MDEV-26339 Account specifics to be handled before proxying

author: Sergei Golubchik <serg@mariadb.org> 2021-12-27 18:32:44 +0100
committer: Sergei Golubchik <serg@mariadb.org> 2022-01-17 18:19:29 +0100
commit: da76d25ab482c74c7b3eb66935865fee4c474f49 (patch)
tree: 5b1e7d262e603581ed87d13e4a30c468bd4a87b0 /mysql-test/suite
parent: 5e04c08d0af6b0da2e98d1327577264fbcbe4a06 (diff)
download: mariadb-git-da76d25ab482c74c7b3eb66935865fee4c474f49.tar.gz
2 files changed, 59 insertions, 0 deletions
diff --git a/mysql-test/suite/plugins/r/pam.result b/mysql-test/suite/plugins/r/pam.result
index 40075245d0c..fca6e2b08c3 100644
--- a/mysql-test/suite/plugins/r/pam.result
+++ b/mysql-test/suite/plugins/r/pam.result
@@ -40,6 +40,35 @@ test_pam@localhost	pam_test@%	test
 #
 Now, the magic number!
 PIN: 9212
+#
+# MDEV-26339 Account specifics to be handled before proxying
+#
+alter user pam_test account lock;
+alter user pam_test require subject 'foobar';
+alter user pam_test password expire;
+Now, the magic number!
+PIN: 9212
+select user(), current_user(), database();
+user()	current_user()	database()
+test_pam@localhost	pam_test@%	test
+alter user pam_test account unlock;
+alter user pam_test require none;
+alter user pam_test identified by '';
+show create user pam_test;
+CREATE USER for pam_test@%
+CREATE USER `pam_test`@`%`
+alter user test_pam account lock;
+Now, the magic number!
+PIN: 9212
+alter user test_pam account unlock;
+alter user test_pam require subject 'foobar';
+Now, the magic number!
+PIN: 9212
+alter user test_pam require none;
+alter user test_pam password expire;
+Now, the magic number!
+PIN: 9212
+select user(), current_user(), database();
 drop user test_pam;
 drop user pam_test;
 create user PAM_TEST identified via pam using 'mariadb_mtr';
diff --git a/mysql-test/suite/plugins/t/pam.test b/mysql-test/suite/plugins/t/pam.test
index 1bb1fa2c230..f53d6673918 100644
--- a/mysql-test/suite/plugins/t/pam.test
+++ b/mysql-test/suite/plugins/t/pam.test
@@ -54,6 +54,36 @@ EOF
 --error 1
 --exec $MYSQL_TEST -u test_pam -pbadpassword --plugin-dir=$plugindir < $MYSQLTEST_VARDIR/tmp/pam_good2.txt
 
+--echo #
+--echo # MDEV-26339 Account specifics to be handled before proxying
+--echo #
+
+# one can connect if the proxy account is locked
+alter user pam_test account lock;
+alter user pam_test require subject 'foobar';
+alter user pam_test password expire;
+--error 0
+--exec $MYSQL_TEST -u test_pam -pgoodpassword --plugin-dir=$plugindir < $MYSQLTEST_VARDIR/tmp/pam_good2.txt
+alter user pam_test account unlock;
+alter user pam_test require none;
+alter user pam_test identified by '';
+show create user pam_test;
+
+#one cannot connect if the proxied account is locked
+alter user test_pam account lock;
+--error 1
+--exec $MYSQL_TEST -u test_pam -pgoodpassword --plugin-dir=$plugindir < $MYSQLTEST_VARDIR/tmp/pam_good2.txt
+alter user test_pam account unlock;
+
+alter user test_pam require subject 'foobar';
+--error 1
+--exec $MYSQL_TEST -u test_pam -pgoodpassword --plugin-dir=$plugindir < $MYSQLTEST_VARDIR/tmp/pam_good2.txt
+alter user test_pam require none;
+
+alter user test_pam password expire;
+--error 1
+--exec $MYSQL_TEST -u test_pam -pgoodpassword --plugin-dir=$plugindir < $MYSQLTEST_VARDIR/tmp/pam_good2.txt
+
 drop user test_pam;
 drop user pam_test;
 create user PAM_TEST identified via pam using 'mariadb_mtr';
author	Sergei Golubchik <serg@mariadb.org>	2021-12-27 18:32:44 +0100
committer	Sergei Golubchik <serg@mariadb.org>	2022-01-17 18:19:29 +0100
commit	da76d25ab482c74c7b3eb66935865fee4c474f49 (patch)
tree	5b1e7d262e603581ed87d13e4a30c468bd4a87b0 /mysql-test/suite
parent	5e04c08d0af6b0da2e98d1327577264fbcbe4a06 (diff)
download	mariadb-git-da76d25ab482c74c7b3eb66935865fee4c474f49.tar.gz