boolean databaseExists(char *host, char *user, char *password, char *database) /* Return TRUE if database exists. */ { struct sqlConnection *conn = sqlMayConnectRemote(host, user, password, database); if (conn == NULL) return FALSE; sqlDisconnect(&conn); return TRUE; }
void checkNotRealDatabase(char *host, char *user, char *password, char *database) /* Make sure that database does not contain real looking user table. */ { struct sqlConnection *conn = sqlMayConnectRemote(host, user, password, database); if (conn != NULL) { checkNotRealCartTable(conn, database, userTable); sqlDisconnect(&conn); } }
void checkEmptyOrFakeDatabase(char *host, char *user, char *password, char *database) /* Make sure that either database doesn't exist, or that it does exist and * has fake tables. */ { struct sqlConnection *conn = sqlMayConnectRemote(host, user, password, database); if (conn != NULL) { checkFakeCartTable(conn, database, userTable); sqlDisconnect(&conn); } }
boolean mysqlCheckSecurityOfConfig(char *config) /* Can we connect? Can we access the mysql database? */ { boolean problemFound = FALSE; if ( sameString(config, "Xarchivecentral") || sameString(config, "XcustomTracks") ) { printf("Skipping %s for now.\n", config); } else { /* get connection info */ database = getCfgOption(config, "db" ); host = getCfgOption(config, "host" ); user = getCfgOption(config, "user" ); password = getCfgOption(config, "password"); //uglyf("database=%s\n", database);// DEBUG REMOVE //uglyf("host=%s\n", host);// DEBUG REMOVE //uglyf("user=%s\n", user);// DEBUG REMOVE //uglyf("password=%s\n", password);// DEBUG REMOVE // it seems to tolerate connecting to a NULL database? retry_it: conn = sqlMayConnectRemote(host, user, password, database); if (conn) { printf("Connected to %s.\n", config); printf("select database() = [%s]\n", sqlQuickString(conn, NOSQLINJ "select database()")); char *result = sqlQuickString(conn, NOSQLINJ "show databases like 'mysql'"); printf("show databases like 'mysql' = [%s]\n", result); if (result) problemFound = TRUE; if (!problemFound) { char *result = sqlQuickString(conn, NOSQLINJ "SELECT table_name FROM INFORMATION_SCHEMA.TABLES WHERE table_schema = 'mysql'"); if (result) { problemFound = TRUE; printf("INFORMATION_SCHEMA is allowing access to mysql db\n"); } else { printf("INFORMATION_SCHEMA is NOT allowing access to mysql db\n"); } } /* Disabling this check. It actually shows information about mysql leaking out, but it does not give hackers access to passwords if (!problemFound) { char *result = sqlQuickString(conn, NOSQLINJ "SELECT table_name FROM INFORMATION_SCHEMA.TABLES WHERE table_name = 'user'"); if (result) { problemFound = TRUE; printf("INFORMATION_SCHEMA is allowing access to user table\n"); } else { printf("INFORMATION_SCHEMA is NOT allowing access to user table\n"); } } */ if (!problemFound) { char *query = NOSQLINJ "desc mysql.user"; unsigned int errNo = 0; char *errMsg = NULL; struct sqlResult *rs = sqlGetResultExt(conn, query, &errNo, &errMsg); if (rs) { sqlFreeResult(&rs); problemFound = TRUE; printf("desc command is leaking access to mysql.user\n"); } else { printf("desc mysql.user returned errNo=%d errMsg=[%s]\n", errNo, errMsg); } } if (!problemFound) { char *query = NOSQLINJ "select * from mysql.user"; unsigned int errNo = 0; char *errMsg = NULL; struct sqlResult *rs = sqlGetResultExt(conn, query, &errNo, &errMsg); if (rs) { sqlFreeResult(&rs); problemFound = TRUE; printf("select * from mysql.user is leaking access to mysql database\n"); } else { printf("select * from mysql.user returned errNo=%d errMsg=[%s]\n", errNo, errMsg); } } if (!problemFound) { char *query = NOSQLINJ "use mysql"; unsigned int errNo = 0; char *errMsg = NULL; struct sqlResult *rs = sqlGetResultExt(conn, query, &errNo, &errMsg); if (errNo == 0) { sqlFreeResult(&rs); problemFound = TRUE; printf("use mysql is leaking access to mysql database\n"); } else { printf("use mysql returned errNo=%d errMsg=[%s]\n", errNo, errMsg); } } } else printf("Connection to %s failed.\n", config); if (!conn && database) { database = NULL; printf("retrying connect with NULL database\n"); goto retry_it; } sqlDisconnect(&conn); } return problemFound; }