isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add support for DEREF in ldap.conf.

Browse Source
This commit is contained in:
Todd C. Miller
2011-09-16 16:50:04 -04:00
parent 0f95023e9a
commit 3bcc9048c3
2 changed files with 25 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
doc/sudoers.ldap.pod
View File

@@ -536,6 +536,11 @@ SASL programmer's manual for details.
The path to the Kerberos 5 credential cache to use when authenticating The path to the Kerberos 5 credential cache to use when authenticating
with the remote server. with the remote server.
=item B<DEREF> never/searching/finding/always
How alias dereferencing is to be performed when searching. See the
L<ldap.conf(5)> manual for a full description of this option.
=back =back
See the C<ldap.conf> entry in the L<EXAMPLES> section. See the C<ldap.conf> entry in the L<EXAMPLES> section.

20
plugins/sudoers/ldap.c
View File

@@ -117,6 +117,7 @@
#define CONF_INT 1 #define CONF_INT 1
#define CONF_STR 2 #define CONF_STR 2
#define CONF_LIST_STR 4 #define CONF_LIST_STR 4
#define CONF_DEREF_VAL 5
#define SUDO_LDAP_SSL 1 #define SUDO_LDAP_SSL 1
#define SUDO_LDAP_STARTTLS 2 #define SUDO_LDAP_STARTTLS 2
@@ -195,6 +196,7 @@ static struct ldap_config {
int rootuse_sasl; int rootuse_sasl;
int ssl_mode; int ssl_mode;
int timed; int timed;
int deref;
char *host; char *host;
struct ldap_config_list_str *uri; struct ldap_config_list_str *uri;
char *binddn; char *binddn;
@@ -280,6 +282,9 @@ static struct ldap_config_table ldap_conf_table[] = {
#ifdef LDAP_OPT_TIMEOUT #ifdef LDAP_OPT_TIMEOUT
{ "timeout", CONF_INT, TRUE, -1 /* needs timeval, set manually */, { "timeout", CONF_INT, TRUE, -1 /* needs timeval, set manually */,
&ldap_conf.timeout }, &ldap_conf.timeout },
#endif
#ifdef LDAP_OPT_DEREF
{ "deref", CONF_DEREF_VAL, TRUE, LDAP_OPT_DEREF, &ldap_conf.deref },
#endif #endif
{ "binddn", CONF_STR, FALSE, -1, &ldap_conf.binddn }, { "binddn", CONF_STR, FALSE, -1, &ldap_conf.binddn },
{ "bindpw", CONF_STR, FALSE, -1, &ldap_conf.bindpw }, { "bindpw", CONF_STR, FALSE, -1, &ldap_conf.bindpw },
@@ -1121,6 +1126,7 @@ sudo_ldap_read_config(void)
ldap_conf.bind_timelimit = -1; ldap_conf.bind_timelimit = -1;
ldap_conf.use_sasl = -1; ldap_conf.use_sasl = -1;
ldap_conf.rootuse_sasl = -1; ldap_conf.rootuse_sasl = -1;
ldap_conf.deref = -1;
if ((fp = fopen(_PATH_LDAP_CONF, "r")) == NULL) if ((fp = fopen(_PATH_LDAP_CONF, "r")) == NULL)
return FALSE; return FALSE;
@@ -1145,6 +1151,16 @@ sudo_ldap_read_config(void)
for (cur = ldap_conf_table; cur->conf_str != NULL; cur++) { for (cur = ldap_conf_table; cur->conf_str != NULL; cur++) {
if (strcasecmp(keyword, cur->conf_str) == 0) { if (strcasecmp(keyword, cur->conf_str) == 0) {
switch (cur->type) { switch (cur->type) {
case CONF_DEREF_VAL:
if (strcasecmp(value, "searching") == 0)
*(int *)(cur->valp) = LDAP_DEREF_SEARCHING;
else if (strcasecmp(value, "finding") == 0)
*(int *)(cur->valp) = LDAP_DEREF_FINDING;
else if (strcasecmp(value, "always") == 0)
*(int *)(cur->valp) = LDAP_DEREF_ALWAYS;
else
*(int *)(cur->valp) = LDAP_DEREF_NEVER;
break;
case CONF_BOOL: case CONF_BOOL:
*(int *)(cur->valp) = atobool(value) == TRUE; *(int *)(cur->valp) = atobool(value) == TRUE;
break; break;
@@ -1225,6 +1241,10 @@ sudo_ldap_read_config(void)
sudo_printf(SUDO_CONV_ERROR_MSG, "timelimit %d\n", sudo_printf(SUDO_CONV_ERROR_MSG, "timelimit %d\n",
ldap_conf.timelimit); ldap_conf.timelimit);
} }
if (ldap_conf.deref != -1) {
sudo_printf(SUDO_CONV_ERROR_MSG, "deref %d\n",
ldap_conf.deref);
}
sudo_printf(SUDO_CONV_ERROR_MSG, "ssl %s\n", sudo_printf(SUDO_CONV_ERROR_MSG, "ssl %s\n",
ldap_conf.ssl ? ldap_conf.ssl : "(no)"); ldap_conf.ssl ? ldap_conf.ssl : "(no)");
if (ldap_conf.tls_checkpeer != -1) { if (ldap_conf.tls_checkpeer != -1) {