back out partial ldaps support mistakenly committed
This commit is contained in:
Todd C. Miller
69
ldap.c
69
ldap.c
@@ -109,14 +109,13 @@ struct ldap_config {
|
||||
int bind_timelimit;
|
||||
int use_sasl;
|
||||
int rootuse_sasl;
|
||||
int use_ssl;
|
||||
int start_tls;
|
||||
char *host;
|
||||
char *uri;
|
||||
char *binddn;
|
||||
char *bindpw;
|
||||
char *rootbinddn;
|
||||
char *base;
|
||||
char *ssl;
|
||||
char *tls_cacertfile;
|
||||
char *tls_cacertdir;
|
||||
char *tls_random_file;
|
||||
@@ -126,7 +125,6 @@ struct ldap_config {
|
||||
char *sasl_auth_id;
|
||||
char *rootsasl_auth_id;
|
||||
char *sasl_secprops;
|
||||
char *sslpath;
|
||||
char *krb5_ccname;
|
||||
} ldap_conf;
|
||||
|
||||
@@ -511,11 +509,11 @@ int
|
||||
sudo_ldap_read_config()
|
||||
{
|
||||
FILE *f;
|
||||
char buf[LINE_MAX], *c, *keyword, *value, *ssl = NULL;
|
||||
char buf[LINE_MAX], *c, *keyword, *value;
|
||||
|
||||
/* defaults */
|
||||
ldap_conf.version = LDAP_VERSION_MAX; /* XXX - use LDAP_VERSION? */
|
||||
ldap_conf.port = -1;
|
||||
ldap_conf.version = 3;
|
||||
ldap_conf.port = 389;
|
||||
ldap_conf.tls_checkpeer = -1;
|
||||
ldap_conf.timelimit = -1;
|
||||
ldap_conf.bind_timelimit = -1;
|
||||
@@ -569,9 +567,7 @@ sudo_ldap_read_config()
|
||||
else
|
||||
MATCH_I("port", ldap_conf.port)
|
||||
else
|
||||
MATCH_S("ssl", ssl)
|
||||
else
|
||||
MATCH_S("sslpath", ldap_conf.sslpath)
|
||||
MATCH_S("ssl", ldap_conf.ssl)
|
||||
else
|
||||
MATCH_B("tls_checkpeer", ldap_conf.tls_checkpeer)
|
||||
else
|
||||
@@ -630,25 +626,6 @@ sudo_ldap_read_config()
|
||||
}
|
||||
fclose(f);
|
||||
|
||||
/*
|
||||
* The ssl option may be a boolean or the string "start_tls".
|
||||
*/
|
||||
if (ssl != NULL) {
|
||||
if (strcasecmp(ssl, "start_tls") == 0)
|
||||
ldap_conf.start_tls = 1;
|
||||
else
|
||||
ldap_conf.use_ssl = _atobool(ssl);
|
||||
}
|
||||
|
||||
if (ldap_conf.port == -1) {
|
||||
#ifdef HAVE_LDAPSSL_INIT
|
||||
if (ldap_conf.use_ssl)
|
||||
ldap_conf.port = LDAPS_PORT;
|
||||
else
|
||||
#endif
|
||||
ldap_conf.port = LDAP_PORT;
|
||||
}
|
||||
|
||||
if (!ldap_conf.host)
|
||||
ldap_conf.host = estrdup("localhost");
|
||||
|
||||
@@ -678,11 +655,9 @@ sudo_ldap_read_config()
|
||||
ldap_conf.bindpw : "(anonymous)");
|
||||
fprintf(stderr, "bind_timelimit %d\n", ldap_conf.bind_timelimit);
|
||||
fprintf(stderr, "timelimit %d\n", ldap_conf.timelimit);
|
||||
#ifdef HAVE_LDAPSSL_INIT
|
||||
fprintf(stderr, "use_ssl %d\n", ldap_conf.use_ssl);
|
||||
#endif
|
||||
#ifdef HAVE_LDAP_START_TLS_S
|
||||
fprintf(stderr, "start_tls %d\n", ldap_conf.start_tls);
|
||||
fprintf(stderr, "ssl %s\n", ldap_conf.ssl ?
|
||||
ldap_conf.ssl : "(no)");
|
||||
#endif
|
||||
#ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S
|
||||
fprintf(stderr, "use_sasl %d\n", ldap_conf.use_sasl);
|
||||
@@ -992,7 +967,7 @@ sudo_ldap_open()
|
||||
if (!sudo_ldap_read_config())
|
||||
return(NULL);
|
||||
|
||||
/* attempt to setup TLS options */
|
||||
/* attempt to setup ssl options */
|
||||
#ifdef LDAP_OPT_X_TLS_CACERTFILE
|
||||
SET_OPTS(X_TLS_CACERTFILE, tls_cacertfile);
|
||||
#endif /* LDAP_OPT_X_TLS_CACERTFILE */
|
||||
@@ -1050,26 +1025,14 @@ sudo_ldap_open()
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_LDAPSSL_INIT
|
||||
/* setup SSL before connecting */
|
||||
if (ldap_conf.use_ssl && ldap_conf.sslpath != NULL) {
|
||||
rc = ldapssl_client_init(ldap_conf.sslpath, NULL);
|
||||
if (rc != LDAP_SUCCESS) {
|
||||
fprintf(stderr, "ldapssl_client_init()=%d : %s\n",
|
||||
rc, ldap_err2string(rc));
|
||||
return(NULL);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
/* attempt connection */
|
||||
/* attempt connect */
|
||||
#ifdef HAVE_LDAP_INITIALIZE
|
||||
if (ldap_conf.uri) {
|
||||
|
||||
DPRINTF(("ldap_initialize(ld,%s)", ldap_conf.uri), 2);
|
||||
|
||||
rc = ldap_initialize(&ld, ldap_conf.uri);
|
||||
if (rc != LDAP_SUCCESS) {
|
||||
if (rc) {
|
||||
fprintf(stderr, "ldap_initialize()=%d : %s\n",
|
||||
rc, ldap_err2string(rc));
|
||||
return(NULL);
|
||||
@@ -1077,21 +1040,11 @@ sudo_ldap_open()
|
||||
} else
|
||||
#endif /* HAVE_LDAP_INITIALIZE */
|
||||
if (ldap_conf.host) {
|
||||
#ifdef HAVE_LDAPSSL_INIT
|
||||
DPRINTF(("ldapssl_init(%s,%d,%d)", ldap_conf.host, ldap_conf.port,
|
||||
ldap_conf.use_ssl), 2);
|
||||
ld = ldapssl_init(ldap_conf.host, ldap_conf.port, ldap_conf.use_ssl);
|
||||
if (ld == NULL) {
|
||||
warning("ldapssl_init()");
|
||||
return(NULL);
|
||||
}
|
||||
#else
|
||||
DPRINTF(("ldap_init(%s,%d)", ldap_conf.host, ldap_conf.port), 2);
|
||||
if ((ld = ldap_init(ldap_conf.host, ldap_conf.port)) == NULL) {
|
||||
warning("ldap_init()");
|
||||
return(NULL);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
#ifdef LDAP_OPT_PROTOCOL_VERSION
|
||||
@@ -1101,7 +1054,7 @@ sudo_ldap_open()
|
||||
|
||||
#ifdef HAVE_LDAP_START_TLS_S
|
||||
/* Turn on TLS */
|
||||
if (ldap_conf.start_tls) {
|
||||
if (ldap_conf.ssl && !strcasecmp(ldap_conf.ssl, "start_tls")) {
|
||||
rc = ldap_start_tls_s(ld, NULL, NULL);
|
||||
if (rc != LDAP_SUCCESS) {
|
||||
fprintf(stderr, "ldap_start_tls_s(): %d: %s\n", rc,
|
||||
|
||||
Reference in New Issue
Block a user