increase sql var size to MED to hold the largest possible sql string.
This commit is contained in:
parent
3560d6247f
commit
2b21fe3640
|
@ -88,7 +88,7 @@ bool User::canAccess( int monitor_id ) {
|
||||||
// Function to load a user from username and password
|
// Function to load a user from username and password
|
||||||
// Please note that in auth relay mode = none, password is NULL
|
// Please note that in auth relay mode = none, password is NULL
|
||||||
User *zmLoadUser( const char *username, const char *password ) {
|
User *zmLoadUser( const char *username, const char *password ) {
|
||||||
char sql[ZM_SQL_SML_BUFSIZ] = "";
|
char sql[ZM_SQL_MED_BUFSIZ] = "";
|
||||||
char safer_username[65]; // current db username size is 32
|
char safer_username[65]; // current db username size is 32
|
||||||
|
|
||||||
// According to docs, size of safer_whatever must be 2*length+1 due to unicode conversions + null terminator.
|
// According to docs, size of safer_whatever must be 2*length+1 due to unicode conversions + null terminator.
|
||||||
|
@ -97,35 +97,40 @@ User *zmLoadUser( const char *username, const char *password ) {
|
||||||
if ( password ) {
|
if ( password ) {
|
||||||
char safer_password[129]; // current db password size is 64
|
char safer_password[129]; // current db password size is 64
|
||||||
mysql_real_escape_string(&dbconn, safer_password, password, strlen( password ) );
|
mysql_real_escape_string(&dbconn, safer_password, password, strlen( password ) );
|
||||||
snprintf( sql, sizeof(sql), "select Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds from Users where Username = '%s' and Password = password('%s') and Enabled = 1", safer_username, safer_password );
|
snprintf(sql, sizeof(sql),
|
||||||
|
"SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds"
|
||||||
|
" FROM Users WHERE Username = '%s' AND Password = password('%s') AND Enabled = 1",
|
||||||
|
safer_username, safer_password );
|
||||||
} else {
|
} else {
|
||||||
snprintf( sql, sizeof(sql), "select Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds from Users where Username = '%s' and Enabled = 1", safer_username );
|
snprintf(sql, sizeof(sql),
|
||||||
|
"SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds"
|
||||||
|
" FROM Users where Username = '%s' and Enabled = 1", safer_username );
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( mysql_query( &dbconn, sql ) ) {
|
if ( mysql_query(&dbconn, sql) ) {
|
||||||
Error( "Can't run query: %s", mysql_error( &dbconn ) );
|
Error("Can't run query: %s", mysql_error(&dbconn));
|
||||||
exit( mysql_errno( &dbconn ) );
|
exit(mysql_errno(&dbconn));
|
||||||
}
|
}
|
||||||
|
|
||||||
MYSQL_RES *result = mysql_store_result( &dbconn );
|
MYSQL_RES *result = mysql_store_result(&dbconn);
|
||||||
if ( !result ) {
|
if ( !result ) {
|
||||||
Error( "Can't use query result: %s", mysql_error( &dbconn ) );
|
Error("Can't use query result: %s", mysql_error(&dbconn));
|
||||||
exit( mysql_errno( &dbconn ) );
|
exit(mysql_errno(&dbconn));
|
||||||
}
|
}
|
||||||
int n_users = mysql_num_rows( result );
|
int n_users = mysql_num_rows(result);
|
||||||
|
|
||||||
if ( n_users != 1 ) {
|
if ( n_users != 1 ) {
|
||||||
mysql_free_result( result );
|
mysql_free_result(result);
|
||||||
Warning( "Unable to authenticate user %s", username );
|
Warning("Unable to authenticate user %s", username);
|
||||||
return( 0 );
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
MYSQL_ROW dbrow = mysql_fetch_row( result );
|
MYSQL_ROW dbrow = mysql_fetch_row(result);
|
||||||
|
|
||||||
User *user = new User( dbrow );
|
User *user = new User(dbrow);
|
||||||
Info( "Authenticated user '%s'", user->getUsername() );
|
Info("Authenticated user '%s'", user->getUsername());
|
||||||
|
|
||||||
mysql_free_result( result );
|
mysql_free_result(result);
|
||||||
|
|
||||||
return user;
|
return user;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue