=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/sudo/Attic/ldap.c,v retrieving revision 1.9 retrieving revision 1.10 diff -c -r1.9 -r1.10 *** src/usr.bin/sudo/Attic/ldap.c 2008/11/14 11:58:08 1.9 --- src/usr.bin/sudo/Attic/ldap.c 2009/04/11 11:48:06 1.10 *************** *** 82,88 **** #include "lbuf.h" #ifndef lint ! __unused static const char rcsid[] = "$Sudo: ldap.c,v 1.100 2008/04/23 12:30:07 millert Exp $"; #endif /* lint */ #ifndef LDAP_OPT_SUCCESS --- 82,88 ---- #include "lbuf.h" #ifndef lint ! __unused static const char rcsid[] = "$Sudo: ldap.c,v 1.106 2009/03/16 16:11:28 millert Exp $"; #endif /* lint */ #ifndef LDAP_OPT_SUCCESS *************** *** 1128,1134 **** return(-1); rc = ldap_search_ext_s(ld, ldap_conf.base, LDAP_SCOPE_SUBTREE, ! "cn=defaults", NULL, 0, NULL, NULL, NULL, -1, &result); if (rc == LDAP_SUCCESS && (entry = ldap_first_entry(ld, result))) { bv = ldap_get_values_len(ld, entry, "sudoOption"); if (bv != NULL) { --- 1128,1134 ---- return(-1); rc = ldap_search_ext_s(ld, ldap_conf.base, LDAP_SCOPE_SUBTREE, ! "cn=defaults", NULL, 0, NULL, NULL, NULL, 0, &result); if (rc == LDAP_SUCCESS && (entry = ldap_first_entry(ld, result))) { bv = ldap_get_values_len(ld, entry, "sudoOption"); if (bv != NULL) { *************** *** 1358,1364 **** filt = do_netgr ? estrdup("sudoUser=+*") : sudo_ldap_build_pass1(pw); DPRINTF(("ldap search '%s'", filt), 1); rc = ldap_search_ext_s(ld, ldap_conf.base, LDAP_SCOPE_SUBTREE, filt, ! NULL, 0, NULL, NULL, NULL, -1, &result); efree(filt); if (rc != LDAP_SUCCESS) continue; /* no entries for this pass */ --- 1358,1364 ---- filt = do_netgr ? estrdup("sudoUser=+*") : sudo_ldap_build_pass1(pw); DPRINTF(("ldap search '%s'", filt), 1); rc = ldap_search_ext_s(ld, ldap_conf.base, LDAP_SCOPE_SUBTREE, filt, ! NULL, 0, NULL, NULL, NULL, 0, &result); efree(filt); if (rc != LDAP_SUCCESS) continue; /* no entries for this pass */ *************** *** 1412,1418 **** filt = do_netgr ? estrdup("sudoUser=+*") : sudo_ldap_build_pass1(pw); DPRINTF(("ldap search '%s'", filt), 1); rc = ldap_search_ext_s(ld, ldap_conf.base, LDAP_SCOPE_SUBTREE, filt, ! NULL, 0, NULL, NULL, NULL, -1, &result); efree(filt); if (rc != LDAP_SUCCESS) continue; /* no entries for this pass */ --- 1412,1418 ---- filt = do_netgr ? estrdup("sudoUser=+*") : sudo_ldap_build_pass1(pw); DPRINTF(("ldap search '%s'", filt), 1); rc = ldap_search_ext_s(ld, ldap_conf.base, LDAP_SCOPE_SUBTREE, filt, ! NULL, 0, NULL, NULL, NULL, 0, &result); efree(filt); if (rc != LDAP_SUCCESS) continue; /* no entries for this pass */ *************** *** 1583,1589 **** DPRINTF(("gss_krb5_ccache_name() failed: %d", status), 1); } #else ! sudo_setenv("KRB5CCNAME", ldap_conf.krb5_ccname, TRUE); #endif } rc = ldap_sasl_interactive_bind_s(ld, ldap_conf.binddn, "GSSAPI", --- 1583,1589 ---- DPRINTF(("gss_krb5_ccache_name() failed: %d", status), 1); } #else ! setenv("KRB5CCNAME", ldap_conf.krb5_ccname, TRUE); #endif } rc = ldap_sasl_interactive_bind_s(ld, ldap_conf.binddn, "GSSAPI", *************** *** 1594,1602 **** DPRINTF(("gss_krb5_ccache_name() failed: %d", status), 1); #else if (old_ccname != NULL) ! sudo_setenv("KRB5CCNAME", old_ccname, TRUE); else ! sudo_unsetenv("KRB5CCNAME"); #endif } if (rc != LDAP_SUCCESS) { --- 1594,1602 ---- DPRINTF(("gss_krb5_ccache_name() failed: %d", status), 1); #else if (old_ccname != NULL) ! setenv("KRB5CCNAME", old_ccname, TRUE); else ! unsetenv("KRB5CCNAME"); #endif } if (rc != LDAP_SUCCESS) { *************** *** 1651,1657 **** /* Prevent reading of user ldaprc and system defaults. */ if (getenv("LDAPNOINIT") == NULL) { ldapnoinit = TRUE; ! sudo_setenv("LDAPNOINIT", "1", TRUE); } /* Connect to LDAP server */ --- 1651,1657 ---- /* Prevent reading of user ldaprc and system defaults. */ if (getenv("LDAPNOINIT") == NULL) { ldapnoinit = TRUE; ! setenv("LDAPNOINIT", "1", TRUE); } /* Connect to LDAP server */ *************** *** 1668,1690 **** } if (ldapnoinit) ! sudo_unsetenv("LDAPNOINIT"); /* Set LDAP options */ if (sudo_ldap_set_options(ld) < 0) return(-1); if (ldap_conf.ssl_mode == SUDO_LDAP_STARTTLS) { ! #ifdef HAVE_LDAP_START_TLS_S rc = ldap_start_tls_s(ld, NULL, NULL); if (rc != LDAP_SUCCESS) { warningx("ldap_start_tls_s(): %s", ldap_err2string(rc)); return(-1); } DPRINTF(("ldap_start_tls_s() ok"), 1); #else ! warningx("start_tls specified but LDAP libs do not support ldap_start_tls_s()"); ! #endif /* HAVE_LDAP_START_TLS_S */ } /* Actually connect */ --- 1668,1701 ---- } if (ldapnoinit) ! unsetenv("LDAPNOINIT"); /* Set LDAP options */ if (sudo_ldap_set_options(ld) < 0) return(-1); if (ldap_conf.ssl_mode == SUDO_LDAP_STARTTLS) { ! #if defined(HAVE_LDAP_START_TLS_S) rc = ldap_start_tls_s(ld, NULL, NULL); if (rc != LDAP_SUCCESS) { warningx("ldap_start_tls_s(): %s", ldap_err2string(rc)); return(-1); } DPRINTF(("ldap_start_tls_s() ok"), 1); + #elif defined(HAVE_LDAP_SSL_CLIENT_INIT) && defined(HAVE_LDAP_START_TLS_S_NP) + if (ldap_ssl_client_init(NULL, NULL, 0, &rc) != LDAP_SUCCESS) { + warningx("ldap_ssl_client_init(): %s", ldap_err2string(rc)); + return(-1); + } + rc = ldap_start_tls_s_np(ld, NULL); + if (rc != LDAP_SUCCESS) { + warningx("ldap_start_tls_s_np(): %s", ldap_err2string(rc)); + return(-1); + } + DPRINTF(("ldap_start_tls_s_np() ok"), 1); #else ! warningx("start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()"); ! #endif /* !HAVE_LDAP_START_TLS_S && !HAVE_LDAP_START_TLS_S_NP */ } /* Actually connect */ *************** *** 1707,1713 **** return(-1); rc = ldap_search_ext_s(ld, ldap_conf.base, LDAP_SCOPE_SUBTREE, ! "cn=defaults", NULL, 0, NULL, NULL, NULL, -1, &result); if (rc == 0 && (entry = ldap_first_entry(ld, result))) { DPRINTF(("found:%s", ldap_get_dn(ld, entry)), 1); sudo_ldap_parse_options(ld, entry); --- 1718,1724 ---- return(-1); rc = ldap_search_ext_s(ld, ldap_conf.base, LDAP_SCOPE_SUBTREE, ! "cn=defaults", NULL, 0, NULL, NULL, NULL, 0, &result); if (rc == 0 && (entry = ldap_first_entry(ld, result))) { DPRINTF(("found:%s", ldap_get_dn(ld, entry)), 1); sudo_ldap_parse_options(ld, entry); *************** *** 1748,1754 **** for (matched = 0, do_netgr = 0; !matched && do_netgr < 2; do_netgr++) { filt = do_netgr ? estrdup("sudoUser=+*") : sudo_ldap_build_pass1(pw); rc = ldap_search_ext_s(ld, ldap_conf.base, LDAP_SCOPE_SUBTREE, filt, ! NULL, 0, NULL, NULL, NULL, -1, &result); efree(filt); if (rc != LDAP_SUCCESS) continue; --- 1759,1765 ---- for (matched = 0, do_netgr = 0; !matched && do_netgr < 2; do_netgr++) { filt = do_netgr ? estrdup("sudoUser=+*") : sudo_ldap_build_pass1(pw); rc = ldap_search_ext_s(ld, ldap_conf.base, LDAP_SCOPE_SUBTREE, filt, ! NULL, 0, NULL, NULL, NULL, 0, &result); efree(filt); if (rc != LDAP_SUCCESS) continue; *************** *** 1819,1825 **** filt = do_netgr ? estrdup("sudoUser=+*") : sudo_ldap_build_pass1(pw); DPRINTF(("ldap search '%s'", filt), 1); rc = ldap_search_ext_s(ld, ldap_conf.base, LDAP_SCOPE_SUBTREE, filt, ! NULL, 0, NULL, NULL, NULL, -1, &result); if (rc != LDAP_SUCCESS) DPRINTF(("nothing found for '%s'", filt), 1); efree(filt); --- 1830,1836 ---- filt = do_netgr ? estrdup("sudoUser=+*") : sudo_ldap_build_pass1(pw); DPRINTF(("ldap search '%s'", filt), 1); rc = ldap_search_ext_s(ld, ldap_conf.base, LDAP_SCOPE_SUBTREE, filt, ! NULL, 0, NULL, NULL, NULL, 0, &result); if (rc != LDAP_SUCCESS) DPRINTF(("nothing found for '%s'", filt), 1); efree(filt);