/usr/share/perl5/Apache/Ocsinventory/Interface/Database.pm is in ocsinventory-server 2.0.5-1.1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 | ###############################################################################
## OCSINVENTORY-NG
## Copyleft Pascal DANEK 2008
## Web : http://www.ocsinventory-ng.org
##
## This code is open source and may be copied and modified as long as the source
## code is always made freely available.
## Please refer to the General Public Licence http://www.gnu.org/ or Licence.txt
################################################################################
package Apache::Ocsinventory::Interface::Database;
use strict;
require Exporter;
our @ISA = qw /Exporter/;
our @EXPORT = qw /
database_connect
get_sth
get_dbh_write
get_dbh_read
do_sql
get_table_pk
get_type_name
untaint_dbstring
untaint_dbstring_lst
/;
# Database connection
sub database_connect{
my $dbHost;
my $dbName;
my $dbPort;
my $dbUser;
my $dbPwd;
my %params;
my $mode = shift;
if( $mode eq 'read' && $ENV{'OCS_DB_SL_HOST'} ){
$dbHost = $ENV{'OCS_DB_SL_HOST'};
$dbName = $ENV{'OCS_DB_SL_NAME'}||'ocsweb';
$dbPort = $ENV{'OCS_DB_SL_PORT'}||'3306';
$dbUser = $ENV{'OCS_DB_SL_USER'};
$dbPwd = $Apache::Ocsinventory::SOAP::apache_req->dir_config('OCS_DB_SL_PWD');
}
else{
$dbHost = $ENV{'OCS_DB_HOST'};
$dbName = $ENV{'OCS_DB_NAME'}||'ocsweb';
$dbPort = $ENV{'OCS_DB_PORT'}||'3306';
$dbUser = $ENV{'OCS_DB_USER'};
$dbPwd = $Apache::Ocsinventory::SOAP::apache_req->dir_config('OCS_DB_PWD');
}
# Optionnaly a mysql socket different than the client's built in
$params{'mysql_socket'} = $ENV{'OCS_OPT_DBI_MYSQL_SOCKET'} if $ENV{'OCS_OPT_DBI_MYSQL_SOCKET'};
# Connection...
my $dbh = DBI->connect( "DBI:mysql:database=$dbName;host=$dbHost;port=$dbPort", $dbUser, $dbPwd, \%params);
$dbh->do("SET NAMES 'utf8'") if($dbh && $ENV{'OCS_OPT_UNICODE_SUPPORT'});
$dbh->do("SET sql_mode='NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION'");
return $dbh;
}
# Process the sql requests (prepare)
sub get_sth {
my ($sql, @values) = @_;
my $dbh = database_connect( get_db_mode( $sql ) );
my $request = $dbh->prepare( $sql );
$request->execute( @values ) or die("==Bad request==\nSQL:$sql\nDATAS:".join "> <", @values, "\n");
return $request;
}
# Return dbi handles for particular use
sub get_dbh_write {
return database_connect('write') ;
}
sub get_dbh_read {
return database_connect('read') ;
}
# Process the sql requests (do)
sub do_sql {
my ($sql, @values) = @_;
my $dbh = database_connect( get_db_mode($sql) );
return $dbh->do( $sql, {}, @values );
}
# Return the id field of an inventory section
sub get_table_pk{
my $section = shift;
return ($section eq 'hardware')?'ID':'HARDWARE_ID';
}
sub get_type_name{
my ($section, $field, $value) = @_ ;
my $table_name = 'type_'.lc $section.'_'.lc $field ;
my $name ;
my $existsSql = "SELECT NAME FROM $table_name WHERE ID=?" ;
my $existsReq = get_sth($existsSql, $value) ;
my $row = $existsReq->fetchrow_hashref() ;
$name = $row->{NAME} ;
$existsReq->finish ;
return $name ;
}
sub untaint_dbstring{
my $string = shift;
$string =~ s/"/\\"/g;
$string =~ s/'/\\'/g;
return $string;
}
sub untaint_dbstring_lst{
my @list = @_;
my @quoted;
for (@list){
push @quoted, untaint_dbstring($_);
}
return @quoted;
}
sub get_db_mode {
my $sql = shift;
if( $sql =~ /select|show/i ){
return 'read';
}
else{
return 'write';
}
}
1;
|