int bind_timelimit;
int use_sasl;
int rootuse_sasl;
- int use_ssl;
- int start_tls;
char *host;
char *uri;
char *binddn;
char *bindpw;
char *rootbinddn;
char *base;
+ char *ssl;
char *tls_cacertfile;
char *tls_cacertdir;
char *tls_random_file;
char *sasl_auth_id;
char *rootsasl_auth_id;
char *sasl_secprops;
- char *sslpath;
char *krb5_ccname;
} ldap_conf;
sudo_ldap_read_config()
{
FILE *f;
- char buf[LINE_MAX], *c, *keyword, *value, *ssl = NULL;
+ char buf[LINE_MAX], *c, *keyword, *value;
/* defaults */
- ldap_conf.version = LDAP_VERSION_MAX; /* XXX - use LDAP_VERSION? */
- ldap_conf.port = -1;
+ ldap_conf.version = 3;
+ ldap_conf.port = 389;
ldap_conf.tls_checkpeer = -1;
ldap_conf.timelimit = -1;
ldap_conf.bind_timelimit = -1;
else
MATCH_I("port", ldap_conf.port)
else
- MATCH_S("ssl", ssl)
- else
- MATCH_S("sslpath", ldap_conf.sslpath)
+ MATCH_S("ssl", ldap_conf.ssl)
else
MATCH_B("tls_checkpeer", ldap_conf.tls_checkpeer)
else
}
fclose(f);
- /*
- * The ssl option may be a boolean or the string "start_tls".
- */
- if (ssl != NULL) {
- if (strcasecmp(ssl, "start_tls") == 0)
- ldap_conf.start_tls = 1;
- else
- ldap_conf.use_ssl = _atobool(ssl);
- }
-
- if (ldap_conf.port == -1) {
-#ifdef HAVE_LDAPSSL_INIT
- if (ldap_conf.use_ssl)
- ldap_conf.port = LDAPS_PORT;
- else
-#endif
- ldap_conf.port = LDAP_PORT;
- }
-
if (!ldap_conf.host)
ldap_conf.host = estrdup("localhost");
ldap_conf.bindpw : "(anonymous)");
fprintf(stderr, "bind_timelimit %d\n", ldap_conf.bind_timelimit);
fprintf(stderr, "timelimit %d\n", ldap_conf.timelimit);
-#ifdef HAVE_LDAPSSL_INIT
- fprintf(stderr, "use_ssl %d\n", ldap_conf.use_ssl);
-#endif
#ifdef HAVE_LDAP_START_TLS_S
- fprintf(stderr, "start_tls %d\n", ldap_conf.start_tls);
+ fprintf(stderr, "ssl %s\n", ldap_conf.ssl ?
+ ldap_conf.ssl : "(no)");
#endif
#ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S
fprintf(stderr, "use_sasl %d\n", ldap_conf.use_sasl);
if (!sudo_ldap_read_config())
return(NULL);
- /* attempt to setup TLS options */
+ /* attempt to setup ssl options */
#ifdef LDAP_OPT_X_TLS_CACERTFILE
SET_OPTS(X_TLS_CACERTFILE, tls_cacertfile);
#endif /* LDAP_OPT_X_TLS_CACERTFILE */
}
#endif
-#ifdef HAVE_LDAPSSL_INIT
- /* setup SSL before connecting */
- if (ldap_conf.use_ssl && ldap_conf.sslpath != NULL) {
- rc = ldapssl_client_init(ldap_conf.sslpath, NULL);
- if (rc != LDAP_SUCCESS) {
- fprintf(stderr, "ldapssl_client_init()=%d : %s\n",
- rc, ldap_err2string(rc));
- return(NULL);
- }
- }
-#endif
-
- /* attempt connection */
+ /* attempt connect */
#ifdef HAVE_LDAP_INITIALIZE
if (ldap_conf.uri) {
DPRINTF(("ldap_initialize(ld,%s)", ldap_conf.uri), 2);
rc = ldap_initialize(&ld, ldap_conf.uri);
- if (rc != LDAP_SUCCESS) {
+ if (rc) {
fprintf(stderr, "ldap_initialize()=%d : %s\n",
rc, ldap_err2string(rc));
return(NULL);
} else
#endif /* HAVE_LDAP_INITIALIZE */
if (ldap_conf.host) {
-#ifdef HAVE_LDAPSSL_INIT
- DPRINTF(("ldapssl_init(%s,%d,%d)", ldap_conf.host, ldap_conf.port,
- ldap_conf.use_ssl), 2);
- ld = ldapssl_init(ldap_conf.host, ldap_conf.port, ldap_conf.use_ssl);
- if (ld == NULL) {
- warning("ldapssl_init()");
- return(NULL);
- }
-#else
DPRINTF(("ldap_init(%s,%d)", ldap_conf.host, ldap_conf.port), 2);
if ((ld = ldap_init(ldap_conf.host, ldap_conf.port)) == NULL) {
warning("ldap_init()");
return(NULL);
}
-#endif
}
#ifdef LDAP_OPT_PROTOCOL_VERSION
#ifdef HAVE_LDAP_START_TLS_S
/* Turn on TLS */
- if (ldap_conf.start_tls) {
+ if (ldap_conf.ssl && !strcasecmp(ldap_conf.ssl, "start_tls")) {
rc = ldap_start_tls_s(ld, NULL, NULL);
if (rc != LDAP_SUCCESS) {
fprintf(stderr, "ldap_start_tls_s(): %d: %s\n", rc,
projects / sudo / commitdiff