From 96b96c6265ac6b5a7fce74204dda6671584a5a8c Mon Sep 17 00:00:00 2001 From: Nick Porter Date: Tue, 28 Jan 2025 10:34:03 +0000 Subject: [PATCH] Add sort_by option to rlm_ldap profile section --- src/modules/rlm_ldap/rlm_ldap.c | 49 +++++++++++++++++---------------- src/modules/rlm_ldap/rlm_ldap.h | 2 ++ 2 files changed, 28 insertions(+), 23 deletions(-) diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c index e830842c50..257c1b758d 100644 --- a/src/modules/rlm_ldap/rlm_ldap.c +++ b/src/modules/rlm_ldap/rlm_ldap.c @@ -101,6 +101,7 @@ static conf_parser_t profile_config[] = { .func = cf_table_parse_int, .uctx = &(cf_table_parse_ctx_t){ .table = fr_ldap_scope, .len = &fr_ldap_scope_len } }, { FR_CONF_OFFSET("attribute", rlm_ldap_t, profile_attr) }, { FR_CONF_OFFSET("attribute_suspend", rlm_ldap_t, profile_attr_suspend) }, + { FR_CONF_OFFSET("sort_by", rlm_ldap_t, profile_sort_by) }, CONF_PARSER_TERMINATOR }; @@ -2199,6 +2200,7 @@ static int mod_detach(module_detach_ctx_t const *mctx) rlm_ldap_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_ldap_t); if (inst->user.obj_sort_ctrl) ldap_control_free(inst->user.obj_sort_ctrl); + if (inst->profile_sort_ctrl) ldap_control_free(inst->profile_sort_ctrl); return 0; } @@ -2600,30 +2602,31 @@ static int mod_instantiate(module_inst_ctx_t const *mctx) } /* - * Build the server side sort control for user objects + * Build the server side sort control for user / profile objects */ - if (inst->user.obj_sort_by) { - LDAPSortKey **keys; - int ret; - - ret = ldap_create_sort_keylist(&keys, UNCONST(char *, inst->user.obj_sort_by)); - if (ret != LDAP_SUCCESS) { - cf_log_err(conf, "Invalid user.sort_by value \"%s\": %s", - inst->user.obj_sort_by, ldap_err2string(ret)); - goto error; - } - - /* - * Always set the control as critical, if it's not needed - * the user can comment it out... - */ - ret = ldap_create_sort_control(ldap_global_handle, keys, 1, &inst->user.obj_sort_ctrl); - ldap_free_sort_keylist(keys); - if (ret != LDAP_SUCCESS) { - ERROR("Failed creating server sort control: %s", ldap_err2string(ret)); - goto error; - } - } +#define SSS_CONTROL_BUILD(_source, _obj, _dest) if (_source) { \ + LDAPSortKey **keys; \ + int ret; \ + ret = ldap_create_sort_keylist(&keys, UNCONST(char *, _source)); \ + if (ret != LDAP_SUCCESS) { \ + cf_log_err(conf, "Invalid " STRINGIFY(_obj) ".sort_by value \"%s\": %s", \ + _source, ldap_err2string(ret)); \ + goto error; \ + } \ + /* \ + * Always set the control as critical, if it's not needed \ + * the user can comment it out... \ + */ \ + ret = ldap_create_sort_control(ldap_global_handle, keys, 1, &_dest); \ + ldap_free_sort_keylist(keys); \ + if (ret != LDAP_SUCCESS) { \ + ERROR("Failed creating server sort control: %s", ldap_err2string(ret)); \ + goto error; \ + } \ + } + + SSS_CONTROL_BUILD(inst->user.obj_sort_by, user, inst->user.obj_sort_ctrl) + SSS_CONTROL_BUILD(inst->profile_sort_by, profile, inst->profile_sort_ctrl) if (inst->handle_config.tls_require_cert_str) { /* diff --git a/src/modules/rlm_ldap/rlm_ldap.h b/src/modules/rlm_ldap/rlm_ldap.h index 4c7911a86e..4458a6bf5b 100644 --- a/src/modules/rlm_ldap/rlm_ldap.h +++ b/src/modules/rlm_ldap/rlm_ldap.h @@ -101,6 +101,8 @@ typedef struct { //!< in userobj or groupobj. char const *profile_attr_suspend; //!< Attribute that identifies profiles to apply when the user's ///< account is suspended. May appear in userobj or groupobj. + char const *profile_sort_by; //!< List of attributes to sort profiles by + LDAPControl *profile_sort_ctrl; //!< Server side sort control #ifdef WITH_EDIR /* -- 2.47.3