mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-23 10:27:45 +00:00
Code Issues Releases Wiki Activity

Add support for sasl_secprops in ldap.conf

Browse Source
This commit is contained in:
Todd C. Miller 2007-07-16 22:44:07 +00:00
parent 436e3b631b
commit f5ad187edf
2 changed files with 37 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.LDAP
View File

@ -256,9 +256,10 @@ when you imported the sudoers. Below is an example /etc/ldap.conf
# #
# If using SASL authentication for LDAP # If using SASL authentication for LDAP
# use_sasl yes # use_sasl yes
# sasl_auth_id <SASL password> # sasl_auth_id <SASL username>
# rootuse_sasl yes # rootuse_sasl yes
# rootsasl_auth_id <SASL password for root access> # rootsasl_auth_id <SASL username for root access>
# sasl_secprops none
# #
Debugging your LDAP configuration Debugging your LDAP configuration

29
ldap.c
View File

@ -114,6 +114,7 @@ struct ldap_config {
char *tls_keyfile; char *tls_keyfile;
char *sasl_auth_id; char *sasl_auth_id;
char *rootsasl_auth_id; char *rootsasl_auth_id;
char *sasl_secprops;
char *krb5_ccname; char *krb5_ccname;
} ldap_conf; } ldap_conf;
@ -581,6 +582,8 @@ sudo_ldap_read_config()
else else
MATCH_S("rootsasl_auth_id", ldap_conf.rootsasl_auth_id) MATCH_S("rootsasl_auth_id", ldap_conf.rootsasl_auth_id)
else else
MATCH_S("sasl_secprops", ldap_conf.sasl_secprops)
else
MATCH_S("krb5_ccname", ldap_conf.krb5_ccname) MATCH_S("krb5_ccname", ldap_conf.krb5_ccname)
#endif #endif
else { else {
@ -632,9 +635,13 @@ sudo_ldap_read_config()
fprintf(stderr, "use_sasl %d\n", ldap_conf.use_sasl); fprintf(stderr, "use_sasl %d\n", ldap_conf.use_sasl);
fprintf(stderr, "sasl_auth_id %s\n", ldap_conf.sasl_auth_id ? fprintf(stderr, "sasl_auth_id %s\n", ldap_conf.sasl_auth_id ?
ldap_conf.sasl_auth_id : "(NONE)"); ldap_conf.sasl_auth_id : "(NONE)");
fprintf(stderr, "use_sasl %d\n", ldap_conf.use_sasl); fprintf(stderr, "rootuse_sasl %d\n", ldap_conf.rootuse_sasl);
fprintf(stderr, "rootsasl_auth_id %s\n", ldap_conf.rootsasl_auth_id ? fprintf(stderr, "rootsasl_auth_id %s\n", ldap_conf.rootsasl_auth_id ?
ldap_conf.rootsasl_auth_id : "(NONE)"); ldap_conf.rootsasl_auth_id : "(NONE)");
fprintf(stderr, "sasl_secprops %s\n", ldap_conf.sasl_secprops ?
ldap_conf.sasl_secprops : "(NONE)");
fprintf(stderr, "krb5_ccname %s\n", ldap_conf.krb5_ccname ?
ldap_conf.krb5_ccname : "(NONE)");
#endif #endif
fprintf(stderr, "===================\n"); fprintf(stderr, "===================\n");
} }
@ -887,16 +894,16 @@ sudo_ldap_display_cmnd(ldv, pw)
#ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S #ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S
static int static int
sudo_ldap_sasl_interact(ld, flags, v_auth_id, v_interact) sudo_ldap_sasl_interact(ld, flags, _auth_id, _interact)
LDAP *ld; LDAP *ld;
unsigned int flags; unsigned int flags;
void *v_auth_id; void *_auth_id;
void *v_interact; void *_interact;
{ {
char *auth_id = (char *)v_auth_id; char *auth_id = (char *)_auth_id;
sasl_interact_t *interact = (sasl_interact_t *)v_interact; sasl_interact_t *interact = (sasl_interact_t *)_interact;
for (;interact->id != SASL_CB_LIST_END; interact++) { for (; interact->id != SASL_CB_LIST_END; interact++) {
if (interact->id != SASL_CB_USER) if (interact->id != SASL_CB_USER)
return(LDAP_PARAM_ERROR); return(LDAP_PARAM_ERROR);
@ -906,7 +913,11 @@ sudo_ldap_sasl_interact(ld, flags, v_auth_id, v_interact)
interact->result = interact->defresult; interact->result = interact->defresult;
else else
interact->result = ""; interact->result = "";
interact->len = strlen(interact->result); interact->len = strlen(interact->result);
#if SASL_VERSION_MAJOR < 2
interact->result = estrdup(interact->result);
#endif /* SASL_VERSION_MAJOR < 2 */
} }
return(LDAP_SUCCESS); return(LDAP_SUCCESS);
} }
@ -961,6 +972,10 @@ sudo_ldap_open()
SET_OPTI(X_CONNECT_TIMEOUT, bind_timeout); SET_OPTI(X_CONNECT_TIMEOUT, bind_timeout);
#endif #endif
#ifdef LDAP_OPT_X_SASL_SECPROPS
SET_OPTS(X_SASL_SECPROPS, sasl_secprops);
#endif
#ifdef LDAP_OPT_NETWORK_TIMEOUT #ifdef LDAP_OPT_NETWORK_TIMEOUT
if (ldap_conf.bind_timelimit > 0) { if (ldap_conf.bind_timelimit > 0) {
struct timeval tv; struct timeval tv;