From: Nick Porter <nick@portercomputing.co.uk>
Date: Thu, 8 Sep 2022 13:16:36 +0000 (+0100)
Subject: Use dummy LDAP handle to tidy code
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=97c3f9161c442bb3cd0d4714e24608da958a8f1f;p=thirdparty%2Ffreeradius-server.git

Use dummy LDAP handle to tidy code
---

diff --git a/src/lib/ldap/base.h b/src/lib/ldap/base.h
index 1fd0f78d19e..541f06d8742 100644
--- a/src/lib/ldap/base.h
+++ b/src/lib/ldap/base.h
@@ -781,7 +781,7 @@ int		fr_ldap_map_verify(map_t *map, void *instance);
 
 int		fr_ldap_map_expand(fr_ldap_map_exp_t *expanded, request_t *request, map_list_t const *maps);
 
-int		fr_ldap_map_do(request_t *request, LDAP *handle,
+int		fr_ldap_map_do(request_t *request,
 			       char const *valuepair_attr, fr_ldap_map_exp_t const *expanded, LDAPMessage *entry);
 
 /*
diff --git a/src/lib/ldap/map.c b/src/lib/ldap/map.c
index f67d0bfbb7f..d529a4747fb 100644
--- a/src/lib/ldap/map.c
+++ b/src/lib/ldap/map.c
@@ -308,7 +308,6 @@ int fr_ldap_map_expand(fr_ldap_map_exp_t *expanded, request_t *request, map_list
  * This is *NOT* atomic, but there's no condition for which we should error out...
  *
  * @param[in] request		Current request.
- * @param[in] handle		associated with entry.
  * @param[in] valuepair_attr	Treat attribute with this name as holding complete AVP definitions.
  * @param[in] expanded		attributes (rhs of map).
  * @param[in] entry		to retrieve attributes from.
@@ -316,7 +315,7 @@ int fr_ldap_map_expand(fr_ldap_map_exp_t *expanded, request_t *request, map_list
  *	- Number of maps successfully applied.
  *	- -1 on failure.
  */
-int fr_ldap_map_do(request_t *request, LDAP *handle,
+int fr_ldap_map_do(request_t *request,
 		   char const *valuepair_attr, fr_ldap_map_exp_t const *expanded, LDAPMessage *entry)
 {
 	map_t const		*map = NULL;
@@ -325,6 +324,7 @@ int fr_ldap_map_do(request_t *request, LDAP *handle,
 
 	fr_ldap_result_t	result;
 	char const		*name;
+	LDAP			*handle = fr_ldap_handle_thread_local();
 
 	while ((map = map_list_next(expanded->maps, map))) {
 		int ret;
diff --git a/src/modules/rlm_ldap/groups.c b/src/modules/rlm_ldap/groups.c
index 6b2c1e03227..c96cd69a35e 100644
--- a/src/modules/rlm_ldap/groups.c
+++ b/src/modules/rlm_ldap/groups.c
@@ -273,13 +273,12 @@ finish:
  * @param[in] request		Current request.
  * @param[in] ttrunk		to use.
  * @param[in] entry		retrieved by rlm_ldap_find_user or fr_ldap_search.
- * @param[in] handle		on which original object was found.
  * @param[in] attr		membership attribute to look for in the entry.
  * @return One of the RLM_MODULE_* values.
  */
 unlang_action_t rlm_ldap_cacheable_userobj(rlm_rcode_t *p_result, rlm_ldap_t const *inst,
 					   request_t *request, fr_ldap_thread_trunk_t *ttrunk,
-					   LDAPMessage *entry, LDAP *handle, char const *attr)
+					   LDAPMessage *entry, char const *attr)
 {
 	rlm_rcode_t rcode = RLM_MODULE_OK;
 
@@ -305,7 +304,7 @@ unlang_action_t rlm_ldap_cacheable_userobj(rlm_rcode_t *p_result, rlm_ldap_t con
 	/*
 	 *	Parse the membership information we got in the initial user query.
 	 */
-	values = ldap_get_values_len(handle, entry, attr);
+	values = ldap_get_values_len(fr_ldap_handle_thread_local(), entry, attr);
 	if (!values) {
 		RDEBUG2("No cacheable group memberships found in user object");
 
diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c
index 4b64c7a6db4..f4973ba5467 100644
--- a/src/modules/rlm_ldap/rlm_ldap.c
+++ b/src/modules/rlm_ldap/rlm_ldap.c
@@ -1110,7 +1110,7 @@ static unlang_action_t rlm_ldap_map_profile(rlm_rcode_t *p_result, rlm_ldap_t co
 
 	RDEBUG2("Processing profile attributes");
 	RINDENT();
-	if (fr_ldap_map_do(request, query->ldap_conn->handle, inst->valuepair_attr, expanded, entry) > 0) rcode = RLM_MODULE_UPDATED;
+	if (fr_ldap_map_do(request, inst->valuepair_attr, expanded, entry) > 0) rcode = RLM_MODULE_UPDATED;
 	REXDENT();
 
 	RETURN_MODULE_RCODE(rcode);
@@ -1180,7 +1180,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod
 	 *	Check for access.
 	 */
 	if (inst->userobj_access_attr) {
-		rcode = rlm_ldap_check_access(inst, request, handle, entry);
+		rcode = rlm_ldap_check_access(inst, request, entry);
 		if (rcode != RLM_MODULE_OK) {
 			goto finish;
 		}
@@ -1191,7 +1191,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod
 	 */
 	if (inst->cacheable_group_dn || inst->cacheable_group_name) {
 		if (inst->userobj_membership_attr) {
-			rlm_ldap_cacheable_userobj(&rcode, inst, request, ttrunk, entry, handle, inst->userobj_membership_attr);
+			rlm_ldap_cacheable_userobj(&rcode, inst, request, ttrunk, entry, inst->userobj_membership_attr);
 			if (rcode != RLM_MODULE_OK) {
 				goto finish;
 			}
@@ -1321,7 +1321,7 @@ skip_edir:
 	if (!map_list_empty(&inst->user_map) || inst->valuepair_attr) {
 		RDEBUG2("Processing user attributes");
 		RINDENT();
-		if (fr_ldap_map_do(request, handle, inst->valuepair_attr,
+		if (fr_ldap_map_do(request, inst->valuepair_attr,
 				   &expanded, entry) > 0) rcode = RLM_MODULE_UPDATED;
 		REXDENT();
 		rlm_ldap_check_reply(mctx, request, ttrunk);
diff --git a/src/modules/rlm_ldap/rlm_ldap.h b/src/modules/rlm_ldap/rlm_ldap.h
index 3d96db18df8..f29bc44adec 100644
--- a/src/modules/rlm_ldap/rlm_ldap.h
+++ b/src/modules/rlm_ldap/rlm_ldap.h
@@ -153,7 +153,7 @@ extern HIDDEN fr_dict_attr_t const *attr_user_name;
 char const *rlm_ldap_find_user(rlm_ldap_t const *inst, request_t *request, fr_ldap_thread_trunk_t *tconn,
 			       char const *attrs[], bool force, LDAPMessage **result, LDAP **handle, rlm_rcode_t *rcode);
 
-rlm_rcode_t rlm_ldap_check_access(rlm_ldap_t const *inst, request_t *request, LDAP *handle, LDAPMessage *entry);
+rlm_rcode_t rlm_ldap_check_access(rlm_ldap_t const *inst, request_t *request, LDAPMessage *entry);
 
 void rlm_ldap_check_reply(module_ctx_t const *mctx, request_t *request, fr_ldap_thread_trunk_t const *ttrunk);
 
@@ -162,7 +162,7 @@ void rlm_ldap_check_reply(module_ctx_t const *mctx, request_t *request, fr_ldap_
  */
 unlang_action_t rlm_ldap_cacheable_userobj(rlm_rcode_t *p_result, rlm_ldap_t const *inst,
 					   request_t *request, fr_ldap_thread_trunk_t *ttrunk,
-					   LDAPMessage *entry, LDAP *handle, char const *attr);
+					   LDAPMessage *entry, char const *attr);
 
 unlang_action_t rlm_ldap_cacheable_groupobj(rlm_rcode_t *p_result,
 					    rlm_ldap_t const *inst, request_t *request, fr_ldap_thread_trunk_t *ttrunk);
diff --git a/src/modules/rlm_ldap/user.c b/src/modules/rlm_ldap/user.c
index b54f5820dc9..d8caa7a60a9 100644
--- a/src/modules/rlm_ldap/user.c
+++ b/src/modules/rlm_ldap/user.c
@@ -190,18 +190,17 @@ finish:
  *
  * @param[in] inst rlm_ldap configuration.
  * @param[in] request Current request.
- * @param[in] handle used to retrieve access attributes.
  * @param[in] entry retrieved by rlm_ldap_find_user or fr_ldap_search.
  * @return
  *	- #RLM_MODULE_DISALLOW if the user was denied access.
  *	- #RLM_MODULE_OK otherwise.
  */
-rlm_rcode_t rlm_ldap_check_access(rlm_ldap_t const *inst, request_t *request, LDAP *handle, LDAPMessage *entry)
+rlm_rcode_t rlm_ldap_check_access(rlm_ldap_t const *inst, request_t *request, LDAPMessage *entry)
 {
 	rlm_rcode_t rcode = RLM_MODULE_OK;
 	struct berval **values = NULL;
 
-	values = ldap_get_values_len(handle, entry, inst->userobj_access_attr);
+	values = ldap_get_values_len(fr_ldap_handle_thread_local(), entry, inst->userobj_access_attr);
 	if (values) {
 		if (inst->access_positive) {
 			if ((values[0]->bv_len >= 5) && (strncasecmp(values[0]->bv_val, "false", 5) == 0)) {