[BACK]Return to ldap.c CVS log [TXT][DIR] Up to [local] / src / usr.bin / sudo

Diff for /src/usr.bin/sudo/Attic/ldap.c between version 1.3 and 1.4

version 1.3, 2007/11/27 16:22:14 version 1.4, 2007/12/03 15:09:47
Line 65 
Line 65 
 #include "parse.h"  #include "parse.h"
   
 #ifndef lint  #ifndef lint
 __unused static const char rcsid[] = "$Sudo: ldap.c,v 1.11.2.16 2007/09/04 14:58:46 millert Exp $";  __unused static const char rcsid[] = "$Sudo: ldap.c,v 1.11.2.20 2007/11/27 17:06:54 millert Exp $";
 #endif /* lint */  #endif /* lint */
   
 #ifndef LINE_MAX  #ifndef LINE_MAX
Line 163 
Line 163 
     /* walk through values */      /* walk through values */
     for (p = v; p && *p && !ret; p++) {      for (p = v; p && *p && !ret; p++) {
         /* match any or address or netgroup or hostname */          /* match any or address or netgroup or hostname */
         if (!strcasecmp(*p, "ALL") || addr_matches(*p) ||          if (!strcmp(*p, "ALL") || addr_matches(*p) ||
             netgr_matches(*p, user_host, user_shost, NULL) ||              netgr_matches(*p, user_host, user_shost, NULL) ||
             !hostname_matches(user_shost, user_host, *p))              !hostname_matches(user_shost, user_host, *p))
             ret = TRUE;              ret = TRUE;
Line 257 
Line 257 
  * Walk through search results and return TRUE if we have a command match.   * Walk through search results and return TRUE if we have a command match.
  */   */
 int  int
 sudo_ldap_check_command(ld, entry)  sudo_ldap_check_command(ld, entry, setenv_implied)
     LDAP *ld;      LDAP *ld;
     LDAPMessage *entry;      LDAPMessage *entry;
       int *setenv_implied;
 {  {
     char *allowed_cmnd, *allowed_args, **v = NULL, **p = NULL;      char *allowed_cmnd, *allowed_args, **v = NULL, **p = NULL;
     int foundbang, ret = FALSE;      int foundbang, ret = FALSE;
Line 272 
Line 273 
     /* get_first_entry */      /* get_first_entry */
     for (p = v; p && *p && ret >= 0; p++) {      for (p = v; p && *p && ret >= 0; p++) {
         /* Match against ALL ? */          /* Match against ALL ? */
         if (!strcasecmp(*p, "ALL")) {          if (!strcmp(*p, "ALL")) {
             ret = TRUE;              ret = TRUE;
               if (setenv_implied != NULL)
                   *setenv_implied = TRUE;
             DPRINTF(("ldap sudoCommand '%s' ... MATCH!", *p), 2);              DPRINTF(("ldap sudoCommand '%s' ... MATCH!", *p), 2);
             continue;              continue;
         }          }
Line 919 
Line 922 
     LDAPMessage *entry = NULL, *result = NULL;  /* used for searches */      LDAPMessage *entry = NULL, *result = NULL;  /* used for searches */
     char *filt;                                 /* used to parse attributes */      char *filt;                                 /* used to parse attributes */
     int rc, ret = FALSE, do_netgr;              /* temp/final return values */      int rc, ret = FALSE, do_netgr;              /* temp/final return values */
       int setenv_implied;
     int ldap_user_matches = FALSE, ldap_host_matches = FALSE; /* flags */      int ldap_user_matches = FALSE, ldap_host_matches = FALSE; /* flags */
   
     /* Open a connection to the LDAP server. */      /* Open a connection to the LDAP server. */
Line 942 
Line 946 
      * user netgroups.  Then we take the netgroups returned and       * user netgroups.  Then we take the netgroups returned and
      * try to match them against the username.       * try to match them against the username.
      */       */
       setenv_implied = FALSE;
     for (do_netgr = 0; !ret && do_netgr < 2; do_netgr++) {      for (do_netgr = 0; !ret && do_netgr < 2; do_netgr++) {
         filt = do_netgr ? estrdup("sudoUser=+*") : sudo_ldap_build_pass1();          filt = do_netgr ? estrdup("sudoUser=+*") : sudo_ldap_build_pass1();
         DPRINTF(("ldap search '%s'", filt), 1);          DPRINTF(("ldap search '%s'", filt), 1);
Line 968 
Line 972 
             /* add matches for listing later */              /* add matches for listing later */
                 sudo_ldap_add_match(ld, entry, pwflag) &&                  sudo_ldap_add_match(ld, entry, pwflag) &&
             /* verify command match */              /* verify command match */
                 sudo_ldap_check_command(ld, entry) &&                  sudo_ldap_check_command(ld, entry, &setenv_implied) &&
             /* verify runas match */              /* verify runas match */
                 sudo_ldap_check_runas(ld, entry)                  sudo_ldap_check_runas(ld, entry)
                 ) {                  ) {
                 /* We have a match! */                  /* We have a match! */
                 DPRINTF(("Perfect Matched!"), 1);                  DPRINTF(("Perfect Matched!"), 1);
                 /* pick up any options */                  /* pick up any options */
                   if (setenv_implied)
                       def_setenv = TRUE;
                 sudo_ldap_parse_options(ld, entry);                  sudo_ldap_parse_options(ld, entry);
                 /* make sure we don't reenter loop */                  /* make sure we don't reenter loop */
                 ret = VALIDATE_OK;                  ret = VALIDATE_OK;
Legend:
Removed from v.1.3  
changed lines
  Added in v.1.4