1--TEST-- 2PAM auth plugin 3--EXTENSIONS-- 4mysqli 5--SKIPIF-- 6<?php 7require_once('connect.inc'); 8 9if (!$link = @my_mysqli_connect($host, $user, $passwd, $db, $port, $socket)) { 10 die(sprintf("SKIP Cannot connect to the server using host=%s, user=%s, passwd=***, dbname=%s, port=%s, socket=%s\n", 11 $host, $user, $db, $port, $socket)); 12} 13 14if ($link->server_version < 50500) 15 die(sprintf("SKIP Needs MySQL 5.5 or newer, found MySQL %s\n", $link->server_info)); 16 17if (!$res = $link->query("SHOW PLUGINS")) 18 die(sprintf("SKIP [%d] %s\n", $link->errno, $link->error)); 19 20$have_pam = false; 21while ($row = $res->fetch_assoc()) { 22 if (isset($row['Name']) && in_array($row['Name'], array('pam', 'authentication_pam', 'auth_pam_compat'))) { 23 $have_pam = $row['Name']; 24 break; 25 } 26} 27$res->close(); 28 29if (!$have_pam) 30 die("SKIP Server PAM plugin not installed"); 31 32if ($have_pam == 'pam') { 33 /* MariaDB - needs system variable pam_use_cleartext_plugin=ON to be set */ 34 if (!$res = mysqli_query($link, 'SHOW GLOBAL VARIABLES LIKE "pam_use_cleartext_plugin"')) 35 die(sprintf("SKIP MariaDB probe of GLOBAL VARIABLES failed [%d] %s\n", 36 mysqli_errno($link), mysqli_error($link))); 37 $pam_use_cleartext_plugin = mysqli_fetch_row($res); 38 mysqli_free_result($res); 39 if (!$pam_use_cleartext_plugin or $pam_use_cleartext_plugin[1]!='ON') 40 die("SKIP Server setting pam_use_cleartext_plugin!=ON"); 41 42 $pam_service = file_get_contents('/etc/pam.d/mysql'); 43} elseif ($have_pam == 'authentication_pam') { 44 /* 45 required MySQL syntax: 46 https://dev.mysql.com/doc/refman/8.0/en/pam-pluggable-authentication.html#pam-pluggable-authentication-usage 47 */ 48 $have_pam .= " AS 'mysql-unix'"; 49 $pam_service = file_get_contents('/etc/pam.d/mysql-unix'); 50} else { 51 $pam_service = file_get_contents('/etc/pam.d/mysql'); 52} 53$auth = 0; 54$account = 0; 55foreach (explode("\n", $pam_service) as $line) 56{ 57 if (preg_match('/^auth/', $line)) { 58 $auth = 1; 59 } elseif (preg_match('/^account/', $line)) { 60 $account = 1; 61 } 62} 63if (!$auth) { 64 die("SKIP pam service file missing 'auth' directive"); 65} 66if (!$account) { 67 die("SKIP pam service file missing 'account' directive"); 68} 69 70if (!posix_getpwnam('pamtest')) { 71 die("SKIP no pamtest user"); 72} 73/* Password of user 'pamtest' should be set to 'pamtest' */ 74 75mysqli_query($link, 'DROP USER pamtest'); 76mysqli_query($link, 'DROP USER pamtest@localhost'); 77 78if (!mysqli_query($link, "CREATE USER pamtest@'%' IDENTIFIED WITH $have_pam") || 79 !mysqli_query($link, "CREATE USER pamtest@'localhost' IDENTIFIED WITH $have_pam")) { 80 printf("skip Cannot create second DB user [%d] %s", mysqli_errno($link), mysqli_error($link)); 81 mysqli_close($link); 82 die("skip CREATE USER failed"); 83} 84 85if (!$link->query("CREATE TABLE test (id INT)") || !$link->query("INSERT INTO test(id) VALUES (1)")) 86 die(sprintf("SKIP [%d] %s\n", $link->errno, $link->error)); 87 88 89 90if (!mysqli_query($link, sprintf("GRANT SELECT ON TABLE %s.test TO pamtest@'%%'", $db)) || 91 !mysqli_query($link, sprintf("GRANT SELECT ON TABLE %s.test TO pamtest@'localhost'", $db))) { 92 printf("skip Cannot grant SELECT to user [%d] %s", mysqli_errno($link), mysqli_error($link)); 93 mysqli_close($link); 94 die("skip GRANT failed"); 95} 96?> 97--INI-- 98max_execution_time=240 99--FILE-- 100<?php 101 require_once('connect.inc'); 102 require_once('table.inc'); 103 104 if (!$link = my_mysqli_connect($host, 'pamtest', 'pamtest', $db, $port, $socket)) { 105 printf("[001] Cannot connect to the server using host=%s, user=pamtest, passwd=pamtest dbname=%s, port=%s, socket=%s\n", 106 $host, $db, $port, $socket); 107 } else { 108 109 if (!$res = $link->query("SELECT id FROM test WHERE id = 1")) 110 printf("[002] [%d] %s\n", $link->errno, $link->error); 111 112 if (!$row = mysqli_fetch_assoc($res)) { 113 printf("[003] [%d] %s\n", $link->errno, $link->error); 114 } 115 116 if ($row['id'] != 1) { 117 printf("[004] Expecting 1 got %s/'%s'", gettype($row['id']), $row['id']); 118 } 119 120 $res->close(); 121 $link->close(); 122 } 123 124 print "done!"; 125?> 126--CLEAN-- 127<?php 128 require_once("clean_table.inc"); 129 mysqli_query($link, 'DROP USER pamtest'); 130 mysqli_query($link, 'DROP USER pamtest@localhost'); 131?> 132--EXPECT-- 133done! 134