carefully check the URI

diff --git a/servers/slapd/back-ldap/config.c b/servers/slapd/back-ldap/config.c
index 5baef7722d7a1b77bbeb7730d1fb2929af90f900..32da6f9f3de7ee56e82fe39d3f2bc529f923ceed 100644 (file)
--- a/servers/slapd/back-ldap/config.c
+++ b/servers/slapd/back-ldap/config.c
@@ -70,15 +70,62 @@ ldap_back_db_config(
 
        /* URI of server to query (preferred over "server" directive) */
        } else if ( strcasecmp( argv[0], "uri" ) == 0 ) {
+               LDAPURLDesc     *lud, tmplud;
+
                if (argc != 2) {
-                       fprintf( stderr,
-       "%s: line %d: missing address in \"uri <address>\" line\n",
-                           fname, lineno );
+                       fprintf( stderr, "%s: line %d: "
+                               "missing uri "
+                               "in \"uri <uri>\" line\n",
+                               fname, lineno );
                        return( 1 );
                }
-               if (li->url != NULL)
-                       ch_free(li->url);
-               li->url = ch_strdup(argv[1]);
+               if ( li->url != NULL ) {
+                       ch_free( li->url );
+               }
+
+               if ( ldap_url_parse( argv[ 1 ], &lud ) != LDAP_URL_SUCCESS ) {
+                       fprintf( stderr, "%s: line %d: "
+                               "unable to parse uri \"%s\" "
+                               "in \"uri <uri>\" line\n",
+                               fname, lineno, argv[ 1 ] );
+                       return 1;
+               }
+
+               if ( ( lud->lud_dn != NULL && lud->lud_dn[0] != '\0' )
+                               || lud->lud_attrs != NULL
+                               || lud->lud_filter != NULL
+                               || lud->lud_exts != NULL )
+               {
+                       fprintf( stderr, "%s: line %d: "
+                               "warning, only protocol, "
+                               "host and port allowed "
+                               "in \"uri <uri>\" line\n",
+                               fname, lineno );
+               }
+
+#if 0
+               tmplud = *lud;
+               tmplud.lud_dn = NULL;
+               tmplud.lud_attrs = NULL;
+               tmplud.lud_filter = NULL;
+               if ( !ldap_is_ldapi_url( argv[ 1 ] ) ) {
+                       tmplud.lud_exts = NULL;
+                       tmplud.lud_crit_exts = 0;
+               }
+               
+               li->url = ldap_url_desc2str( &tmplud );
+               if ( li->url == NULL ) {
+                       fprintf( stderr, "%s: line %d: "
+                               "unable to rebuild uri \"%s\" "
+                               "in \"uri <uri>\" line\n",
+                               fname, lineno, argv[ 1 ] );
+                       return 1;
+               }
+#else
+               li->url = ch_strdup( argv[ 1 ] );
+#endif
+
+               ldap_free_urldesc( lud );
 
        /* name to use for ldap_back_group */
        } else if ( strcasecmp( argv[0], "binddn" ) == 0 ) {