From: Kurt Zeilenga Date: Wed, 2 Jan 2002 17:04:09 +0000 (+0000) Subject: use sizeof instead of strlen/hardcoded-consts X-Git-Tag: LDBM_PRE_GIANT_RWLOCK~358 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=c603bc3946a2673d9694a78ca7dcf748f8d70d5a;p=openldap use sizeof instead of strlen/hardcoded-consts --- diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c index 5f8b88a421..41ea242603 100644 --- a/servers/slapd/sasl.c +++ b/servers/slapd/sasl.c @@ -6,8 +6,9 @@ #include "portable.h" -#include #include +#include +#include #include #include @@ -99,9 +100,10 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags ) /* Blatantly anonymous ID */ - len = sizeof( "anonymous" ) - 1; - if( id && ( id[len] == '\0' || id[len] == '@' ) && - !strncasecmp( id, "anonymous", len) ) { + if( id && + ( id[sizeof( "anonymous" )-1] == '\0' + || id[sizeof( "anonymous" )-1] == '@' ) && + !strncasecmp( id, "anonymous", sizeof( "anonymous" )-1) ) { *dnptr = NULL; return( LDAP_SUCCESS ); } @@ -123,7 +125,7 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags ) dn[0] = 'd'; dn[1] = 'n'; dn[2] = ':'; - memmove( &dn[3], tmpdn, len+1 ); + AC_MEMCPY( &dn[3], tmpdn, len+1 ); len += 3; } else { @@ -131,7 +133,7 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags ) dn = ch_malloc( len+3 ); dn[0] = 'u'; dn[1] = ':'; - memmove( &dn[2], id, len+1 ); + AC_MEMCPY( &dn[2], id, len+1 ); len += 2; } } else { @@ -140,8 +142,8 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags ) /* An authzID must be properly prefixed */ if( flags & FLAG_GETDN_AUTHZID - && strncasecmp( dn, "u:", 2 ) - && strncasecmp( dn, "dn:", 3 ) ) + && strncasecmp( dn, "u:", sizeof("u:")-1 ) + && strncasecmp( dn, "dn:", sizeof("dn:")-1 ) ) { ch_free( dn ); *dnptr = NULL; @@ -149,9 +151,8 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags ) } /* Username strings */ - if( !strncasecmp( dn, "u:", 2 ) ) { - int len1 = strlen( ",cn=auth" ); - len += strlen( "dn:uid=" ) + len1; + if( !strncasecmp( dn, "u:", sizeof("u:")-1 ) ) { + len += (sizeof("dn:uid=")-1) + (sizeof(",cn=auth")-1); /* Figure out how much data we have for the dn */ rc = sasl_getprop( ctx, SASL_REALM, (void **)&c ); @@ -170,11 +171,11 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags ) } if( c && *c ) { - len += strlen( c ) + strlen(",cn=" ); + len += strlen( c ) + (sizeof(",cn=")-1); } if( conn->c_sasl_bind_mech ) { - len += strlen( conn->c_sasl_bind_mech ) + strlen( ",cn=" ); + len += strlen( conn->c_sasl_bind_mech ) + (sizeof(",cn=")-1); } /* Build the new dn */ @@ -190,7 +191,7 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags ) len += sprintf( dn+len, ",cn=%s", conn->c_sasl_bind_mech ); } strcpy( dn+len, ",cn=auth" ); - len += len1; + len += (sizeof(",cn=auth")-1); #ifdef NEW_LOGGING LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY, @@ -201,17 +202,17 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags ) } /* DN strings that are a cn=auth identity to run through regexp */ - if( !strncasecmp( dn, "dn:", 3) && + if( !strncasecmp( dn, "dn:", sizeof("dn:")-1) && ( ( flags & FLAG_GETDN_FINAL ) == 0 ) ) { - c1 = slap_sasl2dn( dn + 3 ); + c1 = slap_sasl2dn( dn + (sizeof("dn:")-1) ); if( c1 ) { ch_free( dn ); dn = c1; /* Reaffix the dn: prefix if it was removed */ - if( strncasecmp( dn, "dn:", 3) ) { + if( strncasecmp( dn, "dn:", sizeof("dn:")-1) ) { c1 = dn; - dn = ch_malloc( strlen( c1 ) + 4 ); + dn = ch_malloc( strlen( c1 ) + sizeof("dn:") ); sprintf( dn, "dn:%s", c1 ); ch_free( c1 ); } @@ -227,7 +228,7 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags ) } if( ( flags & FLAG_GETDN_FINAL ) == 0 ) { - dn_normalize( dn+3 ); + dn_normalize( dn+(sizeof("dn:")-1) ); } *dnptr = dn; @@ -567,7 +568,7 @@ char ** slap_sasl_mechs( Connection *conn ) if( sc != SASL_OK ) { #ifdef NEW_LOGGING LDAP_LOG(( "sasl", LDAP_LEVEL_ERR, - "slap_sasl_mechs: sasl_listmech failed: %d\n", sc )); + "slap_sasl_mechs: sasl_listmech failed: %d\n", sc )); #else Debug( LDAP_DEBUG_ANY, "slap_sasl_listmech failed: %d\n", sc, 0, 0 ); diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c index 80ea2ec261..6de3bf20b3 100644 --- a/servers/slapd/saslauthz.c +++ b/servers/slapd/saslauthz.c @@ -12,9 +12,9 @@ #include "portable.h" -#include #include +#include #include #include "slap.h" @@ -25,9 +25,10 @@ #include #endif -/* URI format: ldap:///[?[][?[][?[]]]] */ +/* URI format: ldap:///[?[][?[][?[]]]] */ -int slap_parseURI( char *uri, struct berval *searchbase, int *scope, Filter **filter ) +static int slap_parseURI( char *uri, + struct berval *searchbase, int *scope, Filter **filter ) { char *start, *end; struct berval bv; @@ -42,15 +43,14 @@ int slap_parseURI( char *uri, struct berval *searchbase, int *scope, Filter **fi #ifdef NEW_LOGGING LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY, - "slap_parseURI: parsing %s\n", uri )); + "slap_parseURI: parsing %s\n", uri )); #else Debug( LDAP_DEBUG_TRACE, "slap_parseURI: parsing %s\n", uri, 0, 0 ); #endif - /* If it does not look like a URI, assume it is a DN */ - if( !strncasecmp( uri, "dn:", 3 ) ) { - uri += 3; + if( !strncasecmp( uri, "dn:", sizeof("dn:")-1 ) ) { + uri += sizeof("dn:")-1; uri += strspn( uri, " " ); bv.bv_val = uri; /* FIXME: if dnNormalize actually uses input bv_len we @@ -63,12 +63,14 @@ is_dn: bv.bv_len = 1; } return( rc ); } - if( strncasecmp( uri, "ldap://", 7 ) ) { + + /* FIXME: should use ldap_url_parse() */ + if( strncasecmp( uri, "ldap://", sizeof("ldap://")-1 ) ) { bv.bv_val = uri; goto is_dn; } - end = strchr( uri + 7, '/' ); + end = strchr( uri + (sizeof("ldap://")-1), '/' ); if ( end == NULL ) return( LDAP_PROTOCOL_ERROR ); @@ -98,17 +100,17 @@ is_dn: bv.bv_len = 1; /* Grab the scope */ start = end+1; - if( !strncasecmp( start, "base?", 5 )) { + if( !strncasecmp( start, "base?", sizeof("base?")-1 )) { *scope = LDAP_SCOPE_BASE; - start += 5; + start += sizeof("base?")-1; } - else if( !strncasecmp( start, "one?", 4 )) { + else if( !strncasecmp( start, "one?", sizeof("one?")-1 )) { *scope = LDAP_SCOPE_ONELEVEL; - start += 4; + start += sizeof("one?")-1; } - else if( !strncasecmp( start, "sub?", 3 )) { + else if( !strncasecmp( start, "sub?", sizeof("sub?")-1 )) { *scope = LDAP_SCOPE_SUBTREE; - start += 4; + start += sizeof("sub?")-1; } else { free( searchbase->bv_val ); @@ -123,9 +125,6 @@ is_dn: bv.bv_len = 1; } - - - int slap_sasl_regexp_config( const char *match, const char *replace ) { #ifdef HAVE_CYRUS_SASL @@ -195,13 +194,8 @@ int slap_sasl_regexp_config( const char *match, const char *replace ) } - - - #ifdef HAVE_CYRUS_SASL - - /* Take the passed in SASL name and attempt to convert it into an LDAP URI to find the matching LDAP entry, using the pattern matching strings given in the saslregexp config file directive(s) */ @@ -212,10 +206,9 @@ char *slap_sasl_regexp( char *saslname ) int i, n, len, insert; SaslRegexp_t *reg; - #ifdef NEW_LOGGING LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY, - "slap_sasl_regexp: converting SASL name %s\n", saslname )); + "slap_sasl_regexp: converting SASL name %s\n", saslname )); #else Debug( LDAP_DEBUG_TRACE, "slap_sasl_regexp: converting SASL name %s\n", saslname, 0, 0 ); @@ -281,7 +274,7 @@ char *slap_sasl_regexp( char *saslname ) uri[insert] = '\0'; #ifdef NEW_LOGGING LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY, - "slap_sasl_regexp: converted SASL name to %s\n", uri )); + "slap_sasl_regexp: converted SASL name to %s\n", uri )); #else Debug( LDAP_DEBUG_TRACE, "slap_sasl_regexp: converted SASL name to %s\n", uri, 0, 0 ); @@ -544,9 +537,6 @@ CONCLUDED: } - - - /* * This function answers the question, "Can this ID authorize to that ID?", * based on authorization rules. The rules are stored in the *searchDN, in the @@ -555,7 +545,6 @@ CONCLUDED: * * DN's passed in should have a dn: prefix */ - static int slap_sasl_check_authz(char *searchDN, char *assertDN, char *attr, char *authc) { @@ -565,7 +554,6 @@ slap_sasl_check_authz(char *searchDN, char *assertDN, char *attr, char *authc) AttributeDescription *ad=NULL; struct berval bv; - #ifdef NEW_LOGGING LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY, "slap_sasl_check_authz: does %s match %s rule in %s?\n", @@ -607,15 +595,9 @@ COMPLETE: return( rc ); } - - - #endif /* HAVE_CYRUS_SASL */ - - - /* Check if a bind can SASL authorize to another identity. Accepts authorization DN's with "dn:" prefix */ @@ -632,13 +614,12 @@ int slap_sasl_authorized( char *authcDN, char *authzDN ) #ifdef NEW_LOGGING LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY, - "slap_sasl_authorized: can %s become %s?\n", authcDN, authzDN )); + "slap_sasl_authorized: can %s become %s?\n", authcDN, authzDN )); #else Debug( LDAP_DEBUG_TRACE, "==>slap_sasl_authorized: can %s become %s?\n", authcDN, authzDN, 0 ); #endif - /* If person is authorizing to self, succeed */ if ( !strcmp( authcDN, authzDN ) ) { rc = LDAP_SUCCESS; @@ -666,9 +647,10 @@ DONE: #ifdef NEW_LOGGING LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY, - "slap_sasl_authorized: return %d\n", rc )); + "slap_sasl_authorized: return %d\n", rc )); #else - Debug( LDAP_DEBUG_TRACE, "<== slap_sasl_authorized: return %d\n",rc,0,0 ); + Debug( LDAP_DEBUG_TRACE, + "<== slap_sasl_authorized: return %d\n", rc, 0, 0 ); #endif return( rc );