Skip to content
Snippets Groups Projects
Commit 94be06af authored by Tom Lane's avatar Tom Lane
Browse files

Fix parsing of LDAP URLs so it doesn't reject spaces in the "suffix" part.

Per report from César Miguel Oliveira Alves.
parent e76ef8d5
No related branches found
No related tags found
No related merge requests found
...@@ -8,7 +8,7 @@ ...@@ -8,7 +8,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.164 2008/02/08 17:58:46 tgl Exp $ * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.165 2008/07/24 17:51:55 tgl Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
...@@ -1399,8 +1399,14 @@ CheckLDAPAuth(Port *port) ...@@ -1399,8 +1399,14 @@ CheckLDAPAuth(Port *port)
} }
/* /*
* Crack the LDAP url. We do a very trivial parse.. * Crack the LDAP url. We do a very trivial parse:
*
* ldap[s]://<server>[:<port>]/<basedn>[;prefix[;suffix]] * ldap[s]://<server>[:<port>]/<basedn>[;prefix[;suffix]]
*
* This code originally used "%127s" for the suffix, but that doesn't
* work for embedded whitespace. We know that tokens formed by
* hba.c won't include newlines, so we can use a "not newline" scanset
* instead.
*/ */
server[0] = '\0'; server[0] = '\0';
...@@ -1410,13 +1416,13 @@ CheckLDAPAuth(Port *port) ...@@ -1410,13 +1416,13 @@ CheckLDAPAuth(Port *port)
/* ldap, including port number */ /* ldap, including port number */
r = sscanf(port->auth_arg, r = sscanf(port->auth_arg,
"ldap://%127[^:]:%d/%127[^;];%127[^;];%127s", "ldap://%127[^:]:%d/%127[^;];%127[^;];%127[^\n]",
server, &ldapport, basedn, prefix, suffix); server, &ldapport, basedn, prefix, suffix);
if (r < 3) if (r < 3)
{ {
/* ldaps, including port number */ /* ldaps, including port number */
r = sscanf(port->auth_arg, r = sscanf(port->auth_arg,
"ldaps://%127[^:]:%d/%127[^;];%127[^;];%127s", "ldaps://%127[^:]:%d/%127[^;];%127[^;];%127[^\n]",
server, &ldapport, basedn, prefix, suffix); server, &ldapport, basedn, prefix, suffix);
if (r >= 3) if (r >= 3)
ssl = true; ssl = true;
...@@ -1425,14 +1431,14 @@ CheckLDAPAuth(Port *port) ...@@ -1425,14 +1431,14 @@ CheckLDAPAuth(Port *port)
{ {
/* ldap, no port number */ /* ldap, no port number */
r = sscanf(port->auth_arg, r = sscanf(port->auth_arg,
"ldap://%127[^/]/%127[^;];%127[^;];%127s", "ldap://%127[^/]/%127[^;];%127[^;];%127[^\n]",
server, basedn, prefix, suffix); server, basedn, prefix, suffix);
} }
if (r < 2) if (r < 2)
{ {
/* ldaps, no port number */ /* ldaps, no port number */
r = sscanf(port->auth_arg, r = sscanf(port->auth_arg,
"ldaps://%127[^/]/%127[^;];%127[^;];%127s", "ldaps://%127[^/]/%127[^;];%127[^;];%127[^\n]",
server, basedn, prefix, suffix); server, basedn, prefix, suffix);
if (r >= 2) if (r >= 2)
ssl = true; ssl = true;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment