The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
rlm_sql.c
Go to the documentation of this file.
1/*
2 * This program is is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or (at
5 * your option) any later version.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17/**
18 * $Id: a0cfdd6ca285f99026a4be76a612565300d72744 $
19 * @file rlm_sql.c
20 * @brief Implements SQL 'users' file, and SQL accounting.
21 *
22 * @copyright 2012-2014 Arran Cudbard-Bell (a.cudbardb@freeradius.org)
23 * @copyright 2000,2006 The FreeRADIUS server project
24 * @copyright 2000 Mike Machado (mike@innercite.com)
25 * @copyright 2000 Alan DeKok (aland@freeradius.org)
26 */
27
28RCSID("$Id: a0cfdd6ca285f99026a4be76a612565300d72744 $")
29
30#define LOG_PREFIX mctx->mi->name
31
32#include <freeradius-devel/server/base.h>
33#include <freeradius-devel/server/exfile.h>
34#include <freeradius-devel/server/map_proc.h>
35#include <freeradius-devel/server/module_rlm.h>
36#include <freeradius-devel/server/pairmove.h>
37#include <freeradius-devel/util/debug.h>
38#include <freeradius-devel/util/dict.h>
39#include <freeradius-devel/util/table.h>
40#include <freeradius-devel/unlang/function.h>
41#include <freeradius-devel/unlang/xlat_func.h>
42
43#include <sys/stat.h>
44
45#include "rlm_sql.h"
46
47#define SQL_SAFE_FOR (fr_value_box_safe_for_t)inst->driver
48
49extern module_rlm_t rlm_sql;
50
51static int submodule_parse(TALLOC_CTX *ctx, void *out, void *parent, CONF_ITEM *ci, conf_parser_t const *rule);
52
53typedef struct {
54 fr_dict_attr_t const *group_da;
55} rlm_sql_boot_t;
56
57static const conf_parser_t module_config[] = {
58 { FR_CONF_OFFSET_TYPE_FLAGS("driver", FR_TYPE_VOID, 0, rlm_sql_t, driver_submodule), .dflt = "null",
59 .func = submodule_parse },
60 { FR_CONF_OFFSET("server", rlm_sql_config_t, sql_server), .dflt = "" }, /* Must be zero length so drivers can determine if it was set */
61 { FR_CONF_OFFSET("port", rlm_sql_config_t, sql_port), .dflt = "0" },
62 { FR_CONF_OFFSET("login", rlm_sql_config_t, sql_login), .dflt = "" },
63 { FR_CONF_OFFSET_FLAGS("password", CONF_FLAG_SECRET, rlm_sql_config_t, sql_password), .dflt = "" },
64 { FR_CONF_OFFSET("radius_db", rlm_sql_config_t, sql_db), .dflt = "radius" },
65 { FR_CONF_OFFSET("read_groups", rlm_sql_config_t, read_groups), .dflt = "yes" },
66 { FR_CONF_OFFSET("group_attribute", rlm_sql_config_t, group_attribute) },
67 { FR_CONF_OFFSET("cache_groups", rlm_sql_config_t, cache_groups) },
68 { FR_CONF_OFFSET("read_profiles", rlm_sql_config_t, read_profiles), .dflt = "yes" },
69 { FR_CONF_OFFSET("open_query", rlm_sql_config_t, connect_query) },
70
71 { FR_CONF_OFFSET("safe_characters", rlm_sql_config_t, allowed_chars), .dflt = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" },
72
73 /*
74 * This only works for a few drivers.
75 */
76 { FR_CONF_OFFSET("query_timeout", rlm_sql_config_t, query_timeout), .dflt = "5" },
77
78 /*
79 * The pool section is used for trunk config
80 */
81 { FR_CONF_OFFSET_SUBSECTION("pool", 0, rlm_sql_config_t, trunk_conf, trunk_config) },
82
83 { FR_CONF_OFFSET_FLAGS("expand_rhs", CONF_FLAG_HIDDEN, rlm_sql_config_t, expand_rhs) },
84
85 CONF_PARSER_TERMINATOR
86};
87
88static fr_dict_t const *dict_freeradius;
89
90extern fr_dict_autoload_t rlm_sql_dict[];
91fr_dict_autoload_t rlm_sql_dict[] = {
92 { .out = &dict_freeradius, .proto = "freeradius" },
93 { NULL }
94};
95
96static fr_dict_attr_t const *attr_fall_through;
97static fr_dict_attr_t const *attr_sql_user_name;
98static fr_dict_attr_t const *attr_user_profile;
99static fr_dict_attr_t const *attr_expr_bool_enum;
100
101extern fr_dict_attr_autoload_t rlm_sql_dict_attr[];
102fr_dict_attr_autoload_t rlm_sql_dict_attr[] = {
103 { .out = &attr_fall_through, .name = "Fall-Through", .type = FR_TYPE_BOOL, .dict = &dict_freeradius },
104 { .out = &attr_sql_user_name, .name = "SQL-User-Name", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
105 { .out = &attr_user_profile, .name = "User-Profile", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
106 { .out = &attr_expr_bool_enum, .name = "Expr-Bool-Enum", .type = FR_TYPE_BOOL, .dict = &dict_freeradius },
107 { NULL }
108};
109
110typedef struct {
111 fr_value_box_t user; //!< Expansion of the sql_user_name
112 tmpl_t *check_query; //!< Tmpl to expand to form authorize_check_query
113 tmpl_t *reply_query; //!< Tmpl to expand to form authorize_reply_query
114 tmpl_t *membership_query; //!< Tmpl to expand to form group_membership_query
115 tmpl_t *group_check_query; //!< Tmpl to expand to form authorize_group_check_query
116 tmpl_t *group_reply_query; //!< Tmpl to expand to form authorize_group_reply_query
117} sql_autz_call_env_t;
118
119static int logfile_call_env_parse(TALLOC_CTX *ctx, call_env_parsed_head_t *out, tmpl_rules_t const *t_rules, CONF_ITEM *cc,
120 call_env_ctx_t const *cec, call_env_parser_t const *rule);
121
122static int query_call_env_parse(TALLOC_CTX *ctx, call_env_parsed_head_t *out, tmpl_rules_t const *t_rules, CONF_ITEM *cc,
123 call_env_ctx_t const *cec, call_env_parser_t const *rule);
124
128
129static const call_env_method_t xlat_method_env = {
130 FR_CALL_ENV_METHOD_OUT(sql_xlat_call_env_t),
131 .env = (call_env_parser_t[]) {
132 { FR_CALL_ENV_OFFSET("logfile", FR_TYPE_STRING, CALL_ENV_FLAG_CONCAT, sql_xlat_call_env_t, filename),
133 .pair.escape = {
134 .box_escape = {
135 .func = rad_filename_box_make_safe,
136 .safe_for = (fr_value_box_safe_for_t)rad_filename_box_make_safe,
137 .always_escape = false,
138 },
139 .mode = TMPL_ESCAPE_PRE_CONCAT
140 },
141 .pair.literals_safe_for = (fr_value_box_safe_for_t)rad_filename_box_make_safe,
142 },
143 CALL_ENV_TERMINATOR
144 }
145};
146
147typedef struct rlm_sql_grouplist_s rlm_sql_grouplist_t;
148
149/** Status of the authorization process
150 */
151typedef enum {
152 SQL_AUTZ_CHECK = 0x12, //!< Running user `check` query
153 SQL_AUTZ_CHECK_RESUME = 0x13, //!< Completed user `check` query
154 SQL_AUTZ_REPLY = 0x14, //!< Running user `reply` query
155 SQL_AUTZ_REPLY_RESUME = 0x15, //!< Completed user `reply` query
156 SQL_AUTZ_GROUP_MEMB = 0x20, //!< Running group membership query
157 SQL_AUTZ_GROUP_MEMB_RESUME = 0x21, //!< Completed group membership query
158 SQL_AUTZ_GROUP_CHECK = 0x22, //!< Running group `check` query
159 SQL_AUTZ_GROUP_CHECK_RESUME = 0x23, //!< Completed group `check` query
160 SQL_AUTZ_GROUP_REPLY = 0x24, //!< Running group `reply` query
161 SQL_AUTZ_GROUP_REPLY_RESUME = 0x25, //!< Completed group `reply` query
162 SQL_AUTZ_PROFILE_START = 0x40, //!< Starting processing user profiles
163 SQL_AUTZ_PROFILE_CHECK = 0x42, //!< Running profile `check` query
164 SQL_AUTZ_PROFILE_CHECK_RESUME = 0x43, //!< Completed profile `check` query
165 SQL_AUTZ_PROFILE_REPLY = 0x44, //!< Running profile `reply` query
166 SQL_AUTZ_PROFILE_REPLY_RESUME = 0x45, //!< Completed profile `reply` query
167} sql_autz_status_t;
168
169#define SQL_AUTZ_STAGE_GROUP 0x20
170#define SQL_AUTZ_STAGE_PROFILE 0x40
171
172/** Context for group membership query evaluation
173 */
174typedef struct {
175 rlm_sql_t const *inst; //!< Module instance.
176 fr_value_box_t *query; //!< Query string used for evaluating group membership.
177 fr_sql_query_t *query_ctx; //!< Query context.
178 rlm_sql_grouplist_t *groups; //!< List of groups retrieved.
179 int num_groups; //!< How many groups have been retrieved.
180} sql_group_ctx_t;
181
182/** Context for SQL authorization
183 */
184typedef struct {
185 rlm_sql_t const *inst; //!< Module instance.
186 request_t *request; //!< Request being processed.
187 rlm_rcode_t rcode; //!< Module return code.
188 trunk_t *trunk; //!< Trunk connection for current authorization.
189 sql_autz_call_env_t *call_env; //!< Call environment data.
190 map_list_t check_tmp; //!< List to store check items before processing.
191 map_list_t reply_tmp; //!< List to store reply items before processing.
192 sql_autz_status_t status; //!< Current status of the authorization.
193 fr_value_box_list_t query; //!< Where expanded query tmpls will be written.
194 bool user_found; //!< Has the user been found anywhere?
195 rlm_sql_grouplist_t *group; //!< Current group being processed.
196 fr_pair_t *sql_group; //!< Pair to update with group being processed.
197 fr_pair_t *profile; //!< Current profile being processed.
198 fr_sql_map_ctx_t *map_ctx; //!< Context used for retrieving attribute value pairs as a map list.
199 sql_group_ctx_t *group_ctx; //!< Context used for retrieving user group membership.
200} sql_autz_ctx_t;
201
202/** Context for SQL maps
203 *
204 */
205typedef struct {
206 rlm_sql_t const *inst;
207 map_list_t const *maps;
208 fr_sql_query_t *query_ctx;
209} sql_map_ctx_t;
210
211typedef struct {
212 fr_value_box_t user; //!< Expansion of sql_user_name.
213 fr_value_box_t filename; //!< File name to write SQL logs to.
214 tmpl_t **query; //!< Array of tmpls for list of queries to run.
215} sql_redundant_call_env_t;
216
226
236
237/** Context for tracking redundant SQL query sets
238 */
239typedef struct {
240 rlm_sql_t const *inst; //!< Module instance.
241 request_t *request; //!< Request being processed.
242 trunk_t *trunk; //!< Trunk connection for queries.
243 sql_redundant_call_env_t *call_env; //!< Call environment data.
244 size_t query_no; //!< Current query number.
245 fr_value_box_list_t query; //!< Where expanded query tmpl will be written.
246 fr_value_box_t *query_vb; //!< Current query string.
247 fr_sql_query_t *query_ctx; //!< Query context for current query.
248} sql_redundant_ctx_t;
249
254
263
264int submodule_parse(TALLOC_CTX *ctx, void *out, void *parent, CONF_ITEM *ci, conf_parser_t const *rule)
265{
266 rlm_sql_t *inst = talloc_get_type_abort(parent, rlm_sql_t);
267 module_instance_t *mi;
268 int ret;
269
270 if (unlikely(ret = module_rlm_submodule_parse(ctx, out, parent, ci, rule) < 0)) return ret;
271
272 mi = talloc_get_type_abort(*((void **)out), module_instance_t);
273 inst->driver = (rlm_sql_driver_t const *)mi->exported; /* Public symbol exported by the submodule */
274
275 return 0;
276}
277
278static int _sql_escape_uxtx_free(void *uctx)
279{
280 return talloc_free(uctx);
281}
282
283/*
284 * Create a thread local uctx which is used in SQL value box escaping
285 * so that an already reserved connection can be used.
286 */
287static void *sql_escape_uctx_alloc(UNUSED request_t *request, void const *uctx)
288{
289 static _Thread_local rlm_sql_escape_uctx_t *t_ctx;
290
291 if (unlikely(t_ctx == NULL)) {
292 rlm_sql_escape_uctx_t *ctx;
293
294 MEM(ctx = talloc_zero(NULL, rlm_sql_escape_uctx_t));
295 fr_atexit_thread_local(t_ctx, _sql_escape_uxtx_free, ctx);
296 }
297 t_ctx->sql = uctx;
298
299 return t_ctx;
300}
301
302/*
303 * Fall-Through checking function from rlm_files.c
304 */
305static sql_fall_through_t fall_through(map_list_t *maps)
306{
307 bool rcode;
308 map_t *map, *next;
309
310 for (map = map_list_head(maps);
311 map != NULL;
312 map = next) {
313 next = map_list_next(maps, map);
314
315 fr_assert(tmpl_is_attr(map->lhs));
316
317 if (tmpl_attr_tail_da(map->lhs) == attr_fall_through) {
318 (void) map_list_remove(maps, map);
319
320 if (tmpl_is_data(map->rhs)) {
321 fr_assert(tmpl_value_type(map->rhs) == FR_TYPE_BOOL);
322
323 rcode = tmpl_value(map->rhs)->vb_bool;
324 } else {
325 rcode = false;
326 }
327
328 talloc_free(map);
329 return rcode;
330 }
331 }
332
333 return FALL_THROUGH_DEFAULT;
334}
335
336/*
337 * Yucky prototype.
338 */
339static ssize_t sql_escape_func(request_t *, char *out, size_t outlen, char const *in, void *arg);
340
341/** Escape a tainted VB used as an xlat argument
342 *
343 */
344static int CC_HINT(nonnull(2,3)) sql_xlat_escape(request_t *request, fr_value_box_t *vb, void *uctx)
345{
346 fr_sbuff_t sbuff;
347 fr_sbuff_uctx_talloc_t sbuff_ctx;
348
349 ssize_t len;
350 void *arg = NULL;
351 rlm_sql_escape_uctx_t *ctx = uctx;
352 rlm_sql_t const *inst = talloc_get_type_abort_const(ctx->sql, rlm_sql_t);
353 rlm_sql_thread_t *thread = talloc_get_type_abort(module_thread(inst->mi)->data, rlm_sql_thread_t);
354
355 /*
356 * If it's already safe, don't do anything.
357 */
358 if (fr_value_box_is_safe_for(vb, inst->driver)) return 0;
359
360 /*
361 * No need to escape types with inherently safe data
362 */
363 switch (vb->type) {
364 case FR_TYPE_NUMERIC:
365 case FR_TYPE_IP:
366 case FR_TYPE_ETHERNET:
367 fr_value_box_mark_safe_for(vb, inst->driver);
368 return 0;
369
370 default:
371 break;
372 }
373
374 if (inst->sql_escape_arg) {
375 arg = inst->sql_escape_arg;
376 } else if (thread->sql_escape_arg) {
377 arg = thread->sql_escape_arg;
378 }
379 if (!arg) {
380 error:
381 fr_value_box_clear_value(vb);
382 return -1;
383 }
384
385 /*
386 * Escaping functions work on strings - ensure the box is a string
387 */
388 if ((vb->type != FR_TYPE_STRING) && (fr_value_box_cast_in_place(vb, vb, FR_TYPE_STRING, NULL) < 0)) goto error;
389
390 /*
391 * Maximum escaped length is 3 * original - if every character needs escaping
392 */
393 if (!fr_sbuff_init_talloc(vb, &sbuff, &sbuff_ctx, vb->vb_length * 3, vb->vb_length * 3)) {
394 fr_strerror_printf_push("Failed to allocate buffer for escaped sql argument");
395 return -1;
396 }
397
398 len = inst->sql_escape_func(request, fr_sbuff_buff(&sbuff), vb->vb_length * 3 + 1, vb->vb_strvalue, arg);
399 if (len < 0) goto error;
400
401 fr_sbuff_trim_talloc(&sbuff, len);
402 fr_value_box_strdup_shallow_replace(vb, fr_sbuff_buff(&sbuff), len);
403
404 /*
405 * Different databases have slightly different ideas as
406 * to what is safe. So we track the database type in the
407 * safe value. This means that we don't
408 * cross-contaminate "safe" values across databases.
409 */
410 fr_value_box_mark_safe_for(vb, inst->driver);
411
412 return 0;
413}
414
415static int sql_box_escape(fr_value_box_t *vb, void *uctx)
416{
417 return sql_xlat_escape(NULL, vb, uctx);
418}
419
420/** Escape a value to make it SQL safe.
421 *
422@verbatim
423%sql.escape(<value>)
424@endverbatim
425 *
426 * @ingroup xlat_functions
427 */
428static xlat_action_t sql_escape_xlat(UNUSED TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx,
429 request_t *request, fr_value_box_list_t *in)
430{
431 rlm_sql_t const *inst = talloc_get_type_abort(xctx->mctx->mi->data, rlm_sql_t);
432 fr_value_box_t *vb;
433 rlm_sql_escape_uctx_t *escape_uctx = NULL;
434
435 while ((vb = fr_value_box_list_pop_head(in))) {
436 if (fr_value_box_is_safe_for(vb, inst->driver)) goto append;
437 if (!escape_uctx) escape_uctx = sql_escape_uctx_alloc(request, inst);
438 sql_box_escape(vb, escape_uctx);
439 append:
440 fr_dcursor_append(out, vb);
441 }
442 return XLAT_ACTION_DONE;
443}
444
445static xlat_action_t sql_xlat_query_resume(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx,
446 request_t *request, UNUSED fr_value_box_list_t *in)
447{
448 fr_sql_query_t *query_ctx = talloc_get_type_abort(xctx->rctx, fr_sql_query_t);
449 rlm_sql_t const *inst = query_ctx->inst;
450 fr_value_box_t *vb;
451 xlat_action_t ret = XLAT_ACTION_DONE;
452 int numaffected;
453
454 fr_assert(query_ctx->type == SQL_QUERY_OTHER);
455
456 switch (query_ctx->rcode) {
457 case RLM_SQL_QUERY_INVALID:
458 case RLM_SQL_ERROR:
459 case RLM_SQL_RECONNECT:
460 RERROR("SQL query failed: %s", fr_table_str_by_value(sql_rcode_description_table,
461 query_ctx->rcode, "<INVALID>"));
462 rlm_sql_print_error(inst, request, query_ctx, false);
463 ret = XLAT_ACTION_FAIL;
464 goto finish;
465
466 default:
467 break;
468 }
469
470 numaffected = (inst->driver->sql_affected_rows)(query_ctx, &inst->config);
471 if (numaffected < 1) {
472 RDEBUG2("SQL query affected no rows");
473 goto finish;
474 }
475
476 MEM(vb = fr_value_box_alloc_null(ctx));
477 fr_value_box_uint32(vb, NULL, (uint32_t)numaffected, false);
478 fr_dcursor_append(out, vb);
479
480finish:
481 talloc_free(query_ctx);
482
483 return ret;
484}
485
486static xlat_action_t sql_xlat_select_resume(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx,
487 request_t *request, UNUSED fr_value_box_list_t *in)
488{
489 fr_sql_query_t *query_ctx = talloc_get_type_abort(xctx->rctx, fr_sql_query_t);
490 rlm_sql_t const *inst = query_ctx->inst;
491 fr_value_box_t *vb;
492 xlat_action_t ret = XLAT_ACTION_DONE;
493 rlm_rcode_t p_result;
494 rlm_sql_row_t row;
495 bool fetched = false;
496
497 fr_assert(query_ctx->type == SQL_QUERY_SELECT);
498
499 if (query_ctx->rcode != RLM_SQL_OK) {
500 query_error:
501 RERROR("SQL query failed: %s", fr_table_str_by_value(sql_rcode_description_table,
502 query_ctx->rcode, "<INVALID>"));
503 rlm_sql_print_error(inst, request, query_ctx, false);
504 ret = XLAT_ACTION_FAIL;
505 goto finish;
506 }
507
508 do {
509 inst->fetch_row(&p_result, NULL, request, query_ctx);
510 row = query_ctx->row;
511 switch (query_ctx->rcode) {
512 case RLM_SQL_OK:
513 if (row[0]) break;
514
515 RDEBUG2("NULL value in first column of result");
516 goto finish;
517
518 case RLM_SQL_NO_MORE_ROWS:
519 if (!fetched) RDEBUG2("SQL query returned no results");
520 goto finish;
521
522 default:
523 goto query_error;
524 }
525
526 fetched = true;
527
528 MEM(vb = fr_value_box_alloc_null(ctx));
529 fr_value_box_strdup(vb, vb, NULL, row[0], false);
530 fr_dcursor_append(out, vb);
531
532 } while (1);
533
534finish:
535 talloc_free(query_ctx);
536
537 return ret;
538}
539
540/** Execute an arbitrary SQL query
541 *
542 * For SELECTs, the values of the first column will be returned.
543 * For INSERTS, UPDATEs and DELETEs, the number of rows affected will
544 * be returned instead.
545 *
546@verbatim
547%sql(<sql statement>)
548@endverbatim
549 *
550 * @ingroup xlat_functions
551 */
552static xlat_action_t sql_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out,
553 xlat_ctx_t const *xctx,
554 request_t *request, fr_value_box_list_t *in)
555{
556 sql_xlat_call_env_t *call_env = talloc_get_type_abort(xctx->env_data, sql_xlat_call_env_t);
557 rlm_sql_t const *inst = talloc_get_type_abort(xctx->mctx->mi->data, rlm_sql_t);
558 rlm_sql_thread_t *thread = talloc_get_type_abort(xctx->mctx->thread, rlm_sql_thread_t);
559 char const *p;
560 fr_value_box_t *arg = fr_value_box_list_head(in);
561 fr_sql_query_t *query_ctx = NULL;
562 rlm_rcode_t p_result;
563 unlang_action_t query_ret = UNLANG_ACTION_CALCULATE_RESULT;
564
565 if (call_env->filename.type == FR_TYPE_STRING && call_env->filename.vb_length > 0) {
566 rlm_sql_query_log(inst, call_env->filename.vb_strvalue, arg->vb_strvalue);
567 }
568
569 p = arg->vb_strvalue;
570
571 /*
572 * Trim whitespace for the prefix check
573 */
574 fr_skip_whitespace(p);
575
576 /*
577 * If the query starts with any of the following prefixes,
578 * then return the number of rows affected
579 */
580 if ((strncasecmp(p, "insert", 6) == 0) ||
581 (strncasecmp(p, "update", 6) == 0) ||
582 (strncasecmp(p, "delete", 6) == 0)) {
583 MEM(query_ctx = fr_sql_query_alloc(unlang_interpret_frame_talloc_ctx(request), inst, request,
584 thread->trunk, arg->vb_strvalue, SQL_QUERY_OTHER));
585
586 unlang_xlat_yield(request, sql_xlat_query_resume, NULL, 0, query_ctx);
587 query_ret = inst->query(&p_result, NULL, request, query_ctx);
588 if (query_ret == UNLANG_ACTION_PUSHED_CHILD) return XLAT_ACTION_PUSH_UNLANG;
589
590 return sql_xlat_query_resume(ctx, out, &(xlat_ctx_t){.rctx = query_ctx, .inst = inst}, request, in);
591 } /* else it's a SELECT statement */
592
593 MEM(query_ctx = fr_sql_query_alloc(unlang_interpret_frame_talloc_ctx(request), inst, request,
594 thread->trunk, arg->vb_strvalue, SQL_QUERY_SELECT));
595
596 unlang_xlat_yield(request, sql_xlat_select_resume, NULL, 0, query_ctx);
597 if (unlang_function_push(request, inst->select, NULL, NULL, 0, UNLANG_SUB_FRAME, query_ctx) != UNLANG_ACTION_PUSHED_CHILD) return XLAT_ACTION_FAIL;
598
599 return XLAT_ACTION_PUSH_UNLANG;
600}
601
602/** Execute an arbitrary SQL query, expecting results to be returned
603 *
604@verbatim
605%sql.fetch(<sql statement>)
606@endverbatim
607 *
608 * @ingroup xlat_functions
609 */
610static xlat_action_t sql_fetch_xlat(UNUSED TALLOC_CTX *ctx, UNUSED fr_dcursor_t *out, xlat_ctx_t const *xctx,
611 request_t *request, fr_value_box_list_t *in)
612{
613 sql_xlat_call_env_t *call_env = talloc_get_type_abort(xctx->env_data, sql_xlat_call_env_t);
614 rlm_sql_t const *inst = talloc_get_type_abort(xctx->mctx->mi->data, rlm_sql_t);
615 rlm_sql_thread_t *thread = talloc_get_type_abort(xctx->mctx->thread, rlm_sql_thread_t);
616 fr_value_box_t *arg = fr_value_box_list_head(in);
617 fr_sql_query_t *query_ctx = NULL;
618
619 if (call_env->filename.type == FR_TYPE_STRING && call_env->filename.vb_length > 0) {
620 rlm_sql_query_log(inst, call_env->filename.vb_strvalue, arg->vb_strvalue);
621 }
622
623 MEM(query_ctx = fr_sql_query_alloc(unlang_interpret_frame_talloc_ctx(request), inst, request,
624 thread->trunk, arg->vb_strvalue, SQL_QUERY_SELECT));
625
626 unlang_xlat_yield(request, sql_xlat_select_resume, NULL, 0, query_ctx);
627 if (unlang_function_push(request, inst->select, NULL, NULL, 0, UNLANG_SUB_FRAME, query_ctx) != UNLANG_ACTION_PUSHED_CHILD) return XLAT_ACTION_FAIL;
628
629 return XLAT_ACTION_PUSH_UNLANG;
630}
631
632/** Execute an arbitrary SQL query, returning the number of rows affected
633 *
634@verbatim
635%sql.modify(<sql statement>)
636@endverbatim
637 *
638 * @ingroup xlat_functions
639 */
640static xlat_action_t sql_modify_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx,
641 request_t *request, fr_value_box_list_t *in)
642{
643 sql_xlat_call_env_t *call_env = talloc_get_type_abort(xctx->env_data, sql_xlat_call_env_t);
644 rlm_sql_t const *inst = talloc_get_type_abort(xctx->mctx->mi->data, rlm_sql_t);
645 rlm_sql_thread_t *thread = talloc_get_type_abort(xctx->mctx->thread, rlm_sql_thread_t);
646 fr_value_box_t *arg = fr_value_box_list_head(in);
647 fr_sql_query_t *query_ctx = NULL;
648 rlm_rcode_t p_result;
649
650 if (call_env->filename.type == FR_TYPE_STRING && call_env->filename.vb_length > 0) {
651 rlm_sql_query_log(inst, call_env->filename.vb_strvalue, arg->vb_strvalue);
652 }
653
654 MEM(query_ctx = fr_sql_query_alloc(unlang_interpret_frame_talloc_ctx(request), inst, request,
655 thread->trunk, arg->vb_strvalue, SQL_QUERY_OTHER));
656
657 unlang_xlat_yield(request, sql_xlat_query_resume, NULL, 0, query_ctx);
658 if (inst->query(&p_result, NULL, request, query_ctx) == UNLANG_ACTION_PUSHED_CHILD) return XLAT_ACTION_PUSH_UNLANG;
659
660 return sql_xlat_query_resume(ctx, out, &(xlat_ctx_t){.rctx = query_ctx, .inst = inst}, request, in);
661}
662
663/** Converts a string value into a #fr_pair_t
664 *
665 * @param[in,out] ctx to allocate #fr_pair_t (s).
666 * @param[out] out where to write the resulting #fr_pair_t.
667 * @param[in] request The current request.
668 * @param[in] map to process.
669 * @param[in] uctx The value to parse.
670 * @return
671 * - 0 on success.
672 * - -1 on failure.
673 */
674static int _sql_map_proc_get_value(TALLOC_CTX *ctx, fr_pair_list_t *out,
675 request_t *request, map_t const *map, void *uctx)
676{
677 fr_pair_t *vp;
678 char const *value = uctx;
679
680 vp = fr_pair_afrom_da_nested(ctx, out, tmpl_attr_tail_da(map->lhs));
681 if (!vp) return -1;
682
683 /*
684 * Buffer not always talloced, sometimes it's
685 * just a pointer to a field in a result struct.
686 */
687 if (fr_pair_value_from_str(vp, value, strlen(value), NULL, true) < 0) {
688 RPEDEBUG("Failed parsing value \"%pV\" for attribute %s",
689 fr_box_strvalue_buffer(value), vp->da->name);
690 return -1;
691 }
692
693 return 0;
694}
695
696/*
697 * Verify the result of the map.
698 */
699static int sql_map_verify(CONF_SECTION *cs, UNUSED void const *mod_inst, UNUSED void *proc_inst,
700 tmpl_t const *src, UNUSED map_list_t const *maps)
701{
702 if (!src) {
703 cf_log_err(cs, "Missing SQL query");
704
705 return -1;
706 }
707
708 return 0;
709}
710
711#define MAX_SQL_FIELD_INDEX (64)
712
713/** Process the results of an SQL map query
714 *
715 * @param[out] p_result Result of applying the map.
716 * @param[in] priority Unused.
717 * @param[in] request Current request.
718 * @param[in] uctx Map context.
719 * @return One of UNLANG_ACTION_*
720 */
721static unlang_action_t mod_map_resume(rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
722{
723 sql_map_ctx_t *map_ctx = talloc_get_type_abort(uctx, sql_map_ctx_t);
724 fr_sql_query_t *query_ctx = map_ctx->query_ctx;
725 map_list_t const *maps = map_ctx->maps;
726 rlm_sql_t const *inst = map_ctx->inst;
727 map_t const *map;
728 rlm_rcode_t rcode = RLM_MODULE_UPDATED;
729 sql_rcode_t ret;
730 char const **fields = NULL, *map_rhs;
731 rlm_sql_row_t row;
732 int i, j, field_cnt, rows = 0;
733 int field_index[MAX_SQL_FIELD_INDEX];
734 char map_rhs_buff[128];
735 bool found_field = false; /* Did we find any matching fields in the result set ? */
736
737 if (query_ctx->rcode != RLM_SQL_OK) {
738 RERROR("SQL query failed: %s", fr_table_str_by_value(sql_rcode_description_table, query_ctx->rcode, "<INVALID>"));
739 rcode = RLM_MODULE_FAIL;
740 goto finish;
741 }
742
743 /*
744 * Not every driver provides an sql_num_rows function
745 */
746 if (inst->driver->sql_num_rows) {
747 ret = inst->driver->sql_num_rows(query_ctx, &inst->config);
748 if (ret == 0) {
749 RDEBUG2("Server returned an empty result");
750 rcode = RLM_MODULE_NOTFOUND;
751 goto finish;
752 }
753
754 if (ret < 0) {
755 RERROR("Failed retrieving row count");
756 error:
757 rcode = RLM_MODULE_FAIL;
758 goto finish;
759 }
760 }
761
762 for (i = 0; i < MAX_SQL_FIELD_INDEX; i++) field_index[i] = -1;
763
764 /*
765 * Map proc only registered if driver provides an sql_fields function
766 */
767 ret = (inst->driver->sql_fields)(&fields, query_ctx, &inst->config);
768 if (ret != RLM_SQL_OK) {
769 RERROR("Failed retrieving field names: %s", fr_table_str_by_value(sql_rcode_description_table, ret, "<INVALID>"));
770 goto error;
771 }
772 fr_assert(fields);
773 field_cnt = talloc_array_length(fields);
774
775 if (RDEBUG_ENABLED3) for (j = 0; j < field_cnt; j++) RDEBUG3("Got field: %s", fields[j]);
776
777 /*
778 * Iterate over the maps, it's O(N2)ish but probably
779 * faster than building a radix tree each time the
780 * map set is evaluated (map->rhs can be dynamic).
781 */
782 for (map = map_list_head(maps), i = 0;
783 map && (i < MAX_SQL_FIELD_INDEX);
784 map = map_list_next(maps, map), i++) {
785 /*
786 * Expand the RHS to get the name of the SQL field
787 */
788 if (tmpl_expand(&map_rhs, map_rhs_buff, sizeof(map_rhs_buff),
789 request, map->rhs) < 0) {
790 RPERROR("Failed getting field name");
791 goto error;
792 }
793
794 for (j = 0; j < field_cnt; j++) {
795 if (strcasecmp(fields[j], map_rhs) != 0) continue;
796 field_index[i] = j;
797 found_field = true;
798 }
799 }
800
801 /*
802 * Couldn't resolve any map RHS values to fields
803 * in the result set.
804 */
805 if (!found_field) {
806 RDEBUG2("No fields matching map found in query result");
807 rcode = RLM_MODULE_NOOP;
808 goto finish;
809 }
810
811 /*
812 * We've resolved all the maps to result indexes, now convert
813 * the values at those indexes into fr_pair_ts.
814 *
815 * Note: Not all SQL client libraries provide a row count,
816 * so we have to do the count here.
817 */
818 while ((inst->fetch_row(p_result, NULL, request, query_ctx) == UNLANG_ACTION_CALCULATE_RESULT) &&
819 (query_ctx->rcode == RLM_SQL_OK)) {
820 row = query_ctx->row;
821 rows++;
822 for (map = map_list_head(maps), j = 0;
823 map && (j < MAX_SQL_FIELD_INDEX);
824 map = map_list_next(maps, map), j++) {
825 if (field_index[j] < 0) continue; /* We didn't find the map RHS in the field set */
826 if (!row[field_index[j]]) {
827 RDEBUG2("Database returned NULL for %s", fields[j]);
828 continue;
829 }
830 if (map_to_request(request, map, _sql_map_proc_get_value, row[field_index[j]]) < 0) goto error;
831 }
832 }
833
834 if (query_ctx->rcode == RLM_SQL_ERROR) goto error;
835
836 if (rows == 0) {
837 RDEBUG2("SQL query returned no results");
838 rcode = RLM_MODULE_NOTFOUND;
839 }
840
841finish:
842 talloc_free(fields);
843 talloc_free(map_ctx);
844
845 RETURN_MODULE_RCODE(rcode);
846}
847
848/** Executes a SELECT query and maps the result to server attributes
849 *
850 * @param p_result Result of map expansion:
851 * - #RLM_MODULE_NOOP no rows were returned or columns matched.
852 * - #RLM_MODULE_UPDATED if one or more #fr_pair_t were added to the #request_t.
853 * - #RLM_MODULE_FAIL if a fault occurred.
854 * @param mod_inst #rlm_sql_t instance.
855 * @param proc_inst Instance data for this specific mod_proc call (unused).
856 * @param request The current request.
857 * @param query string to execute.
858 * @param maps Head of the map list.
859 * @return UNLANG_ACTION_CALCULATE_RESULT
860 */
861static unlang_action_t mod_map_proc(rlm_rcode_t *p_result, void const *mod_inst, UNUSED void *proc_inst, request_t *request,
862 fr_value_box_list_t *query, map_list_t const *maps)
863{
864 rlm_sql_t const *inst = talloc_get_type_abort_const(mod_inst, rlm_sql_t);
865 rlm_sql_thread_t *thread = talloc_get_type_abort(module_thread(inst->mi)->data, rlm_sql_thread_t);
866 fr_value_box_t *query_head = fr_value_box_list_head(query);
867 sql_map_ctx_t *map_ctx;
868 fr_value_box_t *vb = NULL;
869 rlm_sql_escape_uctx_t *escape_uctx = NULL;
870
871 fr_assert(inst->driver->sql_fields); /* Should have been caught during validation... */
872
873 if (!query_head) {
874 REDEBUG("Query cannot be (null)");
875 RETURN_MODULE_FAIL;
876 }
877
878 while ((vb = fr_value_box_list_next(query, vb))) {
879 if (fr_value_box_is_safe_for(vb, inst->driver)) continue;
880 if (!escape_uctx) escape_uctx = sql_escape_uctx_alloc(request, inst);
881 sql_box_escape(vb, escape_uctx);
882 }
883
884 if (fr_value_box_list_concat_in_place(request,
885 query_head, query, FR_TYPE_STRING,
886 FR_VALUE_BOX_LIST_FREE, true,
887 SIZE_MAX) < 0) {
888 RPEDEBUG("Failed concatenating input string");
889 RETURN_MODULE_FAIL;
890 }
891
892 MEM(map_ctx = talloc(unlang_interpret_frame_talloc_ctx(request), sql_map_ctx_t));
893 *map_ctx = (sql_map_ctx_t) {
894 .inst = inst,
895 .maps = maps,
896 };
897
898 MEM(map_ctx->query_ctx = fr_sql_query_alloc(map_ctx, inst, request,
899 thread->trunk, query_head->vb_strvalue, SQL_QUERY_SELECT));
900
901 if (unlang_function_push(request, NULL, mod_map_resume, NULL, 0,
902 UNLANG_SUB_FRAME, map_ctx) != UNLANG_ACTION_PUSHED_CHILD) RETURN_MODULE_FAIL;
903
904 return unlang_function_push(request, inst->select, NULL, NULL, 0, UNLANG_SUB_FRAME, map_ctx->query_ctx);
905}
906
907/** xlat escape function for drivers which do not provide their own
908 *
909 */
910static ssize_t sql_escape_func(UNUSED request_t *request, char *out, size_t outlen, char const *in, void *arg)
911{
912 rlm_sql_t const *inst = talloc_get_type_abort_const(arg, rlm_sql_t);
913 size_t len = 0;
914
915 while (in[0]) {
916 size_t utf8_len;
917
918 /*
919 * Allow all multi-byte UTF8 characters.
920 */
921 utf8_len = fr_utf8_char((uint8_t const *) in, -1);
922 if (utf8_len > 1) {
923 if (outlen <= utf8_len) break;
924
925 memcpy(out, in, utf8_len);
926 in += utf8_len;
927 out += utf8_len;
928
929 outlen -= utf8_len;
930 len += utf8_len;
931 continue;
932 }
933
934 /*
935 * Because we register our own escape function
936 * we're now responsible for escaping all special
937 * chars in an xlat expansion or attribute value.
938 */
939 switch (in[0]) {
940 case '\n':
941 if (outlen <= 2) break;
942 out[0] = '\\';
943 out[1] = 'n';
944
945 in++;
946 out += 2;
947 outlen -= 2;
948 len += 2;
949 break;
950
951 case '\r':
952 if (outlen <= 2) break;
953 out[0] = '\\';
954 out[1] = 'r';
955
956 in++;
957 out += 2;
958 outlen -= 2;
959 len += 2;
960 break;
961
962 case '\t':
963 if (outlen <= 2) break;
964 out[0] = '\\';
965 out[1] = 't';
966
967 in++;
968 out += 2;
969 outlen -= 2;
970 len += 2;
971 break;
972 }
973
974 /*
975 * Non-printable characters get replaced with their
976 * mime-encoded equivalents.
977 */
978 if ((in[0] < 32) ||
979 strchr(inst->config.allowed_chars, *in) == NULL) {
980 /*
981 * Only 3 or less bytes available.
982 */
983 if (outlen <= 3) {
984 break;
985 }
986
987 snprintf(out, outlen, "=%02X", (unsigned char) in[0]);
988 in++;
989 out += 3;
990 outlen -= 3;
991 len += 3;
992 continue;
993 }
994
995 /*
996 * Only one byte left.
997 */
998 if (outlen <= 1) {
999 break;
1000 }
1001
1002 /*
1003 * Allowed character.
1004 */
1005 *out = *in;
1006 out++;
1007 in++;
1008 outlen--;
1009 len++;
1010 }
1011 *out = '\0';
1012 return len;
1013}
1014
1015/*
1016 * Set the SQL user name.
1017 *
1018 * We don't call the escape function here. The resulting string
1019 * will be escaped later in the queries xlat so we don't need to
1020 * escape it twice. (it will make things wrong if we have an
1021 * escape candidate character in the username)
1022 */
1023static void sql_set_user(rlm_sql_t const *inst, request_t *request, fr_value_box_t *user)
1024{
1025 fr_pair_t *vp = NULL;
1026
1027 fr_assert(request->packet != NULL);
1028
1029 MEM(pair_update_request(&vp, inst->sql_user) >= 0);
1030 if(!user || (user->type != FR_TYPE_STRING)) {
1031 pair_delete_request(vp);
1032 return;
1033 }
1034
1035 /*
1036 * Replace any existing SQL-User-Name with new value
1037 */
1038 fr_pair_value_bstrdup_buffer(vp, user->vb_strvalue, user->tainted);
1039 RDEBUG2("SQL-User-Name set to '%pV'", &vp->data);
1040}
1041
1042/*
1043 * Do a set/unset user, so it's a bit clearer what's going on.
1044 */
1045#define sql_unset_user(_i, _r) fr_pair_delete_by_da(&_r->request_pairs, _i->sql_user)
1046
1047
1052
1053static unlang_action_t sql_get_grouplist_resume(rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
1054{
1055 sql_group_ctx_t *group_ctx = talloc_get_type_abort(uctx, sql_group_ctx_t);
1056 fr_sql_query_t *query_ctx = group_ctx->query_ctx;
1057 rlm_sql_t const *inst = group_ctx->inst;
1058 rlm_sql_row_t row;
1059 rlm_sql_grouplist_t *entry = group_ctx->groups;
1060
1061 if (query_ctx->rcode != RLM_SQL_OK) {
1062 error:
1063 talloc_free(query_ctx);
1064 RETURN_MODULE_FAIL;
1065 }
1066
1067 while ((inst->fetch_row(p_result, NULL, request, query_ctx) == UNLANG_ACTION_CALCULATE_RESULT) &&
1068 (query_ctx->rcode == RLM_SQL_OK)) {
1069 row = query_ctx->row;
1070 if (!row[0]){
1071 RDEBUG2("row[0] returned NULL");
1072 goto error;
1073 }
1074
1075 if (!entry) {
1076 group_ctx->groups = talloc_zero(group_ctx, rlm_sql_grouplist_t);
1077 entry = group_ctx->groups;
1078 } else {
1079 entry->next = talloc_zero(group_ctx, rlm_sql_grouplist_t);
1080 entry = entry->next;
1081 }
1082 entry->next = NULL;
1083 entry->name = talloc_typed_strdup(entry, row[0]);
1084
1085 group_ctx->num_groups++;
1086 }
1087
1088 talloc_free(query_ctx);
1089 RETURN_MODULE_OK;
1090}
1091
1092static unlang_action_t sql_get_grouplist(sql_group_ctx_t *group_ctx, trunk_t *trunk, request_t *request)
1093{
1094 rlm_sql_t const *inst = group_ctx->inst;
1095
1096 /* NOTE: sql_set_user should have been run before calling this function */
1097
1098 if (!group_ctx->query || (group_ctx->query->vb_length == 0)) return UNLANG_ACTION_CALCULATE_RESULT;
1099
1100 MEM(group_ctx->query_ctx = fr_sql_query_alloc(group_ctx, inst, request, trunk,
1101 group_ctx->query->vb_strvalue, SQL_QUERY_SELECT));
1102
1103 if (unlang_function_push(request, NULL, sql_get_grouplist_resume, NULL, 0, UNLANG_SUB_FRAME, group_ctx) < 0) return UNLANG_ACTION_FAIL;
1104
1105 return unlang_function_push(request, inst->select, NULL, NULL, 0, UNLANG_SUB_FRAME, group_ctx->query_ctx);
1106}
1107
1108typedef struct {
1109 fr_value_box_list_t query;
1110 sql_group_ctx_t *group_ctx;
1111} sql_group_xlat_ctx_t;
1112
1113/** Compare list of groups returned from SQL query to xlat argument.
1114 *
1115 * Called after the SQL query has completed and group list has been built.
1116 */
1117static xlat_action_t sql_group_xlat_query_resume(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx,
1118 UNUSED request_t *request, fr_value_box_list_t *in)
1119{
1120 sql_group_xlat_ctx_t *xlat_ctx = talloc_get_type_abort(xctx->rctx, sql_group_xlat_ctx_t);
1121 sql_group_ctx_t *group_ctx = talloc_get_type_abort(xlat_ctx->group_ctx, sql_group_ctx_t);
1122 fr_value_box_t *arg = fr_value_box_list_head(in);
1123 char const *name = arg->vb_strvalue;
1124 fr_value_box_t *vb;
1125 rlm_sql_grouplist_t *entry;
1126
1127 fr_skip_whitespace(name);
1128
1129 MEM(vb = fr_value_box_alloc(ctx, FR_TYPE_BOOL, attr_expr_bool_enum));
1130 for (entry = group_ctx->groups; entry != NULL; entry = entry->next) {
1131 if (strcmp(entry->name, name) == 0) {
1132 vb->vb_bool = true;
1133 break;
1134 }
1135 }
1136 fr_dcursor_append(out, vb);
1137
1138 talloc_free(xlat_ctx);
1139
1140 return XLAT_ACTION_DONE;
1141}
1142
1143/** Run SQL query for group membership to return list of groups
1144 *
1145 * Called after group membership query tmpl is expanded
1146 */
1147static xlat_action_t sql_group_xlat_resume(UNUSED TALLOC_CTX *ctx, UNUSED fr_dcursor_t *out, xlat_ctx_t const *xctx,
1148 request_t *request, UNUSED fr_value_box_list_t *in)
1149{
1150 sql_group_xlat_ctx_t *xlat_ctx = talloc_get_type_abort(xctx->rctx, sql_group_xlat_ctx_t);
1151 rlm_sql_t const *inst = talloc_get_type_abort(xctx->mctx->mi->data, rlm_sql_t);
1152 rlm_sql_thread_t *thread = talloc_get_type_abort(xctx->mctx->thread, rlm_sql_thread_t);
1153 fr_value_box_t *query;
1154
1155 query = fr_value_box_list_head(&xlat_ctx->query);
1156 if (!query) return XLAT_ACTION_FAIL;
1157
1158 MEM(xlat_ctx->group_ctx = talloc(xlat_ctx, sql_group_ctx_t));
1159
1160 *xlat_ctx->group_ctx = (sql_group_ctx_t) {
1161 .inst = inst,
1162 .query = query,
1163 };
1164
1165 if (unlang_xlat_yield(request, sql_group_xlat_query_resume, NULL, 0, xlat_ctx) != XLAT_ACTION_YIELD) return XLAT_ACTION_FAIL;
1166
1167 if (sql_get_grouplist(xlat_ctx->group_ctx, thread->trunk, request) != UNLANG_ACTION_PUSHED_CHILD)
1168 return XLAT_ACTION_FAIL;
1169
1170 return XLAT_ACTION_PUSH_UNLANG;
1171}
1172
1173
1174/** Check if the user is a member of a particular group
1175 *
1176@verbatim
1177%sql.group(<name>)
1178@endverbatim
1179 *
1180 * @ingroup xlat_functions
1181 */
1182static xlat_action_t sql_group_xlat(UNUSED TALLOC_CTX *ctx, UNUSED fr_dcursor_t *out, xlat_ctx_t const *xctx,
1183 request_t *request, UNUSED fr_value_box_list_t *in)
1184{
1185 sql_group_xlat_call_env_t *call_env = talloc_get_type_abort(xctx->env_data, sql_group_xlat_call_env_t);
1186 sql_group_xlat_ctx_t *xlat_ctx;
1187 rlm_sql_t const *inst = talloc_get_type_abort(xctx->mctx->mi->data, rlm_sql_t);
1188
1189 if (!call_env->membership_query) {
1190 RWARN("Cannot check group membership - group_membership_query not set");
1191 return XLAT_ACTION_FAIL;
1192 }
1193
1194 /*
1195 * Set the user attr here
1196 */
1197 sql_set_user(inst, request, &call_env->user);
1198
1199 MEM(xlat_ctx = talloc_zero(unlang_interpret_frame_talloc_ctx(request), sql_group_xlat_ctx_t));
1200 fr_value_box_list_init(&xlat_ctx->query);
1201
1202 if (unlang_xlat_yield(request, sql_group_xlat_resume, NULL, 0, xlat_ctx) != XLAT_ACTION_YIELD) return XLAT_ACTION_FAIL;
1203 if (unlang_tmpl_push(xlat_ctx, &xlat_ctx->query, request, call_env->membership_query, NULL) < 0) return XLAT_ACTION_FAIL;
1204 return XLAT_ACTION_PUSH_UNLANG;
1205}
1206
1207/** Process a "check" map
1208 *
1209 * Any entries using an assignment operator will be moved to the reply map
1210 * for later merging into the request.
1211 *
1212 * @param request Current request.
1213 * @param check_map to process.
1214 * @param reply_map where any assignment entries will be moved.
1215 * @return
1216 * - 0 if all the check entries pass.
1217 * - -1 if the checks fail.
1218 */
1219static int check_map_process(request_t *request, map_list_t *check_map, map_list_t *reply_map)
1220{
1221 map_t *map, *next;
1222
1223 for (map = map_list_head(check_map);
1224 map != NULL;
1225 map = next) {
1226 next = map_list_next(check_map, map);
1227
1228 if (fr_assignment_op[map->op]) {
1229 (void) map_list_remove(check_map, map);
1230 map_list_insert_tail(reply_map, map);
1231 continue;
1232 }
1233
1234 if (!fr_comparison_op[map->op]) {
1235 REDEBUG("Invalid operator '%s'", fr_tokens[map->op]);
1236 goto fail;
1237 }
1238
1239 if (fr_type_is_structural(tmpl_attr_tail_da(map->lhs)->type) &&
1240 (map->op != T_OP_CMP_TRUE) && (map->op != T_OP_CMP_FALSE)) {
1241 REDEBUG("Invalid comparison for structural type");
1242 goto fail;
1243 }
1244
1245 RDEBUG2(" &%s %s %s", map->lhs->name, fr_tokens[map->op], map->rhs->name);
1246 if (radius_legacy_map_cmp(request, map) != 1) {
1247 fail:
1248 map_list_talloc_free(check_map);
1249 map_list_talloc_free(reply_map);
1250 RDEBUG2("failed match: skipping this entry");
1251 return -1;
1252 }
1253 }
1254 return 0;
1255}
1256
1257static int sql_autz_ctx_free(sql_autz_ctx_t *to_free)
1258{
1259 if (!to_free->inst->sql_escape_arg) (void) request_data_get(to_free->request, (void *)sql_escape_uctx_alloc, 0);
1260 map_list_talloc_free(&to_free->check_tmp);
1261 map_list_talloc_free(&to_free->reply_tmp);
1262 sql_unset_user(to_free->inst, to_free->request);
1263
1264 return 0;
1265}
1266
1267/** Resume function called after authorization group / profile expansion of check / reply query tmpl
1268 *
1269 * Groups and profiles are treated almost identically except:
1270 * - groups are read from an SQL query
1271 * - profiles are read from &control.User-Profile
1272 * - if `cache_groups` is set, groups populate &control.SQL-Group
1273 *
1274 * Profiles are handled after groups, and will not happend if the last group resulted in `Fall-Through = no`
1275 *
1276 * Before each query is run, &request.SQL-Group is populated with the value of the group being evaluated.
1277 *
1278 * @param p_result Result of current authorization.
1279 * @param priority Unused.
1280 * @param request Current request.
1281 * @param uctx Current authorization context.
1282 * @return one of the RLM_MODULE_* values.
1283 */
1284static unlang_action_t mod_autz_group_resume(rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
1285{
1286 sql_autz_ctx_t *autz_ctx = talloc_get_type_abort(uctx, sql_autz_ctx_t);
1287 sql_autz_call_env_t *call_env = autz_ctx->call_env;
1288 sql_group_ctx_t *group_ctx = autz_ctx->group_ctx;
1289 fr_sql_map_ctx_t *map_ctx = autz_ctx->map_ctx;
1290 rlm_sql_t const *inst = autz_ctx->inst;
1291 fr_value_box_t *query = fr_value_box_list_pop_head(&autz_ctx->query);
1292 sql_fall_through_t do_fall_through = FALL_THROUGH_DEFAULT;
1293 fr_pair_t *vp;
1294
1295 switch (*p_result) {
1296 case RLM_MODULE_USER_SECTION_REJECT:
1297 return UNLANG_ACTION_CALCULATE_RESULT;
1298
1299 default:
1300 break;
1301 }
1302
1303 switch(autz_ctx->status) {
1304 case SQL_AUTZ_GROUP_MEMB:
1305 if (unlang_function_repeat_set(request, mod_autz_group_resume) < 0) RETURN_MODULE_FAIL;
1306 MEM(autz_ctx->group_ctx = talloc(autz_ctx, sql_group_ctx_t));
1307 *autz_ctx->group_ctx = (sql_group_ctx_t) {
1308 .inst = inst,
1309 .query = query,
1310 };
1311
1312 if (sql_get_grouplist(autz_ctx->group_ctx, autz_ctx->trunk, request) == UNLANG_ACTION_PUSHED_CHILD) {
1313 autz_ctx->status = SQL_AUTZ_GROUP_MEMB_RESUME;
1314 return UNLANG_ACTION_PUSHED_CHILD;
1315 }
1316
1317 group_ctx = autz_ctx->group_ctx;
1318
1319 FALL_THROUGH;
1320
1321 case SQL_AUTZ_GROUP_MEMB_RESUME:
1322 talloc_free(group_ctx->query);
1323
1324 if (group_ctx->num_groups == 0) {
1325 RDEBUG2("User not found in any groups");
1326 break;
1327 }
1328 fr_assert(group_ctx->groups);
1329
1330 RDEBUG2("User found in the group table");
1331 autz_ctx->user_found = true;
1332 autz_ctx->group = group_ctx->groups;
1333 MEM(pair_update_request(&autz_ctx->sql_group, inst->group_da) >= 0);
1334
1335 next_group:
1336 fr_pair_value_strdup(autz_ctx->sql_group, autz_ctx->group->name, true);
1337 autz_ctx->status = SQL_AUTZ_GROUP_CHECK;
1338 FALL_THROUGH;
1339
1340 case SQL_AUTZ_PROFILE_START:
1341 next_profile:
1342 if (autz_ctx->status & SQL_AUTZ_STAGE_PROFILE) {
1343 fr_pair_value_strdup(autz_ctx->sql_group, autz_ctx->profile->vp_strvalue, true);
1344 autz_ctx->status = SQL_AUTZ_PROFILE_CHECK;
1345 }
1346 RDEBUG3("Processing %s %pV",
1347 autz_ctx->status & SQL_AUTZ_STAGE_GROUP ? "group" : "profile", &autz_ctx->sql_group->data);
1348 if (inst->config.cache_groups && autz_ctx->status & SQL_AUTZ_STAGE_GROUP) {
1349 MEM(pair_append_control(&vp, inst->group_da) >= 0);
1350 fr_pair_value_strdup(vp, autz_ctx->group->name, true);
1351 }
1352
1353 if (call_env->group_check_query) {
1354 if (unlang_function_repeat_set(request, mod_autz_group_resume) < 0) RETURN_MODULE_FAIL;
1355 if (unlang_tmpl_push(autz_ctx, &autz_ctx->query, request,
1356 call_env->group_check_query, NULL) < 0) RETURN_MODULE_FAIL;
1357 return UNLANG_ACTION_PUSHED_CHILD;
1358 }
1359
1360 if (call_env->group_reply_query) goto group_reply_push;
1361
1362 break;
1363
1364 case SQL_AUTZ_GROUP_CHECK:
1365 case SQL_AUTZ_PROFILE_CHECK:
1366 *autz_ctx->map_ctx = (fr_sql_map_ctx_t) {
1367 .ctx = autz_ctx,
1368 .inst = inst,
1369 .out = &autz_ctx->check_tmp,
1370 .list = request_attr_request,
1371 .query = query,
1372 };
1373
1374 if (unlang_function_repeat_set(request, mod_autz_group_resume) < 0) RETURN_MODULE_FAIL;
1375 if (sql_get_map_list(request, map_ctx, autz_ctx->trunk) == UNLANG_ACTION_PUSHED_CHILD) {
1376 autz_ctx->status = autz_ctx->status & SQL_AUTZ_STAGE_GROUP ? SQL_AUTZ_GROUP_CHECK_RESUME : SQL_AUTZ_PROFILE_CHECK_RESUME;
1377 return UNLANG_ACTION_PUSHED_CHILD;
1378 }
1379
1380 FALL_THROUGH;
1381
1382 case SQL_AUTZ_GROUP_CHECK_RESUME:
1383 case SQL_AUTZ_PROFILE_CHECK_RESUME:
1384 talloc_free(map_ctx->query);
1385
1386 /*
1387 * If we got check rows we need to process them before we decide to
1388 * process the reply rows
1389 */
1390 if (map_ctx->rows > 0) {
1391 if (check_map_process(request, &autz_ctx->check_tmp, &autz_ctx->reply_tmp) < 0) {
1392 map_list_talloc_free(&autz_ctx->check_tmp);
1393 goto next_group_find;
1394 }
1395 RDEBUG2("%s \"%pV\": Conditional check items matched",
1396 autz_ctx->status & SQL_AUTZ_STAGE_GROUP ? "Group" : "Profile", &autz_ctx->sql_group->data);
1397 } else {
1398 RDEBUG2("%s \"%pV\": Conditional check items matched (empty)",
1399 autz_ctx->status & SQL_AUTZ_STAGE_GROUP ? "Group" : "Profile", &autz_ctx->sql_group->data);
1400 }
1401
1402 if (autz_ctx->rcode == RLM_MODULE_NOOP) autz_ctx->rcode = RLM_MODULE_OK;
1403
1404 map_list_talloc_free(&autz_ctx->check_tmp);
1405
1406 if (call_env->group_reply_query) {
1407 group_reply_push:
1408 if (unlang_function_repeat_set(request, mod_autz_group_resume) < 0) RETURN_MODULE_FAIL;
1409 if (unlang_tmpl_push(autz_ctx, &autz_ctx->query, request,
1410 call_env->group_reply_query, NULL) < 0) RETURN_MODULE_FAIL;
1411 autz_ctx->status = autz_ctx->status & SQL_AUTZ_STAGE_GROUP ? SQL_AUTZ_GROUP_REPLY : SQL_AUTZ_PROFILE_REPLY;
1412 return UNLANG_ACTION_PUSHED_CHILD;
1413 }
1414
1415 if (map_list_num_elements(&autz_ctx->reply_tmp)) goto group_attr_cache;
1416
1417 goto next_group_find;
1418
1419 case SQL_AUTZ_GROUP_REPLY:
1420 case SQL_AUTZ_PROFILE_REPLY:
1421 *autz_ctx->map_ctx = (fr_sql_map_ctx_t) {
1422 .ctx = autz_ctx,
1423 .inst = inst,
1424 .out = &autz_ctx->reply_tmp,
1425 .list = request_attr_reply,
1426 .query = query,
1427 .expand_rhs = true,
1428 };
1429
1430 if (unlang_function_repeat_set(request, mod_autz_group_resume) < 0) RETURN_MODULE_FAIL;
1431 if (sql_get_map_list(request, map_ctx, autz_ctx->trunk) == UNLANG_ACTION_PUSHED_CHILD) {
1432 autz_ctx->status = autz_ctx->status & SQL_AUTZ_STAGE_GROUP ? SQL_AUTZ_GROUP_REPLY_RESUME : SQL_AUTZ_PROFILE_REPLY_RESUME;
1433 return UNLANG_ACTION_PUSHED_CHILD;
1434 }
1435
1436 FALL_THROUGH;
1437
1438 case SQL_AUTZ_GROUP_REPLY_RESUME:
1439 case SQL_AUTZ_PROFILE_REPLY_RESUME:
1440 talloc_free(map_ctx->query);
1441
1442 if (map_ctx->rows == 0) {
1443 do_fall_through = FALL_THROUGH_DEFAULT;
1444 goto group_attr_cache;
1445 }
1446
1447 fr_assert(!map_list_empty(&autz_ctx->reply_tmp)); /* coverity, among others */
1448 do_fall_through = fall_through(&autz_ctx->reply_tmp);
1449
1450 group_attr_cache:
1451 if (inst->config.cache_groups && autz_ctx->status & SQL_AUTZ_STAGE_GROUP) {
1452 MEM(pair_append_control(&vp, inst->group_da) >= 0);
1453 fr_pair_value_strdup(vp, autz_ctx->group->name, true);
1454 }
1455
1456 if (map_list_num_elements(&autz_ctx->reply_tmp) == 0) goto next_group_find;
1457 RDEBUG2("%s \"%pV\": Merging control and reply items",
1458 autz_ctx->status & SQL_AUTZ_STAGE_GROUP ? "Group" : "Profile", &autz_ctx->sql_group->data);
1459 autz_ctx->rcode = RLM_MODULE_UPDATED;
1460
1461 RINDENT();
1462 if (radius_legacy_map_list_apply(request, &autz_ctx->reply_tmp, NULL) < 0) {
1463 RPEDEBUG("Failed applying reply item");
1464 REXDENT();
1465 RETURN_MODULE_FAIL;
1466 }
1467 REXDENT();
1468 map_list_talloc_free(&autz_ctx->reply_tmp);
1469
1470 next_group_find:
1471 if (do_fall_through != FALL_THROUGH_YES) break;
1472 if (autz_ctx->status & SQL_AUTZ_STAGE_PROFILE) {
1473 autz_ctx->profile = fr_pair_find_by_da(&request->control_pairs, autz_ctx->profile, attr_user_profile);
1474 if (autz_ctx->profile) goto next_profile;
1475 break;
1476 }
1477 autz_ctx->group = autz_ctx->group->next;
1478 if (autz_ctx->group) goto next_group;
1479
1480 break;
1481
1482 default:
1483 fr_assert(0);
1484 }
1485
1486 /*
1487 * If group processing has completed, check to see if profile processing should be done
1488 */
1489 if ((autz_ctx->status & SQL_AUTZ_STAGE_GROUP) &&
1490 ((do_fall_through == FALL_THROUGH_YES) ||
1491 (inst->config.read_profiles && (do_fall_through == FALL_THROUGH_DEFAULT)))) {
1492 RDEBUG3("... falling-through to profile processing");
1493
1494 autz_ctx->profile = fr_pair_find_by_da(&request->control_pairs, NULL, attr_user_profile);
1495 if (autz_ctx->profile) {
1496 MEM(pair_update_request(&autz_ctx->sql_group, inst->group_da) >= 0);
1497 autz_ctx->status = SQL_AUTZ_PROFILE_START;
1498 goto next_profile;
1499 }
1500 }
1501
1502 if (!autz_ctx->user_found) RETURN_MODULE_NOTFOUND;
1503
1504 RETURN_MODULE_RCODE(autz_ctx->rcode);
1505}
1506
1507/** Resume function called after authorization check / reply tmpl expansion
1508 *
1509 * @param p_result Result of current authorization.
1510 * @param priority Unused.
1511 * @param request Current request.
1512 * @param uctx Current authorization context.
1513 * @return one of the RLM_MODULE_* values.
1514 */
1515static unlang_action_t mod_authorize_resume(rlm_rcode_t *p_result, int *priority, request_t *request, void *uctx)
1516{
1517 sql_autz_ctx_t *autz_ctx = talloc_get_type_abort(uctx, sql_autz_ctx_t);
1518 sql_autz_call_env_t *call_env = autz_ctx->call_env;
1519 rlm_sql_t const *inst = autz_ctx->inst;
1520 fr_value_box_t *query = fr_value_box_list_pop_head(&autz_ctx->query);
1521 sql_fall_through_t do_fall_through = FALL_THROUGH_DEFAULT;
1522 fr_sql_map_ctx_t *map_ctx = autz_ctx->map_ctx;
1523
1524 /*
1525 * If a previous async call returned one of the "failure" results just return.
1526 */
1527 switch (*p_result) {
1528 case RLM_MODULE_USER_SECTION_REJECT:
1529 return UNLANG_ACTION_CALCULATE_RESULT;
1530
1531 default:
1532 break;
1533 }
1534
1535 switch(autz_ctx->status) {
1536 case SQL_AUTZ_CHECK:
1537 *autz_ctx->map_ctx = (fr_sql_map_ctx_t) {
1538 .ctx = autz_ctx,
1539 .inst = inst,
1540 .out = &autz_ctx->check_tmp,
1541 .list = request_attr_request,
1542 .query = query,
1543 };
1544
1545 if (unlang_function_repeat_set(request, mod_authorize_resume) < 0) RETURN_MODULE_FAIL;
1546 if (sql_get_map_list(request, map_ctx, autz_ctx->trunk) == UNLANG_ACTION_PUSHED_CHILD){
1547 autz_ctx->status = SQL_AUTZ_CHECK_RESUME;
1548 return UNLANG_ACTION_PUSHED_CHILD;
1549 }
1550
1551 FALL_THROUGH;
1552
1553 case SQL_AUTZ_CHECK_RESUME:
1554 talloc_free(map_ctx->query);
1555
1556 if (map_ctx->rows == 0) goto skip_reply; /* Don't need to handle map entries we don't have */
1557
1558 /*
1559 * Only do this if *some* check pairs were returned
1560 */
1561 RDEBUG2("User found in radcheck table");
1562 autz_ctx->user_found = true;
1563
1564 if (check_map_process(request, &autz_ctx->check_tmp, &autz_ctx->reply_tmp) < 0) goto skip_reply;
1565 RDEBUG2("Conditional check items matched");
1566
1567 autz_ctx->rcode = RLM_MODULE_OK;
1568 map_list_talloc_free(&autz_ctx->check_tmp);
1569
1570 if (!call_env->reply_query) goto skip_reply;
1571
1572 if (unlang_function_repeat_set(request, mod_authorize_resume) < 0) RETURN_MODULE_FAIL;
1573 if (unlang_tmpl_push(autz_ctx, &autz_ctx->query, request, call_env->reply_query, NULL) < 0) RETURN_MODULE_FAIL;
1574 autz_ctx->status = SQL_AUTZ_REPLY;
1575 return UNLANG_ACTION_PUSHED_CHILD;
1576
1577 case SQL_AUTZ_REPLY:
1578 *autz_ctx->map_ctx = (fr_sql_map_ctx_t) {
1579 .ctx = autz_ctx,
1580 .inst = inst,
1581 .out = &autz_ctx->reply_tmp,
1582 .list = request_attr_reply,
1583 .query = query,
1584 .expand_rhs = true,
1585 };
1586
1587 if (unlang_function_repeat_set(request, mod_authorize_resume) < 0) RETURN_MODULE_FAIL;
1588 if (sql_get_map_list(request, map_ctx, autz_ctx->trunk) == UNLANG_ACTION_PUSHED_CHILD){
1589 autz_ctx->status = SQL_AUTZ_REPLY_RESUME;
1590 return UNLANG_ACTION_PUSHED_CHILD;
1591 }
1592
1593 FALL_THROUGH;
1594
1595 case SQL_AUTZ_REPLY_RESUME:
1596 talloc_free(map_ctx->query);
1597
1598 if (map_ctx->rows == 0) goto skip_reply;
1599
1600 do_fall_through = fall_through(&autz_ctx->reply_tmp);
1601
1602 RDEBUG2("User found in radreply table");
1603 autz_ctx->user_found = true;
1604
1605 skip_reply:
1606 if (map_list_num_elements(&autz_ctx->reply_tmp)) {
1607 RDEBUG2("Merging control and reply items");
1608 RINDENT();
1609 if (radius_legacy_map_list_apply(request, &autz_ctx->reply_tmp, NULL) < 0) {
1610 RPEDEBUG("Failed applying item");
1611 REXDENT();
1612 RETURN_MODULE_FAIL;
1613 }
1614 REXDENT();
1615
1616 autz_ctx->rcode = RLM_MODULE_UPDATED;
1617 map_list_talloc_free(&autz_ctx->reply_tmp);
1618 }
1619
1620 if ((do_fall_through == FALL_THROUGH_YES) ||
1621 (inst->config.read_groups && (do_fall_through == FALL_THROUGH_DEFAULT))) {
1622 RDEBUG3("... falling-through to group processing");
1623
1624 if (!call_env->membership_query) {
1625 RWARN("Cannot check groups when group_membership_query is not set");
1626 break;
1627 }
1628
1629 if (!call_env->group_check_query && !call_env->group_reply_query) {
1630 RWARN("Cannot process groups when neither authorize_group_check_query nor authorize_group_check_query are set");
1631 break;
1632 }
1633
1634 if (unlang_function_repeat_set(request, mod_autz_group_resume) < 0) RETURN_MODULE_FAIL;
1635 if (unlang_tmpl_push(autz_ctx, &autz_ctx->query, request,
1636 call_env->membership_query, NULL) < 0) RETURN_MODULE_FAIL;
1637 autz_ctx->status = SQL_AUTZ_GROUP_MEMB;
1638 return UNLANG_ACTION_PUSHED_CHILD;
1639 }
1640
1641 if ((do_fall_through == FALL_THROUGH_YES) ||
1642 (inst->config.read_profiles && (do_fall_through == FALL_THROUGH_DEFAULT))) {
1643 RDEBUG3("... falling-through to profile processing");
1644
1645 if (!call_env->group_check_query && !call_env->group_reply_query) {
1646 RWARN("Cannot process profiles when neither authorize_group_check_query nor authorize_group_check_query are set");
1647 break;
1648 }
1649
1650 autz_ctx->profile = fr_pair_find_by_da(&request->control_pairs, NULL, attr_user_profile);
1651 if (!autz_ctx->profile) break;
1652
1653 MEM(pair_update_request(&autz_ctx->sql_group, inst->group_da) >= 0);
1654 autz_ctx->status = SQL_AUTZ_PROFILE_START;
1655 return mod_autz_group_resume(p_result, priority, request, autz_ctx);
1656 }
1657 break;
1658
1659 default:
1660 fr_assert(0);
1661 }
1662
1663 if (!autz_ctx->user_found) RETURN_MODULE_NOTFOUND;
1664 RETURN_MODULE_RCODE(autz_ctx->rcode);
1665}
1666
1667/** Start of module authorize method
1668 *
1669 * Pushes the tmpl relating to the first required query for evaluation
1670 */
1671static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
1672{
1673 rlm_sql_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_sql_t);
1674 rlm_sql_thread_t *thread = talloc_get_type_abort(mctx->thread, rlm_sql_thread_t);
1675 sql_autz_call_env_t *call_env = talloc_get_type_abort(mctx->env_data, sql_autz_call_env_t);
1676 sql_autz_ctx_t *autz_ctx;
1677
1678 fr_assert(request->packet != NULL);
1679 fr_assert(request->reply != NULL);
1680
1681 if (!call_env->check_query && !call_env->reply_query && !(inst->config.read_groups && call_env->membership_query)) {
1682 RWDEBUG("No authorization checks configured, returning noop");
1683 RETURN_MODULE_NOOP;
1684 }
1685
1686 /*
1687 * Set and check the user attr here
1688 */
1689 sql_set_user(inst, request, &call_env->user);
1690
1691 MEM(autz_ctx = talloc(unlang_interpret_frame_talloc_ctx(request), sql_autz_ctx_t));
1692 *autz_ctx = (sql_autz_ctx_t) {
1693 .inst = inst,
1694 .call_env = call_env,
1695 .request = request,
1696 .trunk = thread->trunk,
1697 .rcode = RLM_MODULE_NOOP
1698 };
1699 map_list_init(&autz_ctx->check_tmp);
1700 map_list_init(&autz_ctx->reply_tmp);
1701 MEM(autz_ctx->map_ctx = talloc_zero(autz_ctx, fr_sql_map_ctx_t));
1702 talloc_set_destructor(autz_ctx, sql_autz_ctx_free);
1703
1704 if (unlang_function_push(request, NULL,
1705 (call_env->check_query || call_env->reply_query) ? mod_authorize_resume : mod_autz_group_resume,
1706 NULL, 0, UNLANG_SUB_FRAME, autz_ctx) < 0) {
1707 error:
1708 talloc_free(autz_ctx);
1709 RETURN_MODULE_FAIL;
1710 }
1711
1712 fr_value_box_list_init(&autz_ctx->query);
1713
1714 /*
1715 * Query the check table to find any conditions associated with this user/realm/whatever...
1716 */
1717 if (call_env->check_query) {
1718 if (unlang_tmpl_push(autz_ctx, &autz_ctx->query, request, call_env->check_query, NULL) < 0) goto error;
1719 autz_ctx->status = SQL_AUTZ_CHECK;
1720 return UNLANG_ACTION_PUSHED_CHILD;
1721 }
1722
1723 if (call_env->reply_query) {
1724 if (unlang_tmpl_push(autz_ctx, &autz_ctx->query, request, call_env->reply_query, NULL) < 0) goto error;
1725 autz_ctx->status = SQL_AUTZ_REPLY;
1726 return UNLANG_ACTION_PUSHED_CHILD;
1727 }
1728
1729 /*
1730 * Neither check nor reply queries were set, so we must be doing group stuff
1731 */
1732 if (unlang_tmpl_push(autz_ctx, &autz_ctx->query, request, call_env->membership_query, NULL) < 0) goto error;
1733 autz_ctx->status = SQL_AUTZ_GROUP_MEMB;
1734 return UNLANG_ACTION_PUSHED_CHILD;
1735}
1736
1737/** Tidy up when freeing an SQL redundant context
1738 *
1739 * Release the connection handle and unset the SQL-User attribute.
1740 */
1741static int sql_redundant_ctx_free(sql_redundant_ctx_t *to_free)
1742{
1743 if (!to_free->inst->sql_escape_arg) (void) request_data_get(to_free->request, (void *)sql_escape_uctx_alloc, 0);
1744 sql_unset_user(to_free->inst, to_free->request);
1745
1746 return 0;
1747}
1748
1749static unlang_action_t mod_sql_redundant_resume(rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx);
1750
1751/** Resume function called after executing an SQL query in a redundant list of queries.
1752 *
1753 * @param p_result Result of current module call.
1754 * @param priority Unused.
1755 * @param request Current request.
1756 * @param uctx Current redundant sql context.
1757 * @return one of the RLM_MODULE_* values.
1758 */
1759static unlang_action_t mod_sql_redundant_query_resume(rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
1760{
1761 sql_redundant_ctx_t *redundant_ctx = talloc_get_type_abort(uctx, sql_redundant_ctx_t);
1762 sql_redundant_call_env_t *call_env = redundant_ctx->call_env;
1763 rlm_sql_t const *inst = redundant_ctx->inst;
1764 fr_sql_query_t *query_ctx = redundant_ctx->query_ctx;
1765 int numaffected = 0;
1766 tmpl_t *next_query;
1767
1768 RDEBUG2("SQL query returned: %s", fr_table_str_by_value(sql_rcode_description_table, query_ctx->rcode, "<INVALID>"));
1769
1770 switch (query_ctx->rcode) {
1771 /*
1772 * Query was a success! Now we just need to check if it did anything.
1773 */
1774 case RLM_SQL_OK:
1775 break;
1776
1777 /*
1778 * A general, unrecoverable server fault.
1779 */
1780 case RLM_SQL_ERROR:
1781 /*
1782 * If we get RLM_SQL_RECONNECT it means all connections in the pool
1783 * were exhausted, and we couldn't create a new connection,
1784 * so we do not need to call fr_pool_connection_release.
1785 */
1786 case RLM_SQL_RECONNECT:
1787 RETURN_MODULE_FAIL;
1788
1789 /*
1790 * Query was invalid, this is a terminal error.
1791 */
1792 case RLM_SQL_QUERY_INVALID:
1793 RETURN_MODULE_INVALID;
1794
1795 /*
1796 * Driver found an error (like a unique key constraint violation)
1797 * that hinted it might be a good idea to try an alternative query.
1798 */
1799 case RLM_SQL_ALT_QUERY:
1800 goto next;
1801
1802 case RLM_SQL_NO_MORE_ROWS:
1803 break;
1804 }
1805
1806 /*
1807 * We need to have updated something for the query to have been
1808 * counted as successful.
1809 */
1810 numaffected = (inst->driver->sql_affected_rows)(query_ctx, &inst->config);
1811 TALLOC_FREE(query_ctx);
1812 RDEBUG2("%i record(s) updated", numaffected);
1813
1814 if (numaffected > 0) RETURN_MODULE_OK; /* A query succeeded, were done! */
1815next:
1816 /*
1817 * Look to see if there are any more queries to expand
1818 */
1819 talloc_free(query_ctx);
1820 redundant_ctx->query_no++;
1821 if (redundant_ctx->query_no >= talloc_array_length(call_env->query)) RETURN_MODULE_NOOP;
1822 next_query = *(tmpl_t **)((uint8_t *)call_env->query + sizeof(void *) * redundant_ctx->query_no);
1823 if (unlang_function_repeat_set(request, mod_sql_redundant_resume) < 0) RETURN_MODULE_FAIL;
1824 if (unlang_tmpl_push(redundant_ctx, &redundant_ctx->query, request, next_query, NULL) < 0) RETURN_MODULE_FAIL;
1825
1826 RDEBUG2("Trying next query...");
1827
1828 return UNLANG_ACTION_PUSHED_CHILD;
1829}
1830
1831
1832/** Resume function called after expansion of next query in a redundant list of queries
1833 *
1834 * @param p_result Result of current module call.
1835 * @param priority Unused.
1836 * @param request Current request.
1837 * @param uctx Current redundant sql context.
1838 * @return one of the RLM_MODULE_* values.
1839 */
1840static unlang_action_t mod_sql_redundant_resume(rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
1841{
1842 sql_redundant_ctx_t *redundant_ctx = talloc_get_type_abort(uctx, sql_redundant_ctx_t);
1843 sql_redundant_call_env_t *call_env = redundant_ctx->call_env;
1844 rlm_sql_t const *inst = redundant_ctx->inst;
1845
1846 redundant_ctx->query_vb = fr_value_box_list_pop_head(&redundant_ctx->query);
1847 if (!redundant_ctx->query_vb) RETURN_MODULE_FAIL;
1848
1849 if ((call_env->filename.type == FR_TYPE_STRING) && (call_env->filename.vb_length > 0)) {
1850 rlm_sql_query_log(inst, call_env->filename.vb_strvalue, redundant_ctx->query_vb->vb_strvalue);
1851 }
1852
1853 MEM(redundant_ctx->query_ctx = fr_sql_query_alloc(redundant_ctx, inst, request, redundant_ctx->trunk,
1854 redundant_ctx->query_vb->vb_strvalue, SQL_QUERY_OTHER));
1855
1856 if (unlang_function_repeat_set(request, mod_sql_redundant_query_resume) < 0) RETURN_MODULE_FAIL;
1857
1858 return unlang_function_push(request, inst->query, NULL, NULL, 0, UNLANG_SUB_FRAME, redundant_ctx->query_ctx);
1859}
1860
1861/** Generic module call for failing between a bunch of queries.
1862 *
1863 * Used for `accounting` and `send` module calls
1864 *
1865 */
1866static unlang_action_t CC_HINT(nonnull) mod_sql_redundant(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
1867{
1868 rlm_sql_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_sql_t);
1869 rlm_sql_thread_t *thread = talloc_get_type_abort(mctx->thread, rlm_sql_thread_t);
1870 sql_redundant_call_env_t *call_env = talloc_get_type_abort(mctx->env_data, sql_redundant_call_env_t);
1871 sql_redundant_ctx_t *redundant_ctx;
1872
1873 /*
1874 * No query to expand - do nothing.
1875 */
1876 if (!call_env->query) {
1877 RWARN("No query configured");
1878 RETURN_MODULE_NOOP;
1879 }
1880
1881 MEM(redundant_ctx = talloc_zero(unlang_interpret_frame_talloc_ctx(request), sql_redundant_ctx_t));
1882 *redundant_ctx = (sql_redundant_ctx_t) {
1883 .inst = inst,
1884 .request = request,
1885 .trunk = thread->trunk,
1886 .call_env = call_env,
1887 .query_no = 0
1888 };
1889 talloc_set_destructor(redundant_ctx, sql_redundant_ctx_free);
1890
1891 sql_set_user(inst, request, &call_env->user);
1892
1893 if (unlang_function_push(request, NULL, mod_sql_redundant_resume, NULL, 0,
1894 UNLANG_SUB_FRAME, redundant_ctx) < 0) RETURN_MODULE_FAIL;
1895
1896 fr_value_box_list_init(&redundant_ctx->query);
1897 if (unlang_tmpl_push(redundant_ctx, &redundant_ctx->query, request, *call_env->query, NULL) < 0) RETURN_MODULE_FAIL;
1898
1899 return UNLANG_ACTION_PUSHED_CHILD;
1900}
1901
1902static int logfile_call_env_parse(TALLOC_CTX *ctx, call_env_parsed_head_t *out, tmpl_rules_t const *t_rules,
1903 CONF_ITEM *ci,
1904 call_env_ctx_t const *cec, UNUSED call_env_parser_t const *rule)
1905{
1906 CONF_SECTION const *subcs = NULL, *subsubcs = NULL;
1907 CONF_PAIR const *to_parse = NULL;
1908 tmpl_t *parsed_tmpl;
1909 call_env_parsed_t *parsed_env;
1910 tmpl_rules_t our_rules;
1911 char *section2, *p;
1912
1913 fr_assert(cec->type == CALL_ENV_CTX_TYPE_MODULE);
1914
1915 /*
1916 * The call env subsection which calls this has CF_IDENT_ANY as its name
1917 * which results in finding the first child section of the module config.
1918 * We actually want the whole module config - so go to the parent.
1919 */
1920 ci = cf_parent(ci);
1921
1922 /*
1923 * Find the instance of "logfile" to parse
1924 *
1925 * If the module call is from `accounting Start` then first is
1926 * <module> { accounting { start { logfile } } }
1927 * then
1928 * <module> { accounting { logfile } }
1929 * falling back to
1930 * <module> { logfile }
1931 */
1932 subcs = cf_section_find(cf_item_to_section(ci), cec->asked->name1, CF_IDENT_ANY);
1933 if (subcs) {
1934 if (cec->asked->name2) {
1935 section2 = talloc_strdup(NULL, cec->asked->name2);
1936 p = section2;
1937 while (*p != '\0') {
1938 *(p) = tolower((uint8_t)*p);
1939 p++;
1940 }
1941 subsubcs = cf_section_find(subcs, section2, CF_IDENT_ANY);
1942 talloc_free(section2);
1943 if (subsubcs) to_parse = cf_pair_find(subsubcs, "logfile");
1944 }
1945 if (!to_parse) to_parse = cf_pair_find(subcs, "logfile");
1946 }
1947
1948 if (!to_parse) to_parse = cf_pair_find(cf_item_to_section(ci), "logfile");
1949
1950 if (!to_parse) return 0;
1951
1952 /*
1953 * Use filename safety escape functions
1954 */
1955 our_rules = *t_rules;
1956 our_rules.escape.box_escape = (fr_value_box_escape_t) {
1957 .func = rad_filename_box_make_safe,
1958 .safe_for = (fr_value_box_safe_for_t)rad_filename_box_make_safe,
1959 .always_escape = false,
1960 };
1961 our_rules.escape.mode = TMPL_ESCAPE_PRE_CONCAT;
1962 our_rules.literals_safe_for = our_rules.escape.box_escape.safe_for;
1963
1964 MEM(parsed_env = call_env_parsed_add(ctx, out,
1965 &(call_env_parser_t){ FR_CALL_ENV_OFFSET("logfile", FR_TYPE_STRING, CALL_ENV_FLAG_CONCAT, sql_redundant_call_env_t, filename)}));
1966
1967 if (tmpl_afrom_substr(parsed_env, &parsed_tmpl,
1968 &FR_SBUFF_IN(cf_pair_value(to_parse), talloc_array_length(cf_pair_value(to_parse)) - 1),
1969 cf_pair_value_quote(to_parse), value_parse_rules_quoted[cf_pair_value_quote(to_parse)],
1970 &our_rules) < 0) {
1971 error:
1972 call_env_parsed_free(out, parsed_env);
1973 return -1;
1974 }
1975 if (tmpl_needs_resolving(parsed_tmpl) &&
1976 (tmpl_resolve(parsed_tmpl, &(tmpl_res_rules_t){ .dict_def = our_rules.attr.dict_def }) < 0)) goto error;
1977
1978 call_env_parsed_set_tmpl(parsed_env, parsed_tmpl);
1979
1980 return 0;
1981}
1982
1983static int query_call_env_parse(TALLOC_CTX *ctx, call_env_parsed_head_t *out, tmpl_rules_t const *t_rules,
1984 CONF_ITEM *ci,
1985 call_env_ctx_t const *cec, UNUSED call_env_parser_t const *rule)
1986{
1987 rlm_sql_t const *inst = talloc_get_type_abort_const(cec->mi->data, rlm_sql_t);
1988 CONF_SECTION const *subcs = NULL;
1989 CONF_PAIR const *to_parse = NULL;
1990 tmpl_t *parsed_tmpl;
1991 call_env_parsed_t *parsed_env;
1992 tmpl_rules_t our_rules;
1993 char *section2, *p;
1994 ssize_t count, slen, multi_index = 0;
1995
1996 fr_assert(cec->type == CALL_ENV_CTX_TYPE_MODULE);
1997
1998 /*
1999 * Find the instance(s) of "query" to parse
2000 *
2001 * If the module call is from `accounting Start` then it should be
2002 * <module> { accounting { start { query } } }
2003 */
2004 section2 = talloc_strdup(NULL, section_name_str(cec->asked->name2));
2005 p = section2;
2006 while (*p != '\0') {
2007 *(p) = tolower((uint8_t)*p);
2008 p++;
2009 }
2010 subcs = cf_section_find(cf_item_to_section(ci), section2, CF_IDENT_ANY);
2011 if (!subcs) {
2012 no_query:
2013 cf_log_warn(ci, "No query found for \"%s.%s\", this query will be disabled",
2014 section_name_str(cec->asked->name1), section2);
2015 talloc_free(section2);
2016 return 0;
2017 }
2018 count = cf_pair_count(subcs, "query");
2019 if (count == 0) goto no_query;
2020
2021 talloc_free(section2);
2022
2023 /*
2024 * Use module specific escape functions
2025 */
2026 our_rules = *t_rules;
2027 our_rules.escape = (tmpl_escape_t) {
2028 .box_escape = (fr_value_box_escape_t) {
2029 .func = sql_box_escape,
2030 .safe_for = SQL_SAFE_FOR,
2031 .always_escape = false,
2032 },
2033 .uctx = { .func = { .uctx = inst, .alloc = sql_escape_uctx_alloc }, .type = TMPL_ESCAPE_UCTX_ALLOC_FUNC },
2034 .mode = TMPL_ESCAPE_PRE_CONCAT,
2035 };
2036 our_rules.literals_safe_for = our_rules.escape.box_escape.safe_for;
2037
2038 while ((to_parse = cf_pair_find_next(subcs, to_parse, "query"))) {
2039 MEM(parsed_env = call_env_parsed_add(ctx, out,
2040 &(call_env_parser_t){
2041 FR_CALL_ENV_PARSE_ONLY_OFFSET("query", FR_TYPE_STRING, CALL_ENV_FLAG_CONCAT | CALL_ENV_FLAG_MULTI,
2042 sql_redundant_call_env_t, query)
2043 }));
2044
2045 slen = tmpl_afrom_substr(parsed_env, &parsed_tmpl,
2046 &FR_SBUFF_IN(cf_pair_value(to_parse), talloc_array_length(cf_pair_value(to_parse)) - 1),
2047 cf_pair_value_quote(to_parse), value_parse_rules_quoted[cf_pair_value_quote(to_parse)],
2048 &our_rules);
2049 if (slen <= 0) {
2050 cf_canonicalize_error(to_parse, slen, "Failed parsing query", cf_pair_value(to_parse));
2051 error:
2052 call_env_parsed_free(out, parsed_env);
2053 return -1;
2054 }
2055 if (tmpl_needs_resolving(parsed_tmpl) &&
2056 (tmpl_resolve(parsed_tmpl, &(tmpl_res_rules_t){ .dict_def = our_rules.attr.dict_def }) < 0)) {
2057 cf_log_perr(to_parse, "Failed resolving query");
2058 goto error;
2059 }
2060
2061 call_env_parsed_set_multi_index(parsed_env, count, multi_index++);
2062 call_env_parsed_set_data(parsed_env, parsed_tmpl);
2063 }
2064
2065 return 0;
2066}
2067
2068static int mod_detach(module_detach_ctx_t const *mctx)
2069{
2070 rlm_sql_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_sql_t);
2071
2072 /*
2073 * We need to explicitly free all children, so if the driver
2074 * parented any memory off the instance, their destructors
2075 * run before we unload the bytecode for them.
2076 *
2077 * If we don't do this, we get a SEGV deep inside the talloc code
2078 * when it tries to call a destructor that no longer exists.
2079 */
2080 talloc_free_children(inst);
2081
2082 return 0;
2083}
2084
2085static int mod_instantiate(module_inst_ctx_t const *mctx)
2086{
2087 rlm_sql_boot_t const *boot = talloc_get_type_abort(mctx->mi->boot, rlm_sql_boot_t);
2088 rlm_sql_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_sql_t);
2089 CONF_SECTION *conf = mctx->mi->conf;
2090
2091 /*
2092 * We can't modify the inst field in bootstrap, and there's no
2093 * point in making rlm_sql_boot_t available everywhere.
2094 */
2095 inst->group_da = boot->group_da;
2096
2097 inst->name = mctx->mi->name; /* Need this for functions in sql.c */
2098 inst->mi = mctx->mi; /* For looking up thread instance data */
2099
2100 /*
2101 * We need authorize_group_check_query or authorize_group_reply_query
2102 * if group_membership_query is set.
2103 *
2104 * Or we need group_membership_query if authorize_group_check_query or
2105 * authorize_group_reply_query is set.
2106 */
2107 if (!cf_pair_find(conf, "group_membership_query")) {
2108 if (cf_pair_find(conf, "authorize_group_check_query")) {
2109 WARN("Ignoring authorize_group_check_query as group_membership_query is not configured");
2110 }
2111
2112 if (cf_pair_find(conf, "authorize_group_reply_query")) {
2113 WARN("Ignoring authorize_group_reply_query as group_membership_query is not configured");
2114 }
2115
2116 if (!inst->config.read_groups) {
2117 WARN("Ignoring read_groups as group_membership_query is not configured");
2118 inst->config.read_groups = false;
2119 }
2120 } /* allow the group check / reply queries to be NULL */
2121
2122 /*
2123 * Cache the SQL-User-Name fr_dict_attr_t, so we can be slightly
2124 * more efficient about creating SQL-User-Name attributes.
2125 */
2126 inst->sql_user = attr_sql_user_name;
2127
2128 /*
2129 * Export these methods, too. This avoids RTDL_GLOBAL.
2130 */
2131 inst->query = rlm_sql_trunk_query;
2132 inst->select = rlm_sql_trunk_query;
2133 inst->fetch_row = rlm_sql_fetch_row;
2134 inst->query_alloc = fr_sql_query_alloc;
2135
2136 /*
2137 * Either use the module specific escape function
2138 * or our default one.
2139 */
2140 if (inst->driver->sql_escape_func) {
2141 inst->sql_escape_func = inst->driver->sql_escape_func;
2142 } else {
2143 inst->sql_escape_func = sql_escape_func;
2144 inst->sql_escape_arg = inst;
2145 }
2146 inst->box_escape = (fr_value_box_escape_t) {
2147 .func = sql_box_escape,
2148 .safe_for = SQL_SAFE_FOR,
2149 .always_escape = false,
2150 };
2151
2152 inst->ef = module_rlm_exfile_init(inst, conf, 256, fr_time_delta_from_sec(30), true, NULL, NULL);
2153 if (!inst->ef) {
2154 cf_log_err(conf, "Failed creating log file context");
2155 return -1;
2156 }
2157
2158 /*
2159 * Most SQL trunks can only have one running request per connection.
2160 */
2161 if (!(inst->driver->flags & RLM_SQL_MULTI_QUERY_CONN)) {
2162 inst->config.trunk_conf.target_req_per_conn = 1;
2163 inst->config.trunk_conf.max_req_per_conn = 1;
2164 }
2165 if (!inst->driver->trunk_io_funcs.connection_notify) {
2166 inst->config.trunk_conf.always_writable = true;
2167 }
2168
2169 /*
2170 * Instantiate the driver module
2171 */
2172 if (unlikely(module_instantiate(inst->driver_submodule) < 0)) {
2173 cf_log_err(conf, "Failed instantiating driver module");
2174 return -1;
2175 }
2176
2177 return 0;
2178}
2179
2180static int mod_bootstrap(module_inst_ctx_t const *mctx)
2181{
2182 rlm_sql_boot_t *boot = talloc_get_type_abort(mctx->mi->boot, rlm_sql_boot_t);
2183 rlm_sql_t const *inst = talloc_get_type_abort(mctx->mi->data, rlm_sql_t);
2184 CONF_SECTION *conf = mctx->mi->conf;
2185 xlat_t *xlat;
2186 xlat_arg_parser_t *sql_xlat_arg;
2187 rlm_sql_escape_uctx_t *uctx;
2188
2189 /*
2190 * Register the group comparison attribute
2191 */
2192 if (cf_pair_find(conf, "group_membership_query")) {
2193 char const *group_attribute;
2194 char buffer[256];
2195
2196 if (inst->config.group_attribute) {
2197 group_attribute = inst->config.group_attribute;
2198 } else if (cf_section_name2(conf)) {
2199 snprintf(buffer, sizeof(buffer), "%s-SQL-Group", mctx->mi->name);
2200 group_attribute = buffer;
2201 } else {
2202 group_attribute = "SQL-Group";
2203 }
2204
2205 boot->group_da = fr_dict_attr_by_name(NULL, fr_dict_root(dict_freeradius), group_attribute);
2206 if (!boot->group_da) {
2207 if (fr_dict_attr_add_name_only(fr_dict_unconst(dict_freeradius), fr_dict_root(dict_freeradius), group_attribute, FR_TYPE_STRING, NULL) < 0) {
2208 cf_log_perr(conf, "Failed defining group attribute");
2209 return -1;
2210 }
2211
2212 boot->group_da = fr_dict_attr_search_by_qualified_oid(NULL, dict_freeradius, group_attribute,
2213 false, false);
2214 if (!boot->group_da) {
2215 cf_log_perr(conf, "Failed resolving group attribute");
2216 return -1;
2217 }
2218 }
2219
2220 /*
2221 * Define the new %sql.group(name) xlat. The
2222 * register function automatically adds the
2223 * module instance name as a prefix.
2224 */
2225 xlat = module_rlm_xlat_register(boot, mctx, "group", sql_group_xlat, FR_TYPE_BOOL);
2226 if (!xlat) {
2227 cf_log_perr(conf, "Failed registering %s expansion", group_attribute);
2228 return -1;
2229 }
2230 xlat_func_call_env_set(xlat, &group_xlat_method_env);
2231
2232 /*
2233 * The xlat escape function needs access to inst - so
2234 * argument parser details need to be defined here
2235 */
2236 sql_xlat_arg = talloc_zero_array(xlat, xlat_arg_parser_t, 2);
2237 sql_xlat_arg[0] = (xlat_arg_parser_t){
2238 .type = FR_TYPE_STRING,
2239 .required = true,
2240 .concat = true
2241 };
2242 sql_xlat_arg[1] = (xlat_arg_parser_t)XLAT_ARG_PARSER_TERMINATOR;
2243
2244 xlat_func_args_set(xlat, sql_xlat_arg);
2245 }
2246
2247 /*
2248 * Register the SQL xlat function
2249 */
2250 xlat = module_rlm_xlat_register(boot, mctx, NULL, sql_xlat, FR_TYPE_VOID); /* Returns an integer sometimes */
2251 if (!xlat) {
2252 cf_log_perr(conf, "Failed registering %s expansion", mctx->mi->name);
2253 return -1;
2254 }
2255 xlat_func_call_env_set(xlat, &xlat_method_env);
2256
2257 /*
2258 * The xlat escape function needs access to inst - so
2259 * argument parser details need to be defined here.
2260 * Parented off the module instance "boot" so it can be shared
2261 * between three xlats.
2262 */
2263 MEM(sql_xlat_arg = talloc_zero_array(boot, xlat_arg_parser_t, 2));
2264 MEM(uctx = talloc_zero(sql_xlat_arg, rlm_sql_escape_uctx_t));
2265 *uctx = (rlm_sql_escape_uctx_t){ .sql = inst };
2266 sql_xlat_arg[0] = (xlat_arg_parser_t){
2267 .type = FR_TYPE_STRING,
2268 .required = true,
2269 .concat = true,
2270 .func = sql_xlat_escape,
2271 .safe_for = SQL_SAFE_FOR,
2272 .uctx = uctx
2273 };
2274 sql_xlat_arg[1] = (xlat_arg_parser_t)XLAT_ARG_PARSER_TERMINATOR;
2275
2276 xlat_func_args_set(xlat, sql_xlat_arg);
2277
2278 /*
2279 * Register instances of the SQL xlat with pre-determined output types
2280 */
2281 if (unlikely(!(xlat = module_rlm_xlat_register(boot, mctx, "fetch", sql_fetch_xlat, FR_TYPE_VOID)))) return -1;
2282 xlat_func_call_env_set(xlat, &xlat_method_env);
2283 xlat_func_args_set(xlat, sql_xlat_arg);
2284
2285 if (unlikely(!(xlat = module_rlm_xlat_register(boot, mctx, "modify", sql_modify_xlat, FR_TYPE_UINT32)))) return -1;
2286 xlat_func_call_env_set(xlat, &xlat_method_env);
2287 xlat_func_args_set(xlat, sql_xlat_arg);
2288
2289 if (unlikely(!(xlat = module_rlm_xlat_register(boot, mctx, "escape", sql_escape_xlat, FR_TYPE_STRING)))) return -1;
2290 sql_xlat_arg = talloc_zero_array(xlat, xlat_arg_parser_t, 2);
2291 sql_xlat_arg[0] = (xlat_arg_parser_t){
2292 .type = FR_TYPE_STRING,
2293 .variadic = true,
2294 .concat = true,
2295 };
2296 sql_xlat_arg[1] = (xlat_arg_parser_t)XLAT_ARG_PARSER_TERMINATOR;
2297 xlat_func_args_set(xlat, sql_xlat_arg);
2298 xlat_func_flags_set(xlat, XLAT_FUNC_FLAG_PURE);
2299 xlat_func_safe_for_set(xlat, SQL_SAFE_FOR);
2300
2301 if (unlikely(!(xlat = module_rlm_xlat_register(boot, mctx, "safe", xlat_transparent, FR_TYPE_STRING)))) return -1;
2302 sql_xlat_arg = talloc_zero_array(xlat, xlat_arg_parser_t, 2);
2303 sql_xlat_arg[0] = (xlat_arg_parser_t){
2304 .type = FR_TYPE_STRING,
2305 .variadic = true,
2306 .concat = true
2307 };
2308 sql_xlat_arg[1] = (xlat_arg_parser_t)XLAT_ARG_PARSER_TERMINATOR;
2309 xlat_func_args_set(xlat, sql_xlat_arg);
2310 xlat_func_flags_set(xlat, XLAT_FUNC_FLAG_PURE);
2311 xlat_func_safe_for_set(xlat, SQL_SAFE_FOR);
2312
2313 /*
2314 * Register the SQL map processor function
2315 */
2316 if (inst->driver->sql_fields) map_proc_register(mctx->mi->boot, inst, mctx->mi->name, mod_map_proc, sql_map_verify, 0, SQL_SAFE_FOR);
2317
2318 return 0;
2319}
2320
2321/** Initialise thread specific data structure
2322 *
2323 */
2324static int mod_thread_instantiate(module_thread_inst_ctx_t const *mctx)
2325{
2326 rlm_sql_thread_t *t = talloc_get_type_abort(mctx->thread, rlm_sql_thread_t);
2327 rlm_sql_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_sql_t);
2328
2329 if (inst->driver->sql_escape_arg_alloc) {
2330 t->sql_escape_arg = inst->driver->sql_escape_arg_alloc(t, mctx->el, inst);
2331 if (!t->sql_escape_arg) return -1;
2332 }
2333
2334 t->inst = inst;
2335
2336 t->trunk = trunk_alloc(t, mctx->el, &inst->driver->trunk_io_funcs,
2337 &inst->config.trunk_conf, inst->name, t, false);
2338 if (!t->trunk) return -1;
2339
2340 return 0;
2341}
2342
2343static int mod_thread_detach(module_thread_inst_ctx_t const *mctx)
2344{
2345 rlm_sql_thread_t *t = talloc_get_type_abort(mctx->thread, rlm_sql_thread_t);
2346 rlm_sql_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_sql_t);
2347
2348 if (inst->driver->sql_escape_arg_free) inst->driver->sql_escape_arg_free(t->sql_escape_arg);
2349
2350 return 0;
2351}
2352
2353/** Custom parser for sql call env queries
2354 *
2355 * Needed as the escape function needs to reference the correct SQL driver
2356 */
2357static int call_env_parse(TALLOC_CTX *ctx, void *out, tmpl_rules_t const *t_rules, CONF_ITEM *ci,
2358 call_env_ctx_t const *cec, UNUSED call_env_parser_t const *rule)
2359{
2360 rlm_sql_t const *inst = talloc_get_type_abort_const(cec->mi->data, rlm_sql_t);
2361 tmpl_t *parsed_tmpl;
2362 CONF_PAIR const *to_parse = cf_item_to_pair(ci);
2363 tmpl_rules_t our_rules = *t_rules;
2364
2365 /*
2366 * Set the sql module instance data as the uctx for escaping
2367 * and use the same "safe_for" as the sql module.
2368 */
2369 our_rules.escape.box_escape = (fr_value_box_escape_t) {
2370 .func = sql_box_escape,
2371 .safe_for = SQL_SAFE_FOR,
2372 .always_escape = false,
2373 };
2374 our_rules.escape.uctx.func.uctx = inst;
2375 our_rules.literals_safe_for = SQL_SAFE_FOR;
2376
2377 if (tmpl_afrom_substr(ctx, &parsed_tmpl,
2378 &FR_SBUFF_IN(cf_pair_value(to_parse), talloc_array_length(cf_pair_value(to_parse)) - 1),
2379 cf_pair_value_quote(to_parse), value_parse_rules_quoted[cf_pair_value_quote(to_parse)],
2380 &our_rules) < 0) return -1;
2381 *(void **)out = parsed_tmpl;
2382 return 0;
2383}
2384
2385#define QUERY_ESCAPE .pair.escape = { \
2386 .mode = TMPL_ESCAPE_PRE_CONCAT, \
2387 .uctx = { .func = { .alloc = sql_escape_uctx_alloc }, .type = TMPL_ESCAPE_UCTX_ALLOC_FUNC }, \
2388}, .pair.func = call_env_parse
2389
2402
2403/* globally exported name */
2404module_rlm_t rlm_sql = {
2405 .common = {
2406 .magic = MODULE_MAGIC_INIT,
2407 .name = "sql",
2408 .boot_size = sizeof(rlm_sql_boot_t),
2409 .boot_type = "rlm_sql_boot_t",
2410 .inst_size = sizeof(rlm_sql_t),
2411 .config = module_config,
2412 .bootstrap = mod_bootstrap,
2413 .instantiate = mod_instantiate,
2414 .detach = mod_detach,
2415 .thread_inst_size = sizeof(rlm_sql_thread_t),
2416 .thread_instantiate = mod_thread_instantiate,
2417 .thread_detach = mod_thread_detach,
2418 },
2419 .method_group = {
2420 .bindings = (module_method_binding_t[]){
2421 /*
2422 * Hack to support old configurations
2423 */
2424 { .section = SECTION_NAME("accounting", CF_IDENT_ANY), .method = mod_sql_redundant, .method_env = &accounting_method_env },
2425 { .section = SECTION_NAME("authorize", CF_IDENT_ANY), .method = mod_authorize, .method_env = &authorize_method_env },
2426
2427 { .section = SECTION_NAME("recv", CF_IDENT_ANY), .method = mod_authorize, .method_env = &authorize_method_env },
2428 { .section = SECTION_NAME("send", CF_IDENT_ANY), .method = mod_sql_redundant, .method_env = &send_method_env },
2429 MODULE_BINDING_TERMINATOR
2430 }
2431 }
2432};
unlang_action_t
unlang_action_t
Returned by unlang_op_t calls, determine the next action of the interpreter.
Definition action.h:35
UNLANG_ACTION_PUSHED_CHILD
@ UNLANG_ACTION_PUSHED_CHILD
unlang_t pushed a new child onto the stack, execute it instead of continuing.
Definition action.h:39
UNLANG_ACTION_FAIL
@ UNLANG_ACTION_FAIL
Encountered an unexpected error.
Definition action.h:36
UNLANG_ACTION_CALCULATE_RESULT
@ UNLANG_ACTION_CALCULATE_RESULT
Calculate a new section rlm_rcode_t value.
Definition action.h:37
buffer
static int const char char buffer[256]
Definition acutest.h:576
fr_atexit_thread_local
#define fr_atexit_thread_local(_name, _free, _uctx)
Definition atexit.h:221
RCSID
#define RCSID(id)
Definition build.h:485
FALL_THROUGH
#define FALL_THROUGH
clang 10 doesn't recognised the FALL-THROUGH comment anymore
Definition build.h:324
unlikely
#define unlikely(_x)
Definition build.h:383
UNUSED
#define UNUSED
Definition build.h:317
call_env_parsed_free
void call_env_parsed_free(call_env_parsed_head_t *parsed, call_env_parsed_t *ptr)
Remove a call_env_parsed_t from the list of parsed call envs.
Definition call_env.c:733
call_env_parsed_add
call_env_parsed_t * call_env_parsed_add(TALLOC_CTX *ctx, call_env_parsed_head_t *head, call_env_parser_t const *rule)
Allocate a new call_env_parsed_t structure and add it to the list of parsed call envs.
Definition call_env.c:646
call_env_parsed_set_multi_index
void call_env_parsed_set_multi_index(call_env_parsed_t *parsed, size_t count, size_t index)
Assign a count and index to a call_env_parsed_t.
Definition call_env.c:718
call_env_parsed_set_data
void call_env_parsed_set_data(call_env_parsed_t *parsed, void const *data)
Assign data to a call_env_parsed_t.
Definition call_env.c:703
call_env_parsed_set_tmpl
void call_env_parsed_set_tmpl(call_env_parsed_t *parsed, tmpl_t const *tmpl)
Assign a tmpl to a call_env_parsed_t.
Definition call_env.c:675
call_env_parsed_s
Definition call_env.c:43
CALL_ENV_TERMINATOR
#define CALL_ENV_TERMINATOR
Definition call_env.h:236
call_env_ctx_s::type
call_env_ctx_type_t type
Type of callenv ctx.
Definition call_env.h:227
CALL_ENV_CTX_TYPE_MODULE
@ CALL_ENV_CTX_TYPE_MODULE
The callenv is registered to a module method.
Definition call_env.h:222
FR_CALL_ENV_METHOD_OUT
#define FR_CALL_ENV_METHOD_OUT(_inst)
Helper macro for populating the size/type fields of a call_env_method_t from the output structure typ...
Definition call_env.h:240
call_env_method_s::env
call_env_parser_t const * env
Parsing rules for call method env.
Definition call_env.h:247
call_env_ctx_s::asked
section_name_t const * asked
The actual name1/name2 that resolved to a module_method_binding_t.
Definition call_env.h:232
CALL_ENV_FLAG_CONCAT
@ CALL_ENV_FLAG_CONCAT
If the tmpl produced multiple boxes they should be concatenated.
Definition call_env.h:76
CALL_ENV_FLAG_SUBSECTION
@ CALL_ENV_FLAG_SUBSECTION
This is a subsection.
Definition call_env.h:87
CALL_ENV_FLAG_PARSE_ONLY
@ CALL_ENV_FLAG_PARSE_ONLY
The result of parsing will not be evaluated at runtime.
Definition call_env.h:85
CALL_ENV_FLAG_MULTI
@ CALL_ENV_FLAG_MULTI
Multiple instances of the conf pairs are allowed.
Definition call_env.h:78
call_env_ctx_s::mi
module_instance_t const * mi
Module instance that the callenv is registered to.
Definition call_env.h:229
FR_CALL_ENV_SUBSECTION_FUNC
#define FR_CALL_ENV_SUBSECTION_FUNC(_name, _name2, _flags, _func)
Specify a call_env_parser_t which parses a subsection using a callback function.
Definition call_env.h:412
FR_CALL_ENV_OFFSET
#define FR_CALL_ENV_OFFSET(_name, _cast_type, _flags, _struct, _field)
Specify a call_env_parser_t which writes out runtime results to the specified field.
Definition call_env.h:340
FR_CALL_ENV_PARSE_ONLY_OFFSET
#define FR_CALL_ENV_PARSE_ONLY_OFFSET(_name, _cast_type, _flags, _struct, _parse_field)
Specify a call_env_parser_t which writes out the result of the parsing phase to the field specified.
Definition call_env.h:389
call_env_ctx_s
Definition call_env.h:226
call_env_method_s
Definition call_env.h:244
call_env_parser_s
Per method call config.
Definition call_env.h:180
CONF_PARSER_TERMINATOR
#define CONF_PARSER_TERMINATOR
Definition cf_parse.h:658
conf_parser_s::func
cf_parse_t func
Override default parsing behaviour for the specified type with a custom parsing function.
Definition cf_parse.h:612
FR_CONF_OFFSET
#define FR_CONF_OFFSET(_name, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition cf_parse.h:284
FR_CONF_OFFSET_FLAGS
#define FR_CONF_OFFSET_FLAGS(_name, _flags, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition cf_parse.h:272
FR_CONF_OFFSET_SUBSECTION
#define FR_CONF_OFFSET_SUBSECTION(_name, _flags, _struct, _field, _subcs)
conf_parser_t which populates a sub-struct using a CONF_SECTION
Definition cf_parse.h:313
CONF_FLAG_SECRET
@ CONF_FLAG_SECRET
Only print value if debug level >= 3.
Definition cf_parse.h:438
CONF_FLAG_HIDDEN
@ CONF_FLAG_HIDDEN
Used by scripts to omit items from the generated documentation.
Definition cf_parse.h:457
FR_CONF_OFFSET_TYPE_FLAGS
#define FR_CONF_OFFSET_TYPE_FLAGS(_name, _type, _flags, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition cf_parse.h:241
conf_parser_s
Defines a CONF_PAIR to C data type mapping.
Definition cf_parse.h:595
cf_item
Common header for all CONF_* types.
Definition cf_priv.h:49
cf_pair
Configuration AVP similar to a fr_pair_t.
Definition cf_priv.h:70
cf_section
A section grouping multiple CONF_PAIR.
Definition cf_priv.h:101
cf_pair_find_next
CONF_PAIR * cf_pair_find_next(CONF_SECTION const *cs, CONF_PAIR const *prev, char const *attr)
Find a pair with a name matching attr, after specified pair.
Definition cf_util.c:1453
cf_pair_count
unsigned int cf_pair_count(CONF_SECTION const *cs, char const *attr)
Count the number of times an attribute occurs in a parent section.
Definition cf_util.c:1520
cf_section_name2
char const * cf_section_name2(CONF_SECTION const *cs)
Return the second identifier of a CONF_SECTION.
Definition cf_util.c:1185
cf_section_find
CONF_SECTION * cf_section_find(CONF_SECTION const *cs, char const *name1, char const *name2)
Find a CONF_SECTION with name1 and optionally name2.
Definition cf_util.c:1028
cf_item_to_section
CONF_SECTION * cf_item_to_section(CONF_ITEM const *ci)
Cast a CONF_ITEM to a CONF_SECTION.
Definition cf_util.c:684
cf_pair_find
CONF_PAIR * cf_pair_find(CONF_SECTION const *cs, char const *attr)
Search for a CONF_PAIR with a specific name.
Definition cf_util.c:1439
cf_pair_value_quote
fr_token_t cf_pair_value_quote(CONF_PAIR const *pair)
Return the value (rhs) quoting of a pair.
Definition cf_util.c:1638
cf_item_to_pair
CONF_PAIR * cf_item_to_pair(CONF_ITEM const *ci)
Cast a CONF_ITEM to a CONF_PAIR.
Definition cf_util.c:664
cf_pair_value
char const * cf_pair_value(CONF_PAIR const *pair)
Return the value of a CONF_PAIR.
Definition cf_util.c:1594
cf_log_err
#define cf_log_err(_cf, _fmt,...)
Definition cf_util.h:289
cf_parent
#define cf_parent(_cf)
Definition cf_util.h:101
cf_canonicalize_error
#define cf_canonicalize_error(_ci, _slen, _msg, _str)
Definition cf_util.h:367
cf_log_perr
#define cf_log_perr(_cf, _fmt,...)
Definition cf_util.h:296
cf_log_warn
#define cf_log_warn(_cf, _fmt,...)
Definition cf_util.h:290
CF_IDENT_ANY
#define CF_IDENT_ANY
Definition cf_util.h:78
fr_dcursor_append
static int fr_dcursor_append(fr_dcursor_t *cursor, void *v)
Insert a single item at the end of the list.
Definition dcursor.h:406
fr_dcursor_s
Definition dcursor.h:93
MEM
#define MEM(x)
Definition debug.h:36
fr_dict_attr_search_by_qualified_oid
fr_dict_attr_t const * fr_dict_attr_search_by_qualified_oid(fr_dict_attr_err_t *err, fr_dict_t const *dict_def, char const *attr, bool internal, bool foreign))
Locate a qualified fr_dict_attr_t by its name and a dictionary qualifier.
Definition dict_util.c:3088
fr_dict_attr_add_name_only
int fr_dict_attr_add_name_only(fr_dict_t *dict, fr_dict_attr_t const *parent, char const *name, fr_type_t type, fr_dict_attr_flags_t const *flags))
Add an attribute to the dictionary.
Definition dict_util.c:1745
fr_dict_unconst
fr_dict_t * fr_dict_unconst(fr_dict_t const *dict)
Coerce to non-const.
Definition dict_util.c:4592
fr_dict_attr_by_name
fr_dict_attr_t const * fr_dict_attr_by_name(fr_dict_attr_err_t *err, fr_dict_attr_t const *parent, char const *attr))
Locate a fr_dict_attr_t by its name.
Definition dict_util.c:3270
fr_dict_root
fr_dict_attr_t const * fr_dict_root(fr_dict_t const *dict)
Return the root attribute of a dictionary.
Definition dict_util.c:2407
fr_dict_attr_autoload_t::out
fr_dict_attr_t const ** out
Where to write a pointer to the resolved fr_dict_attr_t.
Definition dict.h:272
fr_dict_autoload_t::out
fr_dict_t const ** out
Where to write a pointer to the loaded/resolved fr_dict_t.
Definition dict.h:285
in
static fr_slen_t in
Definition dict.h:831
fr_dict_attr_autoload_t
Specifies an attribute which must be present for the module to function.
Definition dict.h:271
fr_dict_autoload_t
Specifies a dictionary which must be loaded/loadable for the module to function.
Definition dict.h:284
value
Test enumeration values.
Definition dict_test.h:92
MODULE_MAGIC_INIT
#define MODULE_MAGIC_INIT
Stop people using different module/library/server versions together.
Definition dl_module.h:63
unlang_function_repeat_set
#define unlang_function_repeat_set(_request, _repeat)
Set a new repeat function for an existing function frame.
Definition function.h:89
unlang_function_push
#define unlang_function_push(_request, _func, _repeat, _signal, _sigmask, _top_frame, _uctx)
Push a generic function onto the unlang stack.
Definition function.h:111
sql_escape_xlat
static xlat_action_t sql_escape_xlat(UNUSED TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
Escape a value to make it SQL safe.
Definition rlm_sql.c:428
sql_group_xlat
static xlat_action_t sql_group_xlat(UNUSED TALLOC_CTX *ctx, UNUSED fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, UNUSED fr_value_box_list_t *in)
Check if the user is a member of a particular group.
Definition rlm_sql.c:1182
sql_modify_xlat
static xlat_action_t sql_modify_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
Execute an arbitrary SQL query, returning the number of rows affected.
Definition rlm_sql.c:640
sql_fetch_xlat
static xlat_action_t sql_fetch_xlat(UNUSED TALLOC_CTX *ctx, UNUSED fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
Execute an arbitrary SQL query, expecting results to be returned.
Definition rlm_sql.c:610
sql_xlat
static xlat_action_t sql_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
Execute an arbitrary SQL query.
Definition rlm_sql.c:552
unlang_interpret_frame_talloc_ctx
TALLOC_CTX * unlang_interpret_frame_talloc_ctx(request_t *request)
Get a talloc_ctx which is valid only for this frame.
Definition interpret.c:1418
UNLANG_SUB_FRAME
#define UNLANG_SUB_FRAME
Definition interpret.h:36
REXDENT
#define REXDENT()
Exdent (unindent) R* messages by one level.
Definition log.h:443
RWDEBUG
#define RWDEBUG(fmt,...)
Definition log.h:361
RDEBUG_ENABLED3
#define RDEBUG_ENABLED3
True if request debug level 1-3 messages are enabled.
Definition log.h:335
RDEBUG3
#define RDEBUG3(fmt,...)
Definition log.h:343
RWARN
#define RWARN(fmt,...)
Definition log.h:297
RERROR
#define RERROR(fmt,...)
Definition log.h:298
RPERROR
#define RPERROR(fmt,...)
Definition log.h:302
RPEDEBUG
#define RPEDEBUG(fmt,...)
Definition log.h:376
RINDENT
#define RINDENT()
Indent R* messages by one level.
Definition log.h:430
map_to_request
int map_to_request(request_t *request, map_t const *map, radius_map_getvalue_t func, void *ctx)
Convert map_t to fr_pair_t (s) and add them to a request_t.
Definition map.c:1867
rad_filename_box_make_safe
int rad_filename_box_make_safe(fr_value_box_t *vb, UNUSED void *uxtc)
Definition util.c:167
talloc_free
talloc_free(reap)
map_proc_register
int map_proc_register(TALLOC_CTX *ctx, void const *mod_inst, char const *name, map_proc_func_t evaluate, map_proc_instantiate_t instantiate, size_t inst_size, fr_value_box_safe_for_t literals_safe_for)
Register a map processor.
Definition map_proc.c:131
FR_TYPE_ETHERNET
@ FR_TYPE_ETHERNET
48 Bit Mac-Address.
Definition merged_model.c:93
FR_TYPE_STRING
@ FR_TYPE_STRING
String of printable characters.
Definition merged_model.c:83
FR_TYPE_UINT32
@ FR_TYPE_UINT32
32 Bit unsigned integer.
Definition merged_model.c:99
FR_TYPE_VOID
@ FR_TYPE_VOID
User data.
Definition merged_model.c:127
FR_TYPE_BOOL
@ FR_TYPE_BOOL
A truth value.
Definition merged_model.c:95
uint32_t
unsigned int uint32_t
Definition merged_model.c:33
ssize_t
long int ssize_t
Definition merged_model.c:24
uint8_t
unsigned char uint8_t
Definition merged_model.c:30
fr_dict_attr_t
Definition merged_model.c:133
fr_dict_t
Definition merged_model.c:198
fr_sbuff_t
Definition merged_model.c:37
fr_value_box_t
Definition merged_model.c:136
request_t
Definition merged_model.c:210
tmpl_t
Definition merged_model.c:225
fr_skip_whitespace
#define fr_skip_whitespace(_p)
Skip whitespace ('\t', '\n', '\v', '\f', '\r', ' ')
Definition misc.h:59
strncasecmp
int strncasecmp(char *s1, char *s2, int n)
Definition missing.c:36
strcasecmp
int strcasecmp(char *s1, char *s2)
Definition missing.c:66
module_ctx_t::env_data
void * env_data
Per call environment data.
Definition module_ctx.h:44
module_ctx_t::mi
module_instance_t const * mi
Instance of the module being instantiated.
Definition module_ctx.h:42
module_ctx_t::thread
void * thread
Thread specific instance data.
Definition module_ctx.h:43
module_thread_inst_ctx_t::el
fr_event_list_t * el
Event list to register any IO handlers and timers against.
Definition module_ctx.h:68
module_detach_ctx_t::mi
module_instance_t * mi
Module instance to detach.
Definition module_ctx.h:57
module_thread_inst_ctx_t::thread
void * thread
Thread instance data.
Definition module_ctx.h:67
module_thread_inst_ctx_t::mi
module_instance_t const * mi
Instance of the module being instantiated.
Definition module_ctx.h:64
module_inst_ctx_t::mi
module_instance_t * mi
Instance of the module being instantiated.
Definition module_ctx.h:51
module_ctx_t
Temporary structure to hold arguments for module calls.
Definition module_ctx.h:41
module_detach_ctx_t
Temporary structure to hold arguments for detach calls.
Definition module_ctx.h:56
module_inst_ctx_t
Temporary structure to hold arguments for instantiation calls.
Definition module_ctx.h:50
module_thread_inst_ctx_t
Temporary structure to hold arguments for thread_instantiation calls.
Definition module_ctx.h:63
module_rlm_xlat_register
xlat_t * module_rlm_xlat_register(TALLOC_CTX *ctx, module_inst_ctx_t const *mctx, char const *name, xlat_func_t func, fr_type_t return_type)
Definition module_rlm.c:257
module_rlm_exfile_init
exfile_t * module_rlm_exfile_init(TALLOC_CTX *ctx, CONF_SECTION *module, uint32_t max_entries, fr_time_delta_t max_idle, bool locking, char const *trigger_prefix, fr_pair_list_t *trigger_args)
Initialise a module specific exfile handle.
Definition module_rlm.c:116
module_rlm_submodule_parse
int module_rlm_submodule_parse(TALLOC_CTX *ctx, void *out, void *parent, CONF_ITEM *ci, conf_parser_t const *rule)
Generic conf_parser_t func for loading drivers.
Definition module_rlm.c:950
module_rlm_s::common
module_t common
Common fields presented by all modules.
Definition module_rlm.h:39
module_rlm_s
Definition module_rlm.h:38
fr_pair_value_strdup
int fr_pair_value_strdup(fr_pair_t *vp, char const *src, bool tainted)
Copy data into an "string" data type.
Definition pair.c:2637
fr_pair_value_from_str
int fr_pair_value_from_str(fr_pair_t *vp, char const *value, size_t inlen, fr_sbuff_unescape_rules_t const *uerules, UNUSED bool tainted)
Convert string value to native attribute value.
Definition pair.c:2591
fr_pair_find_by_da
fr_pair_t * fr_pair_find_by_da(fr_pair_list_t const *list, fr_pair_t const *prev, fr_dict_attr_t const *da)
Find the first pair with a matching da.
Definition pair.c:695
fr_pair_afrom_da_nested
fr_pair_t * fr_pair_afrom_da_nested(TALLOC_CTX *ctx, fr_pair_list_t *list, fr_dict_attr_t const *da)
Create a pair (and all intermediate parents), and append it to the list.
Definition pair.c:469
radius_legacy_map_cmp
int radius_legacy_map_cmp(request_t *request, map_t const *map)
Definition pairmove.c:791
radius_legacy_map_list_apply
int radius_legacy_map_list_apply(request_t *request, map_list_t const *list, fr_edit_list_t *el)
Definition pairmove.c:772
fr_utf8_char
size_t fr_utf8_char(uint8_t const *str, ssize_t inlen)
Checks for utf-8, taken from http://www.w3.org/International/questions/qa-forms-utf-8.
Definition print.c:39
fr_assert
#define fr_assert(_expr)
Definition rad_assert.h:38
pair_update_request
#define pair_update_request(_attr, _da)
Definition radclient-ng.c:60
REDEBUG
#define REDEBUG(fmt,...)
Definition radclient.h:52
RDEBUG2
#define RDEBUG2(fmt,...)
Definition radclient.h:54
WARN
#define WARN(fmt,...)
Definition radclient.h:47
thread_detach
static void thread_detach(UNUSED void *uctx)
Explicitly cleanup module/xlat resources.
Definition radiusd.c:150
thread_instantiate
static int thread_instantiate(TALLOC_CTX *ctx, fr_event_list_t *el, UNUSED void *uctx)
Create module and xlat per-thread instances.
Definition radiusd.c:133
conf
static rs_t * conf
Definition radsniff.c:53
RETURN_MODULE_NOOP
#define RETURN_MODULE_NOOP
Definition rcode.h:62
RETURN_MODULE_RCODE
#define RETURN_MODULE_RCODE(_rcode)
Definition rcode.h:64
RETURN_MODULE_INVALID
#define RETURN_MODULE_INVALID
Definition rcode.h:59
RLM_MODULE_USER_SECTION_REJECT
#define RLM_MODULE_USER_SECTION_REJECT
Rcodes that translate to a user configurable section failing overall.
Definition rcode.h:72
RETURN_MODULE_OK
#define RETURN_MODULE_OK
Definition rcode.h:57
RETURN_MODULE_FAIL
#define RETURN_MODULE_FAIL
Definition rcode.h:56
rlm_rcode_t
rlm_rcode_t
Return codes indicating the result of the module call.
Definition rcode.h:40
RLM_MODULE_OK
@ RLM_MODULE_OK
The module is OK, continue.
Definition rcode.h:43
RLM_MODULE_FAIL
@ RLM_MODULE_FAIL
Module failed, don't reply.
Definition rcode.h:42
RLM_MODULE_NOTFOUND
@ RLM_MODULE_NOTFOUND
User not found.
Definition rcode.h:47
RLM_MODULE_UPDATED
@ RLM_MODULE_UPDATED
OK (pairs modified).
Definition rcode.h:49
RLM_MODULE_NOOP
@ RLM_MODULE_NOOP
Module succeeded without doing anything.
Definition rcode.h:48
RETURN_MODULE_NOTFOUND
#define RETURN_MODULE_NOTFOUND
Definition rcode.h:61
request_attr_request
fr_dict_attr_t const * request_attr_request
Definition request.c:45
request_attr_reply
fr_dict_attr_t const * request_attr_reply
Definition request.c:46
request_data_get
void * request_data_get(request_t *request, void const *unique_ptr, int unique_int)
Get opaque data from a request.
Definition request_data.c:292
name
static char const * name
Definition rlm_redis_ippool_tool.c:156
sql_group_xlat_call_env_t::user
fr_value_box_t user
Definition rlm_sql.c:251
mod_autz_group_resume
static unlang_action_t mod_autz_group_resume(rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
Resume function called after authorization group / profile expansion of check / reply query tmpl.
Definition rlm_sql.c:1284
sql_redundant_ctx_t::inst
rlm_sql_t const * inst
Module instance.
Definition rlm_sql.c:240
sql_map_verify
static int sql_map_verify(CONF_SECTION *cs, UNUSED void const *mod_inst, UNUSED void *proc_inst, tmpl_t const *src, UNUSED map_list_t const *maps)
Definition rlm_sql.c:699
mod_detach
static int mod_detach(module_detach_ctx_t const *mctx)
Definition rlm_sql.c:2068
sql_group_ctx_t::query_ctx
fr_sql_query_t * query_ctx
Query context.
Definition rlm_sql.c:177
sql_group_xlat_ctx_t::group_ctx
sql_group_ctx_t * group_ctx
Definition rlm_sql.c:1110
mod_sql_redundant_resume
static unlang_action_t mod_sql_redundant_resume(rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
Resume function called after expansion of next query in a redundant list of queries.
Definition rlm_sql.c:1840
sql_map_ctx_t::inst
rlm_sql_t const * inst
Definition rlm_sql.c:206
sql_group_xlat_call_env_t::membership_query
tmpl_t * membership_query
Definition rlm_sql.c:252
sql_group_ctx_t::inst
rlm_sql_t const * inst
Module instance.
Definition rlm_sql.c:175
sql_redundant_ctx_t::call_env
sql_redundant_call_env_t * call_env
Call environment data.
Definition rlm_sql.c:243
QUERY_ESCAPE
#define QUERY_ESCAPE
Definition rlm_sql.c:2385
sql_autz_call_env_t::check_query
tmpl_t * check_query
Tmpl to expand to form authorize_check_query.
Definition rlm_sql.c:112
fall_through
static sql_fall_through_t fall_through(map_list_t *maps)
Definition rlm_sql.c:305
sql_autz_ctx_t::group
rlm_sql_grouplist_t * group
Current group being processed.
Definition rlm_sql.c:195
sql_redundant_call_env_t::filename
fr_value_box_t filename
File name to write SQL logs to.
Definition rlm_sql.c:213
_sql_map_proc_get_value
static int _sql_map_proc_get_value(TALLOC_CTX *ctx, fr_pair_list_t *out, request_t *request, map_t const *map, void *uctx)
Converts a string value into a fr_pair_t.
Definition rlm_sql.c:674
sql_redundant_ctx_t::request
request_t * request
Request being processed.
Definition rlm_sql.c:241
sql_redundant_ctx_t::query_no
size_t query_no
Current query number.
Definition rlm_sql.c:244
authorize_method_env
static const call_env_method_t authorize_method_env
Definition rlm_sql.c:2390
sql_autz_call_env_t::reply_query
tmpl_t * reply_query
Tmpl to expand to form authorize_reply_query.
Definition rlm_sql.c:113
mod_map_resume
static unlang_action_t mod_map_resume(rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
Process the results of an SQL map query.
Definition rlm_sql.c:721
_sql_escape_uxtx_free
static int _sql_escape_uxtx_free(void *uctx)
Definition rlm_sql.c:278
attr_sql_user_name
static fr_dict_attr_t const * attr_sql_user_name
Definition rlm_sql.c:97
SQL_SAFE_FOR
#define SQL_SAFE_FOR
Definition rlm_sql.c:47
check_map_process
static int check_map_process(request_t *request, map_list_t *check_map, map_list_t *reply_map)
Process a "check" map.
Definition rlm_sql.c:1219
sql_unset_user
#define sql_unset_user(_i, _r)
Definition rlm_sql.c:1045
attr_fall_through
static fr_dict_attr_t const * attr_fall_through
Definition rlm_sql.c:96
logfile_call_env_parse
static int logfile_call_env_parse(TALLOC_CTX *ctx, call_env_parsed_head_t *out, tmpl_rules_t const *t_rules, CONF_ITEM *cc, call_env_ctx_t const *cec, call_env_parser_t const *rule)
dict_freeradius
static fr_dict_t const * dict_freeradius
Definition rlm_sql.c:88
sql_group_xlat_resume
static xlat_action_t sql_group_xlat_resume(UNUSED TALLOC_CTX *ctx, UNUSED fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, UNUSED fr_value_box_list_t *in)
Run SQL query for group membership to return list of groups.
Definition rlm_sql.c:1147
sql_autz_ctx_t::map_ctx
fr_sql_map_ctx_t * map_ctx
Context used for retrieving attribute value pairs as a map list.
Definition rlm_sql.c:198
sql_xlat_select_resume
static xlat_action_t sql_xlat_select_resume(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, UNUSED fr_value_box_list_t *in)
Definition rlm_sql.c:486
sql_set_user
static void sql_set_user(rlm_sql_t const *inst, request_t *request, fr_value_box_t *user)
Definition rlm_sql.c:1023
call_env_parse
static int call_env_parse(TALLOC_CTX *ctx, void *out, tmpl_rules_t const *t_rules, CONF_ITEM *ci, call_env_ctx_t const *cec, UNUSED call_env_parser_t const *rule)
Custom parser for sql call env queries.
Definition rlm_sql.c:2357
sql_group_ctx_t::groups
rlm_sql_grouplist_t * groups
List of groups retrieved.
Definition rlm_sql.c:178
sql_xlat_call_env_t::filename
fr_value_box_t filename
Definition rlm_sql.c:126
sql_group_xlat_query_resume
static xlat_action_t sql_group_xlat_query_resume(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, UNUSED request_t *request, fr_value_box_list_t *in)
Compare list of groups returned from SQL query to xlat argument.
Definition rlm_sql.c:1117
attr_expr_bool_enum
static fr_dict_attr_t const * attr_expr_bool_enum
Definition rlm_sql.c:99
sql_autz_call_env_t::user
fr_value_box_t user
Expansion of the sql_user_name.
Definition rlm_sql.c:111
sql_autz_ctx_t::sql_group
fr_pair_t * sql_group
Pair to update with group being processed.
Definition rlm_sql.c:196
sql_redundant_ctx_t::trunk
trunk_t * trunk
Trunk connection for queries.
Definition rlm_sql.c:242
SQL_AUTZ_STAGE_PROFILE
#define SQL_AUTZ_STAGE_PROFILE
Definition rlm_sql.c:170
sql_xlat_query_resume
static xlat_action_t sql_xlat_query_resume(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, UNUSED fr_value_box_list_t *in)
Definition rlm_sql.c:445
mod_sql_redundant
static unlang_action_t mod_sql_redundant(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
Generic module call for failing between a bunch of queries.
Definition rlm_sql.c:1866
sql_autz_ctx_t::check_tmp
map_list_t check_tmp
List to store check items before processing.
Definition rlm_sql.c:190
submodule_parse
static int submodule_parse(TALLOC_CTX *ctx, void *out, void *parent, CONF_ITEM *ci, conf_parser_t const *rule)
Definition rlm_sql.c:264
mod_bootstrap
static int mod_bootstrap(module_inst_ctx_t const *mctx)
Definition rlm_sql.c:2180
sql_group_ctx_t::query
fr_value_box_t * query
Query string used for evaluating group membership.
Definition rlm_sql.c:176
sql_map_ctx_t::query_ctx
fr_sql_query_t * query_ctx
Definition rlm_sql.c:208
sql_autz_ctx_t::call_env
sql_autz_call_env_t * call_env
Call environment data.
Definition rlm_sql.c:189
rlm_sql
module_rlm_t rlm_sql
Definition rlm_sql.c:2404
xlat_method_env
static const call_env_method_t xlat_method_env
Definition rlm_sql.c:129
sql_autz_status_t
sql_autz_status_t
Status of the authorization process.
Definition rlm_sql.c:151
SQL_AUTZ_PROFILE_REPLY
@ SQL_AUTZ_PROFILE_REPLY
Running profile reply query.
Definition rlm_sql.c:165
SQL_AUTZ_CHECK
@ SQL_AUTZ_CHECK
Running user check query.
Definition rlm_sql.c:152
SQL_AUTZ_GROUP_MEMB_RESUME
@ SQL_AUTZ_GROUP_MEMB_RESUME
Completed group membership query.
Definition rlm_sql.c:157
SQL_AUTZ_REPLY
@ SQL_AUTZ_REPLY
Running user reply query.
Definition rlm_sql.c:154
SQL_AUTZ_GROUP_MEMB
@ SQL_AUTZ_GROUP_MEMB
Running group membership query.
Definition rlm_sql.c:156
SQL_AUTZ_PROFILE_REPLY_RESUME
@ SQL_AUTZ_PROFILE_REPLY_RESUME
Completed profile reply query.
Definition rlm_sql.c:166
SQL_AUTZ_PROFILE_CHECK_RESUME
@ SQL_AUTZ_PROFILE_CHECK_RESUME
Completed profile check query.
Definition rlm_sql.c:164
SQL_AUTZ_CHECK_RESUME
@ SQL_AUTZ_CHECK_RESUME
Completed user check query.
Definition rlm_sql.c:153
SQL_AUTZ_PROFILE_START
@ SQL_AUTZ_PROFILE_START
Starting processing user profiles.
Definition rlm_sql.c:162
SQL_AUTZ_GROUP_REPLY_RESUME
@ SQL_AUTZ_GROUP_REPLY_RESUME
Completed group reply query.
Definition rlm_sql.c:161
SQL_AUTZ_REPLY_RESUME
@ SQL_AUTZ_REPLY_RESUME
Completed user reply query.
Definition rlm_sql.c:155
SQL_AUTZ_GROUP_CHECK
@ SQL_AUTZ_GROUP_CHECK
Running group check query.
Definition rlm_sql.c:158
SQL_AUTZ_PROFILE_CHECK
@ SQL_AUTZ_PROFILE_CHECK
Running profile check query.
Definition rlm_sql.c:163
SQL_AUTZ_GROUP_REPLY
@ SQL_AUTZ_GROUP_REPLY
Running group reply query.
Definition rlm_sql.c:160
SQL_AUTZ_GROUP_CHECK_RESUME
@ SQL_AUTZ_GROUP_CHECK_RESUME
Completed group check query.
Definition rlm_sql.c:159
sql_xlat_escape
static int sql_xlat_escape(request_t *request, fr_value_box_t *vb, void *uctx)
Escape a tainted VB used as an xlat argument.
Definition rlm_sql.c:344
sql_autz_ctx_t::inst
rlm_sql_t const * inst
Module instance.
Definition rlm_sql.c:185
SQL_AUTZ_STAGE_GROUP
#define SQL_AUTZ_STAGE_GROUP
Definition rlm_sql.c:169
sql_autz_call_env_t::group_reply_query
tmpl_t * group_reply_query
Tmpl to expand to form authorize_group_reply_query.
Definition rlm_sql.c:116
sql_autz_call_env_t::group_check_query
tmpl_t * group_check_query
Tmpl to expand to form authorize_group_check_query.
Definition rlm_sql.c:115
sql_group_ctx_t::num_groups
int num_groups
How many groups have been retrieved.
Definition rlm_sql.c:179
sql_autz_ctx_free
static int sql_autz_ctx_free(sql_autz_ctx_t *to_free)
Definition rlm_sql.c:1257
mod_sql_redundant_query_resume
static unlang_action_t mod_sql_redundant_query_resume(rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
Resume function called after executing an SQL query in a redundant list of queries.
Definition rlm_sql.c:1759
mod_map_proc
static unlang_action_t mod_map_proc(rlm_rcode_t *p_result, void const *mod_inst, UNUSED void *proc_inst, request_t *request, fr_value_box_list_t *query, map_list_t const *maps)
Executes a SELECT query and maps the result to server attributes.
Definition rlm_sql.c:861
sql_autz_ctx_t::trunk
trunk_t * trunk
Trunk connection for current authorization.
Definition rlm_sql.c:188
sql_redundant_ctx_t::query_vb
fr_value_box_t * query_vb
Current query string.
Definition rlm_sql.c:246
sql_redundant_ctx_t::query
fr_value_box_list_t query
Where expanded query tmpl will be written.
Definition rlm_sql.c:245
sql_autz_ctx_t::reply_tmp
map_list_t reply_tmp
List to store reply items before processing.
Definition rlm_sql.c:191
mod_authorize
static unlang_action_t mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
Start of module authorize method.
Definition rlm_sql.c:1671
sql_autz_ctx_t::status
sql_autz_status_t status
Current status of the authorization.
Definition rlm_sql.c:192
sql_autz_ctx_t::request
request_t * request
Request being processed.
Definition rlm_sql.c:186
sql_autz_ctx_t::profile
fr_pair_t * profile
Current profile being processed.
Definition rlm_sql.c:197
MAX_SQL_FIELD_INDEX
#define MAX_SQL_FIELD_INDEX
Definition rlm_sql.c:711
rlm_sql_dict_attr
fr_dict_attr_autoload_t rlm_sql_dict_attr[]
Definition rlm_sql.c:102
sql_group_xlat_ctx_t::query
fr_value_box_list_t query
Definition rlm_sql.c:1109
mod_thread_instantiate
static int mod_thread_instantiate(module_thread_inst_ctx_t const *mctx)
Initialise thread specific data structure.
Definition rlm_sql.c:2324
sql_escape_uctx_alloc
static void * sql_escape_uctx_alloc(UNUSED request_t *request, void const *uctx)
Definition rlm_sql.c:287
sql_redundant_ctx_t::query_ctx
fr_sql_query_t * query_ctx
Query context for current query.
Definition rlm_sql.c:247
sql_autz_ctx_t::rcode
rlm_rcode_t rcode
Module return code.
Definition rlm_sql.c:187
sql_redundant_call_env_t::query
tmpl_t ** query
Array of tmpls for list of queries to run.
Definition rlm_sql.c:214
rlm_sql_grouplist_s::next
rlm_sql_grouplist_t * next
Definition rlm_sql.c:1050
accounting_method_env
static const call_env_method_t accounting_method_env
Definition rlm_sql.c:217
sql_redundant_ctx_free
static int sql_redundant_ctx_free(sql_redundant_ctx_t *to_free)
Tidy up when freeing an SQL redundant context.
Definition rlm_sql.c:1741
group_xlat_method_env
static const call_env_method_t group_xlat_method_env
Definition rlm_sql.c:255
sql_autz_ctx_t::group_ctx
sql_group_ctx_t * group_ctx
Context used for retrieving user group membership.
Definition rlm_sql.c:199
sql_autz_call_env_t::membership_query
tmpl_t * membership_query
Tmpl to expand to form group_membership_query.
Definition rlm_sql.c:114
sql_box_escape
static int sql_box_escape(fr_value_box_t *vb, void *uctx)
Definition rlm_sql.c:415
module_config
static const conf_parser_t module_config[]
Definition rlm_sql.c:57
rlm_sql_grouplist_s::name
char * name
Definition rlm_sql.c:1049
sql_autz_ctx_t::query
fr_value_box_list_t query
Where expanded query tmpls will be written.
Definition rlm_sql.c:193
sql_autz_ctx_t::user_found
bool user_found
Has the user been found anywhere?
Definition rlm_sql.c:194
attr_user_profile
static fr_dict_attr_t const * attr_user_profile
Definition rlm_sql.c:98
send_method_env
static const call_env_method_t send_method_env
Definition rlm_sql.c:227
rlm_sql_dict
fr_dict_autoload_t rlm_sql_dict[]
Definition rlm_sql.c:91
rlm_sql_boot_t::group_da
fr_dict_attr_t const * group_da
Definition rlm_sql.c:54
mod_thread_detach
static int mod_thread_detach(module_thread_inst_ctx_t const *mctx)
Definition rlm_sql.c:2343
mod_instantiate
static int mod_instantiate(module_inst_ctx_t const *mctx)
Definition rlm_sql.c:2085
sql_redundant_call_env_t::user
fr_value_box_t user
Expansion of sql_user_name.
Definition rlm_sql.c:212
query_call_env_parse
static int query_call_env_parse(TALLOC_CTX *ctx, call_env_parsed_head_t *out, tmpl_rules_t const *t_rules, CONF_ITEM *cc, call_env_ctx_t const *cec, call_env_parser_t const *rule)
sql_get_grouplist_resume
static unlang_action_t sql_get_grouplist_resume(rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
Definition rlm_sql.c:1053
sql_escape_func
static ssize_t sql_escape_func(request_t *, char *out, size_t outlen, char const *in, void *arg)
sql_get_grouplist
static unlang_action_t sql_get_grouplist(sql_group_ctx_t *group_ctx, trunk_t *trunk, request_t *request)
Definition rlm_sql.c:1092
sql_map_ctx_t::maps
map_list_t const * maps
Definition rlm_sql.c:207
mod_authorize_resume
static unlang_action_t mod_authorize_resume(rlm_rcode_t *p_result, int *priority, request_t *request, void *uctx)
Resume function called after authorization check / reply tmpl expansion.
Definition rlm_sql.c:1515
rlm_sql_boot_t
Definition rlm_sql.c:53
rlm_sql_grouplist_s
Definition rlm_sql.c:1048
sql_autz_call_env_t
Definition rlm_sql.c:110
sql_autz_ctx_t
Context for SQL authorization.
Definition rlm_sql.c:184
sql_group_ctx_t
Context for group membership query evaluation.
Definition rlm_sql.c:174
sql_group_xlat_call_env_t
Definition rlm_sql.c:250
sql_group_xlat_ctx_t
Definition rlm_sql.c:1108
sql_map_ctx_t
Context for SQL maps.
Definition rlm_sql.c:205
sql_redundant_call_env_t
Definition rlm_sql.c:211
sql_redundant_ctx_t
Context for tracking redundant SQL query sets.
Definition rlm_sql.c:239
sql_xlat_call_env_t
Definition rlm_sql.c:125
rlm_sql.h
Prototypes and functions for the SQL module.
fr_sql_query_alloc
fr_sql_query_t * fr_sql_query_alloc(TALLOC_CTX *ctx, rlm_sql_t const *inst, request_t *request, trunk_t *trunk, char const *query_str, fr_sql_query_type_t type)
Allocate an sql query structure.
Definition sql.c:184
rlm_sql_thread_t::trunk
trunk_t * trunk
Trunk connection for this thread.
Definition rlm_sql.h:110
rlm_sql_thread_t::inst
rlm_sql_t const * inst
Module instance data.
Definition rlm_sql.h:111
RLM_SQL_MULTI_QUERY_CONN
#define RLM_SQL_MULTI_QUERY_CONN
Can support multiple queries on a single connection.
Definition rlm_sql.h:169
fr_sql_query_t::type
fr_sql_query_type_t type
Type of query.
Definition rlm_sql.h:139
rlm_sql_fetch_row
unlang_action_t rlm_sql_fetch_row(rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
Call the driver's sql_fetch_row function.
Definition sql.c:80
rlm_sql_query_log
void rlm_sql_query_log(rlm_sql_t const *inst, char const *filename, char const *query)
Definition sql.c:362
fr_sql_query_t::inst
rlm_sql_t const * inst
Module instance for this query.
Definition rlm_sql.h:133
sql_get_map_list
unlang_action_t sql_get_map_list(request_t *request, fr_sql_map_ctx_t *map_ctx, trunk_t *trunk)
Submit the query to get any user / group check or reply pairs.
Definition sql.c:345
sql_rcode_t
sql_rcode_t
Action to take at end of an SQL query.
Definition rlm_sql.h:44
RLM_SQL_QUERY_INVALID
@ RLM_SQL_QUERY_INVALID
Query syntax error.
Definition rlm_sql.h:45
RLM_SQL_ALT_QUERY
@ RLM_SQL_ALT_QUERY
Key constraint violation, use an alternative query.
Definition rlm_sql.h:49
RLM_SQL_RECONNECT
@ RLM_SQL_RECONNECT
Stale connection, should reconnect.
Definition rlm_sql.h:48
RLM_SQL_ERROR
@ RLM_SQL_ERROR
General connection/server error.
Definition rlm_sql.h:46
RLM_SQL_OK
@ RLM_SQL_OK
Success.
Definition rlm_sql.h:47
RLM_SQL_NO_MORE_ROWS
@ RLM_SQL_NO_MORE_ROWS
No more rows available.
Definition rlm_sql.h:50
SQL_QUERY_SELECT
@ SQL_QUERY_SELECT
Definition rlm_sql.h:116
SQL_QUERY_OTHER
@ SQL_QUERY_OTHER
Definition rlm_sql.h:117
rlm_sql_trunk_query
unlang_action_t rlm_sql_trunk_query(rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
Submit an SQL query using a trunk connection.
Definition sql.c:235
fr_sql_map_ctx_t::ctx
TALLOC_CTX * ctx
To allocate map entries in.
Definition rlm_sql.h:149
rlm_sql_thread_t::sql_escape_arg
void * sql_escape_arg
Thread specific argument to be passed to escape function.
Definition rlm_sql.h:112
sql_fall_through_t
sql_fall_through_t
Definition rlm_sql.h:53
FALL_THROUGH_DEFAULT
@ FALL_THROUGH_DEFAULT
Definition rlm_sql.h:56
FALL_THROUGH_YES
@ FALL_THROUGH_YES
Definition rlm_sql.h:55
rlm_sql_row_t
char ** rlm_sql_row_t
Definition rlm_sql.h:59
fr_sql_map_ctx_t::rows
int rows
How many rows the query returned.
Definition rlm_sql.h:155
rlm_sql_print_error
void rlm_sql_print_error(rlm_sql_t const *inst, request_t *request, fr_sql_query_t *query_ctx, bool force_debug)
Retrieve any errors from the SQL driver.
Definition sql.c:123
fr_sql_query_t::row
rlm_sql_row_t row
Row data from the last query.
Definition rlm_sql.h:142
fr_sql_query_t::rcode
sql_rcode_t rcode
Result code.
Definition rlm_sql.h:141
fr_sql_map_ctx_t::query
fr_value_box_t * query
Query string used for fetching pairs.
Definition rlm_sql.h:151
rlm_sql_escape_uctx_t::sql
rlm_sql_t const * sql
Definition rlm_sql.h:193
sql_rcode_description_table
fr_table_num_sorted_t const sql_rcode_description_table[]
Definition sql.c:45
fr_sql_map_ctx_t
Context used when fetching attribute value pairs as a map list.
Definition rlm_sql.h:148
fr_sql_query_t
Definition rlm_sql.h:132
rlm_sql_config_t
Definition rlm_sql.h:73
rlm_sql_escape_uctx_t
Definition rlm_sql.h:192
rlm_sql_thread_t
Definition rlm_sql.h:109
fr_sbuff_trim_talloc
int fr_sbuff_trim_talloc(fr_sbuff_t *sbuff, size_t len)
Trim a talloced sbuff to the minimum length required to represent the contained string.
Definition sbuff.c:419
FR_SBUFF_IN
#define FR_SBUFF_IN(_start, _len_or_end)
fr_sbuff_buff
#define fr_sbuff_buff(_sbuff_or_marker)
fr_sbuff_uctx_talloc_t
Talloc sbuff extension structure.
Definition sbuff.h:139
section_name_str
static char const * section_name_str(char const *name)
Return a printable string for the section name.
Definition section.h:98
SECTION_NAME
#define SECTION_NAME(_name1, _name2)
Define a section name consisting of a verb and a noun.
Definition section.h:40
section_name_t::name2
char const * name2
Second section name. Usually a packet type like 'access-request', 'access-accept',...
Definition section.h:46
section_name_t::name1
char const * name1
First section name. Usually a verb like 'recv', 'send', etc...
Definition section.h:45
module_instance_s::name
char const * name
Instance name e.g. user_database.
Definition module.h:335
module_instance_s::conf
CONF_SECTION * conf
Module's instance configuration.
Definition module.h:329
module_instance_s::data
void * data
Module's instance data.
Definition module.h:271
module_instance_s::boot
void * boot
Data allocated during the boostrap phase.
Definition module.h:274
module_thread_instance_s::data
void * data
Thread specific instance data.
Definition module.h:352
module_thread
static module_thread_instance_t * module_thread(module_instance_t const *mi)
Retrieve module/thread specific instance for a module.
Definition module.h:481
MODULE_BINDING_TERMINATOR
#define MODULE_BINDING_TERMINATOR
Terminate a module binding list.
Definition module.h:151
module_s::boot_size
size_t boot_size
Size of the module's bootstrap data.
Definition module.h:200
module_instance_s::exported
module_t * exported
Public module structure.
Definition module.h:276
module_instance_s
Module instance data.
Definition module.h:265
module_method_binding_s
Named methods exported by a module.
Definition module.h:173
pair_append_control
#define pair_append_control(_attr, _da)
Allocate and append a fr_pair_t to the control list.
Definition pair.h:57
pair_delete_request
#define pair_delete_request(_pair_or_da)
Delete a fr_pair_t in the request list.
Definition pair.h:172
tmpl_rules_s::escape
tmpl_escape_t escape
How escaping should be handled during evaluation.
Definition tmpl.h:354
tmpl_resolve
int tmpl_resolve(tmpl_t *vpt, tmpl_res_rules_t const *tr_rules))
Attempt to resolve functions and attributes in xlats and attribute references.
Definition tmpl_tokenize.c:4199
tmpl_value
#define tmpl_value(_tmpl)
Definition tmpl.h:942
tmpl_rules_s::literals_safe_for
fr_value_box_safe_for_t literals_safe_for
safe_for value assigned to literal values in xlats, execs, and data.
Definition tmpl.h:352
tmpl_is_attr
#define tmpl_is_attr(vpt)
Definition tmpl.h:213
tmpl_afrom_substr
ssize_t tmpl_afrom_substr(TALLOC_CTX *ctx, tmpl_t **out, fr_sbuff_t *in, fr_token_t quote, fr_sbuff_parse_rules_t const *p_rules, tmpl_rules_t const *t_rules))
Convert an arbitrary string into a tmpl_t.
Definition tmpl_tokenize.c:3175
tmpl_is_data
#define tmpl_is_data(vpt)
Definition tmpl.h:211
tmpl_expand
#define tmpl_expand(_out, _buff, _buff_len, _request, _vpt)
Expand a tmpl to a C type, using existing storage to hold variably sized types.
Definition tmpl.h:1057
tmpl_value_type
#define tmpl_value_type(_tmpl)
Definition tmpl.h:944
tmpl_rules_s::attr
tmpl_attr_rules_t attr
Rules/data for parsing attribute references.
Definition tmpl.h:340
tmpl_attr_tail_da
static fr_dict_attr_t const * tmpl_attr_tail_da(tmpl_t const *vpt)
Return the last attribute reference da.
Definition tmpl.h:806
tmpl_needs_resolving
#define tmpl_needs_resolving(vpt)
Definition tmpl.h:228
tmpl_res_rules_s
Similar to tmpl_rules_t, but used to specify parameters that may change during subsequent resolution ...
Definition tmpl.h:369
tmpl_rules_s
Optional arguments passed to vp_tmpl functions.
Definition tmpl.h:337
snprintf
PUBLIC int snprintf(char *string, size_t length, char *format, va_alist)
Definition snprintf.c:689
count
return count
Definition module.c:163
module_instantiate
int module_instantiate(module_instance_t *instance)
Manually complete module setup by calling its instantiate function.
Definition module.c:1197
inst
eap_aka_sim_process_conf_t * inst
Definition state_machine.c:3620
fr_pair_value_bstrdup_buffer
fr_pair_value_bstrdup_buffer(vp, eap_session->identity, true)
vp
fr_pair_t * vp
Definition state_machine.c:2262
eap_aka_sim_process_conf_t::type
eap_type_t type
The preferred EAP-Type of this instance of the EAP-SIM/AKA/AKA' state machine.
Definition state_machine.h:188
map_s
Value pair map.
Definition map.h:77
map_s::op
fr_token_t op
The operator that controls insertion of the dst attribute.
Definition map.h:82
map_s::lhs
tmpl_t * lhs
Typically describes the attribute to add, modify or compare.
Definition map.h:78
map_s::rhs
tmpl_t * rhs
Typically describes a literal value or a src attribute to copy or compare.
Definition map.h:79
pair_list_s
Definition pair.h:52
rlm_sql_driver_t
Definition rlm_sql.h:196
sql_inst
Definition rlm_sql.h:223
sql_inst::sql_escape_arg
void * sql_escape_arg
Instance specific argument to be passed to escape function.
Definition rlm_sql.h:235
tmpl_attr_rules_s::dict_def
fr_dict_t const * dict_def
Default dictionary to use with unqualified attribute references.
Definition tmpl.h:278
value_pair_s
Stores an attribute, a value and various bits of other data.
Definition pair.h:68
value_pair_s::da
fr_dict_attr_t const *_CONST da
Dictionary attribute defines the attribute number, vendor and type of the pair.
Definition pair.h:69
fr_table_str_by_value
#define fr_table_str_by_value(_table, _number, _def)
Convert an integer to a string.
Definition table.h:772
talloc_typed_strdup
char * talloc_typed_strdup(TALLOC_CTX *ctx, char const *p)
Call talloc_strdup, setting the type on the new chunk correctly.
Definition talloc.c:445
talloc_get_type_abort_const
#define talloc_get_type_abort_const
Definition talloc.h:282
fr_time_delta_from_sec
static fr_time_delta_t fr_time_delta_from_sec(int64_t sec)
Definition time.h:590
unlang_tmpl_push
int unlang_tmpl_push(TALLOC_CTX *ctx, fr_value_box_list_t *out, request_t *request, tmpl_t const *tmpl, unlang_tmpl_args_t *args)
Push a tmpl onto the stack for evaluation.
Definition tmpl.c:262
TMPL_ESCAPE_UCTX_ALLOC_FUNC
@ TMPL_ESCAPE_UCTX_ALLOC_FUNC
A new uctx of the specified size and type is allocated and pre-populated by memcpying uctx....
Definition tmpl_escape.h:35
tmpl_escape_t::box_escape
fr_value_box_escape_t box_escape
How to escape when returned from evaluation.
Definition tmpl_escape.h:81
TMPL_ESCAPE_PRE_CONCAT
@ TMPL_ESCAPE_PRE_CONCAT
Pre-concatenation escaping is useful for DSLs where elements of the expansion are static,...
Definition tmpl_escape.h:61
tmpl_escape_t::uctx
struct tmpl_escape_t::@75 uctx
tmpl_escape_t::mode
tmpl_escape_mode_t mode
Whether to apply escape function after concatenation, i.e.
Definition tmpl_escape.h:83
tmpl_escape_t
Escaping rules for tmpls.
Definition tmpl_escape.h:80
fr_assignment_op
const bool fr_assignment_op[T_TOKEN_LAST]
Definition token.c:168
fr_tokens
char const * fr_tokens[T_TOKEN_LAST]
Definition token.c:78
fr_comparison_op
const bool fr_comparison_op[T_TOKEN_LAST]
Definition token.c:198
T_OP_CMP_TRUE
@ T_OP_CMP_TRUE
Definition token.h:104
T_OP_CMP_FALSE
@ T_OP_CMP_FALSE
Definition token.h:105
trunk_alloc
trunk_t * trunk_alloc(TALLOC_CTX *ctx, fr_event_list_t *el, trunk_io_funcs_t const *funcs, trunk_conf_t const *conf, char const *log_prefix, void const *uctx, bool delay_start)
Allocate a new collection of connections.
Definition trunk.c:4946
trunk_config
conf_parser_t const trunk_config[]
Config parser definitions to populate a trunk_conf_t.
Definition trunk.c:315
trunk_s
Main trunk management handle.
Definition trunk.c:198
expand_rhs
static int expand_rhs(request_t *request, unlang_frame_state_edit_t *state, edit_map_t *current)
Definition edit.c:1121
unlang_xlat_yield
xlat_action_t unlang_xlat_yield(request_t *request, xlat_func_t resume, xlat_func_signal_t signal, fr_signal_t sigmask, void *rctx)
Yield a request back to the interpreter from within a module.
Definition xlat.c:574
xlat_arg_parser_t::type
fr_type_t type
Type to cast argument to.
Definition xlat.h:155
xlat_transparent
xlat_action_t xlat_transparent(UNUSED TALLOC_CTX *ctx, fr_dcursor_t *out, UNUSED xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *args)
XLAT_ARG_PARSER_TERMINATOR
#define XLAT_ARG_PARSER_TERMINATOR
Definition xlat.h:168
xlat_action_t
xlat_action_t
Definition xlat.h:37
XLAT_ACTION_FAIL
@ XLAT_ACTION_FAIL
An xlat function failed.
Definition xlat.h:44
XLAT_ACTION_YIELD
@ XLAT_ACTION_YIELD
An xlat function pushed a resume frame onto the stack.
Definition xlat.h:42
XLAT_ACTION_PUSH_UNLANG
@ XLAT_ACTION_PUSH_UNLANG
An xlat function pushed an unlang frame onto the unlang stack.
Definition xlat.h:39
XLAT_ACTION_DONE
@ XLAT_ACTION_DONE
We're done evaluating this level of nesting.
Definition xlat.h:43
xlat_arg_parser_t
Definition for a single argument consumend by an xlat function.
Definition xlat.h:147
parent
static fr_slen_t parent
Definition pair.h:845
fr_strerror_printf_push
#define fr_strerror_printf_push(_fmt,...)
Add a message to an existing stack of messages at the tail.
Definition strerror.h:84
fr_type_is_structural
#define fr_type_is_structural(_x)
Definition types.h:371
FR_TYPE_IP
#define FR_TYPE_IP
Definition types.h:288
FR_TYPE_NUMERIC
#define FR_TYPE_NUMERIC
Definition types.h:286
value_parse_rules_quoted
fr_sbuff_parse_rules_t const * value_parse_rules_quoted[T_TOKEN_LAST]
Parse rules for quoted strings.
Definition value.c:606
fr_value_box_cast_in_place
int fr_value_box_cast_in_place(TALLOC_CTX *ctx, fr_value_box_t *vb, fr_type_t dst_type, fr_dict_attr_t const *dst_enumv)
Convert one type of fr_value_box_t to another in place.
Definition value.c:3591
fr_value_box_clear_value
void fr_value_box_clear_value(fr_value_box_t *data)
Clear/free any existing value.
Definition value.c:3700
fr_value_box_strdup
int fr_value_box_strdup(TALLOC_CTX *ctx, fr_value_box_t *dst, fr_dict_attr_t const *enumv, char const *src, bool tainted)
Copy a nul terminated string to a fr_value_box_t.
Definition value.c:3957
fr_value_box_strdup_shallow_replace
void fr_value_box_strdup_shallow_replace(fr_value_box_t *vb, char const *src, ssize_t len)
Free the existing buffer (if talloced) associated with the valuebox, and replace it with a new one.
Definition value.c:4082
fr_value_box_list_concat_in_place
int fr_value_box_list_concat_in_place(TALLOC_CTX *ctx, fr_value_box_t *out, fr_value_box_list_t *list, fr_type_t type, fr_value_box_list_action_t proc_action, bool flatten, size_t max_size)
Concatenate a list of value boxes.
Definition value.c:5730
FR_VALUE_BOX_LIST_FREE
@ FR_VALUE_BOX_LIST_FREE
Definition value.h:232
fr_value_box_alloc
#define fr_value_box_alloc(_ctx, _type, _enumv)
Allocate a value box of a specific type.
Definition value.h:632
fr_value_box_mark_safe_for
#define fr_value_box_mark_safe_for(_box, _safe_for)
Definition value.h:1063
fr_box_strvalue_buffer
#define fr_box_strvalue_buffer(_val)
Definition value.h:300
fr_value_box_is_safe_for
#define fr_value_box_is_safe_for(_box, _safe_for)
Definition value.h:1070
fr_value_box_escape_t::safe_for
fr_value_box_safe_for_t safe_for
Definition value.h:666
fr_value_box_safe_for_t
uintptr_t fr_value_box_safe_for_t
Escaping that's been applied to a value box.
Definition value.h:155
nonnull
int nonnull(2, 5))
fr_value_box_alloc_null
#define fr_value_box_alloc_null(_ctx)
Allocate a value box for later use with a value assignment function.
Definition value.h:643
fr_value_box_escape_t::func
fr_value_box_escape_func_t func
Definition value.h:665
out
static size_t char ** out
Definition value.h:1012
fr_value_box_escape_t
Definition value.h:664
xlat_ctx
static TALLOC_CTX * xlat_ctx
Definition xlat_builtin.c:65
xlat_ctx_s::rctx
void * rctx
Resume context.
Definition xlat_ctx.h:54
xlat_ctx_s::env_data
void * env_data
Expanded call env data.
Definition xlat_ctx.h:53
xlat_ctx_s::mctx
module_ctx_t const * mctx
Synthesised module calling ctx.
Definition xlat_ctx.h:52
xlat_ctx_s
An xlat calling ctx.
Definition xlat_ctx.h:49
xlat_func_flags_set
void xlat_func_flags_set(xlat_t *x, xlat_func_flags_t flags)
Specify flags that alter the xlat's behaviour.
Definition xlat_func.c:402
xlat_func_args_set
int xlat_func_args_set(xlat_t *x, xlat_arg_parser_t const args[])
Register the arguments of an xlat.
Definition xlat_func.c:365
xlat_func_call_env_set
void xlat_func_call_env_set(xlat_t *x, call_env_method_t const *env_method)
Register call environment of an xlat.
Definition xlat_func.c:392
xlat_func_safe_for_set
#define xlat_func_safe_for_set(_xlat, _escaped)
Set the escaped values for output boxes.
Definition xlat_func.h:82
XLAT_FUNC_FLAG_PURE
@ XLAT_FUNC_FLAG_PURE
Definition xlat_func.h:38
xlat_s
Definition xlat_priv.h:59
Generated by   doxygen 1.9.8