isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add support for Tivoli-based LDAP start TLS as seen in AIX. Untested.

Browse Source
This commit is contained in:
Todd C. Miller
2009-03-01 21:20:37 +00:00
parent 3c8acdd649
commit ef071fa655
4 changed files with 24 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
config.h.in
View File

@@ -243,12 +243,18 @@
/* Define to 1 if you have the `ldap_search_ext_s' function. */
#undef HAVE_LDAP_SEARCH_EXT_S
/* Define to 1 if you have the `ldap_ssl_client_init' function. */
#undef HAVE_LDAP_SSL_CLIENT_INIT
/* Define to 1 if you have the <ldap_ssl.h> header file. */
#undef HAVE_LDAP_SSL_H
/* Define to 1 if you have the `ldap_start_tls_s' function. */
#undef HAVE_LDAP_START_TLS_S
/* Define to 1 if you have the `ldap_start_tls_s_np' function. */
#undef HAVE_LDAP_START_TLS_S_NP
/* Define to 1 if you have the `ldap_str2dn' function. */
#undef HAVE_LDAP_STR2DN

4
configure vendored
View File

@@ -22757,7 +22757,9 @@ rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
for ac_func in ldap_initialize ldap_start_tls_s ldap_sasl_interactive_bind_s ldapssl_init ldapssl_set_strength ldap_search_ext_s ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s
for ac_func in ldap_initialize ldap_start_tls_s ldap_sasl_interactive_bind_s ldapssl_init ldapssl_set_strength ldap_search_ext_s ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_client_init ldap_start_tls_sp
do
as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
{ echo "$as_me:$LINENO: checking for $ac_func" >&5

2
configure.in
View File

@@ -2405,7 +2405,7 @@ if test ${with_ldap-'no'} != "no"; then
AC_MSG_RESULT([yes])
AC_DEFINE(HAVE_LBER_H)])
AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldap_sasl_interactive_bind_s ldapssl_init ldapssl_set_strength ldap_search_ext_s ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s)
AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldap_sasl_interactive_bind_s ldapssl_init ldapssl_set_strength ldap_search_ext_s ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_client_init ldap_start_tls_s_np)
AC_CHECK_HEADERS([sasl/sasl.h])
AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include <ldap.h>])

17
ldap.c
View File

@@ -1675,16 +1675,27 @@ sudo_ldap_open(nss)
return(-1);
if (ldap_conf.ssl_mode == SUDO_LDAP_STARTTLS) {
#ifdef HAVE_LDAP_START_TLS_S
#if defined(HAVE_LDAP_START_TLS_S)
rc = ldap_start_tls_s(ld, NULL, NULL);
if (rc != LDAP_SUCCESS) {
warningx("ldap_start_tls_s(): %s", ldap_err2string(rc));
return(-1);
}
DPRINTF(("ldap_start_tls_s() ok"), 1);
#elif defined(HAVE_LDAP_SSL_CLIENT_INIT) && defined(HAVE_LDAP_START_TLS_S_NP)
if (ldap_ssl_client_init(NULL, NULL, 0, &rc) != LDAP_SUCCESS) {
warningx("ldap_ssl_client_init(): %s", ldapssl_err2string(rc));
return(-1);
}
rc = ldap_start_tls_s_np(ld, NULL);
if (rc != LDAP_SUCCESS) {
warningx("ldap_start_tls_s_np(): %s", ldap_err2string(rc));
return(-1);
}
DPRINTF(("ldap_start_tls_s_np() ok"), 1);
#else
warningx("start_tls specified but LDAP libs do not support ldap_start_tls_s()");
#endif /* HAVE_LDAP_START_TLS_S */
warningx("start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()");
#endif /* !HAVE_LDAP_START_TLS_S && !HAVE_LDAP_START_TLS_S_NP */
}
/* Actually connect */