{ "password", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_SECRET, rlm_sql_config_t, sql_password), "" },
{ "radius_db", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_sql_config_t, sql_db), "radius" },
{ "read_groups", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_sql_config_t, read_groups), "yes" },
+ { "read_profiles", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_sql_config_t, read_profiles), "yes" },
{ "readclients", FR_CONF_OFFSET(PW_TYPE_BOOLEAN | PW_TYPE_DEPRECATED, rlm_sql_config_t, do_clients), NULL },
{ "read_clients", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_sql_config_t, do_clients), "no" },
{ "deletestalesessions", FR_CONF_OFFSET(PW_TYPE_BOOLEAN | PW_TYPE_DEPRECATED, rlm_sql_config_t, deletestalesessions), NULL },
/*
* Fall-Through checking function from rlm_files.c
*/
-static int fallthrough(VALUE_PAIR *vp)
+static sql_fall_through_t fall_through(VALUE_PAIR *vp)
{
VALUE_PAIR *tmp;
tmp = pairfind(vp, PW_FALL_THROUGH, 0, TAG_ANY);
- return tmp ? tmp->vp_integer : 0;
+ return tmp ? tmp->vp_integer : FALL_THROUGH_DEFAULT;
}
/*
}
static rlm_rcode_t rlm_sql_process_groups(rlm_sql_t *inst, REQUEST *request, rlm_sql_handle_t **handle,
- bool *dofallthrough)
+ sql_fall_through_t *do_fall_through)
{
rlm_rcode_t rcode = RLM_MODULE_NOOP;
VALUE_PAIR *check_tmp = NULL, *reply_tmp = NULL, *sql_group = NULL;
RDEBUG2("User found in the group table");
- for (entry = head; entry != NULL && (*dofallthrough != 0); entry = entry->next) {
+ for (entry = head; entry != NULL && (*do_fall_through == FALL_THROUGH_YES); entry = entry->next) {
/*
* Add the Sql-Group attribute to the request list so we know
* which group we're retrieving attributes for
goto finish;
}
- *dofallthrough = fallthrough(reply_tmp);
+ *do_fall_through = fall_through(reply_tmp);
RDEBUG2("Group \"%s\" reply items processed", entry->name);
rcode = RLM_MODULE_OK;
}
-static rlm_rcode_t CC_HINT(nonnull) mod_authorize(void *instance, REQUEST * request)
+static rlm_rcode_t CC_HINT(nonnull) mod_authorize(void *instance, REQUEST *request)
{
rlm_rcode_t rcode = RLM_MODULE_NOOP;
VALUE_PAIR *user_profile = NULL;
bool user_found = false;
- bool dofallthrough = true;
+
+ sql_fall_through_t do_fall_through = FALL_THROUGH_DEFAULT;
+
int rows;
char *expanded = NULL;
rad_assert(request->reply != NULL);
/*
- * Set, escape, and check the user attr here
+ * Set, escape, and check the user attr here
*/
if (sql_set_user(inst, request, NULL) < 0) {
return RLM_MODULE_FAIL;
if (rows == 0) goto skipreply;
- if (!inst->config->read_groups) {
- dofallthrough = fallthrough(reply_tmp);
- }
+ do_fall_through = fall_through(reply_tmp);
RDEBUG2("User found in radreply table");
user_found = true;
}
skipreply:
- /*
- * dofallthrough is set to 1 by default so that if the user information
- * is not found, we will still process groups. If the user information,
- * however, *is* found, Fall-Through must be set in order to process
- * the groups as well.
- */
- if (dofallthrough) {
+ if ((do_fall_through == FALL_THROUGH_YES) ||
+ (inst->config->read_groups && (do_fall_through == FALL_THROUGH_DEFAULT))) {
rlm_rcode_t ret;
RDEBUG3("... falling-through to group processing");
- ret = rlm_sql_process_groups(inst, request, &handle, &dofallthrough);
+ ret = rlm_sql_process_groups(inst, request, &handle, &do_fall_through);
switch (ret) {
/*
* Nothing bad happened, continue...
/*
* Repeat the above process with the default profile or User-Profile
*/
- if (dofallthrough) {
+ if ((do_fall_through == FALL_THROUGH_YES) ||
+ (inst->config->read_profiles && (do_fall_through == FALL_THROUGH_DEFAULT))) {
rlm_rcode_t ret;
/*
goto error;
}
- ret = rlm_sql_process_groups(inst, request, &handle, &dofallthrough);
+ ret = rlm_sql_process_groups(inst, request, &handle, &do_fall_through);
switch (ret) {
/*
* Nothing bad happened, continue...