示例#1
0
struct authmysqluserinfo *auth_mysql_getuserinfo(const char *username,
						 const char *service)
{
const char *defdomain	=NULL;
char	*querybuf;
MYSQL_ROW	row;
MYSQL_RES	*result;
int		num_fields;
char		*endp;

const char	*select_clause; /* [email protected] */

#define DEFAULT_SELECT_QUERY "SELECT %s, %s, %s, %s, %s, %s, %s, %s, %s, %s FROM %s WHERE %s = '%s%s%s' %s%s%s", \
		login_field, crypt_field, clear_field, uid_field,\
		gid_field, home_field, maildir_field, quota_field,\
		name_field, options_field, user_table, login_field,\
		username_escaped,\
		has_domain || !*defdomain ? "":"@", has_domain ? "":defdomain, \
		*where_clause ? " AND (":"", where_clause,\
		*where_clause ? ")":""

	if (do_connect())	return (0);

	initui();

	select_clause=read_env("MYSQL_SELECT_CLAUSE");
	defdomain=read_env("DEFAULT_DOMAIN");	
	if (!defdomain)	defdomain="";
	
	if (!select_clause) /* [email protected] */
	{
		const char	*user_table,
				*crypt_field,
				*clear_field,
				*name_field,
				*uid_field,
				*gid_field,
				*login_field,
				*home_field,
				*maildir_field,
				*quota_field,
				*options_field,
				*where_clause;
		char		*username_escaped;
		size_t	query_size;
		char dummy_buf[1];
		int has_domain;

		user_table=read_env("MYSQL_USER_TABLE");

		if (!user_table)
		{
			err("authmysql: MYSQL_USER_TABLE not set in "
				AUTHMYSQLRC ".");
			return (0);
		}

		crypt_field=read_env("MYSQL_CRYPT_PWFIELD");
		clear_field=read_env("MYSQL_CLEAR_PWFIELD");
		name_field=read_env("MYSQL_NAME_FIELD");

		if (!crypt_field && !clear_field)
		{
			err("authmysql: MYSQL_CRYPT_PWFIELD and "
				"MYSQL_CLEAR_PWFIELD not set in " AUTHMYSQLRC ".");
			return (0);
		}
		if (!crypt_field) crypt_field="\"\"";
		if (!clear_field) clear_field="\"\"";
		if (!name_field) name_field="\"\"";

		uid_field = read_env("MYSQL_UID_FIELD");
		if (!uid_field) uid_field = "uid";

		gid_field = read_env("MYSQL_GID_FIELD");
		if (!gid_field) gid_field = "gid";

		login_field = read_env("MYSQL_LOGIN_FIELD");
		if (!login_field) login_field = "id";

		home_field = read_env("MYSQL_HOME_FIELD");
		if (!home_field) home_field = "home";

		maildir_field=read_env(service && strcmp(service, "courier")==0
				       ? "MYSQL_DEFAULTDELIVERY"
				       : "MYSQL_MAILDIR_FIELD");
		if (!maildir_field) maildir_field="\"\"";

		quota_field=read_env("MYSQL_QUOTA_FIELD");
		if (!quota_field) quota_field="\"\""; 

		options_field=read_env("MYSQL_AUXOPTIONS_FIELD");
		if (!options_field) options_field="\"\"";

		where_clause=read_env("MYSQL_WHERE_CLAUSE");
		if (!where_clause) where_clause = "";

		username_escaped=malloc(strlen(username)*2+1);

		if (!username_escaped)
		{
			perror("malloc");
			return (0);
		}

		mysql_real_escape_string(mysql, username_escaped,
					 username, strlen(username));

		has_domain=strchr(username, '@') != NULL;

		query_size=snprintf(dummy_buf, 1, DEFAULT_SELECT_QUERY);

		querybuf=malloc(query_size+1);

		if (!querybuf)
		{
			free(username_escaped);
			perror("malloc");
			return(0);
		}

		snprintf(querybuf, query_size+1, DEFAULT_SELECT_QUERY);
		free(username_escaped);

	}
	else
	{
		/* [email protected] */
		querybuf=parse_select_clause (select_clause, username,
					      defdomain, service);
		if (!querybuf)
		{
			DPRINTF("parse_select_clause failed (DEFAULT_DOMAIN not set?)");
			return 0;
		}
	}

	DPRINTF("SQL query: %s", querybuf);
	if (mysql_query (mysql, querybuf))
	{
		/* <*****@*****.**> */

		DPRINTF("mysql_query failed, reconnecting: %s", mysql_error(mysql));
		auth_mysql_cleanup();

		if (do_connect())
		{
			free(querybuf);
			return (0);
		}

		if (mysql_query (mysql, querybuf))
		{
			DPRINTF("mysql_query failed second time, giving up: %s", mysql_error(mysql));
			free(querybuf);
			auth_mysql_cleanup();
			/* Server went down, that's OK,
			** try again next time.
			*/
			return (0);
		}
	}
	free(querybuf);

	result = mysql_store_result (mysql);       
	if (result)
	{
		if (mysql_num_rows(result))
		{
			row = mysql_fetch_row (result);
			num_fields = mysql_num_fields (result);

			if (num_fields < 6)
			{
				DPRINTF("incomplete row, only %d fields returned",
					num_fields);
				mysql_free_result(result);
				return(0);
			}

			if (row[0] && row[0][0])
				ui.username=strdup(row[0]);
			if (row[1] && row[1][0])
				ui.cryptpw=strdup(row[1]);
			if (row[2] && row[2][0])
				ui.clearpw=strdup(row[2]);
			/* perhaps authmysql needs a glob_uid/glob_gid feature
			   like authldap? */
			if (!row[3] || !row[3][0] ||
			   (ui.uid=strtol(row[3], &endp, 10), endp[0] != '\0'))
			{
				DPRINTF("invalid value for uid: '%s'",
					row[3] ? row[3] : "<null>");
				mysql_free_result(result);
				return 0;
			}
			if (!row[4] || !row[4][0] ||
			   (ui.gid=strtol(row[4], &endp, 10), endp[0] != '\0'))
			{
				DPRINTF("invalid value for gid: '%s'",
					row[4] ? row[4] : "<null>");
				mysql_free_result(result);
				return 0;
			}
			if (row[5] && row[5][0])
				ui.home=strdup(row[5]);
			else
			{
				DPRINTF("required value for 'home' (column 6) is missing");
				mysql_free_result(result);
				return(0);
			}
			if (num_fields > 6 && row[6] && row[6][0])
				ui.maildir=strdup(row[6]);
			if (num_fields > 7 && row[7] && row[7][0])
				ui.quota=strdup(row[7]);
			if (num_fields > 8 && row[8] && row[8][0])
				ui.fullname=strdup(row[8]);
			if (num_fields > 9 && row[9] && row[9][0])
				ui.options=strdup(row[9]);
		}
		else
		{
			DPRINTF("zero rows returned");
			mysql_free_result(result);
			return (&ui); /* User not found */
		}
	}
	else
	{
		DPRINTF("mysql_store_result failed");
		return (0);
	}
	mysql_free_result(result);
	return (&ui);
}
示例#2
0
struct authpgsqluserinfo *auth_pgsql_getuserinfo(const char *username)
{
const char *user_table=NULL;
const char *defdomain;
char	*querybuf, *p;

const char *crypt_field=NULL,
	*clear_field=NULL,
       	*maildir_field=NULL,
       	*home_field=NULL,
	*name_field=NULL,
	*login_field=NULL,
       	*uid_field=NULL,
       	*gid_field=NULL,
       	*quota_field=NULL,
       	*where_clause=NULL,
	*select_clause=NULL; /* [email protected] */

static const char query[]=
	"SELECT %s, %s, %s, %s, %s, %s, %s, %s, %s FROM %s WHERE %s = '";

	if (do_connect())	return (0);

	if (ui.username)
		free(ui.username);
	if (ui.cryptpw)
		free(ui.cryptpw);
	if (ui.clearpw)
		free(ui.clearpw);
	if (ui.home)
		free(ui.home);
	if (ui.maildir)
		free(ui.maildir);
	if (ui.quota)
		free(ui.quota);
	if (ui.fullname)
		free(ui.fullname);
	memset(&ui, 0, sizeof(ui));

/*
	fprintf(DEBUG,"1Leggo parametri\n");
	fflush(DEBUG);
*/
	select_clause=read_env("PGSQL_SELECT_CLAUSE");
	defdomain=read_env("DEFAULT_DOMAIN");

	if (!select_clause) /* [email protected] */
	{
		user_table=read_env("PGSQL_USER_TABLE");

		if (!user_table)
		{
			fprintf(stderr, "authpgsql: PGSQL_USER_TABLE not set in "
				AUTHPGSQLRC ".\n");
			return (0);
		}

		crypt_field=read_env("PGSQL_CRYPT_PWFIELD");
		clear_field=read_env("PGSQL_CLEAR_PWFIELD");
		name_field=read_env("PGSQL_NAME_FIELD");
/*
	fprintf(DEBUG,"2Leggo parametri\n");
	fflush(DEBUG);
*/

		if (!crypt_field && !clear_field)
		{
			fprintf(stderr,
				"authpgsql: PGSQL_CRYPT_PWFIELD and "
				"PGSQL_CLEAR_PWFIELD not set in " AUTHPGSQLRC ".\n");
			return (0);
		}
		if (!crypt_field) crypt_field="''";
		if (!clear_field) clear_field="''";
		if (!name_field) name_field="''";

		uid_field = read_env("PGSQL_UID_FIELD");
		if (!uid_field) uid_field = "uid";

		gid_field = read_env("PGSQL_GID_FIELD");
		if (!gid_field) gid_field = "gid";

		login_field = read_env("PGSQL_LOGIN_FIELD");
		if (!login_field) login_field = "id";

		home_field = read_env("PGSQL_HOME_FIELD");
		if (!home_field) home_field = "home";

		maildir_field=read_env("PGSQL_MAILDIR_FIELD");
		if (!maildir_field) maildir_field="''";

		quota_field=read_env("PGSQL_QUOTA_FIELD");
		if (!quota_field) quota_field="''"; 

		where_clause=read_env("PGSQL_WHERE_CLAUSE");
		if (!where_clause) where_clause = "";
	}
	
	if (!defdomain)	defdomain="";

	if (!select_clause) /* [email protected] */
	{
		querybuf=malloc(sizeof(query) + 100 + strlen(user_table) + strlen(defdomain)
			+ strlen(crypt_field) + strlen(clear_field) + strlen(maildir_field)
			+ strlen(uid_field) + strlen(gid_field) + 2 * strlen(login_field)
			+ strlen(home_field) + strlen(quota_field) + strlen(where_clause)
			+ strlen(name_field));

		if (!querybuf)
		{
			perror("malloc");
			return (0);
		}

		sprintf(querybuf, query, login_field, crypt_field, clear_field, 
			uid_field, gid_field, home_field, maildir_field, quota_field,
			name_field, user_table, login_field);
		p=querybuf+strlen(querybuf);

		append_username(p, username, defdomain);
		strcat(p, "'");
		
		if (strcmp(where_clause, "")) {
			strcat(p, " AND (");
			strcat(p, where_clause);
			strcat(p, ")");
		}
	}
	else
	{
		/* [email protected] */
		querybuf=parse_select_clause (select_clause, username, defdomain);
		if (!querybuf) return 0;
	}

/*
	fprintf(DEBUG,"Eseguo la query:\n%s\n",querybuf);
	fflush(DEBUG);
*/
	pgresult = PQexec(pgconn, querybuf);
    	if (!pgresult || PQresultStatus(pgresult) != PGRES_TUPLES_OK)
    	{
/*
	fprintf(DEBUG,"Problema\n");
	fflush(DEBUG);
*/

        	PQclear(pgresult);
	
		/* <*****@*****.**> */

		auth_pgsql_cleanup();

		if (do_connect())
		{
			free(querybuf);
			return (0);
		}

		pgresult = PQexec(pgconn, querybuf);
    		if (!pgresult || PQresultStatus(pgresult) != PGRES_TUPLES_OK)
		{
/*
	fprintf(DEBUG,"Problemadoppio\n");
	fflush(DEBUG);
*/
        		PQclear(pgresult);
			free(querybuf);
			auth_pgsql_cleanup();
			/* Server went down, that's OK,
			** try again next time.
			*/
			return (0);
		}
	}
	free(querybuf);
/*
	fprintf(DEBUG,"La query e' ok\n");
	fflush(DEBUG);
*/

		if (PQntuples(pgresult)>0)
		{
/*
	fprintf(DEBUG,"Leggo i risultati\n");
	fflush(DEBUG);
*/
			ui.username=strdup(PQgetvalue(pgresult,0,0));
			ui.cryptpw=strdup(PQgetvalue(pgresult,0,1));
			ui.clearpw=strdup(PQgetvalue(pgresult,0,2));
			ui.uid=atol(PQgetvalue(pgresult,0,3));
			ui.gid=atol(PQgetvalue(pgresult,0,4));
			ui.home=strdup(PQgetvalue(pgresult,0,5));
			ui.maildir=strdup(PQgetvalue(pgresult,0,6));
			ui.quota=strdup(PQgetvalue(pgresult,0,7));
			ui.fullname=strdup(PQgetvalue(pgresult,0,8));
/*
	fprintf(DEBUG,"risultati letti\n");
	fflush(DEBUG);
*/
			if (!ui.username || !ui.cryptpw ||
				!ui.home || !ui.maildir || 
				!ui.quota)
			{
				PQclear(pgresult);
				return (0);
			}
/*
	fprintf(DEBUG,"ci sono tutti\n");
	fflush(DEBUG);
*/

			if (!ui.cryptpw[0])
			{
				free(ui.cryptpw);
				ui.cryptpw=0;
			}

			if (!ui.clearpw[0])
			{
				free(ui.clearpw);
				ui.clearpw=0;
			}
		}
        	PQclear(pgresult);
/*
	fprintf(DEBUG,"Mail dir:%s\n",ui.maildir);
	fflush(DEBUG);
*/
	return (&ui);
}
示例#3
0
void auth_mysql_enumerate( void(*cb_func)(const char *name,
					  uid_t uid,
					  gid_t gid,
					  const char *homedir,
					  const char *maildir,
					  const char *options,
					  void *void_arg),
			   void *void_arg)
{
	const char *defdomain, *select_clause;
	char	*querybuf;
	MYSQL_ROW	row;
	MYSQL_RES	*result;

	if (do_connect())	return;

	initui();

	select_clause=read_env("MYSQL_ENUMERATE_CLAUSE");
	defdomain=read_env("DEFAULT_DOMAIN");
	if (!defdomain || !defdomain[0])
		defdomain="*"; /* otherwise parse_select_clause fails */
	
	if (!select_clause)
	{
		const char	*user_table,
				*uid_field,
				*gid_field,
				*login_field,
				*home_field,
				*maildir_field,
				*options_field,
				*where_clause;
		char dummy_buf[1];
		size_t query_len;

		user_table=read_env("MYSQL_USER_TABLE");

		if (!user_table)
		{
			err("authmysql: MYSQL_USER_TABLE not set in "
				AUTHMYSQLRC ".");
			return;
		}

		uid_field = read_env("MYSQL_UID_FIELD");
		if (!uid_field) uid_field = "uid";

		gid_field = read_env("MYSQL_GID_FIELD");
		if (!gid_field) gid_field = "gid";

		login_field = read_env("MYSQL_LOGIN_FIELD");
		if (!login_field) login_field = "id";

		home_field = read_env("MYSQL_HOME_FIELD");
		if (!home_field) home_field = "home";

		maildir_field=read_env("MYSQL_MAILDIR_FIELD");
		if (!maildir_field) maildir_field="\"\"";

		options_field=read_env("MYSQL_AUXOPTIONS_FIELD");
		if (!options_field) options_field="\"\"";

		where_clause=read_env("MYSQL_WHERE_CLAUSE");
		if (!where_clause) where_clause = "";


#define DEFAULT_ENUMERATE_QUERY \
		"SELECT %s, %s, %s, %s, %s, %s FROM %s %s%s",\
			login_field, uid_field, gid_field,		\
			home_field, maildir_field,			\
			options_field, user_table,			\
			*where_clause ? " WHERE ":"",			\
			where_clause

		query_len=snprintf(dummy_buf, 1, DEFAULT_ENUMERATE_QUERY);

		querybuf=malloc(query_len+1);

		if (!querybuf)
		{
			perror("malloc");
			return;
		}

		snprintf(querybuf, query_len+1, DEFAULT_ENUMERATE_QUERY);
	}
	else
	{
		/* [email protected] */
		querybuf=parse_select_clause (select_clause, "*",
					      defdomain, "enumerate");
		if (!querybuf)
		{
			DPRINTF("authmysql: parse_select_clause failed");
			return;
		}
	}
	DPRINTF("authmysql: enumerate query: %s", querybuf);

	if (mysql_query (mysql, querybuf))
	{
		DPRINTF("mysql_query failed, reconnecting: %s", mysql_error(mysql));
		/* <*****@*****.**> */

		auth_mysql_cleanup();

		if (do_connect())
		{
			free(querybuf);
			return;
		}

		if (mysql_query (mysql, querybuf))
		{
			DPRINTF("mysql_query failed second time, giving up: %s", mysql_error(mysql));
			free(querybuf);
			auth_mysql_cleanup();
			return;
		}
	}
	free(querybuf);

	result = mysql_use_result (mysql);
	if (result)
	{
		const char *username;
		uid_t uid;
		gid_t gid;
		const char *homedir;
		const char *maildir;
		const char *options;

		while ((row = mysql_fetch_row (result)) != NULL)
		{
			if(!row[0] || !row[0][0]
			   || !row[1] || !row[1][0]
			   || !row[2] || !row[2][0]
			   || !row[3] || !row[3][0])
			{
				continue;
			}

			username=row[0];
			uid=atol(row[1]); /* FIXME use strtol to validate */
			gid=atol(row[2]);
			homedir=row[3];
			maildir=row[4];
			options=row[5];

			if (maildir && !*maildir)
				maildir=NULL;

			(*cb_func)(username, uid, gid, homedir,
				   maildir, options, void_arg);
		}
	}
	/* NULL row could indicate end of result or an error */
	if (mysql_errno(mysql))
	{
		DPRINTF("mysql error during enumeration: %s", mysql_error(mysql));
	}
	else
		(*cb_func)(NULL, 0, 0, NULL, NULL, NULL, void_arg);

	if (result) mysql_free_result(result);
}