The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
Enumerations | Functions
cf_file.h File Reference

Parse on-disk text based config files into the FreeRADIUS internal format. More...

#include <stddef.h>
#include <stdint.h>
#include <freeradius-devel/server/cf_util.h>
#include <freeradius-devel/util/rb.h>
#include <freeradius-devel/util/syserror.h>
#include <freeradius-devel/util/table.h>
#include <freeradius-devel/util/print.h>
+ Include dependency graph for cf_file.h:

Go to the source code of this file.

Enumerations

enum  cf_file_check_err_t {
  CF_FILE_OK = 0 ,
  CF_FILE_NO_PERMISSION = -1 ,
  CF_FILE_NO_EXIST = -2 ,
  CF_FILE_NO_UNIX_SOCKET = -3 ,
  CF_FILE_OTHER_ERROR = -4
}
 Results of file checks. More...
 

Functions

char const * cf_expand_variables (char const *filename, int lineno, CONF_SECTION *outer_cs, char *output, size_t outsize, char const *input, ssize_t inlen, bool *soft_fail, bool soft_fail_env)
 
cf_file_check_err_t cf_file_check (CONF_PAIR *cp, bool check_perms)
 Do some checks on the file as an "input" file.
 
cf_file_check_err_t cf_file_check_effective (char const *filename, cf_file_check_err_t(*cb)(char const *filename, void *uctx), void *uctx)
 Perform an operation with the effect/group set to conf_check_gid and conf_check_uid.
 
cf_file_check_err_t cf_file_check_open_read (char const *filename, void *uctx)
 Callback for cf_file_check to open a file and check permissions.
 
void cf_file_check_set_uid_gid (uid_t uid, gid_t gid)
 Set the euid/egid used when performing file checks.
 
cf_file_check_err_t cf_file_check_unix_connect (char const *filename, UNUSED void *uctx)
 Check if we can connect to a unix socket.
 
cf_file_check_err_t cf_file_check_unix_perm (char const *filename, UNUSED void *uctx)
 Check if file exists, and is a socket.
 
void cf_file_free (CONF_SECTION *cs)
 
int cf_file_read (CONF_SECTION *cs, char const *file, bool root)
 
void cf_md5_final (uint8_t *digest)
 
void cf_md5_init (void)
 
int cf_pair_write (FILE *fp, CONF_PAIR *cp)
 
CONF_ITEMcf_reference_item (CONF_SECTION const *parentcs, CONF_SECTION const *outercs, char const *ptr)
 
int cf_section_pass2 (CONF_SECTION *cs)
 
void cf_section_set_unlang (CONF_SECTION *cs)
 
int cf_section_write (FILE *fp, CONF_SECTION *cs, int depth)
 
int cf_section_write_children (FILE *fp, CONF_SECTION *cs, int depth)
 Emit the children of a section at depth without an enclosing { ... }.
 

Detailed Description

Parse on-disk text based config files into the FreeRADIUS internal format.

Id
b243ed7b1fa9a5777bca2356fdbe0bf81a57ab45
Copyright
2017 The FreeRADIUS server project

Definition in file cf_file.h.

Enumeration Type Documentation

◆ cf_file_check_err_t

enum cf_file_check_err_t

Results of file checks.

Enumerator
CF_FILE_OK 

File checks passed.

CF_FILE_NO_PERMISSION 

Requested permissions not set.

CF_FILE_NO_EXIST 

File does not exist.

CF_FILE_NO_UNIX_SOCKET 

File is not a unix socket.

CF_FILE_OTHER_ERROR 

Other error occurred checking permissions.

Definition at line 45 of file cf_file.h.

Function Documentation

◆ cf_expand_variables()

char const * cf_expand_variables ( char const *  filename,
int  lineno,
CONF_SECTION outer_cs,
char *  output,
size_t  outsize,
char const *  input,
ssize_t  inlen,
bool soft_fail,
bool  soft_fail_env 
)

Definition at line 162 of file cf_file.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ cf_file_check()

cf_file_check_err_t cf_file_check ( CONF_PAIR cp,
bool  check_perms 
)

Do some checks on the file as an "input" file.

i.e. one read by a module.

Note
Must be called with super user privileges.
Parameters
cpcurrently being processed.
check_permsIf true - will return error if file is world readable, or not readable by the unprivileged user/group.
Returns
  • CF_FILE_OK if the socket exists and is a socket.
  • CF_FILE_NO_EXIST if the file doesn't exist.
  • CF_FILE_NO_PERMISSION if the file exists but is not accessible.
  • CF_FILE_OTHER_ERROR any other error.

Definition at line 922 of file cf_file.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ cf_file_check_effective()

cf_file_check_err_t cf_file_check_effective ( char const *  filename,
cf_file_check_err_t(*)(char const *filename, void *uctx)  cb,
void *  uctx 
)

Perform an operation with the effect/group set to conf_check_gid and conf_check_uid.

Parameters
filenameCONF_PAIR for the file being checked
cbcallback function to perform the check
uctxuser context for the callback
Returns
  • CF_FILE_OTHER_ERROR if there was a problem modifying permissions
  • The return value from the callback

Definition at line 693 of file cf_file.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ cf_file_check_open_read()

cf_file_check_err_t cf_file_check_open_read ( char const *  filename,
void *  uctx 
)

Callback for cf_file_check to open a file and check permissions.

This is used to check if a file exists, and is readable by the unprivileged user/group.

Parameters
filenamecurrently being processed.
uctxuser context, which is a pointer to cf_file_t
Returns
  • CF_FILE_OK if the file exists and is readable.
  • CF_FILE_NO_EXIST if the file does not exist.
  • CF_FILE_NO_PERMISSION if the file exists but is not accessible.
  • CF_FILE_OTHER_ERROR if there was any other error.

Definition at line 872 of file cf_file.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ cf_file_check_set_uid_gid()

void cf_file_check_set_uid_gid ( uid_t  uid,
gid_t  gid 
)

Set the euid/egid used when performing file checks.

Sets the euid, and egid used when cf_file_check is called to check permissions on conf items of type CONF_FLAG_FILE_READABLE

Note
This is probably only useful for the freeradius daemon itself.
Parameters
uidto set, (uid_t)-1 to use current euid.
gidto set, (gid_t)-1 to use current egid.

Definition at line 678 of file cf_file.c.

◆ cf_file_check_unix_connect()

cf_file_check_err_t cf_file_check_unix_connect ( char const *  filename,
UNUSED void *  uctx 
)

Check if we can connect to a unix socket.

Parameters
[in]filenameCONF_PAIR for the unix socket path
[in]uctxuser context, not used
Returns
  • CF_FILE_OK if the socket exists and is a socket.
  • CF_FILE_NO_EXIST if the file doesn't exist.
  • CF_FILE_NO_PERMISSION if the file exists but is not accessible.
  • CF_FILE_NO_UNIX_SOCKET if the file exists but is not a socket.
  • CF_FILE_OTHER_ERROR any other error.

Definition at line 753 of file cf_file.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ cf_file_check_unix_perm()

cf_file_check_err_t cf_file_check_unix_perm ( char const *  filename,
UNUSED void *  uctx 
)

Check if file exists, and is a socket.

Parameters
[in]filenameCONF_PAIR for the unix socket path
[in]uctxuser context, not used
Returns
  • CF_FILE_OK if the socket exists and is a socket.
  • CF_FILE_NO_EXIST if the file doesn't exist.
  • CF_FILE_NO_PERMISSION if the file exists but is not accessible.
  • CF_FILE_NO_UNIX_SOCKET if the file exists but is not a socket.
  • CF_FILE_OTHER_ERROR any other error.

Definition at line 826 of file cf_file.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ cf_file_free()

void cf_file_free ( CONF_SECTION cs)

Definition at line 3792 of file cf_file.c.

+ Here is the call graph for this function:

◆ cf_file_read()

int cf_file_read ( CONF_SECTION cs,
char const *  file,
bool  root 
)

Definition at line 3710 of file cf_file.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ cf_md5_final()

void cf_md5_final ( uint8_t digest)

Definition at line 3341 of file cf_file.c.

+ Here is the caller graph for this function:

◆ cf_md5_init()

void cf_md5_init ( void  )

Definition at line 3328 of file cf_file.c.

+ Here is the caller graph for this function:

◆ cf_pair_write()

int cf_pair_write ( FILE *  fp,
CONF_PAIR cp 
)

Definition at line 3832 of file cf_file.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ cf_reference_item()

CONF_ITEM * cf_reference_item ( CONF_SECTION const *  parentcs,
CONF_SECTION const *  outercs,
char const *  ptr 
)

Definition at line 3964 of file cf_file.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ cf_section_pass2()

int cf_section_pass2 ( CONF_SECTION cs)

Definition at line 984 of file cf_file.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ cf_section_set_unlang()

void cf_section_set_unlang ( CONF_SECTION cs)

Definition at line 4202 of file cf_file.c.

+ Here is the caller graph for this function:

◆ cf_section_write()

int cf_section_write ( FILE *  fp,
CONF_SECTION cs,
int  depth 
)

Definition at line 3848 of file cf_file.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ cf_section_write_children()

int cf_section_write_children ( FILE *  fp,
CONF_SECTION cs,
int  depth 
)

Emit the children of a section at depth without an enclosing { ... }.

cf_section_write wraps a section in name { ... }; this helper writes only the children at the requested indent, which is what tools like radjson2conf -r need: rendering a synthetic-root section as a file-scope fragment ready to be $INCLUDEd at any depth.

Blank lines in the source come back through as NULL-text CONF_ITEM_COMMENT markers, so the writer doesn't have to synthesise its own separators - just emit what's there. Consecutive blank markers collapse to a single blank line on output so artifacts from upstream tooling (deletes that left their preceding blank behind, splits that introduced extra spacers) don't accumulate as visible whitespace.

Definition at line 3903 of file cf_file.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:
Generated by   doxygen 1.9.8