mirror of
				https://github.com/postgres/postgres.git
				synced 2025-10-25 13:17:41 +03:00 
			
		
		
		
	Fix parsing of LDAP URLs so it doesn't reject spaces in the "suffix" part.
Per report from César Miguel Oliveira Alves.
This commit is contained in:
		| @@ -8,7 +8,7 @@ | |||||||
|  * |  * | ||||||
|  * |  * | ||||||
|  * IDENTIFICATION |  * IDENTIFICATION | ||||||
|  *	  $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.164 2008/02/08 17:58:46 tgl Exp $ |  *	  $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.165 2008/07/24 17:51:55 tgl Exp $ | ||||||
|  * |  * | ||||||
|  *------------------------------------------------------------------------- |  *------------------------------------------------------------------------- | ||||||
|  */ |  */ | ||||||
| @@ -1399,8 +1399,14 @@ CheckLDAPAuth(Port *port) | |||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	/* | 	/* | ||||||
| 	 * Crack the LDAP url. We do a very trivial parse.. | 	 * Crack the LDAP url. We do a very trivial parse: | ||||||
|  | 	 * | ||||||
| 	 * ldap[s]://<server>[:<port>]/<basedn>[;prefix[;suffix]] | 	 * ldap[s]://<server>[:<port>]/<basedn>[;prefix[;suffix]] | ||||||
|  | 	 * | ||||||
|  | 	 * This code originally used "%127s" for the suffix, but that doesn't | ||||||
|  | 	 * work for embedded whitespace.  We know that tokens formed by | ||||||
|  | 	 * hba.c won't include newlines, so we can use a "not newline" scanset | ||||||
|  | 	 * instead. | ||||||
| 	 */ | 	 */ | ||||||
|  |  | ||||||
| 	server[0] = '\0'; | 	server[0] = '\0'; | ||||||
| @@ -1410,13 +1416,13 @@ CheckLDAPAuth(Port *port) | |||||||
|  |  | ||||||
| 	/* ldap, including port number */ | 	/* ldap, including port number */ | ||||||
| 	r = sscanf(port->auth_arg, | 	r = sscanf(port->auth_arg, | ||||||
| 			   "ldap://%127[^:]:%d/%127[^;];%127[^;];%127s", | 			   "ldap://%127[^:]:%d/%127[^;];%127[^;];%127[^\n]", | ||||||
| 			   server, &ldapport, basedn, prefix, suffix); | 			   server, &ldapport, basedn, prefix, suffix); | ||||||
| 	if (r < 3) | 	if (r < 3) | ||||||
| 	{ | 	{ | ||||||
| 		/* ldaps, including port number */ | 		/* ldaps, including port number */ | ||||||
| 		r = sscanf(port->auth_arg, | 		r = sscanf(port->auth_arg, | ||||||
| 				   "ldaps://%127[^:]:%d/%127[^;];%127[^;];%127s", | 				   "ldaps://%127[^:]:%d/%127[^;];%127[^;];%127[^\n]", | ||||||
| 				   server, &ldapport, basedn, prefix, suffix); | 				   server, &ldapport, basedn, prefix, suffix); | ||||||
| 		if (r >= 3) | 		if (r >= 3) | ||||||
| 			ssl = true; | 			ssl = true; | ||||||
| @@ -1425,14 +1431,14 @@ CheckLDAPAuth(Port *port) | |||||||
| 	{ | 	{ | ||||||
| 		/* ldap, no port number */ | 		/* ldap, no port number */ | ||||||
| 		r = sscanf(port->auth_arg, | 		r = sscanf(port->auth_arg, | ||||||
| 				   "ldap://%127[^/]/%127[^;];%127[^;];%127s", | 				   "ldap://%127[^/]/%127[^;];%127[^;];%127[^\n]", | ||||||
| 				   server, basedn, prefix, suffix); | 				   server, basedn, prefix, suffix); | ||||||
| 	} | 	} | ||||||
| 	if (r < 2) | 	if (r < 2) | ||||||
| 	{ | 	{ | ||||||
| 		/* ldaps, no port number */ | 		/* ldaps, no port number */ | ||||||
| 		r = sscanf(port->auth_arg, | 		r = sscanf(port->auth_arg, | ||||||
| 				   "ldaps://%127[^/]/%127[^;];%127[^;];%127s", | 				   "ldaps://%127[^/]/%127[^;];%127[^;];%127[^\n]", | ||||||
| 				   server, basedn, prefix, suffix); | 				   server, basedn, prefix, suffix); | ||||||
| 		if (r >= 2) | 		if (r >= 2) | ||||||
| 			ssl = true; | 			ssl = true; | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user