Define LDAPNOINIT before calling ldap_init(), etc. to disable user

ldaprc and system defaults that could affect how LDAP works.

env.c

@@ -261,7 +261,7 @@ _sudo_setenv(var, val, dupcheck)
     insert_env(estring, dupcheck, FALSE);
 }
 
-#if defined(HAVE_LDAP_SASL_INTERACTIVE_BIND_S) && !defined(HAVE_GSS_KRB5_CCACHE_NAME)
+#ifdef HAVE_LDAP
 /*
  * External version of sudo_setenv() that keeps things in sync with
  * the environ pointer.
@@ -318,7 +318,7 @@ sudo_unsetenv(var)
 	}
     }
 }
-#endif /* HAVE_LDAP_SASL_INTERACTIVE_BIND_S && !HAVE_GSS_KRB5_CCACHE_NAME */
+#endif /* HAVE_LDAP */
 
 /*
  * Insert str into env.envp, assumes str has an '=' in it.

ldap.c

@@ -1150,7 +1150,7 @@ sudo_ldap_open(nss)
 {
     LDAP *ld;
     const char *old_ccname = user_ccname;
-    int rc;
+    int rc, ldapnoinit = FALSE;
 #ifdef HAVE_GSS_KRB5_CCACHE_NAME
     unsigned int status;
 #endif
@@ -1158,6 +1158,12 @@ sudo_ldap_open(nss)
     if (!sudo_ldap_read_config())
 	return(-1);
 
+    /* Prevent reading of user ldaprc and system defaults. */
+    if (getenv("LDAPNOINIT") == NULL) {
+	ldapnoinit = TRUE;
+	sudo_setenv("LDAPNOINIT", "1", TRUE);
+    }
+
 #ifdef HAVE_LDAPSSL_INIT
     if (ldap_conf.ssl_mode == SUDO_LDAP_SSL) {
 	DPRINTF(("ldapssl_clientauth_init(%s, %s)",
@@ -1200,6 +1206,9 @@ sudo_ldap_open(nss)
 	}
     }
 
+    if (ldapnoinit)
+	sudo_unsetenv("LDAPNOINIT");
+
     /* Set LDAP options */
     if (sudo_ldap_set_options(ld) < 0)
 	return(-1);