3

PAM plugin does not enforce plugin_dir when installed from tarball

 2 years ago
source link: https://jira.percona.com/browse/PS-7739
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

PAM plugin does not enforce plugin_dir when installed from tarball

Details

Description

This issue has been already exposed in https://jira.percona.com/browse/PS-950, it has not been fixed,  I've just tested it with Percona Server 5.7.31 installed from a tarball, then loading the Percona authentication plugin:

mysql [localhost:5731] {msandbox} ((none)) > INSTALL PLUGIN auth_pam SONAME 'auth_pam.so';
Query OK, 0 rows affected (0.01 sec)

and then creating a database user set to use PAM authentication:

mysql [localhost:5731] {msandbox} ((none)) > CREATE USER 'nando'@'%' IDENTIFIED WITH 'auth_pam';
Query OK, 0 rows affected (0.01 sec)

... and nothing else. Then I tried to connect and I got the same error:

fernando.laudares@tp-support03:~/sandboxes/msb_5_7_31$ tail -f data/msandbox.err &
[1] 3095218

fernando.laudares@tp-support03:~/sandboxes/msb_5_7_31$ mysql -unando -p -S/tmp/mysql_sandbox5731.sock
Enter password: 
ERROR 2059 (HY000): Authentication plugin 'dialog' cannot be loaded: /usr/lib64/mysql/plugin/dialog.so: cannot open shared object file: No such file or directory

 It does look like the library is statically linked there. I did the test and copied the dialog.so library, which is used by the PAM plugin, to the aforementioned directory; MySQL no longer complains about the file not being there, but of a missing dependency now:

ERROR 2059 (HY000): Authentication plugin 'dialog' cannot be loaded: libssl.so.1.0.1e: cannot open shared object file: No such file or directory

 From a previous comment in this thread:

Looks like you are using binary tarball. Since tarball can be extracted anywhere, where do you expect mysql to look for plugins? There is a --plugin-dir option to specify plugin directory.

plugin_dir is correctly set:

mysql [localhost:5731] {msandbox} ((none)) > select @@plugin_dir;
+----------------------------------------------+
| @@plugin_dir |
+----------------------------------------------+
| /opt/percona_server/5.7.31/lib/mysql/plugin/ |
+----------------------------------------------+
1 row in set (0.00 sec)

and the target library can be found there:

$ ls /opt/percona_server/5.7.31/lib/mysql/plugin/|grep dialog.so
dialog.s

https://jira.percona.com/secure/AddComment!default.jspa?id=116397


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK