Projects/mysql-admutils
Projects
/
mysql-admutils
13
0
Fork 0
Code Issues Pull Requests Activity

Validate user names against allowed chars

This commit is contained in:
Trygve Andre Tønnesland 2012-12-11 14:24:07 +00:00
parent 3c39c277bd
commit c2c0659bc8
4 changed files with 43 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
common.c
View File

@ -250,3 +250,17 @@ char *strmov(char *dest, const char *src) {
; ;
return dest-1; return dest-1;
} }
/* New database and user names may only use these characters in their
identifier */
const char name_validchars[] =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-";
/* Returns true if dbname contains only characters in name_validchars. */
int name_isclean(char* name) {
int reallen, cleanlen;
reallen = strlen(name);
cleanlen = strspn(name, name_validchars);
return (reallen == cleanlen);
}

1
mysql-admutils.h
View File

@ -36,6 +36,7 @@ read_config_file(void);
/* same as strcpy, but returns a pointer to the end of dest instead of start */ /* same as strcpy, but returns a pointer to the end of dest instead of start */
extern char *strmov(char *, const char *); extern char *strmov(char *, const char *);
extern int name_isclean(char*);
#ifdef _mysql_h #ifdef _mysql_h

21
mysql-dbadm.c
View File

@ -19,19 +19,6 @@
#include <sys/types.h> #include <sys/types.h>
#include <unistd.h> #include <unistd.h>
/* New database names may only use these characters in their identifier */
const char dbname_validchars[] =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-";
/* Returns true if dbname contains only characters in dbname_validchars. */
int dbname_isclean(char* dbname) {
int reallen, cleanlen;
reallen = strlen(dbname);
cleanlen = strspn(dbname, dbname_validchars);
return (reallen == cleanlen);
}
char * char *
strchr_whitespace(const char *s) strchr_whitespace(const char *s)
{ {
@ -665,7 +652,7 @@ main(int argc, char *argv[])
switch (command) { switch (command) {
case c_create: case c_create:
// We only check newly created databases. Many old ("unclean") databases are still in use. // We only check newly created databases. Many old ("unclean") databases are still in use.
if(dbname_isclean(db)) { if(name_isclean(db)) {
create(&mysql, db); create(&mysql, db);
} else { } else {
dberror(NULL, "Database name '%s' contains invalid characters.\n" dberror(NULL, "Database name '%s' contains invalid characters.\n"
@ -673,7 +660,7 @@ main(int argc, char *argv[])
} }
break; break;
case c_drop: case c_drop:
if(dbname_isclean(db)) { if(name_isclean(db)) {
drop(&mysql, db); drop(&mysql, db);
} else { } else {
dberror(NULL, "Database name '%s' contains invalid characters.\n" dberror(NULL, "Database name '%s' contains invalid characters.\n"
@ -681,7 +668,7 @@ main(int argc, char *argv[])
} }
break; break;
case c_editperm: case c_editperm:
if(dbname_isclean(db)) { if(name_isclean(db)) {
editperm(&mysql, db); editperm(&mysql, db);
} else { } else {
dberror(NULL, "Database name '%s' contains invalid characters.\n" dberror(NULL, "Database name '%s' contains invalid characters.\n"
@ -689,7 +676,7 @@ main(int argc, char *argv[])
} }
break; break;
case c_show: case c_show:
if(dbname_isclean(db)) { if(name_isclean(db)) {
show(&mysql, db); show(&mysql, db);
} else { } else {
dberror(NULL, "Database name '%s' contains invalid characters.\n" dberror(NULL, "Database name '%s' contains invalid characters.\n"

28
mysql-useradm.c
View File

@ -322,16 +322,36 @@ main(int argc, char *argv[])
switch (command) switch (command)
{ {
case c_create: case c_create:
create(&mysql, user); if(name_isclean(user)) {
create(&mysql, user);
} else {
dberror(NULL, "User name '%s' contains invalid characters.\n"
"Only A-Z, a-z, 0-9, _ (underscore) and - (dash) permitted. Skipping.", user);
}
break; break;
case c_delete: case c_delete:
delete(&mysql, user); if(name_isclean(user)) {
delete(&mysql, user);
} else {
dberror(NULL, "User name '%s' contains invalid characters.\n"
"Only A-Z, a-z, 0-9, _ (underscore) and - (dash) permitted. Skipping.", user);
}
break; break;
case c_passwd: case c_passwd:
passwd(&mysql, user); if(name_isclean(user)) {
passwd(&mysql, user);
} else {
dberror(NULL, "User name '%s' contains invalid characters.\n"
"Only A-Z, a-z, 0-9, _ (underscore) and - (dash) permitted. Skipping.", user);
}
break; break;
case c_show: case c_show:
show(&mysql, user); if(name_isclean(user)) {
show(&mysql, user);
} else {
dberror(NULL, "User name '%s' contains invalid characters.\n"
"Only A-Z, a-z, 0-9, _ (underscore) and - (dash) permitted. Skipping.", user);
}
break; break;
default: default:
fprintf(stderr, "This point should never be reached.\n"); fprintf(stderr, "This point should never be reached.\n");