From cd7540feee183cdd88991ee53257c3cf095e0805 Mon Sep 17 00:00:00 2001
From: Pierangelo Masarati <ando@openldap.org>
Date: Sat, 24 Jul 2004 11:17:03 +0000
Subject: [PATCH] cleanup URI parsing/checking (fixes ITS#3253)

---
 servers/slapd/back-ldap/config.c | 140 +++++++++++++++++++++++--------
 servers/slapd/back-ldap/init.c   |   8 ++
 2 files changed, 112 insertions(+), 36 deletions(-)

diff --git a/servers/slapd/back-ldap/config.c b/servers/slapd/back-ldap/config.c
index 8b21dfe625..98bdf246c7 100644
--- a/servers/slapd/back-ldap/config.c
+++ b/servers/slapd/back-ldap/config.c
@@ -57,6 +57,8 @@ ldap_back_db_config(
 
 	/* server address to query (depricated, use "uri" directive) */
 	if ( strcasecmp( argv[0], "server" ) == 0 ) {
+		ber_len_t	l;
+
 		if (argc != 2) {
 			fprintf( stderr,
 	"%s: line %d: missing address in \"server <address>\" line\n",
@@ -65,16 +67,19 @@ ldap_back_db_config(
 		}
 		if (li->url != NULL)
 			ch_free(li->url);
-		li->url = ch_calloc(strlen(argv[1]) + 9, sizeof(char));
-		if (li->url != NULL) {
-			strcpy(li->url, "ldap://");
-			strcat(li->url, argv[1]);
-			strcat(li->url, "/");
+		l = strlen( argv[1] ) + STRLENOF( "ldap:///") + 1;
+		li->url = ch_calloc( l, sizeof( char ) );
+		if (li->url == NULL) {
+			fprintf( stderr, "%s: line %d: malloc failed\n" );
+			return 1;
 		}
 
+		snprintf( li->url, l, "ldap://%s/", argv[1] );
+
 	/* URI of server to query (preferred over "server" directive) */
 	} else if ( strcasecmp( argv[0], "uri" ) == 0 ) {
-		LDAPURLDesc	tmplud;
+		LDAPURLDesc	tmplud, *tmpludp;
+		int		urlrc;
 
 		if (argc != 2) {
 			fprintf( stderr, "%s: line %d: "
@@ -87,46 +92,109 @@ ldap_back_db_config(
 			ch_free( li->url );
 		}
 		if ( li->lud != NULL ) {
-			ldap_free_urldesc( li->lud );
+			ldap_free_urllist( li->lud );
 		}
 
-		if ( ldap_url_parse( argv[ 1 ], &li->lud ) != LDAP_URL_SUCCESS ) {
+#if 0
+		/* PARANOID: DN and more are not required nor allowed */
+		urlrc = ldap_url_parselist_ext( &li->lud, argv[ 1 ], "\t" );
+#else
+		urlrc =  ldap_url_parselist( &li->lud, argv[ 1 ] );
+#endif
+		if ( urlrc != LDAP_SUCCESS ) {
+			char	*why;
+
+			switch ( urlrc ) {
+			case LDAP_URL_ERR_MEM:
+				why = "no memory";
+				break;
+			case LDAP_URL_ERR_PARAM:
+		  		why = "parameter is bad";
+				break;
+			case LDAP_URL_ERR_BADSCHEME:
+				why = "URL doesn't begin with \"[c]ldap[si]://\"";
+				break;
+			case LDAP_URL_ERR_BADENCLOSURE:
+				why = "URL is missing trailing \">\"";
+				break;
+			case LDAP_URL_ERR_BADURL:
+				why = "URL is bad";
+			case LDAP_URL_ERR_BADHOST:
+				why = "host/port is bad";
+				break;
+			case LDAP_URL_ERR_BADATTRS:
+				why = "bad (or missing) attributes";
+				break;
+			case LDAP_URL_ERR_BADSCOPE:
+				why = "scope string is invalid (or missing)";
+				break;
+			case LDAP_URL_ERR_BADFILTER:
+				why = "bad or missing filter";
+				break;
+			case LDAP_URL_ERR_BADEXTS:
+				why = "bad or missing extensions";
+				break;
+			default:
+				why = "unknown reason";
+				break;
+			}
 			fprintf( stderr, "%s: line %d: "
 				"unable to parse uri \"%s\" "
-				"in \"uri <uri>\" line\n",
-				fname, lineno, argv[ 1 ] );
+				"in \"uri <uri>\" line: %s\n",
+				fname, lineno, argv[ 1 ], why );
 			return 1;
 		}
 
-		if ( ( li->lud->lud_dn != NULL && li->lud->lud_dn[0] != '\0' )
-				|| li->lud->lud_attrs != NULL
-				|| li->lud->lud_filter != NULL
-				|| li->lud->lud_exts != NULL )
-		{
-			fprintf( stderr, "%s: line %d: "
-				"warning, only protocol, "
-				"host and port allowed "
-				"in \"uri <uri>\" line\n",
-				fname, lineno );
+		for ( tmpludp = li->lud; tmpludp; tmpludp = tmpludp->lud_next ) {
+			if ( ( tmpludp->lud_dn != NULL && tmpludp->lud_dn[0] != '\0' )
+					|| tmpludp->lud_attrs != NULL
+					|| tmpludp->lud_filter != NULL
+					|| tmpludp->lud_exts != NULL )
+			{
+				fprintf( stderr, "%s: line %d: "
+					"warning, only protocol, "
+					"host and port allowed "
+					"in \"uri <uri>\" statement "
+					"for \"%s\"\n",
+					fname, lineno, argv[1] );
+			}
 		}
 
 #if 0
-		tmplud = *lud;
-		tmplud.lud_dn = "";
-		tmplud.lud_attrs = NULL;
-		tmplud.lud_filter = NULL;
-		if ( !ldap_is_ldapi_url( argv[ 1 ] ) ) {
-			tmplud.lud_exts = NULL;
-			tmplud.lud_crit_exts = 0;
-		}
-		
-		li->url = ldap_url_desc2str( &tmplud );
-		if ( li->url == NULL ) {
-			fprintf( stderr, "%s: line %d: "
-				"unable to rebuild uri \"%s\" "
-				"in \"uri <uri>\" line\n",
-				fname, lineno, argv[ 1 ] );
-			return 1;
+		for ( tmpludp = li->lud; tmpludp; tmpludp = tmpludp->lud_next ) {
+			char		*tmpurl;
+			ber_len_t	oldlen = 0, len;
+
+			tmplud = *tmpludp;
+			tmplud.lud_dn = "";
+			tmplud.lud_attrs = NULL;
+			tmplud.lud_filter = NULL;
+			if ( !ldap_is_ldapi_url( argv[ 1 ] ) ) {
+				tmplud.lud_exts = NULL;
+				tmplud.lud_crit_exts = 0;
+			}
+
+			tmpurl = ldap_url_desc2str( &tmplud );
+
+			if ( tmpurl == NULL ) {
+				fprintf( stderr, "%s: line %d: "
+					"unable to rebuild uri "
+					"in \"uri <uri>\" statement "
+					"for \"%s\"\n",
+					fname, lineno, argv[ 1 ] );
+				return 1;
+			}
+
+			len = strlen( tmpurl );
+			if ( li->url ) {
+				oldlen = strlen( li->url ) + STRLENOF( " " );
+			}
+			li->url = ch_realloc( li->url, oldlen + len + 1);
+			if ( oldlen ) {
+				li->url[oldlen - 1] = " ";
+			}
+			AC_MEMCPY( &li->url[oldlen], tmpurl, len + 1 );
+			ch_free( tmpurl );
 		}
 #else
 		li->url = ch_strdup( argv[ 1 ] );
diff --git a/servers/slapd/back-ldap/init.c b/servers/slapd/back-ldap/init.c
index 2f285fb0b3..458f95376b 100644
--- a/servers/slapd/back-ldap/init.c
+++ b/servers/slapd/back-ldap/init.c
@@ -167,6 +167,14 @@ ldap_back_db_open( BackendDB *be )
 {
 	struct ldapinfo	*li = (struct ldapinfo *)be->be_private;
 
+#ifdef NEW_LOGGING
+	LDAP_LOG( BACK_LDAP, DETAIL1, 
+		"ldap_back_db_open: URI=%s\n",  li->url, 0, 0 );
+#else
+	Debug( LDAP_DEBUG_TRACE,
+		"ldap_back_db_open: URI=%s\n",  li->url, 0, 0 );
+#endif
+
 #ifdef LDAP_BACK_PROXY_AUTHZ
 	/* by default, use proxyAuthz control on each operation */
 	switch ( li->idassert_mode ) {
-- 
2.39.2