use sizeof instead of strlen/hardcoded-consts

c603bc39 · Kurt Zeilenga · af121f04 · c603bc39 · c603bc39
Commit c603bc39 authored 23 years ago by Kurt Zeilenga
--- a/servers/slapd/sasl.c
+++ b/servers/slapd/sasl.c
@@ -6,8 +6,9 @@

 #include "portable.h"

-#include <ac/stdlib.h>
 #include <stdio.h>
+#include <ac/stdlib.h>
+#include <ac/string.h>

 #include <lber.h>
 #include <ldap_log.h>
@@ -99,9 +100,10 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )


 	/* Blatantly anonymous ID */
-	len = sizeof( "anonymous" ) - 1;
-	if( id && ( id[len] == '\0' || id[len] == '@' ) &&
-		!strncasecmp( id, "anonymous", len) ) {
+	if( id &&
+		( id[sizeof( "anonymous" )-1] == '\0'
+			|| id[sizeof( "anonymous" )-1] == '@' ) &&
+		!strncasecmp( id, "anonymous", sizeof( "anonymous" )-1) ) {
 		*dnptr = NULL;
 		return( LDAP_SUCCESS );
 	}
@@ -123,7 +125,7 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )
 			dn[0] = 'd';
 			dn[1] = 'n';
 			dn[2] = ':';
-			memmove( &dn[3], tmpdn, len+1 );
+			AC_MEMCPY( &dn[3], tmpdn, len+1 );
 			len += 3;

 		} else {
@@ -131,7 +133,7 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )
 			dn = ch_malloc( len+3 );
 			dn[0] = 'u';
 			dn[1] = ':';
-			memmove( &dn[2], id, len+1 );
+			AC_MEMCPY( &dn[2], id, len+1 );
 			len += 2;
 		}
 	} else {
@@ -140,8 +142,8 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )

 	/* An authzID must be properly prefixed */
 	if( flags & FLAG_GETDN_AUTHZID
-		&& strncasecmp( dn, "u:", 2 )
-		&& strncasecmp( dn, "dn:", 3 ) )
+		&& strncasecmp( dn, "u:", sizeof("u:")-1 )
+		&& strncasecmp( dn, "dn:", sizeof("dn:")-1 ) )
 	{
 		ch_free( dn );
 		*dnptr = NULL;
@@ -149,9 +151,8 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )
 	}

 	/* Username strings */
-	if( !strncasecmp( dn, "u:", 2 ) ) {
-		int len1  = strlen( ",cn=auth" );
-		len += strlen( "dn:uid=" ) + len1;
+	if( !strncasecmp( dn, "u:", sizeof("u:")-1 ) ) {
+		len += (sizeof("dn:uid=")-1) + (sizeof(",cn=auth")-1);

 		/* Figure out how much data we have for the dn */
 		rc = sasl_getprop( ctx,	SASL_REALM, (void **)&c );
@@ -170,11 +171,11 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )
 		}

 		if( c && *c ) {
-			len += strlen( c ) + strlen(",cn=" );
+			len += strlen( c ) + (sizeof(",cn=")-1);
 		}

 		if( conn->c_sasl_bind_mech ) {
-			len += strlen( conn->c_sasl_bind_mech ) + strlen( ",cn=" );
+			len += strlen( conn->c_sasl_bind_mech ) + (sizeof(",cn=")-1);
 		}

 		/* Build the new dn */
@@ -190,7 +191,7 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )
 			len += sprintf( dn+len, ",cn=%s", conn->c_sasl_bind_mech );
 		}
 		strcpy(	dn+len, ",cn=auth" );
-		len += len1;
+		len += (sizeof(",cn=auth")-1);

 #ifdef NEW_LOGGING
 		LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY,
@@ -201,17 +202,17 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )
 	}

 	/* DN strings that are a cn=auth identity to run through regexp */
-	if( !strncasecmp( dn, "dn:", 3) &&
+	if( !strncasecmp( dn, "dn:", sizeof("dn:")-1) &&
 		( ( flags & FLAG_GETDN_FINAL ) == 0 ) )
 	{
-		c1 = slap_sasl2dn( dn + 3 );
+		c1 = slap_sasl2dn( dn + (sizeof("dn:")-1) );
 		if( c1 ) {
 			ch_free( dn );
 			dn = c1;
 			/* Reaffix the dn: prefix if it was removed */
-			if( strncasecmp( dn, "dn:", 3) ) {
+			if( strncasecmp( dn, "dn:", sizeof("dn:")-1) ) {
 				c1 = dn;
-				dn = ch_malloc( strlen( c1 ) + 4 );
+				dn = ch_malloc( strlen( c1 ) + sizeof("dn:") );
 				sprintf( dn, "dn:%s", c1 );
 				ch_free( c1 );
 			}
@@ -227,7 +228,7 @@ int slap_sasl_getdn( Connection *conn, char *id, char **dnptr, int flags )
 	}

 	if( ( flags & FLAG_GETDN_FINAL ) == 0 )	 {
-		dn_normalize( dn+3 );
+		dn_normalize( dn+(sizeof("dn:")-1) );
 	}

 	*dnptr = dn;
@@ -567,7 +568,7 @@ char ** slap_sasl_mechs( Connection *conn )
 		if( sc != SASL_OK ) {
 #ifdef NEW_LOGGING
 			LDAP_LOG(( "sasl", LDAP_LEVEL_ERR,
-				   "slap_sasl_mechs: sasl_listmech failed: %d\n", sc ));
+				"slap_sasl_mechs: sasl_listmech failed: %d\n", sc ));
 #else
 			Debug( LDAP_DEBUG_ANY, "slap_sasl_listmech failed: %d\n",
 				sc, 0, 0 );

--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -12,9 +12,9 @@

 #include "portable.h"

-#include <ac/stdlib.h>
 #include <stdio.h>

+#include <ac/stdlib.h>
 #include <ac/string.h>

 #include "slap.h"
@@ -25,9 +25,10 @@
 #include <ldap_pvt.h>
 #endif

-/* URI format:	ldap://<host>/<base>[?[<attrs>][?[<scope>][?[<filter>]]]]   */
+/* URI format: ldap://<host>/<base>[?[<attrs>][?[<scope>][?[<filter>]]]] */

-int slap_parseURI( char *uri, struct berval *searchbase, int *scope, Filter **filter )
+static int slap_parseURI( char *uri,
+	struct berval *searchbase, int *scope, Filter **filter )
 {
 	char *start, *end;
 	struct berval bv;
@@ -42,15 +43,14 @@ int slap_parseURI( char *uri, struct berval *searchbase, int *scope, Filter **fi

 #ifdef NEW_LOGGING
 	LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY,
-		   "slap_parseURI: parsing %s\n", uri ));
+		"slap_parseURI: parsing %s\n", uri ));
 #else
 	Debug( LDAP_DEBUG_TRACE, "slap_parseURI: parsing %s\n", uri, 0, 0 );
 #endif

-
 	/* If it does not look like a URI, assume it is a DN */
-	if( !strncasecmp( uri, "dn:", 3 ) ) {
-		uri += 3;
+	if( !strncasecmp( uri, "dn:", sizeof("dn:")-1 ) ) {
+		uri += sizeof("dn:")-1;
 		uri += strspn( uri, " " );
 		bv.bv_val = uri;
 		/* FIXME: if dnNormalize actually uses input bv_len we
@@ -63,12 +63,14 @@ is_dn:		bv.bv_len = 1;
 		}
 		return( rc );
 	}
-	if( strncasecmp( uri, "ldap://", 7 ) ) {
+
+	/* FIXME: should use ldap_url_parse() */
+	if( strncasecmp( uri, "ldap://", sizeof("ldap://")-1 ) ) {
 		bv.bv_val = uri;
 		goto is_dn;
 	}

-	end = strchr( uri + 7, '/' );
+	end = strchr( uri + (sizeof("ldap://")-1), '/' );
 	if ( end == NULL )
 		return( LDAP_PROTOCOL_ERROR );

@@ -98,17 +100,17 @@ is_dn:		bv.bv_len = 1;

 	/* Grab the scope */
 	start = end+1;
-	if( !strncasecmp( start, "base?", 5 )) {
+	if( !strncasecmp( start, "base?", sizeof("base?")-1 )) {
 		*scope = LDAP_SCOPE_BASE;
-		start += 5;
+		start += sizeof("base?")-1;
 	}
-	else if( !strncasecmp( start, "one?", 4 )) {
+	else if( !strncasecmp( start, "one?", sizeof("one?")-1 )) {
 		*scope = LDAP_SCOPE_ONELEVEL;
-		start += 4;
+		start += sizeof("one?")-1;
 	}
-	else if( !strncasecmp( start, "sub?", 3 )) {
+	else if( !strncasecmp( start, "sub?", sizeof("sub?")-1 )) {
 		*scope = LDAP_SCOPE_SUBTREE;
-		start += 4;
+		start += sizeof("sub?")-1;
 	}
 	else {
 		free( searchbase->bv_val );
@@ -123,9 +125,6 @@ is_dn:		bv.bv_len = 1;
 }


-
-
-
 int slap_sasl_regexp_config( const char *match, const char *replace )
 {
 #ifdef HAVE_CYRUS_SASL
@@ -195,13 +194,8 @@ int slap_sasl_regexp_config( const char *match, const char *replace )
 }


-
-
-
 #ifdef HAVE_CYRUS_SASL

-
-
 /* Take the passed in SASL name and attempt to convert it into an
   LDAP URI to find the matching LDAP entry, using the pattern matching
   strings given in the saslregexp config file directive(s) */
@@ -212,10 +206,9 @@ char *slap_sasl_regexp( char *saslname )
 	int i, n, len, insert;
 	SaslRegexp_t *reg;

-
 #ifdef NEW_LOGGING
 	LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY,
-		   "slap_sasl_regexp: converting SASL name %s\n", saslname ));
+		"slap_sasl_regexp: converting SASL name %s\n", saslname ));
 #else
 	Debug( LDAP_DEBUG_TRACE, "slap_sasl_regexp: converting SASL name %s\n",
 	   saslname, 0, 0 );
@@ -281,7 +274,7 @@ char *slap_sasl_regexp( char *saslname )
 	uri[insert] = '\0';
 #ifdef NEW_LOGGING
 	LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY,
-		   "slap_sasl_regexp: converted SASL name to %s\n", uri ));
+		"slap_sasl_regexp: converted SASL name to %s\n", uri ));
 #else
 	Debug( LDAP_DEBUG_TRACE,
 	   "slap_sasl_regexp: converted SASL name to %s\n", uri, 0, 0 );
@@ -544,9 +537,6 @@ CONCLUDED:
 }


-
-
-
 /*
 * This function answers the question, "Can this ID authorize to that ID?",
 * based on authorization rules. The rules are stored in the *searchDN, in the
@@ -555,7 +545,6 @@ CONCLUDED:
 *
 * DN's passed in should have a dn: prefix
 */
-
 static int
 slap_sasl_check_authz(char *searchDN, char *assertDN, char *attr, char *authc)
 {
@@ -565,7 +554,6 @@ slap_sasl_check_authz(char *searchDN, char *assertDN, char *attr, char *authc)
 	AttributeDescription *ad=NULL;
 	struct berval bv;

-
 #ifdef NEW_LOGGING
 	LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY,
 		   "slap_sasl_check_authz: does %s match %s rule in %s?\n",
@@ -607,15 +595,9 @@ COMPLETE:

 	return( rc );
 }
-
-
-
 #endif	/* HAVE_CYRUS_SASL */


-
-
-
 /* Check if a bind can SASL authorize to another identity.
   Accepts authorization DN's with "dn:" prefix */

@@ -632,13 +614,12 @@ int slap_sasl_authorized( char *authcDN, char *authzDN )

 #ifdef NEW_LOGGING
 	LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY,
-		   "slap_sasl_authorized: can %s become %s?\n", authcDN, authzDN ));
+		"slap_sasl_authorized: can %s become %s?\n", authcDN, authzDN ));
 #else
 	Debug( LDAP_DEBUG_TRACE,
 	   "==>slap_sasl_authorized: can %s become %s?\n", authcDN, authzDN, 0 );
 #endif

-
 	/* If person is authorizing to self, succeed */
 	if ( !strcmp( authcDN, authzDN ) ) {
 		rc = LDAP_SUCCESS;
@@ -666,9 +647,10 @@ DONE:

 #ifdef NEW_LOGGING
 	LDAP_LOG(( "sasl", LDAP_LEVEL_ENTRY,
-		   "slap_sasl_authorized: return %d\n", rc ));
+		"slap_sasl_authorized: return %d\n", rc ));
 #else
-	Debug( LDAP_DEBUG_TRACE, "<== slap_sasl_authorized: return %d\n",rc,0,0 );
+	Debug( LDAP_DEBUG_TRACE,
+		"<== slap_sasl_authorized: return %d\n", rc, 0, 0 );
 #endif

 	return( rc );