diff options
Diffstat (limited to 'mysql-test/suite/plugins/t/pam.test')
-rw-r--r-- | mysql-test/suite/plugins/t/pam.test | 128 |
1 files changed, 128 insertions, 0 deletions
diff --git a/mysql-test/suite/plugins/t/pam.test b/mysql-test/suite/plugins/t/pam.test new file mode 100644 index 00000000..c953e05f --- /dev/null +++ b/mysql-test/suite/plugins/t/pam.test @@ -0,0 +1,128 @@ +let $PAM_PLUGIN_VERSION= $AUTH_PAM_SO; +--source pam_init.inc + +--write_file $MYSQLTEST_VARDIR/tmp/pam_good.txt +not very secret challenge +9225 +select user(), current_user(), database(); +EOF + +--write_file $MYSQLTEST_VARDIR/tmp/pam_bad.txt +not very secret challenge +9224 +select user(), current_user(), database(); +EOF + +--write_file $MYSQLTEST_VARDIR/tmp/pam_ugly.txt +crash pam module +616 +select user(), current_user(), database(); +EOF + +--write_file $MYSQLTEST_VARDIR/tmp/pam_good2.txt +9212 +select user(), current_user(), database(); +EOF + +--echo # +--echo # athentication is successful, challenge/pin are ok +--echo # note that current_user() differs from user() +--echo # +--exec $MYSQL_TEST -u test_pam < $MYSQLTEST_VARDIR/tmp/pam_good.txt + +--echo # +--echo # athentication is unsuccessful +--echo # +--error 1 +--exec $MYSQL_TEST -u test_pam < $MYSQLTEST_VARDIR/tmp/pam_bad.txt + +--echo # +--echo # athentication is unsuccessful +--echo # +--error 1 +--exec $MYSQL_TEST -u test_pam < $MYSQLTEST_VARDIR/tmp/pam_ugly.txt + +--echo # +--echo # athentication is successful +--echo # +--exec $MYSQL_TEST -u test_pam -pgoodpassword < $MYSQLTEST_VARDIR/tmp/pam_good2.txt + +--echo # +--echo # athentication is unsuccessful +--echo # +--error 1 +--exec $MYSQL_TEST -u test_pam -pbadpassword < $MYSQLTEST_VARDIR/tmp/pam_good2.txt + +--echo # +--echo # MDEV-26339 Account specifics to be handled before proxying +--echo # + +# one can connect if the proxy account is locked +alter user pam_test account lock; +alter user pam_test require subject 'foobar'; +alter user pam_test password expire; +--error 0 +--exec $MYSQL_TEST -u test_pam -pgoodpassword < $MYSQLTEST_VARDIR/tmp/pam_good2.txt +alter user pam_test account unlock; +alter user pam_test require none; +alter user pam_test identified by ''; +show create user pam_test; + +#one cannot connect if the proxied account is locked +alter user test_pam account lock; +--error 1 +--exec $MYSQL_TEST -u test_pam -pgoodpassword < $MYSQLTEST_VARDIR/tmp/pam_good2.txt +alter user test_pam account unlock; + +alter user test_pam require subject 'foobar'; +--error 1 +--exec $MYSQL_TEST -u test_pam -pgoodpassword < $MYSQLTEST_VARDIR/tmp/pam_good2.txt +alter user test_pam require none; + +alter user test_pam password expire; +--error 1 +--exec $MYSQL_TEST -u test_pam -pgoodpassword < $MYSQLTEST_VARDIR/tmp/pam_good2.txt + +drop user test_pam; +drop user pam_test; +create user PAM_TEST identified via pam using 'mariadb_mtr'; +grant all on test.* to PAM_TEST; + +--echo # +--echo # athentication is unsuccessful +--echo # +--error 1 +--exec $MYSQL_TEST -u PAM_TEST < $MYSQLTEST_VARDIR/tmp/pam_good.txt + +set global pam_winbind_workaround=1; +--echo # +--echo # athentication is successful +--echo # +--exec $MYSQL_TEST -u PAM_TEST < $MYSQLTEST_VARDIR/tmp/pam_good.txt + +--remove_file $MYSQLTEST_VARDIR/tmp/pam_good.txt +--remove_file $MYSQLTEST_VARDIR/tmp/pam_good2.txt +--remove_file $MYSQLTEST_VARDIR/tmp/pam_bad.txt +--remove_file $MYSQLTEST_VARDIR/tmp/pam_ugly.txt +drop user PAM_TEST; + +--echo # +--echo # MDEV-27341 Use SET PASSWORD to change PAM service +--echo # +create user pam_test identified via pam using 'mariadb_mtr'; +grant all on test.* to pam_test; +--write_file $MYSQLTEST_VARDIR/tmp/setpwd.txt +not very secret challenge +9225 +select user(), current_user(), database(); +error ER_SET_PASSWORD_AUTH_PLUGIN; +set password='foo'; +show create user; +EOF +--exec $MYSQL_TEST -u pam_test < $MYSQLTEST_VARDIR/tmp/setpwd.txt +--remove_file $MYSQLTEST_VARDIR/tmp/setpwd.txt +drop user pam_test; + +let $count_sessions= 1; +--source include/wait_until_count_sessions.inc +uninstall plugin pam; |