| 1 | /*$Id: checktag.c,v 1.11 1999/11/10 04:08:27 lindberg Exp $*/ |
| 2 | /*$Name: ezmlm-idx-040 $*/ |
| 3 | #include "stralloc.h" |
| 4 | #include "scan.h" |
| 5 | #include "fmt.h" |
| 6 | #include "cookie.h" |
| 7 | #include "makehash.h" |
| 8 | #include "strerr.h" |
| 9 | #include "errtxt.h" |
| 10 | #include "subscribe.h" |
| 11 | #include <mysql.h> |
| 12 | |
| 13 | static stralloc key = {0}; |
| 14 | static stralloc line = {0}; |
| 15 | static stralloc quoted = {0}; |
| 16 | static char strnum[FMT_ULONG]; |
| 17 | static char newcookie[COOKIE]; |
| 18 | |
| 19 | char *checktag (dir,num,listno,action,seed,hash) |
| 20 | /* reads dir/sql. If not present, returns success (NULL). If dir/sql is */ |
| 21 | /* present, checks hash against the cookie table. If match, returns success*/ |
| 22 | /* (NULL), else returns "". If error, returns error string. */ |
| 23 | |
| 24 | char *dir; /* the db base dir */ |
| 25 | unsigned long num; /* message number */ |
| 26 | unsigned long listno; /* bottom of range => slave */ |
| 27 | char *action; |
| 28 | char *seed; /* cookie base */ |
| 29 | char *hash; /* cookie */ |
| 30 | { |
| 31 | MYSQL_RES *result; |
| 32 | MYSQL_ROW row; |
| 33 | char *table = (char *) 0; |
| 34 | char *r; |
| 35 | |
| 36 | if ((r = opensql(dir,&table))) { |
| 37 | if (*r) return r; |
| 38 | if (!seed) return (char *) 0; /* no data - accept */ |
| 39 | |
| 40 | strnum[fmt_ulong(strnum,num)] = '\0'; /* message nr ->string*/ |
| 41 | |
| 42 | switch(slurp("key",&key,32)) { |
| 43 | case -1: |
| 44 | return ERR_READ_KEY; |
| 45 | case 0: |
| 46 | return ERR_NOEXIST_KEY; |
| 47 | } |
| 48 | |
| 49 | cookie(newcookie,key.s,key.len,strnum,seed,action); |
| 50 | if (byte_diff(hash,COOKIE,newcookie)) return ""; |
| 51 | else return (char *) 0; |
| 52 | |
| 53 | } else { |
| 54 | |
| 55 | /* SELECT msgnum FROM table_cookie WHERE msgnum=num and cookie='hash' */ |
| 56 | /* succeeds only is everything correct. 'hash' is quoted since it is */ |
| 57 | /* potentially hostile. */ |
| 58 | if (listno) { /* only for slaves */ |
| 59 | if (!stralloc_copys(&line,"SELECT listno FROM ")) return ERR_NOMEM; |
| 60 | if (!stralloc_cats(&line,table)) return ERR_NOMEM; |
| 61 | if (!stralloc_cats(&line,"_mlog WHERE listno=")) return ERR_NOMEM; |
| 62 | if (!stralloc_catb(&line,strnum,fmt_ulong(strnum,listno))) |
| 63 | return ERR_NOMEM; |
| 64 | if (!stralloc_cats(&line," AND msgnum=")) return ERR_NOMEM; |
| 65 | if (!stralloc_catb(&line,strnum,fmt_ulong(strnum,num))) return ERR_NOMEM; |
| 66 | if (!stralloc_cats(&line," AND done > 3")) return ERR_NOMEM; |
| 67 | if (mysql_real_query((MYSQL *) psql,line.s,line.len) != 0) |
| 68 | return mysql_error((MYSQL *) psql); /* query */ |
| 69 | if (!(result = mysql_use_result((MYSQL *) psql))) /* use result */ |
| 70 | return mysql_error((MYSQL *) psql); |
| 71 | if ((row = mysql_fetch_row(result))) |
| 72 | return ""; /*already done */ |
| 73 | else /* no result */ |
| 74 | if (!mysql_eof(result)) |
| 75 | return mysql_error((MYSQL *) psql); |
| 76 | mysql_free_result(result); /* free res */ |
| 77 | } |
| 78 | |
| 79 | if (!stralloc_copys(&line,"SELECT msgnum FROM ")) return ERR_NOMEM; |
| 80 | if (!stralloc_cats(&line,table)) return ERR_NOMEM; |
| 81 | if (!stralloc_cats(&line,"_cookie WHERE msgnum=")) return ERR_NOMEM; |
| 82 | if (!stralloc_catb(&line,strnum,fmt_ulong(strnum,num))) return ERR_NOMEM; |
| 83 | if (!stralloc_cats(&line," and cookie='")) return ERR_NOMEM; |
| 84 | if (!stralloc_ready("ed,COOKIE * 2 + 1)) return ERR_NOMEM; |
| 85 | quoted.len = mysql_escape_string(quoted.s,hash,COOKIE); |
| 86 | if (!stralloc_cat(&line,"ed)) return ERR_NOMEM; |
| 87 | if (!stralloc_cats(&line,"'")) return ERR_NOMEM; |
| 88 | |
| 89 | if (mysql_real_query((MYSQL *) psql,line.s,line.len) != 0) /* select */ |
| 90 | return mysql_error((MYSQL *) psql); |
| 91 | if (!(result = mysql_use_result((MYSQL *) psql))) |
| 92 | return mysql_error((MYSQL *) psql); |
| 93 | if (!mysql_fetch_row(result)) { |
| 94 | if (!mysql_eof(result)) /* some error occurred */ |
| 95 | return mysql_error((MYSQL *) psql); |
| 96 | mysql_free_result(result); /* eof => query ok, but null result*/ |
| 97 | return ""; /* not parent => perm error */ |
| 98 | } |
| 99 | mysql_free_result(result); /* success! cookie matches */ |
| 100 | if (listno) |
| 101 | (void) logmsg(dir,num,listno,0L,3); /* non-ess mysql logging */ |
| 102 | return (char *)0; |
| 103 | } |
| 104 | } |