aboutsummaryrefslogtreecommitdiff
path: root/pam_sql
diff options
context:
space:
mode:
Diffstat (limited to 'pam_sql')
-rw-r--r--pam_sql/pam_mysql.c10
-rw-r--r--pam_sql/pam_pgsql.c12
-rw-r--r--pam_sql/pam_sql.c73
-rw-r--r--pam_sql/pam_sql.h5
4 files changed, 54 insertions, 46 deletions
diff --git a/pam_sql/pam_mysql.c b/pam_sql/pam_mysql.c
index ca1f9e6..3f4a0d6 100644
--- a/pam_sql/pam_mysql.c
+++ b/pam_sql/pam_mysql.c
@@ -362,18 +362,22 @@ gpam_sql_verify_user_pass(pam_handle_t *pamh, const char *password,
362 gray_slist_t slist; 362 gray_slist_t slist;
363 363
364 rc = check_query_result(&mysql, password); 364 rc = check_query_result(&mysql, password);
365 /* FIXME: This comment is needed to pacify 365 /* FIXME: This comment is needed to pacify
366 `make check-sql-config' in doc: 366 `make check-sql-config' in doc:
367 gpam_sql_find_config("setenv-query") */ 367 gpam_sql_find_config("setenv-query") */
368 if (rc == PAM_SUCCESS 368 if (rc == PAM_SUCCESS) {
369 && (q = gpam_sql_get_query(pamh, "setenv-query", 369 rc = gpam_sql_get_query(pamh, "setenv-query", 0,
370 &slist, 0))) { 370 &slist, &q);
371 if (rc == PAM_SUCCESS) {
372 if (q) {
371 mysql_setenv(pamh, &mysql, q); 373 mysql_setenv(pamh, &mysql, q);
372 gray_slist_free(&slist); 374 gray_slist_free(&slist);
373 } 375 }
376 }
377 }
374 mysql_close(&mysql); 378 mysql_close(&mysql);
375 } 379 }
376 380
377 return rc; 381 return rc;
378} 382}
379 383
diff --git a/pam_sql/pam_pgsql.c b/pam_sql/pam_pgsql.c
index f6d19e1..5f66b53 100644
--- a/pam_sql/pam_pgsql.c
+++ b/pam_sql/pam_pgsql.c
@@ -112,12 +112,13 @@ gpam_sql_verify_user_pass(pam_handle_t *pamh, const char *password,
112 _pam_log(LOG_ERR, "PQexec: query did not return tuples"); 112 _pam_log(LOG_ERR, "PQexec: query did not return tuples");
113 rc = PAM_SERVICE_ERR; 113 rc = PAM_SERVICE_ERR;
114 } else { 114 } else {
115 char *p; 115 char *p;
116 int n; 116 int n;
117 gray_slist_t slist; 117 gray_slist_t slist;
118 char const *query;
118 119
119 n = PQntuples(res); 120 n = PQntuples(res);
120 DEBUG(20,("Returned %d tuples", n)); 121 DEBUG(20,("Returned %d tuples", n));
121 if (n != 1) { 122 if (n != 1) {
122 _pam_log(LOG_WARNING, 123 _pam_log(LOG_WARNING,
123 "PQexec: query returned %d tuples", n); 124 "PQexec: query returned %d tuples", n);
@@ -150,20 +151,23 @@ gpam_sql_verify_user_pass(pam_handle_t *pamh, const char *password,
150 && strcmp (p, password) == 0) 151 && strcmp (p, password) == 0)
151 rc = PAM_SUCCESS; 152 rc = PAM_SUCCESS;
152 153
153 /* FIXME: This comment is needed to pacify 154 /* FIXME: This comment is needed to pacify
154 `make check-sql-config' in doc: 155 `make check-sql-config' in doc:
155 gpam_sql_find_config("setenv-query") */ 156 gpam_sql_find_config("setenv-query") */
156 if (rc == PAM_SUCCESS 157 if (rc == PAM_SUCCESS) {
157 && (query = gpam_sql_get_query(pamh, 158 rc = gpam_sql_get_query(pamh, "setenv-query", 0,
158 "setenv-query", 159 &slist, &query);
159 &slist, 0))) { 160 if (rc == PAM_SUCCESS) {
161 if (query) {
160 pgsql_setenv(pamh, pgconn, query); 162 pgsql_setenv(pamh, pgconn, query);
161 gray_slist_free(&slist); 163 gray_slist_free(&slist);
162 } 164 }
163 } 165 }
166 }
167 }
164 168
165 PQclear(res); 169 PQclear(res);
166 PQfinish(pgconn); 170 PQfinish(pgconn);
167 171
168 return rc; 172 return rc;
169} 173}
diff --git a/pam_sql/pam_sql.c b/pam_sql/pam_sql.c
index 359ba64..6707eb3 100644
--- a/pam_sql/pam_sql.c
+++ b/pam_sql/pam_sql.c
@@ -156,66 +156,56 @@ gpam_sql_check_boolean_config(const char *name, int defval)
156 if (value) 156 if (value)
157 defval = gray_boolean_true_p(value); 157 defval = gray_boolean_true_p(value);
158 return defval; 158 return defval;
159} 159}
160 160
161 161
162const char * 162int
163gpam_sql_get_query(pam_handle_t *pamh, const char *name, gray_slist_t *pslist, 163gpam_sql_get_query(pam_handle_t *pamh, const char *name, int required,
164 int required) 164 gray_slist_t *pslist, const char **retptr)
165{ 165{
166 gray_slist_t slist; 166 gray_slist_t slist;
167 const char *query = gpam_sql_find_config(name); 167 const char *query = gpam_sql_find_config(name);
168 char *retval;
168 169
169 if (!query) { 170 if (!query) {
170 if (required) 171 if (required) {
171 gray_raise("%s: %s not defined", gpam_sql_config_file, name); 172 _pam_log(LOG_ERR, "%s: %s not defined",
172 return NULL; 173 gpam_sql_config_file, name);
173 } 174 return PAM_AUTHINFO_UNAVAIL;
174
175 slist = gray_slist_create();
176 gray_expand_string(pamh, query, slist);
177 gray_slist_append_char(slist, 0);
178 *pslist = slist;
179 return gray_slist_finish(slist);
180 } 175 }
181 176 *pslist = NULL;
182static const char * 177 *retptr = NULL;
183get_query2(pam_handle_t *pamh, const char *name1, const char *name2, 178 return PAM_SUCCESS;
184 gray_slist_t *pslist, int required)
185{
186 gray_slist_t slist;
187 const char *query = gpam_sql_find_config(name1);
188
189 if (!query)
190 query = gpam_sql_find_config(name2);
191
192 if (!query) {
193 if (required)
194 gray_raise("%s: %s not defined",
195 gpam_sql_config_file, name1);
196 return NULL;
197 } 179 }
198 180
199 slist = gray_slist_create(); 181 slist = gray_slist_create();
182 if (!slist)
183 return errno_to_pam(errno);
200 gray_expand_string(pamh, query, slist); 184 gray_expand_string(pamh, query, slist);
201 gray_slist_append_char(slist, 0); 185 gray_slist_append_char(slist, 0);
202 *pslist = slist; 186 *pslist = slist;
203 return gray_slist_finish(slist); 187 retval = gray_slist_finish(slist);
188 if (gray_slist_err(slist)) {
189 int rc = errno_to_pam(gray_slist_err(slist));
190 gray_slist_free(&slist);
191 return rc;
192 }
193 *retptr = retval;
194 return PAM_SUCCESS;
204} 195}
205 196
206 197
207/* --- authentication management functions (only) --- */ 198/* --- authentication management functions (only) --- */
208 199
209PAM_EXTERN int 200PAM_EXTERN int
210pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) 201pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
211{ 202{
212 const char *username; 203 const char *username;
213 char *password; 204 char *password;
214 int retval = PAM_AUTH_ERR; 205 int retval = PAM_AUTH_ERR;
215 gray_pam_init(PAM_SERVICE_ERR);
216 206
217 /* parse arguments */ 207 /* parse arguments */
218 _pam_parse(argc, argv); 208 _pam_parse(argc, argv);
219 209
220 /* Get the username */ 210 /* Get the username */
221 retval = pam_get_user(pamh, &username, NULL); 211 retval = pam_get_user(pamh, &username, NULL);
@@ -234,20 +224,25 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
234 } 224 }
235 225
236 if (gray_env_read(gpam_sql_config_file, &config_env)) 226 if (gray_env_read(gpam_sql_config_file, &config_env))
237 retval = PAM_SERVICE_ERR; 227 retval = PAM_SERVICE_ERR;
238 else { 228 else {
239 gray_slist_t slist; 229 gray_slist_t slist;
230 char const *query;
231
240 /* FIXME: This comment is needed to pacify 232 /* FIXME: This comment is needed to pacify
241 `make check-sql-config' in doc: 233 `make check-sql-config' in doc:
242 gpam_sql_find_config("passwd-query") */ 234 gpam_sql_find_config("passwd-query") */
235 retval = gpam_sql_get_query(pamh, "passwd-query", 1,
236 &slist, &query);
237 if (retval == PAM_SUCCESS) {
243 retval = gpam_sql_verify_user_pass(pamh, password, 238 retval = gpam_sql_verify_user_pass(pamh, password,
244 get_query2(pamh, "passwd-query", 239 query);
245 "query", &slist, 1));
246 gray_slist_free(&slist); 240 gray_slist_free(&slist);
247 } 241 }
242 }
248 243
249 gray_env_free(config_env);