isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Add some ldap_err2string() debugging when the LDAP search fails.

Browse Source 
Adapted from a diff from Steven Soulen.
This commit is contained in:
Todd C. Miller
2015-04-14 09:50:40 -06:00
parent db74048989
commit 3de14196c8
1 changed files with 13 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
plugins/sudoers/ldap.c
View File

@@ -609,7 +609,7 @@ sudo_ldap_init(LDAP **ldp, const char *host, int port)
} }
} }
if (retry) { if (retry) {
DPRINTF2("ldapssl_clientauth_init(%s, %s)", DPRINTF2("retry ldapssl_clientauth_init(%s, %s)",
ldap_conf.tls_certfile ? ldap_conf.tls_certfile : "NULL", ldap_conf.tls_certfile ? ldap_conf.tls_certfile : "NULL",
ldap_conf.tls_keyfile ? ldap_conf.tls_keyfile : "NULL"); ldap_conf.tls_keyfile ? ldap_conf.tls_keyfile : "NULL");
rc = ldapssl_clientauth_init(ldap_conf.tls_certfile, NULL, rc = ldapssl_clientauth_init(ldap_conf.tls_certfile, NULL,
@@ -1348,6 +1348,7 @@ sudo_netgroup_lookup(LDAP *ld, struct passwd *pw,
DPRINTF1("searching from netgroup_base '%s'", base->val); DPRINTF1("searching from netgroup_base '%s'", base->val);
/* Build query, using NIS domain if it is set. */ /* Build query, using NIS domain if it is set. */
/* XXX - move outside foreach */
if (domain != NULL) { if (domain != NULL) {
filt_len = sizeof("(nisNetgroupTriple=\\(,,\\))") - 1 + filt_len = sizeof("(nisNetgroupTriple=\\(,,\\))") - 1 +
sudo_ldap_value_len(pw->pw_name); sudo_ldap_value_len(pw->pw_name);
@@ -1430,7 +1431,7 @@ sudo_netgroup_lookup(LDAP *ld, struct passwd *pw,
rc = ldap_search_ext_s(ld, base->val, LDAP_SCOPE_SUBTREE, filt, rc = ldap_search_ext_s(ld, base->val, LDAP_SCOPE_SUBTREE, filt,
NULL, 0, NULL, NULL, tvp, 0, &result); NULL, 0, NULL, NULL, tvp, 0, &result);
if (rc != LDAP_SUCCESS) { if (rc != LDAP_SUCCESS) {
DPRINTF1("nothing found for '%s'", filt); DPRINTF1("ldap netgroup search failed: %s", ldap_err2string(rc));
if (result) if (result)
ldap_msgfree(result); ldap_msgfree(result);
sudo_efree(filt); sudo_efree(filt);
@@ -2863,20 +2864,18 @@ sudo_ldap_open(struct sudo_nss *nss)
#ifdef HAVE_LDAP_INITIALIZE #ifdef HAVE_LDAP_INITIALIZE
if (!STAILQ_EMPTY(&ldap_conf.uri)) { if (!STAILQ_EMPTY(&ldap_conf.uri)) {
char *buf = sudo_ldap_join_uri(&ldap_conf.uri); char *buf = sudo_ldap_join_uri(&ldap_conf.uri);
if (buf != NULL) { if (buf == NULL)
DPRINTF2("ldap_initialize(ld, %s)", buf); goto done;
rc = ldap_initialize(&ld, buf); DPRINTF2("ldap_initialize(ld, %s)", buf);
sudo_efree(buf); rc = ldap_initialize(&ld, buf);
if (rc != LDAP_SUCCESS) { sudo_efree(buf);
sudo_warnx(U_("unable to initialize LDAP: %s"),
ldap_err2string(rc));
}
}
} else } else
#endif #endif
rc = sudo_ldap_init(&ld, ldap_conf.host, ldap_conf.port); rc = sudo_ldap_init(&ld, ldap_conf.host, ldap_conf.port);
if (rc != LDAP_SUCCESS) if (rc != LDAP_SUCCESS) {
sudo_warnx(U_("unable to initialize LDAP: %s"), ldap_err2string(rc));
goto done; goto done;
}
/* Set LDAP per-connection options */ /* Set LDAP per-connection options */
rc = sudo_ldap_set_options_conn(ld); rc = sudo_ldap_set_options_conn(ld);
@@ -3259,7 +3258,8 @@ sudo_ldap_result_get(struct sudo_nss *nss, struct passwd *pw)
rc = ldap_search_ext_s(ld, base->val, LDAP_SCOPE_SUBTREE, filt, rc = ldap_search_ext_s(ld, base->val, LDAP_SCOPE_SUBTREE, filt,
NULL, 0, NULL, NULL, tvp, 0, &result); NULL, 0, NULL, NULL, tvp, 0, &result);
if (rc != LDAP_SUCCESS) { if (rc != LDAP_SUCCESS) {
DPRINTF1("nothing found for '%s'", filt); DPRINTF1("ldap search pass %d failed: %s", pass + 1,
ldap_err2string(rc));
continue; continue;
} }
lres->user_matches = true; lres->user_matches = true;