Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit257ef3c

Browse files
committed
Fix handling of HBA ldapserver with multiple hostnames.
Commit35c0754 failed to handle space-separated lists of alternativehostnames in ldapserver, when building a URI for ldap_initialize()(OpenLDAP). Such lists need to be expanded to space-separated URIs.Repair. Back-patch to 11, to fix bug report #15495.Author: Thomas MunroReported-by: Renaud NavarroDiscussion:https://postgr.es/m/15495-2c39fc196c95cd72%40postgresql.org
1 parent6a3dcd2 commit257ef3c

File tree

2 files changed

+54
-6
lines changed

2 files changed

+54
-6
lines changed

‎src/backend/libpq/auth.c

Lines changed: 37 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -2352,12 +2352,44 @@ InitializeLDAPConnection(Port *port, LDAP **ldap)
23522352
#else
23532353
#ifdefHAVE_LDAP_INITIALIZE
23542354
{
2355-
char*uri;
2355+
constchar*hostnames=port->hba->ldapserver;
2356+
char*uris=NULL;
23562357

2357-
uri=psprintf("%s://%s:%d",scheme,port->hba->ldapserver,
2358-
port->hba->ldapport);
2359-
r=ldap_initialize(ldap,uri);
2360-
pfree(uri);
2358+
/*
2359+
* We have a space-separated list of hostnames. Convert it
2360+
* to a space-separated list of URIs.
2361+
*/
2362+
do
2363+
{
2364+
constchar*hostname;
2365+
size_thostname_size;
2366+
char*new_uris;
2367+
2368+
/* Find the leading hostname. */
2369+
hostname_size=strcspn(hostnames," ");
2370+
hostname=pnstrdup(hostnames,hostname_size);
2371+
2372+
/* Append a URI for this hostname. */
2373+
new_uris=psprintf("%s%s%s://%s:%d",
2374+
uris ?uris :"",
2375+
uris ?" " :"",
2376+
scheme,
2377+
hostname,
2378+
port->hba->ldapport);
2379+
2380+
pfree(hostname);
2381+
if (uris)
2382+
pfree(uris);
2383+
uris=new_uris;
2384+
2385+
/* Step over this hostname and any spaces. */
2386+
hostnames+=hostname_size;
2387+
while (*hostnames==' ')
2388+
++hostnames;
2389+
}while (*hostnames);
2390+
2391+
r=ldap_initialize(ldap,uris);
2392+
pfree(uris);
23612393
if (r!=LDAP_SUCCESS)
23622394
{
23632395
ereport(LOG,

‎src/test/ldap/t/001_auth.pl

Lines changed: 17 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66

77
if ($ENV{with_ldap}eq'yes')
88
{
9-
plantests=>19;
9+
plantests=>22;
1010
}
1111
else
1212
{
@@ -179,6 +179,22 @@ sub test_access
179179
$ENV{"PGPASSWORD"} ='secret1';
180180
test_access($node,'test1', 0,'search+bind authentication succeeds');
181181

182+
note"multiple servers";
183+
184+
unlink($node->data_dir .'/pg_hba.conf');
185+
$node->append_conf('pg_hba.conf',
186+
qq{local all all ldap ldapserver="$ldap_server$ldap_server" ldapport=$ldap_port ldapbasedn="$ldap_basedn"}
187+
);
188+
$node->restart;
189+
190+
$ENV{"PGPASSWORD"} ='wrong';
191+
test_access($node,'test0', 2,
192+
'search+bind authentication fails if user not found in LDAP');
193+
test_access($node,'test1', 2,
194+
'search+bind authentication fails with wrong password');
195+
$ENV{"PGPASSWORD"} ='secret1';
196+
test_access($node,'test1', 0,'search+bind authentication succeeds');
197+
182198
note"LDAP URLs";
183199

184200
unlink($node->data_dir .'/pg_hba.conf');

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp