Make path_ldap_conf and path_ldap_secret private to policy.c.

Add getters for both so the ldap code can access them.

4 files changed, 23 insertions, 9 deletions

diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c
index c625bd630..a09567126 100644
--- a/plugins/sudoers/ldap.c
+++ b/plugins/sudoers/ldap.c
@@ -226,7 +226,7 @@ sudo_ldap_init(LDAP **ldp, const char *host, int port)
 		ldapssl_err2string(ret));
 	    if (ldap_conf.tls_certfile == NULL)
 		sudo_warnx(U_("you must set TLS_CERT in %s to use SSL"),
-		    path_ldap_conf);
+		    policy_path_ldap_conf());
 	    goto done;
 	}
 
diff --git a/plugins/sudoers/ldap_conf.c b/plugins/sudoers/ldap_conf.c
index 12243cbc3..fbec03e4c 100644
--- a/plugins/sudoers/ldap_conf.c
+++ b/plugins/sudoers/ldap_conf.c
@@ -354,7 +354,7 @@ sudo_ldap_read_secret(const char *path)
     ssize_t len;
     debug_decl(sudo_ldap_read_secret, SUDOERS_DEBUG_LDAP);
 
-    if ((fp = fopen(path_ldap_secret, "r")) != NULL) {
+    if ((fp = fopen(policy_path_ldap_secret(), "r")) != NULL) {
 	len = getdelim(&line, &linesize, '\n', fp);
 	if (len != -1) {
 	    /* trim newline */
@@ -428,7 +428,7 @@ sudo_ldap_parse_keyword(const char *keyword, const char *value,
 		    &errstr);
 		if (errstr != NULL) {
 		    sudo_warnx(U_("%s: %s: %s: %s"),
-			path_ldap_conf, keyword, value, U_(errstr));
+			policy_path_ldap_conf(), keyword, value, U_(errstr));
 		}
 		break;
 	    case CONF_STR:
@@ -561,7 +561,7 @@ sudo_ldap_read_config(void)
 	debug_return_bool(false);
     }
 
-    if ((fp = fopen(path_ldap_conf, "r")) == NULL)
+    if ((fp = fopen(policy_path_ldap_conf(), "r")) == NULL)
 	debug_return_bool(false);
 
     while (sudo_parseln(&line, &linesize, NULL, fp, PARSELN_COMM_BOL|PARSELN_CONT_IGN) != -1) {
@@ -777,7 +777,7 @@ sudo_ldap_read_config(void)
 
     /* If rootbinddn set, read in /etc/ldap.secret if it exists. */
     if (ldap_conf.rootbinddn) {
-	sudo_ldap_read_secret(path_ldap_secret);
+	sudo_ldap_read_secret(policy_path_ldap_secret());
     } else if (ldap_conf.bindpw) {
 	cp = sudo_ldap_decode_secret(ldap_conf.bindpw);
 	if (cp != NULL) {
diff --git a/plugins/sudoers/policy.c b/plugins/sudoers/policy.c
index 46823eb6d..34fa0e306 100644
--- a/plugins/sudoers/policy.c
+++ b/plugins/sudoers/policy.c
@@ -54,8 +54,8 @@ static const char *interfaces_string;
 sudo_conv_t sudo_conv;
 sudo_printf_t sudo_printf;
 struct sudo_plugin_event * (*plugin_event_alloc)(void);
-const char *path_ldap_conf = _PATH_LDAP_CONF;
-const char *path_ldap_secret = _PATH_LDAP_SECRET;
+static const char *path_ldap_conf = _PATH_LDAP_CONF;
+static const char *path_ldap_secret = _PATH_LDAP_SECRET;
 static const char *path_sudoers = _PATH_SUDOERS;
 static bool session_opened;
 int sudoedit_nfiles;
@@ -634,6 +634,20 @@ policy_path_sudoers(void)
     return path_sudoers;
 }
 
+/* Return the path to ldap.conf file, which may be set in the plugin args. */
+const char *
+policy_path_ldap_conf(void)
+{
+    return path_ldap_conf;
+}
+
+/* Return the path to ldap.secret file, which may be set in the plugin args. */
+const char *
+policy_path_ldap_secret(void)
+{
+    return path_ldap_secret;
+}
+
 /*
  * Store the execution environment and other front-end settings.
  * Builds up the command_info list and sets argv and envp.
diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h
index 2708d2fef..392efb248 100644
--- a/plugins/sudoers/sudoers.h
+++ b/plugins/sudoers/sudoers.h
@@ -451,8 +451,8 @@ void sudoers_debug_deregister(void);
 int sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults);
 bool sudoers_policy_store_result(bool accepted, char *argv[], char *envp[], mode_t cmnd_umask, char *iolog_path, void *v);
 const char *policy_path_sudoers(void);
-extern const char *path_ldap_conf;
-extern const char *path_ldap_secret;
+const char *policy_path_ldap_conf(void);
+const char *policy_path_ldap_secret(void);
 
 /* group_plugin.c */
 int group_plugin_load(const char *plugin_info);