[sudo-workers] Update to ldap.c
Todd C. Miller
Todd.Miller at courtesan.com
Tue Jan 27 11:12:35 MST 2015
I haven't forgotten about this but there were some problems with
the original patch, mostly having to do with memory allocation and
freeing (including a use-after-free problem).
I also had trouble making it work with OpenLDAP's slapd, which
doesn't support searching on nisNetgroupTriple. It's not hard to
modify the schema to support this though.
I've reworked the patch to use a tail queue instead of an array and
split the nisNetgroupTriple and memberNisNetgroup queries into
separate functions. I think the result is a lot easier to read.
The attached patch is relative to today's sudo tip from mercurial.
It works fine in my test environment but I'd love to know how it
fares in the real world.
- todd
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ldap_netgroups.patch
Type: text/x-patch
Size: 20764 bytes
Desc: not available
URL: <http://www.sudo.ws/pipermail/sudo-workers/attachments/20150127/1ef04888/attachment.bin>
More information about the sudo-workers
mailing list