From: Nick Porter Date: Fri, 8 Sep 2023 11:25:45 +0000 (+0100) Subject: Return an unlang_action_t from ldap bind auth functions X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ea8401fc18b5a32b954c2c5dc82567f6e082783b;p=thirdparty%2Ffreeradius-server.git Return an unlang_action_t from ldap bind auth functions --- diff --git a/src/lib/ldap/base.h b/src/lib/ldap/base.h index e8f8e3fd269..96e0f6e69ce 100644 --- a/src/lib/ldap/base.h +++ b/src/lib/ldap/base.h @@ -912,11 +912,11 @@ int fr_ldap_sasl_bind_auth_async(request_t *request, /* * bind.c - Async bind */ -int fr_ldap_bind_async(fr_ldap_connection_t *c, +unlang_action_t fr_ldap_bind_async(fr_ldap_connection_t *c, char const *bind_dn, char const *password, LDAPControl **serverctrls, LDAPControl **clientctrls); -int fr_ldap_bind_auth_async(request_t *request, fr_ldap_thread_t *thread, +unlang_action_t fr_ldap_bind_auth_async(request_t *request, fr_ldap_thread_t *thread, char const *bind_dn, char const *password); /* diff --git a/src/lib/ldap/bind.c b/src/lib/ldap/bind.c index 2e9b8e94018..75a01838637 100644 --- a/src/lib/ldap/bind.c +++ b/src/lib/ldap/bind.c @@ -316,7 +316,7 @@ static void ldap_async_auth_bind_cancel(request_t *request, UNUSED fr_signal_t a * - 0 on success. * - -1 on failure. */ -int fr_ldap_bind_auth_async(request_t *request, fr_ldap_thread_t *thread, char const *bind_dn, char const *password) +unlang_action_t fr_ldap_bind_auth_async(request_t *request, fr_ldap_thread_t *thread, char const *bind_dn, char const *password) { fr_ldap_bind_auth_ctx_t *bind_auth_ctx; fr_trunk_request_t *treq; @@ -325,13 +325,13 @@ int fr_ldap_bind_auth_async(request_t *request, fr_ldap_thread_t *thread, char c if (!ttrunk) { ERROR("Failed to get trunk connection for LDAP bind"); - return -1; + return UNLANG_ACTION_FAIL; } treq = fr_trunk_request_alloc(ttrunk->trunk, request); if (!treq) { ERROR ("Failed to allocate trunk request for LDAP bind"); - return -1; + return UNLANG_ACTION_FAIL; } MEM(bind_auth_ctx = talloc(treq, fr_ldap_bind_auth_ctx_t)); @@ -358,7 +358,7 @@ int fr_ldap_bind_auth_async(request_t *request, fr_ldap_thread_t *thread, char c default: ERROR("Failed to enqueue bind request"); fr_trunk_request_free(&treq); - return -1; + return UNLANG_ACTION_FAIL; } return unlang_function_push(request, @@ -366,5 +366,5 @@ int fr_ldap_bind_auth_async(request_t *request, fr_ldap_thread_t *thread, char c ldap_async_auth_bind_results, ldap_async_auth_bind_cancel, ~FR_SIGNAL_CANCEL, UNLANG_SUB_FRAME, - bind_auth_ctx) == UNLANG_ACTION_PUSHED_CHILD ? 0 : -1; + bind_auth_ctx); } diff --git a/src/lib/ldap/sasl.c b/src/lib/ldap/sasl.c index 6a848cfcaa2..fe4df349b4a 100644 --- a/src/lib/ldap/sasl.c +++ b/src/lib/ldap/sasl.c @@ -501,7 +501,7 @@ static unlang_action_t ldap_async_sasl_bind_auth_results(rlm_rcode_t *p_result, * - 0 on success. * - -1 on failure. */ -int fr_ldap_sasl_bind_auth_async(request_t *request, fr_ldap_thread_t *thread, char const *mechs, +unlang_action_t fr_ldap_sasl_bind_auth_async(request_t *request, fr_ldap_thread_t *thread, char const *mechs, char const *identity, char const *password, char const *proxy, char const *realm) { fr_ldap_bind_auth_ctx_t *bind_auth_ctx; @@ -511,13 +511,13 @@ int fr_ldap_sasl_bind_auth_async(request_t *request, fr_ldap_thread_t *thread, c if (!ttrunk) { ERROR("Failed to get trunk connection for LDAP bind"); - return -1; + return UNLANG_ACTION_FAIL; } treq = fr_trunk_request_alloc(ttrunk->trunk, request); if (!treq) { ERROR("Failed to allocate trunk request for LDAP bind"); - return -1; + return UNLANG_ACTION_FAIL; } MEM(bind_auth_ctx = talloc_zero(treq, fr_ldap_bind_auth_ctx_t)); @@ -549,7 +549,7 @@ int fr_ldap_sasl_bind_auth_async(request_t *request, fr_ldap_thread_t *thread, c default: ERROR("Failed to enqueue bind request"); fr_trunk_request_free(&treq); - return -1; + return UNLANG_ACTION_FAIL; } return unlang_function_push(request, @@ -557,5 +557,5 @@ int fr_ldap_sasl_bind_auth_async(request_t *request, fr_ldap_thread_t *thread, c ldap_async_sasl_bind_auth_results, ldap_async_sasl_bind_auth_cancel, ~FR_SIGNAL_CANCEL, UNLANG_SUB_FRAME, - bind_auth_ctx) == UNLANG_ACTION_PUSHED_CHILD ? 0 : -1; + bind_auth_ctx); } diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c index f4d2a401118..ab17106646c 100644 --- a/src/modules/rlm_ldap/rlm_ldap.c +++ b/src/modules/rlm_ldap/rlm_ldap.c @@ -1304,11 +1304,10 @@ static unlang_action_t mod_authenticate_resume(rlm_rcode_t *p_result, UNUSED int RDEBUG2("Login attept using identity \"%pV\"", &call_env->user_sasl_authname); - if (fr_ldap_sasl_bind_auth_async(request, auth_ctx->thread, call_env->user_sasl_mech.vb_strvalue, + return fr_ldap_sasl_bind_auth_async(request, auth_ctx->thread, call_env->user_sasl_mech.vb_strvalue, call_env->user_sasl_authname.vb_strvalue, auth_ctx->password, call_env->user_sasl_proxy.vb_strvalue, - call_env->user_sasl_realm.vb_strvalue) < 0) goto fail; - return UNLANG_ACTION_PUSHED_CHILD; + call_env->user_sasl_realm.vb_strvalue); #else RDEBUG("Configuration item 'sasl.mech' is not supported. " "The linked version of libldap does not provide ldap_sasl_bind( function"); @@ -1325,15 +1324,13 @@ static unlang_action_t mod_authenticate_resume(rlm_rcode_t *p_result, UNUSED int * No DN found - can't authenticate the user with a simple bind. */ if (!auth_ctx->dn) { - fail: talloc_free(auth_ctx); RETURN_MODULE_FAIL; } RDEBUG2("Login attempt as \"%s\"", auth_ctx->dn); - if (fr_ldap_bind_auth_async(request, auth_ctx->thread, auth_ctx->dn, auth_ctx->password) < 0) goto fail; - return UNLANG_ACTION_PUSHED_CHILD; + return fr_ldap_bind_auth_async(request, auth_ctx->thread, auth_ctx->dn, auth_ctx->password); } static unlang_action_t CC_HINT(nonnull) mod_authenticate(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request) @@ -1542,12 +1539,8 @@ static unlang_action_t mod_authorize_resume(rlm_rcode_t *p_result, UNUSED int *p * Bind as the user */ REPEAT_MOD_AUTHORIZE_RESUME; - if (fr_ldap_bind_auth_async(request, thread, autz_ctx->dn, password->vp_strvalue) < 0) { - rcode = RLM_MODULE_FAIL; - goto finish; - } autz_ctx->status = LDAP_AUTZ_POST_EDIR; - return UNLANG_ACTION_PUSHED_CHILD; + return fr_ldap_bind_auth_async(request, thread, autz_ctx->dn, password->vp_strvalue); } goto skip_edir;