From: Arran Cudbard-Bell Date: Thu, 14 Oct 2021 19:48:19 +0000 (-0500) Subject: ldap: Move synchronous evaluation into fr_ldap_trunk_search and fr_ldap_trunk_modify X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fb1c8b0bdc44dcb7cd3e5769df52ed3796597d6e;p=thirdparty%2Ffreeradius-server.git ldap: Move synchronous evaluation into fr_ldap_trunk_search and fr_ldap_trunk_modify --- diff --git a/src/lib/ldap/base.c b/src/lib/ldap/base.c index 8524355e06a..c379f944839 100644 --- a/src/lib/ldap/base.c +++ b/src/lib/ldap/base.c @@ -769,7 +769,8 @@ fr_ldap_rcode_t fr_ldap_search_async(int *msgid, request_t *request, /** Handle the return code from parsed LDAP results to set the module rcode * */ -static unlang_action_t ldap_trunk_query_results(rlm_rcode_t *p_result, UNUSED int *priority, UNUSED request_t *request, void *uctx) +static unlang_action_t ldap_trunk_query_results(rlm_rcode_t *p_result, UNUSED int *priority, + UNUSED request_t *request, void *uctx) { fr_ldap_query_t *query = talloc_get_type_abort(uctx, fr_ldap_query_t); @@ -823,10 +824,11 @@ static unlang_action_t ldap_trunk_query_start(UNUSED rlm_rcode_t *p_result, UNUS return UNLANG_ACTION_YIELD; } -/** Run an async search LDAP query on a trunk connection +/** Run an async or sync search LDAP query on a trunk connection * + * @param[out] p_result from synchronous evaluation. * @param[in] ctx to allocate the query in. - * @param[out] query that has been allocated. + * @param[out] out that has been allocated. * @param[in] request this query relates to. * @param[in] ttrunk to submit the query to. * @param[in] base_dn for the search. @@ -835,11 +837,18 @@ static unlang_action_t ldap_trunk_query_start(UNUSED rlm_rcode_t *p_result, UNUS * @param[in] attrs to be returned. * @param[in] serverctrls specific to this query. * @param[in] clientctrls specific to this query. + * @param[in] is_async If true, will return UNLANG_ACTION_YIELD + * and push a search onto the unlang stack + * for the current request. + * If false, will perform a synchronous search + * and provide the result in p_result. * @return * - UNLANG_ACTION_FAIL on error. * - UNLANG_ACTION_YIELD on success. + * - UNLANG_ACTION_CALCULATE_RESULT if the query was run synchronously. */ -unlang_action_t fr_ldap_trunk_search(TALLOC_CTX *ctx, +unlang_action_t fr_ldap_trunk_search(rlm_rcode_t *p_result, + TALLOC_CTX *ctx, fr_ldap_query_t **out, request_t *request, fr_ldap_thread_trunk_t *ttrunk, char const *base_dn, int scope, char const *filter, char const * const *attrs, LDAPControl **serverctrls, LDAPControl **clientctrls, @@ -852,6 +861,7 @@ unlang_action_t fr_ldap_trunk_search(TALLOC_CTX *ctx, if (fr_trunk_request_enqueue(&query->treq, ttrunk->trunk, request, query, NULL) != FR_TRUNK_ENQUEUE_OK) { error: + *p_result = RLM_MODULE_FAIL; talloc_free(query); return UNLANG_ACTION_FAIL; } @@ -863,24 +873,40 @@ unlang_action_t fr_ldap_trunk_search(TALLOC_CTX *ctx, *out = query; - return is_async ? action : UNLANG_ACTION_YIELD; + /* + * Hack until everything is async + */ + if (!is_async) { + *p_result = unlang_interpret_synchronous(unlang_interpret_event_list(request), request); + return UNLANG_ACTION_CALCULATE_RESULT; + } + + return UNLANG_ACTION_YIELD; } -/** Run an async modification LDAP query on a trunk connection +/** Run an async or sync modification LDAP query on a trunk connection * + * @param[out] p_result from synchronous evaluation. * @param[in] ctx to allocate the query in. - * @param[out] query that has been allocated. + * @param[out] out that has been allocated. * @param[in] request this query relates to. * @param[in] ttrunk to submit the query to. * @param[in] dn of the object being modified. * @param[in] mods to be performed. * @param[in] serverctrls specific to this query. * @param[in] clientctrls specific to this query. + * @param[in] is_async If true, will return UNLANG_ACTION_YIELD + * and push a modify onto the unlang stack + * for the current request. + * If false, will perform a synchronous search + * and provide the result in p_result. * @return * - UNLANG_ACTION_FAIL on error. * - UNLANG_ACTION_YIELD on success. + * - UNLANG_ACTION_CALCULATE_RESULT if the query was run synchronously. */ -unlang_action_t fr_ldap_trunk_modify(TALLOC_CTX *ctx, +unlang_action_t fr_ldap_trunk_modify(rlm_rcode_t *p_result, + TALLOC_CTX *ctx, fr_ldap_query_t **out, request_t *request, fr_ldap_thread_trunk_t *ttrunk, char const *dn, LDAPMod *mods[], LDAPControl **serverctrls, LDAPControl **clientctrls, @@ -893,6 +919,7 @@ unlang_action_t fr_ldap_trunk_modify(TALLOC_CTX *ctx, if (fr_trunk_request_enqueue(&query->treq, ttrunk->trunk, request, query, NULL) != FR_TRUNK_ENQUEUE_OK) { error: + *p_result = RLM_MODULE_FAIL; talloc_free(query); return UNLANG_ACTION_FAIL; } @@ -904,7 +931,15 @@ unlang_action_t fr_ldap_trunk_modify(TALLOC_CTX *ctx, *out = query; - return is_async ? action : UNLANG_ACTION_YIELD; + /* + * Hack until everything is async + */ + if (!is_async) { + *p_result = unlang_interpret_synchronous(unlang_interpret_event_list(request), request); + return UNLANG_ACTION_CALCULATE_RESULT; + } + + return UNLANG_ACTION_YIELD; } /** Modify something in the LDAP directory @@ -987,8 +1022,8 @@ finish: * @return One of the LDAP_PROC_* (#fr_ldap_rcode_t) values. */ fr_ldap_rcode_t fr_ldap_modify_async(int *msgid, request_t *request, fr_ldap_connection_t **pconn, - char const *dn, LDAPMod *mods[], - LDAPControl **serverctrls, LDAPControl **clientctrls) + char const *dn, LDAPMod *mods[], + LDAPControl **serverctrls, LDAPControl **clientctrls) { LDAPControl *our_serverctrls[LDAP_MAX_CONTROLS]; LDAPControl *our_clientctrls[LDAP_MAX_CONTROLS]; diff --git a/src/lib/ldap/base.h b/src/lib/ldap/base.h index bcd057a4d1a..865e2548c8d 100644 --- a/src/lib/ldap/base.h +++ b/src/lib/ldap/base.h @@ -602,8 +602,19 @@ fr_ldap_query_t *fr_ldap_search_alloc(TALLOC_CTX *ctx, fr_ldap_query_t *fr_ldap_modify_alloc(TALLOC_CTX *ctx, char const *dn, LDAPMod *mods[], LDAPControl **serverctrls, LDAPControl **clientctrls); -int fr_ldap_trunk_modify(TALLOC_CTX *ctx, fr_ldap_query_t **query, request_t *request, fr_ldap_thread_trunk_t *ttrunk, - char const *dn, LDAPMod *mods[], LDAPControl **serverctrls, LDAPControl **clientctrls); +unlang_action_t fr_ldap_trunk_search(rlm_rcode_t *p_result, + TALLOC_CTX *ctx, + fr_ldap_query_t **out, request_t *request, fr_ldap_thread_trunk_t *ttrunk, + char const *base_dn, int scope, char const *filter, char const * const *attrs, + LDAPControl **serverctrls, LDAPControl **clientctrls, + bool is_async); + +unlang_action_t fr_ldap_trunk_modify(rlm_rcode_t *p_result, + TALLOC_CTX *ctx, + fr_ldap_query_t **out, request_t *request, fr_ldap_thread_trunk_t *ttrunk, + char const *dn, LDAPMod *mods[], + LDAPControl **serverctrls, LDAPControl **clientctrls, + bool is_async); /* * ldap.c - Wrappers arounds OpenLDAP functions. diff --git a/src/modules/rlm_ldap/groups.c b/src/modules/rlm_ldap/groups.c index 4f3e5f315a4..39dc490c165 100644 --- a/src/modules/rlm_ldap/groups.c +++ b/src/modules/rlm_ldap/groups.c @@ -110,13 +110,11 @@ static unlang_action_t rlm_ldap_group_name2dn(rlm_rcode_t *p_result, rlm_ldap_t RETURN_MODULE_INVALID; } - if (fr_ldap_trunk_search(unlang_interpret_frame_talloc_ctx(request), &query, request, ttrunk, base_dn, - inst->groupobj_scope, filter, attrs, NULL, NULL) < 0 ) { - rcode = RLM_MODULE_FAIL; + if (fr_ldap_trunk_search(&rcode, + unlang_interpret_frame_talloc_ctx(request), &query, request, ttrunk, base_dn, + inst->groupobj_scope, filter, attrs, NULL, NULL, false) < 0 ) { goto finish; } - rcode = unlang_interpret_synchronous(unlang_interpret_event_list(request), request); - switch (rcode) { case RLM_MODULE_OK: break; @@ -225,12 +223,11 @@ static unlang_action_t rlm_ldap_group_dn2name(rlm_rcode_t *p_result, rlm_ldap_t RDEBUG2("Resolving group DN \"%s\" to group name", dn); - if (fr_ldap_trunk_search(unlang_interpret_frame_talloc_ctx(request), &query, request, ttrunk, dn, - LDAP_SCOPE_BASE, NULL, attrs, NULL, NULL) < 0) { + if (fr_ldap_trunk_search(&rcode, + unlang_interpret_frame_talloc_ctx(request), &query, request, ttrunk, dn, + LDAP_SCOPE_BASE, NULL, attrs, NULL, NULL, false) < 0) { RETURN_MODULE_FAIL; } - rcode = unlang_interpret_synchronous(unlang_interpret_event_list(request), request); - switch (rcode) { case RLM_MODULE_OK: break; @@ -475,13 +472,12 @@ unlang_action_t rlm_ldap_cacheable_groupobj(rlm_rcode_t *p_result, rlm_ldap_t co RETURN_MODULE_INVALID; } - if (fr_ldap_trunk_search(unlang_interpret_frame_talloc_ctx(request), &query, request, ttrunk, base_dn, - inst->groupobj_scope, filter, attrs, NULL, NULL) < 0) { + if (fr_ldap_trunk_search(&rcode, + unlang_interpret_frame_talloc_ctx(request), &query, request, ttrunk, base_dn, + inst->groupobj_scope, filter, attrs, NULL, NULL, false) < 0) { rcode = RLM_MODULE_FAIL; goto finish; } - rcode = unlang_interpret_synchronous(unlang_interpret_event_list(request), request); - switch (rcode) { case RLM_MODULE_OK: break; @@ -630,12 +626,12 @@ unlang_action_t rlm_ldap_check_groupobj_dynamic(rlm_rcode_t *p_result, rlm_ldap_ } RINDENT(); - if (fr_ldap_trunk_search(unlang_interpret_frame_talloc_ctx(request), &query, request, ttrunk, base_dn, - inst->groupobj_scope, filter, NULL, NULL, NULL) < 0) { + if (fr_ldap_trunk_search(&rcode, + unlang_interpret_frame_talloc_ctx(request), &query, request, ttrunk, base_dn, + inst->groupobj_scope, filter, NULL, NULL, NULL, false) < 0) { REXDENT(); RETURN_MODULE_FAIL; } - rcode = unlang_interpret_synchronous(unlang_interpret_event_list(request), request); REXDENT(); switch (rcode) { case RLM_MODULE_OK: @@ -677,12 +673,12 @@ unlang_action_t rlm_ldap_check_userobj_dynamic(rlm_rcode_t *p_result, rlm_ldap_t RDEBUG2("Checking user object's %s attributes", inst->userobj_membership_attr); RINDENT(); - if (fr_ldap_trunk_search(unlang_interpret_frame_talloc_ctx(request), &query, request, ttrunk, dn, - LDAP_SCOPE_BASE, NULL, attrs, NULL, NULL) < 0) { + if (fr_ldap_trunk_search(&rcode, + unlang_interpret_frame_talloc_ctx(request), &query, request, ttrunk, dn, + LDAP_SCOPE_BASE, NULL, attrs, NULL, NULL, false) < 0) { REXDENT(); goto finish; } - rcode = unlang_interpret_synchronous(unlang_interpret_event_list(request), request); REXDENT(); switch (rcode) { case RLM_MODULE_OK: diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c index 545fe1a90b9..fc52b4ae72b 100644 --- a/src/modules/rlm_ldap/rlm_ldap.c +++ b/src/modules/rlm_ldap/rlm_ldap.c @@ -504,7 +504,7 @@ static xlat_action_t ldap_xlat(UNUSED TALLOC_CTX *ctx, UNUSED fr_dcursor_t *out, ldap_xlat_thread_inst_t *xt = talloc_get_type_abort(xlat_thread_inst, ldap_xlat_thread_inst_t); char *host_url; fr_ldap_config_t const *handle_config = &xt->t->inst->handle_config; - + fr_ldap_thread_trunk_t *ttrunk; fr_ldap_query_t *query = NULL; LDAPURLDesc *ldap_url; @@ -571,16 +571,16 @@ static xlat_action_t ldap_xlat(UNUSED TALLOC_CTX *ctx, UNUSED fr_dcursor_t *out, ldap_url->lud_host, ldap_url->lud_port); } - query->ttrunk = fr_thread_ldap_trunk_get(xt->t, host_url, handle_config->admin_identity, - handle_config->admin_password, request, handle_config); - if (!query->ttrunk) { + ttrunk = fr_thread_ldap_trunk_get(xt->t, host_url, handle_config->admin_identity, + handle_config->admin_password, request, handle_config); + if (!ttrunk) { REDEBUG("Unable to get LDAP query for xlat"); goto error; } query->ldap_url = ldap_url; /* query destructor will free URL */ - fr_trunk_request_enqueue(&query->treq, query->ttrunk->trunk, request, query, NULL); + fr_trunk_request_enqueue(&query->treq, ttrunk->trunk, request, query, NULL); fr_event_timer_in(query, unlang_interpret_event_list(request), &query->ev, handle_config->res_timeout, ldap_query_timeout, query->treq); @@ -809,11 +809,11 @@ static rlm_rcode_t mod_map_proc(void *mod_inst, UNUSED void *proc_inst, request_ inst->handle_config.admin_password, request, &inst->handle_config); if (!ttrunk) goto free_expanded; - fr_ldap_trunk_search(unlang_interpret_frame_talloc_ctx(request), &query, request, ttrunk, ldap_url->lud_dn, - ldap_url->lud_scope, ldap_url->lud_filter, expanded.attrs, NULL, NULL); - - rcode = unlang_interpret_synchronous(unlang_interpret_event_list(request), request); - + if (fr_ldap_trunk_search(&rcode, + unlang_interpret_frame_talloc_ctx(request), &query, request, ttrunk, ldap_url->lud_dn, + ldap_url->lud_scope, ldap_url->lud_filter, expanded.attrs, NULL, NULL, false) < 0) { + goto free_expanded; + } switch (rcode) { case RLM_MODULE_OK: rcode = RLM_MODULE_UPDATED; @@ -1189,11 +1189,9 @@ static unlang_action_t rlm_ldap_map_profile(rlm_rcode_t *p_result, rlm_ldap_t co RETURN_MODULE_INVALID; } - if (fr_ldap_trunk_search(unlang_interpret_frame_talloc_ctx(request), &query, request, ttrunk, dn, - LDAP_SCOPE_BASE, filter, expanded->attrs, NULL, NULL) < 0) RETURN_MODULE_FAIL; - - rcode = unlang_interpret_synchronous(unlang_interpret_event_list(request), request); - + if (fr_ldap_trunk_search(&rcode, + unlang_interpret_frame_talloc_ctx(request), &query, request, ttrunk, dn, + LDAP_SCOPE_BASE, filter, expanded->attrs, NULL, NULL, false) < 0) RETURN_MODULE_FAIL; switch (rcode) { case RLM_MODULE_OK: break; @@ -1648,14 +1646,12 @@ static unlang_action_t user_modify(rlm_rcode_t *p_result, rlm_ldap_t const *inst goto error; } - if (fr_ldap_trunk_modify(unlang_interpret_frame_talloc_ctx(request), &query, request, ttrunk, dn, - modify, NULL, NULL) < 0 ){ + if (fr_ldap_trunk_modify(&rcode, unlang_interpret_frame_talloc_ctx(request), + &query, request, ttrunk, + dn, modify, NULL, NULL, false) < 0 ){ rcode = RLM_MODULE_FAIL; goto error; } - - rcode = unlang_interpret_synchronous(unlang_interpret_event_list(request), request); - switch (rcode) { case RLM_MODULE_OK: break; diff --git a/src/modules/rlm_ldap/user.c b/src/modules/rlm_ldap/user.c index dc44d6ef3e1..0a1c22714c5 100644 --- a/src/modules/rlm_ldap/user.c +++ b/src/modules/rlm_ldap/user.c @@ -116,12 +116,12 @@ char const *rlm_ldap_find_user(rlm_ldap_t const *inst, request_t *request, fr_ld return NULL; } - if (fr_ldap_trunk_search(unlang_interpret_frame_talloc_ctx(request), &query ,request, ttrunk, base_dn, - inst->userobj_scope, filter, attrs, serverctrls, NULL) < 0) { + if (fr_ldap_trunk_search(rcode, + unlang_interpret_frame_talloc_ctx(request), &query ,request, ttrunk, base_dn, + inst->userobj_scope, filter, attrs, serverctrls, NULL, false) < 0) { *rcode = RLM_MODULE_FAIL; return NULL; } - *rcode = unlang_interpret_synchronous(unlang_interpret_event_list(request), request); if (*rcode != RLM_MODULE_OK) return NULL;