Refactoring for ISSUE Yubico#230

baimard · baimard · commit c2842962a0e6 · 2021-07-28T11:47:36.000+02:00
diff --git a/pam_yubico.c b/pam_yubico.c
@@ -177,7 +177,7 @@ authorize_user_token (struct cfg *cfg,
       /* Administrator had configured the database and specified is name
         as an argument for this module.
       */
-      DBG ("Using Mariadb or Mysql Database");
+      DBG ("Using Mariadb or Mysql Database V1");
       retval = check_user_token_mysql(cfg->mysql_server, cfg->mysql_port, cfg->mysql_user, cfg->mysql_password, cfg->mysql_database, username, otp_id, cfg->debug, cfg->debug_file);
 #else
       DBG (("Trying to use MYSQL, but this function is not compiled in pam_yubico!!"));
diff --git a/util.c b/util.c
@@ -138,16 +138,16 @@ check_user_token_mysql(const char *mysql_server,
   int int_data;
   int row_count;
 
-  if(mysql_library_init(0, NULL, NULL)){
-    if(verbose){
-      D (debug_file, "could not initialize MySQL client library");
-    }
-
+  if(mysql_library_init(0, NULL, NULL))
+  {
+    if(verbose)
+    D (debug_file, "could not initialize MySQL client library");
     return retval;
   }
 
   con = mysql_init(con);
-  if(!con) {
+  if(!con)
+  {
     if(verbose)
 	  D (debug_file, "out of memorys");
     return retval;
@@ -164,27 +164,30 @@ check_user_token_mysql(const char *mysql_server,
   if(!stmt)
   {
     if(verbose)
-    D (debug_file, "Connection failed ... 2");
-    return retval;
+    D (debug_file, "Handler failed ...");
+    
+    goto end_connection;
   }
 
-  const char *sql = "SELECT count(username) FROM yubikey_mappings WHERE username = ?;";
-  const char *sql2 = "SELECT count(username) FROM yubikey_mappings WHERE username = ? and otp_id = ?;";
+  const char *sql = "SELECT count(username) FROM yubikey_mappings WHERE username = ?";
+  const char *sql2 = "SELECT count(username) FROM yubikey_mappings WHERE username = ? and otp_id = ?";
 
   if(otp_id == NULL)
   {
     if(mysql_stmt_prepare(stmt, sql, strlen(sql)))
     {
       if(verbose)
 	    D (debug_file, "mysql_stmt_prepare() failed %s", mysql_stmt_error(stmt));
-      return retval;
+      goto end_connection;
     }
-  }else{
+  }
+  else
+  {
     if(mysql_stmt_prepare(stmt, sql2, strlen(sql2)))
     {
       if(verbose)
 	    D (debug_file, "mysql_stmt_prepare() failed %s", mysql_stmt_error(stmt));
-      return retval;
+      goto end_connection;
     }
   }
 
@@ -208,14 +211,14 @@ check_user_token_mysql(const char *mysql_server,
   {
     if(verbose)
     D (debug_file, "mysql_stmt_bind_param() failed %s", mysql_stmt_error(stmt));
-    return retval;
+    goto end_connection;
   }
 
   if(mysql_stmt_execute(stmt))
   {
     if(verbose)
     D (debug_file, "mysql_stmt_execute() failed %s", mysql_stmt_error(stmt));
-    return retval;
+    goto end_connection;
   }
 
   memset(bind, 0, sizeof(bind));
@@ -227,57 +230,60 @@ check_user_token_mysql(const char *mysql_server,
   {
     if(verbose)
     D (debug_file, "mysql_stmt_bind_result() failed %s", mysql_stmt_error(stmt));
+    goto end_connection;
   }
 
   if(mysql_stmt_store_result(stmt))
   {
     if(verbose)
     D (debug_file, "mysql_stmt_store_result() failed %s", mysql_stmt_error(stmt));
-    return retval;
+    goto end_connection;
+  }
+
+  if(mysql_stmt_close(stmt))
+  {
+    if(verbose)
+    D (debug_file, "mysql_stmt_close() failed %s", mysql_stmt_error(stmt));
+    goto end_connection;
   }
 
   while(!mysql_stmt_fetch(stmt))
   {
     if(bind[0].is_null_value)
     {
+      if(verbose)
       D (debug_file, "mysql_stmt_fetch() failed");
+      goto end_connection;
     }
     else
     {
       if(otp_id != NULL){
         if(int_data)
         {
-          return AUTH_FOUND;
+          retval = AUTH_FOUND; /* User and token verified */
         }
         else
         {
-          return AUTH_NOT_FOUND;
+          retval = AUTH_NOT_FOUND; /* User ok but bad token */
         }
       }
       else if(otp_id == NULL)
       {
         if(int_data)
         {
-          return AUTH_NOT_FOUND;
+          retval = AUTH_NOT_FOUND; /* We found at least one line for the user */
         }
         else
         {
-          return AUTH_NO_TOKENS;
+          retval = AUTH_NO_TOKENS; /* We not found at least any line for the user */
         }
       }
     }
   }
 
-  if(mysql_stmt_close(stmt))
-  {
-    if(verbose)
-    D (debug_file, "mysql_stmt_close() failed %s", mysql_stmt_error(stmt));
-    return retval;
-  }
-
+end_connection:
   mysql_close(con);
   mysql_library_end();
-
   return retval;
 }
 #endif

Original file line number	Diff line number	Diff line change
`@@ -138,16 +138,16 @@ check_user_token_mysql(const char *mysql_server,`
`138`	`138`	`int int_data;`
`139`	`139`	`int row_count;`
`140`	`140`
`141`		`- if(mysql_library_init(0, NULL, NULL)){`
`142`		`- if(verbose){`
`143`		`- D (debug_file, "could not initialize MySQL client library");`
`144`		`- }`
`145`		`-`
	`141`	`+ if(mysql_library_init(0, NULL, NULL))`
	`142`	`+ {`
	`143`	`+ if(verbose)`
	`144`	`+ D (debug_file, "could not initialize MySQL client library");`
`146`	`145`	`return retval;`
`147`	`146`	`}`
`148`	`147`
`149`	`148`	`con = mysql_init(con);`
`150`		`- if(!con) {`
	`149`	`+ if(!con)`
	`150`	`+ {`
`151`	`151`	`if(verbose)`
`152`	`152`	`D (debug_file, "out of memorys");`
`153`	`153`	`return retval;`
`@@ -164,27 +164,30 @@ check_user_token_mysql(const char *mysql_server,`
`164`	`164`	`if(!stmt)`
`165`	`165`	`{`
`166`	`166`	`if(verbose)`
`167`		`- D (debug_file, "Connection failed ... 2");`
`168`		`- return retval;`
	`167`	`+ D (debug_file, "Handler failed ...");`
	`168`	`+`
	`169`	`+ goto end_connection;`
`169`	`170`	`}`
`170`	`171`
`171`		`- const char *sql = "SELECT count(username) FROM yubikey_mappings WHERE username = ?;";`
`172`		`- const char *sql2 = "SELECT count(username) FROM yubikey_mappings WHERE username = ? and otp_id = ?;";`
	`172`	`+ const char *sql = "SELECT count(username) FROM yubikey_mappings WHERE username = ?";`
	`173`	`+ const char *sql2 = "SELECT count(username) FROM yubikey_mappings WHERE username = ? and otp_id = ?";`
`173`	`174`
`174`	`175`	`if(otp_id == NULL)`
`175`	`176`	`{`
`176`	`177`	`if(mysql_stmt_prepare(stmt, sql, strlen(sql)))`
`177`	`178`	`{`
`178`	`179`	`if(verbose)`
`179`	`180`	`D (debug_file, "mysql_stmt_prepare() failed %s", mysql_stmt_error(stmt));`
`180`		`- return retval;`
	`181`	`+ goto end_connection;`
`181`	`182`	`}`
`182`		`- }else{`
	`183`	`+ }`
	`184`	`+ else`
	`185`	`+ {`
`183`	`186`	`if(mysql_stmt_prepare(stmt, sql2, strlen(sql2)))`
`184`	`187`	`{`
`185`	`188`	`if(verbose)`
`186`	`189`	`D (debug_file, "mysql_stmt_prepare() failed %s", mysql_stmt_error(stmt));`
`187`		`- return retval;`
	`190`	`+ goto end_connection;`
`188`	`191`	`}`
`189`	`192`	`}`
`190`	`193`
`@@ -208,14 +211,14 @@ check_user_token_mysql(const char *mysql_server,`
`208`	`211`	`{`
`209`	`212`	`if(verbose)`
`210`	`213`	`D (debug_file, "mysql_stmt_bind_param() failed %s", mysql_stmt_error(stmt));`
`211`		`- return retval;`
	`214`	`+ goto end_connection;`
`212`	`215`	`}`
`213`	`216`
`214`	`217`	`if(mysql_stmt_execute(stmt))`
`215`	`218`	`{`
`216`	`219`	`if(verbose)`
`217`	`220`	`D (debug_file, "mysql_stmt_execute() failed %s", mysql_stmt_error(stmt));`
`218`		`- return retval;`
	`221`	`+ goto end_connection;`
`219`	`222`	`}`
`220`	`223`
`221`	`224`	`memset(bind, 0, sizeof(bind));`
`@@ -227,57 +230,60 @@ check_user_token_mysql(const char *mysql_server,`
`227`	`230`	`{`
`228`	`231`	`if(verbose)`
`229`	`232`	`D (debug_file, "mysql_stmt_bind_result() failed %s", mysql_stmt_error(stmt));`
	`233`	`+ goto end_connection;`
`230`	`234`	`}`
`231`	`235`
`232`	`236`	`if(mysql_stmt_store_result(stmt))`
`233`	`237`	`{`
`234`	`238`	`if(verbose)`
`235`	`239`	`D (debug_file, "mysql_stmt_store_result() failed %s", mysql_stmt_error(stmt));`
`236`		`- return retval;`
	`240`	`+ goto end_connection;`
	`241`	`+ }`
	`242`	`+`
	`243`	`+ if(mysql_stmt_close(stmt))`
	`244`	`+ {`
	`245`	`+ if(verbose)`
	`246`	`+ D (debug_file, "mysql_stmt_close() failed %s", mysql_stmt_error(stmt));`
	`247`	`+ goto end_connection;`
`237`	`248`	`}`
`238`	`249`
`239`	`250`	`while(!mysql_stmt_fetch(stmt))`
`240`	`251`	`{`
`241`	`252`	`if(bind[0].is_null_value)`
`242`	`253`	`{`
	`254`	`+ if(verbose)`
`243`	`255`	`D (debug_file, "mysql_stmt_fetch() failed");`
	`256`	`+ goto end_connection;`
`244`	`257`	`}`
`245`	`258`	`else`
`246`	`259`	`{`
`247`	`260`	`if(otp_id != NULL){`
`248`	`261`	`if(int_data)`
`249`	`262`	`{`
`250`		`- return AUTH_FOUND;`
	`263`	`+ retval = AUTH_FOUND; /* User and token verified */`
`251`	`264`	`}`
`252`	`265`	`else`
`253`	`266`	`{`
`254`		`- return AUTH_NOT_FOUND;`
	`267`	`+ retval = AUTH_NOT_FOUND; /* User ok but bad token */`
`255`	`268`	`}`
`256`	`269`	`}`
`257`	`270`	`else if(otp_id == NULL)`
`258`	`271`	`{`
`259`	`272`	`if(int_data)`
`260`	`273`	`{`
`261`		`- return AUTH_NOT_FOUND;`
	`274`	`+ retval = AUTH_NOT_FOUND; /* We found at least one line for the user */`
`262`	`275`	`}`
`263`	`276`	`else`
`264`	`277`	`{`
`265`		`- return AUTH_NO_TOKENS;`
	`278`	`+ retval = AUTH_NO_TOKENS; /* We not found at least any line for the user */`
`266`	`279`	`}`
`267`	`280`	`}`
`268`	`281`	`}`
`269`	`282`	`}`
`270`	`283`
`271`		`- if(mysql_stmt_close(stmt))`
`272`		`- {`
`273`		`- if(verbose)`
`274`		`- D (debug_file, "mysql_stmt_close() failed %s", mysql_stmt_error(stmt));`
`275`		`- return retval;`
`276`		`- }`
`277`		`-`
	`284`	`+end_connection:`
`278`	`285`	`mysql_close(con);`
`279`	`286`	`mysql_library_end();`
`280`		`-`
`281`	`287`	`return retval;`
`282`	`288`	`}`
`283`	`289`	`#endif`