head	1.4;
access;
symbols
	RELEASE_6_0_0:1.3
	RELEASE_5_4_0:1.3
	RELEASE_4_11_0:1.3
	RELEASE_5_3_0:1.3
	RELEASE_4_10_0:1.3
	RELEASE_5_2_1:1.3
	RELEASE_5_2_0:1.3
	RELEASE_4_9_0:1.3
	RELEASE_5_1_0:1.2
	RELEASE_4_8_0:1.2
	RELEASE_5_0_0:1.2
	RELEASE_4_7_0:1.2
	RELEASE_4_6_2:1.2
	RELEASE_4_6_1:1.2
	RELEASE_4_6_0:1.2
	RELEASE_5_0_DP1:1.2
	RELEASE_4_5_0:1.2
	RELEASE_4_4_0:1.2
	RELEASE_4_3_0:1.2
	RELEASE_4_2_0:1.2
	RELEASE_4_1_1:1.1;
locks; strict;
comment	@# @;


1.4
date	2005.09.16.20.56.21;	author mnag;	state dead;
branches;
next	1.3;

1.3
date	2003.06.01.21.27.03;	author anders;	state Exp;
branches;
next	1.2;

1.2
date	2000.10.13.20.18.33;	author ade;	state Exp;
branches;
next	1.1;

1.1
date	2000.09.10.12.57.46;	author jedgar;	state Exp;
branches;
next	;


desc
@@


1.4
log
@Update to 0.6.0
Submitted to ports@@ for test. Without reply.

PR:		ports/83748
Submitted by:	Marcus Grando <marcus@@corp.grupos.com.br>
Approved by:	pav (mentor), anders (maintainer timeout, 58 days)
@
text
@--- pam_mysql.c.orig	Sun Sep 15 10:28:58 2002
+++ pam_mysql.c	Thu Feb 13 14:58:21 2003
@@@@ -23,6 +23,7 @@@@
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
+#include <time.h>
 
 
 /* AFAIK, only FreeBSD has MD5Data() defined in md5.h
@@@@ -54,7 +55,53 @@@@
 #define DEBUG 
 
 #include <security/pam_modules.h>
+#ifdef _OPENPAM
+#include <security/pam_appl.h>
+#else
 #include <security/pam_misc.h>
+#endif
+
+#ifdef _OPENPAM
+/* some macros not defined in OpenPAM */
+
+/* Good policy to strike out passwords with some characters not just
+   free the memory */
+
+#define _pam_overwrite(x)        \
+do {                             \
+     register char *__xx__;      \
+     if ((__xx__=(x)))           \
+          while (*__xx__)        \
+               *__xx__++ = '\0'; \
+} while (0)
+
+/*
+ * Don't just free it, forget it too.
+ */
+
+#define _pam_drop(X) \
+do {                 \
+    if (X) {         \
+        free(X);     \
+        X=NULL;      \
+    }                \
+} while (0)
+
+#define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \
+do {                                              \
+    int reply_i;                                  \
+                                                  \
+    for (reply_i=0; reply_i<replies; ++reply_i) { \
+	if (reply[reply_i].resp) {                \
+	    _pam_overwrite(reply[reply_i].resp);  \
+	    free(reply[reply_i].resp);            \
+	}                                         \
+    }                                             \
+    if (reply)                                    \
+	free(reply);                              \
+} while (0)
+
+#endif
 
 struct optionstruct {
 	char host[257];
@@@@ -620,7 +667,11 @@@@
 		retval = conv->conv(nargs,
 		                    (const struct pam_message **) message,
 		                    response, conv->appdata_ptr);
-		if ((retval != PAM_SUCCESS) && (retval != PAM_CONV_AGAIN))
+		if ((retval != PAM_SUCCESS)
+#ifndef _OPENPAM
+			&& (retval != PAM_CONV_AGAIN)
+#endif
+		   )
 			syslog(LOG_DEBUG, "pam_mysql: conversation failure [%s]",
 			       pam_strerror(pamh, retval));
 	} else {
@@@@ -827,8 +878,12 @@@@
 	if (retval != PAM_SUCCESS) {
 		if (resp != NULL)
 			_pam_drop_reply(resp,i);
+#ifndef _OPENPAM
 		return ((retval == PAM_CONV_AGAIN)
 		        ? PAM_INCOMPLETE : PAM_AUTHINFO_UNAVAIL);
+#else
+		return PAM_AUTHINFO_UNAVAIL;
+#endif
 	}
 
 	/* we have a password so set AUTHTOK
@


1.3
log
@Update to 0.5.
Unbreak on -current.

PR:		ports/48239
Submitted by:	Sergey Matveychuk <sem@@ciam.ru>
@
text
@@


1.2
log
@Update to 0.4.7
Use strlcpy rather than strncpy etc.

PR:		21511
Submitted by:	maintainer
@
text
@d1 7
a7 8
--- pam_mysql.c.old	Sun Sep 24 02:26:17 2000
+++ pam_mysql.c	Sun Sep 24 02:42:23 2000
@@@@ -14,7 +14,6 @@@@
 #include <unistd.h>
 #include <syslog.h>
 #include <stdarg.h>
-#include <alloca.h>
 #include <string.h>
d9 82
a90 54
 #include <mysql/mysql.h>
@@@@ -332,40 +331,40 @@@@
 		}
 		strcpy (junk, argv[i]);
 		if ((strchr (junk, (int) '=') != NULL)) {
-			strncpy (mybuf, strtok (junk, "="), 255);
-			strncpy (myval, strtok (NULL, "="), 255);
+			strlcpy (mybuf, strtok (junk, "="), 255);
+			strlcpy (myval, strtok (NULL, "="), 255);
 			free (junk);
 			if (!strcasecmp ("host", mybuf)) {
-				strncpy (options.host, myval, 255);
+				strlcpy (options.host, myval, 255);
 				D (("host changed."));
 			} else if (!strcasecmp ("where", mybuf)) {
 				while ( (mj = strtok(NULL,"=")) != NULL )
 				{
-					strcat(myval, "=");
-					strcat(myval, mj);
+					strlcat(myval, "=", 255);
+					strlcat(myval, mj, 255);
 				}
-				strncpy (options.where, myval, 256);
+				strlcpy (options.where, myval, 256);
 				D (("where changed."));
 #ifdef DEBUG
 				syslog(LOG_ERR, "pam_mysql: where now is %s", options.where);
 #endif
 			} else if (!strcasecmp ("db", mybuf)) {
-				strncpy (options.database, myval, 16);
+				strlcpy (options.database, myval, 16);
 				D (("database changed."));
 			} else if (!strcasecmp ("user", mybuf)) {
-				strncpy (options.dbuser, myval, 16);
+				strlcpy (options.dbuser, myval, 16);
 				D (("dbuser changed."));
 			} else if (!strcasecmp ("passwd", mybuf)) {
-				strncpy (options.dbpasswd, myval, 16);
+				strlcpy (options.dbpasswd, myval, 16);
 				D (("dbpasswd changed."));
 			} else if (!strcasecmp ("table", mybuf)) {
-				strncpy (options.table, myval, 16);
+				strlcpy (options.table, myval, 16);
 				D (("table changed."));
 			} else if (!strcasecmp ("usercolumn", mybuf)) {
-				strncpy (options.usercolumn, myval, 16);
+				strlcpy (options.usercolumn, myval, 16);
 				D (("usercolumn changed."));
 			} else if (!strcasecmp ("passwdcolumn", mybuf)) {
-				strncpy (options.passwdcolumn, myval, 16);
+				strlcpy (options.passwdcolumn, myval, 16);
 				D (("passwdcolumn changed."));
 			} else if (!strcasecmp ("crypt", mybuf)) {
 				if ((!strcmp (myval, "1")) ||
@


1.1
log
@New port: pam-mysql

This is a port of the Linux MySQL PAM module. You can authenticate any
PAMified service with MySQL using this module.

PR:		20915
Submitted by:	Anders Nordby <anders@@fix.no>
@
text
@d1 2
a2 2
--- pam_mysql.c.old	Tue Aug 29 03:31:46 2000
+++ pam_mysql.c	Tue Aug 29 03:31:37 2000
d11 53
a63 103
@@@@ -79,7 +78,6 @@@@
 
 int db_connect (MYSQL * auth_sql_server);
 void db_close( void );
-static void _pam_log (int err, const char *format,...);
 int askForPassword(pam_handle_t *pamh);
 
 void db_close ( void )
@@@@ -114,7 +112,7 @@@@
 	}
 	if ( retvalue != PAM_SUCCESS )
 	{
-		_pam_log(LOG_INFO, "MySQL err %s\n", mysql_error(auth_sql_server));
+		syslog(LOG_INFO, "MySQL err %s", mysql_error(auth_sql_server));
 	}
 	
 	D (("returning."));
@@@@ -149,13 +147,13 @@@@
 	{
 		sprintf(sql, "%s and %s", sql, options.where);
 	}
-	_pam_log(LOG_ERR,sql);
+	syslog(LOG_ERR,sql);
 	D ((sql));
 	mysql_query (auth_sql_server, sql);
 	free (sql);
 	result = mysql_store_result (auth_sql_server);
 	if (!result) {
-		_pam_log(LOG_ERR, mysql_error (auth_sql_server));
+		syslog(LOG_ERR, mysql_error(auth_sql_server));
 		D (("returning."));
 		return PAM_AUTH_ERR;
 	}
@@@@ -191,17 +189,6 @@@@
 
 /* Global PAM functions stolen from other modules */
 
-static void _pam_log (int err, const char *format,...)
-{
-	va_list args;
-
-	va_start (args, format);
-	openlog (PAM_MODULE_NAME, LOG_PID, LOG_AUTH);
-	vsyslog (err, format, args);
-	va_end (args);
-	closelog ();
-}
-
 int converse(pam_handle_t *pamh, int nargs
 		    , struct pam_message **message
 		    , struct pam_response **response)
@@@@ -216,14 +203,12 @@@@
 			    , response, conv->appdata_ptr);
 	if ((retval != PAM_SUCCESS) && (retval != PAM_CONV_AGAIN)) 
 	{
-	    _pam_log(LOG_DEBUG, "conversation failure [%s]"
-		     , pam_strerror(pamh, retval));
+	    syslog(LOG_DEBUG, "conversation failure [%s]", pam_strerror(pamh, retval));
 	}
     } 
     else 
     {
-	_pam_log(LOG_ERR, "couldn't obtain coversation function [%s]"
-		 , pam_strerror(pamh, retval));
+	syslog(LOG_ERR, "couldn't obtain coversation function [%s]", pam_strerror(pamh, retval));
     }
     return retval;                  /* propagate error status */
 }
@@@@ -239,7 +224,7 @@@@
 	prompt = malloc(strlen(PLEASE_ENTER_PASSWORD));
 	if (prompt == NULL) 
 	{
-		_pam_log(LOG_ERR,"pam_mysql: askForPassword(), out of memory!?");
+		syslog(LOG_ERR,"pam_mysql: askForPassword(), out of memory!?");
 		return PAM_BUF_ERR;
 	} 
 	else 
@@@@ -251,7 +236,6 @@@@
 	mesg[i] = &msg[i];
 
 	retval = converse(pamh, ++i, mesg, &resp);
-/*	_pam_log(LOG_ERR, "retval == %d\n", retval); */
 	if (prompt) 
 	{
 	    _pam_overwrite(prompt);
@@@@ -361,7 +345,7 @@@@
 
 	retval = pam_get_user (pamh, &user, NULL);
 	if (retval != PAM_SUCCESS || user == NULL) {
-		_pam_log (LOG_ERR, "no user specified");
+		syslog(LOG_ERR, "no user specified");
 		D (("returning."));
 		return PAM_USER_UNKNOWN;
 	} 
@@@@ -398,7 +382,7 @@@@
 				 ,const char **argv)
 {
 
-	_pam_log (LOG_INFO, "acct_mgmt    \n");
+	syslog(LOG_INFO, "acct_mgmt    \n");
 	return PAM_SUCCESS;
 }
 
@

