The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
cf_file.c
Go to the documentation of this file.
1/*
2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or
5 * (at your option) any later version.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17/**
18 * $Id: 0207c8399ec5a9c196cf4d9ffd3cc7f4299c8aa9 $
19 * @file cf_file.c
20 * @brief Read the radiusd.conf file.
21 *
22 * @note Yep I should learn to use lex & yacc, or at least
23 * write a decent parser. I know how to do that, really :)
24 * miquels@cistron.nl
25 *
26 * @copyright 2017 Arran Cudbard-Bell (a.cudbardb@freeradius.org)
27 * @copyright 2000,2006 The FreeRADIUS server project
28 * @copyright 2000 Miquel van Smoorenburg (miquels@cistron.nl)
29 * @copyright 2000 Alan DeKok (aland@freeradius.org)
30 */
31RCSID("$Id: 0207c8399ec5a9c196cf4d9ffd3cc7f4299c8aa9 $")
32
33#include <sys/errno.h>
34
35#include <freeradius-devel/server/cf_file.h>
36#include <freeradius-devel/server/cf_priv.h>
37#include <freeradius-devel/server/log.h>
38#include <freeradius-devel/server/tmpl.h>
39#include <freeradius-devel/server/util.h>
40#include <freeradius-devel/server/virtual_servers.h>
41#include <freeradius-devel/util/debug.h>
42#include <freeradius-devel/util/file.h>
43#include <freeradius-devel/util/misc.h>
44#include <freeradius-devel/util/perm.h>
45#include <freeradius-devel/util/skip.h>
46#include <freeradius-devel/util/md5.h>
47
48#ifdef HAVE_DIRENT_H
49#endif
50
51#ifdef HAVE_GLOB_H
52#endif
53
54#ifdef HAVE_SYS_STAT_H
55#endif
56
57#include <fcntl.h>
58
59#include <freeradius-devel/server/main_config.h>
60
61bool check_config = false;
62static uid_t conf_check_uid = (uid_t)-1;
63static gid_t conf_check_gid = (gid_t)-1;
64
70
71static fr_table_num_sorted_t const conf_property_name[] = {
72 { L("instance"), CONF_PROPERTY_INSTANCE },
73 { L("name"), CONF_PROPERTY_NAME }
74};
75static size_t conf_property_name_len = NUM_ELEMENTS(conf_property_name);
76
77static fr_table_num_sorted_t const server_unlang_section[] = {
78 { L("accounting"), true },
79 { L("add"), true },
80 { L("authenticate"), true },
81 { L("clear"), true },
82 { L("deny"), true },
83 { L("error"), true },
84 { L("establish"), true },
85 { L("finally"), true },
86 { L("load"), true },
87 { L("new"), true },
88 { L("recv"), true },
89 { L("send"), true },
90 { L("store"), true },
91 { L("verify"), true },
92};
93static size_t server_unlang_section_len = NUM_ELEMENTS(server_unlang_section);
94
95typedef enum {
96 CF_STACK_FILE = 0,
97#ifdef HAVE_DIRENT_H
98 CF_STACK_DIR,
99#endif
100#ifdef HAVE_GLOB_H
101 CF_STACK_GLOB
102#endif
103} cf_stack_file_t;
104
105#define MAX_STACK (32)
106typedef struct {
107 cf_stack_file_t type;
108
109 char const *filename; //!< filename we're reading
110 int lineno; //!< line in that filename
111
112 union {
113 struct {
114 FILE *fp; //!< FP we're reading
115 };
116
117#ifdef HAVE_DIRENT_H
118 struct {
119 fr_heap_t *heap; //!< sorted heap of files
120 char *directory; //!< directory name we're reading
121 };
122#endif
123
124#ifdef HAVE_GLOB_H
125 struct {
126 size_t gl_current;
127 glob_t glob; //! reading glob()
128 bool required;
129 };
130#endif
131 };
132
133 CONF_SECTION *parent; //!< which started this file
134 CONF_SECTION *current; //!< sub-section we're reading
135 CONF_SECTION *at_reference; //!< was this thing an @foo ?
136
137 int braces;
138 bool from_dir; //!< this file was read from $include foo/
139} cf_stack_frame_t;
140
141/*
142 * buff[0] is the data we read from the file
143 * buff[1] is name
144 * buff[2] is name2 OR value for pair
145 * buff[3] is a temporary buffer
146 */
147typedef struct {
148 char **buff; //!< buffers for reading / parsing
149 size_t bufsize; //!< size of the buffers
150 int depth; //!< stack depth
151 char const *ptr; //!< current parse pointer
152 char *fill; //!< where we start filling the buffer from
153 cf_stack_frame_t frame[MAX_STACK]; //!< stack frames
154} cf_stack_t;
155
156
157static inline CC_HINT(always_inline) int cf_tmpl_rules_verify(CONF_SECTION *cs, tmpl_rules_t const *rules)
158{
159 if (cf_section_find_parent(cs, "policy", NULL)) {
160 if (!fr_cond_assert_msg(!rules->attr.dict_def || (rules->attr.dict_def == fr_dict_internal()),
161 "Protocol dictionary must be NULL not %s",
162 fr_dict_root(rules->attr.dict_def)->name)) return -1;
163
164 } else {
165 if (!fr_cond_assert_msg(rules->attr.dict_def, "No protocol dictionary set")) return -1;
166 if (!fr_cond_assert_msg(rules->attr.dict_def != fr_dict_internal(), "rules->attr.dict_def must not be the internal dictionary")) return -1;
167 }
168
169 if (!fr_cond_assert_msg(!rules->attr.allow_foreign, "rules->allow_foreign must be false")) return -1;
170 if (!fr_cond_assert_msg(!rules->at_runtime, "rules->at_runtime must be false")) return -1;
171
172 return 0;
173}
174
175#define RULES_VERIFY(_cs, _rules) if (cf_tmpl_rules_verify(_cs, _rules) < 0) return NULL
176
177/*
178 * Expand the variables in an input string.
179 *
180 * Input and output should be two different buffers, as the
181 * output may be longer than the input.
182 */
183char const *cf_expand_variables(char const *cf, int lineno,
184 CONF_SECTION *outer_cs,
185 char *output, size_t outsize,
186 char const *input, ssize_t inlen, bool *soft_fail, bool soft_fail_env)
187{
188 char *p;
189 char const *end, *next, *ptr;
190 CONF_SECTION const *parent_cs;
191 char name[8192];
192
193 if (soft_fail) *soft_fail = false;
194
195 /*
196 * Find the master parent conf section.
197 * We can't use main_config->root_cs, because we're in the
198 * process of re-building it, and it isn't set up yet...
199 */
200 parent_cs = cf_root(outer_cs);
201
202 p = output;
203 ptr = input;
204
205 if (inlen < 0) {
206 end = NULL;
207 } else {
208 end = input + inlen;
209 }
210
211 /*
212 * Note that this CAN go over "end" if the input string
213 * is malformed. e.g. pass "${foo.bar}", and pass
214 * "inlen=5". Well, too bad.
215 */
216 while (*ptr && (!end || (ptr < end))) {
217 /*
218 * Ignore anything other than "${"
219 */
220 if ((*ptr == '$') && (ptr[1] == '{')) {
221 CONF_ITEM *ci;
222 CONF_PAIR *cp;
223 char *q;
224 ssize_t len;
225
226 len = fr_skip_xlat(ptr, end);
227 if (len <= 0) {
228 ERROR("%s[%d]: Failed parsing variable expansion '%s''",
229 cf, lineno, input);
230 return NULL;
231 }
232
233 next = ptr + len;
234 ptr += 2;
235
236 /*
237 * Can't really happen because input lines are
238 * capped at 8k, which is sizeof(name)
239 */
240 if ((size_t) len >= sizeof(name)) {
241 ERROR("%s[%d]: Reference string is too large",
242 cf, lineno);
243 return NULL;
244 }
245
246 memcpy(name, ptr, len - 3);
247 name[len - 3] = '\0';
248
249 /*
250 * Read configuration value from a file.
251 *
252 * Note that this is "read binary data", and the contents aren't stripped of
253 * CRLF.
254 */
255 if (name[0] == '/') {
256 int fd = open(name, O_RDONLY);
257 struct stat buf;
258
259 if (fd < 0) {
260 ERROR("%s[%d]: Reference \"${%s}\" failed opening file - %s", cf, lineno, name, fr_syserror(errno));
261 return NULL;
262 }
263
264 if (fstat(fd, &buf) < 0) {
265 fail_fd:
266 close(fd);
267 ERROR("%s[%d]: Reference \"${%s}\" failed reading file - %s", cf, lineno, name, fr_syserror(errno));
268 return NULL;
269 }
270
271 if (buf.st_size >= ((output + outsize) - p)) {
272 close(fd);
273 ERROR("%s[%d]: Reference \"${%s}\" file is too large (%zu >= %zu)", cf, lineno, name,
274 (size_t) buf.st_size, (size_t) ((output + outsize) - p));
275 return NULL;
276 }
277
278 len = read(fd, p, (output + outsize) - p);
279 if (len < 0) goto fail_fd;
280
281 close(fd);
282 p += len;
283 *p = '\0';
284 ptr = next;
285 goto check_eos;
286 }
287
288 q = strchr(name, ':');
289 if (q) {
290 *(q++) = '\0';
291 }
292
293 ci = cf_reference_item(parent_cs, outer_cs, name);
294 if (!ci) {
295 if (soft_fail) *soft_fail = true;
296 PERROR("%s[%d]: Failed finding reference \"${%s}\"", cf, lineno, name);
297 return NULL;
298 }
299
300 /*
301 * The expansion doesn't refer to another item or section
302 * it's the property of a section.
303 */
304 if (q) {
305 CONF_SECTION *find;
306 char const *f;
307 size_t flen;
308
309 if (ci->type != CONF_ITEM_SECTION) {
310 ERROR("%s[%d]: Can only reference properties of sections", cf, lineno);
311 return NULL;
312 }
313
314 find = cf_item_to_section(ci);
315 switch (fr_table_value_by_str(conf_property_name, q, CONF_PROPERTY_INVALID)) {
316 case CONF_PROPERTY_NAME:
317 f = find->name1;
318 break;
319
320 case CONF_PROPERTY_INSTANCE:
321 f = find->name2 ? find->name2 : find->name1;
322 break;
323
324 default:
325 ERROR("%s[%d]: Invalid property '%s'", cf, lineno, q);
326 return NULL;
327 }
328
329 flen = talloc_strlen(f);
330 if ((p + flen) >= (output + outsize)) goto too_long;
331
332 memcpy(p, f, flen);
333 p += flen;
334 ptr = next;
335
336 } else if (ci->type == CONF_ITEM_PAIR) {
337 /*
338 * Substitute the value of the variable.
339 */
340 cp = cf_item_to_pair(ci);
341
342 /*
343 * If the thing we reference is
344 * marked up as being expanded in
345 * pass2, don't expand it now.
346 * Let it be expanded in pass2.
347 */
348 if (cp->pass2) {
349 if (soft_fail) *soft_fail = true;
350
351 ERROR("%s[%d]: Reference \"%s\" points to a variable which has not been expanded.",
352 cf, lineno, input);
353 return NULL;
354 }
355
356 if (!cp->value) {
357 ERROR("%s[%d]: Reference \"%s\" has no value",
358 cf, lineno, input);
359 return NULL;
360 }
361
362 if (p + strlen(cp->value) >= output + outsize) {
363 ERROR("%s[%d]: Reference \"%s\" is too long",
364 cf, lineno, input);
365 return NULL;
366 }
367
368 strcpy(p, cp->value);
369 cp->item.referenced = true;
370 p += strlen(p);
371 ptr = next;
372
373 } else if (ci->type == CONF_ITEM_SECTION) {
374 CONF_SECTION *subcs;
375
376 /*
377 * Adding an entry again to a
378 * section is wrong. We don't
379 * want an infinite loop.
380 */
381 if (cf_item_to_section(ci->parent) == outer_cs) {
382 ERROR("%s[%d]: Cannot reference different item in same section", cf, lineno);
383 return NULL;
384 }
385
386 /*
387 * Copy the section instead of
388 * referencing it.
389 */
390 subcs = cf_item_to_section(ci);
391 subcs = cf_section_dup(outer_cs, outer_cs, subcs,
392 cf_section_name1(subcs), cf_section_name2(subcs),
393 false);
394 if (!subcs) {
395 ERROR("%s[%d]: Failed copying reference %s", cf, lineno, name);
396 return NULL;
397 }
398
399 cf_filename_set(subcs, ci->filename);
400 cf_lineno_set(subcs, ci->lineno);
401
402 ptr = next;
403
404 } else {
405 ERROR("%s[%d]: Reference \"%s\" type is invalid", cf, lineno, input);
406 return NULL;
407 }
408 } else if (strncmp(ptr, "$ENV{", 5) == 0) {
409 char *env;
410
411 ptr += 5;
412
413 /*
414 * Look for trailing '}', and log a
415 * warning for anything that doesn't match,
416 * and exit with a fatal error.
417 */
418 next = strchr(ptr, '}');
419 if (next == NULL) {
420 *p = '\0';
421 ERROR("%s[%d]: Environment variable expansion missing }",
422 cf, lineno);
423 return NULL;
424 }
425
426 /*
427 * Can't really happen because input lines are
428 * capped at 8k, which is sizeof(name)
429 */
430 if ((size_t) (next - ptr) >= sizeof(name)) {
431 ERROR("%s[%d]: Environment variable name is too large",
432 cf, lineno);
433 return NULL;
434 }
435
436 memcpy(name, ptr, next - ptr);
437 name[next - ptr] = '\0';
438
439 /*
440 * Get the environment variable.
441 * If none exists, then make it an empty string.
442 */
443 env = getenv(name);
444 if (!env) {
445 if (!soft_fail_env) {
446 ERROR("%s[%d]: Invalid reference to missing environment variable $ENV{%s}",
447 cf, lineno, name);
448 return NULL;
449 }
450
451 *name = '\0';
452 env = name;
453 }
454
455 if (p + strlen(env) >= output + outsize) {
456 ERROR("%s[%d]: Reference \"%s\" is too long",
457 cf, lineno, input);
458 return NULL;
459 }
460
461 strcpy(p, env);
462 p += strlen(p);
463 ptr = next + 1;
464
465 } else {
466 /*
467 * Copy it over verbatim.
468 */
469 *(p++) = *(ptr++);
470 }
471
472 check_eos:
473 if (p >= (output + outsize)) {
474 too_long:
475 ERROR("%s[%d]: Reference \"%s\" is too long",
476 cf, lineno, input);
477 return NULL;
478 }
479 } /* loop over all of the input string. */
480
481 *p = '\0';
482
483 return output;
484}
485
486/*
487 * Merge the template so everything else "just works".
488 */
489static bool cf_template_merge(CONF_SECTION *cs, CONF_SECTION const *template)
490{
491 if (!cs || !template) return true;
492
493 cs->template = NULL;
494
495 /*
496 * Walk over the template, adding its' entries to the
497 * current section. But only if the entries don't
498 * already exist in the current section.
499 */
500 cf_item_foreach(&template->item, ci) {
501 if (ci->type == CONF_ITEM_PAIR) {
502 CONF_PAIR *cp1, *cp2;
503
504 /*
505 * It exists, don't over-write it.
506 */
507 cp1 = cf_item_to_pair(ci);
508 if (cf_pair_find(cs, cp1->attr)) {
509 continue;
510 }
511
512 /*
513 * Create a new pair with all of the data
514 * of the old one.
515 */
516 cp2 = cf_pair_dup(cs, cp1, true);
517 if (!cp2) return false;
518
519 cf_filename_set(cp2, cp1->item.filename);
520 cf_lineno_set(cp2, cp1->item.lineno);
521 continue;
522 }
523
524 if (ci->type == CONF_ITEM_SECTION) {
525 CONF_SECTION *subcs1, *subcs2;
526
527 subcs1 = cf_item_to_section(ci);
528 fr_assert(subcs1 != NULL);
529
530 subcs2 = cf_section_find(cs, subcs1->name1, subcs1->name2);
531 if (subcs2) {
532 /*
533 * sub-sections get merged.
534 */
535 if (!cf_template_merge(subcs2, subcs1)) {
536 return false;
537 }
538 continue;
539 }
540
541 /*
542 * Our section doesn't have a matching
543 * sub-section. Copy it verbatim from
544 * the template.
545 */
546 subcs2 = cf_section_dup(cs, cs, subcs1,
547 cf_section_name1(subcs1), cf_section_name2(subcs1),
548 false);
549 if (!subcs2) return false;
550
551 cf_filename_set(subcs2, subcs1->item.filename);
552 cf_lineno_set(subcs2, subcs1->item.lineno);
553 continue;
554 }
555
556 /* ignore everything else */
557 }
558
559 return true;
560}
561
562/*
563 * Functions for tracking files by inode
564 */
565static int8_t _inode_cmp(void const *one, void const *two)
566{
567 cf_file_t const *a = one, *b = two;
568
569 CMP_RETURN(a, b, buf.st_dev);
570
571 return CMP(a->buf.st_ino, b->buf.st_ino);
572}
573
574static int cf_file_open(CONF_SECTION *cs, char const *filename, bool from_dir, FILE **fp_p)
575{
576 cf_file_t *file;
577 CONF_SECTION *top;
578 fr_rb_tree_t *tree;
579 FILE *fp;
580
581 top = cf_root(cs);
582 tree = cf_data_value(cf_data_find(top, fr_rb_tree_t, "filename"));
583 fr_assert(tree);
584
585 /*
586 * If we're including a wildcard directory, then ignore
587 * any files the users has already explicitly loaded in
588 * that directory.
589 */
590 if (from_dir) {
591 cf_file_t my_file;
592 char const *r;
593 int fd, my_fd;
594
595 my_file.cs = cs;
596 my_file.filename = filename;
597
598 /*
599 * Find and open the directory containing filename so we can use
600 * the "at"functions to avoid time of check/time of use insecurities.
601 */
602 if (fr_dirfd(&my_fd, &r, filename) < 0) {
603 ERROR("Failed to open directory containing %s", filename);
604 return -1;
605 }
606
607 if (fstatat(my_fd, r, &my_file.buf, 0) < 0) {
608 if (my_fd != AT_FDCWD) close(my_fd);
609 goto error;
610 }
611
612 file = fr_rb_find(tree, &my_file);
613
614 /*
615 * The file was previously read by including it
616 * explicitly. After it was read, we have a
617 * $INCLUDE of the directory it is in. In that
618 * case, we ignore the file.
619 *
620 * However, if the file WAS read from a wildcard
621 * $INCLUDE directory, then we read it again.
622 */
623 if (file && !file->from_dir) {
624 if (my_fd != AT_FDCWD) close(my_fd);
625 return 1;
626 }
627
628 fd = openat(my_fd, r, O_RDONLY, 0);
629 if (my_fd != AT_FDCWD) close(my_fd);
630 if (fd < 0) goto error;
631 fp = fdopen(fd, "r");
632 } else {
633 fp = fopen(filename, "r");
634 }
635
636 DEBUG2("including configuration file %s", filename);
637
638 if (!fp) {
639 error:
640 ERROR("Unable to open file \"%s\": %s", filename, fr_syserror(errno));
641 return -1;
642 }
643
644 MEM(file = talloc(tree, cf_file_t));
645
646 file->filename = talloc_strdup(file, filename); /* The rest of the code expects this to be a talloced buffer */
647 file->cs = cs;
648 file->from_dir = from_dir;
649
650 if (fstat(fileno(fp), &file->buf) == 0) {
651#ifdef S_IWOTH
652 if ((file->buf.st_mode & S_IWOTH) != 0) {
653 ERROR("Configuration file %s is globally writable. "
654 "Refusing to start due to insecure configuration.", filename);
655
656 fclose(fp);
657 talloc_free(file);
658 return -1;
659 }
660#endif
661 }
662
663 /*
664 * We can include the same file twice. e.g. when it
665 * contains common definitions, such as for SQL.
666 *
667 * Though the admin should really use templates for that.
668 */
669 if (!fr_rb_insert(tree, file)) talloc_free(file);
670
671 *fp_p = fp;
672 return 0;
673}
674
675/** Set the euid/egid used when performing file checks
676 *
677 * Sets the euid, and egid used when cf_file_check is called to check
678 * permissions on conf items of type #CONF_FLAG_FILE_READABLE
679 *
680 * @note This is probably only useful for the freeradius daemon itself.
681 *
682 * @param uid to set, (uid_t)-1 to use current euid.
683 * @param gid to set, (gid_t)-1 to use current egid.
684 */
685void cf_file_check_set_uid_gid(uid_t uid, gid_t gid)
686{
687 if (uid != (uid_t) -1) conf_check_uid = uid;
688 if (gid != (gid_t) -1) conf_check_gid = gid;
689}
690
691/** Perform an operation with the effect/group set to conf_check_gid and conf_check_uid
692 *
693 * @param filename CONF_PAIR for the file being checked
694 * @param cb callback function to perform the check
695 * @param uctx user context for the callback
696 * @return
697 * - CF_FILE_OTHER_ERROR if there was a problem modifying permissions
698 * - The return value from the callback
699 */
700cf_file_check_err_t cf_file_check_effective(char const *filename,
701 cf_file_check_err_t (*cb)(char const *filename, void *uctx), void *uctx)
702{
703 int ret;
704
705 uid_t euid = (uid_t) -1;
706 gid_t egid = (gid_t) -1;
707
708 if ((conf_check_gid != (gid_t) -1) && ((egid = getegid()) != conf_check_gid)) {
709 if (setegid(conf_check_gid) < 0) {
710 fr_strerror_printf("Failed setting effective group ID (%d) for file check: %s",
711 (int) conf_check_gid, fr_syserror(errno));
712 return CF_FILE_OTHER_ERROR;
713 }
714 }
715 if ((conf_check_uid != (uid_t) -1) && ((euid = geteuid()) != conf_check_uid)) {
716 if (seteuid(conf_check_uid) < 0) {
717 fr_strerror_printf("Failed setting effective user ID (%d) for file check: %s",
718 (int) conf_check_uid, fr_syserror(errno));
719
720 restore_gid:
721 if ((conf_check_gid != egid) &&
722 (setegid(conf_check_gid) < 0)) {
723 fr_strerror_printf_push("Failed resetting effective group ID (%d) for file check: %s",
724 (int) conf_check_gid, fr_syserror(errno));
725 }
726
727 return CF_FILE_OTHER_ERROR;
728 }
729 }
730 ret = cb(filename, uctx);
731 if (conf_check_uid != euid) {
732 if (seteuid(euid) < 0) {
733 fr_strerror_printf("Failed restoring effective user ID (%d) after file check: %s",
734 (int) euid, fr_syserror(errno));
735 goto restore_gid;
736 }
737 }
738 if (conf_check_gid != egid) {
739 if (setegid(egid) < 0) {
740 fr_strerror_printf("Failed restoring effective group ID (%d) after file check: %s",
741 (int) egid, fr_syserror(errno));
742 return CF_FILE_OTHER_ERROR;
743 }
744 }
745
746 return ret;
747}
748
749/** Check if we can connect to a unix socket
750 *
751 * @param[in] filename CONF_PAIR for the unix socket path
752 * @param[in] uctx user context, not used
753 * @return
754 * - CF_FILE_OK if the socket exists and is a socket.
755 * - CF_FILE_NO_EXIST if the file doesn't exist.
756 * - CF_FILE_NO_PERMISSION if the file exists but is not accessible.
757 * - CF_FILE_NO_UNIX_SOCKET if the file exists but is not a socket.
758 * - CF_FILE_OTHER_ERROR any other error.
759 */
760cf_file_check_err_t cf_file_check_unix_connect(char const *filename, UNUSED void *uctx)
761{
762 int fd;
763 cf_file_check_err_t ret = CF_FILE_OK;
764
765 struct sockaddr_un addr = { .sun_family = AF_UNIX };
766
767 fr_strerror_clear();
768
769 if (talloc_strlen(filename) >= sizeof(addr.sun_path)) {
770 fr_strerror_printf("Socket path \"%s\" too long", filename);
771 return CF_FILE_OTHER_ERROR;
772 }
773
774 strlcpy(addr.sun_path, filename, sizeof(addr.sun_path));
775
776 fd = socket(AF_UNIX, SOCK_STREAM, 0);
777 if (fd < 0) {
778 fr_strerror_printf("Failed checking permissions for \"%s\": %s",
779 filename, fr_syserror(errno));
780 return CF_FILE_OTHER_ERROR;
781 }
782 if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) {
783 fr_strerror_printf("Failed setting non-blocking mode for socket %s: %s",
784 filename, fr_syserror(errno));
785 close(fd);
786 return CF_FILE_OTHER_ERROR;
787 }
788
789 if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
790 switch (errno) {
791 case EINPROGRESS: /* This is fine */
792 break;
793
794 case ENOENT:
795 fr_strerror_printf("Socket path \"%s\" does not exist", filename);
796 ret = CF_FILE_NO_EXIST;
797 break;
798
799 case EACCES:
800 fr_perm_file_error(errno);
801 fr_strerror_printf_push("Socket path \"%s\" exists but is not accessible", filename);
802 ret = CF_FILE_NO_PERMISSION;
803 break;
804
805 case ENOTSOCK:
806 fr_strerror_printf("File \"%s\" is not a socket", filename);
807 ret = CF_FILE_NO_UNIX_SOCKET;
808 break;
809
810 default:
811 fr_strerror_printf("Failed connecting to socket %s: %s", filename, fr_syserror(errno));
812 ret = CF_FILE_OTHER_ERROR;
813 break;
814 }
815 }
816
817 close(fd);
818
819 return ret;
820}
821
822/** Check if file exists, and is a socket
823 *
824 * @param[in] filename CONF_PAIR for the unix socket path
825 * @param[in] uctx user context, not used
826 * @return
827 * - CF_FILE_OK if the socket exists and is a socket.
828 * - CF_FILE_NO_EXIST if the file doesn't exist.
829 * - CF_FILE_NO_PERMISSION if the file exists but is not accessible.
830 * - CF_FILE_NO_UNIX_SOCKET if the file exists but is not a socket.
831 * - CF_FILE_OTHER_ERROR any other error.
832 */
833cf_file_check_err_t cf_file_check_unix_perm(char const *filename, UNUSED void *uctx)
834{
835 struct stat buf;
836
837 fr_strerror_clear();
838
839 if (stat(filename, &buf) < 0) {
840 switch (errno) {
841 case ENOENT:
842 fr_strerror_printf("Socket path \"%s\" does not exist", filename);
843 return CF_FILE_NO_EXIST;
844
845 case EPERM:
846 case EACCES:
847 fr_perm_file_error(errno);
848 fr_strerror_printf_push("Socket path \"%s\" exists but is not accessible: %s",
849 filename, fr_syserror(errno));
850 return CF_FILE_NO_PERMISSION;
851
852 default:
853 fr_strerror_printf("Unable to stat socket \"%s\": %s", filename, fr_syserror(errno));
854 return CF_FILE_OTHER_ERROR;
855 }
856 }
857
858 if (!S_ISSOCK(buf.st_mode)) {
859 fr_strerror_printf("File \"%s\" is not a socket", filename);
860 return CF_FILE_NO_UNIX_SOCKET;
861 }
862
863 return CF_FILE_OK;
864}
865
866/** Callback for cf_file_check to open a file and check permissions.
867 *
868 * This is used to check if a file exists, and is readable by the
869 * unprivileged user/group.
870 *
871 * @param filename currently being processed.
872 * @param uctx user context, which is a pointer to cf_file_t
873 * @return
874 * - CF_FILE_OK if the file exists and is readable.
875 * - CF_FILE_NO_EXIST if the file does not exist.
876 * - CF_FILE_NO_PERMISSION if the file exists but is not accessible.
877 * - CF_FILE_OTHER_ERROR if there was any other error.
878 */
879cf_file_check_err_t cf_file_check_open_read(char const *filename, void *uctx)
880{
881 int fd;
882 cf_file_t *file = uctx;
883
884 fr_strerror_clear();
885
886 fd = open(filename, O_RDONLY);
887 if (fd < 0) {
888 error:
889 if (fd >= 0) close(fd);
890
891 switch (errno) {
892 case ENOENT:
893 fr_strerror_printf("File \"%s\" does not exist", filename);
894 return CF_FILE_NO_EXIST;
895
896 case EPERM:
897 case EACCES:
898 fr_perm_file_error(errno);
899 fr_strerror_printf_push("File \"%s\" exists but is not accessible: %s",
900 filename, fr_syserror(errno));
901 return CF_FILE_NO_PERMISSION;
902
903 default:
904 fr_strerror_printf("Unable to open file \"%s\": %s", filename, fr_syserror(errno));
905 return CF_FILE_OTHER_ERROR;
906
907 }
908 }
909
910 if (file && fstat(fd, &file->buf) < 0) goto error;
911
912 close(fd);
913 return CF_FILE_OK;
914}
915
916/** Do some checks on the file as an "input" file. i.e. one read by a module.
917 *
918 * @note Must be called with super user privileges.
919 *
920 * @param cp currently being processed.
921 * @param check_perms If true - will return error if file is world readable,
922 * or not readable by the unprivileged user/group.
923 * @return
924 * - CF_FILE_OK if the socket exists and is a socket.
925 * - CF_FILE_NO_EXIST if the file doesn't exist.
926 * - CF_FILE_NO_PERMISSION if the file exists but is not accessible.
927 * - CF_FILE_OTHER_ERROR any other error.
928 */
929cf_file_check_err_t cf_file_check(CONF_PAIR *cp, bool check_perms)
930{
931 cf_file_t *file;
932 CONF_SECTION *top;
933 fr_rb_tree_t *tree;
934 char const *filename = cf_pair_value(cp);
935 cf_file_check_err_t ret;
936
937 top = cf_root(cp);
938 tree = cf_data_value(cf_data_find(top, fr_rb_tree_t, "filename"));
939 if (!tree) return CF_FILE_OTHER_ERROR;
940
941 file = talloc(tree, cf_file_t);
942 if (!file) return CF_FILE_OTHER_ERROR;
943
944 file->filename = talloc_strdup(file, filename); /* The rest of the code expects this to be talloced */
945 file->cs = cf_item_to_section(cf_parent(cp));
946
947 if (!check_perms) {
948 if (stat(filename, &file->buf) < 0) {
949 fr_perm_file_error(errno); /* Write error and euid/egid to error buff */
950 cf_log_perr(cp, "Unable to open file \"%s\"", filename);
951 error:
952 talloc_free(file);
953 return CF_FILE_OTHER_ERROR;
954 }
955 talloc_free(file);
956 return CF_FILE_OK;
957 }
958
959 /*
960 * This really does seem to be the simplest way
961 * to check that the file can be read with the
962 * euid/egid.
963 */
964 ret = cf_file_check_effective(filename, cf_file_check_open_read, file);
965 if (ret < 0) {
966 cf_log_perr(cp, "Permissions check failed");
967 goto error;
968 }
969#ifdef S_IWOTH
970 if ((file->buf.st_mode & S_IWOTH) != 0) {
971 cf_log_perr(cp, "Configuration file %s is globally writable. "
972 "Refusing to start due to insecure configuration.", filename);
973 talloc_free(file);
974 return CF_FILE_OTHER_ERROR;
975 }
976#endif
977
978 /*
979 * It's OK to include the same file twice...
980 */
981 if (!fr_rb_insert(tree, file)) talloc_free(file);
982
983 return CF_FILE_OK;
984}
985
986/*
987 * Do variable expansion in pass2.
988 *
989 * This is a breadth-first expansion. "deep
990 */
991int cf_section_pass2(CONF_SECTION *cs)
992{
993 cf_item_foreach(&cs->item, ci) {
994 char const *value;
995 CONF_PAIR *cp;
996 char buffer[8192];
997
998 if (ci->type != CONF_ITEM_PAIR) continue;
999
1000 cp = cf_item_to_pair(ci);
1001 if (!cp->value || !cp->pass2) continue;
1002
1003 fr_assert((cp->rhs_quote == T_BARE_WORD) ||
1004 (cp->rhs_quote == T_HASH) ||
1005 (cp->rhs_quote == T_DOUBLE_QUOTED_STRING) ||
1006 (cp->rhs_quote == T_BACK_QUOTED_STRING));
1007
1008 value = cf_expand_variables(ci->filename, ci->lineno, cs, buffer, sizeof(buffer), cp->value, -1, NULL,
1009 (cp->rhs_quote != T_BARE_WORD));
1010 if (!value) return -1;
1011
1012 talloc_const_free(cp->value);
1013 cp->value = talloc_strdup(cp, value);
1014 }
1015
1016 cf_item_foreach(&cs->item, ci) {
1017 if (ci->type != CONF_ITEM_SECTION) continue;
1018
1019 if (cf_section_pass2(cf_item_to_section(ci)) < 0) return -1;
1020 }
1021
1022 return 0;
1023}
1024
1025
1026static char const *cf_local_file(char const *base, char const *filename,
1027 char *buffer, size_t bufsize)
1028{
1029 size_t dirsize;
1030 char *p;
1031
1032 strlcpy(buffer, base, bufsize);
1033
1034 p = strrchr(buffer, FR_DIR_SEP);
1035 if (!p) return filename;
1036 if (p[1]) { /* ./foo */
1037 p[1] = '\0';
1038 }
1039
1040 dirsize = (p - buffer) + 1;
1041
1042 if ((dirsize + strlen(filename)) >= bufsize) {
1043 return NULL;
1044 }
1045
1046 strlcpy(p + 1, filename, bufsize - dirsize);
1047
1048 return buffer;
1049}
1050
1051/*
1052 * Like gettoken(), but uses the new API which seems better for a
1053 * host of reasons.
1054 */
1055static int cf_get_token(CONF_SECTION *parent, char const **ptr_p, fr_token_t *token, char *buffer, size_t buflen,
1056 char const *filename, int lineno)
1057{
1058 char const *ptr = *ptr_p;
1059 ssize_t slen;
1060 char const *out;
1061 size_t outlen;
1062
1063 /*
1064 * Discover the string content, returning what kind of
1065 * string it is.
1066 *
1067 * Don't allow casts or regexes. But do allow bare
1068 * %{...} expansions.
1069 */
1070 slen = tmpl_preparse(&out, &outlen, ptr, strlen(ptr), token);
1071 if (slen <= 0) {
1072 char *spaces, *text;
1073
1074 fr_canonicalize_error(parent, &spaces, &text, slen, ptr);
1075
1076 ERROR("%s[%d]: %s", filename, lineno, text);
1077 ERROR("%s[%d]: %s^ - %s", filename, lineno, spaces, fr_strerror());
1078
1079 talloc_free(spaces);
1080 talloc_free(text);
1081 return -1;
1082 }
1083
1084 if ((size_t) slen >= buflen) {
1085 ERROR("%s[%d]: Name is too long", filename, lineno);
1086 return -1;
1087 }
1088
1089 /*
1090 * Unescape it or copy it verbatim as necessary.
1091 */
1092 if (!cf_expand_variables(filename, lineno, parent, buffer, buflen,
1093 out, outlen, NULL, (*token != T_BARE_WORD))) {
1094 return -1;
1095 }
1096
1097 ptr += slen;
1098 fr_skip_whitespace(ptr);
1099
1100 *ptr_p = ptr;
1101 return 0;
1102}
1103
1108
1109static int8_t filename_cmp(void const *one, void const *two)
1110{
1111 int ret;
1112 cf_file_heap_t const *a = one;
1113 cf_file_heap_t const *b = two;
1114
1115 ret = strcmp(a->filename, b->filename);
1116 return CMP(ret, 0);
1117}
1118
1119
1120static int process_include(cf_stack_t *stack, CONF_SECTION *parent, char const *ptr, bool required, bool relative)
1121{
1122 char const *value;
1123 cf_stack_frame_t *frame = &stack->frame[stack->depth];
1124
1125 /*
1126 * Can't do this inside of update / map.
1127 */
1128 if (parent->unlang == CF_UNLANG_ASSIGNMENT) {
1129 ERROR("%s[%d]: Parse error: Invalid location for $INCLUDE",
1130 frame->filename, frame->lineno);
1131 return -1;
1132 }
1133
1134 fr_skip_whitespace(ptr);
1135
1136 /*
1137 * Grab all of the non-whitespace text.
1138 */
1139 value = ptr;
1140 while (*ptr && !isspace((uint8_t) *ptr)) ptr++;
1141
1142 /*
1143 * We're OK with whitespace after the filename.
1144 */
1145 fr_skip_whitespace(ptr);
1146
1147 /*
1148 * But anything else after the filename is wrong.
1149 */
1150 if (*ptr) {
1151 ERROR("%s[%d]: Unexpected text after $INCLUDE", frame->filename, frame->lineno);
1152 return -1;
1153 }
1154
1155 /*
1156 * Hack for ${confdir}/foo
1157 */
1158 if (*value == '$') relative = false;
1159
1160 value = cf_expand_variables(frame->filename, frame->lineno, parent, stack->buff[1], stack->bufsize,
1161 value, ptr - value, NULL, false);
1162 if (!value) return -1;
1163
1164 if (!FR_DIR_IS_RELATIVE(value)) relative = false;
1165
1166 if (relative) {
1167 value = cf_local_file(frame->filename, value, stack->buff[2], stack->bufsize);
1168 if (!value) {
1169 ERROR("%s[%d]: Directories too deep", frame->filename, frame->lineno);
1170 return -1;
1171 }
1172 }
1173
1174 if (strchr(value, '*') != 0) {
1175#ifndef HAVE_GLOB_H
1176 ERROR("%s[%d]: Filename globbing is not supported.", frame->filename, frame->lineno);
1177 return -1;
1178#else
1179 stack->depth++;
1180 frame = &stack->frame[stack->depth];
1181 memset(frame, 0, sizeof(*frame));
1182
1183 frame->type = CF_STACK_GLOB;
1184 frame->required = required;
1185 frame->parent = parent;
1186 frame->current = parent;
1187
1188 /*
1189 * For better debugging.
1190 */
1191 frame->filename = frame[-1].filename;
1192 frame->lineno = frame[-1].lineno;
1193
1194 if (glob(value, GLOB_ERR | GLOB_NOESCAPE, NULL, &frame->glob) < 0) {
1195 stack->depth--;
1196 ERROR("%s[%d]: Failed expanding '%s' - %s", frame->filename, frame->lineno,
1197 value, fr_syserror(errno));
1198 return -1;
1199 }
1200
1201 /*
1202 * If nothing matches, that may be an error.
1203 */
1204 if (frame->glob.gl_pathc == 0) {
1205 if (!required) {
1206 stack->depth--;
1207 return 0;
1208 }
1209
1210 ERROR("%s[%d]: Failed expanding '%s' - No matching files", frame->filename, frame->lineno,
1211 value);
1212 return -1;
1213 }
1214
1215 return 1;
1216#endif
1217 }
1218
1219 /*
1220 * Allow $-INCLUDE for directories, too.
1221 */
1222 if (!required) {
1223 struct stat statbuf;
1224
1225 if (stat(value, &statbuf) < 0) {
1226 WARN("Not including file %s: %s", value, fr_syserror(errno));
1227 return 0;
1228 }
1229 }
1230
1231 /*
1232 * The filename doesn't end in '/', so it must be a file.
1233 */
1234 if (value[strlen(value) - 1] != '/') {
1235 if ((stack->depth + 1) >= MAX_STACK) {
1236 ERROR("%s[%d]: Directories too deep", frame->filename, frame->lineno);
1237 return -1;
1238 }
1239
1240 stack->depth++;
1241 frame = &stack->frame[stack->depth];
1242 memset(frame, 0, sizeof(*frame));
1243
1244 frame->type = CF_STACK_FILE;
1245 frame->fp = NULL;
1246 frame->parent = parent;
1247 frame->current = parent;
1248 frame->filename = talloc_strdup(frame->parent, value);
1249 return 1;
1250 }
1251
1252#ifdef HAVE_DIRENT_H
1253 /*
1254 * $INCLUDE foo/
1255 *
1256 * Include ALL non-"dot" files in the directory.
1257 * careful!
1258 */
1259 {
1260 char *directory;
1261 DIR *dir = NULL;
1262 struct dirent *dp;
1263 struct stat stat_buf;
1264 cf_file_heap_t *h;
1265#ifdef S_IWOTH
1266 int my_fd;
1267#endif
1268
1269 /*
1270 * We need to keep a copy of parent while the
1271 * included files mangle our buff[] array.
1272 */
1273 directory = talloc_strdup(parent, value);
1274
1275 cf_log_debug(parent, "Including files in directory \"%s\"", directory);
1276
1277 dir = opendir(directory);
1278 if (!dir) {
1279 ERROR("%s[%d]: Error reading directory %s: %s",
1280 frame->filename, frame->lineno, value,
1281 fr_syserror(errno));
1282 error:
1283 if (dir) closedir(dir);
1284 talloc_free(directory);
1285 return -1;
1286 }
1287
1288#ifdef S_IWOTH
1289 my_fd = dirfd(dir);
1290 fr_assert(my_fd >= 0);
1291
1292 /*
1293 * Security checks.
1294 */
1295 if (fstat(my_fd, &stat_buf) < 0) {
1296 ERROR("%s[%d]: Failed reading directory %s: %s", frame->filename, frame->lineno,
1297 directory, fr_syserror(errno));
1298 goto error;
1299 }
1300
1301 if ((stat_buf.st_mode & S_IWOTH) != 0) {
1302 ERROR("%s[%d]: Directory %s is globally writable. Refusing to start due to "
1303 "insecure configuration", frame->filename, frame->lineno, directory);
1304 goto error;
1305 }
1306#endif
1307
1308 /*
1309 * Directory plus next filename.
1310 */
1311 if ((stack->depth + 2) >= MAX_STACK) {
1312 ERROR("%s[%d]: Directories too deep", frame->filename, frame->lineno);
1313 goto error;
1314 }
1315
1316 stack->depth++;
1317 frame = &stack->frame[stack->depth];
1318 *frame = (cf_stack_frame_t){
1319 .type = CF_STACK_DIR,
1320 .directory = directory,
1321 .parent = parent,
1322 .current = parent,
1323 .from_dir = true
1324 };
1325
1326 MEM(frame->heap = fr_heap_alloc(frame->directory, filename_cmp, cf_file_heap_t, heap_id, 0));
1327
1328 /*
1329 * Read the whole directory before loading any
1330 * individual file. We stat() files to ensure
1331 * that they're readable. We ignore
1332 * subdirectories and files with odd filenames.
1333 */
1334 while ((dp = readdir(dir)) != NULL) {
1335 char const *p;
1336 size_t len;
1337
1338 if (dp->d_name[0] == '.') continue;
1339
1340 /*
1341 * Check for valid characters
1342 */
1343 for (p = dp->d_name; *p != '\0'; p++) {
1344 if (isalpha((uint8_t) *p) ||
1345 isdigit((uint8_t) *p) ||
1346 (*p == '-') ||
1347 (*p == '_') ||
1348 (*p == '.')) continue;
1349 break;
1350 }
1351 if (*p != '\0') continue;
1352
1353 /*
1354 * Ignore config files generated by deb / rpm packaging updates.
1355 */
1356 len = strlen(dp->d_name);
1357 if ((len > 10) && (strncmp(&dp->d_name[len - 10], ".dpkg-dist", 10) == 0)) {
1358 pkg_file:
1359 WARN("Ignoring packaging system produced file %s%s", frame->directory, dp->d_name);
1360 continue;
1361 }
1362 if ((len > 9) && (strncmp(&dp->d_name[len - 9], ".dpkg-old", 9) == 0)) goto pkg_file;
1363 if ((len > 7) && (strncmp(&dp->d_name[len - 7], ".rpmnew", 7) == 0)) goto pkg_file;
1364 if ((len > 8) && (strncmp(&dp->d_name[len - 8], ".rpmsave", 8) == 0)) goto pkg_file;
1365
1366 snprintf(stack->buff[1], stack->bufsize, "%s%s",
1367 frame->directory, dp->d_name);
1368
1369 if (stat(stack->buff[1], &stat_buf) != 0) {
1370 ERROR("%s[%d]: Failed checking file %s: %s",
1371 (frame - 1)->filename, (frame - 1)->lineno,
1372 stack->buff[1], fr_syserror(errno));
1373 continue;
1374 }
1375
1376 if (S_ISDIR(stat_buf.st_mode)) {
1377 WARN("%s[%d]: Ignoring directory %s",
1378 (frame - 1)->filename, (frame - 1)->lineno,
1379 stack->buff[1]);
1380 continue;
1381 }
1382
1383 MEM(h = talloc_zero(frame->heap, cf_file_heap_t));
1384 MEM(h->filename = talloc_strdup(h, stack->buff[1]));
1385 h->heap_id = FR_HEAP_INDEX_INVALID;
1386 (void) fr_heap_insert(&frame->heap, h);
1387 }
1388
1389 closedir(dir);
1390 return 1;
1391 }
1392#else
1393 ERROR("%s[%d]: Error including %s: No support for directories!",
1394 frame->filename, frame->lineno, value);
1395 return -1;
1396#endif
1397}
1398
1399
1400static int process_template(cf_stack_t *stack)
1401{
1402 CONF_ITEM *ci;
1403 CONF_SECTION *parent_cs, *templatecs;
1404 fr_token_t token;
1405 cf_stack_frame_t *frame = &stack->frame[stack->depth];
1406 CONF_SECTION *parent = frame->current;
1407
1408 token = getword(&stack->ptr, stack->buff[2], stack->bufsize, true);
1409 if (token != T_EOL) {
1410 ERROR("%s[%d]: Unexpected text after $TEMPLATE", frame->filename, frame->lineno);
1411 return -1;
1412 }
1413
1414 if (!parent) {
1415 ERROR("%s[%d]: Internal sanity check error in template reference", frame->filename, frame->lineno);
1416 return -1;
1417 }
1418
1419 if (parent->template) {
1420 ERROR("%s[%d]: Section already has a template", frame->filename, frame->lineno);
1421 return -1;
1422 }
1423
1424 /*
1425 * Allow in-line templates.
1426 */
1427 templatecs = cf_section_find(cf_item_to_section(cf_parent(parent)), "template", stack->buff[2]);
1428 if (templatecs) {
1429 parent->template = templatecs;
1430 return 0;
1431 }
1432
1433 parent_cs = cf_root(parent);
1434
1435 templatecs = cf_section_find(parent_cs, "templates", NULL);
1436 if (!templatecs) {
1437 ERROR("%s[%d]: Cannot find template \"%s\", as no 'templates' section exists.",
1438 frame->filename, frame->lineno, stack->buff[2]);
1439 return -1;
1440 }
1441
1442 ci = cf_reference_item(parent_cs, templatecs, stack->buff[2]);
1443 if (!ci || (ci->type != CONF_ITEM_SECTION)) {
1444 PERROR("%s[%d]: Failed finding item \"%s\" in the 'templates' section.",
1445 frame->filename, frame->lineno, stack->buff[2]);
1446 return -1;
1447 }
1448
1449 parent->template = cf_item_to_section(ci);
1450 return 0;
1451}
1452
1453
1454static int cf_file_fill(cf_stack_t *stack);
1455
1456
1457static const bool terminal_end_section[SBUFF_CHAR_CLASS] = {
1458 ['{'] = true,
1459};
1460
1461static const bool terminal_end_line[SBUFF_CHAR_CLASS] = {
1462 [0] = true,
1463
1464 ['\r'] = true,
1465 ['\n'] = true,
1466
1467 ['#'] = true,
1468 [','] = true,
1469 [';'] = true,
1470 ['}'] = true,
1471};
1472
1473static CONF_ITEM *process_if(cf_stack_t *stack)
1474{
1475 ssize_t slen = 0;
1476 fr_dict_t const *dict = NULL;
1477 CONF_SECTION *cs;
1478 uint8_t const *p;
1479 char const *ptr = stack->ptr;
1480 cf_stack_frame_t *frame = &stack->frame[stack->depth];
1481 CONF_SECTION *parent = frame->current;
1482 char *buff[4];
1483 tmpl_rules_t t_rules;
1484
1485 /*
1486 * Short names are nicer.
1487 */
1488 buff[1] = stack->buff[1];
1489 buff[2] = stack->buff[2];
1490 buff[3] = stack->buff[3];
1491
1492 dict = virtual_server_dict_by_child_ci(cf_section_to_item(parent));
1493
1494 t_rules = (tmpl_rules_t) {
1495 .attr = {
1496 .dict_def = dict,
1497 .list_def = request_attr_request,
1498 .allow_unresolved = true,
1499 .allow_unknown = true
1500 },
1501 .literals_safe_for = FR_VALUE_BOX_SAFE_FOR_ANY,
1502 };
1503
1504 /*
1505 * Create the CONF_SECTION. We don't pass a name2, as it
1506 * hasn't yet been parsed.
1507 */
1508 cs = cf_section_alloc(parent, parent, buff[1], NULL);
1509 if (!cs) {
1510 cf_log_err(parent, "Failed allocating memory for section");
1511 return NULL;
1512 }
1513 cf_filename_set(cs, frame->filename);
1514 cf_lineno_set(cs, frame->lineno);
1515
1516 RULES_VERIFY(cs, &t_rules);
1517
1518 /*
1519 * Keep "parsing" the condition until we hit EOL.
1520 *
1521 *
1522 */
1523 while (true) {
1524 int rcode;
1525 bool eol;
1526
1527 /*
1528 * Try to parse the condition. We can have a parse success, or a parse failure.
1529 */
1530 slen = fr_skip_condition(ptr, NULL, terminal_end_section, &eol);
1531
1532 /*
1533 * Parse success means we stop reading more data.
1534 */
1535 if (slen > 0) break;
1536
1537 /*
1538 * Parse failures not at EOL are real errors.
1539 */
1540 if (!eol) {
1541 slen = 0;
1542 fr_strerror_const("Unexpected EOF");
1543 error:
1544 cf_canonicalize_error(cs, slen, "Parse error in condition", ptr);
1545 talloc_free(cs);
1546 return NULL;
1547 }
1548
1549 /*
1550 * Parse failures at EOL means that we read more data.
1551 */
1552 p = (uint8_t const *) ptr + (-slen);
1553
1554 /*
1555 * Auto-continue across CR LF until we reach the
1556 * end of the string. We mash everything into one line.
1557 */
1558 if (*p && (*p < ' ')) {
1559 while ((*p == '\r') || (*p == '\n')) {
1560 char *q;
1561
1562 q = UNCONST(char *, p);
1563 *q = ' ';
1564 p++;
1565 continue;
1566 }
1567
1568 /*
1569 * Hopefully the next line is already in
1570 * the buffer, and we don't have to read
1571 * more data.
1572 */
1573 continue;
1574 }
1575
1576 /*
1577 * Anything other than EOL is a problem at this point.
1578 */
1579 if (*p) {
1580 fr_strerror_const("Unexpected text after condition");
1581 goto error;
1582 }
1583
1584 /*
1585 * We hit EOL, so the parse error is really "read more data".
1586 */
1587 stack->fill = UNCONST(char *, p);
1588 rcode = cf_file_fill(stack);
1589 if (rcode < 0) {
1590 cf_log_err(cs, "Failed parsing condition");
1591 return NULL;
1592 }
1593 }
1594
1595 fr_assert((size_t) slen < (stack->bufsize - 1));
1596
1597 ptr += slen;
1598 fr_skip_whitespace(ptr);
1599
1600 if (*ptr != '{') {
1601 cf_log_err(cs, "Expected '{' instead of %s", ptr);
1602 talloc_free(cs);
1603 return NULL;
1604 }
1605 ptr++;
1606
1607 /*
1608 * Save the parsed condition (minus trailing whitespace)
1609 * into a buffer.
1610 */
1611 memcpy(buff[2], stack->ptr, slen);
1612 buff[2][slen] = '\0';
1613
1614 while (slen > 0) {
1615 if (!isspace((uint8_t) buff[2][slen - 1])) break;
1616
1617 buff[2][slen - 1] = '\0';
1618 slen--;
1619 }
1620
1621 /*
1622 * Expand the variables in the pre-parsed condition.
1623 */
1624 if (!cf_expand_variables(frame->filename, frame->lineno, parent,
1625 buff[3], stack->bufsize, buff[2], slen, NULL, true)) {
1626 fr_strerror_const("Failed expanding configuration variable");
1627 return NULL;
1628 }
1629
1630 MEM(cs->name2 = talloc_strdup(cs, buff[3]));
1631 cs->name2_quote = T_BARE_WORD;
1632
1633 stack->ptr = ptr;
1634
1635 cs->allow_locals = true;
1636 cs->unlang = CF_UNLANG_ALLOW;
1637 return cf_section_to_item(cs);
1638}
1639
1640static CONF_ITEM *process_map(cf_stack_t *stack)
1641{
1642 char const *mod;
1643 char const *value = NULL;
1644 CONF_SECTION *css;
1645 fr_token_t token;
1646 char const *ptr = stack->ptr;
1647 cf_stack_frame_t *frame = &stack->frame[stack->depth];
1648 CONF_SECTION *parent = frame->current;
1649 char *buff[4];
1650
1651 /*
1652 * Short names are nicer.
1653 */
1654 buff[1] = stack->buff[1];
1655 buff[2] = stack->buff[2];
1656
1657 if (cf_get_token(parent, &ptr, &token, buff[1], stack->bufsize,
1658 frame->filename, frame->lineno) < 0) {
1659 return NULL;
1660 }
1661
1662 if (token != T_BARE_WORD) {
1663 ERROR("%s[%d]: Invalid syntax for 'map' - module name must not be a quoted string",
1664 frame->filename, frame->lineno);
1665 return NULL;
1666 }
1667 mod = buff[1];
1668
1669 /*
1670 * Maps without an expansion string are allowed, though
1671 * it's not clear why.
1672 */
1673 if (*ptr == '{') {
1674 ptr++;
1675 goto alloc_section;
1676 }
1677
1678 /*
1679 * Now get the expansion string.
1680 */
1681 if (cf_get_token(parent, &ptr, &token, buff[2], stack->bufsize,
1682 frame->filename, frame->lineno) < 0) {
1683 return NULL;
1684 }
1685 if (!fr_str_tok[token]) {
1686 ERROR("%s[%d]: Expecting string expansions in 'map' definition",
1687 frame->filename, frame->lineno);
1688 return NULL;
1689 }
1690
1691 if (*ptr != '{') {
1692 ERROR("%s[%d]: Expecting section start brace '{' in 'map' definition",
1693 frame->filename, frame->lineno);
1694 return NULL;
1695 }
1696 ptr++;
1697 value = buff[2];
1698
1699 /*
1700 * Allocate the section
1701 */
1702alloc_section:
1703 css = cf_section_alloc(parent, parent, "map", mod);
1704 if (!css) {
1705 ERROR("%s[%d]: Failed allocating memory for section",
1706 frame->filename, frame->lineno);
1707 return NULL;
1708 }
1709 cf_filename_set(css, frame->filename);
1710 cf_lineno_set(css, frame->lineno);
1711 css->name2_quote = T_BARE_WORD;
1712
1713 css->argc = 0;
1714 if (value) {
1715 css->argv = talloc_array(css, char const *, 1);
1716 css->argv[0] = talloc_strdup(css->argv, value);
1717 css->argv_quote = talloc_array(css, fr_token_t, 1);
1718 css->argv_quote[0] = token;
1719 css->argc++;
1720 }
1721 stack->ptr = ptr;
1722 css->unlang = CF_UNLANG_ASSIGNMENT;
1723
1724 return cf_section_to_item(css);
1725}
1726
1727
1728static CONF_ITEM *process_subrequest(cf_stack_t *stack)
1729{
1730 char const *mod = NULL;
1731 CONF_SECTION *css;
1732 fr_token_t token;
1733 char const *ptr = stack->ptr;
1734 cf_stack_frame_t *frame = &stack->frame[stack->depth];
1735 CONF_SECTION *parent = frame->current;
1736 char *buff[4];
1737 int values = 0;
1738
1739 /*
1740 * Short names are nicer.
1741 */
1742 buff[1] = stack->buff[1];
1743 buff[2] = stack->buff[2];
1744 buff[3] = stack->buff[3];
1745
1746 /*
1747 * subrequest { ... } is allowed.
1748 */
1749 fr_skip_whitespace(ptr);
1750 if (*ptr == '{') {
1751 ptr++;
1752 goto alloc_section;
1753 }
1754
1755 /*
1756 * Get the name of the Packet-Type.
1757 */
1758 if (cf_get_token(parent, &ptr, &token, buff[1], stack->bufsize,
1759 frame->filename, frame->lineno) < 0) {
1760 return NULL;
1761 }
1762
1763 mod = buff[1];
1764
1765 /*
1766 * subrequest Access-Request { ... } is allowed.
1767 */
1768 if (*ptr == '{') {
1769 ptr++;
1770 goto alloc_section;
1771 }
1772
1773 /*
1774 * subrequest Access-Request &foo { ... }
1775 */
1776 if (cf_get_token(parent, &ptr, &token, buff[2], stack->bufsize,
1777 frame->filename, frame->lineno) < 0) {
1778 return NULL;
1779 }
1780
1781 if (token != T_BARE_WORD) {
1782 ERROR("%s[%d]: The second argument to 'subrequest' must be an attribute reference",
1783 frame->filename, frame->lineno);
1784 return NULL;
1785 }
1786 values++;
1787
1788 if (*ptr == '{') {
1789 ptr++;
1790 goto alloc_section;
1791 }
1792
1793 /*
1794 * subrequest Access-Request &foo &bar { ... }
1795 */
1796 if (cf_get_token(parent, &ptr, &token, buff[3], stack->bufsize,
1797 frame->filename, frame->lineno) < 0) {
1798 return NULL;
1799 }
1800
1801 if (token != T_BARE_WORD) {
1802 ERROR("%s[%d]: The third argument to 'subrequest' must be an attribute reference",
1803 frame->filename, frame->lineno);
1804 return NULL;
1805 }
1806 values++;
1807
1808 if (*ptr != '{') {
1809 ERROR("%s[%d]: Expecting section start brace '{' in 'subrequest' definition",
1810 frame->filename, frame->lineno);
1811 return NULL;
1812 }
1813 ptr++;
1814
1815 /*
1816 * Allocate the section
1817 */
1818alloc_section:
1819 css = cf_section_alloc(parent, parent, "subrequest", mod);
1820 if (!css) {
1821 ERROR("%s[%d]: Failed allocating memory for section",
1822 frame->filename, frame->lineno);
1823 return NULL;
1824 }
1825 cf_filename_set(css, frame->filename);
1826 cf_lineno_set(css, frame->lineno);
1827 if (mod) css->name2_quote = T_BARE_WORD;
1828
1829 css->argc = values;
1830 if (values) {
1831 int i;
1832
1833 css->argv = talloc_array(css, char const *, values);
1834 css->argv_quote = talloc_array(css, fr_token_t, values);
1835
1836 for (i = 0; i < values; i++) {
1837 css->argv[i] = talloc_strdup(css->argv, buff[2 + i]);
1838 css->argv_quote[i] = T_BARE_WORD;
1839 }
1840 }
1841
1842 stack->ptr = ptr;
1843
1844 css->allow_locals = true;
1845 css->unlang = CF_UNLANG_ALLOW;
1846 return cf_section_to_item(css);
1847}
1848
1849static CONF_ITEM *process_catch(cf_stack_t *stack)
1850{
1851 CONF_SECTION *css;
1852 int argc = 0;
1853 char const *ptr = stack->ptr;
1854 cf_stack_frame_t *frame = &stack->frame[stack->depth];
1855 CONF_SECTION *parent = frame->current;
1856 char *name2 = NULL;
1857 char *argv[RLM_MODULE_NUMCODES];
1858
1859 while (true) {
1860 char const *p;
1861 size_t len;
1862
1863 fr_skip_whitespace(ptr);
1864
1865 /*
1866 * We have an open bracket, it's the end of the "catch" statement.
1867 */
1868 if (*ptr == '{') {
1869 ptr++;
1870 break;
1871 }
1872
1873 /*
1874 * The arguments have to be short, unquoted words.
1875 */
1876 p = ptr;
1877 while (isalpha((uint8_t) *ptr)) ptr++;
1878
1879 len = ptr - p;
1880 if (len > 16) {
1881 ERROR("%s[%d]: Invalid syntax for 'catch' - unknown rcode '%s'",
1882 frame->filename, frame->lineno, p);
1883 return NULL;
1884 }
1885
1886 if ((*ptr != '{') && !isspace((uint8_t) *ptr)) {
1887 ERROR("%s[%d]: Invalid syntax for 'catch' - unexpected text at '%s'",
1888 frame->filename, frame->lineno, ptr);
1889 return NULL;
1890 }
1891
1892 if (!name2) {
1893 name2 = talloc_strndup(NULL, p, len);
1894 continue;
1895 }
1896
1897 if (argc >= RLM_MODULE_NUMCODES) {
1898 ERROR("%s[%d]: Invalid syntax for 'catch' - too many arguments at'%s'",
1899 frame->filename, frame->lineno, ptr);
1900 talloc_free(name2);
1901 return NULL;
1902 }
1903
1904 argv[argc++] = talloc_strndup(name2, p, len);
1905 }
1906
1907 css = cf_section_alloc(parent, parent, "catch", name2);
1908 if (!css) {
1909 talloc_free(name2);
1910 ERROR("%s[%d]: Failed allocating memory for section",
1911 frame->filename, frame->lineno);
1912 return NULL;
1913 }
1914 cf_filename_set(css, frame->filename);
1915 cf_lineno_set(css, frame->lineno);
1916 css->name2_quote = T_BARE_WORD;
1917 css->unlang = CF_UNLANG_ALLOW;
1918
1919 css->argc = argc;
1920 if (argc) {
1921 int i;
1922
1923 css->argv = talloc_array(css, char const *, argc + 1);
1924 css->argv_quote = talloc_array(css, fr_token_t, argc);
1925 css->argc = argc;
1926
1927 for (i = 0; i < argc; i++) {
1928 css->argv[i] = talloc_strdup(css->argv, argv[i]);
1929 css->argv_quote[i] = T_BARE_WORD;
1930 }
1931
1932 css->argv[argc] = NULL;
1933 }
1934 talloc_free(name2);
1935
1936 stack->ptr = ptr;
1937
1938 return cf_section_to_item(css);
1939}
1940
1941static int parse_error(cf_stack_t *stack, char const *ptr, char const *message)
1942{
1943 char *spaces, *text;
1944 cf_stack_frame_t *frame = &stack->frame[stack->depth];
1945
1946 if (!ptr) ptr = stack->ptr;
1947
1948 /*
1949 * We must pass a _negative_ offset to this function.
1950 */
1951 fr_canonicalize_error(NULL, &spaces, &text, stack->ptr - ptr, stack->ptr);
1952
1953 ERROR("%s[%d]: %s", frame->filename, frame->lineno, text);
1954 ERROR("%s[%d]: %s^ - %s", frame->filename, frame->lineno, spaces, message);
1955
1956 talloc_free(spaces);
1957 talloc_free(text);
1958 return -1;
1959}
1960
1961static int parse_type_name(cf_stack_t *stack, char const **ptr_p, char const *type_ptr, fr_type_t *type_p)
1962{
1963 fr_type_t type;
1964 fr_token_t token;
1965 char const *ptr = *ptr_p;
1966 char const *ptr2;
1967
1968 /*
1969 * Parse an explicit type.
1970 */
1971 type = fr_table_value_by_str(fr_type_table, stack->buff[1], FR_TYPE_NULL);
1972 switch (type) {
1973 default:
1974 break;
1975
1976 case FR_TYPE_NULL:
1977 case FR_TYPE_VOID:
1978 case FR_TYPE_VALUE_BOX:
1979 case FR_TYPE_MAX:
1980 (void) parse_error(stack, type_ptr, "Unknown or invalid variable type in 'foreach'");
1981 return -1;
1982 }
1983
1984 fr_skip_whitespace(ptr);
1985 ptr2 = ptr;
1986
1987 /*
1988 * Parse the variable name. @todo - allow '-' in names.
1989 */
1990 token = gettoken(&ptr, stack->buff[2], stack->bufsize, false);
1991 if (token != T_BARE_WORD) {
1992 (void) parse_error(stack, ptr2, "Invalid variable name for key in 'foreach'");
1993 return -1;
1994 }
1995 fr_skip_whitespace(ptr);
1996
1997 *ptr_p = ptr;
1998 *type_p = type;
1999
2000 return 0;
2001}
2002
2003/*
2004 * foreach &User-Name { - old and deprecated
2005 *
2006 * foreach value (...) { - automatically define variable
2007 *
2008 * foreach string value ( ...) { - data type for variable
2009 *
2010 * foreach string key, type value (..) { - key is "string", value is as above
2011 */
2012static CONF_ITEM *process_foreach(cf_stack_t *stack)
2013{
2014 fr_token_t token;
2015 fr_type_t type;
2016 CONF_SECTION *css;
2017 char const *ptr = stack->ptr, *ptr2, *type_ptr;
2018 cf_stack_frame_t *frame = &stack->frame[stack->depth];
2019 CONF_SECTION *parent = frame->current;
2020
2021 css = cf_section_alloc(parent, parent, "foreach", NULL);
2022 if (!css) {
2023 ERROR("%s[%d]: Failed allocating memory for section",
2024 frame->filename, frame->lineno);
2025 return NULL;
2026 }
2027
2028 cf_filename_set(css, frame->filename);
2029 cf_lineno_set(css, frame->lineno);
2030 css->name2_quote = T_BARE_WORD;
2031 css->unlang = CF_UNLANG_ALLOW;
2032 css->allow_locals = true;
2033
2034 /*
2035 * Get the first argument to "foreach". For backwards
2036 * compatibility, it could be an attribute reference.
2037 */
2038 type_ptr = ptr;
2039 if (cf_get_token(parent, &ptr, &token, stack->buff[1], stack->bufsize,
2040 frame->filename, frame->lineno) < 0) {
2041 return NULL;
2042 }
2043
2044 if (token != T_BARE_WORD) {
2045 invalid_argument:
2046 (void) parse_error(stack, type_ptr, "Unexpected argument to 'foreach'");
2047 return NULL;
2048 }
2049
2050 fr_skip_whitespace(ptr);
2051
2052 /*
2053 * foreach foo { ...
2054 *
2055 * Deprecated and don't use.
2056 */
2057 if (*ptr == '{') {
2058 css->name2 = talloc_strdup(css, stack->buff[1]);
2059
2060 ptr++;
2061 stack->ptr = ptr;
2062
2063 cf_log_warn(css, "Using deprecated syntax. Please use the new 'foreach' syntax.");
2064 return cf_section_to_item(css);
2065 }
2066
2067 fr_skip_whitespace(ptr);
2068
2069 /*
2070 * foreach value (...) {
2071 */
2072 if (*ptr == '(') {
2073 type = FR_TYPE_NULL;
2074 strcpy(stack->buff[2], stack->buff[1]); /* so that we can parse expression in buff[1] */
2075 goto alloc_argc_2;
2076 }
2077
2078 /*
2079 * on input, type name is in stack->buff[1]
2080 * on output, variable name is in stack->buff[2]
2081 */
2082 if (parse_type_name(stack, &ptr, type_ptr, &type) < 0) return NULL;
2083
2084 /*
2085 * if we now have an expression block, then just have variable type / name.
2086 */
2087 if (*ptr == '(') goto alloc_argc_2;
2088
2089 /*
2090 * There's a comma. the first "type name" is for the key. We skip the comma, and parse the
2091 * second "type name" as being for the value.
2092 *
2093 * foreach type key, type value (...)
2094 */
2095 if (*ptr == ',') {
2096 /*
2097 * We have 4 arguments, [var-type, var-name, key-type, key-name]
2098 *
2099 * We don't really care about key-type, but we might care later.
2100 */
2101 css->argc = 4;
2102 css->argv = talloc_array(css, char const *, css->argc);
2103 css->argv_quote = talloc_array(css, fr_token_t, css->argc);
2104
2105 css->argv[2] = fr_type_to_str(type);
2106 css->argv_quote[2] = T_BARE_WORD;
2107
2108 css->argv[3] = talloc_strdup(css->argv, stack->buff[2]);
2109 css->argv_quote[3] = T_BARE_WORD;
2110
2111 ptr++;
2112 fr_skip_whitespace(ptr);
2113 type_ptr = ptr;
2114
2115 /*
2116 * Now parse "type value"
2117 */
2118 token = gettoken(&ptr, stack->buff[1], stack->bufsize, false);
2119 if (token != T_BARE_WORD) goto invalid_argument;
2120
2121 if (parse_type_name(stack, &ptr, type_ptr, &type) < 0) return NULL;
2122
2123 if (!fr_type_is_leaf(type)) {
2124 (void) parse_error(stack, type_ptr, "Invalid data type for 'key' variable");
2125 return NULL;
2126 }
2127 }
2128
2129 /*
2130 * The thing to loop over must now be in an expression block.
2131 */
2132 if (*ptr != '(') {
2133 (void) parse_error(stack, ptr, "Expected (...) after 'foreach' variable definition");
2134 return NULL;
2135 }
2136
2137 goto parse_expression;
2138
2139alloc_argc_2:
2140 css->argc = 2;
2141 css->argv = talloc_array(css, char const *, css->argc);
2142 css->argv_quote = talloc_array(css, fr_token_t, css->argc);
2143
2144
2145parse_expression:
2146 /*
2147 * "(" whitespace EXPRESSION whitespace ")"
2148 */
2149 ptr++;
2150 fr_skip_whitespace(ptr);
2151 ptr2 = ptr;
2152
2153 if (cf_get_token(parent, &ptr, &token, stack->buff[1], stack->bufsize,
2154 frame->filename, frame->lineno) < 0) {
2155 return NULL;
2156 }
2157
2158 /*
2159 * We can do &foo[*] or %func(...), but not "...".
2160 */
2161 if (token != T_BARE_WORD) {
2162 (void) parse_error(stack, ptr2, "Invalid reference in 'foreach'");
2163 return NULL;
2164 }
2165
2166 fr_skip_whitespace(ptr);
2167 if (*ptr != ')') {
2168 (void) parse_error(stack, ptr, "Missing ')' in 'foreach'");
2169 return NULL;
2170 }
2171 ptr++;
2172 fr_skip_whitespace(ptr);
2173
2174 if (*ptr != '{') {
2175 (void) parse_error(stack, ptr, "Expected '{' in 'foreach'");
2176 return NULL;
2177 }
2178
2179 css->name2 = talloc_strdup(css, stack->buff[1]);
2180
2181 /*
2182 * Add in the extra arguments
2183 */
2184 css->argv[0] = fr_type_to_str(type);
2185 css->argv_quote[0] = T_BARE_WORD;
2186
2187 css->argv[1] = talloc_strdup(css->argv, stack->buff[2]);
2188 css->argv_quote[1] = T_BARE_WORD;
2189
2190 ptr++;
2191 stack->ptr = ptr;
2192
2193 return cf_section_to_item(css);
2194}
2195
2196
2197static int add_pair(CONF_SECTION *parent, char const *attr, char const *value,
2198 fr_token_t name1_token, fr_token_t op_token, fr_token_t value_token,
2199 char *buff, char const *filename, int lineno)
2200{
2201 CONF_DATA const *cd;
2202 conf_parser_t *rule;
2203 CONF_PAIR *cp;
2204 bool pass2 = false;
2205
2206 /*
2207 * If we have the value, expand any configuration
2208 * variables in it.
2209 */
2210 if (value && *value) {
2211 bool soft_fail;
2212 char const *expanded;
2213
2214 expanded = cf_expand_variables(filename, lineno, parent, buff, talloc_array_length(buff), value, -1, &soft_fail,
2215 (value_token != T_BARE_WORD));
2216 if (expanded) {
2217 value = expanded;
2218
2219 } else if (!soft_fail) {
2220 return -1;
2221
2222 } else {
2223 /*
2224 * References an item which doesn't exist,
2225 * or which is already marked up as being
2226 * expanded in pass2. Wait for pass2 to
2227 * do the expansions.
2228 *
2229 * Leave the input value alone.
2230 */
2231 pass2 = true;
2232 }
2233 }
2234
2235 cp = cf_pair_alloc(parent, attr, value, op_token, name1_token, value_token);
2236 if (!cp) return -1;
2237 cf_filename_set(cp, filename);
2238 cf_lineno_set(cp, lineno);
2239 cp->pass2 = pass2;
2240
2241 cd = cf_data_find(CF_TO_ITEM(parent), conf_parser_t, attr);
2242 if (!cd) return 0;
2243
2244 rule = cf_data_value(cd);
2245 if (!rule->on_read) return 0;
2246
2247 /*
2248 * Do the on_read callback after adding the value.
2249 */
2250 return rule->on_read(parent, NULL, NULL, cf_pair_to_item(cp), rule);
2251}
2252
2253/*
2254 * switch (cast) foo {
2255 */
2256static CONF_ITEM *process_switch(cf_stack_t *stack)
2257{
2258 size_t match_len;
2259 fr_type_t type = FR_TYPE_NULL;
2260 fr_token_t name2_quote = T_BARE_WORD;
2261 CONF_SECTION *css;
2262 char const *ptr = stack->ptr;
2263 cf_stack_frame_t *frame = &stack->frame[stack->depth];
2264 CONF_SECTION *parent = frame->current;
2265
2266 fr_skip_whitespace(ptr);
2267 if (*ptr == '(') {
2268 char const *start;
2269
2270 ptr++;
2271 start = ptr;
2272
2273 while (isalpha(*ptr)) ptr++;
2274
2275 if (*ptr != ')') {
2276 ERROR("%s[%d]: Missing ')' in cast",
2277 frame->filename, frame->lineno);
2278 return NULL;
2279 }
2280
2281 type = fr_table_value_by_longest_prefix(&match_len, fr_type_table,
2282 start, ptr - start, FR_TYPE_MAX);
2283 if (type == FR_TYPE_MAX) {
2284 ERROR("%s[%d]: Unknown data type '%.*s' in cast",
2285 frame->filename, frame->lineno, (int) (ptr - start), start);
2286 return NULL;
2287 }
2288
2289 if (!fr_type_is_leaf(type)) {
2290 ERROR("%s[%d]: Invalid data type '%.*s' in cast",
2291 frame->filename, frame->lineno, (int) (ptr - start), start);
2292 return NULL;
2293 }
2294
2295 ptr++;
2296 fr_skip_whitespace(ptr);
2297 }
2298
2299 /*
2300 * Get the argument to the switch statement
2301 */
2302 if (cf_get_token(parent, &ptr, &name2_quote, stack->buff[1], stack->bufsize,
2303 frame->filename, frame->lineno) < 0) {
2304 return NULL;
2305 }
2306
2307 css = cf_section_alloc(parent, parent, "switch", NULL);
2308 if (!css) {
2309 ERROR("%s[%d]: Failed allocating memory for section",
2310 frame->filename, frame->lineno);
2311 return NULL;
2312 }
2313
2314 cf_filename_set(css, frame->filename);
2315 cf_lineno_set(css, frame->lineno);
2316 css->name2_quote = name2_quote;
2317 css->unlang = CF_UNLANG_ALLOW;
2318 css->allow_locals = true;
2319
2320 fr_skip_whitespace(ptr);
2321
2322 if (*ptr != '{') {
2323 (void) parse_error(stack, ptr, "Expected '{' in 'switch'");
2324 return NULL;
2325 }
2326
2327 css->name2 = talloc_strdup(css, stack->buff[1]);
2328
2329 /*
2330 * Add in the extra argument.
2331 */
2332 if (type != FR_TYPE_NULL) {
2333 css->argc = 1;
2334 css->argv = talloc_array(css, char const *, css->argc);
2335 css->argv_quote = talloc_array(css, fr_token_t, css->argc);
2336
2337 css->argv[0] = fr_type_to_str(type);
2338 css->argv_quote[0] = T_BARE_WORD;
2339 }
2340
2341 ptr++;
2342 stack->ptr = ptr;
2343
2344 return cf_section_to_item(css);
2345}
2346
2347
2348static fr_table_ptr_sorted_t unlang_keywords[] = {
2349 { L("catch"), (void *) process_catch },
2350 { L("elsif"), (void *) process_if },
2351 { L("foreach"), (void *) process_foreach },
2352 { L("if"), (void *) process_if },
2353 { L("map"), (void *) process_map },
2354 { L("subrequest"), (void *) process_subrequest },
2355 { L("switch"), (void *) process_switch }
2356};
2357static int unlang_keywords_len = NUM_ELEMENTS(unlang_keywords);
2358
2359typedef CONF_ITEM *(*cf_process_func_t)(cf_stack_t *);
2360
2361static int parse_input(cf_stack_t *stack)
2362{
2363 fr_token_t name1_token, name2_token, value_token, op_token;
2364 char const *value;
2365 CONF_SECTION *css;
2366 char const *ptr = stack->ptr;
2367 char const *name1_ptr, *name2_ptr, *op_ptr;
2368 cf_stack_frame_t *frame = &stack->frame[stack->depth];
2369 CONF_SECTION *parent = frame->current;
2370 char *buff[4];
2371 cf_process_func_t process;
2372
2373 /*
2374 * Short names are nicer.
2375 */
2376 buff[0] = stack->buff[0];
2377 buff[1] = stack->buff[1];
2378 buff[2] = stack->buff[2];
2379 buff[3] = stack->buff[3];
2380
2381 fr_assert(parent != NULL);
2382
2383 /*
2384 * Catch end of a subsection.
2385 *
2386 * frame->current is the new thing we just created.
2387 * frame->parent is the parent of the current frame
2388 * frame->at_reference is the original frame->current, before the @reference
2389 * parent is the parent we started with when we started this section.
2390 */
2391 if (*ptr == '}') {
2392 /*
2393 * No pushed braces means that we're already in
2394 * the parent section which loaded this file. We
2395 * cannot go back up another level.
2396 *
2397 * This limitation means that we cannot put half
2398 * of a CONF_SECTION in one file, and then the
2399 * second half in another file. That's fine.
2400 */
2401 if (frame->braces == 0) {
2402 return parse_error(stack, ptr, "Too many closing braces");
2403 }
2404
2405 /*
2406 * Reset the current and parent to the original
2407 * section, before we were parsing the
2408 * @reference.
2409 */
2410 if (frame->at_reference) {
2411 frame->current = frame->parent = frame->at_reference;
2412 frame->at_reference = NULL;
2413
2414 } else {
2415 /*
2416 * Go back up one section, because we can.
2417 */
2418 frame->current = frame->parent = cf_item_to_section(frame->current->item.parent);
2419 }
2420
2421 fr_assert(frame->braces > 0);
2422 frame->braces--;
2423
2424 /*
2425 * Merge the template into the existing
2426 * section. parent uses more memory, but
2427 * means that templates now work with
2428 * sub-sections, etc.
2429 */
2430 if (!cf_template_merge(parent, parent->template)) return -1;
2431
2432 ptr++;
2433 stack->ptr = ptr;
2434 return 1;
2435 }
2436
2437 /*
2438 * Found nothing to get excited over. It MUST be
2439 * a key word.
2440 */
2441 name1_ptr = ptr;
2442 switch (parent->unlang) {
2443 default:
2444 /*
2445 * The LHS is a bare word / keyword in normal configuration file syntax.
2446 */
2447 name1_token = gettoken(&ptr, buff[1], stack->bufsize, false);
2448 if (name1_token == T_EOL) return 0;
2449
2450 if (name1_token == T_INVALID) {
2451 return parse_error(stack, name1_ptr, fr_strerror());
2452 }
2453
2454 if (name1_token != T_BARE_WORD) {
2455 return parse_error(stack, name1_ptr, "Invalid location for quoted string");
2456 }
2457
2458 fr_skip_whitespace(ptr);
2459 break;
2460
2461 case CF_UNLANG_ALLOW:
2462 case CF_UNLANG_EDIT:
2463 case CF_UNLANG_ASSIGNMENT:
2464 /*
2465 * The LHS can be an xlat expansion, attribute reference, etc.
2466 */
2467 if (cf_get_token(parent, &ptr, &name1_token, buff[1], stack->bufsize,
2468 frame->filename, frame->lineno) < 0) {
2469 return -1;
2470 }
2471 break;
2472 }
2473
2474 /*
2475 * Check if the thing we just parsed is an unlang keyword.
2476 */
2477 if ((name1_token == T_BARE_WORD) && isalpha((uint8_t) *buff[1])) {
2478 process = (cf_process_func_t) fr_table_value_by_str(unlang_keywords, buff[1], NULL);
2479 if (process) {
2480 CONF_ITEM *ci;
2481
2482 /*
2483 * Disallow keywords outside of unlang sections.
2484 *
2485 * We don't strictly need to do this with the more state-oriented parser, but
2486 * people keep putting unlang into random places in the configuration files,
2487 * which is wrong.
2488 */
2489 if (parent->unlang != CF_UNLANG_ALLOW) {
2490 return parse_error(stack, name1_ptr, "Invalid location for unlang keyword");
2491 }
2492
2493 stack->ptr = ptr;
2494 ci = process(stack);
2495 if (!ci) return -1;
2496
2497 ptr = stack->ptr;
2498 if (cf_item_is_section(ci)) {
2499 parent->allow_locals = false;
2500 css = cf_item_to_section(ci);
2501 goto add_section;
2502 }
2503
2504 /*
2505 * Else the item is a pair, and the call to process() it already added it to the
2506 * current section.
2507 */
2508 goto added_pair;
2509 }
2510
2511 /*
2512 * The next token isn't text, so we ignore it.
2513 */
2514 if (!isalnum((int) *ptr)) goto check_for_eol;
2515 }
2516
2517 /*
2518 * See if this thing is a variable definition.
2519 */
2520 if ((name1_token == T_BARE_WORD) && parent->allow_locals) {
2521 fr_type_t type;
2522 char const *ptr3;
2523
2524 type = fr_table_value_by_str(fr_type_table, buff[1], FR_TYPE_NULL);
2525 if (type == FR_TYPE_NULL) {
2526 parent->allow_locals = false;
2527 goto check_for_eol;
2528 }
2529
2530 if (type == FR_TYPE_TLV) goto parse_name2;
2531
2532 /*
2533 * group {
2534 *
2535 * is a section.
2536 */
2537 if (type == FR_TYPE_GROUP) {
2538 fr_skip_whitespace(ptr);
2539 if (*ptr == '{') {
2540 ptr++;
2541 value = NULL;
2542 name2_token = T_BARE_WORD;
2543 goto alloc_section;
2544 }
2545
2546 } else if (!fr_type_is_leaf(type)) {
2547 /*
2548 * Other structural types are allowed.
2549 */
2550 return parse_error(stack, name1_ptr, "Invalid data type for local variable. Must be 'tlv' or else a non-structrul type");
2551 }
2552
2553 /*
2554 * We don't have an operator, so set it to a magic value.
2555 */
2556 op_token = T_OP_CMP_TRUE;
2557
2558 /*
2559 * Parse the name of the local variable, and use it as the "value" for the CONF_PAIR.
2560 */
2561 ptr3 = ptr;
2562 if (cf_get_token(parent, &ptr, &value_token, buff[2], stack->bufsize,
2563 frame->filename, frame->lineno) < 0) {
2564 return -1;
2565 }
2566
2567 if (value_token != T_BARE_WORD) {
2568 return parse_error(stack, ptr3, "Invalid name");
2569 }
2570
2571 value = buff[2];
2572
2573 /*
2574 * Non-structural things must be variable definitions.
2575 */
2576 if (fr_type_is_leaf(type)) goto alloc_pair;
2577
2578 /*
2579 * Parse: group foo
2580 * vs group foo { ...
2581 */
2582 fr_skip_whitespace(ptr);
2583
2584 if (*ptr != '{') goto alloc_pair;
2585
2586 ptr++;
2587 name2_token = T_BARE_WORD;
2588 goto alloc_section;
2589 }
2590
2591 /*
2592 * We've parsed the LHS thing. The RHS might be empty, or an operator, or another word, or an
2593 * open bracket.
2594 */
2595check_for_eol:
2596 if (!*ptr || (*ptr == '#') || (*ptr == ',') || (*ptr == ';') || (*ptr == '}')) {
2597 /*
2598 * Only unlang sections can have module references.
2599 *
2600 * We also allow bare words in edit lists, where the RHS is a list of values.
2601 *
2602 * @todo - detail "suppress" requires bare words :(
2603 */
2604 parent->allow_locals = false;
2605 value_token = T_INVALID;
2606 op_token = T_OP_EQ;
2607 value = NULL;
2608 goto alloc_pair;
2609 }
2610
2611 /*
2612 * A common pattern is: name { ...}
2613 * Check for it and skip ahead.
2614 */
2615 if (*ptr == '{') {
2616 ptr++;
2617 name2_token = T_INVALID;
2618 value = NULL;
2619 goto alloc_section;
2620 }
2621
2622 /*
2623 * Parse the thing after the first word. It can be an operator, or the second name for a section.
2624 */
2625 name2_ptr = ptr;
2626 switch (parent->unlang) {
2627 default:
2628 /*
2629 * Configuration sections can only have '=' after the
2630 * first word, OR a second word which is the second name
2631 * of a configuration section.
2632 */
2633 if (*ptr == '=') goto operator;
2634
2635 /*
2636 * Section name2 can only be alphanumeric or UTF-8.
2637 */
2638 parse_name2:
2639 name2_ptr = ptr;
2640
2641 if (!(isalpha((uint8_t) *ptr) || isdigit((uint8_t) *ptr) || (*(uint8_t const *) ptr >= 0x80))) {
2642 /*
2643 * Maybe they missed a closing brace somewhere?
2644 */
2645 name2_token = gettoken(&ptr, buff[2], stack->bufsize, false); /* can't be EOL */
2646 if (fr_assignment_op[name2_token]) {
2647 return parse_error(stack, name2_ptr, "Unexpected operator, was expecting a configuration section. Is there a missing '}' somewhere?");
2648 }
2649
2650 return parse_error(stack, name2_ptr, "Invalid second name for configuration section");
2651 }
2652
2653 name2_token = gettoken(&ptr, buff[2], stack->bufsize, false); /* can't be EOL */
2654 if (name2_token == T_INVALID) {
2655 return parse_error(stack, name2_ptr, fr_strerror());
2656 }
2657
2658 if (name2_token != T_BARE_WORD) {
2659 return parse_error(stack, name2_ptr, "Unexpected quoted string after section name");
2660 }
2661
2662 fr_skip_whitespace(ptr);
2663
2664 /*
2665 * load-balance and redundant-load-balance MUST have a static module name, and MAY have
2666 * an additional load-balance keyword.
2667 */
2668 if ((parent->unlang == CF_UNLANG_MODULES) && (*ptr != '{') &&
2669 ((strcmp(buff[1], "load-balance") == 0) ||
2670 (strcmp(buff[1], "redundant-load-balance") == 0))) {
2671 /*
2672 * The third name could be an attribute name, xlat expansion, etc.
2673 */
2674 if (cf_get_token(parent, &ptr, &value_token, buff[3], stack->bufsize,
2675 frame->filename, frame->lineno) < 0) {
2676 return -1;
2677 }
2678
2679 fr_skip_whitespace(ptr);
2680
2681 if (*ptr != '{') {
2682 return parse_error(stack, ptr, "Expected '{'");
2683 }
2684
2685 ptr++;
2686
2687 css = cf_section_alloc(parent, parent, buff[1], buff[2]);
2688 if (!css) goto oom;
2689
2690 css->argc = 1;
2691 css->argv = talloc_array(css, char const *, 1);
2692 css->argv[0] = talloc_strdup(css->argv, buff[3]);
2693 css->argv_quote = talloc_array(css, fr_token_t, 1);
2694 css->argv_quote[0] = value_token;
2695 goto setup_section;
2696 }
2697
2698 if (*ptr != '{') {
2699 return parse_error(stack, ptr, "Missing '{' for configuration section");
2700 }
2701
2702 ptr++;
2703 value = buff[2];
2704 goto alloc_section;
2705
2706 case CF_UNLANG_ASSIGNMENT:
2707 /*
2708 * The next thing MUST be an operator. We don't support nested attributes in "update" or
2709 * "map" sections.
2710 */
2711 goto operator;
2712
2713 case CF_UNLANG_EDIT:
2714 /*
2715 * The next thing MUST be an operator. Edit sections always do operations, even on
2716 * lists. i.e. there is no second name section when editing a list.
2717 */
2718 goto operator;
2719
2720 case CF_UNLANG_ALLOW:
2721 /*
2722 * 'case ::foo' is allowed. For generality, we just expect that the second argument to
2723 * 'case' is not an operator.
2724 */
2725 if ((strcmp(buff[1], "case") == 0) ||
2726 (strcmp(buff[1], "limit") == 0) ||
2727 (strcmp(buff[1], "timeout") == 0)) {
2728 break;
2729 }
2730
2731 /*
2732 * It's not a string, bare word, or attribute reference. It must be an operator.
2733 */
2734 if (!((*ptr == '"') || (*ptr == '`') || (*ptr == '\'') || ((*ptr == '&') && (ptr[1] != '=')) ||
2735 ((*((uint8_t const *) ptr) & 0x80) != 0) || isalpha((uint8_t) *ptr) || isdigit((uint8_t) *ptr))) {
2736 goto operator;
2737 }
2738 break;
2739 }
2740
2741 /*
2742 * The second name could be a bare word, xlat expansion, string etc.
2743 */
2744 if (cf_get_token(parent, &ptr, &name2_token, buff[2], stack->bufsize,
2745 frame->filename, frame->lineno) < 0) {
2746 return -1;
2747 }
2748
2749 if (*ptr != '{') {
2750 fr_type_t type = fr_type_from_str(buff[1]);
2751
2752 /*
2753 * Not the name of a data type.
2754 */
2755 if (type == FR_TYPE_NULL) {
2756 return parse_error(stack, ptr, "Expected '{' after section names");
2757 }
2758
2759 if (parent->unlang == CF_UNLANG_EDIT) {
2760 return parse_error(stack, name1_ptr, "Invalid location for local variable - definitions cannot be inside of an assignment");
2761 }
2762
2763 if (parent->unlang == CF_UNLANG_ALLOW) {
2764 return parse_error(stack, name1_ptr, "Invalid location for local variable - definitions must go at the start of a section");
2765 }
2766
2767 return parse_error(stack, name1_ptr, "Invalid location for local variable - definitions can only go in a processing section.");
2768 }
2769 ptr++;
2770 value = buff[2];
2771
2772alloc_section:
2773 parent->allow_locals = false;
2774
2775 /*
2776 * @policy foo { ...}
2777 *
2778 * Means "add foo to the policy section". And if
2779 * policy{} doesn't exist, create it, and then mark up
2780 * policy{} with a flag "we need to merge it", so that
2781 * when we read the actual policy{}, we merge the
2782 * contents together, instead of creating a second
2783 * policy{}.
2784 *
2785 * @todo - allow for '.' in @.ref Or at least test it. :(
2786 *
2787 * @todo - allow for two section names @ref foo bar {...}
2788 *
2789 * @todo - maybe we can use this to overload things in
2790 * virtual servers, and in modules?
2791 */
2792 if (buff[1][0] == '@') {
2793 CONF_ITEM *ci;
2794 CONF_SECTION *root;
2795 char const *name = &buff[1][1];
2796
2797 if (!value) {
2798 ERROR("%s[%d]: Missing section name for reference", frame->filename, frame->lineno);
2799 return -1;
2800 }
2801
2802 root = cf_root(parent);
2803
2804 ci = cf_reference_item(root, parent, name);
2805 if (!ci) {
2806 if (name[1] == '.') {
2807 PERROR("%s[%d]: Failed finding reference \"%s\"", frame->filename, frame->lineno, name);
2808 return -1;
2809 }
2810
2811 css = cf_section_alloc(root, root, name, NULL);
2812 if (!css) goto oom;
2813
2814 cf_filename_set(css, frame->filename);
2815 cf_lineno_set(css, frame->lineno);
2816 css->name2_quote = name2_token;
2817 css->unlang = CF_UNLANG_NONE;
2818 css->allow_locals = false;
2819 css->at_reference = true;
2820 parent = css;
2821
2822 /*
2823 * Copy this code from below. :(
2824 */
2825 if (cf_item_to_section(parent->item.parent) == root) {
2826 if (strcmp(css->name1, "server") == 0) css->unlang = CF_UNLANG_SERVER;
2827 if (strcmp(css->name1, "policy") == 0) css->unlang = CF_UNLANG_POLICY;
2828 if (strcmp(css->name1, "modules") == 0) css->unlang = CF_UNLANG_MODULES;
2829 if (strcmp(css->name1, "templates") == 0) css->unlang = CF_UNLANG_CAN_HAVE_UPDATE;
2830 }
2831
2832 } else {
2833 if (!cf_item_is_section(ci)) {
2834 ERROR("%s[%d]: Reference \"%s\" is not a section", frame->filename, frame->lineno, name);
2835 return -1;
2836 }
2837
2838 /*
2839 * Set the new parent and ensure we're
2840 * not creating a duplicate section.
2841 */
2842 parent = cf_item_to_section(ci);
2843 css = cf_section_find(parent, value, NULL);
2844 if (css) {
2845 ERROR("%s[%d]: Reference \"%s\" already contains a \"%s\" section at %s[%d]",
2846 frame->filename, frame->lineno, name, value,
2847 css->item.filename, css->item.lineno);
2848 return -1;
2849 }
2850 }
2851
2852 /*
2853 * We're processing a section. The @reference is
2854 * OUTSIDE of this section.
2855 */
2856 fr_assert(frame->current == frame->parent);
2857 frame->at_reference = frame->parent;
2858 name2_token = T_BARE_WORD;
2859
2860 css = cf_section_alloc(parent, parent, value, NULL);
2861 } else {
2862 /*
2863 * Check if there's already an auto-created
2864 * section of this name. If so, just use that
2865 * section instead of allocating a new one.
2866 */
2867 css = cf_section_find(parent, buff[1], value);
2868 if (css && css->at_reference) {
2869 css->at_reference = false;
2870 } else {
2871 css = cf_section_alloc(parent, parent, buff[1], value);
2872 }
2873 }
2874
2875 if (!css) {
2876 oom:
2877 ERROR("%s[%d]: Failed allocating memory for section",
2878 frame->filename, frame->lineno);
2879 return -1;
2880 }
2881
2882setup_section:
2883 cf_filename_set(css, frame->filename);
2884 cf_lineno_set(css, frame->lineno);
2885 css->name2_quote = name2_token;
2886 css->unlang = CF_UNLANG_NONE;
2887 css->allow_locals = false;
2888
2889 /*
2890 * Only a few top-level sections allow "unlang"
2891 * statements. And for those, "unlang"
2892 * statements are only allowed in child
2893 * subsection.
2894 */
2895 switch (parent->unlang) {
2896 case CF_UNLANG_NONE:
2897 if (!parent->item.parent) {
2898 if (strcmp(css->name1, "server") == 0) css->unlang = CF_UNLANG_SERVER;
2899 if (strcmp(css->name1, "policy") == 0) css->unlang = CF_UNLANG_POLICY;
2900 if (strcmp(css->name1, "modules") == 0) css->unlang = CF_UNLANG_MODULES;
2901 if (strcmp(css->name1, "templates") == 0) css->unlang = CF_UNLANG_CAN_HAVE_UPDATE;
2902
2903 } else if ((cf_item_to_section(parent->item.parent)->unlang == CF_UNLANG_MODULES) &&
2904 (strcmp(css->name1, "update") == 0)) {
2905 /*
2906 * Module configuration can contain "update" statements.
2907 */
2908 css->unlang = CF_UNLANG_ASSIGNMENT;
2909 css->allow_locals = false;
2910 }
2911 break;
2912
2913 /*
2914 * It's a policy section - allow unlang inside of child sections.
2915 */
2916 case CF_UNLANG_POLICY:
2917 css->unlang = CF_UNLANG_ALLOW;
2918 css->allow_locals = true;
2919 break;
2920
2921 /*
2922 * A virtual server has processing sections, but only a limited number of them.
2923 * Rather than trying to autoload them and glue the interpreter into the conf
2924 * file parser, we just hack it.
2925 */
2926 case CF_UNLANG_SERVER:
2927 // git grep SECTION_NAME src/process/ src/lib/server/process.h | sed 's/.*SECTION_NAME("//;s/",.*//' | sort -u
2928 if (fr_table_value_by_str(server_unlang_section, css->name1, false)) {
2929 css->unlang = CF_UNLANG_ALLOW;
2930 css->allow_locals = true;
2931 break;
2932 }
2933
2934 /*
2935 * Allow local variables, but no unlang statements.
2936 */
2937 if (strcmp(css->name1, "dictionary") == 0) {
2938 css->unlang = CF_UNLANG_DICTIONARY;
2939 css->allow_locals = true;
2940 break;
2941 }
2942
2943 /*
2944 * ldap sync has "update" a few levels down.
2945 */
2946 if (strcmp(css->name1, "listen") == 0) {
2947 css->unlang = CF_UNLANG_CAN_HAVE_UPDATE;
2948 }
2949 break;
2950
2951 /*
2952 * Virtual modules in the "modules" section can have unlang.
2953 */
2954 case CF_UNLANG_MODULES:
2955 if ((strcmp(css->name1, "group") == 0) ||
2956 (strcmp(css->name1, "load-balance") == 0) ||
2957 (strcmp(css->name1, "redundant") == 0) ||
2958 (strcmp(css->name1, "redundant-load-balance") == 0)) {
2959 css->unlang = CF_UNLANG_ALLOW;
2960 css->allow_locals = true;
2961 } else {
2962 css->unlang = CF_UNLANG_CAN_HAVE_UPDATE;
2963 }
2964 break;
2965
2966 case CF_UNLANG_EDIT:
2967 /*
2968 * Edit sections can only have children which are edit sections.
2969 */
2970 css->unlang = CF_UNLANG_EDIT;
2971 break;
2972
2973 case CF_UNLANG_ALLOW:
2974 /*
2975 * If we are doing list assignment, then don't allow local variables. The children are
2976 * also then all edit sections, and not unlang statements.
2977 *
2978 * If we're not doing list assignment, then name2 has to be a bare word, string, etc.
2979 */
2980 css->allow_locals = !fr_list_assignment_op[name2_token];
2981 if (css->allow_locals) {
2982 /*
2983 * @todo - tighten this up for "actions" sections, and module rcode
2984 * over-rides.
2985 *
2986 * Perhaps the best way to do that is to change the syntax for module
2987 * over-rides, so that the parser doesn't have to guess. :(
2988 */
2989 css->unlang = CF_UNLANG_ALLOW;
2990 } else {
2991 css->unlang = CF_UNLANG_EDIT;
2992 }
2993 break;
2994
2995 /*
2996 * We can (maybe?) do nested assignments inside of an old-style "update" or "map" section
2997 */
2998 case CF_UNLANG_ASSIGNMENT:
2999 css->unlang = CF_UNLANG_ASSIGNMENT;
3000 break;
3001
3002 case CF_UNLANG_DICTIONARY:
3003 css->unlang = CF_UNLANG_DICTIONARY;
3004 css->allow_locals = true;
3005 break;
3006
3007 case CF_UNLANG_CAN_HAVE_UPDATE:
3008 if (strcmp(css->name1, "update") == 0) {
3009 css->unlang = CF_UNLANG_ASSIGNMENT;
3010 } else {
3011 css->unlang = CF_UNLANG_CAN_HAVE_UPDATE;
3012 }
3013 break;
3014 }
3015
3016add_section:
3017 /*
3018 * The current section is now the child section.
3019 */
3020 frame->current = css;
3021 frame->braces++;
3022 css = NULL;
3023 stack->ptr = ptr;
3024 return 1;
3025
3026
3027 /*
3028 * If we're not parsing a section, then the next
3029 * token MUST be an operator.
3030 */
3031operator:
3032 op_ptr = ptr;
3033 name2_token = gettoken(&ptr, buff[2], stack->bufsize, false);
3034 switch (name2_token) {
3035 case T_OP_ADD_EQ:
3036 case T_OP_SUB_EQ:
3037 case T_OP_MUL_EQ:
3038 case T_OP_DIV_EQ:
3039 case T_OP_AND_EQ:
3040 case T_OP_OR_EQ:
3041 case T_OP_NE:
3042 case T_OP_RSHIFT_EQ:
3043 case T_OP_GE:
3044 case T_OP_GT:
3045 case T_OP_LSHIFT_EQ:
3046 case T_OP_LE:
3047 case T_OP_LT:
3048 case T_OP_CMP_EQ:
3049 case T_OP_CMP_FALSE:
3050 case T_OP_SET:
3051 case T_OP_PREPEND:
3052 /*
3053 * Allow more operators in unlang statements, edit sections, and old-style "update" sections.
3054 */
3055 if ((parent->unlang != CF_UNLANG_ALLOW) && (parent->unlang != CF_UNLANG_EDIT) && (parent->unlang != CF_UNLANG_ASSIGNMENT)) {
3056 return parse_error(stack, op_ptr, "Invalid operator for assignment");
3057 }
3058 FALL_THROUGH;
3059
3060 case T_OP_EQ:
3061 /*
3062 * Configuration variables can only use =
3063 */
3064 fr_skip_whitespace(ptr);
3065 op_token = name2_token;
3066 break;
3067
3068 default:
3069 return parse_error(stack, op_ptr, "Syntax error, the input should be an assignment operator");
3070 }
3071
3072 /*
3073 * MUST have something after the operator.
3074 */
3075 if (!*ptr || (*ptr == '#') || (*ptr == ',') || (*ptr == ';')) {
3076 return parse_error(stack, ptr, "Missing value after operator");
3077 }
3078
3079 /*
3080 * foo = { ... } for nested groups.
3081 *
3082 * As a special case, we allow sub-sections after '=', etc.
3083 *
3084 * This syntax is only for inside of "update"
3085 * sections, and for attributes of type "group".
3086 * But the parser isn't (yet) smart enough to
3087 * know about that context. So we just silently
3088 * allow it everywhere.
3089 */
3090 if (*ptr == '{') {
3091 if ((parent->unlang != CF_UNLANG_ALLOW) && (parent->unlang != CF_UNLANG_EDIT)) {
3092 return parse_error(stack, ptr, "Invalid location for nested attribute assignment");
3093 }
3094
3095 if (!fr_list_assignment_op[name2_token]) {
3096 return parse_error(stack, ptr, "Invalid assignment operator for list");
3097 }
3098
3099 /*
3100 * Now that we've peeked ahead to
3101 * see the open brace, parse it
3102 * for real.
3103 */
3104 ptr++;
3105
3106 /*
3107 * Leave name2_token as the
3108 * operator (as a hack). But
3109 * note that there's no actual
3110 * name2. We'll deal with that
3111 * situation later.
3112 */
3113 value = NULL;
3114 goto alloc_section;
3115 }
3116
3117 fr_skip_whitespace(ptr);
3118
3119 /*
3120 * Parse the value for a CONF_PAIR.
3121 *
3122 * If it's unlang or an edit section, the RHS can be an expression.
3123 */
3124 if ((parent->unlang == CF_UNLANG_ALLOW) || (parent->unlang == CF_UNLANG_EDIT)) {
3125 bool eol;
3126 ssize_t slen;
3127
3128 name2_ptr = ptr;
3129
3130 /*
3131 * If the RHS is an expression (foo) or function %foo(), then mark it up as an expression.
3132 */
3133 if ((*ptr == '(') || (*ptr == '%')) {
3134 /* nothing */
3135
3136 } else if (cf_get_token(parent, &name2_ptr, &value_token, buff[2], stack->bufsize,
3137 frame->filename, frame->lineno) == 0) {
3138 /*
3139 * We have one token (bare word), followed by EOL. It's just a token.
3140 */
3141 fr_skip_whitespace(name2_ptr);
3142 if (terminal_end_line[(uint8_t) *name2_ptr]) {
3143 parent->allow_locals = false;
3144 ptr = name2_ptr;
3145 value = buff[2];
3146 goto alloc_pair;
3147 }
3148 } /* else it looks like an expression */
3149
3150 /*
3151 * Parse the text as an expression.
3152 *
3153 * Note that unlike conditions, expressions MUST use \ at the EOL for continuation.
3154 * If we automatically read past EOL, as with:
3155 *
3156 * &foo := (bar -
3157 * baz)
3158 *
3159 * That works, mostly. Until the user forgets to put the trailing ')', and then
3160 * the parse is bad enough that it tries to read to EOF, or to some other random
3161 * parse error.
3162 *
3163 * So the simplest way to avoid utter craziness is to simply require a signal which
3164 * says "yes, I intended to put this over multiple lines".
3165 */
3166 slen = fr_skip_condition(ptr, NULL, terminal_end_line, &eol);
3167 if (slen < 0) {
3168 return parse_error(stack, ptr + (-slen), fr_strerror());
3169 }
3170
3171 /*
3172 * We parsed until the end of the string, but the condition still needs more data.
3173 */
3174 if (eol) {
3175 return parse_error(stack, ptr + slen, "Expression is unfinished at end of line");
3176 }
3177
3178 /*
3179 * Keep a copy of the entire RHS.
3180 */
3181 memcpy(buff[2], ptr, slen);
3182 buff[2][slen] = '\0';
3183
3184 value = buff[2];
3185
3186 /*
3187 * Mark it up as an expression
3188 *
3189 * @todo - we should really just call cf_data_add() to add a flag, but this is good for
3190 * now. See map_afrom_cp()
3191 */
3192 value_token = T_HASH;
3193
3194 /*
3195 * Skip terminal characters
3196 */
3197 ptr += slen;
3198 if ((*ptr == ',') || (*ptr == ';')) ptr++;
3199
3200#if 0
3201 } else if ((parent->unlang != CF_UNLANG_ASSIGNMENT) &&
3202 ((*ptr == '`') || (*ptr == '%') || (*ptr == '('))) {
3203 /*
3204 * Config sections can't use backticks, xlat expansions, or expressions.
3205 *
3206 * Except module configurations can have key = %{...}
3207 */
3208 return parse_error(stack, ptr, "Invalid value for assignment in configuration file");
3209#endif
3210
3211 } else {
3212 if (cf_get_token(parent, &ptr, &value_token, buff[2], stack->bufsize,
3213 frame->filename, frame->lineno) < 0) {
3214 return -1;
3215 }
3216 value = buff[2];
3217 }
3218
3219 /*
3220 * We have an attribute assignment, which means that we no longer allow local variables to be
3221 * defined.
3222 */
3223 parent->allow_locals = false;
3224
3225alloc_pair:
3226 if (add_pair(parent, buff[1], value, name1_token, op_token, value_token, buff[3], frame->filename, frame->lineno) < 0) return -1;
3227
3228added_pair:
3229 fr_skip_whitespace(ptr);
3230
3231 /*
3232 * Skip semicolon if we see it after a
3233 * CONF_PAIR. Also allow comma for
3234 * backwards compatibility with secret
3235 * things in v3.
3236 */
3237 if ((*ptr == ';') || (*ptr == ',')) {
3238 ptr++;
3239 stack->ptr = ptr;
3240 return 1;
3241 }
3242
3243 /*
3244 * Closing brace is allowed after a CONF_PAIR
3245 * definition.
3246 */
3247 if (*ptr == '}') {
3248 stack->ptr = ptr;
3249 return 1;
3250 }
3251
3252 /*
3253 * Anything OTHER than EOL or comment is a syntax
3254 * error.
3255 */
3256 if (*ptr && (*ptr != '#')) {
3257 return parse_error(stack, ptr, "Unexpected text after configuration item");
3258 }
3259
3260 /*
3261 * Since we're at EOL or comment, just drop the
3262 * text, and go read another line of text.
3263 */
3264 return 0;
3265}
3266
3267
3268static int frame_readdir(cf_stack_t *stack)
3269{
3270 cf_stack_frame_t *frame = &stack->frame[stack->depth];
3271 CONF_SECTION *parent = frame->current;
3272 cf_file_heap_t *h;
3273
3274 h = fr_heap_pop(&frame->heap);
3275 if (!h) {
3276 /*
3277 * Done reading the directory entry. Close it, and go
3278 * back up a stack frame.
3279 */
3280 talloc_free(frame->directory);
3281 stack->depth--;
3282 return 1;
3283 }
3284
3285 /*
3286 * Push the next filename onto the stack.
3287 */
3288 stack->depth++;
3289 frame = &stack->frame[stack->depth];
3290 memset(frame, 0, sizeof(*frame));
3291
3292 frame->type = CF_STACK_FILE;
3293 frame->fp = NULL;
3294 frame->parent = parent;
3295 frame->current = parent;
3296 frame->filename = h->filename;
3297 frame->lineno = 0;
3298 frame->from_dir = true;
3299 return 1;
3300}
3301
3302
3303static fr_md5_ctx_t *cf_md5_ctx = NULL;
3304
3305void cf_md5_init(void)
3306{
3307 cf_md5_ctx = fr_md5_ctx_alloc();
3308}
3309
3310
3311static void cf_md5_update(char const *p)
3312{
3313 if (!cf_md5_ctx) return;
3314
3315 fr_md5_update(cf_md5_ctx, (uint8_t const *)p, strlen(p));
3316}
3317
3318void cf_md5_final(uint8_t *digest)
3319{
3320 if (!cf_md5_ctx) {
3321 memset(digest, 0, MD5_DIGEST_LENGTH);
3322 return;
3323 }
3324
3325 fr_md5_final(digest, cf_md5_ctx);
3326 fr_md5_ctx_free(&cf_md5_ctx);
3327 cf_md5_ctx = NULL;
3328}
3329
3330static int cf_file_fill(cf_stack_t *stack)
3331{
3332 bool at_eof, has_spaces;
3333 size_t len;
3334 char const *ptr;
3335 cf_stack_frame_t *frame = &stack->frame[stack->depth];
3336
3337read_more:
3338 has_spaces = false;
3339
3340read_continuation:
3341 /*
3342 * Get data, and remember if we are at EOF.
3343 */
3344 at_eof = (fgets(stack->fill, stack->bufsize - (stack->fill - stack->buff[0]), frame->fp) == NULL);
3345 cf_md5_update(stack->fill);
3346 frame->lineno++;
3347
3348 /*
3349 * We read the entire 8k worth of data: complain.
3350 * Note that we don't care if the last character
3351 * is \n: it's still forbidden. This means that
3352 * the maximum allowed length of text is 8k-1, which
3353 * should be plenty.
3354 */
3355 len = strlen(stack->fill);
3356 if ((stack->fill + len + 1) >= (stack->buff[0] + stack->bufsize)) {
3357 ERROR("%s[%d]: Line too long", frame->filename, frame->lineno);
3358 return -1;
3359 }
3360
3361 /*
3362 * Suppress leading whitespace after a
3363 * continuation line.
3364 */
3365 if (has_spaces) {
3366 ptr = stack->fill;
3367 fr_skip_whitespace(ptr);
3368
3369 if (ptr > stack->fill) {
3370 memmove(stack->fill, ptr, len - (ptr - stack->fill));
3371 len -= (ptr - stack->fill);
3372 }
3373 }
3374
3375 /*
3376 * Skip blank lines when we're at the start of
3377 * the read buffer.
3378 */
3379 if (stack->fill == stack->buff[0]) {
3380 if (at_eof) return 0;
3381
3382 ptr = stack->buff[0];
3383 fr_skip_whitespace(ptr);
3384
3385 if (!*ptr || (*ptr == '#')) goto read_more;
3386
3387 } else if (at_eof || (len == 0)) {
3388 ERROR("%s[%d]: Continuation at EOF is illegal", frame->filename, frame->lineno);
3389 return -1;
3390 }
3391
3392 /*
3393 * See if there's a continuation.
3394 */
3395 while ((len > 0) &&
3396 ((stack->fill[len - 1] == '\n') || (stack->fill[len - 1] == '\r'))) {
3397 len--;
3398 stack->fill[len] = '\0';
3399 }
3400
3401 if ((len > 0) && (stack->fill[len - 1] == '\\')) {
3402 /*
3403 * Check for "suppress spaces" magic.
3404 */
3405 if (!has_spaces && (len > 2) && (stack->fill[len - 2] == '"')) {
3406 has_spaces = true;
3407 }
3408
3409 stack->fill[len - 1] = '\0';
3410 stack->fill += len - 1;
3411 goto read_continuation;
3412 }
3413
3414 ptr = stack->fill;
3415
3416 /*
3417 * We now have one full line of text in the input
3418 * buffer, without continuations.
3419 */
3420 fr_skip_whitespace(ptr);
3421
3422 /*
3423 * Nothing left, or just a comment. Go read
3424 * another line of text.
3425 */
3426 if (!*ptr || (*ptr == '#')) goto read_more;
3427
3428 return 1;
3429}
3430
3431
3432/*
3433 * Read a configuration file or files.
3434 */
3435static int cf_file_include(cf_stack_t *stack)
3436{
3437 CONF_SECTION *parent;
3438 char const *ptr;
3439
3440 cf_stack_frame_t *frame;
3441 int rcode;
3442
3443do_frame:
3444 frame = &stack->frame[stack->depth];
3445 parent = frame->current; /* add items here */
3446
3447 switch (frame->type) {
3448#ifdef HAVE_GLOB_H
3449 case CF_STACK_GLOB:
3450 if (frame->gl_current == frame->glob.gl_pathc) {
3451 globfree(&frame->glob);
3452 goto pop_stack;
3453 }
3454
3455 /*
3456 * Process the filename as an include.
3457 */
3458 if (process_include(stack, parent, frame->glob.gl_pathv[frame->gl_current++], frame->required, false) < 0) return -1;
3459
3460 /*
3461 * Run the correct frame. If the file is NOT
3462 * required, then the call to process_include()
3463 * may return 0, and we just process the next
3464 * glob. Otherwise, the call to
3465 * process_include() may return a directory or a
3466 * filename. Go handle that.
3467 */
3468 goto do_frame;
3469#endif
3470
3471#ifdef HAVE_DIRENT_H
3472 case CF_STACK_DIR:
3473 rcode = frame_readdir(stack);
3474 if (rcode == 0) goto do_frame;
3475 if (rcode < 0) return -1;
3476
3477 /*
3478 * Reset which frame we're looking at.
3479 */
3480 frame = &stack->frame[stack->depth];
3481 fr_assert(frame->type == CF_STACK_FILE);
3482 break;
3483#endif
3484
3485 case CF_STACK_FILE:
3486 break;
3487 }
3488
3489#ifndef NDEBUG
3490 /*
3491 * One last sanity check.
3492 */
3493 if (frame->type != CF_STACK_FILE) {
3494 cf_log_err(frame->current, "%s: Internal sanity check failed", __FUNCTION__);
3495 goto pop_stack;
3496 }
3497#endif
3498
3499 /*
3500 * Open the new file if necessary. It either came from
3501 * the first call to the function, or was pushed onto the
3502 * stack by another function.
3503 */
3504 if (!frame->fp) {
3505 rcode = cf_file_open(frame->parent, frame->filename, frame->from_dir, &frame->fp);
3506 if (rcode < 0) return -1;
3507
3508 /*
3509 * Ignore this file
3510 */
3511 if (rcode == 1) {
3512 cf_log_warn(frame->current, "Ignoring file %s - it was already read",
3513 frame->filename);
3514 goto pop_stack;
3515 }
3516 }
3517
3518 /*
3519 * Read, checking for line continuations ('\\' at EOL)
3520 */
3521 for (;;) {
3522 /*
3523 * Fill the buffers with data.
3524 */
3525 stack->fill = stack->buff[0];
3526 rcode = cf_file_fill(stack);
3527 if (rcode < 0) return -1;
3528 if (rcode == 0) break;
3529
3530 /*
3531 * The text here MUST be at the start of a line,
3532 * OR have only whitespace in front of it.
3533 */
3534 ptr = stack->buff[0];
3535 fr_skip_whitespace(ptr);
3536
3537 if (*ptr == '$') {
3538 /*
3539 * Allow for $INCLUDE files
3540 */
3541 if (strncasecmp(ptr, "$INCLUDE", 8) == 0) {
3542 ptr += 8;
3543
3544 if (process_include(stack, parent, ptr, true, true) < 0) return -1;
3545 goto do_frame;
3546 }
3547
3548 if (strncasecmp(ptr, "$-INCLUDE", 9) == 0) {
3549 ptr += 9;
3550
3551 rcode = process_include(stack, parent, ptr, false, true);
3552 if (rcode < 0) return -1;
3553 if (rcode == 0) continue;
3554 goto do_frame;
3555 }
3556
3557 /*
3558 * Allow for $TEMPLATE things
3559 */
3560 if (strncasecmp(ptr, "$TEMPLATE", 9) == 0) {
3561 ptr += 9;
3562 fr_skip_whitespace(ptr);
3563
3564 stack->ptr = ptr;
3565 if (process_template(stack) < 0) return -1;
3566 continue;
3567 }
3568
3569 return parse_error(stack, ptr, "Unknown $... keyword");
3570 }
3571
3572 /*
3573 * All of the file handling code is done. Parse the input.
3574 */
3575 do {
3576 fr_skip_whitespace(ptr);
3577 if (!*ptr || (*ptr == '#')) break;
3578
3579 stack->ptr = ptr;
3580 rcode = parse_input(stack);
3581 ptr = stack->ptr;
3582
3583 if (rcode < 0) return -1;
3584 parent = frame->current;
3585 } while (rcode == 1);
3586 }
3587
3588 fr_assert(frame->fp != NULL);
3589
3590 /*
3591 * See if EOF was unexpected.
3592 */
3593 if (feof(frame->fp) && (parent != frame->parent)) {
3594 ERROR("%s[%d]: EOF reached without closing brace for section %s starting at line %d",
3595 frame->filename, frame->lineno, cf_section_name1(parent), cf_lineno(parent));
3596 return -1;
3597 }
3598
3599 fclose(frame->fp);
3600 frame->fp = NULL;
3601
3602pop_stack:
3603 /*
3604 * More things to read, go read them.
3605 */
3606 if (stack->depth > 0) {
3607 stack->depth--;
3608 goto do_frame;
3609 }
3610
3611 return 0;
3612}
3613
3614static void cf_stack_cleanup(cf_stack_t *stack)
3615{
3616 cf_stack_frame_t *frame = &stack->frame[stack->depth];
3617
3618 while (stack->depth >= 0) {
3619 switch (frame->type) {
3620 case CF_STACK_FILE:
3621 if (frame->fp) fclose(frame->fp);
3622 frame->fp = NULL;
3623 break;
3624
3625#ifdef HAVE_DIRENT_H
3626 case CF_STACK_DIR:
3627 talloc_free(frame->directory);
3628 break;
3629#endif
3630
3631#ifdef HAVE_GLOB_H
3632 case CF_STACK_GLOB:
3633 globfree(&frame->glob);
3634 break;
3635#endif
3636 }
3637
3638 frame--;
3639 stack->depth--;
3640 }
3641
3642 talloc_free(stack->buff);
3643}
3644
3645/*
3646 * Bootstrap a config file.
3647 */
3648int cf_file_read(CONF_SECTION *cs, char const *filename, bool root)
3649{
3650 int i;
3651 fr_rb_tree_t *tree;
3652 cf_stack_t stack;
3653 cf_stack_frame_t *frame;
3654
3655 /*
3656 * Only add the default config directory if we're loading a top-level configuration file.
3657 */
3658 if (root) {
3659 char *p;
3660 CONF_PAIR *cp;
3661
3662 /*
3663 * For compatibility, this goes first. And we don't care if there are too many '/'.
3664 */
3665 cp = cf_pair_alloc(cs, "raddbdir", filename, T_OP_EQ, T_BARE_WORD, T_SINGLE_QUOTED_STRING);
3666 if (!cp) return -1;
3667
3668 /*
3669 * This goes second, and we try to be nice about too many '/'.
3670 */
3671 cp = cf_pair_alloc(cs, "confdir", filename, T_OP_EQ, T_BARE_WORD, T_SINGLE_QUOTED_STRING);
3672 if (!cp) return -1;
3673
3674 p = strrchr(cp->value, FR_DIR_SEP);
3675 if (p) *p = '\0';
3676 }
3677
3678 MEM(tree = fr_rb_inline_talloc_alloc(cs, cf_file_t, node, _inode_cmp, NULL));
3679
3680 cf_data_add(cs, tree, "filename", false);
3681
3682#ifndef NDEBUG
3683 memset(&stack, 0, sizeof(stack));
3684#endif
3685
3686 /*
3687 * Allocate temporary buffers on the heap (so we don't use *all* the stack space)
3688 */
3689 stack.buff = talloc_array(cs, char *, 4);
3690 for (i = 0; i < 4; i++) MEM(stack.buff[i] = talloc_array(stack.buff, char, 8192));
3691
3692 stack.depth = 0;
3693 stack.bufsize = 8192;
3694 frame = &stack.frame[stack.depth];
3695
3696 memset(frame, 0, sizeof(*frame));
3697 frame->parent = frame->current = cs;
3698
3699 frame->type = CF_STACK_FILE;
3700 frame->filename = talloc_strdup(frame->parent, filename);
3701 cs->item.filename = frame->filename;
3702
3703 if (cf_file_include(&stack) < 0) {
3704 cf_stack_cleanup(&stack);
3705 return -1;
3706 }
3707
3708 talloc_free(stack.buff);
3709
3710 /*
3711 * Now that we've read the file, go back through it and
3712 * expand the variables.
3713 */
3714 if (cf_section_pass2(cs) < 0) {
3715 cf_log_err(cs, "Parsing config items failed");
3716 return -1;
3717 }
3718
3719 return 0;
3720}
3721
3722void cf_file_free(CONF_SECTION *cs)
3723{
3724 talloc_free(cs);
3725}
3726
3727static char const parse_tabs[] = " ";
3728
3729static ssize_t cf_string_write(FILE *fp, char const *string, size_t len, fr_token_t t)
3730{
3731 size_t outlen;
3732 char c;
3733 char buffer[2048];
3734
3735 switch (t) {
3736 default:
3737 c = '\0';
3738 break;
3739
3740 case T_DOUBLE_QUOTED_STRING:
3741 c = '"';
3742 break;
3743
3744 case T_SINGLE_QUOTED_STRING:
3745 c = '\'';
3746 break;
3747
3748 case T_BACK_QUOTED_STRING:
3749 c = '`';
3750 break;
3751 }
3752
3753 if (c) fprintf(fp, "%c", c);
3754
3755 outlen = fr_snprint(buffer, sizeof(buffer), string, len, c);
3756 fwrite(buffer, outlen, 1, fp);
3757
3758 if (c) fprintf(fp, "%c", c);
3759 return 1;
3760}
3761
3762static int cf_pair_write(FILE *fp, CONF_PAIR *cp)
3763{
3764 if (!cp->value) {
3765 fprintf(fp, "%s\n", cp->attr);
3766 return 0;
3767 }
3768
3769 cf_string_write(fp, cp->attr, strlen(cp->attr), cp->lhs_quote);
3770 fprintf(fp, " %s ", fr_table_str_by_value(fr_tokens_table, cp->op, "<INVALID>"));
3771 cf_string_write(fp, cp->value, strlen(cp->value), cp->rhs_quote);
3772 fprintf(fp, "\n");
3773
3774 return 1; /* FIXME */
3775}
3776
3777
3778int cf_section_write(FILE *fp, CONF_SECTION *cs, int depth)
3779{
3780 if (!fp || !cs) return -1;
3781
3782 /*
3783 * Print the section name1, etc.
3784 */
3785 fwrite(parse_tabs, depth, 1, fp);
3786 cf_string_write(fp, cs->name1, strlen(cs->name1), T_BARE_WORD);
3787
3788 /*
3789 * FIXME: check for "if" or "elsif". And if so, print
3790 * out the parsed condition, instead of the input text
3791 *
3792 * cf_data_find(cs, CF_DATA_TYPE_UNLANG, "if");
3793 */
3794 if (cs->name2) {
3795 fputs(" ", fp);
3796
3797#if 0
3798 c = cf_data_value(cf_data_find(cs, fr_cond_t, NULL));
3799 if (c) {
3800 char buffer[1024];
3801
3802 cond_print(&FR_SBUFF_OUT(buffer, sizeof(buffer)), c);
3803 fprintf(fp, "(%s)", buffer);
3804 } else
3805#endif
3806 cf_string_write(fp, cs->name2, strlen(cs->name2), cs->name2_quote);
3807 }
3808
3809 fputs(" {\n", fp);
3810
3811 /*
3812 * Loop over the children. Either recursing, or opening
3813 * a new file.
3814 */
3815 cf_item_foreach(&cs->item, ci) {
3816 switch (ci->type) {
3817 case CONF_ITEM_SECTION:
3818 cf_section_write(fp, cf_item_to_section(ci), depth + 1);
3819 break;
3820
3821 case CONF_ITEM_PAIR:
3822 /*
3823 * Ignore internal things.
3824 */
3825 if (!ci->filename || (ci->filename[0] == '<')) break;
3826
3827 fwrite(parse_tabs, depth + 1, 1, fp);
3828 cf_pair_write(fp, cf_item_to_pair(ci));
3829 break;
3830
3831 default:
3832 break;
3833 }
3834 }
3835
3836 fwrite(parse_tabs, depth, 1, fp);
3837 fputs("}\n\n", fp);
3838
3839 return 1;
3840}
3841
3842
3843CONF_ITEM *cf_reference_item(CONF_SECTION const *parent_cs,
3844 CONF_SECTION const *outer_cs,
3845 char const *ptr)
3846{
3847 CONF_PAIR *cp;
3848 CONF_SECTION *next;
3849 CONF_SECTION const *cs = outer_cs;
3850 char name[8192], *p;
3851 char const *name2;
3852
3853 if (!ptr || (!parent_cs && !outer_cs)) {
3854 fr_strerror_const("Invalid argument");
3855 return NULL;
3856 }
3857
3858 if (!*ptr) {
3859 fr_strerror_const("Empty string is invalid");
3860 return NULL;
3861 }
3862
3863 strlcpy(name, ptr, sizeof(name));
3864
3865 p = name;
3866
3867 /*
3868 * ".foo" means "foo from the current section"
3869 */
3870 if (*p == '.') {
3871 p++;
3872
3873 /*
3874 * Just '.' means the current section
3875 */
3876 if (*p == '\0') return cf_section_to_item(cs); /* const issues */
3877
3878 /*
3879 * ..foo means "foo from the section
3880 * enclosing this section" (etc.)
3881 */
3882 while (*p == '.') {
3883 if (cs->item.parent) cs = cf_item_to_section(cs->item.parent);
3884
3885 /*
3886 * .. means the section
3887 * enclosing this section
3888 */
3889 if (!*++p) return cf_section_to_item(cs); /* const issues */
3890 }
3891
3892 /*
3893 * "foo.bar.baz" means "from the given root"
3894 */
3895 } else if (strchr(p, '.') != NULL) {
3896 if (!parent_cs) {
3897 missing_parent:
3898 fr_strerror_const("Missing parent configuration section");
3899 return NULL;
3900 }
3901 cs = parent_cs;
3902
3903 /*
3904 * "foo" could be from the current section, either as a
3905 * section or as a pair.
3906 *
3907 * If that isn't found, search from the given root.
3908 */
3909 } else {
3910 next = cf_section_find(cs, p, NULL);
3911 if (!next && cs->template) next = cf_section_find(cs->template, p, NULL);
3912 if (next) return &(next->item);
3913
3914 cp = cf_pair_find(cs, p);
3915 if (!cp && cs->template) cp = cf_pair_find(cs->template, p);
3916 if (cp) return &(cp->item);
3917
3918 if (!parent_cs) goto missing_parent;
3919 cs = parent_cs;
3920 }
3921
3922 /*
3923 * Chop the string into pieces, and look up the pieces.
3924 */
3925 while (*p) {
3926 char *n1, *n2, *q;
3927
3928 n1 = p;
3929 n2 = NULL;
3930 q = p;
3931
3932 fr_assert(*q);
3933
3934 /*
3935 * Look for a terminating '.' or '[', to get name1 and possibly name2.
3936 */
3937 while (*q != '\0') {
3938 /*
3939 * foo.bar -> return "foo"
3940 */
3941 if (*q == '.') {
3942 *q++ = '\0'; /* leave 'q' after the '.' */
3943 break;
3944 }
3945
3946 /*
3947 * name1 is anything up to '[' or EOS.
3948 */
3949 if (*q != '[') {
3950 q++;
3951 continue;
3952 }
3953
3954 /*
3955 * Found "name1[", look for "name2]" or "name2]."
3956 */
3957 *q++ = '\0';
3958 n2 = q;
3959
3960 while (*q != '\0') {
3961 if (*q == '[') {
3962 fr_strerror_const("Invalid reference, '[' cannot be used inside of a '[...]' block");
3963 return NULL;
3964 }
3965
3966 if (*q != ']') {
3967 q++;
3968 continue;
3969 }
3970
3971 /*
3972 * We've found the trailing ']'
3973 */
3974 *q++ = '\0';
3975
3976 /*
3977 * "name2]"
3978 */
3979 if (!*q) break;
3980
3981 /*
3982 * Must be "name2]."
3983 */
3984 if (*q++ == '.') break;
3985
3986 fr_strerror_const("Invalid reference, ']' is not followed by '.'");
3987 return NULL;
3988 }
3989
3990 /*
3991 * "name1[name2", but not "name1[name2]"
3992 *
3993 * The inner loop exited because it found *q == '\0',
3994 * meaning that the closing ']' was never found.
3995 */
3996 if (!*q) {
3997 fr_strerror_printf("Invalid reference after '%s', missing close ']'", n1);
3998 return NULL;
3999 }
4000
4001 break;
4002 }
4003 p = q; /* get it ready for the next round */
4004
4005 /*
4006 * End of the string. The thing could be a section with
4007 * two names, a section with one name, or a pair.
4008 *
4009 * And if we don't find the thing we're looking for here,
4010 * check the template section.
4011 */
4012 if (!*p) {
4013 /*
4014 * Two names, must be a section.
4015 */
4016 if (n2) {
4017 next = cf_section_find(cs, n1, n2);
4018 if (!next && cs->template) next = cf_section_find(cs->template, n1, n2);
4019 if (next) return &(next->item);
4020
4021 fail:
4022 name2 = cf_section_name2(cs);
4023 fr_strerror_printf("Parent section %s%s%s { ... } does not contain a %s %s { ... } configuration section",
4024 cf_section_name1(cs),
4025 name2 ? " " : "", name2 ? name2 : "",
4026 n1, n2);
4027 return NULL;
4028 }
4029
4030 /*
4031 * One name, the final thing can be a section or a pair.
4032 */
4033 next = cf_section_find(cs, n1, NULL);
4034 if (!next && cs->template) next = cf_section_find(cs->template, n1, NULL);
4035
4036 if (next) return &(next->item);
4037
4038 cp = cf_pair_find(cs, n1);
4039 if (!cp && cs->template) cp = cf_pair_find(cs->template, n1);
4040 if (cp) return &(cp->item);
4041
4042 name2 = cf_section_name2(cs);
4043 fr_strerror_printf("Parent section %s%s%s { ... } does not contain a %s configuration item",
4044 cf_section_name1(cs),
4045 name2 ? " " : "", name2 ? name2 : "",
4046 n1);
4047 return NULL;
4048 }
4049
4050 /*
4051 * There's more to the string. The thing we're looking
4052 * for MUST be a configuration section.
4053 */
4054 next = cf_section_find(cs, n1, n2);
4055 if (!next && cs->template) next = cf_section_find(cs->template, n1, n2);
4056 if (next) {
4057 cs = next;
4058 continue;
4059 }
4060
4061 if (n2) goto fail;
4062
4063 name2 = cf_section_name2(cs);
4064 fr_strerror_printf("Parent section %s%s%s { ... } does not contain a %s { ... } configuration section",
4065 cf_section_name1(cs),
4066 name2 ? " " : "", name2 ? name2 : "",
4067 n1);
4068 return NULL;
4069 }
4070
4071 /*
4072 * We've fallen off of the end of the string. This should not have happened!
4073 */
4074 fr_strerror_const("Cannot parse reference");
4075 return NULL;
4076}
4077
4078/*
4079 * Only for unit_test_map
4080 */
4081void cf_section_set_unlang(CONF_SECTION *cs)
4082{
4083 fr_assert(cs->unlang == CF_UNLANG_NONE);
4084 fr_assert(!cs->item.parent);
4085
4086 cs->unlang = CF_UNLANG_ALLOW;
4087}
buffer
static int const char char buffer[256]
Definition acutest.h:576
file
int const char * file
Definition acutest.h:702
strcpy
strcpy(log_entry->msg, buffer)
UNCONST
#define UNCONST(_type, _ptr)
Remove const qualification from a pointer.
Definition build.h:186
RCSID
#define RCSID(id)
Definition build.h:506
L
#define L(_str)
Helper for initialising arrays of string literals.
Definition build.h:228
FALL_THROUGH
#define FALL_THROUGH
clang 10 doesn't recognised the FALL-THROUGH comment anymore
Definition build.h:343
CMP_RETURN
#define CMP_RETURN(_a, _b, _field)
Return if the comparison is not 0 (is unequal)
Definition build.h:122
CMP
#define CMP(_a, _b)
Same as CMP_PREFER_SMALLER use when you don't really care about ordering, you just want an ordering.
Definition build.h:113
UNUSED
#define UNUSED
Definition build.h:336
NUM_ELEMENTS
#define NUM_ELEMENTS(_t)
Definition build.h:358
cf_stack_frame_t::current
CONF_SECTION * current
sub-section we're reading
Definition cf_file.c:134
cf_stack_frame_t::type
cf_stack_file_t type
Definition cf_file.c:107
cf_template_merge
static bool cf_template_merge(CONF_SECTION *cs, CONF_SECTION const *template)
Definition cf_file.c:489
parse_input
static int parse_input(cf_stack_t *stack)
Definition cf_file.c:2361
cf_stack_t::fill
char * fill
where we start filling the buffer from
Definition cf_file.c:152
cf_section_set_unlang
void cf_section_set_unlang(CONF_SECTION *cs)
Definition cf_file.c:4081
conf_property
conf_property
Definition cf_file.c:65
CONF_PROPERTY_NAME
@ CONF_PROPERTY_NAME
Definition cf_file.c:67
CONF_PROPERTY_INSTANCE
@ CONF_PROPERTY_INSTANCE
Definition cf_file.c:68
CONF_PROPERTY_INVALID
@ CONF_PROPERTY_INVALID
Definition cf_file.c:66
unlang_keywords_len
static int unlang_keywords_len
Definition cf_file.c:2357
server_unlang_section
static fr_table_num_sorted_t const server_unlang_section[]
Definition cf_file.c:77
check_config
bool check_config
Definition cf_file.c:61
cf_file_heap_t::heap_id
fr_heap_index_t heap_id
Definition cf_file.c:1106
frame_readdir
static int frame_readdir(cf_stack_t *stack)
Definition cf_file.c:3268
process_map
static CONF_ITEM * process_map(cf_stack_t *stack)
Definition cf_file.c:1640
process_foreach
static CONF_ITEM * process_foreach(cf_stack_t *stack)
Definition cf_file.c:2012
add_pair
static int add_pair(CONF_SECTION *parent, char const *attr, char const *value, fr_token_t name1_token, fr_token_t op_token, fr_token_t value_token, char *buff, char const *filename, int lineno)
Definition cf_file.c:2197
cf_md5_init
void cf_md5_init(void)
Definition cf_file.c:3305
RULES_VERIFY
#define RULES_VERIFY(_cs, _rules)
Definition cf_file.c:175
cf_expand_variables
char const * cf_expand_variables(char const *cf, int lineno, CONF_SECTION *outer_cs, char *output, size_t outsize, char const *input, ssize_t inlen, bool *soft_fail, bool soft_fail_env)
Definition cf_file.c:183
cf_stack_frame_t::braces
int braces
Definition cf_file.c:137
parse_type_name
static int parse_type_name(cf_stack_t *stack, char const **ptr_p, char const *type_ptr, fr_type_t *type_p)
Definition cf_file.c:1961
cf_stack_cleanup
static void cf_stack_cleanup(cf_stack_t *stack)
Definition cf_file.c:3614
cf_tmpl_rules_verify
static int cf_tmpl_rules_verify(CONF_SECTION *cs, tmpl_rules_t const *rules)
Definition cf_file.c:157
cf_stack_t::depth
int depth
stack depth
Definition cf_file.c:150
cf_file_check_unix_perm
cf_file_check_err_t cf_file_check_unix_perm(char const *filename, UNUSED void *uctx)
Check if file exists, and is a socket.
Definition cf_file.c:833
terminal_end_line
static const bool terminal_end_line[SBUFF_CHAR_CLASS]
Definition cf_file.c:1461
cf_file_open
static int cf_file_open(CONF_SECTION *cs, char const *filename, bool from_dir, FILE **fp_p)
Definition cf_file.c:574
cf_file_read
int cf_file_read(CONF_SECTION *cs, char const *filename, bool root)
Definition cf_file.c:3648
cf_md5_ctx
static fr_md5_ctx_t * cf_md5_ctx
Definition cf_file.c:3303
filename_cmp
static int8_t filename_cmp(void const *one, void const *two)
Definition cf_file.c:1109
cf_section_write
int cf_section_write(FILE *fp, CONF_SECTION *cs, int depth)
Definition cf_file.c:3778
cf_stack_frame_t::lineno
int lineno
line in that filename
Definition cf_file.c:110
cf_stack_file_t
cf_stack_file_t
Definition cf_file.c:95
CF_STACK_FILE
@ CF_STACK_FILE
Definition cf_file.c:96
terminal_end_section
static const bool terminal_end_section[SBUFF_CHAR_CLASS]
Definition cf_file.c:1457
conf_property_name_len
static size_t conf_property_name_len
Definition cf_file.c:75
conf_property_name
static fr_table_num_sorted_t const conf_property_name[]
Definition cf_file.c:71
cf_section_pass2
int cf_section_pass2(CONF_SECTION *cs)
Definition cf_file.c:991
cf_stack_frame_t::from_dir
bool from_dir
this file was read from $include foo/
Definition cf_file.c:138
cf_string_write
static ssize_t cf_string_write(FILE *fp, char const *string, size_t len, fr_token_t t)
Definition cf_file.c:3729
parse_tabs
static char const parse_tabs[]
Definition cf_file.c:3727
cf_file_check
cf_file_check_err_t cf_file_check(CONF_PAIR *cp, bool check_perms)
Do some checks on the file as an "input" file.
Definition cf_file.c:929
cf_file_include
static int cf_file_include(cf_stack_t *stack)
Definition cf_file.c:3435
conf_check_uid
static uid_t conf_check_uid
Definition cf_file.c:62
conf_check_gid
static gid_t conf_check_gid
Definition cf_file.c:63
cf_process_func_t
CONF_ITEM *(* cf_process_func_t)(cf_stack_t *)
Definition cf_file.c:2359
cf_get_token
static int cf_get_token(CONF_SECTION *parent, char const **ptr_p, fr_token_t *token, char *buffer, size_t buflen, char const *filename, int lineno)
Definition cf_file.c:1055
_inode_cmp
static int8_t _inode_cmp(void const *one, void const *two)
Definition cf_file.c:565
cf_stack_frame_t::at_reference
CONF_SECTION * at_reference
was this thing an @foo ?
Definition cf_file.c:135
cf_file_check_open_read
cf_file_check_err_t cf_file_check_open_read(char const *filename, void *uctx)
Callback for cf_file_check to open a file and check permissions.
Definition cf_file.c:879
cf_file_fill
static int cf_file_fill(cf_stack_t *stack)
Definition cf_file.c:3330
cf_stack_t::ptr
char const * ptr
current parse pointer
Definition cf_file.c:151
cf_file_check_effective
cf_file_check_err_t cf_file_check_effective(char const *filename, cf_file_check_err_t(*cb)(char const *filename, void *uctx), void *uctx)
Perform an operation with the effect/group set to conf_check_gid and conf_check_uid.
Definition cf_file.c:700
cf_reference_item
CONF_ITEM * cf_reference_item(CONF_SECTION const *parent_cs, CONF_SECTION const *outer_cs, char const *ptr)
Definition cf_file.c:3843
cf_file_heap_t::filename
char const * filename
Definition cf_file.c:1105
process_subrequest
static CONF_ITEM * process_subrequest(cf_stack_t *stack)
Definition cf_file.c:1728
cf_file_check_set_uid_gid
void cf_file_check_set_uid_gid(uid_t uid, gid_t gid)
Set the euid/egid used when performing file checks.
Definition cf_file.c:685
CONF_PROPERTY
enum conf_property CONF_PROPERTY
unlang_keywords
static fr_table_ptr_sorted_t unlang_keywords[]
Definition cf_file.c:2348
cf_stack_t::buff
char ** buff
buffers for reading / parsing
Definition cf_file.c:148
cf_stack_frame_t::parent
CONF_SECTION * parent
which started this file
Definition cf_file.c:133
process_template
static int process_template(cf_stack_t *stack)
Definition cf_file.c:1400
cf_stack_t::bufsize
size_t bufsize
size of the buffers
Definition cf_file.c:149
cf_pair_write
static int cf_pair_write(FILE *fp, CONF_PAIR *cp)
Definition cf_file.c:3762
server_unlang_section_len
static size_t server_unlang_section_len
Definition cf_file.c:93
cf_md5_final
void cf_md5_final(uint8_t *digest)
Definition cf_file.c:3318
process_include
static int process_include(cf_stack_t *stack, CONF_SECTION *parent, char const *ptr, bool required, bool relative)
Definition cf_file.c:1120
process_if
static CONF_ITEM * process_if(cf_stack_t *stack)
Definition cf_file.c:1473
cf_md5_update
static void cf_md5_update(char const *p)
Definition cf_file.c:3311
cf_file_free
void cf_file_free(CONF_SECTION *cs)
Definition cf_file.c:3722
cf_local_file
static char const * cf_local_file(char const *base, char const *filename, char *buffer, size_t bufsize)
Definition cf_file.c:1026
MAX_STACK
#define MAX_STACK
Definition cf_file.c:105
process_catch
static CONF_ITEM * process_catch(cf_stack_t *stack)
Definition cf_file.c:1849
cf_file_check_unix_connect
cf_file_check_err_t cf_file_check_unix_connect(char const *filename, UNUSED void *uctx)
Check if we can connect to a unix socket.
Definition cf_file.c:760
cf_stack_frame_t::filename
char const * filename
filename we're reading
Definition cf_file.c:109
process_switch
static CONF_ITEM * process_switch(cf_stack_t *stack)
Definition cf_file.c:2256
parse_error
static int parse_error(cf_stack_t *stack, char const *ptr, char const *message)
Definition cf_file.c:1941
cf_file_heap_t
Definition cf_file.c:1104
cf_stack_frame_t
Definition cf_file.c:106
cf_stack_t
Definition cf_file.c:147
cf_file_check_err_t
cf_file_check_err_t
Results of file checks.
Definition cf_file.h:45
CF_FILE_OK
@ CF_FILE_OK
File checks passed.
Definition cf_file.h:46
CF_FILE_NO_PERMISSION
@ CF_FILE_NO_PERMISSION
Requested permissions not set.
Definition cf_file.h:47
CF_FILE_NO_UNIX_SOCKET
@ CF_FILE_NO_UNIX_SOCKET
File is not a unix socket.
Definition cf_file.h:49
CF_FILE_OTHER_ERROR
@ CF_FILE_OTHER_ERROR
Other error occurred checking permissions.
Definition cf_file.h:50
CF_FILE_NO_EXIST
@ CF_FILE_NO_EXIST
File does not exist.
Definition cf_file.h:48
conf_parser_s::on_read
cf_parse_t on_read
Function to call as the item is being read, just after it has been allocated and initialized.
Definition cf_parse.h:614
conf_parser_s
Defines a CONF_PAIR to C data type mapping.
Definition cf_parse.h:594
cf_file_t::cs
CONF_SECTION * cs
CONF_SECTION associated with the file.
Definition cf_priv.h:139
cf_section::item
CONF_ITEM item
Common set of fields.
Definition cf_priv.h:102
cf_item::parent
CONF_ITEM * parent
Parent.
Definition cf_priv.h:56
cf_section::name2_quote
fr_token_t name2_quote
The type of quoting around name2.
Definition cf_priv.h:107
cf_section::name2
char const * name2
Second name token. Given foo bar {} would be bar.
Definition cf_priv.h:105
cf_section::allow_locals
bool allow_locals
allow local variables
Definition cf_priv.h:116
cf_section::argc
int argc
number of additional arguments
Definition cf_priv.h:109
cf_pair::attr
char const * attr
Attribute name.
Definition cf_priv.h:75
cf_item::referenced
bool referenced
Was this item referenced in the config?
Definition cf_priv.h:64
cf_pair::rhs_quote
fr_token_t rhs_quote
Value Quoting style T_(DOUBLE|SINGLE|BACK)_QUOTE_STRING or T_BARE_WORD.
Definition cf_priv.h:80
cf_pair::value
char const * value
Attribute value.
Definition cf_priv.h:76
cf_item_foreach
#define cf_item_foreach(_ci, _iter)
Iterate over the contents of a list.
Definition cf_priv.h:150
cf_section::unlang
cf_unlang_t unlang
Definition cf_priv.h:115
cf_section::name1
char const * name1
First name token. Given foo bar {} would be foo.
Definition cf_priv.h:104
CF_UNLANG_MODULES
@ CF_UNLANG_MODULES
this section is in "modules", allow unlang 2 down
Definition cf_priv.h:91
CF_UNLANG_NONE
@ CF_UNLANG_NONE
no unlang
Definition cf_priv.h:87
CF_UNLANG_CAN_HAVE_UPDATE
@ CF_UNLANG_CAN_HAVE_UPDATE
can have "update"
Definition cf_priv.h:95
CF_UNLANG_ALLOW
@ CF_UNLANG_ALLOW
allow unlang in this section
Definition cf_priv.h:88
CF_UNLANG_POLICY
@ CF_UNLANG_POLICY
this section is a policy, allow unlang 2 down
Definition cf_priv.h:90
CF_UNLANG_ASSIGNMENT
@ CF_UNLANG_ASSIGNMENT
only assignments inside of map / update
Definition cf_priv.h:93
CF_UNLANG_EDIT
@ CF_UNLANG_EDIT
only edit commands
Definition cf_priv.h:92
CF_UNLANG_DICTIONARY
@ CF_UNLANG_DICTIONARY
only local variable definitions
Definition cf_priv.h:94
CF_UNLANG_SERVER
@ CF_UNLANG_SERVER
this section is a virtual server, allow unlang 2 down
Definition cf_priv.h:89
cf_section::argv_quote
fr_token_t * argv_quote
Definition cf_priv.h:111
cf_pair::op
fr_token_t op
Operator e.g. =, :=.
Definition cf_priv.h:78
cf_pair::item
CONF_ITEM item
Common set of fields.
Definition cf_priv.h:73
cf_pair::pass2
bool pass2
do expansion in pass2.
Definition cf_priv.h:82
cf_item::filename
char const * filename
The file the config item was parsed from.
Definition cf_priv.h:66
cf_file_t::buf
struct stat buf
stat about the file
Definition cf_priv.h:140
cf_section::at_reference
bool at_reference
this thing was created from an ...
Definition cf_priv.h:117
cf_section::template
CONF_SECTION * template
Definition cf_priv.h:119
cf_file_t::filename
char const * filename
name of the file
Definition cf_priv.h:138
CONF_ITEM_PAIR
@ CONF_ITEM_PAIR
Definition cf_priv.h:41
CONF_ITEM_SECTION
@ CONF_ITEM_SECTION
Definition cf_priv.h:42
cf_section::argv
char const ** argv
additional arguments
Definition cf_priv.h:110
cf_pair::lhs_quote
fr_token_t lhs_quote
Name quoting style T_(DOUBLE|SINGLE|BACK)_QUOTE_STRING or T_BARE_WORD.
Definition cf_priv.h:79
cf_item::lineno
int lineno
The line number the config item began on.
Definition cf_priv.h:65
cf_item::type
CONF_ITEM_TYPE type
Whether the config item is a config_pair, conf_section or cf_data.
Definition cf_priv.h:61
cf_data
Internal data that is associated with a configuration section.
Definition cf_priv.h:125
cf_file_t
Definition cf_priv.h:136
cf_item
Common header for all CONF_* types.
Definition cf_priv.h:49
cf_pair
Configuration AVP similar to a fr_pair_t.
Definition cf_priv.h:72
cf_section
A section grouping multiple CONF_PAIR.
Definition cf_priv.h:101
cf_pair_dup
CONF_PAIR * cf_pair_dup(CONF_SECTION *parent, CONF_PAIR *cp, bool copy_meta)
Duplicate a CONF_PAIR.
Definition cf_util.c:1308
cf_section_name2
char const * cf_section_name2(CONF_SECTION const *cs)
Return the second identifier of a CONF_SECTION.
Definition cf_util.c:1184
cf_data_value
void * cf_data_value(CONF_DATA const *cd)
Return the user assigned value of CONF_DATA.
Definition cf_util.c:1743
cf_section_to_item
CONF_ITEM * cf_section_to_item(CONF_SECTION const *cs)
Cast a CONF_SECTION to a CONF_ITEM.
Definition cf_util.c:737
cf_pair_alloc
CONF_PAIR * cf_pair_alloc(CONF_SECTION *parent, char const *attr, char const *value, fr_token_t op, fr_token_t lhs_quote, fr_token_t rhs_quote)
Allocate a CONF_PAIR.
Definition cf_util.c:1266
cf_section_name1
char const * cf_section_name1(CONF_SECTION const *cs)
Return the first identifier of a CONF_SECTION.
Definition cf_util.c:1170
cf_section_find
CONF_SECTION * cf_section_find(CONF_SECTION const *cs, char const *name1, char const *name2)
Find a CONF_SECTION with name1 and optionally name2.
Definition cf_util.c:1027
cf_item_to_section
CONF_SECTION * cf_item_to_section(CONF_ITEM const *ci)
Cast a CONF_ITEM to a CONF_SECTION.
Definition cf_util.c:683
cf_pair_find
CONF_PAIR * cf_pair_find(CONF_SECTION const *cs, char const *attr)
Search for a CONF_PAIR with a specific name.
Definition cf_util.c:1419
cf_item_is_section
bool cf_item_is_section(CONF_ITEM const *ci)
Determine if CONF_ITEM is a CONF_SECTION.
Definition cf_util.c:617
cf_section_dup
CONF_SECTION * cf_section_dup(TALLOC_CTX *ctx, CONF_SECTION *parent, CONF_SECTION const *cs, char const *name1, char const *name2, bool copy_meta)
Duplicate a configuration section.
Definition cf_util.c:927
cf_item_to_pair
CONF_PAIR * cf_item_to_pair(CONF_ITEM const *ci)
Cast a CONF_ITEM to a CONF_PAIR.
Definition cf_util.c:663
cf_pair_value
char const * cf_pair_value(CONF_PAIR const *pair)
Return the value of a CONF_PAIR.
Definition cf_util.c:1574
cf_pair_to_item
CONF_ITEM * cf_pair_to_item(CONF_PAIR const *cp)
Cast a CONF_PAIR to a CONF_ITEM.
Definition cf_util.c:721
cf_log_err
#define cf_log_err(_cf, _fmt,...)
Definition cf_util.h:285
cf_lineno
#define cf_lineno(_cf)
Definition cf_util.h:101
cf_data_add
#define cf_data_add(_cf, _data, _name, _free)
Definition cf_util.h:251
cf_data_find
#define cf_data_find(_cf, _type, _name)
Definition cf_util.h:240
cf_lineno_set
#define cf_lineno_set(_ci, _lineno)
Definition cf_util.h:128
cf_root
#define cf_root(_cf)
Definition cf_util.h:95
cf_parent
#define cf_parent(_cf)
Definition cf_util.h:98
cf_canonicalize_error
#define cf_canonicalize_error(_ci, _slen, _msg, _str)
Definition cf_util.h:363
cf_log_perr
#define cf_log_perr(_cf, _fmt,...)
Definition cf_util.h:292
cf_section_find_parent
#define cf_section_find_parent(_cf, _name1, _name2)
Definition cf_util.h:178
cf_section_alloc
#define cf_section_alloc(_ctx, _parent, _name1, _name2)
Definition cf_util.h:143
CF_TO_ITEM
#define CF_TO_ITEM(_cf)
Auto cast from the input type to CONF_ITEM (which is the base type)
Definition cf_util.h:62
cf_filename_set
#define cf_filename_set(_ci, _filename)
Definition cf_util.h:125
cf_log_warn
#define cf_log_warn(_cf, _fmt,...)
Definition cf_util.h:286
cf_log_debug
#define cf_log_debug(_cf, _fmt,...)
Definition cf_util.h:288
fr_cond_assert_msg
#define fr_cond_assert_msg(_x, _fmt,...)
Calls panic_action ifndef NDEBUG, else logs error and evaluates to value of _x.
Definition debug.h:158
MEM
#define MEM(x)
Definition debug.h:46
ERROR
#define ERROR(fmt,...)
Definition dhcpclient.c:40
fr_dict_root
fr_dict_attr_t const * fr_dict_root(fr_dict_t const *dict)
Return the root attribute of a dictionary.
Definition dict_util.c:2665
fr_dict_internal
fr_dict_t const * fr_dict_internal(void)
Definition dict_util.c:4928
value
Test enumeration values.
Definition dict_test.h:92
fr_heap_insert
int fr_heap_insert(fr_heap_t **hp, void *data)
Insert a new element into the heap.
Definition heap.c:146
fr_heap_pop
void * fr_heap_pop(fr_heap_t **hp)
Remove a node from the heap.
Definition heap.c:325
fr_heap_index_t
unsigned int fr_heap_index_t
Definition heap.h:80
fr_heap_alloc
#define fr_heap_alloc(_ctx, _cmp, _type, _field, _init)
Creates a heap that can be used with non-talloced elements.
Definition heap.h:100
FR_HEAP_INDEX_INVALID
#define FR_HEAP_INDEX_INVALID
Definition heap.h:83
fr_heap_t
The main heap structure.
Definition heap.h:66
talloc_free
talloc_free(hp)
PERROR
#define PERROR(_fmt,...)
Definition log.h:228
fr_dirfd
int fr_dirfd(int *dirfd, char const **filename, char const *pathname)
From a pathname, return fd and filename needed for *at() functions.
Definition file.c:411
fr_canonicalize_error
void fr_canonicalize_error(TALLOC_CTX *ctx, char **sp, char **text, ssize_t slen, char const *fmt)
Canonicalize error strings, removing tabs, and generate spaces for error marker.
Definition log.c:87
stack
static char * stack[MAX_STACK]
Definition radmin.c:158
fr_md5_final
#define fr_md5_final(_out, _ctx)
Finalise the ctx, producing the digest.
Definition md5.h:90
fr_md5_ctx_alloc
#define fr_md5_ctx_alloc()
Allocation function for MD5 digest context.
Definition md5.h:68
fr_md5_ctx_t
void fr_md5_ctx_t
Definition md5.h:25
fr_md5_update
#define fr_md5_update(_ctx, _in, _inlen)
Ingest plaintext into the digest.
Definition md5.h:83
fr_md5_ctx_free
#define fr_md5_ctx_free(_ctx)
Free function for MD5 digest ctx.
Definition md5.h:75
MD5_DIGEST_LENGTH
#define MD5_DIGEST_LENGTH
Definition merged_model.c:242
fr_type_t
fr_type_t
Definition merged_model.c:80
FR_TYPE_TLV
@ FR_TYPE_TLV
Contains nested attributes.
Definition merged_model.c:118
FR_TYPE_MAX
@ FR_TYPE_MAX
Number of defined data types.
Definition merged_model.c:130
FR_TYPE_NULL
@ FR_TYPE_NULL
Invalid (uninitialised) attribute type.
Definition merged_model.c:81
FR_TYPE_VALUE_BOX
@ FR_TYPE_VALUE_BOX
A boxed value.
Definition merged_model.c:125
FR_TYPE_VOID
@ FR_TYPE_VOID
User data.
Definition merged_model.c:127
FR_TYPE_GROUP
@ FR_TYPE_GROUP
A grouping of other attributes.
Definition merged_model.c:124
ssize_t
long int ssize_t
Definition merged_model.c:24
uint8_t
unsigned char uint8_t
Definition merged_model.c:30
fr_dict_t
Definition merged_model.c:198
depth
static uint8_t depth(fr_minmax_heap_index_t i)
Definition minmax_heap.c:83
strncasecmp
int strncasecmp(char *s1, char *s2, int n)
Definition missing.c:35
fr_perm_file_error
void fr_perm_file_error(int num)
Write a file access error to the fr_strerror buffer, including euid/egid.
Definition perm.c:533
fr_snprint
size_t fr_snprint(char *out, size_t outlen, char const *in, ssize_t inlen, char quote)
Escape any non printable or non-UTF8 characters in the input string.
Definition print.c:237
fr_assert
#define fr_assert(_expr)
Definition rad_assert.h:37
DEBUG2
#define DEBUG2(fmt,...)
Definition radclient-ng.h:43
WARN
#define WARN(fmt,...)
Definition radclient-ng.h:47
spaces
static const char * spaces
Definition radict.c:177
fr_rb_find
void * fr_rb_find(fr_rb_tree_t const *tree, void const *data)
Find an element in the tree, returning the data, not the node.
Definition rb.c:577
fr_rb_insert
bool fr_rb_insert(fr_rb_tree_t *tree, void const *data)
Insert data into a tree.
Definition rb.c:626
fr_rb_inline_talloc_alloc
#define fr_rb_inline_talloc_alloc(_ctx, _type, _field, _data_cmp, _data_free)
Allocs a red black that verifies elements are of a specific talloc type.
Definition rb.h:244
fr_rb_tree_s
The main red black tree structure.
Definition rb.h:71
RLM_MODULE_NUMCODES
@ RLM_MODULE_NUMCODES
How many valid return codes there are.
Definition rcode.h:57
request_attr_request
fr_dict_attr_t const * request_attr_request
Definition request.c:43
name
static char const * name
Definition rlm_redis_ippool_tool.c:156
SBUFF_CHAR_CLASS
#define SBUFF_CHAR_CLASS
Definition sbuff.h:203
FR_SBUFF_OUT
#define FR_SBUFF_OUT(_start, _len_or_end)
tmpl_rules_s::at_runtime
bool at_runtime
Produce an ephemeral/runtime tmpl.
Definition tmpl.h:348
tmpl_preparse
ssize_t tmpl_preparse(char const **out, size_t *outlen, char const *in, size_t inlen, fr_token_t *type))
Preparse a string in preparation for passing it to tmpl_afrom_substr()
Definition tmpl_tokenize.c:5436
tmpl_rules_s::attr
tmpl_attr_rules_t attr
Rules/data for parsing attribute references.
Definition tmpl.h:339
tmpl_rules_t
struct tmpl_rules_s tmpl_rules_t
Definition tmpl.h:233
tmpl_rules_s
Optional arguments passed to vp_tmpl functions.
Definition tmpl.h:336
buff
static char buff[sizeof("18446744073709551615")+3]
Definition size_tests.c:41
fr_skip_condition
ssize_t fr_skip_condition(char const *start, char const *end, bool const terminal[static SBUFF_CHAR_CLASS], bool *eol)
Skip a conditional expression.
Definition skip.c:285
fr_skip_xlat
ssize_t fr_skip_xlat(char const *start, char const *end)
Skip an xlat expression.
Definition skip.c:216
fr_skip_whitespace
#define fr_skip_whitespace(_p)
Skip whitespace ('\t', '\n', '\v', '\f', '\r', ' ')
Definition skip.h:36
snprintf
PUBLIC int snprintf(char *string, size_t length, char *format, va_alist)
Definition snprintf.c:689
type
fr_aka_sim_id_type_t type
Definition state_machine.c:3648
strlcpy
size_t strlcpy(char *dst, char const *src, size_t siz)
Definition strlcpy.c:34
tmpl_attr_rules_s::dict_def
fr_dict_t const * dict_def
Default dictionary to use with unqualified attribute references.
Definition tmpl.h:273
tmpl_attr_rules_s::allow_foreign
unsigned int allow_foreign
Allow arguments not found in dict_def.
Definition tmpl.h:314
fr_syserror
char const * fr_syserror(int num)
Guaranteed to be thread-safe version of strerror.
Definition syserror.c:243
fr_table_value_by_longest_prefix
#define fr_table_value_by_longest_prefix(_match_len, _table, _name, _name_len, _def)
Find the longest string match using a sorted or ordered table.
Definition table.h:732
fr_table_value_by_str
#define fr_table_value_by_str(_table, _name, _def)
Convert a string to a value using a sorted or ordered table.
Definition table.h:653
fr_table_str_by_value
#define fr_table_str_by_value(_table, _number, _def)
Convert an integer to a string.
Definition table.h:772
fr_table_num_sorted_t
An element in a lexicographically sorted array of name to num mappings.
Definition table.h:49
fr_table_ptr_sorted_t
An element in a lexicographically sorted array of name to ptr mappings.
Definition table.h:65
talloc_strndup
#define talloc_strndup(_ctx, _str, _len)
Definition talloc.h:143
talloc_const_free
static int talloc_const_free(void const *ptr)
Free const'd memory.
Definition talloc.h:253
talloc_strdup
#define talloc_strdup(_ctx, _str)
Definition talloc.h:142
talloc_strlen
static size_t talloc_strlen(char const *s)
Returns the length of a talloc array containing a string.
Definition talloc.h:136
fr_assignment_op
const bool fr_assignment_op[T_TOKEN_LAST]
Definition token.c:170
fr_list_assignment_op
const bool fr_list_assignment_op[T_TOKEN_LAST]
Definition token.c:187
gettoken
fr_token_t gettoken(char const **ptr, char *buf, int buflen, bool unescape)
Definition token.c:470
fr_tokens_table
fr_table_num_ordered_t const fr_tokens_table[]
Definition token.c:33
fr_str_tok
const bool fr_str_tok[T_TOKEN_LAST]
Definition token.c:233
getword
int getword(char const **ptr, char *buf, int buflen, bool unescape)
Definition token.c:461
fr_token_t
enum fr_token fr_token_t
T_OP_SUB_EQ
@ T_OP_SUB_EQ
Definition token.h:68
T_INVALID
@ T_INVALID
Definition token.h:37
T_OP_DIV_EQ
@ T_OP_DIV_EQ
Definition token.h:70
T_EOL
@ T_EOL
Definition token.h:38
T_SINGLE_QUOTED_STRING
@ T_SINGLE_QUOTED_STRING
Definition token.h:120
T_OP_AND_EQ
@ T_OP_AND_EQ
Definition token.h:72
T_OP_CMP_TRUE
@ T_OP_CMP_TRUE
Definition token.h:102
T_BARE_WORD
@ T_BARE_WORD
Definition token.h:118
T_OP_EQ
@ T_OP_EQ
Definition token.h:81
T_OP_MUL_EQ
@ T_OP_MUL_EQ
Definition token.h:69
T_BACK_QUOTED_STRING
@ T_BACK_QUOTED_STRING
Definition token.h:121
T_HASH
@ T_HASH
Definition token.h:117
T_OP_SET
@ T_OP_SET
Definition token.h:82
T_OP_NE
@ T_OP_NE
Definition token.h:95
T_OP_ADD_EQ
@ T_OP_ADD_EQ
Definition token.h:67
T_OP_CMP_FALSE
@ T_OP_CMP_FALSE
Definition token.h:103
T_OP_LSHIFT_EQ
@ T_OP_LSHIFT_EQ
Definition token.h:75
T_OP_RSHIFT_EQ
@ T_OP_RSHIFT_EQ
Definition token.h:74
T_DOUBLE_QUOTED_STRING
@ T_DOUBLE_QUOTED_STRING
Definition token.h:119
T_OP_CMP_EQ
@ T_OP_CMP_EQ
Definition token.h:104
T_OP_LE
@ T_OP_LE
Definition token.h:98
T_OP_GE
@ T_OP_GE
Definition token.h:96
T_OP_GT
@ T_OP_GT
Definition token.h:97
T_OP_OR_EQ
@ T_OP_OR_EQ
Definition token.h:71
T_OP_LT
@ T_OP_LT
Definition token.h:99
T_OP_PREPEND
@ T_OP_PREPEND
Definition token.h:83
parent
static fr_slen_t parent
Definition pair.h:858
fr_strerror
char const * fr_strerror(void)
Get the last library error.
Definition strerror.c:553
fr_strerror_clear
void fr_strerror_clear(void)
Clears all pending messages from the talloc pools.
Definition strerror.c:576
fr_strerror_printf
#define fr_strerror_printf(_fmt,...)
Log to thread local error buffer.
Definition strerror.h:64
fr_strerror_printf_push
#define fr_strerror_printf_push(_fmt,...)
Add a message to an existing stack of messages at the tail.
Definition strerror.h:84
fr_strerror_const
#define fr_strerror_const(_msg)
Definition strerror.h:223
fr_type_table
fr_table_num_ordered_t const fr_type_table[]
Map data types to names representing those types.
Definition types.c:31
fr_type_is_leaf
#define fr_type_is_leaf(_x)
Definition types.h:393
fr_type_to_str
static char const * fr_type_to_str(fr_type_t type)
Return a static string containing the type name.
Definition types.h:454
fr_type_from_str
static fr_type_t fr_type_from_str(char const *type)
Return the constant value representing a type.
Definition types.h:464
inlen
static size_t char fr_sbuff_t size_t inlen
Definition value.h:1030
out
static size_t char ** out
Definition value.h:1030
FR_VALUE_BOX_SAFE_FOR_ANY
#define FR_VALUE_BOX_SAFE_FOR_ANY
Definition value.h:173
virtual_server_dict_by_child_ci
fr_dict_t const * virtual_server_dict_by_child_ci(CONF_ITEM const *ci)
Return the namespace for a given virtual server specified by a CONF_ITEM within the virtual server.
Definition virtual_servers.c:608
Generated by   doxygen 1.9.8