percona-pam-for-mysql

Merge lp:~maria-captains/percona-pam-for-mysql/use_dialog into lp:percona-pam-for-mysql

use_dialog
Merge into percona-pam-for-mysql

Proposed by Sergei Golubchik on 2011-10-27

Status:	Rejected
Rejected by:	Laurynas Biveinis on 2011-12-09
Proposed branch:	lp:~maria-captains/percona-pam-for-mysql/use_dialog
Merge into:	lp:percona-pam-for-mysql
Diff against target:	880 lines (+135/-546) 9 files modified .bzrignore (+1/-0) Makefile.am (+3/-0) build/CMakeLists.txt (+5/-0) configure.ac (+11/-34) src/Makefile.am (+6/-8) src/auth_pam.c (+109/-269) src/lib_auth_pam_client.c (+0/-76) src/lib_auth_pam_client.h (+0/-80) src/test_auth_pam_client.c (+0/-79)
To merge this branch:	bzr merge lp:~maria-captains/percona-pam-for-mysql/use_dialog
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Laurynas Biveinis (community)		2011-10-27	Disapprove on 2011-12-09
Review via email: mp+80551@code.launchpad.net

Revision history for this message

Laurynas Biveinis (laurynas-biveinis) wrote on 2011-12-09:

Changes of this MP have been split into other MPs, some already merged, some in progress.

review: Disapprove

Unmerged revisions

8. By Sergei Golubchik on 2011-10-27: rewrite to use dialog plugin.
simplify configure.ac.
support builds from within 5.5 tree.
fix make distcheck target.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Maria-captains

pam-for-mysql-developers

percona-pam-for-mysql

Merge lp:~maria-captains/percona-pam-for-mysql/use_dialog into lp:percona-pam-for-mysql

Commit message

Description of the change

Unmerged revisions

Preview Diff

Subscribers

 === modified file '.bzrignore'
 --- .bzrignore	2011-10-21 21:37:36 +0000
 +++ .bzrignore	2011-10-27 11:22:23 +0000
@@ -15,3 +15,4 @@
  .libs
  build/percona-pam-plugin.spec
  build/build-binary.sh
++*.tar.gz
 === modified file 'Makefile.am'
 --- Makefile.am	2011-10-20 19:07:25 +0000
 +++ Makefile.am	2011-10-27 11:22:23 +0000
@@ -15,3 +15,6 @@
+ #
  SUBDIRS = src
++
++EXTRA_DIST = bootstrap build/CMakeLists.txt
++
 === modified file 'bootstrap' (properties changed: -x to +x)
 === added file 'build/CMakeLists.txt'
 --- build/CMakeLists.txt	1970-01-01 00:00:00 +0000
 +++ build/CMakeLists.txt	2011-10-27 11:22:23 +0000
@@ -0,0 +1,5 @@
++INCLUDE (CheckLibraryExists)
++CHECK_LIBRARY_EXISTS(pam pam_authenticate "" HAVE_PAM)
++IF(HAVE_PAM)
++  MYSQL_ADD_PLUGIN(auth_pam auth_pam.c LINK_LIBRARIES pam)
++ENDIF(HAVE_PAM)
 === modified file 'configure.ac'
 --- configure.ac	2011-10-21 21:37:36 +0000
 +++ configure.ac	2011-10-27 11:22:23 +0000
@@ -17,32 +17,24 @@
+ #
+ #
  AC_PREREQ([2.61])
--AC_INIT([Percona PAM plugin], [0.1], [mysql-dev@percona.com])
--AC_CONFIG_SRCDIR([src/lib_auth_pam_client.h])
++AC_INIT([Percona PAM plugin], [1.0], [mysql-dev@percona.com])
++AC_CONFIG_SRCDIR([src/auth_pam.c])
  AM_INIT_AUTOMAKE
  # Checks for programs.
--AC_PROG_CXX
--AC_PROG_AWK
--AC_PROG_CC
--AC_PROG_CPP
--AC_PROG_INSTALL
--AC_PROG_LN_S
--AC_PROG_MAKE_SET
--AC_PROG_RANLIB
  AC_PROG_LIBTOOL
  AC_CHECK_PROGS([BZR], [bzr])
  # mysql_config
++AC_PATH_PROG([MYSQL_CONFIG], [mysql_config])
  AC_ARG_WITH([mysql_config],
      AC_HELP_STRING(
--        [--with-mysql_config=PROGRAM],
++        [--with-mysql_config=PATH],
          [location of the mysql_config program]),
--    [mysql_config_prog="$withval"])
--AC_PATH_PROG([MYSQL_CONFIG], [mysql_config], [$mysql_config_prog])
++    [MYSQL_CONFIG="$withval"])
--if test "x$MYSQL_CONFIG" = "x"
++if test "x$MYSQL_CONFIG" = "x" -o ! -x "$MYSQL_CONFIG"
  then
      AC_MSG_ERROR([Unable to find mysql_config. Please install or specify.])
  fi
@@ -54,47 +46,31 @@
+ )
  # Checks for header files.
--MYSQL_INCLUDES="$(mysql_config --include)"
++MYSQL_INCLUDES=`"$MYSQL_CONFIG" --include`
--save_CFLAGS="${CFLAGS}"
  save_CPPFLAGS="${CPPFLAGS}"
--CFLAGS="${CFLAGS} ${MYSQL_INCLUDES}"
  CPPFLAGS="${CPPFLAGS} ${MYSQL_INCLUDES}"
--AC_CHECK_HEADERS([string.h unistd.h])
  AC_CHECK_HEADER([mysql/plugin.h], [],
      AC_MSG_ERROR(
         [Unable to find mysql/plugin.h. Please install the mysql
          development headers]))
--CFLAGS="${save_CFLAGS}"
  CPPFLAGS="${save_CPPFLAGS}"
  AC_SUBST([MYSQL_INCLUDES])
--# Checks for typedefs, structures, and compiler characteristics.
--
--# Checks for library functions.
--AC_FUNC_MALLOC
--AC_CHECK_FUNCS([getpass strchr strdup])
--
  # Get the plugin dir
--PLUGINDIR=$([$MYSQL_CONFIG --plugindir])
++PLUGINDIR=`"$MYSQL_CONFIG" --plugindir`
  AC_SUBST([PLUGINDIR])
  # Get the revision if bzr is present
  if test "x${BZR}" != "x"
  then
--    if cd "$(dirname "$0")" && bzr status >& /dev/null
--    then
--        REVISION="$(cd "$(dirname "$0")"; ${BZR} log -r-1 | grep ^revno: | cut -d ' ' -f 2)"
--    else
--        REVISION=0
--    fi
--else
--    REVISION=0
++    REVISION=`"${BZR}" revno "$srcdir"`
  fi
++REVISION=${REVISION:-0}
  AC_SUBST([REVISION])
@@ -104,3 +80,4 @@
                   build/build-binary.sh
                   build/percona-pam-plugin.spec])
  AC_OUTPUT
++
 === modified file 'src/Makefile.am'
 --- src/Makefile.am	2011-10-20 19:07:25 +0000
 +++ src/Makefile.am	2011-10-27 11:22:23 +0000
@@ -16,11 +16,9 @@
  plugindir = @PLUGINDIR@
--AM_CFLAGS = @MYSQL_INCLUDES@
--
--plugin_LTLIBRARIES = auth_pam.la test_auth_pam_client.la
--auth_pam_la_SOURCES = auth_pam.c lib_auth_pam_client.h lib_auth_pam_client.c
--auth_pam_la_LDFLAGS = -module -avoid-version -shared
--test_auth_pam_client_la_SOURCES = test_auth_pam_client.c \
--	lib_auth_pam_client.h lib_auth_pam_client.c
--test_auth_pam_client_la_LDFLAGS = -module -avoid-version -shared
++AM_CPPFLAGS = @MYSQL_INCLUDES@ -DMYSQL_DYNAMIC_PLUGIN
++
++plugin_LTLIBRARIES = auth_pam.la
++auth_pam_la_SOURCES = auth_pam.c
++auth_pam_la_LDFLAGS = -module -shared
++
 === modified file 'src/auth_pam.c'
 --- src/auth_pam.c	2011-10-25 17:46:19 +0000
 +++ src/auth_pam.c	2011-10-27 11:22:23 +0000
@@ -18,71 +18,43 @@
  /**
   @file
-- PAM authentication for MySQL, server- and client-side plugins for the
-- production use.
++ PAM authentication for MySQL.
   A general-purpose PAM authentication plugin for MySQL.  Acts as a mediator
-- between the MySQL server, the MySQL client, and the PAM backend.  Consists of
-- both the server and the client plugin.
--
-- The server plugin requests authentication from the PAM backend, forwards any
-- requests and messages from the PAM backend over the wire to the client (in
-- cleartext) and reads back any replies for the backend.
--
-- The client plugin inputs from the TTY any requested info/passwords as
-- requested and sends them back over the wire to the server.
++ between the MySQL server, the MySQL client, and the PAM backend.
++
++ The plugin requests authentication from the PAM backend, forwards any
++ requests and messages from the PAM backend to the client "dialog" plugin
++ (from dialog.so, loaded automatically by the libmysqlclient as needed)
++ reads back any replies and passes them to the backend.
   This plugin does not encrypt the communication channel in any way.  If this is
   required, a SSL connection should be used.
   To install this plugin, copy the .so file to the plugin directory and do
-- INSTALL PLUGIN auth_pam_server SONAME 'auth_pam.so';
++ INSTALL PLUGIN auth_pam SONAME 'auth_pam.so';
++
++ or add --plugin-load=auth.so to the my.cnf or the command line.
   To use this plugin for one particular user, specify it at user's creation time
-- (TODO: tested with localhost only):
-- CREATE USER 'username'@'hostname' IDENTIFIED WITH auth_pam_server;
++ CREATE USER 'username'@'hostname' IDENTIFIED WITH auth_pam;
   Alternatively UPDATE the mysql.user table to set the plugin value for an
   existing user.
-- Also it is possible to use this plugin to authenticate anonymous users:
++ Also it is possible to use this plugin to authenticate all users:
-- CREATE USER ''@'hostname' IDENTIFIED WITH auth_pam_server;
++ CREATE USER ''@'hostname' IDENTIFIED WITH auth_pam;
  */
--#include <assert.h>
--
  #include <security/pam_appl.h>
  #include <security/pam_modules.h>
--#include <security/pam_misc.h>
--
--#define MYSQL_DYNAMIC_PLUGIN
--
--/* Define these macros ourselves, so we don't have to include my_global.h and
--can compile against unconfigured MySQL source tree.  */
--#define STDCALL
--
--#define MY_ASSERT_UNREACHABLE() assert(0)
--
--#include <mysql/plugin.h>
++#include <string.h>
++
  #include <mysql/plugin_auth.h>
--#include <mysql/client_plugin.h>
--
--#include <unistd.h> /* getpass() */
--
--#include "lib_auth_pam_client.h"
--
--/* The server plugin */
--
--/** The MySQL service name for PAM configuration */
--static const char* service_name= "mysqld";
--
--/** The maximum length of MYSQL_SERVER_AUTH_INFO::external_user field.
--    Shouldn't be hardcoded in the plugin_auth.h but it is. */
--enum { max_auth_info_external_user_len = 512 };
  static int valid_pam_msg_style (int pam_msg_style)
+ {
@@ -98,45 +70,21 @@
+   }
+ }
--static char pam_msg_style_to_char (int pam_msg_style)
--{
--  /* Do not use any of MySQL client-server protocol reserved values, i.e. \0 */
--  switch (pam_msg_style)
--  {
--  case PAM_PROMPT_ECHO_OFF: return '\2';
--  case PAM_PROMPT_ECHO_ON:  return '\3';
--  case PAM_ERROR_MSG:       return '\4';
--  case PAM_TEXT_INFO:       return '\5';
--  default:
--    MY_ASSERT_UNREACHABLE();
--    return '\1';
--  }
--}
--
--static void free_pam_response (struct pam_response ** resp, int n)
--{
--  int i;
--  for (i = 0; i < n; i++)
--  {
--    free((*resp)[i].resp);
--  }
--  free(*resp);
--  *resp= NULL;
--}
++struct pam_conv_data {
++  MYSQL_PLUGIN_VIO *vio;
++  MYSQL_SERVER_AUTH_INFO *info;
++  unsigned char buf[10240], *ptr;
++};
  static int vio_server_conv (int num_msg, const struct pam_message **msg,
                              struct pam_response ** resp, void *appdata_ptr)
+ {
    int i;
--  int pkt_len;
--  MYSQL_PLUGIN_VIO *vio= NULL;
++  struct pam_conv_data *data = (struct pam_conv_data *)appdata_ptr;
++  unsigned char *end = data->buf + sizeof(data->buf) - 1;
    if (appdata_ptr == NULL)
--  {
--    MY_ASSERT_UNREACHABLE();
      return PAM_CONV_ERR;
--  }
--  vio= (MYSQL_PLUGIN_VIO *)appdata_ptr;
    *resp = calloc (sizeof (struct pam_response), num_msg);
    if (*resp == NULL)
@@ -144,145 +92,100 @@
    for (i = 0; i < num_msg; i++)
+   {
--    char *buf;
--
      if (!valid_pam_msg_style(msg[i]->msg_style))
--    {
--      free_pam_response(resp, i);
--      return PAM_CONV_ERR;
--    }
--
--    /* Format the message.  The first byte is the message type, followed by the
--    NUL-terminated message string itself.  */
--    buf= malloc(strlen(msg[i]->msg) + 2);
--    if (!buf)
--    {
--      free_pam_response(resp, i);
--      return PAM_BUF_ERR;
--    }
--    buf[0]= pam_msg_style_to_char(msg[i]->msg_style);
--    strcpy(buf + 1, msg[i]->msg);
--
--    /* Write the message.  */
--    if (vio->write_packet(vio, (unsigned char *)buf, strlen(buf) + 1))
--    {
--      free(buf);
--      free_pam_response(resp, i);
--      return PAM_CONV_ERR;
--    }
--    free(buf);
--
--    /* Is the answer expected? */
--    if ((msg[i]->msg_style != PAM_PROMPT_ECHO_ON)
--        && (msg[i]->msg_style != PAM_PROMPT_ECHO_OFF))
--      continue;
--
--    /* Read the answer */
--    if ((pkt_len= vio->read_packet(vio, (unsigned char **)&buf)) < 0)
--    {
--      free_pam_response(resp, i);
--      return PAM_CONV_ERR;
--    }
--
--    (*resp)[i].resp= malloc(pkt_len + 1);
--    if ((*resp)[i].resp == NULL)
--    {
--      free_pam_response(resp, i);
--      return PAM_BUF_ERR;
--    }
--    strncpy((*resp)[i].resp, buf, pkt_len);
--    (*resp)[i].resp[pkt_len]= '\0';
++      return PAM_CONV_ERR;
++
++    if (msg[i]->msg)
++    {
++      int len = strlen(msg[i]->msg);
++      if (len > end - data->ptr)
++        len = end - data->ptr;
++      memcpy(data->ptr, msg[i]->msg, len);
++      data->ptr+= len;
++      *(data->ptr)++ = '\n';
++    }
++
++    if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF ||
++        msg[i]->msg_style == PAM_PROMPT_ECHO_ON)
++    {
++      int pkt_len;
++      unsigned char *pkt;
++
++      /* magic number for the dialog plugin, see dialog.c */
++      data->buf[0] = msg[i]->msg_style == PAM_PROMPT_ECHO_ON ? 2 : 4;
++
++      if (data->vio->write_packet(data->vio, data->buf,
++                                   data->ptr - data->buf - 1))
++        return PAM_CONV_ERR;
++
++      pkt_len = data->vio->read_packet(data->vio, &pkt);
++      if (pkt_len < 0)
++        return PAM_CONV_ERR;
++
++      if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF)
++        data->info->password_used = PASSWORD_USED_YES;
++
++      (*resp)[i].resp= strndup((char*)pkt, pkt_len);
++      data->ptr = data->buf + 1;
++    }
+   }
    return PAM_SUCCESS;
+ }
++#define DO_PAM(X)  do { if ((error = (X)) != PAM_SUCCESS) goto ret; } while(0)
++
  static int authenticate_user_with_pam_server (MYSQL_PLUGIN_VIO *vio,
                                                MYSQL_SERVER_AUTH_INFO *info)
+ {
    pam_handle_t *pam_handle;
--  struct pam_conv conv_func_info= { &vio_server_conv, vio };
++  struct pam_conv_data data;
++  struct pam_conv conv_func_info= { &vio_server_conv, &data };
    int error;
    char *external_user_name;
--
--  /* Impossible to tell if PAM will use passwords or something else */
--  info->password_used= PASSWORD_USED_NO_MENTION;
--
--  error= pam_start(service_name,
++  const char *service_name = info->auth_string  && info->auth_string[0]
++                             ? info->auth_string : "mysqld";
++  if (!info->user_name)
++    return CR_ERROR;
++
++  data.vio = vio;
++  data.info = info;
++  data.ptr = data.buf + 1;
++
++  info->password_used = PASSWORD_USED_NO;
++
++  DO_PAM(pam_start(service_name,
                     info->user_name,
--                   &conv_func_info, &pam_handle);
--  if (error != PAM_SUCCESS)
--    return CR_ERROR;
--
--  error= pam_set_item(pam_handle, PAM_RUSER, info->user_name);
--  if (error != PAM_SUCCESS)
--  {
--    pam_end(pam_handle, error);
--    return CR_ERROR;
--  }
--
--  error= pam_set_item(pam_handle, PAM_RHOST, info->host_or_ip);
--  if (error != PAM_SUCCESS)
--  {
--    pam_end(pam_handle, error);
--    return CR_ERROR;
--  }
--
--  error= pam_authenticate(pam_handle, 0);
--  if (error != PAM_SUCCESS)
--  {
--    pam_end(pam_handle, error);
--    return CR_ERROR;
--  }
--
--  error= pam_acct_mgmt(pam_handle, 0);
--  if (error != PAM_SUCCESS)
--  {
--    pam_end(pam_handle, error);
--    return CR_ERROR;
--  }
--
--  /* Send end-of-auth message */
--  if (vio->write_packet(vio, (const unsigned char *)"\0", 1))
--  {
--    pam_end(pam_handle, error);
--    return CR_ERROR;
--  }
++                   &conv_func_info, &pam_handle));
++
++  DO_PAM(pam_set_item(pam_handle, PAM_RUSER, info->user_name));
++
++  DO_PAM(pam_set_item(pam_handle, PAM_RHOST, info->host_or_ip));
++
++  DO_PAM(pam_authenticate(pam_handle, 0));
++
++  DO_PAM(pam_acct_mgmt(pam_handle, 0));
    /* Get the authenticated user name from PAM */
--  error= pam_get_item(pam_handle, PAM_USER, (void *)&external_user_name);
--  if (error != PAM_SUCCESS)
--  {
--    pam_end(pam_handle, error);
--    return CR_ERROR;
--  }
++  DO_PAM(pam_get_item(pam_handle, PAM_USER, (void *)&external_user_name));
    /* Check if user name from PAM is the same as provided for MySQL.  If
--  different, set @@external_user for the current session to the one provided by
++  different, set authenticated_as for the current session to the one provided by
    PAM.  */
    if (strcmp(info->user_name, external_user_name))
+   {
--    strncpy(info->external_user, external_user_name,
--            max_auth_info_external_user_len);
++    strncpy(info->authenticated_as, external_user_name,
++            sizeof(info->authenticated_as));
+   }
--  error= pam_end(pam_handle, error);
--  if (error != PAM_SUCCESS)
--    return CR_ERROR;
--
--  return CR_OK;
++ret:
++  pam_end(pam_handle, error);
++  return error == PAM_SUCCESS ? CR_OK : CR_ERROR;
+ }
  static struct st_mysql_auth pam_auth_handler=
+ {
    MYSQL_AUTHENTICATION_INTERFACE_VERSION,
--  "auth_pam",
--  &authenticate_user_with_pam_server
--};
--
--static struct st_mysql_auth test_pam_auth_handler=
--{
--  MYSQL_AUTHENTICATION_INTERFACE_VERSION,
--  "auth_pam_test",
++  "dialog",
    &authenticate_user_with_pam_server
  };
@@ -290,32 +193,13 @@
+ {
    MYSQL_AUTHENTICATION_PLUGIN,
    &pam_auth_handler,
--  "auth_pam_server",
++  "auth_pam",
    "Percona, Inc.",
    "PAM authentication plugin",
    PLUGIN_LICENSE_GPL,
    NULL,
    NULL,
--  0x0001,
--  NULL,
--  NULL,
--  NULL
--#if MYSQL_PLUGIN_INTERFACE_VERSION >= 0x103
--  ,
--  0
--#endif
--},
--{
--  MYSQL_AUTHENTICATION_PLUGIN,
--  &test_pam_auth_handler,
--  "test_auth_pam_server",
--  "Percona, Inc.",
--  "PAM authentication plugin that requests the test version of the"
--  " client-side plugin. DO NOT USE IN PRODUCTION.",
--  PLUGIN_LICENSE_GPL,
--  NULL,
--  NULL,
--  0x0001,
++  0x0100,
    NULL,
    NULL,
    NULL
@@ -326,67 +210,23 @@
+ }
  mysql_declare_plugin_end;
--/* The client plugin */
--
--/* Returns malloc-allocated string, NULL in case of memory error. */
--static char * prompt_echo_off (const char * prompt)
--{
--  /* TODO: getpass not thread safe.  Probably not a big deal in the mysql
--     client program, but may be missing on non-glibc systems.  */
--  char* getpass_input= getpass(prompt);
--  return strdup(getpass_input);
--}
--
--/* Returns malloc-allocated string, NULL in case of memory or (unlikely)
--I/O error.  */
--static char * prompt_echo_on (const char * prompt)
--{
--  char* c;
--  char fgets_buf[1024];
--  fputs(prompt, stdout);
--  fputc(' ', stdout);
--  c= fgets(fgets_buf, sizeof(fgets_buf), stdin);
--  if (c == NULL)
--  {
--    if (ferror(stdin))
--      return NULL;
--    fgets_buf[0]= '\0';
--  }
--  if ((c= strchr(fgets_buf, '\n')))
--    *c= '\0';
--  else
--    fgets_buf[sizeof(fgets_buf) - 1]= '\0';
--  return strdup(fgets_buf);
--}
--
--static void show_error(const char * message)
--{
--  fprintf(stderr, "ERROR %s\n", message);
--}
--
--static void show_info(const char * message)
--{
--  printf("%s\n", message);
--}
--
--static int authenticate_user_with_pam_client (MYSQL_PLUGIN_VIO *vio,
--                                              struct st_mysql *mysql)
--{
--  return authenticate_user_with_pam_client_common (vio, mysql,
--                                                   &prompt_echo_off,
--                                                   &prompt_echo_on,
--                                                   &show_error, &show_info);
--}
--
--mysql_declare_client_plugin(AUTHENTICATION)
++#ifdef maria_declare_plugin
++maria_declare_plugin(auth_pam)
++{
++  MYSQL_AUTHENTICATION_PLUGIN,
++  &pam_auth_handler,
    "auth_pam",
    "Percona, Inc.",
    "PAM authentication plugin",
--  {0,1,0},
--  "GPL",
--  NULL,
--  NULL, /* init */
--  NULL, /* deinit */
--  NULL, /* options */
--  &authenticate_user_with_pam_client
--mysql_end_client_plugin;
++  PLUGIN_LICENSE_GPL,
++  NULL,
++  NULL,
++  0x0100,
++  NULL,
++  NULL,
++  "1.0",
++  MariaDB_PLUGIN_MATURITY_BETA
++}
++maria_declare_plugin_end;
++#endif
++
 === removed file 'src/lib_auth_pam_client.c'
 --- src/lib_auth_pam_client.c	2011-10-20 19:07:25 +0000
 +++ src/lib_auth_pam_client.c	1970-01-01 00:00:00 +0000
@@ -1,76 +0,0 @@
--/*
--  (C) 2011 Percona Inc.
--
--  This program is free software; you can redistribute it and/or modify
--  it under the terms of the GNU General Public License as published by
--  the Free Software Foundation; version 2 of the License.
--
--  This program is distributed in the hope that it will be useful,
--  but WITHOUT ANY WARRANTY; without even the implied warranty of
--  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
--  GNU General Public License for more details.
--
--  You should have received a copy of the GNU General Public License
--  along with this program; if not, write to the Free Software
--  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
--*/
--
--/**
-- @file
--
-- PAM authentication for MySQL, common code for client-side plugins.
--
-- For the general description, see the top comment in auth_pam.c.
--*/
--#include "lib_auth_pam_client.h"
--
--#include <assert.h>
--#include <string.h>
--
--#define MY_ASSERT_UNREACHABLE() assert(0)
--
--int authenticate_user_with_pam_client_common (MYSQL_PLUGIN_VIO *vio,
--                                              struct st_mysql *mysql __attribute__((unused)),
--                                              prompt_fn echoless_prompt_fn,
--                                              prompt_fn echo_prompt_fn,
--                                              info_fn show_error_fn,
--                                              info_fn show_info_fn)
--{
--  do {
--    char *buf;
--    int pkt_len;
--
--    if ((pkt_len= vio->read_packet(vio, (unsigned char **)&buf)) < 0)
--      return CR_ERROR;
--
--    /* The first byte is the message type, followed by the message itself.  */
--
--    if (buf[0] == '\2' || buf[0] == '\3')
--    {
--      /* '\2' - PAM_PROMPT_ECHO_OFF, '\3' - PAM_PROMPT_ECHO_ON */
--      char *reply = (buf[0] == '\2')
--        ? echoless_prompt_fn(&buf[1]) : echo_prompt_fn(&buf[1]);
--      if (!reply)
--        return CR_ERROR;
--      if (vio->write_packet(vio, (unsigned char *)reply, strlen(reply) + 1))
--      {
--        free(reply);
--        return CR_ERROR;
--      }
--      free(reply);
--    }
--    else if (buf[0] == '\4') /* PAM_ERROR_MSG */
--      show_error_fn(&buf[1]);
--    else if (buf[0] == '\5') /* PAM_TEXT_INFO */
--      show_info_fn(&buf[1]);
--    else if (buf[0] == '\0') /* end-of-authorization */
--      return CR_OK;
--    else
--      return CR_ERROR; /* Unknown! */
--  }
--  while (1);
--
--  /* Should not come here */
--  MY_ASSERT_UNREACHABLE();
--  return CR_ERROR;
--}
 === removed file 'src/lib_auth_pam_client.h'
 --- src/lib_auth_pam_client.h	2011-10-20 19:07:25 +0000
 +++ src/lib_auth_pam_client.h	1970-01-01 00:00:00 +0000
@@ -1,80 +0,0 @@
--#ifndef LIB_AUTH_PAM_CLIENT_INCLUDED
--#define LIB_AUTH_PAM_CLIENT_INCLUDED
--/*
--  (C) 2011 Percona Inc.
--
--  This program is free software; you can redistribute it and/or modify
--  it under the terms of the GNU General Public License as published by
--  the Free Software Foundation; version 2 of the License.
--
--  This program is distributed in the hope that it will be useful,
--  but WITHOUT ANY WARRANTY; without even the implied warranty of
--  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
--  GNU General Public License for more details.
--
--  You should have received a copy of the GNU General Public License
--  along with this program; if not, write to the Free Software
--  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
--*/
--
--/**
-- @file
--
-- PAM authentication for MySQL, common definitions for client-side plugins.
--
-- For the general description, see the top comment in auth_pam.c.
--*/
--
--#define STDCALL
--
--#include <mysql/client_plugin.h>
--
--/**
-- Callback type for functions that prompt the user for (echoed or silent) input
-- and return it.  Should returns a pointer to malloc-allocated string, the
-- caller is responsible for freeing it.  Should return NULL in the case of a
-- memory allocation or I/O error. */
--typedef char* (*prompt_fn)(const char *);
--
--/**
-- Callback type for functions that show user some info (error or notification).
--*/
--typedef void (*info_fn)(const char *);
--
--struct st_mysql;
--
--#ifdef __cplusplus
--extern "C" {
--#endif
--
--/**
-- Client-side PAM auth plugin implementation.
--
-- Communicates with the server-side plugin and does user interaction using the
-- provided callbacks.
--
-- @param vio TODO
-- @param mysql TODO
-- @param echoless_prompt_fn callback to use to prompt the user for non-echoed
--                           input (e.g. password)
-- @param echo_prompt_fn callback to use to prompt the user for echoed input
--                       (e.g. user name)
-- @param show_error_fn callback to use to show the user an error message
-- @param show_info_fn callback to use to show the user an informational message
--
-- @return Authentication conversation status
--   @retval CR_OK the authentication dialog is completed successfully
--   @retval CR_ERROR the authentication dialog is aborted due to error
--*/
--int authenticate_user_with_pam_client_common (MYSQL_PLUGIN_VIO *vio,
--                                              struct st_mysql *mysql,
--                                              prompt_fn echoless_prompt_fn,
--                                              prompt_fn echo_prompt_fn,
--                                              info_fn show_error_fn,
--                                              info_fn show_info_fn);
--
--#ifdef __cplusplus
--}
--#endif
--
--#endif
 === removed file 'src/test_auth_pam_client.c'
 --- src/test_auth_pam_client.c	2011-10-20 19:07:25 +0000
 +++ src/test_auth_pam_client.c	1970-01-01 00:00:00 +0000
@@ -1,79 +0,0 @@
--/*
--  (C) 2011 Percona Inc.
--
--  This program is free software; you can redistribute it and/or modify
--  it under the terms of the GNU General Public License as published by
--  the Free Software Foundation; version 2 of the License.
--
--  This program is distributed in the hope that it will be useful,
--  but WITHOUT ANY WARRANTY; without even the implied warranty of
--  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
--  GNU General Public License for more details.
--
--  You should have received a copy of the GNU General Public License
--  along with this program; if not, write to the Free Software
--  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
--*/
--
--/**
-- @file
--
-- PAM authentication for MySQL, the test version of the client-side plugin.
--*/
--
--#include <string.h>
--
--#define STDCALL
--
--#include <mysql/plugin_auth.h>
--#include <mysql/client_plugin.h>
--
--#include "lib_auth_pam_client.h"
--
--const char * echo_off_reply_1 = "aaaaaaa";
--const char * echo_off_reply_2 = "AAAAAAA";
--
--const char * echo_on_reply_1 = "bbbbbbbbbb";
--const char * echo_on_reply_2 = "BBBBBBBBBB";
--
--/* Returns alternating echo_off_reply_1 and echo_off_reply_2 */
--static char * test_prompt_echo_off (const char * prompt __attribute__((unused)))
--{
--  static unsigned call_no= 0;
--  return strdup((call_no++ % 2) == 0 ? echo_off_reply_1 : echo_off_reply_2);
--}
--
--/* Returns alternating echo_on_reply_1 and echo_on_reply_2 */
--static char * test_prompt_echo_on (const char * prompt __attribute__((unused)))
--{
--  static unsigned call_no= 0;
--  return strdup((call_no++ % 2) == 0 ? echo_on_reply_1 : echo_on_reply_2);
--}
--
--/* Pretend we have shown the message to the user */
--static void test_show_anything(const char * message __attribute__((unused)))
--{
--}
--
--static int test_pam_auth_client (MYSQL_PLUGIN_VIO *vio, struct st_mysql *mysql)
--{
--  return authenticate_user_with_pam_client_common (vio, mysql,
--                                                   &test_prompt_echo_off,
--                                                   &test_prompt_echo_on,
--                                                   &test_show_anything,
--                                                   &test_show_anything);
--}
--
--mysql_declare_client_plugin(AUTHENTICATION)
--  "auth_pam_test",
--  "Percona, Inc.",
--  "Test version of the client PAM authentication plugin. "
--  "DO NOT USE IN PRODUCTION.",
--  {0,1,0},
--  "GPL",
--  NULL,
--  NULL, /* init */
--  NULL, /* deinit */
--  NULL, /* options */
--  &test_pam_auth_client
--mysql_end_client_plugin;