Blame view

sql/mysql.c 8.36 KB
1
/* GNU Mailutils -- a suite of utilities for electronic mail
2 3
   Copyright (C) 2004, 2005, 2006, 2007, 2009, 2010 Free Software
   Foundation, Inc.
4 5 6 7

   This library is free software; you can redistribute it and/or
   modify it under the terms of the GNU Lesser General Public
   License as published by the Free Software Foundation; either
8
   version 3 of the License, or (at your option) any later version.
9 10 11 12 13 14

   This library is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   Lesser General Public License for more details.

15
   You should have received a copy of the GNU Lesser General
16 17
   Public License along with this library.  If not, see 
   <http://www.gnu.org/licenses/>. */
18 19 20 21

#ifdef HAVE_CONFIG_H
# include <config.h>
#endif
22
#include <mailutils/cctype.h>
23 24 25 26 27
#include <mailutils/mailutils.h>
#include <mailutils/sql.h>

#include <mysql/mysql.h>
#include <mysql/errmsg.h>
28
#include <mailutils/sha1.h>
29 30 31 32

struct mu_mysql_data
{
  MYSQL *mysql;
33
  MYSQL_RES *result;
34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63
};
  

static int 
do_mysql_query (mu_sql_connection_t conn, char *query)
{
  int rc;
  int i;
  MYSQL *mysql;

  for (i = 0; i < 10; i++)
    {
      mysql = ((struct mu_mysql_data*)conn->data)->mysql;
      rc = mysql_query (mysql, query);
      if (rc && mysql_errno (mysql) == CR_SERVER_GONE_ERROR)
	{
	  /* Reconnect? */
	  mu_sql_disconnect (conn);
	  mu_sql_connect (conn);
	  continue;
	}
      break;
    }
  return rc;
}

/* ************************************************************************* */
/* Interface routines */

static int
64
mu_mysql_init (mu_sql_connection_t conn)
65 66 67 68 69 70 71 72 73
{
  struct mu_mysql_data *mp = calloc (1, sizeof (*mp));
  if (!mp)
    return ENOMEM;
  conn->data = mp;
  return 0;
}

static int
74
mu_mysql_destroy (mu_sql_connection_t conn)
75 76 77 78 79 80 81 82 83 84
{
  struct mu_mysql_data *mp = conn->data;
  free (mp->mysql);
  free (mp);
  conn->data = NULL;
  return 0;
}
  

static int
85
mu_mysql_connect (mu_sql_connection_t conn)
86 87
{
  struct mu_mysql_data *mp = conn->data;
88
  char *host, *socket_name = NULL;
89 90 91 92 93 94 95
  
  mp->mysql = malloc (sizeof(MYSQL));
  if (!mp->mysql)
    return ENOMEM;
  
  mysql_init (mp->mysql);

96
  if (conn->server && conn->server[0] == '/')
97 98 99 100 101 102 103 104 105 106 107 108 109 110
    {
      host = "localhost";
      socket_name = conn->server;
    }
  else
    host = conn->server;
  
  if (!mysql_real_connect(mp->mysql, 
			  host,
			  conn->login,
			  conn->password,
			  conn->dbname,
			  conn->port,
			  socket_name,
111
			  CLIENT_MULTI_RESULTS))
112 113 114 115 116 117
    return MU_ERR_SQL;
  
  return 0;
}

static int 
118
mu_mysql_disconnect (mu_sql_connection_t conn)
119 120 121 122 123 124 125 126 127 128
{
  struct mu_mysql_data *mp = conn->data;
  
  mysql_close (mp->mysql);
  free (mp->mysql);
  mp->mysql = NULL;  
  return 0;
}

static int
129
mu_mysql_query (mu_sql_connection_t conn, char *query)
130 131 132 133 134 135 136 137
{
  if (do_mysql_query (conn, query)) 
    return MU_ERR_SQL;
  return 0;
}


static int
138
mu_mysql_store_result (mu_sql_connection_t conn)
139 140 141 142 143 144 145 146 147 148 149 150
{
  struct mu_mysql_data *mp = conn->data;
  if (!(mp->result = mysql_store_result (mp->mysql)))
    {
      if (mysql_errno (mp->mysql))
	return MU_ERR_SQL;
      return MU_ERR_NO_RESULT;
    }
  return 0;
}

static int
151
mu_mysql_release_result (mu_sql_connection_t conn)
152 153 154
{
  struct mu_mysql_data *mp = conn->data;
  mysql_free_result (mp->result);
155
  mp->result = NULL;
156 157 158 159
  return 0;
}

static int
160
mu_mysql_num_columns (mu_sql_connection_t conn, size_t *np)
161 162 163 164 165 166 167
{
  struct mu_mysql_data *mp = conn->data;
  *np = mysql_num_fields (mp->result);
  return 0;
}

static int
168
mu_mysql_num_tuples (mu_sql_connection_t conn, size_t *np)
169 170 171 172 173 174 175
{
  struct mu_mysql_data *mp = conn->data;
  *np = mysql_num_rows (mp->result);
  return 0;
}

static int
176 177
mu_mysql_get_column (mu_sql_connection_t conn, size_t nrow, size_t ncol,
		     char **pdata)
178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193
{
  struct mu_mysql_data *mp = conn->data;
  MYSQL_ROW row;

  if (nrow >= mysql_num_rows (mp->result)
      || ncol >= mysql_num_fields (mp->result))
    return MU_ERR_BAD_COLUMN;
  
  mysql_data_seek (mp->result, nrow);
  row = mysql_fetch_row (mp->result);
  if (!row)
    return MU_ERR_BAD_COLUMN;
  *pdata = row[ncol];
  return 0;
}

194
static int
195 196
mu_mysql_get_field_number (mu_sql_connection_t conn, const char *fname,
			   size_t *fno)
197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215
{
  struct mu_mysql_data *mp = conn->data;
  MYSQL_FIELD *fields;
  size_t nf, i;
  
  if (!mp->result)
    return MU_ERR_NO_RESULT;

  fields = mysql_fetch_fields (mp->result);
  nf = mysql_num_fields (mp->result);
  for (i = 0; i < nf; i++)
    if (strcmp (fname, fields[i].name) == 0)
      {
	*fno = i;
	return 0;
      }
  return MU_ERR_NOENT;
}

216
static const char *
217
mu_mysql_errstr (mu_sql_connection_t conn)
218 219 220 221 222
{
  struct mu_mysql_data *mp = conn->data;
  return mysql_error (mp->mysql);
}

223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277

/* MySQL scrambled password support */

/* Convert a single hex digit to corresponding number */
static unsigned 
digit_to_number (char c)
{
  return (unsigned) (c >= '0' && c <= '9' ? c-'0' :
                     c >= 'A' && c <= 'Z' ? c-'A'+10 :
                     c-'a'+10);
}

/* Extract salt value from MySQL scrambled password.
   
   WARNING: The code assumes that
       1. strlen (password) % 8 == 0
       2. number_of_entries (RES) = strlen (password) / 8

   For MySQL >= 3.21, strlen(password) == 16 */
static void
get_salt_from_scrambled (unsigned long *res, const char *password)
{
  res[0] = res[1] = 0;
  while (*password)
    {
      unsigned long val = 0;
      unsigned i;

      for (i = 0; i < 8 ; i++)
        val = (val << 4) + digit_to_number (*password++);
      *res++ = val;
    }
}

/* Scramble a plaintext password */
static void
scramble_password (unsigned long *result, const char *password)
{
  unsigned long nr = 1345345333L, add = 7, nr2 = 0x12345671L;
  unsigned long tmp;

  for (; *password ; password++)
    {
      if (*password == ' ' || *password == '\t')
        continue;                   
      tmp = (unsigned long) (unsigned char) *password;
      nr ^= (((nr & 63) + add) * tmp)+ (nr << 8);
      nr2 += (nr2 << 8) ^ nr;
      add += tmp;
    }

  result[0] = nr & (((unsigned long) 1L << 31) -1L);
  result[1] = nr2 & (((unsigned long) 1L << 31) -1L);
}

278
static void
279
mu_octet_to_hex (char *to, const unsigned char *str, unsigned len)
280
{
281
  const unsigned char *str_end= str + len;
282 283 284 285 286 287 288 289 290 291 292
  static char d[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";

  for ( ; str != str_end; ++str)
    {
      *to++ = d[(*str & 0xF0) >> 4];
      *to++ = d[*str & 0x0F];
    }
  *to= '\0';
}

#define SHA1_HASH_SIZE 20
293
static int
294 295
mu_check_mysql_4x_password (const char *scrambled, const char *message)
{
296
  struct mu_sha1_ctx sha1_context;
297
  unsigned char hash_stage2[SHA1_HASH_SIZE];
298 299 300
  char to[2*SHA1_HASH_SIZE + 2];

  /* stage 1: hash password */
301 302 303
  mu_sha1_init_ctx (&sha1_context);
  mu_sha1_process_bytes (message, strlen (message), &sha1_context);
  mu_sha1_finish_ctx (&sha1_context, to);
304 305

  /* stage 2: hash stage1 output */
306 307 308
  mu_sha1_init_ctx (&sha1_context);
  mu_sha1_process_bytes (to, SHA1_HASH_SIZE, &sha1_context);
  mu_sha1_finish_ctx (&sha1_context, hash_stage2);
309 310

  /* convert hash_stage2 to hex string */
311
  to[0] = '*';
312
  mu_octet_to_hex (to + 1, hash_stage2, SHA1_HASH_SIZE);
313 314 315 316 317

  /* Compare both strings */
  return memcmp (to, scrambled, strlen (scrambled));
}

318 319
static int
mu_check_mysql_3x_password (const char *scrambled, const char *message)
320 321 322 323
{
  unsigned long hash_pass[2], hash_message[2];
  char buf[17];

324 325 326
  memcpy (buf, scrambled, 16);
  buf[16] = 0;
  scrambled = buf;
327
  
328
  get_salt_from_scrambled (hash_pass, scrambled);
329
  scramble_password (hash_message, message);
330 331 332 333
  return !(hash_message[0] == hash_pass[0]
	   && hash_message[1] == hash_pass[1]);
}

334 335 336 337 338 339 340 341 342
/* Check whether a plaintext password MESSAGE matches MySQL scrambled password
   PASSWORD */
int
mu_check_mysql_scrambled_password (const char *scrambled, const char *message)
{
  const char *p;

  /* Try to normalize it by cutting off trailing whitespace */
  for (p = scrambled + strlen (scrambled) - 1;
343
       p > scrambled && mu_isspace (*p); p--)
344 345 346 347 348 349 350 351 352 353 354
    ;
  switch (p - scrambled)
    {
    case 15:
      return mu_check_mysql_3x_password (scrambled, message);
    case 40:
      return mu_check_mysql_4x_password (scrambled, message);
    }
  return 1;
}

355 356

/* Register module */
357 358 359
MU_DECL_SQL_DISPATCH_T(mysql) = {
  "mysql",
  3306,
360 361 362 363 364 365 366 367 368 369 370 371
  mu_mysql_init,
  mu_mysql_destroy,
  mu_mysql_connect,
  mu_mysql_disconnect,
  mu_mysql_query,
  mu_mysql_store_result,
  mu_mysql_release_result,
  mu_mysql_num_tuples,
  mu_mysql_num_columns,
  mu_mysql_get_column,
  mu_mysql_get_field_number,
  mu_mysql_errstr,
372 373
};