Return an unlang_action_t from ldap bind auth functions

diff --git a/src/lib/ldap/base.h b/src/lib/ldap/base.h
index e8f8e3fd269efff58ae33c30ca6c55827134a761..96e0f6e69cebcaf354f9b197b992a67329d67d30 100644 (file)
--- a/src/lib/ldap/base.h
+++ b/src/lib/ldap/base.h
@@ -912,11 +912,11 @@ int               fr_ldap_sasl_bind_auth_async(request_t *request,
 /*
  *     bind.c - Async bind
  */
-int            fr_ldap_bind_async(fr_ldap_connection_t *c,
+unlang_action_t        fr_ldap_bind_async(fr_ldap_connection_t *c,
                                   char const *bind_dn, char const *password,
                                   LDAPControl **serverctrls, LDAPControl **clientctrls);
 
-int            fr_ldap_bind_auth_async(request_t *request, fr_ldap_thread_t *thread,
+unlang_action_t        fr_ldap_bind_auth_async(request_t *request, fr_ldap_thread_t *thread,
                                        char const *bind_dn, char const *password);
 
 /*

diff --git a/src/lib/ldap/bind.c b/src/lib/ldap/bind.c
index 2e9b8e9401890025892857807abf6d50dd9688ed..75a018386379f808890e0f24b096454be94d3ff7 100644 (file)
--- a/src/lib/ldap/bind.c
+++ b/src/lib/ldap/bind.c
@@ -316,7 +316,7 @@ static void ldap_async_auth_bind_cancel(request_t *request, UNUSED fr_signal_t a
  *     - 0 on success.
  *     - -1 on failure.
  */
-int fr_ldap_bind_auth_async(request_t *request, fr_ldap_thread_t *thread, char const *bind_dn, char const *password)
+unlang_action_t fr_ldap_bind_auth_async(request_t *request, fr_ldap_thread_t *thread, char const *bind_dn, char const *password)
 {
        fr_ldap_bind_auth_ctx_t *bind_auth_ctx;
        fr_trunk_request_t      *treq;
@@ -325,13 +325,13 @@ int fr_ldap_bind_auth_async(request_t *request, fr_ldap_thread_t *thread, char c
 
        if (!ttrunk) {
                ERROR("Failed to get trunk connection for LDAP bind");
-               return -1;
+               return UNLANG_ACTION_FAIL;
        }
 
        treq = fr_trunk_request_alloc(ttrunk->trunk, request);
        if (!treq) {
                ERROR ("Failed to allocate trunk request for LDAP bind");
-               return -1;
+               return UNLANG_ACTION_FAIL;
        }
 
        MEM(bind_auth_ctx = talloc(treq, fr_ldap_bind_auth_ctx_t));
@@ -358,7 +358,7 @@ int fr_ldap_bind_auth_async(request_t *request, fr_ldap_thread_t *thread, char c
        default:
                ERROR("Failed to enqueue bind request");
                fr_trunk_request_free(&treq);
-               return -1;
+               return UNLANG_ACTION_FAIL;
        }
 
        return unlang_function_push(request,
@@ -366,5 +366,5 @@ int fr_ldap_bind_auth_async(request_t *request, fr_ldap_thread_t *thread, char c
                                    ldap_async_auth_bind_results,
                                    ldap_async_auth_bind_cancel,
                                    ~FR_SIGNAL_CANCEL, UNLANG_SUB_FRAME,
-                                   bind_auth_ctx) == UNLANG_ACTION_PUSHED_CHILD ? 0 : -1;
+                                   bind_auth_ctx);
 }

diff --git a/src/lib/ldap/sasl.c b/src/lib/ldap/sasl.c
index 6a848cfcaa2f31a67934c71c03a65e3b2a226e70..fe4df349b4a31b462764fbc14847825d4dbdaff0 100644 (file)
--- a/src/lib/ldap/sasl.c
+++ b/src/lib/ldap/sasl.c
@@ -501,7 +501,7 @@ static unlang_action_t ldap_async_sasl_bind_auth_results(rlm_rcode_t *p_result,
  *     - 0 on success.
  *     - -1 on failure.
 */
-int fr_ldap_sasl_bind_auth_async(request_t *request, fr_ldap_thread_t *thread, char const *mechs,
+unlang_action_t fr_ldap_sasl_bind_auth_async(request_t *request, fr_ldap_thread_t *thread, char const *mechs,
                                 char const *identity, char const *password, char const *proxy, char const *realm)
 {
        fr_ldap_bind_auth_ctx_t *bind_auth_ctx;
@@ -511,13 +511,13 @@ int fr_ldap_sasl_bind_auth_async(request_t *request, fr_ldap_thread_t *thread, c
 
        if (!ttrunk) {
                ERROR("Failed to get trunk connection for LDAP bind");
-               return -1;
+               return UNLANG_ACTION_FAIL;
        }
 
        treq = fr_trunk_request_alloc(ttrunk->trunk, request);
        if (!treq) {
                ERROR("Failed to allocate trunk request for LDAP bind");
-               return -1;
+               return UNLANG_ACTION_FAIL;
        }
 
        MEM(bind_auth_ctx = talloc_zero(treq, fr_ldap_bind_auth_ctx_t));
@@ -549,7 +549,7 @@ int fr_ldap_sasl_bind_auth_async(request_t *request, fr_ldap_thread_t *thread, c
        default:
                ERROR("Failed to enqueue bind request");
                fr_trunk_request_free(&treq);
-               return -1;
+               return UNLANG_ACTION_FAIL;
        }
 
        return unlang_function_push(request,
@@ -557,5 +557,5 @@ int fr_ldap_sasl_bind_auth_async(request_t *request, fr_ldap_thread_t *thread, c
                                    ldap_async_sasl_bind_auth_results,
                                    ldap_async_sasl_bind_auth_cancel,
                                    ~FR_SIGNAL_CANCEL, UNLANG_SUB_FRAME,
-                                   bind_auth_ctx) == UNLANG_ACTION_PUSHED_CHILD ? 0 : -1;
+                                   bind_auth_ctx);
 }

diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c
index f4d2a4011181124da8a330bc00bffe1c0c4e5801..ab17106646c1c4f286d3a6af12d15bd578345fda 100644 (file)
--- a/src/modules/rlm_ldap/rlm_ldap.c
+++ b/src/modules/rlm_ldap/rlm_ldap.c
@@ -1304,11 +1304,10 @@ static unlang_action_t mod_authenticate_resume(rlm_rcode_t *p_result, UNUSED int
 
                RDEBUG2("Login attept using identity \"%pV\"", &call_env->user_sasl_authname);
 
-               if (fr_ldap_sasl_bind_auth_async(request, auth_ctx->thread, call_env->user_sasl_mech.vb_strvalue,
+               return fr_ldap_sasl_bind_auth_async(request, auth_ctx->thread, call_env->user_sasl_mech.vb_strvalue,
                                                 call_env->user_sasl_authname.vb_strvalue,
                                                 auth_ctx->password, call_env->user_sasl_proxy.vb_strvalue,
-                                                call_env->user_sasl_realm.vb_strvalue) < 0) goto fail;
-               return UNLANG_ACTION_PUSHED_CHILD;
+                                                call_env->user_sasl_realm.vb_strvalue);
 #else
                RDEBUG("Configuration item 'sasl.mech' is not supported.  "
                       "The linked version of libldap does not provide ldap_sasl_bind( function");
@@ -1325,15 +1324,13 @@ static unlang_action_t mod_authenticate_resume(rlm_rcode_t *p_result, UNUSED int
         *      No DN found - can't authenticate the user with a simple bind.
         */
        if (!auth_ctx->dn) {
-       fail:
                talloc_free(auth_ctx);
                RETURN_MODULE_FAIL;
        }
 
        RDEBUG2("Login attempt as \"%s\"", auth_ctx->dn);
 
-       if (fr_ldap_bind_auth_async(request, auth_ctx->thread, auth_ctx->dn, auth_ctx->password) < 0) goto fail;
-       return UNLANG_ACTION_PUSHED_CHILD;
+       return fr_ldap_bind_auth_async(request, auth_ctx->thread, auth_ctx->dn, auth_ctx->password);
 }
 
 static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
@@ -1542,12 +1539,8 @@ static unlang_action_t mod_authorize_resume(rlm_rcode_t *p_result, UNUSED int *p
                         *      Bind as the user
                         */
                        REPEAT_MOD_AUTHORIZE_RESUME;
-                       if (fr_ldap_bind_auth_async(request, thread, autz_ctx->dn, password->vp_strvalue) < 0) {
-                               rcode = RLM_MODULE_FAIL;
-                               goto finish;
-                       }
                        autz_ctx->status = LDAP_AUTZ_POST_EDIR;
-                       return UNLANG_ACTION_PUSHED_CHILD;
+                       return fr_ldap_bind_auth_async(request, thread, autz_ctx->dn, password->vp_strvalue);
                }
                goto skip_edir;