let $PAM_PLUGIN_VERSION= $AUTH_PAM_SO; --source pam_init.inc --write_file $MYSQLTEST_VARDIR/tmp/pam_good.txt not very secret challenge 9225 select user(), current_user(), database(); EOF --write_file $MYSQLTEST_VARDIR/tmp/pam_bad.txt not very secret challenge 9224 select user(), current_user(), database(); EOF --write_file $MYSQLTEST_VARDIR/tmp/pam_ugly.txt crash pam module 616 select user(), current_user(), database(); EOF --write_file $MYSQLTEST_VARDIR/tmp/pam_good2.txt 9212 select user(), current_user(), database(); EOF --echo # --echo # athentication is successful, challenge/pin are ok --echo # note that current_user() differs from user() --echo # --exec $MYSQL_TEST -u test_pam < $MYSQLTEST_VARDIR/tmp/pam_good.txt --echo # --echo # athentication is unsuccessful --echo # --error 1 --exec $MYSQL_TEST -u test_pam < $MYSQLTEST_VARDIR/tmp/pam_bad.txt --echo # --echo # athentication is unsuccessful --echo # --error 1 --exec $MYSQL_TEST -u test_pam < $MYSQLTEST_VARDIR/tmp/pam_ugly.txt --echo # --echo # athentication is successful --echo # --exec $MYSQL_TEST -u test_pam -pgoodpassword < $MYSQLTEST_VARDIR/tmp/pam_good2.txt --echo # --echo # athentication is unsuccessful --echo # --error 1 --exec $MYSQL_TEST -u test_pam -pbadpassword < $MYSQLTEST_VARDIR/tmp/pam_good2.txt --echo # --echo # MDEV-26339 Account specifics to be handled before proxying --echo # # one can connect if the proxy account is locked alter user pam_test account lock; alter user pam_test require subject 'foobar'; alter user pam_test password expire; --error 0 --exec $MYSQL_TEST -u test_pam -pgoodpassword < $MYSQLTEST_VARDIR/tmp/pam_good2.txt alter user pam_test account unlock; alter user pam_test require none; alter user pam_test identified by ''; show create user pam_test; #one cannot connect if the proxied account is locked alter user test_pam account lock; --error 1 --exec $MYSQL_TEST -u test_pam -pgoodpassword < $MYSQLTEST_VARDIR/tmp/pam_good2.txt alter user test_pam account unlock; alter user test_pam require subject 'foobar'; --error 1 --exec $MYSQL_TEST -u test_pam -pgoodpassword < $MYSQLTEST_VARDIR/tmp/pam_good2.txt alter user test_pam require none; alter user test_pam password expire; --error 1 --exec $MYSQL_TEST -u test_pam -pgoodpassword < $MYSQLTEST_VARDIR/tmp/pam_good2.txt drop user test_pam; drop user pam_test; create user PAM_TEST identified via pam using 'mariadb_mtr'; grant all on test.* to PAM_TEST; --echo # --echo # athentication is unsuccessful --echo # --error 1 --exec $MYSQL_TEST -u PAM_TEST < $MYSQLTEST_VARDIR/tmp/pam_good.txt set global pam_winbind_workaround=1; --echo # --echo # athentication is successful --echo # --exec $MYSQL_TEST -u PAM_TEST < $MYSQLTEST_VARDIR/tmp/pam_good.txt --remove_file $MYSQLTEST_VARDIR/tmp/pam_good.txt --remove_file $MYSQLTEST_VARDIR/tmp/pam_good2.txt --remove_file $MYSQLTEST_VARDIR/tmp/pam_bad.txt --remove_file $MYSQLTEST_VARDIR/tmp/pam_ugly.txt drop user PAM_TEST; --echo # --echo # MDEV-27341 Use SET PASSWORD to change PAM service --echo # create user pam_test identified via pam using 'mariadb_mtr'; grant all on test.* to pam_test; --write_file $MYSQLTEST_VARDIR/tmp/setpwd.txt not very secret challenge 9225 select user(), current_user(), database(); error ER_SET_PASSWORD_AUTH_PLUGIN; set password='foo'; show create user; EOF --exec $MYSQL_TEST -u pam_test < $MYSQLTEST_VARDIR/tmp/setpwd.txt --remove_file $MYSQLTEST_VARDIR/tmp/setpwd.txt drop user pam_test; let $count_sessions= 1; --source include/wait_until_count_sessions.inc uninstall plugin pam;