From 5f23a78e2fad32c8fc4271bd3ec3da91af94b5c5 Mon Sep 17 00:00:00 2001 From: Benjamin AIMARD Date: Sat, 28 Nov 2020 12:26:39 +0100 Subject: [PATCH 01/23] Ajout des librairies Mysql --- Makefile.am | 6 +- ax_compare_version.m4 | 164 ++++++++++++++++++ configure.ac | 6 + m4/mysql.m4 | 375 ++++++++++++++++++++++++++++++++++++++++++ pam_yubico.c | 2 +- util.c | 44 ++++- util.h | 2 +- 7 files changed, 595 insertions(+), 4 deletions(-) create mode 100644 ax_compare_version.m4 create mode 100644 m4/mysql.m4 diff --git a/Makefile.am b/Makefile.am index 2708acef..f4141a84 100644 --- a/Makefile.am +++ b/Makefile.am @@ -31,6 +31,8 @@ SUBDIRS = . tests ACLOCAL_AMFLAGS = -I m4 AM_CFLAGS = $(WARN_CFLAGS) +#Benjamin +AM_CFLAGS += @MYSQL_CFLAGS@ AM_CPPFLAGS = @YKPERS_CFLAGS@ libdir = $(PAMDIR) @@ -43,9 +45,11 @@ pam_yubico_la_LIBADD = @LTLIBYUBIKEY@ @LTLIBYKCLIENT@ @LIBLDAP@ @LIBPAM@ pam_yubico_la_LIBADD += libpam_util.la libpam_real.la pam_yubico_la_LDFLAGS = -module -avoid-version + + noinst_LTLIBRARIES = libpam_util.la libpam_real.la libpam_util_la_SOURCES = util.c util.h -libpam_util_la_LIBADD = @LTLIBYUBIKEY@ @YKPERS_LIBS@ +libpam_util_la_LIBADD = @LTLIBYUBIKEY@ @YKPERS_LIBS@ @MYSQL_LIBS@ libpam_real_la_SOURCES = pam_yubico.c diff --git a/ax_compare_version.m4 b/ax_compare_version.m4 new file mode 100644 index 00000000..a42a4b4d --- /dev/null +++ b/ax_compare_version.m4 @@ -0,0 +1,164 @@ +dnl (from http://autoconf-archive.cryp.to/ax_compare_version.m4 ) +dnl +dnl @synopsis AX_COMPARE_VERSION(VERSION_A, OP, VERSION_B, [ACTION-IF-TRUE], [ACTION-IF-FALSE]) +dnl +dnl This macro compares two version strings. It is used heavily in the +dnl macro _AX_PATH_BDB for library checking. Due to the various number +dnl of minor-version numbers that can exist, and the fact that string +dnl comparisons are not compatible with numeric comparisons, this is +dnl not necessarily trivial to do in a autoconf script. This macro +dnl makes doing these comparisons easy. +dnl +dnl The six basic comparisons are available, as well as checking +dnl equality limited to a certain number of minor-version levels. +dnl +dnl The operator OP determines what type of comparison to do, and can +dnl be one of: +dnl +dnl eq - equal (test A == B) +dnl ne - not equal (test A != B) +dnl le - less than or equal (test A <= B) +dnl ge - greater than or equal (test A >= B) +dnl lt - less than (test A < B) +dnl gt - greater than (test A > B) +dnl +dnl Additionally, the eq and ne operator can have a number after it to +dnl limit the test to that number of minor versions. +dnl +dnl eq0 - equal up to the length of the shorter version +dnl ne0 - not equal up to the length of the shorter version +dnl eqN - equal up to N sub-version levels +dnl neN - not equal up to N sub-version levels +dnl +dnl When the condition is true, shell commands ACTION-IF-TRUE are run, +dnl otherwise shell commands ACTION-IF-FALSE are run. The environment +dnl variable 'ax_compare_version' is always set to either 'true' or +dnl 'false' as well. +dnl +dnl Examples: +dnl +dnl AX_COMPARE_VERSION([3.15.7],[lt],[3.15.8]) +dnl AX_COMPARE_VERSION([3.15],[lt],[3.15.8]) +dnl +dnl would both be true. +dnl +dnl AX_COMPARE_VERSION([3.15.7],[eq],[3.15.8]) +dnl AX_COMPARE_VERSION([3.15],[gt],[3.15.8]) +dnl +dnl would both be false. +dnl +dnl AX_COMPARE_VERSION([3.15.7],[eq2],[3.15.8]) +dnl +dnl would be true because it is only comparing two minor versions. +dnl +dnl AX_COMPARE_VERSION([3.15.7],[eq0],[3.15]) +dnl +dnl would be true because it is only comparing the lesser number of +dnl minor versions of the two values. +dnl +dnl Note: The characters that separate the version numbers do not +dnl matter. An empty string is the same as version 0. OP is evaluated +dnl by autoconf, not configure, so must be a string, not a variable. +dnl +dnl The author would like to acknowledge Guido Draheim whose advice +dnl about the m4_case and m4_ifvaln functions make this macro only +dnl include the portions necessary to perform the specific comparison +dnl specified by the OP argument in the final configure script. +dnl +dnl @category Misc +dnl @author Tim Toolan +dnl @version 2004-03-01 +dnl @license GPLWithACException + +dnl ######################################################################### +AC_DEFUN([AX_COMPARE_VERSION], [ + # Used to indicate true or false condition + ax_compare_version=false + + # Convert the two version strings to be compared into a format that + # allows a simple string comparison. The end result is that a version + # string of the form 1.12.5-r617 will be converted to the form + # 0001001200050617. In other words, each number is zero padded to four + # digits, and non digits are removed. + AS_VAR_PUSHDEF([A],[ax_compare_version_A]) + A=`echo "$1" | sed -e 's/\([[0-9]]*\)/Z\1Z/g' \ + -e 's/Z\([[0-9]]\)Z/Z0\1Z/g' \ + -e 's/Z\([[0-9]][[0-9]]\)Z/Z0\1Z/g' \ + -e 's/Z\([[0-9]][[0-9]][[0-9]]\)Z/Z0\1Z/g' \ + -e 's/[[^0-9]]//g'` + + AS_VAR_PUSHDEF([B],[ax_compare_version_B]) + B=`echo "$3" | sed -e 's/\([[0-9]]*\)/Z\1Z/g' \ + -e 's/Z\([[0-9]]\)Z/Z0\1Z/g' \ + -e 's/Z\([[0-9]][[0-9]]\)Z/Z0\1Z/g' \ + -e 's/Z\([[0-9]][[0-9]][[0-9]]\)Z/Z0\1Z/g' \ + -e 's/[[^0-9]]//g'` + + dnl # In the case of le, ge, lt, and gt, the strings are sorted as necessary + dnl # then the first line is used to determine if the condition is true. + dnl # The sed right after the echo is to remove any indented white space. + m4_case(m4_tolower($2), + [lt],[ + ax_compare_version=`echo "x$A +x$B" | sed 's/^ *//' | sort -r | sed "s/x${A}/false/;s/x${B}/true/;1q"` + ], + [gt],[ + ax_compare_version=`echo "x$A +x$B" | sed 's/^ *//' | sort | sed "s/x${A}/false/;s/x${B}/true/;1q"` + ], + [le],[ + ax_compare_version=`echo "x$A +x$B" | sed 's/^ *//' | sort | sed "s/x${A}/true/;s/x${B}/false/;1q"` + ], + [ge],[ + ax_compare_version=`echo "x$A +x$B" | sed 's/^ *//' | sort -r | sed "s/x${A}/true/;s/x${B}/false/;1q"` + ],[ + dnl Split the operator from the subversion count if present. + m4_bmatch(m4_substr($2,2), + [0],[ + # A count of zero means use the length of the shorter version. + # Determine the number of characters in A and B. + ax_compare_version_len_A=`echo "$A" | awk '{print(length)}'` + ax_compare_version_len_B=`echo "$B" | awk '{print(length)}'` + + # Set A to no more than B's length and B to no more than A's length. + A=`echo "$A" | sed "s/\(.\{$ax_compare_version_len_B\}\).*/\1/"` + B=`echo "$B" | sed "s/\(.\{$ax_compare_version_len_A\}\).*/\1/"` + ], + [[0-9]+],[ + # A count greater than zero means use only that many subversions + A=`echo "$A" | sed "s/\(\([[0-9]]\{4\}\)\{m4_substr($2,2)\}\).*/\1/"` + B=`echo "$B" | sed "s/\(\([[0-9]]\{4\}\)\{m4_substr($2,2)\}\).*/\1/"` + ], + [.+],[ + AC_WARNING( + [illegal OP numeric parameter: $2]) + ],[]) + + # Pad zeros at end of numbers to make same length. + ax_compare_version_tmp_A="$A`echo $B | sed 's/./0/g'`" + B="$B`echo $A | sed 's/./0/g'`" + A="$ax_compare_version_tmp_A" + + # Check for equality or inequality as necessary. + m4_case(m4_tolower(m4_substr($2,0,2)), + [eq],[ + test "x$A" = "x$B" && ax_compare_version=true + ], + [ne],[ + test "x$A" != "x$B" && ax_compare_version=true + ],[ + AC_WARNING([illegal OP parameter: $2]) + ]) + ]) + + AS_VAR_POPDEF([A])dnl + AS_VAR_POPDEF([B])dnl + + dnl # Execute ACTION-IF-TRUE / ACTION-IF-FALSE. + if test "$ax_compare_version" = "true" ; then + m4_ifvaln([$4],[$4],[:])dnl + m4_ifvaln([$5],[else $5])dnl + fi +]) dnl AX_COMPARE_VERSION \ No newline at end of file diff --git a/configure.ac b/configure.ac index 38471df5..487709fa 100644 --- a/configure.ac +++ b/configure.ac @@ -183,6 +183,12 @@ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], AC_CONFIG_FILES(Makefile) AC_CONFIG_FILES(tests/Makefile) + +#Benjamin +WITH_MYSQL() +MYSQL_USE_CLIENT_API() +MYSQL_SUBST() + AC_OUTPUT AC_MSG_NOTICE([Summary of build options: diff --git a/m4/mysql.m4 b/m4/mysql.m4 new file mode 100644 index 00000000..7a1fc462 --- /dev/null +++ b/m4/mysql.m4 @@ -0,0 +1,375 @@ +dnl +dnl configure.in helper macros +dnl + +dnl TODO: fix "mutual exclusive" stuff + +dnl 3rd party macro for version number comparisons +m4_include([ax_compare_version.m4]) + +MYSQL_VERSION=none + +dnl check for a --with-mysql configure option and set up +dnl MYSQL_CONFIG and MYSLQ_VERSION variables for further use +dnl this must always be called before any other macro from this file +dnl +dnl WITH_MYSQL() +dnl +AC_DEFUN([WITH_MYSQL], [ + AC_MSG_CHECKING(for mysql_config executable) + + # try to find the mysql_config script, + # --with-mysql will either accept its path directly + # or will treat it as the mysql install prefix and will + # search for the script in there + # if no path is given at all we look for the script in + # /usr/bin and /usr/local/mysql/bin + AC_ARG_WITH(mysql, [ --with-mysql=PATH path to mysql_config binary or mysql prefix dir], [ + if test $withval = "no" + then + MYSQL_CONFIG="no" + else + if test -x $withval -a -f $withval + then + MYSQL_CONFIG=$withval + MYSQL_PREFIX=$(dirname $(dirname $withval)) + elif test -x $withval/bin/mysql_config -a -f $withval/bin/mysql_config + then + MYSQL_CONFIG=$withval/bin/mysql_config + MYSQL_PREFIX=$withval + elif test -x $withval/bin/mariadb_config -a -f $withval/bin/mariadb_config + then + MYSQL_CONFIG=$withval/bin/mariadb_config + MYSQL_PREFIX=$withval + fi + fi + ], [ + # implicit "yes", check in $PATH and in known default prefix, + # but only if source not already configured + if test "x$MYSQL_SRCDIR" != "x" + then + MYSQL_CONFIG="no" + elif MYSQL_CONFIG=$(which mysql_config) + then + MYSQL_PREFIX=$(dirname $(dirname $MYSQL_CONFIG)) + elif MYSQL_CONFIG=$(which mariadb_config) + then + MYSQL_PREFIX=$(dirname $(dirname $MYSQL_CONFIG)) + elif test -x /usr/local/mysql/bin/mysql_config -a -f /usr/local/mysql/bin/mysql_config + then + MYSQL_CONFIG=/usr/local/mysql/bin/mysql_config + MYSQL_PREFIX=/usr/local/mysql + elif MYSQL_CONFIG=$(which mariadb_config) + then + MYSQL_PREFIX=$(dirname $(dirname $MYSQL_CONFIG)) + elif test -x /usr/local/mysql/bin/mariadb_config -a -f /usr/local/mysql/bin/mariadb_config + then + MYSQL_CONFIG=/usr/local/mysql/bin/mariadb_config + MYSQL_PREFIX=/usr/local/mysql + fi + ]) + + if test "x$MYSQL_CONFIG" = "x" + then + AC_MSG_ERROR([not found]) + elif test "$MYSQL_CONFIG" = "no" + then + MYSQL_CONFIG="" + MYSQL_PREFIX="" + AC_MSG_RESULT([no]) + else + if test "x$MYSQL_SRCDIR" != "x" + then + AC_MSG_ERROR("--with-mysql can't be used together with --with-mysql-src") + else + # get installed version + MYSQL_VERSION=$($MYSQL_CONFIG --version) + + MYSQL_CONFIG_INCLUDE=$($MYSQL_CONFIG --include) + MYSQL_CONFIG_LIBS_R=$($MYSQL_CONFIG --libs_r) + + MYSQL_CLIENT=$(dirname $MYSQL_CONFIG)/mysql + + AC_MSG_RESULT($MYSQL_CONFIG) + fi + fi +]) + + + +dnl check for a --with-mysql-src configure option and set up +dnl MYSQL_CONFIG and MYSLQ_VERSION variables for further use +dnl this must always be called before any other macro from this file +dnl +dnl if you use this together with WITH_MYSQL you have to put this in front of it +dnl +dnl WITH_MYSQL_SRC() +dnl +AC_DEFUN([WITH_MYSQL_SRC], [ + AC_MSG_CHECKING(for mysql source directory) + + AC_ARG_WITH(mysql-src, [ --with-mysql-src=PATH path to mysql sourcecode], [ + if test "x$MYSQL_CONFIG" != "x" + then + AC_MSG_ERROR([--with-mysql-src can't be used together with --with-mysql]) + fi + + if test -f $withval/include/mysql_version.h.in + then + if test -f $withval/include/mysql_version.h + then + AC_MSG_RESULT(ok) + MYSQL_SRCDIR=$withval + MYSQL_VERSION=$(grep MYSQL_SERVER_VERSION $MYSQL_SRCDIR/include/mysql_version.h | sed -e's/"$//g' -e's/.*"//g') + else + AC_MSG_ERROR([not configured yet]) + fi + else + AC_MSG_ERROR([$withval doesn't look like a mysql source dir]) + fi + ], [ + AC_MSG_RESULT(no) + ]) + + if test "x$MYSQL_SRCDIR" != "x" + then + MYSQL_CONFIG_INCLUDE="-I$MYSQL_SRCDIR/include" + MYSQL_CONFIG_LIBS_R="-L$MYSQL_SRCDIR/libmysql_r/.libs -lmysqlclient_r -lz -lm" + fi +]) + + +dnl +dnl check for successfull mysql detection +dnl and register AC_SUBST variables +dnl +dnl MYSQL_SUBST() +dnl +AC_DEFUN([MYSQL_SUBST], [ + if test "$MYSQL_VERSION" = "none" + then + AC_MSG_ERROR([MySQL required but not found]) + fi + + # register replacement vars, these will be filled + # with contant by the other macros + AC_SUBST([MYSQL_CFLAGS]) + AC_SUBST([MYSQL_CXXFLAGS]) + AC_SUBST([MYSQL_LIBS]) + AC_SUBST([MYSQL_LIBS]) + AC_SUBST([MYSQL_VERSION]) + AC_SUBST([MYSQL_PLUGIN_DIR]) +]) + + +dnl check if current MySQL version meets a version requirement +dnl and act accordingly +dnl +dnl MYSQL_CHECK_VERSION([requested_version],[yes_action],[no_action]) +dnl +AC_DEFUN([MYSQL_CHECK_VERSION], [ + AX_COMPARE_VERSION([$MYSQL_VERSION], [GE], [$1], [$2], [$3]) +]) + + + +dnl check if current MySQL version meets a version requirement +dnl and bail out with an error message if not +dnl +dnl MYSQL_NEED_VERSION([need_version]) +dnl +AC_DEFUN([MYSQL_NEED_VERSION], [ + AC_MSG_CHECKING([mysql version >= $1]) + MYSQL_CHECK_VERSION([$1], + [AC_MSG_RESULT([yes ($MYSQL_VERSION)])], + [AC_MSG_ERROR([no ($MYSQL_VERSION)])]) +]) + + + +dnl check whether the installed server was compiled with libdbug +dnl +dnl MYSQL_DEBUG_SERVER() +dnl +AC_DEFUN([MYSQL_DEBUG_SERVER], [ + AC_MSG_CHECKING(for mysqld debug version) + + MYSQL_DBUG=unknown + + OLD_CFLAGS=$CFLAGS + CFLAGS="$CFLAGS $MYSQL_CONFIG_INCLUDE" + # check for DBUG_ON/OFF being defined in my_config.h + AC_TRY_COMPILE(,[ +#include "my_config.h" +#ifdef DBUG_ON + int ok; +#else +# ifdef DBUG_OFF + int ok; +# else + choke me +# endif +#endif + ],AS_VAR_SET(MYSQL_DBUG, ["defined by header file"]),AS_VAR_SET(MYSQL_DBUG, unknown)) + CFLAGS=$OLD_CFLAGS + + + if test "$MYSQL_DBUG" = "unknown" + then + # fallback: need to check mysqld binary itself + # check $prefix/libexec, $prefix/sbin, $prefix/bin in that order + for dir in libexec sbin bin + do + MYSQLD=$MYSQL_PREFIX/$dir/mysqld + if test -f $MYSQLD -a -x $MYSQLD + then + if ($MYSQLD --help --verbose | grep -q -- "--debug") + then + AC_DEFINE([DBUG_ON], [1], [Use libdbug]) + MYSQL_DBUG=yes + else + AC_DEFINE([DBUG_OFF], [1], [Don't use libdbug]) + MYSQL_DBUG=no + fi + break; + fi + done + fi + + if test "$MYSQL_DBUG" = "unknown" + then + # still unknown? make sure not to use it then + AC_DEFINE([DBUG_OFF], [1], [Don't use libdbug]) + MYSQL_DBUG="unknown, assuming no" + fi + + AC_MSG_RESULT($MYSQL_DBUG) + # +]) + + + +dnl set up variables for compilation of regular C API applications +dnl +dnl MYSQL_USE_CLIENT_API() +dnl +AC_DEFUN([MYSQL_USE_CLIENT_API], [ + # add regular MySQL C flags + ADDFLAGS=$MYSQL_CONFIG_INCLUDE + + MYSQL_CFLAGS="$MYSQL_CFLAGS $ADDFLAGS" + MYSQL_CXXFLAGS="$MYSQL_CXXFLAGS $ADDFLAGS" + + # add linker flags for client lib + AC_ARG_ENABLE([embedded-mysql], [ --enable-embedded-mysql enable the MySQL embedded server feature], + [MYSQL_LIBS="$MYSQL_LIBS "$($MYSQL_CONFIG --libmysqld-libs)], + [MYSQL_LIBS="$MYSQL_LIBS $MYSQL_CONFIG_LIBS_R"]) +]) + + + + + +dnl set up variables for compilation of NDBAPI applications +dnl +dnl MYSQL_USE_NDB_API() +dnl +AC_DEFUN([MYSQL_USE_NDB_API], [ + MYSQL_USE_CLIENT_API() + AC_PROG_CXX + MYSQL_CHECK_VERSION([5.0.0],[ + + # mysql_config results need some post processing for now + + # the include pathes changed in 5.1.x due + # to the pluggable storage engine clenups, + # it also dependes on whether we build against + # mysql source or installed headers + if test "x$MYSQL_SRCDIR" = "x" + then + IBASE=$MYSQL_CONFIG_INCLUDE + else + IBASE=$MYSQL_SRCDIR + fi + MYSQL_CHECK_VERSION([5.1.0], [ + IBASE="$IBASE/storage/ndb" + ],[ + IBASE="$IBASE/ndb" + ]) + if test "x$MYSQL_SRCDIR" != "x" + then + IBASE="$MYSQL_SRCDIR/include" + fi + + # add the ndbapi specifc include dirs + ADDFLAGS="$ADDFLAGS $IBASE" + ADDFLAGS="$ADDFLAGS $IBASE/ndbapi" + ADDFLAGS="$ADDFLAGS $IBASE/mgmapi" + + MYSQL_CFLAGS="$MYSQL_CFLAGS $ADDFLAGS" + MYSQL_CXXFLAGS="$MYSQL_CXXFLAGS $ADDFLAGS" + + # check for ndbapi header file NdbApi.hpp + AC_LANG_PUSH(C++) + OLD_CXXFLAGS=$CXXFLAGS + CXXFLAGS="$CXXFLAGS $MYSQL_CXXFLAGS" + AC_CHECK_HEADER([NdbApi.hpp],,[AC_ERROR(["Can't find NdbApi header files"])]) + CXXFLAGS=$OLD_CXXFLAGS + AC_LANG_POP() + + # check for the ndbapi client library + AC_LANG_PUSH(C++) + OLD_LIBS=$LIBS + LIBS="$LIBS $MYSQL_LIBS -lmysys -lmystrings" + OLD_LIBS=$LIBS + LIBS="$LIBS $MYSQL_LIBS" + AC_CHECK_LIB([ndbclient],[ndb_init],,[AC_ERROR(["Can't find NdbApi client lib"])]) + LIBS=$OLD_LIBS + LIBS=$OLD_LIBS + AC_LANG_POP() + + # add the ndbapi specific static libs + MYSQL_LIBS="$MYSQL_LIBS -lndbclient -lmysys -lmystrings " + + ],[ + AC_ERROR(["NdbApi needs at lest MySQL 5.0"]) + ]) +]) + + + +dnl set up variables for compilation of UDF extensions +dnl +dnl MYSQL_USE_UDF_API() +dnl +AC_DEFUN([MYSQL_USE_UDF_API], [ + # add regular MySQL C flags + ADDFLAGS=$MYSQL_CONFIG_INCLUDE + + MYSQL_CFLAGS="$MYSQL_CFLAGS $ADDFLAGS" + MYSQL_CXXFLAGS="$MYSQL_CXXFLAGS $ADDFLAGS" + + MYSQL_DEBUG_SERVER() +]) + + + +dnl set up variables for compilation of plugins +dnl +dnl MYSQL_USE_PLUGIN_API() +dnl +AC_DEFUN([MYSQL_USE_PLUGIN_API], [ + # plugin interface is only availabe starting with MySQL 5.1 + MYSQL_NEED_VERSION([5.1.0]) + + # for plugins the recommended way to include plugin.h + # is , not , so we have to + # strip thetrailing /mysql from the include paht + # reported by mysql_config + ADDFLAGS=$(echo $MYSQL_CONFIG_INCLUDE | sed -e"s/\/mysql\$//g") + + MYSQL_CFLAGS="$MYSQL_CFLAGS $ADDFLAGS -DMYSQL_DYNAMIC_PLUGIN" + MYSQL_CXXFLAGS="$MYSQL_CXXFLAGS $ADDFLAGS" + + MYSQL_PLUGIN_DIR=$($MYSQL_CLIENT -BNe "show variables like 'plugin_dir'" | sed -e "s/^plugin_dir\t//g") +]) \ No newline at end of file diff --git a/pam_yubico.c b/pam_yubico.c index cf277953..2563b107 100644 --- a/pam_yubico.c +++ b/pam_yubico.c @@ -164,7 +164,7 @@ authorize_user_token (struct cfg *cfg, pam_handle_t *pamh) { int retval = AUTH_ERROR; - + DBG ("HELLLLLOOOO BENJAMINNNNNNN"); if (cfg->auth_file) { /* Administrator had configured the file and specified is name diff --git a/util.c b/util.c index 1b18196a..7a60b587 100644 --- a/util.c +++ b/util.c @@ -40,9 +40,11 @@ #include #include #include +#include #include "util.h" + #if HAVE_CR /* for yubikey_hex_decode and yubikey_hex_p */ #include @@ -117,6 +119,46 @@ check_user_token (const char *authfile, int fd; struct stat st; FILE *opwfile; + MYSQL *con = NULL; + + //Check Mysql Librairie + if (mysql_library_init(0, NULL, NULL)) { + if(verbose) + D (debug_file, "could not initialize MySQL client library\n"); + } + + con = mysql_init(con); + + if (!con) { + if(verbose) + D (debug_file, "out of memorys\n"); + } + + mysql_options(con, MYSQL_READ_DEFAULT_FILE, (void *)"./mariadb.cnf"); + + if (mysql_real_connect(con, "database", "otp", "otp", + "otp", 0, NULL, 0) == NULL) + { + if(verbose) + D (debug_file, "Connection failed ...\n"); + } + + mysql_query(con, "SELECT * FROM radcheck"); + MYSQL_RES *result = mysql_store_result(con); + int num_fields = mysql_num_fields(result); + MYSQL_ROW row; + while ((row = mysql_fetch_row(result))) + { + for(int i = 0; i < num_fields; i++) + { + printf("%s ", row[i] ? row[i] : "NULL"); + } + printf("\n"); + } + + mysql_free_result(result); + mysql_close(con); + mysql_library_end(); fd = open(authfile, O_RDONLY | O_CLOEXEC, 0); if (fd < 0) { @@ -598,4 +640,4 @@ char *filter_printf(const char *filter, const char *user) { char *result = malloc(filter_result_len(filter, user, NULL)); filter_result_len(filter, user, result); return result; -} +} \ No newline at end of file diff --git a/util.h b/util.h index 996b0c4c..8c74a735 100644 --- a/util.h +++ b/util.h @@ -98,4 +98,4 @@ int challenge_response(YK_KEY *yk, int slot, size_t filter_result_len(const char *filter, const char *user, char *output); char *filter_printf(const char *filter, const char *user); -#endif /* __PAM_YUBICO_UTIL_H_INCLUDED__ */ +#endif /* __PAM_YUBICO_UTIL_H_INCLUDED__ */ \ No newline at end of file From 399b5f63a70e31211c3670f60529d0b3e4a23bdf Mon Sep 17 00:00:00 2001 From: Benjamin AIMARD Date: Sat, 28 Nov 2020 22:52:49 +0100 Subject: [PATCH 02/23] =?UTF-8?q?Ajout=20de=20des=20arguments=20et=20cr?= =?UTF-8?q?=C3=A9ation=20d'une=20fonction=20isol=C3=A9e?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pam_yubico.c | 32 ++++++++++++++++++++++++-- util.c | 65 +++++++++++++++++++++++++++++++++++++--------------- util.h | 1 + 3 files changed, 77 insertions(+), 21 deletions(-) diff --git a/pam_yubico.c b/pam_yubico.c index 2563b107..48fc1308 100644 --- a/pam_yubico.c +++ b/pam_yubico.c @@ -134,6 +134,11 @@ struct cfg const char *user_attr; const char *yubi_attr; const char *yubi_attr_prefix; + //Benjamin + const char *mysql_server; + const char *mysql_user; + const char *mysql_password; + const char *mysql_database; unsigned int token_id_length; enum key_mode mode; const char *chalresp_path; @@ -164,8 +169,16 @@ authorize_user_token (struct cfg *cfg, pam_handle_t *pamh) { int retval = AUTH_ERROR; - DBG ("HELLLLLOOOO BENJAMINNNNNNN"); - if (cfg->auth_file) + + if (cfg->mysql_server) + { + /* Administrator had configured the database and specified is name + as an argument for this module. + */ + DBG ("Using Mariadb or Mysql Database %s", cfg->auth_file); + retval = check_user_token_mysql(cfg->mysql_server, cfg->mysql_user, cfg->mysql_password, cfg->mysql_database, username, otp_id, cfg->debug, cfg->debug_file); + } + else if (cfg->auth_file) { /* Administrator had configured the file and specified is name as an argument for this module. @@ -874,6 +887,16 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg) cfg->mode = CLIENT; if (strncmp (argv[i], "chalresp_path=", 14) == 0) cfg->chalresp_path = argv[i] + 14; + //Benjamin mysql + if (strncmp (argv[i], "mysql_server=", 13) == 0) + cfg->mysql_server = argv[i] + 13; + if (strncmp (argv[i], "mysql_user=", 11) == 0) + cfg->mysql_user = argv[i] + 11; + if (strncmp (argv[i], "mysql_password=", 15) == 0) + cfg->mysql_password = argv[i] + 15; + if (strncmp (argv[i], "mysql_database=", 15) == 0) + cfg->mysql_database = argv[i] + 15; + if (strncmp (argv[i], "debug_file=", 11) == 0) { const char *filename = argv[i] + 11; @@ -939,6 +962,11 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg) DBG ("token_id_length=%u", cfg->token_id_length); DBG ("mode=%s", cfg->mode == CLIENT ? "client" : "chresp" ); DBG ("chalresp_path=%s", cfg->chalresp_path ? cfg->chalresp_path : "(null)"); + DBG ("mysql_server=%s", cfg->mysql_server ? cfg->mysql_server : "(null)"); + DBG ("mysql_user=%s", cfg->mysql_user ? cfg->mysql_user : "(null)"); + DBG ("mysql_password=%s", cfg->mysql_password ? cfg->mysql_password : "(null)"); + DBG ("mysql_database=%s", cfg->mysql_database ? cfg->mysql_database : "(null)"); + if (fd != -1) close(fd); diff --git a/util.c b/util.c index 7a60b587..da2fecef 100644 --- a/util.c +++ b/util.c @@ -95,26 +95,25 @@ get_user_cfgfile_path(const char *common_path, const char *filename, const struc return 1; } - /* - * This function will look for users name with valid user token id. + * This function will look for users name with valid user token id, in a database Mysql * * Returns one of AUTH_FOUND, AUTH_NOT_FOUND, AUTH_NO_TOKENS, AUTH_ERROR. * - * File format is as follows: - * :: - * : * */ int -check_user_token (const char *authfile, - const char *username, - const char *otp_id, - int verbose, - FILE *debug_file) +check_user_token_mysql (const char *mysql_server, + const char *mysql_user, + const char *mysql_password, + const char *mysql_database, + const char *username, + const char *otp_id, + int verbose, + FILE *debug_file) { - char buf[1024]; char *s_user, *s_token; + //DEFAULT ! int retval = AUTH_ERROR; int fd; struct stat st; @@ -124,25 +123,26 @@ check_user_token (const char *authfile, //Check Mysql Librairie if (mysql_library_init(0, NULL, NULL)) { if(verbose) - D (debug_file, "could not initialize MySQL client library\n"); + D (debug_file, "could not initialize MySQL client library\n"); + return retval; } con = mysql_init(con); if (!con) { if(verbose) - D (debug_file, "out of memorys\n"); + D (debug_file, "out of memorys\n"); + return retval; } - mysql_options(con, MYSQL_READ_DEFAULT_FILE, (void *)"./mariadb.cnf"); - - if (mysql_real_connect(con, "database", "otp", "otp", - "otp", 0, NULL, 0) == NULL) + if (mysql_real_connect(con,"database","otp","otp","otp", 0, NULL, 0) == NULL) { if(verbose) - D (debug_file, "Connection failed ...\n"); + D (debug_file, "Connection failed ...\n"); + return retval; } + retval = AUTH_NO_TOKENS; mysql_query(con, "SELECT * FROM radcheck"); MYSQL_RES *result = mysql_store_result(con); int num_fields = mysql_num_fields(result); @@ -160,6 +160,33 @@ check_user_token (const char *authfile, mysql_close(con); mysql_library_end(); + return retval; +} + +/* + * This function will look for users name with valid user token id. + * + * Returns one of AUTH_FOUND, AUTH_NOT_FOUND, AUTH_NO_TOKENS, AUTH_ERROR. + * + * File format is as follows: + * :: + * : + * + */ +int +check_user_token (const char *authfile, + const char *username, + const char *otp_id, + int verbose, + FILE *debug_file) +{ + char buf[1024]; + char *s_user, *s_token; + int retval = AUTH_ERROR; + int fd; + struct stat st; + FILE *opwfile; + fd = open(authfile, O_RDONLY | O_CLOEXEC, 0); if (fd < 0) { if(verbose) @@ -194,7 +221,7 @@ check_user_token (const char *authfile, { char *saveptr = NULL; if (buf[strlen (buf) - 1] == '\n') - buf[strlen (buf) - 1] = '\0'; + buf[strlen (buf) - 1] = '\0'; if (buf[0] == '#') { /* This is a comment and we may skip it. */ if(verbose) diff --git a/util.h b/util.h index 8c74a735..d8f4335a 100644 --- a/util.h +++ b/util.h @@ -51,6 +51,7 @@ #define AUTH_NOT_FOUND -1 /* The requested token is not associated to the user */ int get_user_cfgfile_path(const char *common_path, const char *filename, const struct passwd *user, char **fn); +int check_user_token_mysql(const char *mysql_server,const char *mysql_user,const char *mysql_password,const char *mysql_database,const char *username,const char *otp_id,int verbose,FILE *debug_file); int check_user_token(const char *authfile, const char *username, const char *otp_id, int verbose, FILE *debug_file); #if HAVE_CR From a9265d4e08f46c381b6e57b8a0238d671d547bb3 Mon Sep 17 00:00:00 2001 From: Benjamin AIMARD Date: Mon, 30 Nov 2020 16:19:03 +0100 Subject: [PATCH 03/23] =?UTF-8?q?Mise=20=C3=A0=20jour=20sql=20complete,=20?= =?UTF-8?q?manque=20la=20documentation?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pam_yubico.c | 14 ++--- util.c | 151 +++++++++++++++++++++++++++++++++++++++++++++------ 2 files changed, 141 insertions(+), 24 deletions(-) diff --git a/pam_yubico.c b/pam_yubico.c index 48fc1308..888b83bb 100644 --- a/pam_yubico.c +++ b/pam_yubico.c @@ -169,15 +169,14 @@ authorize_user_token (struct cfg *cfg, pam_handle_t *pamh) { int retval = AUTH_ERROR; - if (cfg->mysql_server) - { - /* Administrator had configured the database and specified is name - as an argument for this module. - */ - DBG ("Using Mariadb or Mysql Database %s", cfg->auth_file); + { + /* Administrator had configured the database and specified is name + as an argument for this module. + */ + DBG ("Using Mariadb or Mysql Database %s", otp_id); retval = check_user_token_mysql(cfg->mysql_server, cfg->mysql_user, cfg->mysql_password, cfg->mysql_database, username, otp_id, cfg->debug, cfg->debug_file); - } + } else if (cfg->auth_file) { /* Administrator had configured the file and specified is name @@ -1129,6 +1128,7 @@ pam_sm_authenticate (pam_handle_t * pamh, if (cfg->ldapserver != NULL || cfg->ldap_uri != NULL) valid_token = authorize_user_token_ldap (cfg, user, NULL, pamh); else + DBG ("OTP ENVOYE A NULLLLLL"); valid_token = authorize_user_token (cfg, user, NULL, pamh); switch(valid_token) diff --git a/util.c b/util.c index da2fecef..4e2ceb02 100644 --- a/util.c +++ b/util.c @@ -54,6 +54,8 @@ #include #endif /* HAVE_CR */ +#define STRING_SIZE 64 + int get_user_cfgfile_path(const char *common_path, const char *filename, const struct passwd *user, char **fn) { @@ -112,13 +114,28 @@ check_user_token_mysql (const char *mysql_server, int verbose, FILE *debug_file) { - char *s_user, *s_token; + //DEFAULT ! int retval = AUTH_ERROR; int fd; struct stat st; FILE *opwfile; + + // Mysql MYSQL *con = NULL; + MYSQL_STMT *stmt; + + MYSQL_BIND ps_params[2]; + MYSQL_BIND bind[1]; + + long unsigned int aSize = 64; + unsigned long str_username; + unsigned long str_otp; + unsigned long length; + int int_data; + int row_count; + bool is_null; + bool error; //Check Mysql Librairie if (mysql_library_init(0, NULL, NULL)) { @@ -135,28 +152,128 @@ check_user_token_mysql (const char *mysql_server, return retval; } - if (mysql_real_connect(con,"database","otp","otp","otp", 0, NULL, 0) == NULL) + + if (mysql_real_connect(con, mysql_server,mysql_user,mysql_password,mysql_database, 0, NULL, 0) == NULL) { if(verbose) - D (debug_file, "Connection failed ...\n"); - return retval; + D (debug_file, "Connection failed ...\n"); + return retval; } - - retval = AUTH_NO_TOKENS; - mysql_query(con, "SELECT * FROM radcheck"); - MYSQL_RES *result = mysql_store_result(con); - int num_fields = mysql_num_fields(result); - MYSQL_ROW row; - while ((row = mysql_fetch_row(result))) + + stmt = mysql_stmt_init(con); + if (!stmt) { - for(int i = 0; i < num_fields; i++) - { - printf("%s ", row[i] ? row[i] : "NULL"); - } - printf("\n"); + if(verbose) + D (debug_file, "Connection failed ... 2 \n"); + return retval; } - mysql_free_result(result); + const char *sql = "SELECT count(username) FROM radcheck WHERE username = ?;"; + const char *sql2 = "SELECT count(username) FROM radcheck, yubikeys_otpid WHERE radcheck_id = id and username = ? and otp_id = ?;"; + + if(otp_id == NULL) + { + if (mysql_stmt_prepare(stmt, sql, strlen(sql))) + { + fprintf(stderr, " mysql_stmt_prepare() failed\n"); + fprintf(stderr, " %s\n", mysql_stmt_error(stmt)); + return retval; + } + }else{ + if (mysql_stmt_prepare(stmt, sql2, strlen(sql2))) + { + fprintf(stderr, " mysql_stmt_prepare() failed\n"); + fprintf(stderr, " %s\n", mysql_stmt_error(stmt)); + return retval; + } + } + + + str_username= strlen(username); + memset(ps_params, 0, sizeof(ps_params)); + + ps_params[0].buffer_type = MYSQL_TYPE_STRING; + ps_params[0].buffer = (char *)username; + ps_params[0].buffer_length = aSize; + ps_params[0].length = &str_username; + ps_params[0].is_null = 0; + + if(otp_id != NULL) + { + str_otp= strlen(otp_id); + ps_params[1].buffer_type = MYSQL_TYPE_STRING; + ps_params[1].buffer = (char *)otp_id; + ps_params[1].buffer_length = 12; + ps_params[1].length = &str_otp; + ps_params[1].is_null = 0; + } + + + if (mysql_stmt_bind_param(stmt, ps_params)) + { + fprintf(stderr, " mysql_stmt_bind_param() failed\n"); + fprintf(stderr, " %s\n", mysql_stmt_error(stmt)); + return retval; + } + + if (mysql_stmt_execute(stmt)) + { + fprintf(stderr, " mysql_stmt_execute(), failed\n"); + fprintf(stderr, " %s\n", mysql_stmt_error(stmt)); + return retval; + } + + memset(bind, 0, sizeof(bind)); + bind[0].buffer_type = MYSQL_TYPE_LONG; + bind[0].buffer = (char *)&int_data; + bind[0].is_null= &is_null; + bind[0].length= &length; + bind[0].error= &error; + + + if (mysql_stmt_bind_result(stmt, bind)) + { + fprintf(stderr, " mysql_stmt_bind_result() failed\n"); + fprintf(stderr, " %s\n", mysql_stmt_error(stmt)); + return retval; + } + + if (mysql_stmt_store_result(stmt)) + { + fprintf(stderr, " mysql_stmt_store_result() failed\n"); + fprintf(stderr, " %s\n", mysql_stmt_error(stmt)); + return retval; + } + row_count = 0; + fprintf(stdout, "Fetching results ...\n"); + while (!mysql_stmt_fetch(stmt)) + { + if(is_null) + fprintf(stdout, " NULL\n"); + else + { + if(otp_id != NULL){ + if(int_data) + return AUTH_FOUND; + else + return AUTH_NOT_FOUND; + + }else if (otp_id == NULL){ + if(int_data) + return AUTH_NOT_FOUND; + else + return AUTH_NO_TOKENS; + } + } + } + + if (mysql_stmt_close(stmt)) + { + fprintf(stderr, " failed while closing the statement\n"); + fprintf(stderr, " %s\n", mysql_stmt_error(stmt)); + return retval; + } + mysql_close(con); mysql_library_end(); From 7c4000c109c8020790d2cd8af56957aa04beb48d Mon Sep 17 00:00:00 2001 From: Benjamin AIMARD Date: Mon, 30 Nov 2020 19:03:30 +0100 Subject: [PATCH 04/23] Final --- pam_yubico.c | 5 ++--- util.c | 26 +++++++++++++++----------- 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/pam_yubico.c b/pam_yubico.c index 888b83bb..44ba0d80 100644 --- a/pam_yubico.c +++ b/pam_yubico.c @@ -134,7 +134,7 @@ struct cfg const char *user_attr; const char *yubi_attr; const char *yubi_attr_prefix; - //Benjamin + //Mysql const char *mysql_server; const char *mysql_user; const char *mysql_password; @@ -886,7 +886,7 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg) cfg->mode = CLIENT; if (strncmp (argv[i], "chalresp_path=", 14) == 0) cfg->chalresp_path = argv[i] + 14; - //Benjamin mysql + //Mysql if (strncmp (argv[i], "mysql_server=", 13) == 0) cfg->mysql_server = argv[i] + 13; if (strncmp (argv[i], "mysql_user=", 11) == 0) @@ -1128,7 +1128,6 @@ pam_sm_authenticate (pam_handle_t * pamh, if (cfg->ldapserver != NULL || cfg->ldap_uri != NULL) valid_token = authorize_user_token_ldap (cfg, user, NULL, pamh); else - DBG ("OTP ENVOYE A NULLLLLL"); valid_token = authorize_user_token (cfg, user, NULL, pamh); switch(valid_token) diff --git a/util.c b/util.c index 4e2ceb02..dcd9e81c 100644 --- a/util.c +++ b/util.c @@ -102,6 +102,13 @@ get_user_cfgfile_path(const char *common_path, const char *filename, const struc * * Returns one of AUTH_FOUND, AUTH_NOT_FOUND, AUTH_NO_TOKENS, AUTH_ERROR. * + * Need database with this table structure : + * + * CREATE TABLE IF NOT EXISTS `otp`.`yubikey_mappings` ( + * `otp_id` VARCHAR(12) NOT NULL , + * `username` VARCHAR(64) NOT NULL , + * PRIMARY KEY (`otp_id`(12)) + * ); * */ int @@ -128,7 +135,8 @@ check_user_token_mysql (const char *mysql_server, MYSQL_BIND ps_params[2]; MYSQL_BIND bind[1]; - long unsigned int aSize = 64; + long unsigned int username_size = 64; + long unsigned int otp_size = 12; unsigned long str_username; unsigned long str_otp; unsigned long length; @@ -145,7 +153,6 @@ check_user_token_mysql (const char *mysql_server, } con = mysql_init(con); - if (!con) { if(verbose) D (debug_file, "out of memorys\n"); @@ -168,8 +175,8 @@ check_user_token_mysql (const char *mysql_server, return retval; } - const char *sql = "SELECT count(username) FROM radcheck WHERE username = ?;"; - const char *sql2 = "SELECT count(username) FROM radcheck, yubikeys_otpid WHERE radcheck_id = id and username = ? and otp_id = ?;"; + const char *sql = "SELECT count(username) FROM yubikey_mappings WHERE username = ?;"; + const char *sql2 = "SELECT count(username) FROM yubikey_mappings WHERE username = ? and otp_id = ?;"; if(otp_id == NULL) { @@ -191,10 +198,9 @@ check_user_token_mysql (const char *mysql_server, str_username= strlen(username); memset(ps_params, 0, sizeof(ps_params)); - ps_params[0].buffer_type = MYSQL_TYPE_STRING; ps_params[0].buffer = (char *)username; - ps_params[0].buffer_length = aSize; + ps_params[0].buffer_length = username_size; ps_params[0].length = &str_username; ps_params[0].is_null = 0; @@ -203,7 +209,7 @@ check_user_token_mysql (const char *mysql_server, str_otp= strlen(otp_id); ps_params[1].buffer_type = MYSQL_TYPE_STRING; ps_params[1].buffer = (char *)otp_id; - ps_params[1].buffer_length = 12; + ps_params[1].buffer_length = otp_size; ps_params[1].length = &str_otp; ps_params[1].is_null = 0; } @@ -230,7 +236,6 @@ check_user_token_mysql (const char *mysql_server, bind[0].length= &length; bind[0].error= &error; - if (mysql_stmt_bind_result(stmt, bind)) { fprintf(stderr, " mysql_stmt_bind_result() failed\n"); @@ -244,8 +249,8 @@ check_user_token_mysql (const char *mysql_server, fprintf(stderr, " %s\n", mysql_stmt_error(stmt)); return retval; } - row_count = 0; - fprintf(stdout, "Fetching results ...\n"); + + // Because of count() in the sql syntaxe only one fetch needed while (!mysql_stmt_fetch(stmt)) { if(is_null) @@ -273,7 +278,6 @@ check_user_token_mysql (const char *mysql_server, fprintf(stderr, " %s\n", mysql_stmt_error(stmt)); return retval; } - mysql_close(con); mysql_library_end(); From 3809dd0c6b68e899730b97611f4a30c8167c85d1 Mon Sep 17 00:00:00 2001 From: Benjamin AIMARD Date: Mon, 30 Nov 2020 21:06:00 +0100 Subject: [PATCH 05/23] clean --- Makefile.am | 2 +- configure.ac | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile.am b/Makefile.am index f4141a84..8892b492 100644 --- a/Makefile.am +++ b/Makefile.am @@ -31,7 +31,7 @@ SUBDIRS = . tests ACLOCAL_AMFLAGS = -I m4 AM_CFLAGS = $(WARN_CFLAGS) -#Benjamin +#Mysql AM_CFLAGS += @MYSQL_CFLAGS@ AM_CPPFLAGS = @YKPERS_CFLAGS@ diff --git a/configure.ac b/configure.ac index 487709fa..ca9904aa 100644 --- a/configure.ac +++ b/configure.ac @@ -184,7 +184,7 @@ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], AC_CONFIG_FILES(Makefile) AC_CONFIG_FILES(tests/Makefile) -#Benjamin +#Mysql WITH_MYSQL() MYSQL_USE_CLIENT_API() MYSQL_SUBST() From 899a5d7dc4f773c1c7c8e71a2b31a2d360e3951a Mon Sep 17 00:00:00 2001 From: Gabriel Kihlman Date: Tue, 1 Dec 2020 09:18:59 +0100 Subject: [PATCH 06/23] actions: apt update --- .github/workflows/codeql-analysis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 5feafb53..eb9a2e66 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -30,6 +30,7 @@ jobs: - name: Build yubico-pam run: | + sudo apt update sudo apt install -y libykclient-dev libykpers-1-dev libyubikey-dev \ libpam-dev help2man asciidoc-base autoreconf --install From 2196760f33565c5c60805f7336c58d0fd1c97484 Mon Sep 17 00:00:00 2001 From: Benjamin AIMARD Date: Tue, 1 Dec 2020 09:57:37 +0100 Subject: [PATCH 07/23] Add packages dependency --- .github/workflows/codeql-analysis.yml | 3 ++- pam_yubico.8.txt | 12 ++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 5feafb53..8c43ed4e 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -30,8 +30,9 @@ jobs: - name: Build yubico-pam run: | + sudo apt update sudo apt install -y libykclient-dev libykpers-1-dev libyubikey-dev \ - libpam-dev help2man asciidoc-base + libpam-dev help2man asciidoc-base libmariadb3 libmysqlclient-dev autoreconf --install ./configure make diff --git a/pam_yubico.8.txt b/pam_yubico.8.txt index 9bc9abca..bc10b9f3 100644 --- a/pam_yubico.8.txt +++ b/pam_yubico.8.txt @@ -116,6 +116,18 @@ CA certitificate file for the LDAP connection. *chalresp_path*=_path_:: Path of a system-wide directory where challenge-response files can be found for users. Default location is `$HOME/.yubico/`. +*mysql_server*=_mysqlserver_:: +Uri of mysql server. Example 10.0.0.1 + +*mysql_user*=_mysqluser_:: +User for accessing to the database. Strongly recommended to use a specific user with read only access. + +*mysql_password*=_mysqlpassword_:: +Mysql password associated to the user. + +*mysql_database*=_mysqldatabase_:: +the name of the database. Example : otp + == EXAMPLES auth sufficient pam_yubico.so id=16 debug From c10a91f684c0a2bc9e7f62b4ec4b329b5fc82589 Mon Sep 17 00:00:00 2001 From: Benjamin AIMARD Date: Tue, 1 Dec 2020 14:21:17 +0100 Subject: [PATCH 08/23] Fix bool variable cause error build travis --- util.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/util.c b/util.c index dcd9e81c..73ce4711 100644 --- a/util.c +++ b/util.c @@ -142,8 +142,8 @@ check_user_token_mysql (const char *mysql_server, unsigned long length; int int_data; int row_count; - bool is_null; - bool error; + int is_null; + int error; //Check Mysql Librairie if (mysql_library_init(0, NULL, NULL)) { From 2b5de8650e9d693f85da59e529b3335937b13a56 Mon Sep 17 00:00:00 2001 From: Benjamin AIMARD Date: Tue, 1 Dec 2020 17:58:37 +0100 Subject: [PATCH 09/23] Fix job #2 --- .travis.yml | 2 +- tests/aux/build-and-test.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 9b5e3b4f..667d88cd 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,7 +7,7 @@ compiler: - gcc - clang env: - - CONFIGURE_ARGS="" EXTRA="libldap2-dev libykpers-1-dev libnet-ldap-server-perl" + - CONFIGURE_ARGS="" EXTRA="libldap2-dev libykpers-1-dev libnet-ldap-server-perl " - CONFIGURE_ARGS="--without-ldap" EXTRA="libykpers-1-dev" - CONFIGURE_ARGS="--without-cr" EXTRA="libldap2-dev libnet-ldap-server-perl" - CONFIGURE_ARGS="--without-ldap --without-cr" diff --git a/tests/aux/build-and-test.sh b/tests/aux/build-and-test.sh index b239d32c..34ad401d 100755 --- a/tests/aux/build-and-test.sh +++ b/tests/aux/build-and-test.sh @@ -7,7 +7,7 @@ autoreconf -i if [ "x$TRAVIS_OS_NAME" != "xosx" ]; then sudo add-apt-repository -y ppa:yubico/stable sudo apt-get update -qq || true - sudo apt-get install -qq -y --no-install-recommends libykclient-dev libpam0g-dev libyubikey-dev asciidoc docbook-xsl xsltproc libxml2-utils $EXTRA + sudo apt-get install -qq -y --no-install-recommends libykclient-dev libpam0g-dev libyubikey-dev asciidoc docbook-xsl xsltproc libxml2-utils libmariadb3 libmysqlclient-dev $EXTRA else brew update brew install pkg-config From 192119c9322e76df2ad9694a46b2b36a2a79fc6c Mon Sep 17 00:00:00 2001 From: Benjamin AIMARD Date: Tue, 1 Dec 2020 21:49:17 +0100 Subject: [PATCH 10/23] Fix job #3 --- tests/aux/build-and-test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/aux/build-and-test.sh b/tests/aux/build-and-test.sh index 34ad401d..be9e7f8b 100755 --- a/tests/aux/build-and-test.sh +++ b/tests/aux/build-and-test.sh @@ -7,7 +7,7 @@ autoreconf -i if [ "x$TRAVIS_OS_NAME" != "xosx" ]; then sudo add-apt-repository -y ppa:yubico/stable sudo apt-get update -qq || true - sudo apt-get install -qq -y --no-install-recommends libykclient-dev libpam0g-dev libyubikey-dev asciidoc docbook-xsl xsltproc libxml2-utils libmariadb3 libmysqlclient-dev $EXTRA + sudo apt-get install -qq -y --no-install-recommends libykclient-dev libpam0g-dev libyubikey-dev asciidoc docbook-xsl xsltproc libxml2-utils libmysqlclient-dev $EXTRA else brew update brew install pkg-config From 2bdd268cfb8287cc054e8d8af807d64bad560e8d Mon Sep 17 00:00:00 2001 From: Benjamin AIMARD Date: Wed, 2 Dec 2020 08:34:48 +0100 Subject: [PATCH 11/23] Fix #4 --- tests/aux/build-and-test.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/aux/build-and-test.sh b/tests/aux/build-and-test.sh index be9e7f8b..3db2cbc2 100755 --- a/tests/aux/build-and-test.sh +++ b/tests/aux/build-and-test.sh @@ -17,6 +17,7 @@ else brew install libyubikey brew install ykclient brew install ykpers + brew install mysql-connector-c #Mysql cpanp install Net::LDAP::Server # this is required so asciidoc can find the xml catalog From 172e1e8a1f2eff8ac3009ab126959b4f50e400f0 Mon Sep 17 00:00:00 2001 From: Benjamin AIMARD Date: Wed, 2 Dec 2020 10:33:42 +0100 Subject: [PATCH 12/23] fix &null --- util.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/util.c b/util.c index 73ce4711..6e9b8a3c 100644 --- a/util.c +++ b/util.c @@ -252,9 +252,9 @@ check_user_token_mysql (const char *mysql_server, // Because of count() in the sql syntaxe only one fetch needed while (!mysql_stmt_fetch(stmt)) - { + if(is_null) - fprintf(stdout, " NULL\n"); + fprintf(stdout, "%s NULL\n", is_null); else { if(otp_id != NULL){ From bf38215839705c143c7f5c65080f7ecb59f30e4a Mon Sep 17 00:00:00 2001 From: Benjamin AIMARD Date: Wed, 2 Dec 2020 10:35:12 +0100 Subject: [PATCH 13/23] fix &null --- util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util.c b/util.c index 6e9b8a3c..3488c301 100644 --- a/util.c +++ b/util.c @@ -252,7 +252,7 @@ check_user_token_mysql (const char *mysql_server, // Because of count() in the sql syntaxe only one fetch needed while (!mysql_stmt_fetch(stmt)) - + { if(is_null) fprintf(stdout, "%s NULL\n", is_null); else From 06ca5a2815aa8e2b6f0445de60018754fe3549fa Mon Sep 17 00:00:00 2001 From: Benjamin AIMARD Date: Wed, 2 Dec 2020 10:39:40 +0100 Subject: [PATCH 14/23] fix &null --- util.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/util.c b/util.c index 3488c301..9d51a03f 100644 --- a/util.c +++ b/util.c @@ -142,8 +142,8 @@ check_user_token_mysql (const char *mysql_server, unsigned long length; int int_data; int row_count; - int is_null; - int error; + int is_null = 0; + int error = 0; //Check Mysql Librairie if (mysql_library_init(0, NULL, NULL)) { From d482f95ca169dcd8d0a9ee3e0ab30b6f646716b9 Mon Sep 17 00:00:00 2001 From: Benjamin AIMARD Date: Wed, 2 Dec 2020 21:41:17 +0100 Subject: [PATCH 15/23] Fix line 257 %s --- util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util.c b/util.c index 9d51a03f..fc0ff9a6 100644 --- a/util.c +++ b/util.c @@ -254,7 +254,7 @@ check_user_token_mysql (const char *mysql_server, while (!mysql_stmt_fetch(stmt)) { if(is_null) - fprintf(stdout, "%s NULL\n", is_null); + fprintf(stdout, "NULL\n"); else { if(otp_id != NULL){ From 1bdad4bdca9a74a0e97405de320850f1c8a63f50 Mon Sep 17 00:00:00 2001 From: Benjamin AIMARD Date: Thu, 3 Dec 2020 09:51:07 +0100 Subject: [PATCH 16/23] test Apple integration --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/scan.yml | 2 +- .travis.yml | 13 ++++++------- 3 files changed, 8 insertions(+), 9 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 8c43ed4e..0fd2e562 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -32,7 +32,7 @@ jobs: run: | sudo apt update sudo apt install -y libykclient-dev libykpers-1-dev libyubikey-dev \ - libpam-dev help2man asciidoc-base libmariadb3 libmysqlclient-dev + libpam-dev help2man asciidoc-base libmysqlclient-dev autoreconf --install ./configure make diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml index bcc4b101..621e24c0 100644 --- a/.github/workflows/scan.yml +++ b/.github/workflows/scan.yml @@ -8,7 +8,7 @@ on: env: SCAN_IMG: yubico-yes-docker-local.jfrog.io/static-code-analysis/c:v1 - COMPILE_DEPS: "libykclient-dev libykpers-1-dev libyubikey-dev" + COMPILE_DEPS: "libykclient-dev libykpers-1-dev libyubikey-dev libmysqlclient-dev" jobs: build: diff --git a/.travis.yml b/.travis.yml index 667d88cd..978b3c4d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,4 +1,3 @@ -sudo: required language: c os: - linux @@ -7,13 +6,13 @@ compiler: - gcc - clang env: - - CONFIGURE_ARGS="" EXTRA="libldap2-dev libykpers-1-dev libnet-ldap-server-perl " - - CONFIGURE_ARGS="--without-ldap" EXTRA="libykpers-1-dev" - - CONFIGURE_ARGS="--without-cr" EXTRA="libldap2-dev libnet-ldap-server-perl" - - CONFIGURE_ARGS="--without-ldap --without-cr" + - CONFIGURE_ARGS="" EXTRA="libldap2-dev libykpers-1-dev libnet-ldap-server-perl libmysqlclient-dev" + - CONFIGURE_ARGS="--without-ldap" EXTRA="libykpers-1-dev libmysqlclient-dev" + - CONFIGURE_ARGS="--without-cr" EXTRA="libldap2-dev libnet-ldap-server-perl libmysqlclient-dev" + - CONFIGURE_ARGS="--without-ldap --without-cr" EXTRA ="libmysqlclient-dev" script: tests/aux/build-and-test.sh -matrix: +jobs: include: - compiler: gcc os: linux - env: COVERAGE="--enable-coverage" EXTRA="libldap2-dev libykpers-1-dev libnet-ldap-server-perl lcov" + env: COVERAGE="--enable-coverage" EXTRA="libldap2-dev libykpers-1-dev libnet-ldap-server-perl lcov libmysqlclient-dev" From 52198252fd712d716afa897b927c196f567d211d Mon Sep 17 00:00:00 2001 From: Benjamin AIMARD Date: Thu, 3 Dec 2020 09:52:26 +0100 Subject: [PATCH 17/23] test Apple integration --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 978b3c4d..7fb622a1 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,7 +9,7 @@ env: - CONFIGURE_ARGS="" EXTRA="libldap2-dev libykpers-1-dev libnet-ldap-server-perl libmysqlclient-dev" - CONFIGURE_ARGS="--without-ldap" EXTRA="libykpers-1-dev libmysqlclient-dev" - CONFIGURE_ARGS="--without-cr" EXTRA="libldap2-dev libnet-ldap-server-perl libmysqlclient-dev" - - CONFIGURE_ARGS="--without-ldap --without-cr" EXTRA ="libmysqlclient-dev" + - CONFIGURE_ARGS="--without-ldap --without-cr" EXTRA="libmysqlclient-dev" script: tests/aux/build-and-test.sh jobs: include: From 7c79f2192edf09eba89cd39e6f93c3e27239d167 Mon Sep 17 00:00:00 2001 From: Benjamin AIMARD Date: Thu, 3 Dec 2020 12:06:26 +0100 Subject: [PATCH 18/23] Timeout Travis extend --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index 7fb622a1..2d4801a6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,6 +5,7 @@ os: compiler: - gcc - clang +install: travis_wait 30 mvn install env: - CONFIGURE_ARGS="" EXTRA="libldap2-dev libykpers-1-dev libnet-ldap-server-perl libmysqlclient-dev" - CONFIGURE_ARGS="--without-ldap" EXTRA="libykpers-1-dev libmysqlclient-dev" From 683d79fdf8ee1915a958f63dbb3ed5779a8f0638 Mon Sep 17 00:00:00 2001 From: Benjamin AIMARD Date: Thu, 3 Dec 2020 13:38:59 +0100 Subject: [PATCH 19/23] Timeout travis extend --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 2d4801a6..71cc606d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,7 +5,6 @@ os: compiler: - gcc - clang -install: travis_wait 30 mvn install env: - CONFIGURE_ARGS="" EXTRA="libldap2-dev libykpers-1-dev libnet-ldap-server-perl libmysqlclient-dev" - CONFIGURE_ARGS="--without-ldap" EXTRA="libykpers-1-dev libmysqlclient-dev" @@ -13,6 +12,7 @@ env: - CONFIGURE_ARGS="--without-ldap --without-cr" EXTRA="libmysqlclient-dev" script: tests/aux/build-and-test.sh jobs: + install: travis_wait 30 mvn install include: - compiler: gcc os: linux From e6633512f9c61f96dfac5546c791d367e49097f3 Mon Sep 17 00:00:00 2001 From: Benjamin AIMARD Date: Sat, 5 Dec 2020 14:49:50 +0100 Subject: [PATCH 20/23] Fix klali comment --- Makefile.am | 11 +- configure.ac | 22 ++- m4/mysql.m4 | 375 ----------------------------------------------- pam_yubico.8.txt | 2 +- pam_yubico.c | 10 +- util.c | 112 +++++++------- util.h | 2 + 7 files changed, 88 insertions(+), 446 deletions(-) delete mode 100644 m4/mysql.m4 diff --git a/Makefile.am b/Makefile.am index 8892b492..78ffa8f4 100644 --- a/Makefile.am +++ b/Makefile.am @@ -31,8 +31,6 @@ SUBDIRS = . tests ACLOCAL_AMFLAGS = -I m4 AM_CFLAGS = $(WARN_CFLAGS) -#Mysql -AM_CFLAGS += @MYSQL_CFLAGS@ AM_CPPFLAGS = @YKPERS_CFLAGS@ libdir = $(PAMDIR) @@ -45,11 +43,14 @@ pam_yubico_la_LIBADD = @LTLIBYUBIKEY@ @LTLIBYKCLIENT@ @LIBLDAP@ @LIBPAM@ pam_yubico_la_LIBADD += libpam_util.la libpam_real.la pam_yubico_la_LDFLAGS = -module -avoid-version - - noinst_LTLIBRARIES = libpam_util.la libpam_real.la libpam_util_la_SOURCES = util.c util.h -libpam_util_la_LIBADD = @LTLIBYUBIKEY@ @YKPERS_LIBS@ @MYSQL_LIBS@ +libpam_util_la_LIBADD = @LTLIBYUBIKEY@ @YKPERS_LIBS@ + +# if MYSQL_SUPPORT +AM_CFLAGS += @MYSQL_CFLAGS@ +libpam_util_la_LIBADD += @MYSQL_LIBS@ +# endif libpam_real_la_SOURCES = pam_yubico.c diff --git a/configure.ac b/configure.ac index ca9904aa..b4becbda 100644 --- a/configure.ac +++ b/configure.ac @@ -75,6 +75,20 @@ AC_ARG_WITH([ldap], [libldap not found, will not be compiled (--without-ldap to disable ldap support)])], [])]) +AC_ARG_WITH([mysql], + [AS_HELP_STRING([--without-mysql], + [disable support for mysql])], + [], + [with_mysql=yes]) +AS_IF([test "x$with_mysql" != xno], + [ + PKG_CHECK_MODULES([MYSQL], [mysqlclient]) + AC_DEFINE([HAVE_MYSQL], [1],[Define if you have mysqlclient]) + ], + [ + AC_DEFINE([HAVE_MYSQL], [0],[Define if you have mysqlclient]) + ]) +AM_CONDITIONAL(MYSQL_SUPPORT,test "x$with_mysql" != xno) AC_LIB_HAVE_LINKFLAGS([ykclient],, [#include ], [ykclient_set_proxy(0, 0)]) @@ -183,12 +197,6 @@ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], AC_CONFIG_FILES(Makefile) AC_CONFIG_FILES(tests/Makefile) - -#Mysql -WITH_MYSQL() -MYSQL_USE_CLIENT_API() -MYSQL_SUBST() - AC_OUTPUT AC_MSG_NOTICE([Summary of build options: @@ -200,4 +208,4 @@ AC_MSG_NOTICE([Summary of build options: Library types: Shared=${enable_shared}, Static=${enable_static} LDAP: ${with_ldap} Challenge-Response: ${with_cr} -]) +]) \ No newline at end of file diff --git a/m4/mysql.m4 b/m4/mysql.m4 deleted file mode 100644 index 7a1fc462..00000000 --- a/m4/mysql.m4 +++ /dev/null @@ -1,375 +0,0 @@ -dnl -dnl configure.in helper macros -dnl - -dnl TODO: fix "mutual exclusive" stuff - -dnl 3rd party macro for version number comparisons -m4_include([ax_compare_version.m4]) - -MYSQL_VERSION=none - -dnl check for a --with-mysql configure option and set up -dnl MYSQL_CONFIG and MYSLQ_VERSION variables for further use -dnl this must always be called before any other macro from this file -dnl -dnl WITH_MYSQL() -dnl -AC_DEFUN([WITH_MYSQL], [ - AC_MSG_CHECKING(for mysql_config executable) - - # try to find the mysql_config script, - # --with-mysql will either accept its path directly - # or will treat it as the mysql install prefix and will - # search for the script in there - # if no path is given at all we look for the script in - # /usr/bin and /usr/local/mysql/bin - AC_ARG_WITH(mysql, [ --with-mysql=PATH path to mysql_config binary or mysql prefix dir], [ - if test $withval = "no" - then - MYSQL_CONFIG="no" - else - if test -x $withval -a -f $withval - then - MYSQL_CONFIG=$withval - MYSQL_PREFIX=$(dirname $(dirname $withval)) - elif test -x $withval/bin/mysql_config -a -f $withval/bin/mysql_config - then - MYSQL_CONFIG=$withval/bin/mysql_config - MYSQL_PREFIX=$withval - elif test -x $withval/bin/mariadb_config -a -f $withval/bin/mariadb_config - then - MYSQL_CONFIG=$withval/bin/mariadb_config - MYSQL_PREFIX=$withval - fi - fi - ], [ - # implicit "yes", check in $PATH and in known default prefix, - # but only if source not already configured - if test "x$MYSQL_SRCDIR" != "x" - then - MYSQL_CONFIG="no" - elif MYSQL_CONFIG=$(which mysql_config) - then - MYSQL_PREFIX=$(dirname $(dirname $MYSQL_CONFIG)) - elif MYSQL_CONFIG=$(which mariadb_config) - then - MYSQL_PREFIX=$(dirname $(dirname $MYSQL_CONFIG)) - elif test -x /usr/local/mysql/bin/mysql_config -a -f /usr/local/mysql/bin/mysql_config - then - MYSQL_CONFIG=/usr/local/mysql/bin/mysql_config - MYSQL_PREFIX=/usr/local/mysql - elif MYSQL_CONFIG=$(which mariadb_config) - then - MYSQL_PREFIX=$(dirname $(dirname $MYSQL_CONFIG)) - elif test -x /usr/local/mysql/bin/mariadb_config -a -f /usr/local/mysql/bin/mariadb_config - then - MYSQL_CONFIG=/usr/local/mysql/bin/mariadb_config - MYSQL_PREFIX=/usr/local/mysql - fi - ]) - - if test "x$MYSQL_CONFIG" = "x" - then - AC_MSG_ERROR([not found]) - elif test "$MYSQL_CONFIG" = "no" - then - MYSQL_CONFIG="" - MYSQL_PREFIX="" - AC_MSG_RESULT([no]) - else - if test "x$MYSQL_SRCDIR" != "x" - then - AC_MSG_ERROR("--with-mysql can't be used together with --with-mysql-src") - else - # get installed version - MYSQL_VERSION=$($MYSQL_CONFIG --version) - - MYSQL_CONFIG_INCLUDE=$($MYSQL_CONFIG --include) - MYSQL_CONFIG_LIBS_R=$($MYSQL_CONFIG --libs_r) - - MYSQL_CLIENT=$(dirname $MYSQL_CONFIG)/mysql - - AC_MSG_RESULT($MYSQL_CONFIG) - fi - fi -]) - - - -dnl check for a --with-mysql-src configure option and set up -dnl MYSQL_CONFIG and MYSLQ_VERSION variables for further use -dnl this must always be called before any other macro from this file -dnl -dnl if you use this together with WITH_MYSQL you have to put this in front of it -dnl -dnl WITH_MYSQL_SRC() -dnl -AC_DEFUN([WITH_MYSQL_SRC], [ - AC_MSG_CHECKING(for mysql source directory) - - AC_ARG_WITH(mysql-src, [ --with-mysql-src=PATH path to mysql sourcecode], [ - if test "x$MYSQL_CONFIG" != "x" - then - AC_MSG_ERROR([--with-mysql-src can't be used together with --with-mysql]) - fi - - if test -f $withval/include/mysql_version.h.in - then - if test -f $withval/include/mysql_version.h - then - AC_MSG_RESULT(ok) - MYSQL_SRCDIR=$withval - MYSQL_VERSION=$(grep MYSQL_SERVER_VERSION $MYSQL_SRCDIR/include/mysql_version.h | sed -e's/"$//g' -e's/.*"//g') - else - AC_MSG_ERROR([not configured yet]) - fi - else - AC_MSG_ERROR([$withval doesn't look like a mysql source dir]) - fi - ], [ - AC_MSG_RESULT(no) - ]) - - if test "x$MYSQL_SRCDIR" != "x" - then - MYSQL_CONFIG_INCLUDE="-I$MYSQL_SRCDIR/include" - MYSQL_CONFIG_LIBS_R="-L$MYSQL_SRCDIR/libmysql_r/.libs -lmysqlclient_r -lz -lm" - fi -]) - - -dnl -dnl check for successfull mysql detection -dnl and register AC_SUBST variables -dnl -dnl MYSQL_SUBST() -dnl -AC_DEFUN([MYSQL_SUBST], [ - if test "$MYSQL_VERSION" = "none" - then - AC_MSG_ERROR([MySQL required but not found]) - fi - - # register replacement vars, these will be filled - # with contant by the other macros - AC_SUBST([MYSQL_CFLAGS]) - AC_SUBST([MYSQL_CXXFLAGS]) - AC_SUBST([MYSQL_LIBS]) - AC_SUBST([MYSQL_LIBS]) - AC_SUBST([MYSQL_VERSION]) - AC_SUBST([MYSQL_PLUGIN_DIR]) -]) - - -dnl check if current MySQL version meets a version requirement -dnl and act accordingly -dnl -dnl MYSQL_CHECK_VERSION([requested_version],[yes_action],[no_action]) -dnl -AC_DEFUN([MYSQL_CHECK_VERSION], [ - AX_COMPARE_VERSION([$MYSQL_VERSION], [GE], [$1], [$2], [$3]) -]) - - - -dnl check if current MySQL version meets a version requirement -dnl and bail out with an error message if not -dnl -dnl MYSQL_NEED_VERSION([need_version]) -dnl -AC_DEFUN([MYSQL_NEED_VERSION], [ - AC_MSG_CHECKING([mysql version >= $1]) - MYSQL_CHECK_VERSION([$1], - [AC_MSG_RESULT([yes ($MYSQL_VERSION)])], - [AC_MSG_ERROR([no ($MYSQL_VERSION)])]) -]) - - - -dnl check whether the installed server was compiled with libdbug -dnl -dnl MYSQL_DEBUG_SERVER() -dnl -AC_DEFUN([MYSQL_DEBUG_SERVER], [ - AC_MSG_CHECKING(for mysqld debug version) - - MYSQL_DBUG=unknown - - OLD_CFLAGS=$CFLAGS - CFLAGS="$CFLAGS $MYSQL_CONFIG_INCLUDE" - # check for DBUG_ON/OFF being defined in my_config.h - AC_TRY_COMPILE(,[ -#include "my_config.h" -#ifdef DBUG_ON - int ok; -#else -# ifdef DBUG_OFF - int ok; -# else - choke me -# endif -#endif - ],AS_VAR_SET(MYSQL_DBUG, ["defined by header file"]),AS_VAR_SET(MYSQL_DBUG, unknown)) - CFLAGS=$OLD_CFLAGS - - - if test "$MYSQL_DBUG" = "unknown" - then - # fallback: need to check mysqld binary itself - # check $prefix/libexec, $prefix/sbin, $prefix/bin in that order - for dir in libexec sbin bin - do - MYSQLD=$MYSQL_PREFIX/$dir/mysqld - if test -f $MYSQLD -a -x $MYSQLD - then - if ($MYSQLD --help --verbose | grep -q -- "--debug") - then - AC_DEFINE([DBUG_ON], [1], [Use libdbug]) - MYSQL_DBUG=yes - else - AC_DEFINE([DBUG_OFF], [1], [Don't use libdbug]) - MYSQL_DBUG=no - fi - break; - fi - done - fi - - if test "$MYSQL_DBUG" = "unknown" - then - # still unknown? make sure not to use it then - AC_DEFINE([DBUG_OFF], [1], [Don't use libdbug]) - MYSQL_DBUG="unknown, assuming no" - fi - - AC_MSG_RESULT($MYSQL_DBUG) - # -]) - - - -dnl set up variables for compilation of regular C API applications -dnl -dnl MYSQL_USE_CLIENT_API() -dnl -AC_DEFUN([MYSQL_USE_CLIENT_API], [ - # add regular MySQL C flags - ADDFLAGS=$MYSQL_CONFIG_INCLUDE - - MYSQL_CFLAGS="$MYSQL_CFLAGS $ADDFLAGS" - MYSQL_CXXFLAGS="$MYSQL_CXXFLAGS $ADDFLAGS" - - # add linker flags for client lib - AC_ARG_ENABLE([embedded-mysql], [ --enable-embedded-mysql enable the MySQL embedded server feature], - [MYSQL_LIBS="$MYSQL_LIBS "$($MYSQL_CONFIG --libmysqld-libs)], - [MYSQL_LIBS="$MYSQL_LIBS $MYSQL_CONFIG_LIBS_R"]) -]) - - - - - -dnl set up variables for compilation of NDBAPI applications -dnl -dnl MYSQL_USE_NDB_API() -dnl -AC_DEFUN([MYSQL_USE_NDB_API], [ - MYSQL_USE_CLIENT_API() - AC_PROG_CXX - MYSQL_CHECK_VERSION([5.0.0],[ - - # mysql_config results need some post processing for now - - # the include pathes changed in 5.1.x due - # to the pluggable storage engine clenups, - # it also dependes on whether we build against - # mysql source or installed headers - if test "x$MYSQL_SRCDIR" = "x" - then - IBASE=$MYSQL_CONFIG_INCLUDE - else - IBASE=$MYSQL_SRCDIR - fi - MYSQL_CHECK_VERSION([5.1.0], [ - IBASE="$IBASE/storage/ndb" - ],[ - IBASE="$IBASE/ndb" - ]) - if test "x$MYSQL_SRCDIR" != "x" - then - IBASE="$MYSQL_SRCDIR/include" - fi - - # add the ndbapi specifc include dirs - ADDFLAGS="$ADDFLAGS $IBASE" - ADDFLAGS="$ADDFLAGS $IBASE/ndbapi" - ADDFLAGS="$ADDFLAGS $IBASE/mgmapi" - - MYSQL_CFLAGS="$MYSQL_CFLAGS $ADDFLAGS" - MYSQL_CXXFLAGS="$MYSQL_CXXFLAGS $ADDFLAGS" - - # check for ndbapi header file NdbApi.hpp - AC_LANG_PUSH(C++) - OLD_CXXFLAGS=$CXXFLAGS - CXXFLAGS="$CXXFLAGS $MYSQL_CXXFLAGS" - AC_CHECK_HEADER([NdbApi.hpp],,[AC_ERROR(["Can't find NdbApi header files"])]) - CXXFLAGS=$OLD_CXXFLAGS - AC_LANG_POP() - - # check for the ndbapi client library - AC_LANG_PUSH(C++) - OLD_LIBS=$LIBS - LIBS="$LIBS $MYSQL_LIBS -lmysys -lmystrings" - OLD_LIBS=$LIBS - LIBS="$LIBS $MYSQL_LIBS" - AC_CHECK_LIB([ndbclient],[ndb_init],,[AC_ERROR(["Can't find NdbApi client lib"])]) - LIBS=$OLD_LIBS - LIBS=$OLD_LIBS - AC_LANG_POP() - - # add the ndbapi specific static libs - MYSQL_LIBS="$MYSQL_LIBS -lndbclient -lmysys -lmystrings " - - ],[ - AC_ERROR(["NdbApi needs at lest MySQL 5.0"]) - ]) -]) - - - -dnl set up variables for compilation of UDF extensions -dnl -dnl MYSQL_USE_UDF_API() -dnl -AC_DEFUN([MYSQL_USE_UDF_API], [ - # add regular MySQL C flags - ADDFLAGS=$MYSQL_CONFIG_INCLUDE - - MYSQL_CFLAGS="$MYSQL_CFLAGS $ADDFLAGS" - MYSQL_CXXFLAGS="$MYSQL_CXXFLAGS $ADDFLAGS" - - MYSQL_DEBUG_SERVER() -]) - - - -dnl set up variables for compilation of plugins -dnl -dnl MYSQL_USE_PLUGIN_API() -dnl -AC_DEFUN([MYSQL_USE_PLUGIN_API], [ - # plugin interface is only availabe starting with MySQL 5.1 - MYSQL_NEED_VERSION([5.1.0]) - - # for plugins the recommended way to include plugin.h - # is , not , so we have to - # strip thetrailing /mysql from the include paht - # reported by mysql_config - ADDFLAGS=$(echo $MYSQL_CONFIG_INCLUDE | sed -e"s/\/mysql\$//g") - - MYSQL_CFLAGS="$MYSQL_CFLAGS $ADDFLAGS -DMYSQL_DYNAMIC_PLUGIN" - MYSQL_CXXFLAGS="$MYSQL_CXXFLAGS $ADDFLAGS" - - MYSQL_PLUGIN_DIR=$($MYSQL_CLIENT -BNe "show variables like 'plugin_dir'" | sed -e "s/^plugin_dir\t//g") -]) \ No newline at end of file diff --git a/pam_yubico.8.txt b/pam_yubico.8.txt index bc10b9f3..45bd6b73 100644 --- a/pam_yubico.8.txt +++ b/pam_yubico.8.txt @@ -117,7 +117,7 @@ CA certitificate file for the LDAP connection. Path of a system-wide directory where challenge-response files can be found for users. Default location is `$HOME/.yubico/`. *mysql_server*=_mysqlserver_:: -Uri of mysql server. Example 10.0.0.1 +Hostname/Adress of mysql server. Example 10.0.0.1 *mysql_user*=_mysqluser_:: User for accessing to the database. Strongly recommended to use a specific user with read only access. diff --git a/pam_yubico.c b/pam_yubico.c index 44ba0d80..260a776e 100644 --- a/pam_yubico.c +++ b/pam_yubico.c @@ -134,11 +134,11 @@ struct cfg const char *user_attr; const char *yubi_attr; const char *yubi_attr_prefix; - //Mysql const char *mysql_server; const char *mysql_user; const char *mysql_password; const char *mysql_database; + unsigned int token_id_length; enum key_mode mode; const char *chalresp_path; @@ -171,11 +171,15 @@ authorize_user_token (struct cfg *cfg, int retval = AUTH_ERROR; if (cfg->mysql_server) { + #if HAVE_MYSQL /* Administrator had configured the database and specified is name as an argument for this module. */ - DBG ("Using Mariadb or Mysql Database %s", otp_id); + DBG ("Using Mariadb or Mysql Database"); retval = check_user_token_mysql(cfg->mysql_server, cfg->mysql_user, cfg->mysql_password, cfg->mysql_database, username, otp_id, cfg->debug, cfg->debug_file); + #else + DBG (("Trying to use MYSQL, but this function is not compiled in pam_yubico!!")); + #endif } else if (cfg->auth_file) { @@ -963,10 +967,8 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg) DBG ("chalresp_path=%s", cfg->chalresp_path ? cfg->chalresp_path : "(null)"); DBG ("mysql_server=%s", cfg->mysql_server ? cfg->mysql_server : "(null)"); DBG ("mysql_user=%s", cfg->mysql_user ? cfg->mysql_user : "(null)"); - DBG ("mysql_password=%s", cfg->mysql_password ? cfg->mysql_password : "(null)"); DBG ("mysql_database=%s", cfg->mysql_database ? cfg->mysql_database : "(null)"); - if (fd != -1) close(fd); diff --git a/util.c b/util.c index fc0ff9a6..af2bf7b6 100644 --- a/util.c +++ b/util.c @@ -40,11 +40,9 @@ #include #include #include -#include #include "util.h" - #if HAVE_CR /* for yubikey_hex_decode and yubikey_hex_p */ #include @@ -54,7 +52,9 @@ #include #endif /* HAVE_CR */ -#define STRING_SIZE 64 +#if HAVE_MYSQL +#include +#endif int get_user_cfgfile_path(const char *common_path, const char *filename, const struct passwd *user, char **fn) @@ -97,6 +97,7 @@ get_user_cfgfile_path(const char *common_path, const char *filename, const struc return 1; } +#if HAVE_MYSQL /* * This function will look for users name with valid user token id, in a database Mysql * @@ -121,59 +122,53 @@ check_user_token_mysql (const char *mysql_server, int verbose, FILE *debug_file) { - - //DEFAULT ! + int retval = AUTH_ERROR; int fd; struct stat st; FILE *opwfile; - - // Mysql MYSQL *con = NULL; MYSQL_STMT *stmt; - MYSQL_BIND ps_params[2]; MYSQL_BIND bind[1]; - long unsigned int username_size = 64; - long unsigned int otp_size = 12; - unsigned long str_username; - unsigned long str_otp; - unsigned long length; + long unsigned int str_username; + long unsigned int str_otp; + long unsigned int length; int int_data; int row_count; - int is_null = 0; - int error = 0; + bool is_null; + bool error; - //Check Mysql Librairie if (mysql_library_init(0, NULL, NULL)) { - if(verbose) - D (debug_file, "could not initialize MySQL client library\n"); + if(verbose){ + D (debug_file, "could not initialize MySQL client library"); + } + return retval; } con = mysql_init(con); if (!con) { if(verbose) - D (debug_file, "out of memorys\n"); + D (debug_file, "out of memorys"); return retval; } - if (mysql_real_connect(con, mysql_server,mysql_user,mysql_password,mysql_database, 0, NULL, 0) == NULL) { if(verbose) - D (debug_file, "Connection failed ...\n"); + D (debug_file, "Connection failed ..."); return retval; } stmt = mysql_stmt_init(con); if (!stmt) - { - if(verbose) - D (debug_file, "Connection failed ... 2 \n"); - return retval; - } + { + if(verbose) + D (debug_file, "Connection failed ... 2"); + return retval; + } const char *sql = "SELECT count(username) FROM yubikey_mappings WHERE username = ?;"; const char *sql2 = "SELECT count(username) FROM yubikey_mappings WHERE username = ? and otp_id = ?;"; @@ -182,25 +177,24 @@ check_user_token_mysql (const char *mysql_server, { if (mysql_stmt_prepare(stmt, sql, strlen(sql))) { - fprintf(stderr, " mysql_stmt_prepare() failed\n"); - fprintf(stderr, " %s\n", mysql_stmt_error(stmt)); + if(verbose) + D (debug_file, "mysql_stmt_prepare() failed %s", mysql_stmt_error(stmt)); return retval; } }else{ if (mysql_stmt_prepare(stmt, sql2, strlen(sql2))) { - fprintf(stderr, " mysql_stmt_prepare() failed\n"); - fprintf(stderr, " %s\n", mysql_stmt_error(stmt)); + if(verbose) + D (debug_file, "mysql_stmt_prepare() failed %s", mysql_stmt_error(stmt)); return retval; } } - - str_username= strlen(username); + str_username = strlen(username); memset(ps_params, 0, sizeof(ps_params)); ps_params[0].buffer_type = MYSQL_TYPE_STRING; ps_params[0].buffer = (char *)username; - ps_params[0].buffer_length = username_size; + ps_params[0].buffer_length = str_username; ps_params[0].length = &str_username; ps_params[0].is_null = 0; @@ -209,80 +203,90 @@ check_user_token_mysql (const char *mysql_server, str_otp= strlen(otp_id); ps_params[1].buffer_type = MYSQL_TYPE_STRING; ps_params[1].buffer = (char *)otp_id; - ps_params[1].buffer_length = otp_size; + ps_params[1].buffer_length = str_otp; ps_params[1].length = &str_otp; ps_params[1].is_null = 0; } - if (mysql_stmt_bind_param(stmt, ps_params)) { - fprintf(stderr, " mysql_stmt_bind_param() failed\n"); - fprintf(stderr, " %s\n", mysql_stmt_error(stmt)); + if(verbose) + D (debug_file, "mysql_stmt_bind_param() failed %s", mysql_stmt_error(stmt)); return retval; } if (mysql_stmt_execute(stmt)) { - fprintf(stderr, " mysql_stmt_execute(), failed\n"); - fprintf(stderr, " %s\n", mysql_stmt_error(stmt)); + if(verbose) + D (debug_file, "mysql_stmt_execute() failed %s", mysql_stmt_error(stmt)); return retval; } memset(bind, 0, sizeof(bind)); bind[0].buffer_type = MYSQL_TYPE_LONG; bind[0].buffer = (char *)&int_data; - bind[0].is_null= &is_null; bind[0].length= &length; + bind[0].is_null= &is_null; bind[0].error= &error; if (mysql_stmt_bind_result(stmt, bind)) { - fprintf(stderr, " mysql_stmt_bind_result() failed\n"); - fprintf(stderr, " %s\n", mysql_stmt_error(stmt)); - return retval; + if(verbose) + D (debug_file, "mysql_stmt_bind_result() failed %s", mysql_stmt_error(stmt)); } if (mysql_stmt_store_result(stmt)) { - fprintf(stderr, " mysql_stmt_store_result() failed\n"); - fprintf(stderr, " %s\n", mysql_stmt_error(stmt)); + if(verbose) + D (debug_file, "mysql_stmt_store_result() failed %s", mysql_stmt_error(stmt)); return retval; } - // Because of count() in the sql syntaxe only one fetch needed while (!mysql_stmt_fetch(stmt)) { if(is_null) - fprintf(stdout, "NULL\n"); + { + D (debug_file, "mysql_stmt_fetch() failed"); + } else { if(otp_id != NULL){ if(int_data) + { return AUTH_FOUND; + } else + { return AUTH_NOT_FOUND; - - }else if (otp_id == NULL){ + } + } + else if (otp_id == NULL) + { if(int_data) + { return AUTH_NOT_FOUND; + } else + { return AUTH_NO_TOKENS; + } } } } if (mysql_stmt_close(stmt)) - { - fprintf(stderr, " failed while closing the statement\n"); - fprintf(stderr, " %s\n", mysql_stmt_error(stmt)); - return retval; - } + { + if(verbose) + D (debug_file, "mysql_stmt_close() failed %s", mysql_stmt_error(stmt)); + return retval; + } + mysql_close(con); mysql_library_end(); return retval; } +#endif /* * This function will look for users name with valid user token id. diff --git a/util.h b/util.h index d8f4335a..e46facde 100644 --- a/util.h +++ b/util.h @@ -51,7 +51,9 @@ #define AUTH_NOT_FOUND -1 /* The requested token is not associated to the user */ int get_user_cfgfile_path(const char *common_path, const char *filename, const struct passwd *user, char **fn); +#if HAVE_MYSQL int check_user_token_mysql(const char *mysql_server,const char *mysql_user,const char *mysql_password,const char *mysql_database,const char *username,const char *otp_id,int verbose,FILE *debug_file); +#endif int check_user_token(const char *authfile, const char *username, const char *otp_id, int verbose, FILE *debug_file); #if HAVE_CR From c0de69f07a3ec784f1438acf4abcb7743e6ee9f7 Mon Sep 17 00:00:00 2001 From: Benjamin AIMARD Date: Mon, 7 Dec 2020 09:13:57 +0100 Subject: [PATCH 21/23] Fix warning --- util.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/util.c b/util.c index af2bf7b6..7cfb0ca3 100644 --- a/util.c +++ b/util.c @@ -137,8 +137,8 @@ check_user_token_mysql (const char *mysql_server, long unsigned int length; int int_data; int row_count; - bool is_null; - bool error; + bool is_null = false; + bool error = false; if (mysql_library_init(0, NULL, NULL)) { if(verbose){ @@ -225,9 +225,9 @@ check_user_token_mysql (const char *mysql_server, memset(bind, 0, sizeof(bind)); bind[0].buffer_type = MYSQL_TYPE_LONG; bind[0].buffer = (char *)&int_data; - bind[0].length= &length; - bind[0].is_null= &is_null; - bind[0].error= &error; + bind[0].length = &length; + bind[0].is_null = &is_null; + bind[0].error = &error; if (mysql_stmt_bind_result(stmt, bind)) { From 3a7f90004f2e6b085a87c3bed27af67c88632b2a Mon Sep 17 00:00:00 2001 From: Benjamin AIMARD Date: Mon, 7 Dec 2020 16:43:24 +0100 Subject: [PATCH 22/23] fix configure.ac --- ax_compare_version.m4 | 164 ------------------------------------------ configure.ac | 4 +- pam_yubico.c | 1 - util.c | 8 +-- util.h | 2 +- 5 files changed, 7 insertions(+), 172 deletions(-) delete mode 100644 ax_compare_version.m4 diff --git a/ax_compare_version.m4 b/ax_compare_version.m4 deleted file mode 100644 index a42a4b4d..00000000 --- a/ax_compare_version.m4 +++ /dev/null @@ -1,164 +0,0 @@ -dnl (from http://autoconf-archive.cryp.to/ax_compare_version.m4 ) -dnl -dnl @synopsis AX_COMPARE_VERSION(VERSION_A, OP, VERSION_B, [ACTION-IF-TRUE], [ACTION-IF-FALSE]) -dnl -dnl This macro compares two version strings. It is used heavily in the -dnl macro _AX_PATH_BDB for library checking. Due to the various number -dnl of minor-version numbers that can exist, and the fact that string -dnl comparisons are not compatible with numeric comparisons, this is -dnl not necessarily trivial to do in a autoconf script. This macro -dnl makes doing these comparisons easy. -dnl -dnl The six basic comparisons are available, as well as checking -dnl equality limited to a certain number of minor-version levels. -dnl -dnl The operator OP determines what type of comparison to do, and can -dnl be one of: -dnl -dnl eq - equal (test A == B) -dnl ne - not equal (test A != B) -dnl le - less than or equal (test A <= B) -dnl ge - greater than or equal (test A >= B) -dnl lt - less than (test A < B) -dnl gt - greater than (test A > B) -dnl -dnl Additionally, the eq and ne operator can have a number after it to -dnl limit the test to that number of minor versions. -dnl -dnl eq0 - equal up to the length of the shorter version -dnl ne0 - not equal up to the length of the shorter version -dnl eqN - equal up to N sub-version levels -dnl neN - not equal up to N sub-version levels -dnl -dnl When the condition is true, shell commands ACTION-IF-TRUE are run, -dnl otherwise shell commands ACTION-IF-FALSE are run. The environment -dnl variable 'ax_compare_version' is always set to either 'true' or -dnl 'false' as well. -dnl -dnl Examples: -dnl -dnl AX_COMPARE_VERSION([3.15.7],[lt],[3.15.8]) -dnl AX_COMPARE_VERSION([3.15],[lt],[3.15.8]) -dnl -dnl would both be true. -dnl -dnl AX_COMPARE_VERSION([3.15.7],[eq],[3.15.8]) -dnl AX_COMPARE_VERSION([3.15],[gt],[3.15.8]) -dnl -dnl would both be false. -dnl -dnl AX_COMPARE_VERSION([3.15.7],[eq2],[3.15.8]) -dnl -dnl would be true because it is only comparing two minor versions. -dnl -dnl AX_COMPARE_VERSION([3.15.7],[eq0],[3.15]) -dnl -dnl would be true because it is only comparing the lesser number of -dnl minor versions of the two values. -dnl -dnl Note: The characters that separate the version numbers do not -dnl matter. An empty string is the same as version 0. OP is evaluated -dnl by autoconf, not configure, so must be a string, not a variable. -dnl -dnl The author would like to acknowledge Guido Draheim whose advice -dnl about the m4_case and m4_ifvaln functions make this macro only -dnl include the portions necessary to perform the specific comparison -dnl specified by the OP argument in the final configure script. -dnl -dnl @category Misc -dnl @author Tim Toolan -dnl @version 2004-03-01 -dnl @license GPLWithACException - -dnl ######################################################################### -AC_DEFUN([AX_COMPARE_VERSION], [ - # Used to indicate true or false condition - ax_compare_version=false - - # Convert the two version strings to be compared into a format that - # allows a simple string comparison. The end result is that a version - # string of the form 1.12.5-r617 will be converted to the form - # 0001001200050617. In other words, each number is zero padded to four - # digits, and non digits are removed. - AS_VAR_PUSHDEF([A],[ax_compare_version_A]) - A=`echo "$1" | sed -e 's/\([[0-9]]*\)/Z\1Z/g' \ - -e 's/Z\([[0-9]]\)Z/Z0\1Z/g' \ - -e 's/Z\([[0-9]][[0-9]]\)Z/Z0\1Z/g' \ - -e 's/Z\([[0-9]][[0-9]][[0-9]]\)Z/Z0\1Z/g' \ - -e 's/[[^0-9]]//g'` - - AS_VAR_PUSHDEF([B],[ax_compare_version_B]) - B=`echo "$3" | sed -e 's/\([[0-9]]*\)/Z\1Z/g' \ - -e 's/Z\([[0-9]]\)Z/Z0\1Z/g' \ - -e 's/Z\([[0-9]][[0-9]]\)Z/Z0\1Z/g' \ - -e 's/Z\([[0-9]][[0-9]][[0-9]]\)Z/Z0\1Z/g' \ - -e 's/[[^0-9]]//g'` - - dnl # In the case of le, ge, lt, and gt, the strings are sorted as necessary - dnl # then the first line is used to determine if the condition is true. - dnl # The sed right after the echo is to remove any indented white space. - m4_case(m4_tolower($2), - [lt],[ - ax_compare_version=`echo "x$A -x$B" | sed 's/^ *//' | sort -r | sed "s/x${A}/false/;s/x${B}/true/;1q"` - ], - [gt],[ - ax_compare_version=`echo "x$A -x$B" | sed 's/^ *//' | sort | sed "s/x${A}/false/;s/x${B}/true/;1q"` - ], - [le],[ - ax_compare_version=`echo "x$A -x$B" | sed 's/^ *//' | sort | sed "s/x${A}/true/;s/x${B}/false/;1q"` - ], - [ge],[ - ax_compare_version=`echo "x$A -x$B" | sed 's/^ *//' | sort -r | sed "s/x${A}/true/;s/x${B}/false/;1q"` - ],[ - dnl Split the operator from the subversion count if present. - m4_bmatch(m4_substr($2,2), - [0],[ - # A count of zero means use the length of the shorter version. - # Determine the number of characters in A and B. - ax_compare_version_len_A=`echo "$A" | awk '{print(length)}'` - ax_compare_version_len_B=`echo "$B" | awk '{print(length)}'` - - # Set A to no more than B's length and B to no more than A's length. - A=`echo "$A" | sed "s/\(.\{$ax_compare_version_len_B\}\).*/\1/"` - B=`echo "$B" | sed "s/\(.\{$ax_compare_version_len_A\}\).*/\1/"` - ], - [[0-9]+],[ - # A count greater than zero means use only that many subversions - A=`echo "$A" | sed "s/\(\([[0-9]]\{4\}\)\{m4_substr($2,2)\}\).*/\1/"` - B=`echo "$B" | sed "s/\(\([[0-9]]\{4\}\)\{m4_substr($2,2)\}\).*/\1/"` - ], - [.+],[ - AC_WARNING( - [illegal OP numeric parameter: $2]) - ],[]) - - # Pad zeros at end of numbers to make same length. - ax_compare_version_tmp_A="$A`echo $B | sed 's/./0/g'`" - B="$B`echo $A | sed 's/./0/g'`" - A="$ax_compare_version_tmp_A" - - # Check for equality or inequality as necessary. - m4_case(m4_tolower(m4_substr($2,0,2)), - [eq],[ - test "x$A" = "x$B" && ax_compare_version=true - ], - [ne],[ - test "x$A" != "x$B" && ax_compare_version=true - ],[ - AC_WARNING([illegal OP parameter: $2]) - ]) - ]) - - AS_VAR_POPDEF([A])dnl - AS_VAR_POPDEF([B])dnl - - dnl # Execute ACTION-IF-TRUE / ACTION-IF-FALSE. - if test "$ax_compare_version" = "true" ; then - m4_ifvaln([$4],[$4],[:])dnl - m4_ifvaln([$5],[else $5])dnl - fi -]) dnl AX_COMPARE_VERSION \ No newline at end of file diff --git a/configure.ac b/configure.ac index b4becbda..ebdc2f6a 100644 --- a/configure.ac +++ b/configure.ac @@ -85,8 +85,8 @@ AS_IF([test "x$with_mysql" != xno], PKG_CHECK_MODULES([MYSQL], [mysqlclient]) AC_DEFINE([HAVE_MYSQL], [1],[Define if you have mysqlclient]) ], - [ - AC_DEFINE([HAVE_MYSQL], [0],[Define if you have mysqlclient]) + [AC_MSG_WARN( + [libldap not found, will not be compiled (--without-ldap to disable ldap support)]) ]) AM_CONDITIONAL(MYSQL_SUPPORT,test "x$with_mysql" != xno) diff --git a/pam_yubico.c b/pam_yubico.c index 260a776e..9f26603d 100644 --- a/pam_yubico.c +++ b/pam_yubico.c @@ -890,7 +890,6 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg) cfg->mode = CLIENT; if (strncmp (argv[i], "chalresp_path=", 14) == 0) cfg->chalresp_path = argv[i] + 14; - //Mysql if (strncmp (argv[i], "mysql_server=", 13) == 0) cfg->mysql_server = argv[i] + 13; if (strncmp (argv[i], "mysql_user=", 11) == 0) diff --git a/util.c b/util.c index 7cfb0ca3..da832ddc 100644 --- a/util.c +++ b/util.c @@ -52,7 +52,7 @@ #include #endif /* HAVE_CR */ -#if HAVE_MYSQL +#ifdef HAVE_MYSQL #include #endif @@ -97,7 +97,7 @@ get_user_cfgfile_path(const char *common_path, const char *filename, const struc return 1; } -#if HAVE_MYSQL +#ifdef HAVE_MYSQL /* * This function will look for users name with valid user token id, in a database Mysql * @@ -137,8 +137,8 @@ check_user_token_mysql (const char *mysql_server, long unsigned int length; int int_data; int row_count; - bool is_null = false; - bool error = false; + bool is_null; + bool error; if (mysql_library_init(0, NULL, NULL)) { if(verbose){ diff --git a/util.h b/util.h index e46facde..668b334e 100644 --- a/util.h +++ b/util.h @@ -51,7 +51,7 @@ #define AUTH_NOT_FOUND -1 /* The requested token is not associated to the user */ int get_user_cfgfile_path(const char *common_path, const char *filename, const struct passwd *user, char **fn); -#if HAVE_MYSQL +#ifdef HAVE_MYSQL int check_user_token_mysql(const char *mysql_server,const char *mysql_user,const char *mysql_password,const char *mysql_database,const char *username,const char *otp_id,int verbose,FILE *debug_file); #endif int check_user_token(const char *authfile, const char *username, const char *otp_id, int verbose, FILE *debug_file); From af16a9e45e4aa49e9f1cb48198d0c2c840713daf Mon Sep 17 00:00:00 2001 From: Benjamin AIMARD Date: Mon, 7 Dec 2020 17:38:12 +0100 Subject: [PATCH 23/23] fix configure.ac --- configure.ac | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac index ebdc2f6a..48e3dcbc 100644 --- a/configure.ac +++ b/configure.ac @@ -82,11 +82,10 @@ AC_ARG_WITH([mysql], [with_mysql=yes]) AS_IF([test "x$with_mysql" != xno], [ - PKG_CHECK_MODULES([MYSQL], [mysqlclient]) - AC_DEFINE([HAVE_MYSQL], [1],[Define if you have mysqlclient]) - ], - [AC_MSG_WARN( - [libldap not found, will not be compiled (--without-ldap to disable ldap support)]) + PKG_CHECK_MODULES([MYSQL], [mysqlclient], + [AC_DEFINE([HAVE_MYSQL], [1],[Define if you have mysqlclient])], + [AC_MSG_WARN( + [libmysqlclient not found, will not be compiled (--without-mysql to disable mysql support)])]) ]) AM_CONDITIONAL(MYSQL_SUPPORT,test "x$with_mysql" != xno)