Define LDAPNOINIT before calling ldap_init(), etc. to disable user

ldaprc and system defaults that could affect how LDAP works.
2008-01-01 19:01:42 +00:00
parent 6f2cd1b184
commit cd30e84743
2 changed files with 12 additions and 3 deletions
--- a/ldap.c
+++ b/ldap.c
@@ -1150,7 +1150,7 @@ sudo_ldap_open(nss)
 {
    LDAP *ld;
    const char *old_ccname = user_ccname;
-    int rc;
+    int rc, ldapnoinit = FALSE;
 #ifdef HAVE_GSS_KRB5_CCACHE_NAME
    unsigned int status;
 #endif
@@ -1158,6 +1158,12 @@ sudo_ldap_open(nss)
    if (!sudo_ldap_read_config())
 	return(-1);

+    /* Prevent reading of user ldaprc and system defaults. */
+    if (getenv("LDAPNOINIT") == NULL) {
+	ldapnoinit = TRUE;
+	sudo_setenv("LDAPNOINIT", "1", TRUE);
+    }
+
 #ifdef HAVE_LDAPSSL_INIT
    if (ldap_conf.ssl_mode == SUDO_LDAP_SSL) {
 	DPRINTF(("ldapssl_clientauth_init(%s, %s)",
@@ -1200,6 +1206,9 @@ sudo_ldap_open(nss)
 	}
    }

+    if (ldapnoinit)
+	sudo_unsetenv("LDAPNOINIT");
+
    /* Set LDAP options */
    if (sudo_ldap_set_options(ld) < 0)
 	return(-1);