diff options
Diffstat (limited to 'pam_sql')
-rw-r--r-- | pam_sql/pam_mysql.c | 10 | ||||
-rw-r--r-- | pam_sql/pam_pgsql.c | 12 | ||||
-rw-r--r-- | pam_sql/pam_sql.c | 73 | ||||
-rw-r--r-- | pam_sql/pam_sql.h | 5 |
4 files changed, 54 insertions, 46 deletions
diff --git a/pam_sql/pam_mysql.c b/pam_sql/pam_mysql.c index ca1f9e6..3f4a0d6 100644 --- a/pam_sql/pam_mysql.c +++ b/pam_sql/pam_mysql.c | |||
@@ -362,18 +362,22 @@ gpam_sql_verify_user_pass(pam_handle_t *pamh, const char *password, | |||
362 | gray_slist_t slist; | 362 | gray_slist_t slist; |
363 | 363 | ||
364 | rc = check_query_result(&mysql, password); | 364 | rc = check_query_result(&mysql, password); |
365 | /* FIXME: This comment is needed to pacify | 365 | /* FIXME: This comment is needed to pacify |
366 | `make check-sql-config' in doc: | 366 | `make check-sql-config' in doc: |
367 | gpam_sql_find_config("setenv-query") */ | 367 | gpam_sql_find_config("setenv-query") */ |
368 | if (rc == PAM_SUCCESS | 368 | if (rc == PAM_SUCCESS) { |
369 | && (q = gpam_sql_get_query(pamh, "setenv-query", | 369 | rc = gpam_sql_get_query(pamh, "setenv-query", 0, |
370 | &slist, 0))) { | 370 | &slist, &q); |
371 | if (rc == PAM_SUCCESS) { | ||
372 | if (q) { | ||
371 | mysql_setenv(pamh, &mysql, q); | 373 | mysql_setenv(pamh, &mysql, q); |
372 | gray_slist_free(&slist); | 374 | gray_slist_free(&slist); |
373 | } | 375 | } |
376 | } | ||
377 | } | ||
374 | mysql_close(&mysql); | 378 | mysql_close(&mysql); |
375 | } | 379 | } |
376 | 380 | ||
377 | return rc; | 381 | return rc; |
378 | } | 382 | } |
379 | 383 | ||
diff --git a/pam_sql/pam_pgsql.c b/pam_sql/pam_pgsql.c index f6d19e1..5f66b53 100644 --- a/pam_sql/pam_pgsql.c +++ b/pam_sql/pam_pgsql.c | |||
@@ -112,12 +112,13 @@ gpam_sql_verify_user_pass(pam_handle_t *pamh, const char *password, | |||
112 | _pam_log(LOG_ERR, "PQexec: query did not return tuples"); | 112 | _pam_log(LOG_ERR, "PQexec: query did not return tuples"); |
113 | rc = PAM_SERVICE_ERR; | 113 | rc = PAM_SERVICE_ERR; |
114 | } else { | 114 | } else { |
115 | char *p; | 115 | char *p; |
116 | int n; | 116 | int n; |
117 | gray_slist_t slist; | 117 | gray_slist_t slist; |
118 | char const *query; | ||
118 | 119 | ||
119 | n = PQntuples(res); | 120 | n = PQntuples(res); |
120 | DEBUG(20,("Returned %d tuples", n)); | 121 | DEBUG(20,("Returned %d tuples", n)); |
121 | if (n != 1) { | 122 | if (n != 1) { |
122 | _pam_log(LOG_WARNING, | 123 | _pam_log(LOG_WARNING, |
123 | "PQexec: query returned %d tuples", n); | 124 | "PQexec: query returned %d tuples", n); |
@@ -150,20 +151,23 @@ gpam_sql_verify_user_pass(pam_handle_t *pamh, const char *password, | |||
150 | && strcmp (p, password) == 0) | 151 | && strcmp (p, password) == 0) |
151 | rc = PAM_SUCCESS; | 152 | rc = PAM_SUCCESS; |
152 | 153 | ||
153 | /* FIXME: This comment is needed to pacify | 154 | /* FIXME: This comment is needed to pacify |
154 | `make check-sql-config' in doc: | 155 | `make check-sql-config' in doc: |
155 | gpam_sql_find_config("setenv-query") */ | 156 | gpam_sql_find_config("setenv-query") */ |
156 | if (rc == PAM_SUCCESS | 157 | if (rc == PAM_SUCCESS) { |
157 | && (query = gpam_sql_get_query(pamh, | 158 | rc = gpam_sql_get_query(pamh, "setenv-query", 0, |
158 | "setenv-query", | 159 | &slist, &query); |
159 | &slist, 0))) { | 160 | if (rc == PAM_SUCCESS) { |
161 | if (query) { | ||
160 | pgsql_setenv(pamh, pgconn, query); | 162 | pgsql_setenv(pamh, pgconn, query); |
161 | gray_slist_free(&slist); | 163 | gray_slist_free(&slist); |
162 | } | 164 | } |
163 | } | 165 | } |
166 | } | ||
167 | } | ||
164 | 168 | ||
165 | PQclear(res); | 169 | PQclear(res); |
166 | PQfinish(pgconn); | 170 | PQfinish(pgconn); |
167 | 171 | ||
168 | return rc; | 172 | return rc; |
169 | } | 173 | } |
diff --git a/pam_sql/pam_sql.c b/pam_sql/pam_sql.c index 359ba64..6707eb3 100644 --- a/pam_sql/pam_sql.c +++ b/pam_sql/pam_sql.c | |||
@@ -156,66 +156,56 @@ gpam_sql_check_boolean_config(const char *name, int defval) | |||
156 | if (value) | 156 | if (value) |
157 | defval = gray_boolean_true_p(value); | 157 | defval = gray_boolean_true_p(value); |
158 | return defval; | 158 | return defval; |
159 | } | 159 | } |
160 | 160 | ||
161 | 161 | ||
162 | const char * | 162 | int |
163 | gpam_sql_get_query(pam_handle_t *pamh, const char *name, gray_slist_t *pslist, | 163 | gpam_sql_get_query(pam_handle_t *pamh, const char *name, int required, |
164 | int required) | 164 | gray_slist_t *pslist, const char **retptr) |
165 | { | 165 | { |
166 | gray_slist_t slist; | 166 | gray_slist_t slist; |
167 | const char *query = gpam_sql_find_config(name); | 167 | const char *query = gpam_sql_find_config(name); |
168 | char *retval; | ||
168 | 169 | ||
169 | if (!query) { | 170 | if (!query) { |
170 | if (required) | 171 | if (required) { |
171 | gray_raise("%s: %s not defined", gpam_sql_config_file, name); | 172 | _pam_log(LOG_ERR, "%s: %s not defined", |
172 | return NULL; | 173 | gpam_sql_config_file, name); |
173 | } | 174 | return PAM_AUTHINFO_UNAVAIL; |
174 | |||
175 | slist = gray_slist_create(); | ||
176 | gray_expand_string(pamh, query, slist); | ||
177 | gray_slist_append_char(slist, 0); | ||
178 | *pslist = slist; | ||
179 | return gray_slist_finish(slist); | ||
180 | } | 175 | } |
181 | 176 | *pslist = NULL; | |
182 | static const char * | 177 | *retptr = NULL; |
183 | get_query2(pam_handle_t *pamh, const char *name1, const char *name2, | 178 | return PAM_SUCCESS; |
184 | gray_slist_t *pslist, int required) | ||
185 | { | ||
186 | gray_slist_t slist; | ||
187 | const char *query = gpam_sql_find_config(name1); | ||
188 | |||
189 | if (!query) | ||
190 | query = gpam_sql_find_config(name2); | ||
191 | |||
192 | if (!query) { | ||
193 | if (required) | ||
194 | gray_raise("%s: %s not defined", | ||
195 | gpam_sql_config_file, name1); | ||
196 | return NULL; | ||
197 | } | 179 | } |
198 | 180 | ||
199 | slist = gray_slist_create(); | 181 | slist = gray_slist_create(); |
182 | if (!slist) | ||
183 | return errno_to_pam(errno); | ||
200 | gray_expand_string(pamh, query, slist); | 184 | gray_expand_string(pamh, query, slist); |
201 | gray_slist_append_char(slist, 0); | 185 | gray_slist_append_char(slist, 0); |
202 | *pslist = slist; | 186 | *pslist = slist; |
203 | return gray_slist_finish(slist); | 187 | retval = gray_slist_finish(slist); |
188 | if (gray_slist_err(slist)) { | ||
189 | int rc = errno_to_pam(gray_slist_err(slist)); | ||
190 | gray_slist_free(&slist); | ||
191 | return rc; | ||
192 | } | ||
193 | *retptr = retval; | ||
194 | return PAM_SUCCESS; | ||
204 | } | 195 | } |
205 | 196 | ||
206 | 197 | ||
207 | /* --- authentication management functions (only) --- */ | 198 | /* --- authentication management functions (only) --- */ |
208 | 199 | ||
209 | PAM_EXTERN int | 200 | PAM_EXTERN int |
210 | pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) | 201 | pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) |
211 | { | 202 | { |
212 | const char *username; | 203 | const char *username; |
213 | char *password; | 204 | char *password; |
214 | int retval = PAM_AUTH_ERR; | 205 | int retval = PAM_AUTH_ERR; |
215 | gray_pam_init(PAM_SERVICE_ERR); | ||
216 | 206 | ||
217 | /* parse arguments */ | 207 | /* parse arguments */ |
218 | _pam_parse(argc, argv); | 208 | _pam_parse(argc, argv); |
219 | 209 | ||
220 | /* Get the username */ | 210 | /* Get the username */ |
221 | retval = pam_get_user(pamh, &username, NULL); | 211 | retval = pam_get_user(pamh, &username, NULL); |
@@ -234,20 +224,25 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) | |||
234 | } | 224 | } |
235 | 225 | ||
236 | if (gray_env_read(gpam_sql_config_file, &config_env)) | 226 | if (gray_env_read(gpam_sql_config_file, &config_env)) |
237 | retval = PAM_SERVICE_ERR; | 227 | retval = PAM_SERVICE_ERR; |
238 | else { | 228 | else { |
239 | gray_slist_t slist; | 229 | gray_slist_t slist; |
230 | char const *query; | ||
231 | |||
240 | /* FIXME: This comment is needed to pacify | 232 | /* FIXME: This comment is needed to pacify |
241 | `make check-sql-config' in doc: | 233 | `make check-sql-config' in doc: |
242 | gpam_sql_find_config("passwd-query") */ | 234 | gpam_sql_find_config("passwd-query") */ |
235 | retval = gpam_sql_get_query(pamh, "passwd-query", 1, | ||
236 | &slist, &query); | ||
237 | if (retval == PAM_SUCCESS) { | ||
243 | retval = gpam_sql_verify_user_pass(pamh, password, | 238 | retval = gpam_sql_verify_user_pass(pamh, password, |
244 | get_query2(pamh, "passwd-query", | 239 | query); |
245 | "query", &slist, 1)); | ||
246 | gray_slist_free(&slist); | 240 | gray_slist_free(&slist); |
247 | } | 241 | } |
242 | } | ||
248 | 243 | ||
249 | gray_env_free(config_env); |