| version 1.9, 2008/11/14 11:58:08 |
version 1.10, 2009/04/11 11:48:06 |
|
|
| #include "lbuf.h" |
#include "lbuf.h" |
| |
|
| #ifndef lint |
#ifndef lint |
| __unused static const char rcsid[] = "$Sudo: ldap.c,v 1.100 2008/04/23 12:30:07 millert Exp $"; |
__unused static const char rcsid[] = "$Sudo: ldap.c,v 1.106 2009/03/16 16:11:28 millert Exp $"; |
| #endif /* lint */ |
#endif /* lint */ |
| |
|
| #ifndef LDAP_OPT_SUCCESS |
#ifndef LDAP_OPT_SUCCESS |
|
|
| return(-1); |
return(-1); |
| |
|
| rc = ldap_search_ext_s(ld, ldap_conf.base, LDAP_SCOPE_SUBTREE, |
rc = ldap_search_ext_s(ld, ldap_conf.base, LDAP_SCOPE_SUBTREE, |
| "cn=defaults", NULL, 0, NULL, NULL, NULL, -1, &result); |
"cn=defaults", NULL, 0, NULL, NULL, NULL, 0, &result); |
| if (rc == LDAP_SUCCESS && (entry = ldap_first_entry(ld, result))) { |
if (rc == LDAP_SUCCESS && (entry = ldap_first_entry(ld, result))) { |
| bv = ldap_get_values_len(ld, entry, "sudoOption"); |
bv = ldap_get_values_len(ld, entry, "sudoOption"); |
| if (bv != NULL) { |
if (bv != NULL) { |
|
|
| filt = do_netgr ? estrdup("sudoUser=+*") : sudo_ldap_build_pass1(pw); |
filt = do_netgr ? estrdup("sudoUser=+*") : sudo_ldap_build_pass1(pw); |
| DPRINTF(("ldap search '%s'", filt), 1); |
DPRINTF(("ldap search '%s'", filt), 1); |
| rc = ldap_search_ext_s(ld, ldap_conf.base, LDAP_SCOPE_SUBTREE, filt, |
rc = ldap_search_ext_s(ld, ldap_conf.base, LDAP_SCOPE_SUBTREE, filt, |
| NULL, 0, NULL, NULL, NULL, -1, &result); |
NULL, 0, NULL, NULL, NULL, 0, &result); |
| efree(filt); |
efree(filt); |
| if (rc != LDAP_SUCCESS) |
if (rc != LDAP_SUCCESS) |
| continue; /* no entries for this pass */ |
continue; /* no entries for this pass */ |
|
|
| filt = do_netgr ? estrdup("sudoUser=+*") : sudo_ldap_build_pass1(pw); |
filt = do_netgr ? estrdup("sudoUser=+*") : sudo_ldap_build_pass1(pw); |
| DPRINTF(("ldap search '%s'", filt), 1); |
DPRINTF(("ldap search '%s'", filt), 1); |
| rc = ldap_search_ext_s(ld, ldap_conf.base, LDAP_SCOPE_SUBTREE, filt, |
rc = ldap_search_ext_s(ld, ldap_conf.base, LDAP_SCOPE_SUBTREE, filt, |
| NULL, 0, NULL, NULL, NULL, -1, &result); |
NULL, 0, NULL, NULL, NULL, 0, &result); |
| efree(filt); |
efree(filt); |
| if (rc != LDAP_SUCCESS) |
if (rc != LDAP_SUCCESS) |
| continue; /* no entries for this pass */ |
continue; /* no entries for this pass */ |
|
|
| DPRINTF(("gss_krb5_ccache_name() failed: %d", status), 1); |
DPRINTF(("gss_krb5_ccache_name() failed: %d", status), 1); |
| } |
} |
| #else |
#else |
| sudo_setenv("KRB5CCNAME", ldap_conf.krb5_ccname, TRUE); |
setenv("KRB5CCNAME", ldap_conf.krb5_ccname, TRUE); |
| #endif |
#endif |
| } |
} |
| rc = ldap_sasl_interactive_bind_s(ld, ldap_conf.binddn, "GSSAPI", |
rc = ldap_sasl_interactive_bind_s(ld, ldap_conf.binddn, "GSSAPI", |
|
|
| DPRINTF(("gss_krb5_ccache_name() failed: %d", status), 1); |
DPRINTF(("gss_krb5_ccache_name() failed: %d", status), 1); |
| #else |
#else |
| if (old_ccname != NULL) |
if (old_ccname != NULL) |
| sudo_setenv("KRB5CCNAME", old_ccname, TRUE); |
setenv("KRB5CCNAME", old_ccname, TRUE); |
| else |
else |
| sudo_unsetenv("KRB5CCNAME"); |
unsetenv("KRB5CCNAME"); |
| #endif |
#endif |
| } |
} |
| if (rc != LDAP_SUCCESS) { |
if (rc != LDAP_SUCCESS) { |
|
|
| /* Prevent reading of user ldaprc and system defaults. */ |
/* Prevent reading of user ldaprc and system defaults. */ |
| if (getenv("LDAPNOINIT") == NULL) { |
if (getenv("LDAPNOINIT") == NULL) { |
| ldapnoinit = TRUE; |
ldapnoinit = TRUE; |
| sudo_setenv("LDAPNOINIT", "1", TRUE); |
setenv("LDAPNOINIT", "1", TRUE); |
| } |
} |
| |
|
| /* Connect to LDAP server */ |
/* Connect to LDAP server */ |
|
|
| } |
} |
| |
|
| if (ldapnoinit) |
if (ldapnoinit) |
| sudo_unsetenv("LDAPNOINIT"); |
unsetenv("LDAPNOINIT"); |
| |
|
| /* Set LDAP options */ |
/* Set LDAP options */ |
| if (sudo_ldap_set_options(ld) < 0) |
if (sudo_ldap_set_options(ld) < 0) |
| return(-1); |
return(-1); |
| |
|
| if (ldap_conf.ssl_mode == SUDO_LDAP_STARTTLS) { |
if (ldap_conf.ssl_mode == SUDO_LDAP_STARTTLS) { |
| #ifdef HAVE_LDAP_START_TLS_S |
#if defined(HAVE_LDAP_START_TLS_S) |
| rc = ldap_start_tls_s(ld, NULL, NULL); |
rc = ldap_start_tls_s(ld, NULL, NULL); |
| if (rc != LDAP_SUCCESS) { |
if (rc != LDAP_SUCCESS) { |
| warningx("ldap_start_tls_s(): %s", ldap_err2string(rc)); |
warningx("ldap_start_tls_s(): %s", ldap_err2string(rc)); |
| return(-1); |
return(-1); |
| } |
} |
| DPRINTF(("ldap_start_tls_s() ok"), 1); |
DPRINTF(("ldap_start_tls_s() ok"), 1); |
| |
#elif defined(HAVE_LDAP_SSL_CLIENT_INIT) && defined(HAVE_LDAP_START_TLS_S_NP) |
| |
if (ldap_ssl_client_init(NULL, NULL, 0, &rc) != LDAP_SUCCESS) { |
| |
warningx("ldap_ssl_client_init(): %s", ldap_err2string(rc)); |
| |
return(-1); |
| |
} |
| |
rc = ldap_start_tls_s_np(ld, NULL); |
| |
if (rc != LDAP_SUCCESS) { |
| |
warningx("ldap_start_tls_s_np(): %s", ldap_err2string(rc)); |
| |
return(-1); |
| |
} |
| |
DPRINTF(("ldap_start_tls_s_np() ok"), 1); |
| #else |
#else |
| warningx("start_tls specified but LDAP libs do not support ldap_start_tls_s()"); |
warningx("start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()"); |
| #endif /* HAVE_LDAP_START_TLS_S */ |
#endif /* !HAVE_LDAP_START_TLS_S && !HAVE_LDAP_START_TLS_S_NP */ |
| } |
} |
| |
|
| /* Actually connect */ |
/* Actually connect */ |
|
|
| return(-1); |
return(-1); |
| |
|
| rc = ldap_search_ext_s(ld, ldap_conf.base, LDAP_SCOPE_SUBTREE, |
rc = ldap_search_ext_s(ld, ldap_conf.base, LDAP_SCOPE_SUBTREE, |
| "cn=defaults", NULL, 0, NULL, NULL, NULL, -1, &result); |
"cn=defaults", NULL, 0, NULL, NULL, NULL, 0, &result); |
| if (rc == 0 && (entry = ldap_first_entry(ld, result))) { |
if (rc == 0 && (entry = ldap_first_entry(ld, result))) { |
| DPRINTF(("found:%s", ldap_get_dn(ld, entry)), 1); |
DPRINTF(("found:%s", ldap_get_dn(ld, entry)), 1); |
| sudo_ldap_parse_options(ld, entry); |
sudo_ldap_parse_options(ld, entry); |
|
|
| for (matched = 0, do_netgr = 0; !matched && do_netgr < 2; do_netgr++) { |
for (matched = 0, do_netgr = 0; !matched && do_netgr < 2; do_netgr++) { |
| filt = do_netgr ? estrdup("sudoUser=+*") : sudo_ldap_build_pass1(pw); |
filt = do_netgr ? estrdup("sudoUser=+*") : sudo_ldap_build_pass1(pw); |
| rc = ldap_search_ext_s(ld, ldap_conf.base, LDAP_SCOPE_SUBTREE, filt, |
rc = ldap_search_ext_s(ld, ldap_conf.base, LDAP_SCOPE_SUBTREE, filt, |
| NULL, 0, NULL, NULL, NULL, -1, &result); |
NULL, 0, NULL, NULL, NULL, 0, &result); |
| efree(filt); |
efree(filt); |
| if (rc != LDAP_SUCCESS) |
if (rc != LDAP_SUCCESS) |
| continue; |
continue; |
|
|
| filt = do_netgr ? estrdup("sudoUser=+*") : sudo_ldap_build_pass1(pw); |
filt = do_netgr ? estrdup("sudoUser=+*") : sudo_ldap_build_pass1(pw); |
| DPRINTF(("ldap search '%s'", filt), 1); |
DPRINTF(("ldap search '%s'", filt), 1); |
| rc = ldap_search_ext_s(ld, ldap_conf.base, LDAP_SCOPE_SUBTREE, filt, |
rc = ldap_search_ext_s(ld, ldap_conf.base, LDAP_SCOPE_SUBTREE, filt, |
| NULL, 0, NULL, NULL, NULL, -1, &result); |
NULL, 0, NULL, NULL, NULL, 0, &result); |
| if (rc != LDAP_SUCCESS) |
if (rc != LDAP_SUCCESS) |
| DPRINTF(("nothing found for '%s'", filt), 1); |
DPRINTF(("nothing found for '%s'", filt), 1); |
| efree(filt); |
efree(filt); |
![[BACK]](/icons/back.gif){kind=icon}
Return to ldap.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / sudo