summaryrefslogtreecommitdiffabout
path: root/pam_sql
Side-by-side diff
Diffstat (limited to 'pam_sql') (more/less context) (show whitespace changes)
-rw-r--r--pam_sql/pam_mysql.c10
-rw-r--r--pam_sql/pam_pgsql.c12
-rw-r--r--pam_sql/pam_sql.c73
-rw-r--r--pam_sql/pam_sql.h5
4 files changed, 54 insertions, 46 deletions
diff --git a/pam_sql/pam_mysql.c b/pam_sql/pam_mysql.c
index ca1f9e6..3f4a0d6 100644
--- a/pam_sql/pam_mysql.c
+++ b/pam_sql/pam_mysql.c
@@ -362,18 +362,22 @@ gpam_sql_verify_user_pass(pam_handle_t *pamh, const char *password,
gray_slist_t slist;
rc = check_query_result(&mysql, password);
/* FIXME: This comment is needed to pacify
`make check-sql-config' in doc:
gpam_sql_find_config("setenv-query") */
- if (rc == PAM_SUCCESS
- && (q = gpam_sql_get_query(pamh, "setenv-query",
- &slist, 0))) {
+ if (rc == PAM_SUCCESS) {
+ rc = gpam_sql_get_query(pamh, "setenv-query", 0,
+ &slist, &q);
+ if (rc == PAM_SUCCESS) {
+ if (q) {
mysql_setenv(pamh, &mysql, q);
gray_slist_free(&slist);
}
+ }
+ }
mysql_close(&mysql);
}
return rc;
}
diff --git a/pam_sql/pam_pgsql.c b/pam_sql/pam_pgsql.c
index f6d19e1..5f66b53 100644
--- a/pam_sql/pam_pgsql.c
+++ b/pam_sql/pam_pgsql.c
@@ -112,12 +112,13 @@ gpam_sql_verify_user_pass(pam_handle_t *pamh, const char *password,
_pam_log(LOG_ERR, "PQexec: query did not return tuples");
rc = PAM_SERVICE_ERR;
} else {
char *p;
int n;
gray_slist_t slist;
+ char const *query;
n = PQntuples(res);
DEBUG(20,("Returned %d tuples", n));
if (n != 1) {
_pam_log(LOG_WARNING,
"PQexec: query returned %d tuples", n);
@@ -150,20 +151,23 @@ gpam_sql_verify_user_pass(pam_handle_t *pamh, const char *password,
&& strcmp (p, password) == 0)
rc = PAM_SUCCESS;
/* FIXME: This comment is needed to pacify
`make check-sql-config' in doc:
gpam_sql_find_config("setenv-query") */
- if (rc == PAM_SUCCESS
- && (query = gpam_sql_get_query(pamh,
- "setenv-query",
- &slist, 0))) {
+ if (rc == PAM_SUCCESS) {
+ rc = gpam_sql_get_query(pamh, "setenv-query", 0,
+ &slist, &query);
+ if (rc == PAM_SUCCESS) {
+ if (query) {
pgsql_setenv(pamh, pgconn, query);
gray_slist_free(&slist);
}
}
+ }
+ }
PQclear(res);
PQfinish(pgconn);
return rc;
}
diff --git a/pam_sql/pam_sql.c b/pam_sql/pam_sql.c
index 359ba64..6707eb3 100644
--- a/pam_sql/pam_sql.c
+++ b/pam_sql/pam_sql.c
@@ -156,66 +156,56 @@ gpam_sql_check_boolean_config(const char *name, int defval)
if (value)
defval = gray_boolean_true_p(value);
return defval;
}
-const char *
-gpam_sql_get_query(pam_handle_t *pamh, const char *name, gray_slist_t *pslist,
- int required)
+int
+gpam_sql_get_query(pam_handle_t *pamh, const char *name, int required,
+ gray_slist_t *pslist, const char **retptr)
{
gray_slist_t slist;
const char *query = gpam_sql_find_config(name);
+ char *retval;
if (!query) {
- if (required)
- gray_raise("%s: %s not defined", gpam_sql_config_file, name);
- return NULL;
- }
-
- slist = gray_slist_create();
- gray_expand_string(pamh, query, slist);
- gray_slist_append_char(slist, 0);
- *pslist = slist;
- return gray_slist_finish(slist);
+ if (required) {
+ _pam_log(LOG_ERR, "%s: %s not defined",
+ gpam_sql_config_file, name);
+ return PAM_AUTHINFO_UNAVAIL;
}
-
-static const char *
-get_query2(pam_handle_t *pamh, const char *name1, const char *name2,
- gray_slist_t *pslist, int required)
-{
- gray_slist_t slist;
- const char *query = gpam_sql_find_config(name1);
-
- if (!query)
- query = gpam_sql_find_config(name2);
-
- if (!query) {
- if (required)
- gray_raise("%s: %s not defined",
- gpam_sql_config_file, name1);
- return NULL;
+ *pslist = NULL;
+ *retptr = NULL;
+ return PAM_SUCCESS;
}
slist = gray_slist_create();
+ if (!slist)
+ return errno_to_pam(errno);
gray_expand_string(pamh, query, slist);
gray_slist_append_char(slist, 0);
*pslist = slist;
- return gray_slist_finish(slist);
+ retval = gray_slist_finish(slist);
+ if (gray_slist_err(slist)) {
+ int rc = errno_to_pam(gray_slist_err(slist));
+ gray_slist_free(&slist);
+ return rc;
+ }
+ *retptr = retval;
+ return PAM_SUCCESS;
}
/* --- authentication management functions (only) --- */
PAM_EXTERN int
pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
const char *username;
char *password;
int retval = PAM_AUTH_ERR;
- gray_pam_init(PAM_SERVICE_ERR);
/* parse arguments */
_pam_parse(argc, argv);
/* Get the username */
retval = pam_get_user(pamh, &username, NULL);
@@ -234,20 +224,25 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
}
if (gray_env_read(gpam_sql_config_file, &config_env))
retval = PAM_SERVICE_ERR;
else {
gray_slist_t slist;
+ char const *query;
+
/* FIXME: This comment is needed to pacify
`make check-sql-config' in doc:
gpam_sql_find_config("passwd-query") */
+ retval = gpam_sql_get_query(pamh, "passwd-query", 1,
+ &slist, &query);
+ if (retval == PAM_SUCCESS) {
retval = gpam_sql_verify_user_pass(pamh, password,
- get_query2(pamh, "passwd-query",
- "query", &slist, 1));
+ query);
gray_slist_free(&slist);
}
+ }
gray_env_free(config_env);
config_env = NULL;
switch (retval) {
case PAM_ACCT_EXPIRED:
@@ -273,26 +268,30 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
static int
sql_session_mgmt(pam_handle_t *pamh, int flags,
int argc, const char **argv, const char *query_name)
{
int retval;
- gray_pam_init(PAM_SERVICE_ERR);
/* parse arguments */
_pam_parse(argc, argv);
if (gray_env_read(gpam_sql_config_file, &config_env))
retval = PAM_SERVICE_ERR;
else {
gray_slist_t slist;
- retval = gpam_sql_acct(pamh,
- gpam_sql_get_query(pamh, query_name,
- &slist, 0));
+ char const *query;
+
+ retval = gpam_sql_get_query(pamh, query_name, 0, &slist, &query);
+ if (retval == PAM_SUCCESS) {
+ if (query) {
+ retval = gpam_sql_acct(pamh, query);
gray_slist_free(&slist);
}
+ }
+ }
gray_env_free(config_env);
config_env = NULL;
return retval;
}
diff --git a/pam_sql/pam_sql.h b/pam_sql/pam_sql.h
index 9eeecd6..5dc9525 100644
--- a/pam_sql/pam_sql.h
+++ b/pam_sql/pam_sql.h
@@ -44,10 +44,11 @@ extern char *gpam_sql_config_file;
int gpam_sql_verify_user_pass(pam_handle_t *pamh, const char *passwd,
const char *query);
int gpam_sql_acct(pam_handle_t *pamh, const char *query);
char *gpam_sql_find_config(const char *name);
-const char *gpam_sql_get_query(pam_handle_t *pamh, const char *name,
- gray_slist_t *pslist, int required);
+int gpam_sql_get_query(pam_handle_t *pamh, char const *var,
+ int required,
+ gray_slist_t *pslist, const char **query);
int gpam_sql_check_boolean_config(const char *name, int defval);

Return to:

Send suggestions and report system problems to the System administrator.