The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
rlm_sql.c
Go to the documentation of this file.
1/*
2 * This program is is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or (at
5 * your option) any later version.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17/**
18 * $Id: b041e92acf8d3ac4110ad9000afe6c67da5bd299 $
19 * @file rlm_sql.c
20 * @brief Implements SQL 'users' file, and SQL accounting.
21 *
22 * @copyright 2012-2014 Arran Cudbard-Bell (a.cudbardb@freeradius.org)
23 * @copyright 2000,2006 The FreeRADIUS server project
24 * @copyright 2000 Mike Machado (mike@innercite.com)
25 * @copyright 2000 Alan DeKok (aland@freeradius.org)
26 */
27
28RCSID("$Id: b041e92acf8d3ac4110ad9000afe6c67da5bd299 $")
29
30#define LOG_PREFIX mctx->mi->name
31
32#include <freeradius-devel/server/base.h>
33#include <freeradius-devel/server/exfile.h>
34#include <freeradius-devel/server/map_proc.h>
35#include <freeradius-devel/server/module_rlm.h>
36#include <freeradius-devel/server/pairmove.h>
37#include <freeradius-devel/util/debug.h>
38#include <freeradius-devel/util/dict.h>
39#include <freeradius-devel/util/table.h>
40#include <freeradius-devel/unlang/function.h>
41#include <freeradius-devel/unlang/xlat_func.h>
42
43#include <sys/stat.h>
44
45#include "rlm_sql.h"
46
47#define SQL_SAFE_FOR (fr_value_box_safe_for_t)inst->driver
48
49extern module_rlm_t rlm_sql;
50
51static int submodule_parse(TALLOC_CTX *ctx, void *out, void *parent, CONF_ITEM *ci, conf_parser_t const *rule);
52
53typedef struct {
54 fr_dict_attr_t const *group_da;
55} rlm_sql_boot_t;
56
57static const conf_parser_t module_config[] = {
58 { FR_CONF_OFFSET_TYPE_FLAGS("driver", FR_TYPE_VOID, 0, rlm_sql_t, driver_submodule), .dflt = "null",
59 .func = submodule_parse },
60 { FR_CONF_OFFSET("server", rlm_sql_config_t, sql_server), .dflt = "" }, /* Must be zero length so drivers can determine if it was set */
61 { FR_CONF_OFFSET("port", rlm_sql_config_t, sql_port), .dflt = "0" },
62 { FR_CONF_OFFSET("login", rlm_sql_config_t, sql_login), .dflt = "" },
63 { FR_CONF_OFFSET_FLAGS("password", CONF_FLAG_SECRET, rlm_sql_config_t, sql_password), .dflt = "" },
64 { FR_CONF_OFFSET("radius_db", rlm_sql_config_t, sql_db), .dflt = "radius" },
65 { FR_CONF_OFFSET("read_groups", rlm_sql_config_t, read_groups), .dflt = "yes" },
66 { FR_CONF_OFFSET("group_attribute", rlm_sql_config_t, group_attribute) },
67 { FR_CONF_OFFSET("cache_groups", rlm_sql_config_t, cache_groups) },
68 { FR_CONF_OFFSET("read_profiles", rlm_sql_config_t, read_profiles), .dflt = "yes" },
69 { FR_CONF_OFFSET("open_query", rlm_sql_config_t, connect_query) },
70
71 { FR_CONF_OFFSET("safe_characters", rlm_sql_config_t, allowed_chars), .dflt = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" },
72
73 /*
74 * This only works for a few drivers.
75 */
76 { FR_CONF_OFFSET("query_timeout", rlm_sql_config_t, query_timeout), .dflt = "5" },
77
78 /*
79 * The pool section is used for trunk config
80 */
81 { FR_CONF_OFFSET_SUBSECTION("pool", 0, rlm_sql_config_t, trunk_conf, trunk_config) },
82
83 { FR_CONF_OFFSET_FLAGS("expand_rhs", CONF_FLAG_HIDDEN, rlm_sql_config_t, expand_rhs) },
84
85 CONF_PARSER_TERMINATOR
86};
87
88static fr_dict_t const *dict_freeradius;
89
90extern fr_dict_autoload_t rlm_sql_dict[];
91fr_dict_autoload_t rlm_sql_dict[] = {
92 { .out = &dict_freeradius, .proto = "freeradius" },
93 { NULL }
94};
95
96static fr_dict_attr_t const *attr_fall_through;
97static fr_dict_attr_t const *attr_sql_user_name;
98static fr_dict_attr_t const *attr_user_profile;
99static fr_dict_attr_t const *attr_expr_bool_enum;
100
101extern fr_dict_attr_autoload_t rlm_sql_dict_attr[];
102fr_dict_attr_autoload_t rlm_sql_dict_attr[] = {
103 { .out = &attr_fall_through, .name = "Fall-Through", .type = FR_TYPE_BOOL, .dict = &dict_freeradius },
104 { .out = &attr_sql_user_name, .name = "SQL-User-Name", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
105 { .out = &attr_user_profile, .name = "User-Profile", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
106 { .out = &attr_expr_bool_enum, .name = "Expr-Bool-Enum", .type = FR_TYPE_BOOL, .dict = &dict_freeradius },
107 { NULL }
108};
109
110typedef struct {
111 fr_value_box_t user; //!< Expansion of the sql_user_name
112 tmpl_t *check_query; //!< Tmpl to expand to form authorize_check_query
113 tmpl_t *reply_query; //!< Tmpl to expand to form authorize_reply_query
114 tmpl_t *membership_query; //!< Tmpl to expand to form group_membership_query
115 tmpl_t *group_check_query; //!< Tmpl to expand to form authorize_group_check_query
116 tmpl_t *group_reply_query; //!< Tmpl to expand to form authorize_group_reply_query
117} sql_autz_call_env_t;
118
119static int logfile_call_env_parse(TALLOC_CTX *ctx, call_env_parsed_head_t *out, tmpl_rules_t const *t_rules, CONF_ITEM *cc,
120 call_env_ctx_t const *cec, call_env_parser_t const *rule);
121
122static int query_call_env_parse(TALLOC_CTX *ctx, call_env_parsed_head_t *out, tmpl_rules_t const *t_rules, CONF_ITEM *cc,
123 call_env_ctx_t const *cec, call_env_parser_t const *rule);
124
128
143
144typedef struct rlm_sql_grouplist_s rlm_sql_grouplist_t;
145
146/** Status of the authorization process
147 */
148typedef enum {
149 SQL_AUTZ_CHECK = 0x12, //!< Running user `check` query
150 SQL_AUTZ_CHECK_RESUME = 0x13, //!< Completed user `check` query
151 SQL_AUTZ_REPLY = 0x14, //!< Running user `reply` query
152 SQL_AUTZ_REPLY_RESUME = 0x15, //!< Completed user `reply` query
153 SQL_AUTZ_GROUP_MEMB = 0x20, //!< Running group membership query
154 SQL_AUTZ_GROUP_MEMB_RESUME = 0x21, //!< Completed group membership query
155 SQL_AUTZ_GROUP_CHECK = 0x22, //!< Running group `check` query
156 SQL_AUTZ_GROUP_CHECK_RESUME = 0x23, //!< Completed group `check` query
157 SQL_AUTZ_GROUP_REPLY = 0x24, //!< Running group `reply` query
158 SQL_AUTZ_GROUP_REPLY_RESUME = 0x25, //!< Completed group `reply` query
159 SQL_AUTZ_PROFILE_START = 0x40, //!< Starting processing user profiles
160 SQL_AUTZ_PROFILE_CHECK = 0x42, //!< Running profile `check` query
161 SQL_AUTZ_PROFILE_CHECK_RESUME = 0x43, //!< Completed profile `check` query
162 SQL_AUTZ_PROFILE_REPLY = 0x44, //!< Running profile `reply` query
163 SQL_AUTZ_PROFILE_REPLY_RESUME = 0x45, //!< Completed profile `reply` query
164} sql_autz_status_t;
165
166#define SQL_AUTZ_STAGE_GROUP 0x20
167#define SQL_AUTZ_STAGE_PROFILE 0x40
168
169/** Context for group membership query evaluation
170 */
171typedef struct {
172 rlm_sql_t const *inst; //!< Module instance.
173 fr_value_box_t *query; //!< Query string used for evaluating group membership.
174 fr_sql_query_t *query_ctx; //!< Query context.
175 rlm_sql_grouplist_t *groups; //!< List of groups retrieved.
176 int num_groups; //!< How many groups have been retrieved.
177} sql_group_ctx_t;
178
179/** Context for SQL authorization
180 */
181typedef struct {
182 rlm_sql_t const *inst; //!< Module instance.
183 request_t *request; //!< Request being processed.
184 rlm_rcode_t rcode; //!< Module return code.
185 trunk_t *trunk; //!< Trunk connection for current authorization.
186 sql_autz_call_env_t *call_env; //!< Call environment data.
187 map_list_t check_tmp; //!< List to store check items before processing.
188 map_list_t reply_tmp; //!< List to store reply items before processing.
189 sql_autz_status_t status; //!< Current status of the authorization.
190 fr_value_box_list_t query; //!< Where expanded query tmpls will be written.
191 bool user_found; //!< Has the user been found anywhere?
192 rlm_sql_grouplist_t *group; //!< Current group being processed.
193 fr_pair_t *sql_group; //!< Pair to update with group being processed.
194 fr_pair_t *profile; //!< Current profile being processed.
195 fr_sql_map_ctx_t *map_ctx; //!< Context used for retrieving attribute value pairs as a map list.
196 sql_group_ctx_t *group_ctx; //!< Context used for retrieving user group membership.
197} sql_autz_ctx_t;
198
199/** Context for SQL maps
200 *
201 */
202typedef struct {
203 rlm_sql_t const *inst;
204 map_list_t const *maps;
205 fr_sql_query_t *query_ctx;
206} sql_map_ctx_t;
207
208typedef struct {
209 fr_value_box_t user; //!< Expansion of sql_user_name.
210 fr_value_box_t filename; //!< File name to write SQL logs to.
211 tmpl_t **query; //!< Array of tmpls for list of queries to run.
212} sql_redundant_call_env_t;
213
223
233
234/** Context for tracking redundant SQL query sets
235 */
236typedef struct {
237 rlm_sql_t const *inst; //!< Module instance.
238 request_t *request; //!< Request being processed.
239 trunk_t *trunk; //!< Trunk connection for queries.
240 sql_redundant_call_env_t *call_env; //!< Call environment data.
241 size_t query_no; //!< Current query number.
242 fr_value_box_list_t query; //!< Where expanded query tmpl will be written.
243 fr_value_box_t *query_vb; //!< Current query string.
244 fr_sql_query_t *query_ctx; //!< Query context for current query.
245} sql_redundant_ctx_t;
246
251
260
261int submodule_parse(TALLOC_CTX *ctx, void *out, void *parent, CONF_ITEM *ci, conf_parser_t const *rule)
262{
263 rlm_sql_t *inst = talloc_get_type_abort(parent, rlm_sql_t);
264 module_instance_t *mi;
265 int ret;
266
267 if (unlikely(ret = module_rlm_submodule_parse(ctx, out, parent, ci, rule) < 0)) return ret;
268
269 mi = talloc_get_type_abort(*((void **)out), module_instance_t);
270 inst->driver = (rlm_sql_driver_t const *)mi->exported; /* Public symbol exported by the submodule */
271
272 return 0;
273}
274
275static int _sql_escape_uxtx_free(void *uctx)
276{
277 return talloc_free(uctx);
278}
279
280/*
281 * Create a thread local uctx which is used in SQL value box escaping
282 * so that an already reserved connection can be used.
283 */
284static void *sql_escape_uctx_alloc(UNUSED request_t *request, void const *uctx)
285{
286 static _Thread_local rlm_sql_escape_uctx_t *t_ctx;
287
288 if (unlikely(t_ctx == NULL)) {
289 rlm_sql_escape_uctx_t *ctx;
290
291 MEM(ctx = talloc_zero(NULL, rlm_sql_escape_uctx_t));
292 fr_atexit_thread_local(t_ctx, _sql_escape_uxtx_free, ctx);
293 }
294 t_ctx->sql = uctx;
295
296 return t_ctx;
297}
298
299/*
300 * Fall-Through checking function from rlm_files.c
301 */
302static sql_fall_through_t fall_through(map_list_t *maps)
303{
304 bool rcode;
305 map_t *map, *next;
306
307 for (map = map_list_head(maps);
308 map != NULL;
309 map = next) {
310 next = map_list_next(maps, map);
311
312 fr_assert(tmpl_is_attr(map->lhs));
313
314 if (tmpl_attr_tail_da(map->lhs) == attr_fall_through) {
315 (void) map_list_remove(maps, map);
316
317 if (tmpl_is_data(map->rhs)) {
318 fr_assert(tmpl_value_type(map->rhs) == FR_TYPE_BOOL);
319
320 rcode = tmpl_value(map->rhs)->vb_bool;
321 } else {
322 rcode = false;
323 }
324
325 talloc_free(map);
326 return rcode;
327 }
328 }
329
330 return FALL_THROUGH_DEFAULT;
331}
332
333/*
334 * Yucky prototype.
335 */
336static ssize_t sql_escape_func(request_t *, char *out, size_t outlen, char const *in, void *arg);
337
338/** Escape a tainted VB used as an xlat argument
339 *
340 */
341static int CC_HINT(nonnull(2,3)) sql_xlat_escape(request_t *request, fr_value_box_t *vb, void *uctx)
342{
343 fr_sbuff_t sbuff;
344 fr_sbuff_uctx_talloc_t sbuff_ctx;
345
346 ssize_t len;
347 void *arg = NULL;
348 rlm_sql_escape_uctx_t *ctx = uctx;
349 rlm_sql_t const *inst = talloc_get_type_abort_const(ctx->sql, rlm_sql_t);
350 fr_value_box_entry_t entry;
351 rlm_sql_thread_t *thread = talloc_get_type_abort(module_thread(inst->mi)->data, rlm_sql_thread_t);
352
353 /*
354 * If it's already safe, don't do anything.
355 */
356 if (fr_value_box_is_safe_for(vb, inst->driver)) return 0;
357
358 /*
359 * No need to escape types with inherently safe data
360 */
361 switch (vb->type) {
362 case FR_TYPE_NUMERIC:
363 case FR_TYPE_IP:
364 case FR_TYPE_ETHERNET:
365 fr_value_box_mark_safe_for(vb, inst->driver);
366 return 0;
367
368 default:
369 break;
370 }
371
372 if (inst->sql_escape_arg) {
373 arg = inst->sql_escape_arg;
374 } else if (thread->sql_escape_arg) {
375 arg = thread->sql_escape_arg;
376 }
377 if (!arg) {
378 error:
379 fr_value_box_clear_value(vb);
380 return -1;
381 }
382
383 /*
384 * Escaping functions work on strings - ensure the box is a string
385 */
386 if ((vb->type != FR_TYPE_STRING) && (fr_value_box_cast_in_place(vb, vb, FR_TYPE_STRING, NULL) < 0)) goto error;
387
388 /*
389 * Maximum escaped length is 3 * original - if every character needs escaping
390 */
391 if (!fr_sbuff_init_talloc(vb, &sbuff, &sbuff_ctx, vb->vb_length * 3, vb->vb_length * 3)) {
392 fr_strerror_printf_push("Failed to allocate buffer for escaped sql argument");
393 return -1;
394 }
395
396 len = inst->sql_escape_func(request, fr_sbuff_buff(&sbuff), vb->vb_length * 3 + 1, vb->vb_strvalue, arg);
397 if (len < 0) goto error;
398
399 /*
400 * fr_value_box_strdup_shallow resets the dlist entries - take a copy
401 */
402 entry = vb->entry;
403 fr_sbuff_trim_talloc(&sbuff, len);
404 fr_value_box_clear_value(vb);
405 fr_value_box_strdup_shallow(vb, NULL, fr_sbuff_buff(&sbuff), vb->tainted);
406
407 /*
408 * Different databases have slightly different ideas as
409 * to what is safe. So we track the database type in the
410 * safe value. This means that we don't
411 * cross-contaminate "safe" values across databases.
412 */
413 fr_value_box_mark_safe_for(vb, inst->driver);
414 vb->entry = entry;
415
416 return 0;
417}
418
419static int sql_box_escape(fr_value_box_t *vb, void *uctx)
420{
421 return sql_xlat_escape(NULL, vb, uctx);
422}
423
424/** Escape a value to make it SQL safe.
425 *
426@verbatim
427%sql.escape(<value>)
428@endverbatim
429 *
430 * @ingroup xlat_functions
431 */
432static xlat_action_t sql_escape_xlat(UNUSED TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx,
433 request_t *request, fr_value_box_list_t *in)
434{
435 rlm_sql_t const *inst = talloc_get_type_abort(xctx->mctx->mi->data, rlm_sql_t);
436 fr_value_box_t *vb;
437 rlm_sql_escape_uctx_t *escape_uctx = NULL;
438
439 while ((vb = fr_value_box_list_pop_head(in))) {
440 if (fr_value_box_is_safe_for(vb, inst->driver)) goto append;
441 if (!escape_uctx) escape_uctx = sql_escape_uctx_alloc(request, inst);
442 sql_box_escape(vb, escape_uctx);
443 append:
444 fr_dcursor_append(out, vb);
445 }
446 return XLAT_ACTION_DONE;
447}
448
449static xlat_action_t sql_xlat_query_resume(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx,
450 request_t *request, UNUSED fr_value_box_list_t *in)
451{
452 fr_sql_query_t *query_ctx = talloc_get_type_abort(xctx->rctx, fr_sql_query_t);
453 rlm_sql_t const *inst = query_ctx->inst;
454 fr_value_box_t *vb;
455 xlat_action_t ret = XLAT_ACTION_DONE;
456 int numaffected;
457
458 fr_assert(query_ctx->type == SQL_QUERY_OTHER);
459
460 switch (query_ctx->rcode) {
461 case RLM_SQL_QUERY_INVALID:
462 case RLM_SQL_ERROR:
463 case RLM_SQL_RECONNECT:
464 RERROR("SQL query failed: %s", fr_table_str_by_value(sql_rcode_description_table,
465 query_ctx->rcode, "<INVALID>"));
466 rlm_sql_print_error(inst, request, query_ctx, false);
467 ret = XLAT_ACTION_FAIL;
468 goto finish;
469
470 default:
471 break;
472 }
473
474 numaffected = (inst->driver->sql_affected_rows)(query_ctx, &inst->config);
475 if (numaffected < 1) {
476 RDEBUG2("SQL query affected no rows");
477 goto finish;
478 }
479
480 MEM(vb = fr_value_box_alloc_null(ctx));
481 fr_value_box_uint32(vb, NULL, (uint32_t)numaffected, false);
482 fr_dcursor_append(out, vb);
483
484finish:
485 talloc_free(query_ctx);
486
487 return ret;
488}
489
490static xlat_action_t sql_xlat_select_resume(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx,
491 request_t *request, UNUSED fr_value_box_list_t *in)
492{
493 fr_sql_query_t *query_ctx = talloc_get_type_abort(xctx->rctx, fr_sql_query_t);
494 rlm_sql_t const *inst = query_ctx->inst;
495 fr_value_box_t *vb;
496 xlat_action_t ret = XLAT_ACTION_DONE;
497 rlm_rcode_t p_result;
498 rlm_sql_row_t row;
499 bool fetched = false;
500
501 fr_assert(query_ctx->type == SQL_QUERY_SELECT);
502
503 if (query_ctx->rcode != RLM_SQL_OK) {
504 query_error:
505 RERROR("SQL query failed: %s", fr_table_str_by_value(sql_rcode_description_table,
506 query_ctx->rcode, "<INVALID>"));
507 rlm_sql_print_error(inst, request, query_ctx, false);
508 ret = XLAT_ACTION_FAIL;
509 goto finish;
510 }
511
512 do {
513 inst->fetch_row(&p_result, NULL, request, query_ctx);
514 row = query_ctx->row;
515 switch (query_ctx->rcode) {
516 case RLM_SQL_OK:
517 if (row[0]) break;
518
519 RDEBUG2("NULL value in first column of result");
520 goto finish;
521
522 case RLM_SQL_NO_MORE_ROWS:
523 if (!fetched) RDEBUG2("SQL query returned no results");
524 goto finish;
525
526 default:
527 goto query_error;
528 }
529
530 fetched = true;
531
532 MEM(vb = fr_value_box_alloc_null(ctx));
533 fr_value_box_strdup(vb, vb, NULL, row[0], false);
534 fr_dcursor_append(out, vb);
535
536 } while (1);
537
538finish:
539 talloc_free(query_ctx);
540
541 return ret;
542}
543
544/** Execute an arbitrary SQL query
545 *
546 * For SELECTs, the values of the first column will be returned.
547 * For INSERTS, UPDATEs and DELETEs, the number of rows affected will
548 * be returned instead.
549 *
550@verbatim
551%sql(<sql statement>)
552@endverbatim
553 *
554 * @ingroup xlat_functions
555 */
556static xlat_action_t sql_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out,
557 xlat_ctx_t const *xctx,
558 request_t *request, fr_value_box_list_t *in)
559{
560 sql_xlat_call_env_t *call_env = talloc_get_type_abort(xctx->env_data, sql_xlat_call_env_t);
561 rlm_sql_t const *inst = talloc_get_type_abort(xctx->mctx->mi->data, rlm_sql_t);
562 rlm_sql_thread_t *thread = talloc_get_type_abort(xctx->mctx->thread, rlm_sql_thread_t);
563 char const *p;
564 fr_value_box_t *arg = fr_value_box_list_head(in);
565 fr_sql_query_t *query_ctx = NULL;
566 rlm_rcode_t p_result;
567 unlang_action_t query_ret = UNLANG_ACTION_CALCULATE_RESULT;
568
569 if (call_env->filename.type == FR_TYPE_STRING && call_env->filename.vb_length > 0) {
570 rlm_sql_query_log(inst, call_env->filename.vb_strvalue, arg->vb_strvalue);
571 }
572
573 p = arg->vb_strvalue;
574
575 /*
576 * Trim whitespace for the prefix check
577 */
578 fr_skip_whitespace(p);
579
580 /*
581 * If the query starts with any of the following prefixes,
582 * then return the number of rows affected
583 */
584 if ((strncasecmp(p, "insert", 6) == 0) ||
585 (strncasecmp(p, "update", 6) == 0) ||
586 (strncasecmp(p, "delete", 6) == 0)) {
587 MEM(query_ctx = fr_sql_query_alloc(unlang_interpret_frame_talloc_ctx(request), inst, request,
588 thread->trunk, arg->vb_strvalue, SQL_QUERY_OTHER));
589
590 unlang_xlat_yield(request, sql_xlat_query_resume, NULL, 0, query_ctx);
591 query_ret = inst->query(&p_result, NULL, request, query_ctx);
592 if (query_ret == UNLANG_ACTION_PUSHED_CHILD) return XLAT_ACTION_PUSH_UNLANG;
593
594 return sql_xlat_query_resume(ctx, out, &(xlat_ctx_t){.rctx = query_ctx, .inst = inst}, request, in);
595 } /* else it's a SELECT statement */
596
597 MEM(query_ctx = fr_sql_query_alloc(unlang_interpret_frame_talloc_ctx(request), inst, request,
598 thread->trunk, arg->vb_strvalue, SQL_QUERY_SELECT));
599
600 unlang_xlat_yield(request, sql_xlat_select_resume, NULL, 0, query_ctx);
601 if (unlang_function_push(request, inst->select, NULL, NULL, 0, UNLANG_SUB_FRAME, query_ctx) != UNLANG_ACTION_PUSHED_CHILD) return XLAT_ACTION_FAIL;
602
603 return XLAT_ACTION_PUSH_UNLANG;
604}
605
606/** Execute an arbitrary SQL query, expecting results to be returned
607 *
608@verbatim
609%sql.fetch(<sql statement>)
610@endverbatim
611 *
612 * @ingroup xlat_functions
613 */
614static xlat_action_t sql_fetch_xlat(UNUSED TALLOC_CTX *ctx, UNUSED fr_dcursor_t *out, xlat_ctx_t const *xctx,
615 request_t *request, fr_value_box_list_t *in)
616{
617 sql_xlat_call_env_t *call_env = talloc_get_type_abort(xctx->env_data, sql_xlat_call_env_t);
618 rlm_sql_t const *inst = talloc_get_type_abort(xctx->mctx->mi->data, rlm_sql_t);
619 rlm_sql_thread_t *thread = talloc_get_type_abort(xctx->mctx->thread, rlm_sql_thread_t);
620 fr_value_box_t *arg = fr_value_box_list_head(in);
621 fr_sql_query_t *query_ctx = NULL;
622
623 if (call_env->filename.type == FR_TYPE_STRING && call_env->filename.vb_length > 0) {
624 rlm_sql_query_log(inst, call_env->filename.vb_strvalue, arg->vb_strvalue);
625 }
626
627 MEM(query_ctx = fr_sql_query_alloc(unlang_interpret_frame_talloc_ctx(request), inst, request,
628 thread->trunk, arg->vb_strvalue, SQL_QUERY_SELECT));
629
630 unlang_xlat_yield(request, sql_xlat_select_resume, NULL, 0, query_ctx);
631 if (unlang_function_push(request, inst->select, NULL, NULL, 0, UNLANG_SUB_FRAME, query_ctx) != UNLANG_ACTION_PUSHED_CHILD) return XLAT_ACTION_FAIL;
632
633 return XLAT_ACTION_PUSH_UNLANG;
634}
635
636/** Execute an arbitrary SQL query, returning the number of rows affected
637 *
638@verbatim
639%sql.modify(<sql statement>)
640@endverbatim
641 *
642 * @ingroup xlat_functions
643 */
644static xlat_action_t sql_modify_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx,
645 request_t *request, fr_value_box_list_t *in)
646{
647 sql_xlat_call_env_t *call_env = talloc_get_type_abort(xctx->env_data, sql_xlat_call_env_t);
648 rlm_sql_t const *inst = talloc_get_type_abort(xctx->mctx->mi->data, rlm_sql_t);
649 rlm_sql_thread_t *thread = talloc_get_type_abort(xctx->mctx->thread, rlm_sql_thread_t);
650 fr_value_box_t *arg = fr_value_box_list_head(in);
651 fr_sql_query_t *query_ctx = NULL;
652 rlm_rcode_t p_result;
653
654 if (call_env->filename.type == FR_TYPE_STRING && call_env->filename.vb_length > 0) {
655 rlm_sql_query_log(inst, call_env->filename.vb_strvalue, arg->vb_strvalue);
656 }
657
658 MEM(query_ctx = fr_sql_query_alloc(unlang_interpret_frame_talloc_ctx(request), inst, request,
659 thread->trunk, arg->vb_strvalue, SQL_QUERY_OTHER));
660
661 unlang_xlat_yield(request, sql_xlat_query_resume, NULL, 0, query_ctx);
662 if (inst->query(&p_result, NULL, request, query_ctx) == UNLANG_ACTION_PUSHED_CHILD) return XLAT_ACTION_PUSH_UNLANG;
663
664 return sql_xlat_query_resume(ctx, out, &(xlat_ctx_t){.rctx = query_ctx, .inst = inst}, request, in);
665}
666
667/** Converts a string value into a #fr_pair_t
668 *
669 * @param[in,out] ctx to allocate #fr_pair_t (s).
670 * @param[out] out where to write the resulting #fr_pair_t.
671 * @param[in] request The current request.
672 * @param[in] map to process.
673 * @param[in] uctx The value to parse.
674 * @return
675 * - 0 on success.
676 * - -1 on failure.
677 */
678static int _sql_map_proc_get_value(TALLOC_CTX *ctx, fr_pair_list_t *out,
679 request_t *request, map_t const *map, void *uctx)
680{
681 fr_pair_t *vp;
682 char const *value = uctx;
683
684 vp = fr_pair_afrom_da_nested(ctx, out, tmpl_attr_tail_da(map->lhs));
685 if (!vp) return -1;
686
687 /*
688 * Buffer not always talloced, sometimes it's
689 * just a pointer to a field in a result struct.
690 */
691 if (fr_pair_value_from_str(vp, value, strlen(value), NULL, true) < 0) {
692 RPEDEBUG("Failed parsing value \"%pV\" for attribute %s",
693 fr_box_strvalue_buffer(value), vp->da->name);
694 return -1;
695 }
696
697 return 0;
698}
699
700/*
701 * Verify the result of the map.
702 */
703static int sql_map_verify(CONF_SECTION *cs, UNUSED void const *mod_inst, UNUSED void *proc_inst,
704 tmpl_t const *src, UNUSED map_list_t const *maps)
705{
706 if (!src) {
707 cf_log_err(cs, "Missing SQL query");
708
709 return -1;
710 }
711
712 return 0;
713}
714
715#define MAX_SQL_FIELD_INDEX (64)
716
717/** Process the results of an SQL map query
718 *
719 * @param[out] p_result Result of applying the map.
720 * @param[in] priority Unused.
721 * @param[in] request Current request.
722 * @param[in] uctx Map context.
723 * @return One of UNLANG_ACTION_*
724 */
725static unlang_action_t mod_map_resume(rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
726{
727 sql_map_ctx_t *map_ctx = talloc_get_type_abort(uctx, sql_map_ctx_t);
728 fr_sql_query_t *query_ctx = map_ctx->query_ctx;
729 map_list_t const *maps = map_ctx->maps;
730 rlm_sql_t const *inst = map_ctx->inst;
731 map_t const *map;
732 rlm_rcode_t rcode = RLM_MODULE_UPDATED;
733 sql_rcode_t ret;
734 char const **fields = NULL, *map_rhs;
735 rlm_sql_row_t row;
736 int i, j, field_cnt, rows = 0;
737 int field_index[MAX_SQL_FIELD_INDEX];
738 char map_rhs_buff[128];
739 bool found_field = false; /* Did we find any matching fields in the result set ? */
740
741 if (query_ctx->rcode != RLM_SQL_OK) {
742 RERROR("SQL query failed: %s", fr_table_str_by_value(sql_rcode_description_table, query_ctx->rcode, "<INVALID>"));
743 rcode = RLM_MODULE_FAIL;
744 goto finish;
745 }
746
747 /*
748 * Not every driver provides an sql_num_rows function
749 */
750 if (inst->driver->sql_num_rows) {
751 ret = inst->driver->sql_num_rows(query_ctx, &inst->config);
752 if (ret == 0) {
753 RDEBUG2("Server returned an empty result");
754 rcode = RLM_MODULE_NOTFOUND;
755 goto finish;
756 }
757
758 if (ret < 0) {
759 RERROR("Failed retrieving row count");
760 error:
761 rcode = RLM_MODULE_FAIL;
762 goto finish;
763 }
764 }
765
766 for (i = 0; i < MAX_SQL_FIELD_INDEX; i++) field_index[i] = -1;
767
768 /*
769 * Map proc only registered if driver provides an sql_fields function
770 */
771 ret = (inst->driver->sql_fields)(&fields, query_ctx, &inst->config);
772 if (ret != RLM_SQL_OK) {
773 RERROR("Failed retrieving field names: %s", fr_table_str_by_value(sql_rcode_description_table, ret, "<INVALID>"));
774 goto error;
775 }
776 fr_assert(fields);
777 field_cnt = talloc_array_length(fields);
778
779 if (RDEBUG_ENABLED3) for (j = 0; j < field_cnt; j++) RDEBUG3("Got field: %s", fields[j]);
780
781 /*
782 * Iterate over the maps, it's O(N2)ish but probably
783 * faster than building a radix tree each time the
784 * map set is evaluated (map->rhs can be dynamic).
785 */
786 for (map = map_list_head(maps), i = 0;
787 map && (i < MAX_SQL_FIELD_INDEX);
788 map = map_list_next(maps, map), i++) {
789 /*
790 * Expand the RHS to get the name of the SQL field
791 */
792 if (tmpl_expand(&map_rhs, map_rhs_buff, sizeof(map_rhs_buff),
793 request, map->rhs, NULL, NULL) < 0) {
794 RPERROR("Failed getting field name");
795 goto error;
796 }
797
798 for (j = 0; j < field_cnt; j++) {
799 if (strcasecmp(fields[j], map_rhs) != 0) continue;
800 field_index[i] = j;
801 found_field = true;
802 }
803 }
804
805 /*
806 * Couldn't resolve any map RHS values to fields
807 * in the result set.
808 */
809 if (!found_field) {
810 RDEBUG2("No fields matching map found in query result");
811 rcode = RLM_MODULE_NOOP;
812 goto finish;
813 }
814
815 /*
816 * We've resolved all the maps to result indexes, now convert
817 * the values at those indexes into fr_pair_ts.
818 *
819 * Note: Not all SQL client libraries provide a row count,
820 * so we have to do the count here.
821 */
822 while ((inst->fetch_row(p_result, NULL, request, query_ctx) == UNLANG_ACTION_CALCULATE_RESULT) &&
823 (query_ctx->rcode == RLM_SQL_OK)) {
824 row = query_ctx->row;
825 rows++;
826 for (map = map_list_head(maps), j = 0;
827 map && (j < MAX_SQL_FIELD_INDEX);
828 map = map_list_next(maps, map), j++) {
829 if (field_index[j] < 0) continue; /* We didn't find the map RHS in the field set */
830 if (!row[field_index[j]]) {
831 RDEBUG2("Database returned NULL for %s", fields[j]);
832 continue;
833 }
834 if (map_to_request(request, map, _sql_map_proc_get_value, row[field_index[j]]) < 0) goto error;
835 }
836 }
837
838 if (query_ctx->rcode == RLM_SQL_ERROR) goto error;
839
840 if (rows == 0) {
841 RDEBUG2("SQL query returned no results");
842 rcode = RLM_MODULE_NOTFOUND;
843 }
844
845finish:
846 talloc_free(fields);
847 talloc_free(map_ctx);
848
849 RETURN_MODULE_RCODE(rcode);
850}
851
852/** Executes a SELECT query and maps the result to server attributes
853 *
854 * @param p_result Result of map expansion:
855 * - #RLM_MODULE_NOOP no rows were returned or columns matched.
856 * - #RLM_MODULE_UPDATED if one or more #fr_pair_t were added to the #request_t.
857 * - #RLM_MODULE_FAIL if a fault occurred.
858 * @param mod_inst #rlm_sql_t instance.
859 * @param proc_inst Instance data for this specific mod_proc call (unused).
860 * @param request The current request.
861 * @param query string to execute.
862 * @param maps Head of the map list.
863 * @return UNLANG_ACTION_CALCULATE_RESULT
864 */
865static unlang_action_t mod_map_proc(rlm_rcode_t *p_result, void const *mod_inst, UNUSED void *proc_inst, request_t *request,
866 fr_value_box_list_t *query, map_list_t const *maps)
867{
868 rlm_sql_t const *inst = talloc_get_type_abort_const(mod_inst, rlm_sql_t);
869 rlm_sql_thread_t *thread = talloc_get_type_abort(module_thread(inst->mi)->data, rlm_sql_thread_t);
870 fr_value_box_t *query_head = fr_value_box_list_head(query);
871 sql_map_ctx_t *map_ctx;
872 fr_value_box_t *vb = NULL;
873 rlm_sql_escape_uctx_t *escape_uctx = NULL;
874
875 fr_assert(inst->driver->sql_fields); /* Should have been caught during validation... */
876
877 if (!query_head) {
878 REDEBUG("Query cannot be (null)");
879 RETURN_MODULE_FAIL;
880 }
881
882 while ((vb = fr_value_box_list_next(query, vb))) {
883 if (fr_value_box_is_safe_for(vb, inst->driver)) continue;
884 if (!escape_uctx) escape_uctx = sql_escape_uctx_alloc(request, inst);
885 sql_box_escape(vb, escape_uctx);
886 }
887
888 if (fr_value_box_list_concat_in_place(request,
889 query_head, query, FR_TYPE_STRING,
890 FR_VALUE_BOX_LIST_FREE, true,
891 SIZE_MAX) < 0) {
892 RPEDEBUG("Failed concatenating input string");
893 RETURN_MODULE_FAIL;
894 }
895
896 MEM(map_ctx = talloc(unlang_interpret_frame_talloc_ctx(request), sql_map_ctx_t));
897 *map_ctx = (sql_map_ctx_t) {
898 .inst = inst,
899 .maps = maps,
900 };
901
902 MEM(map_ctx->query_ctx = fr_sql_query_alloc(map_ctx, inst, request,
903 thread->trunk, query_head->vb_strvalue, SQL_QUERY_SELECT));
904
905 if (unlang_function_push(request, NULL, mod_map_resume, NULL, 0,
906 UNLANG_SUB_FRAME, map_ctx) != UNLANG_ACTION_PUSHED_CHILD) RETURN_MODULE_FAIL;
907
908 return unlang_function_push(request, inst->select, NULL, NULL, 0, UNLANG_SUB_FRAME, map_ctx->query_ctx);
909}
910
911/** xlat escape function for drivers which do not provide their own
912 *
913 */
914static ssize_t sql_escape_func(UNUSED request_t *request, char *out, size_t outlen, char const *in, void *arg)
915{
916 rlm_sql_t const *inst = talloc_get_type_abort_const(arg, rlm_sql_t);
917 size_t len = 0;
918
919 while (in[0]) {
920 size_t utf8_len;
921
922 /*
923 * Allow all multi-byte UTF8 characters.
924 */
925 utf8_len = fr_utf8_char((uint8_t const *) in, -1);
926 if (utf8_len > 1) {
927 if (outlen <= utf8_len) break;
928
929 memcpy(out, in, utf8_len);
930 in += utf8_len;
931 out += utf8_len;
932
933 outlen -= utf8_len;
934 len += utf8_len;
935 continue;
936 }
937
938 /*
939 * Because we register our own escape function
940 * we're now responsible for escaping all special
941 * chars in an xlat expansion or attribute value.
942 */
943 switch (in[0]) {
944 case '\n':
945 if (outlen <= 2) break;
946 out[0] = '\\';
947 out[1] = 'n';
948
949 in++;
950 out += 2;
951 outlen -= 2;
952 len += 2;
953 break;
954
955 case '\r':
956 if (outlen <= 2) break;
957 out[0] = '\\';
958 out[1] = 'r';
959
960 in++;
961 out += 2;
962 outlen -= 2;
963 len += 2;
964 break;
965
966 case '\t':
967 if (outlen <= 2) break;
968 out[0] = '\\';
969 out[1] = 't';
970
971 in++;
972 out += 2;
973 outlen -= 2;
974 len += 2;
975 break;
976 }
977
978 /*
979 * Non-printable characters get replaced with their
980 * mime-encoded equivalents.
981 */
982 if ((in[0] < 32) ||
983 strchr(inst->config.allowed_chars, *in) == NULL) {
984 /*
985 * Only 3 or less bytes available.
986 */
987 if (outlen <= 3) {
988 break;
989 }
990
991 snprintf(out, outlen, "=%02X", (unsigned char) in[0]);
992 in++;
993 out += 3;
994 outlen -= 3;
995 len += 3;
996 continue;
997 }
998
999 /*
1000 * Only one byte left.
1001 */
1002 if (outlen <= 1) {
1003 break;
1004 }
1005
1006 /*
1007 * Allowed character.
1008 */
1009 *out = *in;
1010 out++;
1011 in++;
1012 outlen--;
1013 len++;
1014 }
1015 *out = '\0';
1016 return len;
1017}
1018
1019/*
1020 * Set the SQL user name.
1021 *
1022 * We don't call the escape function here. The resulting string
1023 * will be escaped later in the queries xlat so we don't need to
1024 * escape it twice. (it will make things wrong if we have an
1025 * escape candidate character in the username)
1026 */
1027static void sql_set_user(rlm_sql_t const *inst, request_t *request, fr_value_box_t *user)
1028{
1029 fr_pair_t *vp = NULL;
1030
1031 fr_assert(request->packet != NULL);
1032
1033 MEM(pair_update_request(&vp, inst->sql_user) >= 0);
1034 if(!user || (user->type != FR_TYPE_STRING)) {
1035 pair_delete_request(vp);
1036 return;
1037 }
1038
1039 /*
1040 * Replace any existing SQL-User-Name with new value
1041 */
1042 fr_pair_value_bstrdup_buffer(vp, user->vb_strvalue, user->tainted);
1043 RDEBUG2("SQL-User-Name set to '%pV'", &vp->data);
1044}
1045
1046/*
1047 * Do a set/unset user, so it's a bit clearer what's going on.
1048 */
1049#define sql_unset_user(_i, _r) fr_pair_delete_by_da(&_r->request_pairs, _i->sql_user)
1050
1051
1056
1057static unlang_action_t sql_get_grouplist_resume(rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
1058{
1059 sql_group_ctx_t *group_ctx = talloc_get_type_abort(uctx, sql_group_ctx_t);
1060 fr_sql_query_t *query_ctx = group_ctx->query_ctx;
1061 rlm_sql_t const *inst = group_ctx->inst;
1062 rlm_sql_row_t row;
1063 rlm_sql_grouplist_t *entry = group_ctx->groups;
1064
1065 if (query_ctx->rcode != RLM_SQL_OK) {
1066 error:
1067 talloc_free(query_ctx);
1068 RETURN_MODULE_FAIL;
1069 }
1070
1071 while ((inst->fetch_row(p_result, NULL, request, query_ctx) == UNLANG_ACTION_CALCULATE_RESULT) &&
1072 (query_ctx->rcode == RLM_SQL_OK)) {
1073 row = query_ctx->row;
1074 if (!row[0]){
1075 RDEBUG2("row[0] returned NULL");
1076 goto error;
1077 }
1078
1079 if (!entry) {
1080 group_ctx->groups = talloc_zero(group_ctx, rlm_sql_grouplist_t);
1081 entry = group_ctx->groups;
1082 } else {
1083 entry->next = talloc_zero(group_ctx, rlm_sql_grouplist_t);
1084 entry = entry->next;
1085 }
1086 entry->next = NULL;
1087 entry->name = talloc_typed_strdup(entry, row[0]);
1088
1089 group_ctx->num_groups++;
1090 }
1091
1092 talloc_free(query_ctx);
1093 RETURN_MODULE_OK;
1094}
1095
1096static unlang_action_t sql_get_grouplist(sql_group_ctx_t *group_ctx, trunk_t *trunk, request_t *request)
1097{
1098 rlm_sql_t const *inst = group_ctx->inst;
1099
1100 /* NOTE: sql_set_user should have been run before calling this function */
1101
1102 if (!group_ctx->query || (group_ctx->query->vb_length == 0)) return UNLANG_ACTION_CALCULATE_RESULT;
1103
1104 MEM(group_ctx->query_ctx = fr_sql_query_alloc(group_ctx, inst, request, trunk,
1105 group_ctx->query->vb_strvalue, SQL_QUERY_SELECT));
1106
1107 if (unlang_function_push(request, NULL, sql_get_grouplist_resume, NULL, 0, UNLANG_SUB_FRAME, group_ctx) < 0) return UNLANG_ACTION_FAIL;
1108
1109 return unlang_function_push(request, inst->select, NULL, NULL, 0, UNLANG_SUB_FRAME, group_ctx->query_ctx);
1110}
1111
1112typedef struct {
1113 fr_value_box_list_t query;
1114 sql_group_ctx_t *group_ctx;
1115} sql_group_xlat_ctx_t;
1116
1117/** Compare list of groups returned from SQL query to xlat argument.
1118 *
1119 * Called after the SQL query has completed and group list has been built.
1120 */
1121static xlat_action_t sql_group_xlat_query_resume(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx,
1122 UNUSED request_t *request, fr_value_box_list_t *in)
1123{
1124 sql_group_xlat_ctx_t *xlat_ctx = talloc_get_type_abort(xctx->rctx, sql_group_xlat_ctx_t);
1125 sql_group_ctx_t *group_ctx = talloc_get_type_abort(xlat_ctx->group_ctx, sql_group_ctx_t);
1126 fr_value_box_t *arg = fr_value_box_list_head(in);
1127 char const *name = arg->vb_strvalue;
1128 fr_value_box_t *vb;
1129 rlm_sql_grouplist_t *entry;
1130
1131 fr_skip_whitespace(name);
1132
1133 MEM(vb = fr_value_box_alloc(ctx, FR_TYPE_BOOL, attr_expr_bool_enum));
1134 for (entry = group_ctx->groups; entry != NULL; entry = entry->next) {
1135 if (strcmp(entry->name, name) == 0) {
1136 vb->vb_bool = true;
1137 break;
1138 }
1139 }
1140 fr_dcursor_append(out, vb);
1141
1142 talloc_free(xlat_ctx);
1143
1144 return XLAT_ACTION_DONE;
1145}
1146
1147/** Run SQL query for group membership to return list of groups
1148 *
1149 * Called after group membership query tmpl is expanded
1150 */
1151static xlat_action_t sql_group_xlat_resume(UNUSED TALLOC_CTX *ctx, UNUSED fr_dcursor_t *out, xlat_ctx_t const *xctx,
1152 request_t *request, UNUSED fr_value_box_list_t *in)
1153{
1154 sql_group_xlat_ctx_t *xlat_ctx = talloc_get_type_abort(xctx->rctx, sql_group_xlat_ctx_t);
1155 rlm_sql_t const *inst = talloc_get_type_abort(xctx->mctx->mi->data, rlm_sql_t);
1156 rlm_sql_thread_t *thread = talloc_get_type_abort(xctx->mctx->thread, rlm_sql_thread_t);
1157 fr_value_box_t *query;
1158
1159 query = fr_value_box_list_head(&xlat_ctx->query);
1160 if (!query) return XLAT_ACTION_FAIL;
1161
1162 MEM(xlat_ctx->group_ctx = talloc(xlat_ctx, sql_group_ctx_t));
1163
1164 *xlat_ctx->group_ctx = (sql_group_ctx_t) {
1165 .inst = inst,
1166 .query = query,
1167 };
1168
1169 if (unlang_xlat_yield(request, sql_group_xlat_query_resume, NULL, 0, xlat_ctx) != XLAT_ACTION_YIELD) return XLAT_ACTION_FAIL;
1170
1171 if (sql_get_grouplist(xlat_ctx->group_ctx, thread->trunk, request) != UNLANG_ACTION_PUSHED_CHILD)
1172 return XLAT_ACTION_FAIL;
1173
1174 return XLAT_ACTION_PUSH_UNLANG;
1175}
1176
1177
1178/** Check if the user is a member of a particular group
1179 *
1180@verbatim
1181%sql.group(<name>)
1182@endverbatim
1183 *
1184 * @ingroup xlat_functions
1185 */
1186static xlat_action_t sql_group_xlat(UNUSED TALLOC_CTX *ctx, UNUSED fr_dcursor_t *out, xlat_ctx_t const *xctx,
1187 request_t *request, UNUSED fr_value_box_list_t *in)
1188{
1189 sql_group_xlat_call_env_t *call_env = talloc_get_type_abort(xctx->env_data, sql_group_xlat_call_env_t);
1190 sql_group_xlat_ctx_t *xlat_ctx;
1191 rlm_sql_t const *inst = talloc_get_type_abort(xctx->mctx->mi->data, rlm_sql_t);
1192
1193 if (!call_env->membership_query) {
1194 RWARN("Cannot check group membership - group_membership_query not set");
1195 return XLAT_ACTION_FAIL;
1196 }
1197
1198 /*
1199 * Set the user attr here
1200 */
1201 sql_set_user(inst, request, &call_env->user);
1202
1203 MEM(xlat_ctx = talloc_zero(unlang_interpret_frame_talloc_ctx(request), sql_group_xlat_ctx_t));
1204 fr_value_box_list_init(&xlat_ctx->query);
1205
1206 if (unlang_xlat_yield(request, sql_group_xlat_resume, NULL, 0, xlat_ctx) != XLAT_ACTION_YIELD) return XLAT_ACTION_FAIL;
1207 if (unlang_tmpl_push(xlat_ctx, &xlat_ctx->query, request, call_env->membership_query, NULL) < 0) return XLAT_ACTION_FAIL;
1208 return XLAT_ACTION_PUSH_UNLANG;
1209}
1210
1211/** Process a "check" map
1212 *
1213 * Any entries using an assignment operator will be moved to the reply map
1214 * for later merging into the request.
1215 *
1216 * @param request Current request.
1217 * @param check_map to process.
1218 * @param reply_map where any assignment entries will be moved.
1219 * @return
1220 * - 0 if all the check entries pass.
1221 * - -1 if the checks fail.
1222 */
1223static int check_map_process(request_t *request, map_list_t *check_map, map_list_t *reply_map)
1224{
1225 map_t *map, *next;
1226
1227 for (map = map_list_head(check_map);
1228 map != NULL;
1229 map = next) {
1230 next = map_list_next(check_map, map);
1231
1232 if (fr_assignment_op[map->op]) {
1233 (void) map_list_remove(check_map, map);
1234 map_list_insert_tail(reply_map, map);
1235 continue;
1236 }
1237
1238 if (!fr_comparison_op[map->op]) {
1239 REDEBUG("Invalid operator '%s'", fr_tokens[map->op]);
1240 goto fail;
1241 }
1242
1243 if (fr_type_is_structural(tmpl_attr_tail_da(map->lhs)->type) &&
1244 (map->op != T_OP_CMP_TRUE) && (map->op != T_OP_CMP_FALSE)) {
1245 REDEBUG("Invalid comparison for structural type");
1246 goto fail;
1247 }
1248
1249 RDEBUG2(" &%s %s %s", map->lhs->name, fr_tokens[map->op], map->rhs->name);
1250 if (radius_legacy_map_cmp(request, map) != 1) {
1251 fail:
1252 map_list_talloc_free(check_map);
1253 map_list_talloc_free(reply_map);
1254 RDEBUG2("failed match: skipping this entry");
1255 return -1;
1256 }
1257 }
1258 return 0;
1259}
1260
1261static int sql_autz_ctx_free(sql_autz_ctx_t *to_free)
1262{
1263 if (!to_free->inst->sql_escape_arg) (void) request_data_get(to_free->request, (void *)sql_escape_uctx_alloc, 0);
1264 map_list_talloc_free(&to_free->check_tmp);
1265 map_list_talloc_free(&to_free->reply_tmp);
1266 sql_unset_user(to_free->inst, to_free->request);
1267
1268 return 0;
1269}
1270
1271/** Resume function called after authorization group / profile expansion of check / reply query tmpl
1272 *
1273 * Groups and profiles are treated almost identically except:
1274 * - groups are read from an SQL query
1275 * - profiles are read from &control.User-Profile
1276 * - if `cache_groups` is set, groups populate &control.SQL-Group
1277 *
1278 * Profiles are handled after groups, and will not happend if the last group resulted in `Fall-Through = no`
1279 *
1280 * Before each query is run, &request.SQL-Group is populated with the value of the group being evaluated.
1281 *
1282 * @param p_result Result of current authorization.
1283 * @param priority Unused.
1284 * @param request Current request.
1285 * @param uctx Current authorization context.
1286 * @return one of the RLM_MODULE_* values.
1287 */
1288static unlang_action_t mod_autz_group_resume(rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
1289{
1290 sql_autz_ctx_t *autz_ctx = talloc_get_type_abort(uctx, sql_autz_ctx_t);
1291 sql_autz_call_env_t *call_env = autz_ctx->call_env;
1292 sql_group_ctx_t *group_ctx = autz_ctx->group_ctx;
1293 fr_sql_map_ctx_t *map_ctx = autz_ctx->map_ctx;
1294 rlm_sql_t const *inst = autz_ctx->inst;
1295 fr_value_box_t *query = fr_value_box_list_pop_head(&autz_ctx->query);
1296 sql_fall_through_t do_fall_through = FALL_THROUGH_DEFAULT;
1297 fr_pair_t *vp;
1298
1299 switch (*p_result) {
1300 case RLM_MODULE_USER_SECTION_REJECT:
1301 return UNLANG_ACTION_CALCULATE_RESULT;
1302
1303 default:
1304 break;
1305 }
1306
1307 switch(autz_ctx->status) {
1308 case SQL_AUTZ_GROUP_MEMB:
1309 if (unlang_function_repeat_set(request, mod_autz_group_resume) < 0) RETURN_MODULE_FAIL;
1310 MEM(autz_ctx->group_ctx = talloc(autz_ctx, sql_group_ctx_t));
1311 *autz_ctx->group_ctx = (sql_group_ctx_t) {
1312 .inst = inst,
1313 .query = query,
1314 };
1315
1316 if (sql_get_grouplist(autz_ctx->group_ctx, autz_ctx->trunk, request) == UNLANG_ACTION_PUSHED_CHILD) {
1317 autz_ctx->status = SQL_AUTZ_GROUP_MEMB_RESUME;
1318 return UNLANG_ACTION_PUSHED_CHILD;
1319 }
1320
1321 group_ctx = autz_ctx->group_ctx;
1322
1323 FALL_THROUGH;
1324
1325 case SQL_AUTZ_GROUP_MEMB_RESUME:
1326 talloc_free(group_ctx->query);
1327
1328 if (group_ctx->num_groups == 0) {
1329 RDEBUG2("User not found in any groups");
1330 break;
1331 }
1332 fr_assert(group_ctx->groups);
1333
1334 RDEBUG2("User found in the group table");
1335 autz_ctx->user_found = true;
1336 autz_ctx->group = group_ctx->groups;
1337 MEM(pair_update_request(&autz_ctx->sql_group, inst->group_da) >= 0);
1338
1339 next_group:
1340 fr_pair_value_strdup(autz_ctx->sql_group, autz_ctx->group->name, true);
1341 autz_ctx->status = SQL_AUTZ_GROUP_CHECK;
1342 FALL_THROUGH;
1343
1344 case SQL_AUTZ_PROFILE_START:
1345 next_profile:
1346 if (autz_ctx->status & SQL_AUTZ_STAGE_PROFILE) {
1347 fr_pair_value_strdup(autz_ctx->sql_group, autz_ctx->profile->vp_strvalue, true);
1348 autz_ctx->status = SQL_AUTZ_PROFILE_CHECK;
1349 }
1350 RDEBUG3("Processing %s %pV",
1351 autz_ctx->status & SQL_AUTZ_STAGE_GROUP ? "group" : "profile", &autz_ctx->sql_group->data);
1352 if (inst->config.cache_groups && autz_ctx->status & SQL_AUTZ_STAGE_GROUP) {
1353 MEM(pair_append_control(&vp, inst->group_da) >= 0);
1354 fr_pair_value_strdup(vp, autz_ctx->group->name, true);
1355 }
1356
1357 if (call_env->group_check_query) {
1358 if (unlang_function_repeat_set(request, mod_autz_group_resume) < 0) RETURN_MODULE_FAIL;
1359 if (unlang_tmpl_push(autz_ctx, &autz_ctx->query, request,
1360 call_env->group_check_query, NULL) < 0) RETURN_MODULE_FAIL;
1361 return UNLANG_ACTION_PUSHED_CHILD;
1362 }
1363
1364 if (call_env->group_reply_query) goto group_reply_push;
1365
1366 break;
1367
1368 case SQL_AUTZ_GROUP_CHECK:
1369 case SQL_AUTZ_PROFILE_CHECK:
1370 *autz_ctx->map_ctx = (fr_sql_map_ctx_t) {
1371 .ctx = autz_ctx,
1372 .inst = inst,
1373 .out = &autz_ctx->check_tmp,
1374 .list = request_attr_request,
1375 .query = query,
1376 };
1377
1378 if (unlang_function_repeat_set(request, mod_autz_group_resume) < 0) RETURN_MODULE_FAIL;
1379 if (sql_get_map_list(request, map_ctx, autz_ctx->trunk) == UNLANG_ACTION_PUSHED_CHILD) {
1380 autz_ctx->status = autz_ctx->status & SQL_AUTZ_STAGE_GROUP ? SQL_AUTZ_GROUP_CHECK_RESUME : SQL_AUTZ_PROFILE_CHECK_RESUME;
1381 return UNLANG_ACTION_PUSHED_CHILD;
1382 }
1383
1384 FALL_THROUGH;
1385
1386 case SQL_AUTZ_GROUP_CHECK_RESUME:
1387 case SQL_AUTZ_PROFILE_CHECK_RESUME:
1388 talloc_free(map_ctx->query);
1389
1390 /*
1391 * If we got check rows we need to process them before we decide to
1392 * process the reply rows
1393 */
1394 if (map_ctx->rows > 0) {
1395 if (check_map_process(request, &autz_ctx->check_tmp, &autz_ctx->reply_tmp) < 0) {
1396 map_list_talloc_free(&autz_ctx->check_tmp);
1397 goto next_group_find;
1398 }
1399 RDEBUG2("%s \"%pV\": Conditional check items matched",
1400 autz_ctx->status & SQL_AUTZ_STAGE_GROUP ? "Group" : "Profile", &autz_ctx->sql_group->data);
1401 } else {
1402 RDEBUG2("%s \"%pV\": Conditional check items matched (empty)",
1403 autz_ctx->status & SQL_AUTZ_STAGE_GROUP ? "Group" : "Profile", &autz_ctx->sql_group->data);
1404 }
1405
1406 if (autz_ctx->rcode == RLM_MODULE_NOOP) autz_ctx->rcode = RLM_MODULE_OK;
1407
1408 map_list_talloc_free(&autz_ctx->check_tmp);
1409
1410 if (call_env->group_reply_query) {
1411 group_reply_push:
1412 if (unlang_function_repeat_set(request, mod_autz_group_resume) < 0) RETURN_MODULE_FAIL;
1413 if (unlang_tmpl_push(autz_ctx, &autz_ctx->query, request,
1414 call_env->group_reply_query, NULL) < 0) RETURN_MODULE_FAIL;
1415 autz_ctx->status = autz_ctx->status & SQL_AUTZ_STAGE_GROUP ? SQL_AUTZ_GROUP_REPLY : SQL_AUTZ_PROFILE_REPLY;
1416 return UNLANG_ACTION_PUSHED_CHILD;
1417 }
1418
1419 if (map_list_num_elements(&autz_ctx->reply_tmp)) goto group_attr_cache;
1420
1421 goto next_group_find;
1422
1423 case SQL_AUTZ_GROUP_REPLY:
1424 case SQL_AUTZ_PROFILE_REPLY:
1425 *autz_ctx->map_ctx = (fr_sql_map_ctx_t) {
1426 .ctx = autz_ctx,
1427 .inst = inst,
1428 .out = &autz_ctx->reply_tmp,
1429 .list = request_attr_reply,
1430 .query = query,
1431 .expand_rhs = true,
1432 };
1433
1434 if (unlang_function_repeat_set(request, mod_autz_group_resume) < 0) RETURN_MODULE_FAIL;
1435 if (sql_get_map_list(request, map_ctx, autz_ctx->trunk) == UNLANG_ACTION_PUSHED_CHILD) {
1436 autz_ctx->status = autz_ctx->status & SQL_AUTZ_STAGE_GROUP ? SQL_AUTZ_GROUP_REPLY_RESUME : SQL_AUTZ_PROFILE_REPLY_RESUME;
1437 return UNLANG_ACTION_PUSHED_CHILD;
1438 }
1439
1440 FALL_THROUGH;
1441
1442 case SQL_AUTZ_GROUP_REPLY_RESUME:
1443 case SQL_AUTZ_PROFILE_REPLY_RESUME:
1444 talloc_free(map_ctx->query);
1445
1446 if (map_ctx->rows == 0) {
1447 do_fall_through = FALL_THROUGH_DEFAULT;
1448 goto group_attr_cache;
1449 }
1450
1451 fr_assert(!map_list_empty(&autz_ctx->reply_tmp)); /* coverity, among others */
1452 do_fall_through = fall_through(&autz_ctx->reply_tmp);
1453
1454 group_attr_cache:
1455 if (inst->config.cache_groups && autz_ctx->status & SQL_AUTZ_STAGE_GROUP) {
1456 MEM(pair_append_control(&vp, inst->group_da) >= 0);
1457 fr_pair_value_strdup(vp, autz_ctx->group->name, true);
1458 }
1459
1460 if (map_list_num_elements(&autz_ctx->reply_tmp) == 0) goto next_group_find;
1461 RDEBUG2("%s \"%pV\": Merging control and reply items",
1462 autz_ctx->status & SQL_AUTZ_STAGE_GROUP ? "Group" : "Profile", &autz_ctx->sql_group->data);
1463 autz_ctx->rcode = RLM_MODULE_UPDATED;
1464
1465 RINDENT();
1466 if (radius_legacy_map_list_apply(request, &autz_ctx->reply_tmp, NULL) < 0) {
1467 RPEDEBUG("Failed applying reply item");
1468 REXDENT();
1469 RETURN_MODULE_FAIL;
1470 }
1471 REXDENT();
1472 map_list_talloc_free(&autz_ctx->reply_tmp);
1473
1474 next_group_find:
1475 if (do_fall_through != FALL_THROUGH_YES) break;
1476 if (autz_ctx->status & SQL_AUTZ_STAGE_PROFILE) {
1477 autz_ctx->profile = fr_pair_find_by_da(&request->control_pairs, autz_ctx->profile, attr_user_profile);
1478 if (autz_ctx->profile) goto next_profile;
1479 break;
1480 }
1481 autz_ctx->group = autz_ctx->group->next;
1482 if (autz_ctx->group) goto next_group;
1483
1484 break;
1485
1486 default:
1487 fr_assert(0);
1488 }
1489
1490 /*
1491 * If group processing has completed, check to see if profile processing should be done
1492 */
1493 if ((autz_ctx->status & SQL_AUTZ_STAGE_GROUP) &&
1494 ((do_fall_through == FALL_THROUGH_YES) ||
1495 (inst->config.read_profiles && (do_fall_through == FALL_THROUGH_DEFAULT)))) {
1496 RDEBUG3("... falling-through to profile processing");
1497
1498 autz_ctx->profile = fr_pair_find_by_da(&request->control_pairs, NULL, attr_user_profile);
1499 if (autz_ctx->profile) {
1500 MEM(pair_update_request(&autz_ctx->sql_group, inst->group_da) >= 0);
1501 autz_ctx->status = SQL_AUTZ_PROFILE_START;
1502 goto next_profile;
1503 }
1504 }
1505
1506 if (!autz_ctx->user_found) RETURN_MODULE_NOTFOUND;
1507
1508 RETURN_MODULE_RCODE(autz_ctx->rcode);
1509}
1510
1511/** Resume function called after authorization check / reply tmpl expansion
1512 *
1513 * @param p_result Result of current authorization.
1514 * @param priority Unused.
1515 * @param request Current request.
1516 * @param uctx Current authorization context.
1517 * @return one of the RLM_MODULE_* values.
1518 */
1519static unlang_action_t mod_authorize_resume(rlm_rcode_t *p_result, int *priority, request_t *request, void *uctx)
1520{
1521 sql_autz_ctx_t *autz_ctx = talloc_get_type_abort(uctx, sql_autz_ctx_t);
1522 sql_autz_call_env_t *call_env = autz_ctx->call_env;
1523 rlm_sql_t const *inst = autz_ctx->inst;
1524 fr_value_box_t *query = fr_value_box_list_pop_head(&autz_ctx->query);
1525 sql_fall_through_t do_fall_through = FALL_THROUGH_DEFAULT;
1526 fr_sql_map_ctx_t *map_ctx = autz_ctx->map_ctx;
1527
1528 /*
1529 * If a previous async call returned one of the "failure" results just return.
1530 */
1531 switch (*p_result) {
1532 case RLM_MODULE_USER_SECTION_REJECT:
1533 return UNLANG_ACTION_CALCULATE_RESULT;
1534
1535 default:
1536 break;
1537 }
1538
1539 switch(autz_ctx->status) {
1540 case SQL_AUTZ_CHECK:
1541 *autz_ctx->map_ctx = (fr_sql_map_ctx_t) {
1542 .ctx = autz_ctx,
1543 .inst = inst,
1544 .out = &autz_ctx->check_tmp,
1545 .list = request_attr_request,
1546 .query = query,
1547 };
1548
1549 if (unlang_function_repeat_set(request, mod_authorize_resume) < 0) RETURN_MODULE_FAIL;
1550 if (sql_get_map_list(request, map_ctx, autz_ctx->trunk) == UNLANG_ACTION_PUSHED_CHILD){
1551 autz_ctx->status = SQL_AUTZ_CHECK_RESUME;
1552 return UNLANG_ACTION_PUSHED_CHILD;
1553 }
1554
1555 FALL_THROUGH;
1556
1557 case SQL_AUTZ_CHECK_RESUME:
1558 talloc_free(map_ctx->query);
1559
1560 if (map_ctx->rows == 0) goto skip_reply; /* Don't need to handle map entries we don't have */
1561
1562 /*
1563 * Only do this if *some* check pairs were returned
1564 */
1565 RDEBUG2("User found in radcheck table");
1566 autz_ctx->user_found = true;
1567
1568 if (check_map_process(request, &autz_ctx->check_tmp, &autz_ctx->reply_tmp) < 0) goto skip_reply;
1569 RDEBUG2("Conditional check items matched");
1570
1571 autz_ctx->rcode = RLM_MODULE_OK;
1572 map_list_talloc_free(&autz_ctx->check_tmp);
1573
1574 if (!call_env->reply_query) goto skip_reply;
1575
1576 if (unlang_function_repeat_set(request, mod_authorize_resume) < 0) RETURN_MODULE_FAIL;
1577 if (unlang_tmpl_push(autz_ctx, &autz_ctx->query, request, call_env->reply_query, NULL) < 0) RETURN_MODULE_FAIL;
1578 autz_ctx->status = SQL_AUTZ_REPLY;
1579 return UNLANG_ACTION_PUSHED_CHILD;
1580
1581 case SQL_AUTZ_REPLY:
1582 *autz_ctx->map_ctx = (fr_sql_map_ctx_t) {
1583 .ctx = autz_ctx,
1584 .inst = inst,
1585 .out = &autz_ctx->reply_tmp,
1586 .list = request_attr_reply,
1587 .query = query,
1588 .expand_rhs = true,
1589 };
1590
1591 if (unlang_function_repeat_set(request, mod_authorize_resume) < 0) RETURN_MODULE_FAIL;
1592 if (sql_get_map_list(request, map_ctx, autz_ctx->trunk) == UNLANG_ACTION_PUSHED_CHILD){
1593 autz_ctx->status = SQL_AUTZ_REPLY_RESUME;
1594 return UNLANG_ACTION_PUSHED_CHILD;
1595 }
1596
1597 FALL_THROUGH;
1598
1599 case SQL_AUTZ_REPLY_RESUME:
1600 talloc_free(map_ctx->query);
1601
1602 if (map_ctx->rows == 0) goto skip_reply;
1603
1604 do_fall_through = fall_through(&autz_ctx->reply_tmp);
1605
1606 RDEBUG2("User found in radreply table");
1607 autz_ctx->user_found = true;
1608
1609 skip_reply:
1610 if (map_list_num_elements(&autz_ctx->reply_tmp)) {
1611 RDEBUG2("Merging control and reply items");
1612 RINDENT();
1613 if (radius_legacy_map_list_apply(request, &autz_ctx->reply_tmp, NULL) < 0) {
1614 RPEDEBUG("Failed applying item");
1615 REXDENT();
1616 RETURN_MODULE_FAIL;
1617 }
1618 REXDENT();
1619
1620 autz_ctx->rcode = RLM_MODULE_UPDATED;
1621 map_list_talloc_free(&autz_ctx->reply_tmp);
1622 }
1623
1624 if ((do_fall_through == FALL_THROUGH_YES) ||
1625 (inst->config.read_groups && (do_fall_through == FALL_THROUGH_DEFAULT))) {
1626 RDEBUG3("... falling-through to group processing");
1627
1628 if (!call_env->membership_query) {
1629 RWARN("Cannot check groups when group_membership_query is not set");
1630 break;
1631 }
1632
1633 if (!call_env->group_check_query && !call_env->group_reply_query) {
1634 RWARN("Cannot process groups when neither authorize_group_check_query nor authorize_group_check_query are set");
1635 break;
1636 }
1637
1638 if (unlang_function_repeat_set(request, mod_autz_group_resume) < 0) RETURN_MODULE_FAIL;
1639 if (unlang_tmpl_push(autz_ctx, &autz_ctx->query, request,
1640 call_env->membership_query, NULL) < 0) RETURN_MODULE_FAIL;
1641 autz_ctx->status = SQL_AUTZ_GROUP_MEMB;
1642 return UNLANG_ACTION_PUSHED_CHILD;
1643 }
1644
1645 if ((do_fall_through == FALL_THROUGH_YES) ||
1646 (inst->config.read_profiles && (do_fall_through == FALL_THROUGH_DEFAULT))) {
1647 RDEBUG3("... falling-through to profile processing");
1648
1649 if (!call_env->group_check_query && !call_env->group_reply_query) {
1650 RWARN("Cannot process profiles when neither authorize_group_check_query nor authorize_group_check_query are set");
1651 break;
1652 }
1653
1654 autz_ctx->profile = fr_pair_find_by_da(&request->control_pairs, NULL, attr_user_profile);
1655 if (!autz_ctx->profile) break;
1656
1657 MEM(pair_update_request(&autz_ctx->sql_group, inst->group_da) >= 0);
1658 autz_ctx->status = SQL_AUTZ_PROFILE_START;
1659 return mod_autz_group_resume(p_result, priority, request, autz_ctx);
1660 }
1661 break;
1662
1663 default:
1664 fr_assert(0);
1665 }
1666
1667 if (!autz_ctx->user_found) RETURN_MODULE_NOTFOUND;
1668 RETURN_MODULE_RCODE(autz_ctx->rcode);
1669}
1670
1671/** Start of module authorize method
1672 *
1673 * Pushes the tmpl relating to the first required query for evaluation
1674 */
1675static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
1676{
1677 rlm_sql_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_sql_t);
1678 rlm_sql_thread_t *thread = talloc_get_type_abort(mctx->thread, rlm_sql_thread_t);
1679 sql_autz_call_env_t *call_env = talloc_get_type_abort(mctx->env_data, sql_autz_call_env_t);
1680 sql_autz_ctx_t *autz_ctx;
1681
1682 fr_assert(request->packet != NULL);
1683 fr_assert(request->reply != NULL);
1684
1685 if (!call_env->check_query && !call_env->reply_query && !(inst->config.read_groups && call_env->membership_query)) {
1686 RWDEBUG("No authorization checks configured, returning noop");
1687 RETURN_MODULE_NOOP;
1688 }
1689
1690 /*
1691 * Set and check the user attr here
1692 */
1693 sql_set_user(inst, request, &call_env->user);
1694
1695 MEM(autz_ctx = talloc(unlang_interpret_frame_talloc_ctx(request), sql_autz_ctx_t));
1696 *autz_ctx = (sql_autz_ctx_t) {
1697 .inst = inst,
1698 .call_env = call_env,
1699 .request = request,
1700 .trunk = thread->trunk,
1701 .rcode = RLM_MODULE_NOOP
1702 };
1703 map_list_init(&autz_ctx->check_tmp);
1704 map_list_init(&autz_ctx->reply_tmp);
1705 MEM(autz_ctx->map_ctx = talloc_zero(autz_ctx, fr_sql_map_ctx_t));
1706 talloc_set_destructor(autz_ctx, sql_autz_ctx_free);
1707
1708 if (unlang_function_push(request, NULL,
1709 (call_env->check_query || call_env->reply_query) ? mod_authorize_resume : mod_autz_group_resume,
1710 NULL, 0, UNLANG_SUB_FRAME, autz_ctx) < 0) {
1711 error:
1712 talloc_free(autz_ctx);
1713 RETURN_MODULE_FAIL;
1714 }
1715
1716 fr_value_box_list_init(&autz_ctx->query);
1717
1718 /*
1719 * Query the check table to find any conditions associated with this user/realm/whatever...
1720 */
1721 if (call_env->check_query) {
1722 if (unlang_tmpl_push(autz_ctx, &autz_ctx->query, request, call_env->check_query, NULL) < 0) goto error;
1723 autz_ctx->status = SQL_AUTZ_CHECK;
1724 return UNLANG_ACTION_PUSHED_CHILD;
1725 }
1726
1727 if (call_env->reply_query) {
1728 if (unlang_tmpl_push(autz_ctx, &autz_ctx->query, request, call_env->reply_query, NULL) < 0) goto error;
1729 autz_ctx->status = SQL_AUTZ_REPLY;
1730 return UNLANG_ACTION_PUSHED_CHILD;
1731 }
1732
1733 /*
1734 * Neither check nor reply queries were set, so we must be doing group stuff
1735 */
1736 if (unlang_tmpl_push(autz_ctx, &autz_ctx->query, request, call_env->membership_query, NULL) < 0) goto error;
1737 autz_ctx->status = SQL_AUTZ_GROUP_MEMB;
1738 return UNLANG_ACTION_PUSHED_CHILD;
1739}
1740
1741/** Tidy up when freeing an SQL redundant context
1742 *
1743 * Release the connection handle and unset the SQL-User attribute.
1744 */
1745static int sql_redundant_ctx_free(sql_redundant_ctx_t *to_free)
1746{
1747 if (!to_free->inst->sql_escape_arg) (void) request_data_get(to_free->request, (void *)sql_escape_uctx_alloc, 0);
1748 sql_unset_user(to_free->inst, to_free->request);
1749
1750 return 0;
1751}
1752
1753static unlang_action_t mod_sql_redundant_resume(rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx);
1754
1755/** Resume function called after executing an SQL query in a redundant list of queries.
1756 *
1757 * @param p_result Result of current module call.
1758 * @param priority Unused.
1759 * @param request Current request.
1760 * @param uctx Current redundant sql context.
1761 * @return one of the RLM_MODULE_* values.
1762 */
1763static unlang_action_t mod_sql_redundant_query_resume(rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
1764{
1765 sql_redundant_ctx_t *redundant_ctx = talloc_get_type_abort(uctx, sql_redundant_ctx_t);
1766 sql_redundant_call_env_t *call_env = redundant_ctx->call_env;
1767 rlm_sql_t const *inst = redundant_ctx->inst;
1768 fr_sql_query_t *query_ctx = redundant_ctx->query_ctx;
1769 int numaffected = 0;
1770 tmpl_t *next_query;
1771
1772 RDEBUG2("SQL query returned: %s", fr_table_str_by_value(sql_rcode_description_table, query_ctx->rcode, "<INVALID>"));
1773
1774 switch (query_ctx->rcode) {
1775 /*
1776 * Query was a success! Now we just need to check if it did anything.
1777 */
1778 case RLM_SQL_OK:
1779 break;
1780
1781 /*
1782 * A general, unrecoverable server fault.
1783 */
1784 case RLM_SQL_ERROR:
1785 /*
1786 * If we get RLM_SQL_RECONNECT it means all connections in the pool
1787 * were exhausted, and we couldn't create a new connection,
1788 * so we do not need to call fr_pool_connection_release.
1789 */
1790 case RLM_SQL_RECONNECT:
1791 RETURN_MODULE_FAIL;
1792
1793 /*
1794 * Query was invalid, this is a terminal error.
1795 */
1796 case RLM_SQL_QUERY_INVALID:
1797 RETURN_MODULE_INVALID;
1798
1799 /*
1800 * Driver found an error (like a unique key constraint violation)
1801 * that hinted it might be a good idea to try an alternative query.
1802 */
1803 case RLM_SQL_ALT_QUERY:
1804 goto next;
1805
1806 case RLM_SQL_NO_MORE_ROWS:
1807 break;
1808 }
1809
1810 /*
1811 * We need to have updated something for the query to have been
1812 * counted as successful.
1813 */
1814 numaffected = (inst->driver->sql_affected_rows)(query_ctx, &inst->config);
1815 TALLOC_FREE(query_ctx);
1816 RDEBUG2("%i record(s) updated", numaffected);
1817
1818 if (numaffected > 0) RETURN_MODULE_OK; /* A query succeeded, were done! */
1819next:
1820 /*
1821 * Look to see if there are any more queries to expand
1822 */
1823 talloc_free(query_ctx);
1824 redundant_ctx->query_no++;
1825 if (redundant_ctx->query_no >= talloc_array_length(call_env->query)) RETURN_MODULE_NOOP;
1826 next_query = *(tmpl_t **)((uint8_t *)call_env->query + sizeof(void *) * redundant_ctx->query_no);
1827 if (unlang_function_repeat_set(request, mod_sql_redundant_resume) < 0) RETURN_MODULE_FAIL;
1828 if (unlang_tmpl_push(redundant_ctx, &redundant_ctx->query, request, next_query, NULL) < 0) RETURN_MODULE_FAIL;
1829
1830 RDEBUG2("Trying next query...");
1831
1832 return UNLANG_ACTION_PUSHED_CHILD;
1833}
1834
1835
1836/** Resume function called after expansion of next query in a redundant list of queries
1837 *
1838 * @param p_result Result of current module call.
1839 * @param priority Unused.
1840 * @param request Current request.
1841 * @param uctx Current redundant sql context.
1842 * @return one of the RLM_MODULE_* values.
1843 */
1844static unlang_action_t mod_sql_redundant_resume(rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
1845{
1846 sql_redundant_ctx_t *redundant_ctx = talloc_get_type_abort(uctx, sql_redundant_ctx_t);
1847 sql_redundant_call_env_t *call_env = redundant_ctx->call_env;
1848 rlm_sql_t const *inst = redundant_ctx->inst;
1849
1850 redundant_ctx->query_vb = fr_value_box_list_pop_head(&redundant_ctx->query);
1851 if (!redundant_ctx->query_vb) RETURN_MODULE_FAIL;
1852
1853 if ((call_env->filename.type == FR_TYPE_STRING) && (call_env->filename.vb_length > 0)) {
1854 rlm_sql_query_log(inst, call_env->filename.vb_strvalue, redundant_ctx->query_vb->vb_strvalue);
1855 }
1856
1857 MEM(redundant_ctx->query_ctx = fr_sql_query_alloc(redundant_ctx, inst, request, redundant_ctx->trunk,
1858 redundant_ctx->query_vb->vb_strvalue, SQL_QUERY_OTHER));
1859
1860 if (unlang_function_repeat_set(request, mod_sql_redundant_query_resume) < 0) RETURN_MODULE_FAIL;
1861
1862 return unlang_function_push(request, inst->query, NULL, NULL, 0, UNLANG_SUB_FRAME, redundant_ctx->query_ctx);
1863}
1864
1865/** Generic module call for failing between a bunch of queries.
1866 *
1867 * Used for `accounting` and `send` module calls
1868 *
1869 */
1870static unlang_action_t CC_HINT(nonnull) mod_sql_redundant(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
1871{
1872 rlm_sql_t const *inst = talloc_get_type_abort_const(mctx->mi->data, rlm_sql_t);
1873 rlm_sql_thread_t *thread = talloc_get_type_abort(mctx->thread, rlm_sql_thread_t);
1874 sql_redundant_call_env_t *call_env = talloc_get_type_abort(mctx->env_data, sql_redundant_call_env_t);
1875 sql_redundant_ctx_t *redundant_ctx;
1876
1877 /*
1878 * No query to expand - do nothing.
1879 */
1880 if (!call_env->query) {
1881 RWARN("No query configured");
1882 RETURN_MODULE_NOOP;
1883 }
1884
1885 MEM(redundant_ctx = talloc_zero(unlang_interpret_frame_talloc_ctx(request), sql_redundant_ctx_t));
1886 *redundant_ctx = (sql_redundant_ctx_t) {
1887 .inst = inst,
1888 .request = request,
1889 .trunk = thread->trunk,
1890 .call_env = call_env,
1891 .query_no = 0
1892 };
1893 talloc_set_destructor(redundant_ctx, sql_redundant_ctx_free);
1894
1895 sql_set_user(inst, request, &call_env->user);
1896
1897 if (unlang_function_push(request, NULL, mod_sql_redundant_resume, NULL, 0,
1898 UNLANG_SUB_FRAME, redundant_ctx) < 0) RETURN_MODULE_FAIL;
1899
1900 fr_value_box_list_init(&redundant_ctx->query);
1901 if (unlang_tmpl_push(redundant_ctx, &redundant_ctx->query, request, *call_env->query, NULL) < 0) RETURN_MODULE_FAIL;
1902
1903 return UNLANG_ACTION_PUSHED_CHILD;
1904}
1905
1906static int logfile_call_env_parse(TALLOC_CTX *ctx, call_env_parsed_head_t *out, tmpl_rules_t const *t_rules,
1907 CONF_ITEM *ci,
1908 call_env_ctx_t const *cec, UNUSED call_env_parser_t const *rule)
1909{
1910 CONF_SECTION const *subcs = NULL, *subsubcs = NULL;
1911 CONF_PAIR const *to_parse = NULL;
1912 tmpl_t *parsed_tmpl;
1913 call_env_parsed_t *parsed_env;
1914 tmpl_rules_t our_rules;
1915 char *section2, *p;
1916
1917 fr_assert(cec->type == CALL_ENV_CTX_TYPE_MODULE);
1918
1919 /*
1920 * The call env subsection which calls this has CF_IDENT_ANY as its name
1921 * which results in finding the first child section of the module config.
1922 * We actually want the whole module config - so go to the parent.
1923 */
1924 ci = cf_parent(ci);
1925
1926 /*
1927 * Find the instance of "logfile" to parse
1928 *
1929 * If the module call is from `accounting Start` then first is
1930 * <module> { accounting { start { logfile } } }
1931 * then
1932 * <module> { accounting { logfile } }
1933 * falling back to
1934 * <module> { logfile }
1935 */
1936 subcs = cf_section_find(cf_item_to_section(ci), cec->asked->name1, CF_IDENT_ANY);
1937 if (subcs) {
1938 if (cec->asked->name2) {
1939 section2 = talloc_strdup(NULL, cec->asked->name2);
1940 p = section2;
1941 while (*p != '\0') {
1942 *(p) = tolower((uint8_t)*p);
1943 p++;
1944 }
1945 subsubcs = cf_section_find(subcs, section2, CF_IDENT_ANY);
1946 talloc_free(section2);
1947 if (subsubcs) to_parse = cf_pair_find(subsubcs, "logfile");
1948 }
1949 if (!to_parse) to_parse = cf_pair_find(subcs, "logfile");
1950 }
1951
1952 if (!to_parse) to_parse = cf_pair_find(cf_item_to_section(ci), "logfile");
1953
1954 if (!to_parse) return 0;
1955
1956 /*
1957 * Use filename safety escape functions
1958 */
1959 our_rules = *t_rules;
1960 our_rules.escape.func = rad_filename_box_make_safe;
1961 our_rules.escape.safe_for = (fr_value_box_safe_for_t)rad_filename_box_make_safe;
1962 our_rules.escape.mode = TMPL_ESCAPE_PRE_CONCAT;
1963 our_rules.literals_safe_for = our_rules.escape.safe_for;
1964
1965 MEM(parsed_env = call_env_parsed_add(ctx, out,
1966 &(call_env_parser_t){ FR_CALL_ENV_OFFSET("logfile", FR_TYPE_STRING, CALL_ENV_FLAG_CONCAT, sql_redundant_call_env_t, filename)}));
1967
1968 if (tmpl_afrom_substr(parsed_env, &parsed_tmpl,
1969 &FR_SBUFF_IN(cf_pair_value(to_parse), talloc_array_length(cf_pair_value(to_parse)) - 1),
1970 cf_pair_value_quote(to_parse), value_parse_rules_quoted[cf_pair_value_quote(to_parse)],
1971 &our_rules) < 0) {
1972 error:
1973 call_env_parsed_free(out, parsed_env);
1974 return -1;
1975 }
1976 if (tmpl_needs_resolving(parsed_tmpl) &&
1977 (tmpl_resolve(parsed_tmpl, &(tmpl_res_rules_t){ .dict_def = our_rules.attr.dict_def }) < 0)) goto error;
1978
1979 call_env_parsed_set_tmpl(parsed_env, parsed_tmpl);
1980
1981 return 0;
1982}
1983
1984static int query_call_env_parse(TALLOC_CTX *ctx, call_env_parsed_head_t *out, tmpl_rules_t const *t_rules,
1985 CONF_ITEM *ci,
1986 call_env_ctx_t const *cec, UNUSED call_env_parser_t const *rule)
1987{
1988 rlm_sql_t const *inst = talloc_get_type_abort_const(cec->mi->data, rlm_sql_t);
1989 CONF_SECTION const *subcs = NULL;
1990 CONF_PAIR const *to_parse = NULL;
1991 tmpl_t *parsed_tmpl;
1992 call_env_parsed_t *parsed_env;
1993 tmpl_rules_t our_rules;
1994 char *section2, *p;
1995 ssize_t count, slen, multi_index = 0;
1996
1997 fr_assert(cec->type == CALL_ENV_CTX_TYPE_MODULE);
1998
1999 /*
2000 * Find the instance(s) of "query" to parse
2001 *
2002 * If the module call is from `accounting Start` then it should be
2003 * <module> { accounting { start { query } } }
2004 */
2005 section2 = talloc_strdup(NULL, section_name_str(cec->asked->name2));
2006 p = section2;
2007 while (*p != '\0') {
2008 *(p) = tolower((uint8_t)*p);
2009 p++;
2010 }
2011 subcs = cf_section_find(cf_item_to_section(ci), section2, CF_IDENT_ANY);
2012 if (!subcs) {
2013 no_query:
2014 cf_log_warn(ci, "No query found for \"%s.%s\", this query will be disabled",
2015 section_name_str(cec->asked->name1), section2);
2016 talloc_free(section2);
2017 return 0;
2018 }
2019 count = cf_pair_count(subcs, "query");
2020 if (count == 0) goto no_query;
2021
2022 talloc_free(section2);
2023
2024 /*
2025 * Use module specific escape functions
2026 */
2027 our_rules = *t_rules;
2028 our_rules.escape = (tmpl_escape_t) {
2029 .func = sql_box_escape,
2030 .uctx = { .func = { .uctx = inst, .alloc = sql_escape_uctx_alloc }, .type = TMPL_ESCAPE_UCTX_ALLOC_FUNC },
2031 .safe_for = SQL_SAFE_FOR,
2032 .mode = TMPL_ESCAPE_PRE_CONCAT,
2033 };
2034 our_rules.literals_safe_for = our_rules.escape.safe_for;
2035
2036 while ((to_parse = cf_pair_find_next(subcs, to_parse, "query"))) {
2037 MEM(parsed_env = call_env_parsed_add(ctx, out,
2038 &(call_env_parser_t){
2039 FR_CALL_ENV_PARSE_ONLY_OFFSET("query", FR_TYPE_STRING, CALL_ENV_FLAG_CONCAT | CALL_ENV_FLAG_MULTI,
2040 sql_redundant_call_env_t, query)
2041 }));
2042
2043 slen = tmpl_afrom_substr(parsed_env, &parsed_tmpl,
2044 &FR_SBUFF_IN(cf_pair_value(to_parse), talloc_array_length(cf_pair_value(to_parse)) - 1),
2045 cf_pair_value_quote(to_parse), value_parse_rules_quoted[cf_pair_value_quote(to_parse)],
2046 &our_rules);
2047 if (slen <= 0) {
2048 cf_canonicalize_error(to_parse, slen, "Failed parsing query", cf_pair_value(to_parse));
2049 error:
2050 call_env_parsed_free(out, parsed_env);
2051 return -1;
2052 }
2053 if (tmpl_needs_resolving(parsed_tmpl) &&
2054 (tmpl_resolve(parsed_tmpl, &(tmpl_res_rules_t){ .dict_def = our_rules.attr.dict_def }) < 0)) {
2055 cf_log_perr(to_parse, "Failed resolving query");
2056 goto error;
2057 }
2058
2059 call_env_parsed_set_multi_index(parsed_env, count, multi_index++);
2060 call_env_parsed_set_data(parsed_env, parsed_tmpl);
2061 }
2062
2063 return 0;
2064}
2065
2066static int mod_detach(module_detach_ctx_t const *mctx)
2067{
2068 rlm_sql_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_sql_t);
2069
2070 /*
2071 * We need to explicitly free all children, so if the driver
2072 * parented any memory off the instance, their destructors
2073 * run before we unload the bytecode for them.
2074 *
2075 * If we don't do this, we get a SEGV deep inside the talloc code
2076 * when it tries to call a destructor that no longer exists.
2077 */
2078 talloc_free_children(inst);
2079
2080 return 0;
2081}
2082
2083static int mod_instantiate(module_inst_ctx_t const *mctx)
2084{
2085 rlm_sql_boot_t const *boot = talloc_get_type_abort(mctx->mi->boot, rlm_sql_boot_t);
2086 rlm_sql_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_sql_t);
2087 CONF_SECTION *conf = mctx->mi->conf;
2088
2089 /*
2090 * We can't modify the inst field in bootstrap, and there's no
2091 * point in making rlm_sql_boot_t available everywhere.
2092 */
2093 inst->group_da = boot->group_da;
2094
2095 inst->name = mctx->mi->name; /* Need this for functions in sql.c */
2096 inst->mi = mctx->mi; /* For looking up thread instance data */
2097
2098 /*
2099 * We need authorize_group_check_query or authorize_group_reply_query
2100 * if group_membership_query is set.
2101 *
2102 * Or we need group_membership_query if authorize_group_check_query or
2103 * authorize_group_reply_query is set.
2104 */
2105 if (!cf_pair_find(conf, "group_membership_query")) {
2106 if (cf_pair_find(conf, "authorize_group_check_query")) {
2107 WARN("Ignoring authorize_group_check_query as group_membership_query is not configured");
2108 }
2109
2110 if (cf_pair_find(conf, "authorize_group_reply_query")) {
2111 WARN("Ignoring authorize_group_reply_query as group_membership_query is not configured");
2112 }
2113
2114 if (!inst->config.read_groups) {
2115 WARN("Ignoring read_groups as group_membership_query is not configured");
2116 inst->config.read_groups = false;
2117 }
2118 } /* allow the group check / reply queries to be NULL */
2119
2120 /*
2121 * Cache the SQL-User-Name fr_dict_attr_t, so we can be slightly
2122 * more efficient about creating SQL-User-Name attributes.
2123 */
2124 inst->sql_user = attr_sql_user_name;
2125
2126 /*
2127 * Export these methods, too. This avoids RTDL_GLOBAL.
2128 */
2129 inst->query = rlm_sql_trunk_query;
2130 inst->select = rlm_sql_trunk_query;
2131 inst->fetch_row = rlm_sql_fetch_row;
2132 inst->query_alloc = fr_sql_query_alloc;
2133
2134 /*
2135 * Either use the module specific escape function
2136 * or our default one.
2137 */
2138 if (inst->driver->sql_escape_func) {
2139 inst->sql_escape_func = inst->driver->sql_escape_func;
2140 } else {
2141 inst->sql_escape_func = sql_escape_func;
2142 inst->sql_escape_arg = inst;
2143 }
2144 inst->box_escape_func = sql_box_escape;
2145
2146 inst->ef = module_rlm_exfile_init(inst, conf, 256, fr_time_delta_from_sec(30), true, NULL, NULL);
2147 if (!inst->ef) {
2148 cf_log_err(conf, "Failed creating log file context");
2149 return -1;
2150 }
2151
2152 /*
2153 * Most SQL trunks can only have one running request per connection.
2154 */
2155 if (!(inst->driver->flags & RLM_SQL_MULTI_QUERY_CONN)) {
2156 inst->config.trunk_conf.target_req_per_conn = 1;
2157 inst->config.trunk_conf.max_req_per_conn = 1;
2158 }
2159 if (!inst->driver->trunk_io_funcs.connection_notify) {
2160 inst->config.trunk_conf.always_writable = true;
2161 }
2162
2163 /*
2164 * Instantiate the driver module
2165 */
2166 if (unlikely(module_instantiate(inst->driver_submodule) < 0)) {
2167 cf_log_err(conf, "Failed instantiating driver module");
2168 return -1;
2169 }
2170
2171 return 0;
2172}
2173
2174static int mod_bootstrap(module_inst_ctx_t const *mctx)
2175{
2176 rlm_sql_boot_t *boot = talloc_get_type_abort(mctx->mi->boot, rlm_sql_boot_t);
2177 rlm_sql_t const *inst = talloc_get_type_abort(mctx->mi->data, rlm_sql_t);
2178 CONF_SECTION *conf = mctx->mi->conf;
2179 xlat_t *xlat;
2180 xlat_arg_parser_t *sql_xlat_arg;
2181 rlm_sql_escape_uctx_t *uctx;
2182
2183 /*
2184 * Register the group comparison attribute
2185 */
2186 if (cf_pair_find(conf, "group_membership_query")) {
2187 char const *group_attribute;
2188 char buffer[256];
2189
2190 if (inst->config.group_attribute) {
2191 group_attribute = inst->config.group_attribute;
2192 } else if (cf_section_name2(conf)) {
2193 snprintf(buffer, sizeof(buffer), "%s-SQL-Group", mctx->mi->name);
2194 group_attribute = buffer;
2195 } else {
2196 group_attribute = "SQL-Group";
2197 }
2198
2199 boot->group_da = fr_dict_attr_by_name(NULL, fr_dict_root(dict_freeradius), group_attribute);
2200 if (!boot->group_da) {
2201 if (fr_dict_attr_add_name_only(fr_dict_unconst(dict_freeradius), fr_dict_root(dict_freeradius), group_attribute, FR_TYPE_STRING, NULL) < 0) {
2202 cf_log_perr(conf, "Failed defining group attribute");
2203 return -1;
2204 }
2205
2206 boot->group_da = fr_dict_attr_search_by_qualified_oid(NULL, dict_freeradius, group_attribute,
2207 false, false);
2208 if (!boot->group_da) {
2209 cf_log_perr(conf, "Failed resolving group attribute");
2210 return -1;
2211 }
2212 }
2213
2214 /*
2215 * Define the new %sql.group(name) xlat. The
2216 * register function automatically adds the
2217 * module instance name as a prefix.
2218 */
2219 xlat = module_rlm_xlat_register(boot, mctx, "group", sql_group_xlat, FR_TYPE_BOOL);
2220 if (!xlat) {
2221 cf_log_perr(conf, "Failed registering %s expansion", group_attribute);
2222 return -1;
2223 }
2224 xlat_func_call_env_set(xlat, &group_xlat_method_env);
2225
2226 /*
2227 * The xlat escape function needs access to inst - so
2228 * argument parser details need to be defined here
2229 */
2230 sql_xlat_arg = talloc_zero_array(xlat, xlat_arg_parser_t, 2);
2231 sql_xlat_arg[0] = (xlat_arg_parser_t){
2232 .type = FR_TYPE_STRING,
2233 .required = true,
2234 .concat = true
2235 };
2236 sql_xlat_arg[1] = (xlat_arg_parser_t)XLAT_ARG_PARSER_TERMINATOR;
2237
2238 xlat_func_args_set(xlat, sql_xlat_arg);
2239 }
2240
2241 /*
2242 * Register the SQL xlat function
2243 */
2244 xlat = module_rlm_xlat_register(boot, mctx, NULL, sql_xlat, FR_TYPE_VOID); /* Returns an integer sometimes */
2245 if (!xlat) {
2246 cf_log_perr(conf, "Failed registering %s expansion", mctx->mi->name);
2247 return -1;
2248 }
2249 xlat_func_call_env_set(xlat, &xlat_method_env);
2250
2251 /*
2252 * The xlat escape function needs access to inst - so
2253 * argument parser details need to be defined here.
2254 * Parented off the module instance "boot" so it can be shared
2255 * between three xlats.
2256 */
2257 MEM(sql_xlat_arg = talloc_zero_array(boot, xlat_arg_parser_t, 2));
2258 MEM(uctx = talloc_zero(sql_xlat_arg, rlm_sql_escape_uctx_t));
2259 *uctx = (rlm_sql_escape_uctx_t){ .sql = inst };
2260 sql_xlat_arg[0] = (xlat_arg_parser_t){
2261 .type = FR_TYPE_STRING,
2262 .required = true,
2263 .concat = true,
2264 .func = sql_xlat_escape,
2265 .safe_for = SQL_SAFE_FOR,
2266 .uctx = uctx
2267 };
2268 sql_xlat_arg[1] = (xlat_arg_parser_t)XLAT_ARG_PARSER_TERMINATOR;
2269
2270 xlat_func_args_set(xlat, sql_xlat_arg);
2271
2272 /*
2273 * Register instances of the SQL xlat with pre-determined output types
2274 */
2275 if (unlikely(!(xlat = module_rlm_xlat_register(boot, mctx, "fetch", sql_fetch_xlat, FR_TYPE_VOID)))) return -1;
2276 xlat_func_call_env_set(xlat, &xlat_method_env);
2277 xlat_func_args_set(xlat, sql_xlat_arg);
2278
2279 if (unlikely(!(xlat = module_rlm_xlat_register(boot, mctx, "modify", sql_modify_xlat, FR_TYPE_UINT32)))) return -1;
2280 xlat_func_call_env_set(xlat, &xlat_method_env);
2281 xlat_func_args_set(xlat, sql_xlat_arg);
2282
2283 if (unlikely(!(xlat = module_rlm_xlat_register(boot, mctx, "escape", sql_escape_xlat, FR_TYPE_STRING)))) return -1;
2284 sql_xlat_arg = talloc_zero_array(xlat, xlat_arg_parser_t, 2);
2285 sql_xlat_arg[0] = (xlat_arg_parser_t){
2286 .type = FR_TYPE_STRING,
2287 .variadic = true,
2288 .concat = true,
2289 };
2290 sql_xlat_arg[1] = (xlat_arg_parser_t)XLAT_ARG_PARSER_TERMINATOR;
2291 xlat_func_args_set(xlat, sql_xlat_arg);
2292 xlat_func_flags_set(xlat, XLAT_FUNC_FLAG_PURE);
2293 xlat_func_safe_for_set(xlat, SQL_SAFE_FOR);
2294
2295 if (unlikely(!(xlat = module_rlm_xlat_register(boot, mctx, "safe", xlat_transparent, FR_TYPE_STRING)))) return -1;
2296 sql_xlat_arg = talloc_zero_array(xlat, xlat_arg_parser_t, 2);
2297 sql_xlat_arg[0] = (xlat_arg_parser_t){
2298 .type = FR_TYPE_STRING,
2299 .variadic = true,
2300 .concat = true
2301 };
2302 sql_xlat_arg[1] = (xlat_arg_parser_t)XLAT_ARG_PARSER_TERMINATOR;
2303 xlat_func_args_set(xlat, sql_xlat_arg);
2304 xlat_func_flags_set(xlat, XLAT_FUNC_FLAG_PURE);
2305 xlat_func_safe_for_set(xlat, SQL_SAFE_FOR);
2306
2307 /*
2308 * Register the SQL map processor function
2309 */
2310 if (inst->driver->sql_fields) map_proc_register(mctx->mi->boot, inst, mctx->mi->name, mod_map_proc, sql_map_verify, 0, SQL_SAFE_FOR);
2311
2312 return 0;
2313}
2314
2315/** Initialise thread specific data structure
2316 *
2317 */
2318static int mod_thread_instantiate(module_thread_inst_ctx_t const *mctx)
2319{
2320 rlm_sql_thread_t *t = talloc_get_type_abort(mctx->thread, rlm_sql_thread_t);
2321 rlm_sql_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_sql_t);
2322
2323 if (inst->driver->sql_escape_arg_alloc) {
2324 t->sql_escape_arg = inst->driver->sql_escape_arg_alloc(t, mctx->el, inst);
2325 if (!t->sql_escape_arg) return -1;
2326 }
2327
2328 t->inst = inst;
2329
2330 t->trunk = trunk_alloc(t, mctx->el, &inst->driver->trunk_io_funcs,
2331 &inst->config.trunk_conf, inst->name, t, false);
2332 if (!t->trunk) return -1;
2333
2334 return 0;
2335}
2336
2337static int mod_thread_detach(module_thread_inst_ctx_t const *mctx)
2338{
2339 rlm_sql_thread_t *t = talloc_get_type_abort(mctx->thread, rlm_sql_thread_t);
2340 rlm_sql_t *inst = talloc_get_type_abort(mctx->mi->data, rlm_sql_t);
2341
2342 if (inst->driver->sql_escape_arg_free) inst->driver->sql_escape_arg_free(t->sql_escape_arg);
2343
2344 return 0;
2345}
2346
2347/** Custom parser for sql call env queries
2348 *
2349 * Needed as the escape function needs to reference the correct SQL driver
2350 */
2351static int call_env_parse(TALLOC_CTX *ctx, void *out, tmpl_rules_t const *t_rules, CONF_ITEM *ci,
2352 call_env_ctx_t const *cec, UNUSED call_env_parser_t const *rule)
2353{
2354 rlm_sql_t const *inst = talloc_get_type_abort_const(cec->mi->data, rlm_sql_t);
2355 tmpl_t *parsed_tmpl;
2356 CONF_PAIR const *to_parse = cf_item_to_pair(ci);
2357 tmpl_rules_t our_rules = *t_rules;
2358
2359 /*
2360 * Set the sql module instance data as the uctx for escaping
2361 * and use the same "safe_for" as the sql module.
2362 */
2363 our_rules.escape.func = sql_box_escape;
2364 our_rules.escape.uctx.func.uctx = inst;
2365 our_rules.escape.safe_for = SQL_SAFE_FOR;
2366 our_rules.literals_safe_for = SQL_SAFE_FOR;
2367
2368 if (tmpl_afrom_substr(ctx, &parsed_tmpl,
2369 &FR_SBUFF_IN(cf_pair_value(to_parse), talloc_array_length(cf_pair_value(to_parse)) - 1),
2370 cf_pair_value_quote(to_parse), value_parse_rules_quoted[cf_pair_value_quote(to_parse)],
2371 &our_rules) < 0) return -1;
2372 *(void **)out = parsed_tmpl;
2373 return 0;
2374}
2375
2376#define QUERY_ESCAPE .pair.escape = { \
2377 .mode = TMPL_ESCAPE_PRE_CONCAT, \
2378 .uctx = { .func = { .alloc = sql_escape_uctx_alloc }, .type = TMPL_ESCAPE_UCTX_ALLOC_FUNC }, \
2379}, .pair.func = call_env_parse
2380
2393
2394/* globally exported name */
2395module_rlm_t rlm_sql = {
2396 .common = {
2397 .magic = MODULE_MAGIC_INIT,
2398 .name = "sql",
2399 .boot_size = sizeof(rlm_sql_boot_t),
2400 .boot_type = "rlm_sql_boot_t",
2401 .inst_size = sizeof(rlm_sql_t),
2402 .config = module_config,
2403 .bootstrap = mod_bootstrap,
2404 .instantiate = mod_instantiate,
2405 .detach = mod_detach,
2406 .thread_inst_size = sizeof(rlm_sql_thread_t),
2407 .thread_instantiate = mod_thread_instantiate,
2408 .thread_detach = mod_thread_detach,
2409 },
2410 .method_group = {
2411 .bindings = (module_method_binding_t[]){
2412 /*
2413 * Hack to support old configurations
2414 */
2415 { .section = SECTION_NAME("accounting", CF_IDENT_ANY), .method = mod_sql_redundant, .method_env = &accounting_method_env },
2416 { .section = SECTION_NAME("authorize", CF_IDENT_ANY), .method = mod_authorize, .method_env = &authorize_method_env },
2417
2418 { .section = SECTION_NAME("recv", CF_IDENT_ANY), .method = mod_authorize, .method_env = &authorize_method_env },
2419 { .section = SECTION_NAME("send", CF_IDENT_ANY), .method = mod_sql_redundant, .method_env = &send_method_env },
2420 MODULE_BINDING_TERMINATOR
2421 }
2422 }
2423};
unlang_action_t
unlang_action_t
Returned by unlang_op_t calls, determine the next action of the interpreter.
Definition action.h:35
UNLANG_ACTION_PUSHED_CHILD
@ UNLANG_ACTION_PUSHED_CHILD
unlang_t pushed a new child onto the stack, execute it instead of continuing.
Definition action.h:39
UNLANG_ACTION_FAIL
@ UNLANG_ACTION_FAIL
Encountered an unexpected error.
Definition action.h:36
UNLANG_ACTION_CALCULATE_RESULT
@ UNLANG_ACTION_CALCULATE_RESULT
Calculate a new section rlm_rcode_t value.
Definition action.h:37
buffer
static int const char char buffer[256]
Definition acutest.h:576
fr_atexit_thread_local
#define fr_atexit_thread_local(_name, _free, _uctx)
Definition atexit.h:221
RCSID
#define RCSID(id)
Definition build.h:483
FALL_THROUGH
#define FALL_THROUGH
clang 10 doesn't recognised the FALL-THROUGH comment anymore
Definition build.h:322
unlikely
#define unlikely(_x)
Definition build.h:381
UNUSED
#define UNUSED
Definition build.h:315
call_env_parsed_free
void call_env_parsed_free(call_env_parsed_head_t *parsed, call_env_parsed_t *ptr)
Remove a call_env_parsed_t from the list of parsed call envs.
Definition call_env.c:732
call_env_parsed_add
call_env_parsed_t * call_env_parsed_add(TALLOC_CTX *ctx, call_env_parsed_head_t *head, call_env_parser_t const *rule)
Allocate a new call_env_parsed_t structure and add it to the list of parsed call envs.
Definition call_env.c:645
call_env_parsed_set_multi_index
void call_env_parsed_set_multi_index(call_env_parsed_t *parsed, size_t count, size_t index)
Assign a count and index to a call_env_parsed_t.
Definition call_env.c:717
call_env_parsed_set_data
void call_env_parsed_set_data(call_env_parsed_t *parsed, void const *data)
Assign data to a call_env_parsed_t.
Definition call_env.c:702
call_env_parsed_set_tmpl
void call_env_parsed_set_tmpl(call_env_parsed_t *parsed, tmpl_t const *tmpl)
Assign a tmpl to a call_env_parsed_t.
Definition call_env.c:674
call_env_parsed_s
Definition call_env.c:42
CALL_ENV_TERMINATOR
#define CALL_ENV_TERMINATOR
Definition call_env.h:236
call_env_ctx_s::type
call_env_ctx_type_t type
Type of callenv ctx.
Definition call_env.h:227
CALL_ENV_CTX_TYPE_MODULE
@ CALL_ENV_CTX_TYPE_MODULE
The callenv is registered to a module method.
Definition call_env.h:222
FR_CALL_ENV_METHOD_OUT
#define FR_CALL_ENV_METHOD_OUT(_inst)
Helper macro for populating the size/type fields of a call_env_method_t from the output structure typ...
Definition call_env.h:240
call_env_method_s::env
call_env_parser_t const * env
Parsing rules for call method env.
Definition call_env.h:247
call_env_ctx_s::asked
section_name_t const * asked
The actual name1/name2 that resolved to a module_method_binding_t.
Definition call_env.h:232
CALL_ENV_FLAG_CONCAT
@ CALL_ENV_FLAG_CONCAT
If the tmpl produced multiple boxes they should be concatenated.
Definition call_env.h:76
CALL_ENV_FLAG_SUBSECTION
@ CALL_ENV_FLAG_SUBSECTION
This is a subsection.
Definition call_env.h:87
CALL_ENV_FLAG_PARSE_ONLY
@ CALL_ENV_FLAG_PARSE_ONLY
The result of parsing will not be evaluated at runtime.
Definition call_env.h:85
CALL_ENV_FLAG_MULTI
@ CALL_ENV_FLAG_MULTI
Multiple instances of the conf pairs are allowed.
Definition call_env.h:78
call_env_ctx_s::mi
module_instance_t const * mi
Module instance that the callenv is registered to.
Definition call_env.h:229
FR_CALL_ENV_SUBSECTION_FUNC
#define FR_CALL_ENV_SUBSECTION_FUNC(_name, _name2, _flags, _func)
Specify a call_env_parser_t which parses a subsection using a callback function.
Definition call_env.h:412
FR_CALL_ENV_OFFSET
#define FR_CALL_ENV_OFFSET(_name, _cast_type, _flags, _struct, _field)
Specify a call_env_parser_t which writes out runtime results to the specified field.
Definition call_env.h:340
FR_CALL_ENV_PARSE_ONLY_OFFSET
#define FR_CALL_ENV_PARSE_ONLY_OFFSET(_name, _cast_type, _flags, _struct, _parse_field)
Specify a call_env_parser_t which writes out the result of the parsing phase to the field specified.
Definition call_env.h:389
call_env_ctx_s
Definition call_env.h:226
call_env_method_s
Definition call_env.h:244
call_env_parser_s
Per method call config.
Definition call_env.h:180
CONF_PARSER_TERMINATOR
#define CONF_PARSER_TERMINATOR
Definition cf_parse.h:658
conf_parser_s::func
cf_parse_t func
Override default parsing behaviour for the specified type with a custom parsing function.
Definition cf_parse.h:612
FR_CONF_OFFSET
#define FR_CONF_OFFSET(_name, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition cf_parse.h:284
FR_CONF_OFFSET_FLAGS
#define FR_CONF_OFFSET_FLAGS(_name, _flags, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition cf_parse.h:272
FR_CONF_OFFSET_SUBSECTION
#define FR_CONF_OFFSET_SUBSECTION(_name, _flags, _struct, _field, _subcs)
conf_parser_t which populates a sub-struct using a CONF_SECTION
Definition cf_parse.h:313
CONF_FLAG_SECRET
@ CONF_FLAG_SECRET
Only print value if debug level >= 3.
Definition cf_parse.h:438
CONF_FLAG_HIDDEN
@ CONF_FLAG_HIDDEN
Used by scripts to omit items from the generated documentation.
Definition cf_parse.h:457
FR_CONF_OFFSET_TYPE_FLAGS
#define FR_CONF_OFFSET_TYPE_FLAGS(_name, _type, _flags, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition cf_parse.h:241
conf_parser_s
Defines a CONF_PAIR to C data type mapping.
Definition cf_parse.h:595
cf_item
Common header for all CONF_* types.
Definition cf_priv.h:49
cf_pair
Configuration AVP similar to a fr_pair_t.
Definition cf_priv.h:70
cf_section
A section grouping multiple CONF_PAIR.
Definition cf_priv.h:101
cf_pair_find_next
CONF_PAIR * cf_pair_find_next(CONF_SECTION const *cs, CONF_PAIR const *prev, char const *attr)
Find a pair with a name matching attr, after specified pair.
Definition cf_util.c:1453
cf_pair_count
unsigned int cf_pair_count(CONF_SECTION const *cs, char const *attr)
Count the number of times an attribute occurs in a parent section.
Definition cf_util.c:1520
cf_section_name2
char const * cf_section_name2(CONF_SECTION const *cs)
Return the second identifier of a CONF_SECTION.
Definition cf_util.c:1185
cf_section_find
CONF_SECTION * cf_section_find(CONF_SECTION const *cs, char const *name1, char const *name2)
Find a CONF_SECTION with name1 and optionally name2.
Definition cf_util.c:1028
cf_item_to_section
CONF_SECTION * cf_item_to_section(CONF_ITEM const *ci)
Cast a CONF_ITEM to a CONF_SECTION.
Definition cf_util.c:684
cf_pair_find
CONF_PAIR * cf_pair_find(CONF_SECTION const *cs, char const *attr)
Search for a CONF_PAIR with a specific name.
Definition cf_util.c:1439
cf_pair_value_quote
fr_token_t cf_pair_value_quote(CONF_PAIR const *pair)
Return the value (rhs) quoting of a pair.
Definition cf_util.c:1638
cf_item_to_pair
CONF_PAIR * cf_item_to_pair(CONF_ITEM const *ci)
Cast a CONF_ITEM to a CONF_PAIR.
Definition cf_util.c:664
cf_pair_value
char const * cf_pair_value(CONF_PAIR const *pair)
Return the value of a CONF_PAIR.
Definition cf_util.c:1594
cf_log_err
#define cf_log_err(_cf, _fmt,...)
Definition cf_util.h:289
cf_parent
#define cf_parent(_cf)
Definition cf_util.h:101
cf_canonicalize_error
#define cf_canonicalize_error(_ci, _slen, _msg, _str)
Definition cf_util.h:367
cf_log_perr
#define cf_log_perr(_cf, _fmt,...)
Definition cf_util.h:296
cf_log_warn
#define cf_log_warn(_cf, _fmt,...)
Definition cf_util.h:290
CF_IDENT_ANY
#define CF_IDENT_ANY
Definition cf_util.h:78
fr_dcursor_append
static int fr_dcursor_append(fr_dcursor_t *cursor, void *v)
Insert a single item at the end of the list.
Definition dcursor.h:406
fr_dcursor_s
Definition dcursor.h:93
MEM
#define MEM(x)
Definition debug.h:36
fr_dict_attr_search_by_qualified_oid
fr_dict_attr_t const * fr_dict_attr_search_by_qualified_oid(fr_dict_attr_err_t *err, fr_dict_t const *dict_def, char const *attr, bool internal, bool foreign))
Locate a qualified fr_dict_attr_t by its name and a dictionary qualifier.
Definition dict_util.c:3085
fr_dict_attr_add_name_only
int fr_dict_attr_add_name_only(fr_dict_t *dict, fr_dict_attr_t const *parent, char const *name, fr_type_t type, fr_dict_attr_flags_t const *flags))
Add an attribute to the dictionary.
Definition dict_util.c:1742
fr_dict_unconst
fr_dict_t * fr_dict_unconst(fr_dict_t const *dict)
Coerce to non-const.
Definition dict_util.c:4589
fr_dict_attr_by_name
fr_dict_attr_t const * fr_dict_attr_by_name(fr_dict_attr_err_t *err, fr_dict_attr_t const *parent, char const *attr))
Locate a fr_dict_attr_t by its name.
Definition dict_util.c:3267
fr_dict_root
fr_dict_attr_t const * fr_dict_root(fr_dict_t const *dict)
Return the root attribute of a dictionary.
Definition dict_util.c:2404
fr_dict_attr_autoload_t::out
fr_dict_attr_t const ** out
Where to write a pointer to the resolved fr_dict_attr_t.
Definition dict.h:268
fr_dict_autoload_t::out
fr_dict_t const ** out
Where to write a pointer to the loaded/resolved fr_dict_t.
Definition dict.h:281
in
static fr_slen_t in
Definition dict.h:823
fr_dict_attr_autoload_t
Specifies an attribute which must be present for the module to function.
Definition dict.h:267
fr_dict_autoload_t
Specifies a dictionary which must be loaded/loadable for the module to function.
Definition dict.h:280
value
Test enumeration values.
Definition dict_test.h:92
MODULE_MAGIC_INIT
#define MODULE_MAGIC_INIT
Stop people using different module/library/server versions together.
Definition dl_module.h:63
unlang_function_repeat_set
#define unlang_function_repeat_set(_request, _repeat)
Set a new repeat function for an existing function frame.
Definition function.h:89
unlang_function_push
#define unlang_function_push(_request, _func, _repeat, _signal, _sigmask, _top_frame, _uctx)
Push a generic function onto the unlang stack.
Definition function.h:111
sql_escape_xlat
static xlat_action_t sql_escape_xlat(UNUSED TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
Escape a value to make it SQL safe.
Definition rlm_sql.c:432
sql_group_xlat
static xlat_action_t sql_group_xlat(UNUSED TALLOC_CTX *ctx, UNUSED fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, UNUSED fr_value_box_list_t *in)
Check if the user is a member of a particular group.
Definition rlm_sql.c:1186
sql_modify_xlat
static xlat_action_t sql_modify_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
Execute an arbitrary SQL query, returning the number of rows affected.
Definition rlm_sql.c:644
sql_fetch_xlat
static xlat_action_t sql_fetch_xlat(UNUSED TALLOC_CTX *ctx, UNUSED fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
Execute an arbitrary SQL query, expecting results to be returned.
Definition rlm_sql.c:614
sql_xlat
static xlat_action_t sql_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
Execute an arbitrary SQL query.
Definition rlm_sql.c:556
unlang_interpret_frame_talloc_ctx
TALLOC_CTX * unlang_interpret_frame_talloc_ctx(request_t *request)
Get a talloc_ctx which is valid only for this frame.
Definition interpret.c:1407
UNLANG_SUB_FRAME
#define UNLANG_SUB_FRAME
Definition interpret.h:36
REXDENT
#define REXDENT()
Exdent (unindent) R* messages by one level.
Definition log.h:443
RWDEBUG
#define RWDEBUG(fmt,...)
Definition log.h:361
RDEBUG_ENABLED3
#define RDEBUG_ENABLED3
True if request debug level 1-3 messages are enabled.
Definition log.h:335
RDEBUG3
#define RDEBUG3(fmt,...)
Definition log.h:343
RWARN
#define RWARN(fmt,...)
Definition log.h:297
RERROR
#define RERROR(fmt,...)
Definition log.h:298
RPERROR
#define RPERROR(fmt,...)
Definition log.h:302
RPEDEBUG
#define RPEDEBUG(fmt,...)
Definition log.h:376
RINDENT
#define RINDENT()
Indent R* messages by one level.
Definition log.h:430
map_to_request
int map_to_request(request_t *request, map_t const *map, radius_map_getvalue_t func, void *ctx)
Convert map_t to fr_pair_t (s) and add them to a request_t.
Definition map.c:1856
rad_filename_box_make_safe
int rad_filename_box_make_safe(fr_value_box_t *vb, UNUSED void *uxtc)
Definition util.c:167
talloc_free
talloc_free(reap)
map_proc_register
int map_proc_register(TALLOC_CTX *ctx, void const *mod_inst, char const *name, map_proc_func_t evaluate, map_proc_instantiate_t instantiate, size_t inst_size, fr_value_box_safe_for_t literals_safe_for)
Register a map processor.
Definition map_proc.c:131
FR_TYPE_ETHERNET
@ FR_TYPE_ETHERNET
48 Bit Mac-Address.
Definition merged_model.c:93
FR_TYPE_STRING
@ FR_TYPE_STRING
String of printable characters.
Definition merged_model.c:83
FR_TYPE_UINT32
@ FR_TYPE_UINT32
32 Bit unsigned integer.
Definition merged_model.c:99
FR_TYPE_VOID
@ FR_TYPE_VOID
User data.
Definition merged_model.c:127
FR_TYPE_BOOL
@ FR_TYPE_BOOL
A truth value.
Definition merged_model.c:95
uint32_t
unsigned int uint32_t
Definition merged_model.c:33
ssize_t
long int ssize_t
Definition merged_model.c:24
uint8_t
unsigned char uint8_t
Definition merged_model.c:30
fr_dict_attr_t
Definition merged_model.c:133
fr_dict_t
Definition merged_model.c:198
fr_sbuff_t
Definition merged_model.c:37
fr_value_box_t
Definition merged_model.c:136
request_t
Definition merged_model.c:210
tmpl_t
Definition merged_model.c:225
fr_skip_whitespace
#define fr_skip_whitespace(_p)
Skip whitespace ('\t', '\n', '\v', '\f', '\r', ' ')
Definition misc.h:59
strncasecmp
int strncasecmp(char *s1, char *s2, int n)
Definition missing.c:36
strcasecmp
int strcasecmp(char *s1, char *s2)
Definition missing.c:66
module_ctx_t::env_data
void * env_data
Per call environment data.
Definition module_ctx.h:44
module_ctx_t::mi
module_instance_t const * mi
Instance of the module being instantiated.
Definition module_ctx.h:42
module_ctx_t::thread
void * thread
Thread specific instance data.
Definition module_ctx.h:43
module_thread_inst_ctx_t::el
fr_event_list_t * el
Event list to register any IO handlers and timers against.
Definition module_ctx.h:68
module_detach_ctx_t::mi
module_instance_t * mi
Module instance to detach.
Definition module_ctx.h:57
module_thread_inst_ctx_t::thread
void * thread
Thread instance data.
Definition module_ctx.h:67
module_thread_inst_ctx_t::mi
module_instance_t const * mi
Instance of the module being instantiated.
Definition module_ctx.h:64
module_inst_ctx_t::mi
module_instance_t * mi
Instance of the module being instantiated.
Definition module_ctx.h:51
module_ctx_t
Temporary structure to hold arguments for module calls.
Definition module_ctx.h:41
module_detach_ctx_t
Temporary structure to hold arguments for detach calls.
Definition module_ctx.h:56
module_inst_ctx_t
Temporary structure to hold arguments for instantiation calls.
Definition module_ctx.h:50
module_thread_inst_ctx_t
Temporary structure to hold arguments for thread_instantiation calls.
Definition module_ctx.h:63
module_rlm_xlat_register
xlat_t * module_rlm_xlat_register(TALLOC_CTX *ctx, module_inst_ctx_t const *mctx, char const *name, xlat_func_t func, fr_type_t return_type)
Definition module_rlm.c:257
module_rlm_exfile_init
exfile_t * module_rlm_exfile_init(TALLOC_CTX *ctx, CONF_SECTION *module, uint32_t max_entries, fr_time_delta_t max_idle, bool locking, char const *trigger_prefix, fr_pair_list_t *trigger_args)
Initialise a module specific exfile handle.
Definition module_rlm.c:116
module_rlm_submodule_parse
int module_rlm_submodule_parse(TALLOC_CTX *ctx, void *out, void *parent, CONF_ITEM *ci, conf_parser_t const *rule)
Generic conf_parser_t func for loading drivers.
Definition module_rlm.c:950
module_rlm_s::common
module_t common
Common fields presented by all modules.
Definition module_rlm.h:39
module_rlm_s
Definition module_rlm.h:38
fr_pair_value_strdup
int fr_pair_value_strdup(fr_pair_t *vp, char const *src, bool tainted)
Copy data into an "string" data type.
Definition pair.c:2634
fr_pair_find_by_da
fr_pair_t * fr_pair_find_by_da(fr_pair_list_t const *list, fr_pair_t const *prev, fr_dict_attr_t const *da)
Find the first pair with a matching da.
Definition pair.c:693
fr_pair_afrom_da_nested
fr_pair_t * fr_pair_afrom_da_nested(TALLOC_CTX *ctx, fr_pair_list_t *list, fr_dict_attr_t const *da)
Create a pair (and all intermediate parents), and append it to the list.
Definition pair.c:467
fr_pair_value_from_str
int fr_pair_value_from_str(fr_pair_t *vp, char const *value, size_t inlen, fr_sbuff_unescape_rules_t const *uerules, bool tainted)
Convert string value to native attribute value.
Definition pair.c:2589
radius_legacy_map_cmp
int radius_legacy_map_cmp(request_t *request, map_t const *map)
Definition pairmove.c:790
radius_legacy_map_list_apply
int radius_legacy_map_list_apply(request_t *request, map_list_t const *list, fr_edit_list_t *el)
Definition pairmove.c:771
fr_utf8_char
size_t fr_utf8_char(uint8_t const *str, ssize_t inlen)
Checks for utf-8, taken from http://www.w3.org/International/questions/qa-forms-utf-8.
Definition print.c:39
fr_assert
#define fr_assert(_expr)
Definition rad_assert.h:38
pair_update_request
#define pair_update_request(_attr, _da)
Definition radclient-ng.c:60
REDEBUG
#define REDEBUG(fmt,...)
Definition radclient.h:52
RDEBUG2
#define RDEBUG2(fmt,...)
Definition radclient.h:54
WARN
#define WARN(fmt,...)
Definition radclient.h:47
thread_detach
static void thread_detach(UNUSED void *uctx)
Explicitly cleanup module/xlat resources.
Definition radiusd.c:149
thread_instantiate
static int thread_instantiate(TALLOC_CTX *ctx, fr_event_list_t *el, UNUSED void *uctx)
Create module and xlat per-thread instances.
Definition radiusd.c:132
conf
static rs_t * conf
Definition radsniff.c:53
RETURN_MODULE_NOOP
#define RETURN_MODULE_NOOP
Definition rcode.h:62
RETURN_MODULE_RCODE
#define RETURN_MODULE_RCODE(_rcode)
Definition rcode.h:64
RETURN_MODULE_INVALID
#define RETURN_MODULE_INVALID
Definition rcode.h:59
RLM_MODULE_USER_SECTION_REJECT
#define RLM_MODULE_USER_SECTION_REJECT
Rcodes that translate to a user configurable section failing overall.
Definition rcode.h:72
RETURN_MODULE_OK
#define RETURN_MODULE_OK
Definition rcode.h:57
RETURN_MODULE_FAIL
#define RETURN_MODULE_FAIL
Definition rcode.h:56
rlm_rcode_t
rlm_rcode_t
Return codes indicating the result of the module call.
Definition rcode.h:40
RLM_MODULE_OK
@ RLM_MODULE_OK
The module is OK, continue.
Definition rcode.h:43
RLM_MODULE_FAIL
@ RLM_MODULE_FAIL
Module failed, don't reply.
Definition rcode.h:42
RLM_MODULE_NOTFOUND
@ RLM_MODULE_NOTFOUND
User not found.
Definition rcode.h:47
RLM_MODULE_UPDATED
@ RLM_MODULE_UPDATED
OK (pairs modified).
Definition rcode.h:49
RLM_MODULE_NOOP
@ RLM_MODULE_NOOP
Module succeeded without doing anything.
Definition rcode.h:48
RETURN_MODULE_NOTFOUND
#define RETURN_MODULE_NOTFOUND
Definition rcode.h:61
request_attr_request
fr_dict_attr_t const * request_attr_request
Definition request.c:45
request_attr_reply
fr_dict_attr_t const * request_attr_reply
Definition request.c:46
request_data_get
void * request_data_get(request_t *request, void const *unique_ptr, int unique_int)
Get opaque data from a request.
Definition request_data.c:292
name
static char const * name
Definition rlm_redis_ippool_tool.c:156
sql_group_xlat_call_env_t::user
fr_value_box_t user
Definition rlm_sql.c:248
mod_autz_group_resume
static unlang_action_t mod_autz_group_resume(rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
Resume function called after authorization group / profile expansion of check / reply query tmpl.
Definition rlm_sql.c:1288
sql_redundant_ctx_t::inst
rlm_sql_t const * inst
Module instance.
Definition rlm_sql.c:237
sql_map_verify
static int sql_map_verify(CONF_SECTION *cs, UNUSED void const *mod_inst, UNUSED void *proc_inst, tmpl_t const *src, UNUSED map_list_t const *maps)
Definition rlm_sql.c:703
mod_detach
static int mod_detach(module_detach_ctx_t const *mctx)
Definition rlm_sql.c:2066
sql_group_ctx_t::query_ctx
fr_sql_query_t * query_ctx
Query context.
Definition rlm_sql.c:174
sql_group_xlat_ctx_t::group_ctx
sql_group_ctx_t * group_ctx
Definition rlm_sql.c:1114
mod_sql_redundant_resume
static unlang_action_t mod_sql_redundant_resume(rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
Resume function called after expansion of next query in a redundant list of queries.
Definition rlm_sql.c:1844
sql_map_ctx_t::inst
rlm_sql_t const * inst
Definition rlm_sql.c:203
sql_group_xlat_call_env_t::membership_query
tmpl_t * membership_query
Definition rlm_sql.c:249
sql_group_ctx_t::inst
rlm_sql_t const * inst
Module instance.
Definition rlm_sql.c:172
sql_redundant_ctx_t::call_env
sql_redundant_call_env_t * call_env
Call environment data.
Definition rlm_sql.c:240
QUERY_ESCAPE
#define QUERY_ESCAPE
Definition rlm_sql.c:2376
sql_autz_call_env_t::check_query
tmpl_t * check_query
Tmpl to expand to form authorize_check_query.
Definition rlm_sql.c:112
fall_through
static sql_fall_through_t fall_through(map_list_t *maps)
Definition rlm_sql.c:302
sql_autz_ctx_t::group
rlm_sql_grouplist_t * group
Current group being processed.
Definition rlm_sql.c:192
sql_redundant_call_env_t::filename
fr_value_box_t filename
File name to write SQL logs to.
Definition rlm_sql.c:210
_sql_map_proc_get_value
static int _sql_map_proc_get_value(TALLOC_CTX *ctx, fr_pair_list_t *out, request_t *request, map_t const *map, void *uctx)
Converts a string value into a fr_pair_t.
Definition rlm_sql.c:678
sql_redundant_ctx_t::request
request_t * request
Request being processed.
Definition rlm_sql.c:238
sql_redundant_ctx_t::query_no
size_t query_no
Current query number.
Definition rlm_sql.c:241
authorize_method_env
static const call_env_method_t authorize_method_env
Definition rlm_sql.c:2381
sql_autz_call_env_t::reply_query
tmpl_t * reply_query
Tmpl to expand to form authorize_reply_query.
Definition rlm_sql.c:113
mod_map_resume
static unlang_action_t mod_map_resume(rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
Process the results of an SQL map query.
Definition rlm_sql.c:725
_sql_escape_uxtx_free
static int _sql_escape_uxtx_free(void *uctx)
Definition rlm_sql.c:275
attr_sql_user_name
static fr_dict_attr_t const * attr_sql_user_name
Definition rlm_sql.c:97
SQL_SAFE_FOR
#define SQL_SAFE_FOR
Definition rlm_sql.c:47
check_map_process
static int check_map_process(request_t *request, map_list_t *check_map, map_list_t *reply_map)
Process a "check" map.
Definition rlm_sql.c:1223
sql_unset_user
#define sql_unset_user(_i, _r)
Definition rlm_sql.c:1049
attr_fall_through
static fr_dict_attr_t const * attr_fall_through
Definition rlm_sql.c:96
logfile_call_env_parse
static int logfile_call_env_parse(TALLOC_CTX *ctx, call_env_parsed_head_t *out, tmpl_rules_t const *t_rules, CONF_ITEM *cc, call_env_ctx_t const *cec, call_env_parser_t const *rule)
dict_freeradius
static fr_dict_t const * dict_freeradius
Definition rlm_sql.c:88
sql_group_xlat_resume
static xlat_action_t sql_group_xlat_resume(UNUSED TALLOC_CTX *ctx, UNUSED fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, UNUSED fr_value_box_list_t *in)
Run SQL query for group membership to return list of groups.
Definition rlm_sql.c:1151
sql_autz_ctx_t::map_ctx
fr_sql_map_ctx_t * map_ctx
Context used for retrieving attribute value pairs as a map list.
Definition rlm_sql.c:195
sql_xlat_select_resume
static xlat_action_t sql_xlat_select_resume(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, UNUSED fr_value_box_list_t *in)
Definition rlm_sql.c:490
sql_set_user
static void sql_set_user(rlm_sql_t const *inst, request_t *request, fr_value_box_t *user)
Definition rlm_sql.c:1027
call_env_parse
static int call_env_parse(TALLOC_CTX *ctx, void *out, tmpl_rules_t const *t_rules, CONF_ITEM *ci, call_env_ctx_t const *cec, UNUSED call_env_parser_t const *rule)
Custom parser for sql call env queries.
Definition rlm_sql.c:2351
sql_group_ctx_t::groups
rlm_sql_grouplist_t * groups
List of groups retrieved.
Definition rlm_sql.c:175
sql_xlat_call_env_t::filename
fr_value_box_t filename
Definition rlm_sql.c:126
sql_group_xlat_query_resume
static xlat_action_t sql_group_xlat_query_resume(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, UNUSED request_t *request, fr_value_box_list_t *in)
Compare list of groups returned from SQL query to xlat argument.
Definition rlm_sql.c:1121
attr_expr_bool_enum
static fr_dict_attr_t const * attr_expr_bool_enum
Definition rlm_sql.c:99
sql_autz_call_env_t::user
fr_value_box_t user
Expansion of the sql_user_name.
Definition rlm_sql.c:111
sql_autz_ctx_t::sql_group
fr_pair_t * sql_group
Pair to update with group being processed.
Definition rlm_sql.c:193
sql_redundant_ctx_t::trunk
trunk_t * trunk
Trunk connection for queries.
Definition rlm_sql.c:239
SQL_AUTZ_STAGE_PROFILE
#define SQL_AUTZ_STAGE_PROFILE
Definition rlm_sql.c:167
sql_xlat_query_resume
static xlat_action_t sql_xlat_query_resume(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, UNUSED fr_value_box_list_t *in)
Definition rlm_sql.c:449
mod_sql_redundant
static unlang_action_t mod_sql_redundant(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
Generic module call for failing between a bunch of queries.
Definition rlm_sql.c:1870
sql_autz_ctx_t::check_tmp
map_list_t check_tmp
List to store check items before processing.
Definition rlm_sql.c:187
submodule_parse
static int submodule_parse(TALLOC_CTX *ctx, void *out, void *parent, CONF_ITEM *ci, conf_parser_t const *rule)
Definition rlm_sql.c:261
mod_bootstrap
static int mod_bootstrap(module_inst_ctx_t const *mctx)
Definition rlm_sql.c:2174
sql_group_ctx_t::query
fr_value_box_t * query
Query string used for evaluating group membership.
Definition rlm_sql.c:173
sql_map_ctx_t::query_ctx
fr_sql_query_t * query_ctx
Definition rlm_sql.c:205
sql_autz_ctx_t::call_env
sql_autz_call_env_t * call_env
Call environment data.
Definition rlm_sql.c:186
rlm_sql
module_rlm_t rlm_sql
Definition rlm_sql.c:2395
xlat_method_env
static const call_env_method_t xlat_method_env
Definition rlm_sql.c:129
sql_autz_status_t
sql_autz_status_t
Status of the authorization process.
Definition rlm_sql.c:148
SQL_AUTZ_PROFILE_REPLY
@ SQL_AUTZ_PROFILE_REPLY
Running profile reply query.
Definition rlm_sql.c:162
SQL_AUTZ_CHECK
@ SQL_AUTZ_CHECK
Running user check query.
Definition rlm_sql.c:149
SQL_AUTZ_GROUP_MEMB_RESUME
@ SQL_AUTZ_GROUP_MEMB_RESUME
Completed group membership query.
Definition rlm_sql.c:154
SQL_AUTZ_REPLY
@ SQL_AUTZ_REPLY
Running user reply query.
Definition rlm_sql.c:151
SQL_AUTZ_GROUP_MEMB
@ SQL_AUTZ_GROUP_MEMB
Running group membership query.
Definition rlm_sql.c:153
SQL_AUTZ_PROFILE_REPLY_RESUME
@ SQL_AUTZ_PROFILE_REPLY_RESUME
Completed profile reply query.
Definition rlm_sql.c:163
SQL_AUTZ_PROFILE_CHECK_RESUME
@ SQL_AUTZ_PROFILE_CHECK_RESUME
Completed profile check query.
Definition rlm_sql.c:161
SQL_AUTZ_CHECK_RESUME
@ SQL_AUTZ_CHECK_RESUME
Completed user check query.
Definition rlm_sql.c:150
SQL_AUTZ_PROFILE_START
@ SQL_AUTZ_PROFILE_START
Starting processing user profiles.
Definition rlm_sql.c:159
SQL_AUTZ_GROUP_REPLY_RESUME
@ SQL_AUTZ_GROUP_REPLY_RESUME
Completed group reply query.
Definition rlm_sql.c:158
SQL_AUTZ_REPLY_RESUME
@ SQL_AUTZ_REPLY_RESUME
Completed user reply query.
Definition rlm_sql.c:152
SQL_AUTZ_GROUP_CHECK
@ SQL_AUTZ_GROUP_CHECK
Running group check query.
Definition rlm_sql.c:155
SQL_AUTZ_PROFILE_CHECK
@ SQL_AUTZ_PROFILE_CHECK
Running profile check query.
Definition rlm_sql.c:160
SQL_AUTZ_GROUP_REPLY
@ SQL_AUTZ_GROUP_REPLY
Running group reply query.
Definition rlm_sql.c:157
SQL_AUTZ_GROUP_CHECK_RESUME
@ SQL_AUTZ_GROUP_CHECK_RESUME
Completed group check query.
Definition rlm_sql.c:156
sql_xlat_escape
static int sql_xlat_escape(request_t *request, fr_value_box_t *vb, void *uctx)
Escape a tainted VB used as an xlat argument.
Definition rlm_sql.c:341
sql_autz_ctx_t::inst
rlm_sql_t const * inst
Module instance.
Definition rlm_sql.c:182
SQL_AUTZ_STAGE_GROUP
#define SQL_AUTZ_STAGE_GROUP
Definition rlm_sql.c:166
sql_autz_call_env_t::group_reply_query
tmpl_t * group_reply_query
Tmpl to expand to form authorize_group_reply_query.
Definition rlm_sql.c:116
sql_autz_call_env_t::group_check_query
tmpl_t * group_check_query
Tmpl to expand to form authorize_group_check_query.
Definition rlm_sql.c:115
sql_group_ctx_t::num_groups
int num_groups
How many groups have been retrieved.
Definition rlm_sql.c:176
sql_autz_ctx_free
static int sql_autz_ctx_free(sql_autz_ctx_t *to_free)
Definition rlm_sql.c:1261
mod_sql_redundant_query_resume
static unlang_action_t mod_sql_redundant_query_resume(rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
Resume function called after executing an SQL query in a redundant list of queries.
Definition rlm_sql.c:1763
mod_map_proc
static unlang_action_t mod_map_proc(rlm_rcode_t *p_result, void const *mod_inst, UNUSED void *proc_inst, request_t *request, fr_value_box_list_t *query, map_list_t const *maps)
Executes a SELECT query and maps the result to server attributes.
Definition rlm_sql.c:865
sql_autz_ctx_t::trunk
trunk_t * trunk
Trunk connection for current authorization.
Definition rlm_sql.c:185
sql_redundant_ctx_t::query_vb
fr_value_box_t * query_vb
Current query string.
Definition rlm_sql.c:243
sql_redundant_ctx_t::query
fr_value_box_list_t query
Where expanded query tmpl will be written.
Definition rlm_sql.c:242
sql_autz_ctx_t::reply_tmp
map_list_t reply_tmp
List to store reply items before processing.
Definition rlm_sql.c:188
mod_authorize
static unlang_action_t mod_authorize(rlm_rcode_t *p_result, module_ctx_t const *mctx, request_t *request)
Start of module authorize method.
Definition rlm_sql.c:1675
sql_autz_ctx_t::status
sql_autz_status_t status
Current status of the authorization.
Definition rlm_sql.c:189
sql_autz_ctx_t::request
request_t * request
Request being processed.
Definition rlm_sql.c:183
sql_autz_ctx_t::profile
fr_pair_t * profile
Current profile being processed.
Definition rlm_sql.c:194
MAX_SQL_FIELD_INDEX
#define MAX_SQL_FIELD_INDEX
Definition rlm_sql.c:715
rlm_sql_dict_attr
fr_dict_attr_autoload_t rlm_sql_dict_attr[]
Definition rlm_sql.c:102
sql_group_xlat_ctx_t::query
fr_value_box_list_t query
Definition rlm_sql.c:1113
mod_thread_instantiate
static int mod_thread_instantiate(module_thread_inst_ctx_t const *mctx)
Initialise thread specific data structure.
Definition rlm_sql.c:2318
sql_escape_uctx_alloc
static void * sql_escape_uctx_alloc(UNUSED request_t *request, void const *uctx)
Definition rlm_sql.c:284
sql_redundant_ctx_t::query_ctx
fr_sql_query_t * query_ctx
Query context for current query.
Definition rlm_sql.c:244
sql_autz_ctx_t::rcode
rlm_rcode_t rcode
Module return code.
Definition rlm_sql.c:184
sql_redundant_call_env_t::query
tmpl_t ** query
Array of tmpls for list of queries to run.
Definition rlm_sql.c:211
rlm_sql_grouplist_s::next
rlm_sql_grouplist_t * next
Definition rlm_sql.c:1054
accounting_method_env
static const call_env_method_t accounting_method_env
Definition rlm_sql.c:214
sql_redundant_ctx_free
static int sql_redundant_ctx_free(sql_redundant_ctx_t *to_free)
Tidy up when freeing an SQL redundant context.
Definition rlm_sql.c:1745
group_xlat_method_env
static const call_env_method_t group_xlat_method_env
Definition rlm_sql.c:252
sql_autz_ctx_t::group_ctx
sql_group_ctx_t * group_ctx
Context used for retrieving user group membership.
Definition rlm_sql.c:196
sql_autz_call_env_t::membership_query
tmpl_t * membership_query
Tmpl to expand to form group_membership_query.
Definition rlm_sql.c:114
sql_box_escape
static int sql_box_escape(fr_value_box_t *vb, void *uctx)
Definition rlm_sql.c:419
module_config
static const conf_parser_t module_config[]
Definition rlm_sql.c:57
rlm_sql_grouplist_s::name
char * name
Definition rlm_sql.c:1053
sql_autz_ctx_t::query
fr_value_box_list_t query
Where expanded query tmpls will be written.
Definition rlm_sql.c:190
sql_autz_ctx_t::user_found
bool user_found
Has the user been found anywhere?
Definition rlm_sql.c:191
attr_user_profile
static fr_dict_attr_t const * attr_user_profile
Definition rlm_sql.c:98
send_method_env
static const call_env_method_t send_method_env
Definition rlm_sql.c:224
rlm_sql_dict
fr_dict_autoload_t rlm_sql_dict[]
Definition rlm_sql.c:91
rlm_sql_boot_t::group_da
fr_dict_attr_t const * group_da
Definition rlm_sql.c:54
mod_thread_detach
static int mod_thread_detach(module_thread_inst_ctx_t const *mctx)
Definition rlm_sql.c:2337
mod_instantiate
static int mod_instantiate(module_inst_ctx_t const *mctx)
Definition rlm_sql.c:2083
sql_redundant_call_env_t::user
fr_value_box_t user
Expansion of sql_user_name.
Definition rlm_sql.c:209
query_call_env_parse
static int query_call_env_parse(TALLOC_CTX *ctx, call_env_parsed_head_t *out, tmpl_rules_t const *t_rules, CONF_ITEM *cc, call_env_ctx_t const *cec, call_env_parser_t const *rule)
sql_get_grouplist_resume
static unlang_action_t sql_get_grouplist_resume(rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
Definition rlm_sql.c:1057
sql_escape_func
static ssize_t sql_escape_func(request_t *, char *out, size_t outlen, char const *in, void *arg)
sql_get_grouplist
static unlang_action_t sql_get_grouplist(sql_group_ctx_t *group_ctx, trunk_t *trunk, request_t *request)
Definition rlm_sql.c:1096
sql_map_ctx_t::maps
map_list_t const * maps
Definition rlm_sql.c:204
mod_authorize_resume
static unlang_action_t mod_authorize_resume(rlm_rcode_t *p_result, int *priority, request_t *request, void *uctx)
Resume function called after authorization check / reply tmpl expansion.
Definition rlm_sql.c:1519
rlm_sql_boot_t
Definition rlm_sql.c:53
rlm_sql_grouplist_s
Definition rlm_sql.c:1052
sql_autz_call_env_t
Definition rlm_sql.c:110
sql_autz_ctx_t
Context for SQL authorization.
Definition rlm_sql.c:181
sql_group_ctx_t
Context for group membership query evaluation.
Definition rlm_sql.c:171
sql_group_xlat_call_env_t
Definition rlm_sql.c:247
sql_group_xlat_ctx_t
Definition rlm_sql.c:1112
sql_map_ctx_t
Context for SQL maps.
Definition rlm_sql.c:202
sql_redundant_call_env_t
Definition rlm_sql.c:208
sql_redundant_ctx_t
Context for tracking redundant SQL query sets.
Definition rlm_sql.c:236
sql_xlat_call_env_t
Definition rlm_sql.c:125
rlm_sql.h
Prototypes and functions for the SQL module.
fr_sql_query_alloc
fr_sql_query_t * fr_sql_query_alloc(TALLOC_CTX *ctx, rlm_sql_t const *inst, request_t *request, trunk_t *trunk, char const *query_str, fr_sql_query_type_t type)
Allocate an sql query structure.
Definition sql.c:184
rlm_sql_thread_t::trunk
trunk_t * trunk
Trunk connection for this thread.
Definition rlm_sql.h:110
rlm_sql_thread_t::inst
rlm_sql_t const * inst
Module instance data.
Definition rlm_sql.h:111
RLM_SQL_MULTI_QUERY_CONN
#define RLM_SQL_MULTI_QUERY_CONN
Can support multiple queries on a single connection.
Definition rlm_sql.h:169
fr_sql_query_t::type
fr_sql_query_type_t type
Type of query.
Definition rlm_sql.h:139
rlm_sql_fetch_row
unlang_action_t rlm_sql_fetch_row(rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
Call the driver's sql_fetch_row function.
Definition sql.c:80
rlm_sql_query_log
void rlm_sql_query_log(rlm_sql_t const *inst, char const *filename, char const *query)
Definition sql.c:364
fr_sql_query_t::inst
rlm_sql_t const * inst
Module instance for this query.
Definition rlm_sql.h:133
sql_get_map_list
unlang_action_t sql_get_map_list(request_t *request, fr_sql_map_ctx_t *map_ctx, trunk_t *trunk)
Submit the query to get any user / group check or reply pairs.
Definition sql.c:347
sql_rcode_t
sql_rcode_t
Action to take at end of an SQL query.
Definition rlm_sql.h:44
RLM_SQL_QUERY_INVALID
@ RLM_SQL_QUERY_INVALID
Query syntax error.
Definition rlm_sql.h:45
RLM_SQL_ALT_QUERY
@ RLM_SQL_ALT_QUERY
Key constraint violation, use an alternative query.
Definition rlm_sql.h:49
RLM_SQL_RECONNECT
@ RLM_SQL_RECONNECT
Stale connection, should reconnect.
Definition rlm_sql.h:48
RLM_SQL_ERROR
@ RLM_SQL_ERROR
General connection/server error.
Definition rlm_sql.h:46
RLM_SQL_OK
@ RLM_SQL_OK
Success.
Definition rlm_sql.h:47
RLM_SQL_NO_MORE_ROWS
@ RLM_SQL_NO_MORE_ROWS
No more rows available.
Definition rlm_sql.h:50
SQL_QUERY_SELECT
@ SQL_QUERY_SELECT
Definition rlm_sql.h:116
SQL_QUERY_OTHER
@ SQL_QUERY_OTHER
Definition rlm_sql.h:117
rlm_sql_trunk_query
unlang_action_t rlm_sql_trunk_query(rlm_rcode_t *p_result, UNUSED int *priority, request_t *request, void *uctx)
Submit an SQL query using a trunk connection.
Definition sql.c:235
fr_sql_map_ctx_t::ctx
TALLOC_CTX * ctx
To allocate map entries in.
Definition rlm_sql.h:149
rlm_sql_thread_t::sql_escape_arg
void * sql_escape_arg
Thread specific argument to be passed to escape function.
Definition rlm_sql.h:112
sql_fall_through_t
sql_fall_through_t
Definition rlm_sql.h:53
FALL_THROUGH_DEFAULT
@ FALL_THROUGH_DEFAULT
Definition rlm_sql.h:56
FALL_THROUGH_YES
@ FALL_THROUGH_YES
Definition rlm_sql.h:55
rlm_sql_row_t
char ** rlm_sql_row_t
Definition rlm_sql.h:59
fr_sql_map_ctx_t::rows
int rows
How many rows the query returned.
Definition rlm_sql.h:155
rlm_sql_print_error
void rlm_sql_print_error(rlm_sql_t const *inst, request_t *request, fr_sql_query_t *query_ctx, bool force_debug)
Retrieve any errors from the SQL driver.
Definition sql.c:123
fr_sql_query_t::row
rlm_sql_row_t row
Row data from the last query.
Definition rlm_sql.h:142
fr_sql_query_t::rcode
sql_rcode_t rcode
Result code.
Definition rlm_sql.h:141
fr_sql_map_ctx_t::query
fr_value_box_t * query
Query string used for fetching pairs.
Definition rlm_sql.h:151
rlm_sql_escape_uctx_t::sql
rlm_sql_t const * sql
Definition rlm_sql.h:193
sql_rcode_description_table
fr_table_num_sorted_t const sql_rcode_description_table[]
Definition sql.c:45
fr_sql_map_ctx_t
Context used when fetching attribute value pairs as a map list.
Definition rlm_sql.h:148
fr_sql_query_t
Definition rlm_sql.h:132
rlm_sql_config_t
Definition rlm_sql.h:73
rlm_sql_escape_uctx_t
Definition rlm_sql.h:192
rlm_sql_thread_t
Definition rlm_sql.h:109
fr_sbuff_trim_talloc
int fr_sbuff_trim_talloc(fr_sbuff_t *sbuff, size_t len)
Trim a talloced sbuff to the minimum length required to represent the contained string.
Definition sbuff.c:419
FR_SBUFF_IN
#define FR_SBUFF_IN(_start, _len_or_end)
fr_sbuff_buff
#define fr_sbuff_buff(_sbuff_or_marker)
fr_sbuff_uctx_talloc_t
Talloc sbuff extension structure.
Definition sbuff.h:139
section_name_str
static char const * section_name_str(char const *name)
Return a printable string for the section name.
Definition section.h:98
SECTION_NAME
#define SECTION_NAME(_name1, _name2)
Define a section name consisting of a verb and a noun.
Definition section.h:40
section_name_t::name2
char const * name2
Second section name. Usually a packet type like 'access-request', 'access-accept',...
Definition section.h:46
section_name_t::name1
char const * name1
First section name. Usually a verb like 'recv', 'send', etc...
Definition section.h:45
module_instance_s::name
char const * name
Instance name e.g. user_database.
Definition module.h:335
module_instance_s::conf
CONF_SECTION * conf
Module's instance configuration.
Definition module.h:329
module_instance_s::data
void * data
Module's instance data.
Definition module.h:271
module_instance_s::boot
void * boot
Data allocated during the boostrap phase.
Definition module.h:274
module_thread_instance_s::data
void * data
Thread specific instance data.
Definition module.h:352
module_thread
static module_thread_instance_t * module_thread(module_instance_t const *mi)
Retrieve module/thread specific instance for a module.
Definition module.h:481
MODULE_BINDING_TERMINATOR
#define MODULE_BINDING_TERMINATOR
Terminate a module binding list.
Definition module.h:151
module_s::boot_size
size_t boot_size
Size of the module's bootstrap data.
Definition module.h:200
module_instance_s::exported
module_t * exported
Public module structure.
Definition module.h:276
module_instance_s
Module instance data.
Definition module.h:265
module_method_binding_s
Named methods exported by a module.
Definition module.h:173
pair_append_control
#define pair_append_control(_attr, _da)
Allocate and append a fr_pair_t to the control list.
Definition pair.h:57
pair_delete_request
#define pair_delete_request(_pair_or_da)
Delete a fr_pair_t in the request list.
Definition pair.h:172
tmpl_rules_s::escape
tmpl_escape_t escape
How escaping should be handled during evaluation.
Definition tmpl.h:364
tmpl_resolve
int tmpl_resolve(tmpl_t *vpt, tmpl_res_rules_t const *tr_rules))
Attempt to resolve functions and attributes in xlats and attribute references.
Definition tmpl_tokenize.c:4239
tmpl_value
#define tmpl_value(_tmpl)
Definition tmpl.h:954
tmpl_rules_s::literals_safe_for
fr_value_box_safe_for_t literals_safe_for
safe_for value assigned to literal values in xlats, execs, and data.
Definition tmpl.h:362
tmpl_is_attr
#define tmpl_is_attr(vpt)
Definition tmpl.h:213
tmpl_afrom_substr
ssize_t tmpl_afrom_substr(TALLOC_CTX *ctx, tmpl_t **out, fr_sbuff_t *in, fr_token_t quote, fr_sbuff_parse_rules_t const *p_rules, tmpl_rules_t const *t_rules))
Convert an arbitrary string into a tmpl_t.
Definition tmpl_tokenize.c:3224
tmpl_is_data
#define tmpl_is_data(vpt)
Definition tmpl.h:211
tmpl_value_type
#define tmpl_value_type(_tmpl)
Definition tmpl.h:956
tmpl_rules_s::attr
tmpl_attr_rules_t attr
Rules/data for parsing attribute references.
Definition tmpl.h:350
tmpl_attr_tail_da
static fr_dict_attr_t const * tmpl_attr_tail_da(tmpl_t const *vpt)
Return the last attribute reference da.
Definition tmpl.h:818
tmpl_expand
#define tmpl_expand(_out, _buff, _buff_len, _request, _vpt, _escape, _escape_ctx)
Expand a tmpl to a C type, using existing storage to hold variably sized types.
Definition tmpl.h:1066
tmpl_needs_resolving
#define tmpl_needs_resolving(vpt)
Definition tmpl.h:228
tmpl_res_rules_s
Similar to tmpl_rules_t, but used to specify parameters that may change during subsequent resolution ...
Definition tmpl.h:379
tmpl_rules_s
Optional arguments passed to vp_tmpl functions.
Definition tmpl.h:347
snprintf
PUBLIC int snprintf(char *string, size_t length, char *format, va_alist)
Definition snprintf.c:689
count
return count
Definition module.c:163
module_instantiate
int module_instantiate(module_instance_t *instance)
Manually complete module setup by calling its instantiate function.
Definition module.c:1197
inst
eap_aka_sim_process_conf_t * inst
Definition state_machine.c:3620
fr_pair_value_bstrdup_buffer
fr_pair_value_bstrdup_buffer(vp, eap_session->identity, true)
vp
fr_pair_t * vp
Definition state_machine.c:2262
eap_aka_sim_process_conf_t::type
eap_type_t type
The preferred EAP-Type of this instance of the EAP-SIM/AKA/AKA' state machine.
Definition state_machine.h:188
map_s
Value pair map.
Definition map.h:77
map_s::op
fr_token_t op
The operator that controls insertion of the dst attribute.
Definition map.h:82
map_s::lhs
tmpl_t * lhs
Typically describes the attribute to add, modify or compare.
Definition map.h:78
map_s::rhs
tmpl_t * rhs
Typically describes a literal value or a src attribute to copy or compare.
Definition map.h:79
pair_list_s
Definition pair.h:52
rlm_sql_driver_t
Definition rlm_sql.h:196
sql_inst
Definition rlm_sql.h:223
sql_inst::sql_escape_arg
void * sql_escape_arg
Instance specific argument to be passed to escape function.
Definition rlm_sql.h:235
tmpl_attr_rules_s::dict_def
fr_dict_t const * dict_def
Default dictionary to use with unqualified attribute references.
Definition tmpl.h:287
value_pair_s
Stores an attribute, a value and various bits of other data.
Definition pair.h:68
value_pair_s::da
fr_dict_attr_t const *_CONST da
Dictionary attribute defines the attribute number, vendor and type of the pair.
Definition pair.h:69
fr_table_str_by_value
#define fr_table_str_by_value(_table, _number, _def)
Convert an integer to a string.
Definition table.h:772
talloc_typed_strdup
char * talloc_typed_strdup(TALLOC_CTX *ctx, char const *p)
Call talloc_strdup, setting the type on the new chunk correctly.
Definition talloc.c:445
talloc_get_type_abort_const
#define talloc_get_type_abort_const
Definition talloc.h:282
fr_time_delta_from_sec
static fr_time_delta_t fr_time_delta_from_sec(int64_t sec)
Definition time.h:590
unlang_tmpl_push
int unlang_tmpl_push(TALLOC_CTX *ctx, fr_value_box_list_t *out, request_t *request, tmpl_t const *tmpl, unlang_tmpl_args_t *args)
Push a tmpl onto the stack for evaluation.
Definition tmpl.c:262
tmpl_escape_t::func
fr_value_box_escape_t func
How to escape when returned from evaluation.
Definition tmpl_escape.h:81
TMPL_ESCAPE_UCTX_ALLOC_FUNC
@ TMPL_ESCAPE_UCTX_ALLOC_FUNC
A new uctx of the specified size and type is allocated and pre-populated by memcpying uctx....
Definition tmpl_escape.h:35
TMPL_ESCAPE_PRE_CONCAT
@ TMPL_ESCAPE_PRE_CONCAT
Pre-concatenation escaping is useful for DSLs where elements of the expansion are static,...
Definition tmpl_escape.h:61
tmpl_escape_t::uctx
struct tmpl_escape_t::@74 uctx
tmpl_escape_t::safe_for
fr_value_box_safe_for_t safe_for
Value to set on boxes which have been escaped by the fr_value_box_escape_t function.
Definition tmpl_escape.h:83
tmpl_escape_t::mode
tmpl_escape_mode_t mode
Whether to apply escape function after concatenation, i.e.
Definition tmpl_escape.h:86
tmpl_escape_t
Escaping rules for tmpls.
Definition tmpl_escape.h:80
fr_assignment_op
const bool fr_assignment_op[T_TOKEN_LAST]
Definition token.c:168
fr_tokens
char const * fr_tokens[T_TOKEN_LAST]
Definition token.c:78
fr_comparison_op
const bool fr_comparison_op[T_TOKEN_LAST]
Definition token.c:198
T_OP_CMP_TRUE
@ T_OP_CMP_TRUE
Definition token.h:104
T_OP_CMP_FALSE
@ T_OP_CMP_FALSE
Definition token.h:105
trunk_alloc
trunk_t * trunk_alloc(TALLOC_CTX *ctx, fr_event_list_t *el, trunk_io_funcs_t const *funcs, trunk_conf_t const *conf, char const *log_prefix, void const *uctx, bool delay_start)
Allocate a new collection of connections.
Definition trunk.c:4945
trunk_config
conf_parser_t const trunk_config[]
Config parser definitions to populate a trunk_conf_t.
Definition trunk.c:315
trunk_s
Main trunk management handle.
Definition trunk.c:198
expand_rhs
static int expand_rhs(request_t *request, unlang_frame_state_edit_t *state, edit_map_t *current)
Definition edit.c:1115
unlang_xlat_yield
xlat_action_t unlang_xlat_yield(request_t *request, xlat_func_t resume, xlat_func_signal_t signal, fr_signal_t sigmask, void *rctx)
Yield a request back to the interpreter from within a module.
Definition xlat.c:573
xlat_arg_parser_t::type
fr_type_t type
Type to cast argument to.
Definition xlat.h:155
xlat_transparent
xlat_action_t xlat_transparent(UNUSED TALLOC_CTX *ctx, fr_dcursor_t *out, UNUSED xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *args)
XLAT_ARG_PARSER_TERMINATOR
#define XLAT_ARG_PARSER_TERMINATOR
Definition xlat.h:168
xlat_action_t
xlat_action_t
Definition xlat.h:37
XLAT_ACTION_FAIL
@ XLAT_ACTION_FAIL
An xlat function failed.
Definition xlat.h:44
XLAT_ACTION_YIELD
@ XLAT_ACTION_YIELD
An xlat function pushed a resume frame onto the stack.
Definition xlat.h:42
XLAT_ACTION_PUSH_UNLANG
@ XLAT_ACTION_PUSH_UNLANG
An xlat function pushed an unlang frame onto the unlang stack.
Definition xlat.h:39
XLAT_ACTION_DONE
@ XLAT_ACTION_DONE
We're done evaluating this level of nesting.
Definition xlat.h:43
xlat_arg_parser_t
Definition for a single argument consumend by an xlat function.
Definition xlat.h:147
parent
static fr_slen_t parent
Definition pair.h:851
fr_strerror_printf_push
#define fr_strerror_printf_push(_fmt,...)
Add a message to an existing stack of messages at the tail.
Definition strerror.h:84
fr_type_is_structural
#define fr_type_is_structural(_x)
Definition types.h:371
FR_TYPE_IP
#define FR_TYPE_IP
Definition types.h:288
FR_TYPE_NUMERIC
#define FR_TYPE_NUMERIC
Definition types.h:286
value_parse_rules_quoted
fr_sbuff_parse_rules_t const * value_parse_rules_quoted[T_TOKEN_LAST]
Parse rules for quoted strings.
Definition value.c:606
fr_value_box_cast_in_place
int fr_value_box_cast_in_place(TALLOC_CTX *ctx, fr_value_box_t *vb, fr_type_t dst_type, fr_dict_attr_t const *dst_enumv)
Convert one type of fr_value_box_t to another in place.
Definition value.c:3572
fr_value_box_clear_value
void fr_value_box_clear_value(fr_value_box_t *data)
Clear/free any existing value.
Definition value.c:3681
fr_value_box_strdup
int fr_value_box_strdup(TALLOC_CTX *ctx, fr_value_box_t *dst, fr_dict_attr_t const *enumv, char const *src, bool tainted)
Copy a nul terminated string to a fr_value_box_t.
Definition value.c:3927
fr_value_box_strdup_shallow
void fr_value_box_strdup_shallow(fr_value_box_t *dst, fr_dict_attr_t const *enumv, char const *src, bool tainted)
Assign a buffer containing a nul terminated string to a box, but don't copy it.
Definition value.c:4036
fr_value_box_list_concat_in_place
int fr_value_box_list_concat_in_place(TALLOC_CTX *ctx, fr_value_box_t *out, fr_value_box_list_t *list, fr_type_t type, fr_value_box_list_action_t proc_action, bool flatten, size_t max_size)
Concatenate a list of value boxes.
Definition value.c:5823
FR_VALUE_BOX_LIST_FREE
@ FR_VALUE_BOX_LIST_FREE
Definition value.h:221
fr_value_box_alloc
#define fr_value_box_alloc(_ctx, _type, _enumv)
Allocate a value box of a specific type.
Definition value.h:621
fr_value_box_mark_safe_for
#define fr_value_box_mark_safe_for(_box, _safe_for)
Definition value.h:1048
fr_box_strvalue_buffer
#define fr_box_strvalue_buffer(_val)
Definition value.h:289
fr_value_box_is_safe_for
#define fr_value_box_is_safe_for(_box, _safe_for)
Definition value.h:1055
fr_value_box_safe_for_t
uintptr_t fr_value_box_safe_for_t
Escaping that's been applied to a value box.
Definition value.h:155
nonnull
int nonnull(2, 5))
fr_value_box_alloc_null
#define fr_value_box_alloc_null(_ctx)
Allocate a value box for later use with a value assignment function.
Definition value.h:632
out
static size_t char ** out
Definition value.h:997
xlat_ctx
static TALLOC_CTX * xlat_ctx
Definition xlat_builtin.c:65
xlat_ctx_s::rctx
void * rctx
Resume context.
Definition xlat_ctx.h:54
xlat_ctx_s::env_data
void * env_data
Expanded call env data.
Definition xlat_ctx.h:53
xlat_ctx_s::mctx
module_ctx_t const * mctx
Synthesised module calling ctx.
Definition xlat_ctx.h:52
xlat_ctx_s
An xlat calling ctx.
Definition xlat_ctx.h:49
xlat_func_flags_set
void xlat_func_flags_set(xlat_t *x, xlat_func_flags_t flags)
Specify flags that alter the xlat's behaviour.
Definition xlat_func.c:402
xlat_func_args_set
int xlat_func_args_set(xlat_t *x, xlat_arg_parser_t const args[])
Register the arguments of an xlat.
Definition xlat_func.c:365
xlat_func_call_env_set
void xlat_func_call_env_set(xlat_t *x, call_env_method_t const *env_method)
Register call environment of an xlat.
Definition xlat_func.c:392
xlat_func_safe_for_set
#define xlat_func_safe_for_set(_xlat, _escaped)
Set the escaped values for output boxes.
Definition xlat_func.h:82
XLAT_FUNC_FLAG_PURE
@ XLAT_FUNC_FLAG_PURE
Definition xlat_func.h:38
xlat_s
Definition xlat_priv.h:59
Generated by   doxygen 1.9.8