From 91930f864d49c82591a06e1347faeeb630b0f2e6 Mon Sep 17 00:00:00 2001 From: Arran Cudbard-Bell Date: Tue, 17 Sep 2013 23:03:01 +0100 Subject: [PATCH] xlat expand profile filter remove search for PW_USER_PROFILE and expand default profile instead. If people really want the old functionality they can just set default = "%{control:User-Profile}". --- src/modules/rlm_ldap/attrmap.c | 7 ++++++- src/modules/rlm_ldap/rlm_ldap.c | 12 +++++++++--- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/src/modules/rlm_ldap/attrmap.c b/src/modules/rlm_ldap/attrmap.c index bc0531bd78..66d554120b 100644 --- a/src/modules/rlm_ldap/attrmap.c +++ b/src/modules/rlm_ldap/attrmap.c @@ -342,7 +342,12 @@ rlm_rcode_t rlm_ldap_map_profile(ldap_instance_t const *inst, REQUEST *request, if (!dn || !*dn) { return RLM_MODULE_OK; } - strlcpy(filter, inst->profile_filter, sizeof(filter)); + + if (radius_xlat(filter, sizeof(filter), request, inst->profile_filter, rlm_ldap_escape_func, NULL) < 0) { + REDEBUG("Failed creating profile filter"); + + return RLM_MODULE_INVALID; + } status = rlm_ldap_search(inst, request, pconn, dn, LDAP_SCOPE_BASE, filter, expanded->attrs, &result); switch (status) { diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c index 4023fa18e8..d650aec54f 100644 --- a/src/modules/rlm_ldap/rlm_ldap.c +++ b/src/modules/rlm_ldap/rlm_ldap.c @@ -980,9 +980,15 @@ skip_edir: /* * Apply ONE user profile, or a default user profile. */ - vp = pairfind(request->config_items, PW_USER_PROFILE, 0, TAG_ANY); - if (vp || inst->default_profile) { - char const *profile = vp ? vp->vp_strvalue : inst->default_profile; + if (inst->default_profile) { + char profile[1024]; + + if (radius_xlat(profile, sizeof(profile), request, inst->default_profile, NULL, NULL) < 0) { + REDEBUG("Failed creating default profile string"); + + rcode = RLM_MODULE_INVALID; + goto finish; + } rlm_ldap_map_profile(inst, request, &conn, profile, &expanded); } -- 2.47.3