X-Git-Url: http://git.jankratochvil.net/?a=blobdiff_plain;f=db_mysql.c;h=4c09f48afb19203427b0be8dd6c5cd54211c6fc4;hb=1a8e72c666b575c73e4d593d12631c4cc115aac9;hp=8aef6d4ab7ec48323e5ac97a1eb69a703dd2f95e;hpb=a4d53c2fe3dc1952c7c7d8a4283545389ba5aa64;p=tac_plus.git diff --git a/db_mysql.c b/db_mysql.c index 8aef6d4..4c09f48 100644 --- a/db_mysql.c +++ b/db_mysql.c @@ -1,216 +1,214 @@ -#if defined(DB_MYSQL) && defined(DB) - /* -Writen by Devrim SERAL(devrim@tef.gazi.edu.tr) -*/ + * Writen by Devrim SERAL(devrim@tef.gazi.edu.tr) + */ + #include "tac_plus.h" + +#if defined(DB_MYSQL) && defined(DB) + #include -#include "mysql.h" +#include +#include + +#include "db_mysql.h" +#include "report.h" +#include "pwlib.h" +#include "main.h" +#include "utils.h" + + #define SQLCMDL 1024 #define AUTHSQL "SELECT %s FROM %s WHERE %s=\"%s\"" -#define ACCTSQL "INSERT INTO %s (usern,s_name,c_name,elapsed_time,bytes_in,bytes_out,fin_t) VALUES (\"%s\",\"%s\",\"%s\",%s,%s,%s,NOW())" +#define ACCTSQL "INSERT INTO %s (usern,s_name,c_name,elapsed_time,bytes_in,bytes_out,fin_t) VALUES (\"%s\",\"%s\",\"%s\",%s,%s,%s,NOW())" -MYSQL mysqldb; -MYSQL_RES *res; -MYSQL_ROW row; -MYSQL_FIELD *table_field; - -int mysql_db_verify(user, users_passwd, db_user, db_password, - db_hostname,db_name, db_table, dbfield_name, dbfield_passwd) +static MYSQL mysqldb; +static MYSQL_RES *res; +static MYSQL_ROW row; -char *user, *users_passwd; /* Username and gived password */ -char *db_user; /* db's parameters */ -char *db_password; -char *db_hostname; -char *db_name; -char *db_table; -char *dbfield_name; -char *dbfield_passwd; +int mysql_db_verify TAC_ARGS((const char *user, const char *users_passwd, const char *db_user, const char *db_password, const char *db_hostname, const char *db_name, const char *db_table, const char *dbfield_name, const char *dbfield_passwd)); +int mysql_db_verify(user, users_passwd, db_user, db_password, + db_hostname, db_name, db_table, dbfield_name, dbfield_passwd) +const char *user; /* username ... */ +const char *users_passwd; /* ... and given password */ +const char *db_user; /* db's parameters */ +const char *db_password; +const char *db_hostname; +const char *db_name; +const char *db_table; +const char *dbfield_name; +const char *dbfield_passwd; { + char *real_passwd; + char *mysqlcmd; + int sql_len; -char *real_passwd; -char *mysqlcmd; -int sql_len; - - if (debug & DEBUG_AUTHEN_FLAG) + if (debug & DEBUG_AUTHEN_FLAG) report(LOG_DEBUG, "MySQL: verify %s", user); - -/* Connect database server */ - - if ( !( mysql_connect(&mysqldb,db_hostname,db_user,db_password) ) ) - { - if (debug & DEBUG_AUTHEN_FLAG) - report(LOG_DEBUG, "MySQL: cannot connect as %s", db_user); - return(0); - } -/*Select tacacs db */ + /* Connect database server */ - if ( mysql_select_db(&mysqldb,db_name) ) - { - if (debug & DEBUG_AUTHEN_FLAG) - report(LOG_DEBUG, "MySQL: cannot find database named %s",db_name); - return(0); - } - -/* Check select string length */ + if ( !( mysql_connect(&mysqldb,db_hostname,db_user,db_password) ) ) { + if (debug & DEBUG_AUTHEN_FLAG) + report(LOG_DEBUG, "MySQL: cannot connect as %s", db_user); + return(0); + } -sql_len=strlen(dbfield_passwd)+strlen(dbfield_name)+strlen(db_table)+strlen(user)+strlen(AUTHSQL); + /* Select tacacs db */ - if ( sql_len> SQLCMDL ) - { - if (debug & DEBUG_AUTHEN_FLAG) - report(LOG_DEBUG, "MySQL: Sql cmd exceed alowed limits"); - return(0); - } + if ( mysql_select_db(&mysqldb,db_name) ) { + if (debug & DEBUG_AUTHEN_FLAG) + report(LOG_DEBUG, "MySQL: cannot find database named %s",db_name); + return(0); + } -/* Prepare select string */ + /* Check select string length */ -mysqlcmd=(char *) malloc(sql_len); + sql_len = strlen(dbfield_passwd)+strlen(dbfield_name)+strlen(db_table)+strlen(user)+strlen(AUTHSQL); -if(mysqlcmd==NULL) { + if ( sql_len> SQLCMDL ) { if (debug & DEBUG_AUTHEN_FLAG) - report(LOG_ERR, "mysql_db_verify: mysqlcmd malloc error"); + report(LOG_DEBUG, "MySQL: Sql cmd exceed alowed limits"); return(0); -} + } + + /* Prepare select string */ + + mysqlcmd = (char *) tac_malloc(sql_len); -sprintf(mysqlcmd,AUTHSQL,dbfield_passwd,db_table,dbfield_name,user); + sprintf(mysqlcmd,AUTHSQL,dbfield_passwd,db_table,dbfield_name,user); -/* Query database */ + /* Query database */ - if (mysql_query(&mysqldb,mysqlcmd)) - { + if (mysql_query(&mysqldb,mysqlcmd)) { if (debug & DEBUG_AUTHEN_FLAG) report(LOG_DEBUG, "MySQL: cannot query database "); free(mysqlcmd); return(0); - } + } free(mysqlcmd); - - if (!(res = mysql_store_result(&mysqldb))) - { + + if (!(res = mysql_store_result(&mysqldb))) { if (debug & DEBUG_AUTHEN_FLAG) report(LOG_DEBUG, "MySQL: cannot store result"); return(0); - } - - if(!(row = mysql_fetch_row(res))) - { + } + + if (!(row = mysql_fetch_row(res))) { if (debug & DEBUG_AUTHEN_FLAG) report(LOG_DEBUG, "MySQL: cannot fetch row"); return(0); - } - - if (strlen(row[0]) <=0 ) - { + } + + if (strlen(row[0]) <=0 ) { if (debug & DEBUG_AUTHEN_FLAG) report(LOG_DEBUG, "MySQL: DB passwd entry is NULL"); return(0); - } - /* Allocate memory for real_passwd */ - real_passwd=(char *) malloc(strlen(row[0])+1); - strcpy(real_passwd,row[0]); - - if (!mysql_eof(res)) - { + } + + /* Allocate memory for real_passwd */ + real_passwd=(char *) tac_malloc(strlen(row[0])+1); + strcpy(real_passwd,row[0]); + + if (!mysql_eof(res)) { if (debug & DEBUG_AUTHEN_FLAG) - report(LOG_DEBUG, "MySQL: Result not end!!"); + report(LOG_DEBUG, "MySQL: Result not end!!"); return(0); - } + } mysql_free_result(res); mysql_close(&mysqldb); - -if (debug & DEBUG_AUTHEN_FLAG) - report(LOG_DEBUG, "MySQL: verify password '%s' to DES encrypted string '%s'", users_passwd, real_passwd); + + if (debug & DEBUG_AUTHEN_FLAG) + report(LOG_DEBUG, "MySQL: verify password '%s' to DES encrypted string '%s'", users_passwd, real_passwd); /* Try to verify the password */ if (!des_verify(users_passwd, real_passwd)) { free(real_passwd); return (0); } + free(real_passwd); return (1); /* Return 1 if verified, 0 otherwise. */ } -int -mysql_db_acct(db_user,db_password,db_hostname,db_name,db_table,s_name,c_name,a_username,elapsed_time,bytes_in,bytes_out) -char *db_user; /* db's parameters */ -char *db_password; -char *db_hostname; -char *db_name; -char *db_table; -char *s_name, *c_name,*a_username,*elapsed_time,*bytes_in,*bytes_out; +int mysql_db_acct TAC_ARGS((const char *db_user, const char *db_password, const char *db_hostname, const char *db_name, const char *db_table, const char *s_name, const char *c_name, const char *a_username, const char *elapsed_time, const char *bytes_in, const char *bytes_out)); +int +mysql_db_acct(db_user,db_password,db_hostname,db_name,db_table,s_name,c_name,a_username,elapsed_time,bytes_in,bytes_out) +const char *db_user; /* db's parameters */ +const char *db_password; +const char *db_hostname; +const char *db_name; +const char *db_table; +const char *s_name; +const char *c_name; +const char *a_username; +const char *elapsed_time; +const char *bytes_in; +const char *bytes_out; { + char *mysqlcmd; + int sql_len; -char *mysqlcmd; -int sql_len; - -/* Connect database server */ + /* Connect database server */ - if (!(mysql_connect(&mysqldb,db_hostname,db_user,db_password))) - { + if (!(mysql_connect(&mysqldb,db_hostname,db_user,db_password))) { if (debug & DEBUG_ACCT_FLAG) - report(LOG_DEBUG, "MySQL: cannot connect as %s", db_user); - return(0); - } + report(LOG_DEBUG, "MySQL: cannot connect as %s", db_user); + return(0); + } -/*Select tacacs db */ + /*Select tacacs db */ - if (mysql_select_db(&mysqldb,db_name)) - { + if (mysql_select_db(&mysqldb,db_name)) { if (debug & DEBUG_ACCT_FLAG) - report(LOG_DEBUG, "MySQL: cannot find database named %s",db_name); - return(0); - } + report(LOG_DEBUG, "MySQL: cannot find database named %s",db_name); + return(0); + } -/* Check buffer overflow for select string */ -sql_len=strlen(db_table)+strlen(a_username)+strlen(s_name)+strlen(c_name)+strlen(elapsed_time)+strlen(bytes_in)+strlen(bytes_out)+strlen(ACCTSQL); + /* Check buffer overflow for select string */ + sql_len = strlen(db_table)+strlen(a_username)+strlen(s_name)+strlen(c_name)+strlen(elapsed_time)+strlen(bytes_in)+strlen(bytes_out)+strlen(ACCTSQL); -if ( sql_len >SQLCMDL) - { + if ( sql_len >SQLCMDL) { if (debug & DEBUG_ACCT_FLAG) report(LOG_DEBUG, "MySQL: Sql cmd exceed alowed limits"); - return(0); - } - + return(0); + } -/* Prepare select string */ -mysqlcmd=(char *) malloc(sql_len); -if(mysqlcmd==NULL) { - if (debug & DEBUG_ACCT_FLAG) - report(LOG_ERR, "mysql_db_acct: mysqlcmd malloc error"); - return(0); -} + /* Prepare select string */ + mysqlcmd=(char *) tac_malloc(sql_len); -sprintf(mysqlcmd,ACCTSQL,db_table,a_username,s_name,c_name,elapsed_time,bytes_in,bytes_out); + sprintf(mysqlcmd,ACCTSQL,db_table,a_username,s_name,c_name,elapsed_time,bytes_in,bytes_out); -/* Query database */ + /* Query database */ - if (mysql_query(&mysqldb,mysqlcmd)) - { + if (mysql_query(&mysqldb,mysqlcmd)) { if (debug & DEBUG_ACCT_FLAG) - report(LOG_DEBUG, "MySQL: cannot query database"); + report(LOG_DEBUG, "MySQL: cannot query database"); free(mysqlcmd); return(0); - } + } - free(mysqlcmd); + free(mysqlcmd); -/* Check if accounting is sucess */ - if ( mysql_affected_rows( &mysqldb ) < 0 ) - { + /* Check if accounting is sucess */ + if ( mysql_affected_rows( &mysqldb ) < 0 ) { if (debug & DEBUG_ACCT_FLAG) - report(LOG_DEBUG, "MySQL: Insert isn't sucess"); + report(LOG_DEBUG, "MySQL: Insert isn't sucess"); return(0); - } - return (1); /* Return 1 if verified, 0 otherwise. */ + } + + return (1); /* Return 1 if verified, 0 otherwise. */ } -#endif + +#else /* defined(DB_MYSQL) && defined(DB) */ + +TAC_SOURCEFILE_EMPTY + +#endif /* defined(DB_MYSQL) && defined(DB) */