The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
rest.c
Go to the documentation of this file.
1/*
2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or
5 * (at your option) any later version.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17/**
18 * $Id: ea6fcb5c5206500ba14d4d4e3ea6768804e4dffd $
19 *
20 * @brief Functions and datatypes for the REST (HTTP) transport.
21 * @file rest.c
22 *
23 * @copyright 2012-2021 Arran Cudbard-Bell (a.cudbardb@freeradius.org)
24 */
25RCSID("$Id: ea6fcb5c5206500ba14d4d4e3ea6768804e4dffd $")
26
27#define LOG_PREFIX mctx->mi->name
28
29#include <ctype.h>
30#include <string.h>
31#include <time.h>
32
33#include <freeradius-devel/server/base.h>
34#include <freeradius-devel/server/log.h>
35#include <freeradius-devel/server/pool.h>
36#include <freeradius-devel/server/tmpl.h>
37#include <freeradius-devel/unlang/call.h>
38#include <freeradius-devel/util/skip.h>
39#include <freeradius-devel/util/value.h>
40
41#include <talloc.h>
42
43#include "rest.h"
44
45/** Table of encoder/decoder support.
46 *
47 * Indexes in this table match the http_body_type_t enum, and should be
48 * updated if additional enum values are added.
49 *
50 * @see http_body_type_t
51 */
53 REST_HTTP_BODY_UNKNOWN, // REST_HTTP_BODY_UNKNOWN
54 REST_HTTP_BODY_UNSUPPORTED, // REST_HTTP_BODY_UNSUPPORTED
55 REST_HTTP_BODY_UNSUPPORTED, // REST_HTTP_BODY_UNAVAILABLE
56 REST_HTTP_BODY_UNSUPPORTED, // REST_HTTP_BODY_INVALID
57 REST_HTTP_BODY_NONE, // REST_HTTP_BODY_NONE
58 REST_HTTP_BODY_CUSTOM, // REST_HTTP_BODY_CUSTOM
59 REST_HTTP_BODY_POST, // REST_HTTP_BODY_POST
60#ifdef HAVE_JSON
61 REST_HTTP_BODY_JSON, // REST_HTTP_BODY_JSON
62#else
64#endif
65 REST_HTTP_BODY_UNSUPPORTED, // REST_HTTP_BODY_XML
66 REST_HTTP_BODY_UNSUPPORTED, // REST_HTTP_BODY_YAML
67 REST_HTTP_BODY_INVALID, // REST_HTTP_BODY_HTML
68 REST_HTTP_BODY_PLAIN, // REST_HTTP_BODY_PLAIN
69 REST_HTTP_BODY_PLAIN // REST_HTTP_BODY_CRL
70};
71
72/*
73 * Lib CURL doesn't define symbols for unsupported auth methods
74 */
75#ifndef CURLOPT_TLSAUTH_SRP
76# define CURLOPT_TLSAUTH_SRP 0
77#endif
78#ifndef CURLAUTH_BASIC
79# define CURLAUTH_BASIC 0
80#endif
81#ifndef CURLAUTH_DIGEST
82# define CURLAUTH_DIGEST 0
83#endif
84#ifndef CURLAUTH_DIGEST_IE
85# define CURLAUTH_DIGEST_IE 0
86#endif
87#ifndef CURLAUTH_GSSNEGOTIATE
88# define CURLAUTH_GSSNEGOTIATE 0
89#endif
90#ifndef CURLAUTH_NTLM
91# define CURLAUTH_NTLM 0
92#endif
93#ifndef CURLAUTH_NTLM_WB
94# define CURLAUTH_NTLM_WB 0
95#endif
96
97/*
98 * CURL headers do:
99 *
100 * #define curl_easy_setopt(handle,opt,param) curl_easy_setopt(handle,opt,param)
101 */
115
116/** Conversion table for method config values.
117 *
118 * HTTP verb strings for http_method_t enum values. Used by libcurl in the
119 * status line of the outgoing HTTP header, by rest_response_header for decoding
120 * incoming HTTP responses, and by the configuration parser.
121 *
122 * @note must be kept in sync with http_method_t enum.
123 *
124 * @see http_method_t
125 * @see fr_table_value_by_str
126 * @see fr_table_str_by_value
127 */
129 { L("DELETE"), REST_HTTP_METHOD_DELETE },
130 { L("GET"), REST_HTTP_METHOD_GET },
131 { L("PATCH"), REST_HTTP_METHOD_PATCH },
132 { L("POST"), REST_HTTP_METHOD_POST },
133 { L("PUT"), REST_HTTP_METHOD_PUT },
134 { L("UNKNOWN"), REST_HTTP_METHOD_UNKNOWN }
135};
137
138/** Conversion table for type config values.
139 *
140 * Textual names for http_body_type_t enum values, used by the
141 * configuration parser.
142 *
143 * @see http_body_Type_t
144 * @see fr_table_value_by_str
145 * @see fr_table_str_by_value
146 */
148 { L("crl"), REST_HTTP_BODY_CRL },
149 { L("html"), REST_HTTP_BODY_HTML },
150 { L("invalid"), REST_HTTP_BODY_INVALID },
151 { L("json"), REST_HTTP_BODY_JSON },
152 { L("none"), REST_HTTP_BODY_NONE },
153 { L("plain"), REST_HTTP_BODY_PLAIN },
154 { L("post"), REST_HTTP_BODY_POST },
155 { L("unavailable"), REST_HTTP_BODY_UNAVAILABLE },
156 { L("unknown"), REST_HTTP_BODY_UNKNOWN },
157 { L("unsupported"), REST_HTTP_BODY_UNSUPPORTED },
158 { L("xml"), REST_HTTP_BODY_XML },
159 { L("yaml"), REST_HTTP_BODY_YAML }
160};
162
164 { L("any"), REST_HTTP_AUTH_ANY },
165 { L("basic"), REST_HTTP_AUTH_BASIC },
166 { L("digest"), REST_HTTP_AUTH_DIGEST },
167 { L("digest-ie"), REST_HTTP_AUTH_DIGEST_IE },
168 { L("gss-negotiate"), REST_HTTP_AUTH_GSSNEGOTIATE },
169 { L("none"), REST_HTTP_AUTH_NONE },
170 { L("ntlm"), REST_HTTP_AUTH_NTLM },
171 { L("ntlm-winbind"), REST_HTTP_AUTH_NTLM_WB },
172 { L("safe"), REST_HTTP_AUTH_ANY_SAFE },
173 { L("srp"), REST_HTTP_AUTH_TLS_SRP }
174};
176
177/** Conversion table for "Content-Type" header values.
178 *
179 * Used by rest_response_header for parsing incoming headers.
180 *
181 * Values we expect to see in the 'Content-Type:' header of the incoming
182 * response.
183 *
184 * Some data types (like YAML) do no have standard MIME types defined,
185 * so multiple types, are listed here.
186 *
187 * @see http_body_Type_t
188 * @see fr_table_value_by_str
189 * @see fr_table_str_by_value
190 */
192 { L("application/json"), REST_HTTP_BODY_JSON },
193 { L("application/x-pkcs7-crl"), REST_HTTP_BODY_CRL },
194 { L("application/x-www-form-urlencoded"), REST_HTTP_BODY_POST },
195 { L("application/x-yaml"), REST_HTTP_BODY_YAML },
196 { L("application/yaml"), REST_HTTP_BODY_YAML },
197 { L("text/html"), REST_HTTP_BODY_HTML },
198 { L("text/plain"), REST_HTTP_BODY_PLAIN },
199 { L("text/x-yaml"), REST_HTTP_BODY_YAML },
200 { L("text/xml"), REST_HTTP_BODY_XML },
201 { L("text/yaml"), REST_HTTP_BODY_YAML }
202};
204
205/*
206 * Encoder specific structures.
207 * @todo split encoders/decoders into submodules.
208 */
209typedef struct {
210 char const *start; //!< Start of the buffer.
211 char const *p; //!< how much text we've sent so far.
212 size_t len; //!< Length of data
214
215#ifdef HAVE_JSON
216/** Flags to control the conversion of JSON values to fr_pair_ts.
217 *
218 * These fields are set when parsing the expanded format for value pairs in
219 * JSON, and control how json_pair_alloc_leaf and json_pair_alloc convert the JSON
220 * value, and move the new fr_pair_t into an attribute list.
221 *
222 * @see json_pair_alloc
223 * @see json_pair_alloc_leaf
224 */
225typedef struct {
226 int do_xlat; //!< If true value will be expanded with xlat.
227 int is_json; //!< If true value will be inserted as raw JSON
228 // (multiple values not supported).
229 fr_token_t op; //!< The operator that determines how the new VP
230 // is processed. @see fr_tokens_table
232#endif
233
234/** Frees a libcurl handle, and any additional memory used by context data.
235 *
236 * @param[in] randle fr_curl_io_request_t to close and free.
237 * @return returns true.
238 */
240{
241 curl_easy_cleanup(randle->candle);
242
243 return 0;
244}
245
246/** Creates a new connection handle for use by the FR connection API.
247 *
248 * Matches the fr_pool_connection_create_t function prototype, is passed to
249 * fr_pool_init, and called when a new connection is required by the
250 * connection pool API.
251 *
252 * Creates an instances of fr_curl_io_request_t, and rlm_rest_curl_context_t
253 * which hold the context data required for generating requests and parsing
254 * responses.
255 *
256 * @see fr_pool_init
257 * @see fr_pool_connection_create_t
258 * @see connection.c
259 */
260void *rest_mod_conn_create(TALLOC_CTX *ctx, void *instance, UNUSED fr_time_delta_t timeout)
261{
263
264 fr_curl_io_request_t *randle = NULL;
265 rlm_rest_curl_context_t *curl_ctx = NULL;
266
267 /*
268 * Allocate memory for the connection handle abstraction.
269 */
270 randle = fr_curl_io_request_alloc(ctx);
271 if (!randle) return NULL;
272
273 MEM(curl_ctx = talloc_zero(randle, rlm_rest_curl_context_t));
274
275 curl_ctx->headers = NULL; /* CURL needs this to be NULL */
276 curl_ctx->request.instance = inst;
277 curl_ctx->response.instance = inst;
278
279 randle->uctx = curl_ctx;
280 talloc_set_destructor(randle, _mod_conn_free);
281
282 return randle;
283}
284
285/** Copies a pre-expanded xlat string to the output buffer
286 *
287 * @param[out] out Char buffer to write encoded data to.
288 * @param[in] size Multiply by nmemb to get the length of ptr.
289 * @param[in] nmemb Multiply by size to get the length of ptr.
290 * @param[in] userdata rlm_rest_request_t to keep encoding state between calls.
291 * @return
292 * - Length of data (including NULL) written to ptr.
293 * - 0 if no more data to write.
294 */
295static size_t rest_encode_custom(void *out, size_t size, size_t nmemb, void *userdata)
296{
297 rlm_rest_request_t *ctx = userdata;
299
300 size_t freespace = (size * nmemb) - 1;
301 size_t len;
302 size_t to_copy;
303
304 /*
305 * Special case for empty body
306 */
307 if (data->len == 0) return 0;
308
309 /*
310 * If len > 0 then we must have these set.
311 */
312 fr_assert(data->start);
313 fr_assert(data->p);
314
315 to_copy = data->len - (data->p - data->start);
316 len = to_copy > freespace ? freespace : to_copy;
317 if (len == 0) return 0;
318
319 memcpy(out, data->p, len);
320 data->p += len;
321
322 return len;
323}
324
325/** Encodes fr_pair_t linked list in POST format
326 *
327 * This is a stream function matching the rest_read_t prototype. Multiple
328 * successive calls will return additional encoded fr_pair_ts.
329 * Only complete attribute headers @verbatim '<name>=' @endverbatim and values
330 * will be written to the ptr buffer.
331 *
332 * POST request format is:
333 * @verbatim <attribute0>=<value0>&<attribute1>=<value1>&<attributeN>=<valueN>@endverbatim
334 *
335 * All attributes and values are url encoded. There is currently no support for
336 * nested attributes, or attribute qualifiers.
337 *
338 * Nested attributes may be added in the future using
339 * @verbatim <attribute-outer>:<attribute-inner>@endverbatim
340 * to denotate nesting.
341 *
342 * Requires libcurl for url encoding.
343 *
344 * @see rest_decode_post
345 *
346 * @param[out] out Char buffer to write encoded data to.
347 * @param[in] size Multiply by nmemb to get the length of ptr.
348 * @param[in] nmemb Multiply by size to get the length of ptr.
349 * @param[in] userdata rlm_rest_request_t to keep encoding state between calls.
350 * @return
351 * - Length of data (including NULL) written to ptr.
352 * - 0 if no more data to write.
353 */
354static size_t rest_encode_post(void *out, size_t size, size_t nmemb, void *userdata)
355{
356 rlm_rest_request_t *ctx = userdata;
357 request_t *request = ctx->request; /* Used by RDEBUG */
358 fr_pair_t *vp;
359
360 size_t len = 0;
361 ssize_t slen;
362 size_t freespace = (size * nmemb) - 1;
363
364 char *p = out; /* Position in buffer */
365 char *encoded = p; /* Position in buffer of last fully encoded attribute or value */
366 char *escaped; /* Pointer to current URL escaped data */
367
368 /* Allow manual chunking */
369 if ((ctx->chunk) && (ctx->chunk <= freespace)) freespace = (ctx->chunk - 1);
370
371 if (ctx->state == READ_STATE_END) return 0;
372
373 /* Post data requires no headers */
375
376 while (freespace > 0) {
378 if (!vp) {
379 ctx->state = READ_STATE_END;
380
381 break;
382 }
383
384 RDEBUG2("Encoding attribute \"%s\"", vp->da->name);
385
386 if (ctx->state == READ_STATE_ATTR_BEGIN) {
387 escaped = curl_escape(vp->da->name, 0);
388 if (!escaped) {
389 REDEBUG("Failed escaping string \"%s\"", vp->da->name);
390 return 0;
391 }
392
393 len = strlen(escaped);
394 if (freespace < (1 + len)) {
395 curl_free(escaped);
396 /*
397 * Cleanup for error conditions
398 */
399 no_space:
400 *encoded = '\0';
401
402 len = encoded - (char *)out;
403
404 RDEBUG3("POST Data: %pV", fr_box_strvalue_len(out, len));
405
406 /*
407 * The buffer wasn't big enough to encode a single attribute chunk.
408 */
409 if (len == 0) {
410 REDEBUG("Failed encoding attribute");
411 } else {
412 RDEBUG3("Returning %zd bytes of POST data "
413 "(buffer full or chunk exceeded)", len);
414 }
415
416 return len;
417 }
418
419 len = snprintf(p, freespace, "%s=", escaped);
420 curl_free(escaped);
421 p += len;
422 freespace -= len;
423
424 /*
425 * We wrote the attribute header, record progress.
426 */
427 encoded = p;
429 }
430
431 /*
432 * Write out single attribute string.
433 */
434 slen = fr_pair_print_value_quoted(&FR_SBUFF_OUT(p, freespace), vp, T_BARE_WORD);
435 if (slen < 0) return 0;
436
437 RINDENT();
438 RDEBUG3("Length : %zd", (size_t)slen);
439 REXDENT();
440 if (slen > 0) {
441 escaped = curl_escape(p, (size_t)slen);
442 if (!escaped) {
443 REDEBUG("Failed escaping string \"%s\"", vp->da->name);
444 return 0;
445 }
446 len = strlen(escaped);
447
448 if (freespace < len) {
449 curl_free(escaped);
450 goto no_space;
451 }
452
453 len = strlcpy(p, escaped, len + 1);
454
455 curl_free(escaped);
456
457 RINDENT();
458 RDEBUG3("Value : %s", p);
459 REXDENT();
460
461 p += len;
462 freespace -= len;
463 }
464
465 /*
466 * there are more attributes, insert a separator
467 */
468 if (fr_dcursor_next(&ctx->cursor)) {
469 if (freespace < 1) goto no_space;
470 *p++ = '&';
471 freespace--;
472 }
473
474 /*
475 * We wrote one full attribute value pair, record progress.
476 */
477 encoded = p;
478
480 }
481
482 *p = '\0';
483
484 len = p - (char *)out;
485
486 RDEBUG3("POST Data: %s", (char *)out);
487 RDEBUG3("Returning %zd bytes of POST data", len);
488
489 return len;
490}
491
492#ifdef HAVE_JSON
493/** Encodes fr_pair_t linked list in JSON format
494 *
495 * This is a stream function matching the rest_read_t prototype. Multiple
496 * successive calls will return additional encoded fr_pair_ts.
497 *
498 * Only complete attribute headers
499 * @verbatim "<name>":{"type":"<type>","value":[' @endverbatim
500 * and complete attribute values will be written to ptr.
501 *
502 * If an attribute occurs multiple times in the request the attribute values
503 * will be concatenated into a single value array.
504 *
505 * JSON request format is:
506@verbatim
507{
508 "<attribute0>":{
509 "type":"<type0>",
510 "value":[<value0>,<value1>,<valueN>]
511 },
512 "<attribute1>":{
513 "type":"<type1>",
514 "value":[...]
515 },
516 "<attributeN>":{
517 "type":"<typeN>",
518 "value":[...]
519 },
520}
521@endverbatim
522 *
523 * @param[out] out Char buffer to write encoded data to.
524 * @param[in] size Multiply by nmemb to get the length of ptr.
525 * @param[in] nmemb Multiply by size to get the length of ptr.
526 * @param[in] userdata rlm_rest_request_t to keep encoding state between calls.
527 * @return
528 * - Length of data (including NULL) written to ptr.
529 * - 0 if no more data to write.
530 */
531static size_t rest_encode_json(void *out, size_t size, size_t nmemb, void *userdata)
532{
533 rlm_rest_request_t *ctx = userdata;
534 request_t *request = ctx->request;
536
537 size_t freespace = (size * nmemb) - 1; /* account for the \0 byte here */
538 size_t len;
539 size_t to_copy;
540 const char *encoded;
541
542 fr_assert(freespace > 0);
543
544 if (ctx->state == READ_STATE_INIT) {
545 encoded = fr_json_afrom_pair_list(data, &request->request_pairs, NULL);
546 if (!encoded) return -1;
547
548 data->start = data->p = encoded;
549 data->len = strlen(encoded);
550
551 RDEBUG3("JSON Data: %s", encoded);
552 RDEBUG3("Returning %zd bytes of JSON data", data->len);
553
555 }
556
557 to_copy = data->len - (data->p - data->start);
558 len = to_copy > freespace ? freespace : to_copy;
559
560 if (len == 0) return 0;
561
562 memcpy(out, data->p, len);
563 data->p += len;
564 return len;
565}
566#endif
567
568/** Emulates successive libcurl calls to an encoding function
569 *
570 * This function is used when the request will be sent to the HTTP server as one
571 * contiguous entity. A buffer of REST_BODY_ALLOC_CHUNK bytes is allocated and passed
572 * to the stream encoding function.
573 *
574 * If the stream function does not return 0, a new buffer is allocated which is
575 * the size of the previous buffer + REST_BODY_ALLOC_CHUNK bytes, the data from the
576 * previous buffer is copied, and freed, and another call is made to the stream
577 * function, passing a pointer into the new buffer at the end of the previously
578 * written data.
579 *
580 * This process continues until the stream function signals (by returning 0)
581 * that it has no more data to write.
582 *
583 * @param[out] out where the pointer to the alloced buffer should
584 * be written.
585 * @param[in] inst of rlm_rest.
586 * @param[in] func Stream function.
587 * @param[in] limit Maximum buffer size to alloc.
588 * @param[in] userdata rlm_rest_request_t to keep encoding state between calls to
589 * stream function.
590 * @return
591 * - Length of the data written to the buffer (excluding NULL).
592 * - -1 if alloc >= limit.
593 */
595 rest_read_t func, size_t limit, void *userdata)
596{
597 char *buff = NULL;
598 size_t alloc = REST_BODY_ALLOC_CHUNK; /* Size of buffer to alloc */
599 size_t used = 0; /* Size of data written */
600 size_t len = 0;
601
602 buff = talloc_array(NULL, char, alloc);
603 for (;;) {
604 len = func(buff + used, alloc - used, 1, userdata);
605 used += len;
606 if (!len) {
607 *out = buff;
608 return used;
609 }
610
611 alloc = alloc * 2;
612 if (alloc > limit) break;
613
614 MEM(buff = talloc_realloc(NULL, buff, char, alloc));
615 }
616
618
619 return -1;
620}
621
622/** (Re-)Initialises the data in a rlm_rest_request_t.
623 *
624 * Resets the values of a rlm_rest_request_t to their defaults.
625 *
626 * @param[in] section configuration data.
627 * @param[in] request Current request.
628 * @param[in] ctx to initialise.
629 */
630static void rest_request_init(rlm_rest_section_t const *section,
631 request_t *request, rlm_rest_request_t *ctx)
632{
633 /*
634 * Setup stream read data
635 */
636 ctx->section = section;
637 ctx->request = request;
638 ctx->state = READ_STATE_INIT;
639}
640
641/** Converts plain response into a single fr_pair_t
642 *
643 * @param[in] inst configuration data.
644 * @param[in] section configuration data.
645 * @param[in] randle fr_curl_io_request_t to use.
646 * @param[in] request Current request.
647 * @param[in] raw buffer containing POST data.
648 * @param[in] rawlen Length of data in raw buffer.
649 * @return
650 * - Number of fr_pair_t processed.
651 * - -1 on unrecoverable error.
652 */
654 request_t *request, UNUSED fr_curl_io_request_t *randle, char *raw, size_t rawlen)
655{
656 fr_pair_t *vp;
657
658 /*
659 * Empty response?
660 */
661 if (*raw == '\0') return 0;
662
663 /*
664 * Use rawlen to protect against overrun, and to cope with any binary data
665 */
667 fr_pair_value_bstrndup(vp, raw, rawlen, true);
668
669 RDEBUG2("%pP", vp);
670
671 return 1;
672}
673
674/** Converts POST response into fr_pair_ts and adds them to the request
675 *
676 * Accepts fr_pair_tS in the same format as rest_encode_post, but with the
677 * addition of optional attribute list qualifiers as part of the attribute name
678 * string.
679 *
680 * If no qualifiers are specified, will default to the request list.
681 *
682 * POST response format is:
683 * @verbatim [outer.][<list>.]<attribute0>=<value0>&[outer.][<list>.]<attribute1>=<value1>&[outer.][<list>.]<attributeN>=<valueN> @endverbatim
684 *
685 * @see rest_encode_post
686 *
687 * @param[in] instance configuration data.
688 * @param[in] section configuration data.
689 * @param[in] randle fr_curl_io_request_t to use.
690 * @param[in] request Current request.
691 * @param[in] raw buffer containing POST data.
692 * @param[in] rawlen Length of data in raw buffer.
693 * @return
694 * - Number of fr_pair_ts processed.
695 * - -1 on unrecoverable error.
696 */
697static int rest_decode_post(UNUSED rlm_rest_t const *instance, UNUSED rlm_rest_section_t const *section,
698 request_t *request, fr_curl_io_request_t *randle, char *raw, size_t rawlen)
699{
700 CURL *candle = randle->candle;
701
702 char const *p = raw, *q;
703
704 int count = 0;
705 int ret;
706
707 /*
708 * Empty response?
709 */
711 if (*p == '\0') return 0;
712
713 while (((q = strchr(p, '=')) != NULL) && (count < REST_BODY_MAX_ATTRS)) {
714 tmpl_t *dst;
716 fr_pair_list_t *vps;
717 TALLOC_CTX *ctx;
718 fr_dict_attr_t const *da;
719 fr_pair_t *vp;
720
721 char *name = NULL;
722 char *value = NULL;
723
724 char *expanded = NULL;
725
726 size_t len;
727 int curl_len; /* Length from last curl_easy_unescape call */
728
729 current = request;
730
731 name = curl_easy_unescape(candle, p, (q - p), &curl_len);
732 p = (q + 1);
733
734 /*
735 * Resolve attribute name to a dictionary entry and pairlist.
736 */
737 RDEBUG2("Parsing attribute \"%pV\"", fr_box_strvalue_len(name, curl_len));
738
739 if (tmpl_afrom_attr_str(request, NULL, &dst, name,
740 &(tmpl_rules_t){
741 .attr = {
742 .dict_def = request->proto_dict,
743 .list_def = request_attr_reply
744 }
745 }) <= 0) {
746 RPWDEBUG("Failed parsing attribute (skipping)");
747 talloc_free(dst);
748 goto skip;
749 }
750
751 if (tmpl_request_ptr(&current, tmpl_request(dst)) < 0) {
752 RWDEBUG("Attribute name refers to outer request but not in a tunnel (skipping)");
753 talloc_free(dst);
754 goto skip;
755 }
756
757 vps = tmpl_list_head(current, tmpl_list(dst));
758 if (!vps) {
759 RWDEBUG("List not valid in this context (skipping)");
760 talloc_free(dst);
761 goto skip;
762 }
763 ctx = tmpl_list_ctx(current, tmpl_list(dst));
764 da = tmpl_attr_tail_da(dst);
765
766 fr_assert(vps);
767
768 RINDENT();
769 RDEBUG3("Type : %s", fr_type_to_str(da->type));
770
771 q = strchr(p, '&');
772 len = (!q) ? (rawlen - (p - raw)) : (unsigned)(q - p);
773
774 value = curl_easy_unescape(candle, p, len, &curl_len);
775
776 /*
777 * If we found a delimiter we want to skip over it,
778 * if we didn't we do *NOT* want to skip over the end
779 * of the buffer...
780 */
781 p += (!q) ? len : (len + 1);
782
783 RDEBUG3("Length : %i", curl_len);
784 RDEBUG3("Value : \"%s\"", value);
785 REXDENT();
786
787 talloc_free(dst); /* Free our temporary tmpl */
788
789 RDEBUG2("Performing xlat expansion of response value");
790
791 if (xlat_aeval(request, &expanded, request, value, NULL, NULL) < 0) goto skip;
792
793 fr_assert(expanded);
794
795 MEM(vp = fr_pair_afrom_da(ctx, da));
796 if (!vp) {
797 REDEBUG("Failed creating valuepair");
798 talloc_free(expanded);
799
800 curl_free(name);
801 curl_free(value);
802
803 return count;
804 }
805
806 ret = fr_pair_value_from_str(vp, expanded, strlen(value), NULL, true);
807 TALLOC_FREE(expanded);
808 if (ret < 0) {
809 RWDEBUG("Incompatible value assignment, skipping");
811 goto skip;
812 }
813
814 fr_pair_append(vps, vp);
815
816 count++;
817
818 skip:
819 curl_free(name);
820 curl_free(value);
821
822 continue;
823 }
824
825 if (!count) REDEBUG("Malformed POST data \"%s\"", raw);
826
827 return count;
828
829}
830
831#ifdef HAVE_JSON
832/** Converts JSON "value" key into fr_pair_t.
833 *
834 * If leaf is not in fact a leaf node, but contains JSON data, the data will
835 * written to the attribute in JSON string format.
836 *
837 * @param[in] instance configuration data.
838 * @param[in] section configuration data.
839 * @param[in] ctx to allocate new fr_pair_ts in.
840 * @param[in] request Current request.
841 * @param[in] da Attribute to create.
842 * @param[in] flags containing the operator other flags controlling value
843 * expansion.
844 * @param[in] leaf object containing the fr_pair_t value.
845 * @return
846 * - #fr_pair_t just created.
847 * - NULL on error.
848 */
850 TALLOC_CTX *ctx, request_t *request,
851 fr_dict_attr_t const *da, json_flags_t *flags, json_object *leaf)
852{
853 char const *value;
854 char *expanded = NULL;
855 int ret;
856
857 fr_pair_t *vp;
858
860
861 if (json_object_is_type(leaf, json_type_null)) {
862 RDEBUG3("Got null value for attribute \"%s\" (skipping)", da->name);
863 return NULL;
864 }
865
866 MEM(vp = fr_pair_afrom_da(ctx, da));
867 if (!vp) {
868 RWDEBUG("Failed creating valuepair for attribute \"%s\" (skipping)", da->name);
869 return NULL;
870 }
871
873
874 switch (json_object_get_type(leaf)) {
875 case json_type_int:
876 if (flags->do_xlat) RWDEBUG("Ignoring do_xlat on 'int', attribute \"%s\"", da->name);
877 fr_value_box(&src, (int32_t)json_object_get_int(leaf), true);
878 break;
879
880 case json_type_double:
881 if (flags->do_xlat) RWDEBUG("Ignoring do_xlat on 'double', attribute \"%s\"", da->name);
882 fr_value_box(&src, (double)json_object_get_double(leaf), true);
883 break;
884
885 case json_type_string:
886 value = json_object_get_string(leaf);
887 if (flags->do_xlat && memchr(value, '%', json_object_get_string_len(leaf))) {
888 if (xlat_aeval(request, &expanded, request, value, NULL, NULL) < 0) {
890 return NULL;
891 }
892 fr_value_box_bstrndup_shallow(&src, NULL, expanded,
893 talloc_array_length(expanded) - 1, true);
894 } else {
896 json_object_get_string_len(leaf), true);
897 }
898 break;
899
900 default:
901 {
902 char const *str;
903 if (flags->do_xlat) RWDEBUG("Ignoring do_xlat on 'object', attribute \"%s\"", da->name);
904
905 /*
906 * Should encode any nested JSON structures into JSON strings.
907 *
908 * "I knew you liked JSON so I put JSON in your JSON!"
909 */
910 str = json_object_get_string(leaf);
911 if (!str) {
912 RWDEBUG("Failed getting string value for attribute \"%s\" (skipping)", da->name);
914 return NULL;
915 }
916 fr_value_box_strdup_shallow(&src, NULL, str, true);
917 }
918 }
919
920 ret = fr_value_box_cast(vp, &vp->data, da->type, da, &src);
921 talloc_free(expanded);
922 if (ret < 0) {
923 RWDEBUG("Failed parsing value for attribute \"%s\" (skipping)", da->name);
925 return NULL;
926 }
927
928 vp->op = flags->op;
929
930 return vp;
931}
932
933/** Processes JSON response and converts it into multiple fr_pair_ts
934 *
935 * Processes JSON attribute declarations in the format below. Will recurse when
936 * processing nested attributes. When processing nested attributes flags and
937 * operators from previous attributes are not inherited.
938 *
939 * JSON response format is:
940@verbatim
941{
942 "<attribute0>":{
943 "do_xlat":<bool>,
944 "is_json":<bool>,
945 "op":"<operator>",
946 "value":[<value0>,<value1>,<valueN>]
947 },
948 "<attribute1>":{
949 "value":{
950 "<nested-attribute0>":{
951 "op":"<operator>",
952 "value":<value0>
953 }
954 }
955 },
956 "<attribute2>":"<value0>",
957 "<attributeN>":[<value0>,<value1>,<valueN>]
958}
959@endverbatim
960 *
961 * JSON valuepair flags:
962 * - do_xlat (optional) Controls xlat expansion of values. Defaults to true.
963 * - is_json (optional) If true, any nested JSON data will be copied to the
964 * fr_pair_t in string form. Defaults to true.
965 * - op (optional) Controls how the attribute is inserted into
966 * the target list. Defaults to ':=' (T_OP_SET).
967 *
968 * If "op" is ':=' or '=', it will be automagically changed to '+=' for the
969 * second and subsequent values in multivalued attributes. This does not work
970 * between multiple attribute declarations.
971 *
972 * @see fr_tokens_table
973 *
974 * @param[in] instance configuration data.
975 * @param[in] section configuration data.
976 * @param[in] request Current request.
977 * @param[in] object containing root node, or parent node.
978 * @param[in] level Current nesting level.
979 * @param[in] max counter, decremented after each fr_pair_t is created,
980 * when 0 no more attributes will be processed.
981 * @return
982 * - Number of attributes created.
983 * - < 0 on error.
984 */
985static int json_pair_alloc(rlm_rest_t const *instance, rlm_rest_section_t const *section,
986 request_t *request, json_object *object, UNUSED int level, int max)
987{
988 int max_attrs = max;
989 tmpl_t *dst = NULL;
990
991 if (!json_object_is_type(object, json_type_object)) {
992#ifdef HAVE_JSON_TYPE_TO_NAME
993 REDEBUG("Can't process VP container, expected JSON object"
994 "got \"%s\" (skipping)",
995 json_type_to_name(json_object_get_type(object)));
996#else
997 REDEBUG("Can't process VP container, expected JSON object"
998 " (skipping)");
999#endif
1000 return -1;
1001 }
1002
1003 /*
1004 * Process VP container
1005 */
1006 {
1007 json_object_object_foreach(object, name, value) {
1008 int i = 0, elements;
1009 struct json_object *element, *tmp;
1010 TALLOC_CTX *ctx;
1011
1012 json_flags_t flags = {
1013 .op = T_OP_SET,
1014 .do_xlat = 1,
1015 .is_json = 0
1016 };
1017
1018 request_t *current = request;
1019 fr_pair_list_t *vps;
1020 fr_pair_t *vp = NULL;
1021
1022 TALLOC_FREE(dst);
1023
1024 /*
1025 * Resolve attribute name to a dictionary entry and pairlist.
1026 */
1027 RDEBUG2("Parsing attribute \"%s\"", name);
1028
1029 if (tmpl_afrom_attr_str(request, NULL, &dst, name,
1030 &(tmpl_rules_t){
1031 .attr = {
1032 .dict_def = request->proto_dict,
1033 .list_def = request_attr_reply
1034 }
1035 }) <= 0) {
1036 RPWDEBUG("Failed parsing attribute (skipping)");
1037 continue;
1038 }
1039
1040 if (tmpl_request_ptr(&current, tmpl_request(dst)) < 0) {
1041 RWDEBUG("Attribute name refers to outer request but not in a tunnel (skipping)");
1042 continue;
1043 }
1044
1045 vps = tmpl_list_head(current, tmpl_list(dst));
1046 if (!vps) {
1047 RWDEBUG("List not valid in this context (skipping)");
1048 continue;
1049 }
1050 ctx = tmpl_list_ctx(current, tmpl_list(dst));
1051
1052 /*
1053 * Alternative JSON structure which allows operator,
1054 * and other flags to be specified.
1055 *
1056 * "<name>":{
1057 * "do_xlat":<bool>,
1058 * "is_json":<bool>,
1059 * "op":"<op>",
1060 * "value":<value>
1061 * }
1062 *
1063 * Where value is a:
1064 * - [] Multivalued array
1065 * - {} Nested Valuepair
1066 * - * Integer or string value
1067 */
1068 if (json_object_is_type(value, json_type_object)) {
1069 /*
1070 * Process operator if present.
1071 */
1072 if (json_object_object_get_ex(value, "op", &tmp)) {
1073 flags.op = fr_table_value_by_str(fr_tokens_table, json_object_get_string(tmp), 0);
1074 if (!flags.op) {
1075 RWDEBUG("Invalid operator value \"%s\" (skipping)",
1076 json_object_get_string(tmp));
1077 continue;
1078 }
1079 }
1080
1081 /*
1082 * Process optional do_xlat bool.
1083 */
1084 if (json_object_object_get_ex(value, "do_xlat", &tmp)) {
1085 flags.do_xlat = json_object_get_boolean(tmp);
1086 }
1087
1088 /*
1089 * Process optional is_json bool.
1090 */
1091 if (json_object_object_get_ex(value, "is_json", &tmp)) {
1092 flags.is_json = json_object_get_boolean(tmp);
1093 }
1094
1095 /*
1096 * Value key must be present if were using the expanded syntax.
1097 */
1098 if (!json_object_object_get_ex(value, "value", &tmp)) {
1099 RWDEBUG("Value key missing (skipping)");
1100 continue;
1101 }
1102
1103 /*
1104 * The value field now becomes the key we're operating on
1105 */
1106 value = tmp;
1107 }
1108
1109 /*
1110 * Setup fr_pair_afrom_da / recursion loop.
1111 */
1112 if (!flags.is_json && json_object_is_type(value, json_type_array)) {
1113 elements = json_object_array_length(value);
1114 if (!elements) {
1115 RWDEBUG("Zero length value array (skipping)");
1116 continue;
1117 }
1118 element = json_object_array_get_idx(value, 0);
1119 } else {
1120 elements = 1;
1121 element = value;
1122 }
1123
1124 /*
1125 * A JSON 'value' key, may have multiple elements, iterate
1126 * over each of them, creating a new fr_pair_t.
1127 */
1128 do {
1129 fr_pair_list_t tmp_list;
1130
1131 if (max_attrs-- <= 0) {
1132 RWDEBUG("At maximum attribute limit");
1133 talloc_free(dst);
1134 return max;
1135 }
1136
1137 /*
1138 * Automagically switch the op for multivalued attributes.
1139 */
1140 if (((flags.op == T_OP_SET) || (flags.op == T_OP_EQ)) && (i >= 1)) {
1141 flags.op = T_OP_ADD_EQ;
1142 }
1143
1144 if (json_object_is_type(element, json_type_object) && !flags.is_json) {
1145 /* TODO: Insert nested VP into VP structure...*/
1146 RWDEBUG("Found nested VP, these are not yet supported (skipping)");
1147
1148 continue;
1149
1150 /*
1151 vp = json_pair_alloc(instance, section,
1152 request, value,
1153 level + 1, max_attrs);*/
1154 } else {
1155 vp = json_pair_alloc_leaf(instance, section, ctx, request,
1156 tmpl_attr_tail_da(dst), &flags, element);
1157 if (!vp) continue;
1158 }
1159 RINDENT();
1160 RDEBUG2("%s:%pP", tmpl_list_name(tmpl_list(dst), ""), vp);
1161 REXDENT();
1162
1163 fr_pair_list_init(&tmp_list);
1164 fr_pair_append(&tmp_list, vp);
1165 radius_pairmove(current, vps, &tmp_list);
1166 /*
1167 * If we call json_object_array_get_idx on something that's not an array
1168 * the behaviour appears to be to occasionally segfault.
1169 */
1170 } while ((++i < elements) && (element = json_object_array_get_idx(value, i)));
1171 }
1172 }
1173
1174 talloc_free(dst);
1175
1176 return max - max_attrs;
1177}
1178
1179/** Converts JSON response into fr_pair_ts and adds them to the request.
1180 *
1181 * Converts the raw JSON string into a json-c object tree and passes it to
1182 * json_pair_alloc. After the tree has been parsed json_object_put is called
1183 * which decrements the reference count of the root node by one, and frees
1184 * the entire tree.
1185 *
1186 * @see rest_encode_json
1187 * @see json_pair_alloc
1188 *
1189 * @param[in] instance configuration data.
1190 * @param[in] section configuration data.
1191 * @param[in,out] request Current request.
1192 * @param[in] randle REST handle.
1193 * @param[in] raw buffer containing JSON data.
1194 * @param[in] rawlen Length of data in raw buffer.
1195 * @return
1196 * - The number of #fr_pair_t processed.
1197 * - -1 on unrecoverable error.
1198 */
1199static int rest_decode_json(rlm_rest_t const *instance, rlm_rest_section_t const *section,
1200 request_t *request, UNUSED fr_curl_io_request_t *randle, char *raw, UNUSED size_t rawlen)
1201{
1202 char const *p = raw;
1203
1204 struct json_object *json;
1205
1206 int ret;
1207
1208 /*
1209 * Empty response?
1210 */
1212 if (*p == '\0') return 0;
1213
1214 json = json_tokener_parse(p);
1215 if (!json) {
1216 REDEBUG("Malformed JSON data \"%s\"", raw);
1217 return -1;
1218 }
1219
1220 ret = json_pair_alloc(instance, section, request, json, 0, REST_BODY_MAX_ATTRS);
1221
1222 /*
1223 * Decrement reference count for root object, should free entire JSON tree.
1224 */
1225 json_object_put(json);
1226
1227 return ret;
1228}
1229#endif
1230
1231/** Processes incoming HTTP header data from libcurl.
1232 *
1233 * Processes the status line, and Content-Type headers from the incoming HTTP
1234 * response.
1235 *
1236 * Matches prototype for CURLOPT_HEADERFUNCTION, and will be called directly
1237 * by libcurl.
1238 *
1239 * @param[in] in Char buffer where inbound header data is written.
1240 * @param[in] size Multiply by nmemb to get the length of ptr.
1241 * @param[in] nmemb Multiply by size to get the length of ptr.
1242 * @param[in] userdata rlm_rest_response_t to keep parsing state between calls.
1243 * @return
1244 * - Length of data processed.
1245 * - 0 on error.
1246 */
1247static size_t rest_response_header(void *in, size_t size, size_t nmemb, void *userdata)
1248{
1249 rlm_rest_response_t *ctx = userdata;
1250 request_t *request = ctx->request; /* Used by RDEBUG */
1251
1252 char const *start = (char *)in, *p = start, *end = p + (size * nmemb);
1253 char *q;
1254 size_t len;
1255
1257
1258#ifndef NDEBUG
1259 if (ctx->instance->fail_header_decode) {
1260 REDEBUG("Forcing header decode failure");
1261 return 0;
1262 }
1263#endif
1264
1265 /*
1266 * This seems to be curl's indication there are no more header lines.
1267 */
1268 if (((end - p) == 2) && ((p[0] == '\r') && (p[1] == '\n'))) {
1269 /*
1270 * If we got a 100 Continue, we need to send additional payload data.
1271 * reset the state to WRITE_STATE_INIT, so that when were called again
1272 * we overwrite previous header data with that from the proper header.
1273 */
1274 if (ctx->code == 100) {
1275 RDEBUG2("Continuing...");
1276 ctx->state = WRITE_STATE_INIT;
1277 }
1278
1279 return (end - start);
1280 }
1281
1282 switch (ctx->state) {
1283 case WRITE_STATE_INIT:
1284 RDEBUG2("Processing response header");
1285
1286 /*
1287 * HTTP/<version> <reason_code>[ <reason_phrase>]\r\n
1288 *
1289 * "HTTP/1.1 " (9) + "100" (3) + "\r\n" (2) = 14
1290 * "HTTP/2 " (7) + "100" (3) + "\r\n" (2) = 12
1291 */
1292 if ((end - p) < 12) {
1293 REDEBUG("Malformed HTTP header: Status line too short");
1294 malformed:
1295 REDEBUG("Received %zu bytes of invalid header data: %pV",
1296 (end - start), fr_box_strvalue_len(in, (end - start)));
1297 ctx->code = 0;
1298
1299 /*
1300 * Indicate we parsed the entire line, otherwise
1301 * bad things seem to happen internally with
1302 * libcurl when we try and use it with asynchronous
1303 * I/O handlers.
1304 */
1305 return (end - start);
1306 }
1307 /*
1308 * Check start of header matches...
1309 */
1310 if (strncasecmp("HTTP/", p, 5) != 0) {
1311 REDEBUG("Malformed HTTP header: Missing HTTP version");
1312 goto malformed;
1313 }
1314 p += 5;
1315
1316 /*
1317 * Skip the version field, next space should mark start of reason_code.
1318 */
1319 q = memchr(p, ' ', (end - p));
1320 if (!q) {
1321 REDEBUG("Malformed HTTP header: Missing reason code");
1322 goto malformed;
1323 }
1324
1325 p = q;
1326
1327 /*
1328 * Process reason_code.
1329 *
1330 * " 100" (4) + "\r\n" (2) = 6
1331 */
1332 if ((end - p) < 6) {
1333 REDEBUG("Malformed HTTP header: Reason code too short");
1334 goto malformed;
1335 }
1336 p++;
1337
1338 /*
1339 * "xxx( |\r)" status code and terminator.
1340 */
1341 if (!isdigit(p[0]) || !isdigit(p[1]) || !isdigit(p[2]) || !((p[3] == ' ') || (p[3] == '\r'))) {
1342 REDEBUG("Malformed HTTP header: Reason code malformed. "
1343 "Expected three digits then space or end of header, got \"%pV\"",
1344 fr_box_strvalue_len(p, 4));
1345 goto malformed;
1346 }
1347
1348 /*
1349 * Convert status code into an integer value
1350 */
1351 q = NULL;
1352 ctx->code = (int)strtoul(p, &q, 10);
1353 fr_assert(q == (p + 3)); /* We check this above */
1354 p = q;
1355
1356 /*
1357 * Process reason_phrase (if present).
1358 */
1359 RINDENT();
1360 if (*p == ' ') {
1361 p++;
1362 q = memchr(p, '\r', (end - p));
1363 if (!q) goto malformed;
1364 RDEBUG2("Status : %i (%pV)", ctx->code, fr_box_strvalue_len(p, q - p));
1365 } else {
1366 RDEBUG2("Status : %i", ctx->code);
1367 }
1368 REXDENT();
1369
1371
1372 break;
1373
1375 if (((end - p) >= 14) &&
1376 (strncasecmp("Content-Type: ", p, 14) == 0)) {
1377 p += 14;
1378
1379 /*
1380 * Check to see if there's a parameter separator.
1381 */
1382 q = memchr(p, ';', (end - p));
1383
1384 /*
1385 * If there's not, find the end of this header.
1386 */
1387 if (!q) q = memchr(p, '\r', (end - p));
1388
1389 len = (size_t)(!q ? (end - p) : (q - p));
1391
1392 RINDENT();
1393 RDEBUG2("Type : %s (%pV)", fr_table_str_by_value(http_body_type_table, type, "<INVALID>"),
1394 fr_box_strvalue_len(p, len));
1395 REXDENT();
1396
1397 /*
1398 * Assume the force_to value has already been validated.
1399 */
1400 if (ctx->force_to != REST_HTTP_BODY_UNKNOWN) {
1401 if (ctx->force_to != ctx->type) {
1402 RDEBUG3("Forcing body type to \"%s\"",
1404 ctx->type = ctx->force_to;
1405 }
1406 /*
1407 * Figure out if the type is supported by one of the decoders.
1408 */
1409 } else {
1411 switch (ctx->type) {
1413 RWDEBUG("Couldn't determine type, using the request's type \"%s\".",
1415 break;
1416
1418 REDEBUG("Type \"%s\" is currently unsupported",
1420 break;
1421
1423 REDEBUG("Type \"%s\" is unavailable, please rebuild this module with the required "
1424 "library", fr_table_str_by_value(http_body_type_table, type, "<INVALID>"));
1425 break;
1426
1428 REDEBUG("Type \"%s\" is not a valid web API data markup format",
1430 break;
1431
1432 /* supported type */
1433 default:
1434 break;
1435 }
1436 }
1437 }
1438 break;
1439
1440 default:
1441 break;
1442 }
1443
1444 return (end - start);
1445}
1446
1447/** Processes incoming HTTP body data from libcurl.
1448 *
1449 * Writes incoming body data to an intermediary buffer for later parsing by
1450 * one of the decode functions.
1451 *
1452 * @param[in] in Char buffer where inbound header data is written
1453 * @param[in] size Multiply by nmemb to get the length of ptr.
1454 * @param[in] nmemb Multiply by size to get the length of ptr.
1455 * @param[in] userdata rlm_rest_response_t to keep parsing state between calls.
1456 * @return
1457 * - Length of data processed.
1458 * - 0 on error.
1459 */
1460static size_t rest_response_body(void *in, size_t size, size_t nmemb, void *userdata)
1461{
1462 rlm_rest_response_t *ctx = userdata;
1463 request_t *request = ctx->request; /* Used by RDEBUG */
1464
1465 char const *start = in, *p = start, *end = p + (size * nmemb);
1466 char *q;
1467
1468 size_t needed;
1469
1470 if (start == end) return 0; /* Nothing to process */
1471
1472#ifndef NDEBUG
1473 if (ctx->instance->fail_body_decode) {
1474 REDEBUG("Forcing body read failure");
1475 return 0;
1476 }
1477#endif
1478
1479 /*
1480 * Any post processing of headers should go here...
1481 */
1483
1484 switch (ctx->type) {
1488 while ((q = memchr(p, '\n', (end - p)))) {
1489 REDEBUG("%pV", fr_box_strvalue_len(p, q - p));
1490 p = q + 1;
1491 }
1492
1493 if (p != end) REDEBUG("%pV", fr_box_strvalue_len(p, end - p));
1494 break;
1495
1497 while ((q = memchr(p, '\n', (end - p)))) {
1498 RDEBUG3("%pV", fr_box_strvalue_len(p, q - p));
1499 p = q + 1;
1500 }
1501
1502 if (p != end) RDEBUG3("%pV", fr_box_strvalue_len(p, end - p));
1503 break;
1504
1505 default:
1506 {
1507 char *out_p;
1508
1509 if ((ctx->section->response.max_body_in > 0) && ((ctx->used + (end - p)) > ctx->section->response.max_body_in)) {
1510 REDEBUG("Incoming data (%zu bytes) exceeds max_body_in (%zu bytes). "
1511 "Forcing body to type 'invalid'", ctx->used + (end - p), ctx->section->response.max_body_in);
1513 TALLOC_FREE(ctx->buffer);
1514 break;
1515 }
1516
1517 needed = ROUND_UP(ctx->used + (end - p), REST_BODY_ALLOC_CHUNK);
1518 if (needed > ctx->alloc) {
1519 MEM(ctx->buffer = talloc_bstr_realloc(NULL, ctx->buffer, needed));
1520 ctx->alloc = needed;
1521 }
1522
1523 out_p = ctx->buffer + ctx->used;
1524 memcpy(out_p, p, (end - p));
1525 out_p += (end - p);
1526 *out_p = '\0';
1527 ctx->used += (end - p);
1528 }
1529 break;
1530 }
1531
1532 return (end - start);
1533}
1534
1535/** Print out the response text as error lines
1536 *
1537 * @param request The Current request.
1538 * @param handle fr_curl_io_request_t used to execute the previous request.
1539 */
1541{
1542 char const *p, *end;
1543 char *q;
1544 size_t len;
1545
1546 len = rest_get_handle_data(&p, handle);
1547 if (len == 0) return;
1548
1549 end = p + len;
1550
1551 RERROR("Server returned:");
1552 while ((q = memchr(p, '\n', (end - p)))) {
1553 RERROR("%pV", fr_box_strvalue_len(p, q - p));
1554 p = q + 1;
1555 }
1556
1557 if (p != end) RERROR("%pV", fr_box_strvalue_len(p, end - p));
1558}
1559
1560/** Print out the response text
1561 *
1562 * @param request The Current request.
1563 * @param handle fr_curl_io_request_t used to execute the previous request.
1564 */
1566{
1567 char const *p, *end;
1568 char *q;
1569 size_t len;
1570
1571 len = rest_get_handle_data(&p, handle);
1572 if (len == 0) return;
1573
1574 end = p + len;
1575
1576 RDEBUG3("Server returned:");
1577 while ((q = memchr(p, '\n', (end - p)))) {
1578 RDEBUG3("%pV", fr_box_strvalue_len(p, q - p));
1579 p = q + 1;
1580 }
1581
1582 if (p != end) RDEBUG3("%pV", fr_box_strvalue_len(p, end - p));
1583}
1584
1585/** (Re-)Initialises the data in a rlm_rest_response_t.
1586 *
1587 * This resets the values of the a rlm_rest_response_t to their defaults.
1588 * Must be called between encoding sessions.
1589 *
1590 * @see rest_response_body
1591 * @see rest_response_header
1592 *
1593 * @param[in] section that created the request.
1594 * @param[in] request Current request.
1595 * @param[in] ctx data to initialise.
1596 * @param[in] type Default http_body_type to use when decoding raw data, may be
1597 * overwritten by rest_response_header.
1598 * @param[in] header Where to write out headers, may be NULL.
1599 */
1600static void rest_response_init(rlm_rest_section_t const *section,
1601 request_t *request, rlm_rest_response_t *ctx, http_body_type_t type, tmpl_t *header)
1602{
1603 ctx->section = section;
1604 ctx->request = request;
1605 ctx->type = type;
1606 ctx->state = WRITE_STATE_INIT;
1607 ctx->alloc = 0;
1608 ctx->used = 0;
1609 ctx->code = 0;
1610 ctx->header = header;
1611 TALLOC_FREE(ctx->buffer);
1612}
1613
1614/** Extracts pointer to buffer containing response data
1615 *
1616 * @param[out] out Where to write the pointer to the buffer.
1617 * @param[in] randle used for the last request.
1618 * @return
1619 * - 0 if no data i available.
1620 * - > 0 if data is available.
1621 */
1622size_t rest_get_handle_data(char const **out, fr_curl_io_request_t *randle)
1623{
1624 rlm_rest_curl_context_t *ctx = talloc_get_type_abort(randle->uctx, rlm_rest_curl_context_t);
1625
1626 if (!ctx->response.buffer) return 0;
1627
1628 *out = ctx->response.buffer;
1629 return ctx->response.used;
1630}
1631
1632/** Configures body specific curlopts.
1633 *
1634 * Configures libcurl handle to use either chunked mode, where the request
1635 * data will be sent using multiple HTTP requests, or contiguous mode where
1636 * the request data will be sent in a single HTTP request.
1637 *
1638 * @param[in] mctx Call data.
1639 * @param[in] section configuration data.
1640 * @param[in] request Current request.
1641 * @param[in] randle fr_curl_io_request_t to configure.
1642 * @param[in] func to pass to libcurl for chunked.
1643 * transfers (NULL if not using chunked mode).
1644 * @return
1645 * - 0 on success.
1646 * - -1 on failure.
1647 */
1648static int rest_request_config_body(module_ctx_t const *mctx, rlm_rest_section_t const *section,
1649 request_t *request, fr_curl_io_request_t *randle, rest_read_t func)
1650{
1651 rlm_rest_t const *inst = talloc_get_type_abort(mctx->mi->data, rlm_rest_t);
1652 rlm_rest_curl_context_t *uctx = talloc_get_type_abort(randle->uctx, rlm_rest_curl_context_t);
1653 ssize_t len;
1654
1655 /*
1656 * We were provided with no read function, assume this means
1657 * no body should be sent.
1658 */
1659 if (!func) {
1660 FR_CURL_REQUEST_SET_OPTION(CURLOPT_POSTFIELDSIZE, 0);
1661 return 0;
1662 }
1663
1664 /*
1665 * Chunked transfer encoding means the body will be sent in
1666 * multiple parts.
1667 */
1668 if (section->request.chunk > 0) {
1669 FR_CURL_REQUEST_SET_OPTION(CURLOPT_READDATA, &uctx->request);
1670 FR_CURL_REQUEST_SET_OPTION(CURLOPT_READFUNCTION, func);
1671
1672 return 0;
1673 }
1674
1675 /*
1676 * If were not doing chunked encoding then we read the entire
1677 * body into a buffer, and send it in one go.
1678 */
1679 len = rest_request_encode_wrapper(&uctx->body, inst, func, REST_BODY_MAX_LEN, &uctx->request);
1680 if (len <= 0) {
1681 REDEBUG("Failed creating HTTP body content");
1682 return -1;
1683 }
1684 RDEBUG2("Content-Length will be %zu bytes", len);
1685
1686 fr_assert((len == 0) || (talloc_array_length(uctx->body) >= (size_t)len));
1687 FR_CURL_REQUEST_SET_OPTION(CURLOPT_POSTFIELDS, uctx->body);
1688 FR_CURL_REQUEST_SET_OPTION(CURLOPT_POSTFIELDSIZE, len);
1689
1690 return 0;
1691
1692error:
1693 return -1;
1694}
1695
1696/** Adds an additional header to a handle to use in the next reques
1697 *
1698 * @param[in] request Current request.
1699 * @param[in] randle used for the next request.
1700 * @param[in] header to add.
1701 * @param[in] validate whether to perform basic checks on the header
1702 * @return
1703 * - 0 on success.
1704 * - -1 on failure.
1705 */
1706int rest_request_config_add_header(request_t *request, fr_curl_io_request_t *randle, char const *header, bool validate)
1707{
1708 rlm_rest_curl_context_t *ctx = talloc_get_type_abort(randle->uctx, rlm_rest_curl_context_t);
1709 struct curl_slist *headers;
1710
1711 if (validate && !strchr(header, ':')) {
1712 RWDEBUG("Invalid HTTP header \"%s\" must be in format '<attribute>: <value>'. Skipping...",
1713 header);
1714 return -1;
1715 }
1716
1717 RINDENT();
1718 RDEBUG3("%s", header);
1719 REXDENT();
1720
1721 headers = curl_slist_append(ctx->headers, header);
1722 if (unlikely(!headers)) {
1723 REDEBUG("Failed to add header \"%s\"", header);
1724 return -1;
1725 }
1726 ctx->headers = headers;
1727
1728 return 0;
1729}
1730
1731/** See if the list of headers already contains a header
1732 *
1733 * @note Only compares the header name, not the value.
1734 *
1735 * @param[in] randle to check headers for.
1736 * @param[in] header to find.
1737 * @return
1738 * - true if yes
1739 * - false if no
1740 */
1741static bool rest_request_contains_header(fr_curl_io_request_t *randle, char const *header)
1742{
1743 rlm_rest_curl_context_t *ctx = talloc_get_type_abort(randle->uctx, rlm_rest_curl_context_t);
1744 struct curl_slist *headers = ctx->headers;
1745 char const *sep;
1746 size_t cmp_len;
1747
1748 sep = strchr(header, ':');
1749 cmp_len = sep ? (size_t)(sep - header) : strlen(header);
1750
1751 while (headers) {
1752 if (strncasecmp(headers->data, header, cmp_len) == 0) return true;
1753 headers = headers->next;
1754 }
1755
1756 return false;
1757}
1758
1759/** Configures request curlopts.
1760 *
1761 * Configures libcurl handle setting various curlopts for things like local
1762 * client time, Content-Type, and other FreeRADIUS custom headers.
1763 *
1764 * Current FreeRADIUS custom headers are:
1765 * - X-FreeRADIUS-Section The module section being processed.
1766 * - X-FreeRADIUS-Server The current virtual server the request_t is
1767 * passing through.
1768 *
1769 * Sets up callbacks for all response processing (buffers and body data).
1770 *
1771 * @param[in] mctx call data.
1772 * @param[in] section configuration data.
1773 * @param[in] randle to configure.
1774 * @param[in] request Current request.
1775 * @param[in] method to use (HTTP verbs PUT, POST, DELETE etc...).
1776 * @param[in] type Content-Type for request encoding, also sets
1777 * the default for decoding.
1778 * @param[in] uri buffer containing the expanded URI to send the request to.
1779 * @param[in] body_data (optional) custom body data. Must persist whilst we're
1780 * writing data out to the socket. Must be a talloced buffer
1781 * which is \0 terminated.
1782 * @return
1783 * - 0 on success (all opts configured).
1784 * - -1 on failure.
1785 */
1787 request_t *request, fr_curl_io_request_t *randle, http_method_t method,
1789 char const *uri, char const *body_data)
1790{
1791 rlm_rest_t const *inst = talloc_get_type_abort(mctx->mi->data, rlm_rest_t);
1792 rlm_rest_call_env_t *call_env = talloc_get_type_abort(mctx->env_data, rlm_rest_call_env_t);
1793 rlm_rest_curl_context_t *ctx = talloc_get_type_abort(randle->uctx, rlm_rest_curl_context_t);
1794 CURL *candle = randle->candle;
1795 fr_time_delta_t timeout;
1796
1797 http_auth_type_t auth = section->request.auth;
1798
1799 CURLcode ret = CURLE_OK;
1800 char const *option;
1801
1802 char buffer[512];
1803
1804 fr_assert(candle);
1805
1806 buffer[(sizeof(buffer) - 1)] = '\0';
1807
1808 /*
1809 * Control which HTTP version we're going to use
1810 */
1811 if (inst->http_negotiation != CURL_HTTP_VERSION_NONE) FR_CURL_REQUEST_SET_OPTION(CURLOPT_HTTP_VERSION, inst->http_negotiation);
1812
1813 /*
1814 * Setup any header options and generic headers.
1815 */
1816 FR_CURL_REQUEST_SET_OPTION(CURLOPT_URL, uri);
1817#if CURL_AT_LEAST_VERSION(7,85,0)
1818 FR_CURL_REQUEST_SET_OPTION(CURLOPT_PROTOCOLS_STR, "http,https");
1819#else
1820 FR_CURL_REQUEST_SET_OPTION(CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
1821#endif
1822 if (section->request.proxy) {
1823 if (section->request.proxy == rest_no_proxy) {
1824 FR_CURL_REQUEST_SET_OPTION(CURLOPT_NOPROXY, "*");
1825 } else {
1826 FR_CURL_REQUEST_SET_OPTION(CURLOPT_PROXY, section->request.proxy);
1827 }
1828 }
1829 FR_CURL_REQUEST_SET_OPTION(CURLOPT_NOSIGNAL, 1L);
1830 FR_CURL_REQUEST_SET_OPTION(CURLOPT_USERAGENT, "FreeRADIUS " RADIUSD_VERSION_STRING);
1831
1832 timeout = inst->conn_config.connect_timeout;
1833 RDEBUG3("Connect timeout is %pVs, request timeout is %pVs",
1834 fr_box_time_delta(timeout), fr_box_time_delta(section->timeout));
1835 FR_CURL_REQUEST_SET_OPTION(CURLOPT_CONNECTTIMEOUT_MS, fr_time_delta_to_msec(timeout));
1836 FR_CURL_REQUEST_SET_OPTION(CURLOPT_TIMEOUT_MS, fr_time_delta_to_msec(section->timeout));
1837
1838 /*
1839 * FreeRADIUS custom headers
1840 */
1841 RDEBUG3("Adding custom headers:");
1842 snprintf(buffer, sizeof(buffer), "X-FreeRADIUS-Section: %s", section->name);
1843 if (unlikely(rest_request_config_add_header(request, randle, buffer, false) < 0)) return -1;
1844
1845 snprintf(buffer, sizeof(buffer), "X-FreeRADIUS-Server: %s", cf_section_name2(unlang_call_current(request)));
1846 if (unlikely(rest_request_config_add_header(request, randle, buffer, false) < 0)) return -1;
1847
1848 /*
1849 * Add in the section headers
1850 */
1851 if (call_env->request.header) {
1852 size_t len = talloc_array_length(call_env->request.header), i;
1853 for (i = 0; i < len; i++) {
1854 fr_value_box_list_foreach(&call_env->request.header[i], header) {
1855 if (unlikely(rest_request_config_add_header(request, randle, header->vb_strvalue, true) < 0)) return -1;
1856 }
1857 }
1858 }
1859
1860 /*
1861 * Add in dynamic headers from the request
1862 */
1863 {
1864 fr_pair_t *header;
1865 fr_dcursor_t header_cursor;
1866
1867 for (header = fr_pair_dcursor_by_da_init(&header_cursor, &request->control_pairs, attr_rest_http_header);
1868 header;
1869 header = fr_dcursor_current(&header_cursor)) {
1870 header = fr_dcursor_remove(&header_cursor);
1871 if (unlikely(rest_request_config_add_header(request, randle, header->vp_strvalue, true) < 0)) return -1;
1872
1873 talloc_free(header);
1874 }
1875 }
1876
1877 if (!rest_request_contains_header(randle, "Content-Type:")) {
1878 /*
1879 * HTTP/1.1 doesn't require a content type so only set it
1880 * if where body type requires it, and we haven't set one
1881 * already from attributes.
1882 */
1883 if (type != REST_HTTP_BODY_NONE) {
1884 char const *content_type = fr_table_str_by_value(http_content_type_table, type, section->request.body_str);
1885 snprintf(buffer, sizeof(buffer), "Content-Type: %s", content_type);
1886 if (unlikely(rest_request_config_add_header(request, randle, buffer, false) < 0)) return -1;
1887
1888 RDEBUG3("Request body content-type will be \"%s\"", content_type);
1889 }
1890 }
1891
1892 /*
1893 * Configure HTTP verb (GET, POST, PUT, PATCH, DELETE, other...)
1894 */
1895 switch (method) {
1897 FR_CURL_REQUEST_SET_OPTION(CURLOPT_HTTPGET, 1L);
1898 break;
1899
1901 FR_CURL_REQUEST_SET_OPTION(CURLOPT_POST, 1L);
1902 break;
1903
1905 /*
1906 * Do not set CURLOPT_PUT, this will cause libcurl
1907 * to ignore CURLOPT_POSTFIELDs and attempt to read
1908 * whatever was set with CURLOPT_READDATA, which by
1909 * default is stdin.
1910 *
1911 * This is many cases will cause the server to block,
1912 * indefinitely.
1913 */
1914 FR_CURL_REQUEST_SET_OPTION(CURLOPT_CUSTOMREQUEST, "PUT");
1915 break;
1916
1918 FR_CURL_REQUEST_SET_OPTION(CURLOPT_CUSTOMREQUEST, "PATCH");
1919 break;
1920
1922 FR_CURL_REQUEST_SET_OPTION(CURLOPT_CUSTOMREQUEST, "DELETE");
1923 break;
1924
1926 FR_CURL_REQUEST_SET_OPTION(CURLOPT_CUSTOMREQUEST, section->request.method_str);
1927 break;
1928
1929 default:
1930 fr_assert(0);
1931 break;
1932 }
1933
1934 /*
1935 * Set user based authentication parameters
1936 */
1937 if (auth > REST_HTTP_AUTH_NONE) {
1938
1939#define SET_AUTH_OPTION(_x, _y)\
1940do {\
1941 if ((ret = curl_easy_setopt(candle, _x, _y)) != CURLE_OK) {\
1942 option = STRINGIFY(_x);\
1943 REDEBUG("Failed setting curl option %s: %s (%i)", option, curl_easy_strerror(ret), ret); \
1944 goto error;\
1945 }\
1946} while (0)
1947 RDEBUG3("Configuring HTTP auth type %s, user \"%pV\", password \"%pV\"",
1948 fr_table_str_by_value(http_auth_table, auth, "<INVALID>"),
1949 call_env->request.username ? call_env->request.username : fr_box_strvalue("(none)"),
1950 call_env->request.password ? call_env->request.password : fr_box_strvalue("(none)"));
1951
1952 /*
1953 * FIXME - We probably want to escape \0s here...
1954 */
1955 if ((auth >= REST_HTTP_AUTH_BASIC) && (auth <= REST_HTTP_AUTH_ANY_SAFE)) {
1956 SET_AUTH_OPTION(CURLOPT_HTTPAUTH, http_curl_auth[auth]);
1957 if (call_env->request.username) SET_AUTH_OPTION(CURLOPT_USERNAME, call_env->request.username->vb_strvalue);
1958 if (call_env->request.password) SET_AUTH_OPTION(CURLOPT_PASSWORD, call_env->request.password->vb_strvalue);
1959 } else if (auth == REST_HTTP_AUTH_TLS_SRP) {
1960 SET_AUTH_OPTION(CURLOPT_TLSAUTH_TYPE, "SRP");
1961 if (call_env->request.username) SET_AUTH_OPTION(CURLOPT_TLSAUTH_USERNAME, call_env->request.username->vb_strvalue);
1962 if (call_env->request.password) SET_AUTH_OPTION(CURLOPT_TLSAUTH_PASSWORD, call_env->request.password->vb_strvalue);
1963 }
1964 }
1965
1966 /*
1967 * Set SSL/TLS authentication parameters
1968 */
1969 fr_curl_easy_tls_init(randle, &section->tls);
1970
1971 /*
1972 * Tell CURL how to get HTTP body content, and how to process incoming data.
1973 */
1974 rest_response_init(section, request, &ctx->response, type, call_env->response.header);
1975
1976 FR_CURL_REQUEST_SET_OPTION(CURLOPT_HEADERFUNCTION, rest_response_header);
1977 FR_CURL_REQUEST_SET_OPTION(CURLOPT_HEADERDATA, &ctx->response);
1978 FR_CURL_REQUEST_SET_OPTION(CURLOPT_WRITEFUNCTION, rest_response_body);
1979 FR_CURL_REQUEST_SET_OPTION(CURLOPT_WRITEDATA, &ctx->response);
1980
1981 /*
1982 * Force parsing the body text as a particular encoding.
1983 */
1984 ctx->response.force_to = section->response.force_to;
1985
1986 switch (method) {
1989 RDEBUG3("Using a HTTP method which does not require a body. Forcing request body type to \"none\"");
1990 goto finish;
1991
1996 if (section->request.chunk > 0) {
1997 ctx->request.chunk = section->request.chunk;
1998
1999 if (unlikely(rest_request_config_add_header(request, randle, "Transfer-Encoding: chunked", false) < 0)) return -1;
2000 }
2001
2002 break;
2003
2004 default:
2005 fr_assert(0);
2006 }
2007
2008 /*
2009 * Setup encoder specific options
2010 */
2011 switch (type) {
2013 if (rest_request_config_body(mctx, section, request, randle, NULL) < 0) return -1;
2014
2015 break;
2016
2018 {
2020
2021 data = talloc_zero(request, rest_custom_data_t);
2022 data->p = data->start = body_data;
2023 data->len = talloc_strlen(body_data);
2024
2025 /* Use the encoder specific pointer to store the data we need to encode */
2026 ctx->request.encoder = data;
2027 if (rest_request_config_body(mctx, section, request, randle, rest_encode_custom) < 0) {
2028 TALLOC_FREE(ctx->request.encoder);
2029 return -1;
2030 }
2031 }
2032 break;
2033
2034#ifdef HAVE_JSON
2036 {
2038
2039 data = talloc_zero(request, rest_custom_data_t);
2040 ctx->request.encoder = data;
2041
2042 rest_request_init(section, request, &ctx->request);
2043
2044 if (rest_request_config_body(mctx, section, request, randle, rest_encode_json) < 0) return -1;
2045 }
2046
2047 break;
2048#endif
2049
2051 rest_request_init(section, request, &ctx->request);
2052 fr_pair_dcursor_init(&(ctx->request.cursor), &request->request_pairs);
2053
2054 if (rest_request_config_body(mctx, section, request, randle, rest_encode_post) < 0) return -1;
2055
2056 break;
2057
2058 default:
2059 fr_assert(0);
2060 }
2061
2062
2063finish:
2064 FR_CURL_REQUEST_SET_OPTION(CURLOPT_HTTPHEADER, ctx->headers);
2065
2066 return 0;
2067
2068error:
2069 return -1;
2070}
2071
2072/** Sends the response to the correct decode function.
2073 *
2074 * Uses the Content-Type information written in rest_response_header to
2075 * determine the correct decode function to use. The decode function will
2076 * then convert the raw received data into fr_pair_ts.
2077 *
2078 * @param[in] instance configuration data.
2079 * @param[in] section configuration data.
2080 * @param[in] request Current request.
2081 * @param[in] randle to use.
2082 * @return
2083 * - 0 on success.
2084 * - -1 on failure.
2085 */
2086int rest_response_decode(rlm_rest_t const *instance, rlm_rest_section_t const *section,
2087 request_t *request, fr_curl_io_request_t *randle)
2088{
2089 rlm_rest_curl_context_t *ctx = talloc_get_type_abort(randle->uctx, rlm_rest_curl_context_t);
2090
2091 int ret = -1; /* -Wsometimes-uninitialized */
2092
2093 if (!ctx->response.buffer) {
2094 RDEBUG2("Skipping attribute processing, no valid body data received");
2095 return 0;
2096 }
2097
2098 switch (ctx->response.type) {
2100 return 0;
2101
2103 ret = rest_decode_plain(instance, section, request, randle, ctx->response.buffer, ctx->response.used);
2104 break;
2105
2107 ret = rest_decode_post(instance, section, request, randle, ctx->response.buffer, ctx->response.used);
2108 break;
2109
2110#ifdef HAVE_JSON
2112 ret = rest_decode_json(instance, section, request, randle, ctx->response.buffer, ctx->response.used);
2113 break;
2114#endif
2115
2119 return -1;
2120
2121 default:
2122 fr_assert(0);
2123 }
2124
2125 return ret;
2126}
2127
2128/** URL encodes a string.
2129 *
2130 * Encode special chars as per RFC 3986 section 4.
2131 *
2132 * @param[in] request Current request.
2133 * @param[out] out Where to write escaped string.
2134 * @param[in] outlen Size of out buffer.
2135 * @param[in] raw string to be urlencoded.
2136 * @param[in] arg pointer, gives context for escaping.
2137 * @return length of data written to out (excluding NULL).
2138 */
2139size_t rest_uri_escape(UNUSED request_t *request, char *out, size_t outlen, char const *raw, UNUSED void *arg)
2140{
2141 char *escaped;
2142
2143 escaped = curl_escape(raw, 0);
2144 strlcpy(out, escaped, outlen);
2145 curl_free(escaped);
2146
2147 return strlen(out);
2148}
2149
2150/** Unescapes the host portion of a URI string
2151 *
2152 * This is required because the xlat functions which operate on the input string
2153 * cannot distinguish between host and path components.
2154 *
2155 * @param[out] out Where to write the pointer to the new
2156 * buffer containing the escaped URI.
2157 * @param[in] inst of rlm_rest.
2158 * @param[in] request Current request
2159 * @param[in] randle to use.
2160 * @param[in] uri configuration data.
2161 * @return
2162 * - Length of data written to buffer (excluding NULL).
2163 * - < 0 if an error occurred.
2164 */
2166 fr_curl_io_request_t *randle, char const *uri)
2167{
2168 CURL *candle = randle->candle;
2169
2170 char const *p, *q;
2171
2172 char *scheme;
2173
2174 ssize_t len;
2175
2176 p = uri;
2177
2178 /*
2179 * All URLs must contain at least <scheme>://<server>/
2180 */
2181 p = strchr(p, ':');
2182 if (!p || (*++p != '/') || (*++p != '/')) {
2183 malformed:
2184 REDEBUG("URI \"%s\" is malformed, can't find start of path", uri);
2185 return -1;
2186 }
2187 p = strchr(p + 1, '/');
2188 if (!p) {
2189 goto malformed;
2190 }
2191
2192 len = (p - uri);
2193
2194 /*
2195 * Unescape any special sequences in the first part of the URI
2196 */
2197 scheme = curl_easy_unescape(candle, uri, len, NULL);
2198 if (!scheme) {
2199 REDEBUG("Error unescaping host");
2200 return -1;
2201 }
2202
2203 /*
2204 * URIs can't contain spaces, so anything after the space must
2205 * be something else.
2206 */
2207 q = strchr(p, ' ');
2208 *out = q ? talloc_typed_asprintf(request, "%s%.*s", scheme, (int)(q - p), p) :
2209 talloc_typed_asprintf(request, "%s%s", scheme, p);
2210
2211 MEM(*out);
2212 curl_free(scheme);
2213
2214 return talloc_array_length(*out) - 1; /* array_length includes \0 */
2215}
static int const char char buffer[256]
Definition acutest.h:576
#define RCSID(id)
Definition build.h:485
#define L(_str)
Helper for initialising arrays of string literals.
Definition build.h:209
#define unlikely(_x)
Definition build.h:383
#define UNUSED
Definition build.h:317
#define NUM_ELEMENTS(_t)
Definition build.h:339
CONF_SECTION * unlang_call_current(request_t *request)
Return the last virtual server that was called.
Definition call.c:225
char const * cf_section_name2(CONF_SECTION const *cs)
Return the second identifier of a CONF_SECTION.
Definition cf_util.c:1184
#define FR_CURL_REQUEST_SET_OPTION(_x, _y)
Definition base.h:67
fr_curl_io_request_t * fr_curl_io_request_alloc(TALLOC_CTX *ctx)
Allocate a new curl easy request and wrapper struct.
Definition io.c:544
void * uctx
Private data for the module using the API.
Definition base.h:105
CURL * candle
Request specific handle.
Definition base.h:102
Structure representing an individual request being passed to curl for processing.
Definition base.h:101
static void * fr_dcursor_next(fr_dcursor_t *cursor)
Advanced the cursor to the next item.
Definition dcursor.h:290
static void * fr_dcursor_remove(fr_dcursor_t *cursor)
Remove the current item.
Definition dcursor.h:482
static void * fr_dcursor_current(fr_dcursor_t *cursor)
Return the item the cursor current points to.
Definition dcursor.h:339
#define MEM(x)
Definition debug.h:36
#define RADIUSD_VERSION_STRING
Definition dependency.h:39
static fr_slen_t in
Definition dict.h:840
Test enumeration values.
Definition dict_test.h:92
char * fr_json_afrom_pair_list(TALLOC_CTX *ctx, fr_pair_list_t *vps, fr_json_format_t const *format)
Returns a JSON string of a list of value pairs.
Definition json.c:1237
int fr_curl_easy_tls_init(fr_curl_io_request_t *randle, fr_curl_tls_t const *conf)
Definition base.c:139
#define REXDENT()
Exdent (unindent) R* messages by one level.
Definition log.h:443
#define RWDEBUG(fmt,...)
Definition log.h:361
#define RDEBUG3(fmt,...)
Definition log.h:343
#define RERROR(fmt,...)
Definition log.h:298
#define RPWDEBUG(fmt,...)
Definition log.h:366
#define RINDENT()
Indent R* messages by one level.
Definition log.h:430
talloc_free(reap)
#define ROUND_UP(_num, _mul)
Round up - Works in all cases, but is slower.
Definition math.h:148
long int ssize_t
unsigned long int size_t
static size_t used
int strncasecmp(char *s1, char *s2, int n)
Definition missing.c:36
void * env_data
Per call environment data.
Definition module_ctx.h:44
module_instance_t const * mi
Instance of the module being instantiated.
Definition module_ctx.h:42
Temporary structure to hold arguments for module calls.
Definition module_ctx.h:41
int fr_pair_value_from_str(fr_pair_t *vp, char const *value, size_t inlen, fr_sbuff_unescape_rules_t const *uerules, UNUSED bool tainted)
Convert string value to native attribute value.
Definition pair.c:2590
int fr_pair_append(fr_pair_list_t *list, fr_pair_t *to_add)
Add a VP to the end of the list.
Definition pair.c:1342
fr_pair_t * fr_pair_afrom_da(TALLOC_CTX *ctx, fr_dict_attr_t const *da)
Dynamically allocate a new attribute and assign a fr_dict_attr_t.
Definition pair.c:287
void fr_pair_list_init(fr_pair_list_t *list)
Initialise a pair list header.
Definition pair.c:46
int fr_pair_value_bstrndup(fr_pair_t *vp, char const *src, size_t len, bool tainted)
Copy data into a "string" type value pair.
Definition pair.c:2786
void radius_pairmove(request_t *request, fr_pair_list_t *to, fr_pair_list_t *from)
Definition pairmove.c:44
#define fr_assert(_expr)
Definition rad_assert.h:38
static rc_request_t * current
#define pair_update_request(_attr, _da)
#define REDEBUG(fmt,...)
Definition radclient.h:52
#define RDEBUG2(fmt,...)
Definition radclient.h:54
fr_dict_attr_t const * request_attr_reply
Definition request.c:44
static int rest_decode_post(UNUSED rlm_rest_t const *instance, UNUSED rlm_rest_section_t const *section, request_t *request, fr_curl_io_request_t *randle, char *raw, size_t rawlen)
Converts POST response into fr_pair_ts and adds them to the request.
Definition rest.c:697
static int rest_decode_plain(UNUSED rlm_rest_t const *inst, UNUSED rlm_rest_section_t const *section, request_t *request, UNUSED fr_curl_io_request_t *randle, char *raw, size_t rawlen)
Converts plain response into a single fr_pair_t.
Definition rest.c:653
fr_table_num_sorted_t const http_auth_table[]
Definition rest.c:163
size_t len
Length of data.
Definition rest.c:212
char const * start
Start of the buffer.
Definition rest.c:210
#define CURLAUTH_DIGEST_IE
Definition rest.c:85
int rest_request_config(module_ctx_t const *mctx, rlm_rest_section_t const *section, request_t *request, fr_curl_io_request_t *randle, http_method_t method, http_body_type_t type, char const *uri, char const *body_data)
Configures request curlopts.
Definition rest.c:1786
ssize_t rest_uri_host_unescape(char **out, UNUSED rlm_rest_t const *inst, request_t *request, fr_curl_io_request_t *randle, char const *uri)
Unescapes the host portion of a URI string.
Definition rest.c:2165
int do_xlat
If true value will be expanded with xlat.
Definition rest.c:226
static size_t rest_encode_custom(void *out, size_t size, size_t nmemb, void *userdata)
Copies a pre-expanded xlat string to the output buffer.
Definition rest.c:295
fr_table_num_sorted_t const http_body_type_table[]
Conversion table for type config values.
Definition rest.c:147
static size_t rest_encode_json(void *out, size_t size, size_t nmemb, void *userdata)
Encodes fr_pair_t linked list in JSON format.
Definition rest.c:531
#define CURLOPT_TLSAUTH_SRP
Definition rest.c:76
fr_token_t op
The operator that determines how the new VP.
Definition rest.c:229
#define CURLAUTH_BASIC
Definition rest.c:79
fr_table_num_sorted_t const http_method_table[]
Conversion table for method config values.
Definition rest.c:128
void * rest_mod_conn_create(TALLOC_CTX *ctx, void *instance, UNUSED fr_time_delta_t timeout)
Creates a new connection handle for use by the FR connection API.
Definition rest.c:260
size_t rest_get_handle_data(char const **out, fr_curl_io_request_t *randle)
Extracts pointer to buffer containing response data.
Definition rest.c:1622
static bool rest_request_contains_header(fr_curl_io_request_t *randle, char const *header)
See if the list of headers already contains a header.
Definition rest.c:1741
static int json_pair_alloc(rlm_rest_t const *instance, rlm_rest_section_t const *section, request_t *request, json_object *object, UNUSED int level, int max)
Processes JSON response and converts it into multiple fr_pair_ts.
Definition rest.c:985
static void rest_request_init(rlm_rest_section_t const *section, request_t *request, rlm_rest_request_t *ctx)
(Re-)Initialises the data in a rlm_rest_request_t.
Definition rest.c:630
static ssize_t rest_request_encode_wrapper(char **out, UNUSED rlm_rest_t const *inst, rest_read_t func, size_t limit, void *userdata)
Emulates successive libcurl calls to an encoding function.
Definition rest.c:594
static int rest_decode_json(rlm_rest_t const *instance, rlm_rest_section_t const *section, request_t *request, UNUSED fr_curl_io_request_t *randle, char *raw, UNUSED size_t rawlen)
Converts JSON response into fr_pair_ts and adds them to the request.
Definition rest.c:1199
void rest_response_debug(request_t *request, fr_curl_io_request_t *handle)
Print out the response text.
Definition rest.c:1565
#define CURLAUTH_NTLM
Definition rest.c:91
static fr_pair_t * json_pair_alloc_leaf(UNUSED rlm_rest_t const *instance, UNUSED rlm_rest_section_t const *section, TALLOC_CTX *ctx, request_t *request, fr_dict_attr_t const *da, json_flags_t *flags, json_object *leaf)
Converts JSON "value" key into fr_pair_t.
Definition rest.c:849
fr_table_num_sorted_t const http_content_type_table[]
Conversion table for "Content-Type" header values.
Definition rest.c:191
#define SET_AUTH_OPTION(_x, _y)
int is_json
If true value will be inserted as raw JSON.
Definition rest.c:227
const unsigned long http_curl_auth[REST_HTTP_AUTH_NUM_ENTRIES]
Definition rest.c:102
#define CURLAUTH_NTLM_WB
Definition rest.c:94
const http_body_type_t http_body_type_supported[REST_HTTP_BODY_NUM_ENTRIES]
Table of encoder/decoder support.
Definition rest.c:52
#define CURLAUTH_GSSNEGOTIATE
Definition rest.c:88
size_t rest_uri_escape(UNUSED request_t *request, char *out, size_t outlen, char const *raw, UNUSED void *arg)
URL encodes a string.
Definition rest.c:2139
int rest_request_config_add_header(request_t *request, fr_curl_io_request_t *randle, char const *header, bool validate)
Adds an additional header to a handle to use in the next reques.
Definition rest.c:1706
void rest_response_error(request_t *request, fr_curl_io_request_t *handle)
Print out the response text as error lines.
Definition rest.c:1540
size_t http_body_type_table_len
Definition rest.c:161
static int rest_request_config_body(module_ctx_t const *mctx, rlm_rest_section_t const *section, request_t *request, fr_curl_io_request_t *randle, rest_read_t func)
Configures body specific curlopts.
Definition rest.c:1648
static int _mod_conn_free(fr_curl_io_request_t *randle)
Frees a libcurl handle, and any additional memory used by context data.
Definition rest.c:239
static void rest_response_init(rlm_rest_section_t const *section, request_t *request, rlm_rest_response_t *ctx, http_body_type_t type, tmpl_t *header)
(Re-)Initialises the data in a rlm_rest_response_t.
Definition rest.c:1600
static size_t rest_response_body(void *in, size_t size, size_t nmemb, void *userdata)
Processes incoming HTTP body data from libcurl.
Definition rest.c:1460
static size_t rest_encode_post(void *out, size_t size, size_t nmemb, void *userdata)
Encodes fr_pair_t linked list in POST format.
Definition rest.c:354
char const * p
how much text we've sent so far.
Definition rest.c:211
size_t http_auth_table_len
Definition rest.c:175
static size_t rest_response_header(void *in, size_t size, size_t nmemb, void *userdata)
Processes incoming HTTP header data from libcurl.
Definition rest.c:1247
size_t http_content_type_table_len
Definition rest.c:203
#define CURLAUTH_DIGEST
Definition rest.c:82
size_t http_method_table_len
Definition rest.c:136
int rest_response_decode(rlm_rest_t const *instance, rlm_rest_section_t const *section, request_t *request, fr_curl_io_request_t *randle)
Sends the response to the correct decode function.
Definition rest.c:2086
Flags to control the conversion of JSON values to fr_pair_ts.
Definition rest.c:225
Function prototypes and datatypes for the REST (HTTP) transport.
rlm_rest_t const * instance
This instance of rlm_rest.
Definition rest.h:230
read_state_t state
Encoder state.
Definition rest.h:216
HIDDEN fr_dict_attr_t const * attr_rest_http_header
Definition rlm_rest.c:285
http_auth_type_t auth
HTTP auth type.
Definition rest.h:120
struct curl_slist * headers
Any HTTP headers which will be sent with the request.
Definition rest.h:254
tmpl_t * header
Where to create pairs representing HTTP response headers.
Definition rest.h:244
request_t * request
Current request.
Definition rest.h:233
char * buffer
Raw incoming HTTP data.
Definition rest.h:236
int code
HTTP Status Code.
Definition rest.h:240
write_state_t state
Decoder state.
Definition rest.h:234
bool fail_header_decode
Force header decoding to fail for debugging purposes.
Definition rest.h:170
char const * proxy
Send request via this proxy.
Definition rest.h:110
size_t used
Space used in buffer.
Definition rest.h:238
struct rlm_rest_call_env_t::@185 request
http_body_type_t type
HTTP Content Type.
Definition rest.h:241
char * body
Pointer to the buffer which contains body data/ Only used when not performing chunked encoding.
Definition rest.h:257
fr_curl_tls_t tls
Definition rest.h:146
#define REST_BODY_MAX_ATTRS
Definition rest.h:41
bool fail_body_decode
Force body decoding to fail for debugging purposes.
Definition rest.h:171
http_body_type_t force_to
Override the Content-Type header in the response to force decoding as a particular type.
Definition rest.h:129
http_method_t
Definition rest.h:43
@ REST_HTTP_METHOD_PATCH
Definition rest.h:48
@ REST_HTTP_METHOD_DELETE
Definition rest.h:49
@ REST_HTTP_METHOD_PUT
Definition rest.h:47
@ REST_HTTP_METHOD_POST
Definition rest.h:46
@ REST_HTTP_METHOD_UNKNOWN
Definition rest.h:44
@ REST_HTTP_METHOD_CUSTOM
Must always come last, should not be in method table.
Definition rest.h:50
@ REST_HTTP_METHOD_GET
Definition rest.h:45
size_t max_body_in
Maximum size of incoming data.
Definition rest.h:132
fr_dcursor_t cursor
Cursor pointing to the start of the list to encode.
Definition rest.h:218
http_body_type_t force_to
Force decoding the body type as a particular encoding.
Definition rest.h:242
http_body_type_t
Definition rest.h:53
@ REST_HTTP_BODY_HTML
Definition rest.h:64
@ REST_HTTP_BODY_PLAIN
Definition rest.h:65
@ REST_HTTP_BODY_JSON
Definition rest.h:61
@ REST_HTTP_BODY_INVALID
Definition rest.h:57
@ REST_HTTP_BODY_XML
Definition rest.h:62
@ REST_HTTP_BODY_UNSUPPORTED
Definition rest.h:55
@ REST_HTTP_BODY_YAML
Definition rest.h:63
@ REST_HTTP_BODY_POST
Definition rest.h:60
@ REST_HTTP_BODY_CUSTOM
Definition rest.h:59
@ REST_HTTP_BODY_NUM_ENTRIES
Definition rest.h:67
@ REST_HTTP_BODY_CRL
Definition rest.h:66
@ REST_HTTP_BODY_UNKNOWN
Definition rest.h:54
@ REST_HTTP_BODY_NONE
Definition rest.h:58
@ REST_HTTP_BODY_UNAVAILABLE
Definition rest.h:56
char const * method_str
The string version of the HTTP method.
Definition rest.h:112
@ READ_STATE_ATTR_CONT
Definition rest.h:194
@ READ_STATE_ATTR_BEGIN
Definition rest.h:193
@ READ_STATE_END
Definition rest.h:195
@ READ_STATE_INIT
Definition rest.h:192
rlm_rest_section_t const * section
Section configuration.
Definition rest.h:231
char const * body_str
The string version of the encoding/content type.
Definition rest.h:115
#define REST_BODY_ALLOC_CHUNK
Definition rest.h:40
struct rlm_rest_call_env_t::@186 response
HIDDEN fr_dict_attr_t const * attr_rest_http_body
Definition rlm_rest.c:284
rlm_rest_section_request_t request
Request configuration.
Definition rest.h:143
rlm_rest_response_t response
Response context data.
Definition rest.h:261
size_t(* rest_read_t)(void *ptr, size_t size, size_t nmemb, void *userdata)
Definition rest.h:296
#define REST_BODY_MAX_LEN
Definition rest.h:39
rlm_rest_section_t const * section
Section configuration.
Definition rest.h:213
void * encoder
Encoder specific data.
Definition rest.h:222
rlm_rest_request_t request
Request context data.
Definition rest.h:260
rlm_rest_section_response_t response
Response configuration.
Definition rest.h:144
fr_time_delta_t timeout
Timeout timeval.
Definition rest.h:141
@ WRITE_STATE_INIT
Definition rest.h:202
@ WRITE_STATE_PARSE_HEADERS
Definition rest.h:203
@ WRITE_STATE_PARSE_CONTENT
Definition rest.h:204
char const * name
Section name.
Definition rest.h:139
http_auth_type_t
Definition rest.h:70
@ REST_HTTP_AUTH_NTLM_WB
Definition rest.h:79
@ REST_HTTP_AUTH_NUM_ENTRIES
Definition rest.h:82
@ REST_HTTP_AUTH_BASIC
Definition rest.h:74
@ REST_HTTP_AUTH_NTLM
Definition rest.h:78
@ REST_HTTP_AUTH_DIGEST
Definition rest.h:75
@ REST_HTTP_AUTH_TLS_SRP
Definition rest.h:73
@ REST_HTTP_AUTH_UNKNOWN
Definition rest.h:71
@ REST_HTTP_AUTH_GSSNEGOTIATE
Definition rest.h:77
@ REST_HTTP_AUTH_ANY
Definition rest.h:80
@ REST_HTTP_AUTH_NONE
Definition rest.h:72
@ REST_HTTP_AUTH_DIGEST_IE
Definition rest.h:76
@ REST_HTTP_AUTH_ANY_SAFE
Definition rest.h:81
size_t alloc
Space allocated for buffer.
Definition rest.h:237
request_t * request
Current request.
Definition rest.h:215
rlm_rest_t const * instance
This instance of rlm_rest.
Definition rest.h:212
char const * rest_no_proxy
Magic pointer value for determining if we should disable proxying.
Definition rlm_rest.c:95
uint32_t chunk
Max chunk-size (mainly for testing the encoders)
Definition rest.h:124
size_t chunk
Chunk size.
Definition rest.h:220
static char const * name
#define FR_SBUFF_OUT(_start, _len_or_end)
void * data
Module's instance data.
Definition module.h:272
static fr_dict_attr_t const * tmpl_list(tmpl_t const *vpt)
Definition tmpl.h:904
ssize_t tmpl_afrom_attr_str(TALLOC_CTX *ctx, tmpl_attr_error_t *err, tmpl_t **out, char const *name, tmpl_rules_t const *rules))
Parse a string into a TMPL_TYPE_ATTR_* type tmpl_t.
fr_pair_list_t * tmpl_list_head(request_t *request, fr_dict_attr_t const *list)
Resolve attribute fr_pair_list_t value to an attribute list.
Definition tmpl_eval.c:70
TALLOC_CTX * tmpl_list_ctx(request_t *request, fr_dict_attr_t const *list)
Return the correct TALLOC_CTX to alloc fr_pair_t in, for a list.
Definition tmpl_eval.c:110
int tmpl_request_ptr(request_t **request, FR_DLIST_HEAD(tmpl_request_list) const *rql)
Resolve a tmpl_request_ref_t to a request_t.
Definition tmpl_eval.c:163
static fr_dict_attr_t const * tmpl_attr_tail_da(tmpl_t const *vpt)
Return the last attribute reference da.
Definition tmpl.h:801
static char const * tmpl_list_name(fr_dict_attr_t const *list, char const *def)
Return the name of a tmpl list or def if list not provided.
Definition tmpl.h:915
Optional arguments passed to vp_tmpl functions.
Definition tmpl.h:332
static char buff[sizeof("18446744073709551615")+3]
Definition size_tests.c:41
#define fr_skip_whitespace(_p)
Skip whitespace ('\t', '\n', '\v', '\f', '\r', ' ')
Definition skip.h:37
PUBLIC int snprintf(char *string, size_t length, char *format, va_alist)
Definition snprintf.c:689
return count
Definition module.c:155
eap_aka_sim_process_conf_t * inst
fr_aka_sim_id_type_t type
fr_pair_t * vp
size_t strlcpy(char *dst, char const *src, size_t siz)
Definition strlcpy.c:34
Stores an attribute, a value and various bits of other data.
Definition pair.h:68
fr_dict_attr_t const *_CONST da
Dictionary attribute defines the attribute number, vendor and type of the pair.
Definition pair.h:69
#define fr_table_value_by_str(_table, _name, _def)
Convert a string to a value using a sorted or ordered table.
Definition table.h:653
#define fr_table_str_by_value(_table, _number, _def)
Convert an integer to a string.
Definition table.h:772
#define fr_table_value_by_substr(_table, _name, _name_len, _def)
Convert a partial string to a value using an ordered or sorted table.
Definition table.h:693
An element in a lexicographically sorted array of name to num mappings.
Definition table.h:49
char * talloc_bstr_realloc(TALLOC_CTX *ctx, char *in, size_t inlen)
Trim a bstr (char) buffer.
Definition talloc.c:650
char * talloc_typed_asprintf(TALLOC_CTX *ctx, char const *fmt,...)
Call talloc vasprintf, setting the type on the new chunk correctly.
Definition talloc.c:514
Functions which we wish were included in the standard talloc distribution.
#define talloc_get_type_abort_const
Definition talloc.h:287
static size_t talloc_strlen(char const *s)
Returns the length of a talloc array containing a string.
Definition talloc.h:294
Simple time functions.
static int64_t fr_time_delta_to_msec(fr_time_delta_t delta)
Definition time.h:637
A time delta, a difference in time measured in nanoseconds.
Definition time.h:80
fr_table_num_ordered_t const fr_tokens_table[]
Definition token.c:34
enum fr_token fr_token_t
@ T_BARE_WORD
Definition token.h:120
@ T_OP_EQ
Definition token.h:83
@ T_OP_SET
Definition token.h:84
@ T_OP_ADD_EQ
Definition token.h:69
ssize_t xlat_aeval(TALLOC_CTX *ctx, char **out, request_t *request, char const *fmt, xlat_escape_legacy_t escape, void const *escape_ctx))
Definition xlat_eval.c:1795
#define fr_pair_dcursor_by_da_init(_cursor, _list, _da)
Initialise a cursor that will return only attributes matching the specified fr_dict_attr_t.
Definition pair.h:622
ssize_t fr_pair_print_value_quoted(fr_sbuff_t *out, fr_pair_t const *vp, fr_token_t quote)
Print the value of an attribute to a string.
Definition pair_print.c:53
#define fr_pair_dcursor_init(_cursor, _list)
Initialises a special dcursor with callbacks that will maintain the attr sublists correctly.
Definition pair.h:587
static char const * fr_type_to_str(fr_type_t type)
Return a static string containing the type name.
Definition types.h:450
int fr_value_box_cast(TALLOC_CTX *ctx, fr_value_box_t *dst, fr_type_t dst_type, fr_dict_attr_t const *dst_enumv, fr_value_box_t const *src)
Convert one type of fr_value_box_t to another.
Definition value.c:3574
void fr_value_box_strdup_shallow(fr_value_box_t *dst, fr_dict_attr_t const *enumv, char const *src, bool tainted)
Assign a buffer containing a nul terminated string to a box, but don't copy it.
Definition value.c:4267
void fr_value_box_bstrndup_shallow(fr_value_box_t *dst, fr_dict_attr_t const *enumv, char const *src, size_t len, bool tainted)
Assign a string to to a fr_value_box_t.
Definition value.c:4463
static fr_slen_t data
Definition value.h:1288
#define FR_VALUE_BOX_INITIALISER_NULL(_vb)
A static initialiser for stack/globally allocated boxes.
Definition value.h:507
#define fr_box_strvalue_len(_val, _len)
Definition value.h:305
#define fr_value_box_init_null(_vb)
Initialise an empty/null box that will be filled later.
Definition value.h:612
#define fr_box_strvalue(_val)
Definition value.h:304
#define fr_box_time_delta(_val)
Definition value.h:362
#define fr_value_box(_box, _var, _tainted)
Automagically fill in a box, determining the value type from the type of the C variable.
Definition value.h:894
#define fr_value_box_list_foreach(_list_head, _iter)
Definition value.h:222
static size_t char ** out
Definition value.h:1020