pam_mysql: optionally read MySQL default file

* doc/pam-modules.texi: Document new MySQL statements.
* pam_sql/pam_mysql.c (mysql_do_query): Use MySQL default file/group,
if specified.
(gpam_sql_verify_user_pass): Fix handling of "setenv-query".
* pam_sql/pam_pgsql.c (gpam_sql_verify_user_pass): Likewise.
* pam_sql/pam_sql.c (gpam_sql_get_query): Return PAM_AUTHINFO_UNAVAIL
if the keyword is not defined in the environment.

doc/pam-modules.texi

@@ -905,6 +905,16 @@ only if your database is running on a port different from the standard.
 @xkwindex{pass, described}
 @item pass @var{password}
    Sets @acronym{SQL} user password.
+
+@xkwindex{default-file, described}
+@item default-file @var{file}
+Name of the MySQL @dfn{default file}, i.e. file containing database
+connection parameters and authentication credentials.
+
+@xkwindex{default-group, described}
+@item default-group @var{name}
+Name of the @dfn{group} in MySQL default file to use.  Default is
+@samp{mysql}.
 @end table
 
 @node sql auth

pam_sql/pam_mysql.c

@@ -262,24 +262,30 @@ static int
 mysql_do_query(MYSQL *mysql, const char *query)
 {
 	char *socket_path = NULL;
-	char *hostname;
-	char *login;
-	char *pass;
-	char *db;
-	char *port;
+	char *default_file = gpam_sql_find_config("default-file");
+	char *default_group = gpam_sql_find_config("default-group");
+	char *hostname = gpam_sql_find_config("host");
+	char *login = gpam_sql_find_config("login");
+	char *pass = gpam_sql_find_config("pass");
+	char *db = gpam_sql_find_config("db");
+	char *port = gpam_sql_find_config("port");
 	int portno;
 	char *p;
+
+	if (!default_file) {
+		CHKVAR(hostname);
+		CHKVAR(login);
+		CHKVAR(pass);
+		CHKVAR(db);
+	}
 	
-	hostname = gpam_sql_find_config("host");
-	CHKVAR(hostname);
-	if (hostname[0] == '/') {
+	if (hostname && hostname[0] == '/') {
 		socket_path = hostname;
 		hostname = "localhost";
 	}
 	
-	port = gpam_sql_find_config("port");
-	if (!port)
-		portno = 3306;
+	if (!port) 
+		portno = default_file == NULL ? 3306 : 0;
 	else {
 		portno = strtoul (port, &p, 0);
 		if (*p) {
@@ -287,18 +293,16 @@ mysql_do_query(MYSQL *mysql, const char *query)
 			return PAM_SERVICE_ERR;                       
 		}
 	}
-	
-	login = gpam_sql_find_config("login");
-	CHKVAR(login);
-
-	pass = gpam_sql_find_config("pass");
-	CHKVAR(pass);
-
-	db = gpam_sql_find_config("db");
-	CHKVAR(db);
 
 	mysql_init(mysql);
 
+	if (default_file)
+		mysql_options (mysql, MYSQL_READ_DEFAULT_FILE,
+			       default_file);
+	if (default_group)
+		mysql_options (mysql, MYSQL_READ_DEFAULT_GROUP,
+			       default_group);	
+	
 	if (!mysql_real_connect(mysql, hostname,
 				login, pass, db,
 				portno, socket_path, CLIENT_MULTI_RESULTS)) {
@@ -364,11 +368,12 @@ gpam_sql_verify_user_pass(pam_handle_t *pamh, const char *password,
 		   `make check-sql-config' in doc:
 		   gpam_sql_find_config("setenv-query") */
 		if (rc == PAM_SUCCESS) {
-			rc = gpam_sql_get_query(pamh, "setenv-query", 0, &q);
-			if (rc == PAM_SUCCESS) {
+			int rc1 = gpam_sql_get_query(pamh, "setenv-query", 0, &q);
+			if (rc1 == PAM_SUCCESS) {
 				mysql_setenv(pamh, &mysql, q);
 				free(q);
-			}
+			} else if (rc1 != PAM_AUTHINFO_UNAVAIL)
+				rc = rc1;
 		}
 		mysql_close(&mysql);
 	}

pam_sql/pam_pgsql.c

@@ -154,11 +154,12 @@ gpam_sql_verify_user_pass(pam_handle_t *pamh, const char *password,
 		   `make check-sql-config' in doc:
 		   gpam_sql_find_config("setenv-query") */
 		if (rc == PAM_SUCCESS) {
-			rc = gpam_sql_get_query(pamh, "setenv-query", 0, &query);
-			if (rc == PAM_SUCCESS) {
+			int rc1 = gpam_sql_get_query(pamh, "setenv-query", 0, &query);
+			if (rc1 == PAM_SUCCESS) {
 				pgsql_setenv(pamh, pgconn, query);
 				free(query);
-			}
+			} else if (rc1 != PAM_AUTHINFO_UNAVAIL)
+				rc = rc1;
 		}
 	}
 

pam_sql/pam_sql.c

@@ -170,10 +170,8 @@ gpam_sql_get_query(pam_handle_t *pamh, const char *name, int required,
 		if (required) {
 			_pam_log(LOG_ERR, "%s: %s not defined",
 				 gpam_sql_config_file, name);
-			return PAM_AUTHINFO_UNAVAIL;
 		}
-		*retptr = NULL;
-		return PAM_SUCCESS;
+		return PAM_AUTHINFO_UNAVAIL;
 	}
 	
 	rc = gray_expand_string(pamh, query, retptr);