diff --git a/common.c b/common.c index 9aeb747..61a953c 100644 --- a/common.c +++ b/common.c @@ -250,3 +250,17 @@ char *strmov(char *dest, const char *src) { ; return dest-1; } + +/* New database and user names may only use these characters in their + identifier */ +const char name_validchars[] = + "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-"; + +/* Returns true if dbname contains only characters in name_validchars. */ +int name_isclean(char* name) { + int reallen, cleanlen; + reallen = strlen(name); + cleanlen = strspn(name, name_validchars); + return (reallen == cleanlen); +} + diff --git a/mysql-admutils.h b/mysql-admutils.h index 618e681..1ee0cdc 100644 --- a/mysql-admutils.h +++ b/mysql-admutils.h @@ -36,6 +36,7 @@ read_config_file(void); /* same as strcpy, but returns a pointer to the end of dest instead of start */ extern char *strmov(char *, const char *); +extern int name_isclean(char*); #ifdef _mysql_h diff --git a/mysql-dbadm.c b/mysql-dbadm.c index 38eba14..bc21dc6 100644 --- a/mysql-dbadm.c +++ b/mysql-dbadm.c @@ -19,19 +19,6 @@ #include #include -/* New database names may only use these characters in their identifier */ -const char dbname_validchars[] = - "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-"; - - -/* Returns true if dbname contains only characters in dbname_validchars. */ -int dbname_isclean(char* dbname) { - int reallen, cleanlen; - reallen = strlen(dbname); - cleanlen = strspn(dbname, dbname_validchars); - return (reallen == cleanlen); -} - char * strchr_whitespace(const char *s) { @@ -665,7 +652,7 @@ main(int argc, char *argv[]) switch (command) { case c_create: // We only check newly created databases. Many old ("unclean") databases are still in use. - if(dbname_isclean(db)) { + if(name_isclean(db)) { create(&mysql, db); } else { dberror(NULL, "Database name '%s' contains invalid characters.\n" @@ -673,7 +660,7 @@ main(int argc, char *argv[]) } break; case c_drop: - if(dbname_isclean(db)) { + if(name_isclean(db)) { drop(&mysql, db); } else { dberror(NULL, "Database name '%s' contains invalid characters.\n" @@ -681,7 +668,7 @@ main(int argc, char *argv[]) } break; case c_editperm: - if(dbname_isclean(db)) { + if(name_isclean(db)) { editperm(&mysql, db); } else { dberror(NULL, "Database name '%s' contains invalid characters.\n" @@ -689,7 +676,7 @@ main(int argc, char *argv[]) } break; case c_show: - if(dbname_isclean(db)) { + if(name_isclean(db)) { show(&mysql, db); } else { dberror(NULL, "Database name '%s' contains invalid characters.\n" diff --git a/mysql-useradm.c b/mysql-useradm.c index 7ab4a30..bfb3acb 100644 --- a/mysql-useradm.c +++ b/mysql-useradm.c @@ -322,16 +322,36 @@ main(int argc, char *argv[]) switch (command) { case c_create: - create(&mysql, user); + if(name_isclean(user)) { + create(&mysql, user); + } else { + dberror(NULL, "User name '%s' contains invalid characters.\n" + "Only A-Z, a-z, 0-9, _ (underscore) and - (dash) permitted. Skipping.", user); + } break; case c_delete: - delete(&mysql, user); + if(name_isclean(user)) { + delete(&mysql, user); + } else { + dberror(NULL, "User name '%s' contains invalid characters.\n" + "Only A-Z, a-z, 0-9, _ (underscore) and - (dash) permitted. Skipping.", user); + } break; case c_passwd: - passwd(&mysql, user); + if(name_isclean(user)) { + passwd(&mysql, user); + } else { + dberror(NULL, "User name '%s' contains invalid characters.\n" + "Only A-Z, a-z, 0-9, _ (underscore) and - (dash) permitted. Skipping.", user); + } break; case c_show: - show(&mysql, user); + if(name_isclean(user)) { + show(&mysql, user); + } else { + dberror(NULL, "User name '%s' contains invalid characters.\n" + "Only A-Z, a-z, 0-9, _ (underscore) and - (dash) permitted. Skipping.", user); + } break; default: fprintf(stderr, "This point should never be reached.\n");