From: Nick Porter Date: Thu, 31 Aug 2023 13:40:55 +0000 (+0100) Subject: Add "required" option to call_env subsections X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ed4de3325869871150ffcf7f7843e839933fd814;p=thirdparty%2Ffreeradius-server.git Add "required" option to call_env subsections Avoids broken configurations from crashing the server where subsections contain required options, which otherwise would not be parsed --- diff --git a/src/lib/unlang/call_env.c b/src/lib/unlang/call_env.c index a3c396a95a9..d60c5c53b3b 100644 --- a/src/lib/unlang/call_env.c +++ b/src/lib/unlang/call_env.c @@ -58,7 +58,11 @@ int call_env_parse(TALLOC_CTX *ctx, call_env_parsed_head_t *parsed, char const * if (FR_BASE_TYPE(call_env->type) == FR_TYPE_SUBSECTION) { CONF_SECTION const *subcs; subcs = cf_section_find(cs, call_env->name, call_env->section.ident2); - if (!subcs) goto next; + if (!subcs) { + if (!call_env->section.required) goto next; + cf_log_err(cs, "Module %s missing required section %s", name, call_env->name); + return -1; + } if (call_env_parse(ctx, parsed, name, dict_def, subcs, call_env->section.subcs) < 0) return -1; goto next; diff --git a/src/lib/unlang/call_env.h b/src/lib/unlang/call_env.h index 5932cf6f22b..d4cfdeb7f1c 100644 --- a/src/lib/unlang/call_env.h +++ b/src/lib/unlang/call_env.h @@ -89,6 +89,7 @@ struct call_env_s { struct { char const *ident2; //!< Second identifier for a section call_env_t const *subcs; //!< Nested definitions for subsection. + bool required; //!< Section is required. } section; }; }; @@ -210,11 +211,12 @@ _Generic((((_s *)NULL)->_f), \ .type = CALL_ENV_TYPE_TMPL_ONLY, \ .tmpl_offset = offsetof(_struct, _tmpl_field) } -#define FR_CALL_ENV_SUBSECTION(_name, _ident2, _subcs ) \ +#define FR_CALL_ENV_SUBSECTION(_name, _ident2, _subcs, _required ) \ .name = _name, \ .type = FR_TYPE_SUBSECTION, \ .section = { .ident2 = _ident2, \ - .subcs = _subcs } + .subcs = _subcs, \ + .required = _required } int call_env_parse(TALLOC_CTX *ctx, call_env_parsed_head_t *parsed, char const *name, fr_dict_t const *dict_def, CONF_SECTION const *cs, call_env_t const *call_env) CC_HINT(nonnull); diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c index a2a5e09c129..331ca217574 100644 --- a/src/modules/rlm_ldap/rlm_ldap.c +++ b/src/modules/rlm_ldap/rlm_ldap.c @@ -105,7 +105,7 @@ static const call_env_t _prefix ## _user_call_env[] = { \ CALL_ENV_TERMINATOR \ } -user_call_env(auth, ldap_auth_call_env_t, { FR_CALL_ENV_SUBSECTION("sasl", NULL, sasl_call_env) }, +user_call_env(auth, ldap_auth_call_env_t, { FR_CALL_ENV_SUBSECTION("sasl", NULL, sasl_call_env, false) }, { FR_CALL_ENV_TMPL_OFFSET("password_attribute", FR_TYPE_STRING | FR_TYPE_ATTRIBUTE, ldap_auth_call_env_t, password, password_tmpl, "&User-Password", T_BARE_WORD, true, true, true) } ); @@ -199,25 +199,25 @@ static const CONF_PARSER module_config[] = { * Method specific call environments */ static const call_env_t authenticate_call_env[] = { - { FR_CALL_ENV_SUBSECTION("user", NULL, auth_user_call_env) }, + { FR_CALL_ENV_SUBSECTION("user", NULL, auth_user_call_env, true) }, CALL_ENV_TERMINATOR }; static const call_env_t authorize_call_env[] = { - { FR_CALL_ENV_SUBSECTION("user", NULL, autz_user_call_env) }, - { FR_CALL_ENV_SUBSECTION("group", NULL, autz_group_call_env) }, - { FR_CALL_ENV_SUBSECTION("profile", NULL, autz_profile_call_env) }, + { FR_CALL_ENV_SUBSECTION("user", NULL, autz_user_call_env, true) }, + { FR_CALL_ENV_SUBSECTION("group", NULL, autz_group_call_env, false) }, + { FR_CALL_ENV_SUBSECTION("profile", NULL, autz_profile_call_env, false) }, CALL_ENV_TERMINATOR }; static const call_env_t usermod_call_env[] = { - { FR_CALL_ENV_SUBSECTION("user", NULL, usermod_user_call_env) }, + { FR_CALL_ENV_SUBSECTION("user", NULL, usermod_user_call_env, true) }, CALL_ENV_TERMINATOR }; static const call_env_t memberof_call_env[] = { - { FR_CALL_ENV_SUBSECTION("user", NULL, memberof_user_call_env) }, - { FR_CALL_ENV_SUBSECTION("group", NULL, memberof_group_call_env) }, + { FR_CALL_ENV_SUBSECTION("user", NULL, memberof_user_call_env, true) }, + { FR_CALL_ENV_SUBSECTION("group", NULL, memberof_group_call_env, false) }, CALL_ENV_TERMINATOR };