diff options
author | Sergey Poznyakoff <gray@gnu.org> | 2018-08-15 22:22:31 +0300 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org> | 2018-08-15 22:22:31 +0300 |
commit | 7a40b7873bd666809183cdd952d6e2a8f1870981 (patch) | |
tree | 0ae71532dc78f597b717152b564d6681d1ad832a /pam_sql | |
parent | 988b8e27f5df26d7e9f6fd7984677873ca1c40cb (diff) | |
download | pam-modules-7a40b7873bd666809183cdd952d6e2a8f1870981.tar.gz pam-modules-7a40b7873bd666809183cdd952d6e2a8f1870981.tar.bz2 |
Major cleanup
* lib/graypam.h (gray_pam_init)
(gray_raise,gray_malloc,gray_zalloc,gray_calloc)
(gray_realloc,gray_strdup): Remove.
(gray_slist_err,gray_slist_clrerr): New functions.
(gray_slist_append,gray_slist_append_char): Return ssize_t.
(gray_slist_coalesce): Likewise.
(gray_slist_grow_backslash_num)
(gray_slist_grow_backslash): Return int.
(errno_to_pam): New function.
(gray_set_transform_expr): Return int.
* lib/mem.c (gray_raise,gray_malloc,gray_zalloc,gray_calloc)
(gray_realloc,gray_strdup): Remove.
(gray_2nrealloc): Rewrite.
* lib/base64.c: Check return from gray_slist_append_char
* lib/env.c: Check return values from gray_slist functions
* lib/ldappass.c: Likewise.
* lib/slist.c (gray_slist_bucket) <ec>: New member.
(gray_slist_err,gray_slist_clrerr): New functions.
(gray_slist_append,gray_slist_append_char): Return ssize_t.
(gray_slist_coalesce): Likewise.
(gray_slist_grow_backslash_num)
(gray_slist_grow_backslash): Return int.
* lib/transform.c: Use standard memory allocation functions.
* pam_ldaphome/pam_ldaphome.c: Likewise.
* pam_innetgr/pam_innetgr.c: Likewise.
* pam_log/pam_log.c: Likewise.
* pam_regex/pam_regex.c: Likewise.
* pam_sql/pam_mysql.c: Likewise.
* pam_sql/pam_pgsql.c: Likewise.
Diffstat (limited to 'pam_sql')
-rw-r--r-- | pam_sql/pam_mysql.c | 10 | ||||
-rw-r--r-- | pam_sql/pam_pgsql.c | 12 | ||||
-rw-r--r-- | pam_sql/pam_sql.c | 73 | ||||
-rw-r--r-- | pam_sql/pam_sql.h | 5 |
4 files changed, 54 insertions, 46 deletions
diff --git a/pam_sql/pam_mysql.c b/pam_sql/pam_mysql.c index ca1f9e6..3f4a0d6 100644 --- a/pam_sql/pam_mysql.c +++ b/pam_sql/pam_mysql.c @@ -362,18 +362,22 @@ gpam_sql_verify_user_pass(pam_handle_t *pamh, const char *password, gray_slist_t slist; rc = check_query_result(&mysql, password); /* FIXME: This comment is needed to pacify `make check-sql-config' in doc: gpam_sql_find_config("setenv-query") */ - if (rc == PAM_SUCCESS - && (q = gpam_sql_get_query(pamh, "setenv-query", - &slist, 0))) { + if (rc == PAM_SUCCESS) { + rc = gpam_sql_get_query(pamh, "setenv-query", 0, + &slist, &q); + if (rc == PAM_SUCCESS) { + if (q) { mysql_setenv(pamh, &mysql, q); gray_slist_free(&slist); } + } + } mysql_close(&mysql); } return rc; } diff --git a/pam_sql/pam_pgsql.c b/pam_sql/pam_pgsql.c index f6d19e1..5f66b53 100644 --- a/pam_sql/pam_pgsql.c +++ b/pam_sql/pam_pgsql.c @@ -112,12 +112,13 @@ gpam_sql_verify_user_pass(pam_handle_t *pamh, const char *password, _pam_log(LOG_ERR, "PQexec: query did not return tuples"); rc = PAM_SERVICE_ERR; } else { char *p; int n; gray_slist_t slist; + char const *query; n = PQntuples(res); DEBUG(20,("Returned %d tuples", n)); if (n != 1) { _pam_log(LOG_WARNING, "PQexec: query returned %d tuples", n); @@ -150,20 +151,23 @@ gpam_sql_verify_user_pass(pam_handle_t *pamh, const char *password, && strcmp (p, password) == 0) rc = PAM_SUCCESS; /* FIXME: This comment is needed to pacify `make check-sql-config' in doc: gpam_sql_find_config("setenv-query") */ - if (rc == PAM_SUCCESS - && (query = gpam_sql_get_query(pamh, - "setenv-query", - &slist, 0))) { + if (rc == PAM_SUCCESS) { + rc = gpam_sql_get_query(pamh, "setenv-query", 0, + &slist, &query); + if (rc == PAM_SUCCESS) { + if (query) { pgsql_setenv(pamh, pgconn, query); gray_slist_free(&slist); } } + } + } PQclear(res); PQfinish(pgconn); return rc; } diff --git a/pam_sql/pam_sql.c b/pam_sql/pam_sql.c index 359ba64..6707eb3 100644 --- a/pam_sql/pam_sql.c +++ b/pam_sql/pam_sql.c @@ -156,66 +156,56 @@ gpam_sql_check_boolean_config(const char *name, int defval) if (value) defval = gray_boolean_true_p(value); return defval; } -const char * -gpam_sql_get_query(pam_handle_t *pamh, const char *name, gray_slist_t *pslist, - int required) +int +gpam_sql_get_query(pam_handle_t *pamh, const char *name, int required, + gray_slist_t *pslist, const char **retptr) { gray_slist_t slist; const char *query = gpam_sql_find_config(name); + char *retval; if (!query) { - if (required) - gray_raise("%s: %s not defined", gpam_sql_config_file, name); - return NULL; - } - - slist = gray_slist_create(); - gray_expand_string(pamh, query, slist); - gray_slist_append_char(slist, 0); - *pslist = slist; - return gray_slist_finish(slist); + if (required) { + _pam_log(LOG_ERR, "%s: %s not defined", + gpam_sql_config_file, name); + return PAM_AUTHINFO_UNAVAIL; } - -static const char * -get_query2(pam_handle_t *pamh, const char *name1, const char *name2, - gray_slist_t *pslist, int required) -{ - gray_slist_t slist; - const char *query = gpam_sql_find_config(name1); - - if (!query) - query = gpam_sql_find_config(name2); - - if (!query) { - if (required) - gray_raise("%s: %s not defined", - gpam_sql_config_file, name1); - return NULL; + *pslist = NULL; + *retptr = NULL; + return PAM_SUCCESS; } slist = gray_slist_create(); + if (!slist) + return errno_to_pam(errno); gray_expand_string(pamh, query, slist); gray_slist_append_char(slist, 0); *pslist = slist; - return gray_slist_finish(slist); + retval = gray_slist_finish(slist); + if (gray_slist_err(slist)) { + int rc = errno_to_pam(gray_slist_err(slist)); + gray_slist_free(&slist); + return rc; + } + *retptr = retval; + return PAM_SUCCESS; } /* --- authentication management functions (only) --- */ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { const char *username; char *password; int retval = PAM_AUTH_ERR; - gray_pam_init(PAM_SERVICE_ERR); /* parse arguments */ _pam_parse(argc, argv); /* Get the username */ retval = pam_get_user(pamh, &username, NULL); @@ -234,20 +224,25 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) } if (gray_env_read(gpam_sql_config_file, &config_env)) retval = PAM_SERVICE_ERR; else { gray_slist_t slist; + char const *query; + /* FIXME: This comment is needed to pacify `make check-sql-config' in doc: gpam_sql_find_config("passwd-query") */ + retval = gpam_sql_get_query(pamh, "passwd-query", 1, + &slist, &query); + if (retval == PAM_SUCCESS) { retval = gpam_sql_verify_user_pass(pamh, password, - get_query2(pamh, "passwd-query", - "query", &slist, 1)); + query); gray_slist_free(&slist); } + } gray_env_free(config_env); config_env = NULL; switch (retval) { case PAM_ACCT_EXPIRED: @@ -273,26 +268,30 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) static int sql_session_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv, const char *query_name) { int retval; - gray_pam_init(PAM_SERVICE_ERR); /* parse arguments */ _pam_parse(argc, argv); if (gray_env_read(gpam_sql_config_file, &config_env)) retval = PAM_SERVICE_ERR; else { gray_slist_t slist; - retval = gpam_sql_acct(pamh, - gpam_sql_get_query(pamh, query_name, - &slist, 0)); + char const *query; + + retval = gpam_sql_get_query(pamh, query_name, 0, &slist, &query); + if (retval == PAM_SUCCESS) { + if (query) { + retval = gpam_sql_acct(pamh, query); gray_slist_free(&slist); } + } + } gray_env_free(config_env); config_env = NULL; return retval; } diff --git a/pam_sql/pam_sql.h b/pam_sql/pam_sql.h index 9eeecd6..5dc9525 100644 --- a/pam_sql/pam_sql.h +++ b/pam_sql/pam_sql.h @@ -44,10 +44,11 @@ extern char *gpam_sql_config_file; int gpam_sql_verify_user_pass(pam_handle_t *pamh, const char *passwd, const char *query); int gpam_sql_acct(pam_handle_t *pamh, const char *query); char *gpam_sql_find_config(const char *name); -const char *gpam_sql_get_query(pam_handle_t *pamh, const char *name, - gray_slist_t *pslist, int required); +int gpam_sql_get_query(pam_handle_t *pamh, char const *var, + int required, + gray_slist_t *pslist, const char **query); int gpam_sql_check_boolean_config(const char *name, int defval); |