[dovecot-cvs] dovecot/src/auth auth-cache.c, 1.17,
1.17.2.1 auth-request.c, 1.58, 1.58.2.1 auth-request.h, 1.27,
1.27.2.1 db-ldap.c, 1.41.2.1, 1.41.2.2 db-ldap.h, 1.20.2.1,
1.20.2.2 db-passwd-file.c, 1.25, 1.25.2.1 db-sql.c, 1.6,
1.6.2.1 passdb-sql.c, 1.27, 1.27.2.1 userdb-sql.c, 1.14, 1.14.2.1
cras at dovecot.org
cras at dovecot.org
Wed May 31 14:03:53 EEST 2006
- Previous message: [dovecot-cvs] dovecot/src/lib-sql driver-mysql.c, 1.17,
1.18 driver-pgsql.c, 1.10, 1.11 driver-sqlite.c, 1.5,
1.6 sql-api-private.h, 1.6, 1.7 sql-api.c, 1.8, 1.9 sql-api.h,
1.8, 1.9
- Next message: [dovecot-cvs] dovecot/src/auth auth-cache.c, 1.17,
1.18 auth-request.c, 1.58, 1.59 auth-request.h, 1.27,
1.28 db-ldap.c, 1.41, 1.42 db-ldap.h, 1.20,
1.21 db-passwd-file.c, 1.25, 1.26 db-sql.c, 1.6,
1.7 passdb-sql.c, 1.27, 1.28 userdb-sql.c, 1.14, 1.15
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv12092
Modified Files:
Tag: branch_1_0
auth-cache.c auth-request.c auth-request.h db-ldap.c db-ldap.h
db-passwd-file.c db-sql.c passdb-sql.c userdb-sql.c
Log Message:
Escape SQL strings using sql_escape_string(). Fixes the problems with
PostgreSQL.
Index: auth-cache.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-cache.c,v
retrieving revision 1.17
retrieving revision 1.17.2.1
diff -u -d -r1.17 -r1.17.2.1
--- auth-cache.c 14 Jan 2006 18:47:20 -0000 1.17
+++ auth-cache.c 31 May 2006 11:03:50 -0000 1.17.2.1
@@ -164,7 +164,8 @@
str = t_str_new(256);
var_expand(str, key,
- auth_request_get_var_expand_table(request, str_escape));
+ auth_request_get_var_expand_table(request,
+ auth_request_str_escape));
node = hash_lookup(cache->hash, str_c(str));
if (node == NULL) {
@@ -197,7 +198,8 @@
str = t_str_new(256);
var_expand(str, key,
- auth_request_get_var_expand_table(request, str_escape));
+ auth_request_get_var_expand_table(request,
+ auth_request_str_escape));
data_size = str_len(str) + 1 + value_len + 1;
alloc_size = sizeof(struct cache_node) - sizeof(node->data) + data_size;
Index: auth-request.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-request.c,v
retrieving revision 1.58
retrieving revision 1.58.2.1
diff -u -d -r1.58 -r1.58.2.1
--- auth-request.c 12 Apr 2006 14:36:58 -0000 1.58
+++ auth-request.c 31 May 2006 11:03:50 -0000 1.58.2.1
@@ -570,7 +570,8 @@
t_push();
dest = t_str_new(256);
- table = auth_request_get_var_expand_table(request, str_escape);
+ table = auth_request_get_var_expand_table(request,
+ auth_request_str_escape);
var_expand(dest, request->auth->username_format, table);
user = p_strdup(request->pool, str_c(dest));
t_pop();
@@ -843,14 +844,23 @@
return ret;
}
-static const char *escape_none(const char *str)
+static const char *
+escape_none(const char *string,
+ const struct auth_request *request __attr_unused__)
{
- return str;
+ return string;
+}
+
+const char *
+auth_request_str_escape(const char *string,
+ const struct auth_request *request __attr_unused__)
+{
+ return str_escape(string);
}
const struct var_expand_table *
auth_request_get_var_expand_table(const struct auth_request *auth_request,
- const char *(*escape_func)(const char *))
+ auth_request_escape_func_t *escape_func)
{
static struct var_expand_table static_tab[] = {
{ 'u', NULL },
@@ -872,11 +882,12 @@
tab = t_malloc(sizeof(static_tab));
memcpy(tab, static_tab, sizeof(static_tab));
- tab[0].value = escape_func(auth_request->user);
- tab[1].value = escape_func(t_strcut(auth_request->user, '@'));
+ tab[0].value = escape_func(auth_request->user, auth_request);
+ tab[1].value = escape_func(t_strcut(auth_request->user, '@'),
+ auth_request);
tab[2].value = strchr(auth_request->user, '@');
if (tab[2].value != NULL)
- tab[2].value = escape_func(tab[2].value+1);
+ tab[2].value = escape_func(tab[2].value+1, auth_request);
tab[3].value = auth_request->service;
/* tab[4] = we have no home dir */
if (auth_request->local_ip.family != 0)
@@ -884,8 +895,10 @@
if (auth_request->remote_ip.family != 0)
tab[6].value = net_ip2addr(&auth_request->remote_ip);
tab[7].value = dec2str(auth_request->client_pid);
- if (auth_request->mech_password != NULL)
- tab[8].value = escape_func(auth_request->mech_password);
+ if (auth_request->mech_password != NULL) {
+ tab[8].value = escape_func(auth_request->mech_password,
+ auth_request);
+ }
return tab;
}
Index: auth-request.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-request.h,v
retrieving revision 1.27
retrieving revision 1.27.2.1
diff -u -d -r1.27 -r1.27.2.1
--- auth-request.h 27 Feb 2006 18:46:29 -0000 1.27
+++ auth-request.h 31 May 2006 11:03:50 -0000 1.27.2.1
@@ -16,6 +16,10 @@
AUTH_REQUEST_STATE_USERDB
};
+typedef const char *
+auth_request_escape_func_t(const char *string,
+ const struct auth_request *auth_request);
+
struct auth_request {
int refcount;
@@ -126,7 +130,9 @@
const struct var_expand_table *
auth_request_get_var_expand_table(const struct auth_request *auth_request,
- const char *(*escape_func)(const char *));
+ auth_request_escape_func_t *escape_func);
+const char *auth_request_str_escape(const char *string,
+ const struct auth_request *request);
void auth_request_log_debug(struct auth_request *auth_request,
const char *subsystem,
Index: db-ldap.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/db-ldap.c,v
retrieving revision 1.41.2.1
retrieving revision 1.41.2.2
diff -u -d -r1.41.2.1 -r1.41.2.2
--- db-ldap.c 13 May 2006 10:14:36 -0000 1.41.2.1
+++ db-ldap.c 31 May 2006 11:03:50 -0000 1.41.2.2
@@ -418,7 +418,8 @@
#define IS_LDAP_ESCAPED_CHAR(c) \
((c) == '*' || (c) == '(' || (c) == ')' || (c) == '\\')
-const char *ldap_escape(const char *str)
+const char *ldap_escape(const char *str,
+ const struct auth_request *auth_request __attr_unused__)
{
const char *p;
string_t *ret;
Index: db-ldap.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/db-ldap.h,v
retrieving revision 1.20.2.1
retrieving revision 1.20.2.2
diff -u -d -r1.20.2.1 -r1.20.2.2
--- db-ldap.h 13 May 2006 10:14:36 -0000 1.20.2.1
+++ db-ldap.h 31 May 2006 11:03:50 -0000 1.20.2.2
@@ -4,6 +4,7 @@
#include <ldap.h>
#include <sasl/sasl.h>
+struct auth_request;
struct ldap_connection;
struct ldap_request;
@@ -92,7 +93,8 @@
bool db_ldap_connect(struct ldap_connection *conn);
-const char *ldap_escape(const char *str);
+const char *ldap_escape(const char *str,
+ const struct auth_request *auth_request);
const char *ldap_get_error(struct ldap_connection *conn);
#endif
Index: db-passwd-file.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/db-passwd-file.c,v
retrieving revision 1.25
retrieving revision 1.25.2.1
diff -u -d -r1.25 -r1.25.2.1
--- db-passwd-file.c 9 Apr 2006 09:29:54 -0000 1.25
+++ db-passwd-file.c 31 May 2006 11:03:50 -0000 1.25.2.1
@@ -367,7 +367,9 @@
i_free(db);
}
-static const char *path_fix(const char *path)
+static const char *
+path_fix(const char *path,
+ const struct auth_request *auth_request __attr_unused__)
{
const char *p;
Index: db-sql.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/db-sql.c,v
retrieving revision 1.6
retrieving revision 1.6.2.1
diff -u -d -r1.6 -r1.6.2.1
--- db-sql.c 19 Jan 2006 19:28:59 -0000 1.6
+++ db-sql.c 31 May 2006 11:03:50 -0000 1.6.2.1
@@ -5,6 +5,7 @@
#if defined(PASSDB_SQL) || defined(USERDB_SQL)
#include "settings.h"
+#include "auth-request.h"
#include "db-sql.h"
#include <stddef.h>
Index: passdb-sql.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-sql.c,v
retrieving revision 1.27
retrieving revision 1.27.2.1
diff -u -d -r1.27 -r1.27.2.1
--- passdb-sql.c 14 Feb 2006 17:43:04 -0000 1.27
+++ passdb-sql.c 31 May 2006 11:03:50 -0000 1.27.2.1
@@ -121,6 +121,15 @@
auth_request_unref(&auth_request);
}
+static const char *
+passdb_sql_escape(const char *str, const struct auth_request *auth_request)
+{
+ struct passdb_module *_module = auth_request->passdb->passdb;
+ struct sql_passdb_module *module = (struct sql_passdb_module *)_module;
+
+ return sql_escape_string(module->conn->db, str);
+}
+
static void sql_lookup_pass(struct passdb_sql_request *sql_request)
{
struct passdb_module *_module =
@@ -131,7 +140,7 @@
query = t_str_new(512);
var_expand(query, module->conn->set.password_query,
auth_request_get_var_expand_table(sql_request->auth_request,
- str_escape));
+ passdb_sql_escape));
auth_request_log_debug(sql_request->auth_request, "sql",
"query: %s", str_c(query));
Index: userdb-sql.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/userdb-sql.c,v
retrieving revision 1.14
retrieving revision 1.14.2.1
diff -u -d -r1.14 -r1.14.2.1
--- userdb-sql.c 14 Feb 2006 17:43:04 -0000 1.14
+++ userdb-sql.c 31 May 2006 11:03:50 -0000 1.14.2.1
@@ -100,6 +100,16 @@
i_free(sql_request);
}
+static const char *
+userdb_sql_escape(const char *str, const struct auth_request *auth_request)
+{
+ struct userdb_module *_module = auth_request->userdb->userdb;
+ struct sql_userdb_module *module =
+ (struct sql_userdb_module *)_module;
+
+ return sql_escape_string(module->conn->db, str);
+}
+
static void userdb_sql_lookup(struct auth_request *auth_request,
userdb_callback_t *callback)
{
@@ -112,7 +122,7 @@
query = t_str_new(512);
var_expand(query, module->conn->set.user_query,
auth_request_get_var_expand_table(auth_request,
- str_escape));
+ userdb_sql_escape));
auth_request_ref(auth_request);
sql_request = i_new(struct userdb_sql_request, 1);
- Previous message: [dovecot-cvs] dovecot/src/lib-sql driver-mysql.c, 1.17,
1.18 driver-pgsql.c, 1.10, 1.11 driver-sqlite.c, 1.5,
1.6 sql-api-private.h, 1.6, 1.7 sql-api.c, 1.8, 1.9 sql-api.h,
1.8, 1.9
- Next message: [dovecot-cvs] dovecot/src/auth auth-cache.c, 1.17,
1.18 auth-request.c, 1.58, 1.59 auth-request.h, 1.27,
1.28 db-ldap.c, 1.41, 1.42 db-ldap.h, 1.20,
1.21 db-passwd-file.c, 1.25, 1.26 db-sql.c, 1.6,
1.7 passdb-sql.c, 1.27, 1.28 userdb-sql.c, 1.14, 1.15
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the dovecot-cvs
mailing list