Add LDAP-specific innetgr() implementation.

Wheh netgroup_base is set we now do out own netgroup lookups using
LDAP.  Previously, LDAP was queried directly to get a list of the
netgroups the user belongs to but other netgroups queries went
through innetgr(3).  This makes it possible to use netgroups
in LDAP sudoers on systems that don't have an innetgr() function.
GitHub issue #251.
This commit is contained in:
Todd C. Miller
2023-03-10 10:05:33 -07:00
parent 554df8d934
commit fc253048f5
8 changed files with 307 additions and 4 deletions

View File

@@ -1955,6 +1955,14 @@ sudo_ldap_parse(struct sudo_nss *nss)
debug_return_ptr(&handle->parse_tree);
}
static int
sudo_ldap_innetgr(struct sudo_nss *nss, const char *netgr, const char *host,
const char *user, const char *domain)
{
const struct sudo_ldap_handle *handle = nss->handle;
return sudo_ldap_innetgr_int(handle->ld, netgr, host, user, domain);
}
#if 0
/*
* Create an ldap_result from an LDAP search result.
@@ -2013,5 +2021,6 @@ struct sudo_nss sudo_nss_ldap = {
sudo_ldap_close,
sudo_ldap_parse,
sudo_ldap_query,
sudo_ldap_getdefs
sudo_ldap_getdefs,
sudo_ldap_innetgr
};