From owner-freebsd-ports@FreeBSD.ORG Sun Jun 11 07:16:31 2006 Return-Path: X-Original-To: ports@FreeBSD.org Delivered-To: freebsd-ports@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 889E816A41A for ; Sun, 11 Jun 2006 07:16:31 +0000 (UTC) (envelope-from mharo@FreeBSD.org) Received: from burrito.bitsurf.net (dcn235-229.dcn.davis.ca.us [168.150.235.229]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2392E43D48 for ; Sun, 11 Jun 2006 07:16:31 +0000 (GMT) (envelope-from mharo@FreeBSD.org) Received: from burrito.bitsurf.net (localhost [127.0.0.1]) by burrito.bitsurf.net (8.13.3/8.13.3) with ESMTP id k5B7R3Zt029519 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO); Sun, 11 Jun 2006 00:27:03 -0700 (PDT) (envelope-from mharo@FreeBSD.org) Received: (from mharo@localhost) by burrito.bitsurf.net (8.13.3/8.13.3/Submit) id k5B7R30c029516; Sun, 11 Jun 2006 00:27:03 -0700 (PDT) (envelope-from mharo@FreeBSD.org) X-Authentication-Warning: burrito.bitsurf.net: mharo set sender to mharo@FreeBSD.org using -f Date: Sun, 11 Jun 2006 00:27:03 -0700 From: Michael Haro To: Tom Judge Message-ID: <20060611072703.GB29363@bitsurf.net> Mail-Followup-To: Michael Haro , Tom Judge , ports@FreeBSD.org References: <4489331B.8060907@tomjudge.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4489331B.8060907@tomjudge.com> User-Agent: Mutt/1.4.2.1i X-Operating-System: FreeBSD 5.4-RELEASE-p6 X-SMTP-From: localhost [127.0.0.1] (burrito.bitsurf.net) X-Scanned-By: MIMEDefang 2.53 on 168.150.235.229 Cc: ports@FreeBSD.org Subject: Re: FreeBSD Port: sudo-1.6.8.12_1 X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Jun 2006 07:16:31 -0000 This seems like something that would be useful (as an option to configure) to sudo in general and not specific to FreeBSD. Have you tried contacting the sudo project? Michael On Fri, Jun 09, 2006 at 09:36:43AM +0100, Tom Judge wrote: > Hi, > > Sorry I forgot to attach the patch to the last email. > > I have created a small patch for sudo that allows it to do an LDAP sub > tree search for the sudoers entries, which in turn allows you to > categorize sudo rights within the LDAP tree. Would it be possible to > get this added to the sudo port? > > Regards > > Tom J > > > --- ldap.c.orig Fri Jun 9 09:14:24 2006 > +++ ldap.c Fri Jun 9 09:17:55 2006 > @@ -833,7 +833,7 @@ > > /* Parse Default Options */ > > - rc=ldap_search_s(ld,ldap_conf.base,LDAP_SCOPE_ONELEVEL, > + rc=ldap_search_s(ld,ldap_conf.base,LDAP_SCOPE_SUBTREE, > "cn=defaults",NULL,0,&result); > if (!rc && (entry=ldap_first_entry(ld,result))){ > if (ldap_conf.debug) printf("found:%s\n",ldap_get_dn(ld,entry)); > @@ -871,7 +871,7 @@ > filt=strdup("sudoUser=+*"); > } > if (ldap_conf.debug) printf("ldap search '%s'\n",filt); > - rc=ldap_search_s(ld,ldap_conf.base,LDAP_SCOPE_ONELEVEL, > + rc=ldap_search_s(ld,ldap_conf.base,LDAP_SCOPE_SUBTREE, > filt,NULL,0,&result); > if (rc) { > if (ldap_conf.debug) printf("nothing found for '%s'\n",filt);