The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
pair_legacy.c
Go to the documentation of this file.
1/*
2 * This library is free software; you can redistribute it and/or
3 * modify it under the terms of the GNU Lesser General Public
4 * License as published by the Free Software Foundation; either
5 * version 2.1 of the License, or (at your option) any later version.
6 *
7 * This library is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
10 * Lesser General Public License for more details.
11 *
12 * You should have received a copy of the GNU Lesser General Public
13 * License along with this library; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17/** AVP manipulation and search API
18 *
19 * @file src/lib/util/pair_legacy.c
20 *
21 * @copyright 2000,2006,2015 The FreeRADIUS server project
22 */
23RCSID("$Id: bd1d2a2c4335bee45c4f5c5ea4c2e5a44012efc2 $")
24
25#include <sys/wait.h>
26
27#include <freeradius-devel/util/dict.h>
28#include <freeradius-devel/util/pair.h>
29#include <freeradius-devel/util/pair_legacy.h>
30#include <freeradius-devel/util/proto.h>
31#include <freeradius-devel/util/regex.h>
32#include <freeradius-devel/util/syserror.h>
33#include <freeradius-devel/util/sbuff.h>
34#include <freeradius-devel/util/value.h>
35
36#include <freeradius-devel/protocol/radius/rfc2865.h>
37#include <freeradius-devel/protocol/freeradius/freeradius.internal.h>
38
39static fr_sbuff_term_t const bareword_terminals =
40 FR_SBUFF_TERMS(
41 L("\t"),
42 L("\n"),
43 L(" "),
44 L("!*"),
45 L("!="),
46 L("!~"),
47 L("&&"), /* Logical operator */
48 L(")"), /* Close condition/sub-condition */
49 L("+="),
50 L("-="),
51 L(":="),
52 L("<"),
53 L("<="),
54 L("=*"),
55 L("=="),
56 L("=~"),
57 L(">"),
58 L(">="),
59 L("||"), /* Logical operator */
60 );
61
62static fr_table_num_sorted_t const pair_assignment_op_table[] = {
63 { L("+="), T_OP_ADD_EQ },
64 { L(":="), T_OP_SET },
65 { L("="), T_OP_EQ },
66};
67static ssize_t pair_assignment_op_table_len = NUM_ELEMENTS(pair_assignment_op_table);
68
69static fr_table_num_sorted_t const pair_comparison_op_table[] = {
70 { L("!*"), T_OP_CMP_FALSE },
71 { L("!="), T_OP_NE },
72 { L("!~"), T_OP_REG_NE },
73 { L("+="), T_OP_ADD_EQ },
74 { L(":="), T_OP_SET },
75 { L("<"), T_OP_LT },
76 { L("<="), T_OP_LE },
77 { L("="), T_OP_EQ },
78 { L("=*"), T_OP_CMP_TRUE },
79 { L("=="), T_OP_CMP_EQ },
80 { L("=~"), T_OP_REG_EQ },
81 { L(">"), T_OP_GT },
82 { L(">="), T_OP_GE }
83};
84static size_t pair_comparison_op_table_len = NUM_ELEMENTS(pair_comparison_op_table);
85
86/*
87 * Stop parsing bare words at whitespace, comma, or end of list.
88 *
89 * Note that we don't allow escaping of bare words here, as that screws up parsing of raw attributes with
90 * 0x... prefixes.
91 */
92static fr_sbuff_parse_rules_t const bareword_unquoted = {
93 .terminals = &FR_SBUFF_TERMS(
94 L(""),
95 L("\t"),
96 L("\n"),
97 L("\r"),
98 L(" "),
99 L(","),
100 L("}")
101 )
102};
103
104
105static ssize_t fr_pair_value_from_substr(fr_pair_parse_t const *conf, fr_pair_t *vp, fr_sbuff_t *in)
106{
107 fr_sbuff_t our_in = FR_SBUFF(in);
108 char quote;
109 ssize_t slen;
110 fr_sbuff_parse_rules_t const *rules;
111
112 if (fr_sbuff_next_if_char(&our_in, '"')) {
113 rules = &value_parse_rules_double_quoted;
114 quote = '"';
115 parse:
116 slen = fr_value_box_from_substr(vp, &vp->data, vp->da->type, vp->da, &our_in, rules);
117 } else if (fr_sbuff_next_if_char(&our_in, '\'')) {
118 rules = &value_parse_rules_single_quoted;
119 quote = '\'';
120 goto parse;
121 } else if (!fr_sbuff_next_if_char(&our_in, '`')) {
122 quote = '\0';
123 rules = &bareword_unquoted;
124 goto parse;
125 /*
126 * We _sometimes_ support backticks, depending on the
127 * source of the data. This should ONLY be used on
128 * trusted input, like config files.
129 *
130 * We don't impose arbitrary limits on exec input or
131 * output, as AGAIN this should only be used on trusted
132 * input.
133 *
134 * Only the first line of output from the process is used,
135 * and no escape sequences in the output are processed.
136 */
137 } else {
138 fr_sbuff_t *exec_in;
139 size_t exec_out_buff_len = 0;
140 ssize_t exec_out_len;
141 char *exec_out = NULL;
142 FILE *fp;
143 int ret;
144
145 if (!conf->allow_exec) {
146 fr_strerror_const("Backticks are not supported here");
147 return 0;
148 }
149
150 /*
151 * Should only be used for trusted resources, so no artificial limits
152 */
153 FR_SBUFF_TALLOC_THREAD_LOCAL(&exec_in, 1024, SIZE_MAX);
154 (void)fr_sbuff_out_unescape_until(exec_in, &our_in, SIZE_MAX, &FR_SBUFF_TERMS(L("`")), &fr_value_unescape_backtick);
155 /*
156 * Don't exec if we know we're going to fail
157 */
158 if (!fr_sbuff_is_char(&our_in, '`')) {
159 fr_strerror_const("Unterminated backtick string");
160 return 0;
161 }
162
163 fp = popen(fr_sbuff_start(exec_in), "r");
164 if (!fp) {
165 fr_strerror_printf("Cannot execute command `%pV`: %s",
166 fr_box_strvalue_len(fr_sbuff_start(exec_in), fr_sbuff_used(exec_in)),
167 fr_syserror(errno));
168 return 0;
169 }
170
171 errno = 0; /* If we get EOF immediately, we don't want to emit spurious errors */
172 exec_out_len = getline(&exec_out, &exec_out_buff_len, fp);
173 if ((exec_out_len < 0) || (exec_out == NULL)) { /* defensive */
174 fr_strerror_printf("Cannot read output from command `%pV`: %s",
175 fr_box_strvalue_len(fr_sbuff_start(exec_in), fr_sbuff_used(exec_in)),
176 fr_syserror(errno));
177 pclose(fp);
178 return 0;
179 }
180
181 /*
182 * Protect against child writing too much data to stdout,
183 * blocking, and never exiting.
184 *
185 * This is likely overly cautious for this particular use
186 * case, but it doesn't hurt.
187 */
188 {
189 char buffer[128];
190
191 while (fread(buffer, 1, sizeof(buffer), fp) > 0) { /* discard */ }
192 }
193
194 errno = 0; /* ensure we don't have stale errno */
195 ret = pclose(fp);
196 if (ret < 0) {
197 fr_strerror_printf("Error waiting for command `%pV` to finish: %s",
198 fr_box_strvalue_len(fr_sbuff_start(exec_in), fr_sbuff_used(exec_in)),
199 fr_syserror(errno));
200 pclose_error:
201 free(exec_out);
202 return 0;
203 } else if (ret != 0) {
204 if (WIFEXITED(ret)) {
205 fr_strerror_printf("Command `%pV` exited with status %d",
206 fr_box_strvalue_len(fr_sbuff_start(exec_in), fr_sbuff_used(exec_in)),
207 WEXITSTATUS(ret));
208 } else if (WIFSIGNALED(ret)) {
209 fr_strerror_printf("Command `%pV` terminated by signal %d",
210 fr_box_strvalue_len(fr_sbuff_start(exec_in), fr_sbuff_used(exec_in)),
211 WTERMSIG(ret));
212 } else {
213 fr_strerror_printf("Command `%pV` terminated abnormally",
214 fr_box_strvalue_len(fr_sbuff_start(exec_in), fr_sbuff_used(exec_in)));
215 }
216 goto pclose_error;
217 }
218
219 /*
220 * Trim line endings
221 */
222 if (exec_out_len > 0 && exec_out[exec_out_len - 1] == '\n') exec_out[--exec_out_len] = '\0';
223 if (exec_out_len > 0 && exec_out[exec_out_len - 1] == '\r') exec_out[--exec_out_len] = '\0';
224
225 slen = fr_value_box_from_substr(vp, &vp->data, vp->da->type, vp->da,
226 &FR_SBUFF_IN(exec_out, exec_out_len), &value_parse_rules_single_quoted);
227 free(exec_out);
228 if (unlikely(slen < 0)) {
229 return 0; /* slen is parse position in the exec output*/
230 }
231
232 quote = '`';
233 }
234
235 if (slen < 0) {
236 fr_assert(slen >= -((ssize_t) 1 << 20));
237 return slen - (quote != 0);
238 }
239
240 if (quote && !fr_sbuff_next_if_char(&our_in, quote)) {
241 fr_strerror_const("Unterminated string");
242 return 0;
243 }
244
245 fr_assert(slen <= ((ssize_t) 1 << 20));
246
247 FR_SBUFF_SET_RETURN(in, &our_in);
248}
249
250/** Our version of a DA stack.
251 *
252 * @todo - add in whether or not we added / created the vp? maybe an edit list?
253 * and then we can clean up the unknown DAs, simply by talloc freeing the edit list.
254 */
255typedef struct {
256 int depth;
257 fr_dict_attr_t const *da[FR_DICT_MAX_TLV_STACK]; //!< parent for parsing
258 fr_pair_t *vp[FR_DICT_MAX_TLV_STACK]; //!< which VP we have created or found
259} legacy_da_stack_t;
260
261/** Parse a #fr_pair_list_t from a substring
262 *
263 * Syntax: ([raw.]|.)<name>[<.name>] op [(cast)] value...
264 *
265 * A "raw" prefix creates a raw attribute, which allows us to encode raw data which might be invalid for
266 * the given data type. Or if a "(cast)" is given, the value is parsed as the specified data type. Note
267 * that casts can only be to a "leaf" data type, and not to a structural type such as "tlv", "group",
268 * "struct", etc. The "(cast)" syntax can only be used for "raw" attributes, and not for attributes
269 * which are known. The "name" can be either a known attribute, or a numerical OID. Either way, the
270 * final attribute which is created is marked as "raw" or "unknown", and is encoded via the "raw" rules,
271 * and not as the known data type.
272 *
273 * If the first name begins with ".", then it is a _relative_ name. The attribute is created in the
274 * context of the most recently created "structural" data type.
275 *
276 * TBD - we have to determine what the heck that means...
277 *
278 * The "name" can be one or more names from the input dictionary. The names must be known, as numerical
279 * OIDs can only be used when the "raw" prefix is used.
280 *
281 * If there are multiple names (e.g. "foo.bar.baz"), then only the last name can be a "leaf" data
282 * type. All of the intermediate names must be "structural" data types.
283 *
284 * Depending on the input arguments, the operator can be a comparison operator (==, <=, etc.). Or, else
285 * it can be an assignment operator (=, +=). The "=" operator is used to assign, and the "+=" operator
286 * is used to append. No other assignment operators are permitted. Note that "+=" cannot be used with
287 * relative names (i.e. where the name begins with ".")
288 *
289 * The "value" can either be a "leaf" data type (e.g. number, IP address, etc.) or for "structural" data
290 * types it can be a sub-list. A sub-list is a set of attribute assignments which are surrounded by
291 * curly brackets "{...}". When a sub-list is specified, the contents must be either children of the
292 * parent attribute (for "tlv", "struct"), or children referenced by a "group", or internal attributes.
293 *
294 * If an intermediate "name" is an ALIAS, then the attributes are created / used as if all intermediate
295 * names were specified. i.e. ALIAS is a short-cut for names (think "soft link), but it does not change
296 * the hierarchy for normal attributes.
297 *
298 *
299 * Examples
300 * --------
301 *
302 * Name = value
303 * Leaf attributes.
304 * The value MUST be parsed as the leaf data type.
305 *
306 * Name = { children }
307 * Structural attributes.
308 * The children MUST be children of the parent.
309 * OR the children can be from the "internal" dictionary.
310 * OR for type 'group', children of the group reference (usually the dictionary root)
311 *
312 * raw.Name = 0xabcdef
313 * Raw attributes.
314 * The value MUST be a hex string.
315 *
316 * raw.Name = { children }
317 *
318 * @param[in] root where we start parsing from
319 * @param[in,out] relative where we left off, or where we should continue from
320 * @param[in] in input sbuff
321 * @return
322 * - <0 on error
323 * - 0 on no input
324 * - >0 on how many bytes of input we read
325 */
326fr_slen_t fr_pair_list_afrom_substr(fr_pair_parse_t const *root, fr_pair_parse_t *relative,
327 fr_sbuff_t *in)
328{
329 int i, components;
330 bool raw, was_unknown;
331 bool was_relative = false;
332 bool append;
333 bool keep_going;
334 fr_type_t raw_type;
335 fr_token_t op;
336 fr_slen_t slen;
337 fr_pair_t *vp;
338 fr_pair_parse_t my;
339 fr_sbuff_marker_t lhs_m, op_m, rhs_m;
340 fr_sbuff_t our_in = FR_SBUFF(in);
341 legacy_da_stack_t da_stack = {};
342
343 if (unlikely(!root->ctx)) {
344 fr_strerror_const("Missing input context (fr_pair_parse_t)");
345 return -1;
346 }
347
348 if (unlikely(!root->da)) {
349 fr_strerror_const("Missing namespace attribute");
350 return -1;
351 }
352
353 if (unlikely(!root->list)) {
354 fr_strerror_const("Missing list");
355 return -1;
356 }
357
358 fr_sbuff_adv_past_blank(&our_in, SIZE_MAX, NULL);
359
360 if (fr_sbuff_remaining(&our_in) == 0) return 0;
361
362 /*
363 * Boot strap the relative references from the root.
364 *
365 * The comparison operations are only used for internal tests, and should not be used by
366 * administrators. So we disallow them, unless the destination list is empty. This check
367 * prevents them from being used in administrative policies.
368 */
369 if (!relative->da) {
370 if (root->allow_compare && !fr_pair_list_empty(root->list)) {
371 fr_strerror_const("Attribute comparisons can only be used when the destination list is empty");
372 return -1;
373 }
374
375 *relative = *root;
376 }
377
378#define CLEAN_DA_STACK do { if (was_unknown) { \
379 for (i = 1; i < da_stack.depth; i++) { \
380 fr_dict_attr_unknown_free(&da_stack.da[i]); \
381 } } } while (0)
382
383
384redo:
385 raw = false;
386 raw_type = FR_TYPE_NULL;
387 relative->last_char = 0;
388 was_unknown = false;
389 vp = NULL;
390
391 fr_sbuff_adv_past_blank(&our_in, SIZE_MAX, NULL);
392
393 /*
394 * STEP 1: Figure out if we have relative or absolute attributes.
395 *
396 * Absolute attributes start from the root list / parent.
397 * Or, when there is no previous relative setting.
398 *
399 * Relative attributes start from the input list / parent.
400 *
401 * Once we decide where we start parsing from, all subsequent operations are on the "relative"
402 * structure.
403 */
404 if (!fr_sbuff_next_if_char(&our_in, '.')) {
405 *relative = *root;
406
407 append = !was_relative;
408 was_relative = false;
409
410 /*
411 * Be nice to people who expect to use '&' everywhere.
412 */
413 (void) fr_sbuff_next_if_char(&our_in, '&');
414
415 /*
416 * Raw attributes can only be at our root.
417 *
418 * "raw.foo" means that SOME component of the OID is raw. But the starting bits might be known.
419 *
420 * Raw attributes cannot be created in the internal namespace. But an internal group can
421 * contain raw protocol attributes.
422 */
423 if (fr_sbuff_is_str_literal(&our_in, "raw.")) {
424 fr_sbuff_advance(&our_in, 4);
425 goto is_raw;
426 }
427
428 } else if (relative->da->flags.is_root) {
429 fr_strerror_const("The '.Attribute' syntax cannot be used at the root of a dictionary");
430
431 error:
432 CLEAN_DA_STACK;
433 return fr_sbuff_error(&our_in);
434
435 } else if (relative->da->type == FR_TYPE_GROUP) {
436 fr_strerror_printf("The '.Attribute' syntax cannot be used with parent %s of data type 'group'",
437 relative->da->name);
438 goto error;
439
440 } else {
441 fr_assert(relative->ctx);
442 fr_assert(relative->list);
443
444 was_relative = true;
445 append = true;
446 }
447
448 /*
449 * If the input root is an unknown attribute, then forbid internal ones, and force everything
450 * else to be raw, too.
451 */
452 if (relative->da->flags.is_unknown) {
453 is_raw:
454 raw = true;
455 }
456
457 /*
458 * Raw internal attributes don't make sense. An internal group can contain raw protocol
459 * attributes, but the group is not raw.
460 */
461 if (raw && relative->da->flags.internal) {
462 fr_strerror_const("Cannot create internal attributes which are 'raw'");
463 goto error;
464 }
465
466 /*
467 * Set the LHS marker to be after any initial '.'
468 */
469 fr_sbuff_marker(&lhs_m, &our_in);
470
471 /*
472 * STEP 2: Find and check the operator.
473 *
474 * Skip over the attribute name. We need to get the operator _before_ creating the VPs.
475 */
476 components = 0;
477 do {
478 if (fr_sbuff_adv_past_allowed(&our_in, SIZE_MAX, fr_dict_attr_allowed_chars, NULL) == 0) break;
479 components++;
480 } while (fr_sbuff_next_if_char(&our_in, '.'));
481
482 /*
483 * Couldn't find anything.
484 */
485 if (!components) goto done;
486
487 fr_sbuff_marker(&op_m, &our_in);
488 fr_sbuff_adv_past_blank(&our_in, SIZE_MAX, NULL);
489
490 /*
491 * Look for the operator.
492 */
493 if (relative->allow_compare) {
494 fr_sbuff_out_by_longest_prefix(&slen, &op, pair_comparison_op_table, &our_in, T_INVALID);
495 if (op == T_INVALID) {
496 fr_strerror_const("Expecting operator");
497 goto error;
498 }
499
500 /*
501 * People can use this, but it doesn't mean anything.
502 */
503 if (op == T_OP_SET) op = T_OP_EQ;
504
505 } else {
506 /*
507 * @todo - handle different operators ala v3?
508 * What is the difference between ":=" and "="? Perhaps nothing?
509 */
510 fr_sbuff_out_by_longest_prefix(&slen, &op, pair_assignment_op_table, &our_in, T_INVALID);
511 if (op == T_INVALID) {
512 fr_strerror_const("Expecting operator");
513 goto error;
514 }
515
516 /*
517 * += means "append"
518 * := menas "don't append".
519 */
520 if (op != T_OP_EQ) {
521 if (was_relative) {
522 fr_strerror_printf("The '.Attribute' syntax cannot be used along with the '%s' operator",
523 fr_tokens[op]);
524 goto error;
525 }
526 }
527
528 if (op == T_OP_ADD_EQ) {
529 append = true;
530 }
531
532 if (op == T_OP_SET) {
533 append = false;
534 }
535
536 op = T_OP_EQ;
537 }
538
539 /*
540 * Check the character after the operator. This check is only necessary to produce better error
541 * messages. i.e. We allow "=", but the user enters "==".
542 */
543 {
544 uint8_t c = fr_sbuff_char(&our_in, '\0');
545 static const bool invalid[UINT8_MAX + 1] = {
546 ['!'] = true, ['#'] = true, ['$'] = true, ['*'] = true,
547 ['+'] = true, ['-'] = true, ['/'] = true, ['<'] = true,
548 ['='] = true, ['>'] = true, ['?'] = true, ['|'] = true,
549 ['~'] = true,
550 };
551
552 if (c && invalid[c]) {
553 fr_strerror_printf("Invalid character '%c' after operator '%s'",
554 (char) c, fr_tokens[op]);
555 goto error;
556 }
557 }
558
559 /*
560 * Skip past whitespace, and set a marker at the RHS value. We do a quick peek at the value, to
561 * set the data type of the RHS. This allows us to parse raw TLVs.
562 */
563 fr_sbuff_adv_past_blank(&our_in, SIZE_MAX, NULL);
564
565 /*
566 * STEP 3: Try to guess the data type for "raw" attributes.
567 *
568 * If the attribute is raw, and the value of the attribute is 0x..., then we always force the raw
569 * type to be octets, even if the attribute is named and known. e.g. raw.Framed-IP-Address =
570 * 0x01.
571 *
572 * OR if the attribute is entirely unknown (and not a raw version of a known one), then we allow a
573 * cast which sets the data type.
574 */
575 if (raw) {
576 if (fr_sbuff_is_str_literal(&our_in, "0x")) {
577 raw_type = FR_TYPE_OCTETS;
578
579 } else if (fr_sbuff_next_if_char(&our_in, '(')) {
580 fr_sbuff_marker(&rhs_m, &our_in);
581
582 fr_sbuff_out_by_longest_prefix(&slen, &raw_type, fr_type_table, &our_in, FR_TYPE_NULL);
583
584 /*
585 * The input has to be a real (non-NULL) leaf. The input shouldn't be cast to a
586 * TLV. Instead, the value should just start with '{'.
587 */
588 if (!fr_type_is_leaf(raw_type)) {
589 fr_sbuff_set(&our_in, &rhs_m);
590 fr_strerror_const("Invalid data type in cast");
591 goto error;
592 }
593
594 if (!fr_sbuff_next_if_char(&our_in, ')')) {
595 fr_strerror_const("Missing ')' in cast");
596 goto error;
597 }
598
599 fr_sbuff_adv_past_blank(&our_in, SIZE_MAX, NULL);
600
601 } else if (fr_sbuff_is_char(&our_in, '{')) {
602 /*
603 * Raw attributes default to data type TLV.
604 */
605 raw_type = FR_TYPE_TLV;
606 append = false;
607 }
608 }
609
610 fr_sbuff_marker(&rhs_m, &our_in);
611
612 fr_sbuff_set(&our_in, &lhs_m);
613
614 /*
615 * That we know the data type, parse each OID component. We build the DA stack from top to bottom.
616 *
617 * 0 is our relative root. 1..N are the DAs that we find or create.
618 */
619 da_stack = (legacy_da_stack_t) {
620 .da = {
621 [0] = relative->da,
622 },
623 .depth = 1,
624 };
625
626 /*
627 * STEP 4: Re-parse the attributes, building up the da_stack of #fr_dict_attr_t that we will be
628 * using as parents.
629 */
630 for (i = 1; i <= components; i++, da_stack.depth++) {
631 fr_dict_attr_err_t err;
632 fr_dict_attr_t const *da = NULL;
633 fr_dict_attr_t const *da_unknown = NULL;
634 fr_dict_attr_t const *parent;
635 fr_dict_attr_t const *ref;
636 fr_type_t unknown_type;
637
638 if (da_stack.depth >= FR_DICT_MAX_TLV_STACK) {
639 fr_strerror_printf("Attributes are nested too deeply at \"%.*s\"",
640 (int) fr_sbuff_diff(&op_m, &lhs_m), fr_sbuff_current(&lhs_m));
641 goto error;
642 }
643
644 fr_sbuff_marker(&lhs_m, &our_in);
645
646 /*
647 * The fr_pair_t parent might be a group, in which case the fr_dict_attr_t parent will be
648 * different.
649 */
650 parent = da_stack.da[da_stack.depth - 1];
651 if (parent->type == FR_TYPE_GROUP) {
652 parent = fr_dict_attr_ref(parent);
653 fr_assert(parent != NULL);
654 }
655
656 /*
657 * Once we parse a completely unknown attribute, all of the rest of them have to be
658 * unknown, too. We cannot allow unknown TLVs to contain internal attributes, for
659 * example.
660 */
661 if (was_unknown) {
662 goto alloc_unknown;
663 }
664
665 /*
666 * Look up the name (or number). If it's found, life is easy. Otherwise, we jump
667 * through a bunch of hoops to see if we are changing dictionaries, or creating a raw OID
668 * from a number, etc.
669 */
670 slen = fr_dict_oid_component(&err, &da, parent, &our_in, &bareword_terminals);
671 if (err != FR_DICT_ATTR_OK) {
672 /*
673 * We were looking in the internal dictionary. Maybe this attribute is instead
674 * in the protocol dictionary?
675 */
676 if ((i == 1) && (relative->da->dict == relative->internal) && relative->dict) {
677 fr_assert(relative->dict != relative->internal);
678
679 /*
680 * Internal groups can be used to cache protocol data. Internal
681 * structural attributes cannot.
682 *
683 * @todo - this restriction makes sense, but maybe people want to do that
684 * anyways?
685 */
686 if (relative->da->type != FR_TYPE_GROUP) {
687 fr_strerror_printf("Internal attribute '%s' of data type '%s' cannot contain protocol attributes",
688 relative->da->name, fr_type_to_str(relative->da->type));
689 goto error;
690 }
691
692 slen = fr_dict_oid_component(&err, &da, fr_dict_root(relative->dict), &our_in, &bareword_terminals);
693 if (err == FR_DICT_ATTR_OK) {
694 ref = fr_dict_root(relative->dict);
695 goto found;
696 }
697 }
698
699 /*
700 * Try to parse the name from the internal namespace first, as this is the most
701 * likely case. Plus, if we parse the OIDs second, the errors for unknown
702 * attributes mention the protocol dictionary, and not the internal one.
703 *
704 * Raw attributes also cannot be created in the internal dictionary space.
705 */
706 if (!raw && relative->internal) {
707 /*
708 * If the current dictionary isn't internal, then look up the attribute
709 * in the internal dictionary.
710 *
711 * Buf if the current dictionary is internal, AND the internal type is
712 * GROUP, AND we we have a protocol dictionary, then allow an internal
713 * group to contain protocol attributes.
714 */
715 if (parent->dict != relative->internal) {
716 ref = fr_dict_root(relative->internal);
717
718 } else if ((da_stack.da[da_stack.depth - 1]->type == FR_TYPE_GROUP) && (root->da->dict != root->internal)) {
719 ref = fr_dict_root(root->da->dict);
720
721 } else {
722 /*
723 * Otherwise we are already in the internal dictionary, and the
724 * attribute was not found. So don't search for it again in the
725 * internal dictionary. And because we're in the internal
726 * dictionary, we don't allow raw attributes.
727 */
728 goto notfound;
729 }
730
731 slen = fr_dict_oid_component(&err, &da, ref, &our_in, &bareword_terminals);
732 if (err == FR_DICT_ATTR_OK) {
733 goto found;
734 }
735
736 goto notfound;
737 }
738
739 /*
740 * We didn't find anything, that's an error.
741 */
742 if (!raw) {
743 notfound:
744 fr_strerror_printf("Unknown attribute \"%.*s\" for parent \"%s\"",
745 (int) fr_sbuff_diff(&op_m, &our_in), fr_sbuff_current(&our_in),
746 da_stack.da[da_stack.depth - 1]->name);
747 goto error;
748 }
749
750 alloc_unknown:
751 /*
752 * We looked up raw.FOO, and FOO wasn't found. See if we can still parse it.
753 */
754 if (da_stack.da[da_stack.depth - 1]->type == FR_TYPE_GROUP) {
755 fr_strerror_printf("Cannot create 'raw' children in attribute %s of data type 'group'",
756 da_stack.da[da_stack.depth - 1]->name);
757 goto error;
758 }
759
760 /*
761 * Unknown attributes must be 'raw.1234'.
762 */
763 if (!fr_sbuff_is_digit(&our_in)) {
764 goto notfound;
765 }
766
767 /*
768 * Figure out the data type for unknown attributes. Intermediate attributes are
769 * structural. Only the final attribute is forced to "raw_type".
770 */
771 if (i < components) {
772 if (parent->type == FR_TYPE_VSA) {
773 unknown_type = FR_TYPE_VENDOR;
774 } else {
775 unknown_type = FR_TYPE_TLV;
776 }
777
778 } else if (raw_type == FR_TYPE_NULL) {
779 unknown_type = FR_TYPE_OCTETS;
780
781 } else if ((raw_type == FR_TYPE_TLV) && (parent->type == FR_TYPE_VSA)) {
782 /*
783 * We had previously parsed a known VSA, but this component is
784 * perhaps a numerical OID. Set the data type to VENDOR, so that
785 * the hierachy is correct.
786 */
787 unknown_type = FR_TYPE_VENDOR;
788
789 } else {
790 unknown_type = raw_type;
791 }
792
793 da_unknown = fr_dict_attr_unknown_afrom_oid(root->ctx, parent, &our_in, unknown_type);
794 if (!da_unknown) goto error;
795
796 da = da_unknown;
797 was_unknown = true;
798
799 goto next;
800 } /* huge block of "we didn't find a known attribute" */
801
802 /*
803 * We found the component. It MIGHT be an ALIAS which jumps down a few levels. Or, it
804 * might be a group which jumps back to the dictionary root. Or it may suddenly be an
805 * internal attribute.
806 *
807 * For an ALIAS, we need to add intermediate nodes up to the parent.
808 *
809 * For a GROUP, we need to add nodes up to the ref of the group.
810 *
811 * For internal attributes, we need to add nodes up to the root of the internal
812 * dictionary.
813 */
814 if (da->parent != parent) {
815 int j, diff;
816 fr_dict_attr_t const *up;
817
818 ref = parent;
819
820 found:
821 fr_assert(fr_dict_attr_common_parent(ref, da, true) == ref);
822
823 diff = da->depth - ref->depth;
824 fr_assert(diff >= 1);
825
826 diff--;
827
828 if ((da_stack.depth + diff) >= FR_DICT_MAX_TLV_STACK) {
829 fr_strerror_printf("Attributes are nested too deeply at \"%.*s\"",
830 (int) fr_sbuff_diff(&op_m, &lhs_m), fr_sbuff_current(&lhs_m));
831 goto error;
832 }
833
834 /*
835 * Go back up the da_stack, setting the parent.
836 */
837 up = da;
838 for (j = da_stack.depth + diff; j >= da_stack.depth; j--) {
839 da_stack.da[j] = up;
840 up = up->parent;
841 }
842
843 for (j = da_stack.depth; j <= da_stack.depth + diff; j++) {
844 fr_assert(da_stack.da[j] != NULL);
845 }
846
847 /*
848 * Record that we've added more attributes to the da_stack.
849 */
850 da_stack.depth += diff;
851 }
852
853 next:
854 /*
855 * Limit the data types that we can parse. This check is mainly to get better error
856 * messages.
857 */
858 switch (da->type) {
859 case FR_TYPE_GROUP:
860 if (raw && (raw_type != FR_TYPE_OCTETS)) {
861 fr_strerror_printf("Cannot create 'raw' attributes for data type '%s'", fr_type_to_str(da->type));
862 goto error;
863 }
864 break;
865
866 case FR_TYPE_STRUCTURAL_EXCEPT_GROUP:
867 case FR_TYPE_LEAF:
868 break;
869
870 default:
871 fr_strerror_printf("Invalid data type '%s'", fr_type_to_str(da->type));
872 goto error;
873 }
874
875 /*
876 * Everything until the last component must end with a '.', because otherwise there would
877 * be no next component.
878 */
879 if (i < components) {
880 if (!fr_sbuff_next_if_char(&our_in, '.')) {
881 fr_strerror_printf("Missing '.' at \"%.*s\"",
882 (int) fr_sbuff_diff(&op_m, &lhs_m), fr_sbuff_current(&lhs_m));
883 goto error;
884 }
885
886 /*
887 * Leaf attributes cannot appear in the middle of the OID list.
888 */
889 if (fr_type_is_leaf(da->type)) {
890 if (fr_dict_attr_is_key_field(da)) {
891 fr_strerror_printf("Please remove the reference to key field '%s' from the input string",
892 da->name);
893 } else {
894 fr_strerror_printf("Leaf attribute '%s' cannot have children", da->name);
895 }
896
897 goto error;
898 }
899
900 } else if (raw && !da->flags.is_unknown) {
901 /*
902 * Only the last component can be raw. If the attribute we found isn't unknown,
903 * then create an unknown DA from the known one.
904 *
905 * We have parsed the full OID tree, *and* found a known attribute. e.g. raw.Vendor-Specific = ...
906 *
907 * For some reason, we allow: raw.Vendor-Specific = { ... }
908 *
909 * But this is what we really want: raw.Vendor-Specific = 0xabcdef
910 */
911 if ((raw_type != FR_TYPE_OCTETS) && (raw_type != da->type)) {
912 /*
913 * @todo - because it breaks a lot of the encoders.
914 */
915 fr_strerror_printf("Cannot create raw attribute %s which changes data type from %s to %s",
916 da->name, fr_type_to_str(da->type), fr_type_to_str(raw_type));
917 fr_sbuff_set(&our_in, &lhs_m);
918 goto error;
919 }
920
921 da_unknown = fr_dict_attr_unknown_alloc(root->ctx, da, raw_type);
922 if (!da_unknown) goto error;
923
924 da = da_unknown;
925 was_unknown = true;
926 }
927
928 da_stack.da[da_stack.depth] = da;
929 }
930
931 /*
932 * at least [0]=root, [1]=da, [2]=NULL
933 */
934 if (da_stack.depth <= 1) {
935 fr_strerror_const("Internal sanity check failed on depth 1");
936 return fr_sbuff_error(&our_in);
937 }
938
939 if (da_stack.depth <= components) {
940 fr_strerror_const("Internal sanity check failed on depth 2");
941 return fr_sbuff_error(&our_in);
942 }
943
944 /*
945 * STEP 5: Reset the parser to the value, and double-check if it's what we expect.
946 */
947 fr_sbuff_set(&our_in, &rhs_m);
948
949 if (fr_type_is_structural(da_stack.da[da_stack.depth - 1]->type)) {
950 if (!fr_sbuff_is_char(&our_in, '{')) {
951 fr_strerror_printf("Group list for %s MUST start with '{'", da_stack.da[da_stack.depth - 1]->name);
952 goto error;
953 }
954
955 /*
956 * The fr_pair_validate() function doesn't support operators for structural attributes,
957 * so we forbid them here.
958 */
959 if (relative->allow_compare && (op != T_OP_EQ) && (op != T_OP_CMP_EQ)) {
960 fr_strerror_printf("Structural attribute '%s' must use '=' or '==' for comparisons",
961 da_stack.da[da_stack.depth - 1]->name);
962 goto error;
963 }
964
965 /*
966 * If we have "foo = { ... }", then we just create the attribute.
967 */
968 if (components == 1) append = (op != T_OP_EQ);
969 }
970
971#if 0
972 /*
973 * STEP 5.1: Flatten the hierarchy if necessary.
974 */
975 if ((relative->da->flags.allow_flat) && (da_stack.depth > 2)) {
976 da_stack.da[1] = da_stack.da[da_stack.depth - 1];
977
978 da_stack.depth = 2;
979 }
980#endif
981
982 /*
983 * STEP 6: Use the da_stack to either find or add intermediate #fr_pair_t.
984 */
985 my = *relative;
986 for (i = 1; i < da_stack.depth; i++) {
987 fr_dict_attr_t const *da;
988
989 da = da_stack.da[i];
990
991 /*
992 * When we have a full path that contains MEMBERs of a STRUCT, we need to check ordering.
993 * The children MUST be added in order. If we see a child that is out of order, then
994 * that means we need to start a new parent STRUCT.
995 */
996 if ((da->parent->type == FR_TYPE_STRUCT) && (i > 1)) {
997 fr_assert(da_stack.da[i - 1] == da->parent);
998 fr_assert(da_stack.vp[i - 1] != NULL);
999 fr_assert(my.ctx == da_stack.vp[i - 1]);
1000
1001 /*
1002 * @todo - cache the last previous child that we added? Or maybe the DA of the
1003 * last child?
1004 */
1005 for (vp = fr_pair_list_tail(my.list);
1006 vp != NULL;
1007 vp = fr_pair_list_prev(my.list, vp)) {
1008 if (!vp->da->flags.internal) break;
1009 }
1010
1011 if (vp && (vp->da->attr > da->attr)) {
1012 fr_pair_t *parent = da_stack.vp[i - 2];
1013
1014 if (parent) {
1015 if (fr_pair_append_by_da(parent, &vp, &parent->vp_group, da->parent) < 0) {
1016 goto error;
1017 }
1018 } else {
1019 if (fr_pair_append_by_da(root->ctx, &vp, root->list, da->parent) < 0) {
1020 goto error;
1021 }
1022 }
1023
1024 vp->op = T_OP_EQ;
1025 PAIR_ALLOCED(vp);
1026 my.ctx = vp;
1027 my.list = &vp->vp_group;
1028 }
1029 }
1030
1031 /*
1032 * Everything up to the last entry must be structural.
1033 *
1034 * The last entry may be structural, or else it might be a leaf.
1035 */
1036 if (fr_type_is_structural(da->type)) {
1037 if (append) {
1038 vp = fr_pair_find_last_by_da(my.list, NULL, da);
1039 if (vp) goto update_relative;
1040 }
1041
1042 if (fr_pair_append_by_da(my.ctx, &vp, my.list, da) < 0) {
1043 goto error;
1044 }
1045
1046 vp->op = T_OP_EQ;
1047 PAIR_ALLOCED(vp);
1048
1049 update_relative:
1050 da_stack.vp[i] = vp;
1051
1052 my.ctx = vp;
1053 my.da = vp->da;
1054 my.list = &vp->vp_group;
1055 continue;
1056 }
1057
1058 /*
1059 * We're finally at the leaf attribute, which must be the last attribute.
1060 */
1061 fr_assert(i == (da_stack.depth - 1));
1062
1063 vp = fr_pair_afrom_da(my.ctx, da);
1064 if (!vp) goto error;
1065
1066 PAIR_ALLOCED(vp);
1067 vp->op = op;
1068 da_stack.vp[i] = vp;
1069 }
1070
1071 /*
1072 * Intermediate nodes always use the operator '='. The final one uses the assigned operator.
1073 */
1074 fr_assert(vp != NULL);
1075 fr_assert(vp->op != T_INVALID);
1076
1077 /*
1078 * STEP 7: Parse the value, recursing if necessary.
1079 *
1080 * @todo - do all kinds of cleanups if anything fails. TBH, this really needs the edit lists,
1081 * and that might be a bit much overhead for this code.
1082 */
1083 if (fr_type_is_structural(vp->da->type)) {
1084 fr_pair_parse_t child = (fr_pair_parse_t) {
1085 .allow_compare = root->allow_compare,
1086 .dict = root->dict,
1087 .internal = root->internal,
1088 };
1089
1090 if (!fr_sbuff_next_if_char(&our_in, '{')) {
1091 fr_strerror_printf("Child list for %s MUST start with '{'", vp->da->name);
1092 goto error;
1093 }
1094
1095 fr_assert(my.ctx == vp);
1096 fr_assert(my.da == vp->da);
1097 fr_assert(my.list == &vp->vp_group);
1098 my.allow_compare = root->allow_compare;
1099 my.end_of_list = true;
1100
1101 while (true) {
1102 fr_sbuff_adv_past_blank(&our_in, SIZE_MAX, NULL);
1103
1104 if (fr_sbuff_is_char(&our_in, '}')) {
1105 break;
1106 }
1107
1108 slen = fr_pair_list_afrom_substr(&my, &child, &our_in);
1109 if (!slen) break;
1110
1111 if (slen < 0) goto error;
1112 }
1113
1114 if (!fr_sbuff_next_if_char(&our_in, '}')) {
1115 fr_strerror_const("Failed to end list with '}'");
1116 goto error;
1117 }
1118
1119 /*
1120 * This structure was the last thing we parsed. The next thing starts from here.
1121 */
1122 *relative = my;
1123
1124 } else {
1125 slen = fr_pair_value_from_substr(root, vp, &our_in);
1126 if (slen <= 0) goto error;
1127
1128 fr_pair_append(my.list, vp);
1129 }
1130
1131 PAIR_VERIFY(vp);
1132
1133 CLEAN_DA_STACK;
1134
1135 fr_sbuff_adv_past_blank(&our_in, SIZE_MAX, NULL);
1136
1137 /*
1138 * STEP 8: See if we're done, or if we need to stop parsing this #fr_pair_t.
1139 *
1140 * Allow a limited set of characters after a value.
1141 *
1142 * It can be "," OR "CRLF" OR ",CRLF". But not anything else.
1143 */
1144 keep_going = false;
1145 if (fr_sbuff_next_if_char(&our_in, ',')) {
1146 fr_sbuff_adv_past_blank(&our_in, SIZE_MAX, NULL);
1147
1148 keep_going = true;
1149 relative->last_char = ',';
1150 }
1151
1152 /*
1153 * We hit the end of the parent list. There's no need to update "relative", we just return, and
1154 * let the caller end the list.
1155 *
1156 * Note that we allow trailing commas: Foo = { Bar = Baz, }
1157 *
1158 * We don't care about any trailing data.
1159 */
1160 if (relative->end_of_list && fr_sbuff_is_char(&our_in, '}')) {
1161 relative->last_char = '\0';
1162 goto done;
1163 }
1164
1165 if (relative->allow_crlf) {
1166 size_t len;
1167
1168 len = fr_sbuff_adv_past_allowed(&our_in, SIZE_MAX, sbuff_char_line_endings, NULL);
1169 if (len) {
1170 keep_going = true;
1171 if (!relative->last_char) relative->last_char = '\n';
1172 }
1173 }
1174
1175 /*
1176 * This is mainly for the detail file reader. We allow zeros as end of "attr op value". But we
1177 * also treat zeros as "don't keep going".
1178 */
1179 if (relative->allow_zeros) {
1180 while (fr_sbuff_next_if_char(&our_in, '\0')) {
1181 /* nothing */
1182 }
1183
1184 goto done;
1185 }
1186
1187 /*
1188 * There's no more input, we're done. Any next attributes will cause the input to be parsed from
1189 * the root again.
1190 */
1191 (void) fr_sbuff_extend(&our_in);
1192 if (!fr_sbuff_remaining(&our_in)) goto done;
1193
1194 /*
1195 * STEP 9: If we need to keep going, then set up the relative references based on what we've
1196 * done, and go back to start over again.
1197 *
1198 * The caller is responsible for checking whether or not we have too much data.
1199 */
1200 if (keep_going) {
1201 /*
1202 * Update the relative list for parsing the next pair.
1203 */
1204 if (fr_type_is_leaf(vp->da->type)) {
1205 fr_pair_t *parent;
1206
1207 parent = fr_pair_parent(vp);
1208 if (!parent) {
1209 *relative = *root;
1210
1211 } else {
1212 relative->ctx = parent;
1213 relative->da = parent->da;
1214 relative->list = &parent->vp_group;
1215 }
1216
1217 } else {
1218 relative->ctx = vp;
1219 relative->da = vp->da;
1220 relative->list = &vp->vp_group;
1221 }
1222
1223 goto redo;
1224 }
1225
1226 /*
1227 * STEP 10: Complain if we have unexpected input.
1228 *
1229 * We have more input, BUT we didn't have a comma or CRLF to explicitly finish the last pair we
1230 * read. That's a problem.
1231 */
1232 if (!relative->last_char) {
1233 size_t remaining;
1234
1235 remaining = fr_sbuff_remaining(&our_in);
1236
1237 if (remaining > 20) remaining = 20;
1238
1239 fr_strerror_printf("Unexpected text '%.*s ...' after value",
1240 (int) remaining, fr_sbuff_current(&our_in));
1241 return fr_sbuff_error(&our_in); /* da_stack has already been cleaned */
1242 }
1243
1244done:
1245 /*
1246 * STEP 11: Finally done.
1247 */
1248 FR_SBUFF_SET_RETURN(in, &our_in);
1249}
1250
1251/** Read valuepairs from the fp up to End-Of-File.
1252 *
1253 * @param[in] ctx for talloc
1254 * @param[in] dict to resolve attributes in.
1255 * @param[in,out] out where the parsed fr_pair_ts will be appended.
1256 * @param[in] fp to read valuepairs from.
1257 * @param[out] pfiledone true if file parsing complete;
1258 * @param[in] allow_exec Whether we allow `backtick` expansions.
1259 * @return
1260 * - 0 on success
1261 * - -1 on error
1262 */
1263int fr_pair_list_afrom_file(TALLOC_CTX *ctx, fr_dict_t const *dict, fr_pair_list_t *out, FILE *fp, bool *pfiledone, bool allow_exec)
1264{
1265 fr_pair_list_t tmp_list;
1266 fr_pair_parse_t root, relative;
1267 bool found = false;
1268 char buf[8192];
1269
1270 /*
1271 * Read all of the attributes on the current line.
1272 *
1273 * If we get nothing but an EOL, it's likely OK.
1274 */
1275 fr_pair_list_init(&tmp_list);
1276
1277 root = (fr_pair_parse_t) {
1278 .ctx = ctx,
1279 .da = fr_dict_root(dict),
1280 .list = &tmp_list,
1281 .dict = dict,
1282 .internal = fr_dict_internal(),
1283 .allow_crlf = true,
1284 .allow_compare = true,
1285 .allow_exec = allow_exec
1286 };
1287 relative = (fr_pair_parse_t) { };
1288
1289 while (fgets(buf, sizeof(buf), fp) != NULL) {
1290 /*
1291 * If we get a '\n' by itself, we assume that's
1292 * the end of that VP list.
1293 */
1294 if ((buf[0] == '\n') || (buf[0] == '\r')) {
1295 if (found) {
1296 *pfiledone = false;
1297 break;
1298 }
1299 continue;
1300 }
1301
1302 /*
1303 * Comments get ignored
1304 */
1305 if (buf[0] == '#') continue;
1306
1307 /*
1308 * Leave "relative" between calls, so that we can do:
1309 *
1310 * foo = {}
1311 * .bar = baz
1312 *
1313 * and get
1314 *
1315 * foo = { bar = baz }
1316 */
1317 if (fr_pair_list_afrom_substr(&root, &relative, &FR_SBUFF_IN_STR(buf)) < 0) {
1318 *pfiledone = false;
1319 fr_pair_list_free(&tmp_list);
1320 return -1;
1321 }
1322
1323 found = true;
1324 }
1325
1326#ifdef WITH_VERIFY_PTR
1327 fr_pair_list_verify(__FILE__, __LINE__, ctx, &tmp_list, true);
1328#endif
1329
1330 fr_pair_list_append(out, &tmp_list);
1331
1332 *pfiledone = true;
1333 return 0;
1334}
1335
1336
1337/** Move pairs from source list to destination list respecting operator
1338 *
1339 * @note This function does some additional magic that's probably not needed in most places. Consider using
1340 * radius_legacy_map_cmp() and radius_legacy_map_apply() instead.
1341 *
1342 * @note fr_pair_list_free should be called on the head of the source list to free
1343 * unmoved attributes (if they're no longer needed).
1344 *
1345 * @param[in,out] to destination list.
1346 * @param[in,out] from source list.
1347 * @param[in] op operator for list move.
1348 */
1349void fr_pair_list_move_op(fr_pair_list_t *to, fr_pair_list_t *from, fr_token_t op)
1350{
1351 fr_pair_t *vp, *next, *found;
1352 fr_pair_list_t head_append, head_prepend;
1353
1354 if (!to || fr_pair_list_empty(from)) return;
1355
1356 /*
1357 * We're editing the "to" list while we're adding new
1358 * attributes to it. We don't want the new attributes to
1359 * be edited, so we create an intermediate list to hold
1360 * them during the editing process.
1361 */
1362 fr_pair_list_init(&head_append);
1363
1364 /*
1365 * Any attributes that are requested to be prepended
1366 * are added to a temporary list here
1367 */
1368 fr_pair_list_init(&head_prepend);
1369
1370 /*
1371 * We're looping over the "from" list, moving some
1372 * attributes out, but leaving others in place.
1373 */
1374 for (vp = fr_pair_list_head(from); vp != NULL; vp = next) {
1375 PAIR_VERIFY(vp);
1376 next = fr_pair_list_next(from, vp);
1377
1378 /*
1379 * We never move Fall-Through.
1380 */
1381 if (fr_dict_attr_is_top_level(vp->da) && (vp->da->attr == FR_FALL_THROUGH) &&
1382 (fr_dict_by_da(vp->da) == fr_dict_internal())) {
1383 continue;
1384 }
1385
1386 /*
1387 * Unlike previous versions, we treat all other
1388 * attributes as normal. i.e. there's no special
1389 * treatment for passwords or Hint.
1390 */
1391
1392 switch (vp->op) {
1393 /*
1394 * Anything else are operators which
1395 * shouldn't occur. We ignore them, and
1396 * leave them in place.
1397 */
1398 default:
1399 continue;
1400
1401 /*
1402 * Add it to the "to" list, but only if
1403 * it doesn't already exist.
1404 */
1405 case T_OP_EQ:
1406 found = fr_pair_find_by_da(to, NULL, vp->da);
1407 if (!found) goto do_add;
1408 continue;
1409
1410 /*
1411 * Add it to the "to" list, and delete any attribute
1412 * of the same vendor/attr which already exists.
1413 */
1414 case T_OP_SET:
1415 found = fr_pair_find_by_da(to, NULL, vp->da);
1416 if (!found) goto do_add;
1417
1418 /*
1419 * Delete *all* matching attributes.
1420 */
1421 fr_pair_delete_by_da(to, found->da);
1422 goto do_add;
1423
1424 /*
1425 * Move it from the old list and add it
1426 * to the new list.
1427 */
1428 case T_OP_ADD_EQ:
1429 do_add:
1430 fr_pair_remove(from, vp);
1431 fr_pair_append(&head_append, vp);
1432 continue;
1433
1434 case T_OP_PREPEND:
1435 fr_pair_remove(from, vp);
1436 fr_pair_prepend(&head_prepend, vp);
1437 continue;
1438 }
1439 } /* loop over the "from" list. */
1440
1441 /*
1442 * If the op parameter was prepend, add the "new list
1443 * attributes first as those whose individual operator
1444 * is prepend should be prepended to the resulting list
1445 */
1446 if (op == T_OP_PREPEND) fr_pair_list_prepend(to, &head_append);
1447
1448 /*
1449 * If there are any items in the prepend list prepend
1450 * it to the "to" list
1451 */
1452 fr_pair_list_prepend(to, &head_prepend);
1453
1454 /*
1455 * If the op parameter was not prepend, take the "new"
1456 * list, and append it to the "to" list.
1457 */
1458 if (op != T_OP_PREPEND) fr_pair_list_append(to, &head_append);
1459
1460 fr_pair_list_free(from);
1461}
buffer
static int const char char buffer[256]
Definition acutest.h:578
RCSID
#define RCSID(id)
Definition build.h:487
L
#define L(_str)
Helper for initialising arrays of string literals.
Definition build.h:209
unlikely
#define unlikely(_x)
Definition build.h:383
NUM_ELEMENTS
#define NUM_ELEMENTS(_t)
Definition build.h:339
fr_dict_by_da
fr_dict_t const * fr_dict_by_da(fr_dict_attr_t const *da)
Attempt to locate the protocol dictionary containing an attribute.
Definition dict_util.c:2875
fr_dict_attr_common_parent
fr_dict_attr_t const * fr_dict_attr_common_parent(fr_dict_attr_t const *a, fr_dict_attr_t const *b, bool is_ancestor)
Find a common ancestor that two TLV type attributes share.
Definition dict_util.c:2315
err
static fr_slen_t err
Definition dict.h:884
fr_dict_attr_unknown_afrom_oid
static fr_dict_attr_t * fr_dict_attr_unknown_afrom_oid(TALLOC_CTX *ctx, fr_dict_attr_t const *parent, fr_sbuff_t *in, fr_type_t type)
Definition dict.h:620
fr_dict_attr_allowed_chars
bool const fr_dict_attr_allowed_chars[UINT8_MAX+1]
Characters allowed in a single dictionary attribute name.
Definition dict_util.c:64
fr_dict_attr_unknown_alloc
fr_dict_attr_t * fr_dict_attr_unknown_alloc(TALLOC_CTX *ctx, fr_dict_attr_t const *da, fr_type_t type))
Allocate an unknown DA.
Definition dict_unknown.c:250
fr_dict_root
fr_dict_attr_t const * fr_dict_root(fr_dict_t const *dict)
Return the root attribute of a dictionary.
Definition dict_util.c:2669
fr_dict_internal
fr_dict_t const * fr_dict_internal(void)
Definition dict_util.c:4938
fr_dict_attr_is_top_level
static bool fr_dict_attr_is_top_level(fr_dict_attr_t const *da)
Return true if this attribute is parented directly off the dictionary root.
Definition dict.h:811
FR_DICT_MAX_TLV_STACK
#define FR_DICT_MAX_TLV_STACK
Maximum TLV stack size.
Definition dict.h:519
fr_dict_attr_err_t
fr_dict_attr_err_t
Errors returned by attribute lookup functions.
Definition dict.h:319
FR_DICT_ATTR_OK
@ FR_DICT_ATTR_OK
No error.
Definition dict.h:320
fr_dict_oid_component
fr_slen_t fr_dict_oid_component(fr_dict_attr_err_t *err, fr_dict_attr_t const **out, fr_dict_attr_t const *parent, fr_sbuff_t *in, fr_sbuff_term_t const *tt))
Parse an OID component, resolving it to a defined attribute.
Definition dict_util.c:2494
fr_dict_attr_is_key_field
#define fr_dict_attr_is_key_field(_da)
Definition dict.h:172
in
static fr_slen_t in
Definition dict.h:884
fr_dict_attr_ref
static fr_dict_attr_t const * fr_dict_attr_ref(fr_dict_attr_t const *da)
Return the reference associated with a group type attribute.
Definition dict_ext.h:148
my
void fr_bio_shutdown & my
Definition fd_errno.h:70
free
free(array)
fr_sbuff_out_unescape_until
size_t fr_sbuff_out_unescape_until(fr_sbuff_t *out, fr_sbuff_t *in, size_t len, fr_sbuff_term_t const *tt, fr_sbuff_unescape_rules_t const *u_rules)
Definition merged_model.c:177
fr_type_t
fr_type_t
Definition merged_model.c:80
FR_TYPE_TLV
@ FR_TYPE_TLV
Contains nested attributes.
Definition merged_model.c:118
FR_TYPE_NULL
@ FR_TYPE_NULL
Invalid (uninitialised) attribute type.
Definition merged_model.c:81
FR_TYPE_STRUCT
@ FR_TYPE_STRUCT
like TLV, but without T or L, and fixed-width children
Definition merged_model.c:119
FR_TYPE_VENDOR
@ FR_TYPE_VENDOR
Attribute that represents a vendor in the attribute tree.
Definition merged_model.c:122
FR_TYPE_VSA
@ FR_TYPE_VSA
Vendor-Specific, for RADIUS attribute 26.
Definition merged_model.c:121
FR_TYPE_OCTETS
@ FR_TYPE_OCTETS
Raw octets.
Definition merged_model.c:84
FR_TYPE_GROUP
@ FR_TYPE_GROUP
A grouping of other attributes.
Definition merged_model.c:124
ssize_t
long int ssize_t
Definition merged_model.c:24
uint8_t
unsigned char uint8_t
Definition merged_model.c:30
fr_slen_t
ssize_t fr_slen_t
Definition merged_model.c:35
UINT8_MAX
#define UINT8_MAX
Definition merged_model.c:32
fr_dict_attr_t
Definition merged_model.c:133
fr_dict_t
Definition merged_model.c:198
fr_sbuff_t
Definition merged_model.c:37
fr_pair_append_by_da
int fr_pair_append_by_da(TALLOC_CTX *ctx, fr_pair_t **out, fr_pair_list_t *list, fr_dict_attr_t const *da)
Alloc a new fr_pair_t (and append)
Definition pair.c:1467
fr_pair_find_by_da
fr_pair_t * fr_pair_find_by_da(fr_pair_list_t const *list, fr_pair_t const *prev, fr_dict_attr_t const *da)
Find the first pair with a matching da.
Definition pair.c:703
fr_pair_append
int fr_pair_append(fr_pair_list_t *list, fr_pair_t *to_add)
Add a VP to the end of the list.
Definition pair.c:1348
fr_pair_delete_by_da
int fr_pair_delete_by_da(fr_pair_list_t *list, fr_dict_attr_t const *da)
Delete matching pairs from the specified list.
Definition pair.c:1692
fr_pair_parent
fr_pair_t * fr_pair_parent(fr_pair_t const *vp)
Return a pointer to the parent pair.
Definition pair.c:952
fr_pair_afrom_da
fr_pair_t * fr_pair_afrom_da(TALLOC_CTX *ctx, fr_dict_attr_t const *da)
Dynamically allocate a new attribute and assign a fr_dict_attr_t.
Definition pair.c:289
fr_pair_list_init
void fr_pair_list_init(fr_pair_list_t *list)
Initialise a pair list header.
Definition pair.c:46
fr_pair_prepend
int fr_pair_prepend(fr_pair_list_t *list, fr_pair_t *to_add)
Add a VP to the start of the list.
Definition pair.c:1317
fr_pair_find_last_by_da
fr_pair_t * fr_pair_find_last_by_da(fr_pair_list_t const *list, fr_pair_t const *prev, fr_dict_attr_t const *da)
Find the last pair with a matching da.
Definition pair.c:727
fr_pair_value_from_substr
static ssize_t fr_pair_value_from_substr(fr_pair_parse_t const *conf, fr_pair_t *vp, fr_sbuff_t *in)
Definition pair_legacy.c:105
bareword_unquoted
static fr_sbuff_parse_rules_t const bareword_unquoted
Definition pair_legacy.c:92
pair_assignment_op_table
static fr_table_num_sorted_t const pair_assignment_op_table[]
Definition pair_legacy.c:62
fr_pair_list_afrom_substr
fr_slen_t fr_pair_list_afrom_substr(fr_pair_parse_t const *root, fr_pair_parse_t *relative, fr_sbuff_t *in)
Parse a fr_pair_list_t from a substring.
Definition pair_legacy.c:326
fr_pair_list_afrom_file
int fr_pair_list_afrom_file(TALLOC_CTX *ctx, fr_dict_t const *dict, fr_pair_list_t *out, FILE *fp, bool *pfiledone, bool allow_exec)
Read valuepairs from the fp up to End-Of-File.
Definition pair_legacy.c:1263
fr_pair_list_move_op
void fr_pair_list_move_op(fr_pair_list_t *to, fr_pair_list_t *from, fr_token_t op)
Move pairs from source list to destination list respecting operator.
Definition pair_legacy.c:1349
legacy_da_stack_t::depth
int depth
Definition pair_legacy.c:256
pair_comparison_op_table_len
static size_t pair_comparison_op_table_len
Definition pair_legacy.c:84
legacy_da_stack_t::vp
fr_pair_t * vp[FR_DICT_MAX_TLV_STACK]
which VP we have created or found
Definition pair_legacy.c:258
CLEAN_DA_STACK
#define CLEAN_DA_STACK
legacy_da_stack_t::da
fr_dict_attr_t const * da[FR_DICT_MAX_TLV_STACK]
parent for parsing
Definition pair_legacy.c:257
pair_comparison_op_table
static fr_table_num_sorted_t const pair_comparison_op_table[]
Definition pair_legacy.c:69
bareword_terminals
static fr_sbuff_term_t const bareword_terminals
Definition pair_legacy.c:39
pair_assignment_op_table_len
static ssize_t pair_assignment_op_table_len
Definition pair_legacy.c:67
legacy_da_stack_t
Our version of a DA stack.
Definition pair_legacy.c:255
fr_pair_parse_t::ctx
TALLOC_CTX * ctx
Definition pair_legacy.h:43
fr_pair_parse_t::allow_crlf
bool allow_crlf
allow CRLF, and treat like comma
Definition pair_legacy.h:51
fr_pair_parse_t::allow_zeros
bool allow_zeros
allow '\0' as end of attribute
Definition pair_legacy.h:52
fr_pair_parse_t::dict
fr_dict_t const * dict
the protocol dictionary we use
Definition pair_legacy.h:47
fr_pair_parse_t::last_char
char last_char
last character we read - ',', ' ', or 0 for EOF
Definition pair_legacy.h:59
fr_pair_parse_t::list
fr_pair_list_t * list
list where output is placed
Definition pair_legacy.h:45
fr_pair_parse_t::end_of_list
bool end_of_list
do we expect an end of list '}' character?
Definition pair_legacy.h:60
fr_pair_parse_t::allow_compare
bool allow_compare
allow comparison operators
Definition pair_legacy.h:50
fr_pair_parse_t::da
fr_dict_attr_t const * da
root da to start parsing from
Definition pair_legacy.h:44
fr_pair_parse_t::internal
fr_dict_t const * internal
a cached pointer to the internal dictionary
Definition pair_legacy.h:48
fr_pair_parse_t
Definition pair_legacy.h:42
fr_assert
#define fr_assert(_expr)
Definition rad_assert.h:38
done
static bool done
Definition radclient.c:83
WIFEXITED
#define WIFEXITED(stat_val)
Definition radiusd.c:72
WEXITSTATUS
#define WEXITSTATUS(stat_val)
Definition radiusd.c:69
conf
static rs_t * conf
Definition radsniff.c:53
fr_sbuff_adv_past_allowed
size_t fr_sbuff_adv_past_allowed(fr_sbuff_t *sbuff, size_t len, bool const allowed[static UINT8_MAX+1], fr_sbuff_term_t const *tt)
Wind position past characters in the allowed set.
Definition sbuff.c:1805
sbuff_char_line_endings
bool const sbuff_char_line_endings[UINT8_MAX+1]
Definition sbuff.c:107
fr_sbuff_next_if_char
bool fr_sbuff_next_if_char(fr_sbuff_t *sbuff, char c)
Return true if the current char matches, and if it does, advance.
Definition sbuff.c:2116
fr_sbuff_start
#define fr_sbuff_start(_sbuff_or_marker)
fr_sbuff_out_by_longest_prefix
#define fr_sbuff_out_by_longest_prefix(_match_len, _out, _table, _sbuff, _def)
fr_sbuff_is_str_literal
#define fr_sbuff_is_str_literal(_sbuff, _str)
fr_sbuff_set
#define fr_sbuff_set(_dst, _src)
fr_sbuff_diff
#define fr_sbuff_diff(_a, _b)
FR_SBUFF_IN
#define FR_SBUFF_IN(_start, _len_or_end)
fr_sbuff_current
#define fr_sbuff_current(_sbuff_or_marker)
fr_sbuff_char
#define fr_sbuff_char(_sbuff_or_marker, _eob)
FR_SBUFF_TERMS
#define FR_SBUFF_TERMS(...)
Initialise a terminal structure with a list of sorted strings.
Definition sbuff.h:193
fr_sbuff_extend
#define fr_sbuff_extend(_sbuff_or_marker)
fr_sbuff_is_char
#define fr_sbuff_is_char(_sbuff_or_marker, _c)
FR_SBUFF_SET_RETURN
#define FR_SBUFF_SET_RETURN(_dst, _src)
fr_sbuff_is_digit
#define fr_sbuff_is_digit(_sbuff_or_marker)
FR_SBUFF_IN_STR
#define FR_SBUFF_IN_STR(_start)
fr_sbuff_error
#define fr_sbuff_error(_sbuff_or_marker)
FR_SBUFF
#define FR_SBUFF(_sbuff_or_marker)
fr_sbuff_adv_past_blank
#define fr_sbuff_adv_past_blank(_sbuff, _len, _tt)
fr_sbuff_advance
#define fr_sbuff_advance(_sbuff_or_marker, _len)
fr_sbuff_remaining
#define fr_sbuff_remaining(_sbuff_or_marker)
fr_sbuff_used
#define fr_sbuff_used(_sbuff_or_marker)
FR_SBUFF_TALLOC_THREAD_LOCAL
#define FR_SBUFF_TALLOC_THREAD_LOCAL(_out, _init, _max)
fr_sbuff_ptr_s
Definition sbuff.h:85
fr_sbuff_term_t
Set of terminal elements.
Definition merged_model.c:161
vp
fr_pair_t * vp
Definition state_machine.c:2293
pair_list_s
Definition pair.h:52
value_pair_s
Stores an attribute, a value and various bits of other data.
Definition pair.h:68
value_pair_s::da
fr_dict_attr_t const *_CONST da
Dictionary attribute defines the attribute number, vendor and type of the pair.
Definition pair.h:69
fr_syserror
char const * fr_syserror(int num)
Guaranteed to be thread-safe version of strerror.
Definition syserror.c:243
fr_table_num_sorted_t
An element in a lexicographically sorted array of name to num mappings.
Definition table.h:49
fr_tokens
char const * fr_tokens[T_TOKEN_LAST]
Definition token.c:79
fr_token_t
enum fr_token fr_token_t
T_INVALID
@ T_INVALID
Definition token.h:39
T_OP_CMP_TRUE
@ T_OP_CMP_TRUE
Definition token.h:104
T_OP_EQ
@ T_OP_EQ
Definition token.h:83
T_OP_SET
@ T_OP_SET
Definition token.h:84
T_OP_NE
@ T_OP_NE
Definition token.h:97
T_OP_ADD_EQ
@ T_OP_ADD_EQ
Definition token.h:69
T_OP_CMP_FALSE
@ T_OP_CMP_FALSE
Definition token.h:105
T_OP_REG_EQ
@ T_OP_REG_EQ
Definition token.h:102
T_OP_CMP_EQ
@ T_OP_CMP_EQ
Definition token.h:106
T_OP_LE
@ T_OP_LE
Definition token.h:100
T_OP_GE
@ T_OP_GE
Definition token.h:98
T_OP_GT
@ T_OP_GT
Definition token.h:99
T_OP_LT
@ T_OP_LT
Definition token.h:101
T_OP_REG_NE
@ T_OP_REG_NE
Definition token.h:103
T_OP_PREPEND
@ T_OP_PREPEND
Definition token.h:85
PAIR_ALLOCED
#define PAIR_ALLOCED(_x)
Definition pair.h:212
fr_pair_list_empty
bool fr_pair_list_empty(fr_pair_list_t const *list)
Is a valuepair list empty.
Definition pair_inline.c:124
PAIR_VERIFY
#define PAIR_VERIFY(_x)
Definition pair.h:204
fr_pair_list_next
fr_pair_t * fr_pair_list_next(fr_pair_list_t const *list, fr_pair_t const *item))
Get the next item in a valuepair list after a specific entry.
Definition pair_inline.c:69
fr_pair_list_tail
fr_pair_t * fr_pair_list_tail(fr_pair_list_t const *list)
Get the tail of a valuepair list.
Definition pair_inline.c:55
fr_pair_remove
fr_pair_t * fr_pair_remove(fr_pair_list_t *list, fr_pair_t *vp)
Remove fr_pair_t from a list without freeing.
Definition pair_inline.c:93
fr_pair_list_free
void fr_pair_list_free(fr_pair_list_t *list)
Free memory used by a valuepair list.
Definition pair_inline.c:112
fr_pair_list_append
void fr_pair_list_append(fr_pair_list_t *dst, fr_pair_list_t *src)
Appends a list of fr_pair_t from a temporary list to a destination list.
Definition pair_inline.c:181
fr_pair_list_prepend
void fr_pair_list_prepend(fr_pair_list_t *dst, fr_pair_list_t *src)
Move a list of fr_pair_t from a temporary list to the head of a destination list.
Definition pair_inline.c:194
fr_pair_list_prev
fr_pair_t * fr_pair_list_prev(fr_pair_list_t const *list, fr_pair_t const *item))
Get the previous item in a valuepair list before a specific entry.
Definition pair_inline.c:82
fr_pair_list_head
fr_pair_t * fr_pair_list_head(fr_pair_list_t const *list)
Get the head of a valuepair list.
Definition pair_inline.c:42
parent
static fr_slen_t parent
Definition pair.h:859
fr_strerror_printf
#define fr_strerror_printf(_fmt,...)
Log to thread local error buffer.
Definition strerror.h:64
fr_strerror_const
#define fr_strerror_const(_msg)
Definition strerror.h:223
fr_type_table
fr_table_num_ordered_t const fr_type_table[]
Map data types to names representing those types.
Definition types.c:31
FR_TYPE_STRUCTURAL_EXCEPT_GROUP
#define FR_TYPE_STRUCTURAL_EXCEPT_GROUP
Definition types.h:316
fr_type_is_structural
#define fr_type_is_structural(_x)
Definition types.h:393
fr_type_is_leaf
#define fr_type_is_leaf(_x)
Definition types.h:394
fr_type_to_str
static char const * fr_type_to_str(fr_type_t type)
Return a static string containing the type name.
Definition types.h:455
FR_TYPE_LEAF
#define FR_TYPE_LEAF
Definition types.h:318
value_parse_rules_single_quoted
fr_sbuff_parse_rules_t const value_parse_rules_single_quoted
Definition value.c:559
fr_value_unescape_backtick
fr_sbuff_unescape_rules_t fr_value_unescape_backtick
Definition value.c:323
value_parse_rules_double_quoted
fr_sbuff_parse_rules_t const value_parse_rules_double_quoted
Definition value.c:553
fr_value_box_from_substr
ssize_t fr_value_box_from_substr(TALLOC_CTX *ctx, fr_value_box_t *dst, fr_type_t dst_type, fr_dict_attr_t const *dst_enumv, fr_sbuff_t *in, fr_sbuff_parse_rules_t const *rules)
Convert string value to a fr_value_box_t type.
Definition value.c:5397
fr_box_strvalue_len
#define fr_box_strvalue_len(_val, _len)
Definition value.h:309
out
static size_t char ** out
Definition value.h:1024
Generated by   doxygen 1.9.8