Use configurable queries instead of hardcoded ones.

@@ -17,6 +17,74 @@
 
 
 extern void *xmalloc (size_t);
 extern void *xmalloc (size_t);
 
 
+static char *
+sql_expand_query (const char *query, const char *username)
+{
+  char *p, *q, *res;
+  int len;
+
+  if (!query)
+    return NULL;
+  
+  /* Compute resulting query length */
+  for (len = 0, p = query; *p; )
+    {
+      if (*p == '%')
+	{
+	  if (p[1] == 'u')
+	    {
+	      len += strlen (username);
+	      p += 2;
+	    }
+	  else if (p[1] == '%')
+	    {
+	      len++;
+	      p += 2;
+	    }
+	  else
+	    {
+	      len++;
+	      p++;
+	    }
+	}
+      else
+	{
+	  len++;
+	  p++;
+	}
+    }
+
+  res = malloc (len + 1);
+  if (!res)
+    return res;
+
+  for (p = query, q = res; *p; )
+    {
+      if (*p == '%')
+	{
+	  switch (*++p)
+	    {
+	    case 'u':
+	      strcpy (q, username);
+	      q += strlen (q);
+	      p++;
+	      break;
+	      
+	    case '%':
+	      *q++ = *p++;
+	      break;
+	      
+	    default:
+	      *q++ = *p++;
+	    }
+	}
+      else
+	*q++ = *p++;
+    }
+  *q = 0;
+  return res;
+}
+
 struct passwd *
 struct passwd *
 getMpwnam (const char *username)
 getMpwnam (const char *username)
 {
 {
@@ -40,18 +108,15 @@ getMpwnam (const char *username)
   if (!m)
   if (!m)
     return NULL;
     return NULL;
 
 
-  if (!mysql_real_connect (m, MHOST, MUSER, MPASS, MDB, MPORT,
-			   MSOCKET, MFLAGS))
+  if (!mysql_real_connect (m, sql_host, sql_user, sql_passwd, sql_db, sql_port,
+			   sql_socket, MFLAGS))
     {
     {
       mu_error ("MySQL: connect failed: %s", mysql_error (m));
       mu_error ("MySQL: connect failed: %s", mysql_error (m));
       mysql_close (m);
       mysql_close (m);
       return NULL;
       return NULL;
     }
     }
-  
-  asprintf (&QueryStr,
-	   "select %s,%s,%s,%s,%s from %s where %s = '%s'",
-	   Mpassword, Muid, Mgid, Mhomedir, Mshell, Mtable,
-	   Musername, username);
+
+  QueryStr = sql_expand_query (sql_getpwnam_query, username);
 
 
   if (!QueryStr)
   if (!QueryStr)
     {
     {
@@ -127,17 +192,21 @@ getMspnam (const char *username)
   if (!m)
   if (!m)
     return NULL;
     return NULL;
   
   
-  if (!mysql_real_connect (m, MHOST, MUSER, MPASS, MDB, MPORT,
-			   MSOCKET, MFLAGS))
+  if (!mysql_real_connect (m, sql_host, sql_user, sql_passwd, sql_db, sql_port,
+			   sql_socket, MFLAGS))
     {
     {
       mu_error ("MySQL: connect failed: %s", mysql_error (m));
       mu_error ("MySQL: connect failed: %s", mysql_error (m));
       mysql_close (m);
       mysql_close (m);
       return NULL;
       return NULL;
     }
     }
 
 
-  asprintf (&QueryStr,
-	    "select %s from %s where %s = '%s'",
-	    Mpassword, Mtable, Musername, username);
+  QueryStr = sql_expand_query (sql_getpass_query, username);
+
+  if (!QueryStr)
+    {
+      mysql_close (m);
+      return NULL;
+    }
 
 
   if (mysql_query (m, QueryStr) != 0)
   if (mysql_query (m, QueryStr) != 0)
     {
     {

 #include <config.h>
 #include <config.h>
 
 
 #ifdef HAVE_MYSQL
 #ifdef HAVE_MYSQL
+extern char *sql_getpwnam_query;
+extern char *sql_getpass_query;
+extern char *sql_host;
+extern char *sql_user;
+extern char *sql_passwd;
+extern char *sql_db;
+extern char *sql_socket; 
+extern int  sql_port;
+
+struct passwd *getMpwnam (const char *username);
+struct spwd *getMspnam (const char *username);
 
 
 #define MHOST NULL              /* Hostname to connect to. NULL for UNIX
 #define MHOST NULL              /* Hostname to connect to. NULL for UNIX
-				   socket connection */ 
+                                   socket connection */
 #define MPORT 0                 /* Port number to connect to. 0 means default
 #define MPORT 0                 /* Port number to connect to. 0 means default
-				   MySQL port (3300) */
-#define MSOCKET NULL            /* Socket name to use. Valid only if connecting
-				   via UNIX sockets */
+	                           MySQL port (3300) */
+#define MSOCKET NULL            /* Socket name to use. Valid only if
+				   connecting via UNIX sockets */
 #define MFLAGS 0                /* Special user flags. It is safe to leave
 #define MFLAGS 0                /* Special user flags. It is safe to leave
 				   this untouched */
 				   this untouched */
-#define MUSER "accounts"	/* Username for mysql access */
-#define MPASS "yurpass"		/* Password for mysql access */
-#define MDB "accounts"		/* Database Name */
-#define Mtable "users"		/* Table Name */
-#define Musername "username"	/* username field */
-#define Muid "uid"		/* uid field */
-#define Mgid "gid"		/* gid field */
-#define Mpassword "password"	/* password field */
-#define Mhomedir "homedir"	/* homedir field */
-#define Mshell "shell"		/* shell field */
-#define Mcomment "comment"	/* comment field */
-
-struct passwd *getMpwnam (const char *username);
-struct spwd *getMspnam (const char *username);
+#define MUSER "accounts"        /* Username for mysql access */
+#define MPASS "yurpass"         /* Password for mysql access */
+#define MDB "accounts"          /* Database Name */
 
 
 
 
 #endif /* HAVE_MYSQL */
 #endif /* HAVE_MYSQL */