isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add LDAP-specific innetgr() implementation.

Browse Source 
Wheh netgroup_base is set we now do out own netgroup lookups using
LDAP.  Previously, LDAP was queried directly to get a list of the
netgroups the user belongs to but other netgroups queries went
through innetgr(3).  This makes it possible to use netgroups
in LDAP sudoers on systems that don't have an innetgr() function.
GitHub issue #251.
This commit is contained in:
Todd C. Miller
2023-03-10 10:05:33 -07:00
parent 554df8d934
commit fc253048f5
8 changed files with 307 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
plugins/sudoers/sudo_ldap.h
View File

@@ -49,6 +49,9 @@
/* Iterators used by sudo_ldap_role_to_priv() to handle bervar ** or char ** */
typedef char * (*sudo_ldap_iter_t)(void **);
/* ldap_innetgr.c */
int sudo_ldap_innetgr_int(void *v, const char *netgr, const char *host, const char *user, const char *domain);
/* ldap_util.c */
bool sudo_ldap_is_negated(char **valp);
size_t sudo_ldap_value_len(const char *value);