isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use ssl_err2string() in message on ldap_ssl_client_init() failure.

Browse Source 
Displaying SSL reason code directly is not user-friendly.
This commit is contained in:
Todd C. Miller
2020-10-28 09:40:11 -06:00
parent 488aeff532
commit c8c7e1f607
4 changed files with 12 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
config.h.in
View File

@@ -466,6 +466,9 @@
/* Define to 1 if you use LDAP for sudoers. */
#undef HAVE_LDAP
/* Define to 1 if you have the <ldapssl.h> header file. */
#undef HAVE_LDAPSSL_H
/* Define to 1 if you have the `ldapssl_init' function. */
#undef HAVE_LDAPSSL_INIT

2
configure vendored
View File

@@ -26259,7 +26259,7 @@ done
fi
fi
fi
for ac_header in ldap_ssl.h mps/ldap_ssl.h
for ac_header in ldapssl.h ldap_ssl.h mps/ldap_ssl.h
do :
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "#include <ldap.h>

2
configure.ac
View File

@@ -4159,7 +4159,7 @@ if test ${with_ldap-'no'} != "no"; then
fi
fi
fi
AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include <ldap.h>])
AC_CHECK_HEADERS([ldapssl.h] [ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include <ldap.h>])
AC_CHECK_FUNCS([ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_init ldap_ssl_client_init ldap_start_tls_s_np])
AC_CHECK_FUNCS([ldap_search_ext_s ldap_search_st], [break])

12
plugins/sudoers/ldap.c
View File

@@ -46,7 +46,9 @@
# include <lber.h>
#endif
#include <ldap.h>
#if defined(HAVE_LDAP_SSL_H)
#if defined(HAVE_LDAPSSL_H)
# include <ldapssl.h>
#elif defined(HAVE_LDAP_SSL_H)
# include <ldap_ssl.h>
#elif defined(HAVE_MPS_LDAP_SSL_H)
# include <mps/ldap_ssl.h>
@@ -262,8 +264,8 @@ sudo_ldap_init(LDAP **ldp, const char *host, int port)
ret = ldap_ssl_client_init(ldap_conf.tls_keyfile, ldap_conf.tls_keypw,
0, &sslrc);
if (ret != LDAP_SUCCESS) {
sudo_warnx("ldap_ssl_client_init(): %s (SSL reason code %d)",
ldap_err2string(ret), sslrc);
sudo_warnx("ldap_ssl_client_init(): %s: %s",
ldap_err2string(ret), ssl_err2string(sslrc));
goto done;
}
DPRINTF2("ldap_ssl_init(%s, %d, NULL)", host, port);
@@ -1680,8 +1682,8 @@ sudo_ldap_open(struct sudo_nss *nss)
rc = ldap_ssl_client_init(ldap_conf.tls_keyfile, ldap_conf.tls_keypw,
0, &sslrc);
if (rc != LDAP_SUCCESS) {
sudo_warnx("ldap_ssl_client_init(): %s (SSL reason code %d)",
ldap_err2string(rc), sslrc);
sudo_warnx("ldap_ssl_client_init(): %s: %s",
ldap_err2string(rc), ssl_err2string(sslrc));
goto done;
}
rc = ldap_start_tls_s_np(ld, NULL);