return num_groups;
}
-
-/*
- * sql groupcmp function. That way we can do group comparisons (in the users file for example)
- * with the group memberships reciding in sql
- * The group membership query should only return one element which is the username. The returned
- * username will then be checked with the passed check string.
+/** Check if a given group is in the SQL group for this user.
+ *
*/
-static int sql_groupcmp(void *instance, request_t *request, fr_pair_t const *check) CC_HINT(nonnull);
-
-static int sql_groupcmp(void *instance, request_t *request, fr_pair_t const *check)
+static bool CC_HINT(nonnull) sql_check_group(rlm_sql_t const *inst, request_t *request, char const *name)
{
+ bool rcode = false;
rlm_sql_handle_t *handle;
- rlm_sql_t const *inst = talloc_get_type_abort_const(instance, rlm_sql_t);
rlm_sql_grouplist_t *head, *entry;
- /*
- * No group queries, don't do group comparisons.
- */
- if (!inst->config.groupmemb_query) {
- RWARN("Cannot do group comparison when group_membership_query is not set");
- return 1;
- }
-
- RDEBUG2("sql_groupcmp");
-
- if (check->vp_length == 0){
- RDEBUG2("sql_groupcmp: Illegal group name");
- return 1;
- }
-
/*
* Set, escape, and check the user attr here
*/
* Get a socket for this lookup
*/
handle = fr_pool_connection_get(inst->pool, request);
- if (!handle) {
- return 1;
- }
+ if (!handle) return false;
/*
* Get the list of groups this user is a member of
if (sql_get_grouplist(inst, &handle, request, &head) < 0) {
REDEBUG("Error getting group membership");
fr_pool_connection_release(inst->pool, request, handle);
- return 1;
+ return false;
}
for (entry = head; entry != NULL; entry = entry->next) {
- if (strcmp(entry->name, check->vp_strvalue) == 0){
- RDEBUG2("sql_groupcmp finished: User is a member of group %s",
- check->vp_strvalue);
- talloc_free(head);
- fr_pool_connection_release(inst->pool, request, handle);
- return 0;
+ if (strcmp(entry->name, name) == 0) {
+ rcode = true;
+ break;
}
}
talloc_free(head);
fr_pool_connection_release(inst->pool, request, handle);
- RDEBUG2("sql_groupcmp finished: User is NOT a member of group %pV", &check->data);
+ return rcode;
+}
+
+/*
+ * sql groupcmp function. That way we can do group comparisons (in the users file for example)
+ * with the group memberships reciding in sql
+ * The group membership query should only return one element which is the username. The returned
+ * username will then be checked with the passed check string.
+ */
+static int sql_groupcmp(void *instance, request_t *request, fr_pair_t const *check) CC_HINT(nonnull);
+
+static int sql_groupcmp(void *instance, request_t *request, fr_pair_t const *check)
+{
+ rlm_sql_t const *inst = talloc_get_type_abort_const(instance, rlm_sql_t);
+
+ /*
+ * No group queries, don't do group comparisons.
+ */
+ if (!inst->config.groupmemb_query) {
+ RWARN("Cannot do group comparison when group_membership_query is not set");
+ return 1;
+ }
+
+ RDEBUG2("sql_groupcmp");
+
+ if (check->vp_length == 0){
+ RDEBUG2("sql_groupcmp: Illegal group name");
+ return 1;
+ }
+ if (sql_check_group(inst, request, check->vp_strvalue)) {
+ RDEBUG2("sql_groupcmp finished: User is a member of group %s",
+ check->vp_strvalue);
+ return 0;
+ }
+
+ RDEBUG2("sql_groupcmp finished: User is NOT a member of group %pV", &check->data);
return 1;
}
projects / thirdparty / freeradius-server.git / commitdiff
