cleanup URI parsing/checking (fixes ITS#3253)

This commit is contained in:
Pierangelo Masarati 2004-07-24 11:17:03 +00:00
parent 30fed3f1c9
commit cd7540feee
2 changed files with 117 additions and 41 deletions

View File

@ -57,6 +57,8 @@ ldap_back_db_config(
/* server address to query (depricated, use "uri" directive) */ /* server address to query (depricated, use "uri" directive) */
if ( strcasecmp( argv[0], "server" ) == 0 ) { if ( strcasecmp( argv[0], "server" ) == 0 ) {
ber_len_t l;
if (argc != 2) { if (argc != 2) {
fprintf( stderr, fprintf( stderr,
"%s: line %d: missing address in \"server <address>\" line\n", "%s: line %d: missing address in \"server <address>\" line\n",
@ -65,16 +67,19 @@ ldap_back_db_config(
} }
if (li->url != NULL) if (li->url != NULL)
ch_free(li->url); ch_free(li->url);
li->url = ch_calloc(strlen(argv[1]) + 9, sizeof(char)); l = strlen( argv[1] ) + STRLENOF( "ldap:///") + 1;
if (li->url != NULL) { li->url = ch_calloc( l, sizeof( char ) );
strcpy(li->url, "ldap://"); if (li->url == NULL) {
strcat(li->url, argv[1]); fprintf( stderr, "%s: line %d: malloc failed\n" );
strcat(li->url, "/"); return 1;
} }
snprintf( li->url, l, "ldap://%s/", argv[1] );
/* URI of server to query (preferred over "server" directive) */ /* URI of server to query (preferred over "server" directive) */
} else if ( strcasecmp( argv[0], "uri" ) == 0 ) { } else if ( strcasecmp( argv[0], "uri" ) == 0 ) {
LDAPURLDesc tmplud; LDAPURLDesc tmplud, *tmpludp;
int urlrc;
if (argc != 2) { if (argc != 2) {
fprintf( stderr, "%s: line %d: " fprintf( stderr, "%s: line %d: "
@ -87,31 +92,80 @@ ldap_back_db_config(
ch_free( li->url ); ch_free( li->url );
} }
if ( li->lud != NULL ) { if ( li->lud != NULL ) {
ldap_free_urldesc( li->lud ); ldap_free_urllist( li->lud );
} }
if ( ldap_url_parse( argv[ 1 ], &li->lud ) != LDAP_URL_SUCCESS ) { #if 0
/* PARANOID: DN and more are not required nor allowed */
urlrc = ldap_url_parselist_ext( &li->lud, argv[ 1 ], "\t" );
#else
urlrc = ldap_url_parselist( &li->lud, argv[ 1 ] );
#endif
if ( urlrc != LDAP_SUCCESS ) {
char *why;
switch ( urlrc ) {
case LDAP_URL_ERR_MEM:
why = "no memory";
break;
case LDAP_URL_ERR_PARAM:
why = "parameter is bad";
break;
case LDAP_URL_ERR_BADSCHEME:
why = "URL doesn't begin with \"[c]ldap[si]://\"";
break;
case LDAP_URL_ERR_BADENCLOSURE:
why = "URL is missing trailing \">\"";
break;
case LDAP_URL_ERR_BADURL:
why = "URL is bad";
case LDAP_URL_ERR_BADHOST:
why = "host/port is bad";
break;
case LDAP_URL_ERR_BADATTRS:
why = "bad (or missing) attributes";
break;
case LDAP_URL_ERR_BADSCOPE:
why = "scope string is invalid (or missing)";
break;
case LDAP_URL_ERR_BADFILTER:
why = "bad or missing filter";
break;
case LDAP_URL_ERR_BADEXTS:
why = "bad or missing extensions";
break;
default:
why = "unknown reason";
break;
}
fprintf( stderr, "%s: line %d: " fprintf( stderr, "%s: line %d: "
"unable to parse uri \"%s\" " "unable to parse uri \"%s\" "
"in \"uri <uri>\" line\n", "in \"uri <uri>\" line: %s\n",
fname, lineno, argv[ 1 ] ); fname, lineno, argv[ 1 ], why );
return 1; return 1;
} }
if ( ( li->lud->lud_dn != NULL && li->lud->lud_dn[0] != '\0' ) for ( tmpludp = li->lud; tmpludp; tmpludp = tmpludp->lud_next ) {
|| li->lud->lud_attrs != NULL if ( ( tmpludp->lud_dn != NULL && tmpludp->lud_dn[0] != '\0' )
|| li->lud->lud_filter != NULL || tmpludp->lud_attrs != NULL
|| li->lud->lud_exts != NULL ) || tmpludp->lud_filter != NULL
|| tmpludp->lud_exts != NULL )
{ {
fprintf( stderr, "%s: line %d: " fprintf( stderr, "%s: line %d: "
"warning, only protocol, " "warning, only protocol, "
"host and port allowed " "host and port allowed "
"in \"uri <uri>\" line\n", "in \"uri <uri>\" statement "
fname, lineno ); "for \"%s\"\n",
fname, lineno, argv[1] );
}
} }
#if 0 #if 0
tmplud = *lud; for ( tmpludp = li->lud; tmpludp; tmpludp = tmpludp->lud_next ) {
char *tmpurl;
ber_len_t oldlen = 0, len;
tmplud = *tmpludp;
tmplud.lud_dn = ""; tmplud.lud_dn = "";
tmplud.lud_attrs = NULL; tmplud.lud_attrs = NULL;
tmplud.lud_filter = NULL; tmplud.lud_filter = NULL;
@ -120,14 +174,28 @@ ldap_back_db_config(
tmplud.lud_crit_exts = 0; tmplud.lud_crit_exts = 0;
} }
li->url = ldap_url_desc2str( &tmplud ); tmpurl = ldap_url_desc2str( &tmplud );
if ( li->url == NULL ) {
if ( tmpurl == NULL ) {
fprintf( stderr, "%s: line %d: " fprintf( stderr, "%s: line %d: "
"unable to rebuild uri \"%s\" " "unable to rebuild uri "
"in \"uri <uri>\" line\n", "in \"uri <uri>\" statement "
"for \"%s\"\n",
fname, lineno, argv[ 1 ] ); fname, lineno, argv[ 1 ] );
return 1; return 1;
} }
len = strlen( tmpurl );
if ( li->url ) {
oldlen = strlen( li->url ) + STRLENOF( " " );
}
li->url = ch_realloc( li->url, oldlen + len + 1);
if ( oldlen ) {
li->url[oldlen - 1] = " ";
}
AC_MEMCPY( &li->url[oldlen], tmpurl, len + 1 );
ch_free( tmpurl );
}
#else #else
li->url = ch_strdup( argv[ 1 ] ); li->url = ch_strdup( argv[ 1 ] );
#endif #endif

View File

@ -167,6 +167,14 @@ ldap_back_db_open( BackendDB *be )
{ {
struct ldapinfo *li = (struct ldapinfo *)be->be_private; struct ldapinfo *li = (struct ldapinfo *)be->be_private;
#ifdef NEW_LOGGING
LDAP_LOG( BACK_LDAP, DETAIL1,
"ldap_back_db_open: URI=%s\n", li->url, 0, 0 );
#else
Debug( LDAP_DEBUG_TRACE,
"ldap_back_db_open: URI=%s\n", li->url, 0, 0 );
#endif
#ifdef LDAP_BACK_PROXY_AUTHZ #ifdef LDAP_BACK_PROXY_AUTHZ
/* by default, use proxyAuthz control on each operation */ /* by default, use proxyAuthz control on each operation */
switch ( li->idassert_mode ) { switch ( li->idassert_mode ) {