The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
base.c
Go to the documentation of this file.
1/*
2 * This library is free software; you can redistribute it and/or
3 * modify it under the terms of the GNU Lesser General Public
4 * License as published by the Free Software Foundation; either
5 * version 2.1 of the License, or (at your option) any later version.
6 *
7 * This library is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
10 * Lesser General Public License for more details.
11 *
12 * You should have received a copy of the GNU Lesser General Public
13 * License along with this library; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17/**
18 * $Id: 3c81115724380c9e3563d30e812720f191f0a547 $
19 *
20 * @file protocols/der/decode.c
21 * @brief Functions to decode DER encoded data.
22 *
23 * @author Ethan Thompson (ethan.thompson@inkbridge.io)
24 *
25 * @copyright (C) 2025 Network RADIUS SAS (legal@networkradius.com)
26 */
27RCSID("$Id: 3c81115724380c9e3563d30e812720f191f0a547 $")
28
29#include <freeradius-devel/util/net.h>
30#include <freeradius-devel/util/proto.h>
31#include <freeradius-devel/util/table.h>
32#include <freeradius-devel/util/dict_ext_priv.h>
33
34#include "der.h"
35
36static uint32_t instance_count = 0;
37
38fr_dict_t const *dict_der;
39//fr_dict_attr_t const *attr_oid_tree;
40
41extern fr_dict_autoload_t libfreeradius_der_dict[];
42fr_dict_autoload_t libfreeradius_der_dict[] = { { .out = &dict_der, .proto = "der" }, { NULL } };
43
44extern fr_dict_attr_autoload_t libfreeradius_der_dict_attr[];
45fr_dict_attr_autoload_t libfreeradius_der_dict_attr[] = {
46// { .out = &attr_oid_tree, .name = "OID-Tree", .type = FR_TYPE_TLV, .dict = &dict_der },
47 { NULL }
48};
49
50static fr_table_num_sorted_t const tag_name_to_number[] = {
51 { L("bitstring"), FR_DER_TAG_BITSTRING },
52 { L("bmpstring"), FR_DER_TAG_BMP_STRING },
53 { L("boolean"), FR_DER_TAG_BOOLEAN },
54 { L("choice"), FR_DER_TAG_CHOICE },
55 { L("enumerated"), FR_DER_TAG_ENUMERATED },
56 { L("generalizedtime"), FR_DER_TAG_GENERALIZED_TIME },
57 { L("generalstring"), FR_DER_TAG_GENERAL_STRING },
58 { L("ia5string"), FR_DER_TAG_IA5_STRING },
59 { L("integer"), FR_DER_TAG_INTEGER },
60 { L("null"), FR_DER_TAG_NULL },
61 { L("octetstring"), FR_DER_TAG_OCTETSTRING },
62 { L("oid"), FR_DER_TAG_OID },
63 { L("printablestring"), FR_DER_TAG_PRINTABLE_STRING },
64 { L("sequence"), FR_DER_TAG_SEQUENCE },
65 { L("set"), FR_DER_TAG_SET },
66 { L("t61string"), FR_DER_TAG_T61_STRING },
67 { L("universalstring"), FR_DER_TAG_UNIVERSAL_STRING },
68 { L("utctime"), FR_DER_TAG_UTC_TIME },
69 { L("utf8string"), FR_DER_TAG_UTF8_STRING },
70 { L("visiblestring"), FR_DER_TAG_VISIBLE_STRING },
71};
72static size_t tag_name_to_number_len = NUM_ELEMENTS(tag_name_to_number);
73
74
75char const *fr_der_tag_to_str(fr_der_tag_t tag)
76{
77 return fr_table_str_by_value(tag_name_to_number, tag, "???");
78}
79
80#define ALL_STRINGS ((1 << FR_DER_TAG_BMP_STRING) | (1 << FR_DER_TAG_GENERAL_STRING) | \
81 (1 << FR_DER_TAG_IA5_STRING) | (1 << FR_DER_TAG_PRINTABLE_STRING) | \
82 (1 << FR_DER_TAG_T61_STRING) | (1 << FR_DER_TAG_UTF8_STRING) | \
83 (1 << FR_DER_TAG_VISIBLE_STRING))
84
97
98bool fr_der_tags_compatible(fr_der_tag_t tag1, fr_der_tag_t tag2)
99{
100 return (der_tags_compatible[tag1] & (1 << (uint64_t) tag2)) != 0;
101}
102
103/*
104 * Create a mapping between FR_TYPE_* and valid FR_DER_TAG_*'s
105 */
106static const bool *fr_type_to_der_tags[FR_DER_TAG_MAX] = {
107 [FR_TYPE_IPV4_ADDR] = (bool [FR_DER_TAG_MAX]) {
108 [FR_DER_TAG_BITSTRING] = true,
109 },
110
111 [FR_TYPE_IPV4_PREFIX] = (bool [FR_DER_TAG_MAX]) {
112 [FR_DER_TAG_BITSTRING] = true,
113 },
114
115 [FR_TYPE_IPV6_ADDR] = (bool [FR_DER_TAG_MAX]) {
116 [FR_DER_TAG_BITSTRING] = true,
117 },
118
119 [FR_TYPE_IPV6_PREFIX] = (bool [FR_DER_TAG_MAX]) {
120 [FR_DER_TAG_BITSTRING] = true,
121 },
122
123 [FR_TYPE_COMBO_IP_ADDR] = (bool [FR_DER_TAG_MAX]) {
124 [FR_DER_TAG_OCTETSTRING] = true,
125 },
126
127 [FR_TYPE_BOOL] = (bool [FR_DER_TAG_MAX]) {
128 [FR_DER_TAG_BOOLEAN] = true,
129 [FR_DER_TAG_INTEGER] = true,
130 [FR_DER_TAG_NULL] = true,
131 },
132 [FR_TYPE_INT64] = (bool [FR_DER_TAG_MAX]) {
133 [FR_DER_TAG_INTEGER] = true,
134 [FR_DER_TAG_ENUMERATED] = true,
135 },
136 [FR_TYPE_OCTETS] = (bool [FR_DER_TAG_MAX]) {
137 [FR_DER_TAG_BITSTRING] = true,
138 [FR_DER_TAG_OCTETSTRING] = true,
139 },
140 [FR_TYPE_STRING] = (bool [FR_DER_TAG_MAX]) {
141 [FR_DER_TAG_OID] = true,
142 [FR_DER_TAG_UTF8_STRING] = true,
143 [FR_DER_TAG_PRINTABLE_STRING] = true,
144 [FR_DER_TAG_T61_STRING] = true,
145 [FR_DER_TAG_IA5_STRING] = true,
146 [FR_DER_TAG_VISIBLE_STRING] = true,
147 [FR_DER_TAG_GENERAL_STRING] = true,
148 [FR_DER_TAG_UNIVERSAL_STRING] = true,
149 },
150 [FR_TYPE_DATE] = (bool [FR_DER_TAG_MAX]) {
151 [FR_DER_TAG_UTC_TIME] = true,
152 [FR_DER_TAG_GENERALIZED_TIME] = true,
153 },
154 [FR_TYPE_TLV] = (bool [FR_DER_TAG_MAX]) {
155 [FR_DER_TAG_SEQUENCE] = true,
156 [FR_DER_TAG_SET] = true,
157 },
158 [FR_TYPE_STRUCT] = (bool [FR_DER_TAG_MAX]) {
159 [FR_DER_TAG_BITSTRING] = true,
160 },
161 [FR_TYPE_GROUP] = (bool [FR_DER_TAG_MAX]) {
162 [FR_DER_TAG_SEQUENCE] = true,
163 },
164};
165
166/*
167 * Return true if the given type can be encoded as the given tag.
168 * @param[in] type The fr_type to check.
169 * @param[in] tag The der tag to check.
170 * @return true if the type can be encoded as the given tag.
171 */
172bool fr_type_to_der_tag_valid(fr_type_t type, fr_der_tag_t tag)
173{
174 if (!fr_type_to_der_tags[type]) return false;
175
176 return fr_type_to_der_tags[type][tag];
177}
178
179
180int fr_der_global_init(void)
181{
182 if (instance_count > 0) {
183 instance_count++;
184 return 0;
185 }
186
187 instance_count++;
188
189 if (fr_dict_autoload(libfreeradius_der_dict) < 0) {
190 fail:
191 instance_count--;
192 return -1;
193 }
194
195 if (fr_dict_attr_autoload(libfreeradius_der_dict_attr) < 0) {
196 fr_dict_autofree(libfreeradius_der_dict);
197 goto fail;
198 }
199
200 return 0;
201}
202
203void fr_der_global_free(void)
204{
205 if (--instance_count != 0) return;
206
207 fr_dict_autofree(libfreeradius_der_dict);
208}
209
210/*
211 * Allow setting class of APPLICATION and PRIVATE.
212 */
213static int dict_flag_class(fr_dict_attr_t **da_p, char const *value, UNUSED fr_dict_flag_parser_rule_t const *rules)
214{
215 static const fr_table_num_sorted_t table[] = {
216 { L("application"), FR_DER_CLASS_APPLICATION },
217 { L("private"), FR_DER_CLASS_PRIVATE },
218 };
219 static size_t table_len = NUM_ELEMENTS(table);
220
221 fr_der_attr_flags_t *flags;
222 fr_der_tag_class_t tag_class;
223
224 flags = fr_dict_attr_ext((*da_p)->parent, FR_DICT_ATTR_EXT_PROTOCOL_SPECIFIC);
225 if (flags->der_type != FR_DER_TAG_SEQUENCE) {
226 fr_strerror_printf("Cannot use 'class' for attribute %s DER type %s - the parent must be 'sequence'",
227 (*da_p)->parent->name, fr_der_tag_to_str(flags->der_type));
228 return -1;
229 }
230
231 if ((*da_p)->attr >= FR_DER_TAG_VALUE_MAX) {
232 fr_strerror_printf("Cannot use 'class' for attribute %s - the attribute number must be 0..30",
233 (*da_p)->parent->name);
234 return -1;
235 }
236
237 flags = fr_dict_attr_ext(*da_p, FR_DICT_ATTR_EXT_PROTOCOL_SPECIFIC);
238 if (flags->class) {
239 fr_strerror_printf("Attribute %s already has a 'class' defined", (*da_p)->name);
240 return -1;
241 }
242
243 tag_class = fr_table_value_by_str(table, value, FR_DER_CLASS_INVALID);
244 if (tag_class == FR_DER_CLASS_INVALID) {
245 fr_strerror_printf("Unknown or invalid name in 'class=%s'", value);
246 return -1;
247 }
248
249 flags->class = tag_class;
250
251 return 0;
252}
253
254static int dict_flag_default_value(fr_dict_attr_t **da_p, char const *value, UNUSED fr_dict_flag_parser_rule_t const *rules)
255{
256 fr_der_attr_flags_t *flags = fr_dict_attr_ext(*da_p, FR_DICT_ATTR_EXT_PROTOCOL_SPECIFIC);
257
258 if (!fr_type_is_leaf((*da_p)->type)) {
259 fr_strerror_printf("Cannot set 'default=...' for attribute %s DER type %s",
260 (*da_p)->name, fr_der_tag_to_str(flags->der_type));
261 return -1;
262 }
263
264 /*
265 * The default values are parented from the dict root. That way we don't need to copy the values
266 * when we clone the attribute, we can just copy the pointer.
267 */
268 flags->default_value = fr_value_box_alloc(fr_dict_unconst((*da_p)->dict), (*da_p)->type, NULL);
269 if (!flags->default_value) return -1;
270
271 if (fr_value_box_from_str(flags->default_value, flags->default_value, (*da_p)->type, NULL,
272 value, strlen(value), NULL) < 0) {
273 fr_strerror_printf("Failed parsing 'value=...' - %s", fr_strerror());
274 return -1;
275 }
276
277 flags->has_default_value = true;
278
279 return 0;
280}
281
282static int dict_flag_der_type(fr_dict_attr_t **da_p, char const *value, UNUSED fr_dict_flag_parser_rule_t const *rules)
283{
284 fr_der_attr_flags_t *flags = fr_dict_attr_ext(*da_p, FR_DICT_ATTR_EXT_PROTOCOL_SPECIFIC);
285 fr_der_tag_t der_type;
286
287 der_type = fr_table_value_by_str(tag_name_to_number, value, FR_DER_TAG_INVALID);
288 if (der_type == FR_DER_TAG_INVALID) {
289 fr_strerror_printf("Unknown type in 'der_type=%s'", value);
290 return -1;
291 }
292
293 /*
294 * The DER type and FreeRADIUS type must be compatible.
295 *
296 * Except for some der_type=integer, such as a
297 * certificate serialNumber. Those are too large for us
298 * to represent in 64 bits, so we just treat them as
299 * 'octets'.
300 */
301 if (!fr_type_to_der_tag_valid((*da_p)->type, der_type) &&
302 (der_type != FR_DER_TAG_INTEGER) && ((*da_p)->type != FR_TYPE_OCTETS)) {
303 fr_strerror_printf("Attribute type %s is not compatible with 'der_type=%s'",
304 fr_type_to_str((*da_p)->type), value);
305 return -1;
306 }
307
308 flags->der_type = der_type;
309
310 return 0;
311}
312
313static int dict_flag_sequence_of(fr_dict_attr_t **da_p, char const *value, UNUSED fr_dict_flag_parser_rule_t const *rules)
314{
315 fr_der_attr_flags_t *flags = fr_dict_attr_ext(*da_p, FR_DICT_ATTR_EXT_PROTOCOL_SPECIFIC);
316 fr_der_tag_t type;
317
318 if (flags->is_set_of) {
319 fr_strerror_const("Cannot be both 'sequence_of=...' and 'set_of=...'");
320 return -1;
321 }
322
323 if (flags->der_type != FR_DER_TAG_SEQUENCE) {
324 fr_strerror_printf("Cannot use 'sequence_of=...' for DER type '%s'", fr_der_tag_to_str(flags->der_type));
325 return -1;
326 }
327
328 if (strcmp(value, "oid_and_value") == 0) {
329 flags->is_oid_and_value = true;
330 flags->is_sequence_of = true;
331 flags->sequence_of = FR_DER_TAG_SEQUENCE;
332 return fr_dict_attr_set_group(da_p);
333 }
334
335 type = fr_table_value_by_str(tag_name_to_number, value, FR_DER_TAG_INVALID);
336 if (type == FR_DER_TAG_INVALID) {
337 fr_strerror_printf("Unknown type in 'sequence_of=%s'", value);
338 return -1;
339 }
340
341 flags->sequence_of = type;
342 flags->is_sequence_of = true;
343
344 return 0;
345}
346
347static int dict_flag_set_of(fr_dict_attr_t **da_p, char const *value, UNUSED fr_dict_flag_parser_rule_t const *rules)
348{
349 fr_der_attr_flags_t *flags = fr_dict_attr_ext(*da_p, FR_DICT_ATTR_EXT_PROTOCOL_SPECIFIC);
350 fr_der_tag_t type;
351
352 if (flags->is_sequence_of) {
353 fr_strerror_const("Cannot be both 'sequence_of=...' and 'set_of=...'");
354 return -1;
355 }
356
357 if (flags->der_type != FR_DER_TAG_SET) {
358 fr_strerror_printf("Cannot use 'set_of=...' for DER type '%s'", fr_der_tag_to_str(flags->der_type));
359 return -1;
360 }
361
362 if (strcmp(value, "oid_and_value") == 0) {
363 flags->is_oid_and_value = true;
364 flags->is_sequence_of = true;
365 flags->sequence_of = FR_DER_TAG_SEQUENCE;
366 return fr_dict_attr_set_group(da_p);
367 }
368
369 type = fr_table_value_by_str(tag_name_to_number, value, FR_DER_TAG_INVALID);
370 if (type == FR_DER_TAG_INVALID) {
371 fr_strerror_printf("Unknown type in 'set_of=%s'", value);
372 return -1;
373 }
374
375 /*
376 * The "choice" can only be used for sequence.
377 */
378 if (type == FR_DER_TAG_CHOICE) {
379 fr_strerror_printf("Invalid type in 'set_of=%s' - 'choice' can only be used for sequences", value);
380 return -1;
381 }
382
383 flags->set_of = type;
384 flags->is_set_of = true;
385
386 return 0;
387}
388
389static int dict_flag_is_extensions(fr_dict_attr_t **da_p, UNUSED char const *value, UNUSED fr_dict_flag_parser_rule_t const *rules)
390{
391 fr_der_attr_flags_t *flags = fr_dict_attr_ext(*da_p, FR_DICT_ATTR_EXT_PROTOCOL_SPECIFIC);
392
393 flags->is_extensions = true;
394
395 return 0;
396}
397
398static int dict_flag_is_oid_leaf(fr_dict_attr_t **da_p, UNUSED char const *value, UNUSED fr_dict_flag_parser_rule_t const *rules)
399{
400 fr_der_attr_flags_t *flags = fr_dict_attr_ext(*da_p, FR_DICT_ATTR_EXT_PROTOCOL_SPECIFIC);
401
402 /*
403 * is_oid_leaf is perhaps better as a property of the _parent_ sequence. It ensures that we only
404 * walk through the sequences children once.
405 */
406 if (fr_der_flag_der_type((*da_p)->parent) != FR_DER_TAG_SEQUENCE) {
407 fr_strerror_printf("Cannot set 'is_oid_leaf' for parent %s of DER type %s",
408 (*da_p)->parent->name, fr_der_tag_to_str(fr_der_flag_der_type((*da_p)->parent)));
409 return -1;
410 }
411
412 flags->is_oid_leaf = true;
413
414 return 0;
415}
416
417/*
418 * size=MIN..MAX
419 */
420static int dict_flag_size(fr_dict_attr_t **da_p, char const *value, UNUSED fr_dict_flag_parser_rule_t const *rules)
421{
422 fr_der_attr_flags_t *flags = fr_dict_attr_ext(*da_p, FR_DICT_ATTR_EXT_PROTOCOL_SPECIFIC);
423 unsigned long num;
424 char const *p = value;
425 char *end = NULL;
426
427 if (fr_type_is_leaf((*da_p)->type) && !fr_type_is_variable_size((*da_p)->type)) {
428 fr_strerror_printf("Cannot use 'size=...' for type '%s'", fr_type_to_str((*da_p)->type));
429 return -1;
430 }
431
432 /*
433 * size=..max
434 */
435 if ((p[0] == '.') && (p[1] == '.')) goto check_max;
436
437 num = strtoul(p, &end, 10);
438 if (num == ULONG_MAX) {
439 invalid:
440 fr_strerror_printf("Invalid value in 'size=%s'", value);
441 return -1;
442 }
443
444 if (num > UINT8_MAX) {
445 fr_strerror_printf("Invalid value in 'size=%s' - 'min' value is too large", value);
446 return -1;
447 }
448
449 /*
450 * size=4
451 *
452 * Fixed size, but not size=0.
453 */
454 if (!*end) {
455 if (!num) goto invalid;
456
457 /*
458 * printablestring size=2
459 *
460 * instead of string[2] der_type=printablestring
461 */
462 if (((*da_p)->type == FR_TYPE_OCTETS) || ((*da_p)->type == FR_TYPE_STRING)) {
463 (*da_p)->flags.is_known_width = !fr_type_is_structural((*da_p)->type);
464 (*da_p)->flags.length = num;
465 return 0;
466 }
467
468 /*
469 * Sets and sequences can have a fixed number of elements.
470 */
471 flags->min = flags->max = num;
472 return 0;
473 }
474
475 if ((end[0] != '.') || (end[1] != '.')) {
476 fr_strerror_printf("Invalid value in 'size=%s' - unexpected data after 'min'", value);
477 return -1;
478 }
479
480 flags->min = num;
481
482 /*
483 * size=1..
484 *
485 * Sets the minimum, but not the maximum.
486 */
487 p = end + 2;
488 if (!*p) return 0;
489
490check_max:
491 num = strtoul(p, &end, 10);
492 if (num == ULONG_MAX) goto invalid;
493
494 if (*end) {
495 fr_strerror_printf("Invalid value in 'size=%s' - unexpected data after 'max'", value);
496 return -1;
497 }
498
499 flags->max = num;
500
501 return 0;
502}
503
504static int dict_flag_max(fr_dict_attr_t **da_p, char const *value, UNUSED fr_dict_flag_parser_rule_t const *rules)
505{
506 fr_der_attr_flags_t *flags = fr_dict_attr_ext(*da_p, FR_DICT_ATTR_EXT_PROTOCOL_SPECIFIC);
507 unsigned long num;
508 char *end = NULL;
509
510 num = strtoul(value, &end, 10);
511 if (*end || !num || (num == ULONG_MAX)) {
512 fr_strerror_printf("Invalid value in 'max=%s'", value);
513 return -1;
514 }
515
516 flags->max = num;
517
518 return 0;
519}
520
521static int dict_flag_option(fr_dict_attr_t **da_p, char const *value, UNUSED fr_dict_flag_parser_rule_t const *rules)
522{
523 fr_der_attr_flags_t *flags;
524 unsigned long num;
525 char *end = NULL;
526
527 /*
528 * Only SET and SEQUENCE can have tagged types.
529 */
530 flags = fr_dict_attr_ext((*da_p)->parent, FR_DICT_ATTR_EXT_PROTOCOL_SPECIFIC);
531 if (!(*da_p)->parent->flags.is_root &&
532 (flags->der_type != FR_DER_TAG_SEQUENCE) && (flags->der_type != FR_DER_TAG_SET)) {
533 fr_strerror_printf("Cannot use 'option' for attribute %s DER type %s - the parent must be 'sequence' or 'set'",
534 (*da_p)->parent->name, fr_der_tag_to_str(flags->der_type));
535 return -1;
536 }
537
538 /*
539 * In the interest of laziness, allow a bare 'option', so
540 * that we don't have to give an attribute number, and
541 * then also duplicate that number in 'option='.
542 */
543 if (!value) {
544 if (!(*da_p)->state.attr_set || (*da_p)->attr > 0x1f) {
545 fr_strerror_printf("Missing value for 'option='");
546 return -1;
547 }
548
549 num = (*da_p)->attr;
550 goto check;
551 }
552
553 /*
554 * ATTRIBUTE can't have 'option='.
555 */
556 if ((*da_p)->state.attr_set) {
557 fr_strerror_printf("Cannot use 'option=%s' for attribute %s, just use 'option'", value, (*da_p)->name);
558 return -1;
559 }
560
561 /*
562 * We limit the allowed options (tag numbers) to ones
563 * which fit into the 5 bits of the first byte. We don't
564 * support continued tags.
565 */
566 num = strtoul(value, &end, 10);
567 if ((num == ULONG_MAX) || *end) {
568 fr_strerror_printf("Invalid value in 'option=%s'", value);
569 return -1;
570 }
571
572check:
573 if (num >= FR_DER_TAG_VALUE_MAX) {
574 fr_strerror_printf("Option value '%lu' is larger than 30", num);
575 return -1;
576 }
577
578 flags = fr_dict_attr_ext(*da_p, FR_DICT_ATTR_EXT_PROTOCOL_SPECIFIC);
579 flags->class = FR_DER_CLASS_CONTEXT;
580 flags->option = num;
581 flags->is_option = true;
582
583 return 0;
584}
585
586static int dict_flag_optional(fr_dict_attr_t **da_p, UNUSED char const *value, UNUSED fr_dict_flag_parser_rule_t const *rules)
587{
588 fr_der_attr_flags_t *flags;
589
590 /*
591 * Only SET and SEQUENCE can have optional elements.
592 */
593 flags = fr_dict_attr_ext((*da_p)->parent, FR_DICT_ATTR_EXT_PROTOCOL_SPECIFIC);
594 if (!(*da_p)->parent->flags.is_root &&
595 (flags->der_type != FR_DER_TAG_SEQUENCE) && (flags->der_type != FR_DER_TAG_SET)) {
596 fr_strerror_printf("Cannot use 'optional' for attribute %s DER type %s - the parent must be 'sequence' or 'set'",
597 (*da_p)->parent->name, fr_der_tag_to_str(flags->der_type));
598 return -1;
599 }
600
601 flags = fr_dict_attr_ext(*da_p, FR_DICT_ATTR_EXT_PROTOCOL_SPECIFIC);
602 flags->optional = true;
603
604 return 0;
605}
606
607static const fr_dict_flag_parser_t der_flags[] = {
608 { L("class"), { .func = dict_flag_class } },
609 { L("default"), { .func = dict_flag_default_value,.needs_value = true } },
610 { L("der_type"), { .func = dict_flag_der_type, .needs_value = true } },
611 { L("is_extensions"), { .func = dict_flag_is_extensions } },
612 { L("is_oid_leaf"), { .func = dict_flag_is_oid_leaf } },
613 { L("max"), { .func = dict_flag_max, .needs_value = true } },
614 { L("option"), { .func = dict_flag_option} },
615 { L("optional"), { .func = dict_flag_optional} },
616 { L("sequence_of"), { .func = dict_flag_sequence_of, .needs_value = true } },
617 { L("set_of"), { .func = dict_flag_set_of, .needs_value = true } },
618 { L("size"), { .func = dict_flag_size, .needs_value=true } },
619};
620
621static bool type_parse(fr_type_t *type_p,fr_dict_attr_t **da_p, char const *name)
622{
623 static const fr_table_num_sorted_t type_table[] = {
624 { L("bitstring"), FR_TYPE_OCTETS },
625// { L("bmpstring"), FR_TYPE_OCTETS },
626 { L("boolean"), FR_TYPE_BOOL },
627 { L("choice"), FR_TYPE_TLV },
628 { L("enumerated"), FR_TYPE_INT64 },
629 { L("generalizedtime"), FR_TYPE_DATE },
630 { L("generalstring"), FR_TYPE_STRING },
631 { L("ia5string"), FR_TYPE_STRING },
632 { L("integer"), FR_TYPE_INT64 },
633 { L("null"), FR_TYPE_BOOL },
634 { L("octetstring"), FR_TYPE_OCTETS },
635 { L("oid"), FR_TYPE_STRING },
636 { L("printablestring"), FR_TYPE_STRING },
637 { L("sequence"), FR_TYPE_TLV },
638 { L("set"), FR_TYPE_TLV },
639 { L("t61string"), FR_TYPE_STRING },
640 { L("universalstring"), FR_TYPE_STRING },
641 { L("utctime"), FR_TYPE_DATE },
642 { L("utf8string"), FR_TYPE_STRING },
643 { L("visiblestring"), FR_TYPE_STRING },
644 { L("x509_extensions"), FR_TYPE_GROUP }
645 };
646 static size_t type_table_len = NUM_ELEMENTS(type_table);
647
648 static const fr_table_num_sorted_t der_tag_table[] = {
649 { L("bitstring"), FR_DER_TAG_BITSTRING },
650// { L("bmpstring"), FR_DER_TAG_BMP_STRING },
651 { L("boolean"), FR_DER_TAG_BOOLEAN },
652 { L("choice"), FR_DER_TAG_SEQUENCE },
653 { L("enumerated"), FR_DER_TAG_ENUMERATED },
654 { L("generalizedtime"), FR_DER_TAG_GENERALIZED_TIME },
655 { L("generalstring"), FR_DER_TAG_GENERAL_STRING },
656 { L("ia5string"), FR_DER_TAG_IA5_STRING },
657 { L("integer"), FR_DER_TAG_INTEGER },
658 { L("null"), FR_DER_TAG_NULL },
659 { L("octetstring"), FR_DER_TAG_OCTETSTRING },
660 { L("oid"), FR_DER_TAG_OID },
661 { L("printablestring"), FR_DER_TAG_PRINTABLE_STRING },
662 { L("sequence"), FR_DER_TAG_SEQUENCE },
663 { L("set"), FR_DER_TAG_SET },
664 { L("t61string"), FR_DER_TAG_T61_STRING },
665 { L("universalstring"), FR_DER_TAG_UNIVERSAL_STRING },
666 { L("utctime"), FR_DER_TAG_UTC_TIME },
667 { L("utf8string"), FR_DER_TAG_UTF8_STRING },
668 { L("visiblestring"), FR_DER_TAG_VISIBLE_STRING },
669 { L("x509_extensions"), FR_DER_TAG_SEQUENCE }
670 };
671 static size_t der_tag_table_len = NUM_ELEMENTS(der_tag_table);
672
673 fr_der_attr_flags_t *flags = fr_dict_attr_ext(*da_p, FR_DICT_ATTR_EXT_PROTOCOL_SPECIFIC);
674 fr_der_tag_t der_type;
675 fr_type_t fr_type;
676
677 /*
678 * To avoid confusion, we want to use the DER names where
679 * possible.
680 *
681 * We only use the FreeRADIUS names where we don't have a
682 * choice. :(
683 */
684 switch (*type_p) {
685 case FR_TYPE_TLV:
686 fr_strerror_const("Cannot use 'tlv' in DER. Please use 'sequence'");
687 return false;
688
689 case FR_TYPE_IFID:
690 case FR_TYPE_COMBO_IP_PREFIX:
691 case FR_TYPE_ETHERNET:
692 case FR_TYPE_FLOAT32:
693 case FR_TYPE_FLOAT64:
694 case FR_TYPE_VSA:
695 case FR_TYPE_VENDOR:
696 case FR_TYPE_VALUE_BOX:
697 case FR_TYPE_VOID:
698 case FR_TYPE_MAX:
699 fr_strerror_printf("Cannot use type '%s' in the DER dictionaries",
700 fr_type_to_str(*type_p));
701 return false;
702
703 /*
704 * We allow integers for now. They may be
705 * internal, or they may be inside of a struct.
706 */
707 default:
708 break;
709 }
710
711 /*
712 * Convert the DER data type to the underlying FreeRADIUS
713 * data type.
714 *
715 * If we don't know anything about the data type then
716 * it's either bad, or a data type which we don't care
717 * about. We set the der_type, and then return to the
718 * caller. It will check *type_p, which is likely
719 * FR_TYPE_NULL, and will print an error.
720 *
721 * "return true" here means "I dunno, you deal with it".
722 */
723 fr_type = fr_table_value_by_str(type_table, name, FR_TYPE_MAX);
724 if (fr_type == FR_TYPE_MAX) {
725 flags->der_type = fr_type_to_der_tag_default(*type_p);
726 return true;
727 }
728
729 /*
730 * Now that we've converted the DER type to the
731 * underlying FreeRADIUS type, we get the corresponding
732 * DER type. This MUST exist, as the two tables MUST
733 * have the same names.
734 *
735 * @todo - arguably they should be in one table....
736 */
737 der_type = fr_table_value_by_str(der_tag_table, name, FR_DER_TAG_INVALID);
738 fr_assert(der_type != FR_DER_TAG_INVALID);
739
740 /*
741 * The der type is set only if there are extra flags seen
742 * and parsed by attr_valid().
743 */
744 fr_assert(flags->der_type == FR_DER_TAG_INVALID);
745
746 /*
747 * Only now do we update the output data type. From here
748 * on in, any validation failure will return 'false', and
749 * not 'true'.
750 */
751 *type_p = fr_type;
752 flags->der_type = der_type;
753
754 /*
755 * If it is a collection of x509 extensions, we will set
756 * a few other flags as per RFC 5280.
757 */
758 if (strcmp(name, "x509_extensions") == 0) {
759 flags->is_extensions = true;
760
761 flags->class = FR_DER_CLASS_CONTEXT;
762 flags->option = 3;
763 flags->is_option = true;
764
765 flags->is_sequence_of = true;
766 flags->sequence_of = FR_DER_TAG_SEQUENCE;
767 }
768
769 /*
770 * If this is a choice, then the children MUST have a limited option.
771 */
772 flags->is_choice = (strcmp(name, "choice") == 0);
773
774 return true;
775}
776
803
808
809static bool attr_valid(fr_dict_attr_t *da)
810{
811 fr_der_attr_flags_t *flags = fr_dict_attr_ext(da, FR_DICT_ATTR_EXT_PROTOCOL_SPECIFIC);
812 fr_der_attr_flags_t *parent;
813
814 /*
815 * sequence_of=oid_and_value has to have a reference to the OID tree.
816 *
817 * Group refs are added as unresolved refs, see dict_flag_ref(), and are resolved later
818 * in dict_fixup_group_apply().
819 *
820 * @todo - have a function called from dict_attr_finalize() ?
821 */
822#if 0
823 if (flags->is_oid_and_value) {
824 fr_dict_attr_t const *ref;
825
826 fr_assert(da->type == FR_TYPE_GROUP);
827
828 if (!fr_dict_attr_ref(da)) {
829 (void) dict_attr_ref_set(da, attr_oid_tree, FR_DICT_ATTR_REF_ALIAS);
830 }
831 }
832#endif
833
834 if (flags->is_choice && unlikely(!fr_type_is_tlv(da->type))) {
835 fr_strerror_printf("Attribute %s of type %s is not allowed represent a collection of choices.",
836 da->name, fr_type_to_str(da->type));
837 return false;
838 }
839
840 /*
841 * The DER encoder / decoder assume that all pairs are FR_TYPE_INT64.
842 *
843 * The "on the wire" DER data has variable-sized encoding for integers,
844 * and drops leading zeros.
845 *
846 * For consistency, we disallow data types which the
847 * encoder/decoder don't handle. Except for data types
848 * in structs, because the struct encoder/decoder takes
849 * care of those.
850 */
851 if (fr_type_is_integer_except_bool(da->type) &&
852 !da->flags.internal &&
853 (da->type != FR_TYPE_INT64) &&
854 (da->type != FR_TYPE_DATE) && (da->type != FR_TYPE_TIME_DELTA) &&
855 (da->parent->type != FR_TYPE_STRUCT)) {
856 fr_strerror_printf("All integers in DER must be 'int64', and not '%s'",
857 fr_type_to_str(da->type));
858 return false;
859 }
860
861 if (flags->is_extensions) {
862 if (da->type != FR_TYPE_GROUP) {
863 fr_strerror_printf("Extensions must be type 'group', and not '%s'",
864 fr_type_to_str(da->type));
865 return false;
866 }
867
868#if 0
869 /*
870 * Group refs are added as unresolved refs, see dict_flag_ref(), and are resolved later
871 * in dict_fixup_group_apply().
872 *
873 * @todo - have a function called from dict_attr_finalize() ?
874 */
875 if (!fr_dict_attr_ref(da)) {
876 fr_strerror_const("Attribute is 'x509_extensions', but is missing 'ref=OID-Tree'");
877 return false;
878 }
879#endif
880
881 /*
882 * Avoid run-time checks.
883 */
884 if (!flags->max) flags->max = UINT64_MAX;
885 }
886
887 /*
888 * Either complain on invalid 'max', or set it to the maximum.
889 */
890 if ((flags->der_type != FR_DER_TAG_SET) && (flags->der_type != FR_DER_TAG_SEQUENCE)) {
891 if (!flags->max) {
892 flags->max = DER_MAX_STR;
893
894 } else if (flags->max > DER_MAX_STR) {
895 fr_strerror_printf("Invalid value of 'max' for DER type '%s'",
896 fr_der_tag_to_str(flags->der_type));
897 return false;
898 }
899 }
900
901 /*
902 * Set the restriction types, which make the run-time decoding a lot easier.
903 */
904 if (flags->is_set_of) {
905 flags->restrictions = (1 << flags->set_of);
906 }
907
908 if (flags->is_sequence_of) {
909 /*
910 * If the sequence isn't a choice, it has to be a sequence of one thing.
911 *
912 * If the sequence is group, then it has to be a sequence of sequences.
913 *
914 * If the sequence is a TLV, then the children will update the restrictions.
915 */
916 if (flags->sequence_of != FR_DER_TAG_CHOICE) {
917 flags->restrictions = (1 << flags->sequence_of);
918
919 } else if (da->type == FR_TYPE_GROUP) {
920#ifndef NDEBUG
921 fr_dict_attr_t const *ref;
922
923 ref = fr_dict_attr_ref(da);
924 if (ref) {
925 fr_assert(fr_der_flag_der_type(ref) == FR_DER_TAG_SEQUENCE);
926 }
927#endif
928
929 /*
930 * A group of choices is really a sequence of sequences. i.e. x509extensions
931 * contain only a sequence, as does sequence_of=oid_and_value.
932 */
933 flags->restrictions = (1 << FR_DER_TAG_SEQUENCE);
934
935 } else {
936 /*
937 * The children will update our restriction types.
938 */
939 fr_assert(da->type == FR_TYPE_TLV);
940 }
941 }
942
943 /*
944 * If the parent is a choice, then the child MUST have a limited set of options / tags.
945 */
946 parent = fr_dict_attr_ext(da->parent, FR_DICT_ATTR_EXT_PROTOCOL_SPECIFIC);
947
948 /*
949 * The attribute was defined with the full OID, and no 'option' flag. Add it manually.
950 */
951 if ((parent->is_choice && !flags->is_option) ||
952 (flags->class == FR_DER_CLASS_PRIVATE) || (flags->class == FR_DER_CLASS_APPLICATION)) {
953 fr_assert(da->attr < FR_DER_TAG_VALUE_MAX);
954
955 if (!flags->class) flags->class = FR_DER_CLASS_CONTEXT;
956 flags->option = da->attr;
957 flags->is_option = true;
958 }
959
960 /*
961 * Can't have duplicates.
962 */
963 if (flags->is_option) {
964 if ((parent->restrictions & (1 << flags->option)) != 0) {
965 fr_strerror_printf("Parent %s already has a child with option %u - duplicates are not allowed",
966 da->parent->name, flags->option);
967 return false;
968 }
969
970 parent->restrictions |= (1 << flags->option);
971
972 } else if (parent->is_sequence_of && (parent->sequence_of == FR_DER_TAG_CHOICE)) {
973 fr_assert(flags->der_type < FR_DER_TAG_VALUE_MAX);
974
975 flags->class = FR_DER_CLASS_CONTEXT;
976// flags->option = flags->der_type;
977
978 if ((parent->restrictions & (1 << flags->der_type)) != 0) {
979 fr_strerror_printf("Parent %s already has a child with tag %s - duplicates are not allowed",
980 da->parent->name, fr_der_tag_to_str(flags->der_type));
981 return false;
982 }
983
984 parent->restrictions |= (1 << flags->der_type);
985
986 } else if (parent->is_sequence_of) {
987 if (flags->der_type != parent->sequence_of) {
988 fr_strerror_printf("Parent %s is a sequence_of=%s - a child cannot be %s",
989 da->parent->name, fr_der_tag_to_str(parent->set_of),
990 fr_der_tag_to_str(flags->der_type));
991 return false;
992 }
993
994 /*
995 * A sequence can sometimes have mixed tags && options.
996 */
997 fr_assert(!flags->is_option);
998
999 } else if (parent->is_set_of) {
1000 if (flags->der_type != parent->set_of) {
1001 fr_strerror_printf("Parent %s is a set_of=%s - a child cannot be %s",
1002 da->parent->name, fr_der_tag_to_str(parent->set_of),
1003 fr_der_tag_to_str(flags->der_type));
1004 return false;
1005 }
1006 }
1007
1008 return true;
1009}
1010
1011extern fr_dict_protocol_t libfreeradius_der_dict_protocol;
1012fr_dict_protocol_t libfreeradius_der_dict_protocol = {
1013 .name = "der",
1014 .default_type_size = 4,
1015 .default_type_length = 4,
1016 .attr = {
1017 .flags = {
1018 .table = der_flags,
1019 .table_len = NUM_ELEMENTS(der_flags),
1020 .len = sizeof(fr_der_attr_flags_t),
1021 },
1022 .type_parse = type_parse,
1023 .valid = attr_valid
1024 },
1025
1026 .init = fr_der_global_init,
1027 .free = fr_der_global_free,
1028
1029 // .decode = fr_der_decode_foreign,
1030 // .encode = fr_der_encode_foreign,
1031};
RCSID
#define RCSID(id)
Definition build.h:485
L
#define L(_str)
Helper for initialising arrays of string literals.
Definition build.h:209
unlikely
#define unlikely(_x)
Definition build.h:383
UNUSED
#define UNUSED
Definition build.h:317
NUM_ELEMENTS
#define NUM_ELEMENTS(_t)
Definition build.h:339
fr_der_tag_t
fr_der_tag_t
Enumeration describing the data types in a DER encoded structure.
Definition der.h:36
FR_DER_TAG_IA5_STRING
@ FR_DER_TAG_IA5_STRING
String of IA5 (7bit) chars.
Definition der.h:50
FR_DER_TAG_SEQUENCE
@ FR_DER_TAG_SEQUENCE
A sequence of DER encoded data (a structure).
Definition der.h:46
FR_DER_TAG_SET
@ FR_DER_TAG_SET
A set of DER encoded data (a structure).
Definition der.h:47
FR_DER_TAG_BMP_STRING
@ FR_DER_TAG_BMP_STRING
String of BMP chars.
Definition der.h:56
FR_DER_TAG_INTEGER
@ FR_DER_TAG_INTEGER
Arbitrary width signed integer.
Definition der.h:39
FR_DER_TAG_BOOLEAN
@ FR_DER_TAG_BOOLEAN
Boolean true/false.
Definition der.h:38
FR_DER_TAG_CHOICE
@ FR_DER_TAG_CHOICE
A choice of types. Techically not a DER tag, but used to represent a choice.
Definition der.h:58
FR_DER_TAG_UTF8_STRING
@ FR_DER_TAG_UTF8_STRING
String of UTF8 chars.
Definition der.h:45
FR_DER_TAG_UTC_TIME
@ FR_DER_TAG_UTC_TIME
A time in UTC "YYMMDDhhmmssZ" format.
Definition der.h:51
FR_DER_TAG_GENERALIZED_TIME
@ FR_DER_TAG_GENERALIZED_TIME
A time in "YYYYMMDDHHMMSS[.fff]Z" format.
Definition der.h:52
FR_DER_TAG_INVALID
@ FR_DER_TAG_INVALID
Invalid tag.
Definition der.h:37
FR_DER_TAG_NULL
@ FR_DER_TAG_NULL
An empty value.
Definition der.h:42
FR_DER_TAG_OCTETSTRING
@ FR_DER_TAG_OCTETSTRING
String of octets (length field specifies bytes).
Definition der.h:41
FR_DER_TAG_VISIBLE_STRING
@ FR_DER_TAG_VISIBLE_STRING
String of visible chars.
Definition der.h:53
FR_DER_TAG_BITSTRING
@ FR_DER_TAG_BITSTRING
String of bits (length field specifies bits).
Definition der.h:40
FR_DER_TAG_T61_STRING
@ FR_DER_TAG_T61_STRING
String of T61 (8bit) chars.
Definition der.h:49
FR_DER_TAG_ENUMERATED
@ FR_DER_TAG_ENUMERATED
An enumerated value.
Definition der.h:44
FR_DER_TAG_UNIVERSAL_STRING
@ FR_DER_TAG_UNIVERSAL_STRING
String of universal chars.
Definition der.h:55
FR_DER_TAG_PRINTABLE_STRING
@ FR_DER_TAG_PRINTABLE_STRING
String of printable chars.
Definition der.h:48
FR_DER_TAG_GENERAL_STRING
@ FR_DER_TAG_GENERAL_STRING
String of general chars.
Definition der.h:54
FR_DER_TAG_OID
@ FR_DER_TAG_OID
Reference to an OID based attribute.
Definition der.h:43
FR_DER_TAG_MAX
@ FR_DER_TAG_MAX
Definition der.h:60
fr_der_attr_flags_t::optional
bool optional
optional, we MUST already have set 'option'
Definition der.h:108
fr_der_attr_flags_t::is_extensions
bool is_extensions
a list of X.509 extensions
Definition der.h:112
fr_der_flag_der_type
#define fr_der_flag_der_type(_da)
Definition der.h:127
fr_der_attr_flags_t::der_type
fr_der_tag_t der_type
the DER type, which is different from the FreeRADIUS type
Definition der.h:97
fr_der_attr_flags_t::is_option
bool is_option
has an option defined
Definition der.h:107
fr_der_attr_flags_t::is_sequence_of
bool is_sequence_of
sequence_of has been defined
Definition der.h:109
fr_der_attr_flags_t::is_set_of
bool is_set_of
set_of has been defined
Definition der.h:110
fr_der_attr_flags_t::restrictions
uint32_t restrictions
for choice of options and tags - no dups allowed
Definition der.h:104
DER_MAX_STR
#define DER_MAX_STR
Definition der.h:78
fr_der_attr_flags_t::min
uint8_t min
mininum count
Definition der.h:105
fr_der_attr_flags_t::is_oid_and_value
bool is_oid_and_value
is OID+value
Definition der.h:111
fr_der_attr_flags_t::is_choice
bool is_choice
DER name "choice".
Definition der.h:115
FR_DER_TAG_VALUE_MAX
#define FR_DER_TAG_VALUE_MAX
tags >=max can't exist
Definition der.h:63
fr_der_attr_flags_t::option
uint8_t option
an "attribute number" encoded in the tag field.
Definition der.h:106
fr_der_attr_flags_t::has_default_value
bool has_default_value
a default value exists
Definition der.h:113
fr_der_attr_flags_t::class
fr_der_tag_class_t class
tag Class
Definition der.h:96
fr_der_attr_flags_t::max
uint64_t max
maximum count of items in a sequence, set, or string.
Definition der.h:103
fr_der_tag_class_t
fr_der_tag_class_t
Definition der.h:70
FR_DER_CLASS_APPLICATION
@ FR_DER_CLASS_APPLICATION
Definition der.h:72
FR_DER_CLASS_CONTEXT
@ FR_DER_CLASS_CONTEXT
Definition der.h:73
FR_DER_CLASS_INVALID
@ FR_DER_CLASS_INVALID
Definition der.h:75
FR_DER_CLASS_PRIVATE
@ FR_DER_CLASS_PRIVATE
Definition der.h:74
fr_der_attr_flags_t
Definition der.h:95
fr_dict_unconst
fr_dict_t * fr_dict_unconst(fr_dict_t const *dict)
Coerce to non-const.
Definition dict_util.c:4592
fr_dict_autofree
#define fr_dict_autofree(_to_free)
Definition dict.h:860
fr_dict_attr_set_group
int fr_dict_attr_set_group(fr_dict_attr_t **da_p)
Definition dict_util.c:4976
fr_dict_autoload_t::out
fr_dict_t const ** out
Where to write a pointer to the loaded/resolved fr_dict_t.
Definition dict.h:285
fr_dict_attr_autoload
int fr_dict_attr_autoload(fr_dict_attr_autoload_t const *to_load)
Process a dict_attr_autoload element to load/verify a dictionary attribute.
Definition dict_util.c:4097
FR_DICT_ATTR_EXT_PROTOCOL_SPECIFIC
@ FR_DICT_ATTR_EXT_PROTOCOL_SPECIFIC
Protocol specific extensions.
Definition dict.h:175
fr_dict_autoload
#define fr_dict_autoload(_to_load)
Definition dict.h:857
fr_dict_protocol_t::name
char const * name
name of this protocol
Definition dict.h:433
fr_dict_attr_autoload_t
Specifies an attribute which must be present for the module to function.
Definition dict.h:271
fr_dict_autoload_t
Specifies a dictionary which must be loaded/loadable for the module to function.
Definition dict.h:284
fr_dict_flag_parser_rule_s
Definition dict.h:371
fr_dict_flag_parser_t
Protocol specific custom flag definitnion.
Definition dict.h:402
fr_dict_protocol_t
Protocol-specific callbacks in libfreeradius-PROTOCOL.
Definition dict.h:432
fr_dict_attr_ext
static void * fr_dict_attr_ext(fr_dict_attr_t const *da, fr_dict_attr_ext_t ext)
Definition dict_ext.h:140
fr_dict_attr_ref
static fr_dict_attr_t const * fr_dict_attr_ref(fr_dict_attr_t const *da)
Return the reference associated with a group type attribute.
Definition dict_ext.h:184
FR_DICT_ATTR_REF_ALIAS
@ FR_DICT_ATTR_REF_ALIAS
The attribute is an alias for another attribute.
Definition dict_ext.h:60
dict_attr_ref_set
static int dict_attr_ref_set(fr_dict_attr_t const *da, fr_dict_attr_t const *ref, fr_dict_attr_ref_type_t type)
Definition dict_ext_priv.h:169
value
Test enumeration values.
Definition dict_test.h:92
instance_count
static uint32_t instance_count
Definition base.c:44
fr_type_t
fr_type_t
Definition merged_model.c:80
FR_TYPE_TIME_DELTA
@ FR_TYPE_TIME_DELTA
A period of time measured in nanoseconds.
Definition merged_model.c:113
FR_TYPE_FLOAT32
@ FR_TYPE_FLOAT32
Single precision floating point.
Definition merged_model.c:108
FR_TYPE_IPV4_ADDR
@ FR_TYPE_IPV4_ADDR
32 Bit IPv4 Address.
Definition merged_model.c:86
FR_TYPE_INT8
@ FR_TYPE_INT8
8 Bit signed integer.
Definition merged_model.c:103
FR_TYPE_TLV
@ FR_TYPE_TLV
Contains nested attributes.
Definition merged_model.c:118
FR_TYPE_ETHERNET
@ FR_TYPE_ETHERNET
48 Bit Mac-Address.
Definition merged_model.c:93
FR_TYPE_IPV6_PREFIX
@ FR_TYPE_IPV6_PREFIX
IPv6 Prefix.
Definition merged_model.c:89
FR_TYPE_STRING
@ FR_TYPE_STRING
String of printable characters.
Definition merged_model.c:83
FR_TYPE_MAX
@ FR_TYPE_MAX
Number of defined data types.
Definition merged_model.c:130
FR_TYPE_UINT16
@ FR_TYPE_UINT16
16 Bit unsigned integer.
Definition merged_model.c:98
FR_TYPE_INT64
@ FR_TYPE_INT64
64 Bit signed integer.
Definition merged_model.c:106
FR_TYPE_INT16
@ FR_TYPE_INT16
16 Bit signed integer.
Definition merged_model.c:104
FR_TYPE_DATE
@ FR_TYPE_DATE
Unix time stamp, always has value >2^31.
Definition merged_model.c:111
FR_TYPE_COMBO_IP_PREFIX
@ FR_TYPE_COMBO_IP_PREFIX
IPv4 or IPv6 address prefix depending on length.
Definition merged_model.c:92
FR_TYPE_VALUE_BOX
@ FR_TYPE_VALUE_BOX
A boxed value.
Definition merged_model.c:125
FR_TYPE_UINT8
@ FR_TYPE_UINT8
8 Bit unsigned integer.
Definition merged_model.c:97
FR_TYPE_UINT32
@ FR_TYPE_UINT32
32 Bit unsigned integer.
Definition merged_model.c:99
FR_TYPE_STRUCT
@ FR_TYPE_STRUCT
like TLV, but without T or L, and fixed-width children
Definition merged_model.c:119
FR_TYPE_INT32
@ FR_TYPE_INT32
32 Bit signed integer.
Definition merged_model.c:105
FR_TYPE_VENDOR
@ FR_TYPE_VENDOR
Attribute that represents a vendor in the attribute tree.
Definition merged_model.c:122
FR_TYPE_UINT64
@ FR_TYPE_UINT64
64 Bit unsigned integer.
Definition merged_model.c:100
FR_TYPE_IPV6_ADDR
@ FR_TYPE_IPV6_ADDR
128 Bit IPv6 Address.
Definition merged_model.c:88
FR_TYPE_IPV4_PREFIX
@ FR_TYPE_IPV4_PREFIX
IPv4 Prefix.
Definition merged_model.c:87
FR_TYPE_VOID
@ FR_TYPE_VOID
User data.
Definition merged_model.c:127
FR_TYPE_BOOL
@ FR_TYPE_BOOL
A truth value.
Definition merged_model.c:95
FR_TYPE_VSA
@ FR_TYPE_VSA
Vendor-Specific, for RADIUS attribute 26.
Definition merged_model.c:121
FR_TYPE_COMBO_IP_ADDR
@ FR_TYPE_COMBO_IP_ADDR
IPv4 or IPv6 address depending on length.
Definition merged_model.c:91
FR_TYPE_IFID
@ FR_TYPE_IFID
Interface ID.
Definition merged_model.c:90
FR_TYPE_OCTETS
@ FR_TYPE_OCTETS
Raw octets.
Definition merged_model.c:84
FR_TYPE_GROUP
@ FR_TYPE_GROUP
A grouping of other attributes.
Definition merged_model.c:124
FR_TYPE_FLOAT64
@ FR_TYPE_FLOAT64
Double precision floating point.
Definition merged_model.c:109
uint32_t
unsigned int uint32_t
Definition merged_model.c:33
UINT8_MAX
#define UINT8_MAX
Definition merged_model.c:32
fr_dict_attr_t
Definition merged_model.c:133
fr_dict_t
Definition merged_model.c:198
check
#define check(_handle, _len_p)
Definition bio.c:44
dict_flag_is_oid_leaf
static int dict_flag_is_oid_leaf(fr_dict_attr_t **da_p, UNUSED char const *value, UNUSED fr_dict_flag_parser_rule_t const *rules)
Definition base.c:398
dict_flag_optional
static int dict_flag_optional(fr_dict_attr_t **da_p, UNUSED char const *value, UNUSED fr_dict_flag_parser_rule_t const *rules)
Definition base.c:586
fr_der_tags_compatible
bool fr_der_tags_compatible(fr_der_tag_t tag1, fr_der_tag_t tag2)
Definition base.c:98
ALL_STRINGS
#define ALL_STRINGS
Definition base.c:80
fr_der_global_free
void fr_der_global_free(void)
Definition base.c:203
der_tags_compatible
static const uint64_t der_tags_compatible[FR_DER_TAG_MAX]
Definition base.c:85
der_flags
static const fr_dict_flag_parser_t der_flags[]
Definition base.c:607
dict_flag_der_type
static int dict_flag_der_type(fr_dict_attr_t **da_p, char const *value, UNUSED fr_dict_flag_parser_rule_t const *rules)
Definition base.c:282
dict_flag_max
static int dict_flag_max(fr_dict_attr_t **da_p, char const *value, UNUSED fr_dict_flag_parser_rule_t const *rules)
Definition base.c:504
fr_type_to_der_tag_defaults
static const fr_der_tag_t fr_type_to_der_tag_defaults[FR_TYPE_MAX+1]
Definition base.c:777
dict_flag_sequence_of
static int dict_flag_sequence_of(fr_dict_attr_t **da_p, char const *value, UNUSED fr_dict_flag_parser_rule_t const *rules)
Definition base.c:313
dict_flag_default_value
static int dict_flag_default_value(fr_dict_attr_t **da_p, char const *value, UNUSED fr_dict_flag_parser_rule_t const *rules)
Definition base.c:254
fr_der_global_init
int fr_der_global_init(void)
Definition base.c:180
dict_flag_class
static int dict_flag_class(fr_dict_attr_t **da_p, char const *value, UNUSED fr_dict_flag_parser_rule_t const *rules)
Definition base.c:213
libfreeradius_der_dict_protocol
fr_dict_protocol_t libfreeradius_der_dict_protocol
Definition base.c:1012
fr_type_to_der_tag_valid
bool fr_type_to_der_tag_valid(fr_type_t type, fr_der_tag_t tag)
Definition base.c:172
type_parse
static bool type_parse(fr_type_t *type_p, fr_dict_attr_t **da_p, char const *name)
Definition base.c:621
dict_flag_set_of
static int dict_flag_set_of(fr_dict_attr_t **da_p, char const *value, UNUSED fr_dict_flag_parser_rule_t const *rules)
Definition base.c:347
libfreeradius_der_dict_attr
fr_dict_attr_autoload_t libfreeradius_der_dict_attr[]
Definition base.c:45
dict_flag_is_extensions
static int dict_flag_is_extensions(fr_dict_attr_t **da_p, UNUSED char const *value, UNUSED fr_dict_flag_parser_rule_t const *rules)
Definition base.c:389
fr_type_to_der_tag_default
fr_der_tag_t fr_type_to_der_tag_default(fr_type_t type)
Definition base.c:804
fr_der_tag_to_str
char const * fr_der_tag_to_str(fr_der_tag_t tag)
Definition base.c:75
dict_flag_option
static int dict_flag_option(fr_dict_attr_t **da_p, char const *value, UNUSED fr_dict_flag_parser_rule_t const *rules)
Definition base.c:521
libfreeradius_der_dict
fr_dict_autoload_t libfreeradius_der_dict[]
Definition base.c:42
tag_name_to_number_len
static size_t tag_name_to_number_len
Definition base.c:72
fr_type_to_der_tags
static const bool * fr_type_to_der_tags[FR_DER_TAG_MAX]
Definition base.c:106
dict_der
fr_dict_t const * dict_der
Definition base.c:38
tag_name_to_number
static fr_table_num_sorted_t const tag_name_to_number[]
Definition base.c:50
dict_flag_size
static int dict_flag_size(fr_dict_attr_t **da_p, char const *value, UNUSED fr_dict_flag_parser_rule_t const *rules)
Definition base.c:420
attr_valid
static bool attr_valid(fr_dict_attr_t *da)
Definition base.c:443
fr_assert
#define fr_assert(_expr)
Definition rad_assert.h:38
name
static char const * name
Definition rlm_redis_ippool_tool.c:156
type
fr_aka_sim_id_type_t type
Definition state_machine.c:3623
fr_table_value_by_str
#define fr_table_value_by_str(_table, _name, _def)
Convert a string to a value using a sorted or ordered table.
Definition table.h:653
fr_table_str_by_value
#define fr_table_str_by_value(_table, _number, _def)
Convert an integer to a string.
Definition table.h:772
fr_table_num_sorted_t
An element in a lexicographically sorted array of name to num mappings.
Definition table.h:49
parent
static fr_slen_t parent
Definition pair.h:845
fr_strerror
char const * fr_strerror(void)
Get the last library error.
Definition strerror.c:554
fr_strerror_printf
#define fr_strerror_printf(_fmt,...)
Log to thread local error buffer.
Definition strerror.h:64
fr_strerror_const
#define fr_strerror_const(_msg)
Definition strerror.h:223
fr_type_is_variable_size
#define fr_type_is_variable_size(_x)
Definition types.h:367
fr_type_is_structural
#define fr_type_is_structural(_x)
Definition types.h:371
fr_type_is_integer_except_bool
#define fr_type_is_integer_except_bool(_x)
Definition types.h:359
fr_type_is_tlv
#define fr_type_is_tlv(_x)
Definition types.h:351
fr_type_is_leaf
#define fr_type_is_leaf(_x)
Definition types.h:372
fr_type_to_str
static char const * fr_type_to_str(fr_type_t type)
Return a static string containing the type name.
Definition types.h:433
fr_value_box_from_str
ssize_t fr_value_box_from_str(TALLOC_CTX *ctx, fr_value_box_t *dst, fr_type_t dst_type, fr_dict_attr_t const *dst_enumv, char const *in, size_t inlen, fr_sbuff_unescape_rules_t const *erules)
Definition value.c:5246
fr_value_box_alloc
#define fr_value_box_alloc(_ctx, _type, _enumv)
Allocate a value box of a specific type.
Definition value.h:632
Generated by   doxygen 1.9.8