On Fri, May 21, 2004 at 04:20:35PM +0200, Stephan Jaeger wrote:
> Hi,
>
> On Tue, 2004-05-18 at 12:28 -0400, Alan DeKok wrote:
> > Stephan Jaeger <[EMAIL PROTECTED]> wrote:
> > > since cvs version 1.76 for file /radiusd/src/modules/rlm_sql/sql.c i
> > > have a problem authenticating users with rlm_mysql which have a "," in
> > > their password, the problem seems to be the call to gettoken() in line
> > > 367, which returns in the argument "value" only the attribute value from
> > > the mysql db up to the first comma.
> >
> > Hmm... that is an issue.
> >
> > My suggestion would be to either put double quotes around the
> > password, or to update sql.c, so that it calls "gettoken" ONLY if it sees the
> > string starting off with ", `, or '
>
> --- sql.c.orig 2004-05-21 16:09:03.000000000 +0200
> +++ sql.c 2004-05-21 16:12:45.000000000 +0200
> @@ -364,7 +364,15 @@
> return 0;
>
> ptr = row[3];
> - xlat = gettoken(&ptr, value, sizeof(value));
> + xlat = T_INVALID;
> +
> + if ((*ptr == '\'') ||
> + (*ptr == '"') ||
> + (*ptr == '`'))
> + xlat = gettoken(&ptr, value, sizeof(value));
> + else
> + strNcpy(&value, ptr, sizeof(value));
> +
> switch (xlat) {
> /*
> * Make the full pair now.
>
> Would something like this be ok here?
Wouldn't this make strings that start with " and also contain ' break?
You'd have to escape the inital quote, only it wouldn't pass through
xlat then and you'd get \" in your output string. Or put such a string
in ''s and escape any internal ''s. Which also works with the current
code.
This should also break strings containing #, ; and space, or in fact
any other expected token. Prolly the only reason I didn't hit it in
testing is that I'm using MD5 passwords at the moment...
How about the following?
(As far as SQL goes, I can't see that we need to do an xlat on single
or double-quoted strings, only backquoted strings. This lets us pretend
that everything coming from SQL is surrounded by triple-quotes or some
other magic quote character that won't ever occur in the middle of a
value)
Index: sql.c
===================================================================
RCS file: /source/radiusd/src/modules/rlm_sql/sql.c,v
retrieving revision 1.76
diff -u -r1.76 sql.c
--- sql.c 12 May 2004 14:43:37 -0000 1.76
+++ sql.c 21 May 2004 14:59:19 -0000
@@ -370,7 +370,7 @@
* Make the full pair now.
*/
default:
- pair = pairmake(row[2], value, pairmode);
+ pair = pairmake(row[2], row[3], pairmode);
break;
/*
--
Paul "TBBle" Hampson, on an alternate email client.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
