rlm_sql: use escape function argument to make safe-characters per-instance rather...

author Phil Mayers <p.mayers@imperial.ac.uk>

Fri, 21 Sep 2012 16:55:48 +0000 (17:55 +0100)

committer Phil Mayers <p.mayers@imperial.ac.uk>

Fri, 5 Oct 2012 11:52:36 +0000 (12:52 +0100)
author Phil Mayers <p.mayers@imperial.ac.uk>
Fri, 21 Sep 2012 16:55:48 +0000 (17:55 +0100)
committer Phil Mayers <p.mayers@imperial.ac.uk>
Fri, 5 Oct 2012 11:52:36 +0000 (12:52 +0100)
diff --git a/src/modules/rlm_sql/rlm_sql.c b/src/modules/rlm_sql/rlm_sql.c

index 0ff428b13b7344c9e1c0ac6e1be875a80bd1984a..2dee3ff657f43104bb7ee886dfb5284f2bca32d0 100644 (file)
--- a/src/modules/rlm_sql/rlm_sql.c
+++ b/src/modules/rlm_sql/rlm_sql.c
@@ -39,8 +39,6 @@ RCSID("$Id$")
  
  #include "rlm_sql.h"
  
-static char *allowed_chars = NULL;
-
  static const CONF_PARSER section_config[] = {
         { "reference",  PW_TYPE_STRING_PTR,
           offsetof(rlm_sql_config_section_t, reference), NULL, ".query"},
@@ -155,7 +153,7 @@ static size_t sql_xlat(void *instance, REQUEST *request,
         /*
          * Do an xlat on the provided string (nice recursive operation).
          */
-       if (!radius_xlat(querystr, sizeof(querystr), fmt, request, sql_escape_func, NULL)) {
+       if (!radius_xlat(querystr, sizeof(querystr), fmt, request, sql_escape_func, inst)) {
                 radlog(L_ERR, "rlm_sql (%s): xlat failed.",
                        inst->config->xlat_name);
                 return 0;
@@ -403,8 +401,9 @@ static int generate_sql_clients(SQL_INST *inst)
  /*
   *     Translate the SQL queries.
   */
-static size_t sql_escape_func(UNUSED REQUEST *request, char *out, size_t outlen, const char *in, UNUSED void *arg)
+static size_t sql_escape_func(UNUSED REQUEST *request, char *out, size_t outlen, const char *in, void *arg)
  {
+       SQL_INST *inst = arg;
         size_t len = 0;
  
         while (in[0]) {
@@ -413,7 +412,7 @@ static size_t sql_escape_func(UNUSED REQUEST *request, char *out, size_t outlen,
                  *      mime-encoded equivalents.
                  */
                 if ((in[0] < 32) ||
-                   strchr(allowed_chars, *in) == NULL) {
+                   strchr(inst->config->allowed_chars, *in) == NULL) {
                         /*
                          *      Only 3 or less bytes available.
                          */
@@ -520,7 +519,7 @@ static int sql_get_grouplist (SQL_INST *inst, SQLSOCK *sqlsocket, REQUEST *reque
             (inst->config->groupmemb_query[0] == 0))
                 return 0;
  
-       if (!radius_xlat(querystr, sizeof(querystr), inst->config->groupmemb_query, request, sql_escape_func, NULL)) {
+       if (!radius_xlat(querystr, sizeof(querystr), inst->config->groupmemb_query, request, sql_escape_func, inst)) {
                 radlog_request(L_ERR, 0, request, "xlat \"%s\" failed.",
                                inst->config->groupmemb_query);
                 return -1;
@@ -671,7 +670,7 @@ static int rlm_sql_process_groups(SQL_INST *inst, REQUEST *request, SQLSOCK *sql
                         return -1;
                 }
                 pairadd(&request->packet->vps, sql_group);
-               if (!radius_xlat(querystr, sizeof(querystr), inst->config->authorize_group_check_query, request, sql_escape_func, NULL)) {
+               if (!radius_xlat(querystr, sizeof(querystr), inst->config->authorize_group_check_query, request, sql_escape_func, inst)) {
                         radlog_request(L_ERR, 0, request,
                                        "Error generating query; rejecting user");
                         /* Remove the grouup we added above */
@@ -699,7 +698,7 @@ static int rlm_sql_process_groups(SQL_INST *inst, REQUEST *request, SQLSOCK *sql
                                 /*
                                  *      Now get the reply pairs since the paircompare matched
                                  */
-                               if (!radius_xlat(querystr, sizeof(querystr), inst->config->authorize_group_reply_query, request, sql_escape_func, NULL)) {
+                               if (!radius_xlat(querystr, sizeof(querystr), inst->config->authorize_group_reply_query, request, sql_escape_func, inst)) {
                                         radlog_request(L_ERR, 0, request, "Error generating query; rejecting user");
                                         /* Remove the grouup we added above */
                                         pairdelete(&request->packet->vps, PW_SQL_GROUP, 0);
@@ -734,7 +733,7 @@ static int rlm_sql_process_groups(SQL_INST *inst, REQUEST *request, SQLSOCK *sql
                         /*
                          *      Now get the reply pairs since the paircompare matched
                          */
-                       if (!radius_xlat(querystr, sizeof(querystr), inst->config->authorize_group_reply_query, request, sql_escape_func, NULL)) {
+                       if (!radius_xlat(querystr, sizeof(querystr), inst->config->authorize_group_reply_query, request, sql_escape_func, inst)) {
                                 radlog_request(L_ERR, 0, request, "Error generating query; rejecting user");
                                 /* Remove the grouup we added above */
                                 pairdelete(&request->packet->vps, PW_SQL_GROUP, 0);
@@ -809,12 +808,6 @@ static int rlm_sql_detach(void *instance)
                         free(*p);
                         *p = NULL;
                 }
-               /*
-                *      Catch multiple instances of the module.
-                */
-               if (allowed_chars == inst->config->allowed_chars) {
-                       allowed_chars = NULL;
-               }
                 free(inst->config);
                 inst->config = NULL;
         }
@@ -1003,7 +996,6 @@ static int rlm_sql_instantiate(CONF_SECTION * conf, void **instance)
                         goto error;
                 }
         }
-       allowed_chars = inst->config->allowed_chars;
  
         *instance = inst;
  
@@ -1060,7 +1052,7 @@ static int rlm_sql_authorize(void *instance, REQUEST * request)
         /*
          * Alright, start by getting the specific entry for the user
          */
-       if (!radius_xlat(querystr, sizeof(querystr), inst->config->authorize_check_query, request, sql_escape_func, NULL)) {
+       if (!radius_xlat(querystr, sizeof(querystr), inst->config->authorize_check_query, request, sql_escape_func, inst)) {
                 radlog_request(L_ERR, 0, request, "Error generating query; rejecting user");
                 sql_release_socket(inst, sqlsocket);
                 /* Remove the username we (maybe) added above */
@@ -1089,7 +1081,7 @@ static int rlm_sql_authorize(void *instance, REQUEST * request)
                         /*
                          *      Now get the reply pairs since the paircompare matched
                          */
-                       if (!radius_xlat(querystr, sizeof(querystr), inst->config->authorize_reply_query, request, sql_escape_func, NULL)) {
+                       if (!radius_xlat(querystr, sizeof(querystr), inst->config->authorize_reply_query, request, sql_escape_func, inst)) {
                                 radlog_request(L_ERR, 0, request, "Error generating query; rejecting user");
                                 sql_release_socket(inst, sqlsocket);
                                 /* Remove the username we (maybe) added above */
@@ -1265,7 +1257,7 @@ static int rlm_sql_redundant(SQL_INST *inst, REQUEST *request,
                         goto null_query;
                 
                 radius_xlat(querystr, sizeof(querystr), value, request,
-                           sql_escape_func, NULL);
+                           sql_escape_func, inst);
                 if (!*querystr)
                         goto null_query;
                 
@@ -1379,7 +1371,7 @@ static int rlm_sql_checksimul(void *instance, REQUEST * request) {
         if(sql_set_user(inst, request, sqlusername, NULL) < 0)
                 return RLM_MODULE_FAIL;
  
-       radius_xlat(querystr, sizeof(querystr), inst->config->simul_count_query, request, sql_escape_func, NULL);
+       radius_xlat(querystr, sizeof(querystr), inst->config->simul_count_query, request, sql_escape_func, inst);
  
         /* initialize the sql socket */
         sqlsocket = sql_get_socket(inst);
@@ -1423,7 +1415,7 @@ static int rlm_sql_checksimul(void *instance, REQUEST * request) {
                 return RLM_MODULE_OK;
         }
  
-       radius_xlat(querystr, sizeof(querystr), inst->config->simul_verify_query, request, sql_escape_func, NULL);
+       radius_xlat(querystr, sizeof(querystr), inst->config->simul_verify_query, request, sql_escape_func, inst);
         if(rlm_sql_select_query(&sqlsocket, inst, querystr)) {
                 sql_release_socket(inst, sqlsocket);
                 return RLM_MODULE_FAIL;
author	Phil Mayers <p.mayers@imperial.ac.uk>
	Fri, 21 Sep 2012 16:55:48 +0000 (17:55 +0100)
committer	Phil Mayers <p.mayers@imperial.ac.uk>
	Fri, 5 Oct 2012 11:52:36 +0000 (12:52 +0100)