1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* Copyright (c) The Exim Maintainers 2020 */
7 /* See the file NOTICE for conditions of use and distribution. */
8
9 /* Thanks to Paul Kelly for contributing the original code for these
10 functions. */
11
12
13 #include "../exim.h"
14 #include "lf_functions.h"
15
16 #include <mysql.h> /* The system header */
17 #include <mysql_version.h>
18
19 /* We define symbols for *_VERSION_ID (numeric), *_VERSION_STR (char*)
20 and *_BASE_STR (char*). It's a bit of guesswork. Especially for mariadb
21 with versions before 10.2, as they do not define there there specific symbols.
22 */
23
24 /* Newer (>= 10.2) MariaDB */
25 #if defined MARIADB_VERSION_ID
26 #define EXIM_MxSQL_VERSION_ID MARIADB_VERSION_ID
27
28 /* MySQL defines MYSQL_VERSION_ID, and MariaDB does so */
29 /* https://dev.mysql.com/doc/refman/5.7/en/c-api-server-client-versions.html */
30 #elif defined LIBMYSQL_VERSION_ID
31 #define EXIM_MxSQL_VERSION_ID LIBMYSQL_VERSION_ID
32 #elif defined MYSQL_VERSION_ID
33 #define EXIM_MxSQL_VERSION_ID MYSQL_VERSION_ID
34
35 #else
36 #define EXIM_MYSQL_VERSION_ID 0
37 #endif
38
39 /* Newer (>= 10.2) MariaDB */
40 #ifdef MARIADB_CLIENT_VERSION_STR
41 #define EXIM_MxSQL_VERSION_STR MARIADB_CLIENT_VERSION_STR
42
43 /* Mysql uses MYSQL_SERVER_VERSION */
44 #elif defined LIBMYSQL_VERSION
45 #define EXIM_MxSQL_VERSION_STR LIBMYSQL_VERSION
46 #elif defined MYSQL_SERVER_VERSION
47 #define EXIM_MxSQL_VERSION_STR MYSQL_SERVER_VERSION
48
49 #else
50 #define EXIM_MxSQL_VERSION_STR "unknown"
51 #endif
52
53 #if defined MARIADB_BASE_VERSION
54 #define EXIM_MxSQL_BASE_STR MARIADB_BASE_VERSION
55
56 #elif defined MARIADB_PACKAGE_VERSION
57 #define EXIM_MxSQL_BASE_STR "mariadb"
58
59 #elif defined MYSQL_BASE_VERSION
60 #define EXIM_MxSQL_BASE_STR MYSQL_BASE_VERSION
61
62 #else
63 #define EXIM_MxSQL_BASE_STR "n.A."
64 #endif
65
66
67 /* Structure and anchor for caching connections. */
68
69 typedef struct mysql_connection {
70 struct mysql_connection *next;
71 uschar *server;
72 MYSQL *handle;
73 } mysql_connection;
74
75 static mysql_connection *mysql_connections = NULL;
76
77
78
79 /*************************************************
80 * Open entry point *
81 *************************************************/
82
83 /* See local README for interface description. */
84
85 static void *
mysql_open(const uschar * filename,uschar ** errmsg)86 mysql_open(const uschar * filename, uschar ** errmsg)
87 {
88 return (void *)(1); /* Just return something non-null */
89 }
90
91
92
93 /*************************************************
94 * Tidy entry point *
95 *************************************************/
96
97 /* See local README for interface description. */
98
99 static void
mysql_tidy(void)100 mysql_tidy(void)
101 {
102 mysql_connection *cn;
103 while ((cn = mysql_connections) != NULL)
104 {
105 mysql_connections = cn->next;
106 DEBUG(D_lookup) debug_printf_indent("close MYSQL connection: %s\n", cn->server);
107 mysql_close(cn->handle);
108 }
109 }
110
111
112
113 /*************************************************
114 * Internal search function *
115 *************************************************/
116
117 /* This function is called from the find entry point to do the search for a
118 single server.
119
120 Arguments:
121 query the query string
122 server the server string
123 resultptr where to store the result
124 errmsg where to point an error message
125 defer_break TRUE if no more servers are to be tried after DEFER
126 do_cache set zero if data is changed
127 opts options
128
129 The server string is of the form "host/dbname/user/password". The host can be
130 host:port. This string is in a nextinlist temporary buffer, so can be
131 overwritten.
132
133 Returns: OK, FAIL, or DEFER
134 */
135
136 static int
perform_mysql_search(const uschar * query,uschar * server,uschar ** resultptr,uschar ** errmsg,BOOL * defer_break,uint * do_cache,const uschar * opts)137 perform_mysql_search(const uschar *query, uschar *server, uschar **resultptr,
138 uschar **errmsg, BOOL *defer_break, uint *do_cache, const uschar * opts)
139 {
140 MYSQL *mysql_handle = NULL; /* Keep compilers happy */
141 MYSQL_RES *mysql_result = NULL;
142 MYSQL_ROW mysql_row_data;
143 MYSQL_FIELD *fields;
144
145 int i;
146 int yield = DEFER;
147 unsigned int num_fields;
148 gstring * result = NULL;
149 mysql_connection *cn;
150 uschar *server_copy = NULL;
151 uschar *sdata[4];
152
153 /* Disaggregate the parameters from the server argument. The order is host,
154 database, user, password. We can write to the string, since it is in a
155 nextinlist temporary buffer. The copy of the string that is used for caching
156 has the password removed. This copy is also used for debugging output. */
157
158 for (int i = 3; i > 0; i--)
159 {
160 uschar *pp = Ustrrchr(server, '/');
161 if (!pp)
162 {
163 *errmsg = string_sprintf("incomplete MySQL server data: %s",
164 (i == 3)? server : server_copy);
165 *defer_break = TRUE;
166 return DEFER;
167 }
168 *pp++ = 0;
169 sdata[i] = pp;
170 if (i == 3) server_copy = string_copy(server); /* sans password */
171 }
172 sdata[0] = server; /* What's left at the start */
173
174 /* See if we have a cached connection to the server */
175
176 for (cn = mysql_connections; cn; cn = cn->next)
177 if (Ustrcmp(cn->server, server_copy) == 0)
178 { mysql_handle = cn->handle; break; }
179
180 /* If no cached connection, we must set one up. Mysql allows for a host name
181 and port to be specified. It also allows the name of a Unix socket to be used.
182 Unfortunately, this contains slashes, but its use is expected to be rare, so
183 the rather cumbersome syntax shouldn't inconvenience too many people. We use
184 this: host:port(socket)[group] where all the parts are optional.
185 The "group" parameter specifies an option group from a MySQL option file. */
186
187 if (!cn)
188 {
189 uschar *p;
190 uschar *socket = NULL;
191 int port = 0;
192 uschar *group = US"exim";
193
194 if ((p = Ustrchr(sdata[0], '[')))
195 {
196 *p++ = 0;
197 group = p;
198 while (*p && *p != ']') p++;
199 *p = 0;
200 }
201
202 if ((p = Ustrchr(sdata[0], '(')))
203 {
204 *p++ = 0;
205 socket = p;
206 while (*p && *p != ')') p++;
207 *p = 0;
208 }
209
210 if ((p = Ustrchr(sdata[0], ':')))
211 {
212 *p++ = 0;
213 port = Uatoi(p);
214 }
215
216 if (Ustrchr(sdata[0], '/'))
217 {
218 *errmsg = string_sprintf("unexpected slash in MySQL server hostname: %s",
219 sdata[0]);
220 *defer_break = TRUE;
221 return DEFER;
222 }
223
224 /* If the database is the empty string, set it NULL - the query must then
225 define it. */
226
227 if (sdata[1][0] == 0) sdata[1] = NULL;
228
229 DEBUG(D_lookup)
230 debug_printf_indent("MYSQL new connection: host=%s port=%d socket=%s "
231 "database=%s user=%s\n", sdata[0], port, socket, sdata[1], sdata[2]);
232
233 /* Get store for a new handle, initialize it, and connect to the server */
234
235 mysql_handle = store_get(sizeof(MYSQL), FALSE);
236 mysql_init(mysql_handle);
237 mysql_options(mysql_handle, MYSQL_READ_DEFAULT_GROUP, CS group);
238 if (mysql_real_connect(mysql_handle,
239 /* host user passwd database */
240 CS sdata[0], CS sdata[2], CS sdata[3], CS sdata[1],
241 port, CS socket, CLIENT_MULTI_RESULTS) == NULL)
242 {
243 *errmsg = string_sprintf("MYSQL connection failed: %s",
244 mysql_error(mysql_handle));
245 *defer_break = FALSE;
246 goto MYSQL_EXIT;
247 }
248
249 /* Add the connection to the cache */
250
251 cn = store_get(sizeof(mysql_connection), FALSE);
252 cn->server = server_copy;
253 cn->handle = mysql_handle;
254 cn->next = mysql_connections;
255 mysql_connections = cn;
256 }
257
258 /* Else use a previously cached connection */
259
260 else
261 {
262 DEBUG(D_lookup)
263 debug_printf_indent("MYSQL using cached connection for %s\n", server_copy);
264 }
265
266 /* Run the query */
267
268 if (mysql_query(mysql_handle, CS query) != 0)
269 {
270 *errmsg = string_sprintf("MYSQL: query failed: %s\n",
271 mysql_error(mysql_handle));
272 *defer_break = FALSE;
273 goto MYSQL_EXIT;
274 }
275
276 /* Pick up the result. If the query was not of the type that returns data,
277 namely INSERT, UPDATE, or DELETE, an error occurs here. However, this situation
278 can be detected by calling mysql_field_count(). If its result is zero, no data
279 was expected (this is all explained clearly in the MySQL manual). In this case,
280 we return the number of rows affected by the command. In this event, we do NOT
281 want to cache the result; also the whole cache for the handle must be cleaned
282 up. Setting do_cache zero requests this. */
283
284 if (!(mysql_result = mysql_use_result(mysql_handle)))
285 {
286 if (mysql_field_count(mysql_handle) == 0)
287 {
288 DEBUG(D_lookup) debug_printf_indent("MYSQL: query was not one that returns data\n");
289 result = string_cat(result,
290 string_sprintf("%d", mysql_affected_rows(mysql_handle)));
291 *do_cache = 0;
292 goto MYSQL_EXIT;
293 }
294 *errmsg = string_sprintf("MYSQL: lookup result failed: %s\n",
295 mysql_error(mysql_handle));
296 *defer_break = FALSE;
297 goto MYSQL_EXIT;
298 }
299
300 /* Find the number of fields returned. If this is one, we don't add field
301 names to the data. Otherwise we do. */
302
303 num_fields = mysql_num_fields(mysql_result);
304
305 /* Get the fields and construct the result string. If there is more than one
306 row, we insert '\n' between them. */
307
308 fields = mysql_fetch_fields(mysql_result);
309
310 while ((mysql_row_data = mysql_fetch_row(mysql_result)))
311 {
312 unsigned long *lengths = mysql_fetch_lengths(mysql_result);
313
314 if (result)
315 result = string_catn(result, US"\n", 1);
316
317 if (num_fields != 1)
318 for (int i = 0; i < num_fields; i++)
319 result = lf_quote(US fields[i].name, US mysql_row_data[i], lengths[i],
320 result);
321
322 else if (mysql_row_data[0] != NULL) /* NULL value yields nothing */
323 result = string_catn(result, US mysql_row_data[0], lengths[0]);
324 }
325
326 /* more results? -1 = no, >0 = error, 0 = yes (keep looping)
327 This is needed because of the CLIENT_MULTI_RESULTS on mysql_real_connect(),
328 we don't expect any more results. */
329
330 while((i = mysql_next_result(mysql_handle)) >= 0)
331 if(i != 0)
332 {
333 *errmsg = string_sprintf(
334 "MYSQL: lookup result error when checking for more results: %s\n",
335 mysql_error(mysql_handle));
336 goto MYSQL_EXIT;
337 }
338 else /* just ignore more results */
339 DEBUG(D_lookup) debug_printf_indent("MYSQL: got unexpected more results\n");
340
341 /* If result is NULL then no data has been found and so we return FAIL.
342 Otherwise, we must terminate the string which has been built; string_cat()
343 always leaves enough room for a terminating zero. */
344
345 if (!result)
346 {
347 yield = FAIL;
348 *errmsg = US"MYSQL: no data found";
349 }
350
351 /* Get here by goto from various error checks and from the case where no data
352 was read (e.g. an update query). */
353
354 MYSQL_EXIT:
355
356 /* Free mysal store for any result that was got; don't close the connection, as
357 it is cached. */
358
359 if (mysql_result) mysql_free_result(mysql_result);
360
361 /* Non-NULL result indicates a successful result */
362
363 if (result)
364 {
365 *resultptr = string_from_gstring(result);
366 gstring_release_unused(result);
367 return OK;
368 }
369 else
370 {
371 DEBUG(D_lookup) debug_printf_indent("%s\n", *errmsg);
372 return yield; /* FAIL or DEFER */
373 }
374 }
375
376
377
378
379 /*************************************************
380 * Find entry point *
381 *************************************************/
382
383 /* See local README for interface description. The handle and filename
384 arguments are not used. The code to loop through a list of servers while the
385 query is deferred with a retryable error is now in a separate function that is
386 shared with other SQL lookups. */
387
388 static int
mysql_find(void * handle,const uschar * filename,const uschar * query,int length,uschar ** result,uschar ** errmsg,uint * do_cache,const uschar * opts)389 mysql_find(void * handle, const uschar * filename, const uschar * query,
390 int length, uschar ** result, uschar ** errmsg, uint * do_cache,
391 const uschar * opts)
392 {
393 return lf_sqlperform(US"MySQL", US"mysql_servers", mysql_servers, query,
394 result, errmsg, do_cache, opts, perform_mysql_search);
395 }
396
397
398
399 /*************************************************
400 * Quote entry point *
401 *************************************************/
402
403 /* The only characters that need to be quoted (with backslash) are newline,
404 tab, carriage return, backspace, backslash itself, and the quote characters.
405 Percent, and underscore and not escaped. They are only special in contexts
406 where they can be wild cards, and this isn't usually the case for data inserted
407 from messages, since that isn't likely to be treated as a pattern of any kind.
408 Sadly, MySQL doesn't seem to behave like other programs. If you use something
409 like "where id="ab\%cd" it does not treat the string as "ab%cd". So you really
410 can't quote "on spec".
411
412 Arguments:
413 s the string to be quoted
414 opt additional option text or NULL if none
415
416 Returns: the processed string or NULL for a bad option
417 */
418
419 static uschar *
mysql_quote(uschar * s,uschar * opt)420 mysql_quote(uschar *s, uschar *opt)
421 {
422 register int c;
423 int count = 0;
424 uschar *t = s;
425 uschar *quoted;
426
427 if (opt != NULL) return NULL; /* No options recognized */
428
429 while ((c = *t++) != 0)
430 if (Ustrchr("\n\t\r\b\'\"\\", c) != NULL) count++;
431
432 if (count == 0) return s;
433 t = quoted = store_get(Ustrlen(s) + count + 1, is_tainted(s));
434
435 while ((c = *s++) != 0)
436 {
437 if (Ustrchr("\n\t\r\b\'\"\\", c) != NULL)
438 {
439 *t++ = '\\';
440 switch(c)
441 {
442 case '\n': *t++ = 'n';
443 break;
444 case '\t': *t++ = 't';
445 break;
446 case '\r': *t++ = 'r';
447 break;
448 case '\b': *t++ = 'b';
449 break;
450 default: *t++ = c;
451 break;
452 }
453 }
454 else *t++ = c;
455 }
456
457 *t = 0;
458 return quoted;
459 }
460
461
462 /*************************************************
463 * Version reporting entry point *
464 *************************************************/
465
466 /* See local README for interface description. */
467
468 #include "../version.h"
469
470 void
mysql_version_report(FILE * f)471 mysql_version_report(FILE *f)
472 {
473 fprintf(f, "Library version: MySQL: Compile: %lu %s [%s]\n"
474 " Runtime: %lu %s\n",
475 (long)EXIM_MxSQL_VERSION_ID, EXIM_MxSQL_VERSION_STR, EXIM_MxSQL_BASE_STR,
476 mysql_get_client_version(), mysql_get_client_info());
477 #ifdef DYNLOOKUP
478 fprintf(f, " Exim version %s\n", EXIM_VERSION_STR);
479 #endif
480 }
481
482 /* These are the lookup_info blocks for this driver */
483
484 static lookup_info mysql_lookup_info = {
485 .name = US"mysql", /* lookup name */
486 .type = lookup_querystyle, /* query-style lookup */
487 .open = mysql_open, /* open function */
488 .check = NULL, /* no check function */
489 .find = mysql_find, /* find function */
490 .close = NULL, /* no close function */
491 .tidy = mysql_tidy, /* tidy function */
492 .quote = mysql_quote, /* quoting function */
493 .version_report = mysql_version_report /* version reporting */
494 };
495
496 #ifdef DYNLOOKUP
497 #define mysql_lookup_module_info _lookup_module_info
498 #endif
499
500 static lookup_info *_lookup_list[] = { &mysql_lookup_info };
501 lookup_module_info mysql_lookup_module_info = { LOOKUP_MODULE_INFO_MAGIC, _lookup_list, 1 };
502
503 /* End of lookups/mysql.c */
504