mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-21 03:10:25 +08:00
cleanup URI parsing/checking (fixes ITS#3253)
This commit is contained in:
parent
30fed3f1c9
commit
cd7540feee
@ -57,6 +57,8 @@ ldap_back_db_config(
|
|||||||
|
|
||||||
/* server address to query (depricated, use "uri" directive) */
|
/* server address to query (depricated, use "uri" directive) */
|
||||||
if ( strcasecmp( argv[0], "server" ) == 0 ) {
|
if ( strcasecmp( argv[0], "server" ) == 0 ) {
|
||||||
|
ber_len_t l;
|
||||||
|
|
||||||
if (argc != 2) {
|
if (argc != 2) {
|
||||||
fprintf( stderr,
|
fprintf( stderr,
|
||||||
"%s: line %d: missing address in \"server <address>\" line\n",
|
"%s: line %d: missing address in \"server <address>\" line\n",
|
||||||
@ -65,16 +67,19 @@ ldap_back_db_config(
|
|||||||
}
|
}
|
||||||
if (li->url != NULL)
|
if (li->url != NULL)
|
||||||
ch_free(li->url);
|
ch_free(li->url);
|
||||||
li->url = ch_calloc(strlen(argv[1]) + 9, sizeof(char));
|
l = strlen( argv[1] ) + STRLENOF( "ldap:///") + 1;
|
||||||
if (li->url != NULL) {
|
li->url = ch_calloc( l, sizeof( char ) );
|
||||||
strcpy(li->url, "ldap://");
|
if (li->url == NULL) {
|
||||||
strcat(li->url, argv[1]);
|
fprintf( stderr, "%s: line %d: malloc failed\n" );
|
||||||
strcat(li->url, "/");
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
snprintf( li->url, l, "ldap://%s/", argv[1] );
|
||||||
|
|
||||||
/* URI of server to query (preferred over "server" directive) */
|
/* URI of server to query (preferred over "server" directive) */
|
||||||
} else if ( strcasecmp( argv[0], "uri" ) == 0 ) {
|
} else if ( strcasecmp( argv[0], "uri" ) == 0 ) {
|
||||||
LDAPURLDesc tmplud;
|
LDAPURLDesc tmplud, *tmpludp;
|
||||||
|
int urlrc;
|
||||||
|
|
||||||
if (argc != 2) {
|
if (argc != 2) {
|
||||||
fprintf( stderr, "%s: line %d: "
|
fprintf( stderr, "%s: line %d: "
|
||||||
@ -87,46 +92,109 @@ ldap_back_db_config(
|
|||||||
ch_free( li->url );
|
ch_free( li->url );
|
||||||
}
|
}
|
||||||
if ( li->lud != NULL ) {
|
if ( li->lud != NULL ) {
|
||||||
ldap_free_urldesc( li->lud );
|
ldap_free_urllist( li->lud );
|
||||||
}
|
|
||||||
|
|
||||||
if ( ldap_url_parse( argv[ 1 ], &li->lud ) != LDAP_URL_SUCCESS ) {
|
|
||||||
fprintf( stderr, "%s: line %d: "
|
|
||||||
"unable to parse uri \"%s\" "
|
|
||||||
"in \"uri <uri>\" line\n",
|
|
||||||
fname, lineno, argv[ 1 ] );
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ( ( li->lud->lud_dn != NULL && li->lud->lud_dn[0] != '\0' )
|
|
||||||
|| li->lud->lud_attrs != NULL
|
|
||||||
|| li->lud->lud_filter != NULL
|
|
||||||
|| li->lud->lud_exts != NULL )
|
|
||||||
{
|
|
||||||
fprintf( stderr, "%s: line %d: "
|
|
||||||
"warning, only protocol, "
|
|
||||||
"host and port allowed "
|
|
||||||
"in \"uri <uri>\" line\n",
|
|
||||||
fname, lineno );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#if 0
|
#if 0
|
||||||
tmplud = *lud;
|
/* PARANOID: DN and more are not required nor allowed */
|
||||||
tmplud.lud_dn = "";
|
urlrc = ldap_url_parselist_ext( &li->lud, argv[ 1 ], "\t" );
|
||||||
tmplud.lud_attrs = NULL;
|
#else
|
||||||
tmplud.lud_filter = NULL;
|
urlrc = ldap_url_parselist( &li->lud, argv[ 1 ] );
|
||||||
if ( !ldap_is_ldapi_url( argv[ 1 ] ) ) {
|
#endif
|
||||||
tmplud.lud_exts = NULL;
|
if ( urlrc != LDAP_SUCCESS ) {
|
||||||
tmplud.lud_crit_exts = 0;
|
char *why;
|
||||||
|
|
||||||
|
switch ( urlrc ) {
|
||||||
|
case LDAP_URL_ERR_MEM:
|
||||||
|
why = "no memory";
|
||||||
|
break;
|
||||||
|
case LDAP_URL_ERR_PARAM:
|
||||||
|
why = "parameter is bad";
|
||||||
|
break;
|
||||||
|
case LDAP_URL_ERR_BADSCHEME:
|
||||||
|
why = "URL doesn't begin with \"[c]ldap[si]://\"";
|
||||||
|
break;
|
||||||
|
case LDAP_URL_ERR_BADENCLOSURE:
|
||||||
|
why = "URL is missing trailing \">\"";
|
||||||
|
break;
|
||||||
|
case LDAP_URL_ERR_BADURL:
|
||||||
|
why = "URL is bad";
|
||||||
|
case LDAP_URL_ERR_BADHOST:
|
||||||
|
why = "host/port is bad";
|
||||||
|
break;
|
||||||
|
case LDAP_URL_ERR_BADATTRS:
|
||||||
|
why = "bad (or missing) attributes";
|
||||||
|
break;
|
||||||
|
case LDAP_URL_ERR_BADSCOPE:
|
||||||
|
why = "scope string is invalid (or missing)";
|
||||||
|
break;
|
||||||
|
case LDAP_URL_ERR_BADFILTER:
|
||||||
|
why = "bad or missing filter";
|
||||||
|
break;
|
||||||
|
case LDAP_URL_ERR_BADEXTS:
|
||||||
|
why = "bad or missing extensions";
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
why = "unknown reason";
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
fprintf( stderr, "%s: line %d: "
|
||||||
|
"unable to parse uri \"%s\" "
|
||||||
|
"in \"uri <uri>\" line: %s\n",
|
||||||
|
fname, lineno, argv[ 1 ], why );
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
li->url = ldap_url_desc2str( &tmplud );
|
for ( tmpludp = li->lud; tmpludp; tmpludp = tmpludp->lud_next ) {
|
||||||
if ( li->url == NULL ) {
|
if ( ( tmpludp->lud_dn != NULL && tmpludp->lud_dn[0] != '\0' )
|
||||||
fprintf( stderr, "%s: line %d: "
|
|| tmpludp->lud_attrs != NULL
|
||||||
"unable to rebuild uri \"%s\" "
|
|| tmpludp->lud_filter != NULL
|
||||||
"in \"uri <uri>\" line\n",
|
|| tmpludp->lud_exts != NULL )
|
||||||
fname, lineno, argv[ 1 ] );
|
{
|
||||||
return 1;
|
fprintf( stderr, "%s: line %d: "
|
||||||
|
"warning, only protocol, "
|
||||||
|
"host and port allowed "
|
||||||
|
"in \"uri <uri>\" statement "
|
||||||
|
"for \"%s\"\n",
|
||||||
|
fname, lineno, argv[1] );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#if 0
|
||||||
|
for ( tmpludp = li->lud; tmpludp; tmpludp = tmpludp->lud_next ) {
|
||||||
|
char *tmpurl;
|
||||||
|
ber_len_t oldlen = 0, len;
|
||||||
|
|
||||||
|
tmplud = *tmpludp;
|
||||||
|
tmplud.lud_dn = "";
|
||||||
|
tmplud.lud_attrs = NULL;
|
||||||
|
tmplud.lud_filter = NULL;
|
||||||
|
if ( !ldap_is_ldapi_url( argv[ 1 ] ) ) {
|
||||||
|
tmplud.lud_exts = NULL;
|
||||||
|
tmplud.lud_crit_exts = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
tmpurl = ldap_url_desc2str( &tmplud );
|
||||||
|
|
||||||
|
if ( tmpurl == NULL ) {
|
||||||
|
fprintf( stderr, "%s: line %d: "
|
||||||
|
"unable to rebuild uri "
|
||||||
|
"in \"uri <uri>\" statement "
|
||||||
|
"for \"%s\"\n",
|
||||||
|
fname, lineno, argv[ 1 ] );
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
len = strlen( tmpurl );
|
||||||
|
if ( li->url ) {
|
||||||
|
oldlen = strlen( li->url ) + STRLENOF( " " );
|
||||||
|
}
|
||||||
|
li->url = ch_realloc( li->url, oldlen + len + 1);
|
||||||
|
if ( oldlen ) {
|
||||||
|
li->url[oldlen - 1] = " ";
|
||||||
|
}
|
||||||
|
AC_MEMCPY( &li->url[oldlen], tmpurl, len + 1 );
|
||||||
|
ch_free( tmpurl );
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
li->url = ch_strdup( argv[ 1 ] );
|
li->url = ch_strdup( argv[ 1 ] );
|
||||||
|
@ -167,6 +167,14 @@ ldap_back_db_open( BackendDB *be )
|
|||||||
{
|
{
|
||||||
struct ldapinfo *li = (struct ldapinfo *)be->be_private;
|
struct ldapinfo *li = (struct ldapinfo *)be->be_private;
|
||||||
|
|
||||||
|
#ifdef NEW_LOGGING
|
||||||
|
LDAP_LOG( BACK_LDAP, DETAIL1,
|
||||||
|
"ldap_back_db_open: URI=%s\n", li->url, 0, 0 );
|
||||||
|
#else
|
||||||
|
Debug( LDAP_DEBUG_TRACE,
|
||||||
|
"ldap_back_db_open: URI=%s\n", li->url, 0, 0 );
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifdef LDAP_BACK_PROXY_AUTHZ
|
#ifdef LDAP_BACK_PROXY_AUTHZ
|
||||||
/* by default, use proxyAuthz control on each operation */
|
/* by default, use proxyAuthz control on each operation */
|
||||||
switch ( li->idassert_mode ) {
|
switch ( li->idassert_mode ) {
|
||||||
|
Loading…
Reference in New Issue
Block a user