1 ===================================================================
2 RCS file: /web/pages/us.freeradius.org/cvs/radiusd/src/modules/rlm_sql/rlm_sql.c,v
3 retrieving revision 1.131.2.1
4 retrieving revision 1.131.2.3
5 diff -u -p -r1.131.2.1 -r1.131.2.3
6 --- radiusd/src/modules/rlm_sql/rlm_sql.c 2004/09/30 14:54:22 1.131.2.1
7 +++ radiusd/src/modules/rlm_sql/rlm_sql.c 2005/05/18 13:22:18 1.131.2.3
10 * Main SQL module file. Most ICRADIUS code is located in sql.c
15 * This program is free software; you can redistribute it and/or modify
16 * it under the terms of the GNU General Public License as published by
20 static const char rcsid[] =
26 @@ -158,6 +158,7 @@ static int rlm_sql_init(void) {
28 static int sql_set_user(SQL_INST *inst, REQUEST *request, char *sqlusername, const char *username);
29 static int generate_sql_clients(SQL_INST *inst);
30 +static int sql_escape_func(char *out, int outlen, const char *in);
33 * sql xlat function. Right now only SELECTs are supported. Only
34 @@ -184,7 +185,7 @@ static int sql_xlat(void *instance, REQU
36 * Do an xlat on the provided string (nice recursive operation).
38 - if (!radius_xlat(querystr, sizeof(querystr), fmt, request, func)) {
39 + if (!radius_xlat(querystr, sizeof(querystr), fmt, request, sql_escape_func)) {
40 radlog(L_ERR, "rlm_sql (%s): xlat failed.",
41 inst->config->xlat_name);
43 @@ -409,18 +410,18 @@ static int sql_escape_func(char *out, in
47 - * Only one byte left.
54 * Non-printable characters get replaced with their
55 * mime-encoded equivalents.
58 strchr(allowed_chars, *in) == NULL) {
60 + * Only 3 or less bytes available.
66 snprintf(out, outlen, "=%02X", (unsigned char) in[0]);
69 @@ -430,7 +431,14 @@ static int sql_escape_func(char *out, in
73 - * Else it's a nice character.
74 + * Only one byte left.
81 + * Allowed character.
85 @@ -517,7 +525,7 @@ static int sql_groupcmp(void *instance,
87 if (sql_set_user(inst, req, sqlusername, 0) < 0)
89 - if (!radius_xlat(querystr, sizeof(querystr), inst->config->groupmemb_query, req, NULL)){
90 + if (!radius_xlat(querystr, sizeof(querystr), inst->config->groupmemb_query, req, sql_escape_func)){
91 radlog(L_ERR, "rlm_sql (%s): xlat failed.",
92 inst->config->xlat_name);
93 /* Remove the username we (maybe) added above */
94 @@ -1149,7 +1157,7 @@ static int rlm_sql_checksimul(void *inst
95 if(sql_set_user(inst, request, sqlusername, 0) <0)
96 return RLM_MODULE_FAIL;
98 - radius_xlat(querystr, sizeof(querystr), inst->config->simul_count_query, request, NULL);
99 + radius_xlat(querystr, sizeof(querystr), inst->config->simul_count_query, request, sql_escape_func);
101 /* initialize the sql socket */
102 sqlsocket = sql_get_socket(inst);
103 @@ -1193,7 +1201,7 @@ static int rlm_sql_checksimul(void *inst
104 return RLM_MODULE_OK;
107 - radius_xlat(querystr, sizeof(querystr), inst->config->simul_verify_query, request, NULL);
108 + radius_xlat(querystr, sizeof(querystr), inst->config->simul_verify_query, request, sql_escape_func);
109 if(rlm_sql_select_query(sqlsocket, inst, querystr)) {
110 radlog(L_ERR, "rlm_sql (%s): sql_checksimul: Database query error", inst->config->xlat_name);
111 sql_release_socket(inst, sqlsocket);