1--TEST--
2PAM auth plugin
3--SKIPIF--
4<?php
5require_once('skipif.inc');
6require_once('skipifemb.inc');
7require_once('connect.inc');
8
9if (!$link = @my_mysqli_connect($host, $user, $passwd, $db, $port, $socket)) {
10    die(sprintf("SKIP Cannot connect to the server using host=%s, user=%s, passwd=***, dbname=%s, port=%s, socket=%s\n",
11        $host, $user, $db, $port, $socket));
12}
13
14if ($link->server_version < 50500)
15    die(sprintf("SKIP Needs MySQL 5.5 or newer, found MySQL %s\n", $link->server_info));
16
17if (!$res = $link->query("SHOW PLUGINS"))
18    die(sprintf("SKIP [%d] %s\n", $link->errno, $link->error));
19
20$have_pam = false;
21while ($row = $res->fetch_assoc()) {
22    if (isset($row['Name']) && in_array($row['Name'], array('pam', 'authentication_pam', 'auth_pam_compat'))) {
23        $have_pam = $row['Name'];
24        break;
25    }
26}
27$res->close();
28
29if (!$have_pam)
30  die("SKIP Server PAM plugin not installed");
31
32if ($have_pam == 'pam') {
33    /* MariaDB - needs system variable pam_use_cleartext_plugin=ON to be set */
34    if (!$res = mysqli_query($link, 'SHOW GLOBAL VARIABLES LIKE "pam_use_cleartext_plugin"'))
35        die(sprintf("SKIP MariaDB probe of GLOBAL VARIABLES failed [%d] %s\n",
36                    mysqli_errno($link), mysqli_error($link)));
37    $pam_use_cleartext_plugin = mysqli_fetch_row($res);
38    mysqli_free_result($res);
39    if (!$pam_use_cleartext_plugin or $pam_use_cleartext_plugin[1]!='ON')
40        die("SKIP Server setting pam_use_cleartext_plugin!=ON");
41
42    $pam_service = file_get_contents('/etc/pam.d/mysql');
43} elseif ($have_pam == 'authentication_pam') {
44    /*
45       required MySQL syntax:
46       https://dev.mysql.com/doc/refman/8.0/en/pam-pluggable-authentication.html#pam-pluggable-authentication-usage
47    */
48    $have_pam .= " AS 'mysql-unix'";
49    $pam_service = file_get_contents('/etc/pam.d/mysql-unix');
50} else {
51    $pam_service = file_get_contents('/etc/pam.d/mysql');
52}
53$auth = 0;
54$account = 0;
55foreach (explode("\n", $pam_service) as $line)
56{
57    if (preg_match('/^auth/', $line)) {
58        $auth = 1;
59    } elseif (preg_match('/^account/', $line)) {
60        $account = 1;
61    }
62}
63if (!$auth) {
64    die("SKIP pam service file missing 'auth' directive");
65}
66if (!$account) {
67    die("SKIP pam service file missing 'account' directive");
68}
69
70if (!posix_getpwnam('pamtest')) {
71    die("SKIP no pamtest user");
72}
73/* Password of user 'pamtest' should be set to 'pamtest' */
74
75mysqli_query($link, 'DROP USER pamtest');
76mysqli_query($link, 'DROP USER pamtest@localhost');
77
78if (!mysqli_query($link, "CREATE USER pamtest@'%' IDENTIFIED WITH $have_pam") ||
79    !mysqli_query($link, "CREATE USER pamtest@'localhost' IDENTIFIED WITH $have_pam")) {
80    printf("skip Cannot create second DB user [%d] %s", mysqli_errno($link), mysqli_error($link));
81    mysqli_close($link);
82    die("skip CREATE USER failed");
83}
84
85if (!$link->query("CREATE TABLE test (id INT)") || !$link->query("INSERT INTO test(id) VALUES (1)"))
86    die(sprintf("SKIP [%d] %s\n", $link->errno, $link->error));
87
88
89
90if (!mysqli_query($link, sprintf("GRANT SELECT ON TABLE %s.test TO pamtest@'%%'", $db)) ||
91    !mysqli_query($link, sprintf("GRANT SELECT ON TABLE %s.test TO pamtest@'localhost'", $db))) {
92    printf("skip Cannot grant SELECT to user [%d] %s", mysqli_errno($link), mysqli_error($link));
93    mysqli_close($link);
94    die("skip GRANT failed");
95}
96?>
97--INI--
98max_execution_time=240
99--FILE--
100<?php
101    require_once('connect.inc');
102    require_once('table.inc');
103
104    if (!$link = my_mysqli_connect($host, 'pamtest', 'pamtest', $db, $port, $socket)) {
105        printf("[001] Cannot connect to the server using host=%s, user=pamtest, passwd=pamtest dbname=%s, port=%s, socket=%s\n",
106            $host, $db, $port, $socket);
107    } else {
108
109      if (!$res = $link->query("SELECT id FROM test WHERE id = 1"))
110          printf("[002] [%d] %s\n", $link->errno, $link->error);
111
112      if (!$row = mysqli_fetch_assoc($res)) {
113          printf("[003] [%d] %s\n", $link->errno, $link->error);
114      }
115
116      if ($row['id'] != 1) {
117          printf("[004] Expecting 1 got %s/'%s'", gettype($row['id']), $row['id']);
118      }
119
120      $res->close();
121      $link->close();
122    }
123
124    print "done!";
125?>
126--CLEAN--
127<?php
128    require_once("clean_table.inc");
129    mysqli_query($link, 'DROP USER pamtest');
130    mysqli_query($link, 'DROP USER pamtest@localhost');
131?>
132--EXPECTF--
133done!
134