From: Nick Porter <nick@portercomputing.co.uk>
Date: Thu, 7 Sep 2023 13:20:10 +0000 (+0100)
Subject: Add callback for failed ldap auth binds
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cc91b0854e410844291fa24b9630ad7cc21f70d7;p=thirdparty%2Ffreeradius-server.git

Add callback for failed ldap auth binds
---

diff --git a/src/lib/ldap/connection.c b/src/lib/ldap/connection.c
index c8bcf1bc343..742a4528611 100644
--- a/src/lib/ldap/connection.c
+++ b/src/lib/ldap/connection.c
@@ -1333,6 +1333,28 @@ static void ldap_bind_auth_cancel_mux(UNUSED fr_event_list_t *el, fr_trunk_conne
 	}
 }
 
+/** Callback to tidy up when a bind auth trunk request fails
+ *
+ */
+static void ldap_trunk_bind_auth_fail(request_t *request, void *preq, UNUSED void *rctx,
+				UNUSED fr_trunk_request_state_t state, UNUSED void *uctx)
+{
+	fr_ldap_bind_auth_ctx_t	*bind = talloc_get_type_abort(preq, fr_ldap_bind_auth_ctx_t);
+
+	/*
+	 *	Failed trunk requests get freed - so remove association in bind structure,
+	 *	and change talloc parentage so resume function still has something to work with.
+	 */
+	bind->treq = NULL;
+	bind->ret = LDAP_PROC_ERROR;
+	talloc_steal(NULL, bind);
+
+	/*
+	 *	Ensure request is runnable.
+	 */
+	if (request) unlang_interpret_mark_runnable(request);
+}
+
 /** Find the thread specific trunk to use for LDAP bind auths
  *
  * If there is no current trunk then a new one is created.
@@ -1361,6 +1383,7 @@ fr_ldap_thread_trunk_t *fr_thread_ldap_bind_trunk_get(fr_ldap_thread_t *thread)
 					      .request_mux = ldap_trunk_bind_auth_mux,
 					      .request_demux = ldap_trunk_bind_auth_demux,
 					      .request_cancel_mux = ldap_bind_auth_cancel_mux,
+					      .request_fail = ldap_trunk_bind_auth_fail,
 					},
 				       thread->bind_trunk_conf,
 				       "rlm_ldap bind auth", ttrunk, false);