diff options
author | Todd C. Miller <Todd.Miller@sudo.ws> | 2023-05-02 10:47:53 -0600 |
---|---|---|
committer | Todd C. Miller <Todd.Miller@sudo.ws> | 2023-05-02 10:47:53 -0600 |
commit | 694570c497da08c04dbe233a7015022b5658a524 (patch) | |
tree | d6a2aec66629f72d580b342a1e750330156d0108 | |
parent | 26be5effdc0fae3e7cb93929d4cd5c87989562d2 (diff) | |
download | sudo-694570c497da08c04dbe233a7015022b5658a524.tar.gz |
Make path_ldap_conf and path_ldap_secret private to policy.c.
Add getters for both so the ldap code can access them.
-rw-r--r-- | plugins/sudoers/ldap.c | 2 | ||||
-rw-r--r-- | plugins/sudoers/ldap_conf.c | 8 | ||||
-rw-r--r-- | plugins/sudoers/policy.c | 18 | ||||
-rw-r--r-- | plugins/sudoers/sudoers.h | 4 |
4 files changed, 23 insertions, 9 deletions
diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c index c625bd630..a09567126 100644 --- a/plugins/sudoers/ldap.c +++ b/plugins/sudoers/ldap.c @@ -226,7 +226,7 @@ sudo_ldap_init(LDAP **ldp, const char *host, int port) ldapssl_err2string(ret)); if (ldap_conf.tls_certfile == NULL) sudo_warnx(U_("you must set TLS_CERT in %s to use SSL"), - path_ldap_conf); + policy_path_ldap_conf()); goto done; } diff --git a/plugins/sudoers/ldap_conf.c b/plugins/sudoers/ldap_conf.c index 12243cbc3..fbec03e4c 100644 --- a/plugins/sudoers/ldap_conf.c +++ b/plugins/sudoers/ldap_conf.c @@ -354,7 +354,7 @@ sudo_ldap_read_secret(const char *path) ssize_t len; debug_decl(sudo_ldap_read_secret, SUDOERS_DEBUG_LDAP); - if ((fp = fopen(path_ldap_secret, "r")) != NULL) { + if ((fp = fopen(policy_path_ldap_secret(), "r")) != NULL) { len = getdelim(&line, &linesize, '\n', fp); if (len != -1) { /* trim newline */ @@ -428,7 +428,7 @@ sudo_ldap_parse_keyword(const char *keyword, const char *value, &errstr); if (errstr != NULL) { sudo_warnx(U_("%s: %s: %s: %s"), - path_ldap_conf, keyword, value, U_(errstr)); + policy_path_ldap_conf(), keyword, value, U_(errstr)); } break; case CONF_STR: @@ -561,7 +561,7 @@ sudo_ldap_read_config(void) debug_return_bool(false); } - if ((fp = fopen(path_ldap_conf, "r")) == NULL) + if ((fp = fopen(policy_path_ldap_conf(), "r")) == NULL) debug_return_bool(false); while (sudo_parseln(&line, &linesize, NULL, fp, PARSELN_COMM_BOL|PARSELN_CONT_IGN) != -1) { @@ -777,7 +777,7 @@ sudo_ldap_read_config(void) /* If rootbinddn set, read in /etc/ldap.secret if it exists. */ if (ldap_conf.rootbinddn) { - sudo_ldap_read_secret(path_ldap_secret); + sudo_ldap_read_secret(policy_path_ldap_secret()); } else if (ldap_conf.bindpw) { cp = sudo_ldap_decode_secret(ldap_conf.bindpw); if (cp != NULL) { diff --git a/plugins/sudoers/policy.c b/plugins/sudoers/policy.c index 46823eb6d..34fa0e306 100644 --- a/plugins/sudoers/policy.c +++ b/plugins/sudoers/policy.c @@ -54,8 +54,8 @@ static const char *interfaces_string; sudo_conv_t sudo_conv; sudo_printf_t sudo_printf; struct sudo_plugin_event * (*plugin_event_alloc)(void); -const char *path_ldap_conf = _PATH_LDAP_CONF; -const char *path_ldap_secret = _PATH_LDAP_SECRET; +static const char *path_ldap_conf = _PATH_LDAP_CONF; +static const char *path_ldap_secret = _PATH_LDAP_SECRET; static const char *path_sudoers = _PATH_SUDOERS; static bool session_opened; int sudoedit_nfiles; @@ -634,6 +634,20 @@ policy_path_sudoers(void) return path_sudoers; } +/* Return the path to ldap.conf file, which may be set in the plugin args. */ +const char * +policy_path_ldap_conf(void) +{ + return path_ldap_conf; +} + +/* Return the path to ldap.secret file, which may be set in the plugin args. */ +const char * +policy_path_ldap_secret(void) +{ + return path_ldap_secret; +} + /* * Store the execution environment and other front-end settings. * Builds up the command_info list and sets argv and envp. diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h index 2708d2fef..392efb248 100644 --- a/plugins/sudoers/sudoers.h +++ b/plugins/sudoers/sudoers.h @@ -451,8 +451,8 @@ void sudoers_debug_deregister(void); int sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults); bool sudoers_policy_store_result(bool accepted, char *argv[], char *envp[], mode_t cmnd_umask, char *iolog_path, void *v); const char *policy_path_sudoers(void); -extern const char *path_ldap_conf; -extern const char *path_ldap_secret; +const char *policy_path_ldap_conf(void); +const char *policy_path_ldap_secret(void); /* group_plugin.c */ int group_plugin_load(const char *plugin_info); |