Re: problem with rlm_mysql and passwords with comma

[Paul Hampson]

On Fri, May 21, 2004 at 11:18:32AM -0400, Alan DeKok wrote:
> [EMAIL PROTECTED] (Paul Hampson) wrote:
> > Wouldn't this make strings that start with " and also contain ' break?
> 
>   Yes, but those are less likely than commas.
> 
>   It's hard to add new features without changing the way the server
> works.  If you wanted to be a little more careful, you'd also check
> that the LAST character in the string was the same as the first
> character.  That would eliminate almost all of the false positives.
> 
> > As far as SQL goes, I can't see that we need to do an xlat on single
> > or double-quoted strings, only backquoted strings.
> 
>   My preference is to move to doing dynamic expansion on *all*
> double-quoted strings.

Well, add T_DOUBLE_QUOTED_STRING and T_SINGLE_QUOTED_STRING to the cases
that do the later xlat... Although you're right, we _should_ in those
cases check that the last charcter of the original value is equal to the
first.

In fact, we'd _have_ to add T_DOUBLE_QUOTED_STRING and
T_SINGLE_QUOTED_STRING anyway, to allow values that start with `. X-(

So, even though you've committed the other patch, I feel the following
is better, as it saves an unneccessary string copy, and I think it's
clearer: On the other hand, it does call getoken always, so maybe it
should key off the initial character, and use row[3] when gettoken's not
needed.

(Not a patch, just a codeblock)

        if (row[3][0] != row[3][strlen(row[3])-1]) {
/* String starts and ends differently. Take it literally */
                pair = pairmake(row[2], row[3], pairmode);
        } else {
                ptr = row[3];
                xlat = gettoken(&ptr, value, sizeof(value));
                switch (xlat) {
                        /*
                         *      Make the full pair now.
                         */
                default:
                        pair = pairmake(row[2], row[3], pairmode);
                        break;

                case T_SINGLE_QUOTED_STRING:
                case T_DOUBLE_QUOTED_STRING:
                        pair = pairmake(row[2], value, pairmode);
                        break;

                        /*
                         *      Mark the pair to be allocated later.
                         */
                case T_BACK_QUOTED_STRING:
                        pair = pairmake(row[2], NULL, pairmode);
                        if (pair) {
                                pair->flags.do_xlat = 1;
                                strNcpy(pair->strvalue, value, sizeof(pair->strvalue));
                                pair->length = 0;
                        }
                }
        }

-- 
Paul "TBBle" Hampson, on an alternate email client.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html