int fr_ldap_map_expand(fr_ldap_map_exp_t *expanded, request_t *request, map_list_t const *maps);
-int fr_ldap_map_do(request_t *request, LDAP *handle,
+int fr_ldap_map_do(request_t *request,
char const *valuepair_attr, fr_ldap_map_exp_t const *expanded, LDAPMessage *entry);
/*
* This is *NOT* atomic, but there's no condition for which we should error out...
*
* @param[in] request Current request.
- * @param[in] handle associated with entry.
* @param[in] valuepair_attr Treat attribute with this name as holding complete AVP definitions.
* @param[in] expanded attributes (rhs of map).
* @param[in] entry to retrieve attributes from.
* - Number of maps successfully applied.
* - -1 on failure.
*/
-int fr_ldap_map_do(request_t *request, LDAP *handle,
+int fr_ldap_map_do(request_t *request,
char const *valuepair_attr, fr_ldap_map_exp_t const *expanded, LDAPMessage *entry)
{
map_t const *map = NULL;
fr_ldap_result_t result;
char const *name;
+ LDAP *handle = fr_ldap_handle_thread_local();
while ((map = map_list_next(expanded->maps, map))) {
int ret;
* @param[in] request Current request.
* @param[in] ttrunk to use.
* @param[in] entry retrieved by rlm_ldap_find_user or fr_ldap_search.
- * @param[in] handle on which original object was found.
* @param[in] attr membership attribute to look for in the entry.
* @return One of the RLM_MODULE_* values.
*/
unlang_action_t rlm_ldap_cacheable_userobj(rlm_rcode_t *p_result, rlm_ldap_t const *inst,
request_t *request, fr_ldap_thread_trunk_t *ttrunk,
- LDAPMessage *entry, LDAP *handle, char const *attr)
+ LDAPMessage *entry, char const *attr)
{
rlm_rcode_t rcode = RLM_MODULE_OK;
/*
* Parse the membership information we got in the initial user query.
*/
- values = ldap_get_values_len(handle, entry, attr);
+ values = ldap_get_values_len(fr_ldap_handle_thread_local(), entry, attr);
if (!values) {
RDEBUG2("No cacheable group memberships found in user object");
RDEBUG2("Processing profile attributes");
RINDENT();
- if (fr_ldap_map_do(request, query->ldap_conn->handle, inst->valuepair_attr, expanded, entry) > 0) rcode = RLM_MODULE_UPDATED;
+ if (fr_ldap_map_do(request, inst->valuepair_attr, expanded, entry) > 0) rcode = RLM_MODULE_UPDATED;
REXDENT();
RETURN_MODULE_RCODE(rcode);
* Check for access.
*/
if (inst->userobj_access_attr) {
- rcode = rlm_ldap_check_access(inst, request, handle, entry);
+ rcode = rlm_ldap_check_access(inst, request, entry);
if (rcode != RLM_MODULE_OK) {
goto finish;
}
*/
if (inst->cacheable_group_dn || inst->cacheable_group_name) {
if (inst->userobj_membership_attr) {
- rlm_ldap_cacheable_userobj(&rcode, inst, request, ttrunk, entry, handle, inst->userobj_membership_attr);
+ rlm_ldap_cacheable_userobj(&rcode, inst, request, ttrunk, entry, inst->userobj_membership_attr);
if (rcode != RLM_MODULE_OK) {
goto finish;
}
if (!map_list_empty(&inst->user_map) || inst->valuepair_attr) {
RDEBUG2("Processing user attributes");
RINDENT();
- if (fr_ldap_map_do(request, handle, inst->valuepair_attr,
+ if (fr_ldap_map_do(request, inst->valuepair_attr,
&expanded, entry) > 0) rcode = RLM_MODULE_UPDATED;
REXDENT();
rlm_ldap_check_reply(mctx, request, ttrunk);
char const *rlm_ldap_find_user(rlm_ldap_t const *inst, request_t *request, fr_ldap_thread_trunk_t *tconn,
char const *attrs[], bool force, LDAPMessage **result, LDAP **handle, rlm_rcode_t *rcode);
-rlm_rcode_t rlm_ldap_check_access(rlm_ldap_t const *inst, request_t *request, LDAP *handle, LDAPMessage *entry);
+rlm_rcode_t rlm_ldap_check_access(rlm_ldap_t const *inst, request_t *request, LDAPMessage *entry);
void rlm_ldap_check_reply(module_ctx_t const *mctx, request_t *request, fr_ldap_thread_trunk_t const *ttrunk);
*/
unlang_action_t rlm_ldap_cacheable_userobj(rlm_rcode_t *p_result, rlm_ldap_t const *inst,
request_t *request, fr_ldap_thread_trunk_t *ttrunk,
- LDAPMessage *entry, LDAP *handle, char const *attr);
+ LDAPMessage *entry, char const *attr);
unlang_action_t rlm_ldap_cacheable_groupobj(rlm_rcode_t *p_result,
rlm_ldap_t const *inst, request_t *request, fr_ldap_thread_trunk_t *ttrunk);
*
* @param[in] inst rlm_ldap configuration.
* @param[in] request Current request.
- * @param[in] handle used to retrieve access attributes.
* @param[in] entry retrieved by rlm_ldap_find_user or fr_ldap_search.
* @return
* - #RLM_MODULE_DISALLOW if the user was denied access.
* - #RLM_MODULE_OK otherwise.
*/
-rlm_rcode_t rlm_ldap_check_access(rlm_ldap_t const *inst, request_t *request, LDAP *handle, LDAPMessage *entry)
+rlm_rcode_t rlm_ldap_check_access(rlm_ldap_t const *inst, request_t *request, LDAPMessage *entry)
{
rlm_rcode_t rcode = RLM_MODULE_OK;
struct berval **values = NULL;
- values = ldap_get_values_len(handle, entry, inst->userobj_access_attr);
+ values = ldap_get_values_len(fr_ldap_handle_thread_local(), entry, inst->userobj_access_attr);
if (values) {
if (inst->access_positive) {
if ((values[0]->bv_len >= 5) && (strncasecmp(values[0]->bv_val, "false", 5) == 0)) {
projects / thirdparty / freeradius-server.git / commitdiff
