[JDEV] XML parser problem (discovered using xdb_sql)

Brennan, James BrennanJ at logica.com
Fri Nov 2 10:38:40 CST 2001 

hello,

I've been having problems using the xdb_sql module.
It looks like the problem is within the XML parser code of the jabber
server.
When the jabber server is started, it reads the xdb_sql XML configuration,
which has a few text elements like the following:

      <text>
        DELETE FROM users WHERE username = '$$user$$'
      </text>

When the xdb_sql module attempts to get the element node data, it makes
a call to xmlnode_get_data() which returns an empty string with a new line
character.
The xdb_sql module is expecting the following string to be returned:
"DELETE FROM users WHERE username = '$$user$$'"

I had to change the text of the XML configuration to the following to make
it work.

      <text>DELETE FROM users WHERE username = '$$user$$'</text>

This may be the correct behaviour, as the first element may be incorrectly
formatted XML?

The next problem is related to the XML parser code too.
When the xdb_sql is parsing the following XML segment,

    <!-- Authentication set query for new user -->
    <querydef name="auth0k-set">
      <text>INSERT INTO users0k (username, hash, token, sequence) VALUES
('$$username$$', '$$hash$$', '$$token$$', '$$sequence$$')</text>
      <bindvar name="user">$$username$$</bindvar>
      <bindvar name="hash">$$hash$$</bindvar>
      <bindvar name="token">$$token$$</bindvar>
      <bindvar name="sequence">$$sequence$$</bindvar>
    </querydef>

It tries to read the data for the bindvar elements. It should read four
strings,
$$username$$, $$hash$$, $$token$$ and $$sequence$$.
However, what it actually reads is:
$$username$$, $$ha, $$token$$ and $$sequence$$

Where the $$hash$$ text has not been read in completely.
This causes the xdb_sql module to replace the $$ha in the SQL command with
the hash value
BUT leaves the sh$$ on the end, thus storing an invalid hash value in the
database,
and this in turn does not allow the user to log back in again cause
authentication fails.
I replaced $$username$$ with $$user$$ and it worked - but that's just
bizarre.

Has anyone else noticed this?

My setup is:
jabber server 1.4.1
xdb_sql version 1.2
platform: Sun solaris 2.7
compiler: gcc version 2.95.2

This e-mail and any attachment is for authorised use by the intended recipient(s) only.  It may contain proprietary material, confidential information and/or be subject to legal privilege.  It should not be copied, disclosed to, retained or used by, any other party.  If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender.  Thank you.

More information about the JDev mailing list