The FreeRADIUS server $Id: f3670dba8951ca10eb4948feb3dc3db9423a334f $
Loading...
Searching...
No Matches
cf_file.c
Go to the documentation of this file.
1/*
2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or
5 * (at your option) any later version.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17/**
18 * $Id: 024dd68b013e511162487ccf31ed9ca14a93e569 $
19 * @file cf_file.c
20 * @brief Read the radiusd.conf file.
21 *
22 * @note Yep I should learn to use lex & yacc, or at least
23 * write a decent parser. I know how to do that, really :)
24 * miquels@cistron.nl
25 *
26 * @copyright 2017 Arran Cudbard-Bell (a.cudbardb@freeradius.org)
27 * @copyright 2000,2006 The FreeRADIUS server project
28 * @copyright 2000 Miquel van Smoorenburg (miquels@cistron.nl)
29 * @copyright 2000 Alan DeKok (aland@freeradius.org)
30 */
31RCSID("$Id: 024dd68b013e511162487ccf31ed9ca14a93e569 $")
32
33#include <sys/errno.h>
34
35#include <freeradius-devel/server/cf_file.h>
36#include <freeradius-devel/server/cf_priv.h>
37#include <freeradius-devel/server/log.h>
38#include <freeradius-devel/server/tmpl.h>
39#include <freeradius-devel/server/util.h>
40#include <freeradius-devel/server/virtual_servers.h>
41#include <freeradius-devel/util/debug.h>
42#include <freeradius-devel/util/file.h>
43#include <freeradius-devel/util/misc.h>
44#include <freeradius-devel/util/perm.h>
45#include <freeradius-devel/util/skip.h>
46#include <freeradius-devel/util/md5.h>
47
48#ifdef HAVE_DIRENT_H
49#endif
50
51#ifdef HAVE_GLOB_H
52#endif
53
54#ifdef HAVE_SYS_STAT_H
55#endif
56
57#include <fcntl.h>
58
59#include <freeradius-devel/server/main_config.h>
60
61bool check_config = false;
62static uid_t conf_check_uid = (uid_t)-1;
63static gid_t conf_check_gid = (gid_t)-1;
64
70
71static fr_table_num_sorted_t const conf_property_name[] = {
72 { L("instance"), CONF_PROPERTY_INSTANCE },
73 { L("name"), CONF_PROPERTY_NAME }
74};
75static size_t conf_property_name_len = NUM_ELEMENTS(conf_property_name);
76
77static fr_table_num_sorted_t const server_unlang_section[] = {
78 { L("accounting"), true },
79 { L("add"), true },
80 { L("authenticate"), true },
81 { L("clear"), true },
82 { L("deny"), true },
83 { L("error"), true },
84 { L("establish"), true },
85 { L("finally"), true },
86 { L("load"), true },
87 { L("new"), true },
88 { L("recv"), true },
89 { L("send"), true },
90 { L("store"), true },
91 { L("verify"), true },
92};
93static size_t server_unlang_section_len = NUM_ELEMENTS(server_unlang_section);
94
95typedef enum {
96 CF_STACK_FILE = 0,
97#ifdef HAVE_DIRENT_H
98 CF_STACK_DIR,
99#endif
100#ifdef HAVE_GLOB_H
101 CF_STACK_GLOB
102#endif
103} cf_stack_file_t;
104
105#define MAX_STACK (32)
106typedef struct {
107 cf_stack_file_t type;
108
109 char const *filename; //!< filename we're reading
110 int lineno; //!< line in that filename
111
112 union {
113 struct {
114 FILE *fp; //!< FP we're reading
115 };
116
117#ifdef HAVE_DIRENT_H
118 struct {
119 fr_heap_t *heap; //!< sorted heap of files
120 char *directory; //!< directory name we're reading
121 };
122#endif
123
124#ifdef HAVE_GLOB_H
125 struct {
126 size_t gl_current;
127 glob_t glob; //! reading glob()
128 bool required;
129 };
130#endif
131 };
132
133 CONF_SECTION *parent; //!< which started this file
134 CONF_SECTION *current; //!< sub-section we're reading
135 CONF_SECTION *at_reference; //!< was this thing an @foo ?
136 int at_reference_braces; //!< braces when we found this thing
137
138 int braces;
139 bool from_dir; //!< this file was read from $include foo/
140} cf_stack_frame_t;
141
142/*
143 * buff[0] is the data we read from the file
144 * buff[1] is name
145 * buff[2] is name2 OR value for pair
146 * buff[3] is a temporary buffer
147 */
148typedef struct {
149 char **buff; //!< buffers for reading / parsing
150 size_t bufsize; //!< size of the buffers
151 int depth; //!< stack depth
152 char const *ptr; //!< current parse pointer
153 char *fill; //!< where we start filling the buffer from
154 cf_stack_frame_t frame[MAX_STACK]; //!< stack frames
155} cf_stack_t;
156
157/*
158 * Open and read a file.
159 */
160static int cf_expand_file(char const *cf, int lineno, char name[static PATH_MAX],
161 char **p_p, char const **ptr_p, char *output, size_t outsize,
162 bool raw)
163{
164 int fd;
165 size_t room;
166 ssize_t len;
167 char *p, *next;
168 char const *ptr;
169
170 /*
171 * Note that we do NOT recursively expand the value. It has to be a hard-coded string.
172 *
173 * We do NOT do any sanity checks on the value. i.e. filenames beginning with '/' are allowed,
174 * as are files with "../../". The value here comes from the configuration files, and only the
175 * administrator has write access to them.
176 */
177 strlcpy(name, cf, PATH_MAX);
178 p = strrchr(name, '/');
179 if (p) {
180 p++;
181 } else {
182 p = name;
183 }
184
185 ptr = *ptr_p;
186
187 /*
188 * Look for trailing '}', and log a
189 * warning for anything that doesn't match,
190 * and exit with a fatal error.
191 */
192 next = strchr(ptr, '}');
193 if (next == NULL) {
194 *p = '\0';
195 ERROR("%s[%d]: File expansion missing }",
196 cf, lineno);
197 return -1;
198 }
199
200 /*
201 * Can't really happen because input lines are
202 * capped at 8k, which is sizeof(name)
203 */
204 if ((next - ptr) >= (name + PATH_MAX - p)) {
205 ERROR("%s[%d]: File name is too large",
206 cf, lineno);
207 return -1;
208 }
209
210 memcpy(p, ptr, next - ptr);
211 p[next - ptr] = '\0';
212
213 fd = open(name, O_RDONLY);
214 if (fd < 0) {
215 ERROR("%s[%d]: Failed opening %s: %s",
216 cf, lineno, name, strerror(errno));
217 return -1;
218 }
219
220 p = *p_p;
221 room = (output + outsize) - p;
222 fr_assert(room > 0);
223
224 /*
225 * Read the raw data.
226 */
227 len = read(fd, p, room);
228 if (len < 0) {
229 ERROR("%s[%d]: Failed reading %s: %s",
230 cf, lineno, name, strerror(errno));
231 close(fd);
232 return -1;
233 }
234 close(fd);
235
236 if (!len) {
237 ERROR("%s[%d]: Failed reading %s: the file is empty",
238 cf, lineno, name);
239 return -1;
240 }
241
242 /*
243 * We don't know whether or not it was
244 * truncated, so we just error out.
245 */
246 if ((size_t) len >= room) {
247 ERROR("%s[%d]: Too much data in %s: did not read the entire file",
248 cf, lineno, name);
249 return -1;
250 }
251
252 /*
253 * If we're not reading the raw file, return only the first line.
254 */
255 if (!raw) {
256 char *q, *end = p + len;
257
258 while (p < end) {
259 if (*p >= ' ') {
260 p++;
261 continue;
262 }
263
264 break;
265 }
266
267 /*
268 * Strip trailing CR/LF.
269 */
270 for (q = p; q < end; q++) {
271 if (*q >= ' ') break;
272
273 *q = '\0';
274 }
275
276 if (q != end) {
277 ERROR("%s[%d]: Too much data in %s: expected one line of text, found multiple lines in the file",
278 cf, lineno, name);
279 return -1;
280 }
281 } else {
282 p += len;
283 }
284
285 *ptr_p = next + 1;
286 *p_p = p;
287
288 return 0;
289}
290
291/*
292 * Expand the variables in an input string.
293 *
294 * Input and output should be two different buffers, as the
295 * output may be longer than the input.
296 */
297char const *cf_expand_variables(char const *cf, int lineno,
298 CONF_SECTION *outer_cs,
299 char *output, size_t outsize,
300 char const *input, ssize_t inlen, bool *soft_fail, bool soft_fail_env)
301{
302 char *p;
303 char const *end, *next, *ptr;
304 CONF_SECTION const *parent_cs;
305 char name[PATH_MAX];
306
307 if (soft_fail) *soft_fail = false;
308
309 /*
310 * Utilities (radjson2conf rebuilding a fragment from JSON)
311 * can opt out of variable resolution so values containing
312 * `${...}` round-trip verbatim instead of failing against
313 * an incomplete tree.
314 */
315 if (!_cf_expand_variables()) {
316 size_t want = inlen >= 0 ? (size_t)inlen : strlen(input);
317 if (want >= outsize) want = outsize - 1;
318 memcpy(output, input, want);
319 output[want] = '\0';
320 return output;
321 }
322
323 /*
324 * Find the master parent conf section.
325 * We can't use main_config->root_cs, because we're in the
326 * process of re-building it, and it isn't set up yet...
327 */
328 parent_cs = cf_root(outer_cs);
329
330 p = output;
331 ptr = input;
332
333 if (inlen < 0) {
334 end = NULL;
335 } else {
336 end = input + inlen;
337 }
338
339 /*
340 * Note that this CAN go over "end" if the input string
341 * is malformed. e.g. pass "${foo.bar}", and pass
342 * "inlen=5". Well, too bad.
343 */
344 while (*ptr && (!end || (ptr < end))) {
345 /*
346 * Ignore anything other than "${"
347 */
348 if ((*ptr == '$') && (ptr[1] == '{')) {
349 CONF_ITEM *ci;
350 CONF_PAIR *cp;
351 char *q;
352 ssize_t len;
353
354 len = fr_skip_xlat(ptr, end);
355 if (len <= 0) {
356 ERROR("%s[%d]: Failed parsing variable expansion '%s''",
357 cf, lineno, input);
358 return NULL;
359 }
360
361 next = ptr + len;
362 ptr += 2;
363
364 /*
365 * Can't really happen because input lines are
366 * capped at 8k, which is sizeof(name)
367 */
368 if ((size_t) len >= sizeof(name)) {
369 ERROR("%s[%d]: Reference string is too large",
370 cf, lineno);
371 return NULL;
372 }
373
374 memcpy(name, ptr, len - 3);
375 name[len - 3] = '\0';
376
377 /*
378 * Read configuration value from a file.
379 *
380 * Note that this is "read binary data", and the contents aren't stripped of
381 * CRLF.
382 */
383 if (name[0] == '/') {
384 int fd = open(name, O_RDONLY);
385 struct stat buf;
386
387 if (fd < 0) {
388 ERROR("%s[%d]: Reference \"${%s}\" failed opening file - %s", cf, lineno, name, fr_syserror(errno));
389 return NULL;
390 }
391
392 if (fstat(fd, &buf) < 0) {
393 fail_fd:
394 close(fd);
395 ERROR("%s[%d]: Reference \"${%s}\" failed reading file - %s", cf, lineno, name, fr_syserror(errno));
396 return NULL;
397 }
398
399 if (buf.st_size >= ((output + outsize) - p)) {
400 close(fd);
401 ERROR("%s[%d]: Reference \"${%s}\" file is too large (%zu >= %zu)", cf, lineno, name,
402 (size_t) buf.st_size, (size_t) ((output + outsize) - p));
403 return NULL;
404 }
405
406 len = read(fd, p, (output + outsize) - p);
407 if (len < 0) goto fail_fd;
408
409 close(fd);
410 p += len;
411 *p = '\0';
412 ptr = next;
413 goto check_eos;
414 }
415
416 q = strchr(name, ':');
417 if (q) {
418 *(q++) = '\0';
419 }
420
421 ci = cf_reference_item(parent_cs, outer_cs, name);
422 if (!ci) {
423 if (soft_fail) *soft_fail = true;
424 PERROR("%s[%d]: Failed finding reference \"${%s}\"", cf, lineno, name);
425 return NULL;
426 }
427
428 /*
429 * The expansion doesn't refer to another item or section
430 * it's the property of a section.
431 */
432 if (q) {
433 CONF_SECTION *find;
434 char const *f;
435 size_t flen;
436
437 if (ci->type != CONF_ITEM_SECTION) {
438 ERROR("%s[%d]: Can only reference properties of sections", cf, lineno);
439 return NULL;
440 }
441
442 find = cf_item_to_section(ci);
443 switch (fr_table_value_by_str(conf_property_name, q, CONF_PROPERTY_INVALID)) {
444 case CONF_PROPERTY_NAME:
445 f = find->name1;
446 break;
447
448 case CONF_PROPERTY_INSTANCE:
449 f = find->name2 ? find->name2 : find->name1;
450 break;
451
452 default:
453 ERROR("%s[%d]: Invalid property '%s'", cf, lineno, q);
454 return NULL;
455 }
456
457 flen = talloc_strlen(f);
458 if ((p + flen) >= (output + outsize)) goto too_long;
459
460 memcpy(p, f, flen);
461 p += flen;
462 ptr = next;
463
464 } else if (ci->type == CONF_ITEM_PAIR) {
465 /*
466 * Substitute the value of the variable.
467 */
468 cp = cf_item_to_pair(ci);
469
470 /*
471 * If the thing we reference is
472 * marked up as being expanded in
473 * pass2, don't expand it now.
474 * Let it be expanded in pass2.
475 */
476 if (cp->pass2) {
477 if (soft_fail) *soft_fail = true;
478
479 ERROR("%s[%d]: Reference \"%s\" points to a variable which has not been expanded.",
480 cf, lineno, input);
481 return NULL;
482 }
483
484 if (!cp->value) {
485 ERROR("%s[%d]: Reference \"%s\" has no value",
486 cf, lineno, input);
487 return NULL;
488 }
489
490 if (p + strlen(cp->value) >= output + outsize) {
491 ERROR("%s[%d]: Reference \"%s\" is too long",
492 cf, lineno, input);
493 return NULL;
494 }
495
496 strcpy(p, cp->value);
497 cp->item.referenced = true;
498 p += strlen(p);
499 ptr = next;
500
501 } else if (ci->type == CONF_ITEM_SECTION) {
502 CONF_SECTION *subcs;
503 CONF_ITEM *ci_p;
504
505 /*
506 * We can't refer to any parent, otherwise we have an infinite loop.
507 */
508 for (ci_p = &outer_cs->item; ci_p != NULL; ci_p = ci_p->parent) {
509 if (ci_p == ci) {
510 ERROR("%s[%d]: Cannot reference different item in same section", cf, lineno);
511 return NULL;
512 }
513 }
514
515 /*
516 * Copy the section instead of
517 * referencing it.
518 */
519 subcs = cf_item_to_section(ci);
520 subcs = cf_section_dup(outer_cs, outer_cs, subcs,
521 cf_section_name1(subcs), cf_section_name2(subcs),
522 false);
523 if (!subcs) {
524 ERROR("%s[%d]: Failed copying reference %s", cf, lineno, name);
525 return NULL;
526 }
527
528 cf_filename_set(subcs, ci->filename);
529 cf_lineno_set(subcs, ci->lineno);
530
531 ptr = next;
532
533 } else {
534 ERROR("%s[%d]: Reference \"%s\" type is invalid", cf, lineno, input);
535 return NULL;
536 }
537 } else if (strncmp(ptr, "$ENV{", 5) == 0) {
538 char *env;
539
540 ptr += 5;
541
542 /*
543 * Look for trailing '}', and log a
544 * warning for anything that doesn't match,
545 * and exit with a fatal error.
546 */
547 next = strchr(ptr, '}');
548 if (next == NULL) {
549 *p = '\0';
550 ERROR("%s[%d]: Environment variable expansion missing }",
551 cf, lineno);
552 return NULL;
553 }
554
555 /*
556 * Can't really happen because input lines are
557 * capped at 8k, which is sizeof(name)
558 */
559 if ((size_t) (next - ptr) >= sizeof(name)) {
560 ERROR("%s[%d]: Environment variable name is too large",
561 cf, lineno);
562 return NULL;
563 }
564
565 memcpy(name, ptr, next - ptr);
566 name[next - ptr] = '\0';
567
568 /*
569 * Get the environment variable.
570 * If none exists, then make it an empty string.
571 */
572 env = getenv(name);
573 if (!env) {
574 if (!soft_fail_env) {
575 ERROR("%s[%d]: Invalid reference to missing environment variable $ENV{%s}",
576 cf, lineno, name);
577 return NULL;
578 }
579
580 *name = '\0';
581 env = name;
582 }
583
584 if (p + strlen(env) >= output + outsize) {
585 ERROR("%s[%d]: Reference \"%s\" is too long",
586 cf, lineno, input);
587 return NULL;
588 }
589
590 strcpy(p, env);
591 p += strlen(p);
592 ptr = next + 1;
593
594 } else if (strncmp(ptr, "$VALUE{", 7) == 0) {
595 ptr += 7;
596
597 if (cf_expand_file(cf, lineno, name, &p, &ptr, output, outsize, false) < 0) return NULL;
598
599 } else if (strncmp(ptr, "$FILE{", 6) == 0) {
600 ptr += 6;
601
602 if (cf_expand_file(cf, lineno, name, &p, &ptr, output, outsize, true) < 0) return NULL;
603
604 } else {
605 /*
606 * Copy it over verbatim.
607 */
608 *(p++) = *(ptr++);
609 }
610
611 check_eos:
612 if (p >= (output + outsize)) {
613 too_long:
614 ERROR("%s[%d]: Reference \"%s\" is too long",
615 cf, lineno, input);
616 return NULL;
617 }
618 } /* loop over all of the input string. */
619
620 *p = '\0';
621
622 return output;
623}
624
625/*
626 * Merge the template so everything else "just works".
627 */
628static bool cf_template_merge(CONF_SECTION *cs, CONF_SECTION const *template)
629{
630 if (!cs || !template) return true;
631
632 cs->template = NULL;
633
634 /*
635 * Walk over the template, adding its' entries to the
636 * current section. But only if the entries don't
637 * already exist in the current section.
638 */
639 cf_item_foreach(&template->item, ci) {
640 if (ci->type == CONF_ITEM_PAIR) {
641 CONF_PAIR *cp1, *cp2;
642
643 /*
644 * It exists, don't over-write it.
645 */
646 cp1 = cf_item_to_pair(ci);
647 if (cf_pair_find(cs, cp1->attr)) {
648 continue;
649 }
650
651 /*
652 * Create a new pair with all of the data
653 * of the old one.
654 */
655 cp2 = cf_pair_dup(cs, cp1, true);
656 if (!cp2) return false;
657
658 cf_filename_set(cp2, cp1->item.filename);
659 cf_lineno_set(cp2, cp1->item.lineno);
660 continue;
661 }
662
663 if (ci->type == CONF_ITEM_SECTION) {
664 CONF_SECTION *subcs1, *subcs2;
665
666 subcs1 = cf_item_to_section(ci);
667 fr_assert(subcs1 != NULL);
668
669 subcs2 = cf_section_find(cs, subcs1->name1, subcs1->name2);
670 if (subcs2) {
671 /*
672 * sub-sections get merged.
673 */
674 if (!cf_template_merge(subcs2, subcs1)) {
675 return false;
676 }
677 continue;
678 }
679
680 /*
681 * Our section doesn't have a matching
682 * sub-section. Copy it verbatim from
683 * the template.
684 */
685 subcs2 = cf_section_dup(cs, cs, subcs1,
686 cf_section_name1(subcs1), cf_section_name2(subcs1),
687 false);
688 if (!subcs2) return false;
689
690 cf_filename_set(subcs2, subcs1->item.filename);
691 cf_lineno_set(subcs2, subcs1->item.lineno);
692 continue;
693 }
694
695 /* ignore everything else */
696 }
697
698 return true;
699}
700
701/*
702 * Functions for tracking files by inode
703 */
704static int8_t _inode_cmp(void const *one, void const *two)
705{
706 cf_file_t const *a = one, *b = two;
707
708 CMP_RETURN(a, b, buf.st_dev);
709
710 return CMP(a->buf.st_ino, b->buf.st_ino);
711}
712
713static int cf_file_open(CONF_SECTION *cs, char const *filename, bool from_dir, FILE **fp_p)
714{
715 cf_file_t *file;
716 CONF_SECTION *top;
717 fr_rb_tree_t *tree;
718 FILE *fp;
719
720 top = cf_root(cs);
721 tree = cf_data_value(cf_data_find(top, fr_rb_tree_t, "filename"));
722 fr_assert(tree);
723
724 /*
725 * If we're including a wildcard directory, then ignore
726 * any files the users has already explicitly loaded in
727 * that directory.
728 */
729 if (from_dir) {
730 cf_file_t my_file;
731 char const *r;
732 int fd, my_fd;
733
734 my_file.cs = cs;
735 my_file.filename = filename;
736
737 /*
738 * Find and open the directory containing filename so we can use
739 * the "at"functions to avoid time of check/time of use insecurities.
740 */
741 if (fr_dirfd(&my_fd, &r, filename) < 0) {
742 ERROR("Failed to open directory containing %s", filename);
743 return -1;
744 }
745
746 if (fstatat(my_fd, r, &my_file.buf, 0) < 0) {
747 if (my_fd != AT_FDCWD) close(my_fd);
748 goto error;
749 }
750
751 file = fr_rb_find(tree, &my_file);
752
753 /*
754 * The file was previously read by including it
755 * explicitly. After it was read, we have a
756 * $INCLUDE of the directory it is in. In that
757 * case, we ignore the file.
758 *
759 * However, if the file WAS read from a wildcard
760 * $INCLUDE directory, then we read it again.
761 */
762 if (file && !file->from_dir) {
763 if (my_fd != AT_FDCWD) close(my_fd);
764 return 1;
765 }
766
767 fd = openat(my_fd, r, O_RDONLY, 0);
768 if (my_fd != AT_FDCWD) close(my_fd);
769 if (fd < 0) goto error;
770 fp = fdopen(fd, "r");
771 } else {
772 fp = fopen(filename, "r");
773 }
774
775 if (DEBUG_ENABLED2) cf_log_debug(cs, "including configuration file %s", filename);
776
777 if (!fp) {
778 error:
779 ERROR("Unable to open file \"%s\": %s", filename, fr_syserror(errno));
780 return -1;
781 }
782
783 MEM(file = talloc(tree, cf_file_t));
784
785 file->filename = talloc_strdup(file, filename); /* The rest of the code expects this to be a talloced buffer */
786 file->cs = cs;
787 file->from_dir = from_dir;
788
789 if (fstat(fileno(fp), &file->buf) == 0) {
790#ifdef S_IWOTH
791 if ((file->buf.st_mode & S_IWOTH) != 0) {
792 ERROR("Configuration file %s is globally writable. "
793 "Refusing to start due to insecure configuration.", filename);
794
795 fclose(fp);
796 talloc_free(file);
797 return -1;
798 }
799#endif
800 }
801
802 /*
803 * We can include the same file twice. e.g. when it
804 * contains common definitions, such as for SQL.
805 *
806 * Though the admin should really use templates for that.
807 */
808 if (!fr_rb_insert(tree, file)) talloc_free(file);
809
810 *fp_p = fp;
811 return 0;
812}
813
814/** Set the euid/egid used when performing file checks
815 *
816 * Sets the euid, and egid used when cf_file_check is called to check
817 * permissions on conf items of type #CONF_FLAG_FILE_READABLE
818 *
819 * @note This is probably only useful for the freeradius daemon itself.
820 *
821 * @param uid to set, (uid_t)-1 to use current euid.
822 * @param gid to set, (gid_t)-1 to use current egid.
823 */
824void cf_file_check_set_uid_gid(uid_t uid, gid_t gid)
825{
826 if (uid != (uid_t) -1) conf_check_uid = uid;
827 if (gid != (gid_t) -1) conf_check_gid = gid;
828}
829
830/** Perform an operation with the effect/group set to conf_check_gid and conf_check_uid
831 *
832 * @param filename CONF_PAIR for the file being checked
833 * @param cb callback function to perform the check
834 * @param uctx user context for the callback
835 * @return
836 * - CF_FILE_OTHER_ERROR if there was a problem modifying permissions
837 * - The return value from the callback
838 */
839cf_file_check_err_t cf_file_check_effective(char const *filename,
840 cf_file_check_err_t (*cb)(char const *filename, void *uctx), void *uctx)
841{
842 int ret;
843
844 uid_t euid = (uid_t) -1;
845 gid_t egid = (gid_t) -1;
846
847 if ((conf_check_gid != (gid_t) -1) && ((egid = getegid()) != conf_check_gid)) {
848 if (setegid(conf_check_gid) < 0) {
849 fr_strerror_printf("Failed setting effective group ID (%d) for file check: %s",
850 (int) conf_check_gid, fr_syserror(errno));
851 return CF_FILE_OTHER_ERROR;
852 }
853 }
854 if ((conf_check_uid != (uid_t) -1) && ((euid = geteuid()) != conf_check_uid)) {
855 if (seteuid(conf_check_uid) < 0) {
856 fr_strerror_printf("Failed setting effective user ID (%d) for file check: %s",
857 (int) conf_check_uid, fr_syserror(errno));
858
859 restore_gid:
860 if ((conf_check_gid != egid) &&
861 (setegid(conf_check_gid) < 0)) {
862 fr_strerror_printf_push("Failed resetting effective group ID (%d) for file check: %s",
863 (int) conf_check_gid, fr_syserror(errno));
864 }
865
866 return CF_FILE_OTHER_ERROR;
867 }
868 }
869 ret = cb(filename, uctx);
870 if (conf_check_uid != euid) {
871 if (seteuid(euid) < 0) {
872 fr_strerror_printf("Failed restoring effective user ID (%d) after file check: %s",
873 (int) euid, fr_syserror(errno));
874 goto restore_gid;
875 }
876 }
877 if (conf_check_gid != egid) {
878 if (setegid(egid) < 0) {
879 fr_strerror_printf("Failed restoring effective group ID (%d) after file check: %s",
880 (int) egid, fr_syserror(errno));
881 return CF_FILE_OTHER_ERROR;
882 }
883 }
884
885 return ret;
886}
887
888/** Check if we can connect to a unix socket
889 *
890 * @param[in] filename CONF_PAIR for the unix socket path
891 * @param[in] uctx user context, not used
892 * @return
893 * - CF_FILE_OK if the socket exists and is a socket.
894 * - CF_FILE_NO_EXIST if the file doesn't exist.
895 * - CF_FILE_NO_PERMISSION if the file exists but is not accessible.
896 * - CF_FILE_NO_UNIX_SOCKET if the file exists but is not a socket.
897 * - CF_FILE_OTHER_ERROR any other error.
898 */
899cf_file_check_err_t cf_file_check_unix_connect(char const *filename, UNUSED void *uctx)
900{
901 int fd;
902 cf_file_check_err_t ret = CF_FILE_OK;
903
904 struct sockaddr_un addr = { .sun_family = AF_UNIX };
905
906 fr_strerror_clear();
907
908 if (talloc_strlen(filename) >= sizeof(addr.sun_path)) {
909 fr_strerror_printf("Socket path \"%s\" too long", filename);
910 return CF_FILE_OTHER_ERROR;
911 }
912
913 strlcpy(addr.sun_path, filename, sizeof(addr.sun_path));
914
915 fd = socket(AF_UNIX, SOCK_STREAM, 0);
916 if (fd < 0) {
917 fr_strerror_printf("Failed checking permissions for \"%s\": %s",
918 filename, fr_syserror(errno));
919 return CF_FILE_OTHER_ERROR;
920 }
921 if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) {
922 fr_strerror_printf("Failed setting non-blocking mode for socket %s: %s",
923 filename, fr_syserror(errno));
924 close(fd);
925 return CF_FILE_OTHER_ERROR;
926 }
927
928 if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
929 switch (errno) {
930 case EINPROGRESS: /* This is fine */
931 break;
932
933 case ENOENT:
934 fr_strerror_printf("Socket path \"%s\" does not exist", filename);
935 ret = CF_FILE_NO_EXIST;
936 break;
937
938 case EACCES:
939 fr_perm_file_error(errno);
940 fr_strerror_printf_push("Socket path \"%s\" exists but is not accessible", filename);
941 ret = CF_FILE_NO_PERMISSION;
942 break;
943
944 case ENOTSOCK:
945 fr_strerror_printf("File \"%s\" is not a socket", filename);
946 ret = CF_FILE_NO_UNIX_SOCKET;
947 break;
948
949 default:
950 fr_strerror_printf("Failed connecting to socket %s: %s", filename, fr_syserror(errno));
951 ret = CF_FILE_OTHER_ERROR;
952 break;
953 }
954 }
955
956 close(fd);
957
958 return ret;
959}
960
961/** Check if file exists, and is a socket
962 *
963 * @param[in] filename CONF_PAIR for the unix socket path
964 * @param[in] uctx user context, not used
965 * @return
966 * - CF_FILE_OK if the socket exists and is a socket.
967 * - CF_FILE_NO_EXIST if the file doesn't exist.
968 * - CF_FILE_NO_PERMISSION if the file exists but is not accessible.
969 * - CF_FILE_NO_UNIX_SOCKET if the file exists but is not a socket.
970 * - CF_FILE_OTHER_ERROR any other error.
971 */
972cf_file_check_err_t cf_file_check_unix_perm(char const *filename, UNUSED void *uctx)
973{
974 struct stat buf;
975
976 fr_strerror_clear();
977
978 if (stat(filename, &buf) < 0) {
979 switch (errno) {
980 case ENOENT:
981 fr_strerror_printf("Socket path \"%s\" does not exist", filename);
982 return CF_FILE_NO_EXIST;
983
984 case EPERM:
985 case EACCES:
986 fr_perm_file_error(errno);
987 fr_strerror_printf_push("Socket path \"%s\" exists but is not accessible: %s",
988 filename, fr_syserror(errno));
989 return CF_FILE_NO_PERMISSION;
990
991 default:
992 fr_strerror_printf("Unable to stat socket \"%s\": %s", filename, fr_syserror(errno));
993 return CF_FILE_OTHER_ERROR;
994 }
995 }
996
997 if (!S_ISSOCK(buf.st_mode)) {
998 fr_strerror_printf("File \"%s\" is not a socket", filename);
999 return CF_FILE_NO_UNIX_SOCKET;
1000 }
1001
1002 return CF_FILE_OK;
1003}
1004
1005/** Callback for cf_file_check to open a file and check permissions.
1006 *
1007 * This is used to check if a file exists, and is readable by the
1008 * unprivileged user/group.
1009 *
1010 * @param filename currently being processed.
1011 * @param uctx user context, which is a pointer to cf_file_t
1012 * @return
1013 * - CF_FILE_OK if the file exists and is readable.
1014 * - CF_FILE_NO_EXIST if the file does not exist.
1015 * - CF_FILE_NO_PERMISSION if the file exists but is not accessible.
1016 * - CF_FILE_OTHER_ERROR if there was any other error.
1017 */
1018cf_file_check_err_t cf_file_check_open_read(char const *filename, void *uctx)
1019{
1020 int fd;
1021 cf_file_t *file = uctx;
1022
1023 fr_strerror_clear();
1024
1025 fd = open(filename, O_RDONLY);
1026 if (fd < 0) {
1027 error:
1028 if (fd >= 0) close(fd);
1029
1030 switch (errno) {
1031 case ENOENT:
1032 fr_strerror_printf("File \"%s\" does not exist", filename);
1033 return CF_FILE_NO_EXIST;
1034
1035 case EPERM:
1036 case EACCES:
1037 fr_perm_file_error(errno);
1038 fr_strerror_printf_push("File \"%s\" exists but is not accessible: %s",
1039 filename, fr_syserror(errno));
1040 return CF_FILE_NO_PERMISSION;
1041
1042 default:
1043 fr_strerror_printf("Unable to open file \"%s\": %s", filename, fr_syserror(errno));
1044 return CF_FILE_OTHER_ERROR;
1045
1046 }
1047 }
1048
1049 if (file && fstat(fd, &file->buf) < 0) goto error;
1050
1051 close(fd);
1052 return CF_FILE_OK;
1053}
1054
1055/** Do some checks on the file as an "input" file. i.e. one read by a module.
1056 *
1057 * @note Must be called with super user privileges.
1058 *
1059 * @param cp currently being processed.
1060 * @param check_perms If true - will return error if file is world readable,
1061 * or not readable by the unprivileged user/group.
1062 * @return
1063 * - CF_FILE_OK if the socket exists and is a socket.
1064 * - CF_FILE_NO_EXIST if the file doesn't exist.
1065 * - CF_FILE_NO_PERMISSION if the file exists but is not accessible.
1066 * - CF_FILE_OTHER_ERROR any other error.
1067 */
1068cf_file_check_err_t cf_file_check(CONF_PAIR *cp, bool check_perms)
1069{
1070 cf_file_t *file;
1071 CONF_SECTION *top;
1072 fr_rb_tree_t *tree;
1073 char const *filename = cf_pair_value(cp);
1074 cf_file_check_err_t ret;
1075
1076 top = cf_root(cp);
1077 tree = cf_data_value(cf_data_find(top, fr_rb_tree_t, "filename"));
1078 if (!tree) return CF_FILE_OTHER_ERROR;
1079
1080 file = talloc(tree, cf_file_t);
1081 if (!file) return CF_FILE_OTHER_ERROR;
1082
1083 file->filename = talloc_strdup(file, filename); /* The rest of the code expects this to be talloced */
1084 file->cs = cf_item_to_section(cf_parent(cp));
1085
1086 if (!check_perms) {
1087 if (stat(filename, &file->buf) < 0) {
1088 fr_perm_file_error(errno); /* Write error and euid/egid to error buff */
1089 cf_log_perr(cp, "Unable to open file \"%s\"", filename);
1090 error:
1091 talloc_free(file);
1092 return CF_FILE_OTHER_ERROR;
1093 }
1094 talloc_free(file);
1095 return CF_FILE_OK;
1096 }
1097
1098 /*
1099 * This really does seem to be the simplest way
1100 * to check that the file can be read with the
1101 * euid/egid.
1102 */
1103 ret = cf_file_check_effective(filename, cf_file_check_open_read, file);
1104 if (ret < 0) {
1105 cf_log_perr(cp, "Permissions check failed");
1106 goto error;
1107 }
1108#ifdef S_IWOTH
1109 if ((file->buf.st_mode & S_IWOTH) != 0) {
1110 cf_log_perr(cp, "Configuration file %s is globally writable. "
1111 "Refusing to start due to insecure configuration.", filename);
1112 talloc_free(file);
1113 return CF_FILE_OTHER_ERROR;
1114 }
1115#endif
1116
1117 /*
1118 * It's OK to include the same file twice...
1119 */
1120 if (!fr_rb_insert(tree, file)) talloc_free(file);
1121
1122 return CF_FILE_OK;
1123}
1124
1125/*
1126 * Do variable expansion in pass2.
1127 *
1128 * This is a breadth-first expansion. "deep
1129 */
1130int cf_section_pass2(CONF_SECTION *cs)
1131{
1132 cf_item_foreach(&cs->item, ci) {
1133 char const *value;
1134 CONF_PAIR *cp;
1135 char buffer[8192];
1136
1137 if (ci->type != CONF_ITEM_PAIR) continue;
1138
1139 cp = cf_item_to_pair(ci);
1140 if (!cp->value || !cp->pass2) continue;
1141
1142 fr_assert((cp->rhs_quote == T_BARE_WORD) ||
1143 (cp->rhs_quote == T_HASH) ||
1144 (cp->rhs_quote == T_DOUBLE_QUOTED_STRING) ||
1145 (cp->rhs_quote == T_BACK_QUOTED_STRING));
1146
1147 value = cf_expand_variables(ci->filename, ci->lineno, cs, buffer, sizeof(buffer), cp->value, -1, NULL,
1148 (cp->rhs_quote != T_BARE_WORD));
1149 if (!value) return -1;
1150
1151 talloc_const_free(cp->value);
1152 cp->value = talloc_strdup(cp, value);
1153 }
1154
1155 cf_item_foreach(&cs->item, ci) {
1156 if (ci->type != CONF_ITEM_SECTION) continue;
1157
1158 if (cf_section_pass2(cf_item_to_section(ci)) < 0) return -1;
1159 }
1160
1161 return 0;
1162}
1163
1164
1165static char const *cf_local_file(char const *base, char const *filename,
1166 char *buffer, size_t bufsize)
1167{
1168 size_t dirsize;
1169 char *p;
1170
1171 strlcpy(buffer, base, bufsize);
1172
1173 p = strrchr(buffer, FR_DIR_SEP);
1174 if (!p) return filename;
1175 if (p[1]) { /* ./foo */
1176 p[1] = '\0';
1177 }
1178
1179 dirsize = (p - buffer) + 1;
1180
1181 if ((dirsize + strlen(filename)) >= bufsize) {
1182 return NULL;
1183 }
1184
1185 strlcpy(p + 1, filename, bufsize - dirsize);
1186
1187 return buffer;
1188}
1189
1190/*
1191 * Like gettoken(), but uses the new API which seems better for a
1192 * host of reasons.
1193 */
1194static int cf_get_token(CONF_SECTION *parent, char const **ptr_p, fr_token_t *token, char *buffer, size_t buflen,
1195 char const *filename, int lineno)
1196{
1197 char const *ptr = *ptr_p;
1198 ssize_t slen;
1199 char const *out;
1200 size_t outlen;
1201
1202 /*
1203 * Discover the string content, returning what kind of
1204 * string it is.
1205 *
1206 * Don't allow casts or regexes. But do allow bare
1207 * %{...} expansions.
1208 */
1209 slen = tmpl_preparse(&out, &outlen, ptr, strlen(ptr), token);
1210 if (slen <= 0) {
1211 char *spaces, *text;
1212
1213 fr_canonicalize_error(parent, &spaces, &text, slen, ptr);
1214
1215 ERROR("%s[%d]: %s", filename, lineno, text);
1216 ERROR("%s[%d]: %s^ - %s", filename, lineno, spaces, fr_strerror());
1217
1218 talloc_free(spaces);
1219 talloc_free(text);
1220 return -1;
1221 }
1222
1223 if ((size_t) slen >= buflen) {
1224 ERROR("%s[%d]: Name is too long", filename, lineno);
1225 return -1;
1226 }
1227
1228 /*
1229 * Unescape it or copy it verbatim as necessary.
1230 */
1231 if (!cf_expand_variables(filename, lineno, parent, buffer, buflen,
1232 out, outlen, NULL, (*token != T_BARE_WORD))) {
1233 return -1;
1234 }
1235
1236 ptr += slen;
1237 fr_skip_whitespace(ptr);
1238
1239 *ptr_p = ptr;
1240 return 0;
1241}
1242
1247
1248static int8_t filename_cmp(void const *one, void const *two)
1249{
1250 int ret;
1251 cf_file_heap_t const *a = one;
1252 cf_file_heap_t const *b = two;
1253
1254 ret = strcmp(a->filename, b->filename);
1255 return CMP(ret, 0);
1256}
1257
1258
1259static int process_include(cf_stack_t *stack, CONF_SECTION *parent, char const *ptr, bool required, bool relative)
1260{
1261 char const *value;
1262 cf_stack_frame_t *frame = &stack->frame[stack->depth];
1263
1264 /*
1265 * Can't do this inside of update / map.
1266 */
1267 if (parent->unlang == CF_UNLANG_ASSIGNMENT) {
1268 ERROR("%s[%d]: Parse error: Invalid location for $INCLUDE",
1269 frame->filename, frame->lineno);
1270 return -1;
1271 }
1272
1273 fr_skip_whitespace(ptr);
1274
1275 /*
1276 * Grab all of the non-whitespace text.
1277 */
1278 value = ptr;
1279 while (*ptr && !isspace((uint8_t) *ptr)) ptr++;
1280
1281 /*
1282 * We're OK with whitespace after the filename.
1283 */
1284 fr_skip_whitespace(ptr);
1285
1286 /*
1287 * But anything else after the filename is wrong.
1288 */
1289 if (*ptr) {
1290 ERROR("%s[%d]: Unexpected text after $INCLUDE", frame->filename, frame->lineno);
1291 return -1;
1292 }
1293
1294 /*
1295 * Hack for ${confdir}/foo
1296 */
1297 if (*value == '$') relative = false;
1298
1299 value = cf_expand_variables(frame->filename, frame->lineno, parent, stack->buff[1], stack->bufsize,
1300 value, ptr - value, NULL, false);
1301 if (!value) return -1;
1302
1303 if (!FR_DIR_IS_RELATIVE(value)) relative = false;
1304
1305 if (relative) {
1306 value = cf_local_file(frame->filename, value, stack->buff[2], stack->bufsize);
1307 if (!value) {
1308 ERROR("%s[%d]: Directories too deep", frame->filename, frame->lineno);
1309 return -1;
1310 }
1311 }
1312
1313 if (strchr(value, '*') != 0) {
1314#ifndef HAVE_GLOB_H
1315 ERROR("%s[%d]: Filename globbing is not supported.", frame->filename, frame->lineno);
1316 return -1;
1317#else
1318 stack->depth++;
1319 frame = &stack->frame[stack->depth];
1320 memset(frame, 0, sizeof(*frame));
1321
1322 frame->type = CF_STACK_GLOB;
1323 frame->required = required;
1324 frame->parent = parent;
1325 frame->current = parent;
1326
1327 /*
1328 * For better debugging.
1329 */
1330 frame->filename = frame[-1].filename;
1331 frame->lineno = frame[-1].lineno;
1332
1333 if (glob(value, GLOB_ERR | GLOB_NOESCAPE, NULL, &frame->glob) < 0) {
1334 stack->depth--;
1335 ERROR("%s[%d]: Failed expanding '%s' - %s", frame->filename, frame->lineno,
1336 value, fr_syserror(errno));
1337 return -1;
1338 }
1339
1340 /*
1341 * If nothing matches, that may be an error.
1342 */
1343 if (frame->glob.gl_pathc == 0) {
1344 if (!required) {
1345 stack->depth--;
1346 return 0;
1347 }
1348
1349 ERROR("%s[%d]: Failed expanding '%s' - No matching files", frame->filename, frame->lineno,
1350 value);
1351 return -1;
1352 }
1353
1354 return 1;
1355#endif
1356 }
1357
1358 /*
1359 * Allow $-INCLUDE for directories, too.
1360 */
1361 if (!required) {
1362 struct stat statbuf;
1363
1364 if (stat(value, &statbuf) < 0) {
1365 WARN("Not including file %s: %s", value, fr_syserror(errno));
1366 return 0;
1367 }
1368 }
1369
1370 /*
1371 * The filename doesn't end in '/', so it must be a file.
1372 */
1373 if (value[strlen(value) - 1] != '/') {
1374 if ((stack->depth + 1) >= MAX_STACK) {
1375 ERROR("%s[%d]: Directories too deep", frame->filename, frame->lineno);
1376 return -1;
1377 }
1378
1379 stack->depth++;
1380 frame = &stack->frame[stack->depth];
1381 memset(frame, 0, sizeof(*frame));
1382
1383 frame->type = CF_STACK_FILE;
1384 frame->fp = NULL;
1385 frame->parent = parent;
1386 frame->current = parent;
1387 frame->filename = talloc_strdup(frame->parent, value);
1388 return 1;
1389 }
1390
1391#ifdef HAVE_DIRENT_H
1392 /*
1393 * $INCLUDE foo/
1394 *
1395 * Include ALL non-"dot" files in the directory.
1396 * careful!
1397 */
1398 {
1399 char *directory;
1400 DIR *dir = NULL;
1401 struct dirent *dp;
1402 struct stat stat_buf;
1403 cf_file_heap_t *h;
1404#ifdef S_IWOTH
1405 int my_fd;
1406#endif
1407
1408 /*
1409 * We need to keep a copy of parent while the
1410 * included files mangle our buff[] array.
1411 */
1412 directory = talloc_strdup(parent, value);
1413
1414 if (DEBUG_ENABLED2) cf_log_debug(parent, "Including files in directory \"%s\"", directory);
1415
1416 dir = opendir(directory);
1417 if (!dir) {
1418 ERROR("%s[%d]: Error reading directory %s: %s",
1419 frame->filename, frame->lineno, value,
1420 fr_syserror(errno));
1421 error:
1422 if (dir) closedir(dir);
1423 talloc_free(directory);
1424 return -1;
1425 }
1426
1427#ifdef S_IWOTH
1428 my_fd = dirfd(dir);
1429 fr_assert(my_fd >= 0);
1430
1431 /*
1432 * Security checks.
1433 */
1434 if (fstat(my_fd, &stat_buf) < 0) {
1435 ERROR("%s[%d]: Failed reading directory %s: %s", frame->filename, frame->lineno,
1436 directory, fr_syserror(errno));
1437 goto error;
1438 }
1439
1440 if ((stat_buf.st_mode & S_IWOTH) != 0) {
1441 ERROR("%s[%d]: Directory %s is globally writable. Refusing to start due to "
1442 "insecure configuration", frame->filename, frame->lineno, directory);
1443 goto error;
1444 }
1445#endif
1446
1447 /*
1448 * Directory plus next filename.
1449 */
1450 if ((stack->depth + 2) >= MAX_STACK) {
1451 ERROR("%s[%d]: Directories too deep", frame->filename, frame->lineno);
1452 goto error;
1453 }
1454
1455 stack->depth++;
1456 frame = &stack->frame[stack->depth];
1457 *frame = (cf_stack_frame_t){
1458 .type = CF_STACK_DIR,
1459 .directory = directory,
1460 .parent = parent,
1461 .current = parent,
1462 .from_dir = true
1463 };
1464
1465 MEM(frame->heap = fr_heap_alloc(frame->directory, filename_cmp, cf_file_heap_t, heap_id, 0));
1466
1467 /*
1468 * Read the whole directory before loading any
1469 * individual file. We stat() files to ensure
1470 * that they're readable. We ignore
1471 * subdirectories and files with odd filenames.
1472 */
1473 while ((dp = readdir(dir)) != NULL) {
1474 char const *p;
1475 size_t len;
1476
1477 if (dp->d_name[0] == '.') continue;
1478
1479 /*
1480 * Check for valid characters
1481 */
1482 for (p = dp->d_name; *p != '\0'; p++) {
1483 if (isalpha((uint8_t) *p) ||
1484 isdigit((uint8_t) *p) ||
1485 (*p == '-') ||
1486 (*p == '_') ||
1487 (*p == '.')) continue;
1488 break;
1489 }
1490 if (*p != '\0') continue;
1491
1492 /*
1493 * Ignore config files generated by deb / rpm packaging updates.
1494 */
1495 len = strlen(dp->d_name);
1496 if ((len > 10) && (strncmp(&dp->d_name[len - 10], ".dpkg-dist", 10) == 0)) {
1497 pkg_file:
1498 WARN("Ignoring packaging system produced file %s%s", frame->directory, dp->d_name);
1499 continue;
1500 }
1501 if ((len > 9) && (strncmp(&dp->d_name[len - 9], ".dpkg-old", 9) == 0)) goto pkg_file;
1502 if ((len > 7) && (strncmp(&dp->d_name[len - 7], ".rpmnew", 7) == 0)) goto pkg_file;
1503 if ((len > 8) && (strncmp(&dp->d_name[len - 8], ".rpmsave", 8) == 0)) goto pkg_file;
1504
1505 snprintf(stack->buff[1], stack->bufsize, "%s%s",
1506 frame->directory, dp->d_name);
1507
1508 if (stat(stack->buff[1], &stat_buf) != 0) {
1509 ERROR("%s[%d]: Failed checking file %s: %s",
1510 (frame - 1)->filename, (frame - 1)->lineno,
1511 stack->buff[1], fr_syserror(errno));
1512 continue;
1513 }
1514
1515 if (S_ISDIR(stat_buf.st_mode)) {
1516 WARN("%s[%d]: Ignoring directory %s",
1517 (frame - 1)->filename, (frame - 1)->lineno,
1518 stack->buff[1]);
1519 continue;
1520 }
1521
1522 MEM(h = talloc_zero(frame->heap, cf_file_heap_t));
1523 MEM(h->filename = talloc_strdup(h, stack->buff[1]));
1524 h->heap_id = FR_HEAP_INDEX_INVALID;
1525 (void) fr_heap_insert(&frame->heap, h);
1526 }
1527
1528 closedir(dir);
1529 return 1;
1530 }
1531#else
1532 ERROR("%s[%d]: Error including %s: No support for directories!",
1533 frame->filename, frame->lineno, value);
1534 return -1;
1535#endif
1536}
1537
1538
1539static int process_template(cf_stack_t *stack)
1540{
1541 CONF_ITEM *ci;
1542 CONF_SECTION *parent_cs, *templatecs;
1543 fr_token_t token;
1544 cf_stack_frame_t *frame = &stack->frame[stack->depth];
1545 CONF_SECTION *parent = frame->current;
1546
1547 token = getword(&stack->ptr, stack->buff[2], stack->bufsize, true);
1548 if (token != T_EOL) {
1549 ERROR("%s[%d]: Unexpected text after $TEMPLATE", frame->filename, frame->lineno);
1550 return -1;
1551 }
1552
1553 if (!parent) {
1554 ERROR("%s[%d]: Internal sanity check error in template reference", frame->filename, frame->lineno);
1555 return -1;
1556 }
1557
1558 if (parent->template) {
1559 ERROR("%s[%d]: Section already has a template", frame->filename, frame->lineno);
1560 return -1;
1561 }
1562
1563 /*
1564 * Allow in-line templates.
1565 */
1566 templatecs = cf_section_find(cf_item_to_section(cf_parent(parent)), "template", stack->buff[2]);
1567 if (templatecs) {
1568 parent->template = templatecs;
1569 return 0;
1570 }
1571
1572 parent_cs = cf_root(parent);
1573
1574 templatecs = cf_section_find(parent_cs, "templates", NULL);
1575 if (!templatecs) {
1576 ERROR("%s[%d]: Cannot find template \"%s\", as no 'templates' section exists.",
1577 frame->filename, frame->lineno, stack->buff[2]);
1578 return -1;
1579 }
1580
1581 ci = cf_reference_item(parent_cs, templatecs, stack->buff[2]);
1582 if (!ci || (ci->type != CONF_ITEM_SECTION)) {
1583 PERROR("%s[%d]: Failed finding item \"%s\" in the 'templates' section.",
1584 frame->filename, frame->lineno, stack->buff[2]);
1585 return -1;
1586 }
1587
1588 parent->template = cf_item_to_section(ci);
1589 return 0;
1590}
1591
1592
1593static int cf_file_fill(cf_stack_t *stack);
1594
1595
1596static const bool terminal_end_section[SBUFF_CHAR_CLASS] = {
1597 ['{'] = true,
1598};
1599
1600static const bool terminal_end_line[SBUFF_CHAR_CLASS] = {
1601 [0] = true,
1602
1603 ['\r'] = true,
1604 ['\n'] = true,
1605
1606 ['#'] = true,
1607 [','] = true,
1608 [';'] = true,
1609 ['}'] = true,
1610};
1611
1612static CONF_ITEM *process_if(cf_stack_t *stack)
1613{
1614 ssize_t slen = 0;
1615 CONF_SECTION *cs;
1616 uint8_t const *p;
1617 char const *ptr = stack->ptr;
1618 cf_stack_frame_t *frame = &stack->frame[stack->depth];
1619 CONF_SECTION *parent = frame->current;
1620 char *buff[4];
1621
1622 /*
1623 * Short names are nicer.
1624 */
1625 buff[1] = stack->buff[1];
1626 buff[2] = stack->buff[2];
1627 buff[3] = stack->buff[3];
1628
1629 /*
1630 * Create the CONF_SECTION. We don't pass a name2, as it
1631 * hasn't yet been parsed.
1632 */
1633 cs = cf_section_alloc(parent, parent, buff[1], NULL);
1634 if (!cs) {
1635 cf_log_err(parent, "Failed allocating memory for section");
1636 return NULL;
1637 }
1638 cf_filename_set(cs, frame->filename);
1639 cf_lineno_set(cs, frame->lineno);
1640
1641 /*
1642 * Keep "parsing" the condition until we hit EOL.
1643 *
1644 *
1645 */
1646 while (true) {
1647 int rcode;
1648 bool eol;
1649
1650 /*
1651 * Try to parse the condition. We can have a parse success, or a parse failure.
1652 */
1653 slen = fr_skip_condition(ptr, NULL, terminal_end_section, &eol);
1654
1655 /*
1656 * Parse success means we stop reading more data.
1657 */
1658 if (slen > 0) break;
1659
1660 /*
1661 * Parse failures not at EOL are real errors.
1662 */
1663 if (!eol) {
1664 slen = 0;
1665 fr_strerror_const("Unexpected EOF");
1666 error:
1667 cf_canonicalize_error(cs, slen, "Parse error in condition", ptr);
1668 talloc_free(cs);
1669 return NULL;
1670 }
1671
1672 /*
1673 * Parse failures at EOL means that we read more data.
1674 */
1675 p = (uint8_t const *) ptr + (-slen);
1676
1677 /*
1678 * Auto-continue across CR LF until we reach the
1679 * end of the string. We mash everything into one line.
1680 */
1681 if (*p && (*p < ' ')) {
1682 while ((*p == '\r') || (*p == '\n')) {
1683 char *q;
1684
1685 q = UNCONST(char *, p);
1686 *q = ' ';
1687 p++;
1688 continue;
1689 }
1690
1691 /*
1692 * Hopefully the next line is already in
1693 * the buffer, and we don't have to read
1694 * more data.
1695 */
1696 continue;
1697 }
1698
1699 /*
1700 * Anything other than EOL is a problem at this point.
1701 */
1702 if (*p) {
1703 fr_strerror_const("Unexpected text after condition");
1704 goto error;
1705 }
1706
1707 /*
1708 * We hit EOL, so the parse error is really "read more data".
1709 */
1710 stack->fill = UNCONST(char *, p);
1711 rcode = cf_file_fill(stack);
1712 if (rcode < 0) {
1713 cf_log_err(cs, "Failed parsing condition");
1714 return NULL;
1715 }
1716 }
1717
1718 fr_assert((size_t) slen < (stack->bufsize - 1));
1719
1720 ptr += slen;
1721 fr_skip_whitespace(ptr);
1722
1723 if (*ptr != '{') {
1724 cf_log_err(cs, "Expected '{' instead of %s", ptr);
1725 talloc_free(cs);
1726 return NULL;
1727 }
1728 ptr++;
1729
1730 /*
1731 * Save the parsed condition (minus trailing whitespace)
1732 * into a buffer.
1733 */
1734 memcpy(buff[2], stack->ptr, slen);
1735 buff[2][slen] = '\0';
1736
1737 while (slen > 0) {
1738 if (!isspace((uint8_t) buff[2][slen - 1])) break;
1739
1740 buff[2][slen - 1] = '\0';
1741 slen--;
1742 }
1743
1744 /*
1745 * Expand the variables in the pre-parsed condition.
1746 */
1747 if (!cf_expand_variables(frame->filename, frame->lineno, parent,
1748 buff[3], stack->bufsize, buff[2], slen, NULL, true)) {
1749 fr_strerror_const("Failed expanding configuration variable");
1750 return NULL;
1751 }
1752
1753 MEM(cs->name2 = talloc_strdup(cs, buff[3]));
1754 cs->name2_quote = T_BARE_WORD;
1755
1756 stack->ptr = ptr;
1757
1758 cs->allow_locals = true;
1759 cs->unlang = CF_UNLANG_ALLOW;
1760 return cf_section_to_item(cs);
1761}
1762
1763static CONF_ITEM *process_map(cf_stack_t *stack)
1764{
1765 char const *mod;
1766 char const *value = NULL;
1767 CONF_SECTION *css;
1768 fr_token_t token;
1769 char const *ptr = stack->ptr;
1770 cf_stack_frame_t *frame = &stack->frame[stack->depth];
1771 CONF_SECTION *parent = frame->current;
1772 char *buff[4];
1773
1774 /*
1775 * Short names are nicer.
1776 */
1777 buff[1] = stack->buff[1];
1778 buff[2] = stack->buff[2];
1779
1780 if (cf_get_token(parent, &ptr, &token, buff[1], stack->bufsize,
1781 frame->filename, frame->lineno) < 0) {
1782 return NULL;
1783 }
1784
1785 if (token != T_BARE_WORD) {
1786 ERROR("%s[%d]: Invalid syntax for 'map' - module name must not be a quoted string",
1787 frame->filename, frame->lineno);
1788 return NULL;
1789 }
1790 mod = buff[1];
1791
1792 /*
1793 * Maps without an expansion string are allowed, though
1794 * it's not clear why.
1795 */
1796 if (*ptr == '{') {
1797 ptr++;
1798 goto alloc_section;
1799 }
1800
1801 /*
1802 * Now get the expansion string.
1803 */
1804 if (cf_get_token(parent, &ptr, &token, buff[2], stack->bufsize,
1805 frame->filename, frame->lineno) < 0) {
1806 return NULL;
1807 }
1808 if (!fr_str_tok[token]) {
1809 ERROR("%s[%d]: Expecting string expansions in 'map' definition",
1810 frame->filename, frame->lineno);
1811 return NULL;
1812 }
1813
1814 if (*ptr != '{') {
1815 ERROR("%s[%d]: Expecting section start brace '{' in 'map' definition",
1816 frame->filename, frame->lineno);
1817 return NULL;
1818 }
1819 ptr++;
1820 value = buff[2];
1821
1822 /*
1823 * Allocate the section
1824 */
1825alloc_section:
1826 css = cf_section_alloc(parent, parent, "map", mod);
1827 if (!css) {
1828 ERROR("%s[%d]: Failed allocating memory for section",
1829 frame->filename, frame->lineno);
1830 return NULL;
1831 }
1832 cf_filename_set(css, frame->filename);
1833 cf_lineno_set(css, frame->lineno);
1834 css->name2_quote = T_BARE_WORD;
1835
1836 css->argc = 0;
1837 if (value) {
1838 css->argv = talloc_array(css, char const *, 1);
1839 css->argv[0] = talloc_strdup(css->argv, value);
1840 css->argv_quote = talloc_array(css, fr_token_t, 1);
1841 css->argv_quote[0] = token;
1842 css->argc++;
1843 }
1844 stack->ptr = ptr;
1845 css->unlang = CF_UNLANG_ASSIGNMENT;
1846
1847 return cf_section_to_item(css);
1848}
1849
1850
1851static CONF_ITEM *process_subrequest(cf_stack_t *stack)
1852{
1853 char const *mod = NULL;
1854 CONF_SECTION *css;
1855 fr_token_t token;
1856 char const *ptr = stack->ptr;
1857 cf_stack_frame_t *frame = &stack->frame[stack->depth];
1858 CONF_SECTION *parent = frame->current;
1859 char *buff[4];
1860 int values = 0;
1861
1862 /*
1863 * Short names are nicer.
1864 */
1865 buff[1] = stack->buff[1];
1866 buff[2] = stack->buff[2];
1867 buff[3] = stack->buff[3];
1868
1869 /*
1870 * subrequest { ... } is allowed.
1871 */
1872 fr_skip_whitespace(ptr);
1873 if (*ptr == '{') {
1874 ptr++;
1875 goto alloc_section;
1876 }
1877
1878 /*
1879 * Get the name of the Packet-Type.
1880 */
1881 if (cf_get_token(parent, &ptr, &token, buff[1], stack->bufsize,
1882 frame->filename, frame->lineno) < 0) {
1883 return NULL;
1884 }
1885
1886 mod = buff[1];
1887
1888 /*
1889 * subrequest Access-Request { ... } is allowed.
1890 */
1891 if (*ptr == '{') {
1892 ptr++;
1893 goto alloc_section;
1894 }
1895
1896 /*
1897 * subrequest Access-Request &foo { ... }
1898 */
1899 if (cf_get_token(parent, &ptr, &token, buff[2], stack->bufsize,
1900 frame->filename, frame->lineno) < 0) {
1901 return NULL;
1902 }
1903
1904 if (token != T_BARE_WORD) {
1905 ERROR("%s[%d]: The second argument to 'subrequest' must be an attribute reference",
1906 frame->filename, frame->lineno);
1907 return NULL;
1908 }
1909 values++;
1910
1911 if (*ptr == '{') {
1912 ptr++;
1913 goto alloc_section;
1914 }
1915
1916 /*
1917 * subrequest Access-Request &foo &bar { ... }
1918 */
1919 if (cf_get_token(parent, &ptr, &token, buff[3], stack->bufsize,
1920 frame->filename, frame->lineno) < 0) {
1921 return NULL;
1922 }
1923
1924 if (token != T_BARE_WORD) {
1925 ERROR("%s[%d]: The third argument to 'subrequest' must be an attribute reference",
1926 frame->filename, frame->lineno);
1927 return NULL;
1928 }
1929 values++;
1930
1931 if (*ptr != '{') {
1932 ERROR("%s[%d]: Expecting section start brace '{' in 'subrequest' definition",
1933 frame->filename, frame->lineno);
1934 return NULL;
1935 }
1936 ptr++;
1937
1938 /*
1939 * Allocate the section
1940 */
1941alloc_section:
1942 css = cf_section_alloc(parent, parent, "subrequest", mod);
1943 if (!css) {
1944 ERROR("%s[%d]: Failed allocating memory for section",
1945 frame->filename, frame->lineno);
1946 return NULL;
1947 }
1948 cf_filename_set(css, frame->filename);
1949 cf_lineno_set(css, frame->lineno);
1950 if (mod) css->name2_quote = T_BARE_WORD;
1951
1952 css->argc = values;
1953 if (values) {
1954 int i;
1955
1956 css->argv = talloc_array(css, char const *, values);
1957 css->argv_quote = talloc_array(css, fr_token_t, values);
1958
1959 for (i = 0; i < values; i++) {
1960 css->argv[i] = talloc_strdup(css->argv, buff[2 + i]);
1961 css->argv_quote[i] = T_BARE_WORD;
1962 }
1963 }
1964
1965 stack->ptr = ptr;
1966
1967 css->allow_locals = true;
1968 css->unlang = CF_UNLANG_ALLOW;
1969 return cf_section_to_item(css);
1970}
1971
1972static CONF_ITEM *process_catch(cf_stack_t *stack)
1973{
1974 CONF_SECTION *css;
1975 int argc = 0;
1976 char const *ptr = stack->ptr;
1977 cf_stack_frame_t *frame = &stack->frame[stack->depth];
1978 CONF_SECTION *parent = frame->current;
1979 char *name2 = NULL;
1980 char *argv[RLM_MODULE_NUMCODES];
1981
1982 while (true) {
1983 char const *p;
1984 size_t len;
1985
1986 fr_skip_whitespace(ptr);
1987
1988 /*
1989 * We have an open bracket, it's the end of the "catch" statement.
1990 */
1991 if (*ptr == '{') {
1992 ptr++;
1993 break;
1994 }
1995
1996 /*
1997 * The arguments have to be short, unquoted words.
1998 */
1999 p = ptr;
2000 while (isalpha((uint8_t) *ptr)) ptr++;
2001
2002 len = ptr - p;
2003 if (len > 16) {
2004 ERROR("%s[%d]: Invalid syntax for 'catch' - unknown rcode '%s'",
2005 frame->filename, frame->lineno, p);
2006 return NULL;
2007 }
2008
2009 if ((*ptr != '{') && !isspace((uint8_t) *ptr)) {
2010 ERROR("%s[%d]: Invalid syntax for 'catch' - unexpected text at '%s'",
2011 frame->filename, frame->lineno, ptr);
2012 return NULL;
2013 }
2014
2015 if (!name2) {
2016 name2 = talloc_strndup(NULL, p, len);
2017 continue;
2018 }
2019
2020 if (argc >= RLM_MODULE_NUMCODES) {
2021 ERROR("%s[%d]: Invalid syntax for 'catch' - too many arguments at'%s'",
2022 frame->filename, frame->lineno, ptr);
2023 talloc_free(name2);
2024 return NULL;
2025 }
2026
2027 argv[argc++] = talloc_strndup(name2, p, len);
2028 }
2029
2030 css = cf_section_alloc(parent, parent, "catch", name2);
2031 if (!css) {
2032 talloc_free(name2);
2033 ERROR("%s[%d]: Failed allocating memory for section",
2034 frame->filename, frame->lineno);
2035 return NULL;
2036 }
2037 cf_filename_set(css, frame->filename);
2038 cf_lineno_set(css, frame->lineno);
2039 css->name2_quote = T_BARE_WORD;
2040 css->unlang = CF_UNLANG_ALLOW;
2041
2042 css->argc = argc;
2043 if (argc) {
2044 int i;
2045
2046 css->argv = talloc_array(css, char const *, argc + 1);
2047 css->argv_quote = talloc_array(css, fr_token_t, argc);
2048 css->argc = argc;
2049
2050 for (i = 0; i < argc; i++) {
2051 css->argv[i] = talloc_strdup(css->argv, argv[i]);
2052 css->argv_quote[i] = T_BARE_WORD;
2053 }
2054
2055 css->argv[argc] = NULL;
2056 }
2057 talloc_free(name2);
2058
2059 stack->ptr = ptr;
2060
2061 return cf_section_to_item(css);
2062}
2063
2064static int parse_error(cf_stack_t *stack, char const *ptr, char const *message)
2065{
2066 char *spaces, *text;
2067 cf_stack_frame_t *frame = &stack->frame[stack->depth];
2068
2069 if (!ptr) ptr = stack->ptr;
2070
2071 /*
2072 * We must pass a _negative_ offset to this function.
2073 */
2074 fr_canonicalize_error(NULL, &spaces, &text, stack->ptr - ptr, stack->ptr);
2075
2076 ERROR("%s[%d]: %s", frame->filename, frame->lineno, text);
2077 ERROR("%s[%d]: %s^ - %s", frame->filename, frame->lineno, spaces, message);
2078
2079 talloc_free(spaces);
2080 talloc_free(text);
2081 return -1;
2082}
2083
2084static int parse_type_name(cf_stack_t *stack, char const **ptr_p, char const *type_ptr, fr_type_t *type_p)
2085{
2086 fr_type_t type;
2087 fr_token_t token;
2088 char const *ptr = *ptr_p;
2089 char const *ptr2;
2090
2091 /*
2092 * Parse an explicit type.
2093 */
2094 type = fr_table_value_by_str(fr_type_table, stack->buff[1], FR_TYPE_NULL);
2095 switch (type) {
2096 default:
2097 break;
2098
2099 case FR_TYPE_NULL:
2100 case FR_TYPE_VOID:
2101 case FR_TYPE_VALUE_BOX:
2102 case FR_TYPE_MAX:
2103 (void) parse_error(stack, type_ptr, "Unknown or invalid variable type in 'foreach'");
2104 return -1;
2105 }
2106
2107 fr_skip_whitespace(ptr);
2108 ptr2 = ptr;
2109
2110 /*
2111 * Parse the variable name. @todo - allow '-' in names.
2112 */
2113 token = gettoken(&ptr, stack->buff[2], stack->bufsize, false);
2114 if (token != T_BARE_WORD) {
2115 (void) parse_error(stack, ptr2, "Invalid variable name for key in 'foreach'");
2116 return -1;
2117 }
2118 fr_skip_whitespace(ptr);
2119
2120 *ptr_p = ptr;
2121 *type_p = type;
2122
2123 return 0;
2124}
2125
2126/*
2127 * foreach &User-Name { - old and deprecated
2128 *
2129 * foreach value (...) { - automatically define variable
2130 *
2131 * foreach string value ( ...) { - data type for variable
2132 *
2133 * foreach string key, type value (..) { - key is "string", value is as above
2134 */
2135static CONF_ITEM *process_foreach(cf_stack_t *stack)
2136{
2137 fr_token_t token;
2138 fr_type_t type;
2139 CONF_SECTION *css;
2140 char const *ptr = stack->ptr, *ptr2, *type_ptr;
2141 cf_stack_frame_t *frame = &stack->frame[stack->depth];
2142 CONF_SECTION *parent = frame->current;
2143
2144 css = cf_section_alloc(parent, parent, "foreach", NULL);
2145 if (!css) {
2146 ERROR("%s[%d]: Failed allocating memory for section",
2147 frame->filename, frame->lineno);
2148 return NULL;
2149 }
2150
2151 cf_filename_set(css, frame->filename);
2152 cf_lineno_set(css, frame->lineno);
2153 css->name2_quote = T_BARE_WORD;
2154 css->unlang = CF_UNLANG_ALLOW;
2155 css->allow_locals = true;
2156
2157 /*
2158 * Get the first argument to "foreach". For backwards
2159 * compatibility, it could be an attribute reference.
2160 */
2161 type_ptr = ptr;
2162 if (cf_get_token(parent, &ptr, &token, stack->buff[1], stack->bufsize,
2163 frame->filename, frame->lineno) < 0) {
2164 return NULL;
2165 }
2166
2167 if (token != T_BARE_WORD) {
2168 invalid_argument:
2169 (void) parse_error(stack, type_ptr, "Unexpected argument to 'foreach'");
2170 return NULL;
2171 }
2172
2173 fr_skip_whitespace(ptr);
2174
2175 /*
2176 * foreach foo { ...
2177 *
2178 * Deprecated and don't use.
2179 */
2180 if (*ptr == '{') {
2181 css->name2 = talloc_strdup(css, stack->buff[1]);
2182
2183 ptr++;
2184 stack->ptr = ptr;
2185
2186 cf_log_warn(css, "Using deprecated syntax. Please use the new 'foreach' syntax.");
2187 return cf_section_to_item(css);
2188 }
2189
2190 fr_skip_whitespace(ptr);
2191
2192 /*
2193 * foreach value (...) {
2194 */
2195 if (*ptr == '(') {
2196 type = FR_TYPE_NULL;
2197 strcpy(stack->buff[2], stack->buff[1]); /* so that we can parse expression in buff[1] */
2198 goto alloc_argc_2;
2199 }
2200
2201 /*
2202 * on input, type name is in stack->buff[1]
2203 * on output, variable name is in stack->buff[2]
2204 */
2205 if (parse_type_name(stack, &ptr, type_ptr, &type) < 0) return NULL;
2206
2207 /*
2208 * if we now have an expression block, then just have variable type / name.
2209 */
2210 if (*ptr == '(') goto alloc_argc_2;
2211
2212 /*
2213 * There's a comma. the first "type name" is for the key. We skip the comma, and parse the
2214 * second "type name" as being for the value.
2215 *
2216 * foreach type key, type value (...)
2217 */
2218 if (*ptr == ',') {
2219 /*
2220 * We have 4 arguments, [var-type, var-name, key-type, key-name]
2221 *
2222 * We don't really care about key-type, but we might care later.
2223 */
2224 css->argc = 4;
2225 css->argv = talloc_array(css, char const *, css->argc);
2226 css->argv_quote = talloc_array(css, fr_token_t, css->argc);
2227
2228 css->argv[2] = fr_type_to_str(type);
2229 css->argv_quote[2] = T_BARE_WORD;
2230
2231 css->argv[3] = talloc_strdup(css->argv, stack->buff[2]);
2232 css->argv_quote[3] = T_BARE_WORD;
2233
2234 ptr++;
2235 fr_skip_whitespace(ptr);
2236 type_ptr = ptr;
2237
2238 /*
2239 * Now parse "type value"
2240 */
2241 token = gettoken(&ptr, stack->buff[1], stack->bufsize, false);
2242 if (token != T_BARE_WORD) goto invalid_argument;
2243
2244 if (parse_type_name(stack, &ptr, type_ptr, &type) < 0) return NULL;
2245
2246 if (!fr_type_is_leaf(type)) {
2247 (void) parse_error(stack, type_ptr, "Invalid data type for 'key' variable");
2248 return NULL;
2249 }
2250 }
2251
2252 /*
2253 * The thing to loop over must now be in an expression block.
2254 */
2255 if (*ptr != '(') {
2256 (void) parse_error(stack, ptr, "Expected (...) after 'foreach' variable definition");
2257 return NULL;
2258 }
2259
2260 goto parse_expression;
2261
2262alloc_argc_2:
2263 css->argc = 2;
2264 css->argv = talloc_array(css, char const *, css->argc);
2265 css->argv_quote = talloc_array(css, fr_token_t, css->argc);
2266
2267
2268parse_expression:
2269 /*
2270 * "(" whitespace EXPRESSION whitespace ")"
2271 */
2272 ptr++;
2273 fr_skip_whitespace(ptr);
2274 ptr2 = ptr;
2275
2276 if (cf_get_token(parent, &ptr, &token, stack->buff[1], stack->bufsize,
2277 frame->filename, frame->lineno) < 0) {
2278 return NULL;
2279 }
2280
2281 /*
2282 * We can do &foo[*] or %func(...), but not "...".
2283 */
2284 if (token != T_BARE_WORD) {
2285 (void) parse_error(stack, ptr2, "Invalid reference in 'foreach'");
2286 return NULL;
2287 }
2288
2289 fr_skip_whitespace(ptr);
2290 if (*ptr != ')') {
2291 (void) parse_error(stack, ptr, "Missing ')' in 'foreach'");
2292 return NULL;
2293 }
2294 ptr++;
2295 fr_skip_whitespace(ptr);
2296
2297 if (*ptr != '{') {
2298 (void) parse_error(stack, ptr, "Expected '{' in 'foreach'");
2299 return NULL;
2300 }
2301
2302 css->name2 = talloc_strdup(css, stack->buff[1]);
2303
2304 /*
2305 * Add in the extra arguments
2306 */
2307 css->argv[0] = fr_type_to_str(type);
2308 css->argv_quote[0] = T_BARE_WORD;
2309
2310 css->argv[1] = talloc_strdup(css->argv, stack->buff[2]);
2311 css->argv_quote[1] = T_BARE_WORD;
2312
2313 ptr++;
2314 stack->ptr = ptr;
2315
2316 return cf_section_to_item(css);
2317}
2318
2319
2320static int add_pair(CONF_SECTION *parent, char const *attr, char const *value,
2321 fr_token_t name1_token, fr_token_t op_token, fr_token_t value_token,
2322 char *buff, char const *filename, int lineno)
2323{
2324 CONF_DATA const *cd;
2325 conf_parser_t *rule;
2326 CONF_PAIR *cp;
2327 bool pass2 = false;
2328
2329 /*
2330 * If we have the value, expand any configuration
2331 * variables in it.
2332 */
2333 if (value && *value) {
2334 bool soft_fail;
2335 char const *expanded;
2336
2337 expanded = cf_expand_variables(filename, lineno, parent, buff, talloc_array_length(buff), value, -1, &soft_fail,
2338 (value_token != T_BARE_WORD));
2339 if (expanded) {
2340 value = expanded;
2341
2342 } else if (!soft_fail) {
2343 return -1;
2344
2345 } else {
2346 /*
2347 * References an item which doesn't exist,
2348 * or which is already marked up as being
2349 * expanded in pass2. Wait for pass2 to
2350 * do the expansions.
2351 *
2352 * Leave the input value alone.
2353 */
2354 pass2 = true;
2355 }
2356 }
2357
2358 cp = cf_pair_alloc(parent, attr, value, op_token, name1_token, value_token);
2359 if (!cp) return -1;
2360 cf_filename_set(cp, filename);
2361 cf_lineno_set(cp, lineno);
2362 cp->pass2 = pass2;
2363
2364 cd = cf_data_find(CF_TO_ITEM(parent), conf_parser_t, attr);
2365 if (!cd) return 0;
2366
2367 rule = cf_data_value(cd);
2368 if (!rule->on_read) return 0;
2369
2370 /*
2371 * Do the on_read callback after adding the value.
2372 */
2373 return rule->on_read(parent, NULL, NULL, cf_pair_to_item(cp), rule);
2374}
2375
2376/*
2377 * switch (cast) foo {
2378 */
2379static CONF_ITEM *process_switch(cf_stack_t *stack)
2380{
2381 size_t match_len;
2382 fr_type_t type = FR_TYPE_NULL;
2383 fr_token_t name2_quote = T_BARE_WORD;
2384 CONF_SECTION *css;
2385 char const *ptr = stack->ptr;
2386 cf_stack_frame_t *frame = &stack->frame[stack->depth];
2387 CONF_SECTION *parent = frame->current;
2388
2389 fr_skip_whitespace(ptr);
2390 if (*ptr == '(') {
2391 char const *start;
2392
2393 ptr++;
2394 start = ptr;
2395
2396 while (isalpha(*ptr)) ptr++;
2397
2398 if (*ptr != ')') {
2399 ERROR("%s[%d]: Missing ')' in cast",
2400 frame->filename, frame->lineno);
2401 return NULL;
2402 }
2403
2404 type = fr_table_value_by_longest_prefix(&match_len, fr_type_table,
2405 start, ptr - start, FR_TYPE_MAX);
2406 if (type == FR_TYPE_MAX) {
2407 ERROR("%s[%d]: Unknown data type '%.*s' in cast",
2408 frame->filename, frame->lineno, (int) (ptr - start), start);
2409 return NULL;
2410 }
2411
2412 if (!fr_type_is_leaf(type)) {
2413 ERROR("%s[%d]: Invalid data type '%.*s' in cast",
2414 frame->filename, frame->lineno, (int) (ptr - start), start);
2415 return NULL;
2416 }
2417
2418 ptr++;
2419 fr_skip_whitespace(ptr);
2420 }
2421
2422 /*
2423 * Get the argument to the switch statement
2424 */
2425 if (cf_get_token(parent, &ptr, &name2_quote, stack->buff[1], stack->bufsize,
2426 frame->filename, frame->lineno) < 0) {
2427 return NULL;
2428 }
2429
2430 css = cf_section_alloc(parent, parent, "switch", NULL);
2431 if (!css) {
2432 ERROR("%s[%d]: Failed allocating memory for section",
2433 frame->filename, frame->lineno);
2434 return NULL;
2435 }
2436
2437 cf_filename_set(css, frame->filename);
2438 cf_lineno_set(css, frame->lineno);
2439 css->name2_quote = name2_quote;
2440 css->unlang = CF_UNLANG_ALLOW;
2441 css->allow_locals = true;
2442
2443 fr_skip_whitespace(ptr);
2444
2445 if (*ptr != '{') {
2446 (void) parse_error(stack, ptr, "Expected '{' in 'switch'");
2447 return NULL;
2448 }
2449
2450 css->name2 = talloc_strdup(css, stack->buff[1]);
2451
2452 /*
2453 * Add in the extra argument.
2454 */
2455 if (type != FR_TYPE_NULL) {
2456 css->argc = 1;
2457 css->argv = talloc_array(css, char const *, css->argc);
2458 css->argv_quote = talloc_array(css, fr_token_t, css->argc);
2459
2460 css->argv[0] = fr_type_to_str(type);
2461 css->argv_quote[0] = T_BARE_WORD;
2462 }
2463
2464 ptr++;
2465 stack->ptr = ptr;
2466
2467 return cf_section_to_item(css);
2468}
2469
2470
2471static fr_table_ptr_sorted_t unlang_keywords[] = {
2472 { L("catch"), (void *) process_catch },
2473 { L("elsif"), (void *) process_if },
2474 { L("foreach"), (void *) process_foreach },
2475 { L("if"), (void *) process_if },
2476 { L("map"), (void *) process_map },
2477 { L("subrequest"), (void *) process_subrequest },
2478 { L("switch"), (void *) process_switch }
2479};
2480static int unlang_keywords_len = NUM_ELEMENTS(unlang_keywords);
2481
2482typedef CONF_ITEM *(*cf_process_func_t)(cf_stack_t *);
2483
2484/*
2485 * This is fine. Don't complain.
2486 */
2487#ifdef __clang__
2488#pragma clang diagnostic ignored "-Wgnu-designator"
2489#endif
2490
2491/** Convert tokens back to a quoting character
2492 *
2493 * Non-string types convert to '?' to screw ups can be identified easily
2494 */
2495static const bool cf_name_char1[SBUFF_CHAR_CLASS] = {
2496 [ '0' ... '9' ] = true,
2497 [ 'A' ... 'Z' ] = true,
2498 [ 'a' ... 'z' ] = true,
2499 [ '%' ] = true, // %function() in unlang
2500 [ '@' ] = true, // @policy
2501 [ '-' ] = true, // -sql, but probably only in 'unlang'
2502 [ '&' ] = true, // legacy stuff.
2503};
2504
2505
2506static int parse_input(cf_stack_t *stack)
2507{
2508 fr_token_t name1_token, name2_token, value_token, op_token;
2509 char const *value;
2510 CONF_SECTION *css;
2511 char const *ptr = stack->ptr;
2512 char const *name1_ptr, *name2_ptr, *op_ptr;
2513 cf_stack_frame_t *frame = &stack->frame[stack->depth];
2514 CONF_SECTION *parent = frame->current;
2515 char *buff[4];
2516 cf_process_func_t process;
2517
2518 /*
2519 * Short names are nicer.
2520 */
2521 buff[0] = stack->buff[0];
2522 buff[1] = stack->buff[1];
2523 buff[2] = stack->buff[2];
2524 buff[3] = stack->buff[3];
2525
2526 fr_assert(parent != NULL);
2527
2528 /*
2529 * Catch end of a subsection.
2530 *
2531 * frame->current is the new thing we just created.
2532 * frame->parent is the parent of the current frame
2533 * frame->at_reference is the original frame->current, before the @reference
2534 * parent is the parent we started with when we started this section.
2535 */
2536 if (*ptr == '}') {
2537 /*
2538 * No pushed braces means that we're already in
2539 * the parent section which loaded this file. We
2540 * cannot go back up another level.
2541 *
2542 * This limitation means that we cannot put half
2543 * of a CONF_SECTION in one file, and then the
2544 * second half in another file. That's fine.
2545 */
2546 if (frame->braces == 0) {
2547 return parse_error(stack, ptr, "Too many closing braces");
2548 }
2549
2550 /*
2551 * Reset the current and parent to the original
2552 * section, before we were parsing the
2553 * @reference.
2554 */
2555 if (frame->at_reference && (frame->braces == frame->at_reference_braces + 1)) {
2556 frame->current = frame->parent = frame->at_reference;
2557 frame->at_reference = NULL;
2558
2559 } else {
2560 /*
2561 * Go back up one section, because we can.
2562 */
2563 frame->current = frame->parent = cf_item_to_section(frame->current->item.parent);
2564 }
2565
2566 fr_assert(frame->braces > 0);
2567 frame->braces--;
2568
2569 /*
2570 * Merge the template into the existing
2571 * section. parent uses more memory, but
2572 * means that templates now work with
2573 * sub-sections, etc.
2574 */
2575 if (!cf_template_merge(parent, parent->template)) return -1;
2576
2577 ptr++;
2578 stack->ptr = ptr;
2579 return 1;
2580 }
2581
2582 /*
2583 * Found nothing to get excited over. It MUST be
2584 * a key word.
2585 */
2586 name1_ptr = ptr;
2587 switch (parent->unlang) {
2588 default:
2589 /*
2590 * The LHS is a bare word / keyword in normal configuration file syntax.
2591 */
2592 name1_token = gettoken(&ptr, buff[1], stack->bufsize, false);
2593 if (name1_token == T_EOL) return 0;
2594
2595 if (name1_token == T_INVALID) {
2596 return parse_error(stack, name1_ptr, fr_strerror());
2597 }
2598
2599 if (name1_token != T_BARE_WORD) {
2600 return parse_error(stack, name1_ptr, "Invalid location for quoted string");
2601 }
2602
2603 if (*buff[1] == '%') {
2604 return parse_error(stack, name1_ptr, "Cannot use functions outside of a processing section");
2605 }
2606
2607 if (*buff[1] == '&') {
2608 return parse_error(stack, name1_ptr, "Cannot reference attributes outside of a processing section");
2609 }
2610
2611 fr_skip_whitespace(ptr);
2612 break;
2613
2614 case CF_UNLANG_ALLOW:
2615 case CF_UNLANG_EDIT:
2616 case CF_UNLANG_ASSIGNMENT:
2617 /*
2618 * The LHS can be an xlat expansion, attribute reference, etc.
2619 */
2620 if (cf_get_token(parent, &ptr, &name1_token, buff[1], stack->bufsize,
2621 frame->filename, frame->lineno) < 0) {
2622 return -1;
2623 }
2624
2625 /*
2626 * Complain about old syntax.
2627 */
2628 if (check_config && (*buff[1] == '&')) {
2629 WARN("%s[%d]: Using '&' is no longer necessary when referencing attributes. Please delete it.", frame->filename, frame->lineno);
2630 }
2631 break;
2632 }
2633
2634 /*
2635 * Check for bad names. A section named ".foo" will absolutely break the path hierarchy.
2636 */
2637 if (name1_token == T_BARE_WORD) {
2638 if (!cf_name_char1[(uint8_t) *buff[1]]) {
2639 return parse_error(stack, name1_ptr, "Invalid name");
2640 }
2641 }
2642
2643 /*
2644 * Check if the thing we just parsed is an unlang keyword.
2645 */
2646 if ((name1_token == T_BARE_WORD) && isalpha((uint8_t) *buff[1])) {
2647 process = (cf_process_func_t) fr_table_value_by_str(unlang_keywords, buff[1], NULL);
2648 if (process) {
2649 CONF_ITEM *ci;
2650
2651 /*
2652 * Disallow keywords outside of unlang sections.
2653 *
2654 * We don't strictly need to do this with the more state-oriented parser, but
2655 * people keep putting unlang into random places in the configuration files,
2656 * which is wrong.
2657 */
2658 if (parent->unlang != CF_UNLANG_ALLOW) {
2659 return parse_error(stack, name1_ptr, "Invalid location for unlang keyword");
2660 }
2661
2662 stack->ptr = ptr;
2663 ci = process(stack);
2664 if (!ci) return -1;
2665
2666 ptr = stack->ptr;
2667 if (cf_item_is_section(ci)) {
2668 parent->allow_locals = false;
2669 css = cf_item_to_section(ci);
2670 goto add_section;
2671 }
2672
2673 /*
2674 * Else the item is a pair, and the call to process() it already added it to the
2675 * current section.
2676 */
2677 goto added_pair;
2678 }
2679
2680 /*
2681 * The next token isn't text, so we ignore it.
2682 */
2683 if (!isalnum((int) *ptr)) goto check_for_eol;
2684 }
2685
2686 /*
2687 * See if this thing is a variable definition.
2688 */
2689 if ((name1_token == T_BARE_WORD) && parent->allow_locals) {
2690 fr_type_t type;
2691 char const *ptr3;
2692
2693 type = fr_table_value_by_str(fr_type_table, buff[1], FR_TYPE_NULL);
2694 if (type == FR_TYPE_NULL) {
2695 parent->allow_locals = false;
2696 goto check_for_eol;
2697 }
2698
2699 if (type == FR_TYPE_TLV) goto parse_name2;
2700
2701 /*
2702 * group {
2703 *
2704 * is a section.
2705 */
2706 if (type == FR_TYPE_GROUP) {
2707 fr_skip_whitespace(ptr);
2708 if (*ptr == '{') {
2709 ptr++;
2710 value = NULL;
2711 name2_token = T_BARE_WORD;
2712 goto alloc_section;
2713 }
2714
2715 } else if (!fr_type_is_leaf(type)) {
2716 /*
2717 * Other structural types are allowed.
2718 */
2719 return parse_error(stack, name1_ptr, "Invalid data type for local variable. Must be 'tlv' or else a non-structural type");
2720 }
2721
2722 /*
2723 * We don't have an operator, so set it to a magic value.
2724 */
2725 op_token = T_OP_CMP_TRUE;
2726
2727 /*
2728 * Parse the name of the local variable, and use it as the "value" for the CONF_PAIR.
2729 */
2730 ptr3 = ptr;
2731 if (cf_get_token(parent, &ptr, &value_token, buff[2], stack->bufsize,
2732 frame->filename, frame->lineno) < 0) {
2733 return -1;
2734 }
2735
2736 if (value_token != T_BARE_WORD) {
2737 return parse_error(stack, ptr3, "Invalid name");
2738 }
2739
2740 value = buff[2];
2741
2742 /*
2743 * Non-structural things must be variable definitions.
2744 */
2745 if (fr_type_is_leaf(type)) goto alloc_pair;
2746
2747 /*
2748 * Parse: group foo
2749 * vs group foo { ...
2750 */
2751 fr_skip_whitespace(ptr);
2752
2753 if (*ptr != '{') goto alloc_pair;
2754
2755 ptr++;
2756 name2_token = T_BARE_WORD;
2757 goto alloc_section;
2758 }
2759
2760 /*
2761 * We've parsed the LHS thing. The RHS might be empty, or an operator, or another word, or an
2762 * open bracket.
2763 */
2764check_for_eol:
2765 if (!*ptr || (*ptr == '#') || (*ptr == ',') || (*ptr == ';') || (*ptr == '}')) {
2766 /*
2767 * Only unlang sections can have module references.
2768 *
2769 * We also allow bare words in edit lists, where the RHS is a list of values.
2770 *
2771 * @todo - detail "suppress" requires bare words :(
2772 */
2773 parent->allow_locals = false;
2774 value_token = T_INVALID;
2775 op_token = T_OP_EQ;
2776 value = NULL;
2777 goto alloc_pair;
2778 }
2779
2780 /*
2781 * A common pattern is: name { ...}
2782 * Check for it and skip ahead.
2783 */
2784 if (*ptr == '{') {
2785 ptr++;
2786 name2_token = T_INVALID;
2787 value = NULL;
2788 goto alloc_section;
2789 }
2790
2791 /*
2792 * Parse the thing after the first word. It can be an operator, or the second name for a section.
2793 */
2794 name2_ptr = ptr;
2795 switch (parent->unlang) {
2796 default:
2797 /*
2798 * Configuration sections can only have '=' after the
2799 * first word, OR a second word which is the second name
2800 * of a configuration section.
2801 */
2802 if (*ptr == '=') goto operator;
2803
2804 /*
2805 * Section name2 can only be alphanumeric or UTF-8.
2806 */
2807 parse_name2:
2808 name2_ptr = ptr;
2809
2810 if (!(isalpha((uint8_t) *ptr) || isdigit((uint8_t) *ptr) || (*(uint8_t const *) ptr >= 0x80))) {
2811 /*
2812 * Maybe they missed a closing brace somewhere?
2813 */
2814 name2_token = gettoken(&ptr, buff[2], stack->bufsize, false); /* can't be EOL */
2815 if (fr_assignment_op[name2_token]) {
2816 return parse_error(stack, name2_ptr, "Unexpected operator, was expecting a configuration section. Is there a missing '}' somewhere?");
2817 }
2818
2819 return parse_error(stack, name2_ptr, "Invalid second name for configuration section");
2820 }
2821
2822 name2_token = gettoken(&ptr, buff[2], stack->bufsize, false); /* can't be EOL */
2823 if (name2_token == T_INVALID) {
2824 return parse_error(stack, name2_ptr, fr_strerror());
2825 }
2826
2827 if (name2_token != T_BARE_WORD) {
2828 return parse_error(stack, name2_ptr, "Unexpected quoted string after section name");
2829 }
2830
2831 fr_skip_whitespace(ptr);
2832
2833 /*
2834 * load-balance and redundant-load-balance MUST have a static module name, and MAY have
2835 * an additional load-balance keyword.
2836 */
2837 if ((parent->unlang == CF_UNLANG_MODULES) && (*ptr != '{') &&
2838 ((strcmp(buff[1], "load-balance") == 0) ||
2839 (strcmp(buff[1], "redundant-load-balance") == 0))) {
2840 /*
2841 * The third name could be an attribute name, xlat expansion, etc.
2842 */
2843 if (cf_get_token(parent, &ptr, &value_token, buff[3], stack->bufsize,
2844 frame->filename, frame->lineno) < 0) {
2845 return -1;
2846 }
2847
2848 fr_skip_whitespace(ptr);
2849
2850 if (*ptr != '{') {
2851 return parse_error(stack, ptr, "Expected '{'");
2852 }
2853
2854 ptr++;
2855
2856 css = cf_section_alloc(parent, parent, buff[1], buff[2]);
2857 if (!css) goto oom;
2858
2859 css->argc = 1;
2860 css->argv = talloc_array(css, char const *, 1);
2861 css->argv[0] = talloc_strdup(css->argv, buff[3]);
2862 css->argv_quote = talloc_array(css, fr_token_t, 1);
2863 css->argv_quote[0] = value_token;
2864 goto setup_section;
2865 }
2866
2867 if (*ptr != '{') {
2868 return parse_error(stack, ptr, "Missing '{' for configuration section");
2869 }
2870
2871 ptr++;
2872 value = buff[2];
2873 goto alloc_section;
2874
2875 case CF_UNLANG_ASSIGNMENT:
2876 /*
2877 * The next thing MUST be an operator. We don't support nested attributes in "update" or
2878 * "map" sections.
2879 */
2880 goto operator;
2881
2882 case CF_UNLANG_EDIT:
2883 /*
2884 * The next thing MUST be an operator. Edit sections always do operations, even on
2885 * lists. i.e. there is no second name section when editing a list.
2886 */
2887 goto operator;
2888
2889 case CF_UNLANG_ALLOW:
2890 /*
2891 * 'case ::foo' is allowed. For generality, we just expect that the second argument to
2892 * 'case' is not an operator.
2893 */
2894 if ((strcmp(buff[1], "case") == 0) ||
2895 (strcmp(buff[1], "limit") == 0) ||
2896 (strcmp(buff[1], "timeout") == 0)) {
2897 break;
2898 }
2899
2900 /*
2901 * It's not a string, bare word, or attribute reference. It must be an operator.
2902 */
2903 if (!((*ptr == '"') || (*ptr == '`') || (*ptr == '\'') || ((*ptr == '&') && (ptr[1] != '=')) ||
2904 ((*((uint8_t const *) ptr) & 0x80) != 0) || isalpha((uint8_t) *ptr) || isdigit((uint8_t) *ptr))) {
2905 goto operator;
2906 }
2907 break;
2908 }
2909
2910 /*
2911 * The second name could be a bare word, xlat expansion, string etc.
2912 */
2913 if (cf_get_token(parent, &ptr, &name2_token, buff[2], stack->bufsize,
2914 frame->filename, frame->lineno) < 0) {
2915 return -1;
2916 }
2917
2918 if (*ptr != '{') {
2919 fr_type_t type = fr_type_from_str(buff[1]);
2920
2921 /*
2922 * Not the name of a data type.
2923 */
2924 if (type == FR_TYPE_NULL) {
2925 return parse_error(stack, ptr, "Expected '{' after section names");
2926 }
2927
2928 if (parent->unlang == CF_UNLANG_EDIT) {
2929 return parse_error(stack, name1_ptr, "Invalid location for local variable - definitions cannot be inside of an assignment");
2930 }
2931
2932 if (parent->unlang == CF_UNLANG_ALLOW) {
2933 return parse_error(stack, name1_ptr, "Invalid location for local variable - definitions must go at the start of a section");
2934 }
2935
2936 return parse_error(stack, name1_ptr, "Invalid location for local variable - definitions can only go in a processing section.");
2937 }
2938 ptr++;
2939 value = buff[2];
2940
2941alloc_section:
2942 parent->allow_locals = false;
2943
2944 /*
2945 * @policy foo { ...}
2946 *
2947 * Means "add foo to the policy section". And if
2948 * policy{} doesn't exist, create it, and then mark up
2949 * policy{} with a flag "we need to merge it", so that
2950 * when we read the actual policy{}, we merge the
2951 * contents together, instead of creating a second
2952 * policy{}.
2953 *
2954 * @todo - allow for '.' in @.ref Or at least test it. :(
2955 *
2956 * @todo - allow for two section names @ref foo bar {...}
2957 *
2958 * @todo - maybe we can use this to overload things in
2959 * virtual servers, and in modules?
2960 */
2961 if (buff[1][0] == '@') {
2962 CONF_ITEM *ci;
2963 CONF_SECTION *root;
2964 char const *name = &buff[1][1];
2965
2966 if (!value) {
2967 ERROR("%s[%d]: Missing section name for reference", frame->filename, frame->lineno);
2968 return -1;
2969 }
2970
2971 root = cf_root(parent);
2972
2973 ci = cf_reference_item(root, parent, name);
2974 if (!ci) {
2975 if (name[1] == '.') {
2976 PERROR("%s[%d]: Failed finding reference \"%s\"", frame->filename, frame->lineno, name);
2977 return -1;
2978 }
2979
2980 css = cf_section_alloc(root, root, name, NULL);
2981 if (!css) goto oom;
2982
2983 cf_filename_set(css, frame->filename);
2984 cf_lineno_set(css, frame->lineno);
2985 css->name2_quote = name2_token;
2986 css->unlang = CF_UNLANG_NONE;
2987 css->allow_locals = false;
2988 css->at_reference = true;
2989 parent = css;
2990
2991 /*
2992 * Copy this code from below. :(
2993 */
2994 if (cf_item_to_section(parent->item.parent) == root) {
2995 if (strcmp(css->name1, "server") == 0) css->unlang = CF_UNLANG_SERVER;
2996 if (strcmp(css->name1, "policy") == 0) css->unlang = CF_UNLANG_POLICY;
2997 if (strcmp(css->name1, "modules") == 0) css->unlang = CF_UNLANG_MODULES;
2998 if (strcmp(css->name1, "templates") == 0) css->unlang = CF_UNLANG_CAN_HAVE_UPDATE;
2999 }
3000
3001 } else {
3002 if (!cf_item_is_section(ci)) {
3003 ERROR("%s[%d]: Reference \"%s\" is not a section", frame->filename, frame->lineno, name);
3004 return -1;
3005 }
3006
3007 /*
3008 * Set the new parent and ensure we're
3009 * not creating a duplicate section.
3010 */
3011 parent = cf_item_to_section(ci);
3012 css = cf_section_find(parent, value, NULL);
3013 if (css) {
3014 ERROR("%s[%d]: Reference \"%s\" already contains a \"%s\" section at %s[%d]",
3015 frame->filename, frame->lineno, name, value,
3016 css->item.filename, css->item.lineno);
3017 return -1;
3018 }
3019 }
3020
3021 /*
3022 * We're processing a section. The @reference is
3023 * OUTSIDE of this section.
3024 *
3025 * '@reference' is only valid at the top level of a
3026 * section: once any enclosing section has been opened,
3027 * frame->current diverges from frame->parent, and the
3028 * reference has no well-defined target.
3029 */
3030 if (frame->current != frame->parent) {
3031 ERROR("%s[%d]: '@%s' references can only appear at the top level of a section",
3032 frame->filename, frame->lineno, name);
3033 return -1;
3034 }
3035 frame->at_reference = frame->parent;
3036 frame->at_reference_braces = frame->braces;
3037 name2_token = T_BARE_WORD;
3038
3039 css = cf_section_alloc(parent, parent, value, NULL);
3040 } else {
3041 /*
3042 * Check if there's already an auto-created
3043 * section of this name. If so, just use that
3044 * section instead of allocating a new one.
3045 */
3046 css = cf_section_find(parent, buff[1], value);
3047 if (css && css->at_reference) {
3048 css->at_reference = false;
3049 } else {
3050 css = cf_section_alloc(parent, parent, buff[1], value);
3051 }
3052 }
3053
3054 if (!css) {
3055 oom:
3056 ERROR("%s[%d]: Failed allocating memory for section",
3057 frame->filename, frame->lineno);
3058 return -1;
3059 }
3060
3061setup_section:
3062 cf_filename_set(css, frame->filename);
3063 cf_lineno_set(css, frame->lineno);
3064 css->name2_quote = name2_token;
3065 css->unlang = CF_UNLANG_NONE;
3066 css->allow_locals = false;
3067
3068 /*
3069 * Only a few top-level sections allow "unlang"
3070 * statements. And for those, "unlang"
3071 * statements are only allowed in child
3072 * subsection.
3073 */
3074 switch (parent->unlang) {
3075 case CF_UNLANG_NONE:
3076 if (!parent->item.parent) {
3077 if (strcmp(css->name1, "server") == 0) css->unlang = CF_UNLANG_SERVER;
3078 if (strcmp(css->name1, "policy") == 0) css->unlang = CF_UNLANG_POLICY;
3079 if (strcmp(css->name1, "modules") == 0) css->unlang = CF_UNLANG_MODULES;
3080 if (strcmp(css->name1, "templates") == 0) css->unlang = CF_UNLANG_CAN_HAVE_UPDATE;
3081
3082 } else if ((cf_item_to_section(parent->item.parent)->unlang == CF_UNLANG_MODULES) &&
3083 (strcmp(css->name1, "update") == 0)) {
3084 /*
3085 * Module configuration can contain "update" statements.
3086 */
3087 css->unlang = CF_UNLANG_ASSIGNMENT;
3088 css->allow_locals = false;
3089 }
3090 break;
3091
3092 /*
3093 * It's a policy section - allow unlang inside of child sections.
3094 */
3095 case CF_UNLANG_POLICY:
3096 css->unlang = CF_UNLANG_ALLOW;
3097 css->allow_locals = true;
3098 break;
3099
3100 /*
3101 * A virtual server has processing sections, but only a limited number of them.
3102 * Rather than trying to autoload them and glue the interpreter into the conf
3103 * file parser, we just hack it.
3104 */
3105 case CF_UNLANG_SERVER:
3106 // git grep SECTION_NAME src/process/ src/lib/server/process.h | sed 's/.*SECTION_NAME("//;s/",.*//' | sort -u
3107 if (fr_table_value_by_str(server_unlang_section, css->name1, false)) {
3108 css->unlang = CF_UNLANG_ALLOW;
3109 css->allow_locals = true;
3110 break;
3111 }
3112
3113 /*
3114 * Allow local variables, but no unlang statements.
3115 */
3116 if (strcmp(css->name1, "dictionary") == 0) {
3117 css->unlang = CF_UNLANG_DICTIONARY;
3118 css->allow_locals = true;
3119 break;
3120 }
3121
3122 /*
3123 * ldap sync has "update" a few levels down.
3124 */
3125 if (strcmp(css->name1, "listen") == 0) {
3126 css->unlang = CF_UNLANG_CAN_HAVE_UPDATE;
3127 }
3128 break;
3129
3130 /*
3131 * Virtual modules in the "modules" section can have unlang.
3132 */
3133 case CF_UNLANG_MODULES:
3134 if ((strcmp(css->name1, "group") == 0) ||
3135 (strcmp(css->name1, "load-balance") == 0) ||
3136 (strcmp(css->name1, "redundant") == 0) ||
3137 (strcmp(css->name1, "redundant-load-balance") == 0)) {
3138 css->unlang = CF_UNLANG_ALLOW;
3139 css->allow_locals = true;
3140 } else {
3141 css->unlang = CF_UNLANG_CAN_HAVE_UPDATE;
3142 }
3143 break;
3144
3145 case CF_UNLANG_EDIT:
3146 /*
3147 * Edit sections can only have children which are edit sections.
3148 */
3149 css->unlang = CF_UNLANG_EDIT;
3150 break;
3151
3152 case CF_UNLANG_ALLOW:
3153 /*
3154 * If we are doing list assignment, then don't allow local variables. The children are
3155 * also then all edit sections, and not unlang statements.
3156 *
3157 * If we're not doing list assignment, then name2 has to be a bare word, string, etc.
3158 */
3159 css->allow_locals = !fr_list_assignment_op[name2_token];
3160 if (css->allow_locals) {
3161 /*
3162 * @todo - tighten this up for "actions" sections, and module rcode
3163 * over-rides.
3164 *
3165 * Perhaps the best way to do that is to change the syntax for module
3166 * over-rides, so that the parser doesn't have to guess. :(
3167 */
3168 css->unlang = CF_UNLANG_ALLOW;
3169 } else {
3170 css->unlang = CF_UNLANG_EDIT;
3171 }
3172 break;
3173
3174 /*
3175 * We can (maybe?) do nested assignments inside of an old-style "update" or "map" section
3176 */
3177 case CF_UNLANG_ASSIGNMENT:
3178 css->unlang = CF_UNLANG_ASSIGNMENT;
3179 break;
3180
3181 case CF_UNLANG_DICTIONARY:
3182 css->unlang = CF_UNLANG_DICTIONARY;
3183 css->allow_locals = true;
3184 break;
3185
3186 case CF_UNLANG_CAN_HAVE_UPDATE:
3187 if (strcmp(css->name1, "update") == 0) {
3188 css->unlang = CF_UNLANG_ASSIGNMENT;
3189 } else {
3190 css->unlang = CF_UNLANG_CAN_HAVE_UPDATE;
3191 }
3192 break;
3193 }
3194
3195add_section:
3196 /*
3197 * The current section is now the child section.
3198 */
3199 frame->current = css;
3200 frame->braces++;
3201 css = NULL;
3202 stack->ptr = ptr;
3203 return 1;
3204
3205
3206 /*
3207 * If we're not parsing a section, then the next
3208 * token MUST be an operator.
3209 */
3210operator:
3211 op_ptr = ptr;
3212 name2_token = gettoken(&ptr, buff[2], stack->bufsize, false);
3213 switch (name2_token) {
3214 case T_OP_ADD_EQ:
3215 case T_OP_SUB_EQ:
3216 case T_OP_MUL_EQ:
3217 case T_OP_DIV_EQ:
3218 case T_OP_AND_EQ:
3219 case T_OP_OR_EQ:
3220 case T_OP_NE:
3221 case T_OP_RSHIFT_EQ:
3222 case T_OP_GE:
3223 case T_OP_GT:
3224 case T_OP_LSHIFT_EQ:
3225 case T_OP_LE:
3226 case T_OP_LT:
3227 case T_OP_CMP_EQ:
3228 case T_OP_CMP_FALSE:
3229 case T_OP_SET:
3230 case T_OP_PREPEND:
3231 /*
3232 * Allow more operators in unlang statements, edit sections, and old-style "update" sections.
3233 */
3234 if ((parent->unlang != CF_UNLANG_ALLOW) && (parent->unlang != CF_UNLANG_EDIT) && (parent->unlang != CF_UNLANG_ASSIGNMENT)) {
3235 return parse_error(stack, op_ptr, "Invalid operator for assignment");
3236 }
3237 FALL_THROUGH;
3238
3239 case T_OP_EQ:
3240 /*
3241 * Configuration variables can only use =
3242 */
3243 fr_skip_whitespace(ptr);
3244 op_token = name2_token;
3245 break;
3246
3247 default:
3248 return parse_error(stack, op_ptr, "Syntax error, the input should be an assignment operator");
3249 }
3250
3251 /*
3252 * MUST have something after the operator.
3253 */
3254 if (!*ptr || (*ptr == '#') || (*ptr == ',') || (*ptr == ';')) {
3255 return parse_error(stack, ptr, "Missing value after operator");
3256 }
3257
3258 /*
3259 * foo = { ... } for nested groups.
3260 *
3261 * As a special case, we allow sub-sections after '=', etc.
3262 *
3263 * This syntax is only for inside of "update"
3264 * sections, and for attributes of type "group".
3265 * But the parser isn't (yet) smart enough to
3266 * know about that context. So we just silently
3267 * allow it everywhere.
3268 */
3269 if (*ptr == '{') {
3270 if ((parent->unlang != CF_UNLANG_ALLOW) && (parent->unlang != CF_UNLANG_EDIT)) {
3271 return parse_error(stack, ptr, "Invalid location for nested attribute assignment");
3272 }
3273
3274 if (!fr_list_assignment_op[name2_token]) {
3275 return parse_error(stack, ptr, "Invalid assignment operator for list");
3276 }
3277
3278 /*
3279 * Now that we've peeked ahead to
3280 * see the open brace, parse it
3281 * for real.
3282 */
3283 ptr++;
3284
3285 /*
3286 * Leave name2_token as the
3287 * operator (as a hack). But
3288 * note that there's no actual
3289 * name2. We'll deal with that
3290 * situation later.
3291 */
3292 value = NULL;
3293 goto alloc_section;
3294 }
3295
3296 fr_skip_whitespace(ptr);
3297
3298 /*
3299 * Parse the value for a CONF_PAIR.
3300 *
3301 * If it's unlang or an edit section, the RHS can be an expression.
3302 */
3303 if ((parent->unlang == CF_UNLANG_ALLOW) || (parent->unlang == CF_UNLANG_EDIT)) {
3304 bool eol;
3305 ssize_t slen;
3306
3307 name2_ptr = ptr;
3308
3309 /*
3310 * If the RHS is an expression (foo) or function %foo(), then mark it up as an expression.
3311 */
3312 if ((*ptr == '(') || (*ptr == '%')) {
3313 /* nothing */
3314
3315 } else if (cf_get_token(parent, &name2_ptr, &value_token, buff[2], stack->bufsize,
3316 frame->filename, frame->lineno) == 0) {
3317 /*
3318 * We have one token (bare word), followed by EOL. It's just a token.
3319 */
3320 fr_skip_whitespace(name2_ptr);
3321 if (terminal_end_line[(uint8_t) *name2_ptr]) {
3322 parent->allow_locals = false;
3323 ptr = name2_ptr;
3324 value = buff[2];
3325 goto alloc_pair;
3326 }
3327 } /* else it looks like an expression */
3328
3329 /*
3330 * Parse the text as an expression.
3331 *
3332 * Note that unlike conditions, expressions MUST use \ at the EOL for continuation.
3333 * If we automatically read past EOL, as with:
3334 *
3335 * &foo := (bar -
3336 * baz)
3337 *
3338 * That works, mostly. Until the user forgets to put the trailing ')', and then
3339 * the parse is bad enough that it tries to read to EOF, or to some other random
3340 * parse error.
3341 *
3342 * So the simplest way to avoid utter craziness is to simply require a signal which
3343 * says "yes, I intended to put this over multiple lines".
3344 */
3345 slen = fr_skip_condition(ptr, NULL, terminal_end_line, &eol);
3346 if (slen < 0) {
3347 return parse_error(stack, ptr + (-slen), fr_strerror());
3348 }
3349
3350 /*
3351 * We parsed until the end of the string, but the condition still needs more data.
3352 */
3353 if (eol) {
3354 return parse_error(stack, ptr + slen, "Expression is unfinished at end of line");
3355 }
3356
3357 /*
3358 * Keep a copy of the entire RHS.
3359 */
3360 memcpy(buff[2], ptr, slen);
3361 buff[2][slen] = '\0';
3362
3363 value = buff[2];
3364
3365 /*
3366 * Mark it up as an expression
3367 *
3368 * @todo - we should really just call cf_data_add() to add a flag, but this is good for
3369 * now. See map_afrom_cp()
3370 */
3371 value_token = T_HASH;
3372
3373 /*
3374 * Skip terminal characters
3375 */
3376 ptr += slen;
3377 if ((*ptr == ',') || (*ptr == ';')) ptr++;
3378
3379#if 0
3380 } else if ((parent->unlang != CF_UNLANG_ASSIGNMENT) &&
3381 ((*ptr == '`') || (*ptr == '%') || (*ptr == '('))) {
3382 /*
3383 * Config sections can't use backticks, xlat expansions, or expressions.
3384 *
3385 * Except module configurations can have key = %{...}
3386 */
3387 return parse_error(stack, ptr, "Invalid value for assignment in configuration file");
3388#endif
3389
3390 } else {
3391 if (cf_get_token(parent, &ptr, &value_token, buff[2], stack->bufsize,
3392 frame->filename, frame->lineno) < 0) {
3393 return -1;
3394 }
3395 value = buff[2];
3396 }
3397
3398 /*
3399 * We have an attribute assignment, which means that we no longer allow local variables to be
3400 * defined.
3401 */
3402 parent->allow_locals = false;
3403
3404alloc_pair:
3405 if (add_pair(parent, buff[1], value, name1_token, op_token, value_token, buff[3], frame->filename, frame->lineno) < 0) return -1;
3406
3407added_pair:
3408 fr_skip_whitespace(ptr);
3409
3410 /*
3411 * Skip semicolon if we see it after a
3412 * CONF_PAIR. Also allow comma for
3413 * backwards compatibility with secret
3414 * things in v3.
3415 */
3416 if ((*ptr == ';') || (*ptr == ',')) {
3417 ptr++;
3418 stack->ptr = ptr;
3419 return 1;
3420 }
3421
3422 /*
3423 * Closing brace is allowed after a CONF_PAIR
3424 * definition.
3425 */
3426 if (*ptr == '}') {
3427 stack->ptr = ptr;
3428 return 1;
3429 }
3430
3431 /*
3432 * Anything OTHER than EOL or comment is a syntax
3433 * error.
3434 */
3435 if (*ptr && (*ptr != '#')) {
3436 return parse_error(stack, ptr, "Unexpected text after configuration item");
3437 }
3438
3439 /*
3440 * Since we're at EOL or comment, just drop the
3441 * text, and go read another line of text.
3442 */
3443 return 0;
3444}
3445
3446
3447static int frame_readdir(cf_stack_t *stack)
3448{
3449 cf_stack_frame_t *frame = &stack->frame[stack->depth];
3450 CONF_SECTION *parent = frame->current;
3451 cf_file_heap_t *h;
3452
3453 h = fr_heap_pop(&frame->heap);
3454 if (!h) {
3455 /*
3456 * Done reading the directory entry. Close it, and go
3457 * back up a stack frame.
3458 */
3459 talloc_free(frame->directory);
3460 stack->depth--;
3461 return 0;
3462 }
3463
3464 /*
3465 * Push the next filename onto the stack.
3466 */
3467 stack->depth++;
3468 frame = &stack->frame[stack->depth];
3469 memset(frame, 0, sizeof(*frame));
3470
3471 frame->type = CF_STACK_FILE;
3472 frame->fp = NULL;
3473 frame->parent = parent;
3474 frame->current = parent;
3475 frame->filename = h->filename;
3476 frame->lineno = 0;
3477 frame->from_dir = true;
3478 return 1;
3479}
3480
3481
3482static fr_md5_ctx_t *cf_md5_ctx = NULL;
3483
3484void cf_md5_init(void)
3485{
3486 cf_md5_ctx = fr_md5_ctx_alloc();
3487}
3488
3489
3490static void cf_md5_update(char const *p)
3491{
3492 if (!cf_md5_ctx) return;
3493
3494 fr_md5_update(cf_md5_ctx, (uint8_t const *)p, strlen(p));
3495}
3496
3497void cf_md5_final(uint8_t *digest)
3498{
3499 if (!cf_md5_ctx) {
3500 memset(digest, 0, MD5_DIGEST_LENGTH);
3501 return;
3502 }
3503
3504 fr_md5_final(digest, cf_md5_ctx);
3505 fr_md5_ctx_free(&cf_md5_ctx);
3506 cf_md5_ctx = NULL;
3507}
3508
3509static int cf_file_fill(cf_stack_t *stack)
3510{
3511 bool at_eof, has_spaces;
3512 size_t len;
3513 char const *ptr;
3514 cf_stack_frame_t *frame = &stack->frame[stack->depth];
3515
3516read_more:
3517 has_spaces = false;
3518
3519read_continuation:
3520 /*
3521 * Get data, and remember if we are at EOF.
3522 */
3523 at_eof = (fgets(stack->fill, stack->bufsize - (stack->fill - stack->buff[0]), frame->fp) == NULL);
3524 cf_md5_update(stack->fill);
3525 frame->lineno++;
3526
3527 /*
3528 * We read the entire 8k worth of data: complain.
3529 * Note that we don't care if the last character
3530 * is \n: it's still forbidden. This means that
3531 * the maximum allowed length of text is 8k-1, which
3532 * should be plenty.
3533 */
3534 len = strlen(stack->fill);
3535 if ((stack->fill + len + 1) >= (stack->buff[0] + stack->bufsize)) {
3536 ERROR("%s[%d]: Line too long", frame->filename, frame->lineno);
3537 return -1;
3538 }
3539
3540 /*
3541 * Suppress leading whitespace after a
3542 * continuation line.
3543 */
3544 if (has_spaces) {
3545 ptr = stack->fill;
3546 fr_skip_whitespace(ptr);
3547
3548 if (ptr > stack->fill) {
3549 memmove(stack->fill, ptr, len - (ptr - stack->fill));
3550 len -= (ptr - stack->fill);
3551 }
3552 }
3553
3554 /*
3555 * Skip blank lines when we're at the start of
3556 * the read buffer.
3557 */
3558 if (stack->fill == stack->buff[0]) {
3559 if (at_eof) return 0;
3560
3561 ptr = stack->buff[0];
3562 fr_skip_whitespace(ptr);
3563
3564 if (!*ptr || (*ptr == '#')) goto read_more;
3565
3566 } else if (at_eof || (len == 0)) {
3567 ERROR("%s[%d]: Continuation at EOF is illegal", frame->filename, frame->lineno);
3568 return -1;
3569 }
3570
3571 /*
3572 * See if there's a continuation.
3573 */
3574 while ((len > 0) &&
3575 ((stack->fill[len - 1] == '\n') || (stack->fill[len - 1] == '\r'))) {
3576 len--;
3577 stack->fill[len] = '\0';
3578 }
3579
3580 if ((len > 0) && (stack->fill[len - 1] == '\\')) {
3581 /*
3582 * Check for "suppress spaces" magic.
3583 */
3584 if (!has_spaces && (len > 2) && (stack->fill[len - 2] == '"')) {
3585 has_spaces = true;
3586 }
3587
3588 stack->fill[len - 1] = '\0';
3589 stack->fill += len - 1;
3590 goto read_continuation;
3591 }
3592
3593 ptr = stack->fill;
3594
3595 /*
3596 * We now have one full line of text in the input
3597 * buffer, without continuations.
3598 */
3599 fr_skip_whitespace(ptr);
3600
3601 /*
3602 * Nothing left, or just a comment. Go read
3603 * another line of text.
3604 *
3605 * If the caller asked us to preserve comments (utilities like
3606 * radconf2json round-trip them as CONF_COMMENT items), capture
3607 * the comment text on the current section before continuing.
3608 */
3609 if (!*ptr || (*ptr == '#')) {
3610 if (_cf_preserve_comments() && frame->current) {
3611 char const *text;
3612 CONF_COMMENT *c;
3613 char *p;
3614
3615 /*
3616 * `#` line: keep everything after the marker
3617 * verbatim (whitespace included; operators use
3618 * leading indent to format banners). Empty
3619 * line: emit a blank marker (NULL text) so the
3620 * writer round-trips the visual separator, and
3621 * downstream tooling can tell two comment blocks
3622 * separated by a blank line apart from one long
3623 * block.
3624 */
3625 text = (*ptr == '#') ? ptr + 1 : NULL;
3626 c = cf_comment_alloc(frame->current, text);
3627 if (c) {
3628 /* Trim trailing CR/LF off the talloc'd copy */
3629 p = UNCONST(char *, c->text);
3630 if (p) {
3631 size_t l = strlen(p);
3632 while (l > 0 && (p[l - 1] == '\n' || p[l - 1] == '\r')) {
3633 p[--l] = '\0';
3634 }
3635 }
3636 cf_filename_set(c, frame->filename);
3637 cf_lineno_set(c, frame->lineno);
3638 }
3639 }
3640 goto read_more;
3641 }
3642
3643 return 1;
3644}
3645
3646
3647/*
3648 * Read a configuration file or files.
3649 */
3650static int cf_file_include(cf_stack_t *stack)
3651{
3652 CONF_SECTION *parent;
3653 char const *ptr;
3654
3655 cf_stack_frame_t *frame;
3656 int rcode;
3657
3658do_frame:
3659 frame = &stack->frame[stack->depth];
3660 parent = frame->current; /* add items here */
3661
3662 switch (frame->type) {
3663#ifdef HAVE_GLOB_H
3664 case CF_STACK_GLOB:
3665 if (frame->gl_current == frame->glob.gl_pathc) {
3666 globfree(&frame->glob);
3667 goto pop_stack;
3668 }
3669
3670 /*
3671 * Process the filename as an include.
3672 */
3673 if (process_include(stack, parent, frame->glob.gl_pathv[frame->gl_current++], frame->required, false) < 0) return -1;
3674
3675 /*
3676 * Run the correct frame. If the file is NOT
3677 * required, then the call to process_include()
3678 * may return 0, and we just process the next
3679 * glob. Otherwise, the call to
3680 * process_include() may return a directory or a
3681 * filename. Go handle that.
3682 */
3683 goto do_frame;
3684#endif
3685
3686#ifdef HAVE_DIRENT_H
3687 case CF_STACK_DIR:
3688 rcode = frame_readdir(stack);
3689 if (rcode == 0) goto do_frame;
3690 if (rcode < 0) return -1;
3691
3692 /*
3693 * Reset which frame we're looking at.
3694 */
3695 frame = &stack->frame[stack->depth];
3696 fr_assert(frame->type == CF_STACK_FILE);
3697 break;
3698#endif
3699
3700 case CF_STACK_FILE:
3701 break;
3702 }
3703
3704#ifndef NDEBUG
3705 /*
3706 * One last sanity check.
3707 */
3708 if (frame->type != CF_STACK_FILE) {
3709 cf_log_err(frame->current, "%s: Internal sanity check failed", __FUNCTION__);
3710 goto pop_stack;
3711 }
3712#endif
3713
3714 /*
3715 * Open the new file if necessary. It either came from
3716 * the first call to the function, or was pushed onto the
3717 * stack by another function.
3718 */
3719 if (!frame->fp) {
3720 rcode = cf_file_open(frame->parent, frame->filename, frame->from_dir, &frame->fp);
3721 if (rcode < 0) return -1;
3722
3723 /*
3724 * Ignore this file
3725 */
3726 if (rcode == 1) {
3727 cf_log_warn(frame->current, "Ignoring file %s - it was already read",
3728 frame->filename);
3729 goto pop_stack;
3730 }
3731 }
3732
3733 /*
3734 * Read, checking for line continuations ('\\' at EOL)
3735 */
3736 for (;;) {
3737 /*
3738 * Fill the buffers with data.
3739 */
3740 stack->fill = stack->buff[0];
3741 rcode = cf_file_fill(stack);
3742 if (rcode < 0) return -1;
3743 if (rcode == 0) break;
3744
3745 /*
3746 * The text here MUST be at the start of a line,
3747 * OR have only whitespace in front of it.
3748 */
3749 ptr = stack->buff[0];
3750 fr_skip_whitespace(ptr);
3751
3752 if (*ptr == '$') {
3753 /*
3754 * Allow for $INCLUDE files
3755 */
3756 if (strncasecmp(ptr, "$INCLUDE", 8) == 0) {
3757 ptr += 8;
3758
3759 stack->ptr = ptr;
3760 if (process_include(stack, parent, ptr, true, true) < 0) return -1;
3761 goto do_frame;
3762 }
3763
3764 if (strncasecmp(ptr, "$-INCLUDE", 9) == 0) {
3765 ptr += 9;
3766
3767 stack->ptr = ptr;
3768 rcode = process_include(stack, parent, ptr, false, true);
3769 if (rcode < 0) return -1;
3770 if (rcode == 0) continue;
3771 goto do_frame;
3772 }
3773
3774 /*
3775 * Allow for $TEMPLATE things
3776 */
3777 if (strncasecmp(ptr, "$TEMPLATE", 9) == 0) {
3778 ptr += 9;
3779 fr_skip_whitespace(ptr);
3780
3781 stack->ptr = ptr;
3782 if (process_template(stack) < 0) return -1;
3783 continue;
3784 }
3785
3786 stack->ptr = ptr;
3787 return parse_error(stack, ptr, "Unknown $... keyword");
3788 }
3789
3790 /*
3791 * All of the file handling code is done. Parse the input.
3792 */
3793 do {
3794 fr_skip_whitespace(ptr);
3795 if (!*ptr || (*ptr == '#')) break;
3796
3797 stack->ptr = ptr;
3798 rcode = parse_input(stack);
3799 ptr = stack->ptr;
3800
3801 if (rcode < 0) return -1;
3802 parent = frame->current;
3803 } while (rcode == 1);
3804 }
3805
3806 fr_assert(frame->fp != NULL);
3807
3808 /*
3809 * See if EOF was unexpected.
3810 */
3811 if (feof(frame->fp) && (parent != frame->parent)) {
3812 ERROR("%s[%d]: EOF reached without closing brace for section %s starting at line %d",
3813 frame->filename, frame->lineno, cf_section_name1(parent), cf_lineno(parent));
3814 return -1;
3815 }
3816
3817 fclose(frame->fp);
3818 frame->fp = NULL;
3819
3820pop_stack:
3821 /*
3822 * More things to read, go read them.
3823 */
3824 if (stack->depth > 0) {
3825 stack->depth--;
3826 goto do_frame;
3827 }
3828
3829 return 0;
3830}
3831
3832static void cf_stack_cleanup(cf_stack_t *stack)
3833{
3834 cf_stack_frame_t *frame = &stack->frame[stack->depth];
3835
3836 while (stack->depth >= 0) {
3837 switch (frame->type) {
3838 case CF_STACK_FILE:
3839 if (frame->fp) fclose(frame->fp);
3840 frame->fp = NULL;
3841 break;
3842
3843#ifdef HAVE_DIRENT_H
3844 case CF_STACK_DIR:
3845 talloc_free(frame->directory);
3846 break;
3847#endif
3848
3849#ifdef HAVE_GLOB_H
3850 case CF_STACK_GLOB:
3851 globfree(&frame->glob);
3852 break;
3853#endif
3854 }
3855
3856 frame--;
3857 stack->depth--;
3858 }
3859
3860 talloc_free(stack->buff);
3861}
3862
3863/*
3864 * Bootstrap a config file.
3865 */
3866int cf_file_read(CONF_SECTION *cs, char const *filename, bool root)
3867{
3868 int i;
3869 fr_rb_tree_t *tree;
3870 cf_stack_t stack;
3871 cf_stack_frame_t *frame;
3872
3873 /*
3874 * Only add the default config directory if we're loading a top-level configuration file.
3875 */
3876 if (root) {
3877 char const *p;
3878 char *confdir = NULL;
3879 CONF_PAIR *cp;
3880
3881 /*
3882 * For compatibility, this goes first. And we don't care if there are too many '/'.
3883 */
3884 cp = cf_pair_alloc(cs, "raddbdir", filename, T_OP_EQ, T_BARE_WORD, T_SINGLE_QUOTED_STRING);
3885 if (!cp) return -1;
3886
3887 /*
3888 * This goes second, and we try to be nice about too many '/'.
3889 *
3890 * "confdir" is the directory portion of filename, so trim everything
3891 * from the final path separator onwards before storing it.
3892 */
3893 p = strrchr(filename, FR_DIR_SEP);
3894 if (p) {
3895 confdir = talloc_bstrndup(cs, filename, p - filename);
3896 cp = cf_pair_alloc(cs, "confdir", confdir, T_OP_EQ, T_BARE_WORD, T_SINGLE_QUOTED_STRING);
3897 talloc_free(confdir);
3898 } else {
3899 cp = cf_pair_alloc(cs, "confdir", filename, T_OP_EQ, T_BARE_WORD, T_SINGLE_QUOTED_STRING);
3900 }
3901 if (!cp) return -1;
3902 }
3903
3904 MEM(tree = fr_rb_inline_talloc_alloc(cs, cf_file_t, node, _inode_cmp, NULL));
3905
3906 cf_data_add(cs, tree, "filename", false);
3907
3908#ifndef NDEBUG
3909 memset(&stack, 0, sizeof(stack));
3910#endif
3911
3912 /*
3913 * Allocate temporary buffers on the heap (so we don't use *all* the stack space)
3914 */
3915 stack.buff = talloc_array(cs, char *, 4);
3916 for (i = 0; i < 4; i++) MEM(stack.buff[i] = talloc_array(stack.buff, char, 8192));
3917
3918 stack.depth = 0;
3919 stack.bufsize = 8192;
3920 frame = &stack.frame[stack.depth];
3921
3922 memset(frame, 0, sizeof(*frame));
3923 frame->parent = frame->current = cs;
3924
3925 frame->type = CF_STACK_FILE;
3926 frame->filename = talloc_strdup(frame->parent, filename);
3927 cs->item.filename = frame->filename;
3928
3929 if (cf_file_include(&stack) < 0) {
3930 cf_stack_cleanup(&stack);
3931 return -1;
3932 }
3933
3934 talloc_free(stack.buff);
3935
3936 /*
3937 * Now that we've read the file, go back through it and
3938 * expand the variables.
3939 */
3940 if (cf_section_pass2(cs) < 0) {
3941 cf_log_err(cs, "Parsing config items failed");
3942 return -1;
3943 }
3944
3945 return 0;
3946}
3947
3948/** Bootstrap a configuration section from an in-memory buffer.
3949 *
3950 * Mirrors cf_file_read(), but reads the configuration text from a buffer via fmemopen() instead of from a
3951 * file on disk. The buffer is treated as if it were the contents of "filename", which is used in error
3952 * messages and stored as the section's source filename.
3953 *
3954 * $INCLUDE / $-INCLUDEs are taken relative to the directory portion of "filename", as with cf_file_read().
3955 *
3956 * Unlike cf_file_read(), this function never sets the "raddbdir" / "confdir" CONF_PAIRs (the buffer has no
3957 * canonical install path) and never inserts "filename" into the dedup tree.
3958 *
3959 * @param[in] cs Top-level configuration section to populate.
3960 * @param[in] buffer The configuration text. The caller retains ownership
3961 * and may free the buffer after this call returns.
3962 * @param[in] buflen Length of @p buffer in bytes (excluding any trailing NUL).
3963 * @param[in] filename Virtual filename for error reporting. May be a
3964 * placeholder like "<inline>" if there is no real file.
3965 * @return 0 on success, -1 on failure.
3966 */
3967int cf_file_read_buffer(CONF_SECTION *cs, char const *buffer, size_t buflen, char const *filename)
3968{
3969 int i;
3970 FILE *fp;
3971 fr_rb_tree_t *tree;
3972 cf_stack_t stack;
3973 cf_stack_frame_t *frame;
3974
3975 fp = fmemopen(UNCONST(char *, buffer), buflen, "r");
3976 if (!fp) {
3977 ERROR("Failed opening in-memory buffer for parsing: %s", fr_syserror(errno));
3978 return -1;
3979 }
3980
3981 /*
3982 * The dedup-by-inode filename tree may already exist if the caller
3983 * is reading more than one buffer / file into the same root section.
3984 */
3985 tree = cf_data_value(cf_data_find(cs, fr_rb_tree_t, "filename"));
3986 if (!tree) {
3987 MEM(tree = fr_rb_inline_talloc_alloc(cs, cf_file_t, node, _inode_cmp, NULL));
3988 cf_data_add(cs, tree, "filename", false);
3989 }
3990
3991#ifndef NDEBUG
3992 memset(&stack, 0, sizeof(stack));
3993#endif
3994
3995 /*
3996 * Allocate temporary buffers on the heap (so we don't use *all* the stack space)
3997 */
3998 stack.buff = talloc_array(cs, char *, 4);
3999 for (i = 0; i < 4; i++) MEM(stack.buff[i] = talloc_array(stack.buff, char, 8192));
4000
4001 stack.depth = 0;
4002 stack.bufsize = 8192;
4003 frame = &stack.frame[stack.depth];
4004
4005 memset(frame, 0, sizeof(*frame));
4006 frame->parent = frame->current = cs;
4007
4008 frame->type = CF_STACK_FILE;
4009 frame->filename = talloc_strdup(frame->parent, filename);
4010 cs->item.filename = frame->filename;
4011
4012 /*
4013 * Pre-set frame->fp so cf_file_include() skips its own cf_file_open()
4014 * call (which would try to fopen() a real path). cf_file_include()
4015 * fclose()s frame->fp on the way out, which for an fmemopen() handle
4016 * does not free the underlying buffer.
4017 */
4018 frame->fp = fp;
4019
4020 if (cf_file_include(&stack) < 0) {
4021 cf_stack_cleanup(&stack);
4022 return -1;
4023 }
4024
4025 talloc_free(stack.buff);
4026
4027 /*
4028 * Now that we've read the buffer, go back through it and
4029 * expand the variables.
4030 */
4031 if (cf_section_pass2(cs) < 0) {
4032 cf_log_err(cs, "Parsing config items failed");
4033 return -1;
4034 }
4035
4036 return 0;
4037}
4038
4039void cf_file_free(CONF_SECTION *cs)
4040{
4041 talloc_free(cs);
4042}
4043
4044static char const parse_tabs[] = " ";
4045
4046static ssize_t cf_string_write(FILE *fp, char const *string, size_t len, fr_token_t t)
4047{
4048 size_t outlen;
4049 char c;
4050 char buffer[2048];
4051
4052 switch (t) {
4053 default:
4054 c = '\0';
4055 break;
4056
4057 case T_DOUBLE_QUOTED_STRING:
4058 c = '"';
4059 break;
4060
4061 case T_SINGLE_QUOTED_STRING:
4062 c = '\'';
4063 break;
4064
4065 case T_BACK_QUOTED_STRING:
4066 c = '`';
4067 break;
4068 }
4069
4070 if (c) fprintf(fp, "%c", c);
4071
4072 outlen = fr_snprint(buffer, sizeof(buffer), string, len, c);
4073 fwrite(buffer, outlen, 1, fp);
4074
4075 if (c) fprintf(fp, "%c", c);
4076 return 1;
4077}
4078
4079int cf_pair_write(FILE *fp, CONF_PAIR *cp)
4080{
4081 if (!cp->value) {
4082 fprintf(fp, "%s\n", cp->attr);
4083 return 0;
4084 }
4085
4086 cf_string_write(fp, cp->attr, strlen(cp->attr), cp->lhs_quote);
4087 fprintf(fp, " %s ", fr_table_str_by_value(fr_tokens_table, cp->op, "<INVALID>"));
4088 cf_string_write(fp, cp->value, strlen(cp->value), cp->rhs_quote);
4089 fprintf(fp, "\n");
4090
4091 return 1; /* FIXME */
4092}
4093
4094
4095int cf_section_write(FILE *fp, CONF_SECTION *cs, int depth)
4096{
4097 if (!fp || !cs) return -1;
4098
4099 /*
4100 * Print the section name1, etc.
4101 */
4102 fwrite(parse_tabs, depth, 1, fp);
4103 cf_string_write(fp, cs->name1, strlen(cs->name1), T_BARE_WORD);
4104
4105 /*
4106 * FIXME: check for "if" or "elsif". And if so, print
4107 * out the parsed condition, instead of the input text
4108 *
4109 * cf_data_find(cs, CF_DATA_TYPE_UNLANG, "if");
4110 */
4111 if (cs->name2) {
4112 fputs(" ", fp);
4113
4114#if 0
4115 c = cf_data_value(cf_data_find(cs, fr_cond_t, NULL));
4116 if (c) {
4117 char buffer[1024];
4118
4119 cond_print(&FR_SBUFF_OUT(buffer, sizeof(buffer)), c);
4120 fprintf(fp, "(%s)", buffer);
4121 } else
4122#endif
4123 cf_string_write(fp, cs->name2, strlen(cs->name2), cs->name2_quote);
4124 }
4125
4126 fputs(" {\n", fp);
4127
4128 cf_section_write_children(fp, cs, depth + 1);
4129
4130 fwrite(parse_tabs, depth, 1, fp);
4131 fputs("}\n\n", fp);
4132
4133 return 1;
4134}
4135
4136/** Emit the children of a section at `depth` without an enclosing `{ ... }`.
4137 *
4138 * cf_section_write wraps a section in `name { ... }`; this helper writes only
4139 * the children at the requested indent, which is what tools like
4140 * `radjson2conf -r` need: rendering a synthetic-root section as a file-scope
4141 * fragment ready to be `$INCLUDE`d at any depth.
4142 *
4143 * Blank lines in the source come back through as NULL-text CONF_ITEM_COMMENT
4144 * markers, so the writer doesn't have to synthesise its own separators - just
4145 * emit what's there. Consecutive blank markers collapse to a single blank
4146 * line on output so artifacts from upstream tooling (deletes that left their
4147 * preceding blank behind, splits that introduced extra spacers) don't
4148 * accumulate as visible whitespace.
4149 */
4150int cf_section_write_children(FILE *fp, CONF_SECTION *cs, int depth)
4151{
4152 bool prev_was_blank = false;
4153
4154 if (!fp || !cs) return -1;
4155
4156 cf_item_foreach(&cs->item, ci) {
4157 switch (ci->type) {
4158 case CONF_ITEM_SECTION:
4159 cf_section_write(fp, cf_item_to_section(ci), depth);
4160 /*
4161 * Sections close with `}\n\n` so the trailing
4162 * blank line is already in the stream; flag it
4163 * so a NULL-text comment immediately after
4164 * doesn't double it up.
4165 */
4166 prev_was_blank = true;
4167 break;
4168
4169 case CONF_ITEM_PAIR:
4170 /*
4171 * Ignore internal things.
4172 */
4173 if (!ci->filename || (ci->filename[0] == '<')) break;
4174
4175 fwrite(parse_tabs, depth, 1, fp);
4176 cf_pair_write(fp, cf_item_to_pair(ci));
4177 prev_was_blank = false;
4178 break;
4179
4180 case CONF_ITEM_COMMENT: {
4181 CONF_COMMENT const *c = cf_item_to_comment(ci);
4182
4183 /*
4184 * NULL text == blank line. Collapse
4185 * runs of blanks to a single one.
4186 */
4187 if (c->text == NULL) {
4188 if (!prev_was_blank) {
4189 fputc('\n', fp);
4190 prev_was_blank = true;
4191 }
4192 break;
4193 }
4194
4195 fwrite(parse_tabs, depth, 1, fp);
4196 fputc('#', fp);
4197 fputs(c->text, fp);
4198 fputc('\n', fp);
4199 prev_was_blank = false;
4200 } break;
4201
4202 default:
4203 break;
4204 }
4205 }
4206
4207 return 1;
4208}
4209
4210
4211CONF_ITEM *cf_reference_item(CONF_SECTION const *parent_cs,
4212 CONF_SECTION const *outer_cs,
4213 char const *ptr)
4214{
4215 CONF_PAIR *cp;
4216 CONF_SECTION *next;
4217 CONF_SECTION const *cs = outer_cs;
4218 char name[8192], *p;
4219 char const *name2;
4220
4221 if (!ptr || (!parent_cs && !outer_cs)) {
4222 fr_strerror_const("Invalid argument");
4223 return NULL;
4224 }
4225
4226 if (!*ptr) {
4227 fr_strerror_const("Empty string is invalid");
4228 return NULL;
4229 }
4230
4231 strlcpy(name, ptr, sizeof(name));
4232
4233 p = name;
4234
4235 /*
4236 * ".foo" means "foo from the current section"
4237 */
4238 if (*p == '.') {
4239 p++;
4240
4241 /*
4242 * Just '.' means the current section
4243 */
4244 if (*p == '\0') return cf_section_to_item(cs); /* const issues */
4245
4246 /*
4247 * ..foo means "foo from the section
4248 * enclosing this section" (etc.)
4249 */
4250 while (*p == '.') {
4251 if (cs->item.parent) cs = cf_item_to_section(cs->item.parent);
4252
4253 /*
4254 * .. means the section
4255 * enclosing this section
4256 */
4257 if (!*++p) return cf_section_to_item(cs); /* const issues */
4258 }
4259
4260 /*
4261 * "foo.bar.baz" means "from the given root"
4262 */
4263 } else if (strchr(p, '.') != NULL) {
4264 if (!parent_cs) {
4265 missing_parent:
4266 fr_strerror_const("Missing parent configuration section");
4267 return NULL;
4268 }
4269 cs = parent_cs;
4270
4271 /*
4272 * "foo" could be from the current section, either as a
4273 * section or as a pair.
4274 *
4275 * If that isn't found, search from the given root.
4276 */
4277 } else {
4278 next = cf_section_find(cs, p, NULL);
4279 if (!next && cs->template) next = cf_section_find(cs->template, p, NULL);
4280 if (next) return &(next->item);
4281
4282 cp = cf_pair_find(cs, p);
4283 if (!cp && cs->template) cp = cf_pair_find(cs->template, p);
4284 if (cp) return &(cp->item);
4285
4286 if (!parent_cs) goto missing_parent;
4287 cs = parent_cs;
4288 }
4289
4290 /*
4291 * Chop the string into pieces, and look up the pieces.
4292 */
4293 while (*p) {
4294 char *n1, *n2, *q;
4295
4296 n1 = p;
4297 n2 = NULL;
4298 q = p;
4299
4300 fr_assert(*q);
4301
4302 /*
4303 * Look for a terminating '.' or '[', to get name1 and possibly name2.
4304 */
4305 while (*q != '\0') {
4306 /*
4307 * foo.bar -> return "foo"
4308 */
4309 if (*q == '.') {
4310 *q++ = '\0'; /* leave 'q' after the '.' */
4311 break;
4312 }
4313
4314 /*
4315 * name1 is anything up to '[' or EOS.
4316 */
4317 if (*q != '[') {
4318 q++;
4319 continue;
4320 }
4321
4322 /*
4323 * Found "name1[", look for "name2]" or "name2]."
4324 */
4325 *q++ = '\0';
4326 n2 = q;
4327
4328 while (*q != '\0') {
4329 if (*q == '[') {
4330 fr_strerror_const("Invalid reference, '[' cannot be used inside of a '[...]' block");
4331 return NULL;
4332 }
4333
4334 if (*q != ']') {
4335 q++;
4336 continue;
4337 }
4338
4339 /*
4340 * We've found the trailing ']'
4341 */
4342 *q++ = '\0';
4343
4344 /*
4345 * "name2]"
4346 */
4347 if (!*q) break;
4348
4349 /*
4350 * Must be "name2]."
4351 */
4352 if (*q++ == '.') break;
4353
4354 fr_strerror_const("Invalid reference, ']' is not followed by '.'");
4355 return NULL;
4356 }
4357
4358 /*
4359 * "name1[name2", but not "name1[name2]"
4360 *
4361 * The inner loop exited because it found *q == '\0',
4362 * meaning that the closing ']' was never found.
4363 */
4364 if (!*q) {
4365 fr_strerror_printf("Invalid reference after '%s', missing close ']'", n1);
4366 return NULL;
4367 }
4368
4369 break;
4370 }
4371 p = q; /* get it ready for the next round */
4372
4373 /*
4374 * End of the string. The thing could be a section with
4375 * two names, a section with one name, or a pair.
4376 *
4377 * And if we don't find the thing we're looking for here,
4378 * check the template section.
4379 */
4380 if (!*p) {
4381 /*
4382 * Two names, must be a section.
4383 */
4384 if (n2) {
4385 next = cf_section_find(cs, n1, n2);
4386 if (!next && cs->template) next = cf_section_find(cs->template, n1, n2);
4387 if (next) return &(next->item);
4388
4389 fail:
4390 name2 = cf_section_name2(cs);
4391 fr_strerror_printf("Parent section %s%s%s { ... } does not contain a %s %s { ... } configuration section",
4392 cf_section_name1(cs),
4393 name2 ? " " : "", name2 ? name2 : "",
4394 n1, n2);
4395 return NULL;
4396 }
4397
4398 /*
4399 * One name, the final thing can be a section or a pair.
4400 */
4401 next = cf_section_find(cs, n1, NULL);
4402 if (!next && cs->template) next = cf_section_find(cs->template, n1, NULL);
4403
4404 if (next) return &(next->item);
4405
4406 cp = cf_pair_find(cs, n1);
4407 if (!cp && cs->template) cp = cf_pair_find(cs->template, n1);
4408 if (cp) return &(cp->item);
4409
4410 name2 = cf_section_name2(cs);
4411 fr_strerror_printf("Parent section %s%s%s { ... } does not contain a %s configuration item",
4412 cf_section_name1(cs),
4413 name2 ? " " : "", name2 ? name2 : "",
4414 n1);
4415 return NULL;
4416 }
4417
4418 /*
4419 * There's more to the string. The thing we're looking
4420 * for MUST be a configuration section.
4421 */
4422 next = cf_section_find(cs, n1, n2);
4423 if (!next && cs->template) next = cf_section_find(cs->template, n1, n2);
4424 if (next) {
4425 cs = next;
4426 continue;
4427 }
4428
4429 if (n2) goto fail;
4430
4431 name2 = cf_section_name2(cs);
4432 fr_strerror_printf("Parent section %s%s%s { ... } does not contain a %s { ... } configuration section",
4433 cf_section_name1(cs),
4434 name2 ? " " : "", name2 ? name2 : "",
4435 n1);
4436 return NULL;
4437 }
4438
4439 /*
4440 * We've fallen off of the end of the string. This should not have happened!
4441 */
4442 fr_strerror_const("Cannot parse reference");
4443 return NULL;
4444}
4445
4446/*
4447 * Only for unit_test_map
4448 */
4449void cf_section_set_unlang(CONF_SECTION *cs)
4450{
4451 fr_assert(cs->unlang == CF_UNLANG_NONE);
4452 fr_assert(!cs->item.parent);
4453
4454 cs->unlang = CF_UNLANG_ALLOW;
4455}
buffer
static int const char char buffer[256]
Definition acutest.h:576
file
int const char * file
Definition acutest.h:702
strcpy
strcpy(log_entry->msg, buffer)
UNCONST
#define UNCONST(_type, _ptr)
Remove const qualification from a pointer.
Definition build.h:186
RCSID
#define RCSID(id)
Definition build.h:512
L
#define L(_str)
Helper for initialising arrays of string literals.
Definition build.h:228
FALL_THROUGH
#define FALL_THROUGH
clang 10 doesn't recognised the FALL-THROUGH comment anymore
Definition build.h:343
CMP_RETURN
#define CMP_RETURN(_a, _b, _field)
Return if the comparison is not 0 (is unequal)
Definition build.h:122
CMP
#define CMP(_a, _b)
Same as CMP_PREFER_SMALLER use when you don't really care about ordering, you just want an ordering.
Definition build.h:113
UNUSED
#define UNUSED
Definition build.h:336
NUM_ELEMENTS
#define NUM_ELEMENTS(_t)
Definition build.h:358
cf_stack_frame_t::at_reference_braces
int at_reference_braces
braces when we found this thing
Definition cf_file.c:136
cf_stack_frame_t::current
CONF_SECTION * current
sub-section we're reading
Definition cf_file.c:134
cf_stack_frame_t::type
cf_stack_file_t type
Definition cf_file.c:107
cf_template_merge
static bool cf_template_merge(CONF_SECTION *cs, CONF_SECTION const *template)
Definition cf_file.c:628
parse_input
static int parse_input(cf_stack_t *stack)
Definition cf_file.c:2506
cf_section_write_children
int cf_section_write_children(FILE *fp, CONF_SECTION *cs, int depth)
Emit the children of a section at depth without an enclosing { ... }.
Definition cf_file.c:4150
cf_stack_t::fill
char * fill
where we start filling the buffer from
Definition cf_file.c:153
cf_section_set_unlang
void cf_section_set_unlang(CONF_SECTION *cs)
Definition cf_file.c:4449
conf_property
conf_property
Definition cf_file.c:65
CONF_PROPERTY_NAME
@ CONF_PROPERTY_NAME
Definition cf_file.c:67
CONF_PROPERTY_INSTANCE
@ CONF_PROPERTY_INSTANCE
Definition cf_file.c:68
CONF_PROPERTY_INVALID
@ CONF_PROPERTY_INVALID
Definition cf_file.c:66
unlang_keywords_len
static int unlang_keywords_len
Definition cf_file.c:2480
server_unlang_section
static fr_table_num_sorted_t const server_unlang_section[]
Definition cf_file.c:77
cf_file_read_buffer
int cf_file_read_buffer(CONF_SECTION *cs, char const *buffer, size_t buflen, char const *filename)
Bootstrap a configuration section from an in-memory buffer.
Definition cf_file.c:3967
check_config
bool check_config
Definition cf_file.c:61
cf_file_heap_t::heap_id
fr_heap_index_t heap_id
Definition cf_file.c:1245
frame_readdir
static int frame_readdir(cf_stack_t *stack)
Definition cf_file.c:3447
process_map
static CONF_ITEM * process_map(cf_stack_t *stack)
Definition cf_file.c:1763
process_foreach
static CONF_ITEM * process_foreach(cf_stack_t *stack)
Definition cf_file.c:2135
add_pair
static int add_pair(CONF_SECTION *parent, char const *attr, char const *value, fr_token_t name1_token, fr_token_t op_token, fr_token_t value_token, char *buff, char const *filename, int lineno)
Definition cf_file.c:2320
cf_expand_file
static int cf_expand_file(char const *cf, int lineno, char name[static PATH_MAX], char **p_p, char const **ptr_p, char *output, size_t outsize, bool raw)
Definition cf_file.c:160
cf_md5_init
void cf_md5_init(void)
Definition cf_file.c:3484
cf_expand_variables
char const * cf_expand_variables(char const *cf, int lineno, CONF_SECTION *outer_cs, char *output, size_t outsize, char const *input, ssize_t inlen, bool *soft_fail, bool soft_fail_env)
Definition cf_file.c:297
cf_stack_frame_t::braces
int braces
Definition cf_file.c:138
parse_type_name
static int parse_type_name(cf_stack_t *stack, char const **ptr_p, char const *type_ptr, fr_type_t *type_p)
Definition cf_file.c:2084
cf_name_char1
static const bool cf_name_char1[SBUFF_CHAR_CLASS]
Convert tokens back to a quoting character.
Definition cf_file.c:2495
cf_stack_cleanup
static void cf_stack_cleanup(cf_stack_t *stack)
Definition cf_file.c:3832
cf_stack_t::depth
int depth
stack depth
Definition cf_file.c:151
cf_file_check_unix_perm
cf_file_check_err_t cf_file_check_unix_perm(char const *filename, UNUSED void *uctx)
Check if file exists, and is a socket.
Definition cf_file.c:972
terminal_end_line
static const bool terminal_end_line[SBUFF_CHAR_CLASS]
Definition cf_file.c:1600
cf_file_open
static int cf_file_open(CONF_SECTION *cs, char const *filename, bool from_dir, FILE **fp_p)
Definition cf_file.c:713
cf_file_read
int cf_file_read(CONF_SECTION *cs, char const *filename, bool root)
Definition cf_file.c:3866
cf_md5_ctx
static fr_md5_ctx_t * cf_md5_ctx
Definition cf_file.c:3482
filename_cmp
static int8_t filename_cmp(void const *one, void const *two)
Definition cf_file.c:1248
cf_section_write
int cf_section_write(FILE *fp, CONF_SECTION *cs, int depth)
Definition cf_file.c:4095
cf_stack_frame_t::lineno
int lineno
line in that filename
Definition cf_file.c:110
cf_stack_file_t
cf_stack_file_t
Definition cf_file.c:95
CF_STACK_FILE
@ CF_STACK_FILE
Definition cf_file.c:96
terminal_end_section
static const bool terminal_end_section[SBUFF_CHAR_CLASS]
Definition cf_file.c:1596
conf_property_name_len
static size_t conf_property_name_len
Definition cf_file.c:75
conf_property_name
static fr_table_num_sorted_t const conf_property_name[]
Definition cf_file.c:71
cf_section_pass2
int cf_section_pass2(CONF_SECTION *cs)
Definition cf_file.c:1130
cf_stack_frame_t::from_dir
bool from_dir
this file was read from $include foo/
Definition cf_file.c:139
cf_string_write
static ssize_t cf_string_write(FILE *fp, char const *string, size_t len, fr_token_t t)
Definition cf_file.c:4046
parse_tabs
static char const parse_tabs[]
Definition cf_file.c:4044
cf_file_check
cf_file_check_err_t cf_file_check(CONF_PAIR *cp, bool check_perms)
Do some checks on the file as an "input" file.
Definition cf_file.c:1068
cf_file_include
static int cf_file_include(cf_stack_t *stack)
Definition cf_file.c:3650
conf_check_uid
static uid_t conf_check_uid
Definition cf_file.c:62
conf_check_gid
static gid_t conf_check_gid
Definition cf_file.c:63
cf_process_func_t
CONF_ITEM *(* cf_process_func_t)(cf_stack_t *)
Definition cf_file.c:2482
cf_get_token
static int cf_get_token(CONF_SECTION *parent, char const **ptr_p, fr_token_t *token, char *buffer, size_t buflen, char const *filename, int lineno)
Definition cf_file.c:1194
_inode_cmp
static int8_t _inode_cmp(void const *one, void const *two)
Definition cf_file.c:704
cf_stack_frame_t::at_reference
CONF_SECTION * at_reference
was this thing an @foo ?
Definition cf_file.c:135
cf_file_check_open_read
cf_file_check_err_t cf_file_check_open_read(char const *filename, void *uctx)
Callback for cf_file_check to open a file and check permissions.
Definition cf_file.c:1018
cf_file_fill
static int cf_file_fill(cf_stack_t *stack)
Definition cf_file.c:3509
cf_stack_t::ptr
char const * ptr
current parse pointer
Definition cf_file.c:152
cf_file_check_effective
cf_file_check_err_t cf_file_check_effective(char const *filename, cf_file_check_err_t(*cb)(char const *filename, void *uctx), void *uctx)
Perform an operation with the effect/group set to conf_check_gid and conf_check_uid.
Definition cf_file.c:839
cf_reference_item
CONF_ITEM * cf_reference_item(CONF_SECTION const *parent_cs, CONF_SECTION const *outer_cs, char const *ptr)
Definition cf_file.c:4211
cf_file_heap_t::filename
char const * filename
Definition cf_file.c:1244
process_subrequest
static CONF_ITEM * process_subrequest(cf_stack_t *stack)
Definition cf_file.c:1851
cf_file_check_set_uid_gid
void cf_file_check_set_uid_gid(uid_t uid, gid_t gid)
Set the euid/egid used when performing file checks.
Definition cf_file.c:824
CONF_PROPERTY
enum conf_property CONF_PROPERTY
unlang_keywords
static fr_table_ptr_sorted_t unlang_keywords[]
Definition cf_file.c:2471
cf_stack_t::buff
char ** buff
buffers for reading / parsing
Definition cf_file.c:149
cf_stack_frame_t::parent
CONF_SECTION * parent
which started this file
Definition cf_file.c:133
process_template
static int process_template(cf_stack_t *stack)
Definition cf_file.c:1539
cf_stack_t::bufsize
size_t bufsize
size of the buffers
Definition cf_file.c:150
server_unlang_section_len
static size_t server_unlang_section_len
Definition cf_file.c:93
cf_md5_final
void cf_md5_final(uint8_t *digest)
Definition cf_file.c:3497
process_include
static int process_include(cf_stack_t *stack, CONF_SECTION *parent, char const *ptr, bool required, bool relative)
Definition cf_file.c:1259
process_if
static CONF_ITEM * process_if(cf_stack_t *stack)
Definition cf_file.c:1612
cf_md5_update
static void cf_md5_update(char const *p)
Definition cf_file.c:3490
cf_file_free
void cf_file_free(CONF_SECTION *cs)
Definition cf_file.c:4039
cf_local_file
static char const * cf_local_file(char const *base, char const *filename, char *buffer, size_t bufsize)
Definition cf_file.c:1165
MAX_STACK
#define MAX_STACK
Definition cf_file.c:105
process_catch
static CONF_ITEM * process_catch(cf_stack_t *stack)
Definition cf_file.c:1972
cf_pair_write
int cf_pair_write(FILE *fp, CONF_PAIR *cp)
Definition cf_file.c:4079
cf_file_check_unix_connect
cf_file_check_err_t cf_file_check_unix_connect(char const *filename, UNUSED void *uctx)
Check if we can connect to a unix socket.
Definition cf_file.c:899
cf_stack_frame_t::filename
char const * filename
filename we're reading
Definition cf_file.c:109
process_switch
static CONF_ITEM * process_switch(cf_stack_t *stack)
Definition cf_file.c:2379
parse_error
static int parse_error(cf_stack_t *stack, char const *ptr, char const *message)
Definition cf_file.c:2064
cf_file_heap_t
Definition cf_file.c:1243
cf_stack_frame_t
Definition cf_file.c:106
cf_stack_t
Definition cf_file.c:148
cf_file_check_err_t
cf_file_check_err_t
Results of file checks.
Definition cf_file.h:45
CF_FILE_OK
@ CF_FILE_OK
File checks passed.
Definition cf_file.h:46
CF_FILE_NO_PERMISSION
@ CF_FILE_NO_PERMISSION
Requested permissions not set.
Definition cf_file.h:47
CF_FILE_NO_UNIX_SOCKET
@ CF_FILE_NO_UNIX_SOCKET
File is not a unix socket.
Definition cf_file.h:49
CF_FILE_OTHER_ERROR
@ CF_FILE_OTHER_ERROR
Other error occurred checking permissions.
Definition cf_file.h:50
CF_FILE_NO_EXIST
@ CF_FILE_NO_EXIST
File does not exist.
Definition cf_file.h:48
conf_parser_s::on_read
cf_parse_t on_read
Function to call as the item is being read, just after it has been allocated and initialized.
Definition cf_parse.h:626
conf_parser_s
Defines a CONF_PAIR to C data type mapping.
Definition cf_parse.h:606
cf_file_t::cs
CONF_SECTION * cs
CONF_SECTION associated with the file.
Definition cf_priv.h:168
cf_section::item
CONF_ITEM item
Common set of fields.
Definition cf_priv.h:107
cf_item::parent
CONF_ITEM * parent
Parent.
Definition cf_priv.h:61
cf_section::name2_quote
fr_token_t name2_quote
The type of quoting around name2.
Definition cf_priv.h:112
cf_section::name2
char const * name2
Second name token. Given foo bar {} would be bar.
Definition cf_priv.h:110
cf_section::allow_locals
bool allow_locals
allow local variables
Definition cf_priv.h:121
cf_section::argc
int argc
number of additional arguments
Definition cf_priv.h:114
cf_pair::attr
char const * attr
Attribute name.
Definition cf_priv.h:80
cf_item::referenced
bool referenced
Was this item referenced in the config?
Definition cf_priv.h:69
cf_pair::rhs_quote
fr_token_t rhs_quote
Value Quoting style T_(DOUBLE|SINGLE|BACK)_QUOTE_STRING or T_BARE_WORD.
Definition cf_priv.h:85
cf_pair::value
char const * value
Attribute value.
Definition cf_priv.h:81
cf_section::unlang
cf_unlang_t unlang
Definition cf_priv.h:120
cf_section::name1
char const * name1
First name token. Given foo bar {} would be foo.
Definition cf_priv.h:109
CF_UNLANG_MODULES
@ CF_UNLANG_MODULES
this section is in "modules", allow unlang 2 down
Definition cf_priv.h:96
CF_UNLANG_NONE
@ CF_UNLANG_NONE
no unlang
Definition cf_priv.h:92
CF_UNLANG_CAN_HAVE_UPDATE
@ CF_UNLANG_CAN_HAVE_UPDATE
can have "update"
Definition cf_priv.h:100
CF_UNLANG_ALLOW
@ CF_UNLANG_ALLOW
allow unlang in this section
Definition cf_priv.h:93
CF_UNLANG_POLICY
@ CF_UNLANG_POLICY
this section is a policy, allow unlang 2 down
Definition cf_priv.h:95
CF_UNLANG_ASSIGNMENT
@ CF_UNLANG_ASSIGNMENT
only assignments inside of map / update
Definition cf_priv.h:98
CF_UNLANG_EDIT
@ CF_UNLANG_EDIT
only edit commands
Definition cf_priv.h:97
CF_UNLANG_DICTIONARY
@ CF_UNLANG_DICTIONARY
only local variable definitions
Definition cf_priv.h:99
CF_UNLANG_SERVER
@ CF_UNLANG_SERVER
this section is a virtual server, allow unlang 2 down
Definition cf_priv.h:94
cf_section::argv_quote
fr_token_t * argv_quote
Definition cf_priv.h:116
cf_pair::op
fr_token_t op
Operator e.g. =, :=.
Definition cf_priv.h:83
cf_pair::item
CONF_ITEM item
Common set of fields.
Definition cf_priv.h:78
cf_pair::pass2
bool pass2
do expansion in pass2.
Definition cf_priv.h:87
cf_item::filename
char const * filename
The file the config item was parsed from.
Definition cf_priv.h:71
cf_file_t::buf
struct stat buf
stat about the file
Definition cf_priv.h:169
cf_section::at_reference
bool at_reference
this thing was created from an ...
Definition cf_priv.h:122
_cf_expand_variables
bool _cf_expand_variables(void)
Definition cf_util.c:837
_cf_preserve_comments
bool _cf_preserve_comments(void)
Definition cf_util.c:817
cf_section::template
CONF_SECTION * template
Definition cf_priv.h:124
cf_file_t::filename
char const * filename
name of the file
Definition cf_priv.h:167
cf_comment::text
char const * text
Comment text, with the leading # and any surrounding whitespace stripped.
Definition cf_priv.h:148
CONF_ITEM_PAIR
@ CONF_ITEM_PAIR
Definition cf_priv.h:41
CONF_ITEM_SECTION
@ CONF_ITEM_SECTION
Definition cf_priv.h:42
CONF_ITEM_COMMENT
@ CONF_ITEM_COMMENT
A # ... line preserved verbatim from the input - only created when the parser is asked to keep commen...
Definition cf_priv.h:44
cf_section::argv
char const ** argv
additional arguments
Definition cf_priv.h:115
cf_pair::lhs_quote
fr_token_t lhs_quote
Name quoting style T_(DOUBLE|SINGLE|BACK)_QUOTE_STRING or T_BARE_WORD.
Definition cf_priv.h:84
cf_item::lineno
int lineno
The line number the config item began on.
Definition cf_priv.h:70
cf_item::type
CONF_ITEM_TYPE type
Whether the config item is a config_pair, conf_section or cf_data.
Definition cf_priv.h:66
cf_comment
A # ... comment line preserved verbatim from the input.
Definition cf_priv.h:145
cf_data
Internal data that is associated with a configuration section.
Definition cf_priv.h:155
cf_file_t
Definition cf_priv.h:165
cf_item
Common header for all CONF_* types.
Definition cf_priv.h:54
cf_pair
Configuration AVP similar to a fr_pair_t.
Definition cf_priv.h:77
cf_section
A section grouping multiple CONF_PAIR.
Definition cf_priv.h:106
cf_pair_dup
CONF_PAIR * cf_pair_dup(CONF_SECTION *parent, CONF_PAIR *cp, bool copy_meta)
Duplicate a CONF_PAIR.
Definition cf_util.c:1476
cf_section_name2
char const * cf_section_name2(CONF_SECTION const *cs)
Return the second identifier of a CONF_SECTION.
Definition cf_util.c:1352
cf_data_value
void * cf_data_value(CONF_DATA const *cd)
Return the user assigned value of CONF_DATA.
Definition cf_util.c:1906
cf_section_to_item
CONF_ITEM * cf_section_to_item(CONF_SECTION const *cs)
Cast a CONF_SECTION to a CONF_ITEM.
Definition cf_util.c:746
cf_pair_alloc
CONF_PAIR * cf_pair_alloc(CONF_SECTION *parent, char const *attr, char const *value, fr_token_t op, fr_token_t lhs_quote, fr_token_t rhs_quote)
Allocate a CONF_PAIR.
Definition cf_util.c:1434
cf_section_name1
char const * cf_section_name1(CONF_SECTION const *cs)
Return the first identifier of a CONF_SECTION.
Definition cf_util.c:1338
cf_section_find
CONF_SECTION * cf_section_find(CONF_SECTION const *cs, char const *name1, char const *name2)
Find a CONF_SECTION with name1 and optionally name2.
Definition cf_util.c:1194
cf_item_to_section
CONF_SECTION * cf_item_to_section(CONF_ITEM const *ci)
Cast a CONF_ITEM to a CONF_SECTION.
Definition cf_util.c:692
cf_pair_find
CONF_PAIR * cf_pair_find(CONF_SECTION const *cs, char const *attr)
Search for a CONF_PAIR with a specific name.
Definition cf_util.c:1587
cf_comment_alloc
CONF_COMMENT * cf_comment_alloc(CONF_SECTION *parent, char const *text)
Allocate a new comment item attached to parent.
Definition cf_util.c:842
cf_item_to_comment
CONF_COMMENT * cf_item_to_comment(CONF_ITEM const *ci)
Cast a CONF_ITEM to a CONF_COMMENT (asserts on type mismatch).
Definition cf_util.c:779
cf_item_is_section
bool cf_item_is_section(CONF_ITEM const *ci)
Determine if CONF_ITEM is a CONF_SECTION.
Definition cf_util.c:626
cf_section_dup
CONF_SECTION * cf_section_dup(TALLOC_CTX *ctx, CONF_SECTION *parent, CONF_SECTION const *cs, char const *name1, char const *name2, bool copy_meta)
Duplicate a configuration section.
Definition cf_util.c:1032
cf_item_to_pair
CONF_PAIR * cf_item_to_pair(CONF_ITEM const *ci)
Cast a CONF_ITEM to a CONF_PAIR.
Definition cf_util.c:672
cf_pair_value
char const * cf_pair_value(CONF_PAIR const *pair)
Return the value of a CONF_PAIR.
Definition cf_util.c:1746
cf_pair_to_item
CONF_ITEM * cf_pair_to_item(CONF_PAIR const *cp)
Cast a CONF_PAIR to a CONF_ITEM.
Definition cf_util.c:730
cf_log_err
#define cf_log_err(_cf, _fmt,...)
Definition cf_util.h:345
cf_lineno
#define cf_lineno(_cf)
Definition cf_util.h:121
cf_data_add
#define cf_data_add(_cf, _data, _name, _free)
Definition cf_util.h:311
cf_data_find
#define cf_data_find(_cf, _type, _name)
Definition cf_util.h:300
cf_lineno_set
#define cf_lineno_set(_ci, _lineno)
Definition cf_util.h:186
cf_root
#define cf_root(_cf)
Definition cf_util.h:115
cf_parent
#define cf_parent(_cf)
Definition cf_util.h:118
cf_canonicalize_error
#define cf_canonicalize_error(_ci, _slen, _msg, _str)
Definition cf_util.h:423
cf_log_perr
#define cf_log_perr(_cf, _fmt,...)
Definition cf_util.h:352
cf_section_alloc
#define cf_section_alloc(_ctx, _parent, _name1, _name2)
Definition cf_util.h:201
CF_TO_ITEM
#define CF_TO_ITEM(_cf)
Auto cast from the input type to CONF_ITEM (which is the base type)
Definition cf_util.h:65
cf_item_foreach
#define cf_item_foreach(_parent, _iter)
Iterate over every child item of a CONF_SECTION (or any CONF_ITEM that has children).
Definition cf_util.h:109
cf_filename_set
#define cf_filename_set(_ci, _filename)
Definition cf_util.h:183
cf_log_warn
#define cf_log_warn(_cf, _fmt,...)
Definition cf_util.h:346
cf_log_debug
#define cf_log_debug(_cf, _fmt,...)
Definition cf_util.h:348
MEM
#define MEM(x)
Definition debug.h:36
ERROR
#define ERROR(fmt,...)
Definition dhcpclient.c:40
value
Test enumeration values.
Definition dict_test.h:92
fr_heap_insert
int fr_heap_insert(fr_heap_t **hp, void *data)
Insert a new element into the heap.
Definition heap.c:146
fr_heap_pop
void * fr_heap_pop(fr_heap_t **hp)
Remove a node from the heap.
Definition heap.c:325
fr_heap_index_t
unsigned int fr_heap_index_t
Definition heap.h:80
fr_heap_alloc
#define fr_heap_alloc(_ctx, _cmp, _type, _field, _init)
Creates a heap that can be used with non-talloced elements.
Definition heap.h:100
FR_HEAP_INDEX_INVALID
#define FR_HEAP_INDEX_INVALID
Definition heap.h:83
fr_heap_t
The main heap structure.
Definition heap.h:66
talloc_free
talloc_free(hp)
PERROR
#define PERROR(_fmt,...)
Definition log.h:228
DEBUG_ENABLED2
#define DEBUG_ENABLED2
True if global debug level 1-2 messages are enabled.
Definition log.h:258
fr_dirfd
int fr_dirfd(int *dirfd, char const **filename, char const *pathname)
From a pathname, return fd and filename needed for *at() functions.
Definition file.c:411
fr_canonicalize_error
void fr_canonicalize_error(TALLOC_CTX *ctx, char **sp, char **text, ssize_t slen, char const *fmt)
Canonicalize error strings, removing tabs, and generate spaces for error marker.
Definition log.c:105
stack
static char * stack[MAX_STACK]
Definition radmin.c:158
fr_md5_final
#define fr_md5_final(_out, _ctx)
Finalise the ctx, producing the digest.
Definition md5.h:90
fr_md5_ctx_alloc
#define fr_md5_ctx_alloc()
Allocation function for MD5 digest context.
Definition md5.h:68
fr_md5_ctx_t
void fr_md5_ctx_t
Definition md5.h:25
fr_md5_update
#define fr_md5_update(_ctx, _in, _inlen)
Ingest plaintext into the digest.
Definition md5.h:83
fr_md5_ctx_free
#define fr_md5_ctx_free(_ctx)
Free function for MD5 digest ctx.
Definition md5.h:75
MD5_DIGEST_LENGTH
#define MD5_DIGEST_LENGTH
Definition merged_model.c:242
fr_type_t
fr_type_t
Definition merged_model.c:80
FR_TYPE_TLV
@ FR_TYPE_TLV
Contains nested attributes.
Definition merged_model.c:118
FR_TYPE_MAX
@ FR_TYPE_MAX
Number of defined data types.
Definition merged_model.c:130
FR_TYPE_NULL
@ FR_TYPE_NULL
Invalid (uninitialised) attribute type.
Definition merged_model.c:81
FR_TYPE_VALUE_BOX
@ FR_TYPE_VALUE_BOX
A boxed value.
Definition merged_model.c:125
FR_TYPE_VOID
@ FR_TYPE_VOID
User data.
Definition merged_model.c:127
FR_TYPE_GROUP
@ FR_TYPE_GROUP
A grouping of other attributes.
Definition merged_model.c:124
ssize_t
long int ssize_t
Definition merged_model.c:24
uint8_t
unsigned char uint8_t
Definition merged_model.c:30
size_t
unsigned long int size_t
Definition merged_model.c:25
depth
static uint8_t depth(fr_minmax_heap_index_t i)
Definition minmax_heap.c:83
strncasecmp
int strncasecmp(char *s1, char *s2, int n)
Definition missing.c:35
fr_perm_file_error
void fr_perm_file_error(int num)
Write a file access error to the fr_strerror buffer, including euid/egid.
Definition perm.c:533
fr_snprint
size_t fr_snprint(char *out, size_t outlen, char const *in, ssize_t inlen, char quote)
Escape any non printable or non-UTF8 characters in the input string.
Definition print.c:237
fr_assert
#define fr_assert(_expr)
Definition rad_assert.h:37
WARN
#define WARN(fmt,...)
Definition radclient-ng.h:47
spaces
static const char * spaces
Definition radict.c:177
op_token
static fr_token_t op_token(char const *s)
Definition radjson2conf.c:49
fr_rb_find
void * fr_rb_find(fr_rb_tree_t const *tree, void const *data)
Find an element in the tree, returning the data, not the node.
Definition rb.c:577
fr_rb_insert
bool fr_rb_insert(fr_rb_tree_t *tree, void const *data)
Insert data into a tree.
Definition rb.c:626
fr_rb_inline_talloc_alloc
#define fr_rb_inline_talloc_alloc(_ctx, _type, _field, _data_cmp, _data_free)
Allocs a red black that verifies elements are of a specific talloc type.
Definition rb.h:244
fr_rb_tree_s
The main red black tree structure.
Definition rb.h:71
RLM_MODULE_NUMCODES
@ RLM_MODULE_NUMCODES
How many valid return codes there are.
Definition rcode.h:57
name
static char const * name
Definition rlm_redis_ippool_tool.c:156
SBUFF_CHAR_CLASS
#define SBUFF_CHAR_CLASS
Definition sbuff.h:203
FR_SBUFF_OUT
#define FR_SBUFF_OUT(_start, _len_or_end)
tmpl_preparse
ssize_t tmpl_preparse(char const **out, size_t *outlen, char const *in, size_t inlen, fr_token_t *type))
Preparse a string in preparation for passing it to tmpl_afrom_substr()
Definition tmpl_tokenize.c:5511
buff
static char buff[sizeof("18446744073709551615")+3]
Definition size_tests.c:37
fr_skip_condition
ssize_t fr_skip_condition(char const *start, char const *end, bool const terminal[static SBUFF_CHAR_CLASS], bool *eol)
Skip a conditional expression.
Definition skip.c:317
fr_skip_xlat
ssize_t fr_skip_xlat(char const *start, char const *end)
Skip an xlat expression.
Definition skip.c:296
fr_skip_whitespace
#define fr_skip_whitespace(_p)
Skip whitespace ('\t', '\n', '\v', '\f', '\r', ' ')
Definition skip.h:36
snprintf
PUBLIC int snprintf(char *string, size_t length, char *format, va_alist)
Definition snprintf.c:689
type
fr_aka_sim_id_type_t type
Definition state_machine.c:3648
strlcpy
size_t strlcpy(char *dst, char const *src, size_t siz)
Definition strlcpy.c:34
fr_syserror
char const * fr_syserror(int num)
Guaranteed to be thread-safe version of strerror.
Definition syserror.c:243
fr_table_value_by_longest_prefix
#define fr_table_value_by_longest_prefix(_match_len, _table, _name, _name_len, _def)
Find the longest string match using a sorted or ordered table.
Definition table.h:764
fr_table_value_by_str
#define fr_table_value_by_str(_table, _name, _def)
Convert a string to a value using a sorted or ordered table.
Definition table.h:685
fr_table_str_by_value
#define fr_table_str_by_value(_table, _number, _def)
Convert an integer to a string.
Definition table.h:804
fr_table_num_sorted_t
An element in a lexicographically sorted array of name to num mappings.
Definition table.h:49
fr_table_ptr_sorted_t
An element in a lexicographically sorted array of name to ptr mappings.
Definition table.h:65
talloc_bstrndup
char * talloc_bstrndup(TALLOC_CTX *ctx, char const *in, size_t inlen)
Binary safe strndup function.
Definition talloc.c:618
talloc_strndup
#define talloc_strndup(_ctx, _str, _len)
Definition talloc.h:150
talloc_const_free
static int talloc_const_free(void const *ptr)
Free const'd memory.
Definition talloc.h:254
talloc_strdup
#define talloc_strdup(_ctx, _str)
Definition talloc.h:149
talloc_strlen
static size_t talloc_strlen(char const *s)
Returns the length of a talloc array containing a string.
Definition talloc.h:143
fr_assignment_op
const bool fr_assignment_op[T_TOKEN_LAST]
Definition token.c:236
fr_list_assignment_op
const bool fr_list_assignment_op[T_TOKEN_LAST]
Definition token.c:253
gettoken
fr_token_t gettoken(char const **ptr, char *buf, int buflen, bool unescape)
Definition token.c:536
fr_tokens_table
fr_table_num_ordered_t const fr_tokens_table[]
Definition token.c:33
fr_str_tok
const bool fr_str_tok[T_TOKEN_LAST]
Definition token.c:299
getword
int getword(char const **ptr, char *buf, int buflen, bool unescape)
Definition token.c:527
fr_token_t
enum fr_token fr_token_t
T_OP_SUB_EQ
@ T_OP_SUB_EQ
Definition token.h:68
T_INVALID
@ T_INVALID
Definition token.h:37
T_OP_DIV_EQ
@ T_OP_DIV_EQ
Definition token.h:70
T_EOL
@ T_EOL
Definition token.h:38
T_SINGLE_QUOTED_STRING
@ T_SINGLE_QUOTED_STRING
Definition token.h:120
T_OP_AND_EQ
@ T_OP_AND_EQ
Definition token.h:72
T_OP_CMP_TRUE
@ T_OP_CMP_TRUE
Definition token.h:102
T_BARE_WORD
@ T_BARE_WORD
Definition token.h:118
T_OP_EQ
@ T_OP_EQ
Definition token.h:81
T_OP_MUL_EQ
@ T_OP_MUL_EQ
Definition token.h:69
T_BACK_QUOTED_STRING
@ T_BACK_QUOTED_STRING
Definition token.h:121
T_HASH
@ T_HASH
Definition token.h:117
T_OP_SET
@ T_OP_SET
Definition token.h:82
T_OP_NE
@ T_OP_NE
Definition token.h:95
T_OP_ADD_EQ
@ T_OP_ADD_EQ
Definition token.h:67
T_OP_CMP_FALSE
@ T_OP_CMP_FALSE
Definition token.h:103
T_OP_LSHIFT_EQ
@ T_OP_LSHIFT_EQ
Definition token.h:75
T_OP_RSHIFT_EQ
@ T_OP_RSHIFT_EQ
Definition token.h:74
T_DOUBLE_QUOTED_STRING
@ T_DOUBLE_QUOTED_STRING
Definition token.h:119
T_OP_CMP_EQ
@ T_OP_CMP_EQ
Definition token.h:104
T_OP_LE
@ T_OP_LE
Definition token.h:98
T_OP_GE
@ T_OP_GE
Definition token.h:96
T_OP_GT
@ T_OP_GT
Definition token.h:97
T_OP_OR_EQ
@ T_OP_OR_EQ
Definition token.h:71
T_OP_LT
@ T_OP_LT
Definition token.h:99
T_OP_PREPEND
@ T_OP_PREPEND
Definition token.h:83
parent
static fr_slen_t parent
Definition pair.h:858
fr_strerror
char const * fr_strerror(void)
Get the last library error.
Definition strerror.c:558
fr_strerror_clear
void fr_strerror_clear(void)
Clears all pending messages from the talloc pools.
Definition strerror.c:581
fr_strerror_printf
#define fr_strerror_printf(_fmt,...)
Log to thread local error buffer.
Definition strerror.h:64
fr_strerror_printf_push
#define fr_strerror_printf_push(_fmt,...)
Add a message to an existing stack of messages at the tail.
Definition strerror.h:84
fr_strerror_const
#define fr_strerror_const(_msg)
Definition strerror.h:223
fr_type_table
fr_table_num_ordered_t const fr_type_table[]
Map data types to names representing those types.
Definition types.c:31
fr_type_is_leaf
#define fr_type_is_leaf(_x)
Definition types.h:393
fr_type_to_str
static char const * fr_type_to_str(fr_type_t type)
Return a static string containing the type name.
Definition types.h:454
fr_type_from_str
static fr_type_t fr_type_from_str(char const *type)
Return the constant value representing a type.
Definition types.h:479
inlen
static size_t char fr_sbuff_t size_t inlen
Definition value.h:1030
out
static size_t char ** out
Definition value.h:1030
Generated by   doxygen 1.9.8