/*
* Debug print a map / VP
*/
static void debug_map(REQUEST *request, value_pair_map_t const *map, VALUE_PAIR const *vp)
{
char *value;
char buffer[1024];
switch (map->src->type) {
/*
* Just print the value being assigned
*/
default:
case VPT_TYPE_LITERAL:
vp_prints_value(buffer, sizeof(buffer), vp, '\'');
value = buffer;
break;
case VPT_TYPE_XLAT:
case VPT_TYPE_XLAT_STRUCT:
vp_prints_value(buffer, sizeof(buffer), vp, '"');
value = buffer;
break;
case VPT_TYPE_DATA:
vp_prints_value(buffer, sizeof(buffer), vp, '\'');
value = buffer;
break;
/*
* Just printing the value doesn't make sense, but we still
* want to know what it was...
*/
case VPT_TYPE_LIST:
vp_prints_value(buffer, sizeof(buffer), vp, '\'');
value = talloc_typed_asprintf(request, "&%s%s -> %s", map->src->name, vp->da->name, buffer);
break;
case VPT_TYPE_ATTR:
vp_prints_value(buffer, sizeof(buffer), vp, '\'');
value = talloc_typed_asprintf(request, "&%s -> %s", map->src->name, buffer);
break;
}
switch (map->dst->type) {
case VPT_TYPE_LIST:
RDEBUG("\t%s%s %s %s", map->dst->name, vp->da->name,
fr_int2str(fr_tokens, vp->op, "<INVALID>"), value);
break;
case VPT_TYPE_ATTR:
RDEBUG("\t%s %s %s", map->dst->name,
fr_int2str(fr_tokens, vp->op, "<INVALID>"), value);
break;
default:
break;
}
if (value != buffer) talloc_free(value);
}
/*
* get the vps and put them in perl hash
* If one VP have multiple values it is added as array_ref
* Example for this is Cisco-AVPair that holds multiple values.
* Which will be available as array_ref in $RAD_REQUEST{'Cisco-AVPair'}
*/
static void perl_store_vps(VALUE_PAIR *vp, HV *rad_hv)
{
VALUE_PAIR *nvp, *vpa, *vpn;
AV *av;
char namebuf[256], *name;
char buffer[1024];
int attr, vendor, len;
hv_undef(rad_hv);
nvp = paircopy(vp);
while (nvp != NULL) {
name = nvp->name;
attr = nvp->attribute;
vendor = nvp->vendor;
vpa = paircopy2(nvp, attr, vendor);
if (vpa->next) {
av = newAV();
vpn = vpa;
while (vpn) {
len = vp_prints_value(buffer, sizeof(buffer),
vpn, FALSE);
av_push(av, newSVpv(buffer, len));
vpn = vpn->next;
}
hv_store(rad_hv, nvp->name, strlen(nvp->name),
newRV_noinc((SV *) av), 0);
} else {
if ((vpa->flags.has_tag) &&
(vpa->flags.tag != 0)) {
snprintf(namebuf, sizeof(namebuf), "%s:%d",
nvp->name, nvp->flags.tag);
name = namebuf;
}
len = vp_prints_value(buffer, sizeof(buffer),
vpa, FALSE);
hv_store(rad_hv, name, strlen(name),
newSVpv(buffer, len), 0);
}
pairfree(&vpa);
vpa = nvp; while ((vpa != NULL) && (vpa->attribute == attr) && (vpa->vendor == vendor))
vpa = vpa->next;
pairdelete(&nvp, attr, vendor);
nvp = vpa;
}
}
/** Print one attribute and value to a string
*
* Print a VALUE_PAIR in the format:
@verbatim
<attribute_name>[:tag] <op> <value>
@endverbatim
* to a string.
*
* @param out Where to write the string.
* @param outlen Lenth of output buffer.
* @param vp to print.
* @return
* - Length of data written to out.
* - value >= outlen on truncation.
*/
size_t vp_prints(char *out, size_t outlen, VALUE_PAIR const *vp)
{
char const *token = NULL;
size_t len, freespace = outlen;
if (!out) return 0;
*out = '\0';
if (!vp || !vp->da) return 0;
VERIFY_VP(vp);
if ((vp->op > T_INVALID) && (vp->op < T_TOKEN_LAST)) {
token = vp_tokens[vp->op];
} else {
token = "<INVALID-TOKEN>";
}
if (vp->da->flags.has_tag && (vp->tag != TAG_ANY)) {
len = snprintf(out, freespace, "%s:%d %s ", vp->da->name, vp->tag, token);
} else {
len = snprintf(out, freespace, "%s %s ", vp->da->name, token);
}
if (is_truncated(len, freespace)) return len;
out += len;
freespace -= len;
len = vp_prints_value(out, freespace, vp, '"');
if (is_truncated(len, freespace)) return (outlen - freespace) + len;
freespace -= len;
return (outlen - freespace);
}
/* Saves accounting information */
static int mongo_account(void *instance, REQUEST *request)
{
rlm_mongo_t *data = (rlm_mongo_t *)instance;
bson b;
bson_buffer buf;
const char *attr;
char value[MAX_STRING_LEN+1];
VALUE_PAIR *vp = request->packet->vps;
// shall we insert this packet or not
int insert;
bson_buffer_init(&buf);
bson_append_new_oid(&buf, "_id");
insert = 0;
while (vp) {
attr = vp->name;
if ((strcmp(attr, "Acct-Status-Type") == 0) && ((strcmp(data->only_stop, "") != 0))) {
if ((vp->vp_integer & 0xffffff) != 2) {
break;
} else {
insert = 1;
}
}
switch (vp->type) {
case PW_TYPE_INTEGER:
bson_append_int(&buf, attr, vp->vp_integer & 0xffffff);
break;
case PW_TYPE_BYTE:
case PW_TYPE_SHORT:
bson_append_int(&buf, attr, vp->vp_integer);
break;
case PW_TYPE_DATE:
bson_append_time_t(&buf, attr, vp->vp_date);
break;
default:
vp_prints_value(value, sizeof(value), vp, 0);
bson_append_string(&buf, attr, value);
// akh
RDEBUG("mongo default insert %s", value);
break;
}
vp = vp->next;
}
bson_from_buffer(&b, &buf);
MONGO_TRY {
if (insert == 1) {
mongo_insert(conn, data->acct_base, &b);
RDEBUG("accounting record was inserted");
}
} MONGO_CATCH {
radlog(L_ERR, "mongo_insert failed");
return RLM_MODULE_FAIL;
}
bson_destroy(&b);
return RLM_MODULE_OK;
}
/** Convert the value on a VALUE_PAIR to string
*
*/
static int valuepair2str(char * out,int outlen,VALUE_PAIR * pair, int type)
{
if (pair != NULL) {
vp_prints_value(out, outlen, pair, -1);
return strlen(out);
}
switch (type) {
case PW_TYPE_STRING :
strlcpy(out,"_",outlen);
break;
case PW_TYPE_INTEGER64:
case PW_TYPE_SIGNED:
case PW_TYPE_INTEGER:
strlcpy(out,"0",outlen);
break;
case PW_TYPE_IPADDR :
strlcpy(out,"?.?.?.?",outlen);
break;
case PW_TYPE_IPV6ADDR :
strlcpy(out,":?:",outlen);
break;
case PW_TYPE_DATE :
strlcpy(out,"0",outlen);
break;
default :
strlcpy(out,"unknown_type",outlen);
}
return strlen(out);
}
static void perl_vp_to_svpvn_element(REQUEST *request, AV *av, VALUE_PAIR const *vp,
int *i, const char *hash_name, const char *list_name)
{
size_t len;
SV *sv;
char buffer[1024];
switch (vp->da->type) {
case PW_TYPE_STRING:
RDEBUG("$%s{'%s'}[%i] = &%s:%s -> '%s'", hash_name, vp->da->name, *i,
list_name, vp->da->name, vp->vp_strvalue);
sv = newSVpvn(vp->vp_strvalue, vp->vp_length);
break;
default:
len = vp_prints_value(buffer, sizeof(buffer), vp, 0);
RDEBUG("$%s{'%s'}[%i] = &%s:%s -> '%s'", hash_name, vp->da->name, *i,
list_name, vp->da->name, buffer);
sv = newSVpvn(buffer, truncate_len(len, sizeof(buffer)));
break;
}
if (!sv) return;
SvTAINTED_on(sv);
av_push(av, sv);
(*i)++;
}
/*
* This is the core Python function that the others wrap around.
* Pass the value-pair print strings in a tuple.
*
* FIXME: We're not checking the errors. If we have errors, what
* do we do?
*/
static int mod_populate_vptuple(PyObject *pPair, VALUE_PAIR *vp)
{
PyObject *pStr = NULL;
char buf[1024];
/* Look at the vp_print_name? */
if (vp->da->flags.has_tag)
pStr = PyString_FromFormat("%s:%d", vp->da->name, vp->tag);
else
pStr = PyString_FromString(vp->da->name);
if (!pStr)
goto failed;
PyTuple_SET_ITEM(pPair, 0, pStr);
vp_prints_value(buf, sizeof(buf), vp, 1);
if ((pStr = PyString_FromString(buf)) == NULL)
goto failed;
PyTuple_SET_ITEM(pPair, 1, pStr);
return 0;
failed:
return -1;
}
/**
* @brief Convert the value on a VALUE_PAIR to string
*/
static int valuepair2str(char * out,int outlen,VALUE_PAIR * pair,
int type, RADIUS_ESCAPE_STRING func)
{
char buffer[MAX_STRING_LEN * 4];
if (pair != NULL) {
vp_prints_value(buffer, sizeof(buffer), pair, -1);
return func(out, outlen, buffer);
}
switch (type) {
case PW_TYPE_STRING :
strlcpy(out,"_",outlen);
break;
case PW_TYPE_INTEGER :
strlcpy(out,"0",outlen);
break;
case PW_TYPE_IPADDR :
strlcpy(out,"?.?.?.?",outlen);
break;
case PW_TYPE_IPV6ADDR :
strlcpy(out,":?:",outlen);
break;
case PW_TYPE_DATE :
strlcpy(out,"0",outlen);
break;
default :
strlcpy(out,"unknown_type",outlen);
}
return strlen(out);
}
/*
* Print one attribute and value into a string.
*/
int vp_prints(char *out, size_t outlen, VALUE_PAIR *vp)
{
size_t len;
const char *token = NULL;
const char *name;
char namebuf[128];
out[0] = 0;
if (!vp) return 0;
name = vp->name;
len = 0;
if (!name || !*name) {
if (!vp_print_name(namebuf, sizeof(namebuf), vp->attribute)) {
return 0;
}
name = namebuf;
}
if ((vp->operator > T_OP_INVALID) &&
(vp->operator < T_TOKEN_LAST)) {
token = vp_tokens[vp->operator];
} else {
token = "<INVALID-TOKEN>";
}
if( vp->flags.has_tag ) {
snprintf(out, outlen, "%s:%d %s ",
name, vp->flags.tag, token);
len = strlen(out);
vp_prints_value(out + len, outlen - len, vp, 1);
} else {
snprintf(out, outlen, "%s %s ", name, token);
len = strlen(out);
vp_prints_value(out + len, outlen - len, vp, 1);
}
return len + strlen(out + len);
}
/*
* Check if account has expired, and if user may login now.
*/
static rlm_rcode_t CC_HINT(nonnull) mod_authorize(UNUSED void *instance, REQUEST *request)
{
VALUE_PAIR *vp, *check_item = NULL;
check_item = pairfind(request->config, PW_EXPIRATION, 0, TAG_ANY);
if (check_item != NULL) {
char date[50];
/*
* Has this user's password expired?
*
* If so, remove ALL reply attributes,
* and add our own Reply-Message, saying
* why they're being rejected.
*/
if (((time_t) check_item->vp_date) <= request->timestamp) {
vp_prints_value(date, sizeof(date), check_item, 0);
REDEBUG("Account expired at '%s'", date);
return RLM_MODULE_USERLOCK;
} else {
if (RDEBUG_ENABLED) {
vp_prints_value(date, sizeof(date), check_item, 0);
RDEBUG("Account will expire at '%s'", date);
}
}
/*
* Else the account hasn't expired, but it may do so
* in the future. Set Session-Timeout.
*/
vp = pairfind(request->reply->vps, PW_SESSION_TIMEOUT, 0, TAG_ANY);
if (!vp) {
vp = radius_paircreate(request->reply, &request->reply->vps, PW_SESSION_TIMEOUT, 0);
vp->vp_date = (uint32_t) (((time_t) check_item->vp_date) - request->timestamp);
} else if (vp->vp_date > ((uint32_t) (((time_t) check_item->vp_date) - request->timestamp))) {
vp->vp_date = (uint32_t) (((time_t) check_item->vp_date) - request->timestamp);
}
} else {
return RLM_MODULE_NOOP;
}
return RLM_MODULE_OK;
}
/*
* get the vps and put them in perl hash
* If one VP have multiple values it is added as array_ref
* Example for this is Cisco-AVPair that holds multiple values.
* Which will be available as array_ref in $RAD_REQUEST{'Cisco-AVPair'}
*/
static void perl_store_vps(VALUE_PAIR *vp, HV *rad_hv)
{
VALUE_PAIR *nvp, *vpa, *vpn;
AV *av;
char buffer[1024];
int attr, len;
hv_undef(rad_hv);
nvp = paircopy(vp);
while (nvp != NULL) {
attr = nvp->attribute;
vpa = paircopy2(nvp,attr);
if (vpa->next) {
av = newAV();
vpn = vpa;
while (vpn) {
len = vp_prints_value(buffer, sizeof(buffer),
vpn, FALSE);
av_push(av, newSVpv(buffer, len));
vpn = vpn->next;
}
hv_store(rad_hv, nvp->name, strlen(nvp->name),
newRV_noinc((SV *) av), 0);
} else {
len = vp_prints_value(buffer, sizeof(buffer),
vpa, FALSE);
hv_store(rad_hv, vpa->name, strlen(vpa->name),
newSVpv(buffer, len), 0);
}
pairfree(&vpa);
vpa = nvp; while ((vpa != NULL) && (vpa->attribute == attr))
vpa = vpa->next;
pairdelete(&nvp, attr);
nvp = vpa;
}
}
/** Convert VALUE_PAIR_MAP to VALUE_PAIR(s) and add them to a REQUEST.
*
* Takes a single VALUE_PAIR_MAP, resolves request and list identifiers
* to pointers in the current request, the attempts to retrieve module
* specific value(s) using callback, and adds the resulting values to the
* correct request/list.
*
* @param request The current request.
* @param map specifying destination attribute and location and src identifier.
* @param func to retrieve module specific values and convert them to
* VLAUE_PAIRS.
* @param ctx to be passed to func.
* @param src name to be used in debugging if different from map value.
* @return -1 if either attribute or qualifier weren't valid in this context
* or callback returned NULL pointer, else 0.
*/
int radius_map2request(REQUEST *request, const VALUE_PAIR_MAP *map,
const char *src, radius_tmpl_getvalue_t func, void *ctx)
{
VALUE_PAIR **list, *vp, *head;
char buffer[MAX_STRING_LEN];
if (radius_request(&request, map->dst->request) < 0) {
RDEBUG("WARNING: Request in mapping \"%s\" -> \"%s\" "
"invalid in this context, skipping!",
map->src->name, map->dst->name);
return -1;
}
list = radius_list(request, map->dst->list);
if (!list) {
RDEBUG("WARNING: List in mapping \"%s\" -> \"%s\" "
"invalid in this context, skipping!",
map->src->name, map->dst->name);
return -1;
}
head = func(request, map->dst, ctx);
if (head == NULL) {
return -1;
}
for (vp = head; vp != NULL; vp = vp->next) {
vp->operator = map->op_token;
if (debug_flag) {
vp_prints_value(buffer, sizeof(buffer), vp, 1);
RDEBUG("\t%s %s %s (%s)", map->dst->name,
fr_int2str(fr_tokens, vp->operator, "¿unknown?"),
buffer, src ? src : map->src->name);
}
}
/*
* Use pairmove so the operator is respected
*/
radius_pairmove(request, list, head);
pairfree(&vp); /* Free the VP if for some reason it wasn't moved */
return 0;
}
/*
* Xlat for %{listen:foo}
*/
static ssize_t xlat_listen(UNUSED void *instance, REQUEST *request,
char const *fmt, char *out, size_t outlen)
{
char const *value = NULL;
CONF_PAIR *cp;
if (!fmt || !out || (outlen < 1)) return 0;
if (!request->listener) {
RWDEBUG("No listener associated with this request");
*out = '\0';
return 0;
}
#ifdef WITH_TLS
/*
* Look for TLS certificate data.
*/
if (strncmp(fmt, "TLS-", 4) == 0) {
VALUE_PAIR *vp;
listen_socket_t *sock = request->listener->data;
for (vp = sock->certs; vp != NULL; vp = vp->next) {
if (strcmp(fmt, vp->da->name) == 0) {
return vp_prints_value(out, outlen, vp, 0);
}
}
}
#endif
cp = cf_pair_find(request->listener->cs, fmt);
if (!cp || !(value = cf_pair_value(cp))) {
RDEBUG("Listener does not contain config item \"%s\"", fmt);
*out = '\0';
return 0;
}
strlcpy(out, value, outlen);
return strlen(out);
}
/*
* get the vps and put them in perl hash
* If one VP have multiple values it is added as array_ref
* Example for this is Cisco-AVPair that holds multiple values.
* Which will be available as array_ref in $RAD_REQUEST{'Cisco-AVPair'}
*/
static void perl_store_vps(TALLOC_CTX *ctx, VALUE_PAIR *vps, HV *rad_hv)
{
VALUE_PAIR *head, *sublist;
AV *av;
char const *name;
char namebuf[256];
char buffer[1024];
int len;
hv_undef(rad_hv);
/*
* Copy the valuepair list so we can remove attributes
* we've already processed. This is a horrible hack to
* get around various other stupidity.
*/
head = paircopy(ctx, vps);
while (head) {
vp_cursor_t cursor;
/*
* Tagged attributes are added to the hash with name
* <attribute>:<tag>, others just use the normal attribute
* name as the key.
*/
if (head->da->flags.has_tag && (head->tag != 0)) {
snprintf(namebuf, sizeof(namebuf), "%s:%d",
head->da->name, head->tag);
name = namebuf;
} else {
name = head->da->name;
}
/*
* Create a new list with all the attributes like this one
* which are in the same tag group.
*/
sublist = NULL;
pairfilter(ctx, &sublist, &head, head->da->attr, head->da->vendor, head->tag);
fr_cursor_init(&cursor, &sublist);
/*
* Attribute has multiple values
*/
if (fr_cursor_next(&cursor)) {
VALUE_PAIR *vp;
av = newAV();
for (vp = fr_cursor_first(&cursor);
vp;
vp = fr_cursor_next(&cursor)) {
len = vp_prints_value(buffer, sizeof(buffer), vp, 0);
av_push(av, newSVpv(buffer, len));
}
(void)hv_store(rad_hv, name, strlen(name), newRV_noinc((SV *)av), 0);
/*
* Attribute has a single value, so its value just gets
* added to the hash.
*/
} else {
len = vp_prints_value(buffer, sizeof(buffer), sublist, 0);
(void)hv_store(rad_hv, name, strlen(name), newSVpv(buffer, len), 0);
}
pairfree(&sublist);
}
rad_assert(!head);
}
/** Compares check and vp by value.
*
* Does not call any per-attribute comparison function, but does honour
* check.operator. Basically does "vp.value check.op check.value".
*
* @param request Current request
* @param check rvalue, and operator
* @param vp lvalue
*/
int radius_compare_vps(REQUEST *request, VALUE_PAIR *check, VALUE_PAIR *vp)
{
int ret = -2;
/*
* Check for =* and !* and return appropriately
*/
if (check->operator == T_OP_CMP_TRUE) return 0;
if (check->operator == T_OP_CMP_FALSE) return 1;
#ifdef HAVE_REGEX_H
if (check->operator == T_OP_REG_EQ) {
int i, compare;
regex_t reg;
char value[1024];
regmatch_t rxmatch[REQUEST_MAX_REGEX + 1];
vp_prints_value(value, sizeof(value), vp, -1);
/*
* Include substring matches.
*/
compare = regcomp(®, check->vp_strvalue, REG_EXTENDED);
if (compare != 0) {
char buffer[256];
regerror(compare, ®, buffer, sizeof(buffer));
RDEBUG("Invalid regular expression %s: %s",
check->vp_strvalue, buffer);
return -1;
}
compare = regexec(®, value, REQUEST_MAX_REGEX + 1,
rxmatch, 0);
regfree(®);
/*
* Add %{0}, %{1}, etc.
*/
for (i = 0; i <= REQUEST_MAX_REGEX; i++) {
char *p;
char buffer[sizeof(check->vp_strvalue)];
/*
* Didn't match: delete old
* match, if it existed.
*/
if ((compare != 0) ||
(rxmatch[i].rm_so == -1)) {
p = request_data_get(request, request,
REQUEST_DATA_REGEX | i);
if (p) {
free(p);
continue;
}
/*
* No previous match
* to delete, stop.
*/
break;
}
/*
* Copy substring into buffer.
*/
memcpy(buffer, value + rxmatch[i].rm_so,
rxmatch[i].rm_eo - rxmatch[i].rm_so);
buffer[rxmatch[i].rm_eo - rxmatch[i].rm_so] = '\0';
/*
* Copy substring, and add it to
* the request.
*
* Note that we don't check
* for out of memory, which is
* the only error we can get...
*/
p = strdup(buffer);
request_data_add(request, request,
REQUEST_DATA_REGEX | i,
p, free);
}
if (compare == 0) return 0;
return -1;
}
if (check->operator == T_OP_REG_NE) {
int compare;
regex_t reg;
char value[1024];
regmatch_t rxmatch[REQUEST_MAX_REGEX + 1];
vp_prints_value(value, sizeof(value), vp, -1);
/*
* Include substring matches.
*/
compare = regcomp(®, (char *)check->vp_strvalue,
REG_EXTENDED);
if (compare != 0) {
char buffer[256];
regerror(compare, ®, buffer, sizeof(buffer));
RDEBUG("Invalid regular expression %s: %s",
check->vp_strvalue, buffer);
return -1;
}
compare = regexec(®, value, REQUEST_MAX_REGEX + 1,
rxmatch, 0);
regfree(®);
if (compare != 0) return 0;
return -1;
}
#endif
/*
* Tagged attributes are equal if and only if both the
* tag AND value match.
*/
if (check->flags.has_tag) {
ret = ((int) vp->flags.tag) - ((int) check->flags.tag);
if (ret != 0) return ret;
}
/*
* Not a regular expression, compare the types.
*/
switch(check->type) {
#ifdef WITH_ASCEND_BINARY
/*
* Ascend binary attributes can be treated
* as opaque objects, I guess...
*/
case PW_TYPE_ABINARY:
#endif
case PW_TYPE_OCTETS:
if (vp->length != check->length) {
ret = 1; /* NOT equal */
break;
}
ret = memcmp(vp->vp_strvalue, check->vp_strvalue,
vp->length);
break;
case PW_TYPE_STRING:
ret = strcmp((char *)vp->vp_strvalue,
(char *)check->vp_strvalue);
break;
case PW_TYPE_BYTE:
case PW_TYPE_SHORT:
case PW_TYPE_INTEGER:
ret = vp->vp_integer - check->vp_integer;
break;
case PW_TYPE_INTEGER64:
/*
* Don't want integer overflow!
*/
if (vp->vp_integer64 < check->vp_integer64) {
ret = -1;
} else if (vp->vp_integer64 > check->vp_integer64) {
ret = +1;
} else {
ret = 0;
}
break;
case PW_TYPE_SIGNED:
if (vp->vp_signed < check->vp_signed) {
ret = -1;
} else if (vp->vp_signed > check->vp_signed) {
ret = +1;
} else {
ret = 0;
}
break;
case PW_TYPE_DATE:
ret = vp->vp_date - check->vp_date;
break;
case PW_TYPE_IPADDR:
ret = ntohl(vp->vp_ipaddr) - ntohl(check->vp_ipaddr);
break;
case PW_TYPE_IPV6ADDR:
ret = memcmp(&vp->vp_ipv6addr, &check->vp_ipv6addr,
sizeof(vp->vp_ipv6addr));
break;
case PW_TYPE_IPV6PREFIX:
ret = memcmp(&vp->vp_ipv6prefix, &check->vp_ipv6prefix,
sizeof(vp->vp_ipv6prefix));
break;
case PW_TYPE_IFID:
ret = memcmp(&vp->vp_ifid, &check->vp_ifid,
sizeof(vp->vp_ifid));
break;
default:
break;
}
return ret;
}
/** Print out attribute info
*
* Prints out all instances of a current attribute, or all attributes in a list.
*
* At higher debugging levels, also prints out alternative decodings of the same
* value. This is helpful to determine types for unknown attributes of long
* passed vendors, or just crazy/broken NAS.
*
* It's also useful for exposing issues in the packet decoding functions, as in
* some cases they get fed random garbage data.
*
* This expands to a zero length string.
*/
static ssize_t xlat_debug_attr(UNUSED void *instance, REQUEST *request, char const *fmt,
char *out, UNUSED size_t outlen)
{
VALUE_PAIR *vp, **vps;
REQUEST *current;
value_pair_tmpl_t vpt;
vp_cursor_t cursor;
char buffer[1024];
if (!RDEBUG_ENABLED2) {
*out = '\0';
return -1;
}
while (isspace((int) *fmt)) fmt++;
if (*fmt == '&') fmt++;
if (radius_parse_attr(fmt, &vpt, REQUEST_CURRENT, PAIR_LIST_REQUEST) < 0) {
return -1;
}
current = request;
if (radius_request(¤t, vpt.request) < 0) return -2;
vps = radius_list(current, vpt.list);
if (!vps) {
return -2;
}
RIDEBUG("Attributes matching \"%s\"", fmt);
vp = fr_cursor_init(&cursor, vps);
if (vpt.da) {
vp = fr_cursor_next_by_num(&cursor, vpt.da->attr, vpt.da->vendor, TAG_ANY);
}
while (vp) {
DICT_ATTR *dac = NULL;
DICT_VENDOR *dv;
VALUE_PAIR *vpc = NULL;
FR_NAME_NUMBER const *type;
vp_prints_value(buffer, sizeof(buffer), vp, '\'');
if (vp->da->flags.has_tag) {
RIDEBUG2("\t%s:%s:%i %s %s",
fr_int2str(pair_lists, vpt.list, "<INVALID>"),
vp->da->name,
vp->tag,
fr_int2str(fr_tokens, vp->op, "<INVALID>"),
buffer);
} else {
RIDEBUG2("\t%s:%s %s %s",
fr_int2str(pair_lists, vpt.list, "<INVALID>"),
vp->da->name,
fr_int2str(fr_tokens, vp->op, "<INVALID>"),
buffer);
}
if (!RDEBUG_ENABLED3) {
goto next_vp;
}
if (vp->da->vendor) {
dv = dict_vendorbyvalue(vp->da->vendor);
RDEBUG3("\t\tvendor : %i (%s)", vp->da->vendor, dv ? dv->name : "unknown");
}
RDEBUG3("\t\ttype : %s", fr_int2str(dict_attr_types, vp->da->type, "<INVALID>"));
RDEBUG3("\t\tlength : %zu", vp->length);
dac = talloc_memdup(request, vp->da, sizeof(DICT_ATTR));
if (!dac) {
return -1;
}
dac->flags.vp_free = 0;
if (!RDEBUG_ENABLED4) {
goto next_vp;
}
type = dict_attr_types;
while (type->name) {
int pad;
ssize_t len;
uint8_t const *data = NULL;
vpc = NULL;
if ((PW_TYPE) type->number == vp->da->type) {
goto next_type;
}
switch (type->number) {
case PW_TYPE_INVALID: /* Not real type */
case PW_TYPE_MAX: /* Not real type */
case PW_TYPE_EXTENDED: /* Not safe/appropriate */
case PW_TYPE_LONG_EXTENDED: /* Not safe/appropriate */
case PW_TYPE_TLV: /* Not safe/appropriate */
case PW_TYPE_VSA: /* @fixme We need special behaviour for these */
goto next_type;
default:
break;
}
dac->type = type->number;
len = rad_vp2data(&data, vp);
if (len < 0) {
goto next_type;
}
if (data2vp(NULL, NULL, NULL, dac, data, len, len, &vpc) < 0) {
goto next_type;
}
/*
* data2vp has knowledge of expected format lengths, if the length
* from rad_vp2data doesn't match, it encodes the attribute
* as raw octets. This results in many useless debug lines with
* the same hex string.
*/
if ((type->number != PW_TYPE_OCTETS) && (vpc->da->type == PW_TYPE_OCTETS)) {
goto next_type;
}
if (!vp_prints_value(buffer, sizeof(buffer), vpc, '\'')) {
goto next_type;
}
if ((pad = (11 - strlen(type->name))) < 0) {
pad = 0;
}
/*
* @fixme: if the value happens to decode as a VSA
* (someone put a VSA into a VSA?), we probably to print
* extended info for that/reparse
*/
RDEBUG4("\t\tas %s%*s: %s", type->name, pad, " ", buffer);
next_type:
talloc_free(vpc);
type++;
}
next_vp:
talloc_free(dac);
if (vpt.da) {
vp = fr_cursor_next_by_num(&cursor, vpt.da->attr, vpt.da->vendor, TAG_ANY);
} else {
vp = fr_cursor_next(&cursor);
}
}
*out = '\0';
return 0;
}
/** Unpack data
*
* Example: %{unpack:&Class 0 integer}
*
* Expands Class, treating octet at offset 0 (bytes 0-3) as an "integer".
*/
static ssize_t unpack_xlat(UNUSED void *instance, REQUEST *request, char const *fmt,
char *out, size_t outlen)
{
char *data_name, *data_size, *data_type;
char *p;
size_t len, input_len;
int offset;
PW_TYPE type;
DICT_ATTR const *da;
VALUE_PAIR *vp, *cast;
uint8_t const *input;
char buffer[256];
uint8_t blob[256];
/*
* FIXME: copy only the fields here, as we parse them.
*/
strlcpy(buffer, fmt, sizeof(buffer));
p = buffer;
while (isspace((int) *p)) p++; /* skip leading spaces */
data_name = p;
while (*p && !isspace((int) *p)) p++;
if (!*p) {
error:
REDEBUG("Format string should be '<data> <offset> <type>' e.g. '&Class 1 integer'");
nothing:
*out = '\0';
return -1;
}
while (isspace((int) *p)) *(p++) = '\0';
if (!*p) GOTO_ERROR;
data_size = p;
while (*p && !isspace((int) *p)) p++;
if (!*p) GOTO_ERROR;
while (isspace((int) *p)) *(p++) = '\0';
if (!*p) GOTO_ERROR;
data_type = p;
while (*p && !isspace((int) *p)) p++;
if (*p) GOTO_ERROR; /* anything after the type is an error */
/*
* Attribute reference
*/
if (*data_name == '&') {
if (radius_get_vp(&vp, request, data_name) < 0) goto nothing;
if ((vp->da->type != PW_TYPE_OCTETS) &&
(vp->da->type != PW_TYPE_STRING)) {
REDEBUG("unpack requires the input attribute to be 'string' or 'octets'");
goto nothing;
}
input = vp->vp_octets;
input_len = vp->vp_length;
} else if ((data_name[0] == '0') && (data_name[1] == 'x')) {
/*
* Hex data.
*/
len = strlen(data_name + 2);
if ((len & 0x01) != 0) {
RDEBUG("Invalid hex string in '%s'", data_name);
goto nothing;
}
input = blob;
input_len = fr_hex2bin(blob, sizeof(blob), data_name + 2, len);
} else {
GOTO_ERROR;
}
offset = (int) strtoul(data_size, &p, 10);
if (*p) {
REDEBUG("unpack requires a decimal number, not '%s'", data_size);
goto nothing;
}
type = fr_str2int(dict_attr_types, data_type, PW_TYPE_INVALID);
if (type == PW_TYPE_INVALID) {
REDEBUG("Invalid data type '%s'", data_type);
goto nothing;
}
/*
* Output must be a non-zero limited size.
*/
if ((dict_attr_sizes[type][0] == 0) ||
(dict_attr_sizes[type][0] != dict_attr_sizes[type][1])) {
REDEBUG("unpack requires fixed-size output type, not '%s'", data_type);
goto nothing;
}
if (input_len < (offset + dict_attr_sizes[type][0])) {
REDEBUG("Insufficient data to unpack '%s' from '%s'", data_type, data_name);
goto nothing;
}
da = dict_attrbyvalue(PW_CAST_BASE + type, 0);
if (!da) {
REDEBUG("Cannot decode type '%s'", data_type);
goto nothing;
}
cast = pairalloc(request, da);
if (!cast) goto nothing;
memcpy(&(cast->data), input + offset, dict_attr_sizes[type][0]);
cast->vp_length = dict_attr_sizes[type][0];
/*
* Hacks
*/
switch (type) {
case PW_TYPE_SIGNED:
case PW_TYPE_INTEGER:
case PW_TYPE_DATE:
cast->vp_integer = ntohl(cast->vp_integer);
break;
case PW_TYPE_SHORT:
cast->vp_short = ((input[offset] << 8) | input[offset + 1]);
break;
case PW_TYPE_INTEGER64:
cast->vp_integer64 = ntohll(cast->vp_integer64);
break;
default:
break;
}
len = vp_prints_value(out, outlen, cast, 0);
talloc_free(cast);
if (is_truncated(len, outlen)) {
REDEBUG("Insufficient buffer space to unpack data");
goto nothing;
}
return len;
}
/** Start a process
*
* @param cmd Command to execute. This is parsed into argv[] parts,
* then each individual argv part is xlat'ed.
* @param request Current reuqest
* @param exec_wait set to 1 if you want to read from or write to child
* @param[in,out] input_fd pointer to int, receives the stdin file.
* descriptor. Set to NULL and the child will have /dev/null on stdin
* @param[in,out] output_fd pinter to int, receives the stdout file
* descriptor. Set to NULL and child will have /dev/null on stdout.
* @param input_pairs list of value pairs - these will be put into
* the environment variables of the child.
* @param shell_escape values before passing them as arguments.
* @return PID of the child process, -1 on error.
*/
pid_t radius_start_program(char const *cmd, REQUEST *request,
int exec_wait,
int *input_fd,
int *output_fd,
VALUE_PAIR *input_pairs,
int shell_escape)
{
#ifndef __MINGW32__
char *p;
VALUE_PAIR *vp;
int n;
int to_child[2] = {-1, -1};
int from_child[2] = {-1, -1};
pid_t pid;
#endif
int argc;
int i;
char *argv[MAX_ARGV];
char argv_buf[4096];
#define MAX_ENVP 1024
char *envp[MAX_ENVP];
argc = rad_expand_xlat(request, cmd, MAX_ARGV, argv, true, sizeof(argv_buf), argv_buf);
if (argc <= 0) {
RDEBUG("invalid command line '%s'.", cmd);
return -1;
}
#ifndef NDEBUG
if (debug_flag > 2) {
RDEBUG3("executing cmd %s", cmd);
for (i = 0; i < argc; i++) {
RDEBUG3("\t[%d] %s", i, argv[i]);
}
}
#endif
#ifndef __MINGW32__
/*
* Open a pipe for child/parent communication, if necessary.
*/
if (exec_wait) {
if (input_fd) {
if (pipe(to_child) != 0) {
RDEBUG("Couldn't open pipe to child: %s", strerror(errno));
return -1;
}
}
if (output_fd) {
if (pipe(from_child) != 0) {
RDEBUG("Couldn't open pipe from child: %s", strerror(errno));
/* safe because these either need closing or are == -1 */
close(to_child[0]);
close(to_child[1]);
return -1;
}
}
}
envp[0] = NULL;
if (input_pairs) {
vp_cursor_t cursor;
int envlen;
char buffer[1024];
/*
* Set up the environment variables in the
* parent, so we don't call libc functions that
* hold mutexes. They might be locked when we fork,
* and will remain locked in the child.
*/
envlen = 0;
for (vp = paircursor(&cursor, &input_pairs); vp; vp = pairnext(&cursor)) {
/*
* Hmm... maybe we shouldn't pass the
* user's password in an environment
* variable...
*/
snprintf(buffer, sizeof(buffer), "%s=", vp->da->name);
if (shell_escape) {
for (p = buffer; *p != '='; p++) {
if (*p == '-') {
*p = '_';
} else if (isalpha((int) *p)) {
*p = toupper(*p);
}
}
}
n = strlen(buffer);
vp_prints_value(buffer+n, sizeof(buffer) - n, vp, shell_escape ? '"' : 0);
envp[envlen++] = strdup(buffer);
/*
* Don't add too many attributes.
*/
if (envlen == (MAX_ENVP - 1)) break;
}
envp[envlen] = NULL;
}
if (exec_wait) {
pid = rad_fork(); /* remember PID */
} else {
pid = fork(); /* don't wait */
}
if (pid == 0) {
int devnull;
/*
* Child process.
*
* We try to be fail-safe here. So if ANYTHING
* goes wrong, we exit with status 1.
*/
/*
* Open STDIN to /dev/null
*/
devnull = open("/dev/null", O_RDWR);
if (devnull < 0) {
RDEBUG("Failed opening /dev/null: %s\n", strerror(errno));
/*
* Where the status code is interpreted as a module rcode
* one is subtracted from it, to allow 0 to equal success
*
* 2 is RLM_MODULE_FAIL + 1
*/
exit(2);
}
/*
* Only massage the pipe handles if the parent
* has created them.
*/
if (exec_wait) {
if (input_fd) {
close(to_child[1]);
dup2(to_child[0], STDIN_FILENO);
} else {
dup2(devnull, STDIN_FILENO);
}
if (output_fd) {
close(from_child[0]);
dup2(from_child[1], STDOUT_FILENO);
} else {
dup2(devnull, STDOUT_FILENO);
}
} else { /* no pipe, STDOUT should be /dev/null */
dup2(devnull, STDIN_FILENO);
dup2(devnull, STDOUT_FILENO);
}
/*
* If we're not debugging, then we can't do
* anything with the error messages, so we throw
* them away.
*
* If we are debugging, then we want the error
* messages to go to the STDERR of the server.
*/
if (debug_flag == 0) {
dup2(devnull, STDERR_FILENO);
}
close(devnull);
/*
* The server may have MANY FD's open. We don't
* want to leave dangling FD's for the child process
* to play funky games with, so we close them.
*/
closefrom(3);
/*
* I swear the signature for execve is wrong and should take 'char const * const argv[]'.
*/
execve(argv[0], argv, envp);
printf("Failed to execute \"%s\": %s", argv[0], strerror(errno)); /* fork output will be captured */
/*
* Where the status code is interpreted as a module rcode
* one is subtracted from it, to allow 0 to equal success
*
* 2 is RLM_MODULE_FAIL + 1
*/
exit(2);
}
/*
* Free child environment variables
*/
for (i = 0; envp[i] != NULL; i++) {
free(envp[i]);
}
/*
* Parent process.
*/
if (pid < 0) {
RDEBUG("Couldn't fork %s: %s", argv[0], strerror(errno));
if (exec_wait) {
/* safe because these either need closing or are == -1 */
close(to_child[0]);
close(to_child[1]);
close(from_child[0]);
close(from_child[0]);
}
return -1;
}
/*
* We're not waiting, exit, and ignore any child's status.
*/
if (exec_wait) {
/*
* Close the ends of the pipe(s) the child is using
* return the ends of the pipe(s) our caller wants
*
*/
if (input_fd) {
*input_fd = to_child[1];
close(to_child[0]);
}
if (output_fd) {
*output_fd = from_child[0];
close(from_child[1]);
}
}
return pid;
#else
if (exec_wait) {
RDEBUG("Wait is not supported");
return -1;
}
{
/*
* The _spawn and _exec families of functions are
* found in Windows compiler libraries for
* portability from UNIX. There is a variety of
* functions, including the ability to pass
* either a list or array of parameters, to
* search in the PATH or otherwise, and whether
* or not to pass an environment (a set of
* environment variables). Using _spawn, you can
* also specify whether you want the new process
* to close your program (_P_OVERLAY), to wait
* until the new process is finished (_P_WAIT) or
* for the two to run concurrently (_P_NOWAIT).
* _spawn and _exec are useful for instances in
* which you have simple requirements for running
* the program, don't want the overhead of the
* Windows header file, or are interested
* primarily in portability.
*/
/*
* FIXME: check return code... what is it?
*/
_spawnve(_P_NOWAIT, argv[0], argv, envp);
}
return 0;
#endif
}
/*
* get the vps and put them in perl hash
* If one VP have multiple values it is added as array_ref
* Example for this is Cisco-AVPair that holds multiple values.
* Which will be available as array_ref in $RAD_REQUEST{'Cisco-AVPair'}
*/
static void perl_store_vps(UNUSED TALLOC_CTX *ctx, REQUEST *request, VALUE_PAIR *vps, HV *rad_hv,
const char *hashname, const char *list_name)
{
VALUE_PAIR *vp;
hv_undef(rad_hv);
vp_cursor_t cursor;
RINDENT();
pairsort(&vps, attrtagcmp);
for (vp = fr_cursor_init(&cursor, &vps);
vp;
vp = fr_cursor_next(&cursor)) {
VALUE_PAIR *next;
char const *name;
char namebuf[256];
char buffer[1024];
size_t len;
/*
* Tagged attributes are added to the hash with name
* <attribute>:<tag>, others just use the normal attribute
* name as the key.
*/
if (vp->da->flags.has_tag && (vp->tag != TAG_ANY)) {
snprintf(namebuf, sizeof(namebuf), "%s:%d", vp->da->name, vp->tag);
name = namebuf;
} else {
name = vp->da->name;
}
/*
* We've sorted by type, then tag, so attributes of the
* same type/tag should follow on from each other.
*/
if ((next = fr_cursor_next_peek(&cursor)) && ATTRIBUTE_EQ(vp, next)) {
int i;
AV *av;
av = newAV();
for (next = fr_cursor_next_by_da(&cursor, vp->da, vp->tag), i = 0;
next;
next = fr_cursor_next_by_da(&cursor, vp->da, vp->tag), i++) {
switch (vp->da->type) {
case PW_TYPE_STRING:
RDEBUG("$%s{'%s'}[%i] = &%s:%s -> '%s'", hashname, next->da->name, i,
list_name, next->da->name, next->vp_strvalue);
av_push(av, newSVpvn(next->vp_strvalue, next->length));
break;
case PW_TYPE_OCTETS:
if (RDEBUG_ENABLED) {
char *hex;
hex = fr_abin2hex(request, next->vp_octets, next->length);
RDEBUG("$%s{'%s'}[%i] = &%s:%s -> 0x%s", hashname, next->da->name, i,
list_name, next->da->name, hex);
talloc_free(hex);
}
av_push(av, newSVpvn((char const *)next->vp_octets, next->length));
break;
default:
len = vp_prints_value(buffer, sizeof(buffer), next, 0);
RDEBUG("$%s{'%s'}[%i] = &%s:%s -> '%s'", hashname, next->da->name, i,
list_name, next->da->name, buffer);
av_push(av, newSVpvn(buffer, truncate_len(len, sizeof(buffer))));
break;
}
}
(void)hv_store(rad_hv, name, strlen(name), newRV_noinc((SV *)av), 0);
continue;
}
/*
* It's a normal single valued attribute
*/
switch (vp->da->type) {
case PW_TYPE_STRING:
RDEBUG("$%s{'%s'} = &%s:%s -> '%s'", hashname, vp->da->name, list_name,
vp->da->name, vp->vp_strvalue);
(void)hv_store(rad_hv, name, strlen(name), newSVpvn(vp->vp_strvalue, vp->length), 0);
break;
case PW_TYPE_OCTETS:
if (RDEBUG_ENABLED) {
char *hex;
hex = fr_abin2hex(request, vp->vp_octets, vp->length);
RDEBUG("$%s{'%s'} = &%s:%s -> 0x%s", hashname, vp->da->name,
list_name, vp->da->name, hex);
talloc_free(hex);
}
(void)hv_store(rad_hv, name, strlen(name),
newSVpvn((char const *)vp->vp_octets, vp->length), 0);
break;
default:
len = vp_prints_value(buffer, sizeof(buffer), vp, 0);
RDEBUG("$%s{'%s'} = &%s:%s -> '%s'", hashname, vp->da->name,
list_name, vp->da->name, buffer);
(void)hv_store(rad_hv, name, strlen(name),
newSVpvn(buffer, truncate_len(len, sizeof(buffer))), 0);
break;
}
}
REXDENT();
}
/** Prints attribute as string, escaped suitably for use as JSON string
*
* Returns < 0 if the buffer may be (or have been) too small to write the encoded
* JSON value to.
*
* @param out Where to write the string.
* @param outlen Lenth of output buffer.
* @param vp to print.
* @return
* - Length of data written to out.
* - value >= outlen on truncation.
*/
size_t vp_prints_value_json(char *out, size_t outlen, VALUE_PAIR const *vp)
{
char const *q;
size_t len, freespace = outlen;
if (!vp->da->flags.has_tag) {
switch (vp->da->type) {
case PW_TYPE_INTEGER:
if (vp->da->flags.has_value) break;
return snprintf(out, freespace, "%u", vp->vp_integer);
case PW_TYPE_SHORT:
if (vp->da->flags.has_value) break;
return snprintf(out, freespace, "%u", (unsigned int) vp->vp_short);
case PW_TYPE_BYTE:
if (vp->da->flags.has_value) break;
return snprintf(out, freespace, "%u", (unsigned int) vp->vp_byte);
case PW_TYPE_SIGNED:
return snprintf(out, freespace, "%d", vp->vp_signed);
default:
break;
}
}
/* Indicate truncation */
if (freespace < 2) return outlen + 1;
*out++ = '"';
freespace--;
switch (vp->da->type) {
case PW_TYPE_STRING:
for (q = vp->vp_strvalue; q < vp->vp_strvalue + vp->vp_length; q++) {
/* Indicate truncation */
if (freespace < 3) return outlen + 1;
if (*q == '"') {
*out++ = '\\';
*out++ = '"';
freespace -= 2;
} else if (*q == '\\') {
*out++ = '\\';
*out++ = '\\';
freespace -= 2;
} else if (*q == '/') {
*out++ = '\\';
*out++ = '/';
freespace -= 2;
} else if (*q >= ' ') {
*out++ = *q;
freespace--;
} else {
*out++ = '\\';
freespace--;
switch (*q) {
case '\b':
*out++ = 'b';
freespace--;
break;
case '\f':
*out++ = 'f';
freespace--;
break;
case '\n':
*out++ = 'b';
freespace--;
break;
case '\r':
*out++ = 'r';
freespace--;
break;
case '\t':
*out++ = 't';
freespace--;
break;
default:
len = snprintf(out, freespace, "u%04X", *q);
if (is_truncated(len, freespace)) return (outlen - freespace) + len;
out += len;
freespace -= len;
}
}
}
break;
default:
len = vp_prints_value(out, freespace, vp, 0);
if (is_truncated(len, freespace)) return (outlen - freespace) + len;
out += len;
freespace -= len;
break;
}
/* Indicate truncation */
if (freespace < 2) return outlen + 1;
*out++ = '"';
freespace--;
*out = '\0'; // We don't increment out, because the nul byte should not be included in the length
return outlen - freespace;
}
/** Compares check and vp by value.
*
* Does not call any per-attribute comparison function, but does honour
* check.operator. Basically does "vp.value check.op check.value".
*
* @param request Current request.
* @param check rvalue, and operator.
* @param vp lvalue.
* @return 0 if check and vp are equal, -1 if vp value is less than check value, 1 is vp value is more than check
* value, -2 on error.
*/
int radius_compare_vps(REQUEST *request, VALUE_PAIR *check, VALUE_PAIR *vp)
{
int ret = 0;
/*
* Check for =* and !* and return appropriately
*/
if (check->op == T_OP_CMP_TRUE) return 0;
if (check->op == T_OP_CMP_FALSE) return 1;
#ifdef HAVE_REGEX_H
if (check->op == T_OP_REG_EQ) {
int compare;
regex_t reg;
char value[1024];
regmatch_t rxmatch[REQUEST_MAX_REGEX + 1];
vp_prints_value(value, sizeof(value), vp, -1);
/*
* Include substring matches.
*/
compare = regcomp(®, check->vp_strvalue, REG_EXTENDED);
if (compare != 0) {
char buffer[256];
regerror(compare, ®, buffer, sizeof(buffer));
RDEBUG("Invalid regular expression %s: %s", check->vp_strvalue, buffer);
return -2;
}
memset(&rxmatch, 0, sizeof(rxmatch)); /* regexec does not seem to initialise unused elements */
compare = regexec(®, value, REQUEST_MAX_REGEX + 1, rxmatch, 0);
regfree(®);
rad_regcapture(request, compare, value, rxmatch);
ret = (compare == 0) ? 0 : -1;
goto finish;
}
if (check->op == T_OP_REG_NE) {
int compare;
regex_t reg;
char value[1024];
regmatch_t rxmatch[REQUEST_MAX_REGEX + 1];
vp_prints_value(value, sizeof(value), vp, -1);
/*
* Include substring matches.
*/
compare = regcomp(®, check->vp_strvalue, REG_EXTENDED);
if (compare != 0) {
char buffer[256];
regerror(compare, ®, buffer, sizeof(buffer));
RDEBUG("Invalid regular expression %s: %s", check->vp_strvalue, buffer);
return -2;
}
compare = regexec(®, value, REQUEST_MAX_REGEX + 1, rxmatch, 0);
regfree(®);
ret = (compare != 0) ? 0 : -1;
}
#endif
/*
* Attributes must be of the same type.
*
* FIXME: deal with type mismatch properly if one side contain
* ABINARY, OCTETS or STRING by converting the other side to
* a string
*
*/
if (vp->da->type != check->da->type) return -1;
/*
* Tagged attributes are equal if and only if both the
* tag AND value match.
*/
if (check->da->flags.has_tag) {
ret = ((int) vp->tag) - ((int) check->tag);
goto finish;
}
/*
* Not a regular expression, compare the types.
*/
switch(check->da->type) {
#ifdef WITH_ASCEND_BINARY
/*
* Ascend binary attributes can be treated
* as opaque objects, I guess...
*/
case PW_TYPE_ABINARY:
#endif
case PW_TYPE_OCTETS:
if (vp->length != check->length) {
ret = 1; /* NOT equal */
break;
}
ret = memcmp(vp->vp_strvalue, check->vp_strvalue,
vp->length);
break;
case PW_TYPE_STRING:
ret = strcmp(vp->vp_strvalue,
check->vp_strvalue);
break;
case PW_TYPE_BYTE:
case PW_TYPE_SHORT:
case PW_TYPE_INTEGER:
ret = vp->vp_integer - check->vp_integer;
break;
case PW_TYPE_INTEGER64:
/*
* Don't want integer overflow!
*/
if (vp->vp_integer64 < check->vp_integer64) {
ret = -1;
} else if (vp->vp_integer64 > check->vp_integer64) {
ret = +1;
} else {
ret = 0;
}
break;
case PW_TYPE_SIGNED:
if (vp->vp_signed < check->vp_signed) {
ret = -1;
} else if (vp->vp_signed > check->vp_signed) {
ret = +1;
} else {
ret = 0;
}
break;
case PW_TYPE_DATE:
ret = vp->vp_date - check->vp_date;
break;
case PW_TYPE_IPADDR:
ret = ntohl(vp->vp_ipaddr) - ntohl(check->vp_ipaddr);
break;
case PW_TYPE_IPV6ADDR:
ret = memcmp(&vp->vp_ipv6addr, &check->vp_ipv6addr,
sizeof(vp->vp_ipv6addr));
break;
case PW_TYPE_IPV6PREFIX:
ret = memcmp(&vp->vp_ipv6prefix, &check->vp_ipv6prefix,
sizeof(vp->vp_ipv6prefix));
break;
case PW_TYPE_IFID:
ret = memcmp(&vp->vp_ifid, &check->vp_ifid,
sizeof(vp->vp_ifid));
break;
default:
break;
}
finish:
if (ret > 0) {
return 1;
}
if (ret < 0) {
return -1;
}
return 0;
}
/*
* get the vps and put them in perl hash
* If one VP have multiple values it is added as array_ref
* Example for this is Cisco-AVPair that holds multiple values.
* Which will be available as array_ref in $RAD_REQUEST{'Cisco-AVPair'}
*/
static void perl_store_vps(UNUSED TALLOC_CTX *ctx, REQUEST *request, VALUE_PAIR **vps, HV *rad_hv,
const char *hash_name, const char *list_name)
{
VALUE_PAIR *vp;
hv_undef(rad_hv);
vp_cursor_t cursor;
RINDENT();
fr_pair_list_sort(vps, fr_pair_cmp_by_da_tag);
for (vp = fr_cursor_init(&cursor, vps);
vp;
vp = fr_cursor_next(&cursor)) {
VALUE_PAIR *next;
char const *name;
char namebuf[256];
char buffer[1024];
size_t len;
/*
* Tagged attributes are added to the hash with name
* <attribute>:<tag>, others just use the normal attribute
* name as the key.
*/
if (vp->da->flags.has_tag && (vp->tag != TAG_ANY)) {
snprintf(namebuf, sizeof(namebuf), "%s:%d", vp->da->name, vp->tag);
name = namebuf;
} else {
name = vp->da->name;
}
/*
* We've sorted by type, then tag, so attributes of the
* same type/tag should follow on from each other.
*/
if ((next = fr_cursor_next_peek(&cursor)) && ATTRIBUTE_EQ(vp, next)) {
int i = 0;
AV *av;
av = newAV();
perl_vp_to_svpvn_element(request, av, vp, &i, hash_name, list_name);
do {
perl_vp_to_svpvn_element(request, av, next, &i, hash_name, list_name);
fr_cursor_next(&cursor);
} while ((next = fr_cursor_next_peek(&cursor)) && ATTRIBUTE_EQ(vp, next));
(void)hv_store(rad_hv, name, strlen(name), newRV_noinc((SV *)av), 0);
continue;
}
/*
* It's a normal single valued attribute
*/
switch (vp->da->type) {
case PW_TYPE_STRING:
RDEBUG("$%s{'%s'} = &%s:%s -> '%s'", hash_name, vp->da->name, list_name,
vp->da->name, vp->vp_strvalue);
(void)hv_store(rad_hv, name, strlen(name), newSVpvn(vp->vp_strvalue, vp->vp_length), 0);
break;
default:
len = vp_prints_value(buffer, sizeof(buffer), vp, 0);
RDEBUG("$%s{'%s'} = &%s:%s -> '%s'", hash_name, vp->da->name,
list_name, vp->da->name, buffer);
(void)hv_store(rad_hv, name, strlen(name),
newSVpvn(buffer, truncate_len(len, sizeof(buffer))), 0);
break;
}
}
REXDENT();
}
/** Convert value pairs to json objects
*
* Take the passed value pair and convert it to a json-c JSON object.
* This code is heavily based on the vp_prints_value_json() function
* from src/lib/print.c.
*
* @param request The request object.
* @param vp The value pair to convert.
* @return Returns a JSON object.
*/
json_object *mod_value_pair_to_json_object(REQUEST *request, VALUE_PAIR *vp)
{
char value[255]; /* radius attribute value */
/* add this attribute/value pair to our json output */
if (!vp->da->flags.has_tag) {
unsigned int i;
switch (vp->da->type) {
case PW_TYPE_INTEGER:
i = vp->vp_integer;
goto print_int;
case PW_TYPE_SHORT:
i = vp->vp_short;
goto print_int;
case PW_TYPE_BYTE:
i = vp->vp_byte;
print_int:
/* skip if we have flags */
if (vp->da->flags.has_value) break;
#ifdef HAVE_JSON_OBJECT_NEW_INT64
/* debug */
RDEBUG3("creating new int64 for unsigned 32 bit int/byte/short '%s'", vp->da->name);
/* return as 64 bit int - JSON spec does not support unsigned ints */
return json_object_new_int64(i);
#else
/* debug */
RDEBUG3("creating new int for unsigned 32 bit int/byte/short '%s'", vp->da->name);
/* return as 64 bit int - JSON spec does not support unsigned ints */
return json_object_new_int(i);
#endif
break;
case PW_TYPE_SIGNED:
#ifdef HAVE_JSON_OBJECT_NEW_INT64
/* debug */
RDEBUG3("creating new int64 for signed 32 bit integer '%s'", vp->da->name);
/* return as 64 bit int - json-c represents all ints as 64 bits internally */
return json_object_new_int64(vp->vp_signed);
#else
RDEBUG3("creating new int for signed 32 bit integer '%s'", vp->da->name);
/* return as signed int */
return json_object_new_int(vp->vp_signed);
#endif
break;
case PW_TYPE_INTEGER64:
#ifdef HAVE_JSON_OBJECT_NEW_INT64
/* debug */
RDEBUG3("creating new int64 for 64 bit integer '%s'", vp->da->name);
/* return as 64 bit int - because it is a 64 bit int */
return json_object_new_int64(vp->vp_integer64);
#else
/* warning */
RWARN("skipping 64 bit integer attribute '%s' - please upgrade json-c to 0.10+", vp->da->name);
#endif
break;
default:
/* silence warnings - do nothing */
break;
}
}
/* keep going if not set above */
switch (vp->da->type) {
case PW_TYPE_STRING:
/* debug */
RDEBUG3("assigning string '%s' as string", vp->da->name);
/* return string value */
return json_object_new_string(vp->vp_strvalue);
default:
/* debug */
RDEBUG3("assigning unhandled '%s' as string", vp->da->name);
/* get standard value */
vp_prints_value(value, sizeof(value), vp, 0);
/* return string value from above */
return json_object_new_string(value);
}
}
/** Convert value_pair_map_t to VALUE_PAIR(s) and add them to a REQUEST.
*
* Takes a single value_pair_map_t, resolves request and list identifiers
* to pointers in the current request, then attempts to retrieve module
* specific value(s) using callback, and adds the resulting values to the
* correct request/list.
*
* @param request The current request.
* @param map specifying destination attribute and location and src identifier.
* @param func to retrieve module specific values and convert them to
* VALUE_PAIRS.
* @param ctx to be passed to func.
* @param src name to be used in debugging if different from map value.
* @return -1 if the operation failed, -2 in the source attribute wasn't valid, 0 on success.
*/
int radius_map2request(REQUEST *request, value_pair_map_t const *map,
UNUSED char const *src, radius_tmpl_getvalue_t func, void *ctx)
{
int rcode;
vp_cursor_t cursor;
VALUE_PAIR **list, *vp, *head = NULL;
char buffer[1024];
if (radius_request(&request, map->dst->request) < 0) {
REDEBUG("Mapping \"%s\" -> \"%s\" invalid in this context", map->src->name, map->dst->name);
return -2;
}
list = radius_list(request, map->dst->list);
if (!list) {
REDEBUG("Mapping \"%s\" -> \"%s\" invalid in this context", map->src->name, map->dst->name);
return -2;
}
/*
* The callback should either return -1 to signify operations error, -2 when it can't find the
* attribute or list being referenced, or 0 to signify success.
* It may return "sucess", but still have no VPs to work with.
* Only if it returned an error code should it not write anything to the head pointer.
*/
rcode = func(&head, request, map, ctx);
if (rcode < 0) {
rad_assert(!head);
return rcode;
}
if (!head) return 0;
VERIFY_VP(head);
if (debug_flag) for (vp = paircursor(&cursor, &head); vp; vp = pairnext(&cursor)) {
char *value;
switch (map->src->type) {
/*
* Just print the value being assigned
*/
default:
case VPT_TYPE_LITERAL:
vp_prints_value(buffer, sizeof(buffer), vp, '\'');
value = buffer;
break;
case VPT_TYPE_XLAT:
vp_prints_value(buffer, sizeof(buffer), vp, '"');
value = buffer;
break;
case VPT_TYPE_DATA:
vp_prints_value(buffer, sizeof(buffer), vp, 0);
value = buffer;
break;
/*
* Just printing the value doesn't make sense, but we still
* want to know what it was...
*/
case VPT_TYPE_LIST:
vp_prints_value(buffer, sizeof(buffer), vp, '\'');
value = talloc_asprintf(request, "&%s%s -> %s", map->src->name, vp->da->name, buffer);
break;
case VPT_TYPE_ATTR:
vp_prints_value(buffer, sizeof(buffer), vp, '\'');
value = talloc_asprintf(request, "&%s -> %s", map->src->name, buffer);
break;
}
RDEBUG("\t\t%s %s %s", map->dst->name, fr_int2str(fr_tokens, vp->op, "<INVALID>"), value);
if (value != buffer) talloc_free(value);
}
/*
* Use pairmove so the operator is respected
*/
radius_pairmove(request, list, head);
return 0;
}
/*
* Compare two pairs, using the operator from "one".
*
* i.e. given two attributes, it does:
*
* (two->data) (one->operator) (one->data)
*
* e.g. "foo" != "bar"
*
* Returns true (comparison is true), or false (comparison is not true);
*
* FIXME: Ignores tags!
*/
int paircmp(VALUE_PAIR *one, VALUE_PAIR *two)
{
int compare;
switch (one->operator) {
case T_OP_CMP_TRUE:
return (two != NULL);
case T_OP_CMP_FALSE:
return (two == NULL);
/*
* One is a regex, compile it, print two to a string,
* and then do string comparisons.
*/
case T_OP_REG_EQ:
case T_OP_REG_NE:
#ifndef HAVE_REGEX_H
return -1;
#else
{
regex_t reg;
char buffer[MAX_STRING_LEN * 4 + 1];
compare = regcomp(®, one->vp_strvalue,
REG_EXTENDED);
if (compare != 0) {
regerror(compare, ®, buffer, sizeof(buffer));
fr_strerror_printf("Illegal regular expression in attribute: %s: %s",
one->name, buffer);
return -1;
}
vp_prints_value(buffer, sizeof(buffer), two, 0);
/*
* Don't care about substring matches,
* oh well...
*/
compare = regexec(®, buffer, 0, NULL, 0);
regfree(®);
if (one->operator == T_OP_REG_EQ) return (compare == 0);
return (compare != 0);
}
#endif
default: /* we're OK */
break;
}
/*
* After doing the previous check for special comparisons,
* do the per-type comparison here.
*/
switch (one->type) {
case PW_TYPE_ABINARY:
case PW_TYPE_OCTETS:
{
size_t length;
if (one->length < two->length) {
length = one->length;
} else {
length = two->length;
}
if (length) {
compare = memcmp(two->vp_octets, one->vp_octets,
length);
if (compare != 0) break;
}
/*
* Contents are the same. The return code
* is therefore the difference in lengths.
*
* i.e. "0x00" is smaller than "0x0000"
*/
compare = two->length - one->length;
}
break;
case PW_TYPE_STRING:
compare = strcmp(two->vp_strvalue, one->vp_strvalue);
break;
case PW_TYPE_BYTE:
case PW_TYPE_SHORT:
case PW_TYPE_INTEGER:
case PW_TYPE_DATE:
compare = two->vp_integer - one->vp_integer;
break;
case PW_TYPE_IPADDR:
compare = ntohl(two->vp_ipaddr) - ntohl(one->vp_ipaddr);
break;
case PW_TYPE_IPV6ADDR:
compare = memcmp(&two->vp_ipv6addr, &one->vp_ipv6addr,
sizeof(two->vp_ipv6addr));
break;
case PW_TYPE_IPV6PREFIX:
compare = memcmp(&two->vp_ipv6prefix, &one->vp_ipv6prefix,
sizeof(two->vp_ipv6prefix));
break;
case PW_TYPE_IFID:
compare = memcmp(&two->vp_ifid, &one->vp_ifid,
sizeof(two->vp_ifid));
break;
default:
return 0; /* unknown type */
}
/*
* Now do the operator comparison.
*/
switch (one->operator) {
case T_OP_CMP_EQ:
return (compare == 0);
case T_OP_NE:
return (compare != 0);
case T_OP_LT:
return (compare < 0);
case T_OP_GT:
return (compare > 0);
case T_OP_LE:
return (compare <= 0);
case T_OP_GE:
return (compare >= 0);
default:
return 0;
}
return 0;
}
/*
* *presult is "did comparison match or not"
*/
static int radius_do_cmp(REQUEST *request, int *presult,
FR_TOKEN lt, const char *pleft, FR_TOKEN token,
FR_TOKEN rt, const char *pright,
int cflags, int modreturn)
{
int result;
uint32_t lint, rint;
VALUE_PAIR *vp = NULL;
#ifdef HAVE_REGEX_H
char buffer[8192];
#else
cflags = cflags; /* -Wunused */
#endif
rt = rt; /* -Wunused */
if (lt == T_BARE_WORD) {
/*
* Maybe check the last return code.
*/
if (token == T_OP_CMP_TRUE) {
int isreturn;
/*
* Looks like a return code, treat is as such.
*/
isreturn = fr_str2int(modreturn_table, pleft, -1);
if (isreturn != -1) {
*presult = (modreturn == isreturn);
return TRUE;
}
}
/*
* Bare words on the left can be attribute names.
*/
if (radius_get_vp(request, pleft, &vp)) {
VALUE_PAIR myvp;
/*
* VP exists, and that's all we're looking for.
*/
if (token == T_OP_CMP_TRUE) {
*presult = (vp != NULL);
return TRUE;
}
if (!vp) {
DICT_ATTR *da;
/*
* The attribute on the LHS may
* have been a dynamically
* registered callback. i.e. it
* doesn't exist as a VALUE_PAIR.
* If so, try looking for it.
*/
da = dict_attrbyname(pleft);
if (da && (da->vendor == 0) && radius_find_compare(da->attr)) {
VALUE_PAIR *check = pairmake(pleft, pright, token);
*presult = (radius_callback_compare(request, NULL, check, NULL, NULL) == 0);
RDEBUG3(" Callback returns %d",
*presult);
pairfree(&check);
return TRUE;
}
RDEBUG2(" (Attribute %s was not found)",
pleft);
*presult = 0;
return TRUE;
}
#ifdef HAVE_REGEX_H
/*
* Regex comparisons treat everything as
* strings.
*/
if ((token == T_OP_REG_EQ) ||
(token == T_OP_REG_NE)) {
vp_prints_value(buffer, sizeof(buffer), vp, 0);
pleft = buffer;
goto do_checks;
}
#endif
memcpy(&myvp, vp, sizeof(myvp));
if (!pairparsevalue(&myvp, pright)) {
RDEBUG2("Failed parsing \"%s\": %s",
pright, fr_strerror());
return FALSE;
}
myvp.operator = token;
*presult = paircmp(&myvp, vp);
RDEBUG3(" paircmp -> %d", *presult);
return TRUE;
} /* else it's not a VP in a list */
}
#ifdef HAVE_REGEX_H
do_checks:
#endif
switch (token) {
case T_OP_GE:
case T_OP_GT:
case T_OP_LE:
case T_OP_LT:
if (!all_digits(pright)) {
RDEBUG2(" (Right field is not a number at: %s)", pright);
return FALSE;
}
rint = strtoul(pright, NULL, 0);
if (!all_digits(pleft)) {
RDEBUG2(" (Left field is not a number at: %s)", pleft);
return FALSE;
}
lint = strtoul(pleft, NULL, 0);
break;
default:
lint = rint = 0; /* quiet the compiler */
break;
}
switch (token) {
case T_OP_CMP_TRUE:
/*
* Check for truth or falsehood.
*/
if (all_digits(pleft)) {
lint = strtoul(pleft, NULL, 0);
result = (lint != 0);
} else {
result = (*pleft != '\0');
}
break;
case T_OP_CMP_EQ:
result = (strcmp(pleft, pright) == 0);
break;
case T_OP_NE:
result = (strcmp(pleft, pright) != 0);
break;
case T_OP_GE:
result = (lint >= rint);
break;
case T_OP_GT:
result = (lint > rint);
break;
case T_OP_LE:
result = (lint <= rint);
break;
case T_OP_LT:
result = (lint < rint);
break;
#ifdef HAVE_REGEX_H
case T_OP_REG_EQ: {
int i, compare;
regex_t reg;
regmatch_t rxmatch[REQUEST_MAX_REGEX + 1];
/*
* Include substring matches.
*/
compare = regcomp(®, pright, cflags);
if (compare != 0) {
if (debug_flag) {
char errbuf[128];
regerror(compare, ®, errbuf, sizeof(errbuf));
DEBUG("ERROR: Failed compiling regular expression: %s", errbuf);
}
return FALSE;
}
compare = regexec(®, pleft,
REQUEST_MAX_REGEX + 1,
rxmatch, 0);
regfree(®);
/*
* Add new %{0}, %{1}, etc.
*/
if (compare == 0) for (i = 0; i <= REQUEST_MAX_REGEX; i++) {
char *r;
free(request_data_get(request, request,
REQUEST_DATA_REGEX | i));
/*
* No %{i}, skip it.
* We MAY have %{2} without %{1}.
*/
if (rxmatch[i].rm_so == -1) continue;
/*
* Copy substring into allocated buffer
*/
r = rad_malloc(rxmatch[i].rm_eo -rxmatch[i].rm_so + 1);
memcpy(r, pleft + rxmatch[i].rm_so,
rxmatch[i].rm_eo - rxmatch[i].rm_so);
r[rxmatch[i].rm_eo - rxmatch[i].rm_so] = '\0';
request_data_add(request, request,
REQUEST_DATA_REGEX | i,
r, free);
}
result = (compare == 0);
}
break;
case T_OP_REG_NE: {
int compare;
regex_t reg;
regmatch_t rxmatch[REQUEST_MAX_REGEX + 1];
/*
* Include substring matches.
*/
compare = regcomp(®, pright, cflags);
if (compare != 0) {
if (debug_flag) {
char errbuf[128];
regerror(compare, ®, errbuf, sizeof(errbuf));
DEBUG("ERROR: Failed compiling regular expression: %s", errbuf);
}
return FALSE;
}
compare = regexec(®, pleft,
REQUEST_MAX_REGEX + 1,
rxmatch, 0);
regfree(®);
result = (compare != 0);
}
break;
#endif
default:
DEBUG("ERROR: Comparison operator %s is not supported",
fr_token_name(token));
result = FALSE;
break;
}
*presult = result;
return TRUE;
}
/** Start a process
*
* @param cmd Command to execute. This is parsed into argv[] parts,
* then each individual argv part is xlat'ed.
* @param request Current reuqest
* @param exec_wait set to 1 if you want to read from or write to child
* @param[in,out] input_fd pointer to int, receives the stdin file.
* descriptor. Set to NULL and the child will have /dev/null on stdin
* @param[in,out] output_fd pinter to int, receives the stdout file
* descriptor. Set to NULL and child will have /dev/null on stdout.
* @param input_pairs list of value pairs - these will be put into
* the environment variables of the child.
* @param shell_escape
* @return PID of the child process, -1 on error.
*/
pid_t radius_start_program(const char *cmd, REQUEST *request,
int exec_wait,
int *input_fd,
int *output_fd,
VALUE_PAIR *input_pairs,
int shell_escape)
{
const char *from;
char *to;
#ifndef __MINGW32__
char *p;
VALUE_PAIR *vp;
int n;
int to_child[2] = {-1, -1};
int from_child[2] = {-1, -1};
pid_t pid;
#endif
int argc = -1;
int i;
int left;
char *argv[MAX_ARGV];
char argv_buf[4096];
#define MAX_ENVP 1024
char *envp[MAX_ENVP];
char mycmd[1024];
if (strlen(cmd) > (sizeof(mycmd) - 1)) {
radlog(L_ERR|L_CONS, "Command line is too long");
return -1;
}
/*
* Check for bad escapes.
*/
if (cmd[strlen(cmd) - 1] == '\\') {
radlog(L_ERR|L_CONS, "Command line has final backslash, without a following character");
return -1;
}
strlcpy(mycmd, cmd, sizeof(mycmd));
/*
* Split the string into argv's BEFORE doing radius_xlat...
*/
from = cmd;
to = mycmd;
argc = 0;
while (*from) {
int length;
/*
* Skip spaces.
*/
if ((*from == ' ') || (*from == '\t')) {
from++;
continue;
}
argv[argc] = to;
argc++;
if (argc >= (MAX_ARGV - 1)) break;
/*
* Copy the argv over to our buffer.
*/
while (*from && (*from != ' ') && (*from != '\t')) {
if (to >= mycmd + sizeof(mycmd) - 1) {
return -1; /* ran out of space */
}
switch (*from) {
case '"':
case '\'':
length = rad_copy_string(to, from);
if (length < 0) {
radlog(L_ERR|L_CONS, "Invalid string passed as argument for external program");
return -1;
}
from += length;
to += length;
break;
case '%':
if (from[1] == '{') {
*(to++) = *(from++);
length = rad_copy_variable(to, from);
if (length < 0) {
radlog(L_ERR|L_CONS, "Invalid variable expansion passed as argument for external program");
return -1;
}
from += length;
to += length;
} else { /* FIXME: catch %%{ ? */
*(to++) = *(from++);
}
break;
case '\\':
if (from[1] == ' ') from++;
/* FALL-THROUGH */
default:
*(to++) = *(from++);
}
} /* end of string, or found a space */
*(to++) = '\0'; /* terminate the string */
}
/*
* We have to have SOMETHING, at least.
*/
if (argc <= 0) {
radlog(L_ERR, "Exec-Program: empty command line.");
return -1;
}
/*
* Expand each string, as appropriate.
*/
to = argv_buf;
left = sizeof(argv_buf);
for (i = 0; i < argc; i++) {
int sublen;
/*
* Don't touch argv's which won't be translated.
*/
if (strchr(argv[i], '%') == NULL) continue;
if (!request) continue;
sublen = radius_xlat(to, left - 1, argv[i], request, NULL);
if (sublen <= 0) {
/*
* Fail to be backwards compatible.
*
* It's yucky, but it won't break anything,
* and it won't cause security problems.
*/
sublen = 0;
}
argv[i] = to;
to += sublen;
*(to++) = '\0';
left -= sublen;
left--;
if (left <= 0) {
radlog(L_ERR, "Exec-Program: Ran out of space while expanding arguments.");
return -1;
}
}
argv[argc] = NULL;
#ifndef __MINGW32__
/*
* Open a pipe for child/parent communication, if necessary.
*/
if (exec_wait) {
if (input_fd) {
if (pipe(to_child) != 0) {
radlog(L_ERR|L_CONS, "Couldn't open pipe to child: %s",
strerror(errno));
return -1;
}
}
if (output_fd) {
if (pipe(from_child) != 0) {
radlog(L_ERR|L_CONS, "Couldn't open pipe from child: %s",
strerror(errno));
/* safe because these either need closing or are == -1 */
close(to_child[0]);
close(to_child[1]);
return -1;
}
}
}
envp[0] = NULL;
if (input_pairs) {
int envlen;
char buffer[1024];
/*
* Set up the environment variables in the
* parent, so we don't call libc functions that
* hold mutexes. They might be locked when we fork,
* and will remain locked in the child.
*/
envlen = 0;
for (vp = input_pairs; vp != NULL; vp = vp->next) {
/*
* Hmm... maybe we shouldn't pass the
* user's password in an environment
* variable...
*/
snprintf(buffer, sizeof(buffer), "%s=", vp->name);
if (shell_escape) {
for (p = buffer; *p != '='; p++) {
if (*p == '-') {
*p = '_';
} else if (isalpha((int) *p)) {
*p = toupper(*p);
}
}
}
n = strlen(buffer);
vp_prints_value(buffer+n, sizeof(buffer) - n, vp, shell_escape);
envp[envlen++] = strdup(buffer);
/*
* Don't add too many attributes.
*/
if (envlen == (MAX_ENVP - 1)) break;
}
envp[envlen] = NULL;
}
if (exec_wait) {
pid = rad_fork(); /* remember PID */
} else {
pid = fork(); /* don't wait */
}
if (pid == 0) {
int devnull;
/*
* Child process.
*
* We try to be fail-safe here. So if ANYTHING
* goes wrong, we exit with status 1.
*/
/*
* Open STDIN to /dev/null
*/
devnull = open("/dev/null", O_RDWR);
if (devnull < 0) {
radlog(L_ERR|L_CONS, "Failed opening /dev/null: %s\n",
strerror(errno));
exit(1);
}
/*
* Only massage the pipe handles if the parent
* has created them.
*/
if (exec_wait) {
if (input_fd) {
close(to_child[1]);
dup2(to_child[0], STDIN_FILENO);
} else {
dup2(devnull, STDIN_FILENO);
}
if (output_fd) {
close(from_child[0]);
dup2(from_child[1], STDOUT_FILENO);
} else {
dup2(devnull, STDOUT_FILENO);
}
} else { /* no pipe, STDOUT should be /dev/null */
dup2(devnull, STDIN_FILENO);
dup2(devnull, STDOUT_FILENO);
}
/*
* If we're not debugging, then we can't do
* anything with the error messages, so we throw
* them away.
*
* If we are debugging, then we want the error
* messages to go to the STDERR of the server.
*/
if (debug_flag == 0) {
dup2(devnull, STDERR_FILENO);
}
close(devnull);
/*
* The server may have MANY FD's open. We don't
* want to leave dangling FD's for the child process
* to play funky games with, so we close them.
*/
closefrom(3);
execve(argv[0], argv, envp);
radlog(L_ERR, "Exec-Program: FAILED to execute %s: %s",
argv[0], strerror(errno));
exit(1);
}
/*
* Free child environment variables
*/
for (i = 0; envp[i] != NULL; i++) {
free(envp[i]);
}
/*
* Parent process.
*/
if (pid < 0) {
radlog(L_ERR|L_CONS, "Couldn't fork %s: %s",
argv[0], strerror(errno));
if (exec_wait) {
/* safe because these either need closing or are == -1 */
close(to_child[0]);
close(to_child[1]);
close(from_child[0]);
close(from_child[0]);
}
return -1;
}
/*
* We're not waiting, exit, and ignore any child's status.
*/
if (exec_wait) {
/*
* Close the ends of the pipe(s) the child is using
* return the ends of the pipe(s) our caller wants
*
*/
if (input_fd) {
*input_fd = to_child[1];
close(to_child[0]);
}
if (output_fd) {
*output_fd = from_child[0];
close(from_child[1]);
}
}
return pid;
#else
if (exec_wait) {
radlog(L_ERR, "Exec-Program-Wait is not supported");
return -1;
}
{
/*
* The _spawn and _exec families of functions are
* found in Windows compiler libraries for
* portability from UNIX. There is a variety of
* functions, including the ability to pass
* either a list or array of parameters, to
* search in the PATH or otherwise, and whether
* or not to pass an environment (a set of
* environment variables). Using _spawn, you can
* also specify whether you want the new process
* to close your program (_P_OVERLAY), to wait
* until the new process is finished (_P_WAIT) or
* for the two to run concurrently (_P_NOWAIT).
* _spawn and _exec are useful for instances in
* which you have simple requirements for running
* the program, don't want the overhead of the
* Windows header file, or are interested
* primarily in portability.
*/
/*
* FIXME: check return code... what is it?
*/
_spawnve(_P_NOWAIT, argv[0], argv, envp);
}
return 0;
#endif
}
/*
* Evaluate a condition
*/
static int evaluate_condition(policy_state_t *state, const policy_item_t *item)
{
int rcode;
const policy_condition_t *this;
VALUE_PAIR *vp = NULL;
const char *data = NULL;
int compare;
#ifdef HAVE_REGEX_H
regex_t reg;
#endif
char buffer[256];
char lhs_buffer[2048];
this = (const policy_condition_t *) item;
redo:
/*
* FIXME: Don't always do this...
*/
if (this->compare != POLICY_LEX_L_BRACKET) {
if (this->lhs_type == POLICY_LEX_FUNCTION) {
/*
* We can't call evaluate_call here,
* because that just pushes stuff onto
* the stack, and we want to actually
* evaluate all of it...
*/
rcode = policy_evaluate_name(state, this->lhs);
data = fr_int2str(policy_return_codes, rcode, "???");
strlcpy(lhs_buffer, data, sizeof(lhs_buffer)); /* FIXME: yuck */
} else if (this->lhs_type == POLICY_LEX_DOUBLE_QUOTED_STRING) {
if (radius_xlat(lhs_buffer, sizeof(lhs_buffer), this->lhs,
state->request, NULL, NULL) > 0) {
data = lhs_buffer;
}
}
}
switch (this->compare) {
case POLICY_LEX_L_BRACKET: /* nested brackets are a special case */
rcode = evaluate_condition(state, this->child);
break;
case POLICY_LEX_L_NOT:
rcode = evaluate_condition(state, this->child);
rcode = (rcode == FALSE); /* reverse sense of test */
break;
case POLICY_LEX_CMP_FALSE: /* non-existence */
if (this->lhs_type == POLICY_LEX_BARE_WORD) {
vp = find_vp(state->request, this->lhs);
rcode = (vp == NULL);
} else {
rcode = (data == NULL);
}
break;
case POLICY_LEX_CMP_TRUE: /* existence */
if (this->lhs_type == POLICY_LEX_BARE_WORD) {
vp = find_vp(state->request, this->lhs);
rcode = (vp != NULL);
} else {
rcode = (data != NULL);
}
break;
default: /* process other comparisons */
if ((this->compare != POLICY_LEX_CMP_EQUALS) &&
#ifdef HAVE_REGEX_H
(this->compare != POLICY_LEX_RX_EQUALS) &&
(this->compare != POLICY_LEX_RX_NOT_EQUALS) &&
#endif
(this->compare != POLICY_LEX_LT) &&
(this->compare != POLICY_LEX_GT) &&
(this->compare != POLICY_LEX_LE) &&
(this->compare != POLICY_LEX_GE) &&
(this->compare != POLICY_LEX_CMP_NOT_EQUALS)) {
fprintf(stderr, "%d: bad comparison\n",
this->item.lineno);
return FALSE;
}
if (this->lhs_type == POLICY_LEX_BARE_WORD) {
VALUE_PAIR *myvp;
vp = find_vp(state->request, this->lhs);
/*
* A op B is FALSE if A doesn't
* exist.
*/
if (!vp) {
rcode = FALSE;
break;
}
/*
* FIXME: Move sanity checks to
* post-parse code, so we don't do
* it on every packet.
*/
vp_prints_value(buffer, sizeof(buffer), vp, 0);
myvp = pairmake(vp->name, this->rhs, T_OP_EQ);
if (!myvp) return FALSE; /* memory failure */
data = buffer;
/*
* FIXME: What to do about comparisons
* where vp doesn't exist? Right now,
* "simplepaircmp" returns -1, which is
* probably a bad idea. it should
* instead take an operator, a pointer to
* the comparison result, and return
* "true/false" for "comparions
* succeeded/failed", which are different
* error codes than "comparison is less
* than, equal to, or greater than zero".
*/
compare = radius_callback_compare(state->request,
vp, myvp, NULL, NULL);
pairfree(&myvp);
} else {
/*
* FIXME: Do something for RHS type?
*/
fr_printf_log("CMP %s %s\n", lhs_buffer, this->rhs);
compare = strcmp(lhs_buffer, this->rhs);
}
debug_evaluate("CONDITION COMPARE %d\n", compare);
switch (this->compare) {
case POLICY_LEX_CMP_EQUALS:
rcode = (compare == 0);
break;
case POLICY_LEX_CMP_NOT_EQUALS:
rcode = (compare != 0);
break;
case POLICY_LEX_LT:
rcode = (compare < 0);
break;
case POLICY_LEX_GT:
rcode = (compare > 0);
break;
case POLICY_LEX_LE:
rcode =(compare <= 0);
break;
case POLICY_LEX_GE:
rcode = (compare >= 0);
break;
#ifdef HAVE_REGEX_H
case POLICY_LEX_RX_EQUALS:
{ /* FIXME: copied from src/main/valuepair.c */
int i;
regmatch_t rxmatch[REQUEST_MAX_REGEX + 1];
/*
* Include substring matches.
*/
if (regcomp(®, this->rhs,
REG_EXTENDED) != 0) {
/* FIXME: print error */
return FALSE;
}
rad_assert(data != NULL);
rcode = regexec(®, data,
REQUEST_MAX_REGEX + 1,
rxmatch, 0);
rcode = (rcode == 0);
regfree(®);
/*
* Add %{0}, %{1}, etc.
*/
for (i = 0; i <= REQUEST_MAX_REGEX; i++) {
char *p;
char rxbuffer[256];
/*
* Didn't match: delete old
* match, if it existed.
*/
if (!rcode ||
(rxmatch[i].rm_so == -1)) {
p = request_data_get(state->request, state->request,
REQUEST_DATA_REGEX | i);
if (p) {
free(p);
continue;
}
/*
* No previous match
* to delete, stop.
*/
break;
}
/*
* Copy substring into buffer.
*/
memcpy(rxbuffer,
data + rxmatch[i].rm_so,
rxmatch[i].rm_eo - rxmatch[i].rm_so);
rxbuffer[rxmatch[i].rm_eo - rxmatch[i].rm_so] = '\0';
/*
* Copy substring, and add it to
* the request.
*
* Note that we don't check
* for out of memory, which is
* the only error we can get...
*/
p = strdup(rxbuffer);
request_data_add(state->request,
state->request,
REQUEST_DATA_REGEX | i,
p, free);
}
}
break;
case POLICY_LEX_RX_NOT_EQUALS:
regcomp(®, this->rhs, REG_EXTENDED|REG_NOSUB);
rad_assert(data != NULL);
rcode = regexec(®, data,
0, NULL, 0);
rcode = (rcode != 0);
regfree(®);
break;
#endif /* HAVE_REGEX_H */
default:
rcode = FALSE;
break;
} /* switch over comparison operators */
break; /* default from first switch over compare */
}
if (this->sense) rcode = (rcode == FALSE); /* reverse sense of test */
/*
* No trailing &&, ||
*/
switch (this->child_condition) {
default:
return rcode;
case POLICY_LEX_L_AND:
if (!rcode) return rcode; /* FALSE && x == FALSE */
break;
case POLICY_LEX_L_OR:
if (rcode) return rcode; /* TRUE && x == TRUE */
break;
}
/*
* Tail recursion.
*/
this = (const policy_condition_t *) this->child;
goto redo;
return 1; /* should never reach here */
}
/*
* Allow single attribute values to be retrieved from the cache.
*/
static ssize_t cache_xlat(void *instance, REQUEST *request,
char const *fmt, char *out, size_t freespace)
{
rlm_cache_entry_t *c;
rlm_cache_t *inst = instance;
rlm_cache_handle_t *handle;
VALUE_PAIR *vp, *vps;
pair_lists_t list;
DICT_ATTR const *target;
char const *p = fmt;
size_t len;
int ret = 0;
list = radius_list_name(&p, PAIR_LIST_REQUEST);
target = dict_attrbyname(p);
if (!target) {
REDEBUG("Unknown attribute \"%s\"", p);
return -1;
}
if (cache_acquire(&handle, inst, request) < 0) return -1;
switch (cache_find(&c, inst, request, handle, fmt)) {
case RLM_MODULE_OK: /* found */
break;
case RLM_MODULE_NOTFOUND: /* not found */
*out = '\0';
return 0;
default:
return -1;
}
switch (list) {
case PAIR_LIST_REQUEST:
vps = c->packet;
break;
case PAIR_LIST_REPLY:
vps = c->reply;
break;
case PAIR_LIST_CONTROL:
vps = c->control;
break;
case PAIR_LIST_UNKNOWN:
REDEBUG("Unknown list qualifier in \"%s\"", fmt);
ret = -1;
goto finish;
default:
REDEBUG("Unsupported list \"%s\"", fr_int2str(pair_lists, list, "<UNKNOWN>"));
ret = -1;
goto finish;
}
vp = pairfind(vps, target->attr, target->vendor, TAG_ANY);
if (!vp) {
RDEBUG("No instance of this attribute has been cached");
*out = '\0';
goto finish;
}
len = vp_prints_value(out, freespace, vp, 0);
if (is_truncated(len, freespace)) {
REDEBUG("Insufficient buffer space to write cached value");
ret = -1;
goto finish;
}
finish:
cache_free(inst, &c);
cache_release(inst, request, &handle);
return ret;
}
/*
* get the vps and put them in perl hash
* If one VP have multiple values it is added as array_ref
* Example for this is Cisco-AVPair that holds multiple values.
* Which will be available as array_ref in $RAD_REQUEST{'Cisco-AVPair'}
*/
static void perl_store_vps(VALUE_PAIR *vp, HV *rad_hv)
{
VALUE_PAIR *nvp, *vpa, *vpn;
AV *av;
const char *name;
char namebuf[256];
char buffer[1024];
int len;
hv_undef(rad_hv);
/*
* Copy the valuepair list so we can remove attributes we've
* already processed.
*/
nvp = paircopy(vp);
while (nvp != NULL) {
/*
* Tagged attributes are added to the hash with name
* <attribute>:<tag>, others just use the normal attribute
* name as the key.
*/
if (nvp->flags.has_tag && (nvp->flags.tag != 0)) {
snprintf(namebuf, sizeof(namebuf), "%s:%d",
nvp->name, nvp->flags.tag);
name = namebuf;
} else {
name = nvp->name;
}
/*
* Create a new list with all the attributes like this one
* which are in the same tag group.
*/
vpa = paircopy2(nvp, nvp->attribute, nvp->vendor, nvp->flags.tag);
/*
* Attribute has multiple values
*/
if (vpa->next) {
av = newAV();
for (vpn = vpa; vpn; vpn = vpn->next) {
len = vp_prints_value(buffer, sizeof(buffer), vpn, FALSE);
av_push(av, newSVpv(buffer, len));
}
(void)hv_store(rad_hv, name, strlen(name), newRV_noinc((SV *)av), 0);
/*
* Attribute has a single value, so its value just gets
* added to the hash.
*/
} else {
len = vp_prints_value(buffer, sizeof(buffer), vpa, FALSE);
(void)hv_store(rad_hv, name, strlen(name), newSVpv(buffer, len), 0);
}
pairfree(&vpa);
/*
* Find the next attribute which we won't have processed,
* we need to do this so we know it won't be freed on
* pairdelete.
*/
vpa = nvp->next;
while ((vpa != NULL) &&
(vpa->attribute == nvp->attribute) &&
(vpa->vendor == nvp->vendor) &&
(vpa->flags.tag == nvp->flags.tag)) {
vpa = vpa->next;
}
/*
* Finally remove all the VPs we processed from our copy
* of the list.
*/
pairdelete(&nvp, nvp->attribute, nvp->vendor, nvp->flags.tag);
nvp = vpa;
}
}
