File sudo-1.7.6p2-set_ldap_options.patch of Package sudo.534
Index: sudo-1.7.6p2/ldap.c
===================================================================
--- sudo-1.7.6p2.orig/ldap.c 2012-05-24 13:54:39.179794995 +0200
+++ sudo-1.7.6p2/ldap.c 2012-05-24 14:02:51.163762010 +0200
@@ -1876,8 +1876,9 @@ sudo_ldap_sasl_interact(ld, flags, _auth
* Set LDAP options based on the config table.
*/
static int
-sudo_ldap_set_options(ld)
+sudo_ldap_set_options(ld, global)
LDAP *ld;
+ short global;
{
struct ldap_config_table *cur;
int rc;
@@ -1897,6 +1898,13 @@ sudo_ldap_set_options(ld)
if (cur->opt_val == -1)
continue;
+ /* skip connection-specific when setting global options */
+ if (global == TRUE && cur->connected)
+ continue;
+ /* skip global when setting connection-specific options */
+ if (global == FALSE && !cur->connected)
+ continue;
+
conn = cur->connected ? ld : NULL;
switch (cur->type) {
case CONF_BOOL:
@@ -1926,6 +1934,33 @@ sudo_ldap_set_options(ld)
break;
}
}
+ return(0);
+}
+
+/*
+ * Set global LDAP options
+ */
+static int
+sudo_ldap_set_options_global(void)
+{
+ int rc;
+ rc = sudo_ldap_set_options(NULL, TRUE);
+ if (rc == -1)
+ return(-1);
+ return(0);
+}
+
+/*
+ * Set global LDAP options
+ */
+static int
+sudo_ldap_set_options_connection_specific(ld)
+ LDAP *ld;
+{
+ int rc;
+ rc = sudo_ldap_set_options(ld, FALSE);
+ if (rc == -1)
+ return(-1);
#ifdef LDAP_OPT_TIMEOUT
/* Convert timeout to a timeval */
@@ -2146,6 +2181,10 @@ sudo_ldap_open(nss)
setenv("LDAPNOINIT", "1", TRUE);
}
+ /* Set global LDAP options */
+ if (sudo_ldap_set_options_global() < 0)
+ return -1;
+
/* Connect to LDAP server */
#ifdef HAVE_LDAP_INITIALIZE
if (ldap_conf.uri != NULL) {
@@ -2164,8 +2203,8 @@ sudo_ldap_open(nss)
if (ldapnoinit)
unsetenv("LDAPNOINIT");
- /* Set LDAP options */
- if (sudo_ldap_set_options(ld) < 0)
+ /* Set connection-specific LDAP options */
+ if (sudo_ldap_set_options_connection_specific(ld) < 0)
return -1;
if (ldap_conf.ssl_mode == SUDO_LDAP_STARTTLS) {
