The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
cf_file.c
Go to the documentation of this file.
1/*
2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or
5 * (at your option) any later version.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17/**
18 * $Id: 98e1e4b703ebb3acde158b484c4c5fbd7582ab7a $
19 * @file cf_file.c
20 * @brief Read the radiusd.conf file.
21 *
22 * @note Yep I should learn to use lex & yacc, or at least
23 * write a decent parser. I know how to do that, really :)
24 * miquels@cistron.nl
25 *
26 * @copyright 2017 Arran Cudbard-Bell (a.cudbardb@freeradius.org)
27 * @copyright 2000,2006 The FreeRADIUS server project
28 * @copyright 2000 Miquel van Smoorenburg (miquels@cistron.nl)
29 * @copyright 2000 Alan DeKok (aland@freeradius.org)
30 */
31RCSID("$Id: 98e1e4b703ebb3acde158b484c4c5fbd7582ab7a $")
32
33#include <freeradius-devel/server/cf_file.h>
34#include <freeradius-devel/server/cf_priv.h>
35#include <freeradius-devel/server/log.h>
36#include <freeradius-devel/server/tmpl.h>
37#include <freeradius-devel/server/util.h>
38#include <freeradius-devel/server/virtual_servers.h>
39#include <freeradius-devel/util/debug.h>
40#include <freeradius-devel/util/file.h>
41#include <freeradius-devel/util/misc.h>
42#include <freeradius-devel/util/perm.h>
43#include <freeradius-devel/util/skip.h>
44#include <freeradius-devel/util/md5.h>
45
46
47#ifdef HAVE_DIRENT_H
48# include <dirent.h>
49#endif
50
51#ifdef HAVE_GLOB_H
52# include <glob.h>
53#endif
54
55#ifdef HAVE_SYS_STAT_H
56# include <sys/stat.h>
57#endif
58
59#include <fcntl.h>
60
61#include <freeradius-devel/server/main_config.h>
62
63bool check_config = false;
64static uid_t conf_check_uid = (uid_t)-1;
65static gid_t conf_check_gid = (gid_t)-1;
66
72
73static fr_table_num_sorted_t const conf_property_name[] = {
74 { L("instance"), CONF_PROPERTY_INSTANCE },
75 { L("name"), CONF_PROPERTY_NAME }
76};
77static size_t conf_property_name_len = NUM_ELEMENTS(conf_property_name);
78
79static fr_table_num_sorted_t const server_unlang_section[] = {
80 { L("accounting"), true },
81 { L("add"), true },
82 { L("authenticate"), true },
83 { L("clear"), true },
84 { L("deny"), true },
85 { L("error"), true },
86 { L("establish"), true },
87 { L("finally"), true },
88 { L("load"), true },
89 { L("new"), true },
90 { L("recv"), true },
91 { L("send"), true },
92 { L("store"), true },
93 { L("verify"), true },
94};
95static size_t server_unlang_section_len = NUM_ELEMENTS(server_unlang_section);
96
97typedef enum {
98 CF_STACK_FILE = 0,
99#ifdef HAVE_DIRENT_H
100 CF_STACK_DIR,
101#endif
102#ifdef HAVE_GLOB_H
103 CF_STACK_GLOB
104#endif
105} cf_stack_file_t;
106
107#define MAX_STACK (32)
108typedef struct {
109 cf_stack_file_t type;
110
111 char const *filename; //!< filename we're reading
112 int lineno; //!< line in that filename
113
114 union {
115 struct {
116 FILE *fp; //!< FP we're reading
117 };
118
119#ifdef HAVE_DIRENT_H
120 struct {
121 fr_heap_t *heap; //!< sorted heap of files
122 char *directory; //!< directory name we're reading
123 };
124#endif
125
126#ifdef HAVE_GLOB_H
127 struct {
128 size_t gl_current;
129 glob_t glob; //! reading glob()
130 bool required;
131 };
132#endif
133 };
134
135 CONF_SECTION *parent; //!< which started this file
136 CONF_SECTION *current; //!< sub-section we're reading
137 CONF_SECTION *at_reference; //!< was this thing an @foo ?
138
139 int braces;
140 bool from_dir; //!< this file was read from $include foo/
141} cf_stack_frame_t;
142
143/*
144 * buff[0] is the data we read from the file
145 * buff[1] is name
146 * buff[2] is name2 OR value for pair
147 * buff[3] is a temporary buffer
148 */
149typedef struct {
150 char **buff; //!< buffers for reading / parsing
151 size_t bufsize; //!< size of the buffers
152 int depth; //!< stack depth
153 char const *ptr; //!< current parse pointer
154 char *fill; //!< where we start filling the buffer from
155 cf_stack_frame_t frame[MAX_STACK]; //!< stack frames
156} cf_stack_t;
157
158
159static inline CC_HINT(always_inline) int cf_tmpl_rules_verify(CONF_SECTION *cs, tmpl_rules_t const *rules)
160{
161 if (cf_section_find_parent(cs, "policy", NULL)) {
162 if (!fr_cond_assert_msg(!rules->attr.dict_def || (rules->attr.dict_def == fr_dict_internal()),
163 "Protocol dictionary must be NULL not %s",
164 fr_dict_root(rules->attr.dict_def)->name)) return -1;
165
166 } else {
167 if (!fr_cond_assert_msg(rules->attr.dict_def, "No protocol dictionary set")) return -1;
168 if (!fr_cond_assert_msg(rules->attr.dict_def != fr_dict_internal(), "rules->attr.dict_def must not be the internal dictionary")) return -1;
169 }
170
171 if (!fr_cond_assert_msg(!rules->attr.allow_foreign, "rules->allow_foreign must be false")) return -1;
172 if (!fr_cond_assert_msg(!rules->at_runtime, "rules->at_runtime must be false")) return -1;
173
174 return 0;
175}
176
177#define RULES_VERIFY(_cs, _rules) if (cf_tmpl_rules_verify(_cs, _rules) < 0) return NULL
178
179/*
180 * Expand the variables in an input string.
181 *
182 * Input and output should be two different buffers, as the
183 * output may be longer than the input.
184 */
185char const *cf_expand_variables(char const *cf, int lineno,
186 CONF_SECTION *outer_cs,
187 char *output, size_t outsize,
188 char const *input, ssize_t inlen, bool *soft_fail)
189{
190 char *p;
191 char const *end, *next, *ptr;
192 CONF_SECTION const *parent_cs;
193 char name[8192];
194
195 if (soft_fail) *soft_fail = false;
196
197 /*
198 * Find the master parent conf section.
199 * We can't use main_config->root_cs, because we're in the
200 * process of re-building it, and it isn't set up yet...
201 */
202 parent_cs = cf_root(outer_cs);
203
204 p = output;
205 ptr = input;
206
207 if (inlen < 0) {
208 end = NULL;
209 } else {
210 end = input + inlen;
211 }
212
213 /*
214 * Note that this CAN go over "end" if the input string
215 * is malformed. e.g. pass "${foo.bar}", and pass
216 * "inlen=5". Well, too bad.
217 */
218 while (*ptr && (!end || (ptr < end))) {
219 /*
220 * Ignore anything other than "${"
221 */
222 if ((*ptr == '$') && (ptr[1] == '{')) {
223 CONF_ITEM *ci;
224 CONF_PAIR *cp;
225 char *q;
226 ssize_t len;
227
228 len = fr_skip_xlat(ptr, end);
229 if (len <= 0) {
230 ERROR("%s[%d]: Failed parsing variable expansion '%s''",
231 cf, lineno, input);
232 return NULL;
233 }
234
235 next = ptr + len;
236 ptr += 2;
237
238 /*
239 * Can't really happen because input lines are
240 * capped at 8k, which is sizeof(name)
241 */
242 if ((size_t) len >= sizeof(name)) {
243 ERROR("%s[%d]: Reference string is too large",
244 cf, lineno);
245 return NULL;
246 }
247
248 memcpy(name, ptr, len - 3);
249 name[len - 3] = '\0';
250
251 /*
252 * Read configuration value from a file.
253 *
254 * Note that this is "read binary data", and the contents aren't stripped of
255 * CRLF.
256 */
257 if (name[0] == '/') {
258 int fd = open(name, O_RDONLY);
259 struct stat buf;
260
261 if (fd < 0) {
262 ERROR("%s[%d]: Reference \"${%s}\" failed opening file - %s", cf, lineno, name, fr_syserror(errno));
263 return NULL;
264 }
265
266 if (fstat(fd, &buf) < 0) {
267 fail_fd:
268 close(fd);
269 ERROR("%s[%d]: Reference \"${%s}\" failed reading file - %s", cf, lineno, name, fr_syserror(errno));
270 return NULL;
271 }
272
273 if (buf.st_size >= ((output + outsize) - p)) {
274 close(fd);
275 ERROR("%s[%d]: Reference \"${%s}\" file is too large (%zu >= %zu)", cf, lineno, name,
276 (size_t) buf.st_size, (size_t) ((output + outsize) - p));
277 return NULL;
278 }
279
280 len = read(fd, p, (output + outsize) - p);
281 if (len < 0) goto fail_fd;
282
283 close(fd);
284 p += len;
285 *p = '\0';
286 ptr = next;
287 goto check_eos;
288 }
289
290 q = strchr(name, ':');
291 if (q) {
292 *(q++) = '\0';
293 }
294
295 ci = cf_reference_item(parent_cs, outer_cs, name);
296 if (!ci) {
297 if (soft_fail) *soft_fail = true;
298 PERROR("%s[%d]: Failed finding reference \"${%s}\"", cf, lineno, name);
299 return NULL;
300 }
301
302 /*
303 * The expansion doesn't refer to another item or section
304 * it's the property of a section.
305 */
306 if (q) {
307 CONF_SECTION *find = cf_item_to_section(ci);
308
309 if (ci->type != CONF_ITEM_SECTION) {
310 ERROR("%s[%d]: Can only reference properties of sections", cf, lineno);
311 return NULL;
312 }
313
314 switch (fr_table_value_by_str(conf_property_name, q, CONF_PROPERTY_INVALID)) {
315 case CONF_PROPERTY_NAME:
316 strcpy(p, find->name1);
317 break;
318
319 case CONF_PROPERTY_INSTANCE:
320 strcpy(p, find->name2 ? find->name2 : find->name1);
321 break;
322
323 default:
324 ERROR("%s[%d]: Invalid property '%s'", cf, lineno, q);
325 return NULL;
326 }
327 p += strlen(p);
328 ptr = next;
329
330 } else if (ci->type == CONF_ITEM_PAIR) {
331 /*
332 * Substitute the value of the variable.
333 */
334 cp = cf_item_to_pair(ci);
335
336 /*
337 * If the thing we reference is
338 * marked up as being expanded in
339 * pass2, don't expand it now.
340 * Let it be expanded in pass2.
341 */
342 if (cp->pass2) {
343 if (soft_fail) *soft_fail = true;
344
345 ERROR("%s[%d]: Reference \"%s\" points to a variable which has not been expanded.",
346 cf, lineno, input);
347 return NULL;
348 }
349
350 if (!cp->value) {
351 ERROR("%s[%d]: Reference \"%s\" has no value",
352 cf, lineno, input);
353 return NULL;
354 }
355
356 if (p + strlen(cp->value) >= output + outsize) {
357 ERROR("%s[%d]: Reference \"%s\" is too long",
358 cf, lineno, input);
359 return NULL;
360 }
361
362 strcpy(p, cp->value);
363 p += strlen(p);
364 ptr = next;
365
366 } else if (ci->type == CONF_ITEM_SECTION) {
367 CONF_SECTION *subcs;
368
369 /*
370 * Adding an entry again to a
371 * section is wrong. We don't
372 * want an infinite loop.
373 */
374 if (cf_item_to_section(ci->parent) == outer_cs) {
375 ERROR("%s[%d]: Cannot reference different item in same section", cf, lineno);
376 return NULL;
377 }
378
379 /*
380 * Copy the section instead of
381 * referencing it.
382 */
383 subcs = cf_item_to_section(ci);
384 subcs = cf_section_dup(outer_cs, outer_cs, subcs,
385 cf_section_name1(subcs), cf_section_name2(subcs),
386 false);
387 if (!subcs) {
388 ERROR("%s[%d]: Failed copying reference %s", cf, lineno, name);
389 return NULL;
390 }
391
392 cf_filename_set(subcs, ci->filename);
393 cf_lineno_set(subcs, ci->lineno);
394
395 ptr = next;
396
397 } else {
398 ERROR("%s[%d]: Reference \"%s\" type is invalid", cf, lineno, input);
399 return NULL;
400 }
401 } else if (strncmp(ptr, "$ENV{", 5) == 0) {
402 char *env;
403
404 ptr += 5;
405
406 /*
407 * Look for trailing '}', and log a
408 * warning for anything that doesn't match,
409 * and exit with a fatal error.
410 */
411 next = strchr(ptr, '}');
412 if (next == NULL) {
413 *p = '\0';
414 ERROR("%s[%d]: Environment variable expansion missing }",
415 cf, lineno);
416 return NULL;
417 }
418
419 /*
420 * Can't really happen because input lines are
421 * capped at 8k, which is sizeof(name)
422 */
423 if ((size_t) (next - ptr) >= sizeof(name)) {
424 ERROR("%s[%d]: Environment variable name is too large",
425 cf, lineno);
426 return NULL;
427 }
428
429 memcpy(name, ptr, next - ptr);
430 name[next - ptr] = '\0';
431
432 /*
433 * Get the environment variable.
434 * If none exists, then make it an empty string.
435 */
436 env = getenv(name);
437 if (env == NULL) {
438 *name = '\0';
439 env = name;
440 }
441
442 if (p + strlen(env) >= output + outsize) {
443 ERROR("%s[%d]: Reference \"%s\" is too long",
444 cf, lineno, input);
445 return NULL;
446 }
447
448 strcpy(p, env);
449 p += strlen(p);
450 ptr = next + 1;
451
452 } else {
453 /*
454 * Copy it over verbatim.
455 */
456 *(p++) = *(ptr++);
457 }
458
459 check_eos:
460 if (p >= (output + outsize)) {
461 ERROR("%s[%d]: Reference \"%s\" is too long",
462 cf, lineno, input);
463 return NULL;
464 }
465 } /* loop over all of the input string. */
466
467 *p = '\0';
468
469 return output;
470}
471
472/*
473 * Merge the template so everything else "just works".
474 */
475static bool cf_template_merge(CONF_SECTION *cs, CONF_SECTION const *template)
476{
477 if (!cs || !template) return true;
478
479 cs->template = NULL;
480
481 /*
482 * Walk over the template, adding its' entries to the
483 * current section. But only if the entries don't
484 * already exist in the current section.
485 */
486 cf_item_foreach(&template->item, ci) {
487 if (ci->type == CONF_ITEM_PAIR) {
488 CONF_PAIR *cp1, *cp2;
489
490 /*
491 * It exists, don't over-write it.
492 */
493 cp1 = cf_item_to_pair(ci);
494 if (cf_pair_find(cs, cp1->attr)) {
495 continue;
496 }
497
498 /*
499 * Create a new pair with all of the data
500 * of the old one.
501 */
502 cp2 = cf_pair_dup(cs, cp1, true);
503 if (!cp2) return false;
504
505 cf_filename_set(cp2, cp1->item.filename);
506 cf_lineno_set(cp2, cp1->item.lineno);
507 continue;
508 }
509
510 if (ci->type == CONF_ITEM_SECTION) {
511 CONF_SECTION *subcs1, *subcs2;
512
513 subcs1 = cf_item_to_section(ci);
514 fr_assert(subcs1 != NULL);
515
516 subcs2 = cf_section_find(cs, subcs1->name1, subcs1->name2);
517 if (subcs2) {
518 /*
519 * sub-sections get merged.
520 */
521 if (!cf_template_merge(subcs2, subcs1)) {
522 return false;
523 }
524 continue;
525 }
526
527 /*
528 * Our section doesn't have a matching
529 * sub-section. Copy it verbatim from
530 * the template.
531 */
532 subcs2 = cf_section_dup(cs, cs, subcs1,
533 cf_section_name1(subcs1), cf_section_name2(subcs1),
534 false);
535 if (!subcs2) return false;
536
537 cf_filename_set(subcs2, subcs1->item.filename);
538 cf_lineno_set(subcs2, subcs1->item.lineno);
539 continue;
540 }
541
542 /* ignore everything else */
543 }
544
545 return true;
546}
547
548/*
549 * Functions for tracking files by inode
550 */
551static int8_t _inode_cmp(void const *one, void const *two)
552{
553 cf_file_t const *a = one, *b = two;
554
555 CMP_RETURN(a, b, buf.st_dev);
556
557 return CMP(a->buf.st_ino, b->buf.st_ino);
558}
559
560static int cf_file_open(CONF_SECTION *cs, char const *filename, bool from_dir, FILE **fp_p)
561{
562 cf_file_t *file;
563 CONF_SECTION *top;
564 fr_rb_tree_t *tree;
565 int fd = -1;
566 FILE *fp;
567
568 top = cf_root(cs);
569 tree = cf_data_value(cf_data_find(top, fr_rb_tree_t, "filename"));
570 fr_assert(tree);
571
572 /*
573 * If we're including a wildcard directory, then ignore
574 * any files the users has already explicitly loaded in
575 * that directory.
576 */
577 if (from_dir) {
578 cf_file_t my_file;
579 char const *r;
580 int my_fd;
581
582 my_file.cs = cs;
583 my_file.filename = filename;
584
585 /*
586 * Find and open the directory containing filename so we can use
587 * the "at"functions to avoid time of check/time of use insecurities.
588 */
589 if (fr_dirfd(&my_fd, &r, filename) < 0) {
590 ERROR("Failed to open directory containing %s", filename);
591 return -1;
592 }
593
594 if (fstatat(my_fd, r, &my_file.buf, 0) < 0) goto error;
595
596 file = fr_rb_find(tree, &my_file);
597
598 /*
599 * The file was previously read by including it
600 * explicitly. After it was read, we have a
601 * $INCLUDE of the directory it is in. In that
602 * case, we ignore the file.
603 *
604 * However, if the file WAS read from a wildcard
605 * $INCLUDE directory, then we read it again.
606 */
607 if (file && !file->from_dir) {
608 if (my_fd != AT_FDCWD) close(my_fd);
609 return 1;
610 }
611 fd = openat(my_fd, r, O_RDONLY, 0);
612 fp = (fd < 0) ? NULL : fdopen(fd, "r");
613 if (my_fd != AT_FDCWD) close(my_fd);
614 } else {
615 fp = fopen(filename, "r");
616 if (fp) fd = fileno(fp);
617 }
618
619 DEBUG2("including configuration file %s", filename);
620
621 if (!fp) {
622 error:
623 ERROR("Unable to open file \"%s\": %s", filename, fr_syserror(errno));
624 return -1;
625 }
626
627 MEM(file = talloc(tree, cf_file_t));
628
629 file->filename = talloc_strdup(file, filename); /* The rest of the code expects this to be a talloced buffer */
630 file->cs = cs;
631 file->from_dir = from_dir;
632
633 if (fstat(fd, &file->buf) == 0) {
634#ifdef S_IWOTH
635 if ((file->buf.st_mode & S_IWOTH) != 0) {
636 ERROR("Configuration file %s is globally writable. "
637 "Refusing to start due to insecure configuration.", filename);
638
639 fclose(fp);
640 talloc_free(file);
641 return -1;
642 }
643#endif
644 }
645
646 /*
647 * We can include the same file twice. e.g. when it
648 * contains common definitions, such as for SQL.
649 *
650 * Though the admin should really use templates for that.
651 */
652 if (!fr_rb_insert(tree, file)) talloc_free(file);
653
654 *fp_p = fp;
655 return 0;
656}
657
658/** Do some checks on the file as an "input" file. i.e. one read by a module.
659 *
660 * @note Must be called with super user privileges.
661 *
662 * @param cp currently being processed.
663 * @param check_perms If true - will return false if file is world readable,
664 * or not readable by the unprivileged user/group.
665 * @return
666 * - true if permissions are OK, or the file exists.
667 * - false if the file does not exist or the permissions are incorrect.
668 */
669bool cf_file_check(CONF_PAIR *cp, bool check_perms)
670{
671 cf_file_t *file;
672 CONF_SECTION *top;
673 fr_rb_tree_t *tree;
674 char const *filename = cf_pair_value(cp);
675 int fd = -1;
676
677 top = cf_root(cp);
678 tree = cf_data_value(cf_data_find(top, fr_rb_tree_t, "filename"));
679 if (!tree) return false;
680
681 file = talloc(tree, cf_file_t);
682 if (!file) return false;
683
684 file->filename = talloc_strdup(file, filename); /* The rest of the code expects this to be talloced */
685 file->cs = cf_item_to_section(cf_parent(cp));
686
687 if (!check_perms) {
688 if (stat(filename, &file->buf) < 0) {
689 perm_error:
690 fr_perm_file_error(errno); /* Write error and euid/egid to error buff */
691 cf_log_perr(cp, "Unable to open file \"%s\"", filename);
692 error:
693 if (fd >= 0) close(fd);
694 talloc_free(file);
695 return false;
696 }
697 talloc_free(file);
698 return true;
699 }
700
701 /*
702 * This really does seem to be the simplest way
703 * to check that the file can be read with the
704 * euid/egid.
705 */
706 {
707 uid_t euid = (uid_t)-1;
708 gid_t egid = (gid_t)-1;
709
710 if ((conf_check_gid != (gid_t)-1) && ((egid = getegid()) != conf_check_gid)) {
711 if (setegid(conf_check_gid) < 0) {
712 cf_log_perr(cp, "Failed setting effective group ID (%d) for file check: %s",
713 (int) conf_check_gid, fr_syserror(errno));
714 goto error;
715 }
716 }
717 if ((conf_check_uid != (uid_t)-1) && ((euid = geteuid()) != conf_check_uid)) {
718 if (seteuid(conf_check_uid) < 0) {
719 cf_log_perr(cp, "Failed setting effective user ID (%d) for file check: %s",
720 (int) conf_check_uid, fr_syserror(errno));
721 goto error;
722 }
723 }
724 fd = open(filename, O_RDONLY);
725 if (conf_check_uid != euid) {
726 if (seteuid(euid) < 0) {
727 cf_log_perr(cp, "Failed restoring effective user ID (%d) after file check: %s",
728 (int) euid, fr_syserror(errno));
729 goto error;
730 }
731 }
732 if (conf_check_gid != egid) {
733 if (setegid(egid) < 0) {
734 cf_log_perr(cp, "Failed restoring effective group ID (%d) after file check: %s",
735 (int) egid, fr_syserror(errno));
736 goto error;
737 }
738 }
739 }
740
741 if (fd < 0) goto perm_error;
742 if (fstat(fd, &file->buf) < 0) goto perm_error;
743
744 close(fd);
745
746#ifdef S_IWOTH
747 if ((file->buf.st_mode & S_IWOTH) != 0) {
748 cf_log_perr(cp, "Configuration file %s is globally writable. "
749 "Refusing to start due to insecure configuration.", filename);
750 talloc_free(file);
751 return false;
752 }
753#endif
754
755 /*
756 * It's OK to include the same file twice...
757 */
758 if (!fr_rb_insert(tree, file)) talloc_free(file);
759
760 return true;
761}
762
763/*
764 * Do variable expansion in pass2.
765 *
766 * This is a breadth-first expansion. "deep
767 */
768int cf_section_pass2(CONF_SECTION *cs)
769{
770 cf_item_foreach(&cs->item, ci) {
771 char const *value;
772 CONF_PAIR *cp;
773 char buffer[8192];
774
775 if (ci->type != CONF_ITEM_PAIR) continue;
776
777 cp = cf_item_to_pair(ci);
778 if (!cp->value || !cp->pass2) continue;
779
780 fr_assert((cp->rhs_quote == T_BARE_WORD) ||
781 (cp->rhs_quote == T_HASH) ||
782 (cp->rhs_quote == T_DOUBLE_QUOTED_STRING) ||
783 (cp->rhs_quote == T_BACK_QUOTED_STRING));
784
785 value = cf_expand_variables(ci->filename, ci->lineno, cs, buffer, sizeof(buffer), cp->value, -1, NULL);
786 if (!value) return -1;
787
788 talloc_const_free(cp->value);
789 cp->value = talloc_typed_strdup(cp, value);
790 }
791
792 cf_item_foreach(&cs->item, ci) {
793 if (ci->type != CONF_ITEM_SECTION) continue;
794
795 if (cf_section_pass2(cf_item_to_section(ci)) < 0) return -1;
796 }
797
798 return 0;
799}
800
801
802static char const *cf_local_file(char const *base, char const *filename,
803 char *buffer, size_t bufsize)
804{
805 size_t dirsize;
806 char *p;
807
808 strlcpy(buffer, base, bufsize);
809
810 p = strrchr(buffer, FR_DIR_SEP);
811 if (!p) return filename;
812 if (p[1]) { /* ./foo */
813 p[1] = '\0';
814 }
815
816 dirsize = (p - buffer) + 1;
817
818 if ((dirsize + strlen(filename)) >= bufsize) {
819 return NULL;
820 }
821
822 strlcpy(p + 1, filename, bufsize - dirsize);
823
824 return buffer;
825}
826
827/*
828 * Like gettoken(), but uses the new API which seems better for a
829 * host of reasons.
830 */
831static int cf_get_token(CONF_SECTION *parent, char const **ptr_p, fr_token_t *token, char *buffer, size_t buflen,
832 char const *filename, int lineno)
833{
834 char const *ptr = *ptr_p;
835 ssize_t slen;
836 char const *out;
837 size_t outlen;
838
839 /*
840 * Discover the string content, returning what kind of
841 * string it is.
842 *
843 * Don't allow casts or regexes. But do allow bare
844 * %{...} expansions.
845 */
846 slen = tmpl_preparse(&out, &outlen, ptr, strlen(ptr), token);
847 if (slen <= 0) {
848 char *spaces, *text;
849
850 fr_canonicalize_error(parent, &spaces, &text, slen, ptr);
851
852 ERROR("%s[%d]: %s", filename, lineno, text);
853 ERROR("%s[%d]: %s^ - %s", filename, lineno, spaces, fr_strerror());
854
855 talloc_free(spaces);
856 talloc_free(text);
857 return -1;
858 }
859
860 if ((size_t) slen >= buflen) {
861 ERROR("%s[%d]: Name is too long", filename, lineno);
862 return -1;
863 }
864
865 /*
866 * Unescape it or copy it verbatim as necessary.
867 */
868 if (!cf_expand_variables(filename, lineno, parent, buffer, buflen,
869 out, outlen, NULL)) {
870 return -1;
871 }
872
873 ptr += slen;
874 fr_skip_whitespace(ptr);
875
876 *ptr_p = ptr;
877 return 0;
878}
879
884
885static int8_t filename_cmp(void const *one, void const *two)
886{
887 int ret;
888 cf_file_heap_t const *a = one;
889 cf_file_heap_t const *b = two;
890
891 ret = strcmp(a->filename, b->filename);
892 return CMP(ret, 0);
893}
894
895
896static int process_include(cf_stack_t *stack, CONF_SECTION *parent, char const *ptr, bool required, bool relative)
897{
898 char const *value;
899 cf_stack_frame_t *frame = &stack->frame[stack->depth];
900
901 /*
902 * Can't do this inside of update / map.
903 */
904 if (parent->unlang == CF_UNLANG_ASSIGNMENT) {
905 ERROR("%s[%d]: Parse error: Invalid location for $INCLUDE",
906 frame->filename, frame->lineno);
907 return -1;
908 }
909
910 fr_skip_whitespace(ptr);
911
912 /*
913 * Grab all of the non-whitespace text.
914 */
915 value = ptr;
916 while (*ptr && !isspace((uint8_t) *ptr)) ptr++;
917
918 /*
919 * We're OK with whitespace after the filename.
920 */
921 fr_skip_whitespace(ptr);
922
923 /*
924 * But anything else after the filename is wrong.
925 */
926 if (*ptr) {
927 ERROR("%s[%d]: Unexpected text after $INCLUDE", frame->filename, frame->lineno);
928 return -1;
929 }
930
931 /*
932 * Hack for ${confdir}/foo
933 */
934 if (*value == '$') relative = false;
935
936 value = cf_expand_variables(frame->filename, frame->lineno, parent, stack->buff[1], stack->bufsize,
937 value, ptr - value, NULL);
938 if (!value) return -1;
939
940 if (!FR_DIR_IS_RELATIVE(value)) relative = false;
941
942 if (relative) {
943 value = cf_local_file(frame->filename, value, stack->buff[2], stack->bufsize);
944 if (!value) {
945 ERROR("%s[%d]: Directories too deep", frame->filename, frame->lineno);
946 return -1;
947 }
948 }
949
950 if (strchr(value, '*') != 0) {
951#ifndef HAVE_GLOB_H
952 ERROR("%s[%d]: Filename globbing is not supported.", frame->filename, frame->lineno);
953 return -1;
954#else
955 stack->depth++;
956 frame = &stack->frame[stack->depth];
957 memset(frame, 0, sizeof(*frame));
958
959 frame->type = CF_STACK_GLOB;
960 frame->required = required;
961 frame->parent = parent;
962 frame->current = parent;
963
964 /*
965 * For better debugging.
966 */
967 frame->filename = frame[-1].filename;
968 frame->lineno = frame[-1].lineno;
969
970 if (glob(value, GLOB_ERR | GLOB_NOESCAPE, NULL, &frame->glob) < 0) {
971 stack->depth--;
972 ERROR("%s[%d]: Failed expanding '%s' - %s", frame->filename, frame->lineno,
973 value, fr_syserror(errno));
974 return -1;
975 }
976
977 /*
978 * If nothing matches, that may be an error.
979 */
980 if (frame->glob.gl_pathc == 0) {
981 if (!required) {
982 stack->depth--;
983 return 0;
984 }
985
986 ERROR("%s[%d]: Failed expanding '%s' - No matching files", frame->filename, frame->lineno,
987 value);
988 return -1;
989 }
990
991 return 1;
992#endif
993 }
994
995 /*
996 * Allow $-INCLUDE for directories, too.
997 */
998 if (!required) {
999 struct stat statbuf;
1000
1001 if (stat(value, &statbuf) < 0) {
1002 WARN("Not including file %s: %s", value, fr_syserror(errno));
1003 return 0;
1004 }
1005 }
1006
1007 /*
1008 * The filename doesn't end in '/', so it must be a file.
1009 */
1010 if (value[strlen(value) - 1] != '/') {
1011 if ((stack->depth + 1) >= MAX_STACK) {
1012 ERROR("%s[%d]: Directories too deep", frame->filename, frame->lineno);
1013 return -1;
1014 }
1015
1016 stack->depth++;
1017 frame = &stack->frame[stack->depth];
1018 memset(frame, 0, sizeof(*frame));
1019
1020 frame->type = CF_STACK_FILE;
1021 frame->fp = NULL;
1022 frame->parent = parent;
1023 frame->current = parent;
1024 frame->filename = talloc_strdup(frame->parent, value);
1025 return 1;
1026 }
1027
1028#ifdef HAVE_DIRENT_H
1029 /*
1030 * $INCLUDE foo/
1031 *
1032 * Include ALL non-"dot" files in the directory.
1033 * careful!
1034 */
1035 {
1036 char *directory;
1037 DIR *dir;
1038 struct dirent *dp;
1039 struct stat stat_buf;
1040 cf_file_heap_t *h;
1041#ifdef S_IWOTH
1042 int my_fd;
1043#endif
1044
1045 /*
1046 * We need to keep a copy of parent while the
1047 * included files mangle our buff[] array.
1048 */
1049 directory = talloc_strdup(parent, value);
1050
1051 cf_log_debug(parent, "Including files in directory \"%s\"", directory);
1052
1053 dir = opendir(directory);
1054 if (!dir) {
1055 ERROR("%s[%d]: Error reading directory %s: %s",
1056 frame->filename, frame->lineno, value,
1057 fr_syserror(errno));
1058 error:
1059 talloc_free(directory);
1060 return -1;
1061 }
1062
1063#ifdef S_IWOTH
1064 my_fd = dirfd(dir);
1065 fr_assert(my_fd >= 0);
1066
1067 /*
1068 * Security checks.
1069 */
1070 if (fstat(my_fd, &stat_buf) < 0) {
1071 ERROR("%s[%d]: Failed reading directory %s: %s", frame->filename, frame->lineno,
1072 directory, fr_syserror(errno));
1073 goto error;
1074 }
1075
1076 if ((stat_buf.st_mode & S_IWOTH) != 0) {
1077 ERROR("%s[%d]: Directory %s is globally writable. Refusing to start due to "
1078 "insecure configuration", frame->filename, frame->lineno, directory);
1079 goto error;
1080 }
1081#endif
1082
1083 /*
1084 * Directory plus next filename.
1085 */
1086 if ((stack->depth + 2) >= MAX_STACK) {
1087 ERROR("%s[%d]: Directories too deep", frame->filename, frame->lineno);
1088 goto error;
1089 }
1090
1091 stack->depth++;
1092 frame = &stack->frame[stack->depth];
1093 *frame = (cf_stack_frame_t){
1094 .type = CF_STACK_DIR,
1095 .directory = directory,
1096 .parent = parent,
1097 .current = parent,
1098 .from_dir = true
1099 };
1100
1101 MEM(frame->heap = fr_heap_alloc(frame->directory, filename_cmp, cf_file_heap_t, heap_id, 0));
1102
1103 /*
1104 * Read the whole directory before loading any
1105 * individual file. We stat() files to ensure
1106 * that they're readable. We ignore
1107 * subdirectories and files with odd filenames.
1108 */
1109 while ((dp = readdir(dir)) != NULL) {
1110 char const *p;
1111 size_t len;
1112
1113 if (dp->d_name[0] == '.') continue;
1114
1115 /*
1116 * Check for valid characters
1117 */
1118 for (p = dp->d_name; *p != '\0'; p++) {
1119 if (isalpha((uint8_t)*p) ||
1120 isdigit((uint8_t)*p) ||
1121 (*p == '-') ||
1122 (*p == '_') ||
1123 (*p == '.')) continue;
1124 break;
1125 }
1126 if (*p != '\0') continue;
1127
1128 /*
1129 * Ignore config files generated by deb / rpm packaging updates.
1130 */
1131 len = strlen(dp->d_name);
1132 if ((len > 10) && (strncmp(&dp->d_name[len - 10], ".dpkg-dist", 10) == 0)) {
1133 pkg_file:
1134 WARN("Ignoring packaging system produced file %s%s", frame->directory, dp->d_name);
1135 continue;
1136 }
1137 if ((len > 9) && (strncmp(&dp->d_name[len - 9], ".dpkg-old", 9) == 0)) goto pkg_file;
1138 if ((len > 7) && (strncmp(&dp->d_name[len - 7], ".rpmnew", 9) == 0)) goto pkg_file;
1139 if ((len > 8) && (strncmp(&dp->d_name[len - 8], ".rpmsave", 10) == 0)) goto pkg_file;
1140
1141 snprintf(stack->buff[1], stack->bufsize, "%s%s",
1142 frame->directory, dp->d_name);
1143
1144 if (stat(stack->buff[1], &stat_buf) != 0) {
1145 ERROR("%s[%d]: Failed checking file %s: %s",
1146 (frame - 1)->filename, (frame - 1)->lineno,
1147 stack->buff[1], fr_syserror(errno));
1148 continue;
1149 }
1150
1151 if (S_ISDIR(stat_buf.st_mode)) {
1152 WARN("%s[%d]: Ignoring directory %s",
1153 (frame - 1)->filename, (frame - 1)->lineno,
1154 stack->buff[1]);
1155 continue;
1156 }
1157
1158 MEM(h = talloc_zero(frame->heap, cf_file_heap_t));
1159 MEM(h->filename = talloc_typed_strdup(h, stack->buff[1]));
1160 h->heap_id = FR_HEAP_INDEX_INVALID;
1161 (void) fr_heap_insert(&frame->heap, h);
1162 }
1163 closedir(dir);
1164 return 1;
1165 }
1166#else
1167 ERROR("%s[%d]: Error including %s: No support for directories!",
1168 frame->filename, frame->lineno, value);
1169 return -1;
1170#endif
1171}
1172
1173
1174static int process_template(cf_stack_t *stack)
1175{
1176 CONF_ITEM *ci;
1177 CONF_SECTION *parent_cs, *templatecs;
1178 fr_token_t token;
1179 cf_stack_frame_t *frame = &stack->frame[stack->depth];
1180 CONF_SECTION *parent = frame->current;
1181
1182 token = getword(&stack->ptr, stack->buff[2], stack->bufsize, true);
1183 if (token != T_EOL) {
1184 ERROR("%s[%d]: Unexpected text after $TEMPLATE", frame->filename, frame->lineno);
1185 return -1;
1186 }
1187
1188 if (!parent) {
1189 ERROR("%s[%d]: Internal sanity check error in template reference", frame->filename, frame->lineno);
1190 return -1;
1191 }
1192
1193 if (parent->template) {
1194 ERROR("%s[%d]: Section already has a template", frame->filename, frame->lineno);
1195 return -1;
1196 }
1197
1198 /*
1199 * Allow in-line templates.
1200 */
1201 templatecs = cf_section_find(cf_item_to_section(cf_parent(parent)), "template", stack->buff[2]);
1202 if (templatecs) {
1203 parent->template = templatecs;
1204 return 0;
1205 }
1206
1207 parent_cs = cf_root(parent);
1208
1209 templatecs = cf_section_find(parent_cs, "templates", NULL);
1210 if (!templatecs) {
1211 ERROR("%s[%d]: Cannot find template \"%s\", as no 'templates' section exists.",
1212 frame->filename, frame->lineno, stack->buff[2]);
1213 return -1;
1214 }
1215
1216 ci = cf_reference_item(parent_cs, templatecs, stack->buff[2]);
1217 if (!ci || (ci->type != CONF_ITEM_SECTION)) {
1218 PERROR("%s[%d]: Failed finding item \"%s\" in the 'templates' section.",
1219 frame->filename, frame->lineno, stack->buff[2]);
1220 return -1;
1221 }
1222
1223 parent->template = cf_item_to_section(ci);
1224 return 0;
1225}
1226
1227
1228static int cf_file_fill(cf_stack_t *stack);
1229
1230
1231static const bool terminal_end_section[UINT8_MAX + 1] = {
1232 ['{'] = true,
1233};
1234
1235static const bool terminal_end_line[UINT8_MAX + 1] = {
1236 [0] = true,
1237
1238 ['\r'] = true,
1239 ['\n'] = true,
1240
1241 ['#'] = true,
1242 [','] = true,
1243 [';'] = true,
1244 ['}'] = true,
1245};
1246
1247static CONF_ITEM *process_if(cf_stack_t *stack)
1248{
1249 ssize_t slen = 0;
1250 fr_dict_t const *dict = NULL;
1251 CONF_SECTION *cs;
1252 uint8_t const *p;
1253 char const *ptr = stack->ptr;
1254 cf_stack_frame_t *frame = &stack->frame[stack->depth];
1255 CONF_SECTION *parent = frame->current;
1256 char *buff[4];
1257 tmpl_rules_t t_rules;
1258
1259 /*
1260 * Short names are nicer.
1261 */
1262 buff[1] = stack->buff[1];
1263 buff[2] = stack->buff[2];
1264 buff[3] = stack->buff[3];
1265
1266 dict = virtual_server_dict_by_child_ci(cf_section_to_item(parent));
1267
1268 t_rules = (tmpl_rules_t) {
1269 .attr = {
1270 .dict_def = dict,
1271 .list_def = request_attr_request,
1272 .allow_unresolved = true,
1273 .allow_unknown = true
1274 },
1275 .literals_safe_for = FR_VALUE_BOX_SAFE_FOR_ANY,
1276 };
1277
1278 /*
1279 * Create the CONF_SECTION. We don't pass a name2, as it
1280 * hasn't yet been parsed.
1281 */
1282 cs = cf_section_alloc(parent, parent, buff[1], NULL);
1283 if (!cs) {
1284 cf_log_err(parent, "Failed allocating memory for section");
1285 return NULL;
1286 }
1287 cf_filename_set(cs, frame->filename);
1288 cf_lineno_set(cs, frame->lineno);
1289
1290 RULES_VERIFY(cs, &t_rules);
1291
1292 /*
1293 * Keep "parsing" the condition until we hit EOL.
1294 *
1295 *
1296 */
1297 while (true) {
1298 int rcode;
1299 bool eol;
1300
1301 /*
1302 * Try to parse the condition. We can have a parse success, or a parse failure.
1303 */
1304 slen = fr_skip_condition(ptr, NULL, terminal_end_section, &eol);
1305
1306 /*
1307 * Parse success means we stop reading more data.
1308 */
1309 if (slen > 0) break;
1310
1311 /*
1312 * Parse failures not at EOL are real errors.
1313 */
1314 if (!eol) {
1315 slen = 0;
1316 fr_strerror_const("Unexpected EOF");
1317 error:
1318 cf_canonicalize_error(cs, slen, "Parse error in condition", ptr);
1319 talloc_free(cs);
1320 return NULL;
1321 }
1322
1323 /*
1324 * Parse failures at EOL means that we read more data.
1325 */
1326 p = (uint8_t const *) ptr + (-slen);
1327
1328 /*
1329 * Auto-continue across CR LF until we reach the
1330 * end of the string. We mash everything into one line.
1331 */
1332 if (*p && (*p < ' ')) {
1333 while ((*p == '\r') || (*p == '\n')) {
1334 char *q;
1335
1336 q = UNCONST(char *, p);
1337 *q = ' ';
1338 p++;
1339 continue;
1340 }
1341
1342 /*
1343 * Hopefully the next line is already in
1344 * the buffer, and we don't have to read
1345 * more data.
1346 */
1347 continue;
1348 }
1349
1350 /*
1351 * Anything other than EOL is a problem at this point.
1352 */
1353 if (*p) {
1354 fr_strerror_const("Unexpected text after condition");
1355 goto error;
1356 }
1357
1358 /*
1359 * We hit EOL, so the parse error is really "read more data".
1360 */
1361 stack->fill = UNCONST(char *, p);
1362 rcode = cf_file_fill(stack);
1363 if (rcode < 0) {
1364 cf_log_err(cs, "Failed parsing condition");
1365 return NULL;
1366 }
1367 }
1368
1369 fr_assert((size_t) slen < (stack->bufsize - 1));
1370
1371 ptr += slen;
1372 fr_skip_whitespace(ptr);
1373
1374 if (*ptr != '{') {
1375 cf_log_err(cs, "Expected '{' instead of %s", ptr);
1376 talloc_free(cs);
1377 return NULL;
1378 }
1379 ptr++;
1380
1381 /*
1382 * Save the parsed condition (minus trailing whitespace)
1383 * into a buffer.
1384 */
1385 memcpy(buff[2], stack->ptr, slen);
1386 buff[2][slen] = '\0';
1387
1388 while (slen > 0) {
1389 if (!isspace((uint8_t) buff[2][slen])) break;
1390
1391 buff[2][slen] = '\0';
1392 slen--;
1393 }
1394
1395 /*
1396 * Expand the variables in the pre-parsed condition.
1397 */
1398 if (!cf_expand_variables(frame->filename, frame->lineno, parent,
1399 buff[3], stack->bufsize, buff[2], slen, NULL)) {
1400 fr_strerror_const("Failed expanding configuration variable");
1401 return NULL;
1402 }
1403
1404 MEM(cs->name2 = talloc_typed_strdup(cs, buff[3]));
1405 cs->name2_quote = T_BARE_WORD;
1406
1407 stack->ptr = ptr;
1408
1409 cs->allow_locals = true;
1410 cs->unlang = CF_UNLANG_ALLOW;
1411 return cf_section_to_item(cs);
1412}
1413
1414static CONF_ITEM *process_map(cf_stack_t *stack)
1415{
1416 char const *mod;
1417 char const *value = NULL;
1418 CONF_SECTION *css;
1419 fr_token_t token;
1420 char const *ptr = stack->ptr;
1421 cf_stack_frame_t *frame = &stack->frame[stack->depth];
1422 CONF_SECTION *parent = frame->current;
1423 char *buff[4];
1424
1425 /*
1426 * Short names are nicer.
1427 */
1428 buff[1] = stack->buff[1];
1429 buff[2] = stack->buff[2];
1430
1431 if (cf_get_token(parent, &ptr, &token, buff[1], stack->bufsize,
1432 frame->filename, frame->lineno) < 0) {
1433 return NULL;
1434 }
1435
1436 if (token != T_BARE_WORD) {
1437 ERROR("%s[%d]: Invalid syntax for 'map' - module name must not be a quoted string",
1438 frame->filename, frame->lineno);
1439 return NULL;
1440 }
1441 mod = buff[1];
1442
1443 /*
1444 * Maps without an expansion string are allowed, though
1445 * it's not clear why.
1446 */
1447 if (*ptr == '{') {
1448 ptr++;
1449 goto alloc_section;
1450 }
1451
1452 /*
1453 * Now get the expansion string.
1454 */
1455 if (cf_get_token(parent, &ptr, &token, buff[2], stack->bufsize,
1456 frame->filename, frame->lineno) < 0) {
1457 return NULL;
1458 }
1459 if (!fr_str_tok[token]) {
1460 ERROR("%s[%d]: Expecting string expansions in 'map' definition",
1461 frame->filename, frame->lineno);
1462 return NULL;
1463 }
1464
1465 if (*ptr != '{') {
1466 ERROR("%s[%d]: Expecting section start brace '{' in 'map' definition",
1467 frame->filename, frame->lineno);
1468 return NULL;
1469 }
1470 ptr++;
1471 value = buff[2];
1472
1473 /*
1474 * Allocate the section
1475 */
1476alloc_section:
1477 css = cf_section_alloc(parent, parent, "map", mod);
1478 if (!css) {
1479 ERROR("%s[%d]: Failed allocating memory for section",
1480 frame->filename, frame->lineno);
1481 return NULL;
1482 }
1483 cf_filename_set(css, frame->filename);
1484 cf_lineno_set(css, frame->lineno);
1485 css->name2_quote = T_BARE_WORD;
1486
1487 css->argc = 0;
1488 if (value) {
1489 css->argv = talloc_array(css, char const *, 1);
1490 css->argv[0] = talloc_typed_strdup(css->argv, value);
1491 css->argv_quote = talloc_array(css, fr_token_t, 1);
1492 css->argv_quote[0] = token;
1493 css->argc++;
1494 }
1495 stack->ptr = ptr;
1496 css->unlang = CF_UNLANG_ASSIGNMENT;
1497
1498 return cf_section_to_item(css);
1499}
1500
1501
1502static CONF_ITEM *process_subrequest(cf_stack_t *stack)
1503{
1504 char const *mod = NULL;
1505 CONF_SECTION *css;
1506 fr_token_t token;
1507 char const *ptr = stack->ptr;
1508 cf_stack_frame_t *frame = &stack->frame[stack->depth];
1509 CONF_SECTION *parent = frame->current;
1510 char *buff[4];
1511 int values = 0;
1512
1513 /*
1514 * Short names are nicer.
1515 */
1516 buff[1] = stack->buff[1];
1517 buff[2] = stack->buff[2];
1518 buff[3] = stack->buff[3];
1519
1520 /*
1521 * subrequest { ... } is allowed.
1522 */
1523 fr_skip_whitespace(ptr);
1524 if (*ptr == '{') {
1525 ptr++;
1526 goto alloc_section;
1527 }
1528
1529 /*
1530 * Get the name of the Packet-Type.
1531 */
1532 if (cf_get_token(parent, &ptr, &token, buff[1], stack->bufsize,
1533 frame->filename, frame->lineno) < 0) {
1534 return NULL;
1535 }
1536
1537 mod = buff[1];
1538
1539 /*
1540 * subrequest Access-Request { ... } is allowed.
1541 */
1542 if (*ptr == '{') {
1543 ptr++;
1544 goto alloc_section;
1545 }
1546
1547 /*
1548 * subrequest Access-Request &foo { ... }
1549 */
1550 if (cf_get_token(parent, &ptr, &token, buff[2], stack->bufsize,
1551 frame->filename, frame->lineno) < 0) {
1552 return NULL;
1553 }
1554
1555 if (token != T_BARE_WORD) {
1556 ERROR("%s[%d]: The second argument to 'subrequest' must be an attribute reference",
1557 frame->filename, frame->lineno);
1558 return NULL;
1559 }
1560 values++;
1561
1562 if (*ptr == '{') {
1563 ptr++;
1564 goto alloc_section;
1565 }
1566
1567 /*
1568 * subrequest Access-Request &foo &bar { ... }
1569 */
1570 if (cf_get_token(parent, &ptr, &token, buff[3], stack->bufsize,
1571 frame->filename, frame->lineno) < 0) {
1572 return NULL;
1573 }
1574
1575 if (token != T_BARE_WORD) {
1576 ERROR("%s[%d]: The third argument to 'subrequest' must be an attribute reference",
1577 frame->filename, frame->lineno);
1578 return NULL;
1579 }
1580 values++;
1581
1582 if (*ptr != '{') {
1583 ERROR("%s[%d]: Expecting section start brace '{' in 'subrequest' definition",
1584 frame->filename, frame->lineno);
1585 return NULL;
1586 }
1587 ptr++;
1588
1589 /*
1590 * Allocate the section
1591 */
1592alloc_section:
1593 css = cf_section_alloc(parent, parent, "subrequest", mod);
1594 if (!css) {
1595 ERROR("%s[%d]: Failed allocating memory for section",
1596 frame->filename, frame->lineno);
1597 return NULL;
1598 }
1599 cf_filename_set(css, frame->filename);
1600 cf_lineno_set(css, frame->lineno);
1601 if (mod) css->name2_quote = T_BARE_WORD;
1602
1603 css->argc = values;
1604 if (values) {
1605 int i;
1606
1607 css->argv = talloc_array(css, char const *, values);
1608 css->argv_quote = talloc_array(css, fr_token_t, values);
1609
1610 for (i = 0; i < values; i++) {
1611 css->argv[i] = talloc_typed_strdup(css->argv, buff[2 + i]);
1612 css->argv_quote[i] = T_BARE_WORD;
1613 }
1614 }
1615
1616 stack->ptr = ptr;
1617
1618 css->allow_locals = true;
1619 css->unlang = CF_UNLANG_ALLOW;
1620 return cf_section_to_item(css);
1621}
1622
1623static CONF_ITEM *process_catch(cf_stack_t *stack)
1624{
1625 CONF_SECTION *css;
1626 int argc = 0;
1627 char const *ptr = stack->ptr;
1628 cf_stack_frame_t *frame = &stack->frame[stack->depth];
1629 CONF_SECTION *parent = frame->current;
1630 char *name2 = NULL;
1631 char *argv[RLM_MODULE_NUMCODES];
1632
1633 while (true) {
1634 char const *p;
1635 size_t len;
1636
1637 fr_skip_whitespace(ptr);
1638
1639 /*
1640 * We have an open bracket, it's the end of the "catch" statement.
1641 */
1642 if (*ptr == '{') {
1643 ptr++;
1644 break;
1645 }
1646
1647 /*
1648 * The arguments have to be short, unquoted words.
1649 */
1650 p = ptr;
1651 while (isalpha((uint8_t) *ptr)) ptr++;
1652
1653 len = ptr - p;
1654 if (len > 16) {
1655 ERROR("%s[%d]: Invalid syntax for 'catch' - unknown rcode '%s'",
1656 frame->filename, frame->lineno, p);
1657 return NULL;
1658 }
1659
1660 if ((*ptr != '{') && !isspace((uint8_t) *ptr)) {
1661 ERROR("%s[%d]: Invalid syntax for 'catch' - unexpected text at '%s'",
1662 frame->filename, frame->lineno, ptr);
1663 return NULL;
1664 }
1665
1666 if (!name2) {
1667 name2 = talloc_strndup(NULL, p, len);
1668 continue;
1669 }
1670
1671 if (argc > RLM_MODULE_NUMCODES) {
1672 ERROR("%s[%d]: Invalid syntax for 'catch' - too many arguments at'%s'",
1673 frame->filename, frame->lineno, ptr);
1674 return NULL;
1675 }
1676
1677 argv[argc++] = talloc_strndup(name2, p, len);
1678 }
1679
1680 css = cf_section_alloc(parent, parent, "catch", name2);
1681 if (!css) {
1682 talloc_free(name2);
1683 ERROR("%s[%d]: Failed allocating memory for section",
1684 frame->filename, frame->lineno);
1685 return NULL;
1686 }
1687 cf_filename_set(css, frame->filename);
1688 cf_lineno_set(css, frame->lineno);
1689 css->name2_quote = T_BARE_WORD;
1690 css->unlang = CF_UNLANG_ALLOW;
1691
1692 css->argc = argc;
1693 if (argc) {
1694 int i;
1695
1696 css->argv = talloc_array(css, char const *, argc + 1);
1697 css->argv_quote = talloc_array(css, fr_token_t, argc);
1698 css->argc = argc;
1699
1700 for (i = 0; i < argc; i++) {
1701 css->argv[i] = talloc_typed_strdup(css->argv, argv[i]);
1702 css->argv_quote[i] = T_BARE_WORD;
1703 }
1704
1705 css->argv[argc] = NULL;
1706 }
1707 talloc_free(name2);
1708
1709 stack->ptr = ptr;
1710
1711 return cf_section_to_item(css);
1712}
1713
1714static int parse_error(cf_stack_t *stack, char const *ptr, char const *message)
1715{
1716 char *spaces, *text;
1717 cf_stack_frame_t *frame = &stack->frame[stack->depth];
1718
1719 if (!ptr) ptr = stack->ptr;
1720
1721 /*
1722 * We must pass a _negative_ offset to this function.
1723 */
1724 fr_canonicalize_error(NULL, &spaces, &text, stack->ptr - ptr, stack->ptr);
1725
1726 ERROR("%s[%d]: %s", frame->filename, frame->lineno, text);
1727 ERROR("%s[%d]: %s^ - %s", frame->filename, frame->lineno, spaces, message);
1728
1729 talloc_free(spaces);
1730 talloc_free(text);
1731 return -1;
1732}
1733
1734static int parse_type_name(cf_stack_t *stack, char const **ptr_p, char const *type_ptr, fr_type_t *type_p)
1735{
1736 fr_type_t type;
1737 fr_token_t token;
1738 char const *ptr = *ptr_p;
1739 char const *ptr2;
1740
1741 /*
1742 * Parse an explicit type.
1743 */
1744 type = fr_table_value_by_str(fr_type_table, stack->buff[1], FR_TYPE_NULL);
1745 switch (type) {
1746 default:
1747 break;
1748
1749 case FR_TYPE_NULL:
1750 case FR_TYPE_VOID:
1751 case FR_TYPE_VALUE_BOX:
1752 case FR_TYPE_MAX:
1753 (void) parse_error(stack, type_ptr, "Unknown or invalid variable type in 'foreach'");
1754 return -1;
1755 }
1756
1757 fr_skip_whitespace(ptr);
1758 ptr2 = ptr;
1759
1760 /*
1761 * Parse the variable name. @todo - allow '-' in names.
1762 */
1763 token = gettoken(&ptr, stack->buff[2], stack->bufsize, false);
1764 if (token != T_BARE_WORD) {
1765 (void) parse_error(stack, ptr2, "Invalid variable name for key in 'foreach'");
1766 return -1;
1767 }
1768 fr_skip_whitespace(ptr);
1769
1770 *ptr_p = ptr;
1771 *type_p = type;
1772
1773 return 0;
1774}
1775
1776/*
1777 * foreach &User-Name { - old and deprecated
1778 *
1779 * foreach value (...) { - automatically define variable
1780 *
1781 * foreach string value ( ...) { - data type for variable
1782 *
1783 * foreach string key, type value (..) { - key is "string", value is as above
1784 */
1785static CONF_ITEM *process_foreach(cf_stack_t *stack)
1786{
1787 fr_token_t token;
1788 fr_type_t type;
1789 CONF_SECTION *css;
1790 char const *ptr = stack->ptr, *ptr2, *type_ptr;
1791 cf_stack_frame_t *frame = &stack->frame[stack->depth];
1792 CONF_SECTION *parent = frame->current;
1793
1794 css = cf_section_alloc(parent, parent, "foreach", NULL);
1795 if (!css) {
1796 ERROR("%s[%d]: Failed allocating memory for section",
1797 frame->filename, frame->lineno);
1798 return NULL;
1799 }
1800
1801 cf_filename_set(css, frame->filename);
1802 cf_lineno_set(css, frame->lineno);
1803 css->name2_quote = T_BARE_WORD;
1804 css->unlang = CF_UNLANG_ALLOW;
1805 css->allow_locals = true;
1806
1807 /*
1808 * Get the first argument to "foreach". For backwards
1809 * compatibility, it could be an attribute reference.
1810 */
1811 type_ptr = ptr;
1812 if (cf_get_token(parent, &ptr, &token, stack->buff[1], stack->bufsize,
1813 frame->filename, frame->lineno) < 0) {
1814 return NULL;
1815 }
1816
1817 if (token != T_BARE_WORD) {
1818 invalid_argument:
1819 (void) parse_error(stack, type_ptr, "Unexpected argument to 'foreach'");
1820 return NULL;
1821 }
1822
1823 fr_skip_whitespace(ptr);
1824
1825 /*
1826 * foreach foo { ...
1827 *
1828 * Deprecated and don't use.
1829 */
1830 if (*ptr == '{') {
1831 css->name2 = talloc_typed_strdup(css, stack->buff[1]);
1832
1833 ptr++;
1834 stack->ptr = ptr;
1835
1836 cf_log_warn(css, "Using deprecated syntax. Please use new the new 'foreach' syntax.");
1837 return cf_section_to_item(css);
1838 }
1839
1840 fr_skip_whitespace(ptr);
1841
1842 /*
1843 * foreach value (...) {
1844 */
1845 if (*ptr == '(') {
1846 type = FR_TYPE_NULL;
1847 strcpy(stack->buff[2], stack->buff[1]); /* so that we can parse expression in buff[1] */
1848 goto alloc_argc_2;
1849 }
1850
1851 /*
1852 * on input, type name is in stack->buff[1]
1853 * on output, variable name is in stack->buff[2]
1854 */
1855 if (parse_type_name(stack, &ptr, type_ptr, &type) < 0) return NULL;
1856
1857 /*
1858 * if we now have an expression block, then just have variable type / name.
1859 */
1860 if (*ptr == '(') goto alloc_argc_2;
1861
1862 /*
1863 * There's a comma. the first "type name" is for the key. We skip the comma, and parse the
1864 * second "type name" as being for the value.
1865 *
1866 * foreach type key, type value (...)
1867 */
1868 if (*ptr == ',') {
1869 /*
1870 * We have 4 arguments, [var-type, var-name, key-type, key-name]
1871 *
1872 * We don't really care about key-type, but we might care later.
1873 */
1874 css->argc = 4;
1875 css->argv = talloc_array(css, char const *, css->argc);
1876 css->argv_quote = talloc_array(css, fr_token_t, css->argc);
1877
1878 css->argv[2] = fr_type_to_str(type);
1879 css->argv_quote[2] = T_BARE_WORD;
1880
1881 css->argv[3] = talloc_typed_strdup(css->argv, stack->buff[2]);
1882 css->argv_quote[3] = T_BARE_WORD;
1883
1884 ptr++;
1885 fr_skip_whitespace(ptr);
1886 type_ptr = ptr;
1887
1888 /*
1889 * Now parse "type value"
1890 */
1891 token = gettoken(&ptr, stack->buff[1], stack->bufsize, false);
1892 if (token != T_BARE_WORD) goto invalid_argument;
1893
1894 if (parse_type_name(stack, &ptr, type_ptr, &type) < 0) return NULL;
1895
1896 if (!fr_type_is_leaf(type)) {
1897 (void) parse_error(stack, type_ptr, "Invalid data type for 'key' variable");
1898 return NULL;
1899 }
1900 }
1901
1902 /*
1903 * The thing to loop over must now be in an expression block.
1904 */
1905 if (*ptr != '(') {
1906 (void) parse_error(stack, ptr, "Expected (...) after 'foreach' variable definition");
1907 return NULL;
1908 }
1909
1910 goto parse_expression;
1911
1912alloc_argc_2:
1913 css->argc = 2;
1914 css->argv = talloc_array(css, char const *, css->argc);
1915 css->argv_quote = talloc_array(css, fr_token_t, css->argc);
1916
1917
1918parse_expression:
1919 /*
1920 * "(" whitespace EXPRESSION whitespace ")"
1921 */
1922 ptr++;
1923 fr_skip_whitespace(ptr);
1924 ptr2 = ptr;
1925
1926 if (cf_get_token(parent, &ptr, &token, stack->buff[1], stack->bufsize,
1927 frame->filename, frame->lineno) < 0) {
1928 return NULL;
1929 }
1930
1931 /*
1932 * We can do &foo[*] or %func(...), but not "...".
1933 */
1934 if (token != T_BARE_WORD) {
1935 (void) parse_error(stack, ptr2, "Invalid reference in 'foreach'");
1936 return NULL;
1937 }
1938
1939 fr_skip_whitespace(ptr);
1940 if (*ptr != ')') {
1941 (void) parse_error(stack, ptr, "Missing ')' in 'foreach'");
1942 return NULL;
1943 }
1944 ptr++;
1945 fr_skip_whitespace(ptr);
1946
1947 if (*ptr != '{') {
1948 (void) parse_error(stack, ptr, "Expected '{' in 'foreach'");
1949 return NULL;
1950 }
1951
1952 css->name2 = talloc_typed_strdup(css, stack->buff[1]);
1953
1954 /*
1955 * Add in the extra arguments
1956 */
1957 css->argv[0] = fr_type_to_str(type);
1958 css->argv_quote[0] = T_BARE_WORD;
1959
1960 css->argv[1] = talloc_typed_strdup(css->argv, stack->buff[2]);
1961 css->argv_quote[1] = T_BARE_WORD;
1962
1963 ptr++;
1964 stack->ptr = ptr;
1965
1966 return cf_section_to_item(css);
1967}
1968
1969
1970static int add_pair(CONF_SECTION *parent, char const *attr, char const *value,
1971 fr_token_t name1_token, fr_token_t op_token, fr_token_t value_token,
1972 char *buff, char const *filename, int lineno)
1973{
1974 CONF_DATA const *cd;
1975 conf_parser_t *rule;
1976 CONF_PAIR *cp;
1977 bool pass2 = false;
1978
1979 /*
1980 * If we have the value, expand any configuration
1981 * variables in it.
1982 */
1983 if (value && *value) {
1984 bool soft_fail;
1985 char const *expanded;
1986
1987 expanded = cf_expand_variables(filename, lineno, parent, buff, talloc_array_length(buff), value, -1, &soft_fail);
1988 if (expanded) {
1989 value = expanded;
1990
1991 } else if (!soft_fail) {
1992 return -1;
1993
1994 } else {
1995 /*
1996 * References an item which doesn't exist,
1997 * or which is already marked up as being
1998 * expanded in pass2. Wait for pass2 to
1999 * do the expansions.
2000 *
2001 * Leave the input value alone.
2002 */
2003 pass2 = true;
2004 }
2005 }
2006
2007 cp = cf_pair_alloc(parent, attr, value, op_token, name1_token, value_token);
2008 if (!cp) return -1;
2009 cf_filename_set(cp, filename);
2010 cf_lineno_set(cp, lineno);
2011 cp->pass2 = pass2;
2012
2013 cd = cf_data_find(CF_TO_ITEM(parent), conf_parser_t, attr);
2014 if (!cd) return 0;
2015
2016 rule = cf_data_value(cd);
2017 if (!rule->on_read) return 0;
2018
2019 /*
2020 * Do the on_read callback after adding the value.
2021 */
2022 return rule->on_read(parent, NULL, NULL, cf_pair_to_item(cp), rule);
2023}
2024
2025/*
2026 * switch (cast) foo {
2027 */
2028static CONF_ITEM *process_switch(cf_stack_t *stack)
2029{
2030 size_t match_len;
2031 fr_type_t type = FR_TYPE_NULL;
2032 fr_token_t name2_quote = T_BARE_WORD;
2033 CONF_SECTION *css;
2034 char const *ptr = stack->ptr;
2035 cf_stack_frame_t *frame = &stack->frame[stack->depth];
2036 CONF_SECTION *parent = frame->current;
2037
2038 fr_skip_whitespace(ptr);
2039 if (*ptr == '(') {
2040 char const *start;
2041
2042 ptr++;
2043 start = ptr;
2044
2045 while (isalpha(*ptr)) ptr++;
2046
2047 if (*ptr != ')') {
2048 ERROR("%s[%d]: Missing ')' in cast",
2049 frame->filename, frame->lineno);
2050 return NULL;
2051 }
2052
2053 type = fr_table_value_by_longest_prefix(&match_len, fr_type_table,
2054 start, ptr - start, FR_TYPE_MAX);
2055 if (type == FR_TYPE_MAX) {
2056 ERROR("%s[%d]: Unknown data type '%.*s' in cast",
2057 frame->filename, frame->lineno, (int) (ptr - start), start);
2058 return NULL;
2059 }
2060
2061 if (!fr_type_is_leaf(type)) {
2062 ERROR("%s[%d]: Invalid data type '%.*s' in cast",
2063 frame->filename, frame->lineno, (int) (ptr - start), start);
2064 return NULL;
2065 }
2066
2067 ptr++;
2068 fr_skip_whitespace(ptr);
2069 }
2070
2071 /*
2072 * Get the argument to the switch statement
2073 */
2074 if (cf_get_token(parent, &ptr, &name2_quote, stack->buff[1], stack->bufsize,
2075 frame->filename, frame->lineno) < 0) {
2076 return NULL;
2077 }
2078
2079 css = cf_section_alloc(parent, parent, "switch", NULL);
2080 if (!css) {
2081 ERROR("%s[%d]: Failed allocating memory for section",
2082 frame->filename, frame->lineno);
2083 return NULL;
2084 }
2085
2086 cf_filename_set(css, frame->filename);
2087 cf_lineno_set(css, frame->lineno);
2088 css->name2_quote = name2_quote;
2089 css->unlang = CF_UNLANG_ALLOW;
2090 css->allow_locals = true;
2091
2092 fr_skip_whitespace(ptr);
2093
2094 if (*ptr != '{') {
2095 (void) parse_error(stack, ptr, "Expected '{' in 'switch'");
2096 return NULL;
2097 }
2098
2099 css->name2 = talloc_typed_strdup(css, stack->buff[1]);
2100
2101 /*
2102 * Add in the extra argument.
2103 */
2104 if (type != FR_TYPE_NULL) {
2105 css->argc = 1;
2106 css->argv = talloc_array(css, char const *, css->argc);
2107 css->argv_quote = talloc_array(css, fr_token_t, css->argc);
2108
2109 css->argv[0] = fr_type_to_str(type);
2110 css->argv_quote[0] = T_BARE_WORD;
2111 }
2112
2113 ptr++;
2114 stack->ptr = ptr;
2115
2116 return cf_section_to_item(css);
2117}
2118
2119
2120static fr_table_ptr_sorted_t unlang_keywords[] = {
2121 { L("catch"), (void *) process_catch },
2122 { L("elsif"), (void *) process_if },
2123 { L("foreach"), (void *) process_foreach },
2124 { L("if"), (void *) process_if },
2125 { L("map"), (void *) process_map },
2126 { L("subrequest"), (void *) process_subrequest },
2127 { L("switch"), (void *) process_switch }
2128};
2129static int unlang_keywords_len = NUM_ELEMENTS(unlang_keywords);
2130
2131typedef CONF_ITEM *(*cf_process_func_t)(cf_stack_t *);
2132
2133static int parse_input(cf_stack_t *stack)
2134{
2135 fr_token_t name1_token, name2_token, value_token, op_token;
2136 char const *value;
2137 CONF_SECTION *css;
2138 char const *ptr = stack->ptr;
2139 char const *ptr2;
2140 cf_stack_frame_t *frame = &stack->frame[stack->depth];
2141 CONF_SECTION *parent = frame->current;
2142 char *buff[4];
2143 cf_process_func_t process;
2144
2145 /*
2146 * Short names are nicer.
2147 */
2148 buff[0] = stack->buff[0];
2149 buff[1] = stack->buff[1];
2150 buff[2] = stack->buff[2];
2151 buff[3] = stack->buff[3];
2152
2153 fr_assert(parent != NULL);
2154
2155 /*
2156 * Catch end of a subsection.
2157 *
2158 * frame->current is the new thing we just created.
2159 * frame->parent is the parent of the current frame
2160 * frame->at_reference is the original frame->current, before the @reference
2161 * parent is the parent we started with when we started this section.
2162 */
2163 if (*ptr == '}') {
2164 /*
2165 * No pushed braces means that we're already in
2166 * the parent section which loaded this file. We
2167 * cannot go back up another level.
2168 *
2169 * This limitation means that we cannot put half
2170 * of a CONF_SECTION in one file, and then the
2171 * second half in another file. That's fine.
2172 */
2173 if (frame->braces == 0) {
2174 return parse_error(stack, ptr, "Too many closing braces");
2175 }
2176
2177 /*
2178 * Reset the current and parent to the original
2179 * section, before we were parsing the
2180 * @reference.
2181 */
2182 if (frame->at_reference) {
2183 frame->current = frame->parent = frame->at_reference;
2184 frame->at_reference = NULL;
2185
2186 } else {
2187 /*
2188 * Go back up one section, because we can.
2189 */
2190 frame->current = frame->parent = cf_item_to_section(frame->current->item.parent);
2191 }
2192
2193 fr_assert(frame->braces > 0);
2194 frame->braces--;
2195
2196 /*
2197 * Merge the template into the existing
2198 * section. parent uses more memory, but
2199 * means that templates now work with
2200 * sub-sections, etc.
2201 */
2202 if (!cf_template_merge(parent, parent->template)) return -1;
2203
2204 ptr++;
2205 stack->ptr = ptr;
2206 return 1;
2207 }
2208
2209 /*
2210 * Found nothing to get excited over. It MUST be
2211 * a key word.
2212 */
2213 ptr2 = ptr;
2214 switch (parent->unlang) {
2215 default:
2216 /*
2217 * The LHS is a bare word / keyword in normal configuration file syntax.
2218 */
2219 name1_token = gettoken(&ptr, buff[1], stack->bufsize, false);
2220 if (name1_token == T_EOL) return 0;
2221
2222 if (name1_token == T_INVALID) {
2223 return parse_error(stack, ptr2, fr_strerror());
2224 }
2225
2226 if (name1_token != T_BARE_WORD) {
2227 return parse_error(stack, ptr2, "Invalid location for quoted string");
2228 }
2229
2230 fr_skip_whitespace(ptr);
2231 break;
2232
2233 case CF_UNLANG_ALLOW:
2234 case CF_UNLANG_EDIT:
2235 case CF_UNLANG_ASSIGNMENT:
2236 /*
2237 * The LHS can be an xlat expansion, attribute reference, etc.
2238 */
2239 if (cf_get_token(parent, &ptr, &name1_token, buff[1], stack->bufsize,
2240 frame->filename, frame->lineno) < 0) {
2241 return -1;
2242 }
2243 break;
2244 }
2245
2246 /*
2247 * Check if the thing we just parsed is an unlang keyword.
2248 */
2249 if ((name1_token == T_BARE_WORD) && isalpha((uint8_t) *buff[1])) {
2250 process = (cf_process_func_t) fr_table_value_by_str(unlang_keywords, buff[1], NULL);
2251 if (process) {
2252 CONF_ITEM *ci;
2253
2254 /*
2255 * Disallow keywords outside of unlang sections.
2256 *
2257 * We don't strictly need to do this with the more state-oriented parser, but
2258 * people keep putting unlang into random places in the configuration files,
2259 * which is wrong.
2260 */
2261 if (parent->unlang != CF_UNLANG_ALLOW) {
2262 return parse_error(stack, ptr2, "Invalid location for unlang keyword");
2263 }
2264
2265 stack->ptr = ptr;
2266 ci = process(stack);
2267 if (!ci) return -1;
2268
2269 ptr = stack->ptr;
2270 if (cf_item_is_section(ci)) {
2271 parent->allow_locals = false;
2272 css = cf_item_to_section(ci);
2273 goto add_section;
2274 }
2275
2276 /*
2277 * Else the item is a pair, and the call to process() it already added it to the
2278 * current section.
2279 */
2280 goto added_pair;
2281 }
2282
2283 /*
2284 * The next token isn't text, so we ignore it.
2285 */
2286 if (!isalnum((int) *ptr)) goto check_for_eol;
2287 }
2288
2289 /*
2290 * See if this thing is a variable definition.
2291 */
2292 if ((name1_token == T_BARE_WORD) && parent->allow_locals) {
2293 fr_type_t type;
2294 char const *ptr3;
2295
2296 type = fr_table_value_by_str(fr_type_table, buff[1], FR_TYPE_NULL);
2297 if (type == FR_TYPE_NULL) {
2298 parent->allow_locals = false;
2299 goto check_for_eol;
2300 }
2301
2302 if (type == FR_TYPE_TLV) goto parse_name2;
2303
2304 /*
2305 * group {
2306 *
2307 * is a section.
2308 */
2309 if (type == FR_TYPE_GROUP) {
2310 fr_skip_whitespace(ptr);
2311 if (*ptr == '{') {
2312 ptr++;
2313 value = NULL;
2314 name2_token = T_BARE_WORD;
2315 goto alloc_section;
2316 }
2317
2318 } else if (!fr_type_is_leaf(type)) {
2319 /*
2320 * Other structural types are allowed.
2321 */
2322 return parse_error(stack, ptr2, "Invalid data type for local variable. Must be 'tlv' or else a non-structrul type");
2323 }
2324
2325 /*
2326 * We don't have an operator, so set it to a magic value.
2327 */
2328 op_token = T_OP_CMP_TRUE;
2329
2330 /*
2331 * Parse the name of the local variable, and use it as the "value" for the CONF_PAIR.
2332 */
2333 ptr3 = ptr;
2334 if (cf_get_token(parent, &ptr, &value_token, buff[2], stack->bufsize,
2335 frame->filename, frame->lineno) < 0) {
2336 return -1;
2337 }
2338
2339 if (value_token != T_BARE_WORD) {
2340 return parse_error(stack, ptr3, "Invalid name");
2341 }
2342
2343 value = buff[2];
2344
2345 /*
2346 * Non-structural things must be variable definitions.
2347 */
2348 if (fr_type_is_leaf(type)) goto alloc_pair;
2349
2350 /*
2351 * Parse: group foo
2352 * vs group foo { ...
2353 */
2354 fr_skip_whitespace(ptr);
2355
2356 if (*ptr != '{') goto alloc_pair;
2357
2358 ptr++;
2359 name2_token = T_BARE_WORD;
2360 goto alloc_section;
2361 }
2362
2363 /*
2364 * We've parsed the LHS thing. The RHS might be empty, or an operator, or another word, or an
2365 * open bracket.
2366 */
2367check_for_eol:
2368 if (!*ptr || (*ptr == '#') || (*ptr == ',') || (*ptr == ';') || (*ptr == '}')) {
2369 /*
2370 * Only unlang sections can have module references.
2371 *
2372 * We also allow bare words in edit lists, where the RHS is a list of values.
2373 *
2374 * @todo - detail "suppress" requires bare words :(
2375 */
2376 parent->allow_locals = false;
2377 value_token = T_INVALID;
2378 op_token = T_OP_EQ;
2379 value = NULL;
2380 goto alloc_pair;
2381 }
2382
2383 /*
2384 * A common pattern is: name { ...}
2385 * Check for it and skip ahead.
2386 */
2387 if (*ptr == '{') {
2388 ptr++;
2389 name2_token = T_INVALID;
2390 value = NULL;
2391 goto alloc_section;
2392 }
2393
2394 /*
2395 * Parse the thing after the first word. It can be an operator, or the second name for a section.
2396 */
2397 ptr2 = ptr;
2398 switch (parent->unlang) {
2399 default:
2400 /*
2401 * Configuration sections can only have '=' after the
2402 * first word, OR a second word which is the second name
2403 * of a configuration section.
2404 */
2405 if (*ptr == '=') goto operator;
2406
2407 /*
2408 * Section name2 can only be alphanumeric or UTF-8.
2409 */
2410 parse_name2:
2411 if (!(isalpha((uint8_t) *ptr) || isdigit((uint8_t) *ptr) || (*(uint8_t const *) ptr >= 0x80))) {
2412 /*
2413 * Maybe they missed a closing brace somewhere?
2414 */
2415 name2_token = gettoken(&ptr, buff[2], stack->bufsize, false); /* can't be EOL */
2416 if (fr_assignment_op[name2_token]) {
2417 return parse_error(stack, ptr2, "Unexpected operator, was expecting a configuration section. Is there a missing '}' somewhere?");
2418 }
2419
2420 return parse_error(stack, ptr2, "Invalid second name for configuration section");
2421 }
2422
2423 name2_token = gettoken(&ptr, buff[2], stack->bufsize, false); /* can't be EOL */
2424 if (name1_token == T_INVALID) {
2425 return parse_error(stack, ptr2, fr_strerror());
2426 }
2427
2428 if (name1_token != T_BARE_WORD) {
2429 return parse_error(stack, ptr2, "Unexpected quoted string after section name");
2430 }
2431
2432 fr_skip_whitespace(ptr);
2433
2434 if (*ptr != '{') {
2435 return parse_error(stack, ptr, "Missing '{' for configuration section");
2436 }
2437
2438 ptr++;
2439 value = buff[2];
2440 goto alloc_section;
2441
2442 case CF_UNLANG_ASSIGNMENT:
2443 /*
2444 * The next thing MUST be an operator. We don't support nested attributes in "update" or
2445 * "map" sections.
2446 */
2447 goto operator;
2448
2449 case CF_UNLANG_EDIT:
2450 /*
2451 * The next thing MUST be an operator. Edit sections always do operations, even on
2452 * lists. i.e. there is no second name section when editing a list.
2453 */
2454 goto operator;
2455
2456 case CF_UNLANG_ALLOW:
2457 /*
2458 * It's not a string, bare word, or attribute reference. It must be an operator.
2459 */
2460 if (!((*ptr == '"') || (*ptr == '`') || (*ptr == '\'') || ((*ptr == '&') && (ptr[1] != '=')) ||
2461 ((*((uint8_t const *) ptr) & 0x80) != 0) || isalpha((uint8_t) *ptr) || isdigit((uint8_t) *ptr))) {
2462 goto operator;
2463 }
2464 break;
2465 }
2466
2467 /*
2468 * The second name could be a bare word, xlat expansion, string etc.
2469 */
2470 if (cf_get_token(parent, &ptr, &name2_token, buff[2], stack->bufsize,
2471 frame->filename, frame->lineno) < 0) {
2472 return -1;
2473 }
2474
2475 if (*ptr != '{') {
2476 return parse_error(stack, ptr, "Expected '{'");
2477 }
2478 ptr++;
2479 value = buff[2];
2480
2481alloc_section:
2482 parent->allow_locals = false;
2483
2484 /*
2485 * @policy foo { ...}
2486 *
2487 * Means "add foo to the policy section". And if
2488 * policy{} doesn't exist, create it, and then mark up
2489 * policy{} with a flag "we need to merge it", so that
2490 * when we read the actual policy{}, we merge the
2491 * contents together, instead of creating a second
2492 * policy{}.
2493 *
2494 * @todo - allow for '.' in @.ref Or at least test it. :(
2495 *
2496 * @todo - allow for two section names @ref foo bar {...}
2497 *
2498 * @todo - maybe we can use this to overload things in
2499 * virtual servers, and in modules?
2500 */
2501 if (buff[1][0] == '@') {
2502 CONF_ITEM *ci;
2503 CONF_SECTION *root;
2504 char const *name = &buff[1][1];
2505
2506 if (!value) {
2507 ERROR("%s[%d]: Missing section name for reference", frame->filename, frame->lineno);
2508 return -1;
2509 }
2510
2511 root = cf_root(parent);
2512
2513 ci = cf_reference_item(root, parent, name);
2514 if (!ci) {
2515 if (name[1] == '.') {
2516 PERROR("%s[%d]: Failed finding reference \"%s\"", frame->filename, frame->lineno, name);
2517 return -1;
2518 }
2519
2520 css = cf_section_alloc(root, root, name, NULL);
2521 if (!css) goto oom;
2522
2523 cf_filename_set(css, frame->filename);
2524 cf_lineno_set(css, frame->lineno);
2525 css->name2_quote = name2_token;
2526 css->unlang = CF_UNLANG_NONE;
2527 css->allow_locals = false;
2528 css->at_reference = true;
2529 parent = css;
2530
2531 /*
2532 * Copy this code from below. :(
2533 */
2534 if (cf_item_to_section(parent->item.parent) == root) {
2535 if (strcmp(css->name1, "server") == 0) css->unlang = CF_UNLANG_SERVER;
2536 if (strcmp(css->name1, "policy") == 0) css->unlang = CF_UNLANG_POLICY;
2537 if (strcmp(css->name1, "modules") == 0) css->unlang = CF_UNLANG_MODULES;
2538 if (strcmp(css->name1, "templates") == 0) css->unlang = CF_UNLANG_CAN_HAVE_UPDATE;
2539 }
2540
2541 } else {
2542 if (!cf_item_is_section(ci)) {
2543 ERROR("%s[%d]: Reference \"%s\" is not a section", frame->filename, frame->lineno, name);
2544 return -1;
2545 }
2546
2547 /*
2548 * Set the new parent and ensure we're
2549 * not creating a duplicate section.
2550 */
2551 parent = cf_item_to_section(ci);
2552 css = cf_section_find(parent, value, NULL);
2553 if (css) {
2554 ERROR("%s[%d]: Reference \"%s\" already contains a \"%s\" section at %s[%d]",
2555 frame->filename, frame->lineno, name, value,
2556 css->item.filename, css->item.lineno);
2557 return -1;
2558 }
2559 }
2560
2561 /*
2562 * We're processing a section. The @reference is
2563 * OUTSIDE of this section.
2564 */
2565 fr_assert(frame->current == frame->parent);
2566 frame->at_reference = frame->parent;
2567 name2_token = T_BARE_WORD;
2568
2569 css = cf_section_alloc(parent, parent, value, NULL);
2570 } else {
2571 /*
2572 * Check if there's already an auto-created
2573 * section of this name. If so, just use that
2574 * section instead of allocating a new one.
2575 */
2576 css = cf_section_find(parent, buff[1], value);
2577 if (css && css->at_reference) {
2578 css->at_reference = false;
2579 } else {
2580 css = cf_section_alloc(parent, parent, buff[1], value);
2581 }
2582 }
2583
2584 if (!css) {
2585 oom:
2586 ERROR("%s[%d]: Failed allocating memory for section",
2587 frame->filename, frame->lineno);
2588 return -1;
2589 }
2590
2591 cf_filename_set(css, frame->filename);
2592 cf_lineno_set(css, frame->lineno);
2593 css->name2_quote = name2_token;
2594 css->unlang = CF_UNLANG_NONE;
2595 css->allow_locals = false;
2596
2597 /*
2598 * Only a few top-level sections allow "unlang"
2599 * statements. And for those, "unlang"
2600 * statements are only allowed in child
2601 * subsection.
2602 */
2603 switch (parent->unlang) {
2604 case CF_UNLANG_NONE:
2605 if (!parent->item.parent) {
2606 if (strcmp(css->name1, "server") == 0) css->unlang = CF_UNLANG_SERVER;
2607 if (strcmp(css->name1, "policy") == 0) css->unlang = CF_UNLANG_POLICY;
2608 if (strcmp(css->name1, "modules") == 0) css->unlang = CF_UNLANG_MODULES;
2609 if (strcmp(css->name1, "templates") == 0) css->unlang = CF_UNLANG_CAN_HAVE_UPDATE;
2610
2611 } else if ((cf_item_to_section(parent->item.parent)->unlang == CF_UNLANG_MODULES) &&
2612 (strcmp(css->name1, "update") == 0)) {
2613 /*
2614 * Module configuration can contain "update" statements.
2615 */
2616 css->unlang = CF_UNLANG_ASSIGNMENT;
2617 css->allow_locals = false;
2618 }
2619 break;
2620
2621 /*
2622 * It's a policy section - allow unlang inside of child sections.
2623 */
2624 case CF_UNLANG_POLICY:
2625 css->unlang = CF_UNLANG_ALLOW;
2626 css->allow_locals = true;
2627 break;
2628
2629 /*
2630 * A virtual server has processing sections, but only a limited number of them.
2631 * Rather than trying to autoload them and glue the interpreter into the conf
2632 * file parser, we just hack it.
2633 */
2634 case CF_UNLANG_SERVER:
2635 // git grep SECTION_NAME src/process/ src/lib/server/process.h | sed 's/.*SECTION_NAME("//;s/",.*//' | sort -u
2636 if (fr_table_value_by_str(server_unlang_section, css->name1, false)) {
2637 css->unlang = CF_UNLANG_ALLOW;
2638 css->allow_locals = true;
2639 break;
2640 }
2641
2642 /*
2643 * Allow local variables, but no unlang statements.
2644 */
2645 if (strcmp(css->name1, "dictionary") == 0) {
2646 css->unlang = CF_UNLANG_DICTIONARY;
2647 css->allow_locals = true;
2648 break;
2649 }
2650
2651 /*
2652 * ldap sync has "update" a few levels down.
2653 */
2654 if (strcmp(css->name1, "listen") == 0) {
2655 css->unlang = CF_UNLANG_CAN_HAVE_UPDATE;
2656 }
2657 break;
2658
2659 /*
2660 * Virtual modules in the "modules" section can have unlang.
2661 */
2662 case CF_UNLANG_MODULES:
2663 if ((strcmp(css->name1, "group") == 0) ||
2664 (strcmp(css->name1, "load-balance") == 0) ||
2665 (strcmp(css->name1, "redundant") == 0) ||
2666 (strcmp(css->name1, "redundant-load-balance") == 0)) {
2667 css->unlang = CF_UNLANG_ALLOW;
2668 css->allow_locals = true;
2669 } else {
2670 css->unlang = CF_UNLANG_CAN_HAVE_UPDATE;
2671 }
2672 break;
2673
2674 case CF_UNLANG_EDIT:
2675 /*
2676 * Edit sections can only have children which are edit sections.
2677 */
2678 css->unlang = CF_UNLANG_EDIT;
2679 break;
2680
2681 case CF_UNLANG_ALLOW:
2682 /*
2683 * If we are doing list assignment, then don't allow local variables. The children are
2684 * also then all edit sections, and not unlang statements.
2685 *
2686 * If we're not doing list assignment, then name2 has to be a bare word, string, etc.
2687 */
2688 css->allow_locals = !fr_list_assignment_op[name2_token];
2689 if (css->allow_locals) {
2690 /*
2691 * @todo - tighten this up for "actions" sections, and module rcode
2692 * over-rides.
2693 *
2694 * Perhaps the best way to do that is to change the syntax for module
2695 * over-rides, so that the parser doesn't have to guess. :(
2696 */
2697 css->unlang = CF_UNLANG_ALLOW;
2698 } else {
2699 css->unlang = CF_UNLANG_EDIT;
2700 }
2701 break;
2702
2703 /*
2704 * We can (maybe?) do nested assignments inside of an old-style "update" or "map" section
2705 */
2706 case CF_UNLANG_ASSIGNMENT:
2707 css->unlang = CF_UNLANG_ASSIGNMENT;
2708 break;
2709
2710 case CF_UNLANG_DICTIONARY:
2711 css->unlang = CF_UNLANG_DICTIONARY;
2712 css->allow_locals = true;
2713 break;
2714
2715 case CF_UNLANG_CAN_HAVE_UPDATE:
2716 if (strcmp(css->name1, "update") == 0) {
2717 css->unlang = CF_UNLANG_ASSIGNMENT;
2718 } else {
2719 css->unlang = CF_UNLANG_CAN_HAVE_UPDATE;
2720 }
2721 break;
2722 }
2723
2724add_section:
2725 /*
2726 * The current section is now the child section.
2727 */
2728 frame->current = css;
2729 frame->braces++;
2730 css = NULL;
2731 stack->ptr = ptr;
2732 return 1;
2733
2734
2735 /*
2736 * If we're not parsing a section, then the next
2737 * token MUST be an operator.
2738 */
2739operator:
2740 ptr2 = ptr;
2741 name2_token = gettoken(&ptr, buff[2], stack->bufsize, false);
2742 switch (name2_token) {
2743 case T_OP_ADD_EQ:
2744 case T_OP_SUB_EQ:
2745 case T_OP_AND_EQ:
2746 case T_OP_OR_EQ:
2747 case T_OP_NE:
2748 case T_OP_RSHIFT_EQ:
2749 case T_OP_GE:
2750 case T_OP_GT:
2751 case T_OP_LSHIFT_EQ:
2752 case T_OP_LE:
2753 case T_OP_LT:
2754 case T_OP_CMP_EQ:
2755 case T_OP_CMP_FALSE:
2756 case T_OP_SET:
2757 case T_OP_PREPEND:
2758 /*
2759 * Allow more operators in unlang statements, edit sections, and old-style "update" sections.
2760 */
2761 if ((parent->unlang != CF_UNLANG_ALLOW) && (parent->unlang != CF_UNLANG_EDIT) && (parent->unlang != CF_UNLANG_ASSIGNMENT)) {
2762 return parse_error(stack, ptr2, "Invalid operator for assignment");
2763 }
2764 FALL_THROUGH;
2765
2766 case T_OP_EQ:
2767 /*
2768 * Configuration variables can only use =
2769 */
2770 fr_skip_whitespace(ptr);
2771 op_token = name2_token;
2772 break;
2773
2774 default:
2775 return parse_error(stack, ptr2, "Syntax error, the input should be an assignment operator");
2776 }
2777
2778 /*
2779 * MUST have something after the operator.
2780 */
2781 if (!*ptr || (*ptr == '#') || (*ptr == ',') || (*ptr == ';')) {
2782 return parse_error(stack, ptr, "Missing value after operator");
2783 }
2784
2785 /*
2786 * foo = { ... } for nested groups.
2787 *
2788 * As a special case, we allow sub-sections after '=', etc.
2789 *
2790 * This syntax is only for inside of "update"
2791 * sections, and for attributes of type "group".
2792 * But the parser isn't (yet) smart enough to
2793 * know about that context. So we just silently
2794 * allow it everywhere.
2795 */
2796 if (*ptr == '{') {
2797 if ((parent->unlang != CF_UNLANG_ALLOW) && (parent->unlang != CF_UNLANG_EDIT)) {
2798 return parse_error(stack, ptr, "Invalid location for nested attribute assignment");
2799 }
2800
2801 if (!fr_list_assignment_op[name2_token]) {
2802 return parse_error(stack, ptr, "Invalid assignment operator for list");
2803 }
2804
2805 /*
2806 * Now that we've peeked ahead to
2807 * see the open brace, parse it
2808 * for real.
2809 */
2810 ptr++;
2811
2812 /*
2813 * Leave name2_token as the
2814 * operator (as a hack). But
2815 * note that there's no actual
2816 * name2. We'll deal with that
2817 * situation later.
2818 */
2819 value = NULL;
2820 goto alloc_section;
2821 }
2822
2823 fr_skip_whitespace(ptr);
2824
2825 /*
2826 * Parse the value for a CONF_PAIR.
2827 *
2828 * If it's unlang or an edit section, the RHS can be an expression.
2829 */
2830 if ((parent->unlang == CF_UNLANG_ALLOW) || (parent->unlang == CF_UNLANG_EDIT)) {
2831 bool eol;
2832 ssize_t slen;
2833
2834 ptr2 = ptr;
2835
2836 /*
2837 * If the RHS is an expression (foo) or function %foo(), then mark it up as an expression.
2838 */
2839 if ((*ptr == '(') || (*ptr == '%')) {
2840 /* nothing */
2841
2842 } else if (cf_get_token(parent, &ptr2, &value_token, buff[2], stack->bufsize,
2843 frame->filename, frame->lineno) == 0) {
2844 /*
2845 * We have one token (bare word), followed by EOL. It's just a token.
2846 */
2847 fr_skip_whitespace(ptr2);
2848 if (terminal_end_line[(uint8_t) *ptr2]) {
2849 parent->allow_locals = false;
2850 ptr = ptr2;
2851 value = buff[2];
2852 goto alloc_pair;
2853 }
2854 } /* else it looks like an expression */
2855
2856 /*
2857 * Parse the text as an expression.
2858 *
2859 * Note that unlike conditions, expressions MUST use \ at the EOL for continuation.
2860 * If we automatically read past EOL, as with:
2861 *
2862 * &foo := (bar -
2863 * baz)
2864 *
2865 * That works, mostly. Until the user forgets to put the trailing ')', and then
2866 * the parse is bad enough that it tries to read to EOF, or to some other random
2867 * parse error.
2868 *
2869 * So the simplest way to avoid utter craziness is to simply require a signal which
2870 * says "yes, I intended to put this over multiple lines".
2871 */
2872 slen = fr_skip_condition(ptr, NULL, terminal_end_line, &eol);
2873 if (slen < 0) {
2874 return parse_error(stack, ptr + (-slen), fr_strerror());
2875 }
2876
2877 /*
2878 * We parsed until the end of the string, but the condition still needs more data.
2879 */
2880 if (eol) {
2881 return parse_error(stack, ptr + slen, "Expression is unfinished at end of line");
2882 }
2883
2884 /*
2885 * Keep a copy of the entire RHS.
2886 */
2887 memcpy(buff[2], ptr, slen);
2888 buff[2][slen] = '\0';
2889
2890 value = buff[2];
2891
2892 /*
2893 * Mark it up as an expression
2894 *
2895 * @todo - we should really just call cf_data_add() to add a flag, but this is good for
2896 * now. See map_afrom_cp()
2897 */
2898 value_token = T_HASH;
2899
2900 /*
2901 * Skip terminal characters
2902 */
2903 ptr += slen;
2904 if ((*ptr == ',') || (*ptr == ';')) ptr++;
2905
2906#if 0
2907 } else if ((parent->unlang != CF_UNLANG_ASSIGNMENT) &&
2908 ((*ptr == '`') || (*ptr == '%') || (*ptr == '('))) {
2909 /*
2910 * Config sections can't use backticks, xlat expansions, or expressions.
2911 *
2912 * Except module configurations can have key = %{...}
2913 */
2914 return parse_error(stack, ptr, "Invalid value for assignment in configuration file");
2915#endif
2916
2917 } else {
2918 if (cf_get_token(parent, &ptr, &value_token, buff[2], stack->bufsize,
2919 frame->filename, frame->lineno) < 0) {
2920 return -1;
2921 }
2922 value = buff[2];
2923 }
2924
2925 /*
2926 * We have an attribute assignment, which means that we no longer allow local variables to be
2927 * defined.
2928 */
2929 parent->allow_locals = false;
2930
2931alloc_pair:
2932 if (add_pair(parent, buff[1], value, name1_token, op_token, value_token, buff[3], frame->filename, frame->lineno) < 0) return -1;
2933
2934added_pair:
2935 fr_skip_whitespace(ptr);
2936
2937 /*
2938 * Skip semicolon if we see it after a
2939 * CONF_PAIR. Also allow comma for
2940 * backwards compatibility with secret
2941 * things in v3.
2942 */
2943 if ((*ptr == ';') || (*ptr == ',')) {
2944 ptr++;
2945 stack->ptr = ptr;
2946 return 1;
2947 }
2948
2949 /*
2950 * Closing brace is allowed after a CONF_PAIR
2951 * definition.
2952 */
2953 if (*ptr == '}') {
2954 stack->ptr = ptr;
2955 return 1;
2956 }
2957
2958 /*
2959 * Anything OTHER than EOL or comment is a syntax
2960 * error.
2961 */
2962 if (*ptr && (*ptr != '#')) {
2963 return parse_error(stack, ptr, "Unexpected text after configuration item");
2964 }
2965
2966 /*
2967 * Since we're at EOL or comment, just drop the
2968 * text, and go read another line of text.
2969 */
2970 return 0;
2971}
2972
2973
2974static int frame_readdir(cf_stack_t *stack)
2975{
2976 cf_stack_frame_t *frame = &stack->frame[stack->depth];
2977 CONF_SECTION *parent = frame->current;
2978 cf_file_heap_t *h;
2979
2980 h = fr_heap_pop(&frame->heap);
2981 if (!h) {
2982 /*
2983 * Done reading the directory entry. Close it, and go
2984 * back up a stack frame.
2985 */
2986 talloc_free(frame->directory);
2987 stack->depth--;
2988 return 1;
2989 }
2990
2991 /*
2992 * Push the next filename onto the stack.
2993 */
2994 stack->depth++;
2995 frame = &stack->frame[stack->depth];
2996 memset(frame, 0, sizeof(*frame));
2997
2998 frame->type = CF_STACK_FILE;
2999 frame->fp = NULL;
3000 frame->parent = parent;
3001 frame->current = parent;
3002 frame->filename = h->filename;
3003 frame->lineno = 0;
3004 frame->from_dir = true;
3005 return 1;
3006}
3007
3008
3009static fr_md5_ctx_t *cf_md5_ctx = NULL;
3010
3011void cf_md5_init(void)
3012{
3013 cf_md5_ctx = fr_md5_ctx_alloc();
3014}
3015
3016
3017static void cf_md5_update(char const *p)
3018{
3019 if (!cf_md5_ctx) return;
3020
3021 fr_md5_update(cf_md5_ctx, (uint8_t const *)p, strlen(p));
3022}
3023
3024void cf_md5_final(uint8_t *digest)
3025{
3026 if (!cf_md5_ctx) {
3027 memset(digest, 0, MD5_DIGEST_LENGTH);
3028 return;
3029 }
3030
3031 fr_md5_final(digest, cf_md5_ctx);
3032 fr_md5_ctx_free(&cf_md5_ctx);
3033 cf_md5_ctx = NULL;
3034}
3035
3036static int cf_file_fill(cf_stack_t *stack)
3037{
3038 bool at_eof, has_spaces;
3039 size_t len;
3040 char const *ptr;
3041 cf_stack_frame_t *frame = &stack->frame[stack->depth];
3042
3043read_more:
3044 has_spaces = false;
3045
3046read_continuation:
3047 /*
3048 * Get data, and remember if we are at EOF.
3049 */
3050 at_eof = (fgets(stack->fill, stack->bufsize - (stack->fill - stack->buff[0]), frame->fp) == NULL);
3051 cf_md5_update(stack->fill);
3052 frame->lineno++;
3053
3054 /*
3055 * We read the entire 8k worth of data: complain.
3056 * Note that we don't care if the last character
3057 * is \n: it's still forbidden. This means that
3058 * the maximum allowed length of text is 8k-1, which
3059 * should be plenty.
3060 */
3061 len = strlen(stack->fill);
3062 if ((stack->fill + len + 1) >= (stack->buff[0] + stack->bufsize)) {
3063 ERROR("%s[%d]: Line too long", frame->filename, frame->lineno);
3064 return -1;
3065 }
3066
3067 /*
3068 * Suppress leading whitespace after a
3069 * continuation line.
3070 */
3071 if (has_spaces) {
3072 ptr = stack->fill;
3073 fr_skip_whitespace(ptr);
3074
3075 if (ptr > stack->fill) {
3076 memmove(stack->fill, ptr, len - (ptr - stack->fill));
3077 len -= (ptr - stack->fill);
3078 }
3079 }
3080
3081 /*
3082 * Skip blank lines when we're at the start of
3083 * the read buffer.
3084 */
3085 if (stack->fill == stack->buff[0]) {
3086 if (at_eof) return 0;
3087
3088 ptr = stack->buff[0];
3089 fr_skip_whitespace(ptr);
3090
3091 if (!*ptr || (*ptr == '#')) goto read_more;
3092
3093 } else if (at_eof || (len == 0)) {
3094 ERROR("%s[%d]: Continuation at EOF is illegal", frame->filename, frame->lineno);
3095 return -1;
3096 }
3097
3098 /*
3099 * See if there's a continuation.
3100 */
3101 while ((len > 0) &&
3102 ((stack->fill[len - 1] == '\n') || (stack->fill[len - 1] == '\r'))) {
3103 len--;
3104 stack->fill[len] = '\0';
3105 }
3106
3107 if ((len > 0) && (stack->fill[len - 1] == '\\')) {
3108 /*
3109 * Check for "suppress spaces" magic.
3110 */
3111 if (!has_spaces && (len > 2) && (stack->fill[len - 2] == '"')) {
3112 has_spaces = true;
3113 }
3114
3115 stack->fill[len - 1] = '\0';
3116 stack->fill += len - 1;
3117 goto read_continuation;
3118 }
3119
3120 ptr = stack->fill;
3121
3122 /*
3123 * We now have one full line of text in the input
3124 * buffer, without continuations.
3125 */
3126 fr_skip_whitespace(ptr);
3127
3128 /*
3129 * Nothing left, or just a comment. Go read
3130 * another line of text.
3131 */
3132 if (!*ptr || (*ptr == '#')) goto read_more;
3133
3134 return 1;
3135}
3136
3137
3138/*
3139 * Read a configuration file or files.
3140 */
3141static int cf_file_include(cf_stack_t *stack)
3142{
3143 CONF_SECTION *parent;
3144 char const *ptr;
3145
3146 cf_stack_frame_t *frame;
3147 int rcode;
3148
3149do_frame:
3150 frame = &stack->frame[stack->depth];
3151 parent = frame->current; /* add items here */
3152
3153 switch (frame->type) {
3154#ifdef HAVE_GLOB_H
3155 case CF_STACK_GLOB:
3156 if (frame->gl_current == frame->glob.gl_pathc) {
3157 globfree(&frame->glob);
3158 goto pop_stack;
3159 }
3160
3161 /*
3162 * Process the filename as an include.
3163 */
3164 if (process_include(stack, parent, frame->glob.gl_pathv[frame->gl_current++], frame->required, false) < 0) return -1;
3165
3166 /*
3167 * Run the correct frame. If the file is NOT
3168 * required, then the call to process_include()
3169 * may return 0, and we just process the next
3170 * glob. Otherwise, the call to
3171 * process_include() may return a directory or a
3172 * filename. Go handle that.
3173 */
3174 goto do_frame;
3175#endif
3176
3177#ifdef HAVE_DIRENT_H
3178 case CF_STACK_DIR:
3179 rcode = frame_readdir(stack);
3180 if (rcode == 0) goto do_frame;
3181 if (rcode < 0) return -1;
3182
3183 /*
3184 * Reset which frame we're looking at.
3185 */
3186 frame = &stack->frame[stack->depth];
3187 fr_assert(frame->type == CF_STACK_FILE);
3188 break;
3189#endif
3190
3191 case CF_STACK_FILE:
3192 break;
3193 }
3194
3195#ifndef NDEBUG
3196 /*
3197 * One last sanity check.
3198 */
3199 if (frame->type != CF_STACK_FILE) {
3200 cf_log_err(frame->current, "%s: Internal sanity check failed", __FUNCTION__);
3201 goto pop_stack;
3202 }
3203#endif
3204
3205 /*
3206 * Open the new file if necessary. It either came from
3207 * the first call to the function, or was pushed onto the
3208 * stack by another function.
3209 */
3210 if (!frame->fp) {
3211 rcode = cf_file_open(frame->parent, frame->filename, frame->from_dir, &frame->fp);
3212 if (rcode < 0) return -1;
3213
3214 /*
3215 * Ignore this file
3216 */
3217 if (rcode == 1) {
3218 cf_log_warn(frame->current, "Ignoring file %s - it was already read",
3219 frame->filename);
3220 goto pop_stack;
3221 }
3222 }
3223
3224 /*
3225 * Read, checking for line continuations ('\\' at EOL)
3226 */
3227 for (;;) {
3228 /*
3229 * Fill the buffers with data.
3230 */
3231 stack->fill = stack->buff[0];
3232 rcode = cf_file_fill(stack);
3233 if (rcode < 0) return -1;
3234 if (rcode == 0) break;
3235
3236 /*
3237 * The text here MUST be at the start of a line,
3238 * OR have only whitespace in front of it.
3239 */
3240 ptr = stack->buff[0];
3241 fr_skip_whitespace(ptr);
3242
3243 if (*ptr == '$') {
3244 /*
3245 * Allow for $INCLUDE files
3246 */
3247 if (strncasecmp(ptr, "$INCLUDE", 8) == 0) {
3248 ptr += 8;
3249
3250 if (process_include(stack, parent, ptr, true, true) < 0) return -1;
3251 goto do_frame;
3252 }
3253
3254 if (strncasecmp(ptr, "$-INCLUDE", 9) == 0) {
3255 ptr += 9;
3256
3257 rcode = process_include(stack, parent, ptr, false, true);
3258 if (rcode < 0) return -1;
3259 if (rcode == 0) continue;
3260 goto do_frame;
3261 }
3262
3263 /*
3264 * Allow for $TEMPLATE things
3265 */
3266 if (strncasecmp(ptr, "$TEMPLATE", 9) == 0) {
3267 ptr += 9;
3268 fr_skip_whitespace(ptr);
3269
3270 stack->ptr = ptr;
3271 if (process_template(stack) < 0) return -1;
3272 continue;
3273 }
3274
3275 return parse_error(stack, ptr, "Unknown $... keyword");
3276 }
3277
3278 /*
3279 * All of the file handling code is done. Parse the input.
3280 */
3281 do {
3282 fr_skip_whitespace(ptr);
3283 if (!*ptr || (*ptr == '#')) break;
3284
3285 stack->ptr = ptr;
3286 rcode = parse_input(stack);
3287 ptr = stack->ptr;
3288
3289 if (rcode < 0) return -1;
3290 parent = frame->current;
3291 } while (rcode == 1);
3292 }
3293
3294 fr_assert(frame->fp != NULL);
3295
3296 /*
3297 * See if EOF was unexpected.
3298 */
3299 if (feof(frame->fp) && (parent != frame->parent)) {
3300 ERROR("%s[%d]: EOF reached without closing brace for section %s starting at line %d",
3301 frame->filename, frame->lineno, cf_section_name1(parent), cf_lineno(parent));
3302 return -1;
3303 }
3304
3305 fclose(frame->fp);
3306 frame->fp = NULL;
3307
3308pop_stack:
3309 /*
3310 * More things to read, go read them.
3311 */
3312 if (stack->depth > 0) {
3313 stack->depth--;
3314 goto do_frame;
3315 }
3316
3317 return 0;
3318}
3319
3320static void cf_stack_cleanup(cf_stack_t *stack)
3321{
3322 cf_stack_frame_t *frame = &stack->frame[stack->depth];
3323
3324 while (stack->depth >= 0) {
3325 switch (frame->type) {
3326 case CF_STACK_FILE:
3327 if (frame->fp) fclose(frame->fp);
3328 frame->fp = NULL;
3329 break;
3330
3331#ifdef HAVE_DIRENT_H
3332 case CF_STACK_DIR:
3333 talloc_free(frame->directory);
3334 break;
3335#endif
3336
3337#ifdef HAVE_GLOB_H
3338 case CF_STACK_GLOB:
3339 globfree(&frame->glob);
3340 break;
3341#endif
3342 }
3343
3344 frame--;
3345 stack->depth--;
3346 }
3347
3348 talloc_free(stack->buff);
3349}
3350
3351/*
3352 * Bootstrap a config file.
3353 */
3354int cf_file_read(CONF_SECTION *cs, char const *filename)
3355{
3356 int i;
3357 char *p;
3358 CONF_PAIR *cp;
3359 fr_rb_tree_t *tree;
3360 cf_stack_t stack;
3361 cf_stack_frame_t *frame;
3362
3363 cp = cf_pair_alloc(cs, "confdir", filename, T_OP_EQ, T_BARE_WORD, T_SINGLE_QUOTED_STRING);
3364 if (!cp) return -1;
3365
3366 p = strrchr(cp->value, FR_DIR_SEP);
3367 if (p) *p = '\0';
3368
3369 MEM(tree = fr_rb_inline_talloc_alloc(cs, cf_file_t, node, _inode_cmp, NULL));
3370
3371 cf_data_add(cs, tree, "filename", false);
3372
3373#ifndef NDEBUG
3374 memset(&stack, 0, sizeof(stack));
3375#endif
3376
3377 /*
3378 * Allocate temporary buffers on the heap (so we don't use *all* the stack space)
3379 */
3380 stack.buff = talloc_array(cs, char *, 4);
3381 for (i = 0; i < 4; i++) MEM(stack.buff[i] = talloc_array(stack.buff, char, 8192));
3382
3383 stack.depth = 0;
3384 stack.bufsize = 8192;
3385 frame = &stack.frame[stack.depth];
3386
3387 memset(frame, 0, sizeof(*frame));
3388 frame->parent = frame->current = cs;
3389
3390 frame->type = CF_STACK_FILE;
3391 frame->filename = talloc_strdup(frame->parent, filename);
3392 cs->item.filename = frame->filename;
3393
3394 if (cf_file_include(&stack) < 0) {
3395 cf_stack_cleanup(&stack);
3396 return -1;
3397 }
3398
3399 talloc_free(stack.buff);
3400
3401 /*
3402 * Now that we've read the file, go back through it and
3403 * expand the variables.
3404 */
3405 if (cf_section_pass2(cs) < 0) {
3406 cf_log_err(cs, "Parsing config items failed");
3407 return -1;
3408 }
3409
3410 return 0;
3411}
3412
3413void cf_file_free(CONF_SECTION *cs)
3414{
3415 talloc_free(cs);
3416}
3417
3418/** Set the euid/egid used when performing file checks
3419 *
3420 * Sets the euid, and egid used when cf_file_check is called to check
3421 * permissions on conf items of type #CONF_FLAG_FILE_INPUT
3422 *
3423 * @note This is probably only useful for the freeradius daemon itself.
3424 *
3425 * @param uid to set, (uid_t)-1 to use current euid.
3426 * @param gid to set, (gid_t)-1 to use current egid.
3427 */
3428void cf_file_check_user(uid_t uid, gid_t gid)
3429{
3430 if (uid != 0) conf_check_uid = uid;
3431 if (gid != 0) conf_check_gid = gid;
3432}
3433
3434static char const parse_tabs[] = " ";
3435
3436static ssize_t cf_string_write(FILE *fp, char const *string, size_t len, fr_token_t t)
3437{
3438 size_t outlen;
3439 char c;
3440 char buffer[2048];
3441
3442 switch (t) {
3443 default:
3444 c = '\0';
3445 break;
3446
3447 case T_DOUBLE_QUOTED_STRING:
3448 c = '"';
3449 break;
3450
3451 case T_SINGLE_QUOTED_STRING:
3452 c = '\'';
3453 break;
3454
3455 case T_BACK_QUOTED_STRING:
3456 c = '`';
3457 break;
3458 }
3459
3460 if (c) fprintf(fp, "%c", c);
3461
3462 outlen = fr_snprint(buffer, sizeof(buffer), string, len, c);
3463 fwrite(buffer, outlen, 1, fp);
3464
3465 if (c) fprintf(fp, "%c", c);
3466 return 1;
3467}
3468
3469static int cf_pair_write(FILE *fp, CONF_PAIR *cp)
3470{
3471 if (!cp->value) {
3472 fprintf(fp, "%s\n", cp->attr);
3473 return 0;
3474 }
3475
3476 cf_string_write(fp, cp->attr, strlen(cp->attr), cp->lhs_quote);
3477 fprintf(fp, " %s ", fr_table_str_by_value(fr_tokens_table, cp->op, "<INVALID>"));
3478 cf_string_write(fp, cp->value, strlen(cp->value), cp->rhs_quote);
3479 fprintf(fp, "\n");
3480
3481 return 1; /* FIXME */
3482}
3483
3484
3485int cf_section_write(FILE *fp, CONF_SECTION *cs, int depth)
3486{
3487 if (!fp || !cs) return -1;
3488
3489 /*
3490 * Print the section name1, etc.
3491 */
3492 fwrite(parse_tabs, depth, 1, fp);
3493 cf_string_write(fp, cs->name1, strlen(cs->name1), T_BARE_WORD);
3494
3495 /*
3496 * FIXME: check for "if" or "elsif". And if so, print
3497 * out the parsed condition, instead of the input text
3498 *
3499 * cf_data_find(cs, CF_DATA_TYPE_UNLANG, "if");
3500 */
3501 if (cs->name2) {
3502 fputs(" ", fp);
3503
3504#if 0
3505 c = cf_data_value(cf_data_find(cs, fr_cond_t, NULL));
3506 if (c) {
3507 char buffer[1024];
3508
3509 cond_print(&FR_SBUFF_OUT(buffer, sizeof(buffer)), c);
3510 fprintf(fp, "(%s)", buffer);
3511 } else
3512#endif
3513 cf_string_write(fp, cs->name2, strlen(cs->name2), cs->name2_quote);
3514 }
3515
3516 fputs(" {\n", fp);
3517
3518 /*
3519 * Loop over the children. Either recursing, or opening
3520 * a new file.
3521 */
3522 cf_item_foreach(&cs->item, ci) {
3523 switch (ci->type) {
3524 case CONF_ITEM_SECTION:
3525 cf_section_write(fp, cf_item_to_section(ci), depth + 1);
3526 break;
3527
3528 case CONF_ITEM_PAIR:
3529 /*
3530 * Ignore internal things.
3531 */
3532 if (!ci->filename || (ci->filename[0] == '<')) break;
3533
3534 fwrite(parse_tabs, depth + 1, 1, fp);
3535 cf_pair_write(fp, cf_item_to_pair(ci));
3536 break;
3537
3538 default:
3539 break;
3540 }
3541 }
3542
3543 fwrite(parse_tabs, depth, 1, fp);
3544 fputs("}\n\n", fp);
3545
3546 return 1;
3547}
3548
3549
3550CONF_ITEM *cf_reference_item(CONF_SECTION const *parent_cs,
3551 CONF_SECTION const *outer_cs,
3552 char const *ptr)
3553{
3554 CONF_PAIR *cp;
3555 CONF_SECTION *next;
3556 CONF_SECTION const *cs = outer_cs;
3557 char name[8192], *p;
3558 char const *name2;
3559
3560 if (!ptr || (!parent_cs && !outer_cs)) {
3561 fr_strerror_const("Invalid argument");
3562 return NULL;
3563 }
3564
3565 if (!*ptr) {
3566 fr_strerror_const("Empty string is invalid");
3567 return NULL;
3568 }
3569
3570 strlcpy(name, ptr, sizeof(name));
3571
3572 p = name;
3573
3574 /*
3575 * ".foo" means "foo from the current section"
3576 */
3577 if (*p == '.') {
3578 p++;
3579
3580 /*
3581 * Just '.' means the current section
3582 */
3583 if (*p == '\0') return cf_section_to_item(cs); /* const issues */
3584
3585 /*
3586 * ..foo means "foo from the section
3587 * enclosing this section" (etc.)
3588 */
3589 while (*p == '.') {
3590 if (cs->item.parent) cs = cf_item_to_section(cs->item.parent);
3591
3592 /*
3593 * .. means the section
3594 * enclosing this section
3595 */
3596 if (!*++p) return cf_section_to_item(cs); /* const issues */
3597 }
3598
3599 /*
3600 * "foo.bar.baz" means "from the given root"
3601 */
3602 } else if (strchr(p, '.') != NULL) {
3603 if (!parent_cs) {
3604 missing_parent:
3605 fr_strerror_const("Missing parent configuration section");
3606 return NULL;
3607 }
3608 cs = parent_cs;
3609
3610 /*
3611 * "foo" could be from the current section, either as a
3612 * section or as a pair.
3613 *
3614 * If that isn't found, search from the given root.
3615 */
3616 } else {
3617 next = cf_section_find(cs, p, NULL);
3618 if (!next && cs->template) next = cf_section_find(cs->template, p, NULL);
3619 if (next) return &(next->item);
3620
3621 cp = cf_pair_find(cs, p);
3622 if (!cp && cs->template) cp = cf_pair_find(cs->template, p);
3623 if (cp) return &(cp->item);
3624
3625 if (!parent_cs) goto missing_parent;
3626 cs = parent_cs;
3627 }
3628
3629 /*
3630 * Chop the string into pieces, and look up the pieces.
3631 */
3632 while (*p) {
3633 char *n1, *n2, *q;
3634
3635 n1 = p;
3636 n2 = NULL;
3637 q = p;
3638
3639 fr_assert(*q);
3640
3641 /*
3642 * Look for a terminating '.' or '[', to get name1 and possibly name2.
3643 */
3644 while (*q != '\0') {
3645 /*
3646 * foo.bar -> return "foo"
3647 */
3648 if (*q == '.') {
3649 *q++ = '\0'; /* leave 'q' after the '.' */
3650 break;
3651 }
3652
3653 /*
3654 * name1 is anything up to '[' or EOS.
3655 */
3656 if (*q != '[') {
3657 q++;
3658 continue;
3659 }
3660
3661 /*
3662 * Found "name1[", look for "name2]" or "name2]."
3663 */
3664 *q++ = '\0';
3665 n2 = q;
3666
3667 while (*q != '\0') {
3668 if (*q == '[') {
3669 fr_strerror_const("Invalid reference, '[' cannot be used inside of a '[...]' block");
3670 return NULL;
3671 }
3672
3673 if (*q != ']') {
3674 q++;
3675 continue;
3676 }
3677
3678 /*
3679 * We've found the trailing ']'
3680 */
3681 *q++ = '\0';
3682
3683 /*
3684 * "name2]"
3685 */
3686 if (!*q) break;
3687
3688 /*
3689 * Must be "name2]."
3690 */
3691 if (*q++ == '.') break;
3692
3693 fr_strerror_const("Invalid reference, ']' is not followed by '.'");
3694 return NULL;
3695 }
3696
3697 if (n2) break;
3698
3699 /*
3700 * "name1[name2", but not "name1[name2]"
3701 */
3702 fr_strerror_printf("Invalid reference after '%s', missing close ']'", n2);
3703 return NULL;
3704 }
3705 p = q; /* get it ready for the next round */
3706
3707 /*
3708 * End of the string. The thing could be a section with
3709 * two names, a section with one name, or a pair.
3710 *
3711 * And if we don't find the thing we're looking for here,
3712 * check the template section.
3713 */
3714 if (!*p) {
3715 /*
3716 * Two names, must be a section.
3717 */
3718 if (n2) {
3719 next = cf_section_find(cs, n1, n2);
3720 if (!next && cs->template) next = cf_section_find(cs->template, n1, n2);
3721 if (next) return &(next->item);
3722
3723 fail:
3724 name2 = cf_section_name2(cs);
3725 fr_strerror_printf("Parent section %s%s%s { ... } does not contain a %s %s { ... } configuration section",
3726 cf_section_name1(cs),
3727 name2 ? " " : "", name2 ? name2 : "",
3728 n1, n2);
3729 return NULL;
3730 }
3731
3732 /*
3733 * One name, the final thing can be a section or a pair.
3734 */
3735 next = cf_section_find(cs, n1, NULL);
3736 if (!next && cs->template) next = cf_section_find(cs->template, n1, NULL);
3737
3738 if (next) return &(next->item);
3739
3740 cp = cf_pair_find(cs, n1);
3741 if (!cp && cs->template) cp = cf_pair_find(cs->template, n1);
3742 if (cp) return &(cp->item);
3743
3744 name2 = cf_section_name2(cs);
3745 fr_strerror_printf("Parent section %s%s%s { ... } does not contain a %s configuration item",
3746 cf_section_name1(cs),
3747 name2 ? " " : "", name2 ? name2 : "",
3748 n1);
3749 return NULL;
3750 }
3751
3752 /*
3753 * There's more to the string. The thing we're looking
3754 * for MUST be a configuration section.
3755 */
3756 next = cf_section_find(cs, n1, n2);
3757 if (!next && cs->template) next = cf_section_find(cs->template, n1, n2);
3758 if (next) {
3759 cs = next;
3760 continue;
3761 }
3762
3763 if (n2) goto fail;
3764
3765 name2 = cf_section_name2(cs);
3766 fr_strerror_printf("Parent section %s%s%s { ... } does not contain a %s { ... } configuration section",
3767 cf_section_name1(cs),
3768 name2 ? " " : "", name2 ? name2 : "",
3769 n1);
3770 return NULL;
3771 }
3772
3773 /*
3774 * We've fallen off of the end of the string. This should not have happened!
3775 */
3776 fr_strerror_const("Cannot parse reference");
3777 return NULL;
3778}
3779
3780/*
3781 * Only for unit_test_map
3782 */
3783void cf_section_set_unlang(CONF_SECTION *cs)
3784{
3785 fr_assert(cs->unlang == CF_UNLANG_NONE);
3786 fr_assert(!cs->item.parent);
3787
3788 cs->unlang = CF_UNLANG_ALLOW;
3789}
buffer
static int const char char buffer[256]
Definition acutest.h:576
file
int const char * file
Definition acutest.h:702
strcpy
strcpy(log_entry->msg, buffer)
UNCONST
#define UNCONST(_type, _ptr)
Remove const qualification from a pointer.
Definition build.h:167
RCSID
#define RCSID(id)
Definition build.h:485
L
#define L(_str)
Helper for initialising arrays of string literals.
Definition build.h:209
FALL_THROUGH
#define FALL_THROUGH
clang 10 doesn't recognised the FALL-THROUGH comment anymore
Definition build.h:324
CMP_RETURN
#define CMP_RETURN(_a, _b, _field)
Return if the comparison is not 0 (is unequal)
Definition build.h:121
CMP
#define CMP(_a, _b)
Same as CMP_PREFER_SMALLER use when you don't really care about ordering, you just want an ordering.
Definition build.h:112
NUM_ELEMENTS
#define NUM_ELEMENTS(_t)
Definition build.h:339
cf_stack_frame_t::current
CONF_SECTION * current
sub-section we're reading
Definition cf_file.c:136
cf_stack_frame_t::type
cf_stack_file_t type
Definition cf_file.c:109
cf_template_merge
static bool cf_template_merge(CONF_SECTION *cs, CONF_SECTION const *template)
Definition cf_file.c:475
parse_input
static int parse_input(cf_stack_t *stack)
Definition cf_file.c:2133
cf_stack_t::fill
char * fill
where we start filling the buffer from
Definition cf_file.c:154
cf_section_set_unlang
void cf_section_set_unlang(CONF_SECTION *cs)
Definition cf_file.c:3783
conf_property
conf_property
Definition cf_file.c:67
CONF_PROPERTY_NAME
@ CONF_PROPERTY_NAME
Definition cf_file.c:69
CONF_PROPERTY_INSTANCE
@ CONF_PROPERTY_INSTANCE
Definition cf_file.c:70
CONF_PROPERTY_INVALID
@ CONF_PROPERTY_INVALID
Definition cf_file.c:68
unlang_keywords_len
static int unlang_keywords_len
Definition cf_file.c:2129
server_unlang_section
static fr_table_num_sorted_t const server_unlang_section[]
Definition cf_file.c:79
check_config
bool check_config
Definition cf_file.c:63
cf_file_heap_t::heap_id
fr_heap_index_t heap_id
Definition cf_file.c:882
frame_readdir
static int frame_readdir(cf_stack_t *stack)
Definition cf_file.c:2974
process_map
static CONF_ITEM * process_map(cf_stack_t *stack)
Definition cf_file.c:1414
process_foreach
static CONF_ITEM * process_foreach(cf_stack_t *stack)
Definition cf_file.c:1785
add_pair
static int add_pair(CONF_SECTION *parent, char const *attr, char const *value, fr_token_t name1_token, fr_token_t op_token, fr_token_t value_token, char *buff, char const *filename, int lineno)
Definition cf_file.c:1970
cf_md5_init
void cf_md5_init(void)
Definition cf_file.c:3011
RULES_VERIFY
#define RULES_VERIFY(_cs, _rules)
Definition cf_file.c:177
cf_stack_frame_t::braces
int braces
Definition cf_file.c:139
parse_type_name
static int parse_type_name(cf_stack_t *stack, char const **ptr_p, char const *type_ptr, fr_type_t *type_p)
Definition cf_file.c:1734
cf_stack_cleanup
static void cf_stack_cleanup(cf_stack_t *stack)
Definition cf_file.c:3320
cf_tmpl_rules_verify
static int cf_tmpl_rules_verify(CONF_SECTION *cs, tmpl_rules_t const *rules)
Definition cf_file.c:159
cf_stack_t::depth
int depth
stack depth
Definition cf_file.c:152
cf_expand_variables
char const * cf_expand_variables(char const *cf, int lineno, CONF_SECTION *outer_cs, char *output, size_t outsize, char const *input, ssize_t inlen, bool *soft_fail)
Definition cf_file.c:185
cf_file_open
static int cf_file_open(CONF_SECTION *cs, char const *filename, bool from_dir, FILE **fp_p)
Definition cf_file.c:560
cf_md5_ctx
static fr_md5_ctx_t * cf_md5_ctx
Definition cf_file.c:3009
filename_cmp
static int8_t filename_cmp(void const *one, void const *two)
Definition cf_file.c:885
cf_section_write
int cf_section_write(FILE *fp, CONF_SECTION *cs, int depth)
Definition cf_file.c:3485
cf_file_check
bool cf_file_check(CONF_PAIR *cp, bool check_perms)
Do some checks on the file as an "input" file.
Definition cf_file.c:669
cf_stack_frame_t::lineno
int lineno
line in that filename
Definition cf_file.c:112
cf_file_read
int cf_file_read(CONF_SECTION *cs, char const *filename)
Definition cf_file.c:3354
cf_stack_file_t
cf_stack_file_t
Definition cf_file.c:97
CF_STACK_FILE
@ CF_STACK_FILE
Definition cf_file.c:98
terminal_end_section
static const bool terminal_end_section[UINT8_MAX+1]
Definition cf_file.c:1231
conf_property_name_len
static size_t conf_property_name_len
Definition cf_file.c:77
conf_property_name
static fr_table_num_sorted_t const conf_property_name[]
Definition cf_file.c:73
cf_section_pass2
int cf_section_pass2(CONF_SECTION *cs)
Definition cf_file.c:768
cf_stack_frame_t::from_dir
bool from_dir
this file was read from $include foo/
Definition cf_file.c:140
cf_string_write
static ssize_t cf_string_write(FILE *fp, char const *string, size_t len, fr_token_t t)
Definition cf_file.c:3436
parse_tabs
static char const parse_tabs[]
Definition cf_file.c:3434
cf_file_include
static int cf_file_include(cf_stack_t *stack)
Definition cf_file.c:3141
conf_check_uid
static uid_t conf_check_uid
Definition cf_file.c:64
conf_check_gid
static gid_t conf_check_gid
Definition cf_file.c:65
cf_process_func_t
CONF_ITEM *(* cf_process_func_t)(cf_stack_t *)
Definition cf_file.c:2131
cf_get_token
static int cf_get_token(CONF_SECTION *parent, char const **ptr_p, fr_token_t *token, char *buffer, size_t buflen, char const *filename, int lineno)
Definition cf_file.c:831
_inode_cmp
static int8_t _inode_cmp(void const *one, void const *two)
Definition cf_file.c:551
cf_stack_frame_t::at_reference
CONF_SECTION * at_reference
was this thing an @foo ?
Definition cf_file.c:137
cf_file_fill
static int cf_file_fill(cf_stack_t *stack)
Definition cf_file.c:3036
cf_stack_t::ptr
char const * ptr
current parse pointer
Definition cf_file.c:153
cf_reference_item
CONF_ITEM * cf_reference_item(CONF_SECTION const *parent_cs, CONF_SECTION const *outer_cs, char const *ptr)
Definition cf_file.c:3550
cf_file_heap_t::filename
char const * filename
Definition cf_file.c:881
process_subrequest
static CONF_ITEM * process_subrequest(cf_stack_t *stack)
Definition cf_file.c:1502
cf_file_check_user
void cf_file_check_user(uid_t uid, gid_t gid)
Set the euid/egid used when performing file checks.
Definition cf_file.c:3428
CONF_PROPERTY
enum conf_property CONF_PROPERTY
unlang_keywords
static fr_table_ptr_sorted_t unlang_keywords[]
Definition cf_file.c:2120
cf_stack_t::buff
char ** buff
buffers for reading / parsing
Definition cf_file.c:150
cf_stack_frame_t::parent
CONF_SECTION * parent
which started this file
Definition cf_file.c:135
process_template
static int process_template(cf_stack_t *stack)
Definition cf_file.c:1174
cf_stack_t::bufsize
size_t bufsize
size of the buffers
Definition cf_file.c:151
cf_pair_write
static int cf_pair_write(FILE *fp, CONF_PAIR *cp)
Definition cf_file.c:3469
server_unlang_section_len
static size_t server_unlang_section_len
Definition cf_file.c:95
cf_md5_final
void cf_md5_final(uint8_t *digest)
Definition cf_file.c:3024
process_include
static int process_include(cf_stack_t *stack, CONF_SECTION *parent, char const *ptr, bool required, bool relative)
Definition cf_file.c:896
process_if
static CONF_ITEM * process_if(cf_stack_t *stack)
Definition cf_file.c:1247
cf_md5_update
static void cf_md5_update(char const *p)
Definition cf_file.c:3017
cf_file_free
void cf_file_free(CONF_SECTION *cs)
Definition cf_file.c:3413
cf_local_file
static char const * cf_local_file(char const *base, char const *filename, char *buffer, size_t bufsize)
Definition cf_file.c:802
MAX_STACK
#define MAX_STACK
Definition cf_file.c:107
process_catch
static CONF_ITEM * process_catch(cf_stack_t *stack)
Definition cf_file.c:1623
terminal_end_line
static const bool terminal_end_line[UINT8_MAX+1]
Definition cf_file.c:1235
cf_stack_frame_t::filename
char const * filename
filename we're reading
Definition cf_file.c:111
process_switch
static CONF_ITEM * process_switch(cf_stack_t *stack)
Definition cf_file.c:2028
parse_error
static int parse_error(cf_stack_t *stack, char const *ptr, char const *message)
Definition cf_file.c:1714
cf_file_heap_t
Definition cf_file.c:880
cf_stack_frame_t
Definition cf_file.c:108
cf_stack_t
Definition cf_file.c:149
conf_parser_s::on_read
cf_parse_t on_read
Function to call as the item is being read, just after it has been allocated and initialized.
Definition cf_parse.h:615
conf_parser_s
Defines a CONF_PAIR to C data type mapping.
Definition cf_parse.h:595
cf_file_t::cs
CONF_SECTION * cs
CONF_SECTION associated with the file.
Definition cf_priv.h:139
cf_section::item
CONF_ITEM item
Common set of fields.
Definition cf_priv.h:102
cf_item::parent
CONF_ITEM * parent
Parent.
Definition cf_priv.h:56
cf_section::name2_quote
fr_token_t name2_quote
The type of quoting around name2.
Definition cf_priv.h:107
cf_section::name2
char const * name2
Second name token. Given foo bar {} would be bar.
Definition cf_priv.h:105
cf_section::allow_locals
bool allow_locals
allow local variables
Definition cf_priv.h:116
cf_section::argc
int argc
number of additional arguments
Definition cf_priv.h:109
cf_pair::attr
char const * attr
Attribute name.
Definition cf_priv.h:73
cf_pair::rhs_quote
fr_token_t rhs_quote
Value Quoting style T_(DOUBLE|SINGLE|BACK)_QUOTE_STRING or T_BARE_WORD.
Definition cf_priv.h:78
cf_pair::value
char const * value
Attribute value.
Definition cf_priv.h:74
cf_item_foreach
#define cf_item_foreach(_ci, _iter)
Iterate over the contents of a list.
Definition cf_priv.h:150
cf_section::unlang
cf_unlang_t unlang
Definition cf_priv.h:115
cf_section::name1
char const * name1
First name token. Given foo bar {} would be foo.
Definition cf_priv.h:104
CF_UNLANG_MODULES
@ CF_UNLANG_MODULES
this section is in "modules", allow unlang 2 down
Definition cf_priv.h:91
CF_UNLANG_NONE
@ CF_UNLANG_NONE
no unlang
Definition cf_priv.h:87
CF_UNLANG_CAN_HAVE_UPDATE
@ CF_UNLANG_CAN_HAVE_UPDATE
can have "update"
Definition cf_priv.h:95
CF_UNLANG_ALLOW
@ CF_UNLANG_ALLOW
allow unlang in this section
Definition cf_priv.h:88
CF_UNLANG_POLICY
@ CF_UNLANG_POLICY
this section is a policy, allow unlang 2 down
Definition cf_priv.h:90
CF_UNLANG_ASSIGNMENT
@ CF_UNLANG_ASSIGNMENT
only assignments inside of map / update
Definition cf_priv.h:93
CF_UNLANG_EDIT
@ CF_UNLANG_EDIT
only edit commands
Definition cf_priv.h:92
CF_UNLANG_DICTIONARY
@ CF_UNLANG_DICTIONARY
only local variable definitions
Definition cf_priv.h:94
CF_UNLANG_SERVER
@ CF_UNLANG_SERVER
this section is a virtual server, allow unlang 2 down
Definition cf_priv.h:89
cf_section::argv_quote
fr_token_t * argv_quote
Definition cf_priv.h:111
cf_pair::op
fr_token_t op
Operator e.g. =, :=.
Definition cf_priv.h:76
cf_pair::item
CONF_ITEM item
Common set of fields.
Definition cf_priv.h:71
cf_pair::pass2
bool pass2
do expansion in pass2.
Definition cf_priv.h:80
cf_item::filename
char const * filename
The file the config item was parsed from.
Definition cf_priv.h:64
cf_file_t::buf
struct stat buf
stat about the file
Definition cf_priv.h:140
cf_section::at_reference
bool at_reference
this thing was created from an ...
Definition cf_priv.h:117
cf_section::template
CONF_SECTION * template
Definition cf_priv.h:119
cf_file_t::filename
char const * filename
name of the file
Definition cf_priv.h:138
CONF_ITEM_PAIR
@ CONF_ITEM_PAIR
Definition cf_priv.h:41
CONF_ITEM_SECTION
@ CONF_ITEM_SECTION
Definition cf_priv.h:42
cf_section::argv
char const ** argv
additional arguments
Definition cf_priv.h:110
cf_pair::lhs_quote
fr_token_t lhs_quote
Name quoting style T_(DOUBLE|SINGLE|BACK)_QUOTE_STRING or T_BARE_WORD.
Definition cf_priv.h:77
cf_item::lineno
int lineno
The line number the config item began on.
Definition cf_priv.h:63
cf_item::type
CONF_ITEM_TYPE type
Whether the config item is a config_pair, conf_section or cf_data.
Definition cf_priv.h:61
cf_data
Internal data that is associated with a configuration section.
Definition cf_priv.h:125
cf_file_t
Definition cf_priv.h:136
cf_item
Common header for all CONF_* types.
Definition cf_priv.h:49
cf_pair
Configuration AVP similar to a fr_pair_t.
Definition cf_priv.h:70
cf_section
A section grouping multiple CONF_PAIR.
Definition cf_priv.h:101
cf_pair_dup
CONF_PAIR * cf_pair_dup(CONF_SECTION *parent, CONF_PAIR *cp, bool copy_meta)
Duplicate a CONF_PAIR.
Definition cf_util.c:1320
cf_section_name2
char const * cf_section_name2(CONF_SECTION const *cs)
Return the second identifier of a CONF_SECTION.
Definition cf_util.c:1184
cf_data_value
void * cf_data_value(CONF_DATA const *cd)
Return the user assigned value of CONF_DATA.
Definition cf_util.c:1762
cf_section_to_item
CONF_ITEM * cf_section_to_item(CONF_SECTION const *cs)
Cast a CONF_SECTION to a CONF_ITEM.
Definition cf_util.c:737
cf_pair_alloc
CONF_PAIR * cf_pair_alloc(CONF_SECTION *parent, char const *attr, char const *value, fr_token_t op, fr_token_t lhs_quote, fr_token_t rhs_quote)
Allocate a CONF_PAIR.
Definition cf_util.c:1278
cf_section_name1
char const * cf_section_name1(CONF_SECTION const *cs)
Return the second identifier of a CONF_SECTION.
Definition cf_util.c:1170
cf_section_find
CONF_SECTION * cf_section_find(CONF_SECTION const *cs, char const *name1, char const *name2)
Find a CONF_SECTION with name1 and optionally name2.
Definition cf_util.c:1027
cf_item_to_section
CONF_SECTION * cf_item_to_section(CONF_ITEM const *ci)
Cast a CONF_ITEM to a CONF_SECTION.
Definition cf_util.c:683
cf_pair_find
CONF_PAIR * cf_pair_find(CONF_SECTION const *cs, char const *attr)
Search for a CONF_PAIR with a specific name.
Definition cf_util.c:1438
cf_item_is_section
bool cf_item_is_section(CONF_ITEM const *ci)
Determine if CONF_ITEM is a CONF_SECTION.
Definition cf_util.c:617
cf_section_dup
CONF_SECTION * cf_section_dup(TALLOC_CTX *ctx, CONF_SECTION *parent, CONF_SECTION const *cs, char const *name1, char const *name2, bool copy_meta)
Duplicate a configuration section.
Definition cf_util.c:927
cf_item_to_pair
CONF_PAIR * cf_item_to_pair(CONF_ITEM const *ci)
Cast a CONF_ITEM to a CONF_PAIR.
Definition cf_util.c:663
cf_pair_value
char const * cf_pair_value(CONF_PAIR const *pair)
Return the value of a CONF_PAIR.
Definition cf_util.c:1593
cf_pair_to_item
CONF_ITEM * cf_pair_to_item(CONF_PAIR const *cp)
Cast a CONF_PAIR to a CONF_ITEM.
Definition cf_util.c:721
cf_log_err
#define cf_log_err(_cf, _fmt,...)
Definition cf_util.h:289
cf_lineno
#define cf_lineno(_cf)
Definition cf_util.h:104
cf_data_add
#define cf_data_add(_cf, _data, _name, _free)
Definition cf_util.h:255
cf_data_find
#define cf_data_find(_cf, _type, _name)
Definition cf_util.h:244
cf_lineno_set
#define cf_lineno_set(_ci, _lineno)
Definition cf_util.h:131
cf_root
#define cf_root(_cf)
Definition cf_util.h:98
cf_parent
#define cf_parent(_cf)
Definition cf_util.h:101
cf_canonicalize_error
#define cf_canonicalize_error(_ci, _slen, _msg, _str)
Definition cf_util.h:367
cf_log_perr
#define cf_log_perr(_cf, _fmt,...)
Definition cf_util.h:296
cf_section_find_parent
#define cf_section_find_parent(_cf, _name1, _name2)
Definition cf_util.h:175
cf_section_alloc
#define cf_section_alloc(_ctx, _parent, _name1, _name2)
Definition cf_util.h:140
CF_TO_ITEM
#define CF_TO_ITEM(_cf)
Auto cast from the input type to CONF_ITEM (which is the base type)
Definition cf_util.h:65
cf_filename_set
#define cf_filename_set(_ci, _filename)
Definition cf_util.h:128
cf_log_warn
#define cf_log_warn(_cf, _fmt,...)
Definition cf_util.h:290
cf_log_debug
#define cf_log_debug(_cf, _fmt,...)
Definition cf_util.h:292
fr_cond_assert_msg
#define fr_cond_assert_msg(_x, _fmt,...)
Calls panic_action ifndef NDEBUG, else logs error and evaluates to value of _x.
Definition debug.h:156
MEM
#define MEM(x)
Definition debug.h:36
spaces
static char const * spaces
Definition dependency.c:370
ERROR
#define ERROR(fmt,...)
Definition dhcpclient.c:41
fr_dict_root
fr_dict_attr_t const * fr_dict_root(fr_dict_t const *dict)
Return the root attribute of a dictionary.
Definition dict_util.c:2403
fr_dict_internal
fr_dict_t const * fr_dict_internal(void)
Definition dict_util.c:4654
value
Test enumeration values.
Definition dict_test.h:92
fr_dirfd
int fr_dirfd(int *dirfd, char const **filename, char const *pathname)
From a pathname, return fd and filename needed for *at() functions.
Definition file.c:412
fr_heap_insert
int fr_heap_insert(fr_heap_t **hp, void *data)
Insert a new element into the heap.
Definition heap.c:146
fr_heap_pop
void * fr_heap_pop(fr_heap_t **hp)
Remove a node from the heap.
Definition heap.c:322
fr_heap_index_t
unsigned int fr_heap_index_t
Definition heap.h:80
fr_heap_alloc
#define fr_heap_alloc(_ctx, _cmp, _type, _field, _init)
Creates a heap that can be used with non-talloced elements.
Definition heap.h:100
FR_HEAP_INDEX_INVALID
#define FR_HEAP_INDEX_INVALID
Definition heap.h:83
fr_heap_t
The main heap structure.
Definition heap.h:66
PERROR
#define PERROR(_fmt,...)
Definition log.h:228
talloc_free
talloc_free(reap)
fr_canonicalize_error
void fr_canonicalize_error(TALLOC_CTX *ctx, char **sp, char **text, ssize_t slen, char const *fmt)
Canonicalize error strings, removing tabs, and generate spaces for error marker.
Definition log.c:87
stack
static char * stack[MAX_STACK]
Definition radmin.c:159
fr_md5_ctx_alloc
fr_md5_ctx_alloc_t fr_md5_ctx_alloc
Definition md5.c:440
fr_md5_ctx_free
fr_md5_ctx_free_t fr_md5_ctx_free
Definition md5.c:441
fr_md5_update
fr_md5_update_t fr_md5_update
Definition md5.c:442
fr_md5_final
fr_md5_final_t fr_md5_final
Definition md5.c:443
fr_md5_ctx_t
void fr_md5_ctx_t
Definition md5.h:28
MD5_DIGEST_LENGTH
#define MD5_DIGEST_LENGTH
Definition merged_model.c:242
fr_type_t
fr_type_t
Definition merged_model.c:80
FR_TYPE_TLV
@ FR_TYPE_TLV
Contains nested attributes.
Definition merged_model.c:118
FR_TYPE_MAX
@ FR_TYPE_MAX
Number of defined data types.
Definition merged_model.c:130
FR_TYPE_NULL
@ FR_TYPE_NULL
Invalid (uninitialised) attribute type.
Definition merged_model.c:81
FR_TYPE_VALUE_BOX
@ FR_TYPE_VALUE_BOX
A boxed value.
Definition merged_model.c:125
FR_TYPE_VOID
@ FR_TYPE_VOID
User data.
Definition merged_model.c:127
FR_TYPE_GROUP
@ FR_TYPE_GROUP
A grouping of other attributes.
Definition merged_model.c:124
ssize_t
long int ssize_t
Definition merged_model.c:24
uint8_t
unsigned char uint8_t
Definition merged_model.c:30
UINT8_MAX
#define UINT8_MAX
Definition merged_model.c:32
fr_dict_t
Definition merged_model.c:198
depth
static uint8_t depth(fr_minmax_heap_index_t i)
Definition minmax_heap.c:83
strncasecmp
int strncasecmp(char *s1, char *s2, int n)
Definition missing.c:36
fr_perm_file_error
void fr_perm_file_error(int num)
Write a file access error to the fr_strerror buffer, including euid/egid.
Definition perm.c:531
fr_snprint
size_t fr_snprint(char *out, size_t outlen, char const *in, ssize_t inlen, char quote)
Escape any non printable or non-UTF8 characters in the input string.
Definition print.c:227
fr_assert
#define fr_assert(_expr)
Definition rad_assert.h:38
DEBUG2
#define DEBUG2(fmt,...)
Definition radclient.h:43
WARN
#define WARN(fmt,...)
Definition radclient.h:47
fr_rb_find
void * fr_rb_find(fr_rb_tree_t const *tree, void const *data)
Find an element in the tree, returning the data, not the node.
Definition rb.c:577
fr_rb_insert
bool fr_rb_insert(fr_rb_tree_t *tree, void const *data)
Insert data into a tree.
Definition rb.c:626
fr_rb_inline_talloc_alloc
#define fr_rb_inline_talloc_alloc(_ctx, _type, _field, _data_cmp, _data_free)
Allocs a red black that verifies elements are of a specific talloc type.
Definition rb.h:246
fr_rb_tree_s
The main red black tree structure.
Definition rb.h:73
RLM_MODULE_NUMCODES
@ RLM_MODULE_NUMCODES
How many valid return codes there are.
Definition rcode.h:51
request_attr_request
fr_dict_attr_t const * request_attr_request
Definition request.c:43
name
static char const * name
Definition rlm_redis_ippool_tool.c:156
FR_SBUFF_OUT
#define FR_SBUFF_OUT(_start, _len_or_end)
tmpl_rules_s::at_runtime
bool at_runtime
Produce an ephemeral/runtime tmpl.
Definition tmpl.h:344
tmpl_preparse
ssize_t tmpl_preparse(char const **out, size_t *outlen, char const *in, size_t inlen, fr_token_t *type))
Preparse a string in preparation for passing it to tmpl_afrom_substr()
Definition tmpl_tokenize.c:5334
tmpl_rules_s::attr
tmpl_attr_rules_t attr
Rules/data for parsing attribute references.
Definition tmpl.h:335
tmpl_rules_t
struct tmpl_rules_s tmpl_rules_t
Definition tmpl.h:233
tmpl_rules_s
Optional arguments passed to vp_tmpl functions.
Definition tmpl.h:332
buff
static char buff[sizeof("18446744073709551615")+3]
Definition size_tests.c:41
fr_skip_condition
ssize_t fr_skip_condition(char const *start, char const *end, bool const terminal[static UINT8_MAX+1], bool *eol)
Skip a conditional expression.
Definition skip.c:286
fr_skip_xlat
ssize_t fr_skip_xlat(char const *start, char const *end)
Skip an xlat expression.
Definition skip.c:217
fr_skip_whitespace
#define fr_skip_whitespace(_p)
Skip whitespace ('\t', '\n', '\v', '\f', '\r', ' ')
Definition skip.h:37
snprintf
PUBLIC int snprintf(char *string, size_t length, char *format, va_alist)
Definition snprintf.c:689
type
fr_aka_sim_id_type_t type
Definition state_machine.c:3654
strlcpy
size_t strlcpy(char *dst, char const *src, size_t siz)
Definition strlcpy.c:34
tmpl_attr_rules_s::allow_foreign
uint8_t allow_foreign
Allow arguments not found in dict_def.
Definition tmpl.h:312
tmpl_attr_rules_s::dict_def
fr_dict_t const * dict_def
Default dictionary to use with unqualified attribute references.
Definition tmpl.h:273
fr_syserror
char const * fr_syserror(int num)
Guaranteed to be thread-safe version of strerror.
Definition syserror.c:243
fr_table_value_by_longest_prefix
#define fr_table_value_by_longest_prefix(_match_len, _table, _name, _name_len, _def)
Find the longest string match using a sorted or ordered table.
Definition table.h:732
fr_table_value_by_str
#define fr_table_value_by_str(_table, _name, _def)
Convert a string to a value using a sorted or ordered table.
Definition table.h:653
fr_table_str_by_value
#define fr_table_str_by_value(_table, _number, _def)
Convert an integer to a string.
Definition table.h:772
fr_table_num_sorted_t
An element in a lexicographically sorted array of name to num mappings.
Definition table.h:49
fr_table_ptr_sorted_t
An element in a lexicographically sorted array of name to ptr mappings.
Definition table.h:65
talloc_typed_strdup
char * talloc_typed_strdup(TALLOC_CTX *ctx, char const *p)
Call talloc_strdup, setting the type on the new chunk correctly.
Definition talloc.c:467
talloc_const_free
static int talloc_const_free(void const *ptr)
Free const'd memory.
Definition talloc.h:229
fr_assignment_op
const bool fr_assignment_op[T_TOKEN_LAST]
Definition token.c:169
fr_list_assignment_op
const bool fr_list_assignment_op[T_TOKEN_LAST]
Definition token.c:186
gettoken
fr_token_t gettoken(char const **ptr, char *buf, int buflen, bool unescape)
Definition token.c:469
fr_tokens_table
fr_table_num_ordered_t const fr_tokens_table[]
Definition token.c:34
fr_str_tok
const bool fr_str_tok[T_TOKEN_LAST]
Definition token.c:232
getword
int getword(char const **ptr, char *buf, int buflen, bool unescape)
Definition token.c:460
fr_token_t
enum fr_token fr_token_t
T_OP_SUB_EQ
@ T_OP_SUB_EQ
Definition token.h:70
T_INVALID
@ T_INVALID
Definition token.h:39
T_EOL
@ T_EOL
Definition token.h:40
T_SINGLE_QUOTED_STRING
@ T_SINGLE_QUOTED_STRING
Definition token.h:122
T_OP_AND_EQ
@ T_OP_AND_EQ
Definition token.h:74
T_OP_CMP_TRUE
@ T_OP_CMP_TRUE
Definition token.h:104
T_BARE_WORD
@ T_BARE_WORD
Definition token.h:120
T_OP_EQ
@ T_OP_EQ
Definition token.h:83
T_BACK_QUOTED_STRING
@ T_BACK_QUOTED_STRING
Definition token.h:123
T_HASH
@ T_HASH
Definition token.h:119
T_OP_SET
@ T_OP_SET
Definition token.h:84
T_OP_NE
@ T_OP_NE
Definition token.h:97
T_OP_ADD_EQ
@ T_OP_ADD_EQ
Definition token.h:69
T_OP_CMP_FALSE
@ T_OP_CMP_FALSE
Definition token.h:105
T_OP_LSHIFT_EQ
@ T_OP_LSHIFT_EQ
Definition token.h:77
T_OP_RSHIFT_EQ
@ T_OP_RSHIFT_EQ
Definition token.h:76
T_DOUBLE_QUOTED_STRING
@ T_DOUBLE_QUOTED_STRING
Definition token.h:121
T_OP_CMP_EQ
@ T_OP_CMP_EQ
Definition token.h:106
T_OP_LE
@ T_OP_LE
Definition token.h:100
T_OP_GE
@ T_OP_GE
Definition token.h:98
T_OP_GT
@ T_OP_GT
Definition token.h:99
T_OP_OR_EQ
@ T_OP_OR_EQ
Definition token.h:73
T_OP_LT
@ T_OP_LT
Definition token.h:101
T_OP_PREPEND
@ T_OP_PREPEND
Definition token.h:85
close
close(uq->fd)
parent
static fr_slen_t parent
Definition pair.h:839
fr_strerror
char const * fr_strerror(void)
Get the last library error.
Definition strerror.c:553
fr_strerror_printf
#define fr_strerror_printf(_fmt,...)
Log to thread local error buffer.
Definition strerror.h:64
fr_strerror_const
#define fr_strerror_const(_msg)
Definition strerror.h:223
fr_type_table
fr_table_num_ordered_t const fr_type_table[]
Map data types to names representing those types.
Definition types.c:31
fr_type_is_leaf
#define fr_type_is_leaf(_x)
Definition types.h:389
fr_type_to_str
static char const * fr_type_to_str(fr_type_t type)
Return a static string containing the type name.
Definition types.h:450
inlen
static size_t char fr_sbuff_t size_t inlen
Definition value.h:1020
out
static size_t char ** out
Definition value.h:1020
FR_VALUE_BOX_SAFE_FOR_ANY
#define FR_VALUE_BOX_SAFE_FOR_ANY
Definition value.h:171
virtual_server_dict_by_child_ci
fr_dict_t const * virtual_server_dict_by_child_ci(CONF_ITEM const *ci)
Return the namespace for a given virtual server specified by a CONF_ITEM within the virtual server.
Definition virtual_servers.c:613
Generated by   doxygen 1.9.8