diff -ur cyrus-sasl-1.5.24/acconfig.h cyrus-sasl-1.5.24/acconfig.h --- cyrus-sasl-1.5.24/acconfig.h Wed Jul 5 18:59:25 2000 +++ cyrus-sasl-1.5.24/acconfig.h Sat Apr 28 17:29:09 2001 @@ -84,6 +84,9 @@ /* do we have PAM for plaintext password checking? */ #undef HAVE_PAM +/* do we have MySQL for plaintext password checking? */ +#undef HAVE_MYSQL + /* what flavor of GSSAPI are we using? */ #undef HAVE_GSS_C_NT_HOSTBASED_SERVICE diff -ur cyrus-sasl-1.5.24/configure.in cyrus-sasl-1.5.24/configure.in --- cyrus-sasl-1.5.24/configure.in Fri Jul 21 04:35:01 2000 +++ cyrus-sasl-1.5.24/configure.in Sat Apr 28 17:29:23 2001 @@ -271,6 +271,43 @@ fi AC_SUBST(LIB_SIA) +dnl ----------- +dnl MySQL Start +dnl ----------- +AC_ARG_WITH(mysql, [ --with-mysql=DIR use MySQL (rooted in DIR) [yes] ], + with_mysql=$withval, + with_mysql=yes) +AC_MSG_CHECKING(MySQL support) +case "$with_mysql" in + no) + ;; + yes) + with_mysql_inc=/usr/include/mysql + with_mysql_lib=/usr/lib/mysql + ;; + *) + with_mysql_inc="$with_mysql"/include + with_mysql_lib="$with_mysql"/lib + ;; +esac +if test $with_mysql != no; then + if test ! -d "$with_mysql_inc"; then + AC_MSG_ERROR("Unable to find MySQL include dir") + fi + if test ! -d "$with_mysql_lib"; then + AC_MSG_ERROR("Unable to find MySQL libs dir") + fi + AC_DEFINE(HAVE_MYSQL) + CPPFLAGS="$CPPFLAGS -I${with_mysql_inc}" + LDFLAGS="$LDFLAGS -L${with_mysql_lib}" + LIB_MYSQL="-lmysqlclient" + AC_SUBST(LIB_MYSQL) +fi +AC_MSG_RESULT($with_mysql) +dnl --------- +dnl MySQL End +dnl --------- + AC_ARG_WITH(pam, [ --with-pam=DIR use PAM (rooted in DIR) [yes] ], with_pam=$withval, with_pam=yes) @@ -559,6 +596,9 @@ if test "$sia" != no; then PLAIN_LIBS="$PLAIN_LIBS $LIB_SIA" fi + if test "$with_mysql" != no; then + PLAIN_LIBS="$PLAIN_LIBS $LIB_MYSQL" + fi fi AC_SUBST(PLAIN_LIBS) diff -ur cyrus-sasl-1.5.24/lib/checkpw.c cyrus-sasl-1.5.24/lib/checkpw.c --- cyrus-sasl-1.5.24/lib/checkpw.c Thu Jul 20 03:24:13 2000 +++ cyrus-sasl-1.5.24/lib/checkpw.c Sat Apr 28 17:29:16 2001 @@ -902,6 +902,133 @@ #endif +#ifdef HAVE_MYSQL +/* DMZ mysql auth 12/29/1999 */ +/* RokWell 2001.04.28 + - Ported DMZ patches to 1.5.24 + - sprintf() possible buffer overflow fix + - fix for SQL query exploit + - Multiple fixes/updates + */ +#include "mysql.h" +#define QUERY_STRING "select %s from %s where %s = '%s' and %s = '%s' limit 1" +//#define QUERY_STRING "select %s from %s where %s = '%s' and %s = password('%s') limit 1" +#define QUERY_STRING_SIZE 300 + +int mysql_verify_password(sasl_conn_t *conn, + const char *userid, + const char *password, + const char *service __attribute__((unused)), + const char *user_realm __attribute__((unused)), + const char **reply + ) +{ + MYSQL *mysql; + MYSQL_RES *result; + char qbuf[QUERY_STRING_SIZE]; + char *db_user=NULL, + *db_passwd=NULL, + *db_host=NULL, + *db_database=NULL, + *db_table=NULL, + *db_uidcol=NULL, + *db_pwcol=NULL; + char *esc_uid; + char *esc_pass; + sasl_getopt_t *getopt; + void *context; + int rc=SASL_BADAUTH; + + + if (!userid || !password) { + return SASL_BADPARAM; + } + if (reply) { *reply = NULL; } + + esc_uid=malloc(strlen(userid)*2+1); + if (!esc_uid) { + return SASL_NOMEM; + } + esc_pass=malloc(strlen(password)*2+1); + if (!esc_pass) { + free(esc_uid); + return SASL_NOMEM; + } + + /* check to see if the user configured a mysqluser/passwd/host/etc */ + if ( SASL_OK == _sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context)) { + getopt(context, NULL, "mysqluser", (const char **) &db_user, NULL); + getopt(context, NULL, "mysqlpasswd", (const char **) &db_passwd, NULL); + getopt(context, NULL, "mysqlhost", (const char **) &db_host, NULL); + getopt(context, NULL, "mysqldatabase", (const char **) &db_database, NULL); + getopt(context, NULL, "mysqltable", (const char **) &db_table, NULL); + getopt(context, NULL, "mysqluidcol", (const char **) &db_uidcol, NULL); + getopt(context, NULL, "mysqlpwcol", (const char **) &db_pwcol, NULL); + } + if (!db_user) db_user = ""; + if (!db_passwd) db_passwd = ""; + if (!db_host) db_host = ""; + if (!db_database) db_database = ""; + if (!db_table) db_table = ""; + if (!db_uidcol) db_uidcol = ""; + if (!db_pwcol) db_pwcol = ""; + + /* Init MYSQL structure */ + mysql=mysql_init(NULL); + if (!mysql) { + rc=SASL_NOMEM; + goto mysql_exit; + } + + /* Connect to MySQL db */ + if (!mysql_real_connect(mysql,db_host,db_user,db_passwd, + db_database,0,NULL,0 + ) + ) + { + rc=SASL_FAIL; + goto mysql_exit; + } + + /* Escape user suplied data -- these calls can't fail */ + mysql_real_escape_string(mysql,esc_uid,userid,strlen(userid)); + mysql_real_escape_string(mysql,esc_pass,password,strlen(password)); + + /* Build query string */ + if (-1 == snprintf(qbuf,QUERY_STRING_SIZE,QUERY_STRING, + db_uidcol,db_table,db_uidcol,esc_uid, + db_pwcol,esc_pass + ) + ) + { + rc=SASL_BUFOVER; + goto mysql_exit; + } + + /* Run query */ + if (mysql_real_query(mysql,qbuf,strlen(qbuf))) { + rc=SASL_BADPARAM; + goto mysql_exit; + } + + /* Check results */ + result=mysql_store_result(mysql); + if (result) { + if (1 == mysql_affected_rows(mysql)) { + rc=SASL_OK; + } + } + mysql_free_result(result); +mysql_exit: + mysql_close(mysql); + free(esc_uid); + memset(esc_pass,0,strlen(esc_pass)); + free(esc_pass); + return rc; +} +#endif /* HAVE MYSQL */ + + struct sasl_verify_password_s _sasl_verify_password[] = { { "sasldb", &sasldb_verify_password }, #ifdef HAVE_KRB @@ -921,6 +1048,9 @@ #endif #ifdef HAVE_PWCHECK { "pwcheck", &pwcheck_verify_password }, +#endif +#ifdef HAVE_MYSQL + { "mysql", &mysql_verify_password }, #endif { NULL, NULL } };