The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
pair_legacy.c
Go to the documentation of this file.
1/*
2 * This library is free software; you can redistribute it and/or
3 * modify it under the terms of the GNU Lesser General Public
4 * License as published by the Free Software Foundation; either
5 * version 2.1 of the License, or (at your option) any later version.
6 *
7 * This library is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
10 * Lesser General Public License for more details.
11 *
12 * You should have received a copy of the GNU Lesser General Public
13 * License along with this library; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17/** AVP manipulation and search API
18 *
19 * @file src/lib/util/pair_legacy.c
20 *
21 * @copyright 2000,2006,2015 The FreeRADIUS server project
22 */
23RCSID("$Id: 4ea295d59c56199d8a07293646040188d1299d90 $")
24
25#include <sys/wait.h>
26
27#include <freeradius-devel/util/dict.h>
28#include <freeradius-devel/util/pair.h>
29#include <freeradius-devel/util/pair_legacy.h>
30#include <freeradius-devel/util/proto.h>
31#include <freeradius-devel/util/regex.h>
32#include <freeradius-devel/util/syserror.h>
33#include <freeradius-devel/util/sbuff.h>
34#include <freeradius-devel/util/value.h>
35
36#include <freeradius-devel/protocol/radius/rfc2865.h>
37#include <freeradius-devel/protocol/freeradius/freeradius.internal.h>
38
39static fr_sbuff_term_t const bareword_terminals =
40 FR_SBUFF_TERMS(
41 L("\t"),
42 L("\n"),
43 L(" "),
44 L("!*"),
45 L("!="),
46 L("!~"),
47 L("&&"), /* Logical operator */
48 L(")"), /* Close condition/sub-condition */
49 L("+="),
50 L("-="),
51 L(":="),
52 L("<"),
53 L("<="),
54 L("=*"),
55 L("=="),
56 L("=~"),
57 L(">"),
58 L(">="),
59 L("||"), /* Logical operator */
60 );
61
62static fr_table_num_sorted_t const pair_assignment_op_table[] = {
63 { L("+="), T_OP_ADD_EQ },
64 { L(":="), T_OP_SET },
65 { L("="), T_OP_EQ },
66};
67static ssize_t pair_assignment_op_table_len = NUM_ELEMENTS(pair_assignment_op_table);
68
69static fr_table_num_sorted_t const pair_comparison_op_table[] = {
70 { L("!*"), T_OP_CMP_FALSE },
71 { L("!="), T_OP_NE },
72 { L("!~"), T_OP_REG_NE },
73 { L("+="), T_OP_ADD_EQ },
74 { L(":="), T_OP_SET },
75 { L("<"), T_OP_LT },
76 { L("<="), T_OP_LE },
77 { L("="), T_OP_EQ },
78 { L("=*"), T_OP_CMP_TRUE },
79 { L("=="), T_OP_CMP_EQ },
80 { L("=~"), T_OP_REG_EQ },
81 { L(">"), T_OP_GT },
82 { L(">="), T_OP_GE }
83};
84static size_t pair_comparison_op_table_len = NUM_ELEMENTS(pair_comparison_op_table);
85
86/*
87 * Stop parsing bare words at whitespace, comma, or end of list.
88 *
89 * Note that we don't allow escaping of bare words here, as that screws up parsing of raw attributes with
90 * 0x... prefixes.
91 */
92static fr_sbuff_parse_rules_t const bareword_unquoted = {
93 .terminals = &FR_SBUFF_TERMS(
94 L(""),
95 L("\t"),
96 L("\n"),
97 L("\r"),
98 L(" "),
99 L(","),
100 L("}")
101 )
102};
103
104
105static ssize_t fr_pair_value_from_substr(fr_pair_parse_t const *conf, fr_pair_t *vp, fr_sbuff_t *in)
106{
107 fr_sbuff_t our_in = FR_SBUFF(in);
108 char quote;
109 ssize_t slen;
110 fr_sbuff_parse_rules_t const *rules;
111
112 if (fr_sbuff_next_if_char(&our_in, '"')) {
113 rules = &value_parse_rules_double_quoted;
114 quote = '"';
115 parse:
116 slen = fr_value_box_from_substr(vp, &vp->data, vp->da->type, vp->da, &our_in, rules);
117 } else if (fr_sbuff_next_if_char(&our_in, '\'')) {
118 rules = &value_parse_rules_single_quoted;
119 quote = '\'';
120 goto parse;
121 } else if (!fr_sbuff_next_if_char(&our_in, '`')) {
122 quote = '\0';
123 rules = &bareword_unquoted;
124 goto parse;
125 /*
126 * We _sometimes_ support backticks, depending on the
127 * source of the data. This should ONLY be used on
128 * trusted input, like config files.
129 *
130 * We don't impose arbitrary limits on exec input or
131 * output, as AGAIN this should only be used on trusted
132 * input.
133 *
134 * Only the first line of output from the process is used,
135 * and no escape sequences in the output are processed.
136 */
137 } else {
138 fr_sbuff_t *exec_in;
139 size_t exec_out_buff_len = 0;
140 ssize_t exec_out_len;
141 char *exec_out = NULL;
142 FILE *fp;
143 int ret;
144
145 if (!conf->allow_exec) {
146 fr_strerror_const("Backticks are not supported here");
147 return 0;
148 }
149
150 /*
151 * Should only be used for trusted resources, so no artificial limits
152 */
153 FR_SBUFF_TALLOC_THREAD_LOCAL(&exec_in, 1024, SIZE_MAX);
154 (void)fr_sbuff_out_unescape_until(exec_in, &our_in, SIZE_MAX, &FR_SBUFF_TERMS(L("`")), &fr_value_unescape_backtick);
155 /*
156 * Don't exec if we know we're going to fail
157 */
158 if (!fr_sbuff_is_char(&our_in, '`')) {
159 fr_strerror_const("Unterminated backtick string");
160 return 0;
161 }
162
163 fp = popen(fr_sbuff_start(exec_in), "r");
164 if (!fp) {
165 fr_strerror_printf("Cannot execute command `%pV`: %s",
166 fr_box_strvalue_len(fr_sbuff_start(exec_in), fr_sbuff_used(exec_in)),
167 fr_syserror(errno));
168 return 0;
169 }
170
171 errno = 0; /* If we get EOF immediately, we don't want to emit spurious errors */
172 exec_out_len = getline(&exec_out, &exec_out_buff_len, fp);
173 if ((exec_out_len < 0) || (exec_out == NULL)) { /* defensive */
174 fr_strerror_printf("Cannot read output from command `%pV`: %s",
175 fr_box_strvalue_len(fr_sbuff_start(exec_in), fr_sbuff_used(exec_in)),
176 fr_syserror(errno));
177 pclose(fp);
178 return 0;
179 }
180
181 /*
182 * Protect against child writing too much data to stdout,
183 * blocking, and never exiting.
184 *
185 * This is likely overly cautious for this particular use
186 * case, but it doesn't hurt.
187 */
188 {
189 char buffer[128];
190
191 while (fread(buffer, 1, sizeof(buffer), fp) > 0) { /* discard */ }
192 }
193
194 errno = 0; /* ensure we don't have stale errno */
195 ret = pclose(fp);
196 if (ret < 0) {
197 fr_strerror_printf("Error waiting for command `%pV` to finish: %s",
198 fr_box_strvalue_len(fr_sbuff_start(exec_in), fr_sbuff_used(exec_in)),
199 fr_syserror(errno));
200 pclose_error:
201 free(exec_out);
202 return 0;
203 } else if (ret != 0) {
204 if (WIFEXITED(ret)) {
205 fr_strerror_printf("Command `%pV` exited with status %d",
206 fr_box_strvalue_len(fr_sbuff_start(exec_in), fr_sbuff_used(exec_in)),
207 WEXITSTATUS(ret));
208 } else if (WIFSIGNALED(ret)) {
209 fr_strerror_printf("Command `%pV` terminated by signal %d",
210 fr_box_strvalue_len(fr_sbuff_start(exec_in), fr_sbuff_used(exec_in)),
211 WTERMSIG(ret));
212 } else {
213 fr_strerror_printf("Command `%pV` terminated abnormally",
214 fr_box_strvalue_len(fr_sbuff_start(exec_in), fr_sbuff_used(exec_in)));
215 }
216 goto pclose_error;
217 }
218
219 /*
220 * Trim line endings
221 */
222 if (exec_out_len > 0 && exec_out[exec_out_len - 1] == '\n') exec_out[--exec_out_len] = '\0';
223 if (exec_out_len > 0 && exec_out[exec_out_len - 1] == '\r') exec_out[--exec_out_len] = '\0';
224
225 slen = fr_value_box_from_substr(vp, &vp->data, vp->da->type, vp->da,
226 &FR_SBUFF_IN(exec_out, exec_out_len), &value_parse_rules_single_quoted);
227 free(exec_out);
228 if (unlikely(slen < 0)) {
229 return 0; /* slen is parse position in the exec output*/
230 }
231
232 quote = '`';
233 }
234
235 if (slen < 0) {
236 fr_assert(slen >= -((ssize_t) 1 << 20));
237 return slen - (quote != 0);
238 }
239
240 if (quote && !fr_sbuff_next_if_char(&our_in, quote)) {
241 fr_strerror_const("Unterminated string");
242 return 0;
243 }
244
245 fr_assert(slen <= ((ssize_t) 1 << 20));
246
247 FR_SBUFF_SET_RETURN(in, &our_in);
248}
249
250/** Our version of a DA stack.
251 *
252 * @todo - add in whether or not we added / created the vp? maybe an edit list?
253 * and then we can clean up the unknown DAs, simply by talloc freeing the edit list.
254 */
255typedef struct {
256 int depth;
257 fr_dict_attr_t const *da[FR_DICT_MAX_TLV_STACK]; //!< parent for parsing
258 fr_pair_t *vp[FR_DICT_MAX_TLV_STACK]; //!< which VP we have created or found
259} legacy_da_stack_t;
260
261/** Parse a #fr_pair_list_t from a substring
262 *
263 * Syntax: ([raw.]|.)<name>[<.name>] op [(cast)] value...
264 *
265 * A "raw" prefix creates a raw attribute, which allows us to encode raw data which might be invalid for
266 * the given data type. Or if a "(cast)" is given, the value is parsed as the specified data type. Note
267 * that casts can only be to a "leaf" data type, and not to a structural type such as "tlv", "group",
268 * "struct", etc. The "(cast)" syntax can only be used for "raw" attributes, and not for attributes
269 * which are known. The "name" can be either a known attribute, or a numerical OID. Either way, the
270 * final attribute which is created is marked as "raw" or "unknown", and is encoded via the "raw" rules,
271 * and not as the known data type.
272 *
273 * If the first name begins with ".", then it is a _relative_ name. The attribute is created in the
274 * context of the most recently created "structural" data type.
275 *
276 * TBD - we have to determine what the heck that means...
277 *
278 * The "name" can be one or more names from the input dictionary. The names must be known, as numerical
279 * OIDs can only be used when the "raw" prefix is used.
280 *
281 * If there are multiple names (e.g. "foo.bar.baz"), then only the last name can be a "leaf" data
282 * type. All of the intermediate names must be "structural" data types.
283 *
284 * Depending on the input arguments, the operator can be a comparison operator (==, <=, etc.). Or, else
285 * it can be an assignment operator (=, +=). The "=" operator is used to assign, and the "+=" operator
286 * is used to append. No other assignment operators are permitted. Note that "+=" cannot be used with
287 * relative names (i.e. where the name begins with ".")
288 *
289 * The "value" can either be a "leaf" data type (e.g. number, IP address, etc.) or for "structural" data
290 * types it can be a sub-list. A sub-list is a set of attribute assignments which are surrounded by
291 * curly brackets "{...}". When a sub-list is specified, the contents must be either children of the
292 * parent attribute (for "tlv", "struct"), or children referenced by a "group", or internal attributes.
293 *
294 * If an intermediate "name" is an ALIAS, then the attributes are created / used as if all intermediate
295 * names were specified. i.e. ALIAS is a short-cut for names (think "soft link), but it does not change
296 * the hierarchy for normal attributes.
297 *
298 *
299 * Examples
300 * --------
301 *
302 * Name = value
303 * Leaf attributes.
304 * The value MUST be parsed as the leaf data type.
305 *
306 * Name = { children }
307 * Structural attributes.
308 * The children MUST be children of the parent.
309 * OR the children can be from the "internal" dictionary.
310 * OR for type 'group', children of the group reference (usually the dictionary root)
311 *
312 * raw.Name = 0xabcdef
313 * Raw attributes.
314 * The value MUST be a hex string.
315 *
316 * raw.Name = { children }
317 *
318 * @param[in] root where we start parsing from
319 * @param[in,out] relative where we left off, or where we should continue from
320 * @param[in] in input sbuff
321 * @return
322 * - <0 on error
323 * - 0 on no input
324 * - >0 on how many bytes of input we read
325 */
326fr_slen_t fr_pair_list_afrom_substr(fr_pair_parse_t const *root, fr_pair_parse_t *relative,
327 fr_sbuff_t *in)
328{
329 int i, components;
330 bool raw, was_unknown;
331 bool was_relative = false;
332 bool append;
333 bool keep_going;
334 fr_type_t raw_type;
335 fr_token_t op;
336 fr_slen_t slen;
337 fr_pair_t *vp;
338 fr_pair_parse_t my;
339 fr_sbuff_marker_t lhs_m, op_m, rhs_m;
340 fr_sbuff_t our_in = FR_SBUFF(in);
341 legacy_da_stack_t da_stack = {};
342
343 if (unlikely(!root->ctx)) {
344 fr_strerror_const("Missing input context (fr_pair_parse_t)");
345 return -1;
346 }
347
348 if (unlikely(!root->da)) {
349 fr_strerror_const("Missing namespace attribute");
350 return -1;
351 }
352
353 if (unlikely(!root->list)) {
354 fr_strerror_const("Missing list");
355 return -1;
356 }
357
358 fr_sbuff_adv_past_blank(&our_in, SIZE_MAX, NULL);
359
360 if (fr_sbuff_remaining(&our_in) == 0) return 0;
361
362 /*
363 * Boot strap the relative references from the root.
364 *
365 * The comparison operations are only used for internal tests, and should not be used by
366 * administrators. So we disallow them, unless the destination list is empty. This check
367 * prevents them from being used in administrative policies.
368 */
369 if (!relative->da) {
370 if (root->allow_compare && !fr_pair_list_empty(root->list)) {
371 fr_strerror_const("Attribute comparisons can only be used when the destination list is empty");
372 return -1;
373 }
374
375 *relative = *root;
376 }
377
378#define CLEAN_DA_STACK do { if (was_unknown) { \
379 for (i = 1; i < da_stack.depth; i++) { \
380 fr_dict_attr_unknown_free(&da_stack.da[i]); \
381 } } } while (0)
382
383
384redo:
385 raw = false;
386 raw_type = FR_TYPE_NULL;
387 relative->last_char = 0;
388 was_unknown = false;
389 vp = NULL;
390
391 fr_sbuff_adv_past_blank(&our_in, SIZE_MAX, NULL);
392
393 /*
394 * STEP 1: Figure out if we have relative or absolute attributes.
395 *
396 * Absolute attributes start from the root list / parent.
397 * Or, when there is no previous relative setting.
398 *
399 * Relative attributes start from the input list / parent.
400 *
401 * Once we decide where we start parsing from, all subsequent operations are on the "relative"
402 * structure.
403 */
404 if (!fr_sbuff_next_if_char(&our_in, '.')) {
405 *relative = *root;
406
407 append = !was_relative;
408 was_relative = false;
409
410 /*
411 * Be nice to people who expect to use '&' everywhere.
412 */
413 (void) fr_sbuff_next_if_char(&our_in, '&');
414
415 /*
416 * Raw attributes can only be at our root.
417 *
418 * "raw.foo" means that SOME component of the OID is raw. But the starting bits might be known.
419 *
420 * Raw attributes cannot be created in the internal namespace. But an internal group can
421 * contain raw protocol attributes.
422 */
423 if (fr_sbuff_is_str_literal(&our_in, "raw.")) {
424 fr_sbuff_advance(&our_in, 4);
425 goto is_raw;
426 }
427
428 } else if (relative->da->flags.is_root) {
429 fr_strerror_const("The '.Attribute' syntax cannot be used at the root of a dictionary");
430
431 error:
432 CLEAN_DA_STACK;
433 return fr_sbuff_error(&our_in);
434
435 } else if (relative->da->type == FR_TYPE_GROUP) {
436 fr_strerror_printf("The '.Attribute' syntax cannot be used with parent %s of data type 'group'",
437 relative->da->name);
438 goto error;
439
440 } else {
441 fr_assert(relative->ctx);
442 fr_assert(relative->list);
443
444 was_relative = true;
445 append = true;
446 }
447
448 /*
449 * If the input root is an unknown attribute, then forbid internal ones, and force everything
450 * else to be raw, too.
451 */
452 if (relative->da->flags.is_unknown) {
453 is_raw:
454 raw = true;
455 }
456
457 /*
458 * Raw internal attributes don't make sense. An internal group can contain raw protocol
459 * attributes, but the group is not raw.
460 */
461 if (raw && relative->da->flags.internal) {
462 fr_strerror_const("Cannot create internal attributes which are 'raw'");
463 goto error;
464 }
465
466 /*
467 * Set the LHS marker to be after any initial '.'
468 */
469 fr_sbuff_marker(&lhs_m, &our_in);
470
471 /*
472 * STEP 2: Find and check the operator.
473 *
474 * Skip over the attribute name. We need to get the operator _before_ creating the VPs.
475 */
476 components = 0;
477 do {
478 if (fr_sbuff_adv_past_allowed(&our_in, SIZE_MAX, fr_dict_attr_allowed_chars, NULL) == 0) break;
479 components++;
480 } while (fr_sbuff_next_if_char(&our_in, '.'));
481
482 /*
483 * Couldn't find anything.
484 */
485 if (!components) goto done;
486
487 fr_sbuff_marker(&op_m, &our_in);
488 fr_sbuff_adv_past_blank(&our_in, SIZE_MAX, NULL);
489
490 /*
491 * Look for the operator.
492 */
493 if (relative->allow_compare) {
494 fr_sbuff_out_by_longest_prefix(&slen, &op, pair_comparison_op_table, &our_in, T_INVALID);
495 if (op == T_INVALID) {
496 fr_strerror_const("Expecting operator");
497 goto error;
498 }
499
500 } else {
501 /*
502 * @todo - handle different operators ala v3?
503 * What is the difference between ":=" and "="? Perhaps nothing?
504 */
505 fr_sbuff_out_by_longest_prefix(&slen, &op, pair_assignment_op_table, &our_in, T_INVALID);
506 if (op == T_INVALID) {
507 fr_strerror_const("Expecting operator");
508 goto error;
509 }
510
511 /*
512 * += means "append"
513 * := menas "don't append".
514 */
515 if (op != T_OP_EQ) {
516 if (was_relative) {
517 fr_strerror_printf("The '.Attribute' syntax cannot be used along with the '%s' operator",
518 fr_tokens[op]);
519 goto error;
520 }
521 }
522
523 if (op == T_OP_ADD_EQ) {
524 append = true;
525 }
526
527 if (op == T_OP_SET) {
528 append = false;
529 }
530
531 op = T_OP_EQ;
532 }
533
534 /*
535 * Check the character after the operator. This check is only necessary to produce better error
536 * messages. i.e. We allow "=", but the user enters "==".
537 */
538 {
539 uint8_t c = fr_sbuff_char(&our_in, '\0');
540 static const bool invalid[UINT8_MAX + 1] = {
541 ['!'] = true, ['#'] = true, ['$'] = true, ['*'] = true,
542 ['+'] = true, ['-'] = true, ['/'] = true, ['<'] = true,
543 ['='] = true, ['>'] = true, ['?'] = true, ['|'] = true,
544 ['~'] = true,
545 };
546
547 if (c && invalid[c]) {
548 fr_strerror_printf("Invalid character '%c' after operator '%s'",
549 (char) c, fr_tokens[op]);
550 goto error;
551 }
552 }
553
554 /*
555 * Skip past whitespace, and set a marker at the RHS value. We do a quick peek at the value, to
556 * set the data type of the RHS. This allows us to parse raw TLVs.
557 */
558 fr_sbuff_adv_past_blank(&our_in, SIZE_MAX, NULL);
559
560 /*
561 * STEP 3: Try to guess the data type for "raw" attributes.
562 *
563 * If the attribute is raw, and the value of the attribute is 0x..., then we always force the raw
564 * type to be octets, even if the attribute is named and known. e.g. raw.Framed-IP-Address =
565 * 0x01.
566 *
567 * OR if the attribute is entirely unknown (and not a raw version of a known one), then we allow a
568 * cast which sets the data type.
569 */
570 if (raw) {
571 if (fr_sbuff_is_str_literal(&our_in, "0x")) {
572 raw_type = FR_TYPE_OCTETS;
573
574 } else if (fr_sbuff_next_if_char(&our_in, '(')) {
575 fr_sbuff_marker(&rhs_m, &our_in);
576
577 fr_sbuff_out_by_longest_prefix(&slen, &raw_type, fr_type_table, &our_in, FR_TYPE_NULL);
578
579 /*
580 * The input has to be a real (non-NULL) leaf. The input shouldn't be cast to a
581 * TLV. Instead, the value should just start with '{'.
582 */
583 if (!fr_type_is_leaf(raw_type)) {
584 fr_sbuff_set(&our_in, &rhs_m);
585 fr_strerror_const("Invalid data type in cast");
586 goto error;
587 }
588
589 if (!fr_sbuff_next_if_char(&our_in, ')')) {
590 fr_strerror_const("Missing ')' in cast");
591 goto error;
592 }
593
594 fr_sbuff_adv_past_blank(&our_in, SIZE_MAX, NULL);
595
596 } else if (fr_sbuff_is_char(&our_in, '{')) {
597 /*
598 * Raw attributes default to data type TLV.
599 */
600 raw_type = FR_TYPE_TLV;
601 append = false;
602 }
603 }
604
605 fr_sbuff_marker(&rhs_m, &our_in);
606
607 fr_sbuff_set(&our_in, &lhs_m);
608
609 /*
610 * That we know the data type, parse each OID component. We build the DA stack from top to bottom.
611 *
612 * 0 is our relative root. 1..N are the DAs that we find or create.
613 */
614 da_stack = (legacy_da_stack_t) {
615 .da = {
616 [0] = relative->da,
617 },
618 .depth = 1,
619 };
620
621 /*
622 * STEP 4: Re-parse the attributes, building up the da_stack of #fr_dict_attr_t that we will be
623 * using as parents.
624 */
625 for (i = 1; i <= components; i++, da_stack.depth++) {
626 fr_dict_attr_err_t err;
627 fr_dict_attr_t const *da = NULL;
628 fr_dict_attr_t const *da_unknown = NULL;
629 fr_dict_attr_t const *parent;
630 fr_dict_attr_t const *ref;
631 fr_type_t unknown_type;
632
633 if (da_stack.depth >= FR_DICT_MAX_TLV_STACK) {
634 fr_strerror_printf("Attributes are nested too deeply at \"%.*s\"",
635 (int) fr_sbuff_diff(&op_m, &lhs_m), fr_sbuff_current(&lhs_m));
636 goto error;
637 }
638
639 fr_sbuff_marker(&lhs_m, &our_in);
640
641 /*
642 * The fr_pair_t parent might be a group, in which case the fr_dict_attr_t parent will be
643 * different.
644 */
645 parent = da_stack.da[da_stack.depth - 1];
646 if (parent->type == FR_TYPE_GROUP) {
647 parent = fr_dict_attr_ref(parent);
648 fr_assert(parent != NULL);
649 }
650
651 /*
652 * Once we parse a completely unknown attribute, all of the rest of them have to be
653 * unknown, too. We cannot allow unknown TLVs to contain internal attributes, for
654 * example.
655 */
656 if (was_unknown) {
657 goto alloc_unknown;
658 }
659
660 /*
661 * Look up the name (or number). If it's found, life is easy. Otherwise, we jump
662 * through a bunch of hoops to see if we are changing dictionaries, or creating a raw OID
663 * from a number, etc.
664 */
665 slen = fr_dict_oid_component(&err, &da, parent, &our_in, &bareword_terminals);
666 if (err != FR_DICT_ATTR_OK) {
667 /*
668 * We were looking in the internal dictionary. Maybe this attribute is instead
669 * in the protocol dictionary?
670 */
671 if ((i == 1) && (relative->da->dict == relative->internal) && relative->dict) {
672 fr_assert(relative->dict != relative->internal);
673
674 /*
675 * Internal groups can be used to cache protocol data. Internal
676 * structural attributes cannot.
677 *
678 * @todo - this restriction makes sense, but maybe people want to do that
679 * anyways?
680 */
681 if (relative->da->type != FR_TYPE_GROUP) {
682 fr_strerror_printf("Internal attribute '%s' of data type '%s' cannot contain protocol attributes",
683 relative->da->name, fr_type_to_str(relative->da->type));
684 goto error;
685 }
686
687 slen = fr_dict_oid_component(&err, &da, fr_dict_root(relative->dict), &our_in, &bareword_terminals);
688 if (err == FR_DICT_ATTR_OK) {
689 ref = fr_dict_root(relative->dict);
690 goto found;
691 }
692 }
693
694 /*
695 * Try to parse the name from the internal namespace first, as this is the most
696 * likely case. Plus, if we parse the OIDs second, the errors for unknown
697 * attributes mention the protocol dictionary, and not the internal one.
698 *
699 * Raw attributes also cannot be created in the internal dictionary space.
700 */
701 if (!raw && relative->internal) {
702 /*
703 * If the current dictionary isn't internal, then look up the attribute
704 * in the internal dictionary.
705 *
706 * Buf if the current dictionary is internal, AND the internal type is
707 * GROUP, AND we we have a protocol dictionary, then allow an internal
708 * group to contain protocol attributes.
709 */
710 if (parent->dict != relative->internal) {
711 ref = fr_dict_root(relative->internal);
712
713 } else if ((da_stack.da[da_stack.depth - 1]->type == FR_TYPE_GROUP) && (root->da->dict != root->internal)) {
714 ref = fr_dict_root(root->da->dict);
715
716 } else {
717 /*
718 * Otherwise we are already in the internal dictionary, and the
719 * attribute was not found. So don't search for it again in the
720 * internal dictionary. And because we're in the internal
721 * dictionary, we don't allow raw attributes.
722 */
723 goto notfound;
724 }
725
726 slen = fr_dict_oid_component(&err, &da, ref, &our_in, &bareword_terminals);
727 if (err == FR_DICT_ATTR_OK) {
728 goto found;
729 }
730
731 goto notfound;
732 }
733
734 /*
735 * We didn't find anything, that's an error.
736 */
737 if (!raw) {
738 notfound:
739 fr_strerror_printf("Unknown attribute \"%.*s\" for parent \"%s\"",
740 (int) fr_sbuff_diff(&op_m, &our_in), fr_sbuff_current(&our_in),
741 da_stack.da[da_stack.depth - 1]->name);
742 goto error;
743 }
744
745 alloc_unknown:
746 /*
747 * We looked up raw.FOO, and FOO wasn't found. See if we can still parse it.
748 */
749 if (da_stack.da[da_stack.depth - 1]->type == FR_TYPE_GROUP) {
750 fr_strerror_printf("Cannot create 'raw' children in attribute %s of data type 'group'",
751 da_stack.da[da_stack.depth - 1]->name);
752 goto error;
753 }
754
755 /*
756 * Unknown attributes must be 'raw.1234'.
757 */
758 if (!fr_sbuff_is_digit(&our_in)) {
759 goto notfound;
760 }
761
762 /*
763 * Figure out the data type for unknown attributes. Intermediate attributes are
764 * structural. Only the final attribute is forced to "raw_type".
765 */
766 if (i < components) {
767 if (parent->type == FR_TYPE_VSA) {
768 unknown_type = FR_TYPE_VENDOR;
769 } else {
770 unknown_type = FR_TYPE_TLV;
771 }
772
773 } else if (raw_type == FR_TYPE_NULL) {
774 unknown_type = FR_TYPE_OCTETS;
775
776 } else if ((raw_type == FR_TYPE_TLV) && (parent->type == FR_TYPE_VSA)) {
777 /*
778 * We had previously parsed a known VSA, but this component is
779 * perhaps a numerical OID. Set the data type to VENDOR, so that
780 * the hierachy is correct.
781 */
782 unknown_type = FR_TYPE_VENDOR;
783
784 } else {
785 unknown_type = raw_type;
786 }
787
788 da_unknown = fr_dict_attr_unknown_afrom_oid(root->ctx, parent, &our_in, unknown_type);
789 if (!da_unknown) goto error;
790
791 da = da_unknown;
792 was_unknown = true;
793
794 goto next;
795 } /* huge block of "we didn't find a known attribute" */
796
797 /*
798 * We found the component. It MIGHT be an ALIAS which jumps down a few levels. Or, it
799 * might be a group which jumps back to the dictionary root. Or it may suddenly be an
800 * internal attribute.
801 *
802 * For an ALIAS, we need to add intermediate nodes up to the parent.
803 *
804 * For a GROUP, we need to add nodes up to the ref of the group.
805 *
806 * For internal attributes, we need to add nodes up to the root of the internal
807 * dictionary.
808 */
809 if (da->parent != parent) {
810 int j, diff;
811 fr_dict_attr_t const *up;
812
813 ref = parent;
814
815 found:
816 fr_assert(fr_dict_attr_common_parent(ref, da, true) == ref);
817
818 diff = da->depth - ref->depth;
819 fr_assert(diff >= 1);
820
821 diff--;
822
823 if ((da_stack.depth + diff) >= FR_DICT_MAX_TLV_STACK) {
824 fr_strerror_printf("Attributes are nested too deeply at \"%.*s\"",
825 (int) fr_sbuff_diff(&op_m, &lhs_m), fr_sbuff_current(&lhs_m));
826 goto error;
827 }
828
829 /*
830 * Go back up the da_stack, setting the parent.
831 */
832 up = da;
833 for (j = da_stack.depth + diff; j >= da_stack.depth; j--) {
834 da_stack.da[j] = up;
835 up = up->parent;
836 }
837
838 for (j = da_stack.depth; j <= da_stack.depth + diff; j++) {
839 fr_assert(da_stack.da[j] != NULL);
840 }
841
842 /*
843 * Record that we've added more attributes to the da_stack.
844 */
845 da_stack.depth += diff;
846 }
847
848 next:
849 /*
850 * Limit the data types that we can parse. This check is mainly to get better error
851 * messages.
852 */
853 switch (da->type) {
854 case FR_TYPE_GROUP:
855 if (raw && (raw_type != FR_TYPE_OCTETS)) {
856 fr_strerror_printf("Cannot create 'raw' attributes for data type '%s'", fr_type_to_str(da->type));
857 goto error;
858 }
859 break;
860
861 case FR_TYPE_STRUCTURAL_EXCEPT_GROUP:
862 case FR_TYPE_LEAF:
863 break;
864
865 default:
866 fr_strerror_printf("Invalid data type '%s'", fr_type_to_str(da->type));
867 goto error;
868 }
869
870 /*
871 * Everything until the last component must end with a '.', because otherwise there would
872 * be no next component.
873 */
874 if (i < components) {
875 if (!fr_sbuff_next_if_char(&our_in, '.')) {
876 fr_strerror_printf("Missing '.' at \"%.*s\"",
877 (int) fr_sbuff_diff(&op_m, &lhs_m), fr_sbuff_current(&lhs_m));
878 goto error;
879 }
880
881 /*
882 * Leaf attributes cannot appear in the middle of the OID list.
883 */
884 if (fr_type_is_leaf(da->type)) {
885 if (fr_dict_attr_is_key_field(da)) {
886 fr_strerror_printf("Please remove the reference to key field '%s' from the input string",
887 da->name);
888 } else {
889 fr_strerror_printf("Leaf attribute '%s' cannot have children", da->name);
890 }
891
892 goto error;
893 }
894
895 } else if (raw && !da->flags.is_unknown) {
896 /*
897 * Only the last component can be raw. If the attribute we found isn't unknown,
898 * then create an unknown DA from the known one.
899 *
900 * We have parsed the full OID tree, *and* found a known attribute. e.g. raw.Vendor-Specific = ...
901 *
902 * For some reason, we allow: raw.Vendor-Specific = { ... }
903 *
904 * But this is what we really want: raw.Vendor-Specific = 0xabcdef
905 */
906 if ((raw_type != FR_TYPE_OCTETS) && (raw_type != da->type)) {
907 /*
908 * @todo - because it breaks a lot of the encoders.
909 */
910 fr_strerror_printf("Cannot create raw attribute %s which changes data type from %s to %s",
911 da->name, fr_type_to_str(da->type), fr_type_to_str(raw_type));
912 fr_sbuff_set(&our_in, &lhs_m);
913 goto error;
914 }
915
916 da_unknown = fr_dict_attr_unknown_alloc(root->ctx, da, raw_type);
917 if (!da_unknown) goto error;
918
919 da = da_unknown;
920 was_unknown = true;
921 }
922
923 da_stack.da[da_stack.depth] = da;
924 }
925
926 /*
927 * at least [0]=root, [1]=da, [2]=NULL
928 */
929 if (da_stack.depth <= 1) {
930 fr_strerror_const("Internal sanity check failed on depth 1");
931 return fr_sbuff_error(&our_in);
932 }
933
934 if (da_stack.depth <= components) {
935 fr_strerror_const("Internal sanity check failed on depth 2");
936 return fr_sbuff_error(&our_in);
937 }
938
939 /*
940 * STEP 5: Reset the parser to the value, and double-check if it's what we expect.
941 */
942 fr_sbuff_set(&our_in, &rhs_m);
943
944 if (fr_type_is_structural(da_stack.da[da_stack.depth - 1]->type)) {
945 if (!fr_sbuff_is_char(&our_in, '{')) {
946 fr_strerror_printf("Group list for %s MUST start with '{'", da_stack.da[da_stack.depth - 1]->name);
947 goto error;
948 }
949
950 /*
951 * The fr_pair_validate() function doesn't support operators for structural attributes,
952 * so we forbid them here.
953 */
954 if (relative->allow_compare && (op != T_OP_EQ) && (op != T_OP_CMP_EQ)) {
955 fr_strerror_printf("Structural attribute '%s' must use '=' or '==' for comparisons",
956 da_stack.da[da_stack.depth - 1]->name);
957 goto error;
958 }
959
960 /*
961 * If we have "foo = { ... }", then we just create the attribute.
962 */
963 if (components == 1) append = (op != T_OP_EQ);
964 }
965
966#if 0
967 /*
968 * STEP 5.1: Flatten the hierarchy if necessary.
969 */
970 if ((relative->da->flags.allow_flat) && (da_stack.depth > 2)) {
971 da_stack.da[1] = da_stack.da[da_stack.depth - 1];
972
973 da_stack.depth = 2;
974 }
975#endif
976
977 /*
978 * STEP 6: Use the da_stack to either find or add intermediate #fr_pair_t.
979 */
980 my = *relative;
981 for (i = 1; i < da_stack.depth; i++) {
982 fr_dict_attr_t const *da;
983
984 da = da_stack.da[i];
985
986 /*
987 * When we have a full path that contains MEMBERs of a STRUCT, we need to check ordering.
988 * The children MUST be added in order. If we see a child that is out of order, then
989 * that means we need to start a new parent STRUCT.
990 */
991 if ((da->parent->type == FR_TYPE_STRUCT) && (i > 1)) {
992 fr_assert(da_stack.da[i - 1] == da->parent);
993 fr_assert(da_stack.vp[i - 1] != NULL);
994 fr_assert(my.ctx == da_stack.vp[i - 1]);
995
996 /*
997 * @todo - cache the last previous child that we added? Or maybe the DA of the
998 * last child?
999 */
1000 for (vp = fr_pair_list_tail(my.list);
1001 vp != NULL;
1002 vp = fr_pair_list_prev(my.list, vp)) {
1003 if (!vp->da->flags.internal) break;
1004 }
1005
1006 if (vp && (vp->da->attr > da->attr)) {
1007 fr_pair_t *parent = da_stack.vp[i - 2];
1008
1009 if (parent) {
1010 if (fr_pair_append_by_da(parent, &vp, &parent->vp_group, da->parent) < 0) {
1011 goto error;
1012 }
1013 } else {
1014 if (fr_pair_append_by_da(root->ctx, &vp, root->list, da->parent) < 0) {
1015 goto error;
1016 }
1017 }
1018
1019 vp->op = T_OP_EQ;
1020 PAIR_ALLOCED(vp);
1021 my.ctx = vp;
1022 my.list = &vp->vp_group;
1023 }
1024 }
1025
1026 /*
1027 * Everything up to the last entry must be structural.
1028 *
1029 * The last entry may be structural, or else it might be a leaf.
1030 */
1031 if (fr_type_is_structural(da->type)) {
1032 if (append) {
1033 vp = fr_pair_find_last_by_da(my.list, NULL, da);
1034 if (vp) goto update_relative;
1035 }
1036
1037 if (fr_pair_append_by_da(my.ctx, &vp, my.list, da) < 0) {
1038 goto error;
1039 }
1040
1041 vp->op = T_OP_EQ;
1042 PAIR_ALLOCED(vp);
1043
1044 update_relative:
1045 da_stack.vp[i] = vp;
1046
1047 my.ctx = vp;
1048 my.da = vp->da;
1049 my.list = &vp->vp_group;
1050 continue;
1051 }
1052
1053 /*
1054 * We're finally at the leaf attribute, which must be the last attribute.
1055 */
1056 fr_assert(i == (da_stack.depth - 1));
1057
1058 vp = fr_pair_afrom_da(my.ctx, da);
1059 if (!vp) goto error;
1060
1061 PAIR_ALLOCED(vp);
1062 vp->op = op;
1063 da_stack.vp[i] = vp;
1064 }
1065
1066 /*
1067 * Intermediate nodes always use the operator '='. The final one uses the assigned operator.
1068 */
1069 fr_assert(vp != NULL);
1070 fr_assert(vp->op != T_INVALID);
1071
1072 /*
1073 * STEP 7: Parse the value, recursing if necessary.
1074 *
1075 * @todo - do all kinds of cleanups if anything fails. TBH, this really needs the edit lists,
1076 * and that might be a bit much overhead for this code.
1077 */
1078 if (fr_type_is_structural(vp->da->type)) {
1079 fr_pair_parse_t child = (fr_pair_parse_t) {
1080 .allow_compare = root->allow_compare,
1081 .dict = root->dict,
1082 .internal = root->internal,
1083 };
1084
1085 if (!fr_sbuff_next_if_char(&our_in, '{')) {
1086 fr_strerror_printf("Child list for %s MUST start with '{'", vp->da->name);
1087 goto error;
1088 }
1089
1090 fr_assert(my.ctx == vp);
1091 fr_assert(my.da == vp->da);
1092 fr_assert(my.list == &vp->vp_group);
1093 my.allow_compare = root->allow_compare;
1094 my.end_of_list = true;
1095
1096 while (true) {
1097 fr_sbuff_adv_past_blank(&our_in, SIZE_MAX, NULL);
1098
1099 if (fr_sbuff_is_char(&our_in, '}')) {
1100 break;
1101 }
1102
1103 slen = fr_pair_list_afrom_substr(&my, &child, &our_in);
1104 if (!slen) break;
1105
1106 if (slen < 0) goto error;
1107 }
1108
1109 if (!fr_sbuff_next_if_char(&our_in, '}')) {
1110 fr_strerror_const("Failed to end list with '}'");
1111 goto error;
1112 }
1113
1114 /*
1115 * This structure was the last thing we parsed. The next thing starts from here.
1116 */
1117 *relative = my;
1118
1119 } else {
1120 slen = fr_pair_value_from_substr(root, vp, &our_in);
1121 if (slen <= 0) goto error;
1122
1123 fr_pair_append(my.list, vp);
1124 }
1125
1126 PAIR_VERIFY(vp);
1127
1128 CLEAN_DA_STACK;
1129
1130 fr_sbuff_adv_past_blank(&our_in, SIZE_MAX, NULL);
1131
1132 /*
1133 * STEP 8: See if we're done, or if we need to stop parsing this #fr_pair_t.
1134 *
1135 * Allow a limited set of characters after a value.
1136 *
1137 * It can be "," OR "CRLF" OR ",CRLF". But not anything else.
1138 */
1139 keep_going = false;
1140 if (fr_sbuff_next_if_char(&our_in, ',')) {
1141 fr_sbuff_adv_past_blank(&our_in, SIZE_MAX, NULL);
1142
1143 keep_going = true;
1144 relative->last_char = ',';
1145 }
1146
1147 /*
1148 * We hit the end of the parent list. There's no need to update "relative", we just return, and
1149 * let the caller end the list.
1150 *
1151 * Note that we allow trailing commas: Foo = { Bar = Baz, }
1152 *
1153 * We don't care about any trailing data.
1154 */
1155 if (relative->end_of_list && fr_sbuff_is_char(&our_in, '}')) {
1156 relative->last_char = '\0';
1157 goto done;
1158 }
1159
1160 if (relative->allow_crlf) {
1161 size_t len;
1162
1163 len = fr_sbuff_adv_past_allowed(&our_in, SIZE_MAX, sbuff_char_line_endings, NULL);
1164 if (len) {
1165 keep_going = true;
1166 if (!relative->last_char) relative->last_char = '\n';
1167 }
1168 }
1169
1170 /*
1171 * This is mainly for the detail file reader. We allow zeros as end of "attr op value". But we
1172 * also treat zeros as "don't keep going".
1173 */
1174 if (relative->allow_zeros) {
1175 while (fr_sbuff_next_if_char(&our_in, '\0')) {
1176 /* nothing */
1177 }
1178
1179 goto done;
1180 }
1181
1182 /*
1183 * There's no more input, we're done. Any next attributes will cause the input to be parsed from
1184 * the root again.
1185 */
1186 (void) fr_sbuff_extend(&our_in);
1187 if (!fr_sbuff_remaining(&our_in)) goto done;
1188
1189 /*
1190 * STEP 9: If we need to keep going, then set up the relative references based on what we've
1191 * done, and go back to start over again.
1192 *
1193 * The caller is responsible for checking whether or not we have too much data.
1194 */
1195 if (keep_going) {
1196 /*
1197 * Update the relative list for parsing the next pair.
1198 */
1199 if (fr_type_is_leaf(vp->da->type)) {
1200 fr_pair_t *parent;
1201
1202 parent = fr_pair_parent(vp);
1203 if (!parent) {
1204 *relative = *root;
1205
1206 } else {
1207 relative->ctx = parent;
1208 relative->da = parent->da;
1209 relative->list = &parent->vp_group;
1210 }
1211
1212 } else {
1213 relative->ctx = vp;
1214 relative->da = vp->da;
1215 relative->list = &vp->vp_group;
1216 }
1217
1218 goto redo;
1219 }
1220
1221 /*
1222 * STEP 10: Complain if we have unexpected input.
1223 *
1224 * We have more input, BUT we didn't have a comma or CRLF to explicitly finish the last pair we
1225 * read. That's a problem.
1226 */
1227 if (!relative->last_char) {
1228 size_t remaining;
1229
1230 remaining = fr_sbuff_remaining(&our_in);
1231
1232 if (remaining > 20) remaining = 20;
1233
1234 fr_strerror_printf("Unexpected text '%.*s ...' after value",
1235 (int) remaining, fr_sbuff_current(&our_in));
1236 return fr_sbuff_error(&our_in); /* da_stack has already been cleaned */
1237 }
1238
1239done:
1240 /*
1241 * STEP 11: Finally done.
1242 */
1243 FR_SBUFF_SET_RETURN(in, &our_in);
1244}
1245
1246/** Read valuepairs from the fp up to End-Of-File.
1247 *
1248 * @param[in] ctx for talloc
1249 * @param[in] dict to resolve attributes in.
1250 * @param[in,out] out where the parsed fr_pair_ts will be appended.
1251 * @param[in] fp to read valuepairs from.
1252 * @param[out] pfiledone true if file parsing complete;
1253 * @param[in] allow_exec Whether we allow `backtick` expansions.
1254 * @return
1255 * - 0 on success
1256 * - -1 on error
1257 */
1258int fr_pair_list_afrom_file(TALLOC_CTX *ctx, fr_dict_t const *dict, fr_pair_list_t *out, FILE *fp, bool *pfiledone, bool allow_exec)
1259{
1260 fr_pair_list_t tmp_list;
1261 fr_pair_parse_t root, relative;
1262 bool found = false;
1263 char buf[8192];
1264
1265 /*
1266 * Read all of the attributes on the current line.
1267 *
1268 * If we get nothing but an EOL, it's likely OK.
1269 */
1270 fr_pair_list_init(&tmp_list);
1271
1272 root = (fr_pair_parse_t) {
1273 .ctx = ctx,
1274 .da = fr_dict_root(dict),
1275 .list = &tmp_list,
1276 .dict = dict,
1277 .internal = fr_dict_internal(),
1278 .allow_crlf = true,
1279 .allow_compare = true,
1280 .allow_exec = allow_exec
1281 };
1282 relative = (fr_pair_parse_t) { };
1283
1284 while (fgets(buf, sizeof(buf), fp) != NULL) {
1285 /*
1286 * If we get a '\n' by itself, we assume that's
1287 * the end of that VP list.
1288 */
1289 if ((buf[0] == '\n') || (buf[0] == '\r')) {
1290 if (found) {
1291 *pfiledone = false;
1292 break;
1293 }
1294 continue;
1295 }
1296
1297 /*
1298 * Comments get ignored
1299 */
1300 if (buf[0] == '#') continue;
1301
1302 /*
1303 * Leave "relative" between calls, so that we can do:
1304 *
1305 * foo = {}
1306 * .bar = baz
1307 *
1308 * and get
1309 *
1310 * foo = { bar = baz }
1311 */
1312 if (fr_pair_list_afrom_substr(&root, &relative, &FR_SBUFF_IN_STR(buf)) < 0) {
1313 *pfiledone = false;
1314 fr_pair_list_free(&tmp_list);
1315 return -1;
1316 }
1317
1318 found = true;
1319 }
1320
1321#ifdef WITH_VERIFY_PTR
1322 fr_pair_list_verify(__FILE__, __LINE__, ctx, &tmp_list, true);
1323#endif
1324
1325 fr_pair_list_append(out, &tmp_list);
1326
1327 *pfiledone = true;
1328 return 0;
1329}
1330
1331
1332/** Move pairs from source list to destination list respecting operator
1333 *
1334 * @note This function does some additional magic that's probably not needed in most places. Consider using
1335 * radius_legacy_map_cmp() and radius_legacy_map_apply() instead.
1336 *
1337 * @note fr_pair_list_free should be called on the head of the source list to free
1338 * unmoved attributes (if they're no longer needed).
1339 *
1340 * @param[in,out] to destination list.
1341 * @param[in,out] from source list.
1342 * @param[in] op operator for list move.
1343 */
1344void fr_pair_list_move_op(fr_pair_list_t *to, fr_pair_list_t *from, fr_token_t op)
1345{
1346 fr_pair_t *vp, *next, *found;
1347 fr_pair_list_t head_append, head_prepend;
1348
1349 if (!to || fr_pair_list_empty(from)) return;
1350
1351 /*
1352 * We're editing the "to" list while we're adding new
1353 * attributes to it. We don't want the new attributes to
1354 * be edited, so we create an intermediate list to hold
1355 * them during the editing process.
1356 */
1357 fr_pair_list_init(&head_append);
1358
1359 /*
1360 * Any attributes that are requested to be prepended
1361 * are added to a temporary list here
1362 */
1363 fr_pair_list_init(&head_prepend);
1364
1365 /*
1366 * We're looping over the "from" list, moving some
1367 * attributes out, but leaving others in place.
1368 */
1369 for (vp = fr_pair_list_head(from); vp != NULL; vp = next) {
1370 PAIR_VERIFY(vp);
1371 next = fr_pair_list_next(from, vp);
1372
1373 /*
1374 * We never move Fall-Through.
1375 */
1376 if (fr_dict_attr_is_top_level(vp->da) && (vp->da->attr == FR_FALL_THROUGH) &&
1377 (fr_dict_by_da(vp->da) == fr_dict_internal())) {
1378 continue;
1379 }
1380
1381 /*
1382 * Unlike previous versions, we treat all other
1383 * attributes as normal. i.e. there's no special
1384 * treatment for passwords or Hint.
1385 */
1386
1387 switch (vp->op) {
1388 /*
1389 * Anything else are operators which
1390 * shouldn't occur. We ignore them, and
1391 * leave them in place.
1392 */
1393 default:
1394 continue;
1395
1396 /*
1397 * Add it to the "to" list, but only if
1398 * it doesn't already exist.
1399 */
1400 case T_OP_EQ:
1401 found = fr_pair_find_by_da(to, NULL, vp->da);
1402 if (!found) goto do_add;
1403 continue;
1404
1405 /*
1406 * Add it to the "to" list, and delete any attribute
1407 * of the same vendor/attr which already exists.
1408 */
1409 case T_OP_SET:
1410 found = fr_pair_find_by_da(to, NULL, vp->da);
1411 if (!found) goto do_add;
1412
1413 /*
1414 * Delete *all* matching attributes.
1415 */
1416 fr_pair_delete_by_da(to, found->da);
1417 goto do_add;
1418
1419 /*
1420 * Move it from the old list and add it
1421 * to the new list.
1422 */
1423 case T_OP_ADD_EQ:
1424 do_add:
1425 fr_pair_remove(from, vp);
1426 fr_pair_append(&head_append, vp);
1427 continue;
1428
1429 case T_OP_PREPEND:
1430 fr_pair_remove(from, vp);
1431 fr_pair_prepend(&head_prepend, vp);
1432 continue;
1433 }
1434 } /* loop over the "from" list. */
1435
1436 /*
1437 * If the op parameter was prepend, add the "new list
1438 * attributes first as those whose individual operator
1439 * is prepend should be prepended to the resulting list
1440 */
1441 if (op == T_OP_PREPEND) fr_pair_list_prepend(to, &head_append);
1442
1443 /*
1444 * If there are any items in the prepend list prepend
1445 * it to the "to" list
1446 */
1447 fr_pair_list_prepend(to, &head_prepend);
1448
1449 /*
1450 * If the op parameter was not prepend, take the "new"
1451 * list, and append it to the "to" list.
1452 */
1453 if (op != T_OP_PREPEND) fr_pair_list_append(to, &head_append);
1454
1455 fr_pair_list_free(from);
1456}
buffer
static int const char char buffer[256]
Definition acutest.h:578
RCSID
#define RCSID(id)
Definition build.h:487
L
#define L(_str)
Helper for initialising arrays of string literals.
Definition build.h:209
unlikely
#define unlikely(_x)
Definition build.h:383
NUM_ELEMENTS
#define NUM_ELEMENTS(_t)
Definition build.h:339
fr_dict_by_da
fr_dict_t const * fr_dict_by_da(fr_dict_attr_t const *da)
Attempt to locate the protocol dictionary containing an attribute.
Definition dict_util.c:2875
fr_dict_attr_common_parent
fr_dict_attr_t const * fr_dict_attr_common_parent(fr_dict_attr_t const *a, fr_dict_attr_t const *b, bool is_ancestor)
Find a common ancestor that two TLV type attributes share.
Definition dict_util.c:2315
err
static fr_slen_t err
Definition dict.h:884
fr_dict_attr_unknown_afrom_oid
static fr_dict_attr_t * fr_dict_attr_unknown_afrom_oid(TALLOC_CTX *ctx, fr_dict_attr_t const *parent, fr_sbuff_t *in, fr_type_t type)
Definition dict.h:620
fr_dict_attr_allowed_chars
bool const fr_dict_attr_allowed_chars[UINT8_MAX+1]
Characters allowed in a single dictionary attribute name.
Definition dict_util.c:64
fr_dict_attr_unknown_alloc
fr_dict_attr_t * fr_dict_attr_unknown_alloc(TALLOC_CTX *ctx, fr_dict_attr_t const *da, fr_type_t type))
Allocate an unknown DA.
Definition dict_unknown.c:250
fr_dict_root
fr_dict_attr_t const * fr_dict_root(fr_dict_t const *dict)
Return the root attribute of a dictionary.
Definition dict_util.c:2669
fr_dict_internal
fr_dict_t const * fr_dict_internal(void)
Definition dict_util.c:4938
fr_dict_attr_is_top_level
static bool fr_dict_attr_is_top_level(fr_dict_attr_t const *da)
Return true if this attribute is parented directly off the dictionary root.
Definition dict.h:811
FR_DICT_MAX_TLV_STACK
#define FR_DICT_MAX_TLV_STACK
Maximum TLV stack size.
Definition dict.h:519
fr_dict_attr_err_t
fr_dict_attr_err_t
Errors returned by attribute lookup functions.
Definition dict.h:319
FR_DICT_ATTR_OK
@ FR_DICT_ATTR_OK
No error.
Definition dict.h:320
fr_dict_oid_component
fr_slen_t fr_dict_oid_component(fr_dict_attr_err_t *err, fr_dict_attr_t const **out, fr_dict_attr_t const *parent, fr_sbuff_t *in, fr_sbuff_term_t const *tt))
Parse an OID component, resolving it to a defined attribute.
Definition dict_util.c:2494
fr_dict_attr_is_key_field
#define fr_dict_attr_is_key_field(_da)
Definition dict.h:172
in
static fr_slen_t in
Definition dict.h:884
fr_dict_attr_ref
static fr_dict_attr_t const * fr_dict_attr_ref(fr_dict_attr_t const *da)
Return the reference associated with a group type attribute.
Definition dict_ext.h:148
my
void fr_bio_shutdown & my
Definition fd_errno.h:70
free
free(array)
fr_sbuff_out_unescape_until
size_t fr_sbuff_out_unescape_until(fr_sbuff_t *out, fr_sbuff_t *in, size_t len, fr_sbuff_term_t const *tt, fr_sbuff_unescape_rules_t const *u_rules)
Definition merged_model.c:177
fr_type_t
fr_type_t
Definition merged_model.c:80
FR_TYPE_TLV
@ FR_TYPE_TLV
Contains nested attributes.
Definition merged_model.c:118
FR_TYPE_NULL
@ FR_TYPE_NULL
Invalid (uninitialised) attribute type.
Definition merged_model.c:81
FR_TYPE_STRUCT
@ FR_TYPE_STRUCT
like TLV, but without T or L, and fixed-width children
Definition merged_model.c:119
FR_TYPE_VENDOR
@ FR_TYPE_VENDOR
Attribute that represents a vendor in the attribute tree.
Definition merged_model.c:122
FR_TYPE_VSA
@ FR_TYPE_VSA
Vendor-Specific, for RADIUS attribute 26.
Definition merged_model.c:121
FR_TYPE_OCTETS
@ FR_TYPE_OCTETS
Raw octets.
Definition merged_model.c:84
FR_TYPE_GROUP
@ FR_TYPE_GROUP
A grouping of other attributes.
Definition merged_model.c:124
ssize_t
long int ssize_t
Definition merged_model.c:24
uint8_t
unsigned char uint8_t
Definition merged_model.c:30
fr_slen_t
ssize_t fr_slen_t
Definition merged_model.c:35
UINT8_MAX
#define UINT8_MAX
Definition merged_model.c:32
fr_dict_attr_t
Definition merged_model.c:133
fr_dict_t
Definition merged_model.c:198
fr_sbuff_t
Definition merged_model.c:37
fr_pair_append_by_da
int fr_pair_append_by_da(TALLOC_CTX *ctx, fr_pair_t **out, fr_pair_list_t *list, fr_dict_attr_t const *da)
Alloc a new fr_pair_t (and append)
Definition pair.c:1467
fr_pair_find_by_da
fr_pair_t * fr_pair_find_by_da(fr_pair_list_t const *list, fr_pair_t const *prev, fr_dict_attr_t const *da)
Find the first pair with a matching da.
Definition pair.c:703
fr_pair_append
int fr_pair_append(fr_pair_list_t *list, fr_pair_t *to_add)
Add a VP to the end of the list.
Definition pair.c:1348
fr_pair_delete_by_da
int fr_pair_delete_by_da(fr_pair_list_t *list, fr_dict_attr_t const *da)
Delete matching pairs from the specified list.
Definition pair.c:1692
fr_pair_parent
fr_pair_t * fr_pair_parent(fr_pair_t const *vp)
Return a pointer to the parent pair.
Definition pair.c:952
fr_pair_afrom_da
fr_pair_t * fr_pair_afrom_da(TALLOC_CTX *ctx, fr_dict_attr_t const *da)
Dynamically allocate a new attribute and assign a fr_dict_attr_t.
Definition pair.c:289
fr_pair_list_init
void fr_pair_list_init(fr_pair_list_t *list)
Initialise a pair list header.
Definition pair.c:46
fr_pair_prepend
int fr_pair_prepend(fr_pair_list_t *list, fr_pair_t *to_add)
Add a VP to the start of the list.
Definition pair.c:1317
fr_pair_find_last_by_da
fr_pair_t * fr_pair_find_last_by_da(fr_pair_list_t const *list, fr_pair_t const *prev, fr_dict_attr_t const *da)
Find the last pair with a matching da.
Definition pair.c:727
fr_pair_value_from_substr
static ssize_t fr_pair_value_from_substr(fr_pair_parse_t const *conf, fr_pair_t *vp, fr_sbuff_t *in)
Definition pair_legacy.c:105
bareword_unquoted
static fr_sbuff_parse_rules_t const bareword_unquoted
Definition pair_legacy.c:92
pair_assignment_op_table
static fr_table_num_sorted_t const pair_assignment_op_table[]
Definition pair_legacy.c:62
fr_pair_list_afrom_substr
fr_slen_t fr_pair_list_afrom_substr(fr_pair_parse_t const *root, fr_pair_parse_t *relative, fr_sbuff_t *in)
Parse a fr_pair_list_t from a substring.
Definition pair_legacy.c:326
fr_pair_list_afrom_file
int fr_pair_list_afrom_file(TALLOC_CTX *ctx, fr_dict_t const *dict, fr_pair_list_t *out, FILE *fp, bool *pfiledone, bool allow_exec)
Read valuepairs from the fp up to End-Of-File.
Definition pair_legacy.c:1258
fr_pair_list_move_op
void fr_pair_list_move_op(fr_pair_list_t *to, fr_pair_list_t *from, fr_token_t op)
Move pairs from source list to destination list respecting operator.
Definition pair_legacy.c:1344
legacy_da_stack_t::depth
int depth
Definition pair_legacy.c:256
pair_comparison_op_table_len
static size_t pair_comparison_op_table_len
Definition pair_legacy.c:84
legacy_da_stack_t::vp
fr_pair_t * vp[FR_DICT_MAX_TLV_STACK]
which VP we have created or found
Definition pair_legacy.c:258
CLEAN_DA_STACK
#define CLEAN_DA_STACK
legacy_da_stack_t::da
fr_dict_attr_t const * da[FR_DICT_MAX_TLV_STACK]
parent for parsing
Definition pair_legacy.c:257
pair_comparison_op_table
static fr_table_num_sorted_t const pair_comparison_op_table[]
Definition pair_legacy.c:69
bareword_terminals
static fr_sbuff_term_t const bareword_terminals
Definition pair_legacy.c:39
pair_assignment_op_table_len
static ssize_t pair_assignment_op_table_len
Definition pair_legacy.c:67
legacy_da_stack_t
Our version of a DA stack.
Definition pair_legacy.c:255
fr_pair_parse_t::ctx
TALLOC_CTX * ctx
Definition pair_legacy.h:43
fr_pair_parse_t::allow_crlf
bool allow_crlf
allow CRLF, and treat like comma
Definition pair_legacy.h:51
fr_pair_parse_t::allow_zeros
bool allow_zeros
allow '\0' as end of attribute
Definition pair_legacy.h:52
fr_pair_parse_t::dict
fr_dict_t const * dict
the protocol dictionary we use
Definition pair_legacy.h:47
fr_pair_parse_t::last_char
char last_char
last character we read - ',', ' ', or 0 for EOF
Definition pair_legacy.h:59
fr_pair_parse_t::list
fr_pair_list_t * list
list where output is placed
Definition pair_legacy.h:45
fr_pair_parse_t::end_of_list
bool end_of_list
do we expect an end of list '}' character?
Definition pair_legacy.h:60
fr_pair_parse_t::allow_compare
bool allow_compare
allow comparison operators
Definition pair_legacy.h:50
fr_pair_parse_t::da
fr_dict_attr_t const * da
root da to start parsing from
Definition pair_legacy.h:44
fr_pair_parse_t::internal
fr_dict_t const * internal
a cached pointer to the internal dictionary
Definition pair_legacy.h:48
fr_pair_parse_t
Definition pair_legacy.h:42
fr_assert
#define fr_assert(_expr)
Definition rad_assert.h:38
done
static bool done
Definition radclient.c:83
WIFEXITED
#define WIFEXITED(stat_val)
Definition radiusd.c:72
WEXITSTATUS
#define WEXITSTATUS(stat_val)
Definition radiusd.c:69
conf
static rs_t * conf
Definition radsniff.c:53
fr_sbuff_adv_past_allowed
size_t fr_sbuff_adv_past_allowed(fr_sbuff_t *sbuff, size_t len, bool const allowed[static UINT8_MAX+1], fr_sbuff_term_t const *tt)
Wind position past characters in the allowed set.
Definition sbuff.c:1805
sbuff_char_line_endings
bool const sbuff_char_line_endings[UINT8_MAX+1]
Definition sbuff.c:107
fr_sbuff_next_if_char
bool fr_sbuff_next_if_char(fr_sbuff_t *sbuff, char c)
Return true if the current char matches, and if it does, advance.
Definition sbuff.c:2116
fr_sbuff_start
#define fr_sbuff_start(_sbuff_or_marker)
fr_sbuff_out_by_longest_prefix
#define fr_sbuff_out_by_longest_prefix(_match_len, _out, _table, _sbuff, _def)
fr_sbuff_is_str_literal
#define fr_sbuff_is_str_literal(_sbuff, _str)
fr_sbuff_set
#define fr_sbuff_set(_dst, _src)
fr_sbuff_diff
#define fr_sbuff_diff(_a, _b)
FR_SBUFF_IN
#define FR_SBUFF_IN(_start, _len_or_end)
fr_sbuff_current
#define fr_sbuff_current(_sbuff_or_marker)
fr_sbuff_char
#define fr_sbuff_char(_sbuff_or_marker, _eob)
FR_SBUFF_TERMS
#define FR_SBUFF_TERMS(...)
Initialise a terminal structure with a list of sorted strings.
Definition sbuff.h:193
fr_sbuff_extend
#define fr_sbuff_extend(_sbuff_or_marker)
fr_sbuff_is_char
#define fr_sbuff_is_char(_sbuff_or_marker, _c)
FR_SBUFF_SET_RETURN
#define FR_SBUFF_SET_RETURN(_dst, _src)
fr_sbuff_is_digit
#define fr_sbuff_is_digit(_sbuff_or_marker)
FR_SBUFF_IN_STR
#define FR_SBUFF_IN_STR(_start)
fr_sbuff_error
#define fr_sbuff_error(_sbuff_or_marker)
FR_SBUFF
#define FR_SBUFF(_sbuff_or_marker)
fr_sbuff_adv_past_blank
#define fr_sbuff_adv_past_blank(_sbuff, _len, _tt)
fr_sbuff_advance
#define fr_sbuff_advance(_sbuff_or_marker, _len)
fr_sbuff_remaining
#define fr_sbuff_remaining(_sbuff_or_marker)
fr_sbuff_used
#define fr_sbuff_used(_sbuff_or_marker)
FR_SBUFF_TALLOC_THREAD_LOCAL
#define FR_SBUFF_TALLOC_THREAD_LOCAL(_out, _init, _max)
fr_sbuff_ptr_s
Definition sbuff.h:85
fr_sbuff_term_t
Set of terminal elements.
Definition merged_model.c:161
vp
fr_pair_t * vp
Definition state_machine.c:2293
pair_list_s
Definition pair.h:52
value_pair_s
Stores an attribute, a value and various bits of other data.
Definition pair.h:68
value_pair_s::da
fr_dict_attr_t const *_CONST da
Dictionary attribute defines the attribute number, vendor and type of the pair.
Definition pair.h:69
fr_syserror
char const * fr_syserror(int num)
Guaranteed to be thread-safe version of strerror.
Definition syserror.c:243
fr_table_num_sorted_t
An element in a lexicographically sorted array of name to num mappings.
Definition table.h:49
fr_tokens
char const * fr_tokens[T_TOKEN_LAST]
Definition token.c:79
fr_token_t
enum fr_token fr_token_t
T_INVALID
@ T_INVALID
Definition token.h:39
T_OP_CMP_TRUE
@ T_OP_CMP_TRUE
Definition token.h:104
T_OP_EQ
@ T_OP_EQ
Definition token.h:83
T_OP_SET
@ T_OP_SET
Definition token.h:84
T_OP_NE
@ T_OP_NE
Definition token.h:97
T_OP_ADD_EQ
@ T_OP_ADD_EQ
Definition token.h:69
T_OP_CMP_FALSE
@ T_OP_CMP_FALSE
Definition token.h:105
T_OP_REG_EQ
@ T_OP_REG_EQ
Definition token.h:102
T_OP_CMP_EQ
@ T_OP_CMP_EQ
Definition token.h:106
T_OP_LE
@ T_OP_LE
Definition token.h:100
T_OP_GE
@ T_OP_GE
Definition token.h:98
T_OP_GT
@ T_OP_GT
Definition token.h:99
T_OP_LT
@ T_OP_LT
Definition token.h:101
T_OP_REG_NE
@ T_OP_REG_NE
Definition token.h:103
T_OP_PREPEND
@ T_OP_PREPEND
Definition token.h:85
PAIR_ALLOCED
#define PAIR_ALLOCED(_x)
Definition pair.h:212
fr_pair_list_empty
bool fr_pair_list_empty(fr_pair_list_t const *list)
Is a valuepair list empty.
Definition pair_inline.c:124
PAIR_VERIFY
#define PAIR_VERIFY(_x)
Definition pair.h:204
fr_pair_list_next
fr_pair_t * fr_pair_list_next(fr_pair_list_t const *list, fr_pair_t const *item))
Get the next item in a valuepair list after a specific entry.
Definition pair_inline.c:69
fr_pair_list_tail
fr_pair_t * fr_pair_list_tail(fr_pair_list_t const *list)
Get the tail of a valuepair list.
Definition pair_inline.c:55
fr_pair_remove
fr_pair_t * fr_pair_remove(fr_pair_list_t *list, fr_pair_t *vp)
Remove fr_pair_t from a list without freeing.
Definition pair_inline.c:93
fr_pair_list_free
void fr_pair_list_free(fr_pair_list_t *list)
Free memory used by a valuepair list.
Definition pair_inline.c:112
fr_pair_list_append
void fr_pair_list_append(fr_pair_list_t *dst, fr_pair_list_t *src)
Appends a list of fr_pair_t from a temporary list to a destination list.
Definition pair_inline.c:181
fr_pair_list_prepend
void fr_pair_list_prepend(fr_pair_list_t *dst, fr_pair_list_t *src)
Move a list of fr_pair_t from a temporary list to the head of a destination list.
Definition pair_inline.c:194
fr_pair_list_prev
fr_pair_t * fr_pair_list_prev(fr_pair_list_t const *list, fr_pair_t const *item))
Get the previous item in a valuepair list before a specific entry.
Definition pair_inline.c:82
fr_pair_list_head
fr_pair_t * fr_pair_list_head(fr_pair_list_t const *list)
Get the head of a valuepair list.
Definition pair_inline.c:42
parent
static fr_slen_t parent
Definition pair.h:857
fr_strerror_printf
#define fr_strerror_printf(_fmt,...)
Log to thread local error buffer.
Definition strerror.h:64
fr_strerror_const
#define fr_strerror_const(_msg)
Definition strerror.h:223
fr_type_table
fr_table_num_ordered_t const fr_type_table[]
Map data types to names representing those types.
Definition types.c:31
FR_TYPE_STRUCTURAL_EXCEPT_GROUP
#define FR_TYPE_STRUCTURAL_EXCEPT_GROUP
Definition types.h:316
fr_type_is_structural
#define fr_type_is_structural(_x)
Definition types.h:393
fr_type_is_leaf
#define fr_type_is_leaf(_x)
Definition types.h:394
fr_type_to_str
static char const * fr_type_to_str(fr_type_t type)
Return a static string containing the type name.
Definition types.h:455
FR_TYPE_LEAF
#define FR_TYPE_LEAF
Definition types.h:318
value_parse_rules_single_quoted
fr_sbuff_parse_rules_t const value_parse_rules_single_quoted
Definition value.c:559
fr_value_unescape_backtick
fr_sbuff_unescape_rules_t fr_value_unescape_backtick
Definition value.c:323
value_parse_rules_double_quoted
fr_sbuff_parse_rules_t const value_parse_rules_double_quoted
Definition value.c:553
fr_value_box_from_substr
ssize_t fr_value_box_from_substr(TALLOC_CTX *ctx, fr_value_box_t *dst, fr_type_t dst_type, fr_dict_attr_t const *dst_enumv, fr_sbuff_t *in, fr_sbuff_parse_rules_t const *rules)
Convert string value to a fr_value_box_t type.
Definition value.c:5326
fr_box_strvalue_len
#define fr_box_strvalue_len(_val, _len)
Definition value.h:310
out
static size_t char ** out
Definition value.h:1025
Generated by   doxygen 1.9.8