Fix parsing of LDAP URLs so it doesn't reject spaces in the "suffix" part.

Per report from César Miguel Oliveira Alves.

diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 1a33834485d9050c88c59fb246c33364c2e25074..fc5e0f4a24820e1a8e576d7392ae4ccfd831253e 100644 (file)
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *   $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.164 2008/02/08 17:58:46 tgl Exp $
+ *   $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.165 2008/07/24 17:51:55 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -1399,8 +1399,14 @@ CheckLDAPAuth(Port *port)
    }
 
    /*
-    * Crack the LDAP url. We do a very trivial parse..
+    * Crack the LDAP url. We do a very trivial parse:
+    *
     * ldap[s]://[:]/[;prefix[;suffix]]
+    *
+    * This code originally used "%127s" for the suffix, but that doesn't
+    * work for embedded whitespace.  We know that tokens formed by
+    * hba.c won't include newlines, so we can use a "not newline" scanset
+    * instead.
     */
 
    server[0] = '\0';
@@ -1410,13 +1416,13 @@ CheckLDAPAuth(Port *port)
 
    /* ldap, including port number */
    r = sscanf(port->auth_arg,
-              "ldap://%127[^:]:%d/%127[^;];%127[^;];%127s",
+              "ldap://%127[^:]:%d/%127[^;];%127[^;];%127[^\n]",
               server, &ldapport, basedn, prefix, suffix);
    if (r < 3)
    {
        /* ldaps, including port number */
        r = sscanf(port->auth_arg,
-                  "ldaps://%127[^:]:%d/%127[^;];%127[^;];%127s",
+                  "ldaps://%127[^:]:%d/%127[^;];%127[^;];%127[^\n]",
                   server, &ldapport, basedn, prefix, suffix);
        if (r >= 3)
            ssl = true;
@@ -1425,14 +1431,14 @@ CheckLDAPAuth(Port *port)
    {
        /* ldap, no port number */
        r = sscanf(port->auth_arg,
-                  "ldap://%127[^/]/%127[^;];%127[^;];%127s",
+                  "ldap://%127[^/]/%127[^;];%127[^;];%127[^\n]",
                   server, basedn, prefix, suffix);
    }
    if (r < 2)
    {
        /* ldaps, no port number */
        r = sscanf(port->auth_arg,
-                  "ldaps://%127[^/]/%127[^;];%127[^;];%127s",
+                  "ldaps://%127[^/]/%127[^;];%127[^;];%127[^\n]",
                   server, basedn, prefix, suffix);
        if (r >= 2)
            ssl = true;