Skip to content

Commit af7bdcf

Browse files
ndptechndptech
committed
Use expression evaluation in place of map for LDAP profile condition
1 parent 2b8351c commit af7bdcf

File tree

1 file changed

+16
-13
lines changed

1 file changed

+16
-13
lines changed

src/lib/ldap/map.c

Lines changed: 16 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -354,39 +354,42 @@ int fr_ldap_map_do(request_t *request, char const *check_attr,
354354
count = ldap_count_values_len(values);
355355

356356
for (i = 0; i < count; i++) {
357-
map_t *check = NULL;
358-
char *value = fr_ldap_berval_to_string(request, values[i]);
357+
char *value = fr_ldap_berval_to_string(request, values[i]);
358+
xlat_exp_head_t *cond_expr = NULL;
359+
fr_value_box_list_t res;
359360

360361
RDEBUG3("Parsing condition %s", value);
361-
if (map_afrom_attr_str(request, &check, value, &parse_rules, &parse_rules) < 0) {
362+
363+
if (xlat_tokenize_expression(request, &cond_expr,
364+
&FR_SBUFF_IN(value, talloc_array_length(value) - 1),
365+
NULL, &parse_rules) < 0) {
362366
RPEDEBUG("Failed parsing '%s' value \"%s\"", check_attr, value);
363367
fail:
364368
applied = -1;
365369
free:
366-
talloc_free(check);
370+
talloc_free(cond_expr);
367371
talloc_free(value);
368372
ldap_value_free_len(values);
369373
return applied;
370374
}
371375

372-
if (!fr_comparison_op[check->op]) {
373-
REDEBUG("Invalid operator '%s'", fr_tokens[check->op]);
376+
if (xlat_impure_func(cond_expr)) {
377+
fr_strerror_const("Condition expression cannot depend on functions which call external databases");
374378
goto fail;
375379
}
376380

377-
if (fr_type_is_structural(tmpl_attr_tail_da(check->lhs)->type) &&
378-
(check->op != T_OP_CMP_TRUE) && (check->op != T_OP_CMP_FALSE)) {
379-
REDEBUG("Invalid comparison for structural type");
381+
RDEBUG2("Checking condition %s", value);
382+
fr_value_box_list_init(&res);
383+
if (unlang_xlat_eval(request, &res, request, cond_expr) < 0) {
384+
RPEDEBUG("Failed evaluating condition");
380385
goto fail;
381386
}
382-
383-
RDEBUG2("Checking condition %s %s %s", check->lhs->name, fr_tokens[check->op], check->rhs->name);
384-
if (radius_legacy_map_cmp(request, check) != 1) {
387+
if (!fr_value_box_list_head(&res) || !fr_value_box_is_truthy(fr_value_box_list_head(&res))) {
385388
RDEBUG2("Failed match: skipping this profile");
386389
goto free;
387390
}
388391
talloc_free(value);
389-
talloc_free(check);
392+
talloc_free(cond_expr);
390393
}
391394
ldap_value_free_len(values);
392395
}

0 commit comments

Comments
 (0)