isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

back out partial ldaps support mistakenly committed

Browse Source
This commit is contained in:
Todd C. Miller
2007-09-04 22:51:35 +00:00
parent 84a22a2d52
commit 19ff128f31
1 changed files with 11 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
ldap.c
View File

@@ -109,14 +109,13 @@ struct ldap_config {
int bind_timelimit; int bind_timelimit;
int use_sasl; int use_sasl;
int rootuse_sasl; int rootuse_sasl;
int use_ssl;
int start_tls;
char *host; char *host;
char *uri; char *uri;
char *binddn; char *binddn;
char *bindpw; char *bindpw;
char *rootbinddn; char *rootbinddn;
char *base; char *base;
char *ssl;
char *tls_cacertfile; char *tls_cacertfile;
char *tls_cacertdir; char *tls_cacertdir;
char *tls_random_file; char *tls_random_file;
@@ -126,7 +125,6 @@ struct ldap_config {
char *sasl_auth_id; char *sasl_auth_id;
char *rootsasl_auth_id; char *rootsasl_auth_id;
char *sasl_secprops; char *sasl_secprops;
char *sslpath;
char *krb5_ccname; char *krb5_ccname;
} ldap_conf; } ldap_conf;
@@ -511,11 +509,11 @@ int
sudo_ldap_read_config() sudo_ldap_read_config()
{ {
FILE *f; FILE *f;
char buf[LINE_MAX], *c, *keyword, *value, *ssl = NULL; char buf[LINE_MAX], *c, *keyword, *value;
/* defaults */ /* defaults */
ldap_conf.version = LDAP_VERSION_MAX; /* XXX - use LDAP_VERSION? */ ldap_conf.version = 3;
ldap_conf.port = -1; ldap_conf.port = 389;
ldap_conf.tls_checkpeer = -1; ldap_conf.tls_checkpeer = -1;
ldap_conf.timelimit = -1; ldap_conf.timelimit = -1;
ldap_conf.bind_timelimit = -1; ldap_conf.bind_timelimit = -1;
@@ -569,9 +567,7 @@ sudo_ldap_read_config()
else else
MATCH_I("port", ldap_conf.port) MATCH_I("port", ldap_conf.port)
else else
MATCH_S("ssl", ssl) MATCH_S("ssl", ldap_conf.ssl)
else
MATCH_S("sslpath", ldap_conf.sslpath)
else else
MATCH_B("tls_checkpeer", ldap_conf.tls_checkpeer) MATCH_B("tls_checkpeer", ldap_conf.tls_checkpeer)
else else
@@ -630,25 +626,6 @@ sudo_ldap_read_config()
} }
fclose(f); fclose(f);
/*
* The ssl option may be a boolean or the string "start_tls".
*/
if (ssl != NULL) {
if (strcasecmp(ssl, "start_tls") == 0)
ldap_conf.start_tls = 1;
else
ldap_conf.use_ssl = _atobool(ssl);
}
if (ldap_conf.port == -1) {
#ifdef HAVE_LDAPSSL_INIT
if (ldap_conf.use_ssl)
ldap_conf.port = LDAPS_PORT;
else
#endif
ldap_conf.port = LDAP_PORT;
}
if (!ldap_conf.host) if (!ldap_conf.host)
ldap_conf.host = estrdup("localhost"); ldap_conf.host = estrdup("localhost");
@@ -678,11 +655,9 @@ sudo_ldap_read_config()
ldap_conf.bindpw : "(anonymous)"); ldap_conf.bindpw : "(anonymous)");
fprintf(stderr, "bind_timelimit %d\n", ldap_conf.bind_timelimit); fprintf(stderr, "bind_timelimit %d\n", ldap_conf.bind_timelimit);
fprintf(stderr, "timelimit %d\n", ldap_conf.timelimit); fprintf(stderr, "timelimit %d\n", ldap_conf.timelimit);
#ifdef HAVE_LDAPSSL_INIT
fprintf(stderr, "use_ssl %d\n", ldap_conf.use_ssl);
#endif
#ifdef HAVE_LDAP_START_TLS_S #ifdef HAVE_LDAP_START_TLS_S
fprintf(stderr, "start_tls %d\n", ldap_conf.start_tls); fprintf(stderr, "ssl %s\n", ldap_conf.ssl ?
ldap_conf.ssl : "(no)");
#endif #endif
#ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S #ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S
fprintf(stderr, "use_sasl %d\n", ldap_conf.use_sasl); fprintf(stderr, "use_sasl %d\n", ldap_conf.use_sasl);
@@ -992,7 +967,7 @@ sudo_ldap_open()
if (!sudo_ldap_read_config()) if (!sudo_ldap_read_config())
return(NULL); return(NULL);
/* attempt to setup TLS options */ /* attempt to setup ssl options */
#ifdef LDAP_OPT_X_TLS_CACERTFILE #ifdef LDAP_OPT_X_TLS_CACERTFILE
SET_OPTS(X_TLS_CACERTFILE, tls_cacertfile); SET_OPTS(X_TLS_CACERTFILE, tls_cacertfile);
#endif /* LDAP_OPT_X_TLS_CACERTFILE */ #endif /* LDAP_OPT_X_TLS_CACERTFILE */
@@ -1050,26 +1025,14 @@ sudo_ldap_open()
} }
#endif #endif
#ifdef HAVE_LDAPSSL_INIT /* attempt connect */
/* setup SSL before connecting */
if (ldap_conf.use_ssl && ldap_conf.sslpath != NULL) {
rc = ldapssl_client_init(ldap_conf.sslpath, NULL);
if (rc != LDAP_SUCCESS) {
fprintf(stderr, "ldapssl_client_init()=%d : %s\n",
rc, ldap_err2string(rc));
return(NULL);
}
}
#endif
/* attempt connection */
#ifdef HAVE_LDAP_INITIALIZE #ifdef HAVE_LDAP_INITIALIZE
if (ldap_conf.uri) { if (ldap_conf.uri) {
DPRINTF(("ldap_initialize(ld,%s)", ldap_conf.uri), 2); DPRINTF(("ldap_initialize(ld,%s)", ldap_conf.uri), 2);
rc = ldap_initialize(&ld, ldap_conf.uri); rc = ldap_initialize(&ld, ldap_conf.uri);
if (rc != LDAP_SUCCESS) { if (rc) {
fprintf(stderr, "ldap_initialize()=%d : %s\n", fprintf(stderr, "ldap_initialize()=%d : %s\n",
rc, ldap_err2string(rc)); rc, ldap_err2string(rc));
return(NULL); return(NULL);
@@ -1077,21 +1040,11 @@ sudo_ldap_open()
} else } else
#endif /* HAVE_LDAP_INITIALIZE */ #endif /* HAVE_LDAP_INITIALIZE */
if (ldap_conf.host) { if (ldap_conf.host) {
#ifdef HAVE_LDAPSSL_INIT
DPRINTF(("ldapssl_init(%s,%d,%d)", ldap_conf.host, ldap_conf.port,
ldap_conf.use_ssl), 2);
ld = ldapssl_init(ldap_conf.host, ldap_conf.port, ldap_conf.use_ssl);
if (ld == NULL) {
warning("ldapssl_init()");
return(NULL);
}
#else
DPRINTF(("ldap_init(%s,%d)", ldap_conf.host, ldap_conf.port), 2); DPRINTF(("ldap_init(%s,%d)", ldap_conf.host, ldap_conf.port), 2);
if ((ld = ldap_init(ldap_conf.host, ldap_conf.port)) == NULL) { if ((ld = ldap_init(ldap_conf.host, ldap_conf.port)) == NULL) {
warning("ldap_init()"); warning("ldap_init()");
return(NULL); return(NULL);
} }
#endif
} }
#ifdef LDAP_OPT_PROTOCOL_VERSION #ifdef LDAP_OPT_PROTOCOL_VERSION
@@ -1101,7 +1054,7 @@ sudo_ldap_open()
#ifdef HAVE_LDAP_START_TLS_S #ifdef HAVE_LDAP_START_TLS_S
/* Turn on TLS */ /* Turn on TLS */
if (ldap_conf.start_tls) { if (ldap_conf.ssl && !strcasecmp(ldap_conf.ssl, "start_tls")) {
rc = ldap_start_tls_s(ld, NULL, NULL); rc = ldap_start_tls_s(ld, NULL, NULL);
if (rc != LDAP_SUCCESS) { if (rc != LDAP_SUCCESS) {
fprintf(stderr, "ldap_start_tls_s(): %d: %s\n", rc, fprintf(stderr, "ldap_start_tls_s(): %d: %s\n", rc,