Add more sanity checks to rlm_sql

FreeRADIUS · Nov 28, 2014 · e5bd0c8 · e5bd0c8
1 parent 306d0a0
commit e5bd0c8
Showing 1 changed file with 33 additions and 8 deletions.
diff --git a/src/modules/rlm_sql/rlm_sql.c b/src/modules/rlm_sql/rlm_sql.c
@@ -871,6 +871,39 @@ static int mod_instantiate(CONF_SECTION *conf, void *instance)
 	CHECK_STRING(authorize_group_check_query);
 	CHECK_STRING(authorize_group_reply_query);
 
+	/*
+	 *	Sanity check for crazy people.
+	 */
+	if (strncmp(inst->config->sql_driver_name, "rlm_sql_", 8) != 0) {
+		ERROR("rlm_sql (%s): \"%s\" is NOT an SQL driver!", inst->config->xlat_name, inst->config->sql_driver_name);
+		return -1;
+	}
+
+	/*
+	 *	We need authorize_group_check_query or authorize_group_reply_query
+	 *	if group_membership_query is set.
+	 *
+	 *	Or we need group_membership_query if authorize_group_check_query or
+	 *	authorize_group_reply_query is set.
+	 */
+	if (!inst->config->groupmemb_query) {
+		if (inst->config->authorize_group_check_query) {
+			ERROR("rlm_sql (%s): group_membership_query must be set if authorize_group_check_query is set",
+			      inst->config->xlat_name);
+			return -1;
+		} else if (inst->config->authorize_group_reply_query) {
+			ERROR("rlm_sql (%s): group_membership_query must be set if authorize_group_reply_query is set",
+			      inst->config->xlat_name);
+			return -1;
+		}
+	} else {
+		if (!inst->config->authorize_group_check_query && !inst->config->authorize_group_reply_query) {
+			ERROR("rlm_sql (%s): authorize_group_check_query or authorize_group_reply_query "
+		      	      "must be set if group_membership_query is set", inst->config->xlat_name);
+			return -1;
+		}
+	}
+
 	/*
 	 *	This will always exist, as cf_section_parse_init()
 	 *	will create it if it doesn't exist.  However, the
@@ -907,14 +940,6 @@ static int mod_instantiate(CONF_SECTION *conf, void *instance)
 	 */
 	xlat_register(inst->config->xlat_name, sql_xlat, sql_escape_func, inst);
 
-	/*
-	 *	Sanity check for crazy people.
-	 */
-	if (strncmp(inst->config->sql_driver_name, "rlm_sql_", 8) != 0) {
-		ERROR("rlm_sql (%s): \"%s\" is NOT an SQL driver!", inst->config->xlat_name, inst->config->sql_driver_name);
-		return -1;
-	}
-
 	/*
 	 *	Load the appropriate driver for our database
 	 */