[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: arguments passed to pam_sm_authenticate function ignore quoting/escaping rules



Russell Kliese wrote:
> 
> I have been hacking at the pam_mysql code of late trying to make it a
> little more flexible. I would like to put an argument in the pam
> configuration file something like query="select user_name from
> internet_service where user_name='%u' and password=PASSWORD('%p') and
> service='web_proxy'" (where %u is replaced by a username and %p a password).
> 
> The problem is that pam seems to want to split this single argument up
> into many arguments (at the spaces). Was this behaviour intended? I am
> using the 0.72- 35 debian packaged pam libs.

Yes, this is the expected behavior.

> Should I be working on a workaround for the pam_mysql module or would it
> be better to have a look at the pam source.

You might have a little more luck if you tried

  [user_name='%u' and password=PASSWORD('%p') and service='web_proxy']

This is completely untested by me, right now, but if I recall correctly
it should work.

The reason this may work is actually a little bit of a side-effect of
supporting the alternative format for the control tokens, but I think I
was thinking about this exact need when I coded it N years ago.

I don't know off hand if there is a way to encode '[' or ']' in a module
argument and have the module actually see these characters, but I'd be
very happy for you to play with everything you can along these lines,
report what works/fails and I'll consider it a bug report/feature
request...

Cheers

Andrew





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []