#include <freeradius-devel/server/base.h>
#include <freeradius-devel/server/stats.h>
#include <freeradius-devel/server/util.h>
#include <freeradius-devel/util/debug.h>
#include <freeradius-devel/util/base16.h>
#include <freeradius-devel/util/misc.h>
#include <freeradius-devel/util/perm.h>
#include <freeradius-devel/util/syserror.h>
#include <freeradius-devel/unlang/xlat.h>
#include <fcntl.h>
#include <signal.h>
#include <sys/stat.h>

Include dependency graph for util.c:

Functions
char *	rad_ajoin (TALLOC_CTX ctx, char const *argv, int argc, char c)
	talloc a buffer to hold the concatenated value of all elements of argv

static int	rad_copy_string (char to, char const from)

static int	rad_copy_string_bare (char to, char const from)

static int	rad_copy_variable (char to, char const from)

int	rad_expand_xlat (request_t request, char const cmd, int max_argc, char const argv[], bool can_fail, size_t argv_buflen, char argv_buf)
	Split string into words and expand each one.

int	rad_filename_box_escape (fr_value_box_t vb, UNUSED void uxtc)

int	rad_filename_box_make_safe (fr_value_box_t vb, UNUSED void uxtc)

ssize_t	rad_filename_escape (UNUSED request_t request, char out, size_t outlen, char const in, UNUSED void arg)
	Escapes the raw string such that it should be safe to use as part of a file path.

ssize_t	rad_filename_make_safe (UNUSED request_t request, char out, size_t outlen, char const in, UNUSED void arg)
	Ensures that a filename cannot walk up the directory structure.

ssize_t	rad_filename_unescape (char out, size_t outlen, char const in, size_t inlen)
	Converts data stored in a file name back to its original form.

uint32_t	rad_pps (uint32_t past, uint32_t present, time_t then, struct timeval now)

int	rad_segid (gid_t gid)
	Alter the effective user id.

int	rad_seuid (uid_t uid)
	Alter the effective user id.

void	rad_suid_down (void)

void	rad_suid_down_permanent (void)

bool	rad_suid_is_down_permanent (void)
	Return whether we've permanently dropped root privileges.

void	rad_suid_set_down_uid (uid_t uid)

void	rad_suid_up (void)

Variables
void(*)(int)	reset_signal (int signo, void(*func)(int))

static bool	suid_down_permanent = false
	Record whether we've permanently dropped privilledges.

Function Documentation

◆ rad_ajoin()

char * rad_ajoin	(	TALLOC_CTX *	ctx,
		char const **	argv,
		int	argc,
		char	c
	)

talloc a buffer to hold the concatenated value of all elements of argv

Parameters

ctx	to allocate buffer in.
argv	array of substrings.
argc	length of array.
c	separation character. Optional, may be '\0' for no separator.

Returns: the concatenation of the elements of argv, separated by c.

Definition at line 398 of file util.c.

Here is the call graph for this function:

◆ rad_copy_string()

static int rad_copy_string	(	char *	to,
		char const *	from
	)

static

Definition at line 436 of file util.c.

Here is the caller graph for this function:

◆ rad_copy_string_bare()

static int rad_copy_string_bare	(	char *	to,
		char const *	from
	)

static

Definition at line 464 of file util.c.

Here is the caller graph for this function:

◆ rad_copy_variable()

static int rad_copy_variable	(	char *	to,
		char const *	from
	)

static

Definition at line 490 of file util.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ rad_expand_xlat()

int rad_expand_xlat	(	request_t *	request,
		char const *	cmd,
		int	max_argc,
		char const *	argv[],
		bool	can_fail,
		size_t	argv_buflen,
		char *	argv_buf
	)

Split string into words and expand each one.

Parameters

request	Current request.
cmd	string to split.
max_argc	the maximum number of arguments to split into.
argv	Where to write the pointers into argv_buf.
can_fail	If false, stop processing if any of the xlat expansions fail.
argv_buflen	size of argv_buf.
argv_buf	temporary buffer we used to mangle/expand cmd. Pointers to offsets of this buffer will be written to argv.

Returns: argc or -1 on failure.

Definition at line 599 of file util.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ rad_filename_box_escape()

int rad_filename_box_escape	(	fr_value_box_t *	vb,
		UNUSED void *	uxtc
	)

Definition at line 292 of file util.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ rad_filename_box_make_safe()

int rad_filename_box_make_safe	(	fr_value_box_t *	vb,
		UNUSED void *	uxtc
	)

Definition at line 167 of file util.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ rad_filename_escape()

ssize_t rad_filename_escape	(	UNUSED request_t *	request,
		char *	out,
		size_t	outlen,
		char const *	in,
		UNUSED void *	arg
	)

Escapes the raw string such that it should be safe to use as part of a file path.

This function is designed to produce a string that's still readable but portable across the majority of file systems.

For security reasons it cannot remove characters from the name, and must not allow collisions to occur between different strings.

With that in mind '-' has been chosen as the escape character, and will be double escaped '-' -> '–' to avoid collisions.

Escaping should be reversible if the original string needs to be extracted.

Note: function takes additional arguments so that it may be used as an xlat escape function but it's fine to call it directly.; OSX/Unix/NTFS/VFAT have a max filename size of 255 bytes.

Parameters

request	Current request (may be NULL).
out	Output buffer.
outlen	Size of the output buffer.
in	string to escape.
arg	Context arguments (unused, should be NULL).

Definition at line 216 of file util.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ rad_filename_make_safe()

ssize_t rad_filename_make_safe	(	UNUSED request_t *	request,
		char *	out,
		size_t	outlen,
		char const *	in,
		UNUSED void *	arg
	)

Ensures that a filename cannot walk up the directory structure.

Also sanitizes control chars.

Parameters

request	Current request (may be NULL).
out	Output buffer.
outlen	Size of the output buffer.
in	string to escape.
arg	Context arguments (unused, should be NULL).

Definition at line 96 of file util.c.

Here is the caller graph for this function:

◆ rad_filename_unescape()

ssize_t rad_filename_unescape	(	char *	out,
		size_t	outlen,
		char const *	in,
		size_t	inlen
	)

Converts data stored in a file name back to its original form.

Parameters

out	Where to write the unescaped string (may be the same as in).
outlen	Length of the output buffer.
in	Input filename.
inlen	Length of input.

Returns

Number of bytes written to output buffer
offset where parse error occurred on failure.

Definition at line 336 of file util.c.

◆ rad_pps()

uint32_t rad_pps	(	uint32_t *	past,
		uint32_t *	present,
		time_t *	then,
		struct timeval *	now
	)

Definition at line 549 of file util.c.

◆ rad_segid()

int rad_segid ( gid_t gid )

Alter the effective user id.

Parameters

gid to set

Returns

0 on success.
-1 on failure.

Definition at line 951 of file util.c.

Here is the call graph for this function:

◆ rad_seuid()

int rad_seuid ( uid_t uid )

Alter the effective user id.

Parameters

uid to set

Returns

0 on success.
-1 on failure.

Definition at line 929 of file util.c.

Here is the call graph for this function:

◆ rad_suid_down()

void rad_suid_down ( void )

Definition at line 900 of file util.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ rad_suid_down_permanent()

void rad_suid_down_permanent ( void )

Definition at line 905 of file util.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ rad_suid_is_down_permanent()

bool rad_suid_is_down_permanent ( void )

Return whether we've permanently dropped root privileges.

Returns

true if root privileges have been dropped.
false if root privileges have not been dropped.

Definition at line 917 of file util.c.

Here is the caller graph for this function:

◆ rad_suid_set_down_uid()

void rad_suid_set_down_uid ( uid_t uid )

Definition at line 892 of file util.c.

◆ rad_suid_up()

void rad_suid_up ( void )

Definition at line 896 of file util.c.

Here is the caller graph for this function:

Variable Documentation

◆ reset_signal

void()(int) reset_signal(int signo, void(func)(int))	(	int	signo,
		void(*)(int)	func
	)

Definition at line 55 of file util.c.

◆ suid_down_permanent

bool suid_down_permanent = false

static

Record whether we've permanently dropped privilledges.

Definition at line 41 of file util.c.

Functions

Variables

Function Documentation

◆ rad_ajoin()

◆ rad_copy_string()

◆ rad_copy_string_bare()

◆ rad_copy_variable()

◆ rad_expand_xlat()

◆ rad_filename_box_escape()

◆ rad_filename_box_make_safe()

◆ rad_filename_escape()

◆ rad_filename_make_safe()

◆ rad_filename_unescape()

◆ rad_pps()

◆ rad_segid()

◆ rad_seuid()

◆ rad_suid_down()

◆ rad_suid_down_permanent()

◆ rad_suid_is_down_permanent()

◆ rad_suid_set_down_uid()

◆ rad_suid_up()

Variable Documentation

◆ reset_signal

◆ suid_down_permanent