isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added start_tls support

Browse Source
This commit is contained in:
Aaron Spangler
2004-02-28 23:54:20 +00:00
parent 88b2dd4501
commit 42cfd56127
3 changed files with 26 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@@ -1675,3 +1675,6 @@ Sudo 1.6.7p6 released.
525) Added the --with-pc-insults configure to replace politically
incorrect insults with other ones.
526) Added start_tls support from Gudleik Rasch <gudleik@rastamatra.org>.

3
config.h.in
View File

@@ -171,6 +171,9 @@
/* Define if your LDAP Supports URLs. (OpenLDAP does) */
#define HAVE_LDAP_INITIALIZE
/* Define if your LDAP Supports start_tls_s. (OpenLDAP does) */
#define HAVE_LDAP_START_TLS_S
/* Define to 1 if you have the `lockf' function. */
#undef HAVE_LOCKF

20
ldap.c
View File

@@ -81,6 +81,7 @@ struct ldap_config {
char *binddn;
char *bindpw;
char *base;
char *ssl;
int debug;
} ldap_conf;
@@ -493,6 +494,7 @@ sudo_ldap_read_config()
* if else if else if else if else ... */
MATCH_S("host", ldap_conf.host)
else MATCH_I("port", ldap_conf.port)
else MATCH_S("ssl", ldap_conf.ssl)
else MATCH_I("ldap_version", ldap_conf.version)
else MATCH_S("uri", ldap_conf.uri)
else MATCH_S("binddn", ldap_conf.binddn)
@@ -533,6 +535,10 @@ sudo_ldap_read_config()
ldap_conf.binddn : "(anonymous)");
printf("bindpw %s\n", ldap_conf.bindpw ?
ldap_conf.bindpw : "(anonymous)");
#ifdef HAVE_LDAP_START_TLS_S
printf("ssl %s\n", ldap_conf.ssl ?
ldap_conf.ssl : "(no)");
#endif
printf("===================\n");
}
@@ -698,6 +704,20 @@ int pwflag;
#endif /* LDAP_OPT_PROTOCOL_VERSION */
#ifdef HAVE_LDAP_START_TLS_S
/* Turn on TLS */
if (ldap_conf.ssl && !strcasecmp(ldap_conf.ssl, "start_tls")){
rc = ldap_start_tls_s(ld, NULL, NULL);
if (rc != LDAP_SUCCESS) {
fprintf(stderr, "ldap_start_tls_s(): %d: %s\n", rc, ldap_err2string(rc));
ldap_unbind(ld);
return VALIDATE_ERROR;
}
if (ldap_conf.debug) printf("ldap_start_tls_s() ok\n");
}
#endif /* HAVE_LDAP_START_TLS_S */
/* Actually connect */
rc=ldap_simple_bind_s(ld,ldap_conf.binddn,ldap_conf.bindpw);