Hi,
On Tue, 2004-05-18 at 12:28 -0400, Alan DeKok wrote:
> Stephan Jaeger <[EMAIL PROTECTED]> wrote:
> > since cvs version 1.76 for file /radiusd/src/modules/rlm_sql/sql.c i
> > have a problem authenticating users with rlm_mysql which have a "," in
> > their password, the problem seems to be the call to gettoken() in line
> > 367, which returns in the argument "value" only the attribute value from
> > the mysql db up to the first comma.
>
> Hmm... that is an issue.
>
> My suggestion would be to either put double quotes around the
> password, or to update sql.c, so that it calls "gettoken" ONLY if it sees the string
> starting off with ", `, or '
--- sql.c.orig 2004-05-21 16:09:03.000000000 +0200
+++ sql.c 2004-05-21 16:12:45.000000000 +0200
@@ -364,7 +364,15 @@
return 0;
ptr = row[3];
- xlat = gettoken(&ptr, value, sizeof(value));
+ xlat = T_INVALID;
+
+ if ((*ptr == '\'') ||
+ (*ptr == '"') ||
+ (*ptr == '`'))
+ xlat = gettoken(&ptr, value, sizeof(value));
+ else
+ strNcpy(&value, ptr, sizeof(value));
+
switch (xlat) {
/*
* Make the full pair now.
Would something like this be ok here?
Regards
Stephan Jaeger
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
