version 1.6, 2008/01/07 14:10:08 |
version 1.7, 2008/01/21 19:44:29 |
|
|
# include <lber.h> |
# include <lber.h> |
#endif |
#endif |
#include <ldap.h> |
#include <ldap.h> |
|
#if defined(HAVE_LDAP_SSL_H) |
|
# include <ldap_ssl.h> |
|
#elif defined(HAVE_MPS_LDAP_SSL_H) |
|
# include <mps/ldap_ssl.h> |
|
#endif |
|
|
#include "sudo.h" |
#include "sudo.h" |
#include "parse.h" |
#include "parse.h" |
|
|
#ifndef lint |
#ifndef lint |
__unused static const char rcsid[] = "$Sudo: ldap.c,v 1.11.2.32 2008/01/05 23:27:10 millert Exp $"; |
__unused static const char rcsid[] = "$Sudo: ldap.c,v 1.11.2.36 2008/01/21 16:08:26 millert Exp $"; |
#endif /* lint */ |
#endif /* lint */ |
|
|
#ifndef LINE_MAX |
#ifndef LINE_MAX |
|
|
#ifdef LDAP_OPT_X_TLS_REQUIRE_CERT |
#ifdef LDAP_OPT_X_TLS_REQUIRE_CERT |
{ "tls_checkpeer", CONF_BOOL, FALSE, LDAP_OPT_X_TLS_REQUIRE_CERT, |
{ "tls_checkpeer", CONF_BOOL, FALSE, LDAP_OPT_X_TLS_REQUIRE_CERT, |
&ldap_conf.tls_checkpeer }, |
&ldap_conf.tls_checkpeer }, |
|
#else |
|
{ "tls_checkpeer", CONF_BOOL, FALSE, -1, &ldap_conf.tls_checkpeer }, |
#endif |
#endif |
#ifdef LDAP_OPT_X_TLS_CACERTFILE |
#ifdef LDAP_OPT_X_TLS_CACERTFILE |
{ "tls_cacertfile", CONF_STR, FALSE, LDAP_OPT_X_TLS_CACERTFILE, |
{ "tls_cacertfile", CONF_STR, FALSE, LDAP_OPT_X_TLS_CACERTFILE, |
|
|
* Interpret SSL option |
* Interpret SSL option |
*/ |
*/ |
if (ldap_conf.ssl != NULL) { |
if (ldap_conf.ssl != NULL) { |
if (strcasecmp(ldap_conf.ssl, "start_tls") == 0) |
if (strcasecmp(ldap_conf.ssl, "start_tls") == 0) |
ldap_conf.ssl_mode = SUDO_LDAP_STARTTLS; |
ldap_conf.ssl_mode = SUDO_LDAP_STARTTLS; |
else if (_atobool(ldap_conf.ssl)) |
else if (_atobool(ldap_conf.ssl)) |
ldap_conf.ssl_mode = SUDO_LDAP_SSL; |
ldap_conf.ssl_mode = SUDO_LDAP_SSL; |
} |
} |
|
|
|
#if defined(HAVE_LDAPSSL_SET_STRENGTH) && !defined(LDAP_OPT_X_TLS_REQUIRE_CERT) |
|
if (ldap_conf.tls_checkpeer != -1) { |
|
ldapssl_set_strength(NULL, |
|
ldap_conf.tls_checkpeer ? LDAPSSL_AUTH_CERT : LDAPSSL_AUTH_WEAK); |
|
} |
|
#endif |
|
|
#ifndef HAVE_LDAP_INITIALIZE |
#ifndef HAVE_LDAP_INITIALIZE |
/* Convert uri list to host list if no ldap_initialize(). */ |
/* Convert uri list to host list if no ldap_initialize(). */ |