rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix parsing of LDAP URLs so it doesn't reject spaces in the "suffix" part. 

Per report from César Miguel Oliveira Alves.
This commit is contained in:
Tom Lane 2008-07-24 17:51:55 +00:00
parent e76ef8d581
commit 94be06af76
1 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/backend/libpq/auth.c
View File

@ -8,7 +8,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.164 2008/02/08 17:58:46 tgl Exp $ * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.165 2008/07/24 17:51:55 tgl Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -1399,8 +1399,14 @@ CheckLDAPAuth(Port *port)
} }
/* /*
* Crack the LDAP url. We do a very trivial parse.. * Crack the LDAP url. We do a very trivial parse:
*
* ldap[s]://<server>[:<port>]/<basedn>[;prefix[;suffix]] * ldap[s]://<server>[:<port>]/<basedn>[;prefix[;suffix]]
*
* This code originally used "%127s" for the suffix, but that doesn't
* work for embedded whitespace. We know that tokens formed by
* hba.c won't include newlines, so we can use a "not newline" scanset
* instead.
*/ */
server[0] = '\0'; server[0] = '\0';
@ -1410,13 +1416,13 @@ CheckLDAPAuth(Port *port)
/* ldap, including port number */ /* ldap, including port number */
r = sscanf(port->auth_arg, r = sscanf(port->auth_arg,
"ldap://%127[^:]:%d/%127[^;];%127[^;];%127s", "ldap://%127[^:]:%d/%127[^;];%127[^;];%127[^\n]",
server, &ldapport, basedn, prefix, suffix); server, &ldapport, basedn, prefix, suffix);
if (r < 3) if (r < 3)
{ {
/* ldaps, including port number */ /* ldaps, including port number */
r = sscanf(port->auth_arg, r = sscanf(port->auth_arg,
"ldaps://%127[^:]:%d/%127[^;];%127[^;];%127s", "ldaps://%127[^:]:%d/%127[^;];%127[^;];%127[^\n]",
server, &ldapport, basedn, prefix, suffix); server, &ldapport, basedn, prefix, suffix);
if (r >= 3) if (r >= 3)
ssl = true; ssl = true;
@ -1425,14 +1431,14 @@ CheckLDAPAuth(Port *port)
{ {
/* ldap, no port number */ /* ldap, no port number */
r = sscanf(port->auth_arg, r = sscanf(port->auth_arg,
"ldap://%127[^/]/%127[^;];%127[^;];%127s", "ldap://%127[^/]/%127[^;];%127[^;];%127[^\n]",
server, basedn, prefix, suffix); server, basedn, prefix, suffix);
} }
if (r < 2) if (r < 2)
{ {
/* ldaps, no port number */ /* ldaps, no port number */
r = sscanf(port->auth_arg, r = sscanf(port->auth_arg,
"ldaps://%127[^/]/%127[^;];%127[^;];%127s", "ldaps://%127[^/]/%127[^;];%127[^;];%127[^\n]",
server, basedn, prefix, suffix); server, basedn, prefix, suffix);
if (r >= 2) if (r >= 2)
ssl = true; ssl = true;