From 2a88b8cbdbe790df55240850995852e8f2d304eb Mon Sep 17 00:00:00 2001
From: Jacob Champion <pchampion@vmware.com>
Date: Thu, 2 Dec 2021 09:37:08 -0800
Subject: [PATCH 1/4] hba: correct messages when ldap_url_parse() fails

ldap_err2string() doesn't work for the return value of ldap_url_parse();
you end up with strange messages like

    LOG: could not parse LDAP URL "<bad-url>": Time limit exceeded

There doesn't appear to be a corresponding error-to-string function for
the URL codes in OpenLDAP, so add a helper.
---
 src/backend/libpq/hba.c | 49 +++++++++++++++++++++++++++++++++++++++--
 1 file changed, 47 insertions(+), 2 deletions(-)

diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c
index 4328eb74fe..600972e9a4 100644
--- a/src/backend/libpq/hba.c
+++ b/src/backend/libpq/hba.c
@@ -1691,6 +1691,51 @@ parse_hba_line(TokenizedLine *tok_line, int elevel)
 }
 
 
+#ifdef LDAP_API_FEATURE_X_OPENLDAP
+
+/*
+ * OpenLDAP's ldap_err2string() doesn't work on the return value of
+ * ldap_url_parse(). Provide a helper to do so.
+ */
+static const char *
+ldap_url_err2string(int errcode)
+{
+	switch (errcode)
+	{
+		case LDAP_URL_SUCCESS:
+			return "success";
+
+		/* internal/developer errors */
+		case LDAP_URL_ERR_MEM:
+			return "out of memory";
+		case LDAP_URL_ERR_PARAM:
+			return "invalid parameter";
+
+		/* user errors */
+		case LDAP_URL_ERR_BADSCHEME:
+			return "unsupported scheme";
+		case LDAP_URL_ERR_BADENCLOSURE:
+			return "missing closing bracket";
+		case LDAP_URL_ERR_BADURL:
+			return "malformed URL";
+		case LDAP_URL_ERR_BADHOST:
+			return "bad host/port";
+		case LDAP_URL_ERR_BADATTRS:
+			return "bad/missing attributes";
+		case LDAP_URL_ERR_BADSCOPE:
+			return "bad/missing scope";
+		case LDAP_URL_ERR_BADFILTER:
+			return "bad/missing filter";
+		case LDAP_URL_ERR_BADEXTS:
+			return "bad/missing extensions";
+	}
+
+	return psprintf("unknown error: %d", errcode);
+}
+
+#endif /* LDAP_API_FEATURE_X_OPENLDAP */
+
+
 /*
  * Parse one name-value pair as an authentication option into the given
  * HbaLine.  Return true if we successfully parse the option, false if we
@@ -1818,9 +1863,9 @@ parse_hba_auth_opt(char *name, char *val, HbaLine *hbaline,
 		{
 			ereport(elevel,
 					(errcode(ERRCODE_CONFIG_FILE_ERROR),
-					 errmsg("could not parse LDAP URL \"%s\": %s", val, ldap_err2string(rc))));
+					 errmsg("could not parse LDAP URL \"%s\": %s", val, ldap_url_err2string(rc))));
 			*err_msg = psprintf("could not parse LDAP URL \"%s\": %s",
-								val, ldap_err2string(rc));
+								val, ldap_url_err2string(rc));
 			return false;
 		}
 
-- 
2.25.1