Use configurable queries instead of hardcoded ones.
Showing
2 changed files
with
93 additions
and
24 deletions
... | @@ -17,6 +17,74 @@ | ... | @@ -17,6 +17,74 @@ |
17 | 17 | ||
18 | extern void *xmalloc (size_t); | 18 | extern void *xmalloc (size_t); |
19 | 19 | ||
20 | static char * | ||
21 | sql_expand_query (const char *query, const char *username) | ||
22 | { | ||
23 | char *p, *q, *res; | ||
24 | int len; | ||
25 | |||
26 | if (!query) | ||
27 | return NULL; | ||
28 | |||
29 | /* Compute resulting query length */ | ||
30 | for (len = 0, p = query; *p; ) | ||
31 | { | ||
32 | if (*p == '%') | ||
33 | { | ||
34 | if (p[1] == 'u') | ||
35 | { | ||
36 | len += strlen (username); | ||
37 | p += 2; | ||
38 | } | ||
39 | else if (p[1] == '%') | ||
40 | { | ||
41 | len++; | ||
42 | p += 2; | ||
43 | } | ||
44 | else | ||
45 | { | ||
46 | len++; | ||
47 | p++; | ||
48 | } | ||
49 | } | ||
50 | else | ||
51 | { | ||
52 | len++; | ||
53 | p++; | ||
54 | } | ||
55 | } | ||
56 | |||
57 | res = malloc (len + 1); | ||
58 | if (!res) | ||
59 | return res; | ||
60 | |||
61 | for (p = query, q = res; *p; ) | ||
62 | { | ||
63 | if (*p == '%') | ||
64 | { | ||
65 | switch (*++p) | ||
66 | { | ||
67 | case 'u': | ||
68 | strcpy (q, username); | ||
69 | q += strlen (q); | ||
70 | p++; | ||
71 | break; | ||
72 | |||
73 | case '%': | ||
74 | *q++ = *p++; | ||
75 | break; | ||
76 | |||
77 | default: | ||
78 | *q++ = *p++; | ||
79 | } | ||
80 | } | ||
81 | else | ||
82 | *q++ = *p++; | ||
83 | } | ||
84 | *q = 0; | ||
85 | return res; | ||
86 | } | ||
87 | |||
20 | struct passwd * | 88 | struct passwd * |
21 | getMpwnam (const char *username) | 89 | getMpwnam (const char *username) |
22 | { | 90 | { |
... | @@ -40,18 +108,15 @@ getMpwnam (const char *username) | ... | @@ -40,18 +108,15 @@ getMpwnam (const char *username) |
40 | if (!m) | 108 | if (!m) |
41 | return NULL; | 109 | return NULL; |
42 | 110 | ||
43 | if (!mysql_real_connect (m, MHOST, MUSER, MPASS, MDB, MPORT, | 111 | if (!mysql_real_connect (m, sql_host, sql_user, sql_passwd, sql_db, sql_port, |
44 | MSOCKET, MFLAGS)) | 112 | sql_socket, MFLAGS)) |
45 | { | 113 | { |
46 | mu_error ("MySQL: connect failed: %s", mysql_error (m)); | 114 | mu_error ("MySQL: connect failed: %s", mysql_error (m)); |
47 | mysql_close (m); | 115 | mysql_close (m); |
48 | return NULL; | 116 | return NULL; |
49 | } | 117 | } |
50 | 118 | ||
51 | asprintf (&QueryStr, | 119 | QueryStr = sql_expand_query (sql_getpwnam_query, username); |
52 | "select %s,%s,%s,%s,%s from %s where %s = '%s'", | ||
53 | Mpassword, Muid, Mgid, Mhomedir, Mshell, Mtable, | ||
54 | Musername, username); | ||
55 | 120 | ||
56 | if (!QueryStr) | 121 | if (!QueryStr) |
57 | { | 122 | { |
... | @@ -127,17 +192,21 @@ getMspnam (const char *username) | ... | @@ -127,17 +192,21 @@ getMspnam (const char *username) |
127 | if (!m) | 192 | if (!m) |
128 | return NULL; | 193 | return NULL; |
129 | 194 | ||
130 | if (!mysql_real_connect (m, MHOST, MUSER, MPASS, MDB, MPORT, | 195 | if (!mysql_real_connect (m, sql_host, sql_user, sql_passwd, sql_db, sql_port, |
131 | MSOCKET, MFLAGS)) | 196 | sql_socket, MFLAGS)) |
132 | { | 197 | { |
133 | mu_error ("MySQL: connect failed: %s", mysql_error (m)); | 198 | mu_error ("MySQL: connect failed: %s", mysql_error (m)); |
134 | mysql_close (m); | 199 | mysql_close (m); |
135 | return NULL; | 200 | return NULL; |
136 | } | 201 | } |
137 | 202 | ||
138 | asprintf (&QueryStr, | 203 | QueryStr = sql_expand_query (sql_getpass_query, username); |
139 | "select %s from %s where %s = '%s'", | 204 | |
140 | Mpassword, Mtable, Musername, username); | 205 | if (!QueryStr) |
206 | { | ||
207 | mysql_close (m); | ||
208 | return NULL; | ||
209 | } | ||
141 | 210 | ||
142 | if (mysql_query (m, QueryStr) != 0) | 211 | if (mysql_query (m, QueryStr) != 0) |
143 | { | 212 | { | ... | ... |
1 | #include <config.h> | 1 | #include <config.h> |
2 | 2 | ||
3 | #ifdef HAVE_MYSQL | 3 | #ifdef HAVE_MYSQL |
4 | extern char *sql_getpwnam_query; | ||
5 | extern char *sql_getpass_query; | ||
6 | extern char *sql_host; | ||
7 | extern char *sql_user; | ||
8 | extern char *sql_passwd; | ||
9 | extern char *sql_db; | ||
10 | extern char *sql_socket; | ||
11 | extern int sql_port; | ||
12 | |||
13 | struct passwd *getMpwnam (const char *username); | ||
14 | struct spwd *getMspnam (const char *username); | ||
4 | 15 | ||
5 | #define MHOST NULL /* Hostname to connect to. NULL for UNIX | 16 | #define MHOST NULL /* Hostname to connect to. NULL for UNIX |
6 | socket connection */ | 17 | socket connection */ |
7 | #define MPORT 0 /* Port number to connect to. 0 means default | 18 | #define MPORT 0 /* Port number to connect to. 0 means default |
8 | MySQL port (3300) */ | 19 | MySQL port (3300) */ |
9 | #define MSOCKET NULL /* Socket name to use. Valid only if connecting | 20 | #define MSOCKET NULL /* Socket name to use. Valid only if |
10 | via UNIX sockets */ | 21 | connecting via UNIX sockets */ |
11 | #define MFLAGS 0 /* Special user flags. It is safe to leave | 22 | #define MFLAGS 0 /* Special user flags. It is safe to leave |
12 | this untouched */ | 23 | this untouched */ |
13 | #define MUSER "accounts" /* Username for mysql access */ | 24 | #define MUSER "accounts" /* Username for mysql access */ |
14 | #define MPASS "yurpass" /* Password for mysql access */ | 25 | #define MPASS "yurpass" /* Password for mysql access */ |
15 | #define MDB "accounts" /* Database Name */ | 26 | #define MDB "accounts" /* Database Name */ |
16 | #define Mtable "users" /* Table Name */ | ||
17 | #define Musername "username" /* username field */ | ||
18 | #define Muid "uid" /* uid field */ | ||
19 | #define Mgid "gid" /* gid field */ | ||
20 | #define Mpassword "password" /* password field */ | ||
21 | #define Mhomedir "homedir" /* homedir field */ | ||
22 | #define Mshell "shell" /* shell field */ | ||
23 | #define Mcomment "comment" /* comment field */ | ||
24 | |||
25 | struct passwd *getMpwnam (const char *username); | ||
26 | struct spwd *getMspnam (const char *username); | ||
27 | 27 | ||
28 | 28 | ||
29 | #endif /* HAVE_MYSQL */ | 29 | #endif /* HAVE_MYSQL */ | ... | ... |
-
Please register or sign in to post a comment