Mercurial > dovecot > core-2.2
changeset 4295:4fc637010202 HEAD
Escape SQL strings using sql_escape_string(). Fixes the problems with
PostgreSQL.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Wed, 31 May 2006 14:03:53 +0300 |
parents | 1a98cb709395 |
children | e4650b4f4e5a |
files | src/auth/auth-cache.c src/auth/auth-request.c src/auth/auth-request.h src/auth/db-ldap.c src/auth/db-ldap.h src/auth/db-passwd-file.c src/auth/db-sql.c src/auth/passdb-sql.c src/auth/userdb-sql.c |
diffstat | 9 files changed, 63 insertions(+), 17 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/auth-cache.c Wed May 31 14:02:50 2006 +0300 +++ b/src/auth/auth-cache.c Wed May 31 14:03:53 2006 +0300 @@ -164,7 +164,8 @@ str = t_str_new(256); var_expand(str, key, - auth_request_get_var_expand_table(request, str_escape)); + auth_request_get_var_expand_table(request, + auth_request_str_escape)); node = hash_lookup(cache->hash, str_c(str)); if (node == NULL) { @@ -197,7 +198,8 @@ str = t_str_new(256); var_expand(str, key, - auth_request_get_var_expand_table(request, str_escape)); + auth_request_get_var_expand_table(request, + auth_request_str_escape)); data_size = str_len(str) + 1 + value_len + 1; alloc_size = sizeof(struct cache_node) - sizeof(node->data) + data_size;
--- a/src/auth/auth-request.c Wed May 31 14:02:50 2006 +0300 +++ b/src/auth/auth-request.c Wed May 31 14:03:53 2006 +0300 @@ -570,7 +570,8 @@ t_push(); dest = t_str_new(256); - table = auth_request_get_var_expand_table(request, str_escape); + table = auth_request_get_var_expand_table(request, + auth_request_str_escape); var_expand(dest, request->auth->username_format, table); user = p_strdup(request->pool, str_c(dest)); t_pop(); @@ -843,14 +844,23 @@ return ret; } -static const char *escape_none(const char *str) +static const char * +escape_none(const char *string, + const struct auth_request *request __attr_unused__) { - return str; + return string; +} + +const char * +auth_request_str_escape(const char *string, + const struct auth_request *request __attr_unused__) +{ + return str_escape(string); } const struct var_expand_table * auth_request_get_var_expand_table(const struct auth_request *auth_request, - const char *(*escape_func)(const char *)) + auth_request_escape_func_t *escape_func) { static struct var_expand_table static_tab[] = { { 'u', NULL }, @@ -872,11 +882,12 @@ tab = t_malloc(sizeof(static_tab)); memcpy(tab, static_tab, sizeof(static_tab)); - tab[0].value = escape_func(auth_request->user); - tab[1].value = escape_func(t_strcut(auth_request->user, '@')); + tab[0].value = escape_func(auth_request->user, auth_request); + tab[1].value = escape_func(t_strcut(auth_request->user, '@'), + auth_request); tab[2].value = strchr(auth_request->user, '@'); if (tab[2].value != NULL) - tab[2].value = escape_func(tab[2].value+1); + tab[2].value = escape_func(tab[2].value+1, auth_request); tab[3].value = auth_request->service; /* tab[4] = we have no home dir */ if (auth_request->local_ip.family != 0) @@ -884,8 +895,10 @@ if (auth_request->remote_ip.family != 0) tab[6].value = net_ip2addr(&auth_request->remote_ip); tab[7].value = dec2str(auth_request->client_pid); - if (auth_request->mech_password != NULL) - tab[8].value = escape_func(auth_request->mech_password); + if (auth_request->mech_password != NULL) { + tab[8].value = escape_func(auth_request->mech_password, + auth_request); + } return tab; }
--- a/src/auth/auth-request.h Wed May 31 14:02:50 2006 +0300 +++ b/src/auth/auth-request.h Wed May 31 14:03:53 2006 +0300 @@ -16,6 +16,10 @@ AUTH_REQUEST_STATE_USERDB }; +typedef const char * +auth_request_escape_func_t(const char *string, + const struct auth_request *auth_request); + struct auth_request { int refcount; @@ -126,7 +130,9 @@ const struct var_expand_table * auth_request_get_var_expand_table(const struct auth_request *auth_request, - const char *(*escape_func)(const char *)); + auth_request_escape_func_t *escape_func); +const char *auth_request_str_escape(const char *string, + const struct auth_request *request); void auth_request_log_debug(struct auth_request *auth_request, const char *subsystem,
--- a/src/auth/db-ldap.c Wed May 31 14:02:50 2006 +0300 +++ b/src/auth/db-ldap.c Wed May 31 14:03:53 2006 +0300 @@ -351,7 +351,8 @@ #define IS_LDAP_ESCAPED_CHAR(c) \ ((c) == '*' || (c) == '(' || (c) == ')' || (c) == '\\') -const char *ldap_escape(const char *str) +const char *ldap_escape(const char *str, + const struct auth_request *auth_request __attr_unused__) { const char *p; string_t *ret;
--- a/src/auth/db-ldap.h Wed May 31 14:02:50 2006 +0300 +++ b/src/auth/db-ldap.h Wed May 31 14:03:53 2006 +0300 @@ -3,6 +3,7 @@ #include <ldap.h> +struct auth_request; struct ldap_connection; struct ldap_request; @@ -77,7 +78,8 @@ bool db_ldap_connect(struct ldap_connection *conn); -const char *ldap_escape(const char *str); +const char *ldap_escape(const char *str, + const struct auth_request *auth_request); const char *ldap_get_error(struct ldap_connection *conn); #endif
--- a/src/auth/db-passwd-file.c Wed May 31 14:02:50 2006 +0300 +++ b/src/auth/db-passwd-file.c Wed May 31 14:03:53 2006 +0300 @@ -367,7 +367,9 @@ i_free(db); } -static const char *path_fix(const char *path) +static const char * +path_fix(const char *path, + const struct auth_request *auth_request __attr_unused__) { const char *p;
--- a/src/auth/db-sql.c Wed May 31 14:02:50 2006 +0300 +++ b/src/auth/db-sql.c Wed May 31 14:03:53 2006 +0300 @@ -5,6 +5,7 @@ #if defined(PASSDB_SQL) || defined(USERDB_SQL) #include "settings.h" +#include "auth-request.h" #include "db-sql.h" #include <stddef.h>
--- a/src/auth/passdb-sql.c Wed May 31 14:02:50 2006 +0300 +++ b/src/auth/passdb-sql.c Wed May 31 14:03:53 2006 +0300 @@ -121,6 +121,15 @@ auth_request_unref(&auth_request); } +static const char * +passdb_sql_escape(const char *str, const struct auth_request *auth_request) +{ + struct passdb_module *_module = auth_request->passdb->passdb; + struct sql_passdb_module *module = (struct sql_passdb_module *)_module; + + return sql_escape_string(module->conn->db, str); +} + static void sql_lookup_pass(struct passdb_sql_request *sql_request) { struct passdb_module *_module = @@ -131,7 +140,7 @@ query = t_str_new(512); var_expand(query, module->conn->set.password_query, auth_request_get_var_expand_table(sql_request->auth_request, - str_escape)); + passdb_sql_escape)); auth_request_log_debug(sql_request->auth_request, "sql", "query: %s", str_c(query));
--- a/src/auth/userdb-sql.c Wed May 31 14:02:50 2006 +0300 +++ b/src/auth/userdb-sql.c Wed May 31 14:03:53 2006 +0300 @@ -100,6 +100,16 @@ i_free(sql_request); } +static const char * +userdb_sql_escape(const char *str, const struct auth_request *auth_request) +{ + struct userdb_module *_module = auth_request->userdb->userdb; + struct sql_userdb_module *module = + (struct sql_userdb_module *)_module; + + return sql_escape_string(module->conn->db, str); +} + static void userdb_sql_lookup(struct auth_request *auth_request, userdb_callback_t *callback) { @@ -112,7 +122,7 @@ query = t_str_new(512); var_expand(query, module->conn->set.user_query, auth_request_get_var_expand_table(auth_request, - str_escape)); + userdb_sql_escape)); auth_request_ref(auth_request); sql_request = i_new(struct userdb_sql_request, 1);