Add LDAP-specific innetgr() implementation.
Wheh netgroup_base is set we now do out own netgroup lookups using LDAP. Previously, LDAP was queried directly to get a list of the netgroups the user belongs to but other netgroups queries went through innetgr(3). This makes it possible to use netgroups in LDAP sudoers on systems that don't have an innetgr() function. GitHub issue #251.
This commit is contained in:
@@ -1955,6 +1955,14 @@ sudo_ldap_parse(struct sudo_nss *nss)
|
||||
debug_return_ptr(&handle->parse_tree);
|
||||
}
|
||||
|
||||
static int
|
||||
sudo_ldap_innetgr(struct sudo_nss *nss, const char *netgr, const char *host,
|
||||
const char *user, const char *domain)
|
||||
{
|
||||
const struct sudo_ldap_handle *handle = nss->handle;
|
||||
return sudo_ldap_innetgr_int(handle->ld, netgr, host, user, domain);
|
||||
}
|
||||
|
||||
#if 0
|
||||
/*
|
||||
* Create an ldap_result from an LDAP search result.
|
||||
@@ -2013,5 +2021,6 @@ struct sudo_nss sudo_nss_ldap = {
|
||||
sudo_ldap_close,
|
||||
sudo_ldap_parse,
|
||||
sudo_ldap_query,
|
||||
sudo_ldap_getdefs
|
||||
sudo_ldap_getdefs,
|
||||
sudo_ldap_innetgr
|
||||
};
|
||||
|
Reference in New Issue
Block a user