static int generate_sql_clients(rlm_sql_t *inst)
{
rlm_sql_handle_t *handle;
rlm_sql_row_t row;
unsigned int i = 0;
RADCLIENT *c;
DEBUG("rlm_sql (%s): Processing generate_sql_clients",
inst->config->xlat_name);
DEBUG("rlm_sql (%s) in generate_sql_clients: query is %s",
inst->config->xlat_name, inst->config->client_query);
handle = sql_get_socket(inst);
if (!handle) {
return -1;
}
if (rlm_sql_select_query(&handle, inst, inst->config->client_query)){
return -1;
}
while((rlm_sql_fetch_row(&handle, inst) == 0) && (row = handle->row)) {
char *server = NULL;
i++;
/*
* The return data for each row MUST be in the following order:
*
* 0. Row ID (currently unused)
* 1. Name (or IP address)
* 2. Shortname
* 3. Type
* 4. Secret
* 5. Virtual Server (optional)
*/
if (!row[0]){
ERROR("rlm_sql (%s): No row id found on pass %d",inst->config->xlat_name,i);
continue;
}
if (!row[1]){
ERROR("rlm_sql (%s): No nasname found for row %s",inst->config->xlat_name,row[0]);
continue;
}
if (!row[2]){
ERROR("rlm_sql (%s): No short name found for row %s",inst->config->xlat_name,row[0]);
continue;
}
if (!row[4]){
ERROR("rlm_sql (%s): No secret found for row %s",inst->config->xlat_name,row[0]);
continue;
}
if (((inst->module->sql_num_fields)(handle, inst->config) > 5) && (row[5] != NULL) && *row[5]) {
server = row[5];
}
DEBUG("rlm_sql (%s): Adding client %s (%s) to %s clients list",
inst->config->xlat_name,
row[1], row[2], server ? server : "global");
/* FIXME: We should really pass a proper ctx */
c = client_from_query(NULL,
row[1], /* identifier */
row[4], /* secret */
row[2], /* shortname */
row[3], /* type */
server, /* server */
false); /* require message authenticator */
if (!c) {
continue;
}
if (!client_add(NULL, c)) {
WARN("Failed to add client, possible duplicate?");
client_free(c);
continue;
}
DEBUG("rlm_sql (%s): Client \"%s\" (%s) added", c->longname, c->shortname,
inst->config->xlat_name);
}
(inst->module->sql_finish_select_query)(handle, inst->config);
sql_release_socket(inst, handle);
return 0;
}
/** Load clients from LDAP on server start
*
* @param[in] inst rlm_ldap configuration.
* @return -1 on error else 0.
*/
int rlm_ldap_load_clients(ldap_instance_t const *inst)
{
int ret = 0;
ldap_rcode_t status;
ldap_handle_t *conn = NULL;
/* This needs to be updated if additional attributes need to be retrieved */
char const *attrs[7];
char const **attrs_p;
LDAPMessage *result = NULL;
LDAPMessage *entry;
RADCLIENT *c;
LDAP_DBG("Loading dynamic clients");
/*
* Basic sanity checks.
*/
if (!inst->clientobj_identifier) {
LDAP_ERR("Told to load clients but 'client.identifier_attribute' not specified");
return -1;
}
if (!inst->clientobj_secret) {
LDAP_ERR("Told to load clients but 'client.secret_attribute' not specified");
return -1;
}
if (!inst->clientobj_base_dn) {
LDAP_ERR("Told to load clients but 'client.base_dn' not specified");
return -1;
}
if (!inst->clientobj_filter) {
LDAP_ERR("Told to load clients but 'client.filter' not specified");
return -1;
}
/*
* Construct the attribute array
*/
attrs[0] = inst->clientobj_identifier;
attrs[1] = inst->clientobj_secret;
attrs_p = attrs + 2;
if (inst->clientobj_shortname) { /* 2 */
*attrs_p++ = inst->clientobj_shortname;
}
if (inst->clientobj_type) { /* 3 */
*attrs_p++ = inst->clientobj_type;
}
if (inst->clientobj_server) { /* 4 */
*attrs_p++ = inst->clientobj_server;
}
if (inst->clientobj_require_ma) { /* 5 */
*attrs_p++ = inst->clientobj_require_ma;
}
*attrs_p = NULL; /* 6 - array needs to be NULL terminated */
conn = rlm_ldap_get_socket(inst, NULL);
if (!conn) return -1;
/*
* Perform all searches as the admin user.
*/
if (conn->rebound) {
status = rlm_ldap_bind(inst, NULL, &conn, inst->admin_dn, inst->password, true);
if (status != LDAP_PROC_SUCCESS) {
return -1;
}
rad_assert(conn);
conn->rebound = false;
}
status = rlm_ldap_search(inst, NULL, &conn, inst->clientobj_base_dn, inst->clientobj_scope,
inst->clientobj_filter, attrs, &result);
switch (status) {
case LDAP_PROC_SUCCESS:
break;
case LDAP_PROC_NO_RESULT:
LDAP_INFO("No clients were found in the directory");
return 0;
default:
return -1;
}
rad_assert(conn);
entry = ldap_first_entry(conn->handle, result);
if (!entry) {
int ldap_errno;
ldap_get_option(conn->handle, LDAP_OPT_RESULT_CODE, &ldap_errno);
LDAP_ERR("Failed retrieving entry: %s", ldap_err2string(ldap_errno));
ret = -1;
goto finish;
}
do {
char *dn;
char **identifier = NULL;
char **shortname = NULL;
char **secret = NULL;
char **type = NULL;
char **server = NULL;
char **require_ma = NULL;
dn = ldap_get_dn(conn->handle, entry);
/*
* Check for the required attributes first
*/
identifier = ldap_get_values(conn->handle, entry, inst->clientobj_identifier);
if (!identifier) {
LDAP_WARN("Client \"%s\" missing required attribute 'identifier', skipping...", dn);
goto next;
}
secret = ldap_get_values(conn->handle, entry, inst->clientobj_secret);
if (!secret) {
LDAP_WARN("Client \"%s\" missing required attribute 'secret', skipping...", dn);
goto next;
}
if (inst->clientobj_shortname) {
shortname = ldap_get_values(conn->handle, entry, inst->clientobj_shortname);
if (!shortname) {
LDAP_DBG("Client \"%s\" missing optional attribute 'shortname'", dn);
}
}
if (inst->clientobj_type) {
type = ldap_get_values(conn->handle, entry, inst->clientobj_type);
if (!type) {
LDAP_DBG("Client \"%s\" missing optional attribute 'type'", dn);
}
}
if (inst->clientobj_server) {
server = ldap_get_values(conn->handle, entry, inst->clientobj_server);
if (!server) {
LDAP_DBG("Client \"%s\" missing optional attribute 'server'", dn);
}
}
if (inst->clientobj_require_ma) {
require_ma = ldap_get_values(conn->handle, entry, inst->clientobj_require_ma);
if (!require_ma) {
LDAP_DBG("Client \"%s\" missing optional attribute 'require_ma'", dn);
}
}
/* FIXME: We should really pass a proper ctx */
c = client_from_query(NULL,
identifier[0],
secret[0],
shortname ? shortname[0] : NULL,
type ? type[0] : NULL,
server ? server[0] : NULL,
require_ma ? strncmp(require_ma[0], "true", 4) == 0 : false);
if (!c) {
goto next;
}
if (!client_add(NULL, c)) {
WARN("Failed to add client, possible duplicate?");
client_free(c);
goto next;
}
LDAP_DBG("Client \"%s\" added", dn);
next:
ldap_memfree(dn);
if (identifier) ldap_value_free(identifier);
if (shortname) ldap_value_free(shortname);
if (secret) ldap_value_free(secret);
if (type) ldap_value_free(type);
if (server) ldap_value_free(server);
} while((entry = ldap_next_entry(conn->handle, entry)));
finish:
if (result) {
ldap_msgfree(result);
}
return ret;
}
