1 /* cvm/sql-auth.c - Generic SQL authentication layer
2 * Copyright (C) 2010 Bruce Guenter <bruce@untroubled.org>
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17 */
18 #include <stdlib.h>
19 #include <string.h>
20 #include <bglibs/str.h>
21 #include <pwcmp/client.h>
22 #include "module.h"
23 #include "sql.h"
24
25 static const char* query;
26 static const char* postq;
27
cvm_module_init(void)28 int cvm_module_init(void)
29 {
30 int result;
31
32 if ((query = getenv(sql_query_var)) == 0) return CVME_CONFIG;
33 if (!sql_query_validate(query)) return CVME_CONFIG;
34
35 if ((postq = getenv(sql_postq_var)) != 0)
36 if (!sql_query_validate(postq)) return CVME_CONFIG;
37
38 if ((result = sql_auth_init()) != 0) return result;
39
40 if (!pwcmp_start(getenv(sql_pwcmp_var))) return CVME_GENERAL;
41
42 return 0;
43 }
44
45 static str q;
46
cvm_module_lookup(void)47 int cvm_module_lookup(void)
48 {
49 int i;
50
51 /* Query the database based on the custom query */
52 if (!sql_query_build(query, &q)) return CVME_GENERAL | CVME_FATAL;
53 if ((i = sql_auth_query(&q)) < 0) return -i;
54
55 /* If the result didn't produce a single row, fail the username */
56 return (i == 1) ? 0 : CVME_PERMFAIL;
57 }
58
cvm_module_authenticate(void)59 int cvm_module_authenticate(void)
60 {
61 const char* cpw;
62
63 CVM_CRED_REQUIRED(PASSWORD);
64
65 /* If there is no password field, fail the password */
66 cpw = sql_get_field(0);
67 if (cpw == 0 || cpw[0] == 0) return CVME_PERMFAIL;
68
69 /* Finally, if the stored pass is not the same, fail the pass */
70 switch (pwcmp_check(cvm_module_credentials[CVM_CRED_PASSWORD].s, cpw)) {
71 case 0: return 0;
72 case -1: return CVME_IO | CVME_FATAL;
73 default: return CVME_PERMFAIL;
74 }
75 }
76
cvm_module_results(void)77 int cvm_module_results(void)
78 {
79 int i;
80
81 if (postq) {
82 if (!sql_query_build(postq, &q)) return CVME_GENERAL | CVME_FATAL;
83 if ((i = sql_post_query(&q)) != 0) return i;
84 }
85
86 /* Credentials accepted */
87 cvm_fact_username = sql_get_field(1);
88 cvm_fact_userid = strtol(sql_get_field(2), 0, 10);
89 cvm_fact_groupid = strtol(sql_get_field(3), 0, 10);
90 cvm_fact_directory = sql_get_field(4);
91 cvm_fact_realname = sql_get_field(5);
92 cvm_fact_shell = sql_get_field(6);
93 cvm_fact_groupname = sql_get_field(7);
94 cvm_fact_domain = sql_get_field(8);
95 cvm_fact_sys_username = sql_get_field(9);
96 cvm_fact_sys_directory = sql_get_field(10);
97 cvm_fact_mailbox = sql_get_field(11);
98
99 return 0;
100 }
101
cvm_module_stop(void)102 void cvm_module_stop(void)
103 {
104 pwcmp_stop();
105 sql_auth_stop();
106 }
107