From: Nick Porter Date: Wed, 26 Feb 2025 20:17:43 +0000 (+0000) Subject: Add fallthrough_attr to LDAP query X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b0996604129b49a3d72a4cf121bbcd1e8b2ac229;p=thirdparty%2Ffreeradius-server.git Add fallthrough_attr to LDAP query --- diff --git a/src/lib/ldap/base.h b/src/lib/ldap/base.h index 0a2b34b12ac..f8cb4d694f4 100644 --- a/src/lib/ldap/base.h +++ b/src/lib/ldap/base.h @@ -855,7 +855,8 @@ int fr_ldap_map_getvalue(TALLOC_CTX *ctx, fr_pair_list_t *out, request_t *reque int fr_ldap_map_verify(map_t *map, void *instance); int fr_ldap_map_expand(TALLOC_CTX *ctx, fr_ldap_map_exp_t *expanded, request_t *request, - map_list_t const *maps, char const *generic_attr, char const *check_attr); + map_list_t const *maps, char const *generic_attr, char const *check_attr, + char const *fallthrough_attr); int fr_ldap_map_do(request_t *request, char const *check_attr, char const *valuepair_attr, fr_ldap_map_exp_t const *expanded, LDAPMessage *entry); diff --git a/src/lib/ldap/map.c b/src/lib/ldap/map.c index 95b77b350bd..7e32dd9391c 100644 --- a/src/lib/ldap/map.c +++ b/src/lib/ldap/map.c @@ -265,12 +265,13 @@ int fr_ldap_map_verify(map_t *map, UNUSED void *instance) * @param[in] maps to expand. * @param[in] generic_attr name to append to the attribute list. * @param[in] check_attr name to append to the attribute list. + * @param[in] fallthrough_attr name to append to the attribute list. * @return * - 0 on success. * - -1 on failure. */ int fr_ldap_map_expand(TALLOC_CTX *ctx, fr_ldap_map_exp_t *expanded, request_t *request, map_list_t const *maps, - char const *generic_attr, char const *check_attr) + char const *generic_attr, char const *check_attr, char const *fallthrough_attr) { map_t const *map = NULL; unsigned int total = 0; @@ -299,6 +300,7 @@ int fr_ldap_map_expand(TALLOC_CTX *ctx, fr_ldap_map_exp_t *expanded, request_t * if (generic_attr) expanded->attrs[total++] = generic_attr; if (check_attr) expanded->attrs[total++] = check_attr; + if (fallthrough_attr) expanded->attrs[total++] = fallthrough_attr; expanded->attrs[total] = NULL; expanded->count = total; diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c index 15a92ffa207..7d689970857 100644 --- a/src/modules/rlm_ldap/rlm_ldap.c +++ b/src/modules/rlm_ldap/rlm_ldap.c @@ -1174,7 +1174,7 @@ static xlat_action_t ldap_profile_xlat(UNUSED TALLOC_CTX *ctx, UNUSED fr_dcursor * Synchronous expansion of maps (fixme!) */ if (fr_ldap_map_expand(xlat_ctx, &xlat_ctx->expanded, request, env_data->profile_map, - inst->valuepair_attr, inst->profile.check_attr) < 0) goto error; + inst->valuepair_attr, inst->profile.check_attr, inst->profile.fallthrough_attr) < 0) goto error; ttrunk = fr_thread_ldap_trunk_get(t, host_url, handle_config->admin_identity, handle_config->admin_password, request, handle_config); if (host) ldap_memfree(host); @@ -1400,7 +1400,7 @@ static unlang_action_t mod_map_proc(rlm_rcode_t *p_result, void const *mod_inst, /* * Expand the RHS of the maps to get the name of the attributes. */ - if (fr_ldap_map_expand(map_ctx, &map_ctx->expanded, request, maps, NULL, NULL) < 0) goto fail; + if (fr_ldap_map_expand(map_ctx, &map_ctx->expanded, request, maps, NULL, NULL, NULL) < 0) goto fail; /* * If the URL is :/// the parsed host will be NULL - use config default @@ -1849,7 +1849,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod * User-Password here. LDAP authorization can be used * for many things besides searching for users. */ - if (fr_ldap_map_expand(autz_ctx, expanded, request, call_env->user_map, inst->valuepair_attr, NULL) < 0) { + if (fr_ldap_map_expand(autz_ctx, expanded, request, call_env->user_map, inst->valuepair_attr, NULL, NULL) < 0) { fail: talloc_free(autz_ctx); RETURN_MODULE_FAIL;