| From: | "Joey Wang" <jwang(at)sentillion(dot)com> |
|---|---|
| To: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | BUG #3095: LDAP authentication parsing incorrectly |
| Date: | 2007-03-01 21:48:34 |
| Message-ID: | 200703012148.l21LmYe5089937@wwwmaster.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs pgsql-patches |
The following bug has been logged online:
Bug reference: 3095
Logged by: Joey Wang
Email address: jwang(at)sentillion(dot)com
PostgreSQL version: 8.2.3
Operating system: Linux
Description: LDAP authentication parsing incorrectly
Details:
LDAP authentication parsing has two bugs.
When pg_hba.conf contains the a line
host all all 127.0.0.1/24 ldap
ldap://ActiveDirectory/dc=domain,dc=com;cn=;,cn=users
We expect the parsing will construct a user DN as
cn=userid,cn=users,dc=domain,dc=com
But
(1) dc=domain,dc=com is ignored. This is the src code from auth.c:
.....
/* ldap, no port number */
r = sscanf(port->auth_arg, "ldap://%127[^/]/%127[^;];%127[^;];%127s",
server, basedn, prefix, suffix);
.....
snprintf(fulluser, sizeof(fulluser), "%s%s%s",
prefix, port->user_name, suffix);
fulluser[sizeof(fulluser) - 1] = '\0';
r = ldap_simple_bind_s(ldap, fulluser, passwd);
We can see the code did not use basedn.
(2) suffix containing ',' is converted to other character. This bug is
caused by parsing algrithm to treat comma as a token separator.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | mfwitten | 2007-03-01 21:59:03 | Re: BUG #3087: Endiannes, of all things |
| Previous Message | Tom Lane | 2007-03-01 16:41:54 | Re: BUG #3092: character varying and integer cannot be matched |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2007-03-01 22:19:46 | Re: A little COPY speedup |
| Previous Message | Heikki Linnakangas | 2007-03-01 21:05:33 | Re: A little COPY speedup |