database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-05-05 09:19:17 +03:00
Code

Fix parsing of LDAP URLs so it doesn't reject spaces in the "suffix" part.

Browse Source 
Per report from César Miguel Oliveira Alves.
This commit is contained in:
Tom Lane 2008-07-24 17:52:09 +00:00
parent 32e409ba8a
commit a1b631b353
1 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/backend/libpq/auth.c
View File

@ -8,7 +8,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.146 2006/11/06 01:27:52 neilc Exp $ * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.146.2.1 2008/07/24 17:52:09 tgl Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -730,8 +730,14 @@ CheckLDAPAuth(Port *port)
} }
/* /*
* Crack the LDAP url. We do a very trivial parse.. * Crack the LDAP url. We do a very trivial parse:
*
* ldap[s]://<server>[:<port>]/<basedn>[;prefix[;suffix]] * ldap[s]://<server>[:<port>]/<basedn>[;prefix[;suffix]]
*
* This code originally used "%127s" for the suffix, but that doesn't
* work for embedded whitespace. We know that tokens formed by
* hba.c won't include newlines, so we can use a "not newline" scanset
* instead.
*/ */
server[0] = '\0'; server[0] = '\0';
@ -741,13 +747,13 @@ CheckLDAPAuth(Port *port)
/* ldap, including port number */ /* ldap, including port number */
r = sscanf(port->auth_arg, r = sscanf(port->auth_arg,
"ldap://%127[^:]:%i/%127[^;];%127[^;];%127s", "ldap://%127[^:]:%i/%127[^;];%127[^;];%127[^\n]",
server, &ldapport, basedn, prefix, suffix); server, &ldapport, basedn, prefix, suffix);
if (r < 3) if (r < 3)
{ {
/* ldaps, including port number */ /* ldaps, including port number */
r = sscanf(port->auth_arg, r = sscanf(port->auth_arg,
"ldaps://%127[^:]:%i/%127[^;];%127[^;];%127s", "ldaps://%127[^:]:%i/%127[^;];%127[^;];%127[^\n]",
server, &ldapport, basedn, prefix, suffix); server, &ldapport, basedn, prefix, suffix);
if (r >= 3) if (r >= 3)
ssl = true; ssl = true;
@ -756,14 +762,14 @@ CheckLDAPAuth(Port *port)
{ {
/* ldap, no port number */ /* ldap, no port number */
r = sscanf(port->auth_arg, r = sscanf(port->auth_arg,
"ldap://%127[^/]/%127[^;];%127[^;];%127s", "ldap://%127[^/]/%127[^;];%127[^;];%127[^\n]",
server, basedn, prefix, suffix); server, basedn, prefix, suffix);
} }
if (r < 2) if (r < 2)
{ {
/* ldaps, no port number */ /* ldaps, no port number */
r = sscanf(port->auth_arg, r = sscanf(port->auth_arg,
"ldaps://%127[^/]/%127[^;];%127[^;];%127s", "ldaps://%127[^/]/%127[^;];%127[^;];%127[^\n]",
server, basedn, prefix, suffix); server, basedn, prefix, suffix);
if (r >= 2) if (r >= 2)
ssl = true; ssl = true;