Explicitly store the result of edit get password operations

diff --git a/src/lib/ldap/base.h b/src/lib/ldap/base.h
index 07311916a441ade6ea3770a4187cf0ebc1c54d2c..d0a42052a933f7e69cf8b0d82aaa58ab484e50bb 100644 (file)
--- a/src/lib/ldap/base.h
+++ b/src/lib/ldap/base.h
@@ -840,7 +840,7 @@ int         fr_ldap_conn_directory_alloc_async(fr_ldap_connection_t *ldap_conn);
 /*
  *     edir.c - Edirectory integrations
  */
-unlang_action_t        fr_ldap_edir_get_password(request_t *request, char const *dn,
+unlang_action_t        fr_ldap_edir_get_password(unlang_result_t *p_result, request_t *request, char const *dn,
                                          fr_ldap_thread_trunk_t *ttrunk, fr_dict_attr_t const *password_da);
 
 char const     *fr_ldap_edir_errstr(int code);
@@ -912,7 +912,8 @@ int         fr_ldap_sasl_bind_auth_send(fr_ldap_sasl_ctx_t *sasl_ctx,
                                            int *msgid,
                                            fr_ldap_connection_t *ldap_conn);
 
-unlang_action_t        fr_ldap_sasl_bind_auth_async(request_t *request,
+unlang_action_t        fr_ldap_sasl_bind_auth_async(unlang_result_t *p_result,
+                                            request_t *request,
                                             fr_ldap_thread_t *thread,
                                             char const *mechs,
                                             char const *identity,

diff --git a/src/lib/ldap/bind.c b/src/lib/ldap/bind.c
index 2993ed2dc801d3e174f89def82b81093673f2af1..8985a15de3be1277ef1003fbbc7f1f79b50081f2 100644 (file)
--- a/src/lib/ldap/bind.c
+++ b/src/lib/ldap/bind.c
@@ -332,13 +332,13 @@ unlang_action_t fr_ldap_bind_auth_async(unlang_result_t *p_result, request_t *re
 
        if (!ttrunk) {
                ERROR("Failed to get trunk connection for LDAP bind");
-               return UNLANG_ACTION_FAIL;
+               RETURN_UNLANG_FAIL;
        }
 
        treq = trunk_request_alloc(ttrunk->trunk, request);
        if (!treq) {
                ERROR ("Failed to allocate trunk request for LDAP bind");
-               return UNLANG_ACTION_FAIL;
+               RETURN_UNLANG_FAIL;
        }
 
        MEM(bind_auth_ctx = talloc(treq, fr_ldap_bind_auth_ctx_t));
@@ -365,7 +365,7 @@ unlang_action_t fr_ldap_bind_auth_async(unlang_result_t *p_result, request_t *re
        default:
                ERROR("Failed to enqueue bind request");
                trunk_request_free(&treq);
-               return UNLANG_ACTION_FAIL;
+               RETURN_UNLANG_FAIL;
        }
 
        return unlang_function_push(p_result,

diff --git a/src/lib/ldap/edir.c b/src/lib/ldap/edir.c
index 4137eef8cc25615218801b5939a2f487555e42e6..b650bc2c0247aab3f44bb63cc5c2c130195f2903 100644 (file)
--- a/src/lib/ldap/edir.c
+++ b/src/lib/ldap/edir.c
@@ -280,6 +280,7 @@ static void ldap_edir_get_password_cancel(UNUSED request_t *request, UNUSED fr_s
 
 /** Initiate retrieval of the universal password from Novell eDirectory
  *
+ * @param[out] p_result                Where to write the result of the operation.
  * @param[in] request          Current request.
  * @param[in] dn               of the user whose password is to be retrieved.
  * @param[in] ttrunk           on which to send the LDAP request.
@@ -288,7 +289,8 @@ static void ldap_edir_get_password_cancel(UNUSED request_t *request, UNUSED fr_s
  *     - UNLANG_ACTION_PUSHED_CHILD on success.
  *     - UNLANG_ACTION_FAIL on failure.
  */
-unlang_action_t fr_ldap_edir_get_password(request_t *request, char const *dn, fr_ldap_thread_trunk_t *ttrunk,
+unlang_action_t fr_ldap_edir_get_password(unlang_result_t *p_result,
+                                         request_t *request, char const *dn, fr_ldap_thread_trunk_t *ttrunk,
                                          fr_dict_attr_t const *password_da)
 {
        ldap_edir_ctx_t *edir_ctx;
@@ -296,7 +298,7 @@ unlang_action_t fr_ldap_edir_get_password(request_t *request, char const *dn, fr
 
        if (!dn || !*dn) {
                REDEBUG("Missing DN");
-               return UNLANG_ACTION_FAIL;
+               RETURN_UNLANG_FAIL;
        }
 
        MEM(edir_ctx = talloc(unlang_interpret_frame_talloc_ctx(request), ldap_edir_ctx_t));
@@ -311,10 +313,13 @@ unlang_action_t fr_ldap_edir_get_password(request_t *request, char const *dn, fr
        if (err) {
                REDEBUG("Failed to encode user DN: %s", fr_ldap_edir_errstr(err));
                talloc_free(edir_ctx);
-               return UNLANG_ACTION_FAIL;
+               RETURN_UNLANG_FAIL;
        }
 
-       return unlang_function_push(NULL, request, ldap_edir_get_password_start, ldap_edir_get_password_resume,
+       return unlang_function_push(p_result,
+                                   request,
+                                   ldap_edir_get_password_start,
+                                   ldap_edir_get_password_resume,
                                    ldap_edir_get_password_cancel, ~FR_SIGNAL_CANCEL,
                                    UNLANG_SUB_FRAME, edir_ctx);
 }

diff --git a/src/lib/ldap/sasl.c b/src/lib/ldap/sasl.c
index b3e52ccd041dc7bfbb42bedd87e86c93c9843d5b..d8b5399f3ce30d739e4f4885e95562ff9322da37 100644 (file)
--- a/src/lib/ldap/sasl.c
+++ b/src/lib/ldap/sasl.c
@@ -489,6 +489,7 @@ static unlang_action_t ldap_async_sasl_bind_auth_results(unlang_result_t *p_resu
 
 /** Initiate an async SASL LDAP bind for authentication
  *
+ * @param[out] p_result                Where to write the result of the bind.
  * @param[in] request          this bind relates to.
  * @param[in] thread           whose connection the bind should be performed on.
  * @param[in] mechs            SASL mechanisms to use.
@@ -500,8 +501,9 @@ static unlang_action_t ldap_async_sasl_bind_auth_results(unlang_result_t *p_resu
  *     - 0 on success.
  *     - -1 on failure.
 */
-unlang_action_t fr_ldap_sasl_bind_auth_async(request_t *request, fr_ldap_thread_t *thread, char const *mechs,
-                                char const *identity, char const *password, char const *proxy, char const *realm)
+unlang_action_t fr_ldap_sasl_bind_auth_async(unlang_result_t *p_result,
+                                            request_t *request, fr_ldap_thread_t *thread, char const *mechs,
+                                            char const *identity, char const *password, char const *proxy, char const *realm)
 {
        fr_ldap_bind_auth_ctx_t *bind_auth_ctx;
        trunk_request_t *treq;
@@ -510,13 +512,13 @@ unlang_action_t fr_ldap_sasl_bind_auth_async(request_t *request, fr_ldap_thread_
 
        if (!ttrunk) {
                ERROR("Failed to get trunk connection for LDAP bind");
-               return UNLANG_ACTION_FAIL;
+               RETURN_UNLANG_FAIL;
        }
 
        treq = trunk_request_alloc(ttrunk->trunk, request);
        if (!treq) {
                ERROR("Failed to allocate trunk request for LDAP bind");
-               return UNLANG_ACTION_FAIL;
+               RETURN_UNLANG_FAIL;
        }
 
        MEM(bind_auth_ctx = talloc_zero(treq, fr_ldap_bind_auth_ctx_t));
@@ -548,10 +550,10 @@ unlang_action_t fr_ldap_sasl_bind_auth_async(request_t *request, fr_ldap_thread_
        default:
                ERROR("Failed to enqueue bind request");
                trunk_request_free(&treq);
-               return UNLANG_ACTION_FAIL;
+               RETURN_UNLANG_FAIL;
        }
 
-       return unlang_function_push(NULL,
+       return unlang_function_push(p_result,
                                    request,
                                    ldap_async_sasl_bind_auth_start,
                                    ldap_async_sasl_bind_auth_results,

diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c
index c27b8f416855ba400c8988b21fee839a3cef5077..7ff04a140a3432e4e2bd90ccb7acd952de7ea44f 100644 (file)
--- a/src/modules/rlm_ldap/rlm_ldap.c
+++ b/src/modules/rlm_ldap/rlm_ldap.c
@@ -1585,10 +1585,10 @@ static unlang_action_t CC_HINT(nonnull) mod_authenticate(unlang_result_t *p_resu
 #ifdef WITH_SASL
                RDEBUG2("Login attempt using identity \"%pV\"", &call_env->user_sasl_authname);
 
-               return fr_ldap_sasl_bind_auth_async(request, auth_ctx->thread, call_env->user_sasl_mech.vb_strvalue,
-                                                call_env->user_sasl_authname.vb_strvalue,
-                                                auth_ctx->password, call_env->user_sasl_proxy.vb_strvalue,
-                                                call_env->user_sasl_realm.vb_strvalue);
+               return fr_ldap_sasl_bind_auth_async(p_result, request, auth_ctx->thread, call_env->user_sasl_mech.vb_strvalue,
+                                                   call_env->user_sasl_authname.vb_strvalue,
+                                                   auth_ctx->password, call_env->user_sasl_proxy.vb_strvalue,
+                                                   call_env->user_sasl_realm.vb_strvalue);
 #else
                RDEBUG("Configuration item 'sasl.mech' is not supported.  "
                       "The linked version of libldap does not provide ldap_sasl_bind( function");
@@ -1734,7 +1734,7 @@ static unlang_action_t mod_authorize_resume(unlang_result_t *p_result, request_t
                         */
                        REPEAT_MOD_AUTHORIZE_RESUME;
                        autz_ctx->status = LDAP_AUTZ_EDIR_BIND;
-                       return fr_ldap_edir_get_password(request, autz_ctx->dn, autz_ctx->ttrunk,
+                       return fr_ldap_edir_get_password(p_result, request, autz_ctx->dn, autz_ctx->ttrunk,
                                                         attr_cleartext_password);
                }
                FALL_THROUGH;