From: Alan T. DeKok Date: Sun, 24 Dec 2023 12:54:03 +0000 (-0500) Subject: add radius_legacy_map_list_apply() and use it in sql and files X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bc45515b9a0429006c7a84d4f61cfeb333ac20df;p=thirdparty%2Ffreeradius-server.git add radius_legacy_map_list_apply() and use it in sql and files --- diff --git a/src/lib/server/pairmove.c b/src/lib/server/pairmove.c index 77d199b110e..a1bc1da7092 100644 --- a/src/lib/server/pairmove.c +++ b/src/lib/server/pairmove.c @@ -770,6 +770,22 @@ int radius_legacy_map_apply(request_t *request, map_t const *map) return 0; } +int radius_legacy_map_list_apply(request_t *request, map_list_t const *list) +{ + map_t const *map; + + for (map = map_list_head(list); + map != NULL; + map = map_list_next(list, map)) { + RDEBUG2("&%s %s %s", map->lhs->name, fr_tokens[map->op], + map->rhs ? map->rhs->name : "{ ... }"); + + if (radius_legacy_map_apply(request, map) < 0) return -1; + } + + return 0; +} + int radius_legacy_map_cmp(request_t *request, map_t const *map) { int rcode; diff --git a/src/lib/server/pairmove.h b/src/lib/server/pairmove.h index e13e20e3b92..d6b226b5046 100644 --- a/src/lib/server/pairmove.h +++ b/src/lib/server/pairmove.h @@ -37,6 +37,8 @@ void radius_pairmove(request_t *request, fr_pair_list_t *to, fr_pair_list_t *fro int radius_legacy_map_apply(request_t *request, map_t const *map) CC_HINT(nonnull); +int radius_legacy_map_list_apply(request_t *request, map_list_t const *list) CC_HINT(nonnull); + int radius_legacy_map_cmp(request_t *request, map_t const *map) CC_HINT(nonnull); #ifdef __cplusplus diff --git a/src/modules/rlm_files/rlm_files.c b/src/modules/rlm_files/rlm_files.c index cce23dc466b..80a3a6f049f 100644 --- a/src/modules/rlm_files/rlm_files.c +++ b/src/modules/rlm_files/rlm_files.c @@ -488,7 +488,6 @@ redo: while (user_pl || default_pl) { map_t *map = NULL; PAIR_LIST const *pl; - bool next_shortest_prefix; bool match = true; /* @@ -563,20 +562,11 @@ redo: RDEBUG2("Found match \"%s\" on line %d of %s", pl->name, pl->lineno, pl->filename); found = true; - next_shortest_prefix = false; /* ctx may be reply */ - if (!map_list_empty(&pl->reply)) { - map = NULL; - - while ((map = map_list_next(&pl->reply, map))) { - if (radius_legacy_map_apply(request, map) < 0) { - RPWARN("Failed parsing map for reply item %s, skipping it", map->lhs->name); - break; - } - } - - next_shortest_prefix = pl->next_shortest_prefix; + if (radius_legacy_map_list_apply(request, &pl->reply) < 0) { + RPWARN("Failed parsing map for reply item %s", map->lhs->name); + RETURN_MODULE_FAIL; } if (pl->fall_through) { @@ -594,7 +584,7 @@ redo: * We're doing patricia tries, but we've been * told to not walk back up the trie, OR we're at the top of the tree. Stop. */ - if (!next_shortest_prefix || (keylen == 0)) { + if (!pl->next_shortest_prefix || (keylen == 0)) { break; } diff --git a/src/modules/rlm_sql/rlm_sql.c b/src/modules/rlm_sql/rlm_sql.c index a2b2dc5884d..18f39273550 100644 --- a/src/modules/rlm_sql/rlm_sql.c +++ b/src/modules/rlm_sql/rlm_sql.c @@ -951,8 +951,6 @@ static int sql_check_groupmemb(rlm_sql_t const *inst, request_t *request, rlm_sq } if (inst->config.authorize_group_reply_query) { - map_t *map; - /* * Now get the reply pairs since the paircmp matched */ @@ -980,16 +978,10 @@ static int sql_check_groupmemb(rlm_sql_t const *inst, request_t *request, rlm_sq RDEBUG2("Group \"%s\": Merging reply items", group_name); *rcode = RLM_MODULE_UPDATED; - for (map = map_list_head(&reply_tmp); - map != NULL; - map = map_list_next(&reply_tmp, map)) { - RDEBUG2("&%s %s %s", map->lhs->name, fr_tokens[map->op], map->rhs->name); - - if (radius_legacy_map_apply(request, map) < 0) { - RPEDEBUG("Failed applying reply item"); - map_list_talloc_free(&reply_tmp); - return -1; - } + if (radius_legacy_map_list_apply(request, &reply_tmp) < 0) { + RPEDEBUG("Failed applying reply item"); + map_list_talloc_free(&reply_tmp); + return -1; } map_list_talloc_free(&reply_tmp); @@ -1411,8 +1403,6 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod } if (inst->config.authorize_reply_query) { - map_t *map; - /* * Now get the reply pairs since the paircmp matched */ @@ -1438,18 +1428,11 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod RDEBUG2("User found in radreply table, merging reply items"); user_found = true; - for (map = map_list_head(&reply_tmp); - map != NULL; - map = map_list_next(&reply_tmp, map)) { - RDEBUG2("&%s %s %s", map->lhs->name, fr_tokens[map->op], - map->rhs ? map->rhs->name : "{ ... }"); - - if (radius_legacy_map_apply(request, map) < 0) { - RPEDEBUG("Failed applying reply item"); - map_list_talloc_free(&reply_tmp); - rcode = RLM_MODULE_FAIL; - goto error; - } + if (radius_legacy_map_list_apply(request, &reply_tmp) < 0) { + RPEDEBUG("Failed applying reply item"); + map_list_talloc_free(&reply_tmp); + rcode = RLM_MODULE_FAIL; + goto error; } map_list_talloc_free(&reply_tmp); diff --git a/src/tests/modules/files/authorize b/src/tests/modules/files/authorize index 7260823c994..7247c1967f0 100644 --- a/src/tests/modules/files/authorize +++ b/src/tests/modules/files/authorize @@ -74,7 +74,9 @@ filterreply Password.Cleartext := "testing123" Reply-Message += "success2" overwritereply Password.Cleartext := "testing123" - Reply-Message := "firstpass", + Reply-Message := "firstpass1", + Reply-Message += "firstpass2", + Reply-Message += "firstpass3", Fall-Through = yes overwritereply Password.Cleartext := "testing123"