diff options
Diffstat (limited to 'pam_sql/pam_sql.c')
-rw-r--r-- | pam_sql/pam_sql.c | 73 |
1 files changed, 36 insertions, 37 deletions
diff --git a/pam_sql/pam_sql.c b/pam_sql/pam_sql.c index 359ba64..6707eb3 100644 --- a/pam_sql/pam_sql.c +++ b/pam_sql/pam_sql.c | |||
@@ -150,110 +150,105 @@ gpam_sql_find_config(const char *name) | |||
150 | } | 150 | } |
151 | 151 | ||
152 | int | 152 | int |
153 | gpam_sql_check_boolean_config(const char *name, int defval) | 153 | gpam_sql_check_boolean_config(const char *name, int defval) |
154 | { | 154 | { |
155 | const char *value = gpam_sql_find_config(name); | 155 | const char *value = gpam_sql_find_config(name); |
156 | if (value) | 156 | if (value) |
157 | defval = gray_boolean_true_p(value); | 157 | defval = gray_boolean_true_p(value); |
158 | return defval; | 158 | return defval; |
159 | } | 159 | } |
160 | 160 | ||
161 | 161 | ||
162 | const char * | 162 | int |
163 | gpam_sql_get_query(pam_handle_t *pamh, const char *name, gray_slist_t *pslist, | 163 | gpam_sql_get_query(pam_handle_t *pamh, const char *name, int required, |
164 | int required) | 164 | gray_slist_t *pslist, const char **retptr) |
165 | { | 165 | { |
166 | gray_slist_t slist; | 166 | gray_slist_t slist; |
167 | const char *query = gpam_sql_find_config(name); | 167 | const char *query = gpam_sql_find_config(name); |
168 | char *retval; | ||
168 | 169 | ||
169 | if (!query) { | 170 | if (!query) { |
170 | if (required) | 171 | if (required) { |
171 | gray_raise("%s: %s not defined", gpam_sql_config_file, name); | 172 | _pam_log(LOG_ERR, "%s: %s not defined", |
172 | return NULL; | 173 | gpam_sql_config_file, name); |
173 | } | 174 | return PAM_AUTHINFO_UNAVAIL; |
174 | |||
175 | slist = gray_slist_create(); | ||
176 | gray_expand_string(pamh, query, slist); | ||
177 | gray_slist_append_char(slist, 0); | ||
178 | *pslist = slist; | ||
179 | return gray_slist_finish(slist); | ||
180 | } | 175 | } |
181 | 176 | *pslist = NULL; | |
182 | static const char * | 177 | *retptr = NULL; |
183 | get_query2(pam_handle_t *pamh, const char *name1, const char *name2, | 178 | return PAM_SUCCESS; |
184 | gray_slist_t *pslist, int required) | ||
185 | { | ||
186 | gray_slist_t slist; | ||
187 | const char *query = gpam_sql_find_config(name1); | ||
188 | |||
189 | if (!query) | ||
190 | query = gpam_sql_find_config(name2); | ||
191 | |||
192 | if (!query) { | ||
193 | if (required) | ||
194 | gray_raise("%s: %s not defined", | ||
195 | gpam_sql_config_file, name1); | ||
196 | return NULL; | ||
197 | } | 179 | } |
198 | 180 | ||
199 | slist = gray_slist_create(); | 181 | slist = gray_slist_create(); |
182 | if (!slist) | ||
183 | return errno_to_pam(errno); | ||
200 | gray_expand_string(pamh, query, slist); | 184 | gray_expand_string(pamh, query, slist); |
201 | gray_slist_append_char(slist, 0); | 185 | gray_slist_append_char(slist, 0); |
202 | *pslist = slist; | 186 | *pslist = slist; |
203 | return gray_slist_finish(slist); | 187 | retval = gray_slist_finish(slist); |
188 | if (gray_slist_err(slist)) { | ||
189 | int rc = errno_to_pam(gray_slist_err(slist)); | ||
190 | gray_slist_free(&slist); | ||
191 | return rc; | ||
192 | } | ||
193 | *retptr = retval; | ||
194 | return PAM_SUCCESS; | ||
204 | } | 195 | } |
205 | 196 | ||
206 | 197 | ||
207 | /* --- authentication management functions (only) --- */ | 198 | /* --- authentication management functions (only) --- */ |
208 | 199 | ||
209 | PAM_EXTERN int | 200 | PAM_EXTERN int |
210 | pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) | 201 | pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) |
211 | { | 202 | { |
212 | const char *username; | 203 | const char *username; |
213 | char *password; | 204 | char *password; |
214 | int retval = PAM_AUTH_ERR; | 205 | int retval = PAM_AUTH_ERR; |
215 | gray_pam_init(PAM_SERVICE_ERR); | ||
216 | 206 | ||
217 | /* parse arguments */ | 207 | /* parse arguments */ |
218 | _pam_parse(argc, argv); | 208 | _pam_parse(argc, argv); |
219 | 209 | ||
220 | /* Get the username */ | 210 | /* Get the username */ |
221 | retval = pam_get_user(pamh, &username, NULL); | 211 | retval = pam_get_user(pamh, &username, NULL); |
222 | if (retval != PAM_SUCCESS || !username) { | 212 | if (retval != PAM_SUCCESS || !username) { |
223 | DEBUG(1, ("can not get the username")); | 213 | DEBUG(1, ("can not get the username")); |
224 | return PAM_SERVICE_ERR; | 214 | return PAM_SERVICE_ERR; |
225 | } | 215 | } |
226 | 216 | ||
227 | /* Get the password */ | 217 | /* Get the password */ |
228 | if (_pam_get_password(pamh, &password, "Password:")) | 218 | if (_pam_get_password(pamh, &password, "Password:")) |
229 | return PAM_SERVICE_ERR; | 219 | return PAM_SERVICE_ERR; |
230 | 220 | ||
231 | if (retval != PAM_SUCCESS) { | 221 | if (retval != PAM_SUCCESS) { |
232 | _pam_log(LOG_ERR, "Could not retrive user's password"); | 222 | _pam_log(LOG_ERR, "Could not retrive user's password"); |
233 | return PAM_SERVICE_ERR; | 223 | return PAM_SERVICE_ERR; |
234 | } | 224 | } |
235 | 225 | ||
236 | if (gray_env_read(gpam_sql_config_file, &config_env)) | 226 | if (gray_env_read(gpam_sql_config_file, &config_env)) |
237 | retval = PAM_SERVICE_ERR; | 227 | retval = PAM_SERVICE_ERR; |
238 | else { | 228 | else { |
239 | gray_slist_t slist; | 229 | gray_slist_t slist; |
230 | char const *query; | ||
231 | |||
240 | /* FIXME: This comment is needed to pacify | 232 | /* FIXME: This comment is needed to pacify |
241 | `make check-sql-config' in doc: | 233 | `make check-sql-config' in doc: |
242 | gpam_sql_find_config("passwd-query") */ | 234 | gpam_sql_find_config("passwd-query") */ |
235 | retval = gpam_sql_get_query(pamh, "passwd-query", 1, | ||
236 | &slist, &query); | ||
237 | if (retval == PAM_SUCCESS) { | ||
243 | retval = gpam_sql_verify_user_pass(pamh, password, | 238 | retval = gpam_sql_verify_user_pass(pamh, password, |
244 | get_query2(pamh, "passwd-query", | 239 | query); |
245 | "query", &slist, 1)); | ||
246 | gray_slist_free(&slist); | 240 | gray_slist_free(&slist); |
247 | } | 241 | } |
242 | } | ||
248 | 243 | ||
249 | gray_env_free(config_env); | 244 | gray_env_free(config_env); |
250 | config_env = NULL; | 245 | config_env = NULL; |
251 | 246 | ||
252 | switch (retval) { | 247 | switch (retval) { |
253 | case PAM_ACCT_EXPIRED: | 248 | case PAM_ACCT_EXPIRED: |
254 | _pam_log(LOG_NOTICE, "user '%s': account expired", username); | 249 | _pam_log(LOG_NOTICE, "user '%s': account expired", username); |
255 | break; | 250 | break; |
256 | case PAM_SUCCESS: | 251 | case PAM_SUCCESS: |
257 | _pam_log(LOG_NOTICE, "user '%s' granted access", username); | 252 | _pam_log(LOG_NOTICE, "user '%s' granted access", username); |
258 | break; | 253 | break; |
259 | default: | 254 | default: |
@@ -267,38 +262,42 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) | |||
267 | PAM_EXTERN int | 262 | PAM_EXTERN int |
268 | pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) | 263 | pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) |
269 | { | 264 | { |
270 | return PAM_SUCCESS; | 265 | return PAM_SUCCESS; |
271 | } | 266 | } |
272 | 267 | ||
273 | static int | 268 | static int |
274 | sql_session_mgmt(pam_handle_t *pamh, int flags, | 269 | sql_session_mgmt(pam_handle_t *pamh, int flags, |
275 | int argc, const char **argv, const char *query_name) | 270 | int argc, const char **argv, const char *query_name) |
276 | { | 271 | { |
277 | int retval; | 272 | int retval; |
278 | 273 | ||
279 | gray_pam_init(PAM_SERVICE_ERR); | ||
280 | 274 | ||
281 | /* parse arguments */ | 275 | /* parse arguments */ |
282 | _pam_parse(argc, argv); | 276 | _pam_parse(argc, argv); |
283 | 277 | ||
284 | if (gray_env_read(gpam_sql_config_file, &config_env)) | 278 | if (gray_env_read(gpam_sql_config_file, &config_env)) |
285 | retval = PAM_SERVICE_ERR; | 279 | retval = PAM_SERVICE_ERR; |
286 | else { | 280 | else { |
287 | gray_slist_t slist; | 281 | gray_slist_t slist; |
288 | retval = gpam_sql_acct(pamh, | 282 | char const *query; |
289 | gpam_sql_get_query(pamh, query_name, | 283 | |
290 | &slist, 0)); | 284 | retval = gpam_sql_get_query(pamh, query_name, 0, &slist, &query); |
285 | if (retval == PAM_SUCCESS) { | ||
286 | if (query) { | ||
287 | retval = gpam_sql_acct(pamh, query); | ||
291 | gray_slist_free(&slist); | 288 | gray_slist_free(&slist); |
292 | } | 289 | } |
290 | } | ||
291 | } | ||
293 | 292 | ||
294 | gray_env_free(config_env); | 293 | gray_env_free(config_env); |
295 | config_env = NULL; | 294 | config_env = NULL; |
296 | 295 | ||
297 | return retval; | 296 | return retval; |
298 | } | 297 | } |
299 | 298 | ||
300 | PAM_EXTERN int |