#define LDAP_OPT_SUCCESS LDAP_SUCCESS
#endif
-extern int printmatches;
-
/* ldap configuration structure */
struct ldap_config {
char *host;
* command match
*/
int
-sudo_ldap_add_match(ld,entry)
+sudo_ldap_add_match(ld,entry, pwflag)
LDAP *ld;
LDAPMessage *entry;
+ int pwflag;
{
char **v=NULL;
char *dn;
char **edn;
- /* if we are not collecting matches, then don't print them */
- if (printmatches != TRUE) return 1;
+ /* if we are not collecting matches, then don't save them */
+ if (pwflag != I_LISTPW) return 1;
/* collect the dn, only show the rdn */
dn=ldap_get_dn(ld,entry);
#undef SAVE_LIST
void
-sudo_ldap_list_matches()
+sudo_ldap_display_privs()
{
if (sudo_ldap_cm_list!=NULL) printf("%s",sudo_ldap_cm_list);
}
/*
- * like sudoers_lookup() - only LDAP style
- *
+ * Open a connection to the LDAP server
*/
-int
-sudo_ldap_check(pwflag)
-int pwflag;
+VOID *
+sudo_ldap_open()
{
LDAP *ld=NULL;
+ /* temp return value */
+ int rc;
- /* Used for searches */
- LDAPMessage *result=NULL;
- LDAPMessage *entry=NULL;
- /* used to parse attributes */
- char *filt;
- /* temp/final return values */
- int rc=0;
- int ret=0;
- int pass=0;
- /* flags */
- int ldap_user_matches=0;
- int ldap_host_matches=0;
-
- if (!sudo_ldap_read_config()) return VALIDATE_ERROR;
+ if (!sudo_ldap_read_config()) return NULL;
/* macro to set option, error on failure plus consistent debugging */
#define SET_OPT(opt,optname,val) \
if(rc != LDAP_OPT_SUCCESS){ \
fprintf(stderr,"ldap_set_option(LDAP_OPT_%s,\"%s\")=%d: %s\n", \
optname, ldap_conf.val, rc, ldap_err2string(rc)); \
- return VALIDATE_ERROR ; \
+ return NULL ; \
} \
} \
if(rc != LDAP_OPT_SUCCESS){ \
fprintf(stderr,"ldap_set_option(LDAP_OPT_%s,0x%02x)=%d: %s\n", \
optname, ldap_conf.val, rc, ldap_err2string(rc)); \
- return VALIDATE_ERROR ; \
+ return NULL ; \
} \
+ /* Parse Default Options */
/* attempt to setup ssl options */
#ifdef LDAP_OPT_X_TLS_CACERTFILE
SET_OPT(LDAP_OPT_X_TLS_CACERTFILE, "X_TLS_CACERTFILE", tls_cacertfile);
if(rc){
fprintf(stderr, "ldap_initialize()=%d : %s\n",
rc,ldap_err2string(rc));
- return VALIDATE_ERROR;
+ return NULL;
}
} else
#endif /* HAVE_LDAP_INITIALIZE */
if (!ld) {
fprintf(stderr, "ldap_init(): errno=%d : %s\n",
errno, strerror(errno));
- return VALIDATE_ERROR;
+ return NULL;
}
}
if (rc != LDAP_SUCCESS) {
fprintf(stderr, "ldap_start_tls_s(): %d: %s\n", rc, ldap_err2string(rc));
ldap_unbind(ld);
- return VALIDATE_ERROR;
+ return NULL;
}
if (ldap_conf.debug) printf("ldap_start_tls_s() ok\n");
if(rc){
fprintf(stderr,"ldap_simple_bind_s()=%d : %s\n",
rc, ldap_err2string(rc));
- return VALIDATE_ERROR ;
+ return NULL ;
}
if (ldap_conf.debug) printf("ldap_bind() ok\n");
+ return (VOID *)ld;
+}
- /* Parse Default Options */
+void
+sudo_ldap_update_defaults(v)
+VOID *v;
+{
+ LDAP *ld = (LDAP *)v;
+ /* Used for searches */
+ LDAPMessage *result=NULL;
+ LDAPMessage *entry=NULL;
+ /* temp return value */
+ int rc;
rc=ldap_search_s(ld,ldap_conf.base,LDAP_SCOPE_ONELEVEL,
"cn=defaults",NULL,0,&result);
}
if (result) ldap_msgfree(result);
- result=NULL;
+}
+
+/*
+ * like sudoers_lookup() - only LDAP style
+ */
+
+int
+sudo_ldap_check(v, pwflag)
+VOID *v;
+int pwflag;
+{
+ LDAP *ld = (LDAP *)v;
+ /* Used for searches */
+ LDAPMessage *result=NULL;
+ LDAPMessage *entry=NULL;
+ /* used to parse attributes */
+ char *filt;
+ /* temp/final return values */
+ int rc=0;
+ int ret=0;
+ int pass=0;
+ /* flags */
+ int ldap_user_matches=0;
+ int ldap_host_matches=0;
/*
* Okay - time to search for anything that matches this user
/* remember that host matched */
(ldap_host_matches=-1) &&
/* add matches for listing later */
- sudo_ldap_add_match(ld,entry) &&
+ sudo_ldap_add_match(ld,entry, pwflag) &&
/* verify command match */
sudo_ldap_check_command(ld,entry) &&
/* verify runas match */
projects / sudo / commitdiff