mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-01-06 10:46:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

use sizeof instead of strlen/hardcoded-consts

Browse Source
This commit is contained in:
Kurt Zeilenga 2002-01-02 17:04:09 +00:00
parent af121f0489
commit c603bc3946
2 changed files with 44 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
servers/slapd/sasl.c
View File

@ -6,8 +6,9 @@
#include "portable.h"
#include <ac/stdlib.h>
#include <stdio.h>
#include <ac/stdlib.h>
#include <ac/string.h>
#include <lber.h>
#include <ldap_log.h>
@ -99,9 +100,10 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )
/* Blatantly anonymous ID */
len = sizeof( "anonymous" ) - 1;
if( id && ( id[len] == '\0' || id[len] == '@' ) &&
!strncasecmp( id, "anonymous", len) ) {
if( id &&
( id[sizeof( "anonymous" )-1] == '\0'
|| id[sizeof( "anonymous" )-1] == '@' ) &&
!strncasecmp( id, "anonymous", sizeof( "anonymous" )-1) ) {
*dnptr = NULL;
return( LDAP_SUCCESS );
}
@ -123,7 +125,7 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )
dn[0] = 'd';
dn[1] = 'n';
dn[2] = ':';
memmove( &dn[3], tmpdn, len+1 );
AC_MEMCPY( &dn[3], tmpdn, len+1 );
len += 3;
} else {
@ -131,7 +133,7 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )
dn = ch_malloc( len+3 );
dn[0] = 'u';
dn[1] = ':';
memmove( &dn[2], id, len+1 );
AC_MEMCPY( &dn[2], id, len+1 );
len += 2;
}
} else {
@ -140,8 +142,8 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )
/* An authzID must be properly prefixed */
if( flags & FLAG_GETDN_AUTHZID
&& strncasecmp( dn, "u:", 2 )
&& strncasecmp( dn, "dn:", 3 ) )
&& strncasecmp( dn, "u:", sizeof("u:")-1 )
&& strncasecmp( dn, "dn:", sizeof("dn:")-1 ) )
{
ch_free( dn );
*dnptr = NULL;
@ -149,9 +151,8 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )
}
/* Username strings */
if( !strncasecmp( dn, "u:", 2 ) ) {
int len1 = strlen( ",cn=auth" );
len += strlen( "dn:uid=" ) + len1;
if( !strncasecmp( dn, "u:", sizeof("u:")-1 ) ) {
len += (sizeof("dn:uid=")-1) + (sizeof(",cn=auth")-1);
/* Figure out how much data we have for the dn */
rc = sasl_getprop( ctx, SASL_REALM, (void **)&c );
@ -170,11 +171,11 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )
}
if( c && *c ) {
len += strlen( c ) + strlen(",cn=" );
len += strlen( c ) + (sizeof(",cn=")-1);
}
if( conn->c_sasl_bind_mech ) {
len += strlen( conn->c_sasl_bind_mech ) + strlen( ",cn=" );
len += strlen( conn->c_sasl_bind_mech ) + (sizeof(",cn=")-1);
}
/* Build the new dn */
@ -190,7 +191,7 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )
len += sprintf( dn+len, ",cn=%s", conn->c_sasl_bind_mech );
}
strcpy( dn+len, ",cn=auth" );
len += len1;
len += (sizeof(",cn=auth")-1);
#ifdef NEW_LOGGING
LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY,
@ -201,17 +202,17 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )
}
/* DN strings that are a cn=auth identity to run through regexp */
if( !strncasecmp( dn, "dn:", 3) &&
if( !strncasecmp( dn, "dn:", sizeof("dn:")-1) &&
( ( flags & FLAG_GETDN_FINAL ) == 0 ) )
{
c1 = slap_sasl2dn( dn + 3 );
c1 = slap_sasl2dn( dn + (sizeof("dn:")-1) );
if( c1 ) {
ch_free( dn );
dn = c1;
/* Reaffix the dn: prefix if it was removed */
if( strncasecmp( dn, "dn:", 3) ) {
if( strncasecmp( dn, "dn:", sizeof("dn:")-1) ) {
c1 = dn;
dn = ch_malloc( strlen( c1 ) + 4 );
dn = ch_malloc( strlen( c1 ) + sizeof("dn:") );
sprintf( dn, "dn:%s", c1 );
ch_free( c1 );
}
@ -227,7 +228,7 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )
}
if( ( flags & FLAG_GETDN_FINAL ) == 0 ) {
dn_normalize( dn+3 );
dn_normalize( dn+(sizeof("dn:")-1) );
}
*dnptr = dn;

52
servers/slapd/saslauthz.c
View File

@ -12,9 +12,9 @@
#include "portable.h"
#include <ac/stdlib.h>
#include <stdio.h>
#include <ac/stdlib.h>
#include <ac/string.h>
#include "slap.h"
@ -27,7 +27,8 @@
/* URI format: ldap://<host>/<base>[?[<attrs>][?[<scope>][?[<filter>]]]] */
int slap_parseURI( char *uri, struct berval *searchbase, int *scope, Filter **filter )
static int slap_parseURI( char *uri,
struct berval *searchbase, int *scope, Filter **filter )
{
char *start, *end;
struct berval bv;
@ -47,10 +48,9 @@ int slap_parseURI( char *uri, struct berval *searchbase, int *scope, Filter **fi
Debug( LDAP_DEBUG_TRACE, "slap_parseURI: parsing %s\n", uri, 0, 0 );
#endif
/* If it does not look like a URI, assume it is a DN */
if( !strncasecmp( uri, "dn:", 3 ) ) {
uri += 3;
if( !strncasecmp( uri, "dn:", sizeof("dn:")-1 ) ) {
uri += sizeof("dn:")-1;
uri += strspn( uri, " " );
bv.bv_val = uri;
/* FIXME: if dnNormalize actually uses input bv_len we
@ -63,12 +63,14 @@ is_dn: bv.bv_len = 1;
}
return( rc );
}
if( strncasecmp( uri, "ldap://", 7 ) ) {
/* FIXME: should use ldap_url_parse() */
if( strncasecmp( uri, "ldap://", sizeof("ldap://")-1 ) ) {
bv.bv_val = uri;
goto is_dn;
}
end = strchr( uri + 7, '/' );
end = strchr( uri + (sizeof("ldap://")-1), '/' );
if ( end == NULL )
return( LDAP_PROTOCOL_ERROR );
@ -98,17 +100,17 @@ is_dn: bv.bv_len = 1;
/* Grab the scope */
start = end+1;
if( !strncasecmp( start, "base?", 5 )) {
if( !strncasecmp( start, "base?", sizeof("base?")-1 )) {
*scope = LDAP_SCOPE_BASE;
start += 5;
start += sizeof("base?")-1;
}
else if( !strncasecmp( start, "one?", 4 )) {
else if( !strncasecmp( start, "one?", sizeof("one?")-1 )) {
*scope = LDAP_SCOPE_ONELEVEL;
start += 4;
start += sizeof("one?")-1;
}
else if( !strncasecmp( start, "sub?", 3 )) {
else if( !strncasecmp( start, "sub?", sizeof("sub?")-1 )) {
*scope = LDAP_SCOPE_SUBTREE;
start += 4;
start += sizeof("sub?")-1;
}
else {
free( searchbase->bv_val );
@ -123,9 +125,6 @@ is_dn: bv.bv_len = 1;
}
int slap_sasl_regexp_config( const char *match, const char *replace )
{
#ifdef HAVE_CYRUS_SASL
@ -195,13 +194,8 @@ int slap_sasl_regexp_config( const char *match, const char *replace )
}
#ifdef HAVE_CYRUS_SASL
/* Take the passed in SASL name and attempt to convert it into an
LDAP URI to find the matching LDAP entry, using the pattern matching
strings given in the saslregexp config file directive(s) */
@ -212,7 +206,6 @@ char *slap_sasl_regexp( char *saslname )
int i, n, len, insert;
SaslRegexp_t *reg;
#ifdef NEW_LOGGING
LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY,
"slap_sasl_regexp: converting SASL name %s\n", saslname ));
@ -544,9 +537,6 @@ CONCLUDED:
}
/*
* This function answers the question, "Can this ID authorize to that ID?",
* based on authorization rules. The rules are stored in the *searchDN, in the
@ -555,7 +545,6 @@ CONCLUDED:
*
* DN's passed in should have a dn: prefix
*/
static int
slap_sasl_check_authz(char *searchDN, char *assertDN, char *attr, char *authc)
{
@ -565,7 +554,6 @@ slap_sasl_check_authz(char *searchDN, char *assertDN, char *attr, char *authc)
AttributeDescription *ad=NULL;
struct berval bv;
#ifdef NEW_LOGGING
LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY,
"slap_sasl_check_authz: does %s match %s rule in %s?\n",
@ -607,15 +595,9 @@ COMPLETE:
return( rc );
}
#endif /* HAVE_CYRUS_SASL */
/* Check if a bind can SASL authorize to another identity.
Accepts authorization DN's with "dn:" prefix */
@ -638,7 +620,6 @@ int slap_sasl_authorized( char *authcDN, char *authzDN )
"==>slap_sasl_authorized: can %s become %s?\n", authcDN, authzDN, 0 );
#endif
/* If person is authorizing to self, succeed */
if ( !strcmp( authcDN, authzDN ) ) {
rc = LDAP_SUCCESS;
@ -668,7 +649,8 @@ DONE:
LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY,
"slap_sasl_authorized: return %d\n", rc ));
#else
Debug( LDAP_DEBUG_TRACE, "<== slap_sasl_authorized: return %d\n",rc,0,0 );
Debug( LDAP_DEBUG_TRACE,
"<== slap_sasl_authorized: return %d\n", rc, 0, 0 );
#endif
return( rc );