1 #if defined(DB_MYSQL) && defined(DB)
4 Writen by Devrim SERAL(devrim@tef.gazi.edu.tr)
11 #define AUTHSQL "SELECT %s FROM %s WHERE %s=\"%s\""
12 #define ACCTSQL "INSERT INTO %s (usern,s_name,c_name,elapsed_time,bytes_in,bytes_out,fin_t) VALUES (\"%s\",\"%s\",\"%s\",%s,%s,%s,NOW())"
17 MYSQL_FIELD *table_field;
19 int mysql_db_verify(user, users_passwd, db_user, db_password,
20 db_hostname,db_name, db_table, dbfield_name, dbfield_passwd)
23 char *user, *users_passwd; /* Username and gived password */
24 char *db_user; /* db's parameters */
38 if (debug & DEBUG_AUTHEN_FLAG)
39 report(LOG_DEBUG, "MySQL: verify %s", user);
41 /* Connect database server */
43 if ( !( mysql_connect(&mysqldb,db_hostname,db_user,db_password) ) )
45 if (debug & DEBUG_AUTHEN_FLAG)
46 report(LOG_DEBUG, "MySQL: cannot connect as %s", db_user);
52 if ( mysql_select_db(&mysqldb,db_name) )
54 if (debug & DEBUG_AUTHEN_FLAG)
55 report(LOG_DEBUG, "MySQL: cannot find database named %s",db_name);
59 /* Check select string length */
61 sql_len=strlen(dbfield_passwd)+strlen(dbfield_name)+strlen(db_table)+strlen(user)+strlen(AUTHSQL);
63 if ( sql_len> SQLCMDL )
65 if (debug & DEBUG_AUTHEN_FLAG)
66 report(LOG_DEBUG, "MySQL: Sql cmd exceed alowed limits");
70 /* Prepare select string */
72 mysqlcmd=(char *) malloc(sql_len);
75 if (debug & DEBUG_AUTHEN_FLAG)
76 report(LOG_ERR, "mysql_db_verify: mysqlcmd malloc error");
80 sprintf(mysqlcmd,AUTHSQL,dbfield_passwd,db_table,dbfield_name,user);
84 if (mysql_query(&mysqldb,mysqlcmd))
86 if (debug & DEBUG_AUTHEN_FLAG)
87 report(LOG_DEBUG, "MySQL: cannot query database ");
94 if (!(res = mysql_store_result(&mysqldb)))
96 if (debug & DEBUG_AUTHEN_FLAG)
97 report(LOG_DEBUG, "MySQL: cannot store result");
101 if(!(row = mysql_fetch_row(res)))
103 if (debug & DEBUG_AUTHEN_FLAG)
104 report(LOG_DEBUG, "MySQL: cannot fetch row");
108 if (strlen(row[0]) <=0 )
110 if (debug & DEBUG_AUTHEN_FLAG)
111 report(LOG_DEBUG, "MySQL: DB passwd entry is NULL");
114 /* Allocate memory for real_passwd */
115 real_passwd=(char *) malloc(strlen(row[0])+1);
116 strcpy(real_passwd,row[0]);
120 if (debug & DEBUG_AUTHEN_FLAG)
121 report(LOG_DEBUG, "MySQL: Result not end!!");
125 mysql_free_result(res);
126 mysql_close(&mysqldb);
128 if (debug & DEBUG_AUTHEN_FLAG)
129 report(LOG_DEBUG, "MySQL: verify password '%s' to DES encrypted string '%s'", users_passwd, real_passwd);
131 /* Try to verify the password */
132 if (!des_verify(users_passwd, real_passwd)) {
137 return (1); /* Return 1 if verified, 0 otherwise. */
141 mysql_db_acct(db_user,db_password,db_hostname,db_name,db_table,s_name,c_name,a_username,elapsed_time,bytes_in,bytes_out)
143 char *db_user; /* db's parameters */
148 char *s_name, *c_name,*a_username,*elapsed_time,*bytes_in,*bytes_out;
155 /* Connect database server */
157 if (!(mysql_connect(&mysqldb,db_hostname,db_user,db_password)))
159 if (debug & DEBUG_ACCT_FLAG)
160 report(LOG_DEBUG, "MySQL: cannot connect as %s", db_user);
164 /*Select tacacs db */
166 if (mysql_select_db(&mysqldb,db_name))
168 if (debug & DEBUG_ACCT_FLAG)
169 report(LOG_DEBUG, "MySQL: cannot find database named %s",db_name);
173 /* Check buffer overflow for select string */
174 sql_len=strlen(db_table)+strlen(a_username)+strlen(s_name)+strlen(c_name)+strlen(elapsed_time)+strlen(bytes_in)+strlen(bytes_out)+strlen(ACCTSQL);
176 if ( sql_len >SQLCMDL)
178 if (debug & DEBUG_ACCT_FLAG)
179 report(LOG_DEBUG, "MySQL: Sql cmd exceed alowed limits");
184 /* Prepare select string */
185 mysqlcmd=(char *) malloc(sql_len);
188 if (debug & DEBUG_ACCT_FLAG)
189 report(LOG_ERR, "mysql_db_acct: mysqlcmd malloc error");
193 sprintf(mysqlcmd,ACCTSQL,db_table,a_username,s_name,c_name,elapsed_time,bytes_in,bytes_out);
197 if (mysql_query(&mysqldb,mysqlcmd))
199 if (debug & DEBUG_ACCT_FLAG)
200 report(LOG_DEBUG, "MySQL: cannot query database");
207 /* Check if accounting is sucess */
208 if ( mysql_affected_rows( &mysqldb ) < 0 )
210 if (debug & DEBUG_ACCT_FLAG)
211 report(LOG_DEBUG, "MySQL: Insert isn't sucess");
214 return (1); /* Return 1 if verified, 0 otherwise. */