From c0408694e96ce9d22a01a69150aabf44fe2a3e29 Mon Sep 17 00:00:00 2001
From: Benjamin <benjamin@cybercorp.fr>
Date: Wed, 28 Jul 2021 11:47:11 +0200
Subject: [PATCH] Refactoring for ISSUE
 https://github.com/Yubico/yubico-pam/issues/230

---
 pam_yubico.c |  2 +-
 util.c       | 55 ++++++++++++++++++++++++++++------------------------
 2 files changed, 31 insertions(+), 26 deletions(-)

diff --git a/pam_yubico.c b/pam_yubico.c
index 5d5236c..8bac434 100644
--- a/pam_yubico.c
+++ b/pam_yubico.c
@@ -177,7 +177,7 @@ authorize_user_token (struct cfg *cfg,
       /* Administrator had configured the database and specified is name
         as an argument for this module.
       */
-      DBG ("Using Mariadb or Mysql Database");
+      DBG ("Using Mariadb or Mysql Database V1");
       retval = check_user_token_mysql(cfg->mysql_server, cfg->mysql_port, cfg->mysql_user, cfg->mysql_password, cfg->mysql_database, username, otp_id, cfg->debug, cfg->debug_file);
 #else
       DBG (("Trying to use MYSQL, but this function is not compiled in pam_yubico!!"));
diff --git a/util.c b/util.c
index dd9e01e..2c45273 100644
--- a/util.c
+++ b/util.c
@@ -138,16 +138,16 @@ check_user_token_mysql(const char *mysql_server,
   int int_data;
   int row_count;
 
-  if(mysql_library_init(0, NULL, NULL)){
-    if(verbose){
-      D (debug_file, "could not initialize MySQL client library");
-    }
-
+  if(mysql_library_init(0, NULL, NULL))
+  {
+    if(verbose)
+    D (debug_file, "could not initialize MySQL client library");
     return retval;
   }
 
   con = mysql_init(con);
-  if(!con) {
+  if(!con)
+  {
     if(verbose)
 	  D (debug_file, "out of memorys");
     return retval;
@@ -164,12 +164,13 @@ check_user_token_mysql(const char *mysql_server,
   if(!stmt)
   {
     if(verbose)
-    D (debug_file, "Connection failed ... 2");
-    return retval;
+    D (debug_file, "Handler failed ...");
+    
+    goto end_connection;
   }
 
-  const char *sql = "SELECT count(username) FROM yubikey_mappings WHERE username = ?;";
-  const char *sql2 = "SELECT count(username) FROM yubikey_mappings WHERE username = ? and otp_id = ?;";
+  const char *sql = "SELECT count(username) FROM yubikey_mappings WHERE username = ?";
+  const char *sql2 = "SELECT count(username) FROM yubikey_mappings WHERE username = ? and otp_id = ?";
 
   if(otp_id == NULL)
   {
@@ -177,14 +178,16 @@ check_user_token_mysql(const char *mysql_server,
     {
       if(verbose)
 	    D (debug_file, "mysql_stmt_prepare() failed %s", mysql_stmt_error(stmt));
-      return retval;
+      goto end_connection;
     }
-  }else{
+  }
+  else
+  {
     if(mysql_stmt_prepare(stmt, sql2, strlen(sql2)))
     {
       if(verbose)
 	    D (debug_file, "mysql_stmt_prepare() failed %s", mysql_stmt_error(stmt));
-      return retval;
+      goto end_connection;
     }
   }
 
@@ -208,14 +211,14 @@ check_user_token_mysql(const char *mysql_server,
   {
     if(verbose)
     D (debug_file, "mysql_stmt_bind_param() failed %s", mysql_stmt_error(stmt));
-    return retval;
+    goto end_connection;
   }
 
   if(mysql_stmt_execute(stmt))
   {
     if(verbose)
     D (debug_file, "mysql_stmt_execute() failed %s", mysql_stmt_error(stmt));
-    return retval;
+    goto end_connection;
   }
 
   memset(bind, 0, sizeof(bind));
@@ -227,58 +230,60 @@ check_user_token_mysql(const char *mysql_server,
   {
     if(verbose)
     D (debug_file, "mysql_stmt_bind_result() failed %s", mysql_stmt_error(stmt));
+    goto end_connection;
   }
 
   if(mysql_stmt_store_result(stmt))
   {
     if(verbose)
     D (debug_file, "mysql_stmt_store_result() failed %s", mysql_stmt_error(stmt));
-    return retval;
+    goto end_connection;
   }
 
-  /* we need to close the connection before the return */
   if(mysql_stmt_close(stmt))
   {
     if(verbose)
     D (debug_file, "mysql_stmt_close() failed %s", mysql_stmt_error(stmt));
-    return retval;
+    goto end_connection;
   }
 
-  mysql_close(con);
-  mysql_library_end();
-
   while(!mysql_stmt_fetch(stmt))
   {
     if(bind[0].is_null_value)
     {
+      if(verbose)
       D (debug_file, "mysql_stmt_fetch() failed");
+      goto end_connection;
     }
     else
     {
       if(otp_id != NULL){
         if(int_data)
         {
-          return AUTH_FOUND; /* User and token verified */
+          retval = AUTH_FOUND; /* User and token verified */
         }
         else
         {
-          return AUTH_NOT_FOUND; /* User ok but bad token */
+          retval = AUTH_NOT_FOUND; /* User ok but bad token */
         }
       }
       else if(otp_id == NULL)
       {
         if(int_data)
         {
-          return AUTH_NOT_FOUND; /* We found at least one line for the user */
+          retval = AUTH_NOT_FOUND; /* We found at least one line for the user */
         }
         else
         {
-          return AUTH_NO_TOKENS; /* We not found at least any line for the user */
+          retval = AUTH_NO_TOKENS; /* We not found at least any line for the user */
         }
       }
     }
   }
 
+end_connection:
+  mysql_close(con);
+  mysql_library_end();
   return retval;
 }
 #endif