mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-21 03:10:25 +08:00
cleanup URI parsing/checking (fixes ITS#3253)
This commit is contained in:
parent
30fed3f1c9
commit
cd7540feee
@ -57,6 +57,8 @@ ldap_back_db_config(
|
||||
|
||||
/* server address to query (depricated, use "uri" directive) */
|
||||
if ( strcasecmp( argv[0], "server" ) == 0 ) {
|
||||
ber_len_t l;
|
||||
|
||||
if (argc != 2) {
|
||||
fprintf( stderr,
|
||||
"%s: line %d: missing address in \"server <address>\" line\n",
|
||||
@ -65,16 +67,19 @@ ldap_back_db_config(
|
||||
}
|
||||
if (li->url != NULL)
|
||||
ch_free(li->url);
|
||||
li->url = ch_calloc(strlen(argv[1]) + 9, sizeof(char));
|
||||
if (li->url != NULL) {
|
||||
strcpy(li->url, "ldap://");
|
||||
strcat(li->url, argv[1]);
|
||||
strcat(li->url, "/");
|
||||
l = strlen( argv[1] ) + STRLENOF( "ldap:///") + 1;
|
||||
li->url = ch_calloc( l, sizeof( char ) );
|
||||
if (li->url == NULL) {
|
||||
fprintf( stderr, "%s: line %d: malloc failed\n" );
|
||||
return 1;
|
||||
}
|
||||
|
||||
snprintf( li->url, l, "ldap://%s/", argv[1] );
|
||||
|
||||
/* URI of server to query (preferred over "server" directive) */
|
||||
} else if ( strcasecmp( argv[0], "uri" ) == 0 ) {
|
||||
LDAPURLDesc tmplud;
|
||||
LDAPURLDesc tmplud, *tmpludp;
|
||||
int urlrc;
|
||||
|
||||
if (argc != 2) {
|
||||
fprintf( stderr, "%s: line %d: "
|
||||
@ -87,46 +92,109 @@ ldap_back_db_config(
|
||||
ch_free( li->url );
|
||||
}
|
||||
if ( li->lud != NULL ) {
|
||||
ldap_free_urldesc( li->lud );
|
||||
}
|
||||
|
||||
if ( ldap_url_parse( argv[ 1 ], &li->lud ) != LDAP_URL_SUCCESS ) {
|
||||
fprintf( stderr, "%s: line %d: "
|
||||
"unable to parse uri \"%s\" "
|
||||
"in \"uri <uri>\" line\n",
|
||||
fname, lineno, argv[ 1 ] );
|
||||
return 1;
|
||||
}
|
||||
|
||||
if ( ( li->lud->lud_dn != NULL && li->lud->lud_dn[0] != '\0' )
|
||||
|| li->lud->lud_attrs != NULL
|
||||
|| li->lud->lud_filter != NULL
|
||||
|| li->lud->lud_exts != NULL )
|
||||
{
|
||||
fprintf( stderr, "%s: line %d: "
|
||||
"warning, only protocol, "
|
||||
"host and port allowed "
|
||||
"in \"uri <uri>\" line\n",
|
||||
fname, lineno );
|
||||
ldap_free_urllist( li->lud );
|
||||
}
|
||||
|
||||
#if 0
|
||||
tmplud = *lud;
|
||||
tmplud.lud_dn = "";
|
||||
tmplud.lud_attrs = NULL;
|
||||
tmplud.lud_filter = NULL;
|
||||
if ( !ldap_is_ldapi_url( argv[ 1 ] ) ) {
|
||||
tmplud.lud_exts = NULL;
|
||||
tmplud.lud_crit_exts = 0;
|
||||
/* PARANOID: DN and more are not required nor allowed */
|
||||
urlrc = ldap_url_parselist_ext( &li->lud, argv[ 1 ], "\t" );
|
||||
#else
|
||||
urlrc = ldap_url_parselist( &li->lud, argv[ 1 ] );
|
||||
#endif
|
||||
if ( urlrc != LDAP_SUCCESS ) {
|
||||
char *why;
|
||||
|
||||
switch ( urlrc ) {
|
||||
case LDAP_URL_ERR_MEM:
|
||||
why = "no memory";
|
||||
break;
|
||||
case LDAP_URL_ERR_PARAM:
|
||||
why = "parameter is bad";
|
||||
break;
|
||||
case LDAP_URL_ERR_BADSCHEME:
|
||||
why = "URL doesn't begin with \"[c]ldap[si]://\"";
|
||||
break;
|
||||
case LDAP_URL_ERR_BADENCLOSURE:
|
||||
why = "URL is missing trailing \">\"";
|
||||
break;
|
||||
case LDAP_URL_ERR_BADURL:
|
||||
why = "URL is bad";
|
||||
case LDAP_URL_ERR_BADHOST:
|
||||
why = "host/port is bad";
|
||||
break;
|
||||
case LDAP_URL_ERR_BADATTRS:
|
||||
why = "bad (or missing) attributes";
|
||||
break;
|
||||
case LDAP_URL_ERR_BADSCOPE:
|
||||
why = "scope string is invalid (or missing)";
|
||||
break;
|
||||
case LDAP_URL_ERR_BADFILTER:
|
||||
why = "bad or missing filter";
|
||||
break;
|
||||
case LDAP_URL_ERR_BADEXTS:
|
||||
why = "bad or missing extensions";
|
||||
break;
|
||||
default:
|
||||
why = "unknown reason";
|
||||
break;
|
||||
}
|
||||
fprintf( stderr, "%s: line %d: "
|
||||
"unable to parse uri \"%s\" "
|
||||
"in \"uri <uri>\" line: %s\n",
|
||||
fname, lineno, argv[ 1 ], why );
|
||||
return 1;
|
||||
}
|
||||
|
||||
li->url = ldap_url_desc2str( &tmplud );
|
||||
if ( li->url == NULL ) {
|
||||
fprintf( stderr, "%s: line %d: "
|
||||
"unable to rebuild uri \"%s\" "
|
||||
"in \"uri <uri>\" line\n",
|
||||
fname, lineno, argv[ 1 ] );
|
||||
return 1;
|
||||
for ( tmpludp = li->lud; tmpludp; tmpludp = tmpludp->lud_next ) {
|
||||
if ( ( tmpludp->lud_dn != NULL && tmpludp->lud_dn[0] != '\0' )
|
||||
|| tmpludp->lud_attrs != NULL
|
||||
|| tmpludp->lud_filter != NULL
|
||||
|| tmpludp->lud_exts != NULL )
|
||||
{
|
||||
fprintf( stderr, "%s: line %d: "
|
||||
"warning, only protocol, "
|
||||
"host and port allowed "
|
||||
"in \"uri <uri>\" statement "
|
||||
"for \"%s\"\n",
|
||||
fname, lineno, argv[1] );
|
||||
}
|
||||
}
|
||||
|
||||
#if 0
|
||||
for ( tmpludp = li->lud; tmpludp; tmpludp = tmpludp->lud_next ) {
|
||||
char *tmpurl;
|
||||
ber_len_t oldlen = 0, len;
|
||||
|
||||
tmplud = *tmpludp;
|
||||
tmplud.lud_dn = "";
|
||||
tmplud.lud_attrs = NULL;
|
||||
tmplud.lud_filter = NULL;
|
||||
if ( !ldap_is_ldapi_url( argv[ 1 ] ) ) {
|
||||
tmplud.lud_exts = NULL;
|
||||
tmplud.lud_crit_exts = 0;
|
||||
}
|
||||
|
||||
tmpurl = ldap_url_desc2str( &tmplud );
|
||||
|
||||
if ( tmpurl == NULL ) {
|
||||
fprintf( stderr, "%s: line %d: "
|
||||
"unable to rebuild uri "
|
||||
"in \"uri <uri>\" statement "
|
||||
"for \"%s\"\n",
|
||||
fname, lineno, argv[ 1 ] );
|
||||
return 1;
|
||||
}
|
||||
|
||||
len = strlen( tmpurl );
|
||||
if ( li->url ) {
|
||||
oldlen = strlen( li->url ) + STRLENOF( " " );
|
||||
}
|
||||
li->url = ch_realloc( li->url, oldlen + len + 1);
|
||||
if ( oldlen ) {
|
||||
li->url[oldlen - 1] = " ";
|
||||
}
|
||||
AC_MEMCPY( &li->url[oldlen], tmpurl, len + 1 );
|
||||
ch_free( tmpurl );
|
||||
}
|
||||
#else
|
||||
li->url = ch_strdup( argv[ 1 ] );
|
||||
|
@ -167,6 +167,14 @@ ldap_back_db_open( BackendDB *be )
|
||||
{
|
||||
struct ldapinfo *li = (struct ldapinfo *)be->be_private;
|
||||
|
||||
#ifdef NEW_LOGGING
|
||||
LDAP_LOG( BACK_LDAP, DETAIL1,
|
||||
"ldap_back_db_open: URI=%s\n", li->url, 0, 0 );
|
||||
#else
|
||||
Debug( LDAP_DEBUG_TRACE,
|
||||
"ldap_back_db_open: URI=%s\n", li->url, 0, 0 );
|
||||
#endif
|
||||
|
||||
#ifdef LDAP_BACK_PROXY_AUTHZ
|
||||
/* by default, use proxyAuthz control on each operation */
|
||||
switch ( li->idassert_mode ) {
|
||||
|
Loading…
Reference in New Issue
Block a user