The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
rlm_sql.c
Go to the documentation of this file.
1/*
2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or (at
5 * your option) any later version.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17/**
18 * $Id: 40caf5014eaf19b69fc529410ebcbd9a75d8d4d0 $
19 * @file rlm_sql.c
20 * @brief Implements SQL 'users' file, and SQL accounting.
21 *
22 * @copyright 2012-2014 Arran Cudbard-Bell (a.cudbardb@freeradius.org)
23 * @copyright 2000,2006 The FreeRADIUS server project
24 * @copyright 2000 Mike Machado (mike@innercite.com)
25 * @copyright 2000 Alan DeKok (aland@freeradius.org)
26 */
27
28RCSID("$Id: 40caf5014eaf19b69fc529410ebcbd9a75d8d4d0 $")
29
30#define LOG_PREFIX mctx->mi->name
31
32#include <freeradius-devel/server/base.h>
33#include <freeradius-devel/server/module_rlm.h>
34#include <freeradius-devel/util/skip.h>
35#include <freeradius-devel/unlang/function.h>
36#include <freeradius-devel/unlang/xlat_func.h>
37#include <freeradius-devel/unlang/map.h>
38
39#include <sys/stat.h>
40
41#include "rlm_sql.h"
42
43#define SQL_SAFE_FOR (fr_value_box_safe_for_t)inst->driver
44
45extern module_rlm_t rlm_sql;
46
47static int submodule_parse(TALLOC_CTX *ctx, void *out, void *parent, CONF_ITEM *ci, conf_parser_t const *rule);
48
53
54static const conf_parser_t module_config[] = {
55 { FR_CONF_OFFSET_TYPE_FLAGS("driver", FR_TYPE_VOID, 0, rlm_sql_t, driver_submodule), .dflt = "null",
56 .func = submodule_parse },
57 { FR_CONF_OFFSET("server", rlm_sql_config_t, sql_server), .dflt = "" }, /* Must be zero length so drivers can determine if it was set */
58 { FR_CONF_OFFSET("port", rlm_sql_config_t, sql_port), .dflt = "0" },
59 { FR_CONF_OFFSET("login", rlm_sql_config_t, sql_login), .dflt = "" },
60 { FR_CONF_OFFSET_FLAGS("password", CONF_FLAG_SECRET, rlm_sql_config_t, sql_password), .dflt = "" },
61 { FR_CONF_OFFSET("radius_db", rlm_sql_config_t, sql_db), .dflt = "radius" },
62 { FR_CONF_OFFSET("read_groups", rlm_sql_config_t, read_groups), .dflt = "yes" },
63 { FR_CONF_OFFSET("group_attribute", rlm_sql_config_t, group_attribute) },
64 { FR_CONF_OFFSET("cache_groups", rlm_sql_config_t, cache_groups) },
65 { FR_CONF_OFFSET("read_profiles", rlm_sql_config_t, read_profiles), .dflt = "yes" },
66 { FR_CONF_OFFSET("open_query", rlm_sql_config_t, connect_query) },
67 { FR_CONF_OFFSET("query_number_attribute", rlm_sql_config_t, query_number_attribute) },
68
69 { FR_CONF_OFFSET("safe_characters", rlm_sql_config_t, allowed_chars), .dflt = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" },
70
71 /*
72 * This only works for a few drivers.
73 */
74 { FR_CONF_OFFSET("query_timeout", rlm_sql_config_t, query_timeout), .dflt = "5" },
75
76 /*
77 * The pool section is used for trunk config
78 */
79 { FR_CONF_OFFSET_SUBSECTION("pool", 0, rlm_sql_config_t, trunk_conf, trunk_config) },
80
81 { FR_CONF_OFFSET_FLAGS("expand_rhs", CONF_FLAG_HIDDEN, rlm_sql_config_t, expand_rhs) },
82
83 CONF_PARSER_TERMINATOR
84};
85
86static fr_dict_t const *dict_freeradius;
87
88extern fr_dict_autoload_t rlm_sql_dict[];
89fr_dict_autoload_t rlm_sql_dict[] = {
90 { .out = &dict_freeradius, .proto = "freeradius" },
91 DICT_AUTOLOAD_TERMINATOR
92};
93
94static fr_dict_attr_t const *attr_fall_through;
95static fr_dict_attr_t const *attr_sql_user_name;
96static fr_dict_attr_t const *attr_user_profile;
97static fr_dict_attr_t const *attr_expr_bool_enum;
98
99extern fr_dict_attr_autoload_t rlm_sql_dict_attr[];
100fr_dict_attr_autoload_t rlm_sql_dict_attr[] = {
101 { .out = &attr_fall_through, .name = "Fall-Through", .type = FR_TYPE_BOOL, .dict = &dict_freeradius },
102 { .out = &attr_sql_user_name, .name = "SQL-User-Name", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
103 { .out = &attr_user_profile, .name = "User-Profile", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
104 { .out = &attr_expr_bool_enum, .name = "Expr-Bool-Enum", .type = FR_TYPE_BOOL, .dict = &dict_freeradius },
105 DICT_AUTOLOAD_TERMINATOR
106};
107
108typedef struct {
109 fr_value_box_t user; //!< Expansion of the sql_user_name
110 tmpl_t *check_query; //!< Tmpl to expand to form authorize_check_query
111 tmpl_t *reply_query; //!< Tmpl to expand to form authorize_reply_query
112 tmpl_t *membership_query; //!< Tmpl to expand to form group_membership_query
113 tmpl_t *group_check_query; //!< Tmpl to expand to form authorize_group_check_query
114 tmpl_t *group_reply_query; //!< Tmpl to expand to form authorize_group_reply_query
115} sql_autz_call_env_t;
116
117static int logfile_call_env_parse(TALLOC_CTX *ctx, call_env_parsed_head_t *out, tmpl_rules_t const *t_rules, CONF_ITEM *cc,
118 call_env_ctx_t const *cec, call_env_parser_t const *rule);
119
120static int query_call_env_parse(TALLOC_CTX *ctx, call_env_parsed_head_t *out, tmpl_rules_t const *t_rules, CONF_ITEM *cc,
121 call_env_ctx_t const *cec, call_env_parser_t const *rule);
122
126
127static const call_env_method_t xlat_method_env = {
128 FR_CALL_ENV_METHOD_OUT(sql_xlat_call_env_t),
129 .env = (call_env_parser_t[]) {
130 { FR_CALL_ENV_OFFSET("logfile", FR_TYPE_STRING, CALL_ENV_FLAG_CONCAT, sql_xlat_call_env_t, filename),
131 .pair.escape = {
132 .box_escape = {
133 .func = rad_filename_box_make_safe,
134 .safe_for = (fr_value_box_safe_for_t)rad_filename_box_make_safe,
135 .always_escape = false,
136 },
137 .mode = TMPL_ESCAPE_PRE_CONCAT
138 },
139 .pair.literals_safe_for = (fr_value_box_safe_for_t)rad_filename_box_make_safe,
140 },
141 CALL_ENV_TERMINATOR
142 }
143};
144
145typedef struct rlm_sql_grouplist_s rlm_sql_grouplist_t;
146
147/** Status of the authorization process
148 */
149typedef enum {
150 SQL_AUTZ_CHECK = 0x12, //!< Running user `check` query
151 SQL_AUTZ_CHECK_RESUME = 0x13, //!< Completed user `check` query
152 SQL_AUTZ_REPLY = 0x14, //!< Running user `reply` query
153 SQL_AUTZ_REPLY_RESUME = 0x15, //!< Completed user `reply` query
154 SQL_AUTZ_GROUP_MEMB = 0x20, //!< Running group membership query
155 SQL_AUTZ_GROUP_MEMB_RESUME = 0x21, //!< Completed group membership query
156 SQL_AUTZ_GROUP_CHECK = 0x22, //!< Running group `check` query
157 SQL_AUTZ_GROUP_CHECK_RESUME = 0x23, //!< Completed group `check` query
158 SQL_AUTZ_GROUP_REPLY = 0x24, //!< Running group `reply` query
159 SQL_AUTZ_GROUP_REPLY_RESUME = 0x25, //!< Completed group `reply` query
160 SQL_AUTZ_PROFILE_START = 0x40, //!< Starting processing user profiles
161 SQL_AUTZ_PROFILE_CHECK = 0x42, //!< Running profile `check` query
162 SQL_AUTZ_PROFILE_CHECK_RESUME = 0x43, //!< Completed profile `check` query
163 SQL_AUTZ_PROFILE_REPLY = 0x44, //!< Running profile `reply` query
164 SQL_AUTZ_PROFILE_REPLY_RESUME = 0x45, //!< Completed profile `reply` query
165} sql_autz_status_t;
166
167#define SQL_AUTZ_STAGE_GROUP 0x20
168#define SQL_AUTZ_STAGE_PROFILE 0x40
169
170/** Context for group membership query evaluation
171 */
172typedef struct {
173 rlm_sql_t const *inst; //!< Module instance.
174 fr_value_box_t *query; //!< Query string used for evaluating group membership.
175 fr_sql_query_t *query_ctx; //!< Query context.
176 rlm_sql_grouplist_t *groups; //!< List of groups retrieved.
177 int num_groups; //!< How many groups have been retrieved.
178} sql_group_ctx_t;
179
180/** Context for SQL authorization
181 */
182typedef struct {
183 rlm_sql_t const *inst; //!< Module instance.
184 request_t *request; //!< Request being processed.
185 rlm_rcode_t rcode; //!< Module return code.
186 trunk_t *trunk; //!< Trunk connection for current authorization.
187 sql_autz_call_env_t *call_env; //!< Call environment data.
188 map_list_t check_tmp; //!< List to store check items before processing.
189 map_list_t reply_tmp; //!< List to store reply items before processing.
190 sql_autz_status_t status; //!< Current status of the authorization.
191 fr_value_box_list_t query; //!< Where expanded query tmpls will be written.
192 bool user_found; //!< Has the user been found anywhere?
193 rlm_sql_grouplist_t *group; //!< Current group being processed.
194 fr_pair_t *sql_group; //!< Pair to update with group being processed.
195 fr_pair_t *profile; //!< Current profile being processed.
196 fr_sql_map_ctx_t *map_ctx; //!< Context used for retrieving attribute value pairs as a map list.
197 sql_group_ctx_t *group_ctx; //!< Context used for retrieving user group membership.
198} sql_autz_ctx_t;
199
200typedef struct {
201 fr_value_box_t user; //!< Expansion of sql_user_name.
202 fr_value_box_t filename; //!< File name to write SQL logs to.
203 tmpl_t **query; //!< Array of tmpls for list of queries to run.
204} sql_redundant_call_env_t;
205
215
225
226/** Context for tracking redundant SQL query sets
227 */
228typedef struct {
229 rlm_sql_t const *inst; //!< Module instance.
230 request_t *request; //!< Request being processed.
231 trunk_t *trunk; //!< Trunk connection for queries.
232 sql_redundant_call_env_t *call_env; //!< Call environment data.
233 size_t query_no; //!< Current query number.
234 fr_value_box_list_t query; //!< Where expanded query tmpl will be written.
235 fr_value_box_t *query_vb; //!< Current query string.
236 fr_sql_query_t *query_ctx; //!< Query context for current query.
237} sql_redundant_ctx_t;
238
243
252
253int submodule_parse(TALLOC_CTX *ctx, void *out, void *parent, CONF_ITEM *ci, conf_parser_t const *rule)
254{
255 rlm_sql_t *inst = talloc_get_type_abort(parent, rlm_sql_t);
256 module_instance_t *mi;
257 int ret;
258
259 if (unlikely((ret = module_rlm_submodule_parse(ctx, out, parent, ci, rule)) < 0)) return ret;
260
261 mi = talloc_get_type_abort(*((void **)out), module_instance_t);
262 inst->driver = (rlm_sql_driver_t const *)mi->exported; /* Public symbol exported by the submodule */
263
264 return 0;
265}
266
267static int _sql_escape_uxtx_free(void *uctx)
268{
269 return talloc_free(uctx);
270}
271
272/*
273 * Create a thread local uctx which is used in SQL value box escaping
274 * so that an already reserved connection can be used.
275 */
276static void *sql_escape_uctx_alloc(UNUSED request_t *request, void const *uctx)
277{
278 static _Thread_local rlm_sql_escape_uctx_t *t_ctx;
279
280 if (unlikely(t_ctx == NULL)) {
281 rlm_sql_escape_uctx_t *ctx;
282
283 MEM(ctx = talloc_zero(NULL, rlm_sql_escape_uctx_t));
284 fr_atexit_thread_local(t_ctx, _sql_escape_uxtx_free, ctx);
285 }
286 t_ctx->sql = uctx;
287
288 return t_ctx;
289}
290
291/*
292 * Fall-Through checking function from rlm_files.c
293 */
294static sql_fall_through_t fall_through(map_list_t *maps)
295{
296 bool rcode;
297 map_t *map, *next;
298
299 for (map = map_list_head(maps);
300 map != NULL;
301 map = next) {
302 next = map_list_next(maps, map);
303
304 fr_assert(tmpl_is_attr(map->lhs));
305
306 if (tmpl_attr_tail_da(map->lhs) == attr_fall_through) {
307 (void) map_list_remove(maps, map);
308
309 if (tmpl_is_data(map->rhs)) {
310 fr_assert(tmpl_value_type(map->rhs) == FR_TYPE_BOOL);
311
312 rcode = tmpl_value(map->rhs)->vb_bool;
313 } else {
314 rcode = false;
315 }
316
317 talloc_free(map);
318 return rcode;
319 }
320 }
321
322 return FALL_THROUGH_DEFAULT;
323}
324
325/*
326 * Yucky prototype.
327 */
328static ssize_t sql_escape_func(request_t *, char *out, size_t outlen, char const *in, void *arg);
329
330/** Escape a tainted VB used as an xlat argument
331 *
332 */
333static int CC_HINT(nonnull(2,3)) sql_xlat_escape(request_t *request, fr_value_box_t *vb, void *uctx)
334{
335 fr_sbuff_t sbuff;
336 fr_sbuff_uctx_talloc_t sbuff_ctx;
337
338 ssize_t len;
339 void *arg = NULL;
340 rlm_sql_escape_uctx_t *ctx = uctx;
341 rlm_sql_t const *inst = talloc_get_type_abort_const(ctx->sql, rlm_sql_t);
342 rlm_sql_thread_t *thread = talloc_get_type_abort(module_thread(inst->mi)->data, rlm_sql_thread_t);
343
344 /*
345 * If it's already safe, don't do anything.
346 */
347 if (fr_value_box_is_safe_for(vb, inst->driver)) return 0;
348
349 /*
350 * Don't print "::" for enum names. Instead we convert
351 * the box to a string which contains the enum name, and
352 * then see if we need to escape it.
353 */
354 if (vb->enumv && vb->enumv->flags.has_value) {
355 char const *name;
356
357 name = fr_dict_enum_name_by_value(vb->enumv, vb);
358 if (name) {
359 int rcode;
360
361 /*
362 * Store list pointers to restore later - fr_value_box_cast clears them
363 */
364 fr_value_box_entry_t entry = vb->entry;
365
366 rcode = fr_value_box_strdup(vb, vb, NULL, name, false);
367 vb->entry = entry;
368
369 if (rcode < 0) return rcode;
370
371 goto check_escape_arg;
372 }
373 }
374
375 /*
376 * No need to escape types with inherently safe data
377 */
378 switch (vb->type) {
379 case FR_TYPE_NUMERIC:
380 case FR_TYPE_IP:
381 case FR_TYPE_ETHERNET:
382 fr_value_box_mark_safe_for(vb, inst->driver);
383 return 0;
384
385 default:
386 break;
387 }
388
389check_escape_arg:
390 if (inst->sql_escape_arg) {
391 arg = inst->sql_escape_arg;
392 } else if (thread->sql_escape_arg) {
393 arg = thread->sql_escape_arg;
394 }
395 if (!arg) {
396 error:
397 fr_value_box_clear_value(vb);
398 return -1;
399 }
400
401 /*
402 * Escaping functions work on strings - ensure the box is a string
403 */
404 if ((vb->type != FR_TYPE_STRING) && (fr_value_box_cast_in_place(vb, vb, FR_TYPE_STRING, NULL) < 0)) goto error;
405
406 /*
407 * Maximum escaped length is 3 * original - if every character needs escaping
408 */
409 if (!fr_sbuff_init_talloc(vb, &sbuff, &sbuff_ctx, vb->vb_length * 3, vb->vb_length * 3)) {
410 fr_strerror_printf_push("Failed to allocate buffer for escaped sql argument");
411 return -1;
412 }
413
414 len = inst->sql_escape_func(request, fr_sbuff_buff(&sbuff), vb->vb_length * 3 + 1, vb->vb_strvalue, arg);
415 if (len < 0) goto error;
416
417 fr_sbuff_trim_talloc(&sbuff, len);
418 fr_value_box_strdup_shallow_replace(vb, fr_sbuff_buff(&sbuff), len);
419
420 /*
421 * Different databases have slightly different ideas as
422 * to what is safe. So we track the database type in the
423 * safe value. This means that we don't
424 * cross-contaminate "safe" values across databases.
425 */
426 fr_value_box_mark_safe_for(vb, inst->driver);
427
428 return 0;
429}
430
431static int sql_box_escape(fr_value_box_t *vb, void *uctx)
432{
433 return sql_xlat_escape(NULL, vb, uctx);
434}
435
436/** Escape a value to make it SQL safe.
437 *
438@verbatim
439%sql.escape(<value>)
440@endverbatim
441 *
442 * @ingroup xlat_functions
443 */
444static xlat_action_t sql_escape_xlat(UNUSED TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx,
445 request_t *request, fr_value_box_list_t *in)
446{
447 rlm_sql_t const *inst = talloc_get_type_abort(xctx->mctx->mi->data, rlm_sql_t);
448 fr_value_box_t *vb;
449 rlm_sql_escape_uctx_t *escape_uctx = NULL;
450
451 while ((vb = fr_value_box_list_pop_head(in))) {
452 if (fr_value_box_is_safe_for(vb, inst->driver)) goto append;
453 if (!escape_uctx) escape_uctx = sql_escape_uctx_alloc(request, inst);
454 sql_box_escape(vb, escape_uctx);
455 append:
456 fr_dcursor_append(out, vb);
457 }
458 return XLAT_ACTION_DONE;
459}
460
461static xlat_action_t sql_xlat_query_resume(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx,
462 request_t *request, UNUSED fr_value_box_list_t *in)
463{
464 fr_sql_query_t *query_ctx = talloc_get_type_abort(xctx->rctx, fr_sql_query_t);
465 rlm_sql_t const *inst = query_ctx->inst;
466 fr_value_box_t *vb;
467 xlat_action_t ret = XLAT_ACTION_DONE;
468 int numaffected;
469
470 fr_assert(query_ctx->type == SQL_QUERY_OTHER);
471
472 switch (query_ctx->rcode) {
473 case RLM_SQL_QUERY_INVALID:
474 case RLM_SQL_ERROR:
475 case RLM_SQL_RECONNECT:
476 RERROR("SQL query failed: %s", fr_table_str_by_value(sql_rcode_description_table,
477 query_ctx->rcode, "<INVALID>"));
478 rlm_sql_print_error(inst, request, query_ctx, false);
479 ret = XLAT_ACTION_FAIL;
480 goto finish;
481
482 default:
483 break;
484 }
485
486 numaffected = (inst->driver->sql_affected_rows)(query_ctx, &inst->config);
487 if (numaffected < 1) {
488 RDEBUG2("SQL query affected no rows");
489 numaffected = 0;
490 }
491
492 MEM(vb = fr_value_box_alloc_null(ctx));
493 fr_value_box_uint32(vb, NULL, (uint32_t)numaffected, false);
494 fr_dcursor_append(out, vb);
495
496finish:
497 talloc_free(query_ctx);
498
499 return ret;
500}
501
502static xlat_action_t sql_xlat_select_resume(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx,
503 request_t *request, UNUSED fr_value_box_list_t *in)
504{
505 fr_sql_query_t *query_ctx = talloc_get_type_abort(xctx->rctx, fr_sql_query_t);
506 rlm_sql_t const *inst = query_ctx->inst;
507 fr_value_box_t *vb;
508 xlat_action_t ret = XLAT_ACTION_DONE;
509 unlang_result_t p_result;
510 rlm_sql_row_t row;
511 bool fetched = false;
512
513 fr_assert(query_ctx->type == SQL_QUERY_SELECT);
514
515 if (query_ctx->rcode != RLM_SQL_OK) {
516 query_error:
517 RERROR("SQL query failed: %s", fr_table_str_by_value(sql_rcode_description_table,
518 query_ctx->rcode, "<INVALID>"));
519 rlm_sql_print_error(inst, request, query_ctx, false);
520 ret = XLAT_ACTION_FAIL;
521 goto finish;
522 }
523
524 do {
525 inst->fetch_row(&p_result, request, query_ctx);
526 row = query_ctx->row;
527 switch (query_ctx->rcode) {
528 case RLM_SQL_OK:
529 if (row[0]) break;
530
531 RDEBUG2("NULL value in first column of result");
532 goto finish;
533
534 case RLM_SQL_NO_MORE_ROWS:
535 if (!fetched) RDEBUG2("SQL query returned no results");
536 goto finish;
537
538 default:
539 goto query_error;
540 }
541
542 fetched = true;
543
544 MEM(vb = fr_value_box_alloc_null(ctx));
545 fr_value_box_strdup(vb, vb, NULL, row[0], false);
546 fr_dcursor_append(out, vb);
547
548 } while (1);
549
550finish:
551 talloc_free(query_ctx);
552
553 return ret;
554}
555
556/** Execute an arbitrary SQL query
557 *
558 * For SELECTs, the values of the first column will be returned.
559 * For INSERTS, UPDATEs and DELETEs, the number of rows affected will
560 * be returned instead.
561 *
562@verbatim
563%sql(<sql statement>)
564@endverbatim
565 *
566 * @ingroup xlat_functions
567 */
568static xlat_action_t sql_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out,
569 xlat_ctx_t const *xctx,
570 request_t *request, fr_value_box_list_t *in)
571{
572 sql_xlat_call_env_t *call_env = talloc_get_type_abort(xctx->env_data, sql_xlat_call_env_t);
573 rlm_sql_t const *inst = talloc_get_type_abort(xctx->mctx->mi->data, rlm_sql_t);
574 rlm_sql_thread_t *thread = talloc_get_type_abort(xctx->mctx->thread, rlm_sql_thread_t);
575 char const *p;
576 fr_value_box_t *arg = fr_value_box_list_head(in);
577 fr_sql_query_t *query_ctx = NULL;
578 unlang_action_t query_ret = UNLANG_ACTION_CALCULATE_RESULT;
579
580 if (call_env->filename.type == FR_TYPE_STRING && call_env->filename.vb_length > 0) {
581 rlm_sql_query_log(inst, call_env->filename.vb_strvalue, arg->vb_strvalue);
582 }
583
584 p = arg->vb_strvalue;
585
586 /*
587 * Trim whitespace for the prefix check
588 */
589 fr_skip_whitespace(p);
590
591 /*
592 * If the query starts with any of the following prefixes,
593 * then return the number of rows affected
594 */
595 if ((strncasecmp(p, "insert", 6) == 0) ||
596 (strncasecmp(p, "update", 6) == 0) ||
597 (strncasecmp(p, "delete", 6) == 0)) {
598 MEM(query_ctx = fr_sql_query_alloc(unlang_interpret_frame_talloc_ctx(request), inst, request,
599 thread->trunk, arg->vb_strvalue, SQL_QUERY_OTHER));
600
601 unlang_xlat_yield(request, sql_xlat_query_resume, NULL, 0, query_ctx);
602
603 /* Modify current frame's rcode directly */
604 query_ret = inst->query(unlang_interpret_result(request), request, query_ctx);
605 if (query_ret == UNLANG_ACTION_PUSHED_CHILD) return XLAT_ACTION_PUSH_UNLANG;
606
607 return sql_xlat_query_resume(ctx, out, &(xlat_ctx_t){.rctx = query_ctx, .inst = inst}, request, in);
608 } /* else it's a SELECT statement */
609
610 MEM(query_ctx = fr_sql_query_alloc(unlang_interpret_frame_talloc_ctx(request), inst, request,
611 thread->trunk, arg->vb_strvalue, SQL_QUERY_SELECT));
612
613 unlang_xlat_yield(request, sql_xlat_select_resume, NULL, 0, query_ctx);
614
615 if (unlang_function_push_with_result(/* discard, sql_xlat_select_resume just uses query_ctx->rcode */ NULL,
616 request,
617 inst->select,
618 NULL,
619 NULL, 0,
620 UNLANG_SUB_FRAME, query_ctx) == UNLANG_ACTION_FAIL) return XLAT_ACTION_FAIL;
621 return XLAT_ACTION_PUSH_UNLANG;
622}
623
624/** Execute an arbitrary SQL query, expecting results to be returned
625 *
626@verbatim
627%sql.fetch(<sql statement>)
628@endverbatim
629 *
630 * @ingroup xlat_functions
631 */
632static xlat_action_t sql_fetch_xlat(UNUSED TALLOC_CTX *ctx, UNUSED fr_dcursor_t *out, xlat_ctx_t const *xctx,
633 request_t *request, fr_value_box_list_t *in)
634{
635 sql_xlat_call_env_t *call_env = talloc_get_type_abort(xctx->env_data, sql_xlat_call_env_t);
636 rlm_sql_t const *inst = talloc_get_type_abort(xctx->mctx->mi->data, rlm_sql_t);
637 rlm_sql_thread_t *thread = talloc_get_type_abort(xctx->mctx->thread, rlm_sql_thread_t);
638 fr_value_box_t *arg = fr_value_box_list_head(in);
639 fr_sql_query_t *query_ctx = NULL;
640
641 if (call_env->filename.type == FR_TYPE_STRING && call_env->filename.vb_length > 0) {
642 rlm_sql_query_log(inst, call_env->filename.vb_strvalue, arg->vb_strvalue);
643 }
644
645 MEM(query_ctx = fr_sql_query_alloc(unlang_interpret_frame_talloc_ctx(request), inst, request,
646 thread->trunk, arg->vb_strvalue, SQL_QUERY_SELECT));
647
648 unlang_xlat_yield(request, sql_xlat_select_resume, NULL, 0, query_ctx);
649 if (unlang_function_push_with_result(/* discard, sql_xlat_select_resume just uses query_ctx->rcode */NULL,
650 request,
651 inst->select,
652 NULL,
653 NULL, 0,
654 UNLANG_SUB_FRAME, query_ctx) != UNLANG_ACTION_PUSHED_CHILD) return XLAT_ACTION_FAIL;
655 return XLAT_ACTION_PUSH_UNLANG;
656}
657
658/** Execute an arbitrary SQL query, returning the number of rows affected
659 *
660@verbatim
661%sql.modify(<sql statement>)
662@endverbatim
663 *
664 * @ingroup xlat_functions
665 */
666static xlat_action_t sql_modify_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx,
667 request_t *request, fr_value_box_list_t *in)
668{
669 sql_xlat_call_env_t *call_env = talloc_get_type_abort(xctx->env_data, sql_xlat_call_env_t);
670 rlm_sql_t const *inst = talloc_get_type_abort(xctx->mctx->mi->data, rlm_sql_t);
671 rlm_sql_thread_t *thread = talloc_get_type_abort(xctx->mctx->thread, rlm_sql_thread_t);
672 fr_value_box_t *arg = fr_value_box_list_head(in);
673 fr_sql_query_t *query_ctx = NULL;
674
675 if (call_env->filename.type == FR_TYPE_STRING && call_env->filename.vb_length > 0) {
676 rlm_sql_query_log(inst, call_env->filename.vb_strvalue, arg->vb_strvalue);
677 }
678
679 MEM(query_ctx = fr_sql_query_alloc(unlang_interpret_frame_talloc_ctx(request), inst, request,
680 thread->trunk, arg->vb_strvalue, SQL_QUERY_OTHER));
681
682 unlang_xlat_yield(request, sql_xlat_query_resume, NULL, 0, query_ctx);
683 /* Write out the result directly to this frame's rcode */
684 if (inst->query(unlang_interpret_result(request), request, query_ctx) == UNLANG_ACTION_PUSHED_CHILD) return XLAT_ACTION_PUSH_UNLANG;
685
686 return sql_xlat_query_resume(ctx, out, &(xlat_ctx_t){.rctx = query_ctx, .inst = inst}, request, in);
687}
688
689/** Converts a string value into a #fr_pair_t
690 *
691 * @param[in,out] ctx to allocate #fr_pair_t (s).
692 * @param[out] out where to write the resulting #fr_pair_t.
693 * @param[in] request The current request.
694 * @param[in] map to process.
695 * @param[in] uctx The value to parse.
696 * @return
697 * - 0 on success.
698 * - -1 on failure.
699 */
700static int _sql_map_proc_get_value(TALLOC_CTX *ctx, fr_pair_list_t *out,
701 request_t *request, map_t const *map, void *uctx)
702{
703 fr_pair_t *vp;
704 char const *value = uctx;
705
706 vp = fr_pair_afrom_da(ctx, tmpl_attr_tail_da(map->lhs));
707 if (!vp) return -1;
708
709 /*
710 * Buffer not always talloced, sometimes it's
711 * just a pointer to a field in a result struct.
712 */
713 if (fr_pair_value_from_str(vp, value, strlen(value), NULL, true) < 0) {
714 RPEDEBUG("Failed parsing value \"%pV\" for attribute %s",
715 fr_box_strvalue_buffer(value), vp->da->name);
716 talloc_free(vp);
717 return -1;
718 }
719 fr_pair_append(out, vp);
720
721 return 0;
722}
723
724/*
725 * Verify the result of the map.
726 */
727static int sql_map_verify(CONF_SECTION *cs, UNUSED void const *mod_inst, UNUSED void *proc_inst,
728 tmpl_t const *src, UNUSED map_list_t const *maps)
729{
730 if (!src) {
731 cf_log_err(cs, "Missing SQL query");
732
733 return -1;
734 }
735
736 return 0;
737}
738
739#define MAX_SQL_FIELD_INDEX (64)
740
741/** Process the results of an SQL map query
742 *
743 * @param p_result Result of map expansion:
744 * - #RLM_MODULE_NOOP no rows were returned or columns matched.
745 * - #RLM_MODULE_UPDATED if one or more #fr_pair_t were added to the #request_t.
746 * - #RLM_MODULE_FAIL if a fault occurred.
747 * @param mpctx Map context, containing the module instance.
748 * @param request The current request.
749 * @param query string to execute.
750 * @param maps Head of the map list.
751 * @return UNLANG_ACTION_CALCULATE_RESULT
752 */
753static unlang_action_t mod_map_resume(unlang_result_t *p_result, map_ctx_t const *mpctx, request_t *request,
754 UNUSED fr_value_box_list_t *query, map_list_t const *maps)
755{
756 fr_sql_query_t *query_ctx = talloc_get_type_abort(mpctx->rctx, fr_sql_query_t);
757 rlm_sql_t const *inst = mpctx->moi;
758 map_t const *map;
759 rlm_rcode_t rcode = RLM_MODULE_UPDATED;
760 sql_rcode_t ret;
761 char const **fields = NULL, *map_rhs;
762 rlm_sql_row_t row;
763 int i, j, field_cnt, rows = 0;
764 int field_index[MAX_SQL_FIELD_INDEX];
765 char map_rhs_buff[128];
766 bool found_field = false; /* Did we find any matching fields in the result set ? */
767
768 if (query_ctx->rcode != RLM_SQL_OK) {
769 RERROR("SQL query failed: %s", fr_table_str_by_value(sql_rcode_description_table, query_ctx->rcode, "<INVALID>"));
770 rcode = RLM_MODULE_FAIL;
771 goto finish;
772 }
773
774 /*
775 * Not every driver provides an sql_num_rows function
776 */
777 if (inst->driver->sql_num_rows) {
778 ret = inst->driver->sql_num_rows(query_ctx, &inst->config);
779 if (ret == 0) {
780 RDEBUG2("Server returned an empty result");
781 rcode = RLM_MODULE_NOTFOUND;
782 goto finish;
783 }
784
785 if (ret < 0) {
786 RERROR("Failed retrieving row count");
787 error:
788 rcode = RLM_MODULE_FAIL;
789 goto finish;
790 }
791 }
792
793 for (i = 0; i < MAX_SQL_FIELD_INDEX; i++) field_index[i] = -1;
794
795 /*
796 * Map proc only registered if driver provides an sql_fields function
797 */
798 ret = (inst->driver->sql_fields)(&fields, query_ctx, &inst->config);
799 if (ret != RLM_SQL_OK) {
800 RERROR("Failed retrieving field names: %s", fr_table_str_by_value(sql_rcode_description_table, ret, "<INVALID>"));
801 goto error;
802 }
803 fr_assert(fields);
804 field_cnt = talloc_array_length(fields);
805
806 if (RDEBUG_ENABLED3) for (j = 0; j < field_cnt; j++) RDEBUG3("Got field: %s", fields[j]);
807
808 /*
809 * Iterate over the maps, it's O(N2)ish but probably
810 * faster than building a radix tree each time the
811 * map set is evaluated (map->rhs can be dynamic).
812 */
813 for (map = map_list_head(maps), i = 0;
814 map && (i < MAX_SQL_FIELD_INDEX);
815 map = map_list_next(maps, map), i++) {
816 /*
817 * Expand the RHS to get the name of the SQL field
818 */
819 if (tmpl_expand(&map_rhs, map_rhs_buff, sizeof(map_rhs_buff),
820 request, map->rhs) < 0) {
821 RPERROR("Failed getting field name");
822 goto error;
823 }
824
825 for (j = 0; j < field_cnt; j++) {
826 if (strcasecmp(fields[j], map_rhs) != 0) continue;
827 field_index[i] = j;
828 found_field = true;
829 }
830 }
831
832 /*
833 * Couldn't resolve any map RHS values to fields
834 * in the result set.
835 */
836 if (!found_field) {
837 RDEBUG2("No fields matching map found in query result");
838 rcode = RLM_MODULE_NOOP;
839 goto finish;
840 }
841
842 /*
843 * We've resolved all the maps to result indexes, now convert
844 * the values at those indexes into fr_pair_ts.
845 *
846 * Note: Not all SQL client libraries provide a row count,
847 * so we have to do the count here.
848 */
849 while ((inst->fetch_row(p_result, request, query_ctx) == UNLANG_ACTION_CALCULATE_RESULT) &&
850 (query_ctx->rcode == RLM_SQL_OK)) {
851 row = query_ctx->row;
852 rows++;
853 for (map = map_list_head(maps), j = 0;
854 map && (j < MAX_SQL_FIELD_INDEX);
855 map = map_list_next(maps, map), j++) {
856 if (field_index[j] < 0) continue; /* We didn't find the map RHS in the field set */
857 if (!row[field_index[j]]) {
858 RDEBUG2("Database returned NULL for %s", fields[j]);
859 continue;
860 }
861 if (map_to_request(request, map, _sql_map_proc_get_value, row[field_index[j]]) < 0) goto error;
862 }
863 }
864
865 if (query_ctx->rcode == RLM_SQL_ERROR) goto error;
866
867 if (rows == 0) {
868 RDEBUG2("SQL query returned no results");
869 rcode = RLM_MODULE_NOTFOUND;
870 }
871
872finish:
873 talloc_free(fields);
874 talloc_free(query_ctx);
875
876 RETURN_UNLANG_RCODE(rcode);
877}
878
879/** Executes a SELECT query and maps the result to server attributes
880 *
881 * @param p_result Result of map expansion:
882 * - #RLM_MODULE_NOOP no rows were returned or columns matched.
883 * - #RLM_MODULE_UPDATED if one or more #fr_pair_t were added to the #request_t.
884 * - #RLM_MODULE_FAIL if a fault occurred.
885 * @param mpctx Map context, containing the module instance.
886 * @param request The current request.
887 * @param query string to execute.
888 * @param maps Head of the map list.
889 * @return UNLANG_ACTION_CALCULATE_RESULT
890 */
891static unlang_action_t mod_map_proc(unlang_result_t *p_result, map_ctx_t const *mpctx, request_t *request,
892 fr_value_box_list_t *query, UNUSED map_list_t const *maps)
893{
894 rlm_sql_t const *inst = talloc_get_type_abort_const(mpctx->moi, rlm_sql_t);
895 rlm_sql_thread_t *thread = talloc_get_type_abort(module_thread(inst->mi)->data, rlm_sql_thread_t);
896 fr_value_box_t *query_head = fr_value_box_list_head(query);
897 fr_sql_query_t *query_ctx = NULL;
898 fr_value_box_t *vb = NULL;
899 rlm_sql_escape_uctx_t *escape_uctx = NULL;
900
901 fr_assert(inst->driver->sql_fields); /* Should have been caught during validation... */
902
903 if (!query_head) {
904 REDEBUG("Query cannot be (null)");
905 RETURN_UNLANG_FAIL;
906 }
907
908 while ((vb = fr_value_box_list_next(query, vb))) {
909 if (fr_value_box_is_safe_for(vb, inst->driver)) continue;
910 if (!escape_uctx) escape_uctx = sql_escape_uctx_alloc(request, inst);
911 sql_box_escape(vb, escape_uctx);
912 }
913
914 if (fr_value_box_list_concat_in_place(request,
915 query_head, query, FR_TYPE_STRING,
916 FR_VALUE_BOX_LIST_FREE, true,
917 SIZE_MAX) < 0) {
918 RPEDEBUG("Failed concatenating input string");
919 RETURN_UNLANG_FAIL;
920 }
921
922 query_ctx = fr_sql_query_alloc(unlang_interpret_frame_talloc_ctx(request), inst, request,
923 thread->trunk, query_head->vb_strvalue, SQL_QUERY_SELECT);
924
925 if (unlang_map_yield(request, mod_map_resume, NULL, 0, query_ctx) != UNLANG_ACTION_YIELD) RETURN_UNLANG_FAIL;
926 return unlang_function_push_with_result(/* discard, mod_map_resume just uses query_ctx->rcode */ NULL,
927 request,
928 inst->select,
929 NULL,
930 NULL,
931 0, UNLANG_SUB_FRAME,
932 query_ctx);
933}
934
935/** xlat escape function for drivers which do not provide their own
936 *
937 */
938static ssize_t sql_escape_func(UNUSED request_t *request, char *out, size_t outlen, char const *in, void *arg)
939{
940 rlm_sql_t const *inst = talloc_get_type_abort_const(arg, rlm_sql_t);
941 size_t len = 0;
942
943 while (*in) {
944 size_t utf8_len;
945
946 /*
947 * Allow all multi-byte UTF8 characters.
948 */
949 utf8_len = fr_utf8_char((uint8_t const *) in, -1);
950 if (utf8_len > 1) {
951 if (outlen <= utf8_len) break;
952
953 memcpy(out, in, utf8_len);
954 in += utf8_len;
955 out += utf8_len;
956
957 outlen -= utf8_len;
958 len += utf8_len;
959 continue;
960 }
961
962 /*
963 * Because we register our own escape function
964 * we're now responsible for escaping all special
965 * chars in an xlat expansion or attribute value.
966 */
967 switch (*in) {
968 case '\n':
969 if (outlen <= 2) break;
970 out[0] = '\\';
971 out[1] = 'n';
972 goto next;
973
974 case '\r':
975 if (outlen <= 2) break;
976 out[0] = '\\';
977 out[1] = 'r';
978 goto next;
979
980 case '\t':
981 if (outlen <= 2) break;
982 out[0] = '\\';
983 out[1] = 't';
984
985 next:
986 in++;
987 out += 2;
988 outlen -= 2;
989 len += 2;
990 continue;
991 }
992
993 /*
994 * Non-printable characters get replaced with their
995 * mime-encoded equivalents.
996 */
997 if ((*in < 32) ||
998 strchr(inst->config.allowed_chars, *in) == NULL) {
999 /*
1000 * Only 3 or less bytes available.
1001 */
1002 if (outlen <= 3) {
1003 break;
1004 }
1005
1006 snprintf(out, outlen, "=%02X", (unsigned char) in[0]);
1007 in++;
1008 out += 3;
1009 outlen -= 3;
1010 len += 3;
1011 continue;
1012 }
1013
1014 /*
1015 * Only one byte left.
1016 */
1017 if (outlen <= 1) {
1018 break;
1019 }
1020
1021 /*
1022 * Allowed character.
1023 */
1024 *out = *in;
1025 out++;
1026 in++;
1027 outlen--;
1028 len++;
1029 }
1030 *out = '\0';
1031 return len;
1032}
1033
1034/*
1035 * Set the SQL user name.
1036 *
1037 * We don't call the escape function here. The resulting string
1038 * will be escaped later in the queries xlat so we don't need to
1039 * escape it twice. (it will make things wrong if we have an
1040 * escape candidate character in the username)
1041 */
1042static void sql_set_user(rlm_sql_t const *inst, request_t *request, fr_value_box_t *user)
1043{
1044 fr_pair_t *vp = NULL;
1045
1046 fr_assert(request->packet != NULL);
1047
1048 MEM(pair_update_request(&vp, inst->sql_user) >= 0);
1049 if(!user || (user->type != FR_TYPE_STRING)) {
1050 pair_delete_request(vp);
1051 return;
1052 }
1053
1054 /*
1055 * Replace any existing SQL-User-Name with new value
1056 */
1057 fr_pair_value_bstrdup_buffer(vp, user->vb_strvalue, user->tainted);
1058 RDEBUG2("SQL-User-Name set to '%pV'", &vp->data);
1059}
1060
1061/*
1062 * Do a set/unset user, so it's a bit clearer what's going on.
1063 */
1064#define sql_unset_user(_i, _r) fr_pair_delete_by_da(&_r->request_pairs, _i->sql_user)
1065
1066
1071
1072static unlang_action_t sql_get_grouplist_resume(unlang_result_t *p_result, request_t *request, void *uctx)
1073{
1074 sql_group_ctx_t *group_ctx = talloc_get_type_abort(uctx, sql_group_ctx_t);
1075 fr_sql_query_t *query_ctx = group_ctx->query_ctx;
1076 rlm_sql_t const *inst = group_ctx->inst;
1077 rlm_sql_row_t row;
1078 rlm_sql_grouplist_t *entry = group_ctx->groups;
1079
1080 if (query_ctx->rcode != RLM_SQL_OK) {
1081 error:
1082 rlm_sql_print_error(inst, request, query_ctx, false);
1083 talloc_free(query_ctx);
1084 RETURN_UNLANG_FAIL;
1085 }
1086
1087 while ((inst->fetch_row(p_result, request, query_ctx) == UNLANG_ACTION_CALCULATE_RESULT) &&
1088 (query_ctx->rcode == RLM_SQL_OK)) {
1089 row = query_ctx->row;
1090 if (!row[0]){
1091 RDEBUG2("row[0] returned NULL");
1092 goto error;
1093 }
1094
1095 if (!entry) {
1096 group_ctx->groups = talloc_zero(group_ctx, rlm_sql_grouplist_t);
1097 entry = group_ctx->groups;
1098 } else {
1099 entry->next = talloc_zero(group_ctx, rlm_sql_grouplist_t);
1100 entry = entry->next;
1101 }
1102 entry->next = NULL;
1103 entry->name = talloc_strdup(entry, row[0]);
1104
1105 group_ctx->num_groups++;
1106 }
1107
1108 talloc_free(query_ctx);
1109 RETURN_UNLANG_OK;
1110}
1111
1112static unlang_action_t sql_get_grouplist(unlang_result_t *p_result, sql_group_ctx_t *group_ctx, trunk_t *trunk, request_t *request)
1113{
1114 rlm_sql_t const *inst = group_ctx->inst;
1115
1116 /* NOTE: sql_set_user should have been run before calling this function */
1117
1118 if (!group_ctx->query || (group_ctx->query->vb_length == 0)) return UNLANG_ACTION_CALCULATE_RESULT;
1119
1120 MEM(group_ctx->query_ctx = fr_sql_query_alloc(group_ctx, inst, request, trunk,
1121 group_ctx->query->vb_strvalue, SQL_QUERY_SELECT));
1122
1123 if (unlang_function_push_with_result(/* sql_get_grouplist_resume translates the query_ctx->rocde into a module rcode */p_result,
1124 request,
1125 NULL,
1126 sql_get_grouplist_resume,
1127 NULL,
1128 0, UNLANG_SUB_FRAME,
1129 group_ctx) < 0) return UNLANG_ACTION_FAIL;
1130
1131 return unlang_function_push_with_result(/* discard, sql_get_grouplist_resume translates rcodes */NULL,
1132 request,
1133 inst->select,
1134 NULL,
1135 NULL, 0,
1136 UNLANG_SUB_FRAME, group_ctx->query_ctx);
1137}
1138
1139typedef struct {
1140 fr_value_box_list_t query;
1141 sql_group_ctx_t *group_ctx;
1142} sql_group_xlat_ctx_t;
1143
1144/** Compare list of groups returned from SQL query to xlat argument.
1145 *
1146 * Called after the SQL query has completed and group list has been built.
1147 */
1148static xlat_action_t sql_group_xlat_query_resume(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx,
1149 UNUSED request_t *request, fr_value_box_list_t *in)
1150{
1151 sql_group_xlat_ctx_t *xlat_ctx = talloc_get_type_abort(xctx->rctx, sql_group_xlat_ctx_t);
1152 sql_group_ctx_t *group_ctx = talloc_get_type_abort(xlat_ctx->group_ctx, sql_group_ctx_t);
1153 fr_value_box_t *arg = fr_value_box_list_head(in);
1154 char const *name = arg->vb_strvalue;
1155 fr_value_box_t *vb;
1156 rlm_sql_grouplist_t *entry;
1157
1158 fr_skip_whitespace(name);
1159
1160 MEM(vb = fr_value_box_alloc(ctx, FR_TYPE_BOOL, attr_expr_bool_enum));
1161 for (entry = group_ctx->groups; entry != NULL; entry = entry->next) {
1162 if (strcmp(entry->name, name) == 0) {
1163 vb->vb_bool = true;
1164 break;
1165 }
1166 }
1167 fr_dcursor_append(out, vb);
1168
1169 talloc_free(xlat_ctx);
1170
1171 return XLAT_ACTION_DONE;
1172}
1173
1174/** Run SQL query for group membership to return list of groups
1175 *
1176 * Called after group membership query tmpl is expanded
1177 */
1178static xlat_action_t sql_group_xlat_resume(UNUSED TALLOC_CTX *ctx, UNUSED fr_dcursor_t *out, xlat_ctx_t const *xctx,
1179 request_t *request, UNUSED fr_value_box_list_t *in)
1180{
1181 sql_group_xlat_ctx_t *xlat_ctx = talloc_get_type_abort(xctx->rctx, sql_group_xlat_ctx_t);
1182 rlm_sql_t const *inst = talloc_get_type_abort(xctx->mctx->mi->data, rlm_sql_t);
1183 rlm_sql_thread_t *thread = talloc_get_type_abort(xctx->mctx->thread, rlm_sql_thread_t);
1184 fr_value_box_t *query;
1185
1186 query = fr_value_box_list_head(&xlat_ctx->query);
1187 if (!query) return XLAT_ACTION_FAIL;
1188
1189 MEM(xlat_ctx->group_ctx = talloc(xlat_ctx, sql_group_ctx_t));
1190
1191 *xlat_ctx->group_ctx = (sql_group_ctx_t) {
1192 .inst = inst,
1193 .query = query,
1194 };
1195
1196 if (unlang_xlat_yield(request, sql_group_xlat_query_resume, NULL, 0, xlat_ctx) != XLAT_ACTION_YIELD) return XLAT_ACTION_FAIL;
1197
1198 if (sql_get_grouplist(NULL, xlat_ctx->group_ctx, thread->trunk, request) != UNLANG_ACTION_PUSHED_CHILD) {
1199 return XLAT_ACTION_FAIL;
1200 }
1201
1202 return XLAT_ACTION_PUSH_UNLANG;
1203}
1204
1205
1206/** Check if the user is a member of a particular group
1207 *
1208@verbatim
1209%sql.group(<name>)
1210@endverbatim
1211 *
1212 * @ingroup xlat_functions
1213 */
1214static xlat_action_t sql_group_xlat(UNUSED TALLOC_CTX *ctx, UNUSED fr_dcursor_t *out, xlat_ctx_t const *xctx,
1215 request_t *request, UNUSED fr_value_box_list_t *in)
1216{
1217 sql_group_xlat_call_env_t *call_env = talloc_get_type_abort(xctx->env_data, sql_group_xlat_call_env_t);
1218 sql_group_xlat_ctx_t *xlat_ctx;
1219 rlm_sql_t const *inst = talloc_get_type_abort(xctx->mctx->mi->data, rlm_sql_t);
1220
1221 if (!call_env->membership_query) {
1222 RWARN("Cannot check group membership - group_membership_query not set");
1223 return XLAT_ACTION_FAIL;
1224 }
1225
1226 /*
1227 * Set the user attr here
1228 */
1229 sql_set_user(inst, request, &call_env->user);
1230
1231 MEM(xlat_ctx = talloc_zero(unlang_interpret_frame_talloc_ctx(request), sql_group_xlat_ctx_t));
1232 fr_value_box_list_init(&xlat_ctx->query);
1233
1234 if (unlang_xlat_yield(request, sql_group_xlat_resume, NULL, 0, xlat_ctx) != XLAT_ACTION_YIELD) return XLAT_ACTION_FAIL;
1235 if (unlang_tmpl_push(xlat_ctx, NULL, &xlat_ctx->query, request, call_env->membership_query, NULL, UNLANG_SUB_FRAME) < 0) return XLAT_ACTION_FAIL;
1236 return XLAT_ACTION_PUSH_UNLANG;
1237}
1238
1239/** Process a "check" map
1240 *
1241 * Any entries using an assignment operator will be moved to the reply map
1242 * for later merging into the request.
1243 *
1244 * @param request Current request.
1245 * @param check_map to process.
1246 * @param reply_map where any assignment entries will be moved.
1247 * @return
1248 * - 0 if all the check entries pass.
1249 * - -1 if the checks fail.
1250 */
1251static int check_map_process(request_t *request, map_list_t *check_map, map_list_t *reply_map)
1252{
1253 map_t *map, *next;
1254
1255 for (map = map_list_head(check_map);
1256 map != NULL;
1257 map = next) {
1258 next = map_list_next(check_map, map);
1259
1260 if (fr_assignment_op[map->op]) {
1261 (void) map_list_remove(check_map, map);
1262 map_list_insert_tail(reply_map, map);
1263 continue;
1264 }
1265
1266 if (!fr_comparison_op[map->op]) {
1267 REDEBUG("Invalid operator '%s'", fr_tokens[map->op]);
1268 goto fail;
1269 }
1270
1271 if (fr_type_is_structural(tmpl_attr_tail_da(map->lhs)->type) &&
1272 (map->op != T_OP_CMP_TRUE) && (map->op != T_OP_CMP_FALSE)) {
1273 REDEBUG("Invalid comparison for structural type");
1274 goto fail;
1275 }
1276
1277 RDEBUG2(" &%s %s %s", map->lhs->name, fr_tokens[map->op], map->rhs->name);
1278 if (radius_legacy_map_cmp(request, map) != 1) {
1279 fail:
1280 map_list_talloc_free(check_map);
1281 map_list_talloc_free(reply_map);
1282 RDEBUG2("failed match: skipping this entry");
1283 return -1;
1284 }
1285 }
1286 return 0;
1287}
1288
1289static int sql_autz_ctx_free(sql_autz_ctx_t *to_free)
1290{
1291 if (!to_free->inst->sql_escape_arg) (void) request_data_get(to_free->request, (void *)sql_escape_uctx_alloc, 0);
1292 map_list_talloc_free(&to_free->check_tmp);
1293 map_list_talloc_free(&to_free->reply_tmp);
1294 sql_unset_user(to_free->inst, to_free->request);
1295
1296 return 0;
1297}
1298
1299/** Resume function called after authorization group / profile expansion of check / reply query tmpl
1300 *
1301 * Groups and profiles are treated almost identically except:
1302 * - groups are read from an SQL query
1303 * - profiles are read from &control.User-Profile
1304 * - if `cache_groups` is set, groups populate &control.SQL-Group
1305 *
1306 * Profiles are handled after groups, and will not happend if the last group resulted in `Fall-Through = no`
1307 *
1308 * Before each query is run, &request.SQL-Group is populated with the value of the group being evaluated.
1309 *
1310 * @param p_result Result of current authorization.
1311 * @param mctx Current request.
1312 * @param request Current authorization context.
1313 * @return one of the RLM_MODULE_* values.
1314 */
1315static unlang_action_t CC_HINT(nonnull) mod_autz_group_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
1316{
1317 sql_autz_ctx_t *autz_ctx = talloc_get_type_abort(mctx->rctx, sql_autz_ctx_t);
1318 sql_autz_call_env_t *call_env = autz_ctx->call_env;
1319 sql_group_ctx_t *group_ctx = autz_ctx->group_ctx;
1320 fr_sql_map_ctx_t *map_ctx = autz_ctx->map_ctx;
1321 rlm_sql_t const *inst = autz_ctx->inst;
1322 fr_value_box_t *query = fr_value_box_list_pop_head(&autz_ctx->query);
1323 sql_fall_through_t do_fall_through = FALL_THROUGH_DEFAULT;
1324 fr_pair_t *vp;
1325
1326 switch (p_result->rcode) {
1327 case RLM_MODULE_USER_SECTION_REJECT:
1328 return UNLANG_ACTION_CALCULATE_RESULT;
1329
1330 default:
1331 break;
1332 }
1333
1334 switch(autz_ctx->status) {
1335 case SQL_AUTZ_GROUP_MEMB:
1336 if (!query) RETURN_UNLANG_FAIL;
1337 if (unlang_module_yield(request, mod_autz_group_resume, NULL, 0, mctx->rctx) == UNLANG_ACTION_FAIL) RETURN_UNLANG_FAIL;
1338 MEM(autz_ctx->group_ctx = talloc(autz_ctx, sql_group_ctx_t));
1339 *autz_ctx->group_ctx = (sql_group_ctx_t) {
1340 .inst = inst,
1341 .query = query,
1342 };
1343
1344 if (sql_get_grouplist(p_result, autz_ctx->group_ctx, autz_ctx->trunk, request) == UNLANG_ACTION_PUSHED_CHILD) {
1345 autz_ctx->status = SQL_AUTZ_GROUP_MEMB_RESUME;
1346 return UNLANG_ACTION_PUSHED_CHILD;
1347 }
1348
1349 group_ctx = autz_ctx->group_ctx;
1350
1351 FALL_THROUGH;
1352
1353 case SQL_AUTZ_GROUP_MEMB_RESUME:
1354 talloc_free(group_ctx->query);
1355
1356 if (group_ctx->num_groups == 0) {
1357 RDEBUG2("User not found in any groups");
1358 break;
1359 }
1360 fr_assert(group_ctx->groups);
1361
1362 RDEBUG2("User found in the group table");
1363 autz_ctx->user_found = true;
1364 autz_ctx->group = group_ctx->groups;
1365 MEM(pair_update_request(&autz_ctx->sql_group, inst->group_da) >= 0);
1366
1367 next_group:
1368 fr_pair_value_strdup(autz_ctx->sql_group, autz_ctx->group->name, true);
1369 autz_ctx->status = SQL_AUTZ_GROUP_CHECK;
1370 FALL_THROUGH;
1371
1372 case SQL_AUTZ_PROFILE_START:
1373 next_profile:
1374 if (autz_ctx->status & SQL_AUTZ_STAGE_PROFILE) {
1375 fr_pair_value_strdup(autz_ctx->sql_group, autz_ctx->profile->vp_strvalue, true);
1376 autz_ctx->status = SQL_AUTZ_PROFILE_CHECK;
1377 }
1378 RDEBUG3("Processing %s %pV",
1379 autz_ctx->status & SQL_AUTZ_STAGE_GROUP ? "group" : "profile", &autz_ctx->sql_group->data);
1380 if (inst->config.cache_groups && autz_ctx->status & SQL_AUTZ_STAGE_GROUP) {
1381 MEM(pair_append_control(&vp, inst->group_da) >= 0);
1382 fr_pair_value_strdup(vp, autz_ctx->group->name, true);
1383 }
1384
1385 if (call_env->group_check_query) {
1386 if (unlang_module_yield(request, mod_autz_group_resume, NULL, 0, mctx->rctx) == UNLANG_ACTION_FAIL) RETURN_UNLANG_FAIL;
1387 if (unlang_tmpl_push(autz_ctx, NULL, &autz_ctx->query, request,
1388 call_env->group_check_query, NULL, UNLANG_SUB_FRAME) < 0) RETURN_UNLANG_FAIL;
1389 return UNLANG_ACTION_PUSHED_CHILD;
1390 }
1391
1392 if (call_env->group_reply_query) goto group_reply_push;
1393
1394 break;
1395
1396 case SQL_AUTZ_GROUP_CHECK:
1397 case SQL_AUTZ_PROFILE_CHECK:
1398 if (!query) RETURN_UNLANG_FAIL;
1399 *autz_ctx->map_ctx = (fr_sql_map_ctx_t) {
1400 .ctx = autz_ctx,
1401 .inst = inst,
1402 .out = &autz_ctx->check_tmp,
1403 .list = request_attr_request,
1404 .query = query,
1405 };
1406
1407 if (unlang_module_yield(request, mod_autz_group_resume, NULL, 0, mctx->rctx) == UNLANG_ACTION_FAIL) RETURN_UNLANG_FAIL;
1408 if (sql_get_map_list(p_result, request, map_ctx, autz_ctx->trunk) == UNLANG_ACTION_PUSHED_CHILD) {
1409 autz_ctx->status = autz_ctx->status & SQL_AUTZ_STAGE_GROUP ? SQL_AUTZ_GROUP_CHECK_RESUME : SQL_AUTZ_PROFILE_CHECK_RESUME;
1410 return UNLANG_ACTION_PUSHED_CHILD;
1411 }
1412
1413 FALL_THROUGH;
1414
1415 case SQL_AUTZ_GROUP_CHECK_RESUME:
1416 case SQL_AUTZ_PROFILE_CHECK_RESUME:
1417 talloc_free(map_ctx->query);
1418
1419 /*
1420 * If we got check rows we need to process them before we decide to
1421 * process the reply rows
1422 */
1423 if (map_ctx->rows > 0) {
1424 if (check_map_process(request, &autz_ctx->check_tmp, &autz_ctx->reply_tmp) < 0) {
1425 map_list_talloc_free(&autz_ctx->check_tmp);
1426 goto next_group_find;
1427 }
1428 RDEBUG2("%s \"%pV\": Conditional check items matched",
1429 autz_ctx->status & SQL_AUTZ_STAGE_GROUP ? "Group" : "Profile", &autz_ctx->sql_group->data);
1430 } else {
1431 RDEBUG2("%s \"%pV\": Conditional check items matched (empty)",
1432 autz_ctx->status & SQL_AUTZ_STAGE_GROUP ? "Group" : "Profile", &autz_ctx->sql_group->data);
1433 }
1434
1435 if (autz_ctx->rcode == RLM_MODULE_NOOP) autz_ctx->rcode = RLM_MODULE_OK;
1436
1437 map_list_talloc_free(&autz_ctx->check_tmp);
1438
1439 if (call_env->group_reply_query) {
1440 group_reply_push:
1441 if (unlang_module_yield(request, mod_autz_group_resume, NULL, 0, mctx->rctx) == UNLANG_ACTION_FAIL) RETURN_UNLANG_FAIL;
1442 if (unlang_tmpl_push(autz_ctx, NULL, &autz_ctx->query, request,
1443 call_env->group_reply_query, NULL, UNLANG_SUB_FRAME) < 0) RETURN_UNLANG_FAIL;
1444 autz_ctx->status = autz_ctx->status & SQL_AUTZ_STAGE_GROUP ? SQL_AUTZ_GROUP_REPLY : SQL_AUTZ_PROFILE_REPLY;
1445 return UNLANG_ACTION_PUSHED_CHILD;
1446 }
1447
1448 if (map_list_num_elements(&autz_ctx->reply_tmp)) goto group_attr_cache;
1449
1450 goto next_group_find;
1451
1452 case SQL_AUTZ_GROUP_REPLY:
1453 case SQL_AUTZ_PROFILE_REPLY:
1454 if (!query) RETURN_UNLANG_FAIL;
1455 *autz_ctx->map_ctx = (fr_sql_map_ctx_t) {
1456 .ctx = autz_ctx,
1457 .inst = inst,
1458 .out = &autz_ctx->reply_tmp,
1459 .list = request_attr_reply,
1460 .query = query,
1461 .expand_rhs = true,
1462 };
1463
1464 if (unlang_module_yield(request, mod_autz_group_resume, NULL, 0, mctx->rctx) == UNLANG_ACTION_FAIL) RETURN_UNLANG_FAIL;
1465 if (sql_get_map_list(p_result, request, map_ctx, autz_ctx->trunk) == UNLANG_ACTION_PUSHED_CHILD) {
1466 autz_ctx->status = autz_ctx->status & SQL_AUTZ_STAGE_GROUP ? SQL_AUTZ_GROUP_REPLY_RESUME : SQL_AUTZ_PROFILE_REPLY_RESUME;
1467 return UNLANG_ACTION_PUSHED_CHILD;
1468 }
1469
1470 FALL_THROUGH;
1471
1472 case SQL_AUTZ_GROUP_REPLY_RESUME:
1473 case SQL_AUTZ_PROFILE_REPLY_RESUME:
1474 talloc_free(map_ctx->query);
1475
1476 if (map_ctx->rows == 0) {
1477 do_fall_through = FALL_THROUGH_DEFAULT;
1478 goto group_attr_cache;
1479 }
1480
1481 fr_assert(!map_list_empty(&autz_ctx->reply_tmp)); /* coverity, among others */
1482 do_fall_through = fall_through(&autz_ctx->reply_tmp);
1483
1484 group_attr_cache:
1485 if (inst->config.cache_groups && autz_ctx->status & SQL_AUTZ_STAGE_GROUP) {
1486 MEM(pair_append_control(&vp, inst->group_da) >= 0);
1487 fr_pair_value_strdup(vp, autz_ctx->group->name, true);
1488 }
1489
1490 if (map_list_num_elements(&autz_ctx->reply_tmp) == 0) goto next_group_find;
1491 RDEBUG2("%s \"%pV\": Merging control and reply items",
1492 autz_ctx->status & SQL_AUTZ_STAGE_GROUP ? "Group" : "Profile", &autz_ctx->sql_group->data);
1493 autz_ctx->rcode = RLM_MODULE_UPDATED;
1494
1495 RINDENT();
1496 if (radius_legacy_map_list_apply(request, &autz_ctx->reply_tmp, NULL) < 0) {
1497 RPEDEBUG("Failed applying reply item");
1498 REXDENT();
1499 RETURN_UNLANG_FAIL;
1500 }
1501 REXDENT();
1502 map_list_talloc_free(&autz_ctx->reply_tmp);
1503
1504 next_group_find:
1505 if (do_fall_through != FALL_THROUGH_YES) break;
1506 if (autz_ctx->status & SQL_AUTZ_STAGE_PROFILE) {
1507 autz_ctx->profile = fr_pair_find_by_da(&request->control_pairs, autz_ctx->profile, attr_user_profile);
1508 if (autz_ctx->profile) goto next_profile;
1509 break;
1510 }
1511 autz_ctx->group = autz_ctx->group->next;
1512 if (autz_ctx->group) goto next_group;
1513
1514 break;
1515
1516 default:
1517 fr_assert(0);
1518 }
1519
1520 /*
1521 * If group processing has completed, check to see if profile processing should be done
1522 */
1523 if ((autz_ctx->status & SQL_AUTZ_STAGE_GROUP) &&
1524 ((do_fall_through == FALL_THROUGH_YES) ||
1525 (inst->config.read_profiles && (do_fall_through == FALL_THROUGH_DEFAULT)))) {
1526 RDEBUG3("... falling-through to profile processing");
1527
1528 autz_ctx->profile = fr_pair_find_by_da(&request->control_pairs, NULL, attr_user_profile);
1529 if (autz_ctx->profile) {
1530 MEM(pair_update_request(&autz_ctx->sql_group, inst->group_da) >= 0);
1531 autz_ctx->status = SQL_AUTZ_PROFILE_START;
1532 goto next_profile;
1533 }
1534 }
1535
1536 if (!autz_ctx->user_found) RETURN_UNLANG_NOTFOUND;
1537
1538 RETURN_UNLANG_RCODE(autz_ctx->rcode);
1539}
1540
1541/** Resume function called after authorization check / reply tmpl expansion
1542 *
1543 * @param p_result Result of current authorization.
1544 * @param mctx Module call ctx.
1545 * @param request Current request.
1546 * @return one of the RLM_MODULE_* values.
1547 */
1548static unlang_action_t CC_HINT(nonnull) mod_authorize_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
1549{
1550 sql_autz_ctx_t *autz_ctx = talloc_get_type_abort(mctx->rctx, sql_autz_ctx_t);
1551 sql_autz_call_env_t *call_env = autz_ctx->call_env;
1552 rlm_sql_t const *inst = autz_ctx->inst;
1553 fr_value_box_t *query = fr_value_box_list_pop_head(&autz_ctx->query);
1554 sql_fall_through_t do_fall_through = FALL_THROUGH_DEFAULT;
1555 fr_sql_map_ctx_t *map_ctx = autz_ctx->map_ctx;
1556
1557 /*
1558 * If a previous async call returned one of the "failure" results just return.
1559 */
1560 switch (p_result->rcode) {
1561 case RLM_MODULE_USER_SECTION_REJECT:
1562 return UNLANG_ACTION_CALCULATE_RESULT;
1563
1564 default:
1565 break;
1566 }
1567
1568 switch(autz_ctx->status) {
1569 case SQL_AUTZ_CHECK:
1570 if (!query) RETURN_UNLANG_FAIL;
1571 *autz_ctx->map_ctx = (fr_sql_map_ctx_t) {
1572 .ctx = autz_ctx,
1573 .inst = inst,
1574 .out = &autz_ctx->check_tmp,
1575 .list = request_attr_request,
1576 .query = query,
1577 };
1578
1579 if (unlang_module_yield(request, mod_authorize_resume, NULL, 0, autz_ctx) == UNLANG_ACTION_FAIL) RETURN_UNLANG_FAIL;
1580 if (sql_get_map_list(p_result, request, map_ctx, autz_ctx->trunk) == UNLANG_ACTION_PUSHED_CHILD){
1581 autz_ctx->status = SQL_AUTZ_CHECK_RESUME;
1582 return UNLANG_ACTION_PUSHED_CHILD;
1583 }
1584
1585 FALL_THROUGH;
1586
1587 case SQL_AUTZ_CHECK_RESUME:
1588 talloc_free(map_ctx->query);
1589
1590 if (map_ctx->rows == 0) goto skip_reply; /* Don't need to handle map entries we don't have */
1591
1592 /*
1593 * Only do this if *some* check pairs were returned
1594 */
1595 RDEBUG2("User found in radcheck table");
1596 autz_ctx->user_found = true;
1597
1598 if (check_map_process(request, &autz_ctx->check_tmp, &autz_ctx->reply_tmp) < 0) goto skip_reply;
1599 RDEBUG2("Conditional check items matched");
1600
1601 autz_ctx->rcode = RLM_MODULE_OK;
1602 map_list_talloc_free(&autz_ctx->check_tmp);
1603
1604 if (!call_env->reply_query) goto skip_reply;
1605
1606 if (unlang_module_yield(request, mod_authorize_resume, NULL, 0, autz_ctx) == UNLANG_ACTION_FAIL) RETURN_UNLANG_FAIL;
1607 if (unlang_tmpl_push(autz_ctx, NULL, &autz_ctx->query, request, call_env->reply_query, NULL, UNLANG_SUB_FRAME) < 0) RETURN_UNLANG_FAIL;
1608 autz_ctx->status = SQL_AUTZ_REPLY;
1609 return UNLANG_ACTION_PUSHED_CHILD;
1610
1611 case SQL_AUTZ_REPLY:
1612 if (!query) RETURN_UNLANG_FAIL;
1613 *autz_ctx->map_ctx = (fr_sql_map_ctx_t) {
1614 .ctx = autz_ctx,
1615 .inst = inst,
1616 .out = &autz_ctx->reply_tmp,
1617 .list = request_attr_reply,
1618 .query = query,
1619 .expand_rhs = true,
1620 };
1621
1622 if (unlang_module_yield(request, mod_authorize_resume, NULL, 0, autz_ctx) == UNLANG_ACTION_FAIL) RETURN_UNLANG_FAIL;
1623 if (sql_get_map_list(p_result, request, map_ctx, autz_ctx->trunk) == UNLANG_ACTION_PUSHED_CHILD){
1624 autz_ctx->status = SQL_AUTZ_REPLY_RESUME;
1625 return UNLANG_ACTION_PUSHED_CHILD;
1626 }
1627
1628 FALL_THROUGH;
1629
1630 case SQL_AUTZ_REPLY_RESUME:
1631 talloc_free(map_ctx->query);
1632
1633 if (map_ctx->rows == 0) goto skip_reply;
1634
1635 do_fall_through = fall_through(&autz_ctx->reply_tmp);
1636
1637 RDEBUG2("User found in radreply table");
1638 autz_ctx->user_found = true;
1639
1640 skip_reply:
1641 if (map_list_num_elements(&autz_ctx->reply_tmp)) {
1642 RDEBUG2("Merging control and reply items");
1643 RINDENT();
1644 if (radius_legacy_map_list_apply(request, &autz_ctx->reply_tmp, NULL) < 0) {
1645 RPEDEBUG("Failed applying item");
1646 REXDENT();
1647 RETURN_UNLANG_FAIL;
1648 }
1649 REXDENT();
1650
1651 autz_ctx->rcode = RLM_MODULE_UPDATED;
1652 map_list_talloc_free(&autz_ctx->reply_tmp);
1653 }
1654
1655 if ((do_fall_through == FALL_THROUGH_YES) ||
1656 (inst->config.read_groups && (do_fall_through == FALL_THROUGH_DEFAULT))) {
1657 RDEBUG3("... falling-through to group processing");
1658
1659 if (!call_env->membership_query) {
1660 RWARN("Cannot check groups when group_membership_query is not set");
1661 break;
1662 }
1663
1664 if (!call_env->group_check_query && !call_env->group_reply_query) {
1665 RWARN("Cannot process groups when neither authorize_group_check_query nor authorize_group_reply_query are set");
1666 break;
1667 }
1668
1669 if (unlang_module_yield(request, mod_autz_group_resume, NULL, 0, autz_ctx) == UNLANG_ACTION_FAIL) RETURN_UNLANG_FAIL;
1670 if (unlang_tmpl_push(autz_ctx, NULL, &autz_ctx->query, request,
1671 call_env->membership_query, NULL, UNLANG_SUB_FRAME) < 0) RETURN_UNLANG_FAIL;
1672 autz_ctx->status = SQL_AUTZ_GROUP_MEMB;
1673 return UNLANG_ACTION_PUSHED_CHILD;
1674 }
1675
1676 if ((do_fall_through == FALL_THROUGH_YES) ||
1677 (inst->config.read_profiles && (do_fall_through == FALL_THROUGH_DEFAULT))) {
1678 RDEBUG3("... falling-through to profile processing");
1679
1680 if (!call_env->group_check_query && !call_env->group_reply_query) {
1681 RWARN("Cannot process profiles when neither authorize_group_check_query nor authorize_group_reply_query are set");
1682 break;
1683 }
1684
1685 autz_ctx->profile = fr_pair_find_by_da(&request->control_pairs, NULL, attr_user_profile);
1686 if (!autz_ctx->profile) break;
1687
1688 MEM(pair_update_request(&autz_ctx->sql_group, inst->group_da) >= 0);
1689 autz_ctx->status = SQL_AUTZ_PROFILE_START;
1690 return mod_autz_group_resume(p_result, mctx, request);
1691 }
1692 break;
1693
1694 default:
1695 fr_assert_msg(0, "Invalid status %d in mod_authorize_resume", autz_ctx->status);
1696 }
1697
1698 if (!autz_ctx->user_found) RETURN_UNLANG_NOTFOUND;
1699 RETURN_UNLANG_RCODE(autz_ctx->rcode);
1700}
1701
1702/** Start of module authorize method
1703 *
1704 * Pushes the tmpl relating to the first required query for evaluation
1705 */
1706static unlang_action_t CC_HINT(nonnull) mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
1707{
1708 rlm_sql_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_sql_t);
1709 rlm_sql_thread_t *thread = talloc_get_type_abort(mctx->thread, rlm_sql_thread_t);
1710 sql_autz_call_env_t *call_env = talloc_get_type_abort(mctx->env_data, sql_autz_call_env_t);
1711 sql_autz_ctx_t *autz_ctx;
1712
1713 fr_assert(request->packet != NULL);
1714 fr_assert(request->reply != NULL);
1715
1716 if (!call_env->check_query && !call_env->reply_query && !(inst->config.read_groups && call_env->membership_query)) {
1717 RWDEBUG("No authorization checks configured, returning noop");
1718 RETURN_UNLANG_NOOP;
1719 }
1720
1721 /*
1722 * Set and check the user attr here
1723 */
1724 sql_set_user(inst, request, &call_env->user);
1725
1726 MEM(autz_ctx = talloc(unlang_interpret_frame_talloc_ctx(request), sql_autz_ctx_t));
1727 *autz_ctx = (sql_autz_ctx_t) {
1728 .inst = inst,
1729 .call_env = call_env,
1730 .request = request,
1731 .trunk = thread->trunk,
1732 .rcode = RLM_MODULE_NOOP
1733 };
1734 map_list_init(&autz_ctx->check_tmp);
1735 map_list_init(&autz_ctx->reply_tmp);
1736 MEM(autz_ctx->map_ctx = talloc_zero(autz_ctx, fr_sql_map_ctx_t));
1737 talloc_set_destructor(autz_ctx, sql_autz_ctx_free);
1738
1739 if (unlang_module_yield(request,
1740 (call_env->check_query || call_env->reply_query) ? mod_authorize_resume : mod_autz_group_resume,
1741 NULL, 0, autz_ctx) == UNLANG_ACTION_FAIL) {
1742 error:
1743 talloc_free(autz_ctx);
1744 RETURN_UNLANG_FAIL;
1745 }
1746
1747 fr_value_box_list_init(&autz_ctx->query);
1748
1749 /*
1750 * Query the check table to find any conditions associated with this user/realm/whatever...
1751 */
1752 if (call_env->check_query) {
1753 if (unlang_tmpl_push(autz_ctx, NULL, &autz_ctx->query, request, call_env->check_query, NULL, UNLANG_SUB_FRAME) < 0) goto error;
1754 autz_ctx->status = SQL_AUTZ_CHECK;
1755 return UNLANG_ACTION_PUSHED_CHILD;
1756 }
1757
1758 if (call_env->reply_query) {
1759 if (unlang_tmpl_push(autz_ctx, NULL, &autz_ctx->query, request, call_env->reply_query, NULL, UNLANG_SUB_FRAME) < 0) goto error;
1760 autz_ctx->status = SQL_AUTZ_REPLY;
1761 return UNLANG_ACTION_PUSHED_CHILD;
1762 }
1763
1764 /*
1765 * Neither check nor reply queries were set, so we must be doing group stuff
1766 */
1767 if (unlang_tmpl_push(autz_ctx, NULL, &autz_ctx->query, request, call_env->membership_query, NULL, UNLANG_SUB_FRAME) < 0) goto error;
1768 autz_ctx->status = SQL_AUTZ_GROUP_MEMB;
1769 return UNLANG_ACTION_PUSHED_CHILD;
1770}
1771
1772/** Tidy up when freeing an SQL redundant context
1773 *
1774 * Release the connection handle and unset the SQL-User attribute.
1775 */
1776static int sql_redundant_ctx_free(sql_redundant_ctx_t *to_free)
1777{
1778 if (!to_free->inst->sql_escape_arg) (void) request_data_get(to_free->request, (void *)sql_escape_uctx_alloc, 0);
1779 sql_unset_user(to_free->inst, to_free->request);
1780
1781 return 0;
1782}
1783
1784static unlang_action_t mod_sql_redundant_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request);
1785
1786/** Resume function called after executing an SQL query in a redundant list of queries.
1787 *
1788 * @param p_result Result of current module call.
1789 * @param mctx Current module ctx.
1790 * @param request Current request.
1791 * @return one of the RLM_MODULE_* values.
1792 */
1793static unlang_action_t mod_sql_redundant_query_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
1794{
1795 sql_redundant_ctx_t *redundant_ctx = talloc_get_type_abort(mctx->rctx, sql_redundant_ctx_t);
1796 sql_redundant_call_env_t *call_env = redundant_ctx->call_env;
1797 rlm_sql_t const *inst = redundant_ctx->inst;
1798 fr_sql_query_t *query_ctx = redundant_ctx->query_ctx;
1799 int numaffected = 0;
1800
1801 RDEBUG2("SQL query returned: %s", fr_table_str_by_value(sql_rcode_description_table, query_ctx->rcode, "<INVALID>"));
1802
1803 switch (query_ctx->rcode) {
1804 /*
1805 * Query was a success! Now we just need to check if it did anything.
1806 */
1807 case RLM_SQL_OK:
1808 break;
1809
1810 /*
1811 * A general, unrecoverable server fault.
1812 */
1813 case RLM_SQL_ERROR:
1814 /*
1815 * If we get RLM_SQL_RECONNECT it means all connections in the pool
1816 * were exhausted, and we couldn't create a new connection,
1817 * so we do not need to call fr_pool_connection_release.
1818 */
1819 case RLM_SQL_RECONNECT:
1820 rlm_sql_print_error(inst, request, query_ctx, false);
1821 RETURN_UNLANG_FAIL;
1822
1823 /*
1824 * Query was invalid, this is a terminal error.
1825 */
1826 case RLM_SQL_QUERY_INVALID:
1827 rlm_sql_print_error(inst, request, query_ctx, false);
1828 RETURN_UNLANG_INVALID;
1829
1830 /*
1831 * Driver found an error (like a unique key constraint violation)
1832 * that hinted it might be a good idea to try an alternative query.
1833 */
1834 case RLM_SQL_ALT_QUERY:
1835 goto next;
1836
1837 case RLM_SQL_NO_MORE_ROWS:
1838 break;
1839 }
1840
1841 /*
1842 * We need to have updated something for the query to have been
1843 * counted as successful.
1844 */
1845 numaffected = (inst->driver->sql_affected_rows)(query_ctx, &inst->config);
1846 TALLOC_FREE(query_ctx);
1847 RDEBUG2("%i record(s) updated", numaffected);
1848
1849 if (numaffected > 0) {
1850 if (inst->query_number_da) {
1851 fr_pair_t *vp;
1852 if (unlikely(pair_update_control(&vp, inst->query_number_da) < 0)) RETURN_UNLANG_FAIL;
1853 vp->vp_uint32 = redundant_ctx->query_no + 1;
1854 RDEBUG2("control.%pP", vp);
1855 }
1856 RETURN_UNLANG_OK; /* A query succeeded, were done! */
1857 }
1858next:
1859 /*
1860 * Look to see if there are any more queries to expand
1861 */
1862 talloc_free(query_ctx);
1863 redundant_ctx->query_no++;
1864 if (redundant_ctx->query_no >= talloc_array_length(call_env->query)) RETURN_UNLANG_NOOP;
1865 if (unlang_module_yield(request, mod_sql_redundant_resume, NULL, 0, redundant_ctx) == UNLANG_ACTION_FAIL) RETURN_UNLANG_FAIL;
1866 if (unlang_tmpl_push(redundant_ctx, NULL, &redundant_ctx->query, request, call_env->query[redundant_ctx->query_no], NULL, UNLANG_SUB_FRAME) < 0) RETURN_UNLANG_FAIL;
1867
1868 RDEBUG2("Trying next query...");
1869
1870 return UNLANG_ACTION_PUSHED_CHILD;
1871}
1872
1873
1874/** Resume function called after expansion of next query in a redundant list of queries
1875 *
1876 * @param p_result Result of current module call.
1877 * @param mctx Current module ctx.
1878 * @param request Current request.
1879 * @return one of the RLM_MODULE_* values.
1880 */
1881static unlang_action_t mod_sql_redundant_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
1882{
1883 sql_redundant_ctx_t *redundant_ctx = talloc_get_type_abort(mctx->rctx, sql_redundant_ctx_t);
1884 sql_redundant_call_env_t *call_env = redundant_ctx->call_env;
1885 rlm_sql_t const *inst = redundant_ctx->inst;
1886
1887 redundant_ctx->query_vb = fr_value_box_list_pop_head(&redundant_ctx->query);
1888 if (!redundant_ctx->query_vb) RETURN_UNLANG_FAIL;
1889
1890 if ((call_env->filename.type == FR_TYPE_STRING) && (call_env->filename.vb_length > 0)) {
1891 rlm_sql_query_log(inst, call_env->filename.vb_strvalue, redundant_ctx->query_vb->vb_strvalue);
1892 }
1893
1894 MEM(redundant_ctx->query_ctx = fr_sql_query_alloc(redundant_ctx, inst, request, redundant_ctx->trunk,
1895 redundant_ctx->query_vb->vb_strvalue, SQL_QUERY_OTHER));
1896
1897 unlang_module_yield(request, mod_sql_redundant_query_resume, NULL, 0, redundant_ctx);
1898 return unlang_function_push_with_result(/* discard, mod_sql_redundant_query_resume uses query_ctx->rcode*/ NULL,
1899 request,
1900 inst->query,
1901 NULL,
1902 NULL,
1903 0, UNLANG_SUB_FRAME,
1904 redundant_ctx->query_ctx);
1905}
1906
1907/** Generic module call for failing between a bunch of queries.
1908 *
1909 * Used for `accounting` and `send` module calls
1910 *
1911 */
1912static unlang_action_t CC_HINT(nonnull) mod_sql_redundant(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
1913{
1914 rlm_sql_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_sql_t);
1915 rlm_sql_thread_t *thread = talloc_get_type_abort(mctx->thread, rlm_sql_thread_t);
1916 sql_redundant_call_env_t *call_env = talloc_get_type_abort(mctx->env_data, sql_redundant_call_env_t);
1917 sql_redundant_ctx_t *redundant_ctx;
1918
1919 /*
1920 * No query to expand - do nothing.
1921 */
1922 if (!call_env->query) {
1923 RWARN("No query configured");
1924 RETURN_UNLANG_NOOP;
1925 }
1926
1927 MEM(redundant_ctx = talloc_zero(unlang_interpret_frame_talloc_ctx(request), sql_redundant_ctx_t));
1928 *redundant_ctx = (sql_redundant_ctx_t) {
1929 .inst = inst,
1930 .request = request,
1931 .trunk = thread->trunk,
1932 .call_env = call_env,
1933 .query_no = 0
1934 };
1935 talloc_set_destructor(redundant_ctx, sql_redundant_ctx_free);
1936
1937 sql_set_user(inst, request, &call_env->user);
1938
1939 fr_value_box_list_init(&redundant_ctx->query);
1940
1941 return unlang_module_yield_to_tmpl(request, &redundant_ctx->query, request, *call_env->query,
1942 NULL, mod_sql_redundant_resume, NULL, 0, redundant_ctx);
1943}
1944
1945static int logfile_call_env_parse(TALLOC_CTX *ctx, call_env_parsed_head_t *out, tmpl_rules_t const *t_rules,
1946 CONF_ITEM *ci,
1947 call_env_ctx_t const *cec, UNUSED call_env_parser_t const *rule)
1948{
1949 CONF_SECTION const *subcs = NULL, *subsubcs = NULL;
1950 CONF_PAIR const *to_parse = NULL;
1951 tmpl_t *parsed_tmpl;
1952 call_env_parsed_t *parsed_env;
1953 tmpl_rules_t our_rules;
1954 char *section2, *p;
1955
1956 fr_assert(cec->type == CALL_ENV_CTX_TYPE_MODULE);
1957
1958 /*
1959 * The call env subsection which calls this has CF_IDENT_ANY as its name
1960 * which results in finding the first child section of the module config.
1961 * We actually want the whole module config - so go to the parent.
1962 */
1963 ci = cf_parent(ci);
1964
1965 /*
1966 * Find the instance of "logfile" to parse
1967 *
1968 * If the module call is from `accounting Start` then first is
1969 * <module> { accounting { start { logfile } } }
1970 * then
1971 * <module> { accounting { logfile } }
1972 * falling back to
1973 * <module> { logfile }
1974 */
1975 subcs = cf_section_find(cf_item_to_section(ci), cec->asked->name1, CF_IDENT_ANY);
1976 if (subcs) {
1977 if (cec->asked->name2) {
1978 section2 = talloc_strdup(NULL, cec->asked->name2);
1979 p = section2;
1980 while (*p != '\0') {
1981 *(p) = tolower((uint8_t)*p);
1982 p++;
1983 }
1984 subsubcs = cf_section_find(subcs, section2, CF_IDENT_ANY);
1985 talloc_free(section2);
1986 if (subsubcs) to_parse = cf_pair_find(subsubcs, "logfile");
1987 }
1988 if (!to_parse) to_parse = cf_pair_find(subcs, "logfile");
1989 }
1990
1991 if (!to_parse) to_parse = cf_pair_find(cf_item_to_section(ci), "logfile");
1992
1993 if (!to_parse) return 0;
1994
1995 /*
1996 * Use filename safety escape functions
1997 */
1998 our_rules = *t_rules;
1999 our_rules.escape.box_escape = (fr_value_box_escape_t) {
2000 .func = rad_filename_box_make_safe,
2001 .safe_for = (fr_value_box_safe_for_t)rad_filename_box_make_safe,
2002 .always_escape = false,
2003 };
2004 our_rules.escape.mode = TMPL_ESCAPE_PRE_CONCAT;
2005 our_rules.literals_safe_for = our_rules.escape.box_escape.safe_for;
2006
2007 MEM(parsed_env = call_env_parsed_add(ctx, out,
2008 &(call_env_parser_t){ FR_CALL_ENV_OFFSET("logfile", FR_TYPE_STRING, CALL_ENV_FLAG_CONCAT, sql_redundant_call_env_t, filename)}));
2009
2010 if (tmpl_afrom_substr(parsed_env, &parsed_tmpl,
2011 &FR_SBUFF_IN(cf_pair_value(to_parse), talloc_strlen(cf_pair_value(to_parse))),
2012 cf_pair_value_quote(to_parse), value_parse_rules_quoted[cf_pair_value_quote(to_parse)],
2013 &our_rules) < 0) {
2014 error:
2015 call_env_parsed_free(out, parsed_env);
2016 return -1;
2017 }
2018 if (tmpl_needs_resolving(parsed_tmpl) &&
2019 (tmpl_resolve(parsed_tmpl, &(tmpl_res_rules_t){ .dict_def = our_rules.attr.dict_def }) < 0)) goto error;
2020
2021 call_env_parsed_set_tmpl(parsed_env, parsed_tmpl);
2022
2023 return 0;
2024}
2025
2026static int query_call_env_parse(TALLOC_CTX *ctx, call_env_parsed_head_t *out, tmpl_rules_t const *t_rules,
2027 CONF_ITEM *ci,
2028 call_env_ctx_t const *cec, UNUSED call_env_parser_t const *rule)
2029{
2030 rlm_sql_t const *inst = talloc_get_type_abort_const(cec->mi->data, rlm_sql_t);
2031 CONF_SECTION const *subcs = NULL;
2032 CONF_PAIR const *to_parse = NULL;
2033 tmpl_t *parsed_tmpl;
2034 call_env_parsed_t *parsed_env;
2035 tmpl_rules_t our_rules;
2036 char *section2, *p;
2037 ssize_t count, slen, multi_index = 0;
2038
2039 fr_assert(cec->type == CALL_ENV_CTX_TYPE_MODULE);
2040
2041 /*
2042 * Find the instance(s) of "query" to parse
2043 *
2044 * If the module call is from `accounting Start` then it should be
2045 * <module> { accounting { start { query } } }
2046 */
2047 section2 = talloc_strdup(NULL, section_name_str(cec->asked->name2));
2048 p = section2;
2049 while (*p != '\0') {
2050 *(p) = tolower((uint8_t)*p);
2051 p++;
2052 }
2053 subcs = cf_section_find(cf_item_to_section(ci), section2, CF_IDENT_ANY);
2054 if (!subcs) {
2055 no_query:
2056 cf_log_warn(ci, "No query found for \"%s.%s\", this query will be disabled",
2057 section_name_str(cec->asked->name1), section2);
2058 talloc_free(section2);
2059 return 0;
2060 }
2061 count = cf_pair_count(subcs, "query");
2062 if (count == 0) goto no_query;
2063
2064 talloc_free(section2);
2065
2066 /*
2067 * Use module specific escape functions
2068 */
2069 our_rules = *t_rules;
2070 our_rules.escape = (tmpl_escape_t) {
2071 .box_escape = (fr_value_box_escape_t) {
2072 .func = sql_box_escape,
2073 .safe_for = SQL_SAFE_FOR,
2074 .always_escape = false,
2075 },
2076 .uctx = { .func = { .uctx = inst, .alloc = sql_escape_uctx_alloc }, .type = TMPL_ESCAPE_UCTX_ALLOC_FUNC },
2077 .mode = TMPL_ESCAPE_PRE_CONCAT,
2078 };
2079 our_rules.literals_safe_for = our_rules.escape.box_escape.safe_for;
2080
2081 while ((to_parse = cf_pair_find_next(subcs, to_parse, "query"))) {
2082 MEM(parsed_env = call_env_parsed_add(ctx, out,
2083 &(call_env_parser_t){
2084 FR_CALL_ENV_PARSE_ONLY_OFFSET("query", FR_TYPE_STRING, CALL_ENV_FLAG_CONCAT | CALL_ENV_FLAG_MULTI,
2085 sql_redundant_call_env_t, query)
2086 }));
2087
2088 slen = tmpl_afrom_substr(parsed_env, &parsed_tmpl,
2089 &FR_SBUFF_IN(cf_pair_value(to_parse), talloc_strlen(cf_pair_value(to_parse))),
2090 cf_pair_value_quote(to_parse), value_parse_rules_quoted[cf_pair_value_quote(to_parse)],
2091 &our_rules);
2092 if (slen <= 0) {
2093 cf_canonicalize_error(to_parse, slen, "Failed parsing query", cf_pair_value(to_parse));
2094 error:
2095 call_env_parsed_free(out, parsed_env);
2096 return -1;
2097 }
2098 if (tmpl_needs_resolving(parsed_tmpl) &&
2099 (tmpl_resolve(parsed_tmpl, &(tmpl_res_rules_t){ .dict_def = our_rules.attr.dict_def }) < 0)) {
2100 cf_log_perr(to_parse, "Failed resolving query");
2101 goto error;
2102 }
2103
2104 call_env_parsed_set_multi_index(parsed_env, count, multi_index++);
2105 call_env_parsed_set_data(parsed_env, parsed_tmpl);
2106 }
2107
2108 return 0;
2109}
2110
2111static int mod_detach(module_detach_ctx_t const *mctx)
2112{
2113 rlm_sql_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_sql_t);
2114
2115 /*
2116 * We need to explicitly free all children, so if the driver
2117 * parented any memory off the instance, their destructors
2118 * run before we unload the bytecode for them.
2119 *
2120 * If we don't do this, we get a SEGV deep inside the talloc code
2121 * when it tries to call a destructor that no longer exists.
2122 */
2123 talloc_free_children(inst);
2124
2125 return 0;
2126}
2127
2128static int mod_instantiate(module_inst_ctx_t const *mctx)
2129{
2130 rlm_sql_boot_t const *boot = talloc_get_type_abort(mctx->mi->boot, rlm_sql_boot_t);
2131 rlm_sql_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_sql_t);
2132 CONF_SECTION *conf = mctx->mi->conf;
2133
2134 /*
2135 * We can't modify the inst field in bootstrap, and there's no
2136 * point in making rlm_sql_boot_t available everywhere.
2137 */
2138 inst->group_da = boot->group_da;
2139 inst->query_number_da = boot->query_number_da;
2140
2141 inst->name = mctx->mi->name; /* Need this for functions in sql.c */
2142 inst->mi = mctx->mi; /* For looking up thread instance data */
2143
2144 /*
2145 * We need authorize_group_check_query or authorize_group_reply_query
2146 * if group_membership_query is set.
2147 *
2148 * Or we need group_membership_query if authorize_group_check_query or
2149 * authorize_group_reply_query is set.
2150 */
2151 if (!cf_pair_find(conf, "group_membership_query")) {
2152 if (cf_pair_find(conf, "authorize_group_check_query")) {
2153 WARN("Ignoring authorize_group_check_query as group_membership_query is not configured");
2154 }
2155
2156 if (cf_pair_find(conf, "authorize_group_reply_query")) {
2157 WARN("Ignoring authorize_group_reply_query as group_membership_query is not configured");
2158 }
2159
2160 if (!inst->config.read_groups) {
2161 WARN("Ignoring read_groups as group_membership_query is not configured");
2162 inst->config.read_groups = false;
2163 }
2164 } /* allow the group check / reply queries to be NULL */
2165
2166 /*
2167 * Cache the SQL-User-Name fr_dict_attr_t, so we can be slightly
2168 * more efficient about creating SQL-User-Name attributes.
2169 */
2170 inst->sql_user = attr_sql_user_name;
2171
2172 /*
2173 * Export these methods, too. This avoids RTDL_GLOBAL.
2174 */
2175 inst->query = rlm_sql_trunk_query;
2176 inst->select = rlm_sql_trunk_query;
2177 inst->fetch_row = rlm_sql_fetch_row;
2178 inst->query_alloc = fr_sql_query_alloc;
2179
2180 /*
2181 * Either use the module specific escape function
2182 * or our default one.
2183 */
2184 if (inst->driver->sql_escape_func) {
2185 inst->sql_escape_func = inst->driver->sql_escape_func;
2186 } else {
2187 inst->sql_escape_func = sql_escape_func;
2188 inst->sql_escape_arg = inst;
2189 }
2190 inst->box_escape = (fr_value_box_escape_t) {
2191 .func = sql_box_escape,
2192 .safe_for = SQL_SAFE_FOR,
2193 .always_escape = false,
2194 };
2195
2196 inst->ef = module_rlm_exfile_init(inst, conf, 256, fr_time_delta_from_sec(30), true, false, NULL, NULL);
2197 if (!inst->ef) {
2198 cf_log_err(conf, "Failed creating log file context");
2199 return -1;
2200 }
2201
2202 /*
2203 * Most SQL trunks can only have one running request per connection.
2204 */
2205 if (!(inst->driver->flags & RLM_SQL_MULTI_QUERY_CONN)) {
2206 inst->config.trunk_conf.target_req_per_conn = 1;
2207 inst->config.trunk_conf.max_req_per_conn = 1;
2208 }
2209 if (!inst->driver->trunk_io_funcs.connection_notify) {
2210 inst->config.trunk_conf.always_writable = true;
2211 }
2212
2213 /*
2214 * Instantiate the driver module
2215 */
2216 if (unlikely(module_instantiate(inst->driver_submodule) < 0)) {
2217 cf_log_err(conf, "Failed instantiating driver module");
2218 return -1;
2219 }
2220
2221 if (!inst->config.trunk_conf.conn_triggers) return 0;
2222
2223 MEM(inst->trigger_args = fr_pair_list_alloc(inst));
2224 return module_trigger_args_build(inst->trigger_args, inst->trigger_args, cf_section_find(conf, "pool", NULL),
2225 &(module_trigger_args_t) {
2226 .module = inst->mi->module->name,
2227 .name = inst->name,
2228 .server = inst->config.sql_server,
2229 .port = inst->config.sql_port
2230 });
2231}
2232
2233static int mod_bootstrap(module_inst_ctx_t const *mctx)
2234{
2235 rlm_sql_boot_t *boot = talloc_get_type_abort(mctx->mi->boot, rlm_sql_boot_t);
2236 rlm_sql_t const *inst = talloc_get_type_abort(mctx->mi->data, rlm_sql_t);
2237 CONF_SECTION *conf = mctx->mi->conf;
2238 xlat_t *xlat;
2239 xlat_arg_parser_t *sql_xlat_arg;
2240 rlm_sql_escape_uctx_t *uctx;
2241
2242 /*
2243 * Register the group comparison attribute
2244 */
2245 if (cf_pair_find(conf, "group_membership_query")) {
2246 char const *group_attribute;
2247 char buffer[256];
2248
2249 if (inst->config.group_attribute) {
2250 group_attribute = inst->config.group_attribute;
2251 } else if (cf_section_name2(conf)) {
2252 snprintf(buffer, sizeof(buffer), "%s-SQL-Group", mctx->mi->name);
2253 group_attribute = buffer;
2254 } else {
2255 group_attribute = "SQL-Group";
2256 }
2257
2258 boot->group_da = fr_dict_attr_by_name(NULL, fr_dict_root(dict_freeradius), group_attribute);
2259 if (!boot->group_da) {
2260 if (fr_dict_attr_add_name_only(fr_dict_unconst(dict_freeradius), fr_dict_root(dict_freeradius), group_attribute, FR_TYPE_STRING, NULL) < 0) {
2261 cf_log_perr(conf, "Failed defining group attribute");
2262 return -1;
2263 }
2264
2265 boot->group_da = fr_dict_attr_search_by_qualified_oid(NULL, dict_freeradius, group_attribute,
2266 false, false);
2267 if (!boot->group_da) {
2268 cf_log_perr(conf, "Failed resolving group attribute");
2269 return -1;
2270 }
2271 }
2272
2273 /*
2274 * Define the new %sql.group(name) xlat. The
2275 * register function automatically adds the
2276 * module instance name as a prefix.
2277 */
2278 xlat = module_rlm_xlat_register(boot, mctx, "group", sql_group_xlat, FR_TYPE_BOOL);
2279 if (!xlat) {
2280 cf_log_perr(conf, "Failed registering %s expansion", group_attribute);
2281 return -1;
2282 }
2283 xlat_func_call_env_set(xlat, &group_xlat_method_env);
2284
2285 /*
2286 * The xlat escape function needs access to inst - so
2287 * argument parser details need to be defined here
2288 */
2289 sql_xlat_arg = talloc_zero_array(xlat, xlat_arg_parser_t, 2);
2290 sql_xlat_arg[0] = (xlat_arg_parser_t){
2291 .type = FR_TYPE_STRING,
2292 .required = true,
2293 .concat = true
2294 };
2295 sql_xlat_arg[1] = (xlat_arg_parser_t)XLAT_ARG_PARSER_TERMINATOR;
2296
2297 xlat_func_args_set(xlat, sql_xlat_arg);
2298 }
2299
2300 /*
2301 * If we need to record which query from a redundant set succeeds, find / create the attribute to use.
2302 */
2303 if (inst->config.query_number_attribute) {
2304 boot->query_number_da = fr_dict_attr_by_name(NULL, fr_dict_root(dict_freeradius),
2305 inst->config.query_number_attribute);
2306 if (!boot->query_number_da) {
2307 if (fr_dict_attr_add_name_only(fr_dict_unconst(dict_freeradius), fr_dict_root(dict_freeradius),
2308 inst->config.query_number_attribute, FR_TYPE_UINT32, NULL) < 0) {
2309 ERROR("Failed defining query number attribute \"%s\"", inst->config.query_number_attribute);
2310 return -1;
2311 }
2312
2313 boot->query_number_da = fr_dict_attr_search_by_qualified_oid(NULL, dict_freeradius,
2314 inst->config.query_number_attribute,
2315 false, false);
2316 if (!boot->query_number_da) {
2317 ERROR("Failed resolving query number attribute \"%s\"", inst->config.query_number_attribute);
2318 return -1;
2319 }
2320 } else {
2321 if (boot->query_number_da->type != FR_TYPE_UINT32) {
2322 ERROR("Query number attribute \"%s\" is type \"%s\", needs to be uint32",
2323 inst->config.query_number_attribute, fr_type_to_str(boot->query_number_da->type));
2324 return -1;
2325 }
2326 }
2327 }
2328
2329 /*
2330 * Register the SQL xlat function
2331 */
2332 xlat = module_rlm_xlat_register(boot, mctx, NULL, sql_xlat, FR_TYPE_VOID); /* Returns an integer sometimes */
2333 if (!xlat) {
2334 cf_log_perr(conf, "Failed registering %s expansion", mctx->mi->name);
2335 return -1;
2336 }
2337 xlat_func_call_env_set(xlat, &xlat_method_env);
2338
2339 /*
2340 * The xlat escape function needs access to inst - so
2341 * argument parser details need to be defined here.
2342 * Parented off the module instance "boot" so it can be shared
2343 * between three xlats.
2344 */
2345 MEM(sql_xlat_arg = talloc_zero_array(boot, xlat_arg_parser_t, 2));
2346 MEM(uctx = talloc_zero(sql_xlat_arg, rlm_sql_escape_uctx_t));
2347 *uctx = (rlm_sql_escape_uctx_t){ .sql = inst };
2348 sql_xlat_arg[0] = (xlat_arg_parser_t){
2349 .type = FR_TYPE_STRING,
2350 .required = true,
2351 .concat = true,
2352 .func = sql_xlat_escape,
2353 .safe_for = SQL_SAFE_FOR,
2354 .uctx = uctx
2355 };
2356 sql_xlat_arg[1] = (xlat_arg_parser_t)XLAT_ARG_PARSER_TERMINATOR;
2357
2358 xlat_func_args_set(xlat, sql_xlat_arg);
2359
2360 /*
2361 * Register instances of the SQL xlat with pre-determined output types
2362 */
2363 if (unlikely(!(xlat = module_rlm_xlat_register(boot, mctx, "fetch", sql_fetch_xlat, FR_TYPE_VOID)))) return -1;
2364 xlat_func_call_env_set(xlat, &xlat_method_env);
2365 xlat_func_args_set(xlat, sql_xlat_arg);
2366
2367 if (unlikely(!(xlat = module_rlm_xlat_register(boot, mctx, "modify", sql_modify_xlat, FR_TYPE_UINT32)))) return -1;
2368 xlat_func_call_env_set(xlat, &xlat_method_env);
2369 xlat_func_args_set(xlat, sql_xlat_arg);
2370
2371 if (unlikely(!(xlat = module_rlm_xlat_register(boot, mctx, "escape", sql_escape_xlat, FR_TYPE_STRING)))) return -1;
2372 sql_xlat_arg = talloc_zero_array(xlat, xlat_arg_parser_t, 2);
2373 sql_xlat_arg[0] = (xlat_arg_parser_t){
2374 .type = FR_TYPE_STRING,
2375 .variadic = true,
2376 .concat = true,
2377 };
2378 sql_xlat_arg[1] = (xlat_arg_parser_t)XLAT_ARG_PARSER_TERMINATOR;
2379 xlat_func_args_set(xlat, sql_xlat_arg);
2380 xlat_func_flags_set(xlat, XLAT_FUNC_FLAG_PURE);
2381 xlat_func_safe_for_set(xlat, SQL_SAFE_FOR);
2382
2383 if (unlikely(!(xlat = module_rlm_xlat_register(boot, mctx, "safe", xlat_transparent, FR_TYPE_STRING)))) return -1;
2384 sql_xlat_arg = talloc_zero_array(xlat, xlat_arg_parser_t, 2);
2385 sql_xlat_arg[0] = (xlat_arg_parser_t){
2386 .type = FR_TYPE_STRING,
2387 .variadic = true,
2388 .concat = true
2389 };
2390 sql_xlat_arg[1] = (xlat_arg_parser_t)XLAT_ARG_PARSER_TERMINATOR;
2391 xlat_func_args_set(xlat, sql_xlat_arg);
2392 xlat_func_flags_set(xlat, XLAT_FUNC_FLAG_PURE);
2393 xlat_func_safe_for_set(xlat, SQL_SAFE_FOR);
2394
2395 /*
2396 * Register the SQL map processor function
2397 */
2398 if (inst->driver->sql_fields) map_proc_register(mctx->mi->boot, inst, mctx->mi->name, mod_map_proc, sql_map_verify, 0, SQL_SAFE_FOR);
2399
2400 return 0;
2401}
2402
2403/** Initialise thread specific data structure
2404 *
2405 */
2406static int mod_thread_instantiate(module_thread_inst_ctx_t const *mctx)
2407{
2408 rlm_sql_thread_t *thread = talloc_get_type_abort(mctx->thread, rlm_sql_thread_t);
2409 rlm_sql_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_sql_t);
2410
2411 if (inst->driver->sql_escape_arg_alloc) {
2412 thread->sql_escape_arg = inst->driver->sql_escape_arg_alloc(thread, mctx->el, inst);
2413 if (!thread->sql_escape_arg) return -1;
2414 }
2415
2416 thread->inst = inst;
2417
2418 thread->trunk = trunk_alloc(thread, mctx->el, &inst->driver->trunk_io_funcs,
2419 &inst->config.trunk_conf, inst->name, thread, false, inst->trigger_args);
2420 if (!thread->trunk) return -1;
2421
2422 return 0;
2423}
2424
2425static int mod_thread_detach(module_thread_inst_ctx_t const *mctx)
2426{
2427 rlm_sql_thread_t *thread = talloc_get_type_abort(mctx->thread, rlm_sql_thread_t);
2428 rlm_sql_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_sql_t);
2429
2430 if (inst->driver->sql_escape_arg_free) inst->driver->sql_escape_arg_free(thread->sql_escape_arg);
2431
2432 return 0;
2433}
2434
2435/** Custom parser for sql call env queries
2436 *
2437 * Needed as the escape function needs to reference the correct SQL driver
2438 */
2439static int sql_call_env_parse(TALLOC_CTX *ctx, void *out, tmpl_rules_t const *t_rules, CONF_ITEM *ci,
2440 call_env_ctx_t const *cec, UNUSED call_env_parser_t const *rule)
2441{
2442 rlm_sql_t const *inst = talloc_get_type_abort_const(cec->mi->data, rlm_sql_t);
2443 tmpl_t *parsed_tmpl;
2444 CONF_PAIR const *to_parse = cf_item_to_pair(ci);
2445 tmpl_rules_t our_rules = *t_rules;
2446
2447 /*
2448 * Set the sql module instance data as the uctx for escaping
2449 * and use the same "safe_for" as the sql module.
2450 */
2451 our_rules.escape.box_escape = (fr_value_box_escape_t) {
2452 .func = sql_box_escape,
2453 .safe_for = SQL_SAFE_FOR,
2454 .always_escape = false,
2455 };
2456 our_rules.escape.uctx.func.uctx = inst;
2457 our_rules.literals_safe_for = SQL_SAFE_FOR;
2458
2459 if (tmpl_afrom_substr(ctx, &parsed_tmpl,
2460 &FR_SBUFF_IN(cf_pair_value(to_parse), talloc_strlen(cf_pair_value(to_parse))),
2461 cf_pair_value_quote(to_parse), value_parse_rules_quoted[cf_pair_value_quote(to_parse)],
2462 &our_rules) < 0) return -1;
2463 *(void **)out = parsed_tmpl;
2464 return 0;
2465}
2466
2467#define QUERY_ESCAPE .pair.escape = { \
2468 .mode = TMPL_ESCAPE_PRE_CONCAT, \
2469 .uctx = { .func = { .alloc = sql_escape_uctx_alloc }, .type = TMPL_ESCAPE_UCTX_ALLOC_FUNC }, \
2470}, .pair.func = sql_call_env_parse
2471
2484
2485/* globally exported name */
2486module_rlm_t rlm_sql = {
2487 .common = {
2488 .magic = MODULE_MAGIC_INIT,
2489 .name = "sql",
2490 .boot_size = sizeof(rlm_sql_boot_t),
2491 .boot_type = "rlm_sql_boot_t",
2492 .inst_size = sizeof(rlm_sql_t),
2493 .config = module_config,
2494 .bootstrap = mod_bootstrap,
2495 .instantiate = mod_instantiate,
2496 .detach = mod_detach,
2497 .thread_inst_size = sizeof(rlm_sql_thread_t),
2498 .thread_instantiate = mod_thread_instantiate,
2499 .thread_detach = mod_thread_detach,
2500 },
2501 .method_group = {
2502 .bindings = (module_method_binding_t[]){
2503 /*
2504 * Hack to support old configurations
2505 */
2506 { .section = SECTION_NAME("accounting", CF_IDENT_ANY), .method = mod_sql_redundant, .method_env = &accounting_method_env },
2507 { .section = SECTION_NAME("authorize", CF_IDENT_ANY), .method = mod_authorize, .method_env = &authorize_method_env },
2508
2509 { .section = SECTION_NAME("recv", CF_IDENT_ANY), .method = mod_authorize, .method_env = &authorize_method_env },
2510 { .section = SECTION_NAME("send", CF_IDENT_ANY), .method = mod_sql_redundant, .method_env = &send_method_env },
2511 MODULE_BINDING_TERMINATOR
2512 }
2513 }
2514};
unlang_action_t
unlang_action_t
Returned by unlang_op_t calls, determine the next action of the interpreter.
Definition action.h:35
UNLANG_ACTION_PUSHED_CHILD
@ UNLANG_ACTION_PUSHED_CHILD
unlang_t pushed a new child onto the stack, execute it instead of continuing.
Definition action.h:39
UNLANG_ACTION_FAIL
@ UNLANG_ACTION_FAIL
Encountered an unexpected error.
Definition action.h:36
UNLANG_ACTION_CALCULATE_RESULT
@ UNLANG_ACTION_CALCULATE_RESULT
Calculate a new section rlm_rcode_t value.
Definition action.h:37
UNLANG_ACTION_YIELD
@ UNLANG_ACTION_YIELD
Temporarily pause execution until an event occurs.
Definition action.h:41
buffer
static int const char char buffer[256]
Definition acutest.h:576
fr_atexit_thread_local
#define fr_atexit_thread_local(_name, _free, _uctx)
Definition atexit.h:220
RCSID
#define RCSID(id)
Definition build.h:506
FALL_THROUGH
#define FALL_THROUGH
clang 10 doesn't recognised the FALL-THROUGH comment anymore
Definition build.h:343
unlikely
#define unlikely(_x)
Definition build.h:402
UNUSED
#define UNUSED
Definition build.h:336
call_env_parsed_free
void call_env_parsed_free(call_env_parsed_head_t *parsed, call_env_parsed_t *ptr)
Remove a call_env_parsed_t from the list of parsed call envs.
Definition call_env.c:777
call_env_parsed_add
call_env_parsed_t * call_env_parsed_add(TALLOC_CTX *ctx, call_env_parsed_head_t *head, call_env_parser_t const *rule)
Allocate a new call_env_parsed_t structure and add it to the list of parsed call envs.
Definition call_env.c:690
call_env_parsed_set_multi_index
void call_env_parsed_set_multi_index(call_env_parsed_t *parsed, size_t count, size_t index)
Assign a count and index to a call_env_parsed_t.
Definition call_env.c:762
call_env_parsed_set_data
void call_env_parsed_set_data(call_env_parsed_t *parsed, void const *data)
Assign data to a call_env_parsed_t.
Definition call_env.c:747
call_env_parsed_set_tmpl
void call_env_parsed_set_tmpl(call_env_parsed_t *parsed, tmpl_t const *tmpl)
Assign a tmpl to a call_env_parsed_t.
Definition call_env.c:719
call_env_parsed_s
Definition call_env.c:38
CALL_ENV_TERMINATOR
#define CALL_ENV_TERMINATOR
Definition call_env.h:236
call_env_ctx_s::type
call_env_ctx_type_t type
Type of callenv ctx.
Definition call_env.h:227
CALL_ENV_CTX_TYPE_MODULE
@ CALL_ENV_CTX_TYPE_MODULE
The callenv is registered to a module method.
Definition call_env.h:222
FR_CALL_ENV_METHOD_OUT
#define FR_CALL_ENV_METHOD_OUT(_inst)
Helper macro for populating the size/type fields of a call_env_method_t from the output structure typ...
Definition call_env.h:240
call_env_method_s::env
call_env_parser_t const * env
Parsing rules for call method env.
Definition call_env.h:247
call_env_ctx_s::asked
section_name_t const * asked
The actual name1/name2 that resolved to a module_method_binding_t.
Definition call_env.h:232
CALL_ENV_FLAG_CONCAT
@ CALL_ENV_FLAG_CONCAT
If the tmpl produced multiple boxes they should be concatenated.
Definition call_env.h:76
CALL_ENV_FLAG_SUBSECTION
@ CALL_ENV_FLAG_SUBSECTION
This is a subsection.
Definition call_env.h:87
CALL_ENV_FLAG_PARSE_ONLY
@ CALL_ENV_FLAG_PARSE_ONLY
The result of parsing will not be evaluated at runtime.
Definition call_env.h:85
CALL_ENV_FLAG_MULTI
@ CALL_ENV_FLAG_MULTI
Multiple instances of the conf pairs are allowed.
Definition call_env.h:78
CALL_ENV_FLAG_NULLABLE
@ CALL_ENV_FLAG_NULLABLE
Tmpl expansions are allowed to produce no output.
Definition call_env.h:80
call_env_ctx_s::mi
module_instance_t const * mi
Module instance that the callenv is registered to.
Definition call_env.h:229
FR_CALL_ENV_SUBSECTION_FUNC
#define FR_CALL_ENV_SUBSECTION_FUNC(_name, _name2, _flags, _func)
Specify a call_env_parser_t which parses a subsection using a callback function.
Definition call_env.h:412
FR_CALL_ENV_OFFSET
#define FR_CALL_ENV_OFFSET(_name, _cast_type, _flags, _struct, _field)
Specify a call_env_parser_t which writes out runtime results to the specified field.
Definition call_env.h:340
FR_CALL_ENV_PARSE_ONLY_OFFSET
#define FR_CALL_ENV_PARSE_ONLY_OFFSET(_name, _cast_type, _flags, _struct, _parse_field)
Specify a call_env_parser_t which writes out the result of the parsing phase to the field specified.
Definition call_env.h:389
call_env_ctx_s
Definition call_env.h:226
call_env_method_s
Definition call_env.h:244
call_env_parser_s
Per method call config.
Definition call_env.h:180
CONF_PARSER_TERMINATOR
#define CONF_PARSER_TERMINATOR
Definition cf_parse.h:657
conf_parser_s::func
cf_parse_t func
Override default parsing behaviour for the specified type with a custom parsing function.
Definition cf_parse.h:611
FR_CONF_OFFSET
#define FR_CONF_OFFSET(_name, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition cf_parse.h:280
FR_CONF_OFFSET_FLAGS
#define FR_CONF_OFFSET_FLAGS(_name, _flags, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition cf_parse.h:268
FR_CONF_OFFSET_SUBSECTION
#define FR_CONF_OFFSET_SUBSECTION(_name, _flags, _struct, _field, _subcs)
conf_parser_t which populates a sub-struct using a CONF_SECTION
Definition cf_parse.h:309
CONF_FLAG_SECRET
@ CONF_FLAG_SECRET
Only print value if debug level >= 3.
Definition cf_parse.h:433
CONF_FLAG_HIDDEN
@ CONF_FLAG_HIDDEN
Used by scripts to omit items from the generated documentation.
Definition cf_parse.h:455
FR_CONF_OFFSET_TYPE_FLAGS
#define FR_CONF_OFFSET_TYPE_FLAGS(_name, _type, _flags, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition cf_parse.h:238
conf_parser_s
Defines a CONF_PAIR to C data type mapping.
Definition cf_parse.h:594
cf_item
Common header for all CONF_* types.
Definition cf_priv.h:49
cf_pair
Configuration AVP similar to a fr_pair_t.
Definition cf_priv.h:72
cf_section
A section grouping multiple CONF_PAIR.
Definition cf_priv.h:101
cf_pair_find_next
CONF_PAIR * cf_pair_find_next(CONF_SECTION const *cs, CONF_PAIR const *prev, char const *attr)
Find a pair with a name matching attr, after specified pair.
Definition cf_util.c:1433
cf_pair_count
unsigned int cf_pair_count(CONF_SECTION const *cs, char const *attr)
Count the number of times an attribute occurs in a parent section.
Definition cf_util.c:1500
cf_section_name2
char const * cf_section_name2(CONF_SECTION const *cs)
Return the second identifier of a CONF_SECTION.
Definition cf_util.c:1184
cf_section_find
CONF_SECTION * cf_section_find(CONF_SECTION const *cs, char const *name1, char const *name2)
Find a CONF_SECTION with name1 and optionally name2.
Definition cf_util.c:1027
cf_item_to_section
CONF_SECTION * cf_item_to_section(CONF_ITEM const *ci)
Cast a CONF_ITEM to a CONF_SECTION.
Definition cf_util.c:683
cf_pair_find
CONF_PAIR * cf_pair_find(CONF_SECTION const *cs, char const *attr)
Search for a CONF_PAIR with a specific name.
Definition cf_util.c:1419
cf_pair_value_quote
fr_token_t cf_pair_value_quote(CONF_PAIR const *pair)
Return the value (rhs) quoting of a pair.
Definition cf_util.c:1618
cf_item_to_pair
CONF_PAIR * cf_item_to_pair(CONF_ITEM const *ci)
Cast a CONF_ITEM to a CONF_PAIR.
Definition cf_util.c:663
cf_pair_value
char const * cf_pair_value(CONF_PAIR const *pair)
Return the value of a CONF_PAIR.
Definition cf_util.c:1574
cf_log_err
#define cf_log_err(_cf, _fmt,...)
Definition cf_util.h:285
cf_parent
#define cf_parent(_cf)
Definition cf_util.h:98
cf_canonicalize_error
#define cf_canonicalize_error(_ci, _slen, _msg, _str)
Definition cf_util.h:363
cf_log_perr
#define cf_log_perr(_cf, _fmt,...)
Definition cf_util.h:292
cf_log_warn
#define cf_log_warn(_cf, _fmt,...)
Definition cf_util.h:286
CF_IDENT_ANY
#define CF_IDENT_ANY
Definition cf_util.h:75
fr_dcursor_append
static int fr_dcursor_append(fr_dcursor_t *cursor, void *v)
Insert a single item at the end of the list.
Definition dcursor.h:406
fr_dcursor_s
Definition dcursor.h:91
fr_assert_msg
#define fr_assert_msg(_x, _msg,...)
Calls panic_action ifndef NDEBUG, else logs error and causes the server to exit immediately with code...
Definition debug.h:212
MEM
#define MEM(x)
Definition debug.h:46
ERROR
#define ERROR(fmt,...)
Definition dhcpclient.c:40
fr_dict_attr_search_by_qualified_oid
fr_dict_attr_t const * fr_dict_attr_search_by_qualified_oid(fr_dict_attr_err_t *err, fr_dict_t const *dict_def, char const *attr, bool internal, bool foreign))
Locate a qualified fr_dict_attr_t by its name and a dictionary qualifier.
Definition dict_util.c:3346
fr_dict_attr_add_name_only
int fr_dict_attr_add_name_only(fr_dict_t *dict, fr_dict_attr_t const *parent, char const *name, fr_type_t type, fr_dict_attr_flags_t const *flags))
Add an attribute to the dictionary.
Definition dict_util.c:2006
fr_dict_unconst
fr_dict_t * fr_dict_unconst(fr_dict_t const *dict)
Coerce to non-const.
Definition dict_util.c:4903
fr_dict_attr_by_name
fr_dict_attr_t const * fr_dict_attr_by_name(fr_dict_attr_err_t *err, fr_dict_attr_t const *parent, char const *attr))
Locate a fr_dict_attr_t by its name.
Definition dict_util.c:3528
fr_dict_root
fr_dict_attr_t const * fr_dict_root(fr_dict_t const *dict)
Return the root attribute of a dictionary.
Definition dict_util.c:2665
fr_dict_attr_autoload_t::out
fr_dict_attr_t const ** out
Where to write a pointer to the resolved fr_dict_attr_t.
Definition dict.h:292
fr_dict_autoload_t::out
fr_dict_t const ** out
Where to write a pointer to the loaded/resolved fr_dict_t.
Definition dict.h:305
fr_dict_enum_name_by_value
char const * fr_dict_enum_name_by_value(fr_dict_attr_t const *da, fr_value_box_t const *value)
Lookup the name of an enum value in a fr_dict_attr_t.
Definition dict_util.c:3688
DICT_AUTOLOAD_TERMINATOR
#define DICT_AUTOLOAD_TERMINATOR
Definition dict.h:311
in
static fr_slen_t in
Definition dict.h:882
fr_dict_attr_autoload_t
Specifies an attribute which must be present for the module to function.
Definition dict.h:291
fr_dict_autoload_t
Specifies a dictionary which must be loaded/loadable for the module to function.
Definition dict.h:304
value
Test enumeration values.
Definition dict_test.h:92
MODULE_MAGIC_INIT
#define MODULE_MAGIC_INIT
Stop people using different module/library/server versions together.
Definition dl_module.h:63
unlang_function_push_with_result
#define unlang_function_push_with_result(_result_p, _request, _func, _repeat, _signal, _sigmask, _top_frame, _uctx)
Push a generic function onto the unlang stack that produces a result.
Definition function.h:144
sql_escape_xlat
static xlat_action_t sql_escape_xlat(UNUSED TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
Escape a value to make it SQL safe.
Definition rlm_sql.c:444
sql_group_xlat
static xlat_action_t sql_group_xlat(UNUSED TALLOC_CTX *ctx, UNUSED fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, UNUSED fr_value_box_list_t *in)
Check if the user is a member of a particular group.
Definition rlm_sql.c:1214
sql_modify_xlat
static xlat_action_t sql_modify_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
Execute an arbitrary SQL query, returning the number of rows affected.
Definition rlm_sql.c:666
sql_fetch_xlat
static xlat_action_t sql_fetch_xlat(UNUSED TALLOC_CTX *ctx, UNUSED fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
Execute an arbitrary SQL query, expecting results to be returned.
Definition rlm_sql.c:632
sql_xlat
static xlat_action_t sql_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
Execute an arbitrary SQL query.
Definition rlm_sql.c:568
talloc_free
talloc_free(hp)
unlang_interpret_result
unlang_result_t * unlang_interpret_result(request_t *request)
Get the last instruction result OR the last frame that was popped.
Definition interpret.c:1581
unlang_interpret_frame_talloc_ctx
TALLOC_CTX * unlang_interpret_frame_talloc_ctx(request_t *request)
Get a talloc_ctx which is valid only for this frame.
Definition interpret.c:1681
UNLANG_SUB_FRAME
#define UNLANG_SUB_FRAME
Definition interpret.h:37
unlang_result_t::rcode
rlm_rcode_t rcode
The current rcode, from executing the instruction or merging the result from a frame.
Definition interpret.h:134
unlang_result_t
Definition interpret.h:133
REXDENT
#define REXDENT()
Exdent (unindent) R* messages by one level.
Definition log.h:455
RWDEBUG
#define RWDEBUG(fmt,...)
Definition log.h:373
RDEBUG_ENABLED3
#define RDEBUG_ENABLED3
True if request debug level 1-3 messages are enabled.
Definition log.h:347
RDEBUG3
#define RDEBUG3(fmt,...)
Definition log.h:355
RWARN
#define RWARN(fmt,...)
Definition log.h:309
RERROR
#define RERROR(fmt,...)
Definition log.h:310
RPERROR
#define RPERROR(fmt,...)
Definition log.h:314
RPEDEBUG
#define RPEDEBUG(fmt,...)
Definition log.h:388
RINDENT
#define RINDENT()
Indent R* messages by one level.
Definition log.h:442
map_to_request
int map_to_request(request_t *request, map_t const *map, radius_map_getvalue_t func, void *ctx)
Convert map_t to fr_pair_t (s) and add them to a request_t.
Definition map.c:1884
rad_filename_box_make_safe
int rad_filename_box_make_safe(fr_value_box_t *vb, UNUSED void *uxtc)
Definition util.c:131
unlang_map_yield
unlang_action_t unlang_map_yield(request_t *request, map_proc_func_t resume, unlang_map_signal_t signal, fr_signal_t sigmask, void *rctx)
Yield a request back to the interpreter from within a module.
Definition map.c:109
map_ctx
static TALLOC_CTX * map_ctx
Definition map_builtin.c:32
map_proc_register
int map_proc_register(TALLOC_CTX *ctx, void const *mod_inst, char const *name, map_proc_func_t evaluate, map_proc_instantiate_t instantiate, size_t inst_size, fr_value_box_safe_for_t literals_safe_for)
Register a map processor.
Definition map_proc.c:124
map_ctx_t::rctx
void * rctx
Resume ctx that a module previously set.
Definition map_proc.h:53
map_ctx_t::moi
void const * moi
Map module instance.
Definition map_proc.h:54
map_ctx_t
Temporary structure to hold arguments for map calls.
Definition map_proc.h:52
FR_TYPE_ETHERNET
@ FR_TYPE_ETHERNET
48 Bit Mac-Address.
Definition merged_model.c:93
FR_TYPE_STRING
@ FR_TYPE_STRING
String of printable characters.
Definition merged_model.c:83
FR_TYPE_UINT32
@ FR_TYPE_UINT32
32 Bit unsigned integer.
Definition merged_model.c:99
FR_TYPE_VOID
@ FR_TYPE_VOID
User data.
Definition merged_model.c:127
FR_TYPE_BOOL
@ FR_TYPE_BOOL
A truth value.
Definition merged_model.c:95
uint32_t
unsigned int uint32_t
Definition merged_model.c:33
ssize_t
long int ssize_t
Definition merged_model.c:24
uint8_t
unsigned char uint8_t
Definition merged_model.c:30
fr_dict_attr_t
Definition merged_model.c:133
fr_dict_t
Definition merged_model.c:198
fr_sbuff_t
Definition merged_model.c:37
fr_value_box_t
Definition merged_model.c:136
request_t
Definition merged_model.c:210
tmpl_t
Definition merged_model.c:225
strncasecmp
int strncasecmp(char *s1, char *s2, int n)
Definition missing.c:35
strcasecmp
int strcasecmp(char *s1, char *s2)
Definition missing.c:65
module_ctx_t::env_data
void * env_data
Per call environment data.
Definition module_ctx.h:44
module_ctx_t::mi
module_instance_t const * mi
Instance of the module being instantiated.
Definition module_ctx.h:42
module_ctx_t::thread
void * thread
Thread specific instance data.
Definition module_ctx.h:43
module_ctx_t::rctx
void * rctx
Resume ctx that a module previously set.
Definition module_ctx.h:45
module_thread_inst_ctx_t::el
fr_event_list_t * el
Event list to register any IO handlers and timers against.
Definition module_ctx.h:68
module_detach_ctx_t::mi
module_instance_t * mi
Module instance to detach.
Definition module_ctx.h:57
module_thread_inst_ctx_t::thread
void * thread
Thread instance data.
Definition module_ctx.h:67
module_thread_inst_ctx_t::mi
module_instance_t const * mi
Instance of the module being instantiated.
Definition module_ctx.h:64
module_inst_ctx_t::mi
module_instance_t * mi
Instance of the module being instantiated.
Definition module_ctx.h:51
module_ctx_t
Temporary structure to hold arguments for module calls.
Definition module_ctx.h:41
module_detach_ctx_t
Temporary structure to hold arguments for detach calls.
Definition module_ctx.h:56
module_inst_ctx_t
Temporary structure to hold arguments for instantiation calls.
Definition module_ctx.h:50
module_thread_inst_ctx_t
Temporary structure to hold arguments for thread_instantiation calls.
Definition module_ctx.h:63
module_rlm_exfile_init
exfile_t * module_rlm_exfile_init(TALLOC_CTX *ctx, CONF_SECTION *module, uint32_t max_entries, fr_time_delta_t max_idle, bool locking, bool triggers, char const *trigger_prefix, fr_pair_list_t *trigger_args)
Initialise a module specific exfile handle.
Definition module_rlm.c:103
module_rlm_xlat_register
xlat_t * module_rlm_xlat_register(TALLOC_CTX *ctx, module_inst_ctx_t const *mctx, char const *name, xlat_func_t func, fr_type_t return_type)
Definition module_rlm.c:247
module_rlm_submodule_parse
int module_rlm_submodule_parse(TALLOC_CTX *ctx, void *out, void *parent, CONF_ITEM *ci, conf_parser_t const *rule)
Generic conf_parser_t func for loading drivers.
Definition module_rlm.c:947
module_rlm_s::common
module_t common
Common fields presented by all modules.
Definition module_rlm.h:39
module_rlm_s
Definition module_rlm.h:38
fr_pair_value_strdup
int fr_pair_value_strdup(fr_pair_t *vp, char const *src, bool tainted)
Copy data into an "string" data type.
Definition pair.c:2663
fr_pair_value_from_str
int fr_pair_value_from_str(fr_pair_t *vp, char const *value, size_t inlen, fr_sbuff_unescape_rules_t const *uerules, UNUSED bool tainted)
Convert string value to native attribute value.
Definition pair.c:2617
fr_pair_find_by_da
fr_pair_t * fr_pair_find_by_da(fr_pair_list_t const *list, fr_pair_t const *prev, fr_dict_attr_t const *da)
Find the first pair with a matching da.
Definition pair.c:707
fr_pair_list_alloc
fr_pair_list_t * fr_pair_list_alloc(TALLOC_CTX *ctx)
Allocate a new pair list on the heap.
Definition pair.c:119
fr_pair_append
int fr_pair_append(fr_pair_list_t *list, fr_pair_t *to_add)
Add a VP to the end of the list.
Definition pair.c:1352
fr_pair_afrom_da
fr_pair_t * fr_pair_afrom_da(TALLOC_CTX *ctx, fr_dict_attr_t const *da)
Dynamically allocate a new attribute and assign a fr_dict_attr_t.
Definition pair.c:290
radius_legacy_map_cmp
int radius_legacy_map_cmp(request_t *request, map_t const *map)
Definition pairmove.c:791
radius_legacy_map_list_apply
int radius_legacy_map_list_apply(request_t *request, map_list_t const *list, fr_edit_list_t *el)
Definition pairmove.c:772
fr_utf8_char
size_t fr_utf8_char(uint8_t const *str, ssize_t inlen)
Checks for utf-8, taken from http://www.w3.org/International/questions/qa-forms-utf-8.
Definition print.c:39
fr_assert
#define fr_assert(_expr)
Definition rad_assert.h:37
pair_update_request
#define pair_update_request(_attr, _da)
Definition radclient-ng.c:59
REDEBUG
#define REDEBUG(fmt,...)
Definition radclient-ng.h:52
RDEBUG2
#define RDEBUG2(fmt,...)
Definition radclient-ng.h:54
WARN
#define WARN(fmt,...)
Definition radclient-ng.h:47
thread_detach
static void thread_detach(UNUSED void *uctx)
Explicitly cleanup module/xlat resources.
Definition radiusd.c:139
thread_instantiate
static int thread_instantiate(TALLOC_CTX *ctx, fr_event_list_t *el, UNUSED void *uctx)
Create module and xlat per-thread instances.
Definition radiusd.c:127
conf
static rs_t * conf
Definition radsniff.c:52
RLM_MODULE_USER_SECTION_REJECT
#define RLM_MODULE_USER_SECTION_REJECT
Rcodes that translate to a user configurable section failing overall.
Definition rcode.h:79
RETURN_UNLANG_INVALID
#define RETURN_UNLANG_INVALID
Definition rcode.h:66
RETURN_UNLANG_RCODE
#define RETURN_UNLANG_RCODE(_rcode)
Definition rcode.h:61
RETURN_UNLANG_NOTFOUND
#define RETURN_UNLANG_NOTFOUND
Definition rcode.h:68
RETURN_UNLANG_FAIL
#define RETURN_UNLANG_FAIL
Definition rcode.h:63
RETURN_UNLANG_OK
#define RETURN_UNLANG_OK
Definition rcode.h:64
rlm_rcode_t
rlm_rcode_t
Return codes indicating the result of the module call.
Definition rcode.h:44
RLM_MODULE_OK
@ RLM_MODULE_OK
The module is OK, continue.
Definition rcode.h:49
RLM_MODULE_FAIL
@ RLM_MODULE_FAIL
Module failed, don't reply.
Definition rcode.h:48
RLM_MODULE_NOTFOUND
@ RLM_MODULE_NOTFOUND
User not found.
Definition rcode.h:53
RLM_MODULE_UPDATED
@ RLM_MODULE_UPDATED
OK (pairs modified).
Definition rcode.h:55
RLM_MODULE_NOOP
@ RLM_MODULE_NOOP
Module succeeded without doing anything.
Definition rcode.h:54
RETURN_UNLANG_NOOP
#define RETURN_UNLANG_NOOP
Definition rcode.h:69
request_attr_request
fr_dict_attr_t const * request_attr_request
Definition request.c:43
request_attr_reply
fr_dict_attr_t const * request_attr_reply
Definition request.c:44
request_data_get
void * request_data_get(request_t *request, void const *unique_ptr, int unique_int)
Get opaque data from a request.
Definition request_data.c:292
name
static char const * name
Definition rlm_redis_ippool_tool.c:156
sql_group_xlat_call_env_t::user
fr_value_box_t user
Definition rlm_sql.c:240
sql_redundant_ctx_t::inst
rlm_sql_t const * inst
Module instance.
Definition rlm_sql.c:229
sql_map_verify
static int sql_map_verify(CONF_SECTION *cs, UNUSED void const *mod_inst, UNUSED void *proc_inst, tmpl_t const *src, UNUSED map_list_t const *maps)
Definition rlm_sql.c:727
mod_detach
static int mod_detach(module_detach_ctx_t const *mctx)
Definition rlm_sql.c:2111
mod_autz_group_resume
static unlang_action_t mod_autz_group_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
Resume function called after authorization group / profile expansion of check / reply query tmpl.
Definition rlm_sql.c:1315
sql_group_ctx_t::query_ctx
fr_sql_query_t * query_ctx
Query context.
Definition rlm_sql.c:175
sql_group_xlat_ctx_t::group_ctx
sql_group_ctx_t * group_ctx
Definition rlm_sql.c:1141
sql_group_xlat_call_env_t::membership_query
tmpl_t * membership_query
Definition rlm_sql.c:241
sql_group_ctx_t::inst
rlm_sql_t const * inst
Module instance.
Definition rlm_sql.c:173
sql_redundant_ctx_t::call_env
sql_redundant_call_env_t * call_env
Call environment data.
Definition rlm_sql.c:232
QUERY_ESCAPE
#define QUERY_ESCAPE
Definition rlm_sql.c:2467
sql_autz_call_env_t::check_query
tmpl_t * check_query
Tmpl to expand to form authorize_check_query.
Definition rlm_sql.c:110
fall_through
static sql_fall_through_t fall_through(map_list_t *maps)
Definition rlm_sql.c:294
sql_autz_ctx_t::group
rlm_sql_grouplist_t * group
Current group being processed.
Definition rlm_sql.c:193
sql_redundant_call_env_t::filename
fr_value_box_t filename
File name to write SQL logs to.
Definition rlm_sql.c:202
_sql_map_proc_get_value
static int _sql_map_proc_get_value(TALLOC_CTX *ctx, fr_pair_list_t *out, request_t *request, map_t const *map, void *uctx)
Converts a string value into a fr_pair_t.
Definition rlm_sql.c:700
sql_redundant_ctx_t::request
request_t * request
Request being processed.
Definition rlm_sql.c:230
sql_redundant_ctx_t::query_no
size_t query_no
Current query number.
Definition rlm_sql.c:233
authorize_method_env
static const call_env_method_t authorize_method_env
Definition rlm_sql.c:2472
sql_autz_call_env_t::reply_query
tmpl_t * reply_query
Tmpl to expand to form authorize_reply_query.
Definition rlm_sql.c:111
_sql_escape_uxtx_free
static int _sql_escape_uxtx_free(void *uctx)
Definition rlm_sql.c:267
attr_sql_user_name
static fr_dict_attr_t const * attr_sql_user_name
Definition rlm_sql.c:95
rlm_sql_boot_t::query_number_da
fr_dict_attr_t const * query_number_da
Definition rlm_sql.c:51
sql_get_grouplist_resume
static unlang_action_t sql_get_grouplist_resume(unlang_result_t *p_result, request_t *request, void *uctx)
Definition rlm_sql.c:1072
SQL_SAFE_FOR
#define SQL_SAFE_FOR
Definition rlm_sql.c:43
mod_authorize_resume
static unlang_action_t mod_authorize_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
Resume function called after authorization check / reply tmpl expansion.
Definition rlm_sql.c:1548
check_map_process
static int check_map_process(request_t *request, map_list_t *check_map, map_list_t *reply_map)
Process a "check" map.
Definition rlm_sql.c:1251
sql_unset_user
#define sql_unset_user(_i, _r)
Definition rlm_sql.c:1064
attr_fall_through
static fr_dict_attr_t const * attr_fall_through
Definition rlm_sql.c:94
logfile_call_env_parse
static int logfile_call_env_parse(TALLOC_CTX *ctx, call_env_parsed_head_t *out, tmpl_rules_t const *t_rules, CONF_ITEM *cc, call_env_ctx_t const *cec, call_env_parser_t const *rule)
dict_freeradius
static fr_dict_t const * dict_freeradius
Definition rlm_sql.c:86
sql_group_xlat_resume
static xlat_action_t sql_group_xlat_resume(UNUSED TALLOC_CTX *ctx, UNUSED fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, UNUSED fr_value_box_list_t *in)
Run SQL query for group membership to return list of groups.
Definition rlm_sql.c:1178
sql_autz_ctx_t::map_ctx
fr_sql_map_ctx_t * map_ctx
Context used for retrieving attribute value pairs as a map list.
Definition rlm_sql.c:196
sql_xlat_select_resume
static xlat_action_t sql_xlat_select_resume(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, UNUSED fr_value_box_list_t *in)
Definition rlm_sql.c:502
sql_set_user
static void sql_set_user(rlm_sql_t const *inst, request_t *request, fr_value_box_t *user)
Definition rlm_sql.c:1042
sql_group_ctx_t::groups
rlm_sql_grouplist_t * groups
List of groups retrieved.
Definition rlm_sql.c:176
sql_xlat_call_env_t::filename
fr_value_box_t filename
Definition rlm_sql.c:124
sql_group_xlat_query_resume
static xlat_action_t sql_group_xlat_query_resume(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, UNUSED request_t *request, fr_value_box_list_t *in)
Compare list of groups returned from SQL query to xlat argument.
Definition rlm_sql.c:1148
attr_expr_bool_enum
static fr_dict_attr_t const * attr_expr_bool_enum
Definition rlm_sql.c:97
sql_autz_call_env_t::user
fr_value_box_t user
Expansion of the sql_user_name.
Definition rlm_sql.c:109
sql_autz_ctx_t::sql_group
fr_pair_t * sql_group
Pair to update with group being processed.
Definition rlm_sql.c:194
sql_redundant_ctx_t::trunk
trunk_t * trunk
Trunk connection for queries.
Definition rlm_sql.c:231
SQL_AUTZ_STAGE_PROFILE
#define SQL_AUTZ_STAGE_PROFILE
Definition rlm_sql.c:168
sql_xlat_query_resume
static xlat_action_t sql_xlat_query_resume(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, UNUSED fr_value_box_list_t *in)
Definition rlm_sql.c:461
sql_autz_ctx_t::check_tmp
map_list_t check_tmp
List to store check items before processing.
Definition rlm_sql.c:188
submodule_parse
static int submodule_parse(TALLOC_CTX *ctx, void *out, void *parent, CONF_ITEM *ci, conf_parser_t const *rule)
Definition rlm_sql.c:253
mod_bootstrap
static int mod_bootstrap(module_inst_ctx_t const *mctx)
Definition rlm_sql.c:2233
sql_group_ctx_t::query
fr_value_box_t * query
Query string used for evaluating group membership.
Definition rlm_sql.c:174
sql_autz_ctx_t::call_env
sql_autz_call_env_t * call_env
Call environment data.
Definition rlm_sql.c:187
rlm_sql
module_rlm_t rlm_sql
Definition rlm_sql.c:2486
mod_authorize
static unlang_action_t mod_authorize(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
Start of module authorize method.
Definition rlm_sql.c:1706
sql_get_grouplist
static unlang_action_t sql_get_grouplist(unlang_result_t *p_result, sql_group_ctx_t *group_ctx, trunk_t *trunk, request_t *request)
Definition rlm_sql.c:1112
xlat_method_env
static const call_env_method_t xlat_method_env
Definition rlm_sql.c:127
sql_autz_status_t
sql_autz_status_t
Status of the authorization process.
Definition rlm_sql.c:149
SQL_AUTZ_PROFILE_REPLY
@ SQL_AUTZ_PROFILE_REPLY
Running profile reply query.
Definition rlm_sql.c:163
SQL_AUTZ_CHECK
@ SQL_AUTZ_CHECK
Running user check query.
Definition rlm_sql.c:150
SQL_AUTZ_GROUP_MEMB_RESUME
@ SQL_AUTZ_GROUP_MEMB_RESUME
Completed group membership query.
Definition rlm_sql.c:155
SQL_AUTZ_REPLY
@ SQL_AUTZ_REPLY
Running user reply query.
Definition rlm_sql.c:152
SQL_AUTZ_GROUP_MEMB
@ SQL_AUTZ_GROUP_MEMB
Running group membership query.
Definition rlm_sql.c:154
SQL_AUTZ_PROFILE_REPLY_RESUME
@ SQL_AUTZ_PROFILE_REPLY_RESUME
Completed profile reply query.
Definition rlm_sql.c:164
SQL_AUTZ_PROFILE_CHECK_RESUME
@ SQL_AUTZ_PROFILE_CHECK_RESUME
Completed profile check query.
Definition rlm_sql.c:162
SQL_AUTZ_CHECK_RESUME
@ SQL_AUTZ_CHECK_RESUME
Completed user check query.
Definition rlm_sql.c:151
SQL_AUTZ_PROFILE_START
@ SQL_AUTZ_PROFILE_START
Starting processing user profiles.
Definition rlm_sql.c:160
SQL_AUTZ_GROUP_REPLY_RESUME
@ SQL_AUTZ_GROUP_REPLY_RESUME
Completed group reply query.
Definition rlm_sql.c:159
SQL_AUTZ_REPLY_RESUME
@ SQL_AUTZ_REPLY_RESUME
Completed user reply query.
Definition rlm_sql.c:153
SQL_AUTZ_GROUP_CHECK
@ SQL_AUTZ_GROUP_CHECK
Running group check query.
Definition rlm_sql.c:156
SQL_AUTZ_PROFILE_CHECK
@ SQL_AUTZ_PROFILE_CHECK
Running profile check query.
Definition rlm_sql.c:161
SQL_AUTZ_GROUP_REPLY
@ SQL_AUTZ_GROUP_REPLY
Running group reply query.
Definition rlm_sql.c:158
SQL_AUTZ_GROUP_CHECK_RESUME
@ SQL_AUTZ_GROUP_CHECK_RESUME
Completed group check query.
Definition rlm_sql.c:157
sql_xlat_escape
static int sql_xlat_escape(request_t *request, fr_value_box_t *vb, void *uctx)
Escape a tainted VB used as an xlat argument.
Definition rlm_sql.c:333
sql_autz_ctx_t::inst
rlm_sql_t const * inst
Module instance.
Definition rlm_sql.c:183
SQL_AUTZ_STAGE_GROUP
#define SQL_AUTZ_STAGE_GROUP
Definition rlm_sql.c:167
sql_autz_call_env_t::group_reply_query
tmpl_t * group_reply_query
Tmpl to expand to form authorize_group_reply_query.
Definition rlm_sql.c:114
sql_autz_call_env_t::group_check_query
tmpl_t * group_check_query
Tmpl to expand to form authorize_group_check_query.
Definition rlm_sql.c:113
sql_group_ctx_t::num_groups
int num_groups
How many groups have been retrieved.
Definition rlm_sql.c:177
sql_autz_ctx_free
static int sql_autz_ctx_free(sql_autz_ctx_t *to_free)
Definition rlm_sql.c:1289
sql_autz_ctx_t::trunk
trunk_t * trunk
Trunk connection for current authorization.
Definition rlm_sql.c:186
sql_redundant_ctx_t::query_vb
fr_value_box_t * query_vb
Current query string.
Definition rlm_sql.c:235
sql_redundant_ctx_t::query
fr_value_box_list_t query
Where expanded query tmpl will be written.
Definition rlm_sql.c:234
sql_autz_ctx_t::reply_tmp
map_list_t reply_tmp
List to store reply items before processing.
Definition rlm_sql.c:189
sql_autz_ctx_t::status
sql_autz_status_t status
Current status of the authorization.
Definition rlm_sql.c:190
sql_autz_ctx_t::request
request_t * request
Request being processed.
Definition rlm_sql.c:184
sql_autz_ctx_t::profile
fr_pair_t * profile
Current profile being processed.
Definition rlm_sql.c:195
MAX_SQL_FIELD_INDEX
#define MAX_SQL_FIELD_INDEX
Definition rlm_sql.c:739
rlm_sql_dict_attr
fr_dict_attr_autoload_t rlm_sql_dict_attr[]
Definition rlm_sql.c:100
sql_group_xlat_ctx_t::query
fr_value_box_list_t query
Definition rlm_sql.c:1140
mod_thread_instantiate
static int mod_thread_instantiate(module_thread_inst_ctx_t const *mctx)
Initialise thread specific data structure.
Definition rlm_sql.c:2406
sql_escape_uctx_alloc
static void * sql_escape_uctx_alloc(UNUSED request_t *request, void const *uctx)
Definition rlm_sql.c:276
mod_sql_redundant
static unlang_action_t mod_sql_redundant(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
Generic module call for failing between a bunch of queries.
Definition rlm_sql.c:1912
sql_redundant_ctx_t::query_ctx
fr_sql_query_t * query_ctx
Query context for current query.
Definition rlm_sql.c:236
mod_sql_redundant_query_resume
static unlang_action_t mod_sql_redundant_query_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
Resume function called after executing an SQL query in a redundant list of queries.
Definition rlm_sql.c:1793
sql_autz_ctx_t::rcode
rlm_rcode_t rcode
Module return code.
Definition rlm_sql.c:185
sql_redundant_call_env_t::query
tmpl_t ** query
Array of tmpls for list of queries to run.
Definition rlm_sql.c:203
rlm_sql_grouplist_s::next
rlm_sql_grouplist_t * next
Definition rlm_sql.c:1069
accounting_method_env
static const call_env_method_t accounting_method_env
Definition rlm_sql.c:206
sql_redundant_ctx_free
static int sql_redundant_ctx_free(sql_redundant_ctx_t *to_free)
Tidy up when freeing an SQL redundant context.
Definition rlm_sql.c:1776
group_xlat_method_env
static const call_env_method_t group_xlat_method_env
Definition rlm_sql.c:244
sql_autz_ctx_t::group_ctx
sql_group_ctx_t * group_ctx
Context used for retrieving user group membership.
Definition rlm_sql.c:197
sql_autz_call_env_t::membership_query
tmpl_t * membership_query
Tmpl to expand to form group_membership_query.
Definition rlm_sql.c:112
sql_box_escape
static int sql_box_escape(fr_value_box_t *vb, void *uctx)
Definition rlm_sql.c:431
module_config
static const conf_parser_t module_config[]
Definition rlm_sql.c:54
rlm_sql_grouplist_s::name
char * name
Definition rlm_sql.c:1068
sql_autz_ctx_t::query
fr_value_box_list_t query
Where expanded query tmpls will be written.
Definition rlm_sql.c:191
sql_autz_ctx_t::user_found
bool user_found
Has the user been found anywhere?
Definition rlm_sql.c:192
attr_user_profile
static fr_dict_attr_t const * attr_user_profile
Definition rlm_sql.c:96
send_method_env
static const call_env_method_t send_method_env
Definition rlm_sql.c:216
rlm_sql_dict
fr_dict_autoload_t rlm_sql_dict[]
Definition rlm_sql.c:89
rlm_sql_boot_t::group_da
fr_dict_attr_t const * group_da
Definition rlm_sql.c:50
mod_thread_detach
static int mod_thread_detach(module_thread_inst_ctx_t const *mctx)
Definition rlm_sql.c:2425
mod_map_resume
static unlang_action_t mod_map_resume(unlang_result_t *p_result, map_ctx_t const *mpctx, request_t *request, UNUSED fr_value_box_list_t *query, map_list_t const *maps)
Process the results of an SQL map query.
Definition rlm_sql.c:753
mod_instantiate
static int mod_instantiate(module_inst_ctx_t const *mctx)
Definition rlm_sql.c:2128
sql_redundant_call_env_t::user
fr_value_box_t user
Expansion of sql_user_name.
Definition rlm_sql.c:201
query_call_env_parse
static int query_call_env_parse(TALLOC_CTX *ctx, call_env_parsed_head_t *out, tmpl_rules_t const *t_rules, CONF_ITEM *cc, call_env_ctx_t const *cec, call_env_parser_t const *rule)
mod_map_proc
static unlang_action_t mod_map_proc(unlang_result_t *p_result, map_ctx_t const *mpctx, request_t *request, fr_value_box_list_t *query, UNUSED map_list_t const *maps)
Executes a SELECT query and maps the result to server attributes.
Definition rlm_sql.c:891
sql_escape_func
static ssize_t sql_escape_func(request_t *, char *out, size_t outlen, char const *in, void *arg)
sql_call_env_parse
static int sql_call_env_parse(TALLOC_CTX *ctx, void *out, tmpl_rules_t const *t_rules, CONF_ITEM *ci, call_env_ctx_t const *cec, UNUSED call_env_parser_t const *rule)
Custom parser for sql call env queries.
Definition rlm_sql.c:2439
mod_sql_redundant_resume
static unlang_action_t mod_sql_redundant_resume(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request)
Resume function called after expansion of next query in a redundant list of queries.
Definition rlm_sql.c:1881
rlm_sql_boot_t
Definition rlm_sql.c:49
rlm_sql_grouplist_s
Definition rlm_sql.c:1067
sql_autz_call_env_t
Definition rlm_sql.c:108
sql_autz_ctx_t
Context for SQL authorization.
Definition rlm_sql.c:182
sql_group_ctx_t
Context for group membership query evaluation.
Definition rlm_sql.c:172
sql_group_xlat_call_env_t
Definition rlm_sql.c:239
sql_group_xlat_ctx_t
Definition rlm_sql.c:1139
sql_redundant_call_env_t
Definition rlm_sql.c:200
sql_redundant_ctx_t
Context for tracking redundant SQL query sets.
Definition rlm_sql.c:228
sql_xlat_call_env_t
Definition rlm_sql.c:123
rlm_sql.h
Prototypes and functions for the SQL module.
fr_sql_query_alloc
fr_sql_query_t * fr_sql_query_alloc(TALLOC_CTX *ctx, rlm_sql_t const *inst, request_t *request, trunk_t *trunk, char const *query_str, fr_sql_query_type_t type)
Allocate an sql query structure.
Definition sql.c:183
rlm_sql_thread_t::trunk
trunk_t * trunk
Trunk connection for this thread.
Definition rlm_sql.h:114
rlm_sql_thread_t::inst
rlm_sql_t const * inst
Module instance data.
Definition rlm_sql.h:115
RLM_SQL_MULTI_QUERY_CONN
#define RLM_SQL_MULTI_QUERY_CONN
Can support multiple queries on a single connection.
Definition rlm_sql.h:173
fr_sql_query_t::type
fr_sql_query_type_t type
Type of query.
Definition rlm_sql.h:143
sql_get_map_list
unlang_action_t sql_get_map_list(unlang_result_t *p_result, request_t *request, fr_sql_map_ctx_t *map_ctx, trunk_t *trunk)
Submit the query to get any user / group check or reply pairs.
Definition sql.c:357
rlm_sql_fetch_row
unlang_action_t rlm_sql_fetch_row(unlang_result_t *p_result, request_t *request, void *uctx)
Call the driver's sql_fetch_row function.
Definition sql.c:79
rlm_sql_query_log
void rlm_sql_query_log(rlm_sql_t const *inst, char const *filename, char const *query)
Definition sql.c:387
fr_sql_query_t::inst
rlm_sql_t const * inst
Module instance for this query.
Definition rlm_sql.h:137
sql_rcode_t
sql_rcode_t
Action to take at end of an SQL query.
Definition rlm_sql.h:44
RLM_SQL_QUERY_INVALID
@ RLM_SQL_QUERY_INVALID
Query syntax error.
Definition rlm_sql.h:45
RLM_SQL_ALT_QUERY
@ RLM_SQL_ALT_QUERY
Key constraint violation, use an alternative query.
Definition rlm_sql.h:49
RLM_SQL_RECONNECT
@ RLM_SQL_RECONNECT
Stale connection, should reconnect.
Definition rlm_sql.h:48
RLM_SQL_ERROR
@ RLM_SQL_ERROR
General connection/server error.
Definition rlm_sql.h:46
RLM_SQL_OK
@ RLM_SQL_OK
Success.
Definition rlm_sql.h:47
RLM_SQL_NO_MORE_ROWS
@ RLM_SQL_NO_MORE_ROWS
No more rows available.
Definition rlm_sql.h:50
SQL_QUERY_SELECT
@ SQL_QUERY_SELECT
Definition rlm_sql.h:120
SQL_QUERY_OTHER
@ SQL_QUERY_OTHER
Definition rlm_sql.h:121
fr_sql_map_ctx_t::ctx
TALLOC_CTX * ctx
To allocate map entries in.
Definition rlm_sql.h:153
rlm_sql_thread_t::sql_escape_arg
void * sql_escape_arg
Thread specific argument to be passed to escape function.
Definition rlm_sql.h:116
sql_fall_through_t
sql_fall_through_t
Definition rlm_sql.h:53
FALL_THROUGH_DEFAULT
@ FALL_THROUGH_DEFAULT
Definition rlm_sql.h:56
FALL_THROUGH_YES
@ FALL_THROUGH_YES
Definition rlm_sql.h:55
rlm_sql_row_t
char ** rlm_sql_row_t
Definition rlm_sql.h:59
rlm_sql_print_error
void rlm_sql_print_error(rlm_sql_t const *inst, request_t *request, fr_sql_query_t *query_ctx, bool force_debug)
Retrieve any errors from the SQL driver.
Definition sql.c:122
fr_sql_query_t::row
rlm_sql_row_t row
Row data from the last query.
Definition rlm_sql.h:146
fr_sql_query_t::rcode
sql_rcode_t rcode
Result code.
Definition rlm_sql.h:145
rlm_sql_escape_uctx_t::sql
rlm_sql_t const * sql
Definition rlm_sql.h:197
sql_rcode_description_table
fr_table_num_sorted_t const sql_rcode_description_table[]
Definition sql.c:45
rlm_sql_trunk_query
unlang_action_t rlm_sql_trunk_query(unlang_result_t *p_result, request_t *request, void *uctx)
Submit an SQL query using a trunk connection.
Definition sql.c:243
fr_sql_map_ctx_t
Context used when fetching attribute value pairs as a map list.
Definition rlm_sql.h:152
fr_sql_query_t
Definition rlm_sql.h:136
rlm_sql_config_t
Definition rlm_sql.h:73
rlm_sql_escape_uctx_t
Definition rlm_sql.h:196
rlm_sql_thread_t
Definition rlm_sql.h:113
fr_sbuff_trim_talloc
int fr_sbuff_trim_talloc(fr_sbuff_t *sbuff, size_t len)
Trim a talloced sbuff to the minimum length required to represent the contained string.
Definition sbuff.c:433
FR_SBUFF_IN
#define FR_SBUFF_IN(_start, _len_or_end)
fr_sbuff_buff
#define fr_sbuff_buff(_sbuff_or_marker)
fr_sbuff_uctx_talloc_t
Talloc sbuff extension structure.
Definition sbuff.h:137
section_name_str
static char const * section_name_str(char const *name)
Return a printable string for the section name.
Definition section.h:97
SECTION_NAME
#define SECTION_NAME(_name1, _name2)
Define a section name consisting of a verb and a noun.
Definition section.h:39
section_name_t::name2
char const * name2
Second section name. Usually a packet type like 'access-request', 'access-accept',...
Definition section.h:45
section_name_t::name1
char const * name1
First section name. Usually a verb like 'recv', 'send', etc...
Definition section.h:44
module_instance_s::name
char const * name
Instance name e.g. user_database.
Definition module.h:357
module_instance_s::conf
CONF_SECTION * conf
Module's instance configuration.
Definition module.h:351
module_instance_s::data
void * data
Module's instance data.
Definition module.h:293
module_instance_s::boot
void * boot
Data allocated during the boostrap phase.
Definition module.h:296
module_thread_instance_s::data
void * data
Thread specific instance data.
Definition module.h:374
module_thread
static module_thread_instance_t * module_thread(module_instance_t const *mi)
Retrieve module/thread specific instance for a module.
Definition module.h:503
MODULE_BINDING_TERMINATOR
#define MODULE_BINDING_TERMINATOR
Terminate a module binding list.
Definition module.h:152
module_s::boot_size
size_t boot_size
Size of the module's bootstrap data.
Definition module.h:209
module_instance_s::exported
module_t * exported
Public module structure.
Definition module.h:298
module_instance_s
Module instance data.
Definition module.h:287
module_method_binding_s
Named methods exported by a module.
Definition module.h:174
pair_append_control
#define pair_append_control(_attr, _da)
Allocate and append a fr_pair_t to the control list.
Definition pair.h:57
pair_delete_request
#define pair_delete_request(_pair_or_da)
Delete a fr_pair_t in the request list.
Definition pair.h:172
pair_update_control
#define pair_update_control(_attr, _da)
Return or allocate a fr_pair_t in the control list.
Definition pair.h:140
tmpl_rules_s::escape
tmpl_escape_t escape
How escaping should be handled during evaluation.
Definition tmpl.h:353
tmpl_resolve
int tmpl_resolve(tmpl_t *vpt, tmpl_res_rules_t const *tr_rules))
Attempt to resolve functions and attributes in xlats and attribute references.
Definition tmpl_tokenize.c:4331
tmpl_value
#define tmpl_value(_tmpl)
Definition tmpl.h:937
tmpl_rules_s::literals_safe_for
fr_value_box_safe_for_t literals_safe_for
safe_for value assigned to literal values in xlats, execs, and data.
Definition tmpl.h:351
tmpl_is_attr
#define tmpl_is_attr(vpt)
Definition tmpl.h:208
tmpl_afrom_substr
ssize_t tmpl_afrom_substr(TALLOC_CTX *ctx, tmpl_t **out, fr_sbuff_t *in, fr_token_t quote, fr_sbuff_parse_rules_t const *p_rules, tmpl_rules_t const *t_rules))
Convert an arbitrary string into a tmpl_t.
Definition tmpl_tokenize.c:3271
tmpl_is_data
#define tmpl_is_data(vpt)
Definition tmpl.h:206
tmpl_expand
#define tmpl_expand(_out, _buff, _buff_len, _request, _vpt)
Expand a tmpl to a C type, using existing storage to hold variably sized types.
Definition tmpl.h:1054
tmpl_value_type
#define tmpl_value_type(_tmpl)
Definition tmpl.h:939
tmpl_rules_s::attr
tmpl_attr_rules_t attr
Rules/data for parsing attribute references.
Definition tmpl.h:339
tmpl_attr_tail_da
static fr_dict_attr_t const * tmpl_attr_tail_da(tmpl_t const *vpt)
Return the last attribute reference da.
Definition tmpl.h:801
tmpl_needs_resolving
#define tmpl_needs_resolving(vpt)
Definition tmpl.h:223
tmpl_res_rules_s
Similar to tmpl_rules_t, but used to specify parameters that may change during subsequent resolution ...
Definition tmpl.h:368
tmpl_rules_s
Optional arguments passed to vp_tmpl functions.
Definition tmpl.h:336
fr_skip_whitespace
#define fr_skip_whitespace(_p)
Skip whitespace ('\t', '\n', '\v', '\f', '\r', ' ')
Definition skip.h:36
snprintf
PUBLIC int snprintf(char *string, size_t length, char *format, va_alist)
Definition snprintf.c:689
count
return count
Definition module.c:155
module_instantiate
int module_instantiate(module_instance_t *instance)
Manually complete module setup by calling its instantiate function.
Definition module.c:1221
unlang_module_yield
unlang_action_t unlang_module_yield(request_t *request, module_method_t resume, unlang_module_signal_t signal, fr_signal_t sigmask, void *rctx)
Yield a request back to the interpreter from within a module.
Definition module.c:431
unlang_module_yield_to_tmpl
unlang_action_t unlang_module_yield_to_tmpl(TALLOC_CTX *ctx, fr_value_box_list_t *out, request_t *request, tmpl_t const *vpt, unlang_tmpl_args_t *args, module_method_t resume, unlang_module_signal_t signal, fr_signal_t sigmask, void *rctx)
Push a pre-compiled tmpl and resumption state onto the stack for evaluation.
Definition module.c:216
inst
eap_aka_sim_process_conf_t * inst
Definition state_machine.c:3645
fr_pair_value_bstrdup_buffer
fr_pair_value_bstrdup_buffer(vp, eap_session->identity, true)
vp
fr_pair_t * vp
Definition state_machine.c:2287
eap_aka_sim_process_conf_t::type
eap_type_t type
The preferred EAP-Type of this instance of the EAP-SIM/AKA/AKA' state machine.
Definition state_machine.h:191
map_s
Value pair map.
Definition map.h:77
map_s::op
fr_token_t op
The operator that controls insertion of the dst attribute.
Definition map.h:82
map_s::lhs
tmpl_t * lhs
Typically describes the attribute to add, modify or compare.
Definition map.h:78
map_s::rhs
tmpl_t * rhs
Typically describes a literal value or a src attribute to copy or compare.
Definition map.h:79
pair_list_s
Definition pair.h:52
rlm_sql_driver_t
Definition rlm_sql.h:200
sql_inst
Definition rlm_sql.h:227
sql_inst::sql_escape_arg
void * sql_escape_arg
Instance specific argument to be passed to escape function.
Definition rlm_sql.h:239
tmpl_attr_rules_s::dict_def
fr_dict_t const * dict_def
Default dictionary to use with unqualified attribute references.
Definition tmpl.h:273
value_pair_s
Stores an attribute, a value and various bits of other data.
Definition pair.h:68
value_pair_s::da
fr_dict_attr_t const *_CONST da
Dictionary attribute defines the attribute number, vendor and type of the pair.
Definition pair.h:69
fr_table_str_by_value
#define fr_table_str_by_value(_table, _number, _def)
Convert an integer to a string.
Definition table.h:772
talloc_get_type_abort_const
#define talloc_get_type_abort_const
Definition talloc.h:110
talloc_strdup
#define talloc_strdup(_ctx, _str)
Definition talloc.h:142
talloc_strlen
static size_t talloc_strlen(char const *s)
Returns the length of a talloc array containing a string.
Definition talloc.h:136
fr_time_delta_from_sec
static fr_time_delta_t fr_time_delta_from_sec(int64_t sec)
Definition time.h:590
unlang_tmpl_push
int unlang_tmpl_push(TALLOC_CTX *ctx, unlang_result_t *p_result, fr_value_box_list_t *out, request_t *request, tmpl_t const *tmpl, unlang_tmpl_args_t *args, bool top_frame)
Push a tmpl onto the stack for evaluation.
Definition tmpl.c:276
TMPL_ESCAPE_UCTX_ALLOC_FUNC
@ TMPL_ESCAPE_UCTX_ALLOC_FUNC
A new uctx of the specified size and type is allocated and pre-populated by memcpying uctx....
Definition tmpl_escape.h:35
tmpl_escape_t::box_escape
fr_value_box_escape_t box_escape
How to escape when returned from evaluation.
Definition tmpl_escape.h:81
TMPL_ESCAPE_PRE_CONCAT
@ TMPL_ESCAPE_PRE_CONCAT
Pre-concatenation escaping is useful for DSLs where elements of the expansion are static,...
Definition tmpl_escape.h:61
tmpl_escape_t::uctx
struct tmpl_escape_t::@75 uctx
tmpl_escape_t::mode
tmpl_escape_mode_t mode
Whether to apply escape function after concatenation, i.e.
Definition tmpl_escape.h:83
tmpl_escape_t
Escaping rules for tmpls.
Definition tmpl_escape.h:80
fr_assignment_op
const bool fr_assignment_op[T_TOKEN_LAST]
Definition token.c:170
fr_tokens
char const * fr_tokens[T_TOKEN_LAST]
Definition token.c:80
fr_comparison_op
const bool fr_comparison_op[T_TOKEN_LAST]
Definition token.c:200
T_OP_CMP_TRUE
@ T_OP_CMP_TRUE
Definition token.h:102
T_OP_CMP_FALSE
@ T_OP_CMP_FALSE
Definition token.h:103
module_trigger_args_build
int module_trigger_args_build(TALLOC_CTX *ctx, fr_pair_list_t *list, CONF_SECTION *cs, module_trigger_args_t *args)
Build trigger args pair list for modules.
Definition trigger.c:497
module_trigger_args_t
Common values used by modules when building trigger args.
Definition trigger.h:42
trunk_alloc
trunk_t * trunk_alloc(TALLOC_CTX *ctx, fr_event_list_t *el, trunk_io_funcs_t const *funcs, trunk_conf_t const *conf, char const *log_prefix, void const *uctx, bool delay_start, fr_pair_list_t *trigger_args)
Allocate a new collection of connections.
Definition trunk.c:5001
trunk_config
conf_parser_t const trunk_config[]
Config parser definitions to populate a trunk_conf_t.
Definition trunk.c:341
trunk_s
Main trunk management handle.
Definition trunk.c:215
expand_rhs
static int expand_rhs(request_t *request, unlang_frame_state_edit_t *state, edit_map_t *current)
Definition edit.c:1193
unlang_xlat_yield
xlat_action_t unlang_xlat_yield(request_t *request, xlat_func_t resume, xlat_func_signal_t signal, fr_signal_t sigmask, void *rctx)
Yield a request back to the interpreter from within a module.
Definition xlat.c:543
xlat_arg_parser_t::type
fr_type_t type
Type to cast argument to.
Definition xlat.h:155
xlat_transparent
xlat_action_t xlat_transparent(UNUSED TALLOC_CTX *ctx, fr_dcursor_t *out, UNUSED xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *args)
XLAT_ARG_PARSER_TERMINATOR
#define XLAT_ARG_PARSER_TERMINATOR
Definition xlat.h:170
xlat_action_t
xlat_action_t
Definition xlat.h:37
XLAT_ACTION_FAIL
@ XLAT_ACTION_FAIL
An xlat function failed.
Definition xlat.h:44
XLAT_ACTION_YIELD
@ XLAT_ACTION_YIELD
An xlat function pushed a resume frame onto the stack.
Definition xlat.h:42
XLAT_ACTION_PUSH_UNLANG
@ XLAT_ACTION_PUSH_UNLANG
An xlat function pushed an unlang frame onto the unlang stack.
Definition xlat.h:39
XLAT_ACTION_DONE
@ XLAT_ACTION_DONE
We're done evaluating this level of nesting.
Definition xlat.h:43
xlat_arg_parser_t
Definition for a single argument consumed by an xlat function.
Definition xlat.h:145
parent
static fr_slen_t parent
Definition pair.h:858
fr_strerror_printf_push
#define fr_strerror_printf_push(_fmt,...)
Add a message to an existing stack of messages at the tail.
Definition strerror.h:84
fr_type_is_structural
#define fr_type_is_structural(_x)
Definition types.h:392
FR_TYPE_IP
#define FR_TYPE_IP
Definition types.h:308
fr_type_to_str
static char const * fr_type_to_str(fr_type_t type)
Return a static string containing the type name.
Definition types.h:454
FR_TYPE_NUMERIC
#define FR_TYPE_NUMERIC
Definition types.h:306
value_parse_rules_quoted
fr_sbuff_parse_rules_t const * value_parse_rules_quoted[T_TOKEN_LAST]
Parse rules for quoted strings.
Definition value.c:611
fr_value_box_cast_in_place
int fr_value_box_cast_in_place(TALLOC_CTX *ctx, fr_value_box_t *vb, fr_type_t dst_type, fr_dict_attr_t const *dst_enumv)
Convert one type of fr_value_box_t to another in place.
Definition value.c:4181
fr_value_box_clear_value
void fr_value_box_clear_value(fr_value_box_t *data)
Clear/free any existing value.
Definition value.c:4316
fr_value_box_strdup
int fr_value_box_strdup(TALLOC_CTX *ctx, fr_value_box_t *dst, fr_dict_attr_t const *enumv, char const *src, bool tainted)
Copy a nul terminated string to a fr_value_box_t.
Definition value.c:4604
fr_value_box_strdup_shallow_replace
void fr_value_box_strdup_shallow_replace(fr_value_box_t *vb, char const *src, ssize_t len)
Free the existing buffer (if talloced) associated with the valuebox, and replace it with a new one.
Definition value.c:4730
fr_value_box_list_concat_in_place
int fr_value_box_list_concat_in_place(TALLOC_CTX *ctx, fr_value_box_t *out, fr_value_box_list_t *list, fr_type_t type, fr_value_box_list_action_t proc_action, bool flatten, size_t max_size)
Concatenate a list of value boxes.
Definition value.c:6589
FR_VALUE_BOX_LIST_FREE
@ FR_VALUE_BOX_LIST_FREE
Definition value.h:238
fr_value_box_alloc
#define fr_value_box_alloc(_ctx, _type, _enumv)
Allocate a value box of a specific type.
Definition value.h:644
fr_value_box_mark_safe_for
#define fr_value_box_mark_safe_for(_box, _safe_for)
Definition value.h:1093
fr_box_strvalue_buffer
#define fr_box_strvalue_buffer(_val)
Definition value.h:312
fr_value_box_is_safe_for
#define fr_value_box_is_safe_for(_box, _safe_for)
Definition value.h:1100
fr_value_box_escape_t::safe_for
fr_value_box_safe_for_t safe_for
Definition value.h:678
fr_value_box_safe_for_t
uintptr_t fr_value_box_safe_for_t
Escaping that's been applied to a value box.
Definition value.h:162
nonnull
int nonnull(2, 5))
fr_value_box_alloc_null
#define fr_value_box_alloc_null(_ctx)
Allocate a value box for later use with a value assignment function.
Definition value.h:655
fr_value_box_escape_t::func
fr_value_box_escape_func_t func
Definition value.h:677
out
static size_t char ** out
Definition value.h:1030
fr_value_box_escape_t
Definition value.h:676
xlat_ctx
static TALLOC_CTX * xlat_ctx
Definition xlat_builtin.c:48
xlat_ctx_s::rctx
void * rctx
Resume context.
Definition xlat_ctx.h:54
xlat_ctx_s::env_data
void * env_data
Expanded call env data.
Definition xlat_ctx.h:53
xlat_ctx_s::mctx
module_ctx_t const * mctx
Synthesised module calling ctx.
Definition xlat_ctx.h:52
xlat_ctx_s
An xlat calling ctx.
Definition xlat_ctx.h:49
xlat_func_flags_set
void xlat_func_flags_set(xlat_t *x, xlat_func_flags_t flags)
Specify flags that alter the xlat's behaviour.
Definition xlat_func.c:399
xlat_func_args_set
int xlat_func_args_set(xlat_t *x, xlat_arg_parser_t const args[])
Register the arguments of an xlat.
Definition xlat_func.c:363
xlat_func_call_env_set
void xlat_func_call_env_set(xlat_t *x, call_env_method_t const *env_method)
Register call environment of an xlat.
Definition xlat_func.c:389
xlat_func_safe_for_set
#define xlat_func_safe_for_set(_xlat, _escaped)
Set the escaped values for output boxes.
Definition xlat_func.h:82
XLAT_FUNC_FLAG_PURE
@ XLAT_FUNC_FLAG_PURE
Definition xlat_func.h:38
xlat_s
Definition xlat_priv.h:59
Generated by   doxygen 1.9.8