Check for, and fix, misconfigurations. Fixes #1292

If there's no group membership query, don't do group handling.
And warn the user that the configuration is broken.

diff --git a/src/modules/rlm_sql/rlm_sql.c b/src/modules/rlm_sql/rlm_sql.c
index 6531bb1..5b53953 100644 (file)
--- a/src/modules/rlm_sql/rlm_sql.c
+++ b/src/modules/rlm_sql/rlm_sql.c
@@ -582,6 +582,14 @@ static int sql_groupcmp(void *instance, REQUEST *request, UNUSED VALUE_PAIR *req
        rlm_sql_t *inst = instance;
        rlm_sql_grouplist_t *head, *entry;
 
+       /*
+        *      No group queries, don't do group comparisons.
+        */
+       if (!inst->config->groupmemb_query) {
+               RWARN("Cannot do group comparison when group_membership_query is not set");
+               return 1;
+       }
+
        RDEBUG("sql_groupcmp");
 
        if (check->vp_length == 0){
@@ -643,6 +651,19 @@ static rlm_rcode_t rlm_sql_process_groups(rlm_sql_t *inst, REQUEST *request, rlm
 
        rad_assert(request->packet != NULL);
 
+       if (!inst->config->groupmemb_query) {
+               RWARN("Cannot do check groups when group_membership_query is not set");
+
+       do_nothing:
+               *do_fall_through = FALL_THROUGH_DEFAULT;
+
+               /*
+                *      Didn't add group attributes or allocate
+                *      memory, so don't do anything else.
+                */
+               return RLM_MODULE_NOTFOUND;
+       }
+
        /*
         *      Get the list of groups this user is a member of
         */
@@ -654,10 +675,7 @@ static rlm_rcode_t rlm_sql_process_groups(rlm_sql_t *inst, REQUEST *request, rlm
        }
        if (rows == 0) {
                RDEBUG2("User not found in any groups");
-               rcode = RLM_MODULE_NOTFOUND;
-               *do_fall_through = FALL_THROUGH_DEFAULT;
-
-               goto finish;
+               goto do_nothing;
        }
        rad_assert(head);
 
@@ -925,6 +943,12 @@ do { \
                        WARN("rlm_sql (%s): Ignoring authorize_group_check_query as group_membership_query "
                             "is not configured", inst->name);
                }
+
+               if (!inst->config->read_groups) {
+                       WARN("rlm_sql (%s): Ignoring read_groups as group_membership_query "
+                            "is not configured", inst->name);
+                       inst->config->read_groups = false;
+               }
        } /* allow the group check / reply queries to be NULL */
 
        /*