4 files changed, 54 insertions, 46 deletions
diff --git a/pam_sql/pam_mysql.c b/pam_sql/pam_mysql.c
index ca1f9e6..3f4a0d6 100644
--- a/pam_sql/pam_mysql.c
+++ b/pam_sql/pam_mysql.c
@@ -367,5 +367,7 @@ gpam_sql_verify_user_pass(pam_handle_t *pamh, const char *password,
                   gpam_sql_find_config("setenv-query") */
-                if (rc == PAM_SUCCESS
+                if (rc == PAM_SUCCESS) {
-                    && (q = gpam_sql_get_query(pamh, "setenv-query", 
+                        rc = gpam_sql_get_query(pamh, "setenv-query", 0,
-                                               &slist, 0))) {
+                                                &slist, &q);
+                        if (rc == PAM_SUCCESS) {
+                                if (q) {
                                        mysql_setenv(pamh, &mysql, q);
@@ -373,2 +375,4 @@ gpam_sql_verify_user_pass(pam_handle_t *pamh, const char *password,
                                }
+                        }
+                }
                mysql_close(&mysql);
diff --git a/pam_sql/pam_pgsql.c b/pam_sql/pam_pgsql.c
index f6d19e1..5f66b53 100644
--- a/pam_sql/pam_pgsql.c
+++ b/pam_sql/pam_pgsql.c
@@ -117,2 +117,3 @@ gpam_sql_verify_user_pass(pam_handle_t *pamh, const char *password,
                gray_slist_t slist;
+                char const *query;
                
@@ -155,6 +156,7 @@ gpam_sql_verify_user_pass(pam_handle_t *pamh, const char *password,
                   gpam_sql_find_config("setenv-query") */
-                if (rc == PAM_SUCCESS
+                if (rc == PAM_SUCCESS) {
-                    && (query = gpam_sql_get_query(pamh,
+                        rc = gpam_sql_get_query(pamh, "setenv-query", 0,
-                                                   "setenv-query",
+                                                &slist, &query);
-                                                   &slist, 0))) {
+                        if (rc == PAM_SUCCESS) {
+                                if (query) {
                                        pgsql_setenv(pamh, pgconn, query);
@@ -163,2 +165,4 @@ gpam_sql_verify_user_pass(pam_handle_t *pamh, const char *password,
                        }
+                }
+        }
diff --git a/pam_sql/pam_sql.c b/pam_sql/pam_sql.c
index 359ba64..6707eb3 100644
--- a/pam_sql/pam_sql.c
+++ b/pam_sql/pam_sql.c
@@ -161,5 +161,5 @@ gpam_sql_check_boolean_config(const char *name, int defval)
-const char *
+int
-gpam_sql_get_query(pam_handle_t *pamh, const char *name, gray_slist_t *pslist,
+gpam_sql_get_query(pam_handle_t *pamh, const char *name, int required,
-                   int required)
+                   gray_slist_t *pslist, const char **retptr)
 {
@@ -167,31 +167,13 @@ gpam_sql_get_query(pam_handle_t *pamh, const char *name, gray_slist_t *pslist,
        const char *query = gpam_sql_find_config(name);
+        char *retval;
        
        if (!query) {
-                if (required)
+                if (required) {
-                        gray_raise("%s: %s not defined", gpam_sql_config_file, name);
+                        _pam_log(LOG_ERR, "%s: %s not defined",
-                return NULL;
+                                 gpam_sql_config_file, name);
-        }
+                        return PAM_AUTHINFO_UNAVAIL;
-        
-        slist = gray_slist_create();
-        gray_expand_string(pamh, query, slist);
-        gray_slist_append_char(slist, 0);
-        *pslist = slist;
-        return gray_slist_finish(slist);
                }
+                *pslist = NULL;
-static const char *
+                *retptr = NULL;
-get_query2(pam_handle_t *pamh, const char *name1, const char *name2,
+                return PAM_SUCCESS;
-           gray_slist_t *pslist, int required)
-{
-        gray_slist_t slist;
-        const char *query = gpam_sql_find_config(name1);
-        if (!query)
-                query = gpam_sql_find_config(name2);
-        
-        if (!query) {
-                if (required)
-                        gray_raise("%s: %s not defined", 
-                                   gpam_sql_config_file, name1);
-                return NULL;
        }
@@ -199,2 +181,4 @@ get_query2(pam_handle_t *pamh, const char *name1, const char *name2,
        slist = gray_slist_create();
+        if (!slist)
+                return errno_to_pam(errno);
        gray_expand_string(pamh, query, slist);
@@ -202,3 +186,10 @@ get_query2(pam_handle_t *pamh, const char *name1, const char *name2,
        *pslist = slist;
-        return gray_slist_finish(slist);
+        retval = gray_slist_finish(slist);
+        if (gray_slist_err(slist)) {
+                int rc = errno_to_pam(gray_slist_err(slist));
+                gray_slist_free(&slist);
+                return rc;
+        }
+        *retptr = retval;
+        return PAM_SUCCESS;
 }
@@ -214,3 +205,2 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
        int retval = PAM_AUTH_ERR;
-        gray_pam_init(PAM_SERVICE_ERR);
@@ -239,2 +229,4 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
                gray_slist_t slist;
+                char const *query;
+                
                /* FIXME: This comment is needed to pacify
@@ -242,7 +234,10 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
                   gpam_sql_find_config("passwd-query") */
+                retval = gpam_sql_get_query(pamh, "passwd-query", 1,
+                                            &slist, &query);
+                if (retval == PAM_SUCCESS) {
                        retval = gpam_sql_verify_user_pass(pamh, password,
-                                             get_query2(pamh, "passwd-query",
+                                                           query);
-                                             "query",  &slist, 1));
                        gray_slist_free(&slist);
                }
+        }
        
@@ -278,3 +273,2 @@ sql_session_mgmt(pam_handle_t *pamh, int flags,
-        gray_pam_init(PAM_SERVICE_ERR);
@@ -287,7 +281,12 @@ sql_session_mgmt(pam_handle_t *pamh, int flags,
                gray_slist_t slist;
-                retval = gpam_sql_acct(pamh,
+                char const *query;
-                                       gpam_sql_get_query(pamh, query_name,
+                
-                                                          &slist, 0));
+                retval = gpam_sql_get_query(pamh, query_name, 0, &slist, &query);
+                if (retval == PAM_SUCCESS) {
+                        if (query) {
+                                retval = gpam_sql_acct(pamh, query);
                                gray_slist_free(&slist);
                        }
+                }
+        }
        
diff --git a/pam_sql/pam_sql.h b/pam_sql/pam_sql.h
index 9eeecd6..5dc9525 100644
--- a/pam_sql/pam_sql.h
+++ b/pam_sql/pam_sql.h
@@ -49,4 +49,5 @@ int gpam_sql_acct(pam_handle_t *pamh, const char *query);
 char *gpam_sql_find_config(const char *name);
-const char *gpam_sql_get_query(pam_handle_t *pamh, const char *name,
+int gpam_sql_get_query(pam_handle_t *pamh, char const *var,
-                               gray_slist_t *pslist, int required);
+                       int required, 
+                       gray_slist_t *pslist, const char **query);
 int gpam_sql_check_boolean_config(const char *name, int defval);

diff --git a/pam_sql/pam_mysql.c b/pam_sql/pam_mysql.c index ca1f9e6..3f4a0d6 100644 --- a/pam_sql/pam_mysql.c +++ b/pam_sql/pam_mysql.c
@@ -367,5 +367,7 @@ gpam_sql_verify_user_pass(pam_handle_t pamh, const char password,
367	gpam_sql_find_config("setenv-query") */	367	gpam_sql_find_config("setenv-query") */
368	if (rc == PAM_SUCCESS	368	if (rc == PAM_SUCCESS) {
369	&& (q = gpam_sql_get_query(pamh, "setenv-query",	369	rc = gpam_sql_get_query(pamh, "setenv-query", 0,
370	&slist, 0))) {	370	&slist, &q);
		371	if (rc == PAM_SUCCESS) {
		372	if (q) {
371	mysql_setenv(pamh, &mysql, q);	373	mysql_setenv(pamh, &mysql, q);
@@ -373,2 +375,4 @@ gpam_sql_verify_user_pass(pam_handle_t pamh, const char password,
373	}	375	}
		376	}
		377	}
374	mysql_close(&mysql);	378	mysql_close(&mysql);


diff --git a/pam_sql/pam_pgsql.c b/pam_sql/pam_pgsql.c index f6d19e1..5f66b53 100644 --- a/pam_sql/pam_pgsql.c +++ b/pam_sql/pam_pgsql.c
@@ -117,2 +117,3 @@ gpam_sql_verify_user_pass(pam_handle_t pamh, const char password,
117	gray_slist_t slist;	117	gray_slist_t slist;
		118	char const *query;
118		119
@@ -155,6 +156,7 @@ gpam_sql_verify_user_pass(pam_handle_t pamh, const char password,
155	gpam_sql_find_config("setenv-query") */	156	gpam_sql_find_config("setenv-query") */
156	if (rc == PAM_SUCCESS	157	if (rc == PAM_SUCCESS) {
157	&& (query = gpam_sql_get_query(pamh,	158	rc = gpam_sql_get_query(pamh, "setenv-query", 0,
158	"setenv-query",	159	&slist, &query);
159	&slist, 0))) {	160	if (rc == PAM_SUCCESS) {
		161	if (query) {
160	pgsql_setenv(pamh, pgconn, query);	162	pgsql_setenv(pamh, pgconn, query);
@@ -163,2 +165,4 @@ gpam_sql_verify_user_pass(pam_handle_t pamh, const char password,
163	}	165	}
		166	}
		167	}
164		168


diff --git a/pam_sql/pam_sql.c b/pam_sql/pam_sql.c index 359ba64..6707eb3 100644 --- a/pam_sql/pam_sql.c +++ b/pam_sql/pam_sql.c
@@ -161,5 +161,5 @@ gpam_sql_check_boolean_config(const char *name, int defval)
161		161
162	const char *	162	int
163	gpam_sql_get_query(pam_handle_t pamh, const char name, gray_slist_t *pslist,	163	gpam_sql_get_query(pam_handle_t pamh, const char name, int required,
164	int required)	164	gray_slist_t pslist, const char *retptr)
165	{	165	{
@@ -167,31 +167,13 @@ gpam_sql_get_query(pam_handle_t pamh, const char name, gray_slist_t *pslist,
167	const char *query = gpam_sql_find_config(name);	167	const char *query = gpam_sql_find_config(name);
		168	char *retval;
168		169
169	if (!query) {	170	if (!query) {
170	if (required)	171	if (required) {
171	gray_raise("%s: %s not defined", gpam_sql_config_file, name);	172	_pam_log(LOG_ERR, "%s: %s not defined",
172	return NULL;	173	gpam_sql_config_file, name);
173	}	174	return PAM_AUTHINFO_UNAVAIL;
174
175	slist = gray_slist_create();
176	gray_expand_string(pamh, query, slist);
177	gray_slist_append_char(slist, 0);
178	*pslist = slist;
179	return gray_slist_finish(slist);
180	}	175	}
181		176	*pslist = NULL;
182	static const char *	177	*retptr = NULL;
183	get_query2(pam_handle_t pamh, const char name1, const char *name2,	178	return PAM_SUCCESS;
184	gray_slist_t *pslist, int required)
185	{
186	gray_slist_t slist;
187	const char *query = gpam_sql_find_config(name1);
188
189	if (!query)
190	query = gpam_sql_find_config(name2);
191
192	if (!query) {
193	if (required)
194	gray_raise("%s: %s not defined",
195	gpam_sql_config_file, name1);
196	return NULL;
197	}	179	}
@@ -199,2 +181,4 @@ get_query2(pam_handle_t pamh, const char name1, const char *name2,
199	slist = gray_slist_create();	181	slist = gray_slist_create();
		182	if (!slist)
		183	return errno_to_pam(errno);
200	gray_expand_string(pamh, query, slist);	184	gray_expand_string(pamh, query, slist);
@@ -202,3 +186,10 @@ get_query2(pam_handle_t pamh, const char name1, const char *name2,
202	*pslist = slist;	186	*pslist = slist;
203	return gray_slist_finish(slist);	187	retval = gray_slist_finish(slist);
		188	if (gray_slist_err(slist)) {
		189	int rc = errno_to_pam(gray_slist_err(slist));
		190	gray_slist_free(&slist);
		191	return rc;
		192	}
		193	*retptr = retval;
		194	return PAM_SUCCESS;
204	}	195	}
@@ -214,3 +205,2 @@ pam_sm_authenticate(pam_handle_t pamh, int flags, int argc, const char *argv)
214	int retval = PAM_AUTH_ERR;	205	int retval = PAM_AUTH_ERR;
215	gray_pam_init(PAM_SERVICE_ERR);
216		206
@@ -239,2 +229,4 @@ pam_sm_authenticate(pam_handle_t pamh, int flags, int argc, const char *argv)
239	gray_slist_t slist;	229	gray_slist_t slist;
		230	char const *query;
		231
240	/* FIXME: This comment is needed to pacify	232	/* FIXME: This comment is needed to pacify
@@ -242,7 +234,10 @@ pam_sm_authenticate(pam_handle_t pamh, int flags, int argc, const char *argv)
242	gpam_sql_find_config("passwd-query") */	234	gpam_sql_find_config("passwd-query") */
		235	retval = gpam_sql_get_query(pamh, "passwd-query", 1,
		236	&slist, &query);
		237	if (retval == PAM_SUCCESS) {
243	retval = gpam_sql_verify_user_pass(pamh, password,	238	retval = gpam_sql_verify_user_pass(pamh, password,
244	get_query2(pamh, "passwd-query",	239	query);
245	"query", &slist, 1));
246	gray_slist_free(&slist);	240	gray_slist_free(&slist);
247	}	241	}
		242	}
248		243
@@ -278,3 +273,2 @@ sql_session_mgmt(pam_handle_t *pamh, int flags,
278		273
279	gray_pam_init(PAM_SERVICE_ERR);
280		274
@@ -287,7 +281,12 @@ sql_session_mgmt(pam_handle_t *pamh, int flags,
287	gray_slist_t slist;	281	gray_slist_t slist;
288	retval = gpam_sql_acct(pamh,	282	char const *query;
289	gpam_sql_get_query(pamh, query_name,	283
290	&slist, 0));	284	retval = gpam_sql_get_query(pamh, query_name, 0, &slist, &query);
		285	if (retval == PAM_SUCCESS) {
		286	if (query) {
		287	retval = gpam_sql_acct(pamh, query);
291	gray_slist_free(&slist);	288	gray_slist_free(&slist);
292	}	289	}
		290	}
		291	}
293		292


diff --git a/pam_sql/pam_sql.h b/pam_sql/pam_sql.h index 9eeecd6..5dc9525 100644 --- a/pam_sql/pam_sql.h +++ b/pam_sql/pam_sql.h
@@ -49,4 +49,5 @@ int gpam_sql_acct(pam_handle_t pamh, const char query);
49	char gpam_sql_find_config(const char name);	49	char gpam_sql_find_config(const char name);
50	const char gpam_sql_get_query(pam_handle_t pamh, const char *name,	50	int gpam_sql_get_query(pam_handle_t pamh, char const var,
51	gray_slist_t *pslist, int required);	51	int required,
		52	gray_slist_t pslist, const char *query);
52	int gpam_sql_check_boolean_config(const char *name, int defval);	53	int gpam_sql_check_boolean_config(const char *name, int defval);