aboutsummaryrefslogtreecommitdiff
path: root/pam_sql/pam_sql.c
diff options
context:
space:
mode:
Diffstat (limited to 'pam_sql/pam_sql.c')
-rw-r--r--pam_sql/pam_sql.c73
1 files changed, 36 insertions, 37 deletions
diff --git a/pam_sql/pam_sql.c b/pam_sql/pam_sql.c
index 359ba64..6707eb3 100644
--- a/pam_sql/pam_sql.c
+++ b/pam_sql/pam_sql.c
@@ -150,110 +150,105 @@ gpam_sql_find_config(const char *name)
150} 150}
151 151
152int 152int
153gpam_sql_check_boolean_config(const char *name, int defval) 153gpam_sql_check_boolean_config(const char *name, int defval)
154{ 154{
155 const char *value = gpam_sql_find_config(name); 155 const char *value = gpam_sql_find_config(name);
156 if (value) 156 if (value)
157 defval = gray_boolean_true_p(value); 157 defval = gray_boolean_true_p(value);
158 return defval; 158 return defval;
159} 159}
160 160
161 161
162const char * 162int
163gpam_sql_get_query(pam_handle_t *pamh, const char *name, gray_slist_t *pslist, 163gpam_sql_get_query(pam_handle_t *pamh, const char *name, int required,
164 int required) 164 gray_slist_t *pslist, const char **retptr)
165{ 165{
166 gray_slist_t slist; 166 gray_slist_t slist;
167 const char *query = gpam_sql_find_config(name); 167 const char *query = gpam_sql_find_config(name);
168 char *retval;
168 169
169 if (!query) { 170 if (!query) {
170 if (required) 171 if (required) {
171 gray_raise("%s: %s not defined", gpam_sql_config_file, name); 172 _pam_log(LOG_ERR, "%s: %s not defined",
172 return NULL; 173 gpam_sql_config_file, name);
173 } 174 return PAM_AUTHINFO_UNAVAIL;
174
175 slist = gray_slist_create();
176 gray_expand_string(pamh, query, slist);
177 gray_slist_append_char(slist, 0);
178 *pslist = slist;
179 return gray_slist_finish(slist);
180 } 175 }
181 176 *pslist = NULL;
182static const char * 177 *retptr = NULL;
183get_query2(pam_handle_t *pamh, const char *name1, const char *name2, 178 return PAM_SUCCESS;
184 gray_slist_t *pslist, int required)
185{
186 gray_slist_t slist;
187 const char *query = gpam_sql_find_config(name1);
188
189 if (!query)
190 query = gpam_sql_find_config(name2);
191
192 if (!query) {
193 if (required)
194 gray_raise("%s: %s not defined",
195 gpam_sql_config_file, name1);
196 return NULL;
197 } 179 }
198 180
199 slist = gray_slist_create(); 181 slist = gray_slist_create();
182 if (!slist)
183 return errno_to_pam(errno);
200 gray_expand_string(pamh, query, slist); 184 gray_expand_string(pamh, query, slist);
201 gray_slist_append_char(slist, 0); 185 gray_slist_append_char(slist, 0);
202 *pslist = slist; 186 *pslist = slist;
203 return gray_slist_finish(slist); 187 retval = gray_slist_finish(slist);
188 if (gray_slist_err(slist)) {
189 int rc = errno_to_pam(gray_slist_err(slist));
190 gray_slist_free(&slist);
191 return rc;
192 }
193 *retptr = retval;
194 return PAM_SUCCESS;
204} 195}
205 196
206 197
207/* --- authentication management functions (only) --- */ 198/* --- authentication management functions (only) --- */
208 199
209PAM_EXTERN int 200PAM_EXTERN int
210pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) 201pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
211{ 202{
212 const char *username; 203 const char *username;
213 char *password; 204 char *password;
214 int retval = PAM_AUTH_ERR; 205 int retval = PAM_AUTH_ERR;
215 gray_pam_init(PAM_SERVICE_ERR);
216 206
217 /* parse arguments */ 207 /* parse arguments */
218 _pam_parse(argc, argv); 208 _pam_parse(argc, argv);
219 209
220 /* Get the username */ 210 /* Get the username */
221 retval = pam_get_user(pamh, &username, NULL); 211 retval = pam_get_user(pamh, &username, NULL);
222 if (retval != PAM_SUCCESS || !username) { 212 if (retval != PAM_SUCCESS || !username) {
223 DEBUG(1, ("can not get the username")); 213 DEBUG(1, ("can not get the username"));
224 return PAM_SERVICE_ERR; 214 return PAM_SERVICE_ERR;
225 } 215 }
226 216
227 /* Get the password */ 217 /* Get the password */
228 if (_pam_get_password(pamh, &password, "Password:")) 218 if (_pam_get_password(pamh, &password, "Password:"))
229 return PAM_SERVICE_ERR; 219 return PAM_SERVICE_ERR;
230 220
231 if (retval != PAM_SUCCESS) { 221 if (retval != PAM_SUCCESS) {
232 _pam_log(LOG_ERR, "Could not retrive user's password"); 222 _pam_log(LOG_ERR, "Could not retrive user's password");
233 return PAM_SERVICE_ERR; 223 return PAM_SERVICE_ERR;
234 } 224 }
235 225
236 if (gray_env_read(gpam_sql_config_file, &config_env)) 226 if (gray_env_read(gpam_sql_config_file, &config_env))
237 retval = PAM_SERVICE_ERR; 227 retval = PAM_SERVICE_ERR;
238 else { 228 else {
239 gray_slist_t slist; 229 gray_slist_t slist;
230 char const *query;
231
240 /* FIXME: This comment is needed to pacify 232 /* FIXME: This comment is needed to pacify
241 `make check-sql-config' in doc: 233 `make check-sql-config' in doc:
242 gpam_sql_find_config("passwd-query") */ 234 gpam_sql_find_config("passwd-query") */
235 retval = gpam_sql_get_query(pamh, "passwd-query", 1,
236 &slist, &query);
237 if (retval == PAM_SUCCESS) {
243 retval = gpam_sql_verify_user_pass(pamh, password, 238 retval = gpam_sql_verify_user_pass(pamh, password,
244 get_query2(pamh, "passwd-query", 239 query);
245 "query", &slist, 1));
246 gray_slist_free(&slist); 240 gray_slist_free(&slist);
247 } 241 }
242 }
248 243
249 gray_env_free(config_env); 244 gray_env_free(config_env);
250 config_env = NULL; 245 config_env = NULL;
251 246
252 switch (retval) { 247 switch (retval) {
253 case PAM_ACCT_EXPIRED: 248 case PAM_ACCT_EXPIRED:
254 _pam_log(LOG_NOTICE, "user '%s': account expired", username); 249 _pam_log(LOG_NOTICE, "user '%s': account expired", username);
255 break; 250 break;
256 case PAM_SUCCESS: 251 case PAM_SUCCESS:
257 _pam_log(LOG_NOTICE, "user '%s' granted access", username); 252 _pam_log(LOG_NOTICE, "user '%s' granted access", username);
258 break; 253 break;
259 default: 254 default:
@@ -267,38 +262,42 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
267PAM_EXTERN int 262PAM_EXTERN int
268pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) 263pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
269{ 264{
270 return PAM_SUCCESS; 265 return PAM_SUCCESS;
271} 266}
272 267
273static int 268static int
274sql_session_mgmt(pam_handle_t *pamh, int flags, 269sql_session_mgmt(pam_handle_t *pamh, int flags,
275 int argc, const char **argv, const char *query_name) 270 int argc, const char **argv, const char *query_name)
276{ 271{
277 int retval; 272 int retval;
278 273
279 gray_pam_init(PAM_SERVICE_ERR);
280 274
281 /* parse arguments */ 275 /* parse arguments */
282 _pam_parse(argc, argv); 276 _pam_parse(argc, argv);
283 277
284 if (gray_env_read(gpam_sql_config_file, &config_env)) 278 if (gray_env_read(gpam_sql_config_file, &config_env))
285 retval = PAM_SERVICE_ERR; 279 retval = PAM_SERVICE_ERR;
286 else { 280 else {
287 gray_slist_t slist; 281 gray_slist_t slist;
288 retval = gpam_sql_acct(pamh, 282 char const *query;
289 gpam_sql_get_query(pamh, query_name, 283
290 &slist, 0)); 284 retval = gpam_sql_get_query(pamh, query_name, 0, &slist, &query);
285 if (retval == PAM_SUCCESS) {
286 if (query) {
287 retval = gpam_sql_acct(pamh, query);
291 gray_slist_free(&slist); 288 gray_slist_free(&slist);
292 } 289 }
290 }
291 }
293 292
294 gray_env_free(config_env); 293 gray_env_free(config_env);
295 config_env = NULL; 294 config_env = NULL;
296 295
297 return retval; 296 return retval;
298} 297}
299 298
300PAM_EXTERN int