boolean databaseExists(char *host, char *user, char *password, char *database)
/* Return TRUE if database exists. */
{
struct sqlConnection *conn = sqlMayConnectRemote(host, user, password, database);
if (conn == NULL)
return FALSE;
sqlDisconnect(&conn);
return TRUE;
}
void checkNotRealDatabase(char *host, char *user, char *password, char *database)
/* Make sure that database does not contain real looking user table. */
{
struct sqlConnection *conn = sqlMayConnectRemote(host, user, password, database);
if (conn != NULL)
{
checkNotRealCartTable(conn, database, userTable);
sqlDisconnect(&conn);
}
}
void checkEmptyOrFakeDatabase(char *host, char *user, char *password, char *database)
/* Make sure that either database doesn't exist, or that it does exist and
* has fake tables. */
{
struct sqlConnection *conn = sqlMayConnectRemote(host, user, password, database);
if (conn != NULL)
{
checkFakeCartTable(conn, database, userTable);
sqlDisconnect(&conn);
}
}
boolean mysqlCheckSecurityOfConfig(char *config)
/* Can we connect? Can we access the mysql database? */
{
boolean problemFound = FALSE;
if (
sameString(config, "Xarchivecentral") ||
sameString(config, "XcustomTracks")
)
{
printf("Skipping %s for now.\n", config);
}
else
{
/* get connection info */
database = getCfgOption(config, "db" );
host = getCfgOption(config, "host" );
user = getCfgOption(config, "user" );
password = getCfgOption(config, "password");
//uglyf("database=%s\n", database);// DEBUG REMOVE
//uglyf("host=%s\n", host);// DEBUG REMOVE
//uglyf("user=%s\n", user);// DEBUG REMOVE
//uglyf("password=%s\n", password);// DEBUG REMOVE
// it seems to tolerate connecting to a NULL database?
retry_it:
conn = sqlMayConnectRemote(host, user, password, database);
if (conn)
{
printf("Connected to %s.\n", config);
printf("select database() = [%s]\n", sqlQuickString(conn, NOSQLINJ "select database()"));
char *result = sqlQuickString(conn, NOSQLINJ "show databases like 'mysql'");
printf("show databases like 'mysql' = [%s]\n", result);
if (result)
problemFound = TRUE;
if (!problemFound)
{
char *result = sqlQuickString(conn, NOSQLINJ "SELECT table_name FROM INFORMATION_SCHEMA.TABLES WHERE table_schema = 'mysql'");
if (result)
{
problemFound = TRUE;
printf("INFORMATION_SCHEMA is allowing access to mysql db\n");
}
else
{
printf("INFORMATION_SCHEMA is NOT allowing access to mysql db\n");
}
}
/* Disabling this check. It actually shows information about mysql leaking out, but it does not give hackers access to passwords
if (!problemFound)
{
char *result = sqlQuickString(conn, NOSQLINJ "SELECT table_name FROM INFORMATION_SCHEMA.TABLES WHERE table_name = 'user'");
if (result)
{
problemFound = TRUE;
printf("INFORMATION_SCHEMA is allowing access to user table\n");
}
else
{
printf("INFORMATION_SCHEMA is NOT allowing access to user table\n");
}
}
*/
if (!problemFound)
{
char *query = NOSQLINJ "desc mysql.user";
unsigned int errNo = 0;
char *errMsg = NULL;
struct sqlResult *rs = sqlGetResultExt(conn, query, &errNo, &errMsg);
if (rs)
{
sqlFreeResult(&rs);
problemFound = TRUE;
printf("desc command is leaking access to mysql.user\n");
}
else
{
printf("desc mysql.user returned errNo=%d errMsg=[%s]\n", errNo, errMsg);
}
}
if (!problemFound)
{
char *query = NOSQLINJ "select * from mysql.user";
unsigned int errNo = 0;
char *errMsg = NULL;
struct sqlResult *rs = sqlGetResultExt(conn, query, &errNo, &errMsg);
if (rs)
{
sqlFreeResult(&rs);
problemFound = TRUE;
printf("select * from mysql.user is leaking access to mysql database\n");
}
else
{
printf("select * from mysql.user returned errNo=%d errMsg=[%s]\n", errNo, errMsg);
}
}
if (!problemFound)
{
char *query = NOSQLINJ "use mysql";
unsigned int errNo = 0;
char *errMsg = NULL;
struct sqlResult *rs = sqlGetResultExt(conn, query, &errNo, &errMsg);
if (errNo == 0)
{
sqlFreeResult(&rs);
problemFound = TRUE;
printf("use mysql is leaking access to mysql database\n");
}
else
{
printf("use mysql returned errNo=%d errMsg=[%s]\n", errNo, errMsg);
}
}
}
else
printf("Connection to %s failed.\n", config);
if (!conn && database)
{
database = NULL;
printf("retrying connect with NULL database\n");
goto retry_it;
}
sqlDisconnect(&conn);
}
return problemFound;
}
