#include <freeradius-devel/server/base.h>
#include <freeradius-devel/server/stats.h>
#include <freeradius-devel/server/util.h>
#include <freeradius-devel/util/debug.h>
#include <freeradius-devel/util/base16.h>
#include <freeradius-devel/util/misc.h>
#include <freeradius-devel/util/perm.h>
#include <ctype.h>
#include <fcntl.h>
#include <signal.h>
#include <sys/stat.h>
Go to the source code of this file.
|
| char * | rad_ajoin (TALLOC_CTX *ctx, char const **argv, int argc, char c) |
| | talloc a buffer to hold the concatenated value of all elements of argv More...
|
| |
| static int | rad_copy_string (char *to, char const *from) |
| |
| static int | rad_copy_string_bare (char *to, char const *from) |
| |
| static int | rad_copy_variable (char *to, char const *from) |
| |
| int | rad_expand_xlat (request_t *request, char const *cmd, int max_argc, char const *argv[], bool can_fail, size_t argv_buflen, char *argv_buf) |
| | Split string into words and expand each one. More...
|
| |
| int | rad_filename_box_escape (fr_value_box_t *vb, UNUSED void *uxtc) |
| |
| int | rad_filename_box_make_safe (fr_value_box_t *vb, UNUSED void *uxtc) |
| |
| size_t | rad_filename_escape (UNUSED request_t *request, char *out, size_t outlen, char const *in, UNUSED void *arg) |
| | Escapes the raw string such that it should be safe to use as part of a file path. More...
|
| |
| size_t | rad_filename_make_safe (UNUSED request_t *request, char *out, size_t outlen, char const *in, UNUSED void *arg) |
| | Ensures that a filename cannot walk up the directory structure. More...
|
| |
| ssize_t | rad_filename_unescape (char *out, size_t outlen, char const *in, size_t inlen) |
| | Converts data stored in a file name back to its original form. More...
|
| |
| uint32_t | rad_pps (uint32_t *past, uint32_t *present, time_t *then, struct timeval *now) |
| |
| int | rad_segid (gid_t gid) |
| | Alter the effective user id. More...
|
| |
| int | rad_seuid (uid_t uid) |
| | Alter the effective user id. More...
|
| |
| void | rad_suid_down (void) |
| |
| void | rad_suid_down_permanent (void) |
| |
| bool | rad_suid_is_down_permanent (void) |
| | Return whether we've permanently dropped root privileges. More...
|
| |
| void | rad_suid_set_down_uid (uid_t uid) |
| |
| void | rad_suid_up (void) |
| |
◆ rad_ajoin()
| char* rad_ajoin |
( |
TALLOC_CTX * |
ctx, |
|
|
char const ** |
argv, |
|
|
int |
argc, |
|
|
char |
c |
|
) |
| |
talloc a buffer to hold the concatenated value of all elements of argv
- Parameters
-
| ctx | to allocate buffer in. |
| argv | array of substrings. |
| argc | length of array. |
| c | separation character. Optional, may be '\0' for no separator. |
- Returns
- the concatenation of the elements of argv, separated by c.
Definition at line 396 of file util.c.
◆ rad_copy_string()
| static int rad_copy_string |
( |
char * |
to, |
|
|
char const * |
from |
|
) |
| |
|
static |
◆ rad_copy_string_bare()
| static int rad_copy_string_bare |
( |
char * |
to, |
|
|
char const * |
from |
|
) |
| |
|
static |
◆ rad_copy_variable()
| static int rad_copy_variable |
( |
char * |
to, |
|
|
char const * |
from |
|
) |
| |
|
static |
◆ rad_expand_xlat()
| int rad_expand_xlat |
( |
request_t * |
request, |
|
|
char const * |
cmd, |
|
|
int |
max_argc, |
|
|
char const * |
argv[], |
|
|
bool |
can_fail, |
|
|
size_t |
argv_buflen, |
|
|
char * |
argv_buf |
|
) |
| |
Split string into words and expand each one.
- Parameters
-
| request | Current request. |
| cmd | string to split. |
| max_argc | the maximum number of arguments to split into. |
| argv | Where to write the pointers into argv_buf. |
| can_fail | If false, stop processing if any of the xlat expansions fail. |
| argv_buflen | size of argv_buf. |
| argv_buf | temporary buffer we used to mangle/expand cmd. Pointers to offsets of this buffer will be written to argv. |
- Returns
- argc or -1 on failure.
Definition at line 597 of file util.c.
◆ rad_filename_box_escape()
◆ rad_filename_box_make_safe()
◆ rad_filename_escape()
Escapes the raw string such that it should be safe to use as part of a file path.
This function is designed to produce a string that's still readable but portable across the majority of file systems.
For security reasons it cannot remove characters from the name, and must not allow collisions to occur between different strings.
With that in mind '-' has been chosen as the escape character, and will be double escaped '-' -> '–' to avoid collisions.
Escaping should be reversible if the original string needs to be extracted.
- Note
- function takes additional arguments so that it may be used as an xlat escape function but it's fine to call it directly.
-
OSX/Unix/NTFS/VFAT have a max filename size of 255 bytes.
- Parameters
-
| request | Current request (may be NULL). |
| out | Output buffer. |
| outlen | Size of the output buffer. |
| in | string to escape. |
| arg | Context arguments (unused, should be NULL). |
Definition at line 214 of file util.c.
◆ rad_filename_make_safe()
Ensures that a filename cannot walk up the directory structure.
Also sanitizes control chars.
- Parameters
-
| request | Current request (may be NULL). |
| out | Output buffer. |
| outlen | Size of the output buffer. |
| in | string to escape. |
| arg | Context arguments (unused, should be NULL). |
Definition at line 94 of file util.c.
◆ rad_filename_unescape()
Converts data stored in a file name back to its original form.
- Parameters
-
| out | Where to write the unescaped string (may be the same as in). |
| outlen | Length of the output buffer. |
| in | Input filename. |
| inlen | Length of input. |
- Returns
- Number of bytes written to output buffer
- offset where parse error occurred on failure.
Definition at line 334 of file util.c.
◆ rad_pps()
◆ rad_segid()
| int rad_segid |
( |
gid_t |
gid | ) |
|
Alter the effective user id.
- Parameters
-
- Returns
- 0 on success.
- -1 on failure.
Definition at line 949 of file util.c.
◆ rad_seuid()
| int rad_seuid |
( |
uid_t |
uid | ) |
|
Alter the effective user id.
- Parameters
-
- Returns
- 0 on success.
- -1 on failure.
Definition at line 927 of file util.c.
◆ rad_suid_down()
| void rad_suid_down |
( |
void |
| ) |
|
◆ rad_suid_down_permanent()
| void rad_suid_down_permanent |
( |
void |
| ) |
|
◆ rad_suid_is_down_permanent()
| bool rad_suid_is_down_permanent |
( |
void |
| ) |
|
Return whether we've permanently dropped root privileges.
- Returns
- true if root privileges have been dropped.
- false if root privileges have not been dropped.
Definition at line 915 of file util.c.
◆ rad_suid_set_down_uid()
| void rad_suid_set_down_uid |
( |
uid_t |
uid | ) |
|
◆ rad_suid_up()
| void rad_suid_up |
( |
void |
| ) |
|
◆ reset_signal
| void(*)(int) reset_signal(int signo, void(*func)(int)) |
( |
int |
signo, |
|
|
void(*)(int) |
func |
|
) |
| |
◆ suid_down_permanent
Record whether we've permanently dropped privilledges.
Definition at line 39 of file util.c.
Include dependency graph for util.c:
1.9.1