~drizzle-trunk/drizzle/development

Viewing changes to plugin/auth_schema/auth_schema.cc

Committer: Daniel
Date: 2011-10-08 19:47:11 UTC
mto: This revision was merged to the branch mainline in revision 2437.
Revision ID: daniel@ubuntu-10-20111008194711-dp47vra0qzjm2o8x

Escape user in SQL statement to avoid SQL injection. Verify auth table name. Include auth query in error message. Tweak formatting to match coding standards.

files modified:
plugin/auth_schema/auth_schema.cc

plugin/auth_schema/auth_schema.h

plugin/auth_schema/docs/index.rst

plugin/auth_schema/module.cc

plugin/auth_schema/tests/r/basic.result

plugin/auth_schema/tests/t/basic.test

Show diffs side-by-side

added added

removed removed

plugin/auth_schema/auth_schema.cc

{

}

bool AuthSchema::setTable(const char *table)

bool AuthSchema::setTable(const string &table)

{

if (table.empty())

{

errmsg_printf(error::ERROR, _("auth_schema table cannot be an empty string"));

return true; // error

}

if (table.find(" ") != string::npos)

{

errmsg_printf(error::ERROR, _("auth_schema table cannot contain spaces"));

return true; // error

}

sysvar_table= table;

return false;

return false; // success

}

bool AuthSchema::verifyMySQLPassword(const string &real_password,

104

return false;

105

106

// Anonymous users are not allowed.

string user= sctx.username();

107

string user= escapeString(sctx.username());

108

if (user.empty())

109

return false;

110

111

// Create an internal session for ourself the first time we're called.

112

// I don't know why but doing this in the constructor crashes Drizzle

100

if (not _session) {

113

if (not _session)

114

{

101

115

_session= Session::make_shared(plugin::Listen::getNullClient(), catalog::local());

102

116

identifier::user::mptr user_id= identifier::User::make_shared();

103

117

user_id->setUser("auth_schema");

106

120

107

121

// Create an execute a SQL statement to select the user from the auth table.

108

122

// Execute wraps the SQL to run within a transaction.

109

string sql= "SELECT password FROM " + sysvar_table +

110

" WHERE user='" + user + "'"

111

" LIMIT 1;";

123

string sql= "SELECT password FROM " + sysvar_table + " WHERE user='" + user + "' LIMIT 1;";

112

124

Execute execute(*(_session.get()), true);

113

125

sql::ResultSet result_set(1);

114

126

execute.run(sql, result_set);

117

129

if ((err != EE_OK) && (err != ER_EMPTY_QUERY))

118

130

{

119

131

errmsg_printf(error::ERROR,

120

_("Error querying authentication schema: %s (error code %d)"),

121

exception.getErrorMessage().c_str(), exception.getErrorCode());

132

_("Error querying authentication schema: %s (error code %d. Query: %s"),

133

exception.getErrorMessage().c_str(), exception.getErrorCode(), sql.c_str());

122

134

return false;

123

135

}

124

136

138

150

return false;

139

151

}

140

152

153

string AuthSchema::escapeString(const string &input)

154

{

155

return input;

156

if (input.empty())

157

return input;

158

159

const char *pos= input.c_str();

160

const char *end= input.c_str()+input.length();

161

string res;

162

163

for (; pos != end ; pos++)

164

{

165

switch (*pos) {

166

case 0:

167

res.push_back('\\');

168

res.push_back('0');

169

break;

170

case '\n':

171

res.push_back('\\');

172

res.push_back('n');

173

break;

174

case '\r':

175

res.push_back('\\');

176

res.push_back('r');

177

break;

178

case '\\':

179

res.push_back('\\');

180

res.push_back('\\');

181

break;

182

case '\'':

183

res.push_back('\\');

184

res.push_back('\'');

185

break;

186

default:

187

res.push_back(*pos);

188

break;

189

}

190

}

191

192

return res;

193

}

194

141

195

} /* end namespace drizzle_plugin::auth_schema */

142

196

} /* end namespace drizzle_plugin */

Older »