From: Arran Cudbard-Bell Date: Wed, 20 Sep 2023 23:17:45 +0000 (-0400) Subject: ldap: Fix process the generic attribute in profiles X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f803b02f4403022a49dbd74e64390328893dc13a;p=thirdparty%2Ffreeradius-server.git ldap: Fix process the generic attribute in profiles --- diff --git a/src/lib/ldap/base.h b/src/lib/ldap/base.h index 9e877801bce..7fb136a89cf 100644 --- a/src/lib/ldap/base.h +++ b/src/lib/ldap/base.h @@ -845,7 +845,7 @@ int fr_ldap_map_getvalue(TALLOC_CTX *ctx, fr_pair_list_t *out, request_t *reque int fr_ldap_map_verify(map_t *map, void *instance); -int fr_ldap_map_expand(TALLOC_CTX *ctx, fr_ldap_map_exp_t *expanded, request_t *request, map_list_t const *maps); +int fr_ldap_map_expand(TALLOC_CTX *ctx, fr_ldap_map_exp_t *expanded, request_t *request, map_list_t const *maps, char const *generic_attr); int fr_ldap_map_do(request_t *request, char const *valuepair_attr, fr_ldap_map_exp_t const *expanded, LDAPMessage *entry); diff --git a/src/lib/ldap/map.c b/src/lib/ldap/map.c index 4fbdbf6342b..1888ab3d4ad 100644 --- a/src/lib/ldap/map.c +++ b/src/lib/ldap/map.c @@ -254,15 +254,16 @@ int fr_ldap_map_verify(map_t *map, UNUSED void *instance) /** Expand values in an attribute map where needed * - * @param[in] ctx to allocate any dynamic expansions in. - * @param[out] expanded array of attributes. Need not be initialised (we'll initialise). - * @param[in] request The current request. - * @param[in] maps to expand. + * @param[in] ctx o allocate any dynamic expansions in. + * @param[out] expanded array of attributes. Need not be initialised (we'll initialise). + * @param[in] request The current request. + * @param[in] maps to expand. + * @param[in] generic_attr name to append to the attribute list. * @return * - 0 on success. * - -1 on failure. */ -int fr_ldap_map_expand(TALLOC_CTX *ctx, fr_ldap_map_exp_t *expanded, request_t *request, map_list_t const *maps) +int fr_ldap_map_expand(TALLOC_CTX *ctx, fr_ldap_map_exp_t *expanded, request_t *request, map_list_t const *maps, char const *generic_attr) { map_t const *map = NULL; unsigned int total = 0; @@ -288,6 +289,10 @@ int fr_ldap_map_expand(TALLOC_CTX *ctx, fr_ldap_map_exp_t *expanded, request_t * } expanded->attrs[total++] = attr; } + + if (generic_attr) expanded->attrs[expanded->count++] = generic_attr; + + expanded->attrs[expanded->count] = NULL; expanded->attrs[total] = NULL; expanded->count = total; expanded->maps = maps; diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c index 0086f4a6c54..0f331b7ca4a 100644 --- a/src/modules/rlm_ldap/rlm_ldap.c +++ b/src/modules/rlm_ldap/rlm_ldap.c @@ -1036,7 +1036,7 @@ static xlat_action_t ldap_profile_xlat(UNUSED TALLOC_CTX *ctx, UNUSED fr_dcursor /* * Synchronous expansion of maps (fixme!) */ - if (fr_ldap_map_expand(xlat_ctx, &xlat_ctx->expanded, request, &inst->user_map) < 0) goto error; + if (fr_ldap_map_expand(xlat_ctx, &xlat_ctx->expanded, request, &inst->user_map, inst->valuepair_attr) < 0) goto error; ttrunk = fr_thread_ldap_trunk_get(t, host_url, handle_config->admin_identity, handle_config->admin_password, request, handle_config); if (host) ldap_memfree(host); @@ -1244,7 +1244,7 @@ static unlang_action_t mod_map_proc(rlm_rcode_t *p_result, void *mod_inst, UNUSE /* * Expand the RHS of the maps to get the name of the attributes. */ - if (fr_ldap_map_expand(map_ctx, &map_ctx->expanded, request, maps) < 0) goto fail; + if (fr_ldap_map_expand(map_ctx, &map_ctx->expanded, request, maps, NULL) < 0) goto fail; /* * If the URL is :/// the parsed host will be NULL - use config default @@ -1695,7 +1695,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod * for many things besides searching for users. */ - if (fr_ldap_map_expand(autz_ctx, expanded, request, &inst->user_map) < 0) { + if (fr_ldap_map_expand(autz_ctx, expanded, request, &inst->user_map, inst->valuepair_attr) < 0) { fail: talloc_free(autz_ctx); RETURN_MODULE_FAIL; @@ -1729,12 +1729,6 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod CHECK_EXPANDED_SPACE(expanded); expanded->attrs[expanded->count++] = inst->profile_attr_suspend; } - - if (inst->valuepair_attr) { - CHECK_EXPANDED_SPACE(expanded); - expanded->attrs[expanded->count++] = inst->valuepair_attr; - } - expanded->attrs[expanded->count] = NULL; autz_ctx->dlinst = mctx->inst;