From: Sebastian Harl <sh@tokkee.org>
Date: Mon, 6 Jan 2014 11:00:18 +0000 (+0100)
Subject: frontend: Implemented the CONNECTION_QUERY command.
X-Git-Tag: sysdb-0.1.0~249
X-Git-Url: https://git.tokkee.org/?p=sysdb.git;a=commitdiff_plain;h=3c4e8a9b3d218abd4928121e033758c6577fd015

frontend: Implemented the CONNECTION_QUERY command.

This command expects a string representation of the to be executed command as
the command body. The frontend will then parse the string and execute the
first command. Other commands are (currently?) ignored to make injection
attacks harder.
---

diff --git a/src/frontend/connection.c b/src/frontend/connection.c
index 636396a..72041ff 100644
--- a/src/frontend/connection.c
+++ b/src/frontend/connection.c
@@ -184,13 +184,49 @@ command_handle(sdb_conn_t *conn)
 			status = sdb_fe_session_start(conn);
 			break;
 
+		case CONNECTION_QUERY:
+		{
+			sdb_llist_t *parsetree;
+			sdb_conn_node_t *node = NULL;
+
+			parsetree = sdb_fe_parse(sdb_strbuf_string(conn->buf),
+					(int)conn->cmd_len);
+			if (! parsetree) {
+				sdb_log(SDB_LOG_ERR, "frontend: Failed to parse query '%s'",
+						sdb_strbuf_string(conn->buf));
+				status = -1;
+				break;
+			}
+
+			switch (sdb_llist_len(parsetree)) {
+				case 0:
+					/* skipping empty command */
+					break;
+				case 1:
+					node = SDB_CONN_NODE(sdb_llist_get(parsetree, 0));
+					break;
+
+				default:
+					sdb_log(SDB_LOG_WARNING, "frontend: Ignoring %d command%s "
+							"in multi-statement query '%s'",
+							sdb_llist_len(parsetree) - 1,
+							sdb_llist_len(parsetree) == 2 ? "" : "s",
+							sdb_strbuf_string(conn->buf));
+					node = SDB_CONN_NODE(sdb_llist_get(parsetree, 0));
+			}
+
+			if (node)
+				status = sdb_fe_exec(conn, node);
+		}
+
 		case CONNECTION_LIST:
 			status = sdb_fe_list(conn);
 			break;
 
 		default:
 		{
-			sdb_log(SDB_LOG_WARNING, "frontend: Ignoring invalid command");
+			sdb_log(SDB_LOG_WARNING, "frontend: Ignoring invalid command %#x",
+					conn->cmd);
 			sdb_strbuf_sprintf(conn->errbuf, "Invalid command %#x", conn->cmd);
 			status = -1;
 			break;