int auth_pgsql_setpass(const char *user, const char *pass) { char *newpass_crypt; const char *newpass_crypt_ptr; const char *p; int l; char *sql_buf; const char *comma; int rc=0; const char *clear_field=NULL; const char *crypt_field=NULL; const char *defdomain=NULL; const char *where_clause=NULL; const char *user_table=NULL; const char *login_field=NULL; const char *chpass_clause=NULL; /* [email protected] */ if (!pgconn) return (-1); if (!(newpass_crypt=authcryptpasswd(pass, "{crypt}"))) return (-1); if (!(newpass_crypt_ptr=strchr(newpass_crypt, '}'))) { free(newpass_crypt); /* WTF???? */ return (-1); } ++newpass_crypt_ptr; for (l=0, p=pass; *p; p++) { if ((int)(unsigned char)*p < ' ') { free(newpass_crypt); return (-1); } if (*p == '"' || *p == '\\') ++l; ++l; } /* [email protected] */ chpass_clause=read_env("PGSQL_CHPASS_CLAUSE"); defdomain=read_env("DEFAULT_DOMAIN"); user_table=read_env("PGSQL_USER_TABLE"); if (!chpass_clause) { login_field = read_env("PGSQL_LOGIN_FIELD"); if (!login_field) login_field = "id"; crypt_field=read_env("PGSQL_CRYPT_PWFIELD"); clear_field=read_env("PGSQL_CLEAR_PWFIELD"); where_clause=read_env("PGSQL_WHERE_CLAUSE"); sql_buf=malloc(strlen(crypt_field ? crypt_field:"") + strlen(clear_field ? clear_field:"") + strlen(defdomain ? defdomain:"") + strlen(login_field) + l + strlen(newpass_crypt) + strlen(user_table) + strlen(where_clause ? where_clause:"") + 200); } else { sql_buf=parse_chpass_clause(chpass_clause, user, defdomain, pass, newpass_crypt_ptr); } if (!sql_buf) { free(newpass_crypt); return (-1); } if (!chpass_clause) /* [email protected] */ { sprintf(sql_buf, "UPDATE %s SET", user_table); comma=""; if (clear_field && *clear_field) { char *q; strcat(strcat(strcat(sql_buf, " "), clear_field), "='"); q=sql_buf+strlen(sql_buf); while (*pass) { if (*pass == '"' || *pass == '\\') *q++= '\\'; *q++ = *pass++; } strcpy(q, "'"); comma=", "; } if (crypt_field && *crypt_field) { strcat(strcat(strcat(strcat(strcat(strcat(sql_buf, comma), " "), crypt_field), "='"), newpass_crypt_ptr), "'"); } free(newpass_crypt); strcat(strcat(strcat(sql_buf, " WHERE "), login_field), "='"); append_username(sql_buf+strlen(sql_buf), user, defdomain); strcat(sql_buf, "'"); if (where_clause && *where_clause) { strcat(sql_buf, " AND ("); strcat(sql_buf, where_clause); strcat(sql_buf, ")"); } } /* end of: if (!chpass_clause) */ pgresult=PQexec (pgconn, sql_buf); if (!pgresult || PQresultStatus(pgresult) != PGRES_COMMAND_OK) { rc= -1; auth_pgsql_cleanup(); } PQclear(pgresult); free(sql_buf); return (rc); }
int auth_mysql_setpass(const char *user, const char *pass, const char *oldpass) { char *newpass_crypt; char *sql_buf; int rc=0; char *clear_escaped; char *crypt_escaped; const char *clear_field =NULL, *crypt_field =NULL, *defdomain =NULL, *where_clause =NULL, *user_table =NULL, *login_field =NULL, *chpass_clause =NULL; /* [email protected] */ if (do_connect()) return (-1); if (!(newpass_crypt=authcryptpasswd(pass, oldpass))) return (-1); clear_escaped=malloc(strlen(pass)*2+1); if (!clear_escaped) { perror("malloc"); free(newpass_crypt); return -1; } crypt_escaped=malloc(strlen(newpass_crypt)*2+1); if (!crypt_escaped) { perror("malloc"); free(clear_escaped); free(newpass_crypt); return -1; } mysql_real_escape_string(mysql, clear_escaped, pass, strlen(pass)); mysql_real_escape_string(mysql, crypt_escaped, newpass_crypt, strlen(newpass_crypt)); /* [email protected] */ chpass_clause=read_env("MYSQL_CHPASS_CLAUSE"); defdomain=read_env("DEFAULT_DOMAIN"); user_table=read_env("MYSQL_USER_TABLE"); if (!chpass_clause) { int has_domain=strchr(user, '@') != NULL; char *username_escaped; char dummy_buf[1]; size_t sql_buf_size; username_escaped=malloc(strlen(user)*2+1); if (!username_escaped) { perror("malloc"); free(clear_escaped); free(crypt_escaped); free(newpass_crypt); return -1; } mysql_real_escape_string(mysql, username_escaped, user, strlen(user)); login_field = read_env("MYSQL_LOGIN_FIELD"); if (!login_field) login_field = "id"; crypt_field=read_env("MYSQL_CRYPT_PWFIELD"); clear_field=read_env("MYSQL_CLEAR_PWFIELD"); where_clause=read_env("MYSQL_WHERE_CLAUSE"); if (!where_clause) where_clause=""; if (!crypt_field) crypt_field=""; if (!clear_field) clear_field=""; if (!defdomain) defdomain=""; #define DEFAULT_SETPASS_UPDATE \ "UPDATE %s SET %s%s%s%s %s %s%s%s%s WHERE %s='%s%s%s' %s%s%s", \ user_table, \ *clear_field ? clear_field:"", \ *clear_field ? "='":"", \ *clear_field ? clear_escaped:"", \ *clear_field ? "'":"", \ \ *clear_field && *crypt_field ? ",":"", \ \ *crypt_field ? crypt_field:"", \ *crypt_field ? "='":"", \ *crypt_field ? crypt_escaped:"", \ *crypt_field ? "'":"", \ login_field, \ username_escaped, \ has_domain || !*defdomain ? "":"@", \ has_domain ? "":defdomain, \ *where_clause ? " AND (":"", where_clause, \ *where_clause ? ")":"" sql_buf_size=snprintf(dummy_buf, 1, DEFAULT_SETPASS_UPDATE); sql_buf=malloc(sql_buf_size+1); if (sql_buf) snprintf(sql_buf, sql_buf_size+1, DEFAULT_SETPASS_UPDATE); free(username_escaped); } else { sql_buf=parse_chpass_clause(chpass_clause, user, defdomain, clear_escaped, crypt_escaped); } free(clear_escaped); free(crypt_escaped); free(newpass_crypt); if (courier_authdebug_login_level >= 2) { DPRINTF("setpass SQL: %s", sql_buf); } if (mysql_query (mysql, sql_buf)) { DPRINTF("setpass SQL failed"); rc= -1; auth_mysql_cleanup(); } free(sql_buf); return (rc); }