The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
cf_file.c
Go to the documentation of this file.
1/*
2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or
5 * (at your option) any later version.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17/**
18 * $Id: 1034482dc7a0dca2cbe034aba11ff9c91af20fdd $
19 * @file cf_file.c
20 * @brief Read the radiusd.conf file.
21 *
22 * @note Yep I should learn to use lex & yacc, or at least
23 * write a decent parser. I know how to do that, really :)
24 * miquels@cistron.nl
25 *
26 * @copyright 2017 Arran Cudbard-Bell (a.cudbardb@freeradius.org)
27 * @copyright 2000,2006 The FreeRADIUS server project
28 * @copyright 2000 Miquel van Smoorenburg (miquels@cistron.nl)
29 * @copyright 2000 Alan DeKok (aland@freeradius.org)
30 */
31RCSID("$Id: 1034482dc7a0dca2cbe034aba11ff9c91af20fdd $")
32
33#include <freeradius-devel/server/cf_file.h>
34#include <freeradius-devel/server/cf_priv.h>
35#include <freeradius-devel/server/log.h>
36#include <freeradius-devel/server/tmpl.h>
37#include <freeradius-devel/server/util.h>
38#include <freeradius-devel/server/virtual_servers.h>
39#include <freeradius-devel/util/debug.h>
40#include <freeradius-devel/util/file.h>
41#include <freeradius-devel/util/misc.h>
42#include <freeradius-devel/util/perm.h>
43#include <freeradius-devel/util/md5.h>
44#include <freeradius-devel/util/syserror.h>
45
46#include <sys/types.h>
47#include <sys/stat.h>
48#include <unistd.h>
49
50#ifdef HAVE_DIRENT_H
51# include <dirent.h>
52#endif
53
54#ifdef HAVE_GLOB_H
55# include <glob.h>
56#endif
57
58#ifdef HAVE_SYS_STAT_H
59# include <sys/stat.h>
60#endif
61
62#include <ctype.h>
63#include <fcntl.h>
64
65#include <freeradius-devel/server/main_config.h>
66
67bool check_config = false;
68static uid_t conf_check_uid = (uid_t)-1;
69static gid_t conf_check_gid = (gid_t)-1;
70
76
77static fr_table_num_sorted_t const conf_property_name[] = {
78 { L("instance"), CONF_PROPERTY_INSTANCE },
79 { L("name"), CONF_PROPERTY_NAME }
80};
81static size_t conf_property_name_len = NUM_ELEMENTS(conf_property_name);
82
83typedef enum {
84 CF_STACK_FILE = 0,
85#ifdef HAVE_DIRENT_H
86 CF_STACK_DIR,
87#endif
88#ifdef HAVE_GLOB_H
89 CF_STACK_GLOB
90#endif
91} cf_stack_file_t;
92
93#define MAX_STACK (32)
94typedef struct {
95 cf_stack_file_t type;
96
97 char const *filename; //!< filename we're reading
98 int lineno; //!< line in that filename
99
100 union {
101 struct {
102 FILE *fp; //!< FP we're reading
103 };
104
105#ifdef HAVE_DIRENT_H
106 struct {
107 fr_heap_t *heap; //!< sorted heap of files
108 char *directory; //!< directory name we're reading
109 };
110#endif
111
112#ifdef HAVE_GLOB_H
113 struct {
114 size_t gl_current;
115 glob_t glob; //! reading glob()
116 bool required;
117 };
118#endif
119 };
120
121 CONF_SECTION *parent; //!< which started this file
122 CONF_SECTION *current; //!< sub-section we're reading
123
124 int braces;
125 bool from_dir; //!< this file was read from $include foo/
126} cf_stack_frame_t;
127
128/*
129 * buff[0] is the data we read from the file
130 * buff[1] is name
131 * buff[2] is name2 OR value for pair
132 * buff[3] is a temporary buffer
133 */
134typedef struct {
135 char **buff; //!< buffers for reading / parsing
136 size_t bufsize; //!< size of the buffers
137 int depth; //!< stack depth
138 char const *ptr; //!< current parse pointer
139 char *fill; //!< where we start filling the buffer from
140 cf_stack_frame_t frame[MAX_STACK]; //!< stack frames
141} cf_stack_t;
142
143
144static inline CC_HINT(always_inline) int cf_tmpl_rules_verify(CONF_SECTION *cs, tmpl_rules_t const *rules)
145{
146 if (cf_section_find_parent(cs, "policy", NULL)) {
147 if (!fr_cond_assert_msg(!rules->attr.dict_def || (rules->attr.dict_def == fr_dict_internal()),
148 "Protocol dictionary must be NULL not %s",
149 fr_dict_root(rules->attr.dict_def)->name)) return -1;
150
151 } else {
152 if (!fr_cond_assert_msg(rules->attr.dict_def, "No protocol dictionary set")) return -1;
153 if (!fr_cond_assert_msg(rules->attr.dict_def != fr_dict_internal(), "rules->attr.dict_def must not be the internal dictionary")) return -1;
154 }
155
156 if (!fr_cond_assert_msg(!rules->attr.allow_foreign, "rules->allow_foreign must be false")) return -1;
157 if (!fr_cond_assert_msg(!rules->at_runtime, "rules->at_runtime must be false")) return -1;
158
159 return 0;
160}
161
162#define RULES_VERIFY(_cs, _rules) if (cf_tmpl_rules_verify(_cs, _rules) < 0) return NULL
163
164static ssize_t fr_skip_xlat(char const *start, char const *end);
165
166/*
167 * Expand the variables in an input string.
168 *
169 * Input and output should be two different buffers, as the
170 * output may be longer than the input.
171 */
172char const *cf_expand_variables(char const *cf, int lineno,
173 CONF_SECTION *outer_cs,
174 char *output, size_t outsize,
175 char const *input, ssize_t inlen, bool *soft_fail)
176{
177 char *p;
178 char const *end, *next, *ptr;
179 CONF_SECTION const *parent_cs;
180 char name[8192];
181
182 if (soft_fail) *soft_fail = false;
183
184 /*
185 * Find the master parent conf section.
186 * We can't use main_config->root_cs, because we're in the
187 * process of re-building it, and it isn't set up yet...
188 */
189 parent_cs = cf_root(outer_cs);
190
191 p = output;
192 ptr = input;
193
194 if (inlen < 0) {
195 end = NULL;
196 } else {
197 end = input + inlen;
198 }
199
200 /*
201 * Note that this CAN go over "end" if the input string
202 * is malformed. e.g. pass "${foo.bar}", and pass
203 * "inlen=5". Well, too bad.
204 */
205 while (*ptr && (!end || (ptr < end))) {
206 /*
207 * Ignore anything other than "${"
208 */
209 if ((*ptr == '$') && (ptr[1] == '{')) {
210 CONF_ITEM *ci;
211 CONF_PAIR *cp;
212 char *q;
213 ssize_t len;
214
215 len = fr_skip_xlat(ptr, end);
216 if (len <= 0) {
217 ERROR("%s[%d]: Failed parsing variable expansion '%s''",
218 cf, lineno, input);
219 return NULL;
220 }
221
222 next = ptr + len;
223 ptr += 2;
224
225 /*
226 * Can't really happen because input lines are
227 * capped at 8k, which is sizeof(name)
228 */
229 if ((size_t) len >= sizeof(name)) {
230 ERROR("%s[%d]: Reference string is too large",
231 cf, lineno);
232 return NULL;
233 }
234
235 memcpy(name, ptr, len - 3);
236 name[len - 3] = '\0';
237
238 /*
239 * Read configuration value from a file.
240 *
241 * Note that this is "read binary data", and the contents aren't stripped of
242 * CRLF.
243 */
244 if (name[0] == '/') {
245 int fd = open(name, O_RDONLY);
246 struct stat buf;
247
248 if (fd < 0) {
249 ERROR("%s[%d]: Reference \"${%s}\" failed opening file - %s", cf, lineno, name, fr_syserror(errno));
250 return NULL;
251 }
252
253 if (fstat(fd, &buf) < 0) {
254 fail_fd:
255 close(fd);
256 ERROR("%s[%d]: Reference \"${%s}\" failed reading file - %s", cf, lineno, name, fr_syserror(errno));
257 return NULL;
258 }
259
260 if (buf.st_size >= ((output + outsize) - p)) {
261 close(fd);
262 ERROR("%s[%d]: Reference \"${%s}\" file is too large (%zu >= %zu)", cf, lineno, name,
263 (size_t) buf.st_size, (size_t) ((output + outsize) - p));
264 return NULL;
265 }
266
267 len = read(fd, p, (output + outsize) - p);
268 if (len < 0) goto fail_fd;
269
270 close(fd);
271 p += len;
272 *p = '\0';
273 ptr = next;
274 goto check_eos;
275 }
276
277 q = strchr(name, ':');
278 if (q) {
279 *(q++) = '\0';
280 }
281
282 ci = cf_reference_item(parent_cs, outer_cs, name);
283 if (!ci) {
284 if (soft_fail) *soft_fail = true;
285 ERROR("%s[%d]: Reference \"${%s}\" not found", cf, lineno, name);
286 return NULL;
287 }
288
289 /*
290 * The expansion doesn't refer to another item or section
291 * it's the property of a section.
292 */
293 if (q) {
294 CONF_SECTION *find = cf_item_to_section(ci);
295
296 if (ci->type != CONF_ITEM_SECTION) {
297 ERROR("%s[%d]: Can only reference properties of sections", cf, lineno);
298 return NULL;
299 }
300
301 switch (fr_table_value_by_str(conf_property_name, q, CONF_PROPERTY_INVALID)) {
302 case CONF_PROPERTY_NAME:
303 strcpy(p, find->name1);
304 break;
305
306 case CONF_PROPERTY_INSTANCE:
307 strcpy(p, find->name2 ? find->name2 : find->name1);
308 break;
309
310 default:
311 ERROR("%s[%d]: Invalid property '%s'", cf, lineno, q);
312 return NULL;
313 }
314 p += strlen(p);
315 ptr = next;
316
317 } else if (ci->type == CONF_ITEM_PAIR) {
318 /*
319 * Substitute the value of the variable.
320 */
321 cp = cf_item_to_pair(ci);
322
323 /*
324 * If the thing we reference is
325 * marked up as being expanded in
326 * pass2, don't expand it now.
327 * Let it be expanded in pass2.
328 */
329 if (cp->pass2) {
330 if (soft_fail) *soft_fail = true;
331
332 ERROR("%s[%d]: Reference \"%s\" points to a variable which has not been expanded.",
333 cf, lineno, input);
334 return NULL;
335 }
336
337 if (!cp->value) {
338 ERROR("%s[%d]: Reference \"%s\" has no value",
339 cf, lineno, input);
340 return NULL;
341 }
342
343 if (p + strlen(cp->value) >= output + outsize) {
344 ERROR("%s[%d]: Reference \"%s\" is too long",
345 cf, lineno, input);
346 return NULL;
347 }
348
349 strcpy(p, cp->value);
350 p += strlen(p);
351 ptr = next;
352
353 } else if (ci->type == CONF_ITEM_SECTION) {
354 CONF_SECTION *subcs;
355
356 /*
357 * Adding an entry again to a
358 * section is wrong. We don't
359 * want an infinite loop.
360 */
361 if (cf_item_to_section(ci->parent) == outer_cs) {
362 ERROR("%s[%d]: Cannot reference different item in same section", cf, lineno);
363 return NULL;
364 }
365
366 /*
367 * Copy the section instead of
368 * referencing it.
369 */
370 subcs = cf_item_to_section(ci);
371 subcs = cf_section_dup(outer_cs, outer_cs, subcs,
372 cf_section_name1(subcs), cf_section_name2(subcs),
373 false);
374 if (!subcs) {
375 ERROR("%s[%d]: Failed copying reference %s", cf, lineno, name);
376 return NULL;
377 }
378
379 cf_filename_set(subcs, ci->filename);
380 cf_lineno_set(subcs, ci->lineno);
381
382 ptr = next;
383
384 } else {
385 ERROR("%s[%d]: Reference \"%s\" type is invalid", cf, lineno, input);
386 return NULL;
387 }
388 } else if (strncmp(ptr, "$ENV{", 5) == 0) {
389 char *env;
390
391 ptr += 5;
392
393 /*
394 * Look for trailing '}', and log a
395 * warning for anything that doesn't match,
396 * and exit with a fatal error.
397 */
398 next = strchr(ptr, '}');
399 if (next == NULL) {
400 *p = '\0';
401 ERROR("%s[%d]: Environment variable expansion missing }",
402 cf, lineno);
403 return NULL;
404 }
405
406 /*
407 * Can't really happen because input lines are
408 * capped at 8k, which is sizeof(name)
409 */
410 if ((size_t) (next - ptr) >= sizeof(name)) {
411 ERROR("%s[%d]: Environment variable name is too large",
412 cf, lineno);
413 return NULL;
414 }
415
416 memcpy(name, ptr, next - ptr);
417 name[next - ptr] = '\0';
418
419 /*
420 * Get the environment variable.
421 * If none exists, then make it an empty string.
422 */
423 env = getenv(name);
424 if (env == NULL) {
425 *name = '\0';
426 env = name;
427 }
428
429 if (p + strlen(env) >= output + outsize) {
430 ERROR("%s[%d]: Reference \"%s\" is too long",
431 cf, lineno, input);
432 return NULL;
433 }
434
435 strcpy(p, env);
436 p += strlen(p);
437 ptr = next + 1;
438
439 } else {
440 /*
441 * Copy it over verbatim.
442 */
443 *(p++) = *(ptr++);
444 }
445
446 check_eos:
447 if (p >= (output + outsize)) {
448 ERROR("%s[%d]: Reference \"%s\" is too long",
449 cf, lineno, input);
450 return NULL;
451 }
452 } /* loop over all of the input string. */
453
454 *p = '\0';
455
456 return output;
457}
458
459/*
460 * Merge the template so everything else "just works".
461 */
462static bool cf_template_merge(CONF_SECTION *cs, CONF_SECTION const *template)
463{
464 if (!cs || !template) return true;
465
466 cs->template = NULL;
467
468 /*
469 * Walk over the template, adding its' entries to the
470 * current section. But only if the entries don't
471 * already exist in the current section.
472 */
473 cf_item_foreach(&template->item, ci) {
474 if (ci->type == CONF_ITEM_PAIR) {
475 CONF_PAIR *cp1, *cp2;
476
477 /*
478 * It exists, don't over-write it.
479 */
480 cp1 = cf_item_to_pair(ci);
481 if (cf_pair_find(cs, cp1->attr)) {
482 continue;
483 }
484
485 /*
486 * Create a new pair with all of the data
487 * of the old one.
488 */
489 cp2 = cf_pair_dup(cs, cp1, true);
490 if (!cp2) return false;
491
492 cf_filename_set(cp2, cp1->item.filename);
493 cf_lineno_set(cp2, cp1->item.lineno);
494 continue;
495 }
496
497 if (ci->type == CONF_ITEM_SECTION) {
498 CONF_SECTION *subcs1, *subcs2;
499
500 subcs1 = cf_item_to_section(ci);
501 fr_assert(subcs1 != NULL);
502
503 subcs2 = cf_section_find(cs, subcs1->name1, subcs1->name2);
504 if (subcs2) {
505 /*
506 * sub-sections get merged.
507 */
508 if (!cf_template_merge(subcs2, subcs1)) {
509 return false;
510 }
511 continue;
512 }
513
514 /*
515 * Our section doesn't have a matching
516 * sub-section. Copy it verbatim from
517 * the template.
518 */
519 subcs2 = cf_section_dup(cs, cs, subcs1,
520 cf_section_name1(subcs1), cf_section_name2(subcs1),
521 false);
522 if (!subcs2) return false;
523
524 cf_filename_set(subcs2, subcs1->item.filename);
525 cf_lineno_set(subcs2, subcs1->item.lineno);
526 continue;
527 }
528
529 /* ignore everything else */
530 }
531
532 return true;
533}
534
535/*
536 * Functions for tracking files by inode
537 */
538static int8_t _inode_cmp(void const *one, void const *two)
539{
540 cf_file_t const *a = one, *b = two;
541
542 CMP_RETURN(a, b, buf.st_dev);
543
544 return CMP(a->buf.st_ino, b->buf.st_ino);
545}
546
547static int cf_file_open(CONF_SECTION *cs, char const *filename, bool from_dir, FILE **fp_p)
548{
549 cf_file_t *file;
550 CONF_SECTION *top;
551 fr_rb_tree_t *tree;
552 int fd = -1;
553 FILE *fp;
554
555 top = cf_root(cs);
556 tree = cf_data_value(cf_data_find(top, fr_rb_tree_t, "filename"));
557 fr_assert(tree);
558
559 /*
560 * If we're including a wildcard directory, then ignore
561 * any files the users has already explicitly loaded in
562 * that directory.
563 */
564 if (from_dir) {
565 cf_file_t my_file;
566 char const *r;
567 int my_fd;
568
569 my_file.cs = cs;
570 my_file.filename = filename;
571
572 /*
573 * Find and open the directory containing filename so we can use
574 * the "at"functions to avoid time of check/time of use insecurities.
575 */
576 if (fr_dirfd(&my_fd, &r, filename) < 0) {
577 ERROR("Failed to open directory containing %s", filename);
578 return -1;
579 }
580
581 if (fstatat(my_fd, r, &my_file.buf, 0) < 0) goto error;
582
583 file = fr_rb_find(tree, &my_file);
584
585 /*
586 * The file was previously read by including it
587 * explicitly. After it was read, we have a
588 * $INCLUDE of the directory it is in. In that
589 * case, we ignore the file.
590 *
591 * However, if the file WAS read from a wildcard
592 * $INCLUDE directory, then we read it again.
593 */
594 if (file && !file->from_dir) {
595 if (my_fd != AT_FDCWD) close(my_fd);
596 return 1;
597 }
598 fd = openat(my_fd, r, O_RDONLY, 0);
599 fp = (fd < 0) ? NULL : fdopen(fd, "r");
600 if (my_fd != AT_FDCWD) close(my_fd);
601 } else {
602 fp = fopen(filename, "r");
603 if (fp) fd = fileno(fp);
604 }
605
606 DEBUG2("including configuration file %s", filename);
607
608 if (!fp) {
609 error:
610 ERROR("Unable to open file \"%s\": %s", filename, fr_syserror(errno));
611 return -1;
612 }
613
614 MEM(file = talloc(tree, cf_file_t));
615
616 file->filename = talloc_strdup(file, filename); /* The rest of the code expects this to be a talloced buffer */
617 file->cs = cs;
618 file->from_dir = from_dir;
619
620 if (fstat(fd, &file->buf) == 0) {
621#ifdef S_IWOTH
622 if ((file->buf.st_mode & S_IWOTH) != 0) {
623 ERROR("Configuration file %s is globally writable. "
624 "Refusing to start due to insecure configuration.", filename);
625
626 fclose(fp);
627 talloc_free(file);
628 return -1;
629 }
630#endif
631 }
632
633 /*
634 * We can include the same file twice. e.g. when it
635 * contains common definitions, such as for SQL.
636 *
637 * Though the admin should really use templates for that.
638 */
639 if (!fr_rb_insert(tree, file)) talloc_free(file);
640
641 *fp_p = fp;
642 return 0;
643}
644
645/** Do some checks on the file as an "input" file. i.e. one read by a module.
646 *
647 * @note Must be called with super user privileges.
648 *
649 * @param cp currently being processed.
650 * @param check_perms If true - will return false if file is world readable,
651 * or not readable by the unprivileged user/group.
652 * @return
653 * - true if permissions are OK, or the file exists.
654 * - false if the file does not exist or the permissions are incorrect.
655 */
656bool cf_file_check(CONF_PAIR *cp, bool check_perms)
657{
658 cf_file_t *file;
659 CONF_SECTION *top;
660 fr_rb_tree_t *tree;
661 char const *filename = cf_pair_value(cp);
662 int fd = -1;
663
664 top = cf_root(cp);
665 tree = cf_data_value(cf_data_find(top, fr_rb_tree_t, "filename"));
666 if (!tree) return false;
667
668 file = talloc(tree, cf_file_t);
669 if (!file) return false;
670
671 file->filename = talloc_strdup(file, filename); /* The rest of the code expects this to be talloced */
672 file->cs = cf_item_to_section(cf_parent(cp));
673
674 if (!check_perms) {
675 if (stat(filename, &file->buf) < 0) {
676 perm_error:
677 fr_perm_file_error(errno); /* Write error and euid/egid to error buff */
678 cf_log_perr(cp, "Unable to open file \"%s\"", filename);
679 error:
680 if (fd >= 0) close(fd);
681 talloc_free(file);
682 return false;
683 }
684 talloc_free(file);
685 return true;
686 }
687
688 /*
689 * This really does seem to be the simplest way
690 * to check that the file can be read with the
691 * euid/egid.
692 */
693 {
694 uid_t euid = (uid_t)-1;
695 gid_t egid = (gid_t)-1;
696
697 if ((conf_check_gid != (gid_t)-1) && ((egid = getegid()) != conf_check_gid)) {
698 if (setegid(conf_check_gid) < 0) {
699 cf_log_perr(cp, "Failed setting effective group ID (%d) for file check: %s",
700 (int) conf_check_gid, fr_syserror(errno));
701 goto error;
702 }
703 }
704 if ((conf_check_uid != (uid_t)-1) && ((euid = geteuid()) != conf_check_uid)) {
705 if (seteuid(conf_check_uid) < 0) {
706 cf_log_perr(cp, "Failed setting effective user ID (%d) for file check: %s",
707 (int) conf_check_uid, fr_syserror(errno));
708 goto error;
709 }
710 }
711 fd = open(filename, O_RDONLY);
712 if (conf_check_uid != euid) {
713 if (seteuid(euid) < 0) {
714 cf_log_perr(cp, "Failed restoring effective user ID (%d) after file check: %s",
715 (int) euid, fr_syserror(errno));
716 goto error;
717 }
718 }
719 if (conf_check_gid != egid) {
720 if (setegid(egid) < 0) {
721 cf_log_perr(cp, "Failed restoring effective group ID (%d) after file check: %s",
722 (int) egid, fr_syserror(errno));
723 goto error;
724 }
725 }
726 }
727
728 if (fd < 0) goto perm_error;
729 if (fstat(fd, &file->buf) < 0) goto perm_error;
730
731 close(fd);
732
733#ifdef S_IWOTH
734 if ((file->buf.st_mode & S_IWOTH) != 0) {
735 cf_log_perr(cp, "Configuration file %s is globally writable. "
736 "Refusing to start due to insecure configuration.", filename);
737 talloc_free(file);
738 return false;
739 }
740#endif
741
742 /*
743 * It's OK to include the same file twice...
744 */
745 if (!fr_rb_insert(tree, file)) talloc_free(file);
746
747 return true;
748}
749
750/*
751 * Do variable expansion in pass2.
752 *
753 * This is a breadth-first expansion. "deep
754 */
755int cf_section_pass2(CONF_SECTION *cs)
756{
757 cf_item_foreach(&cs->item, ci) {
758 char const *value;
759 CONF_PAIR *cp;
760 char buffer[8192];
761
762 if (ci->type != CONF_ITEM_PAIR) continue;
763
764 cp = cf_item_to_pair(ci);
765 if (!cp->value || !cp->pass2) continue;
766
767 fr_assert((cp->rhs_quote == T_BARE_WORD) ||
768 (cp->rhs_quote == T_HASH) ||
769 (cp->rhs_quote == T_DOUBLE_QUOTED_STRING) ||
770 (cp->rhs_quote == T_BACK_QUOTED_STRING));
771
772 value = cf_expand_variables(ci->filename, ci->lineno, cs, buffer, sizeof(buffer), cp->value, -1, NULL);
773 if (!value) return -1;
774
775 talloc_const_free(cp->value);
776 cp->value = talloc_typed_strdup(cp, value);
777 }
778
779 cf_item_foreach(&cs->item, ci) {
780 if (ci->type != CONF_ITEM_SECTION) continue;
781
782 if (cf_section_pass2(cf_item_to_section(ci)) < 0) return -1;
783 }
784
785 return 0;
786}
787
788
789static char const *cf_local_file(char const *base, char const *filename,
790 char *buffer, size_t bufsize)
791{
792 size_t dirsize;
793 char *p;
794
795 strlcpy(buffer, base, bufsize);
796
797 p = strrchr(buffer, FR_DIR_SEP);
798 if (!p) return filename;
799 if (p[1]) { /* ./foo */
800 p[1] = '\0';
801 }
802
803 dirsize = (p - buffer) + 1;
804
805 if ((dirsize + strlen(filename)) >= bufsize) {
806 return NULL;
807 }
808
809 strlcpy(p + 1, filename, bufsize - dirsize);
810
811 return buffer;
812}
813
814/*
815 * Like gettoken(), but uses the new API which seems better for a
816 * host of reasons.
817 */
818static int cf_get_token(CONF_SECTION *parent, char const **ptr_p, fr_token_t *token, char *buffer, size_t buflen,
819 char const *filename, int lineno)
820{
821 char const *ptr = *ptr_p;
822 ssize_t slen;
823 char const *out;
824 size_t outlen;
825
826 /*
827 * Discover the string content, returning what kind of
828 * string it is.
829 *
830 * Don't allow casts or regexes. But do allow bare
831 * %{...} expansions.
832 */
833 slen = tmpl_preparse(&out, &outlen, ptr, strlen(ptr), token);
834 if (slen <= 0) {
835 char *spaces, *text;
836
837 fr_canonicalize_error(parent, &spaces, &text, slen, ptr);
838
839 ERROR("%s[%d]: %s", filename, lineno, text);
840 ERROR("%s[%d]: %s^ - %s", filename, lineno, spaces, fr_strerror());
841
842 talloc_free(spaces);
843 talloc_free(text);
844 return -1;
845 }
846
847 if ((size_t) slen >= buflen) {
848 ERROR("%s[%d]: Name is too long", filename, lineno);
849 return -1;
850 }
851
852 /*
853 * Unescape it or copy it verbatim as necessary.
854 */
855 if (!cf_expand_variables(filename, lineno, parent, buffer, buflen,
856 out, outlen, NULL)) {
857 return -1;
858 }
859
860 ptr += slen;
861 fr_skip_whitespace(ptr);
862
863 *ptr_p = ptr;
864 return 0;
865}
866
871
872static int8_t filename_cmp(void const *one, void const *two)
873{
874 int ret;
875 cf_file_heap_t const *a = one;
876 cf_file_heap_t const *b = two;
877
878 ret = strcmp(a->filename, b->filename);
879 return CMP(ret, 0);
880}
881
882
883static int process_include(cf_stack_t *stack, CONF_SECTION *parent, char const *ptr, bool required, bool relative)
884{
885 char const *value;
886 cf_stack_frame_t *frame = &stack->frame[stack->depth];
887
888 /*
889 * Can't do this inside of update / map.
890 */
891 if (parent->unlang == CF_UNLANG_ASSIGNMENT) {
892 ERROR("%s[%d]: Parse error: Invalid location for $INCLUDE",
893 frame->filename, frame->lineno);
894 return -1;
895 }
896
897 fr_skip_whitespace(ptr);
898
899 /*
900 * Grab all of the non-whitespace text.
901 */
902 value = ptr;
903 while (*ptr && !isspace((uint8_t) *ptr)) ptr++;
904
905 /*
906 * We're OK with whitespace after the filename.
907 */
908 fr_skip_whitespace(ptr);
909
910 /*
911 * But anything else after the filename is wrong.
912 */
913 if (*ptr) {
914 ERROR("%s[%d]: Unexpected text after $INCLUDE", frame->filename, frame->lineno);
915 return -1;
916 }
917
918 /*
919 * Hack for ${confdir}/foo
920 */
921 if (*value == '$') relative = false;
922
923 value = cf_expand_variables(frame->filename, frame->lineno, parent, stack->buff[1], stack->bufsize,
924 value, ptr - value, NULL);
925 if (!value) return -1;
926
927 if (!FR_DIR_IS_RELATIVE(value)) relative = false;
928
929 if (relative) {
930 value = cf_local_file(frame->filename, value, stack->buff[2], stack->bufsize);
931 if (!value) {
932 ERROR("%s[%d]: Directories too deep", frame->filename, frame->lineno);
933 return -1;
934 }
935 }
936
937 if (strchr(value, '*') != 0) {
938#ifndef HAVE_GLOB_H
939 ERROR("%s[%d]: Filename globbing is not supported.", frame->filename, frame->lineno);
940 return -1;
941#else
942 stack->depth++;
943 frame = &stack->frame[stack->depth];
944 memset(frame, 0, sizeof(*frame));
945
946 frame->type = CF_STACK_GLOB;
947 frame->required = required;
948 frame->parent = parent;
949 frame->current = parent;
950
951 /*
952 * For better debugging.
953 */
954 frame->filename = frame[-1].filename;
955 frame->lineno = frame[-1].lineno;
956
957 if (glob(value, GLOB_ERR | GLOB_NOESCAPE, NULL, &frame->glob) < 0) {
958 stack->depth--;
959 ERROR("%s[%d]: Failed expanding '%s' - %s", frame->filename, frame->lineno,
960 value, fr_syserror(errno));
961 return -1;
962 }
963
964 /*
965 * If nothing matches, that may be an error.
966 */
967 if (frame->glob.gl_pathc == 0) {
968 if (!required) {
969 stack->depth--;
970 return 0;
971 }
972
973 ERROR("%s[%d]: Failed expanding '%s' - No matching files", frame->filename, frame->lineno,
974 value);
975 return -1;
976 }
977
978 return 1;
979#endif
980 }
981
982 /*
983 * Allow $-INCLUDE for directories, too.
984 */
985 if (!required) {
986 struct stat statbuf;
987
988 if (stat(value, &statbuf) < 0) {
989 WARN("Not including file %s: %s", value, fr_syserror(errno));
990 return 0;
991 }
992 }
993
994 /*
995 * The filename doesn't end in '/', so it must be a file.
996 */
997 if (value[strlen(value) - 1] != '/') {
998 if ((stack->depth + 1) >= MAX_STACK) {
999 ERROR("%s[%d]: Directories too deep", frame->filename, frame->lineno);
1000 return -1;
1001 }
1002
1003 stack->depth++;
1004 frame = &stack->frame[stack->depth];
1005 memset(frame, 0, sizeof(*frame));
1006
1007 frame->type = CF_STACK_FILE;
1008 frame->fp = NULL;
1009 frame->parent = parent;
1010 frame->current = parent;
1011 frame->filename = talloc_strdup(frame->parent, value);
1012 return 1;
1013 }
1014
1015#ifdef HAVE_DIRENT_H
1016 /*
1017 * $INCLUDE foo/
1018 *
1019 * Include ALL non-"dot" files in the directory.
1020 * careful!
1021 */
1022 {
1023 char *directory;
1024 DIR *dir;
1025 struct dirent *dp;
1026 struct stat stat_buf;
1027 cf_file_heap_t *h;
1028#ifdef S_IWOTH
1029 int my_fd;
1030#endif
1031
1032 /*
1033 * We need to keep a copy of parent while the
1034 * included files mangle our buff[] array.
1035 */
1036 directory = talloc_strdup(parent, value);
1037
1038 cf_log_debug(parent, "Including files in directory \"%s\"", directory);
1039
1040 dir = opendir(directory);
1041 if (!dir) {
1042 ERROR("%s[%d]: Error reading directory %s: %s",
1043 frame->filename, frame->lineno, value,
1044 fr_syserror(errno));
1045 error:
1046 talloc_free(directory);
1047 return -1;
1048 }
1049
1050#ifdef S_IWOTH
1051 my_fd = dirfd(dir);
1052 fr_assert(my_fd >= 0);
1053
1054 /*
1055 * Security checks.
1056 */
1057 if (fstat(my_fd, &stat_buf) < 0) {
1058 ERROR("%s[%d]: Failed reading directory %s: %s", frame->filename, frame->lineno,
1059 directory, fr_syserror(errno));
1060 goto error;
1061 }
1062
1063 if ((stat_buf.st_mode & S_IWOTH) != 0) {
1064 ERROR("%s[%d]: Directory %s is globally writable. Refusing to start due to "
1065 "insecure configuration", frame->filename, frame->lineno, directory);
1066 goto error;
1067 }
1068#endif
1069
1070 /*
1071 * Directory plus next filename.
1072 */
1073 if ((stack->depth + 2) >= MAX_STACK) {
1074 ERROR("%s[%d]: Directories too deep", frame->filename, frame->lineno);
1075 goto error;
1076 }
1077
1078 stack->depth++;
1079 frame = &stack->frame[stack->depth];
1080 *frame = (cf_stack_frame_t){
1081 .type = CF_STACK_DIR,
1082 .directory = directory,
1083 .parent = parent,
1084 .current = parent,
1085 .from_dir = true
1086 };
1087
1088 MEM(frame->heap = fr_heap_alloc(frame->directory, filename_cmp, cf_file_heap_t, heap_id, 0));
1089
1090 /*
1091 * Read the whole directory before loading any
1092 * individual file. We stat() files to ensure
1093 * that they're readable. We ignore
1094 * subdirectories and files with odd filenames.
1095 */
1096 while ((dp = readdir(dir)) != NULL) {
1097 char const *p;
1098
1099 if (dp->d_name[0] == '.') continue;
1100
1101 /*
1102 * Check for valid characters
1103 */
1104 for (p = dp->d_name; *p != '\0'; p++) {
1105 if (isalpha((uint8_t)*p) ||
1106 isdigit((uint8_t)*p) ||
1107 (*p == '-') ||
1108 (*p == '_') ||
1109 (*p == '.')) continue;
1110 break;
1111 }
1112 if (*p != '\0') continue;
1113
1114 snprintf(stack->buff[1], stack->bufsize, "%s%s",
1115 frame->directory, dp->d_name);
1116
1117 if (stat(stack->buff[1], &stat_buf) != 0) {
1118 ERROR("%s[%d]: Failed checking file %s: %s",
1119 (frame - 1)->filename, (frame - 1)->lineno,
1120 stack->buff[1], fr_syserror(errno));
1121 continue;
1122 }
1123
1124 if (S_ISDIR(stat_buf.st_mode)) {
1125 WARN("%s[%d]: Ignoring directory %s",
1126 (frame - 1)->filename, (frame - 1)->lineno,
1127 stack->buff[1]);
1128 continue;
1129 }
1130
1131 MEM(h = talloc_zero(frame->heap, cf_file_heap_t));
1132 MEM(h->filename = talloc_typed_strdup(h, stack->buff[1]));
1133 h->heap_id = FR_HEAP_INDEX_INVALID;
1134 (void) fr_heap_insert(&frame->heap, h);
1135 }
1136 closedir(dir);
1137 return 1;
1138 }
1139#else
1140 ERROR("%s[%d]: Error including %s: No support for directories!",
1141 frame->filename, frame->lineno, value);
1142 return -1;
1143#endif
1144}
1145
1146
1147static int process_template(cf_stack_t *stack)
1148{
1149 CONF_ITEM *ci;
1150 CONF_SECTION *parent_cs, *templatecs;
1151 fr_token_t token;
1152 cf_stack_frame_t *frame = &stack->frame[stack->depth];
1153 CONF_SECTION *parent = frame->current;
1154
1155 token = getword(&stack->ptr, stack->buff[2], stack->bufsize, true);
1156 if (token != T_EOL) {
1157 ERROR("%s[%d]: Unexpected text after $TEMPLATE", frame->filename, frame->lineno);
1158 return -1;
1159 }
1160
1161 if (!parent) {
1162 ERROR("%s[%d]: Internal sanity check error in template reference", frame->filename, frame->lineno);
1163 return -1;
1164 }
1165
1166 if (parent->template) {
1167 ERROR("%s[%d]: Section already has a template", frame->filename, frame->lineno);
1168 return -1;
1169 }
1170
1171 /*
1172 * Allow in-line templates.
1173 */
1174 templatecs = cf_section_find(cf_item_to_section(cf_parent(parent)), "template", stack->buff[2]);
1175 if (templatecs) {
1176 parent->template = templatecs;
1177 return 0;
1178 }
1179
1180 parent_cs = cf_root(parent);
1181
1182 templatecs = cf_section_find(parent_cs, "templates", NULL);
1183 if (!templatecs) {
1184 ERROR("%s[%d]: Cannot find template \"%s\", as no 'templates' section exists.",
1185 frame->filename, frame->lineno, stack->buff[2]);
1186 return -1;
1187 }
1188
1189 ci = cf_reference_item(parent_cs, templatecs, stack->buff[2]);
1190 if (!ci || (ci->type != CONF_ITEM_SECTION)) {
1191 ERROR("%s[%d]: No such template \"%s\" in the 'templates' section.",
1192 frame->filename, frame->lineno, stack->buff[2]);
1193 return -1;
1194 }
1195
1196 parent->template = cf_item_to_section(ci);
1197 return 0;
1198}
1199
1200
1201static int cf_file_fill(cf_stack_t *stack);
1202
1203
1204/** Skip an xlat expression.
1205 *
1206 * This is a simple "peek ahead" parser which tries to not be wrong. It may accept
1207 * some things which will later parse as invalid (e.g. unknown attributes, etc.)
1208 * But it also rejects all malformed expressions.
1209 *
1210 * It's used as a quick hack because the full parser isn't always available.
1211 *
1212 * @param[in] start start of the expression, MUST point to the "%{" or "%("
1213 * @param[in] end end of the string (or NULL for zero-terminated strings)
1214 * @return
1215 * >0 length of the string which was parsed
1216 * <=0 on error
1217 */
1218static ssize_t fr_skip_xlat(char const *start, char const *end)
1219{
1220 int depth = 1; /* caller skips '{' */
1221 ssize_t slen;
1222 char quote, end_quote;
1223 char const *p = start;
1224
1225 /*
1226 * At least %{1}
1227 */
1228 if (end && ((start + 4) > end)) {
1229 fr_strerror_const("Invalid expansion");
1230 return 0;
1231 }
1232
1233 if ((*p != '%') && (*p != '$')) {
1234 fr_strerror_const("Unexpected character in expansion");
1235 return -(p - start);
1236 }
1237
1238 p++;
1239 if ((*p != '{') && (*p != '(')) {
1240 char const *q = p;
1241
1242 /*
1243 * New xlat syntax: %foo(...)
1244 */
1245 while (isalnum((int) *q) || (*q == '.') || (*q == '_') || (*q == '-')) {
1246 q++;
1247 }
1248 if (*q == '(') {
1249 p = q;
1250 goto do_quote;
1251 }
1252
1253 fr_strerror_const("Invalid character after '%'");
1254 return -(p - start);
1255 }
1256
1257do_quote:
1258 quote = *(p++);
1259 if (quote == '{') {
1260 end_quote = '}';
1261 } else {
1262 end_quote = ')';
1263 }
1264
1265 while ((end && (p < end)) || (*p >= ' ')) {
1266 if (*p == quote) {
1267 p++;
1268 depth++;
1269 continue;
1270 }
1271
1272 if (*p == end_quote) {
1273 p++;
1274 depth--;
1275 if (!depth) return p - start;
1276
1277 continue;
1278 }
1279
1280 /*
1281 * Nested expansion.
1282 */
1283 if ((p[0] == '$') || (p[0] == '%')) {
1284 if (end && (p + 2) >= end) break;
1285
1286 if ((p[1] == '{') || ((p[0] == '$') && (p[1] == '('))) {
1287 slen = fr_skip_xlat(p, end);
1288
1289 check:
1290 if (slen <= 0) return -(p - start) + slen;
1291
1292 p += slen;
1293 continue;
1294 }
1295
1296 /*
1297 * Bare $ or %, just leave it alone.
1298 */
1299 p++;
1300 continue;
1301 }
1302
1303 /*
1304 * A quoted string.
1305 */
1306 if ((*p == '"') || (*p == '\'') || (*p == '`')) {
1307 slen = fr_skip_string(p, end);
1308 goto check;
1309 }
1310
1311 /*
1312 * @todo - bare '(' is a condition or nested
1313 * expression. The brackets need to balance
1314 * here, too.
1315 */
1316
1317 if (*p != '\\') {
1318 p++;
1319 continue;
1320 }
1321
1322 if (end && ((p + 2) >= end)) break;
1323
1324 /*
1325 * Escapes here are only one-character escapes.
1326 */
1327 if (p[1] < ' ') break;
1328 p += 2;
1329 }
1330
1331 /*
1332 * Unexpected end of xlat
1333 */
1334 fr_strerror_const("Unexpected end of expansion");
1335 return -(p - start);
1336}
1337
1338static const bool terminal_end_section[UINT8_MAX + 1] = {
1339 ['{'] = true,
1340};
1341
1342static const bool terminal_end_line[UINT8_MAX + 1] = {
1343 [0] = true,
1344
1345 ['\r'] = true,
1346 ['\n'] = true,
1347
1348 ['#'] = true,
1349 [','] = true,
1350 [';'] = true,
1351 ['}'] = true,
1352};
1353
1354/** Skip a conditional expression.
1355 *
1356 * This is a simple "peek ahead" parser which tries to not be wrong. It may accept
1357 * some things which will later parse as invalid (e.g. unknown attributes, etc.)
1358 * But it also rejects all malformed expressions.
1359 *
1360 * It's used as a quick hack because the full parser isn't always available.
1361 *
1362 * @param[in] start start of the condition.
1363 * @param[in] end end of the string (or NULL for zero-terminated strings)
1364 * @param[in] terminal terminal character(s)
1365 * @param[out] eol did the parse error happen at eol?
1366 * @return
1367 * >0 length of the string which was parsed. *eol is false.
1368 * <=0 on error, *eol may be set.
1369 */
1370static ssize_t fr_skip_condition(char const *start, char const *end, bool const terminal[static UINT8_MAX + 1], bool *eol)
1371{
1372 char const *p = start;
1373 bool was_regex = false;
1374 int depth = 0;
1375 ssize_t slen;
1376
1377 if (eol) *eol = false;
1378
1379 /*
1380 * Keep parsing the condition until we hit EOS or EOL.
1381 */
1382 while ((end && (p < end)) || *p) {
1383 if (isspace((uint8_t) *p)) {
1384 p++;
1385 continue;
1386 }
1387
1388 /*
1389 * In the configuration files, conditions end with ") {" or just "{"
1390 */
1391 if ((depth == 0) && terminal[(uint8_t) *p]) {
1392 return p - start;
1393 }
1394
1395 /*
1396 * "recurse" to get more conditions.
1397 */
1398 if (*p == '(') {
1399 p++;
1400 depth++;
1401 was_regex = false;
1402 continue;
1403 }
1404
1405 if (*p == ')') {
1406 if (!depth) {
1407 fr_strerror_const("Too many ')'");
1408 return -(p - start);
1409 }
1410
1411 p++;
1412 depth--;
1413 was_regex = false;
1414 continue;
1415 }
1416
1417 /*
1418 * Parse xlats. They cannot span EOL.
1419 */
1420 if ((*p == '$') || (*p == '%')) {
1421 if (end && ((p + 2) >= end)) {
1422 fr_strerror_const("Expansions cannot extend across end of line");
1423 return -(p - start);
1424 }
1425
1426 if ((p[1] == '{') || ((p[0] == '$') && (p[1] == '('))) {
1427 slen = fr_skip_xlat(p, end);
1428
1429 check:
1430 if (slen <= 0) return -(p - start) + slen;
1431
1432 p += slen;
1433 continue;
1434 }
1435
1436 /*
1437 * Bare $ or %, just leave it alone.
1438 */
1439 p++;
1440 was_regex = false;
1441 continue;
1442 }
1443
1444 /*
1445 * Parse quoted strings. They cannot span EOL.
1446 */
1447 if ((*p == '"') || (*p == '\'') || (*p == '`') || (was_regex && (*p == '/'))) {
1448 was_regex = false;
1449
1450 slen = fr_skip_string((char const *) p, end);
1451 goto check;
1452 }
1453
1454 /*
1455 * 192.168/16 is a netmask. So we only
1456 * allow regex after a regex operator.
1457 *
1458 * This isn't perfect, but is good enough
1459 * for most purposes.
1460 */
1461 if ((p[0] == '=') || (p[0] == '!')) {
1462 if (end && ((p + 2) >= end)) {
1463 fr_strerror_const("Operators cannot extend across end of line");
1464 return -(p - start);
1465 }
1466
1467 if (p[1] == '~') {
1468 was_regex = true;
1469 p += 2;
1470 continue;
1471 }
1472
1473 /*
1474 * Some other '==' or '!=', just leave it alone.
1475 */
1476 p++;
1477 was_regex = false;
1478 continue;
1479 }
1480
1481 /*
1482 * Any control characters (other than \t) cause an error.
1483 */
1484 if (*p < ' ') break;
1485
1486 was_regex = false;
1487
1488 /*
1489 * Normal characters just get skipped.
1490 */
1491 if (*p != '\\') {
1492 p++;
1493 continue;
1494 }
1495
1496 /*
1497 * Backslashes at EOL are ignored.
1498 */
1499 if (end && ((p + 2) >= end)) break;
1500
1501 /*
1502 * Escapes here are only one-character escapes.
1503 */
1504 if (p[1] < ' ') break;
1505 p += 2;
1506 }
1507
1508 /*
1509 * We've fallen off of the end of a string. It may be OK?
1510 */
1511 if (eol) *eol = (depth > 0);
1512
1513 if (terminal[(uint8_t) *p]) return p - start;
1514
1515 fr_strerror_const("Unexpected end of condition");
1516 return -(p - start);
1517}
1518
1519static CONF_ITEM *process_if(cf_stack_t *stack)
1520{
1521 ssize_t slen = 0;
1522 fr_dict_t const *dict = NULL;
1523 CONF_SECTION *cs;
1524 uint8_t const *p;
1525 char const *ptr = stack->ptr;
1526 cf_stack_frame_t *frame = &stack->frame[stack->depth];
1527 CONF_SECTION *parent = frame->current;
1528 char *buff[4];
1529 tmpl_rules_t t_rules;
1530
1531 /*
1532 * Short names are nicer.
1533 */
1534 buff[1] = stack->buff[1];
1535 buff[2] = stack->buff[2];
1536 buff[3] = stack->buff[3];
1537
1538 dict = virtual_server_dict_by_child_ci(cf_section_to_item(parent));
1539
1540 t_rules = (tmpl_rules_t) {
1541 .attr = {
1542 .dict_def = dict,
1543 .list_def = request_attr_request,
1544 .allow_unresolved = true,
1545 .allow_unknown = true
1546 }
1547 };
1548
1549 /*
1550 * Create the CONF_SECTION. We don't pass a name2, as it
1551 * hasn't yet been parsed.
1552 */
1553 cs = cf_section_alloc(parent, parent, buff[1], NULL);
1554 if (!cs) {
1555 cf_log_err(parent, "Failed allocating memory for section");
1556 return NULL;
1557 }
1558 cf_filename_set(cs, frame->filename);
1559 cf_lineno_set(cs, frame->lineno);
1560
1561 RULES_VERIFY(cs, &t_rules);
1562
1563 /*
1564 * Keep "parsing" the condition until we hit EOL.
1565 *
1566 *
1567 */
1568 while (true) {
1569 int rcode;
1570 bool eol;
1571
1572 /*
1573 * Try to parse the condition. We can have a parse success, or a parse failure.
1574 */
1575 slen = fr_skip_condition(ptr, NULL, terminal_end_section, &eol);
1576
1577 /*
1578 * Parse success means we stop reading more data.
1579 */
1580 if (slen > 0) break;
1581
1582 /*
1583 * Parse failures not at EOL are real errors.
1584 */
1585 if (!eol) {
1586 slen = 0;
1587 fr_strerror_const("Unexpected EOF");
1588 error:
1589 cf_canonicalize_error(cs, slen, "Parse error in condition", ptr);
1590 talloc_free(cs);
1591 return NULL;
1592 }
1593
1594 /*
1595 * Parse failures at EOL means that we read more data.
1596 */
1597 p = (uint8_t const *) ptr + (-slen);
1598
1599 /*
1600 * Auto-continue across CR LF until we reach the
1601 * end of the string. We mash everything into one line.
1602 */
1603 if (*p && (*p < ' ')) {
1604 while ((*p == '\r') || (*p == '\n')) {
1605 char *q;
1606
1607 q = UNCONST(char *, p);
1608 *q = ' ';
1609 p++;
1610 continue;
1611 }
1612
1613 /*
1614 * Hopefully the next line is already in
1615 * the buffer, and we don't have to read
1616 * more data.
1617 */
1618 continue;
1619 }
1620
1621 /*
1622 * Anything other than EOL is a problem at this point.
1623 */
1624 if (*p) {
1625 fr_strerror_const("Unexpected text after condition");
1626 goto error;
1627 }
1628
1629 /*
1630 * We hit EOL, so the parse error is really "read more data".
1631 */
1632 stack->fill = UNCONST(char *, p);
1633 rcode = cf_file_fill(stack);
1634 if (rcode < 0) {
1635 cf_log_err(cs, "Failed parsing condition");
1636 return NULL;
1637 }
1638 }
1639
1640 fr_assert((size_t) slen < (stack->bufsize - 1));
1641
1642 ptr += slen;
1643 fr_skip_whitespace(ptr);
1644
1645 if (*ptr != '{') {
1646 cf_log_err(cs, "Expected '{' instead of %s", ptr);
1647 talloc_free(cs);
1648 return NULL;
1649 }
1650 ptr++;
1651
1652 /*
1653 * Save the parsed condition (minus trailing whitespace)
1654 * into a buffer.
1655 */
1656 memcpy(buff[2], stack->ptr, slen);
1657 buff[2][slen] = '\0';
1658
1659 while (slen > 0) {
1660 if (!isspace((uint8_t) buff[2][slen])) break;
1661
1662 buff[2][slen] = '\0';
1663 slen--;
1664 }
1665
1666 /*
1667 * Expand the variables in the pre-parsed condition.
1668 */
1669 if (!cf_expand_variables(frame->filename, frame->lineno, parent,
1670 buff[3], stack->bufsize, buff[2], slen, NULL)) {
1671 fr_strerror_const("Failed expanding configuration variable");
1672 return NULL;
1673 }
1674
1675 MEM(cs->name2 = talloc_typed_strdup(cs, buff[3]));
1676 cs->name2_quote = T_BARE_WORD;
1677
1678 stack->ptr = ptr;
1679
1680 cs->allow_locals = true;
1681 cs->unlang = CF_UNLANG_ALLOW;
1682 return cf_section_to_item(cs);
1683}
1684
1685static CONF_ITEM *process_map(cf_stack_t *stack)
1686{
1687 char const *mod;
1688 char const *value = NULL;
1689 CONF_SECTION *css;
1690 fr_token_t token;
1691 char const *ptr = stack->ptr;
1692 cf_stack_frame_t *frame = &stack->frame[stack->depth];
1693 CONF_SECTION *parent = frame->current;
1694 char *buff[4];
1695
1696 /*
1697 * Short names are nicer.
1698 */
1699 buff[1] = stack->buff[1];
1700 buff[2] = stack->buff[2];
1701
1702 if (cf_get_token(parent, &ptr, &token, buff[1], stack->bufsize,
1703 frame->filename, frame->lineno) < 0) {
1704 return NULL;
1705 }
1706
1707 if (token != T_BARE_WORD) {
1708 ERROR("%s[%d]: Invalid syntax for 'map' - module name must not be a quoted string",
1709 frame->filename, frame->lineno);
1710 return NULL;
1711 }
1712 mod = buff[1];
1713
1714 /*
1715 * Maps without an expansion string are allowed, though
1716 * it's not clear why.
1717 */
1718 if (*ptr == '{') {
1719 ptr++;
1720 goto alloc_section;
1721 }
1722
1723 /*
1724 * Now get the expansion string.
1725 */
1726 if (cf_get_token(parent, &ptr, &token, buff[2], stack->bufsize,
1727 frame->filename, frame->lineno) < 0) {
1728 return NULL;
1729 }
1730 if (!fr_str_tok[token]) {
1731 ERROR("%s[%d]: Expecting string expansions in 'map' definition",
1732 frame->filename, frame->lineno);
1733 return NULL;
1734 }
1735
1736 if (*ptr != '{') {
1737 ERROR("%s[%d]: Expecting section start brace '{' in 'map' definition",
1738 frame->filename, frame->lineno);
1739 return NULL;
1740 }
1741 ptr++;
1742 value = buff[2];
1743
1744 /*
1745 * Allocate the section
1746 */
1747alloc_section:
1748 css = cf_section_alloc(parent, parent, "map", mod);
1749 if (!css) {
1750 ERROR("%s[%d]: Failed allocating memory for section",
1751 frame->filename, frame->lineno);
1752 return NULL;
1753 }
1754 cf_filename_set(css, frame->filename);
1755 cf_lineno_set(css, frame->lineno);
1756 css->name2_quote = T_BARE_WORD;
1757
1758 css->argc = 0;
1759 if (value) {
1760 css->argv = talloc_array(css, char const *, 1);
1761 css->argv[0] = talloc_typed_strdup(css->argv, value);
1762 css->argv_quote = talloc_array(css, fr_token_t, 1);
1763 css->argv_quote[0] = token;
1764 css->argc++;
1765 }
1766 stack->ptr = ptr;
1767 css->unlang = CF_UNLANG_ASSIGNMENT;
1768
1769 return cf_section_to_item(css);
1770}
1771
1772
1773static CONF_ITEM *process_subrequest(cf_stack_t *stack)
1774{
1775 char const *mod = NULL;
1776 CONF_SECTION *css;
1777 fr_token_t token;
1778 char const *ptr = stack->ptr;
1779 cf_stack_frame_t *frame = &stack->frame[stack->depth];
1780 CONF_SECTION *parent = frame->current;
1781 char *buff[4];
1782 int values = 0;
1783
1784 /*
1785 * Short names are nicer.
1786 */
1787 buff[1] = stack->buff[1];
1788 buff[2] = stack->buff[2];
1789 buff[3] = stack->buff[3];
1790
1791 /*
1792 * subrequest { ... } is allowed.
1793 */
1794 fr_skip_whitespace(ptr);
1795 if (*ptr == '{') {
1796 ptr++;
1797 goto alloc_section;
1798 }
1799
1800 /*
1801 * Get the name of the Packet-Type.
1802 */
1803 if (cf_get_token(parent, &ptr, &token, buff[1], stack->bufsize,
1804 frame->filename, frame->lineno) < 0) {
1805 return NULL;
1806 }
1807
1808 mod = buff[1];
1809
1810 /*
1811 * subrequest Access-Request { ... } is allowed.
1812 */
1813 if (*ptr == '{') {
1814 ptr++;
1815 goto alloc_section;
1816 }
1817
1818 /*
1819 * subrequest Access-Request &foo { ... }
1820 */
1821 if (cf_get_token(parent, &ptr, &token, buff[2], stack->bufsize,
1822 frame->filename, frame->lineno) < 0) {
1823 return NULL;
1824 }
1825
1826 if (token != T_BARE_WORD) {
1827 ERROR("%s[%d]: The second argument to 'subrequest' must be an attribute reference",
1828 frame->filename, frame->lineno);
1829 return NULL;
1830 }
1831 values++;
1832
1833 if (*ptr == '{') {
1834 ptr++;
1835 goto alloc_section;
1836 }
1837
1838 /*
1839 * subrequest Access-Request &foo &bar { ... }
1840 */
1841 if (cf_get_token(parent, &ptr, &token, buff[3], stack->bufsize,
1842 frame->filename, frame->lineno) < 0) {
1843 return NULL;
1844 }
1845
1846 if (token != T_BARE_WORD) {
1847 ERROR("%s[%d]: The third argument to 'subrequest' must be an attribute reference",
1848 frame->filename, frame->lineno);
1849 return NULL;
1850 }
1851 values++;
1852
1853 if (*ptr != '{') {
1854 ERROR("%s[%d]: Expecting section start brace '{' in 'subrequest' definition",
1855 frame->filename, frame->lineno);
1856 return NULL;
1857 }
1858 ptr++;
1859
1860 /*
1861 * Allocate the section
1862 */
1863alloc_section:
1864 css = cf_section_alloc(parent, parent, "subrequest", mod);
1865 if (!css) {
1866 ERROR("%s[%d]: Failed allocating memory for section",
1867 frame->filename, frame->lineno);
1868 return NULL;
1869 }
1870 cf_filename_set(css, frame->filename);
1871 cf_lineno_set(css, frame->lineno);
1872 if (mod) css->name2_quote = T_BARE_WORD;
1873
1874 css->argc = values;
1875 if (values) {
1876 int i;
1877
1878 css->argv = talloc_array(css, char const *, values);
1879 css->argv_quote = talloc_array(css, fr_token_t, values);
1880
1881 for (i = 0; i < values; i++) {
1882 css->argv[i] = talloc_typed_strdup(css->argv, buff[2 + i]);
1883 css->argv_quote[i] = T_BARE_WORD;
1884 }
1885 }
1886
1887 stack->ptr = ptr;
1888
1889 css->allow_locals = true;
1890 css->unlang = CF_UNLANG_ALLOW;
1891 return cf_section_to_item(css);
1892}
1893
1894static CONF_ITEM *process_catch(cf_stack_t *stack)
1895{
1896 CONF_SECTION *css;
1897 int argc = 0;
1898 char const *ptr = stack->ptr;
1899 cf_stack_frame_t *frame = &stack->frame[stack->depth];
1900 CONF_SECTION *parent = frame->current;
1901 char *name2 = NULL;
1902 char *argv[RLM_MODULE_NUMCODES];
1903
1904 while (true) {
1905 char const *p;
1906 size_t len;
1907
1908 fr_skip_whitespace(ptr);
1909
1910 /*
1911 * We have an open bracket, it's the end of the "catch" statement.
1912 */
1913 if (*ptr == '{') {
1914 ptr++;
1915 break;
1916 }
1917
1918 /*
1919 * The arguments have to be short, unquoted words.
1920 */
1921 p = ptr;
1922 while (isalpha((uint8_t) *ptr)) ptr++;
1923
1924 len = ptr - p;
1925 if (len > 16) {
1926 ERROR("%s[%d]: Invalid syntax for 'catch' - unknown rcode '%s'",
1927 frame->filename, frame->lineno, p);
1928 return NULL;
1929 }
1930
1931 if ((*ptr != '{') && !isspace((uint8_t) *ptr)) {
1932 ERROR("%s[%d]: Invalid syntax for 'catch' - unexpected text at '%s'",
1933 frame->filename, frame->lineno, ptr);
1934 return NULL;
1935 }
1936
1937 if (!name2) {
1938 name2 = talloc_strndup(NULL, p, len);
1939 continue;
1940 }
1941
1942 if (argc > RLM_MODULE_NUMCODES) {
1943 ERROR("%s[%d]: Invalid syntax for 'catch' - too many arguments at'%s'",
1944 frame->filename, frame->lineno, ptr);
1945 return NULL;
1946 }
1947
1948 argv[argc++] = talloc_strndup(name2, p, len);
1949 }
1950
1951 css = cf_section_alloc(parent, parent, "catch", name2);
1952 if (!css) {
1953 talloc_free(name2);
1954 ERROR("%s[%d]: Failed allocating memory for section",
1955 frame->filename, frame->lineno);
1956 return NULL;
1957 }
1958 cf_filename_set(css, frame->filename);
1959 cf_lineno_set(css, frame->lineno);
1960 css->name2_quote = T_BARE_WORD;
1961 css->unlang = CF_UNLANG_ALLOW;
1962
1963 css->argc = argc;
1964 if (argc) {
1965 int i;
1966
1967 css->argv = talloc_array(css, char const *, argc + 1);
1968 css->argv_quote = talloc_array(css, fr_token_t, argc);
1969 css->argc = argc;
1970
1971 for (i = 0; i < argc; i++) {
1972 css->argv[i] = talloc_typed_strdup(css->argv, argv[i]);
1973 css->argv_quote[i] = T_BARE_WORD;
1974 }
1975
1976 css->argv[argc] = NULL;
1977 }
1978 talloc_free(name2);
1979
1980 stack->ptr = ptr;
1981
1982 return cf_section_to_item(css);
1983}
1984
1985static int parse_error(cf_stack_t *stack, char const *ptr, char const *message)
1986{
1987 char *spaces, *text;
1988 cf_stack_frame_t *frame = &stack->frame[stack->depth];
1989
1990 if (!ptr) ptr = stack->ptr;
1991
1992 /*
1993 * We must pass a _negative_ offset to this function.
1994 */
1995 fr_canonicalize_error(NULL, &spaces, &text, stack->ptr - ptr, stack->ptr);
1996
1997 ERROR("%s[%d]: %s", frame->filename, frame->lineno, text);
1998 ERROR("%s[%d]: %s^ - %s", frame->filename, frame->lineno, spaces, message);
1999
2000 talloc_free(spaces);
2001 talloc_free(text);
2002 return -1;
2003}
2004
2005static int parse_type_name(cf_stack_t *stack, char const **ptr_p, char const *type_ptr, fr_type_t *type_p)
2006{
2007 fr_type_t type;
2008 fr_token_t token;
2009 char const *ptr = *ptr_p;
2010 char const *ptr2;
2011
2012 /*
2013 * Parse an explicit type.
2014 */
2015 type = fr_table_value_by_str(fr_type_table, stack->buff[1], FR_TYPE_NULL);
2016 switch (type) {
2017 default:
2018 break;
2019
2020 case FR_TYPE_NULL:
2021 case FR_TYPE_VOID:
2022 case FR_TYPE_VALUE_BOX:
2023 case FR_TYPE_MAX:
2024 (void) parse_error(stack, type_ptr, "Unknown or invalid variable type in 'foreach'");
2025 return -1;
2026 }
2027
2028 fr_skip_whitespace(ptr);
2029 ptr2 = ptr;
2030
2031 /*
2032 * Parse the variable name. @todo - allow '-' in names.
2033 */
2034 token = gettoken(&ptr, stack->buff[2], stack->bufsize, false);
2035 if (token != T_BARE_WORD) {
2036 (void) parse_error(stack, ptr2, "Invalid variable name for key in 'foreach'");
2037 return -1;
2038 }
2039 fr_skip_whitespace(ptr);
2040
2041 *ptr_p = ptr;
2042 *type_p = type;
2043
2044 return 0;
2045}
2046
2047/*
2048 * foreach &User-Name { - old and deprecated
2049 *
2050 * foreach value (...) { - automatically define variable
2051 *
2052 * foreach string value ( ...) { - data type for variable
2053 *
2054 * foreach string key, type value (..) { - key is "string", value is as above
2055 */
2056static CONF_ITEM *process_foreach(cf_stack_t *stack)
2057{
2058 fr_token_t token;
2059 fr_type_t type;
2060 CONF_SECTION *css;
2061 char const *ptr = stack->ptr, *ptr2, *type_ptr;
2062 cf_stack_frame_t *frame = &stack->frame[stack->depth];
2063 CONF_SECTION *parent = frame->current;
2064
2065 css = cf_section_alloc(parent, parent, "foreach", NULL);
2066 if (!css) {
2067 ERROR("%s[%d]: Failed allocating memory for section",
2068 frame->filename, frame->lineno);
2069 return NULL;
2070 }
2071
2072 cf_filename_set(css, frame->filename);
2073 cf_lineno_set(css, frame->lineno);
2074 css->name2_quote = T_BARE_WORD;
2075 css->unlang = CF_UNLANG_ALLOW;
2076 css->allow_locals = true;
2077
2078 /*
2079 * Get the first argument to "foreach". For backwards
2080 * compatibility, it could be an attribute reference.
2081 */
2082 type_ptr = ptr;
2083 if (cf_get_token(parent, &ptr, &token, stack->buff[1], stack->bufsize,
2084 frame->filename, frame->lineno) < 0) {
2085 return NULL;
2086 }
2087
2088 if (token != T_BARE_WORD) {
2089 invalid_argument:
2090 (void) parse_error(stack, type_ptr, "Unexpected argument to 'foreach'");
2091 return NULL;
2092 }
2093
2094 fr_skip_whitespace(ptr);
2095
2096 /*
2097 * foreach foo { ...
2098 *
2099 * Deprecated and don't use.
2100 */
2101 if (*ptr == '{') {
2102 css->name2 = talloc_typed_strdup(css, stack->buff[1]);
2103
2104 ptr++;
2105 stack->ptr = ptr;
2106
2107 cf_log_warn(css, "Using deprecated syntax. Please use new the new 'foreach' syntax.");
2108 return cf_section_to_item(css);
2109 }
2110
2111 fr_skip_whitespace(ptr);
2112
2113 /*
2114 * foreach value (...) {
2115 */
2116 if (*ptr == '(') {
2117 type = FR_TYPE_NULL;
2118 strcpy(stack->buff[2], stack->buff[1]); /* so that we can parse expression in buff[1] */
2119 goto alloc_argc_2;
2120 }
2121
2122 /*
2123 * on input, type name is in stack->buff[1]
2124 * on output, variable name is in stack->buff[2]
2125 */
2126 if (parse_type_name(stack, &ptr, type_ptr, &type) < 0) return NULL;
2127
2128 /*
2129 * if we now have an expression block, then just have variable type / name.
2130 */
2131 if (*ptr == '(') goto alloc_argc_2;
2132
2133 /*
2134 * There's a comma. the first "type name" is for the key. We skip the comma, and parse the
2135 * second "type name" as being for the value.
2136 *
2137 * foreach type key, type value (...)
2138 */
2139 if (*ptr == ',') {
2140 /*
2141 * We have 4 arguments, [var-type, var-name, key-type, key-name]
2142 *
2143 * We don't really care about key-type, but we might care later.
2144 */
2145 css->argc = 4;
2146 css->argv = talloc_array(css, char const *, css->argc);
2147 css->argv_quote = talloc_array(css, fr_token_t, css->argc);
2148
2149 css->argv[2] = fr_type_to_str(type);
2150 css->argv_quote[2] = T_BARE_WORD;
2151
2152 css->argv[3] = talloc_typed_strdup(css->argv, stack->buff[2]);
2153 css->argv_quote[3] = T_BARE_WORD;
2154
2155 ptr++;
2156 fr_skip_whitespace(ptr);
2157 type_ptr = ptr;
2158
2159 /*
2160 * Now parse "type value"
2161 */
2162 token = gettoken(&ptr, stack->buff[1], stack->bufsize, false);
2163 if (token != T_BARE_WORD) goto invalid_argument;
2164
2165 if (parse_type_name(stack, &ptr, type_ptr, &type) < 0) return NULL;
2166
2167 if (!fr_type_is_leaf(type)) {
2168 (void) parse_error(stack, type_ptr, "Invalid data type for 'key' variable");
2169 return NULL;
2170 }
2171 }
2172
2173 /*
2174 * The thing to loop over must now be in an expression block.
2175 */
2176 if (*ptr != '(') {
2177 (void) parse_error(stack, ptr, "Expected (...) after 'foreach' variable definition");
2178 return NULL;
2179 }
2180
2181 goto parse_expression;
2182
2183alloc_argc_2:
2184 css->argc = 2;
2185 css->argv = talloc_array(css, char const *, css->argc);
2186 css->argv_quote = talloc_array(css, fr_token_t, css->argc);
2187
2188
2189parse_expression:
2190 /*
2191 * "(" whitespace EXPRESSION whitespace ")"
2192 */
2193 ptr++;
2194 fr_skip_whitespace(ptr);
2195 ptr2 = ptr;
2196
2197 if (cf_get_token(parent, &ptr, &token, stack->buff[1], stack->bufsize,
2198 frame->filename, frame->lineno) < 0) {
2199 return NULL;
2200 }
2201
2202 /*
2203 * We can do &foo[*] or %func(...), but not "...".
2204 */
2205 if (token != T_BARE_WORD) {
2206 (void) parse_error(stack, ptr2, "Invalid reference in 'foreach'");
2207 return NULL;
2208 }
2209
2210 fr_skip_whitespace(ptr);
2211 if (*ptr != ')') {
2212 (void) parse_error(stack, ptr, "Missing ')' in 'foreach'");
2213 return NULL;
2214 }
2215 ptr++;
2216 fr_skip_whitespace(ptr);
2217
2218 if (*ptr != '{') {
2219 (void) parse_error(stack, ptr, "Expected '{' in 'foreach'");
2220 return NULL;
2221 }
2222
2223 css->name2 = talloc_typed_strdup(css, stack->buff[1]);
2224
2225 /*
2226 * Add in the extra arguments
2227 */
2228 css->argv[0] = fr_type_to_str(type);
2229 css->argv_quote[0] = T_BARE_WORD;
2230
2231 css->argv[1] = talloc_typed_strdup(css->argv, stack->buff[2]);
2232 css->argv_quote[1] = T_BARE_WORD;
2233
2234 ptr++;
2235 stack->ptr = ptr;
2236
2237 return cf_section_to_item(css);
2238}
2239
2240
2241static int add_pair(CONF_SECTION *parent, char const *attr, char const *value,
2242 fr_token_t name1_token, fr_token_t op_token, fr_token_t value_token,
2243 char *buff, char const *filename, int lineno)
2244{
2245 CONF_DATA const *cd;
2246 conf_parser_t *rule;
2247 CONF_PAIR *cp;
2248 bool pass2 = false;
2249
2250 /*
2251 * If we have the value, expand any configuration
2252 * variables in it.
2253 */
2254 if (value && *value) {
2255 bool soft_fail;
2256 char const *expanded;
2257
2258 expanded = cf_expand_variables(filename, lineno, parent, buff, talloc_array_length(buff), value, -1, &soft_fail);
2259 if (expanded) {
2260 value = expanded;
2261
2262 } else if (!soft_fail) {
2263 return -1;
2264
2265 } else {
2266 /*
2267 * References an item which doesn't exist,
2268 * or which is already marked up as being
2269 * expanded in pass2. Wait for pass2 to
2270 * do the expansions.
2271 *
2272 * Leave the input value alone.
2273 */
2274 pass2 = true;
2275 }
2276 }
2277
2278 cp = cf_pair_alloc(parent, attr, value, op_token, name1_token, value_token);
2279 if (!cp) return -1;
2280 cf_filename_set(cp, filename);
2281 cf_lineno_set(cp, lineno);
2282 cp->pass2 = pass2;
2283
2284 cd = cf_data_find(CF_TO_ITEM(parent), conf_parser_t, attr);
2285 if (!cd) return 0;
2286
2287 rule = cf_data_value(cd);
2288 if (!rule->on_read) return 0;
2289
2290 /*
2291 * Do the on_read callback after adding the value.
2292 */
2293 return rule->on_read(parent, NULL, NULL, cf_pair_to_item(cp), rule);
2294}
2295
2296static fr_table_ptr_sorted_t unlang_keywords[] = {
2297 { L("catch"), (void *) process_catch },
2298 { L("elsif"), (void *) process_if },
2299 { L("foreach"), (void *) process_foreach },
2300 { L("if"), (void *) process_if },
2301 { L("map"), (void *) process_map },
2302 { L("subrequest"), (void *) process_subrequest }
2303};
2304static int unlang_keywords_len = NUM_ELEMENTS(unlang_keywords);
2305
2306typedef CONF_ITEM *(*cf_process_func_t)(cf_stack_t *);
2307
2308static int parse_input(cf_stack_t *stack)
2309{
2310 fr_token_t name1_token, name2_token, value_token, op_token;
2311 char const *value;
2312 CONF_SECTION *css;
2313 char const *ptr = stack->ptr;
2314 char const *ptr2;
2315 cf_stack_frame_t *frame = &stack->frame[stack->depth];
2316 CONF_SECTION *parent = frame->current;
2317 char *buff[4];
2318 cf_process_func_t process;
2319
2320 /*
2321 * Short names are nicer.
2322 */
2323 buff[0] = stack->buff[0];
2324 buff[1] = stack->buff[1];
2325 buff[2] = stack->buff[2];
2326 buff[3] = stack->buff[3];
2327
2328 fr_assert(parent != NULL);
2329
2330 /*
2331 * Catch end of a subsection.
2332 */
2333 if (*ptr == '}') {
2334 /*
2335 * We're already at the parent section
2336 * which loaded this file. We cannot go
2337 * back up another level.
2338 *
2339 * This limitation means that we cannot
2340 * put half of a CONF_SECTION in one
2341 * file, and then the second half in
2342 * another file. That's fine.
2343 */
2344 if (parent == frame->parent) {
2345 return parse_error(stack, ptr, "Too many closing braces");
2346 }
2347
2348 fr_assert(frame->braces > 0);
2349 frame->braces--;
2350
2351 /*
2352 * Merge the template into the existing
2353 * section. parent uses more memory, but
2354 * means that templates now work with
2355 * sub-sections, etc.
2356 */
2357 if (!cf_template_merge(parent, parent->template)) return -1;
2358
2359 frame->current = cf_item_to_section(parent->item.parent);
2360
2361 ptr++;
2362 stack->ptr = ptr;
2363 return 1;
2364 }
2365
2366 /*
2367 * Found nothing to get excited over. It MUST be
2368 * a key word.
2369 */
2370 ptr2 = ptr;
2371 switch (parent->unlang) {
2372 default:
2373 /*
2374 * The LHS is a bare word / keyword in normal configuration file syntax.
2375 */
2376 name1_token = gettoken(&ptr, buff[1], stack->bufsize, false);
2377 if (name1_token == T_EOL) return 0;
2378
2379 if (name1_token == T_INVALID) {
2380 return parse_error(stack, ptr2, fr_strerror());
2381 }
2382
2383 if (name1_token != T_BARE_WORD) {
2384 return parse_error(stack, ptr2, "Invalid location for quoted string");
2385 }
2386
2387 fr_skip_whitespace(ptr);
2388 break;
2389
2390 case CF_UNLANG_ALLOW:
2391 case CF_UNLANG_EDIT:
2392 case CF_UNLANG_ASSIGNMENT:
2393 /*
2394 * The LHS can be an xlat expansion, attribute reference, etc.
2395 */
2396 if (cf_get_token(parent, &ptr, &name1_token, buff[1], stack->bufsize,
2397 frame->filename, frame->lineno) < 0) {
2398 return -1;
2399 }
2400 break;
2401 }
2402
2403 /*
2404 * Check if the thing we just parsed is an unlang keyword.
2405 */
2406 if ((name1_token == T_BARE_WORD) && isalpha((uint8_t) *buff[1])) {
2407 process = (cf_process_func_t) fr_table_value_by_str(unlang_keywords, buff[1], NULL);
2408 if (process) {
2409 CONF_ITEM *ci;
2410
2411 /*
2412 * Disallow keywords outside of unlang sections.
2413 *
2414 * We don't strictly need to do this with the more state-oriented parser, but
2415 * people keep putting unlang into random places in the configuration files,
2416 * which is wrong.
2417 */
2418 if (parent->unlang != CF_UNLANG_ALLOW) {
2419 return parse_error(stack, ptr2, "Invalid location for unlang keyword");
2420 }
2421
2422 stack->ptr = ptr;
2423 ci = process(stack);
2424 if (!ci) return -1;
2425
2426 ptr = stack->ptr;
2427 if (cf_item_is_section(ci)) {
2428 parent->allow_locals = false;
2429 css = cf_item_to_section(ci);
2430 goto add_section;
2431 }
2432
2433 /*
2434 * Else the item is a pair, and the call to process() it already added it to the
2435 * current section.
2436 */
2437 goto added_pair;
2438 }
2439
2440 /*
2441 * The next token isn't text, so we ignore it.
2442 */
2443 if (!isalnum((int) *ptr)) goto check_for_eol;
2444 }
2445
2446 /*
2447 * See if this thing is a variable definition.
2448 */
2449 if ((name1_token == T_BARE_WORD) && parent->allow_locals) {
2450 fr_type_t type;
2451 char const *ptr3;
2452
2453 type = fr_table_value_by_str(fr_type_table, buff[1], FR_TYPE_NULL);
2454 if (type == FR_TYPE_NULL) {
2455 parent->allow_locals = false;
2456 goto check_for_eol;
2457 }
2458
2459 if (type == FR_TYPE_TLV) goto parse_name2;
2460
2461 /*
2462 * group {
2463 *
2464 * is a section.
2465 */
2466 if (type == FR_TYPE_GROUP) {
2467 fr_skip_whitespace(ptr);
2468 if (*ptr == '{') {
2469 ptr++;
2470 value = NULL;
2471 name2_token = T_BARE_WORD;
2472 goto alloc_section;
2473 }
2474
2475 } else if (!fr_type_is_leaf(type)) {
2476 /*
2477 * Other structural types are allowed.
2478 */
2479 return parse_error(stack, ptr2, "Invalid data type for local variable. Must be 'tlv' or else a non-structrul type");
2480 }
2481
2482 /*
2483 * We don't have an operator, so set it to a magic value.
2484 */
2485 op_token = T_OP_CMP_TRUE;
2486
2487 /*
2488 * Parse the name of the local variable, and use it as the "value" for the CONF_PAIR.
2489 */
2490 ptr3 = ptr;
2491 if (cf_get_token(parent, &ptr, &value_token, buff[2], stack->bufsize,
2492 frame->filename, frame->lineno) < 0) {
2493 return -1;
2494 }
2495
2496 if (value_token != T_BARE_WORD) {
2497 return parse_error(stack, ptr3, "Invalid name");
2498 }
2499
2500 value = buff[2];
2501
2502 /*
2503 * Non-structural things must be variable definitions.
2504 */
2505 if (fr_type_is_leaf(type)) goto alloc_pair;
2506
2507 /*
2508 * Parse: group foo
2509 * vs group foo { ...
2510 */
2511 fr_skip_whitespace(ptr);
2512
2513 if (*ptr != '{') goto alloc_pair;
2514
2515 ptr++;
2516 name2_token = T_BARE_WORD;
2517 goto alloc_section;
2518 }
2519
2520 /*
2521 * We've parsed the LHS thing. The RHS might be empty, or an operator, or another word, or an
2522 * open bracket.
2523 */
2524check_for_eol:
2525 if (!*ptr || (*ptr == '#') || (*ptr == ',') || (*ptr == ';') || (*ptr == '}')) {
2526 /*
2527 * Only unlang sections can have module references.
2528 *
2529 * We also allow bare words in edit lists, where the RHS is a list of values.
2530 *
2531 * @todo - detail "suppress" requires bare words :(
2532 */
2533 parent->allow_locals = false;
2534 value_token = T_INVALID;
2535 op_token = T_OP_EQ;
2536 value = NULL;
2537 goto alloc_pair;
2538 }
2539
2540 /*
2541 * A common pattern is: name { ...}
2542 * Check for it and skip ahead.
2543 */
2544 if (*ptr == '{') {
2545 ptr++;
2546 name2_token = T_INVALID;
2547 value = NULL;
2548 goto alloc_section;
2549 }
2550
2551 /*
2552 * Parse the thing after the first word. It can be an operator, or the second name for a section.
2553 */
2554 ptr2 = ptr;
2555 switch (parent->unlang) {
2556 default:
2557 /*
2558 * Configuration sections can only have '=' after the
2559 * first word, OR a second word which is the second name
2560 * of a configuration section.
2561 */
2562 if (*ptr == '=') goto operator;
2563
2564 /*
2565 * Section name2 can only be alphanumeric or UTF-8.
2566 */
2567 parse_name2:
2568 if (!(isalpha((uint8_t) *ptr) || isdigit((uint8_t) *ptr) || (*(uint8_t const *) ptr >= 0x80))) {
2569 /*
2570 * Maybe they missed a closing brace somewhere?
2571 */
2572 name2_token = gettoken(&ptr, buff[2], stack->bufsize, false); /* can't be EOL */
2573 if (fr_assignment_op[name2_token]) {
2574 return parse_error(stack, ptr2, "Unexpected operator, was expecting a configuration section. Is there a missing '}' somewhere?");
2575 }
2576
2577 return parse_error(stack, ptr2, "Invalid second name for configuration section");
2578 }
2579
2580 name2_token = gettoken(&ptr, buff[2], stack->bufsize, false); /* can't be EOL */
2581 if (name1_token == T_INVALID) {
2582 return parse_error(stack, ptr2, fr_strerror());
2583 }
2584
2585 if (name1_token != T_BARE_WORD) {
2586 return parse_error(stack, ptr2, "Unexpected quoted string after section name");
2587 }
2588
2589 fr_skip_whitespace(ptr);
2590
2591 if (*ptr != '{') {
2592 return parse_error(stack, ptr, "Missing '{' for configuration section");
2593 }
2594
2595 ptr++;
2596 value = buff[2];
2597 goto alloc_section;
2598
2599 case CF_UNLANG_ASSIGNMENT:
2600 /*
2601 * The next thing MUST be an operator. We don't support nested attributes in "update" or
2602 * "map" sections.
2603 */
2604 goto operator;
2605
2606 case CF_UNLANG_EDIT:
2607 /*
2608 * The next thing MUST be an operator. Edit sections always do operations, even on
2609 * lists. i.e. there is no second name section when editing a list.
2610 */
2611 goto operator;
2612
2613 case CF_UNLANG_ALLOW:
2614 /*
2615 * It's not a string, bare word, or attribute reference. It must be an operator.
2616 */
2617 if (!((*ptr == '"') || (*ptr == '`') || (*ptr == '\'') || ((*ptr == '&') && (ptr[1] != '=')) ||
2618 ((*((uint8_t const *) ptr) & 0x80) != 0) || isalpha((uint8_t) *ptr) || isdigit((uint8_t) *ptr))) {
2619 goto operator;
2620 }
2621 break;
2622 }
2623
2624 /*
2625 * The second name could be a bare word, xlat expansion, string etc.
2626 */
2627 if (cf_get_token(parent, &ptr, &name2_token, buff[2], stack->bufsize,
2628 frame->filename, frame->lineno) < 0) {
2629 return -1;
2630 }
2631
2632 if (*ptr != '{') {
2633 return parse_error(stack, ptr, "Expected '{'");
2634 }
2635 ptr++;
2636 value = buff[2];
2637
2638alloc_section:
2639 parent->allow_locals = false;
2640
2641 css = cf_section_alloc(parent, parent, buff[1], value);
2642 if (!css) {
2643 ERROR("%s[%d]: Failed allocating memory for section",
2644 frame->filename, frame->lineno);
2645 return -1;
2646 }
2647
2648 cf_filename_set(css, frame->filename);
2649 cf_lineno_set(css, frame->lineno);
2650 css->name2_quote = name2_token;
2651 css->unlang = CF_UNLANG_NONE;
2652 css->allow_locals = false;
2653
2654 /*
2655 * Only a few top-level sections allow "unlang"
2656 * statements. And for those, "unlang"
2657 * statements are only allowed in child
2658 * subsection.
2659 */
2660 switch (parent->unlang) {
2661 case CF_UNLANG_NONE:
2662 if (!parent->item.parent) {
2663 if (strcmp(css->name1, "server") == 0) css->unlang = CF_UNLANG_SERVER;
2664 if (strcmp(css->name1, "policy") == 0) css->unlang = CF_UNLANG_POLICY;
2665 if (strcmp(css->name1, "modules") == 0) css->unlang = CF_UNLANG_MODULES;
2666 if (strcmp(css->name1, "templates") == 0) css->unlang = CF_UNLANG_CAN_HAVE_UPDATE;
2667
2668 } else if ((cf_item_to_section(parent->item.parent)->unlang == CF_UNLANG_MODULES) &&
2669 (strcmp(css->name1, "update") == 0)) {
2670 /*
2671 * Module configuration can contain "update" statements.
2672 */
2673 css->unlang = CF_UNLANG_ASSIGNMENT;
2674 css->allow_locals = false;
2675 }
2676 break;
2677
2678 /*
2679 * It's a policy section - allow unlang inside of child sections.
2680 */
2681 case CF_UNLANG_POLICY:
2682 css->unlang = CF_UNLANG_ALLOW;
2683 css->allow_locals = true;
2684 break;
2685
2686 /*
2687 * A virtual server has processing sections, but only a limited number of them.
2688 * Rather than trying to autoload them and glue the interpreter into the conf
2689 * file parser, we just hack it.
2690 */
2691 case CF_UNLANG_SERVER:
2692 // git grep SECTION_NAME src/process/ src/lib/server/process.h | sed 's/.*SECTION_NAME("//;s/",.*//' | sort -u
2693 if ((strcmp(css->name1, "accounting") == 0) ||
2694 (strcmp(css->name1, "add") == 0) ||
2695 (strcmp(css->name1, "authenticate") == 0) ||
2696 (strcmp(css->name1, "clear") == 0) ||
2697 (strcmp(css->name1, "deny") == 0) ||
2698 (strcmp(css->name1, "error") == 0) ||
2699 (strcmp(css->name1, "load") == 0) ||
2700 (strcmp(css->name1, "new") == 0) ||
2701 (strcmp(css->name1, "recv") == 0) ||
2702 (strcmp(css->name1, "send") == 0) ||
2703 (strcmp(css->name1, "store") == 0) ||
2704 (strcmp(css->name1, "establish") == 0) ||
2705 (strcmp(css->name1, "verify") == 0)) {
2706 css->unlang = CF_UNLANG_ALLOW;
2707 css->allow_locals = true;
2708 break;
2709 }
2710
2711 /*
2712 * Allow local variables, but no unlang statements.
2713 */
2714 if (strcmp(css->name1, "dictionary") == 0) {
2715 css->unlang = CF_UNLANG_DICTIONARY;
2716 css->allow_locals = true;
2717 break;
2718 }
2719
2720 /*
2721 * ldap sync has "update" a few levels down.
2722 */
2723 if (strcmp(css->name1, "listen") == 0) {
2724 css->unlang = CF_UNLANG_CAN_HAVE_UPDATE;
2725 }
2726 break;
2727
2728 /*
2729 * Virtual modules in the "modules" section can have unlang.
2730 */
2731 case CF_UNLANG_MODULES:
2732 if ((strcmp(css->name1, "group") == 0) ||
2733 (strcmp(css->name1, "load-balance") == 0) ||
2734 (strcmp(css->name1, "redundant") == 0) ||
2735 (strcmp(css->name1, "redundant-load-balance") == 0)) {
2736 css->unlang = CF_UNLANG_ALLOW;
2737 css->allow_locals = true;
2738 } else {
2739 css->unlang = CF_UNLANG_CAN_HAVE_UPDATE;
2740 }
2741 break;
2742
2743 case CF_UNLANG_EDIT:
2744 /*
2745 * Edit sections can only have children which are edit sections.
2746 */
2747 css->unlang = CF_UNLANG_EDIT;
2748 break;
2749
2750 case CF_UNLANG_ALLOW:
2751 /*
2752 * If we are doing list assignment, then don't allow local variables. The children are
2753 * also then all edit sections, and not unlang statements.
2754 *
2755 * If we're not doing list assignment, then name2 has to be a bare word, string, etc.
2756 */
2757 css->allow_locals = !fr_list_assignment_op[name2_token];
2758 if (css->allow_locals) {
2759 /*
2760 * @todo - tighten this up for "actions" sections, and module rcode
2761 * over-rides.
2762 *
2763 * Perhaps the best way to do that is to change the syntax for module
2764 * over-rides, so that the parser doesn't have to guess. :(
2765 */
2766 css->unlang = CF_UNLANG_ALLOW;
2767 } else {
2768 css->unlang = CF_UNLANG_EDIT;
2769 }
2770 break;
2771
2772 /*
2773 * We can (maybe?) do nested assignments inside of an old-style "update" or "map" section
2774 */
2775 case CF_UNLANG_ASSIGNMENT:
2776 css->unlang = CF_UNLANG_ASSIGNMENT;
2777 break;
2778
2779 case CF_UNLANG_DICTIONARY:
2780 css->unlang = CF_UNLANG_DICTIONARY;
2781 css->allow_locals = true;
2782 break;
2783
2784 case CF_UNLANG_CAN_HAVE_UPDATE:
2785 if (strcmp(css->name1, "update") == 0) {
2786 css->unlang = CF_UNLANG_ASSIGNMENT;
2787 } else {
2788 css->unlang = CF_UNLANG_CAN_HAVE_UPDATE;
2789 }
2790 break;
2791 }
2792
2793add_section:
2794 /*
2795 * The current section is now the child section.
2796 */
2797 frame->current = css;
2798 frame->braces++;
2799 css = NULL;
2800 stack->ptr = ptr;
2801 return 1;
2802
2803
2804 /*
2805 * If we're not parsing a section, then the next
2806 * token MUST be an operator.
2807 */
2808operator:
2809 ptr2 = ptr;
2810 name2_token = gettoken(&ptr, buff[2], stack->bufsize, false);
2811 switch (name2_token) {
2812 case T_OP_ADD_EQ:
2813 case T_OP_SUB_EQ:
2814 case T_OP_AND_EQ:
2815 case T_OP_OR_EQ:
2816 case T_OP_NE:
2817 case T_OP_RSHIFT_EQ:
2818 case T_OP_GE:
2819 case T_OP_GT:
2820 case T_OP_LSHIFT_EQ:
2821 case T_OP_LE:
2822 case T_OP_LT:
2823 case T_OP_CMP_EQ:
2824 case T_OP_CMP_FALSE:
2825 case T_OP_SET:
2826 case T_OP_PREPEND:
2827 /*
2828 * Allow more operators in unlang statements, edit sections, and old-style "update" sections.
2829 */
2830 if ((parent->unlang != CF_UNLANG_ALLOW) && (parent->unlang != CF_UNLANG_EDIT) && (parent->unlang != CF_UNLANG_ASSIGNMENT)) {
2831 return parse_error(stack, ptr2, "Invalid operator for assignment");
2832 }
2833 FALL_THROUGH;
2834
2835 case T_OP_EQ:
2836 /*
2837 * Configuration variables can only use =
2838 */
2839 fr_skip_whitespace(ptr);
2840 op_token = name2_token;
2841 break;
2842
2843 default:
2844 return parse_error(stack, ptr2, "Syntax error, the input should be an assignment operator");
2845 }
2846
2847 /*
2848 * MUST have something after the operator.
2849 */
2850 if (!*ptr || (*ptr == '#') || (*ptr == ',') || (*ptr == ';')) {
2851 return parse_error(stack, ptr, "Missing value after operator");
2852 }
2853
2854 /*
2855 * foo = { ... } for nested groups.
2856 *
2857 * As a special case, we allow sub-sections after '=', etc.
2858 *
2859 * This syntax is only for inside of "update"
2860 * sections, and for attributes of type "group".
2861 * But the parser isn't (yet) smart enough to
2862 * know about that context. So we just silently
2863 * allow it everywhere.
2864 */
2865 if (*ptr == '{') {
2866 if ((parent->unlang != CF_UNLANG_ALLOW) && (parent->unlang != CF_UNLANG_EDIT)) {
2867 return parse_error(stack, ptr, "Invalid location for nested attribute assignment");
2868 }
2869
2870 if (!fr_list_assignment_op[name2_token]) {
2871 return parse_error(stack, ptr, "Invalid assignment operator for list");
2872 }
2873
2874 /*
2875 * Now that we've peeked ahead to
2876 * see the open brace, parse it
2877 * for real.
2878 */
2879 ptr++;
2880
2881 /*
2882 * Leave name2_token as the
2883 * operator (as a hack). But
2884 * note that there's no actual
2885 * name2. We'll deal with that
2886 * situation later.
2887 */
2888 value = NULL;
2889 goto alloc_section;
2890 }
2891
2892 fr_skip_whitespace(ptr);
2893
2894 /*
2895 * Parse the value for a CONF_PAIR.
2896 *
2897 * If it's unlang or an edit section, the RHS can be an expression.
2898 */
2899 if ((parent->unlang == CF_UNLANG_ALLOW) || (parent->unlang == CF_UNLANG_EDIT)) {
2900 bool eol;
2901 ssize_t slen;
2902
2903 ptr2 = ptr;
2904
2905 /*
2906 * If the RHS is an expression (foo) or function %foo(), then mark it up as an expression.
2907 */
2908 if ((*ptr == '(') || (*ptr == '%')) {
2909 /* nothing */
2910
2911 } else if (cf_get_token(parent, &ptr2, &value_token, buff[2], stack->bufsize,
2912 frame->filename, frame->lineno) == 0) {
2913 /*
2914 * We have one token (bare word), followed by EOL. It's just a token.
2915 */
2916 fr_skip_whitespace(ptr2);
2917 if (terminal_end_line[(uint8_t) *ptr2]) {
2918 parent->allow_locals = false;
2919 ptr = ptr2;
2920 value = buff[2];
2921 goto alloc_pair;
2922 }
2923 } /* else it looks like an expression */
2924
2925 /*
2926 * Parse the text as an expression.
2927 *
2928 * Note that unlike conditions, expressions MUST use \ at the EOL for continuation.
2929 * If we automatically read past EOL, as with:
2930 *
2931 * &foo := (bar -
2932 * baz)
2933 *
2934 * That works, mostly. Until the user forgets to put the trailing ')', and then
2935 * the parse is bad enough that it tries to read to EOF, or to some other random
2936 * parse error.
2937 *
2938 * So the simplest way to avoid utter craziness is to simply require a signal which
2939 * says "yes, I intended to put this over multiple lines".
2940 */
2941 slen = fr_skip_condition(ptr, NULL, terminal_end_line, &eol);
2942 if (slen < 0) {
2943 return parse_error(stack, ptr + (-slen), fr_strerror());
2944 }
2945
2946 /*
2947 * We parsed until the end of the string, but the condition still needs more data.
2948 */
2949 if (eol) {
2950 return parse_error(stack, ptr + slen, "Expression is unfinished at end of line");
2951 }
2952
2953 /*
2954 * Keep a copy of the entire RHS.
2955 */
2956 memcpy(buff[2], ptr, slen);
2957 buff[2][slen] = '\0';
2958
2959 value = buff[2];
2960
2961 /*
2962 * Mark it up as an expression
2963 *
2964 * @todo - we should really just call cf_data_add() to add a flag, but this is good for
2965 * now. See map_afrom_cp()
2966 */
2967 value_token = T_HASH;
2968
2969 /*
2970 * Skip terminal characters
2971 */
2972 ptr += slen;
2973 if ((*ptr == ',') || (*ptr == ';')) ptr++;
2974
2975#if 0
2976 } else if ((parent->unlang != CF_UNLANG_ASSIGNMENT) &&
2977 ((*ptr == '`') || (*ptr == '%') || (*ptr == '('))) {
2978 /*
2979 * Config sections can't use backticks, xlat expansions, or expressions.
2980 *
2981 * Except module configurations can have key = %{...}
2982 */
2983 return parse_error(stack, ptr, "Invalid value for assignment in configuration file");
2984#endif
2985
2986 } else {
2987 if (cf_get_token(parent, &ptr, &value_token, buff[2], stack->bufsize,
2988 frame->filename, frame->lineno) < 0) {
2989 return -1;
2990 }
2991 value = buff[2];
2992 }
2993
2994 /*
2995 * We have an attribute assignment, which means that we no longer allow local variables to be
2996 * defined.
2997 */
2998 parent->allow_locals = false;
2999
3000alloc_pair:
3001 if (add_pair(parent, buff[1], value, name1_token, op_token, value_token, buff[3], frame->filename, frame->lineno) < 0) return -1;
3002
3003added_pair:
3004 fr_skip_whitespace(ptr);
3005
3006 /*
3007 * Skip semicolon if we see it after a
3008 * CONF_PAIR. Also allow comma for
3009 * backwards compatibility with secret
3010 * things in v3.
3011 */
3012 if ((*ptr == ';') || (*ptr == ',')) {
3013 ptr++;
3014 stack->ptr = ptr;
3015 return 1;
3016 }
3017
3018 /*
3019 * Closing brace is allowed after a CONF_PAIR
3020 * definition.
3021 */
3022 if (*ptr == '}') {
3023 stack->ptr = ptr;
3024 return 1;
3025 }
3026
3027 /*
3028 * Anything OTHER than EOL or comment is a syntax
3029 * error.
3030 */
3031 if (*ptr && (*ptr != '#')) {
3032 return parse_error(stack, ptr, "Unexpected text after configuration item");
3033 }
3034
3035 /*
3036 * Since we're at EOL or comment, just drop the
3037 * text, and go read another line of text.
3038 */
3039 return 0;
3040}
3041
3042
3043static int frame_readdir(cf_stack_t *stack)
3044{
3045 cf_stack_frame_t *frame = &stack->frame[stack->depth];
3046 CONF_SECTION *parent = frame->current;
3047 cf_file_heap_t *h;
3048
3049 h = fr_heap_pop(&frame->heap);
3050 if (!h) {
3051 /*
3052 * Done reading the directory entry. Close it, and go
3053 * back up a stack frame.
3054 */
3055 talloc_free(frame->directory);
3056 stack->depth--;
3057 return 1;
3058 }
3059
3060 /*
3061 * Push the next filename onto the stack.
3062 */
3063 stack->depth++;
3064 frame = &stack->frame[stack->depth];
3065 memset(frame, 0, sizeof(*frame));
3066
3067 frame->type = CF_STACK_FILE;
3068 frame->fp = NULL;
3069 frame->parent = parent;
3070 frame->current = parent;
3071 frame->filename = h->filename;
3072 frame->lineno = 0;
3073 frame->from_dir = true;
3074 return 1;
3075}
3076
3077
3078static fr_md5_ctx_t *cf_md5_ctx = NULL;
3079
3080void cf_md5_init(void)
3081{
3082 cf_md5_ctx = fr_md5_ctx_alloc();
3083}
3084
3085
3086static void cf_md5_update(char const *p)
3087{
3088 if (!cf_md5_ctx) return;
3089
3090 fr_md5_update(cf_md5_ctx, (uint8_t const *)p, strlen(p));
3091}
3092
3093void cf_md5_final(uint8_t *digest)
3094{
3095 if (!cf_md5_ctx) {
3096 memset(digest, 0, MD5_DIGEST_LENGTH);
3097 return;
3098 }
3099
3100 fr_md5_final(digest, cf_md5_ctx);
3101 fr_md5_ctx_free(&cf_md5_ctx);
3102 cf_md5_ctx = NULL;
3103}
3104
3105static int cf_file_fill(cf_stack_t *stack)
3106{
3107 bool at_eof, has_spaces;
3108 size_t len;
3109 char const *ptr;
3110 cf_stack_frame_t *frame = &stack->frame[stack->depth];
3111
3112read_more:
3113 has_spaces = false;
3114
3115read_continuation:
3116 /*
3117 * Get data, and remember if we are at EOF.
3118 */
3119 at_eof = (fgets(stack->fill, stack->bufsize - (stack->fill - stack->buff[0]), frame->fp) == NULL);
3120 cf_md5_update(stack->fill);
3121 frame->lineno++;
3122
3123 /*
3124 * We read the entire 8k worth of data: complain.
3125 * Note that we don't care if the last character
3126 * is \n: it's still forbidden. This means that
3127 * the maximum allowed length of text is 8k-1, which
3128 * should be plenty.
3129 */
3130 len = strlen(stack->fill);
3131 if ((stack->fill + len + 1) >= (stack->buff[0] + stack->bufsize)) {
3132 ERROR("%s[%d]: Line too long", frame->filename, frame->lineno);
3133 return -1;
3134 }
3135
3136 /*
3137 * Suppress leading whitespace after a
3138 * continuation line.
3139 */
3140 if (has_spaces) {
3141 ptr = stack->fill;
3142 fr_skip_whitespace(ptr);
3143
3144 if (ptr > stack->fill) {
3145 memmove(stack->fill, ptr, len - (ptr - stack->fill));
3146 len -= (ptr - stack->fill);
3147 }
3148 }
3149
3150 /*
3151 * Skip blank lines when we're at the start of
3152 * the read buffer.
3153 */
3154 if (stack->fill == stack->buff[0]) {
3155 if (at_eof) return 0;
3156
3157 ptr = stack->buff[0];
3158 fr_skip_whitespace(ptr);
3159
3160 if (!*ptr || (*ptr == '#')) goto read_more;
3161
3162 } else if (at_eof || (len == 0)) {
3163 ERROR("%s[%d]: Continuation at EOF is illegal", frame->filename, frame->lineno);
3164 return -1;
3165 }
3166
3167 /*
3168 * See if there's a continuation.
3169 */
3170 while ((len > 0) &&
3171 ((stack->fill[len - 1] == '\n') || (stack->fill[len - 1] == '\r'))) {
3172 len--;
3173 stack->fill[len] = '\0';
3174 }
3175
3176 if ((len > 0) && (stack->fill[len - 1] == '\\')) {
3177 /*
3178 * Check for "suppress spaces" magic.
3179 */
3180 if (!has_spaces && (len > 2) && (stack->fill[len - 2] == '"')) {
3181 has_spaces = true;
3182 }
3183
3184 stack->fill[len - 1] = '\0';
3185 stack->fill += len - 1;
3186 goto read_continuation;
3187 }
3188
3189 ptr = stack->fill;
3190
3191 /*
3192 * We now have one full line of text in the input
3193 * buffer, without continuations.
3194 */
3195 fr_skip_whitespace(ptr);
3196
3197 /*
3198 * Nothing left, or just a comment. Go read
3199 * another line of text.
3200 */
3201 if (!*ptr || (*ptr == '#')) goto read_more;
3202
3203 return 1;
3204}
3205
3206
3207/*
3208 * Read a configuration file or files.
3209 */
3210static int cf_file_include(cf_stack_t *stack)
3211{
3212 CONF_SECTION *parent;
3213 char const *ptr;
3214
3215 cf_stack_frame_t *frame;
3216 int rcode;
3217
3218do_frame:
3219 frame = &stack->frame[stack->depth];
3220 parent = frame->current; /* add items here */
3221
3222 switch (frame->type) {
3223#ifdef HAVE_GLOB_H
3224 case CF_STACK_GLOB:
3225 if (frame->gl_current == frame->glob.gl_pathc) {
3226 globfree(&frame->glob);
3227 goto pop_stack;
3228 }
3229
3230 /*
3231 * Process the filename as an include.
3232 */
3233 if (process_include(stack, parent, frame->glob.gl_pathv[frame->gl_current++], frame->required, false) < 0) return -1;
3234
3235 /*
3236 * Run the correct frame. If the file is NOT
3237 * required, then the call to process_include()
3238 * may return 0, and we just process the next
3239 * glob. Otherwise, the call to
3240 * process_include() may return a directory or a
3241 * filename. Go handle that.
3242 */
3243 goto do_frame;
3244#endif
3245
3246#ifdef HAVE_DIRENT_H
3247 case CF_STACK_DIR:
3248 rcode = frame_readdir(stack);
3249 if (rcode == 0) goto do_frame;
3250 if (rcode < 0) return -1;
3251
3252 /*
3253 * Reset which frame we're looking at.
3254 */
3255 frame = &stack->frame[stack->depth];
3256 fr_assert(frame->type == CF_STACK_FILE);
3257 break;
3258#endif
3259
3260 case CF_STACK_FILE:
3261 break;
3262 }
3263
3264#ifndef NDEBUG
3265 /*
3266 * One last sanity check.
3267 */
3268 if (frame->type != CF_STACK_FILE) {
3269 cf_log_err(frame->current, "%s: Internal sanity check failed", __FUNCTION__);
3270 goto pop_stack;
3271 }
3272#endif
3273
3274 /*
3275 * Open the new file if necessary. It either came from
3276 * the first call to the function, or was pushed onto the
3277 * stack by another function.
3278 */
3279 if (!frame->fp) {
3280 rcode = cf_file_open(frame->parent, frame->filename, frame->from_dir, &frame->fp);
3281 if (rcode < 0) return -1;
3282
3283 /*
3284 * Ignore this file
3285 */
3286 if (rcode == 1) {
3287 cf_log_warn(frame->current, "Ignoring file %s - it was already read",
3288 frame->filename);
3289 goto pop_stack;
3290 }
3291 }
3292
3293 /*
3294 * Read, checking for line continuations ('\\' at EOL)
3295 */
3296 for (;;) {
3297 /*
3298 * Fill the buffers with data.
3299 */
3300 stack->fill = stack->buff[0];
3301 rcode = cf_file_fill(stack);
3302 if (rcode < 0) return -1;
3303 if (rcode == 0) break;
3304
3305 /*
3306 * The text here MUST be at the start of a line,
3307 * OR have only whitespace in front of it.
3308 */
3309 ptr = stack->buff[0];
3310 fr_skip_whitespace(ptr);
3311
3312 if (*ptr == '$') {
3313 /*
3314 * Allow for $INCLUDE files
3315 */
3316 if (strncasecmp(ptr, "$INCLUDE", 8) == 0) {
3317 ptr += 8;
3318
3319 if (process_include(stack, parent, ptr, true, true) < 0) return -1;
3320 goto do_frame;
3321 }
3322
3323 if (strncasecmp(ptr, "$-INCLUDE", 9) == 0) {
3324 ptr += 9;
3325
3326 rcode = process_include(stack, parent, ptr, false, true);
3327 if (rcode < 0) return -1;
3328 if (rcode == 0) continue;
3329 goto do_frame;
3330 }
3331
3332 /*
3333 * Allow for $TEMPLATE things
3334 */
3335 if (strncasecmp(ptr, "$TEMPLATE", 9) == 0) {
3336 ptr += 9;
3337 fr_skip_whitespace(ptr);
3338
3339 stack->ptr = ptr;
3340 if (process_template(stack) < 0) return -1;
3341 continue;
3342 }
3343
3344 return parse_error(stack, ptr, "Unknown $... keyword");
3345 }
3346
3347 /*
3348 * All of the file handling code is done. Parse the input.
3349 */
3350 do {
3351 fr_skip_whitespace(ptr);
3352 if (!*ptr || (*ptr == '#')) break;
3353
3354 stack->ptr = ptr;
3355 rcode = parse_input(stack);
3356 ptr = stack->ptr;
3357
3358 if (rcode < 0) return -1;
3359 parent = frame->current;
3360 } while (rcode == 1);
3361 }
3362
3363 fr_assert(frame->fp != NULL);
3364
3365 /*
3366 * See if EOF was unexpected.
3367 */
3368 if (feof(frame->fp) && (parent != frame->parent)) {
3369 ERROR("%s[%d]: EOF reached without closing brace for section %s starting at line %d",
3370 frame->filename, frame->lineno, cf_section_name1(parent), cf_lineno(parent));
3371 return -1;
3372 }
3373
3374 fclose(frame->fp);
3375 frame->fp = NULL;
3376
3377pop_stack:
3378 /*
3379 * More things to read, go read them.
3380 */
3381 if (stack->depth > 0) {
3382 stack->depth--;
3383 goto do_frame;
3384 }
3385
3386 return 0;
3387}
3388
3389static void cf_stack_cleanup(cf_stack_t *stack)
3390{
3391 cf_stack_frame_t *frame = &stack->frame[stack->depth];
3392
3393 while (stack->depth >= 0) {
3394 switch (frame->type) {
3395 case CF_STACK_FILE:
3396 if (frame->fp) fclose(frame->fp);
3397 frame->fp = NULL;
3398 break;
3399
3400#ifdef HAVE_DIRENT_H
3401 case CF_STACK_DIR:
3402 talloc_free(frame->directory);
3403 break;
3404#endif
3405
3406#ifdef HAVE_GLOB_H
3407 case CF_STACK_GLOB:
3408 globfree(&frame->glob);
3409 break;
3410#endif
3411 }
3412
3413 frame--;
3414 stack->depth--;
3415 }
3416
3417 talloc_free(stack->buff);
3418}
3419
3420/*
3421 * Bootstrap a config file.
3422 */
3423int cf_file_read(CONF_SECTION *cs, char const *filename)
3424{
3425 int i;
3426 char *p;
3427 CONF_PAIR *cp;
3428 fr_rb_tree_t *tree;
3429 cf_stack_t stack;
3430 cf_stack_frame_t *frame;
3431
3432 cp = cf_pair_alloc(cs, "confdir", filename, T_OP_EQ, T_BARE_WORD, T_SINGLE_QUOTED_STRING);
3433 if (!cp) return -1;
3434
3435 p = strrchr(cp->value, FR_DIR_SEP);
3436 if (p) *p = '\0';
3437
3438 MEM(tree = fr_rb_inline_talloc_alloc(cs, cf_file_t, node, _inode_cmp, NULL));
3439
3440 cf_data_add(cs, tree, "filename", false);
3441
3442#ifndef NDEBUG
3443 memset(&stack, 0, sizeof(stack));
3444#endif
3445
3446 /*
3447 * Allocate temporary buffers on the heap (so we don't use *all* the stack space)
3448 */
3449 stack.buff = talloc_array(cs, char *, 4);
3450 for (i = 0; i < 4; i++) MEM(stack.buff[i] = talloc_array(stack.buff, char, 8192));
3451
3452 stack.depth = 0;
3453 stack.bufsize = 8192;
3454 frame = &stack.frame[stack.depth];
3455
3456 memset(frame, 0, sizeof(*frame));
3457 frame->parent = frame->current = cs;
3458
3459 frame->type = CF_STACK_FILE;
3460 frame->filename = talloc_strdup(frame->parent, filename);
3461 cs->item.filename = frame->filename;
3462
3463 if (cf_file_include(&stack) < 0) {
3464 cf_stack_cleanup(&stack);
3465 return -1;
3466 }
3467
3468 talloc_free(stack.buff);
3469
3470 /*
3471 * Now that we've read the file, go back through it and
3472 * expand the variables.
3473 */
3474 if (cf_section_pass2(cs) < 0) {
3475 cf_log_err(cs, "Parsing config items failed");
3476 return -1;
3477 }
3478
3479 return 0;
3480}
3481
3482void cf_file_free(CONF_SECTION *cs)
3483{
3484 talloc_free(cs);
3485}
3486
3487/** Set the euid/egid used when performing file checks
3488 *
3489 * Sets the euid, and egid used when cf_file_check is called to check
3490 * permissions on conf items of type #CONF_FLAG_FILE_INPUT
3491 *
3492 * @note This is probably only useful for the freeradius daemon itself.
3493 *
3494 * @param uid to set, (uid_t)-1 to use current euid.
3495 * @param gid to set, (gid_t)-1 to use current egid.
3496 */
3497void cf_file_check_user(uid_t uid, gid_t gid)
3498{
3499 if (uid != 0) conf_check_uid = uid;
3500 if (gid != 0) conf_check_gid = gid;
3501}
3502
3503static char const parse_tabs[] = " ";
3504
3505static ssize_t cf_string_write(FILE *fp, char const *string, size_t len, fr_token_t t)
3506{
3507 size_t outlen;
3508 char c;
3509 char buffer[2048];
3510
3511 switch (t) {
3512 default:
3513 c = '\0';
3514 break;
3515
3516 case T_DOUBLE_QUOTED_STRING:
3517 c = '"';
3518 break;
3519
3520 case T_SINGLE_QUOTED_STRING:
3521 c = '\'';
3522 break;
3523
3524 case T_BACK_QUOTED_STRING:
3525 c = '`';
3526 break;
3527 }
3528
3529 if (c) fprintf(fp, "%c", c);
3530
3531 outlen = fr_snprint(buffer, sizeof(buffer), string, len, c);
3532 fwrite(buffer, outlen, 1, fp);
3533
3534 if (c) fprintf(fp, "%c", c);
3535 return 1;
3536}
3537
3538static int cf_pair_write(FILE *fp, CONF_PAIR *cp)
3539{
3540 if (!cp->value) {
3541 fprintf(fp, "%s\n", cp->attr);
3542 return 0;
3543 }
3544
3545 cf_string_write(fp, cp->attr, strlen(cp->attr), cp->lhs_quote);
3546 fprintf(fp, " %s ", fr_table_str_by_value(fr_tokens_table, cp->op, "<INVALID>"));
3547 cf_string_write(fp, cp->value, strlen(cp->value), cp->rhs_quote);
3548 fprintf(fp, "\n");
3549
3550 return 1; /* FIXME */
3551}
3552
3553
3554int cf_section_write(FILE *fp, CONF_SECTION *cs, int depth)
3555{
3556 if (!fp || !cs) return -1;
3557
3558 /*
3559 * Print the section name1, etc.
3560 */
3561 fwrite(parse_tabs, depth, 1, fp);
3562 cf_string_write(fp, cs->name1, strlen(cs->name1), T_BARE_WORD);
3563
3564 /*
3565 * FIXME: check for "if" or "elsif". And if so, print
3566 * out the parsed condition, instead of the input text
3567 *
3568 * cf_data_find(cs, CF_DATA_TYPE_UNLANG, "if");
3569 */
3570 if (cs->name2) {
3571 fputs(" ", fp);
3572
3573#if 0
3574 c = cf_data_value(cf_data_find(cs, fr_cond_t, NULL));
3575 if (c) {
3576 char buffer[1024];
3577
3578 cond_print(&FR_SBUFF_OUT(buffer, sizeof(buffer)), c);
3579 fprintf(fp, "(%s)", buffer);
3580 } else
3581#endif
3582 cf_string_write(fp, cs->name2, strlen(cs->name2), cs->name2_quote);
3583 }
3584
3585 fputs(" {\n", fp);
3586
3587 /*
3588 * Loop over the children. Either recursing, or opening
3589 * a new file.
3590 */
3591 cf_item_foreach(&cs->item, ci) {
3592 switch (ci->type) {
3593 case CONF_ITEM_SECTION:
3594 cf_section_write(fp, cf_item_to_section(ci), depth + 1);
3595 break;
3596
3597 case CONF_ITEM_PAIR:
3598 /*
3599 * Ignore internal things.
3600 */
3601 if (!ci->filename || (ci->filename[0] == '<')) break;
3602
3603 fwrite(parse_tabs, depth + 1, 1, fp);
3604 cf_pair_write(fp, cf_item_to_pair(ci));
3605 break;
3606
3607 default:
3608 break;
3609 }
3610 }
3611
3612 fwrite(parse_tabs, depth, 1, fp);
3613 fputs("}\n\n", fp);
3614
3615 return 1;
3616}
3617
3618
3619CONF_ITEM *cf_reference_item(CONF_SECTION const *parent_cs,
3620 CONF_SECTION const *outer_cs,
3621 char const *ptr)
3622{
3623 CONF_PAIR *cp;
3624 CONF_SECTION *next;
3625 CONF_SECTION const *cs = outer_cs;
3626 char name[8192];
3627 char *p;
3628
3629 if (!ptr || (!parent_cs && !outer_cs)) return NULL;
3630
3631 strlcpy(name, ptr, sizeof(name));
3632
3633 p = name;
3634
3635 /*
3636 * ".foo" means "foo from the current section"
3637 */
3638 if (*p == '.') {
3639 p++;
3640
3641 /*
3642 * Just '.' means the current section
3643 */
3644 if (*p == '\0') return cf_section_to_item(cs);
3645
3646 /*
3647 * ..foo means "foo from the section
3648 * enclosing this section" (etc.)
3649 */
3650 while (*p == '.') {
3651 if (cs->item.parent) cs = cf_item_to_section(cs->item.parent);
3652
3653 /*
3654 * .. means the section
3655 * enclosing this section
3656 */
3657 if (!*++p) return cf_section_to_item(cs);
3658 }
3659
3660 /*
3661 * "foo.bar.baz" means "from the root"
3662 */
3663 } else if (strchr(p, '.') != NULL) {
3664 if (!parent_cs) return NULL;
3665 cs = parent_cs;
3666 }
3667
3668 while (*p) {
3669 char *q, *r;
3670
3671 r = strchr(p, '[');
3672 q = strchr(p, '.');
3673 if (!r && !q) break;
3674
3675 if (r && q > r) q = NULL;
3676 if (q && q < r) r = NULL;
3677
3678 /*
3679 * Split off name2.
3680 */
3681 if (r) {
3682 q = strchr(r + 1, ']');
3683 if (!q) return NULL; /* parse error */
3684
3685 /*
3686 * Points to foo[bar]xx: parse error,
3687 * it should be foo[bar] or foo[bar].baz
3688 */
3689 if (q[1] && q[1] != '.') return NULL;
3690
3691 *r = '\0';
3692 *q = '\0';
3693 next = cf_section_find(cs, p, r + 1);
3694 if (!next && cs->template) next = cf_section_find(cs->template, p, r + 1);
3695 *r = '[';
3696 *q = ']';
3697
3698 /*
3699 * Points to a named instance of a section.
3700 */
3701 if (!q[1]) {
3702 if (!next) return NULL;
3703 return &(next->item);
3704 }
3705
3706 q++; /* ensure we skip the ']' and '.' */
3707
3708 } else {
3709 *q = '\0';
3710 next = cf_section_find(cs, p, NULL);
3711 if (!next && cs->template) next = cf_section_find(cs->template, p, NULL);
3712 *q = '.';
3713 }
3714
3715 if (!next) break; /* it MAY be a pair in this section! */
3716
3717 cs = next;
3718 p = q + 1;
3719 }
3720
3721 if (!*p) return NULL;
3722
3723retry:
3724 /*
3725 * Find it in the current referenced
3726 * section.
3727 */
3728 cp = cf_pair_find(cs, p);
3729 if (!cp && cs->template) cp = cf_pair_find(cs->template, p);
3730 if (cp) {
3731 cp->referenced = true; /* conf pairs which are referenced count as used */
3732 return &(cp->item);
3733 }
3734
3735 next = cf_section_find(cs, p, NULL);
3736 if (next) return &(next->item);
3737
3738 /*
3739 * "foo" is "in the current section, OR in main".
3740 */
3741 if ((p == name) && (parent_cs != NULL) && (cs != parent_cs)) {
3742 cs = parent_cs;
3743 goto retry;
3744 }
3745
3746 return NULL;
3747}
3748
3749/*
3750 * Only for unit_test_map
3751 */
3752void cf_section_set_unlang(CONF_SECTION *cs)
3753{
3754 fr_assert(cs->unlang == CF_UNLANG_NONE);
3755 fr_assert(!cs->item.parent);
3756
3757 cs->unlang = CF_UNLANG_ALLOW;
3758}
buffer
static int const char char buffer[256]
Definition acutest.h:576
file
int const char * file
Definition acutest.h:702
strcpy
strcpy(log_entry->msg, buffer)
UNCONST
#define UNCONST(_type, _ptr)
Remove const qualification from a pointer.
Definition build.h:167
RCSID
#define RCSID(id)
Definition build.h:483
L
#define L(_str)
Helper for initialising arrays of string literals.
Definition build.h:209
FALL_THROUGH
#define FALL_THROUGH
clang 10 doesn't recognised the FALL-THROUGH comment anymore
Definition build.h:322
CMP_RETURN
#define CMP_RETURN(_a, _b, _field)
Return if the comparison is not 0 (is unequal)
Definition build.h:121
CMP
#define CMP(_a, _b)
Same as CMP_PREFER_SMALLER use when you don't really care about ordering, you just want an ordering.
Definition build.h:112
NUM_ELEMENTS
#define NUM_ELEMENTS(_t)
Definition build.h:337
cf_stack_frame_t::current
CONF_SECTION * current
sub-section we're reading
Definition cf_file.c:122
cf_stack_frame_t::type
cf_stack_file_t type
Definition cf_file.c:95
cf_template_merge
static bool cf_template_merge(CONF_SECTION *cs, CONF_SECTION const *template)
Definition cf_file.c:462
parse_input
static int parse_input(cf_stack_t *stack)
Definition cf_file.c:2308
cf_stack_t::fill
char * fill
where we start filling the buffer from
Definition cf_file.c:139
cf_section_set_unlang
void cf_section_set_unlang(CONF_SECTION *cs)
Definition cf_file.c:3752
conf_property
conf_property
Definition cf_file.c:71
CONF_PROPERTY_NAME
@ CONF_PROPERTY_NAME
Definition cf_file.c:73
CONF_PROPERTY_INSTANCE
@ CONF_PROPERTY_INSTANCE
Definition cf_file.c:74
CONF_PROPERTY_INVALID
@ CONF_PROPERTY_INVALID
Definition cf_file.c:72
unlang_keywords_len
static int unlang_keywords_len
Definition cf_file.c:2304
check_config
bool check_config
Definition cf_file.c:67
cf_file_heap_t::heap_id
fr_heap_index_t heap_id
Definition cf_file.c:869
frame_readdir
static int frame_readdir(cf_stack_t *stack)
Definition cf_file.c:3043
fr_skip_condition
static ssize_t fr_skip_condition(char const *start, char const *end, bool const terminal[static UINT8_MAX+1], bool *eol)
Skip a conditional expression.
Definition cf_file.c:1370
process_map
static CONF_ITEM * process_map(cf_stack_t *stack)
Definition cf_file.c:1685
process_foreach
static CONF_ITEM * process_foreach(cf_stack_t *stack)
Definition cf_file.c:2056
add_pair
static int add_pair(CONF_SECTION *parent, char const *attr, char const *value, fr_token_t name1_token, fr_token_t op_token, fr_token_t value_token, char *buff, char const *filename, int lineno)
Definition cf_file.c:2241
cf_md5_init
void cf_md5_init(void)
Definition cf_file.c:3080
RULES_VERIFY
#define RULES_VERIFY(_cs, _rules)
Definition cf_file.c:162
cf_stack_frame_t::braces
int braces
Definition cf_file.c:124
parse_type_name
static int parse_type_name(cf_stack_t *stack, char const **ptr_p, char const *type_ptr, fr_type_t *type_p)
Definition cf_file.c:2005
cf_stack_cleanup
static void cf_stack_cleanup(cf_stack_t *stack)
Definition cf_file.c:3389
cf_tmpl_rules_verify
static int cf_tmpl_rules_verify(CONF_SECTION *cs, tmpl_rules_t const *rules)
Definition cf_file.c:144
cf_stack_t::depth
int depth
stack depth
Definition cf_file.c:137
cf_expand_variables
char const * cf_expand_variables(char const *cf, int lineno, CONF_SECTION *outer_cs, char *output, size_t outsize, char const *input, ssize_t inlen, bool *soft_fail)
Definition cf_file.c:172
fr_skip_xlat
static ssize_t fr_skip_xlat(char const *start, char const *end)
Skip an xlat expression.
Definition cf_file.c:1218
cf_file_open
static int cf_file_open(CONF_SECTION *cs, char const *filename, bool from_dir, FILE **fp_p)
Definition cf_file.c:547
cf_md5_ctx
static fr_md5_ctx_t * cf_md5_ctx
Definition cf_file.c:3078
filename_cmp
static int8_t filename_cmp(void const *one, void const *two)
Definition cf_file.c:872
cf_section_write
int cf_section_write(FILE *fp, CONF_SECTION *cs, int depth)
Definition cf_file.c:3554
cf_file_check
bool cf_file_check(CONF_PAIR *cp, bool check_perms)
Do some checks on the file as an "input" file.
Definition cf_file.c:656
cf_stack_frame_t::lineno
int lineno
line in that filename
Definition cf_file.c:98
cf_file_read
int cf_file_read(CONF_SECTION *cs, char const *filename)
Definition cf_file.c:3423
cf_stack_file_t
cf_stack_file_t
Definition cf_file.c:83
CF_STACK_FILE
@ CF_STACK_FILE
Definition cf_file.c:84
terminal_end_section
static const bool terminal_end_section[UINT8_MAX+1]
Definition cf_file.c:1338
conf_property_name_len
static size_t conf_property_name_len
Definition cf_file.c:81
conf_property_name
static fr_table_num_sorted_t const conf_property_name[]
Definition cf_file.c:77
cf_section_pass2
int cf_section_pass2(CONF_SECTION *cs)
Definition cf_file.c:755
cf_stack_frame_t::from_dir
bool from_dir
this file was read from $include foo/
Definition cf_file.c:125
cf_string_write
static ssize_t cf_string_write(FILE *fp, char const *string, size_t len, fr_token_t t)
Definition cf_file.c:3505
parse_tabs
static char const parse_tabs[]
Definition cf_file.c:3503
cf_file_include
static int cf_file_include(cf_stack_t *stack)
Definition cf_file.c:3210
conf_check_uid
static uid_t conf_check_uid
Definition cf_file.c:68
conf_check_gid
static gid_t conf_check_gid
Definition cf_file.c:69
cf_process_func_t
CONF_ITEM *(* cf_process_func_t)(cf_stack_t *)
Definition cf_file.c:2306
cf_get_token
static int cf_get_token(CONF_SECTION *parent, char const **ptr_p, fr_token_t *token, char *buffer, size_t buflen, char const *filename, int lineno)
Definition cf_file.c:818
_inode_cmp
static int8_t _inode_cmp(void const *one, void const *two)
Definition cf_file.c:538
cf_file_fill
static int cf_file_fill(cf_stack_t *stack)
Definition cf_file.c:3105
cf_stack_t::ptr
char const * ptr
current parse pointer
Definition cf_file.c:138
cf_reference_item
CONF_ITEM * cf_reference_item(CONF_SECTION const *parent_cs, CONF_SECTION const *outer_cs, char const *ptr)
Definition cf_file.c:3619
cf_file_heap_t::filename
char const * filename
Definition cf_file.c:868
process_subrequest
static CONF_ITEM * process_subrequest(cf_stack_t *stack)
Definition cf_file.c:1773
cf_file_check_user
void cf_file_check_user(uid_t uid, gid_t gid)
Set the euid/egid used when performing file checks.
Definition cf_file.c:3497
CONF_PROPERTY
enum conf_property CONF_PROPERTY
unlang_keywords
static fr_table_ptr_sorted_t unlang_keywords[]
Definition cf_file.c:2296
cf_stack_t::buff
char ** buff
buffers for reading / parsing
Definition cf_file.c:135
cf_stack_frame_t::parent
CONF_SECTION * parent
which started this file
Definition cf_file.c:121
process_template
static int process_template(cf_stack_t *stack)
Definition cf_file.c:1147
cf_stack_t::bufsize
size_t bufsize
size of the buffers
Definition cf_file.c:136
cf_pair_write
static int cf_pair_write(FILE *fp, CONF_PAIR *cp)
Definition cf_file.c:3538
cf_md5_final
void cf_md5_final(uint8_t *digest)
Definition cf_file.c:3093
process_include
static int process_include(cf_stack_t *stack, CONF_SECTION *parent, char const *ptr, bool required, bool relative)
Definition cf_file.c:883
process_if
static CONF_ITEM * process_if(cf_stack_t *stack)
Definition cf_file.c:1519
cf_md5_update
static void cf_md5_update(char const *p)
Definition cf_file.c:3086
cf_file_free
void cf_file_free(CONF_SECTION *cs)
Definition cf_file.c:3482
cf_local_file
static char const * cf_local_file(char const *base, char const *filename, char *buffer, size_t bufsize)
Definition cf_file.c:789
MAX_STACK
#define MAX_STACK
Definition cf_file.c:93
process_catch
static CONF_ITEM * process_catch(cf_stack_t *stack)
Definition cf_file.c:1894
terminal_end_line
static const bool terminal_end_line[UINT8_MAX+1]
Definition cf_file.c:1342
cf_stack_frame_t::filename
char const * filename
filename we're reading
Definition cf_file.c:97
parse_error
static int parse_error(cf_stack_t *stack, char const *ptr, char const *message)
Definition cf_file.c:1985
cf_file_heap_t
Definition cf_file.c:867
cf_stack_frame_t
Definition cf_file.c:94
cf_stack_t
Definition cf_file.c:134
conf_parser_s::on_read
cf_parse_t on_read
Function to call as the item is being read, just after it has been allocated and initialized.
Definition cf_parse.h:599
conf_parser_s
Defines a CONF_PAIR to C data type mapping.
Definition cf_parse.h:579
cf_file_t::cs
CONF_SECTION * cs
CONF_SECTION associated with the file.
Definition cf_priv.h:138
cf_section::item
CONF_ITEM item
Common set of fields.
Definition cf_priv.h:102
cf_item::parent
CONF_ITEM * parent
Parent.
Definition cf_priv.h:56
cf_section::name2_quote
fr_token_t name2_quote
The type of quoting around name2.
Definition cf_priv.h:107
cf_section::name2
char const * name2
Second name token. Given foo bar {} would be bar.
Definition cf_priv.h:105
cf_section::allow_locals
bool allow_locals
allow local variables
Definition cf_priv.h:116
cf_section::argc
int argc
number of additional arguments
Definition cf_priv.h:109
cf_pair::attr
char const * attr
Attribute name.
Definition cf_priv.h:73
cf_pair::rhs_quote
fr_token_t rhs_quote
Value Quoting style T_(DOUBLE|SINGLE|BACK)_QUOTE_STRING or T_BARE_WORD.
Definition cf_priv.h:78
cf_pair::value
char const * value
Attribute value.
Definition cf_priv.h:74
cf_item_foreach
#define cf_item_foreach(_ci, _iter)
Iterate over the contents of a list.
Definition cf_priv.h:149
cf_section::unlang
cf_unlang_t unlang
Definition cf_priv.h:115
cf_section::name1
char const * name1
First name token. Given foo bar {} would be foo.
Definition cf_priv.h:104
CF_UNLANG_MODULES
@ CF_UNLANG_MODULES
this section is in "modules", allow unlang 2 down
Definition cf_priv.h:91
CF_UNLANG_NONE
@ CF_UNLANG_NONE
no unlang
Definition cf_priv.h:87
CF_UNLANG_CAN_HAVE_UPDATE
@ CF_UNLANG_CAN_HAVE_UPDATE
can have "update"
Definition cf_priv.h:95
CF_UNLANG_ALLOW
@ CF_UNLANG_ALLOW
allow unlang in this section
Definition cf_priv.h:88
CF_UNLANG_POLICY
@ CF_UNLANG_POLICY
this section is a policy, allow unlang 2 down
Definition cf_priv.h:90
CF_UNLANG_ASSIGNMENT
@ CF_UNLANG_ASSIGNMENT
only assignments inside of map / update
Definition cf_priv.h:93
CF_UNLANG_EDIT
@ CF_UNLANG_EDIT
only edit commands
Definition cf_priv.h:92
CF_UNLANG_DICTIONARY
@ CF_UNLANG_DICTIONARY
only local variable definitions
Definition cf_priv.h:94
CF_UNLANG_SERVER
@ CF_UNLANG_SERVER
this section is a virtual server, allow unlang 2 down
Definition cf_priv.h:89
cf_section::argv_quote
fr_token_t * argv_quote
Definition cf_priv.h:111
cf_pair::op
fr_token_t op
Operator e.g. =, :=.
Definition cf_priv.h:76
cf_pair::item
CONF_ITEM item
Common set of fields.
Definition cf_priv.h:71
cf_pair::pass2
bool pass2
do expansion in pass2.
Definition cf_priv.h:80
cf_item::filename
char const * filename
The file the config item was parsed from.
Definition cf_priv.h:64
cf_file_t::buf
struct stat buf
stat about the file
Definition cf_priv.h:139
cf_section::template
CONF_SECTION * template
Definition cf_priv.h:118
cf_file_t::filename
char const * filename
name of the file
Definition cf_priv.h:137
CONF_ITEM_PAIR
@ CONF_ITEM_PAIR
Definition cf_priv.h:41
CONF_ITEM_SECTION
@ CONF_ITEM_SECTION
Definition cf_priv.h:42
cf_pair::referenced
bool referenced
Was this item referenced in the config?
Definition cf_priv.h:83
cf_section::argv
char const ** argv
additional arguments
Definition cf_priv.h:110
cf_pair::lhs_quote
fr_token_t lhs_quote
Name quoting style T_(DOUBLE|SINGLE|BACK)_QUOTE_STRING or T_BARE_WORD.
Definition cf_priv.h:77
cf_item::lineno
int lineno
The line number the config item began on.
Definition cf_priv.h:63
cf_item::type
CONF_ITEM_TYPE type
Whether the config item is a config_pair, conf_section or cf_data.
Definition cf_priv.h:61
cf_data
Internal data that is associated with a configuration section.
Definition cf_priv.h:124
cf_file_t
Definition cf_priv.h:135
cf_item
Common header for all CONF_* types.
Definition cf_priv.h:49
cf_pair
Configuration AVP similar to a fr_pair_t.
Definition cf_priv.h:70
cf_section
A section grouping multiple CONF_PAIR.
Definition cf_priv.h:101
cf_pair_dup
CONF_PAIR * cf_pair_dup(CONF_SECTION *parent, CONF_PAIR *cp, bool copy_meta)
Duplicate a CONF_PAIR.
Definition cf_util.c:1321
cf_section_name2
char const * cf_section_name2(CONF_SECTION const *cs)
Return the second identifier of a CONF_SECTION.
Definition cf_util.c:1185
cf_data_value
void * cf_data_value(CONF_DATA const *cd)
Return the user assigned value of CONF_DATA.
Definition cf_util.c:1763
cf_section_to_item
CONF_ITEM * cf_section_to_item(CONF_SECTION const *cs)
Cast a CONF_SECTION to a CONF_ITEM.
Definition cf_util.c:738
cf_pair_alloc
CONF_PAIR * cf_pair_alloc(CONF_SECTION *parent, char const *attr, char const *value, fr_token_t op, fr_token_t lhs_quote, fr_token_t rhs_quote)
Allocate a CONF_PAIR.
Definition cf_util.c:1279
cf_section_name1
char const * cf_section_name1(CONF_SECTION const *cs)
Return the second identifier of a CONF_SECTION.
Definition cf_util.c:1171
cf_section_find
CONF_SECTION * cf_section_find(CONF_SECTION const *cs, char const *name1, char const *name2)
Find a CONF_SECTION with name1 and optionally name2.
Definition cf_util.c:1028
cf_item_to_section
CONF_SECTION * cf_item_to_section(CONF_ITEM const *ci)
Cast a CONF_ITEM to a CONF_SECTION.
Definition cf_util.c:684
cf_pair_find
CONF_PAIR * cf_pair_find(CONF_SECTION const *cs, char const *attr)
Search for a CONF_PAIR with a specific name.
Definition cf_util.c:1439
cf_item_is_section
bool cf_item_is_section(CONF_ITEM const *ci)
Determine if CONF_ITEM is a CONF_SECTION.
Definition cf_util.c:618
cf_section_dup
CONF_SECTION * cf_section_dup(TALLOC_CTX *ctx, CONF_SECTION *parent, CONF_SECTION const *cs, char const *name1, char const *name2, bool copy_meta)
Duplicate a configuration section.
Definition cf_util.c:928
cf_item_to_pair
CONF_PAIR * cf_item_to_pair(CONF_ITEM const *ci)
Cast a CONF_ITEM to a CONF_PAIR.
Definition cf_util.c:664
cf_pair_value
char const * cf_pair_value(CONF_PAIR const *pair)
Return the value of a CONF_PAIR.
Definition cf_util.c:1594
cf_pair_to_item
CONF_ITEM * cf_pair_to_item(CONF_PAIR const *cp)
Cast a CONF_PAIR to a CONF_ITEM.
Definition cf_util.c:722
cf_log_err
#define cf_log_err(_cf, _fmt,...)
Definition cf_util.h:289
cf_lineno
#define cf_lineno(_cf)
Definition cf_util.h:104
cf_data_add
#define cf_data_add(_cf, _data, _name, _free)
Definition cf_util.h:255
cf_data_find
#define cf_data_find(_cf, _type, _name)
Definition cf_util.h:244
cf_lineno_set
#define cf_lineno_set(_ci, _lineno)
Definition cf_util.h:131
cf_root
#define cf_root(_cf)
Definition cf_util.h:98
cf_parent
#define cf_parent(_cf)
Definition cf_util.h:101
cf_canonicalize_error
#define cf_canonicalize_error(_ci, _slen, _msg, _str)
Definition cf_util.h:367
cf_log_perr
#define cf_log_perr(_cf, _fmt,...)
Definition cf_util.h:296
cf_section_find_parent
#define cf_section_find_parent(_cf, _name1, _name2)
Definition cf_util.h:175
cf_section_alloc
#define cf_section_alloc(_ctx, _parent, _name1, _name2)
Definition cf_util.h:140
CF_TO_ITEM
#define CF_TO_ITEM(_cf)
Auto cast from the input type to CONF_ITEM (which is the base type)
Definition cf_util.h:65
cf_filename_set
#define cf_filename_set(_ci, _filename)
Definition cf_util.h:128
cf_log_warn
#define cf_log_warn(_cf, _fmt,...)
Definition cf_util.h:290
cf_log_debug
#define cf_log_debug(_cf, _fmt,...)
Definition cf_util.h:292
fr_cond_assert_msg
#define fr_cond_assert_msg(_x, _fmt,...)
Calls panic_action ifndef NDEBUG, else logs error and evaluates to value of _x.
Definition debug.h:156
MEM
#define MEM(x)
Definition debug.h:36
spaces
static char const * spaces
Definition dependency.c:371
ERROR
#define ERROR(fmt,...)
Definition dhcpclient.c:41
fr_dict_root
fr_dict_attr_t const * fr_dict_root(fr_dict_t const *dict)
Return the root attribute of a dictionary.
Definition dict_util.c:2400
fr_dict_internal
fr_dict_t const * fr_dict_internal(void)
Definition dict_util.c:4610
value
Test enumeration values.
Definition dict_test.h:92
fr_dirfd
int fr_dirfd(int *dirfd, char const **filename, char const *pathname)
From a pathname, return fd and filename needed for *at() functions.
Definition file.c:412
fr_heap_insert
int fr_heap_insert(fr_heap_t **hp, void *data)
Insert a new element into the heap.
Definition heap.c:146
fr_heap_pop
void * fr_heap_pop(fr_heap_t **hp)
Remove a node from the heap.
Definition heap.c:322
fr_heap_index_t
unsigned int fr_heap_index_t
Definition heap.h:80
fr_heap_alloc
#define fr_heap_alloc(_ctx, _cmp, _type, _field, _init)
Creates a heap that can be used with non-talloced elements.
Definition heap.h:100
FR_HEAP_INDEX_INVALID
#define FR_HEAP_INDEX_INVALID
Definition heap.h:83
fr_heap_t
The main heap structure.
Definition heap.h:66
talloc_free
talloc_free(reap)
fr_canonicalize_error
void fr_canonicalize_error(TALLOC_CTX *ctx, char **sp, char **text, ssize_t slen, char const *fmt)
Canonicalize error strings, removing tabs, and generate spaces for error marker.
Definition log.c:90
stack
static char * stack[MAX_STACK]
Definition radmin.c:158
fr_md5_ctx_alloc
fr_md5_ctx_alloc_t fr_md5_ctx_alloc
Definition md5.c:440
fr_md5_ctx_free
fr_md5_ctx_free_t fr_md5_ctx_free
Definition md5.c:441
fr_md5_update
fr_md5_update_t fr_md5_update
Definition md5.c:442
fr_md5_final
fr_md5_final_t fr_md5_final
Definition md5.c:443
fr_md5_ctx_t
void fr_md5_ctx_t
Definition md5.h:28
MD5_DIGEST_LENGTH
#define MD5_DIGEST_LENGTH
Definition merged_model.c:248
fr_type_t
fr_type_t
Definition merged_model.c:80
FR_TYPE_TLV
@ FR_TYPE_TLV
Contains nested attributes.
Definition merged_model.c:118
FR_TYPE_MAX
@ FR_TYPE_MAX
Number of defined data types.
Definition merged_model.c:130
FR_TYPE_NULL
@ FR_TYPE_NULL
Invalid (uninitialised) attribute type.
Definition merged_model.c:81
FR_TYPE_VALUE_BOX
@ FR_TYPE_VALUE_BOX
A boxed value.
Definition merged_model.c:125
FR_TYPE_VOID
@ FR_TYPE_VOID
User data.
Definition merged_model.c:127
FR_TYPE_GROUP
@ FR_TYPE_GROUP
A grouping of other attributes.
Definition merged_model.c:124
ssize_t
long int ssize_t
Definition merged_model.c:24
uint8_t
unsigned char uint8_t
Definition merged_model.c:30
UINT8_MAX
#define UINT8_MAX
Definition merged_model.c:32
fr_dict_t
Definition merged_model.c:198
depth
static uint8_t depth(fr_minmax_heap_index_t i)
Definition minmax_heap.c:83
fr_skip_whitespace
#define fr_skip_whitespace(_p)
Skip whitespace ('\t', '\n', '\v', '\f', '\r', ' ')
Definition misc.h:59
strncasecmp
int strncasecmp(char *s1, char *s2, int n)
Definition missing.c:36
check
#define check(_handle, _len_p)
Definition bio.c:44
fr_perm_file_error
void fr_perm_file_error(int num)
Write a file access error to the fr_strerror buffer, including euid/egid.
Definition perm.c:531
fr_snprint
size_t fr_snprint(char *out, size_t outlen, char const *in, ssize_t inlen, char quote)
Escape any non printable or non-UTF8 characters in the input string.
Definition print.c:227
fr_assert
#define fr_assert(_expr)
Definition rad_assert.h:38
DEBUG2
#define DEBUG2(fmt,...)
Definition radclient.h:43
WARN
#define WARN(fmt,...)
Definition radclient.h:47
eol
static char const * eol
Definition radwho.c:47
fr_rb_find
void * fr_rb_find(fr_rb_tree_t const *tree, void const *data)
Find an element in the tree, returning the data, not the node.
Definition rb.c:577
fr_rb_insert
bool fr_rb_insert(fr_rb_tree_t *tree, void const *data)
Insert data into a tree.
Definition rb.c:626
fr_rb_inline_talloc_alloc
#define fr_rb_inline_talloc_alloc(_ctx, _type, _field, _data_cmp, _data_free)
Allocs a red black that verifies elements are of a specific talloc type.
Definition rb.h:246
fr_rb_tree_s
The main red black tree structure.
Definition rb.h:73
RLM_MODULE_NUMCODES
@ RLM_MODULE_NUMCODES
How many valid return codes there are.
Definition rcode.h:50
request_attr_request
fr_dict_attr_t const * request_attr_request
Definition request.c:45
name
static char const * name
Definition rlm_redis_ippool_tool.c:156
FR_SBUFF_OUT
#define FR_SBUFF_OUT(_start, _len_or_end)
tmpl_rules_s::at_runtime
bool at_runtime
Produce an ephemeral/runtime tmpl.
Definition tmpl.h:353
tmpl_preparse
ssize_t tmpl_preparse(char const **out, size_t *outlen, char const *in, size_t inlen, fr_token_t *type))
Preparse a string in preparation for passing it to tmpl_afrom_substr()
Definition tmpl_tokenize.c:5348
tmpl_rules_s::attr
tmpl_attr_rules_t attr
Rules/data for parsing attribute references.
Definition tmpl.h:344
tmpl_rules_t
struct tmpl_rules_s tmpl_rules_t
Definition tmpl.h:236
tmpl_rules_s
Optional arguments passed to vp_tmpl functions.
Definition tmpl.h:341
buff
static char buff[sizeof("18446744073709551615")+3]
Definition size_tests.c:41
snprintf
PUBLIC int snprintf(char *string, size_t length, char *format, va_alist)
Definition snprintf.c:689
type
fr_aka_sim_id_type_t type
Definition state_machine.c:3623
strlcpy
size_t strlcpy(char *dst, char const *src, size_t siz)
Definition strlcpy.c:34
tmpl_attr_rules_s::allow_foreign
uint8_t allow_foreign
Allow arguments not found in dict_def.
Definition tmpl.h:327
tmpl_attr_rules_s::dict_def
fr_dict_t const * dict_def
Default dictionary to use with unqualified attribute references.
Definition tmpl.h:285
fr_syserror
char const * fr_syserror(int num)
Guaranteed to be thread-safe version of strerror.
Definition syserror.c:243
fr_table_value_by_str
#define fr_table_value_by_str(_table, _name, _def)
Convert a string to a value using a sorted or ordered table.
Definition table.h:653
fr_table_str_by_value
#define fr_table_str_by_value(_table, _number, _def)
Convert an integer to a string.
Definition table.h:772
fr_table_num_sorted_t
An element in a lexicographically sorted array of name to num mappings.
Definition table.h:49
fr_table_ptr_sorted_t
An element in a lexicographically sorted array of name to ptr mappings.
Definition table.h:65
talloc_typed_strdup
char * talloc_typed_strdup(TALLOC_CTX *ctx, char const *p)
Call talloc_strdup, setting the type on the new chunk correctly.
Definition talloc.c:445
talloc_const_free
static int talloc_const_free(void const *ptr)
Free const'd memory.
Definition talloc.h:224
fr_assignment_op
const bool fr_assignment_op[T_TOKEN_LAST]
Definition token.c:168
fr_list_assignment_op
const bool fr_list_assignment_op[T_TOKEN_LAST]
Definition token.c:185
fr_skip_string
ssize_t fr_skip_string(char const *start, char const *end)
Skip a quoted string.
Definition token.c:525
gettoken
fr_token_t gettoken(char const **ptr, char *buf, int buflen, bool unescape)
Definition token.c:468
fr_tokens_table
fr_table_num_ordered_t const fr_tokens_table[]
Definition token.c:33
fr_str_tok
const bool fr_str_tok[T_TOKEN_LAST]
Definition token.c:231
getword
int getword(char const **ptr, char *buf, int buflen, bool unescape)
Definition token.c:459
fr_token_t
enum fr_token fr_token_t
T_OP_SUB_EQ
@ T_OP_SUB_EQ
Definition token.h:70
T_INVALID
@ T_INVALID
Definition token.h:39
T_EOL
@ T_EOL
Definition token.h:40
T_SINGLE_QUOTED_STRING
@ T_SINGLE_QUOTED_STRING
Definition token.h:122
T_OP_AND_EQ
@ T_OP_AND_EQ
Definition token.h:74
T_OP_CMP_TRUE
@ T_OP_CMP_TRUE
Definition token.h:104
T_BARE_WORD
@ T_BARE_WORD
Definition token.h:120
T_OP_EQ
@ T_OP_EQ
Definition token.h:83
T_BACK_QUOTED_STRING
@ T_BACK_QUOTED_STRING
Definition token.h:123
T_HASH
@ T_HASH
Definition token.h:119
T_OP_SET
@ T_OP_SET
Definition token.h:84
T_OP_NE
@ T_OP_NE
Definition token.h:97
T_OP_ADD_EQ
@ T_OP_ADD_EQ
Definition token.h:69
T_OP_CMP_FALSE
@ T_OP_CMP_FALSE
Definition token.h:105
T_OP_LSHIFT_EQ
@ T_OP_LSHIFT_EQ
Definition token.h:77
T_OP_RSHIFT_EQ
@ T_OP_RSHIFT_EQ
Definition token.h:76
T_DOUBLE_QUOTED_STRING
@ T_DOUBLE_QUOTED_STRING
Definition token.h:121
T_OP_CMP_EQ
@ T_OP_CMP_EQ
Definition token.h:106
T_OP_LE
@ T_OP_LE
Definition token.h:100
T_OP_GE
@ T_OP_GE
Definition token.h:98
T_OP_GT
@ T_OP_GT
Definition token.h:99
T_OP_OR_EQ
@ T_OP_OR_EQ
Definition token.h:73
T_OP_LT
@ T_OP_LT
Definition token.h:101
T_OP_PREPEND
@ T_OP_PREPEND
Definition token.h:85
close
close(uq->fd)
parent
static fr_slen_t parent
Definition pair.h:851
fr_strerror
char const * fr_strerror(void)
Get the last library error.
Definition strerror.c:554
fr_strerror_const
#define fr_strerror_const(_msg)
Definition strerror.h:223
fr_type_table
fr_table_num_ordered_t const fr_type_table[]
Map data types to names representing those types.
Definition types.c:31
fr_type_is_leaf
#define fr_type_is_leaf(_x)
Definition types.h:372
fr_type_to_str
static char const * fr_type_to_str(fr_type_t type)
Return a static string containing the type name.
Definition types.h:433
inlen
static size_t char fr_sbuff_t size_t inlen
Definition value.h:997
out
static size_t char ** out
Definition value.h:997
virtual_server_dict_by_child_ci
fr_dict_t const * virtual_server_dict_by_child_ci(CONF_ITEM const *ci)
Return the namespace for a given virtual server specified by a CONF_ITEM within the virtual server.
Definition virtual_servers.c:608
Generated by   doxygen 1.9.8