30RCSID(
"$Id: ba15fdfbf03afdbe5c626b0c0a75884671309b3f $")
35#include <freeradius-devel/ldap/conf.h>
37#include <freeradius-devel/server/map_proc.h>
38#include <freeradius-devel/server/module_rlm.h>
65 LDAP *handle, LDAPMessage *entry)
70 *fallthrough = profile_ctx->
inst->
profile.fallthrough_def;
81 struct berval value_bv;
85 fr_value_box_list_t res;
100 if (
count <= 0)
return;
102 RWARN(
"%s returned more than 1 value. Only evaluating the first.",
110 NULL, &parse_rules) < 0) {
116 fr_strerror_const(
"Fallthrough expression cannot depend on functions which call external databases");
121 fr_value_box_list_init(&res);
123 RPEDEBUG(
"Failed evaluating condition");
126 *fallthrough = (fr_value_box_list_head(&res) &&
fr_value_box_is_truthy(fr_value_box_list_head(&res))) ?
true :
false;
127 fr_value_box_list_talloc_free(&res);
128 RDEBUG2(
"Fallthrough condition evaluated to %s", *fallthrough ?
"true" :
"false");
146 bool fallthrough =
true;
151 if (profile_ctx->
ret) *profile_ctx->
ret = query->
ret;
153 switch (query->
ret) {
159 if (profile_ctx->
dn) {
160 RDEBUG2(
"Profile object \"%s\" not found", profile_ctx->
dn);
162 RDEBUG2(
"No profile objects found");
173 entry = ldap_first_entry(handle, query->
result);
175 ldap_get_option(handle, LDAP_OPT_RESULT_CODE, &ldap_errno);
176 REDEBUG(
"Failed retrieving entry: %s", ldap_err2string(ldap_errno));
181 RDEBUG2(
"Processing profile attributes");
185 dn = ldap_get_dn(handle, entry);
186 RDEBUG2(
"Processing \"%s\"", dn);
193 if (!fallthrough)
break;
195 entry = ldap_next_entry(handle, entry);
199 if (!fallthrough)
goto finish;
205 while (profile_ctx->
next && *profile_ctx->
next) {
206 LDAPControl *serverctrls[] = { profile_ctx->
inst->
profile.obj_sort_ctrl, NULL };
208 TALLOC_FREE(profile_ctx->
query);
210 profile_ctx->
dn = *profile_ctx->
next++;
233 char const *base,
int scope,
char const *filter)
235 LDAPControl *serverctrls[] = { profile_ctx->
inst->
profile.obj_sort_ctrl, NULL };
271 char const *dn,
int scope,
char const *filter,
fr_ldap_map_exp_t const *expanded)
282 .expanded = expanded,
313 char const *
const *dn_list,
char const *filter,
324 .expanded = expanded,
331 switch (
inst->profile.search_mode) {
334 char const *base, *dn_attr;
336 dn_attr =
inst->dn_attr;
342 RWDEBUG(
"Retrieving profiles one at a time, no naming context contains every profile DN");
352 profile_ctx->
dn = dn_list[0];
353 profile_ctx->
next = dn_list + 1;
358 fr_assert_msg(
false,
"search mode auto should've been resolved at startup");
unlang_action_t
Returned by unlang_op_t calls, determine the next action of the interpreter.
@ UNLANG_ACTION_FAIL
Encountered an unexpected error.
@ UNLANG_ACTION_CALCULATE_RESULT
Calculate a new section rlm_rcode_t value.
#define USES_APPLE_DEPRECATED_API
#define fr_assert_msg(_x, _msg,...)
Calls panic_action ifndef NDEBUG, else logs error and causes the server to exit immediately with code...
#define unlang_function_repeat_set(_request, _repeat)
Set a new repeat function for an existing function frame.
#define unlang_function_push(_request, _func, _repeat, _signal, _sigmask, _top_frame, _uctx)
Push a generic function onto the unlang stack.
TALLOC_CTX * unlang_interpret_frame_talloc_ctx(request_t *request)
Get a talloc_ctx which is valid only for this frame.
fr_event_list_t * unlang_interpret_event_list(request_t *request)
Get the event list for the current interpreter.
char const * fr_ldap_directory_common_base_find(fr_ldap_directory_t const *directory, char const *const *dn_list)
Find the naming context which contains a set of DNs.
int fr_ldap_map_do(request_t *request, char const *check_attr, char const *valuepair_attr, fr_ldap_map_exp_t const *expanded, LDAPMessage *entry)
Convert attribute map into valuepairs.
int fr_ldap_entry_value_find(struct berval *out, LDAP *handle, LDAPMessage *entry, char const *attr)
Find an attribute in an entry, returning its first value referenced in place.
LDAP * handle
libldap handle.
fr_ldap_result_code_t ret
Result code.
char * fr_ldap_berval_to_string(TALLOC_CTX *ctx, struct berval const *in)
Convert a berval to a talloced string.
fr_ldap_connection_t * ldap_conn
LDAP connection this query is running on.
fr_ldap_result_code_t
LDAP query result codes.
@ LDAP_RESULT_ERROR
A general error occurred.
@ LDAP_RESULT_SUCCESS
Successfully got LDAP results.
@ LDAP_RESULT_NO_RESULT
No results returned.
@ LDAP_RESULT_BAD_DN
The requested DN does not exist.
LDAPMessage * result
Head of LDAP results list.
fr_ldap_directory_t * directory
The type of directory we're connected to.
char const * attrs[LDAP_MAX_ATTRMAP+LDAP_MAP_RESERVED+1]
Reserve some space for access attributes.
char const * dn_attr
Attribute to match an entry's DN in a search filter.
char * fr_ldap_filter_afrom_dn_list(TALLOC_CTX *ctx, char const *dn_attr, char const *filter, char const *const *dn_list)
Build a filter matching a set of objects by DN.
Result of expanding the RHS of a set of maps.
Thread LDAP trunk structure.
unlang_action_t fr_ldap_trunk_search(TALLOC_CTX *ctx, fr_ldap_query_t **out, request_t *request, fr_ldap_thread_trunk_t *ttrunk, char const *base_dn, int scope, char const *filter, char const *const *attrs, LDAPControl **serverctrls, LDAPControl **clientctrls)
Run an async search LDAP query on a trunk connection.
#define REXDENT()
Exdent (unindent) R* messages by one level.
#define RPEDEBUG(fmt,...)
#define RINDENT()
Indent R* messages by one level.
unlang_action_t rlm_ldap_map_profiles(fr_ldap_result_code_t *ret, int *applied, rlm_ldap_t const *inst, request_t *request, fr_ldap_thread_trunk_t *ttrunk, char const *const *dn_list, char const *filter, fr_ldap_map_exp_t const *expanded)
Search for and apply a set of LDAP profiles.
int * applied
Number of profiles applied.
fr_ldap_thread_trunk_t * ttrunk
Trunk used for profile searches.
char const * filter
Filter to apply to profile searches.
unlang_action_t rlm_ldap_map_profile(fr_ldap_result_code_t *ret, int *applied, rlm_ldap_t const *inst, request_t *request, fr_ldap_thread_trunk_t *ttrunk, char const *dn, int scope, char const *filter, fr_ldap_map_exp_t const *expanded)
Search for and apply an LDAP profile.
fr_ldap_result_code_t * ret
Result of the query and applying the map.
static void ldap_profile_entry_map(bool *fallthrough, request_t *request, ldap_profile_ctx_t *profile_ctx, LDAP *handle, LDAPMessage *entry)
Apply the attribute map to a single profile entry.
char const * dn
DN of the profile object being retrieved.
fr_ldap_map_exp_t const * expanded
static unlang_action_t ldap_profile_search_push(ldap_profile_ctx_t *profile_ctx, request_t *request, char const *base, int scope, char const *filter)
Push the resume frame and start the first profile search.
static unlang_action_t ldap_map_profile_resume(request_t *request, void *uctx)
Process the results of a profile lookup.
char const *const * next
Next profile DN to search for (search_mode = seq).
Holds state of in progress async profile lookups.
#define RDEBUG_ENABLED2()
fr_dict_attr_t const * request_attr_request
@ LDAP_PROFILE_SEARCH_MODE_AUTO
Resolved at instantiation, LDAP_PROFILE_SEARCH_MODE_BULK when server side sorting is configured and t...
@ LDAP_PROFILE_SEARCH_MODE_BULK
A single search retrieving every profile object, applied in result order.
@ LDAP_PROFILE_SEARCH_MODE_SEQ
One search per profile DN, applied in list order.
struct rlm_ldap_t::@178 profile
char const * valuepair_attr
Generic dynamic mapping attribute, contains a RADIUS attribute and value.
#define FR_SBUFF_IN(_start, _len_or_end)
tmpl_attr_rules_t attr
Rules/data for parsing attribute references.
Optional arguments passed to vp_tmpl functions.
eap_aka_sim_process_conf_t * inst
fr_dict_t const * dict_def
Default dictionary to use with unqualified attribute references.
static size_t talloc_strlen(char const *s)
Returns the length of a talloc array containing a string.
int unlang_xlat_eval(TALLOC_CTX *ctx, fr_value_box_list_t *out, request_t *request, xlat_exp_head_t const *xlat)
Evaluate a "pure" (or not impure) xlat.
bool xlat_impure_func(xlat_exp_head_t const *head)
fr_slen_t xlat_tokenize_expression(TALLOC_CTX *ctx, xlat_exp_head_t **head, fr_sbuff_t *in, fr_sbuff_parse_rules_t const *p_rules, tmpl_rules_t const *t_rules))
#define fr_strerror_const(_msg)
bool fr_value_box_is_truthy(fr_value_box_t const *in)
Check truthiness of values.