[sudo-workers] Multipe sudoers_base-entries in ldap.conf
bm1 at gmx.eu
bm1 at gmx.eu
Thu Sep 14 11:00:40 EDT 2006
Hi everyone,
this is just a first try to use multiple sudoers_base-entries but it seems to work here.
Index: ldap.c
===================================================================
@@ -92,6 +92,14 @@
int debug;
} ldap_conf;
+struct base_list {
+ char *temp_base;
+ struct base_list *next;
+ struct base_list *prev;
+};
+struct base_list *start_ptr = NULL;
+
+
/*
* Walks through search result and returns true if we have a
* netgroup that matches our user
@@ -546,7 +554,21 @@
else MATCH_S("uri", ldap_conf.uri)
else MATCH_S("binddn", ldap_conf.binddn)
else MATCH_S("bindpw", ldap_conf.bindpw)
- else MATCH_S("sudoers_base", ldap_conf.base)
+ else if (!strcasecmp(keyword,"sudoers_base")) {
+ struct base_list *p, *act_ptr = calloc (1, sizeof (struct base_list));
+ // write value
+ act_ptr->temp_base = strdup(value);
+ //printf ("VALUE AT ACT_PTR %s\n", act_ptr->temp_base);
+ // check
+ for (p = start_ptr; p && p->next; p = p->next);
+ if (p) {
+ act_ptr->prev = p;
+ p->next = act_ptr;
+ } else {
+ act_ptr->prev=&start_ptr;
+ start_ptr = act_ptr;
+ }
+ }
else MATCH_I("sudoers_debug", ldap_conf.debug)
else {
@@ -559,7 +581,6 @@
} /* parse next line */
if (f) fclose(f);
-
/* defaults */
if (!ldap_conf.version) ldap_conf.version=3;
if (!ldap_conf.port) ldap_conf.port=389;
@@ -581,8 +602,8 @@
}
printf("ldap_version %d\n", ldap_conf.version);
- printf("sudoers_base %s\n", ldap_conf.base ?
- ldap_conf.base : "(NONE) <---Sudo will ignore ldap)");
+ printf("sudoers_base %s\n", start_ptr->temp_base ?
+ start_ptr->temp_base : "(NONE) <---Sudo will ignore ldap)");
printf("binddn %s\n", ldap_conf.binddn ?
ldap_conf.binddn : "(anonymous)");
printf("bindpw %s\n", ldap_conf.bindpw ?
@@ -595,7 +616,7 @@
}
/* if no base is defined, ignore LDAP */
- if (!ldap_conf.base) return 0;
+ if (!start_ptr) return 0;
/* All is good */
return 1;
}
@@ -708,12 +729,27 @@
int rc=0;
int ret=0;
int pass=0;
- /* flags */
- int ldap_user_matches=0;
- int ldap_host_matches=0;
if (!sudo_ldap_read_config()) return VALIDATE_ERROR;
-
+
+ // DEFINE ldap_conf.base here
+ struct base_list *p;
+ p = start_ptr;
+ int count=1;
+ while (p->next) {
+ count=count+1;
+ p=p->next;
+ }
+ int i=0;
+ p = start_ptr;
+ for (i=0;i<count;i++) {
+ int rc=0;
+ int ret=0;
+ int pass=0;
+ /* flags */
+ int ldap_user_matches=0;
+ int ldap_host_matches=0;
+ ldap_conf.base = p->temp_base;
/* macro to set option, error on failure plus consistent debugging */
#define SET_OPT(opt,optname,val) \
if (ldap_conf.val!=NULL) { \
@@ -958,6 +994,19 @@
}
if (ldap_conf.debug) printf("sudo_ldap_check(%d)=0x%02x\n",pwflag,ret);
-
- return ret ;
+ // return the result and break
+ if (ret == 2) {
+ return ret ;
+ break;
+ }
+ // else next p
+ if (p->next) {
+ p=p->next;
+ free(p->prev);
+ } else {
+ // if no next p we didn't have a match
+ free(p);
+ return ret;
+ }
+ }
}
Best Regards,
Björn
More information about the sudo-workers
mailing list