From 3189de5bb9af76d1877dbb0a632dc6f60e32a040 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Sat, 3 Feb 2018 14:56:00 -0700
Subject: [PATCH] Display sudoNotBefore and sudoNotAfter in "sudo -l"

---
 plugins/sudoers/ldap.c | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c
index c3cb3fe53..020488080 100644
--- a/plugins/sudoers/ldap.c
+++ b/plugins/sudoers/ldap.c
@@ -2490,6 +2490,22 @@ sudo_ldap_display_entry_short(LDAP *ld, LDAPMessage *entry, struct passwd *pw,
     }
     sudo_lbuf_append(lbuf, ") ");
 
+    /* Get the sudoNotBefore and sudoNotAfter Values from the entry */
+    bv = ldap_get_values_len(ld, entry, "sudoNotBefore");
+    if (bv != NULL) {
+	for (p = bv; *p != NULL; p++) {
+	    sudo_lbuf_append(lbuf, "NOTBEFORE=%s ", (*p)->bv_val);
+	}
+	ldap_value_free_len(bv);
+    }
+    bv = ldap_get_values_len(ld, entry, "sudoNotAfter");
+    if (bv != NULL) {
+	for (p = bv; *p != NULL; p++) {
+	    sudo_lbuf_append(lbuf, "NOTAFTER=%s ", (*p)->bv_val);
+	}
+	ldap_value_free_len(bv);
+    }
+
     /* get the Option Values from the entry */
     bv = ldap_get_values_len(ld, entry, "sudoOption");
     if (bv != NULL) {
@@ -2594,6 +2610,26 @@ sudo_ldap_display_entry_long(LDAP *ld, LDAPMessage *entry, struct passwd *pw,
 	sudo_lbuf_append(lbuf, "\n");
     }
 
+    /* Get the sudoNotBefore and sudoNotAfter Values from the entry */
+    bv = ldap_get_values_len(ld, entry, "sudoNotBefore");
+    if (bv != NULL) {
+	sudo_lbuf_append(lbuf, "    NotBefore: ");
+	for (p = bv; *p != NULL; p++) {
+	    sudo_lbuf_append(lbuf, "%s%s", p != bv ? ", " : "", (*p)->bv_val);
+	}
+	ldap_value_free_len(bv);
+	sudo_lbuf_append(lbuf, "\n");
+    }
+    bv = ldap_get_values_len(ld, entry, "sudoNotAfter");
+    if (bv != NULL) {
+	sudo_lbuf_append(lbuf, "    NotAfter: ");
+	for (p = bv; *p != NULL; p++) {
+	    sudo_lbuf_append(lbuf, "%s%s", p != bv ? ", " : "", (*p)->bv_val);
+	}
+	ldap_value_free_len(bv);
+	sudo_lbuf_append(lbuf, "\n");
+    }
+
     /* get the Option Values from the entry */
     bv = ldap_get_values_len(ld, entry, "sudoOption");
     if (bv != NULL) {
-- 
2.40.0