From 94be06af76ac85e362c42bff5824a5cd04860934 Mon Sep 17 00:00:00 2001
From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Thu, 24 Jul 2008 17:51:55 +0000
Subject: [PATCH] =?UTF-8?q?Fix=20parsing=20of=20LDAP=20URLs=20so=20it=20do?=
 =?UTF-8?q?esn't=20reject=20spaces=20in=20the=20"suffix"=20part.=20Per=20r?=
 =?UTF-8?q?eport=20from=20C=C3=A9sar=20Miguel=20Oliveira=20Alves.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/backend/libpq/auth.c | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 1a33834485d..fc5e0f4a248 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.164 2008/02/08 17:58:46 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.165 2008/07/24 17:51:55 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -1399,8 +1399,14 @@ CheckLDAPAuth(Port *port)
 	}
 
 	/*
-	 * Crack the LDAP url. We do a very trivial parse..
+	 * Crack the LDAP url. We do a very trivial parse:
+	 *
 	 * ldap[s]://<server>[:<port>]/<basedn>[;prefix[;suffix]]
+	 *
+	 * This code originally used "%127s" for the suffix, but that doesn't
+	 * work for embedded whitespace.  We know that tokens formed by
+	 * hba.c won't include newlines, so we can use a "not newline" scanset
+	 * instead.
 	 */
 
 	server[0] = '\0';
@@ -1410,13 +1416,13 @@ CheckLDAPAuth(Port *port)
 
 	/* ldap, including port number */
 	r = sscanf(port->auth_arg,
-			   "ldap://%127[^:]:%d/%127[^;];%127[^;];%127s",
+			   "ldap://%127[^:]:%d/%127[^;];%127[^;];%127[^\n]",
 			   server, &ldapport, basedn, prefix, suffix);
 	if (r < 3)
 	{
 		/* ldaps, including port number */
 		r = sscanf(port->auth_arg,
-				   "ldaps://%127[^:]:%d/%127[^;];%127[^;];%127s",
+				   "ldaps://%127[^:]:%d/%127[^;];%127[^;];%127[^\n]",
 				   server, &ldapport, basedn, prefix, suffix);
 		if (r >= 3)
 			ssl = true;
@@ -1425,14 +1431,14 @@ CheckLDAPAuth(Port *port)
 	{
 		/* ldap, no port number */
 		r = sscanf(port->auth_arg,
-				   "ldap://%127[^/]/%127[^;];%127[^;];%127s",
+				   "ldap://%127[^/]/%127[^;];%127[^;];%127[^\n]",
 				   server, basedn, prefix, suffix);
 	}
 	if (r < 2)
 	{
 		/* ldaps, no port number */
 		r = sscanf(port->auth_arg,
-				   "ldaps://%127[^/]/%127[^;];%127[^;];%127s",
+				   "ldaps://%127[^/]/%127[^;];%127[^;];%127[^\n]",
 				   server, basedn, prefix, suffix);
 		if (r >= 2)
 			ssl = true;
-- 
GitLab