summaryrefslogtreecommitdiffstats
path: root/plugin/auth_pam/testing
diff options
context:
space:
mode:
Diffstat (limited to 'plugin/auth_pam/testing')
-rw-r--r--plugin/auth_pam/testing/CMakeLists.txt15
-rw-r--r--plugin/auth_pam/testing/mariadb_mtr.conf4
-rw-r--r--plugin/auth_pam/testing/pam_mariadb_mtr.c84
3 files changed, 103 insertions, 0 deletions
diff --git a/plugin/auth_pam/testing/CMakeLists.txt b/plugin/auth_pam/testing/CMakeLists.txt
new file mode 100644
index 00000000..151823b9
--- /dev/null
+++ b/plugin/auth_pam/testing/CMakeLists.txt
@@ -0,0 +1,15 @@
+# gcc pam_mariadb_mtr.c -shared -lpam -fPIC -o pam_mariadb_mtr.so
+
+ADD_LIBRARY(pam_mariadb_mtr MODULE pam_mariadb_mtr.c)
+SET_TARGET_PROPERTIES (pam_mariadb_mtr PROPERTIES PREFIX "")
+TARGET_LINK_LIBRARIES(pam_mariadb_mtr pam)
+
+IF(CMAKE_C_COMPILER_ID MATCHES "Clang")
+ SET_SOURCE_FILES_PROPERTIES(
+ pam_mariadb_mtr.c
+ PROPERTY COMPILE_FLAGS "-Wno-incompatible-pointer-types-discards-qualifiers")
+ENDIF()
+
+SET(dest DESTINATION "${INSTALL_MYSQLTESTDIR}/suite/plugins/pam" COMPONENT Test)
+INSTALL(TARGETS pam_mariadb_mtr ${dest})
+INSTALL(FILES mariadb_mtr.conf RENAME mariadb_mtr ${dest})
diff --git a/plugin/auth_pam/testing/mariadb_mtr.conf b/plugin/auth_pam/testing/mariadb_mtr.conf
new file mode 100644
index 00000000..241afb43
--- /dev/null
+++ b/plugin/auth_pam/testing/mariadb_mtr.conf
@@ -0,0 +1,4 @@
+# Put it in /etc/pam.d/mariadb_mtr
+
+auth required pam_mariadb_mtr.so pam_test
+account required pam_permit.so
diff --git a/plugin/auth_pam/testing/pam_mariadb_mtr.c b/plugin/auth_pam/testing/pam_mariadb_mtr.c
new file mode 100644
index 00000000..108aeb94
--- /dev/null
+++ b/plugin/auth_pam/testing/pam_mariadb_mtr.c
@@ -0,0 +1,84 @@
+/*
+ This code is in the public domain and has no copyright.
+
+ Pam module to test pam authentication plugin. Used in pam tests.
+ Linux only.
+
+ Install as appropriate (for example, in /lib/security/).
+ see also mariadb_mtr.conf
+*/
+
+#include <stdlib.h>
+#include <string.h>
+#include <security/pam_modules.h>
+#include <security/pam_appl.h>
+
+#define N 3
+
+int pam_sm_authenticate(pam_handle_t *pamh, int flags __attribute__((unused)),
+ int argc, const char *argv[])
+{
+ struct pam_conv *conv;
+ struct pam_response *resp = 0;
+ int pam_err, retval = PAM_SYSTEM_ERR;
+ struct pam_message msg[N] = {
+ { PAM_TEXT_INFO, (char*)"Challenge input first." },
+ { PAM_PROMPT_ECHO_OFF, (char*)"Enter:" },
+ { PAM_ERROR_MSG, (char*)"Now, the magic number!" }
+ };
+ const struct pam_message *msgp[N] = { msg, msg+1, msg+2 };
+ char *r1 = 0, *r2 = 0;
+
+ pam_err = pam_get_item(pamh, PAM_CONV, (const void **)&conv);
+ if (pam_err != PAM_SUCCESS)
+ goto ret;
+
+ pam_err = (*conv->conv)(N, msgp, &resp, conv->appdata_ptr);
+
+ if (pam_err != PAM_SUCCESS || !resp || !((r1= resp[1].resp)))
+ goto ret;
+
+ if (strcmp(r1, "cleartext good") == 0)
+ retval = PAM_SUCCESS;
+ else if (strcmp(r1, "cleartext bad") == 0)
+ retval = PAM_AUTH_ERR;
+ else
+ {
+ free(resp);
+ resp= NULL;
+ msg[0].msg_style = PAM_PROMPT_ECHO_ON;
+ msg[0].msg = (char*)"PIN:";
+ pam_err = (*conv->conv)(1, msgp, &resp, conv->appdata_ptr);
+
+ if (pam_err != PAM_SUCCESS || !resp || !((r2= resp[0].resp)))
+ goto ret;
+
+ /* Produce the crash for testing purposes. */
+ if (strcmp(r1, "crash pam module") == 0 && atoi(r2) == 616)
+ abort();
+
+ if (strlen(r1) == (size_t)atoi(r2) % 100)
+ retval = PAM_SUCCESS;
+ else
+ retval = PAM_AUTH_ERR;
+ }
+
+ if (argc > 0 && argv[0])
+ pam_set_item(pamh, PAM_USER, argv[0]);
+
+ret:
+ free(resp);
+ free(r1);
+ free(r2);
+ return retval;
+}
+
+int pam_sm_setcred(pam_handle_t *pamh __attribute__((unused)),
+ int flags __attribute__((unused)),
+ int argc __attribute__((unused)),
+ const char *argv[] __attribute__((unused)))
+{
+
+ return PAM_SUCCESS;
+}
+