[dovecot-cvs] dovecot/src/auth auth-cache.c, 1.17, 1.17.2.1 auth-request.c, 1.58, 1.58.2.1 auth-request.h, 1.27, 1.27.2.1 db-ldap.c, 1.41.2.1, 1.41.2.2 db-ldap.h, 1.20.2.1, 1.20.2.2 db-passwd-file.c, 1.25, 1.25.2.1 db-sql.c, 1.6, 1.6.2.1 passdb-sql.c, 1.27, 1.27.2.1 userdb-sql.c, 1.14, 1.14.2.1

cras at dovecot.org cras at dovecot.org
Wed May 31 14:03:53 EEST 2006 

Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv12092

Modified Files:
      Tag: branch_1_0
	auth-cache.c auth-request.c auth-request.h db-ldap.c db-ldap.h 
	db-passwd-file.c db-sql.c passdb-sql.c userdb-sql.c 
Log Message:
Escape SQL strings using sql_escape_string(). Fixes the problems with
PostgreSQL.



Index: auth-cache.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-cache.c,v
retrieving revision 1.17
retrieving revision 1.17.2.1
diff -u -d -r1.17 -r1.17.2.1
--- auth-cache.c	14 Jan 2006 18:47:20 -0000	1.17
+++ auth-cache.c	31 May 2006 11:03:50 -0000	1.17.2.1
@@ -164,7 +164,8 @@
 
 	str = t_str_new(256);
 	var_expand(str, key,
-		   auth_request_get_var_expand_table(request, str_escape));
+		   auth_request_get_var_expand_table(request,
+						     auth_request_str_escape));
 
 	node = hash_lookup(cache->hash, str_c(str));
 	if (node == NULL) {
@@ -197,7 +198,8 @@
 
 	str = t_str_new(256);
 	var_expand(str, key,
-		   auth_request_get_var_expand_table(request, str_escape));
+		   auth_request_get_var_expand_table(request,
+						     auth_request_str_escape));
 
 	data_size = str_len(str) + 1 + value_len + 1;
 	alloc_size = sizeof(struct cache_node) - sizeof(node->data) + data_size;

Index: auth-request.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-request.c,v
retrieving revision 1.58
retrieving revision 1.58.2.1
diff -u -d -r1.58 -r1.58.2.1
--- auth-request.c	12 Apr 2006 14:36:58 -0000	1.58
+++ auth-request.c	31 May 2006 11:03:50 -0000	1.58.2.1
@@ -570,7 +570,8 @@
 
 		t_push();
 		dest = t_str_new(256);
-		table = auth_request_get_var_expand_table(request, str_escape);
+		table = auth_request_get_var_expand_table(request,
+						auth_request_str_escape);
 		var_expand(dest, request->auth->username_format, table);
 		user = p_strdup(request->pool, str_c(dest));
 		t_pop();
@@ -843,14 +844,23 @@
 	return ret;
 }
 
-static const char *escape_none(const char *str)
+static const char *
+escape_none(const char *string,
+	    const struct auth_request *request __attr_unused__)
 {
-	return str;
+	return string;
+}
+
+const char *
+auth_request_str_escape(const char *string,
+			const struct auth_request *request __attr_unused__)
+{
+	return str_escape(string);
 }
 
 const struct var_expand_table *
 auth_request_get_var_expand_table(const struct auth_request *auth_request,
-				  const char *(*escape_func)(const char *))
+				  auth_request_escape_func_t *escape_func)
 {
 	static struct var_expand_table static_tab[] = {
 		{ 'u', NULL },
@@ -872,11 +882,12 @@
 	tab = t_malloc(sizeof(static_tab));
 	memcpy(tab, static_tab, sizeof(static_tab));
 
-	tab[0].value = escape_func(auth_request->user);
-	tab[1].value = escape_func(t_strcut(auth_request->user, '@'));
+	tab[0].value = escape_func(auth_request->user, auth_request);
+	tab[1].value = escape_func(t_strcut(auth_request->user, '@'),
+				   auth_request);
 	tab[2].value = strchr(auth_request->user, '@');
 	if (tab[2].value != NULL)
-		tab[2].value = escape_func(tab[2].value+1);
+		tab[2].value = escape_func(tab[2].value+1, auth_request);
 	tab[3].value = auth_request->service;
 	/* tab[4] = we have no home dir */
 	if (auth_request->local_ip.family != 0)
@@ -884,8 +895,10 @@
 	if (auth_request->remote_ip.family != 0)
 		tab[6].value = net_ip2addr(&auth_request->remote_ip);
 	tab[7].value = dec2str(auth_request->client_pid);
-	if (auth_request->mech_password != NULL)
-		tab[8].value = escape_func(auth_request->mech_password);
+	if (auth_request->mech_password != NULL) {
+		tab[8].value = escape_func(auth_request->mech_password,
+					   auth_request);
+	}
 	return tab;
 }
 

Index: auth-request.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-request.h,v
retrieving revision 1.27
retrieving revision 1.27.2.1
diff -u -d -r1.27 -r1.27.2.1
--- auth-request.h	27 Feb 2006 18:46:29 -0000	1.27
+++ auth-request.h	31 May 2006 11:03:50 -0000	1.27.2.1
@@ -16,6 +16,10 @@
 	AUTH_REQUEST_STATE_USERDB
 };
 
+typedef const char *
+auth_request_escape_func_t(const char *string,
+			   const struct auth_request *auth_request);
+
 struct auth_request {
 	int refcount;
 
@@ -126,7 +130,9 @@
 
 const struct var_expand_table *
 auth_request_get_var_expand_table(const struct auth_request *auth_request,
-				  const char *(*escape_func)(const char *));
+				  auth_request_escape_func_t *escape_func);
+const char *auth_request_str_escape(const char *string,
+				    const struct auth_request *request);
 
 void auth_request_log_debug(struct auth_request *auth_request,
 			    const char *subsystem,

Index: db-ldap.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/db-ldap.c,v
retrieving revision 1.41.2.1
retrieving revision 1.41.2.2
diff -u -d -r1.41.2.1 -r1.41.2.2
--- db-ldap.c	13 May 2006 10:14:36 -0000	1.41.2.1
+++ db-ldap.c	31 May 2006 11:03:50 -0000	1.41.2.2
@@ -418,7 +418,8 @@
 #define IS_LDAP_ESCAPED_CHAR(c) \
 	((c) == '*' || (c) == '(' || (c) == ')' || (c) == '\\')
 
-const char *ldap_escape(const char *str)
+const char *ldap_escape(const char *str,
+			const struct auth_request *auth_request __attr_unused__)
 {
 	const char *p;
 	string_t *ret;

Index: db-ldap.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/db-ldap.h,v
retrieving revision 1.20.2.1
retrieving revision 1.20.2.2
diff -u -d -r1.20.2.1 -r1.20.2.2
--- db-ldap.h	13 May 2006 10:14:36 -0000	1.20.2.1
+++ db-ldap.h	31 May 2006 11:03:50 -0000	1.20.2.2
@@ -4,6 +4,7 @@
 #include <ldap.h>
 #include <sasl/sasl.h>
 
+struct auth_request;
 struct ldap_connection;
 struct ldap_request;
 
@@ -92,7 +93,8 @@
 
 bool db_ldap_connect(struct ldap_connection *conn);
 
-const char *ldap_escape(const char *str);
+const char *ldap_escape(const char *str,
+			const struct auth_request *auth_request);
 const char *ldap_get_error(struct ldap_connection *conn);
 
 #endif

Index: db-passwd-file.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/db-passwd-file.c,v
retrieving revision 1.25
retrieving revision 1.25.2.1
diff -u -d -r1.25 -r1.25.2.1
--- db-passwd-file.c	9 Apr 2006 09:29:54 -0000	1.25
+++ db-passwd-file.c	31 May 2006 11:03:50 -0000	1.25.2.1
@@ -367,7 +367,9 @@
 	i_free(db);
 }
 
-static const char *path_fix(const char *path)
+static const char *
+path_fix(const char *path,
+	 const struct auth_request *auth_request __attr_unused__)
 {
 	const char *p;
 

Index: db-sql.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/db-sql.c,v
retrieving revision 1.6
retrieving revision 1.6.2.1
diff -u -d -r1.6 -r1.6.2.1
--- db-sql.c	19 Jan 2006 19:28:59 -0000	1.6
+++ db-sql.c	31 May 2006 11:03:50 -0000	1.6.2.1
@@ -5,6 +5,7 @@
 #if defined(PASSDB_SQL) || defined(USERDB_SQL)
 
 #include "settings.h"
+#include "auth-request.h"
 #include "db-sql.h"
 
 #include <stddef.h>

Index: passdb-sql.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-sql.c,v
retrieving revision 1.27
retrieving revision 1.27.2.1
diff -u -d -r1.27 -r1.27.2.1
--- passdb-sql.c	14 Feb 2006 17:43:04 -0000	1.27
+++ passdb-sql.c	31 May 2006 11:03:50 -0000	1.27.2.1
@@ -121,6 +121,15 @@
 	auth_request_unref(&auth_request);
 }
 
+static const char *
+passdb_sql_escape(const char *str, const struct auth_request *auth_request)
+{
+	struct passdb_module *_module = auth_request->passdb->passdb;
+	struct sql_passdb_module *module = (struct sql_passdb_module *)_module;
+
+	return sql_escape_string(module->conn->db, str);
+}
+
 static void sql_lookup_pass(struct passdb_sql_request *sql_request)
 {
 	struct passdb_module *_module =
@@ -131,7 +140,7 @@
 	query = t_str_new(512);
 	var_expand(query, module->conn->set.password_query,
 		   auth_request_get_var_expand_table(sql_request->auth_request,
-						     str_escape));
+						     passdb_sql_escape));
 
 	auth_request_log_debug(sql_request->auth_request, "sql",
 			       "query: %s", str_c(query));

Index: userdb-sql.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/userdb-sql.c,v
retrieving revision 1.14
retrieving revision 1.14.2.1
diff -u -d -r1.14 -r1.14.2.1
--- userdb-sql.c	14 Feb 2006 17:43:04 -0000	1.14
+++ userdb-sql.c	31 May 2006 11:03:50 -0000	1.14.2.1
@@ -100,6 +100,16 @@
 	i_free(sql_request);
 }
 
+static const char *
+userdb_sql_escape(const char *str, const struct auth_request *auth_request)
+{
+	struct userdb_module *_module = auth_request->userdb->userdb;
+	struct sql_userdb_module *module =
+		(struct sql_userdb_module *)_module;
+
+	return sql_escape_string(module->conn->db, str);
+}
+
 static void userdb_sql_lookup(struct auth_request *auth_request,
 			      userdb_callback_t *callback)
 {
@@ -112,7 +122,7 @@
 	query = t_str_new(512);
 	var_expand(query, module->conn->set.user_query,
 		   auth_request_get_var_expand_table(auth_request,
-						     str_escape));
+						     userdb_sql_escape));
 
 	auth_request_ref(auth_request);
 	sql_request = i_new(struct userdb_sql_request, 1);

More information about the dovecot-cvs mailing list