24 #include <freeradius-devel/curl/base.h>
25 #include <freeradius-devel/curl/xlat.h>
27 #include <freeradius-devel/tls/base.h>
30 #include <freeradius-devel/util/talloc.h>
31 #include <freeradius-devel/unlang/xlat_func.h>
50 {
L(
"allow"), CURLUSESSL_TRY },
51 {
L(
"demand"), CURLUSESSL_ALL },
52 {
L(
"never"), CURLUSESSL_NONE },
100 #if !CURL_AT_LEAST_VERSION(7,84,0)
116 CURL *candle = randle->
candle;
131 struct curl_slist *to_info;
132 struct curl_certinfo *to_certinfo;
138 ret = curl_easy_getinfo(candle, CURLINFO_CERTINFO, &ptr.to_info);
139 if (ret != CURLE_OK) {
140 REDEBUG(
"Getting certificate info failed: %i - %s", ret, curl_easy_strerror(ret));
150 if (ptr.to_certinfo->num_of_certs == 0)
return 0;
152 RDEBUG2(
"Chain has %i certificate(s)", ptr.to_certinfo->num_of_certs);
153 for (i = 0; i < ptr.to_certinfo->num_of_certs; i++) {
154 struct curl_slist *cert_attrs;
160 RDEBUG2(
"Processing certificate %i",i);
162 for (cert_attrs = ptr.to_certinfo->certinfo[i];
164 cert_attrs = cert_attrs->next) {
168 q = strchr(cert_attrs->data,
':');
170 RWDEBUG(
"Malformed certinfo from libcurl: %s", cert_attrs->data);
174 strlcpy(
buffer, cert_attrs->data, (q - cert_attrs->data) + 1);
175 for (p =
buffer; *p !=
'\0'; p++)
if (*p ==
' ') *p =
'-';
180 RDEBUG3(
"If this value is required, define attribute \"%s\"",
buffer);
208 curl_easy_cleanup(arg);
224 static _Thread_local CURL *t_candle;
229 MEM(candle = curl_easy_init());
244 curl_version_info_data *curlversion;
252 if (fr_openssl_init() < 0)
return -1;
256 PERROR(
"Failed loading dictionaries for curl");
261 PERROR(
"Failed loading dictionaries for curl");
265 ret = curl_global_init(CURL_GLOBAL_ALL);
266 if (ret != CURLE_OK) {
267 ERROR(
"CURL init returned error: %i - %s", ret, curl_easy_strerror(ret));
273 curlversion = curl_version_info(CURLVERSION_NOW);
274 if (strcmp(LIBCURL_VERSION, curlversion->version) != 0) {
275 WARN(
"libcurl version changed since the server was built");
276 WARN(
"linked: %s built: %s", curlversion->version, LIBCURL_VERSION);
279 INFO(
"libcurl version: %s", curl_version());
290 ERROR(
"Failed registering \"uri.escape\" xlat");
303 ERROR(
"Failed registering \"uri.safe\" xlat");
315 ERROR(
"Failed registering \"uri.unescape\" xlat");
332 curl_global_cleanup();
static int const char char buffer[256]
#define fr_atexit_thread_local(_name, _free, _uctx)
#define L(_str)
Helper for initialising arrays of string literals.
int cf_table_parse_int(UNUSED TALLOC_CTX *ctx, void *out, UNUSED void *parent, CONF_ITEM *ci, conf_parser_t const *rule)
Generic function for parsing conf pair values as int.
#define CONF_PARSER_TERMINATOR
#define FR_CONF_OFFSET(_name, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
#define FR_CONF_OFFSET_FLAGS(_name, _flags, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
#define FR_CONF_OFFSET_SUBSECTION(_name, _flags, _struct, _field, _subcs)
conf_parser_t which populates a sub-struct using a CONF_SECTION
@ CONF_FLAG_SECRET
Only print value if debug level >= 3.
@ CONF_FLAG_FILE_INPUT
File matching value must exist, and must be readable.
#define FR_CONF_OFFSET_TYPE_FLAGS(_name, _type, _flags, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Defines a CONF_PAIR to C data type mapping.
#define FR_CURL_ROPTIONAL_SET_OPTION(_x, _y)
request_t * request
Current request.
CURL * candle
Request specific handle.
Structure representing an individual request being passed to curl for processing.
xlat_action_t fr_curl_xlat_uri_escape(UNUSED TALLOC_CTX *ctx, UNUSED fr_dcursor_t *out, UNUSED xlat_ctx_t const *xctx, UNUSED request_t *request, fr_value_box_list_t *in)
xlat function to escape URI encoded strings
xlat_arg_parser_t const fr_curl_xlat_uri_args[]
xlat_arg_parser_t const fr_curl_xlat_safe_args[]
xlat_action_t fr_curl_xlat_uri_unescape(UNUSED TALLOC_CTX *ctx, UNUSED fr_dcursor_t *out, UNUSED xlat_ctx_t const *xctx, UNUSED request_t *request, fr_value_box_list_t *in)
xlat function to unescape URI encoded strings
#define CURL_URI_SAFE_FOR
safe for value suitable for all users of the curl library
#define fr_dict_autofree(_to_free)
fr_dict_attr_t const * fr_dict_attr_by_name(fr_dict_attr_err_t *err, fr_dict_attr_t const *parent, char const *attr))
Locate a fr_dict_attr_t by its name.
fr_dict_attr_t const ** out
Where to write a pointer to the resolved fr_dict_attr_t.
fr_dict_t const ** out
Where to write a pointer to the loaded/resolved fr_dict_t.
int fr_dict_attr_autoload(fr_dict_attr_autoload_t const *to_load)
Process a dict_attr_autoload element to load/verify a dictionary attribute.
#define fr_dict_autoload(_to_load)
Specifies an attribute which must be present for the module to function.
Specifies a dictionary which must be loaded/loadable for the module to function.
char const * name
Name of library and section within global config.
Structure to define how to initialise libraries with global configuration.
static fr_table_num_sorted_t const fr_curl_sslcode_table[]
static fr_dict_t const * dict_freeradius
int fr_curl_response_certinfo(request_t *request, fr_curl_io_request_t *randle)
static size_t fr_curl_sslcode_table_len
static int fr_curl_init(void)
Initialise global curl options.
static conf_parser_t reuse_curl_conn_config[]
int fr_curl_easy_tls_init(fr_curl_io_request_t *randle, fr_curl_tls_t const *conf)
fr_dict_attr_t const * attr_tls_certificate
Attribute definitions for lib curl.
global_lib_autoinst_t fr_curl_autoinst
static void fr_curl_free(void)
conf_parser_t fr_curl_conn_config[]
fr_dict_attr_autoload_t curl_attr[]
CURL * fr_curl_tmp_handle(void)
Return a thread local curl easy handle.
conf_parser_t fr_curl_tls_config[]
static fr_dict_autoload_t curl_dict[]
static int _curl_tmpl_handle(void *arg)
Free the curl easy handle.
void log_request_pair_list(fr_log_lvl_t lvl, request_t *request, fr_pair_t const *parent, fr_pair_list_t const *vps, char const *prefix)
Print a fr_pair_list_t.
@ L_DBG_LVL_2
2nd highest priority debug messages (-xx | -X).
@ FR_TYPE_TLV
Contains nested attributes.
@ FR_TYPE_STRING
String of printable characters.
fr_pair_t * fr_pair_afrom_da(TALLOC_CTX *ctx, fr_dict_attr_t const *da)
Dynamically allocate a new attribute and assign a fr_dict_attr_t.
int fr_pair_append(fr_pair_list_t *list, fr_pair_t *to_add)
Add a VP to the end of the list.
void fr_pair_list_init(fr_pair_list_t *list)
Initialise a pair list header.
int fr_pair_value_from_str(fr_pair_t *vp, char const *value, size_t inlen, fr_sbuff_unescape_rules_t const *uerules, bool tainted)
Convert string value to native attribute value.
Tuneable parameters for slabs.
MEM(pair_append_request(&vp, attr_eap_aka_sim_identity) >=0)
size_t strlcpy(char *dst, char const *src, size_t siz)
Stores an attribute, a value and various bits of other data.
An element in a lexicographically sorted array of name to num mappings.
xlat_action_t xlat_transparent(UNUSED TALLOC_CTX *ctx, fr_dcursor_t *out, UNUSED xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *args)
bool fr_pair_list_empty(fr_pair_list_t const *list)
Is a valuepair list empty.
void fr_pair_list_append(fr_pair_list_t *dst, fr_pair_list_t *src)
Appends a list of fr_pair_t from a temporary list to a destination list.
void xlat_func_flags_set(xlat_t *x, xlat_func_flags_t flags)
Specify flags that alter the xlat's behaviour.
int xlat_func_args_set(xlat_t *x, xlat_arg_parser_t const args[])
Register the arguments of an xlat.
xlat_t * xlat_func_register(TALLOC_CTX *ctx, char const *name, xlat_func_t func, fr_type_t return_type)
Register an xlat function.
void xlat_func_unregister(char const *name)
Unregister an xlat function.
#define xlat_func_safe_for_set(_xlat, _escaped)
Set the escaped values for output boxes.