use sizeof instead of strlen/hardcoded-consts

2025-01-06 10:46:21 +08:00 · 2002-01-02 17:04:09 +00:00 · 2002-01-02 17:04:09 +00:00 · c603bc3946
commit c603bc3946
parent af121f0489
2 changed files with 44 additions and 61 deletions
--- a/servers/slapd/sasl.c
+++ b/servers/slapd/sasl.c
@ -6,8 +6,9 @@
 #include "portable.h"
 #include <ac/stdlib.h>
 #include <stdio.h>
 #include <ac/stdlib.h>
 #include <ac/string.h>
 #include <lber.h>
 #include <ldap_log.h>
@ -99,9 +100,10 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )
 	/* Blatantly anonymous ID */
-	len = sizeof( "anonymous" ) - 1;
+	if( id &&
-	if( id && ( id[len] == '\0' || id[len] == '@' ) &&
+		( id[sizeof( "anonymous" )-1] == '\0'
-		!strncasecmp( id, "anonymous", len) ) {
+			|| id[sizeof( "anonymous" )-1] == '@' ) &&
 		!strncasecmp( id, "anonymous", sizeof( "anonymous" )-1) ) {
 		*dnptr = NULL;
 		return( LDAP_SUCCESS );
 	}
@ -123,7 +125,7 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )
 			dn[0] = 'd';
 			dn[1] = 'n';
 			dn[2] = ':';
-			memmove( &dn[3], tmpdn, len+1 );
+			AC_MEMCPY( &dn[3], tmpdn, len+1 );
 			len += 3;
 		} else {
@ -131,7 +133,7 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )
 			dn = ch_malloc( len+3 );
 			dn[0] = 'u';
 			dn[1] = ':';
-			memmove( &dn[2], id, len+1 );
+			AC_MEMCPY( &dn[2], id, len+1 );
 			len += 2;
 		}
 	} else {
@ -140,8 +142,8 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )
 	/* An authzID must be properly prefixed */
 	if( flags & FLAG_GETDN_AUTHZID
-		&& strncasecmp( dn, "u:", 2 )
+		&& strncasecmp( dn, "u:", sizeof("u:")-1 )
-		&& strncasecmp( dn, "dn:", 3 ) )
+		&& strncasecmp( dn, "dn:", sizeof("dn:")-1 ) )
 	{
 		ch_free( dn );
 		*dnptr = NULL;
@ -149,9 +151,8 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )
 	}
 	/* Username strings */
-	if( !strncasecmp( dn, "u:", 2 ) ) {
+	if( !strncasecmp( dn, "u:", sizeof("u:")-1 ) ) {
-		int len1  = strlen( ",cn=auth" );
+		len += (sizeof("dn:uid=")-1) + (sizeof(",cn=auth")-1);
 		len += strlen( "dn:uid=" ) + len1;
 		/* Figure out how much data we have for the dn */
 		rc = sasl_getprop( ctx,	SASL_REALM, (void **)&c );
@ -170,11 +171,11 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )
 		}
 		if( c && *c ) {
-			len += strlen( c ) + strlen(",cn=" );
+			len += strlen( c ) + (sizeof(",cn=")-1);
 		}
 		if( conn->c_sasl_bind_mech ) {
-			len += strlen( conn->c_sasl_bind_mech ) + strlen( ",cn=" );
+			len += strlen( conn->c_sasl_bind_mech ) + (sizeof(",cn=")-1);
 		}
 		/* Build the new dn */
@ -190,7 +191,7 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )
 			len += sprintf( dn+len, ",cn=%s", conn->c_sasl_bind_mech );
 		}
 		strcpy(	dn+len, ",cn=auth" );
-		len += len1;
+		len += (sizeof(",cn=auth")-1);
 #ifdef NEW_LOGGING
 		LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY,
@ -201,17 +202,17 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )
 	}
 	/* DN strings that are a cn=auth identity to run through regexp */
-	if( !strncasecmp( dn, "dn:", 3) &&
+	if( !strncasecmp( dn, "dn:", sizeof("dn:")-1) &&
 		( ( flags & FLAG_GETDN_FINAL ) == 0 ) )
 	{
-		c1 = slap_sasl2dn( dn + 3 );
+		c1 = slap_sasl2dn( dn + (sizeof("dn:")-1) );
 		if( c1 ) {
 			ch_free( dn );
 			dn = c1;
 			/* Reaffix the dn: prefix if it was removed */
-			if( strncasecmp( dn, "dn:", 3) ) {
+			if( strncasecmp( dn, "dn:", sizeof("dn:")-1) ) {
 				c1 = dn;
-				dn = ch_malloc( strlen( c1 ) + 4 );
+				dn = ch_malloc( strlen( c1 ) + sizeof("dn:") );
 				sprintf( dn, "dn:%s", c1 );
 				ch_free( c1 );
 			}
@ -227,7 +228,7 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )
 	}
 	if( ( flags & FLAG_GETDN_FINAL ) == 0 )	 {
-		dn_normalize( dn+3 );
+		dn_normalize( dn+(sizeof("dn:")-1) );
 	}
 	*dnptr = dn;
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@ -12,9 +12,9 @@
 #include "portable.h"
 #include <ac/stdlib.h>
 #include <stdio.h>
 #include <ac/stdlib.h>
 #include <ac/string.h>
 #include "slap.h"
@ -27,7 +27,8 @@
 /* URI format: ldap://<host>/<base>[?[<attrs>][?[<scope>][?[<filter>]]]] */
-int slap_parseURI( char *uri, struct berval *searchbase, int *scope, Filter **filter )
+static int slap_parseURI( char *uri,
 	struct berval *searchbase, int *scope, Filter **filter )
 {
 	char *start, *end;
 	struct berval bv;
@ -47,10 +48,9 @@ int slap_parseURI( char *uri, struct berval *searchbase, int *scope, Filter **fi
 	Debug( LDAP_DEBUG_TRACE, "slap_parseURI: parsing %s\n", uri, 0, 0 );
 #endif
 	/* If it does not look like a URI, assume it is a DN */
-	if( !strncasecmp( uri, "dn:", 3 ) ) {
+	if( !strncasecmp( uri, "dn:", sizeof("dn:")-1 ) ) {
-		uri += 3;
+		uri += sizeof("dn:")-1;
 		uri += strspn( uri, " " );
 		bv.bv_val = uri;
 		/* FIXME: if dnNormalize actually uses input bv_len we
@ -63,12 +63,14 @@ is_dn:		bv.bv_len = 1;
 		}
 		return( rc );
 	}
-	if( strncasecmp( uri, "ldap://", 7 ) ) {
+
 	/* FIXME: should use ldap_url_parse() */
 	if( strncasecmp( uri, "ldap://", sizeof("ldap://")-1 ) ) {
 		bv.bv_val = uri;
 		goto is_dn;
 	}
-	end = strchr( uri + 7, '/' );
+	end = strchr( uri + (sizeof("ldap://")-1), '/' );
 	if ( end == NULL )
 		return( LDAP_PROTOCOL_ERROR );
@ -98,17 +100,17 @@ is_dn:		bv.bv_len = 1;
 	/* Grab the scope */
 	start = end+1;
-	if( !strncasecmp( start, "base?", 5 )) {
+	if( !strncasecmp( start, "base?", sizeof("base?")-1 )) {
 		*scope = LDAP_SCOPE_BASE;
-		start += 5;
+		start += sizeof("base?")-1;
 	}
-	else if( !strncasecmp( start, "one?", 4 )) {
+	else if( !strncasecmp( start, "one?", sizeof("one?")-1 )) {
 		*scope = LDAP_SCOPE_ONELEVEL;
-		start += 4;
+		start += sizeof("one?")-1;
 	}
-	else if( !strncasecmp( start, "sub?", 3 )) {
+	else if( !strncasecmp( start, "sub?", sizeof("sub?")-1 )) {
 		*scope = LDAP_SCOPE_SUBTREE;
-		start += 4;
+		start += sizeof("sub?")-1;
 	}
 	else {
 		free( searchbase->bv_val );
@ -123,9 +125,6 @@ is_dn:		bv.bv_len = 1;
 }
 int slap_sasl_regexp_config( const char *match, const char *replace )
 {
 #ifdef HAVE_CYRUS_SASL
@ -195,13 +194,8 @@ int slap_sasl_regexp_config( const char *match, const char *replace )
 }
 #ifdef HAVE_CYRUS_SASL
 /* Take the passed in SASL name and attempt to convert it into an
   LDAP URI to find the matching LDAP entry, using the pattern matching
   strings given in the saslregexp config file directive(s) */
@ -212,7 +206,6 @@ char *slap_sasl_regexp( char *saslname )
 	int i, n, len, insert;
 	SaslRegexp_t *reg;
 #ifdef NEW_LOGGING
 	LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY,
 		"slap_sasl_regexp: converting SASL name %s\n", saslname ));
@ -544,9 +537,6 @@ CONCLUDED:
 }
 /*
 * This function answers the question, "Can this ID authorize to that ID?",
 * based on authorization rules. The rules are stored in the *searchDN, in the
@ -555,7 +545,6 @@ CONCLUDED:
 *
 * DN's passed in should have a dn: prefix
 */
 static int
 slap_sasl_check_authz(char *searchDN, char *assertDN, char *attr, char *authc)
 {
@ -565,7 +554,6 @@ slap_sasl_check_authz(char *searchDN, char *assertDN, char *attr, char *authc)
 	AttributeDescription *ad=NULL;
 	struct berval bv;
 #ifdef NEW_LOGGING
 	LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY,
 		   "slap_sasl_check_authz: does %s match %s rule in %s?\n",
@ -607,15 +595,9 @@ COMPLETE:
 	return( rc );
 }
 #endif	/* HAVE_CYRUS_SASL */
 /* Check if a bind can SASL authorize to another identity.
   Accepts authorization DN's with "dn:" prefix */
@ -638,7 +620,6 @@ int slap_sasl_authorized( char *authcDN, char *authzDN )
 	   "==>slap_sasl_authorized: can %s become %s?\n", authcDN, authzDN, 0 );
 #endif
 	/* If person is authorizing to self, succeed */
 	if ( !strcmp( authcDN, authzDN ) ) {
 		rc = LDAP_SUCCESS;
@ -668,7 +649,8 @@ DONE:
 	LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY,
 		"slap_sasl_authorized: return %d\n", rc ));
 #else
-	Debug( LDAP_DEBUG_TRACE, "<== slap_sasl_authorized: return %d\n",rc,0,0 );
+	Debug( LDAP_DEBUG_TRACE,
 		"<== slap_sasl_authorized: return %d\n", rc, 0, 0 );
 #endif
 	return( rc );