[JDEV] XML parser problem (discovered using xdb_sql)

Jason Reineri jreineri at northridge.com
Fri Nov 2 13:58:44 CST 2001 

That is pretty odd.  Can't really offer any advice except to say that
I've been running xdb_sql for a while now and haven't seen anything
remotely resembling that problem.  The only difference in our setups is
that our jabber server is running on a Linux system, kernel version
2.4.5.  Sorry I couldn't be of more help.

Jason Reineri
Northridge Systems, Inc.

-----Original Message-----
From: Brennan, James [mailto:BrennanJ at logica.com] 
Sent: Friday, November 02, 2001 11:39 AM
To: 'jdev at jabber.org'
Subject: [JDEV] XML parser problem (discovered using xdb_sql)


hello,

I've been having problems using the xdb_sql module.
It looks like the problem is within the XML parser code of the jabber
server.
When the jabber server is started, it reads the xdb_sql XML
configuration,
which has a few text elements like the following:

      <text>
        DELETE FROM users WHERE username = '$$user$$'
      </text>

When the xdb_sql module attempts to get the element node data, it makes
a call to xmlnode_get_data() which returns an empty string with a new
line
character.
The xdb_sql module is expecting the following string to be returned:
"DELETE FROM users WHERE username = '$$user$$'"

I had to change the text of the XML configuration to the following to
make
it work.

      <text>DELETE FROM users WHERE username = '$$user$$'</text>

This may be the correct behaviour, as the first element may be
incorrectly
formatted XML?

The next problem is related to the XML parser code too.
When the xdb_sql is parsing the following XML segment,

    <!-- Authentication set query for new user -->
    <querydef name="auth0k-set">
      <text>INSERT INTO users0k (username, hash, token, sequence) VALUES
('$$username$$', '$$hash$$', '$$token$$', '$$sequence$$')</text>
      <bindvar name="user">$$username$$</bindvar>
      <bindvar name="hash">$$hash$$</bindvar>
      <bindvar name="token">$$token$$</bindvar>
      <bindvar name="sequence">$$sequence$$</bindvar>
    </querydef>

It tries to read the data for the bindvar elements. It should read four
strings,
$$username$$, $$hash$$, $$token$$ and $$sequence$$.
However, what it actually reads is:
$$username$$, $$ha, $$token$$ and $$sequence$$

Where the $$hash$$ text has not been read in completely.
This causes the xdb_sql module to replace the $$ha in the SQL command
with
the hash value
BUT leaves the sh$$ on the end, thus storing an invalid hash value in
the
database,
and this in turn does not allow the user to log back in again cause
authentication fails.
I replaced $$username$$ with $$user$$ and it worked - but that's just
bizarre.

Has anyone else noticed this?

My setup is:
jabber server 1.4.1
xdb_sql version 1.2
platform: Sun solaris 2.7
compiler: gcc version 2.95.2

This e-mail and any attachment is for authorised use by the intended
recipient(s) only.  It may contain proprietary material, confidential
information and/or be subject to legal privilege.  It should not be
copied, disclosed to, retained or used by, any other party.  If you are
not an intended recipient then please promptly delete this e-mail and
any attachment and all copies and inform the sender.  Thank you.
_______________________________________________
jdev mailing list
jdev at jabber.org
http://mailman.jabber.org/listinfo/jdev

More information about the JDev mailing list