pkt= NULL;
}
break;