/** Convert CONFIG_PAIR (which may contain refs) to value_pair_map_t.
*
* Treats the left operand as an attribute reference
* @verbatim<request>.<list>.<attribute>@endverbatim
*
* Treatment of left operand depends on quotation, barewords are treated as
* attribute references, double quoted values are treated as expandable strings,
* single quoted values are treated as literal strings.
*
* Return must be freed with talloc_free
*
* @param[in] ctx for talloc
* @param[in] cp to convert to map.
* @param[in] dst_request_def The default request to insert unqualified
* attributes into.
* @param[in] dst_list_def The default list to insert unqualified attributes
* into.
* @param[in] src_request_def The default request to resolve attribute
* references in.
* @param[in] src_list_def The default list to resolve unqualified attributes
* in.
* @return value_pair_map_t if successful or NULL on error.
*/
value_pair_map_t *radius_cp2map(TALLOC_CTX *ctx, CONF_PAIR *cp,
request_refs_t dst_request_def,
pair_lists_t dst_list_def,
request_refs_t src_request_def,
pair_lists_t src_list_def)
{
value_pair_map_t *map;
char const *attr;
char const *value;
FR_TOKEN type;
CONF_ITEM *ci = cf_pairtoitem(cp);
if (!cp) return NULL;
map = talloc_zero(ctx, value_pair_map_t);
map->op = cf_pair_operator(cp);
map->ci = ci;
attr = cf_pair_attr(cp);
value = cf_pair_value(cp);
if (!value) {
cf_log_err(ci, "Missing attribute value");
goto error;
}
/*
* LHS must always be an attribute reference.
*/
map->dst = radius_attr2tmpl(map, attr, dst_request_def, dst_list_def);
if (!map->dst) {
cf_log_err(ci, "Syntax error in attribute definition");
goto error;
}
/*
* RHS might be an attribute reference.
*/
type = cf_pair_value_type(cp);
map->src = radius_str2tmpl(map, value, type, src_request_def, src_list_def);
if (!map->src) {
goto error;
}
/*
* Anal-retentive checks.
*/
if (debug_flag > 2) {
if ((map->dst->type == VPT_TYPE_ATTR) && (*attr != '&')) {
WDEBUG("%s[%d]: Please change attribute reference to '&%s %s ...'",
cf_pair_filename(cp), cf_pair_lineno(cp),
attr, fr_int2str(fr_tokens, map->op, "<INVALID>"));
}
if ((map->src->type == VPT_TYPE_ATTR) && (*value != '&')) {
WDEBUG("%s[%d]: Please change attribute reference to '... %s &%s'",
cf_pair_filename(cp), cf_pair_lineno(cp),
fr_int2str(fr_tokens, map->op, "<INVALID>"), value);
}
}
/*
* Lots of sanity checks for insane people...
*/
/*
* We don't support implicit type conversion,
* except for "octets"
*/
if (map->dst->vpt_da && map->src->vpt_da &&
(map->src->vpt_da->type != map->dst->vpt_da->type) &&
(map->src->vpt_da->type != PW_TYPE_OCTETS) &&
(map->dst->vpt_da->type != PW_TYPE_OCTETS)) {
cf_log_err(ci, "Attribute type mismatch");
goto error;
}
/*
* What exactly where you expecting to happen here?
*/
if ((map->dst->type == VPT_TYPE_ATTR) &&
(map->src->type == VPT_TYPE_LIST)) {
cf_log_err(ci, "Can't copy list into an attribute");
goto error;
}
/*
* Depending on the attribute type, some operators are
* disallowed.
*/
if (map->dst->type == VPT_TYPE_ATTR) {
if ((map->op != T_OP_EQ) &&
(map->op != T_OP_CMP_EQ) &&
(map->op != T_OP_ADD) &&
(map->op != T_OP_SUB) &&
(map->op != T_OP_LE) &&
(map->op != T_OP_GE) &&
(map->op != T_OP_CMP_FALSE) &&
(map->op != T_OP_SET)) {
cf_log_err(ci, "Invalid operator for attribute");
goto error;
}
/*
* This will be an error in future versions of
* the server.
*/
if ((map->op == T_OP_CMP_FALSE) &&
((map->src->type != VPT_TYPE_LITERAL) ||
(strcmp(map->src->name, "ANY") != 0))) {
WDEBUG("%s[%d] Attribute deletion MUST use '!* ANY'",
cf_pair_filename(cp), cf_pair_lineno(cp));
}
}
if (map->dst->type == VPT_TYPE_LIST) {
/*
* Only += and :=, and !* operators are supported
* for lists.
*/
switch (map->op) {
case T_OP_CMP_FALSE:
if ((map->src->type != VPT_TYPE_LITERAL) ||
(strcmp(map->src->name, "ANY") != 0)) {
cf_log_err(ci, "List deletion MUST use '!* ANY'");
goto error;
}
break;
case T_OP_ADD:
if ((map->src->type != VPT_TYPE_LIST) &&
(map->src->type != VPT_TYPE_EXEC)) {
cf_log_err(ci, "Invalid source for list '+='");
goto error;
}
break;
case T_OP_SET:
if (map->src->type == VPT_TYPE_EXEC) {
WDEBUG("%s[%d] Please change ':=' to '=' for list assignment",
cf_pair_filename(cp), cf_pair_lineno(cp));
break;
}
if (map->src->type != VPT_TYPE_LIST) {
cf_log_err(ci, "Invalid source for ':=' operator");
goto error;
}
break;
case T_OP_EQ:
if (map->src->type != VPT_TYPE_EXEC) {
cf_log_err(ci, "Invalid source for '=' operator");
goto error;
}
break;
default:
cf_log_err(ci, "Operator \"%s\" not allowed for list assignment",
fr_int2str(fr_tokens, map->op, "<INVALID>"));
goto error;
}
}
return map;
error:
talloc_free(map);
return NULL;
}
/** Build a JSON object map from the configuration "map" section
*
* Parse the "map" section from the module configuration file and store this
* as a JSON object (key/value list) in the module instance. This map will be
* used to lookup and map attributes for all incoming accounting requests.
*
* @param conf Configuration section.
* @param instance The module instance.
* @return
* - 0 on success.
* - -1 on failure.
*/
int mod_build_attribute_element_map(CONF_SECTION *conf, void *instance)
{
rlm_couchbase_t *inst = instance; /* our module instance */
CONF_SECTION *cs; /* module config section */
CONF_ITEM *ci; /* config item */
CONF_PAIR *cp; /* conig pair */
const char *attribute, *element; /* attribute and element names */
/* find update section */
cs = cf_section_sub_find(conf, "update");
/* backwards compatibility */
if (!cs) {
cs = cf_section_sub_find(conf, "map");
WARN("rlm_couchbase: found deprecated 'map' section - please change to 'update'");
}
/* check section */
if (!cs) {
ERROR("rlm_couchbase: failed to find 'update' section in config");
/* fail */
return -1;
}
/* create attribute map object */
inst->map = json_object_new_object();
/* parse update section */
for (ci = cf_item_find_next(cs, NULL); ci != NULL; ci = cf_item_find_next(cs, ci)) {
/* validate item */
if (!cf_item_is_pair(ci)) {
ERROR("rlm_couchbase: failed to parse invalid item in 'update' section");
/* free map */
if (inst->map) {
json_object_put(inst->map);
}
/* fail */
return -1;
}
/* get value pair from item */
cp = cf_item_to_pair(ci);
/* get pair name (attribute name) */
attribute = cf_pair_attr(cp);
/* get pair value (element name) */
element = cf_pair_value(cp);
/* add pair name and value */
json_object_object_add(inst->map, attribute, json_object_new_string(element));
/* debugging */
DEBUG3("rlm_couchbase: added attribute '%s' to element '%s' mapping", attribute, element);
}
/* debugging */
DEBUG3("rlm_couchbase: built attribute to element mapping %s", json_object_to_json_string(inst->map));
/* return */
return 0;
}
/*
* Generic function for failing between a bunch of queries.
*
* Uses the same principle as rlm_linelog, expanding the 'reference' config
* item using xlat to figure out what query it should execute.
*
* If the reference matches multiple config items, and a query fails or
* doesn't update any rows, the next matching config item is used.
*
*/
static int rlm_sql_redundant(SQL_INST *inst, REQUEST *request,
rlm_sql_config_section_t *section)
{
int ret = RLM_MODULE_OK;
SQLSOCK *sqlsocket = NULL;
int sql_ret;
int numaffected = 0;
CONF_ITEM *item;
CONF_PAIR *pair;
const char *attr = NULL;
const char *value;
char path[MAX_STRING_LEN];
char querystr[MAX_QUERY_LEN];
char sqlusername[MAX_STRING_LEN];
char *p = path;
if (!section || !section->reference) {
RDEBUG("No configuration provided for this section");
return RLM_MODULE_NOOP;
}
if (section->reference[0] != '.')
*p++ = '.';
if (radius_xlat(p, (sizeof(path) - (p - path)) - 1,
section->reference, request, NULL, NULL) < 0)
return RLM_MODULE_FAIL;
item = cf_reference_item(NULL, section->cs, path);
if (!item)
return RLM_MODULE_FAIL;
if (cf_item_is_section(item)){
radlog(L_ERR, "Sections are not supported as references");
return RLM_MODULE_FAIL;
}
pair = cf_itemtopair(item);
attr = cf_pair_attr(pair);
RDEBUG2("Using query template '%s'", attr);
sqlsocket = sql_get_socket(inst);
if (sqlsocket == NULL)
return RLM_MODULE_FAIL;
sql_set_user(inst, request, sqlusername, NULL);
while (TRUE) {
value = cf_pair_value(pair);
if (!value) {
RDEBUG("Ignoring null query");
ret = RLM_MODULE_NOOP;
goto release;
}
radius_xlat(querystr, sizeof(querystr), value, request,
sql_escape_func, inst);
if (!*querystr) {
RDEBUG("Ignoring null query");
ret = RLM_MODULE_NOOP;
goto release;
}
rlm_sql_query_log(inst, request, section, querystr);
/*
* If rlm_sql_query cannot use the socket it'll try and
* reconnect. Reconnecting will automatically release
* the current socket, and try to select a new one.
*
* If we get SQL_DOWN it means all connections in the pool
* were exhausted, and we couldn't create a new connection,
* so we do not need to call sql_release_socket.
*/
sql_ret = rlm_sql_query(&sqlsocket, inst, querystr);
if (sql_ret == SQL_DOWN)
return RLM_MODULE_FAIL;
rad_assert(sqlsocket);
/*
* Assume all other errors are incidental, and just meant our
* operation failed and its not a client or SQL syntax error.
*/
if (sql_ret == 0) {
numaffected = (inst->module->sql_affected_rows)
(sqlsocket, inst->config);
if (numaffected > 0)
break;
RDEBUG("No records updated");
}
(inst->module->sql_finish_query)(sqlsocket, inst->config);
/*
* We assume all entries with the same name form a redundant
* set of queries.
*/
pair = cf_pair_find_next(section->cs, pair, attr);
if (!pair) {
RDEBUG("No additional queries configured");
ret = RLM_MODULE_NOOP;
goto release;
}
RDEBUG("Trying next query...");
}
(inst->module->sql_finish_query)(sqlsocket, inst->config);
release:
/* Remove the username we (maybe) added above */
pairdelete(&request->packet->vps, PW_SQL_USER_NAME, 0, -1);
sql_release_socket(inst, sqlsocket);
return ret;
}
/*
* Generic function for failing between a bunch of queries.
*
* Uses the same principle as rlm_linelog, expanding the 'reference' config
* item using xlat to figure out what query it should execute.
*
* If the reference matches multiple config items, and a query fails or
* doesn't update any rows, the next matching config item is used.
*
*/
static int acct_redundant(rlm_sql_t *inst, REQUEST *request, sql_acct_section_t *section)
{
rlm_rcode_t rcode = RLM_MODULE_OK;
rlm_sql_handle_t *handle = NULL;
int sql_ret;
int numaffected = 0;
CONF_ITEM *item;
CONF_PAIR *pair;
char const *attr = NULL;
char const *value;
char path[MAX_STRING_LEN];
char *p = path;
char *expanded = NULL;
rad_assert(section);
if (section->reference[0] != '.') {
*p++ = '.';
}
if (radius_xlat(p, sizeof(path) - (p - path), request, section->reference, NULL, NULL) < 0) {
rcode = RLM_MODULE_FAIL;
goto finish;
}
item = cf_reference_item(NULL, section->cs, path);
if (!item) {
rcode = RLM_MODULE_FAIL;
goto finish;
}
if (cf_item_is_section(item)){
REDEBUG("Sections are not supported as references");
rcode = RLM_MODULE_FAIL;
goto finish;
}
pair = cf_itemtopair(item);
attr = cf_pair_attr(pair);
RDEBUG2("Using query template '%s'", attr);
handle = sql_get_socket(inst);
if (!handle) {
rcode = RLM_MODULE_FAIL;
goto finish;
}
sql_set_user(inst, request, NULL);
while (true) {
value = cf_pair_value(pair);
if (!value) {
RDEBUG("Ignoring null query");
rcode = RLM_MODULE_NOOP;
goto finish;
}
if (radius_axlat(&expanded, request, value, sql_escape_func, inst) < 0) {
rcode = RLM_MODULE_FAIL;
goto finish;
}
if (!*expanded) {
RDEBUG("Ignoring null query");
rcode = RLM_MODULE_NOOP;
talloc_free(expanded);
goto finish;
}
rlm_sql_query_log(inst, request, section, expanded);
/*
* If rlm_sql_query cannot use the socket it'll try and
* reconnect. Reconnecting will automatically release
* the current socket, and try to select a new one.
*
* If we get RLM_SQL_RECONNECT it means all connections in the pool
* were exhausted, and we couldn't create a new connection,
* so we do not need to call sql_release_socket.
*/
sql_ret = rlm_sql_query(&handle, inst, expanded);
TALLOC_FREE(expanded);
if (sql_ret == RLM_SQL_RECONNECT) {
rcode = RLM_MODULE_FAIL;
goto finish;
}
rad_assert(handle);
/*
* Assume all other errors are incidental, and just meant our
* operation failed and its not a client or SQL syntax error.
*/
if (sql_ret == 0) {
numaffected = (inst->module->sql_affected_rows)(handle, inst->config);
if (numaffected > 0) {
break;
}
RDEBUG("No records updated");
}
(inst->module->sql_finish_query)(handle, inst->config);
/*
* We assume all entries with the same name form a redundant
* set of queries.
*/
pair = cf_pair_find_next(section->cs, pair, attr);
if (!pair) {
RDEBUG("No additional queries configured");
rcode = RLM_MODULE_NOOP;
goto finish;
}
RDEBUG("Trying next query...");
}
(inst->module->sql_finish_query)(handle, inst->config);
finish:
talloc_free(expanded);
sql_release_socket(inst, handle);
return rcode;
}
/*
* (Re-)read radiusd.conf into memory.
*/
static int mod_instantiate(CONF_SECTION *conf, void *instance)
{
detail_instance_t *inst = instance;
CONF_SECTION *cs;
inst->name = cf_section_name2(conf);
if (!inst->name) {
inst->name = cf_section_name1(conf);
}
inst->lf= fr_logfile_init(inst);
if (!inst->lf) {
cf_log_err_cs(conf, "Failed creating log file context");
return -1;
}
/*
* Suppress certain attributes.
*/
cs = cf_section_sub_find(conf, "suppress");
if (cs) {
CONF_ITEM *ci;
inst->ht = fr_hash_table_create(detail_hash, detail_cmp, NULL);
for (ci = cf_item_find_next(cs, NULL);
ci != NULL;
ci = cf_item_find_next(cs, ci)) {
char const *attr;
DICT_ATTR const *da;
if (!cf_item_is_pair(ci)) continue;
attr = cf_pair_attr(cf_itemtopair(ci));
if (!attr) continue; /* pair-anoia */
da = dict_attrbyname(attr);
if (!da) {
cf_log_err_cs(conf, "No such attribute '%s'", attr);
return -1;
}
/*
* Be kind to minor mistakes.
*/
if (fr_hash_table_finddata(inst->ht, da)) {
WARN("rlm_detail (%s): Ignoring duplicate entry '%s'", inst->name, attr);
continue;
}
if (!fr_hash_table_insert(inst->ht, da)) {
ERROR("rlm_detail (%s): Failed inserting '%s' into suppression table",
inst->name, attr);
return -1;
}
DEBUG("rlm_detail (%s): '%s' suppressed, will not appear in detail output", inst->name, attr);
}
/*
* If we didn't suppress anything, delete the hash table.
*/
if (fr_hash_table_num_elements(inst->ht) == 0) {
fr_hash_table_free(inst->ht);
inst->ht = NULL;
}
}
return 0;
}
/*
* Parse a configuration section, and populate a HV.
* This function is recursively called (allows to have nested hashes.)
*/
static void perl_parse_config(CONF_SECTION *cs, int lvl, HV *rad_hv)
{
if (!cs || !rad_hv) return;
int indent_section = (lvl + 1) * 4;
int indent_item = (lvl + 2) * 4;
DEBUG("%*s%s {", indent_section, " ", cf_section_name1(cs));
CONF_ITEM *ci;
for (ci = cf_item_find_next(cs, NULL);
ci;
ci = cf_item_find_next(cs, ci)) {
/*
* This is a section.
* Create a new HV, store it as a reference in current HV,
* Then recursively call perl_parse_config with this section and the new HV.
*/
if (cf_item_is_section(ci)) {
CONF_SECTION *sub_cs = cf_itemtosection(ci);
char const *key = cf_section_name1(sub_cs); /* hash key */
HV *sub_hv;
SV *ref;
if (!key) continue;
if (hv_exists(rad_hv, key, strlen(key))) {
WARN("rlm_perl: Ignoring duplicate config section '%s'", key);
continue;
}
sub_hv = newHV();
ref = newRV_inc((SV*) sub_hv);
(void)hv_store(rad_hv, key, strlen(key), ref, 0);
perl_parse_config(sub_cs, lvl + 1, sub_hv);
} else if (cf_item_is_pair(ci)){
CONF_PAIR *cp = cf_itemtopair(ci);
char const *key = cf_pair_attr(cp); /* hash key */
char const *value = cf_pair_value(cp); /* hash value */
if (!key || !value) continue;
/*
* This is an item.
* Store item attr / value in current HV.
*/
if (hv_exists(rad_hv, key, strlen(key))) {
WARN("rlm_perl: Ignoring duplicate config item '%s'", key);
continue;
}
(void)hv_store(rad_hv, key, strlen(key), newSVpvn(value, strlen(value)), 0);
DEBUG("%*s%s = %s", indent_item, " ", key, value);
}
}
DEBUG("%*s}", indent_section, " ");
}
/** Create a client CONF_SECTION using a mapping section to map values from a result set to client attributes
*
* If we hit a CONF_SECTION we recurse and process its CONF_PAIRS too.
*
* @note Caller should free CONF_SECTION passed in as out, on error.
* Contents of that section will be in an undefined state.
*
* @param[in,out] out Section to perform mapping on. Either the root of the client config, or a parent section
* (when this function is called recursively).
* Should be alloced with cf_section_alloc, or if there's a separate template section, the
* result of calling cf_section_dup on that section.
* @param[in] map section.
* @param[in] func to call to retrieve CONF_PAIR values. Must return a talloced buffer containing the value.
* @param[in] data to pass to func, usually a result pointer.
* @return
* - 0 on success.
* - -1 on failure.
*/
int client_map_section(CONF_SECTION *out, CONF_SECTION const *map, client_value_cb_t func, void *data)
{
CONF_ITEM const *ci;
for (ci = cf_item_find_next(map, NULL);
ci != NULL;
ci = cf_item_find_next(map, ci)) {
CONF_PAIR const *cp;
CONF_PAIR *old;
char *value;
char const *attr;
/*
* Recursively process map subsection
*/
if (cf_item_is_section(ci)) {
CONF_SECTION *cs, *cc;
cs = cf_item_to_section(ci);
/*
* Use pre-existing section or alloc a new one
*/
cc = cf_section_sub_find_name2(out, cf_section_name1(cs), cf_section_name2(cs));
if (!cc) {
cc = cf_section_alloc(out, cf_section_name1(cs), cf_section_name2(cs));
cf_section_add(out, cc);
if (!cc) return -1;
}
if (client_map_section(cc, cs, func, data) < 0) return -1;
continue;
}
cp = cf_item_to_pair(ci);
attr = cf_pair_attr(cp);
/*
* The callback can return 0 (success) and not provide a value
* in which case we skip the mapping pair.
*
* Or return -1 in which case we error out.
*/
if (func(&value, cp, data) < 0) {
cf_log_err_cs(out, "Failed performing mapping \"%s\" = \"%s\"", attr, cf_pair_value(cp));
return -1;
}
if (!value) continue;
/*
* Replace an existing CONF_PAIR
*/
old = cf_pair_find(out, attr);
if (old) {
cf_pair_replace(out, old, value);
talloc_free(value);
continue;
}
/*
* ...or add a new CONF_PAIR
*/
cp = cf_pair_alloc(out, attr, value, T_OP_SET, T_BARE_WORD, T_SINGLE_QUOTED_STRING);
if (!cp) {
cf_log_err_cs(out, "Failed allocing pair \"%s\" = \"%s\"", attr, value);
talloc_free(value);
return -1;
}
talloc_free(value);
cf_item_add(out, cf_pair_to_item(cp));
}
return 0;
}
/** Convert an 'update' config section into an attribute map.
*
* Uses 'name2' of section to set default request and lists.
* Copied from map_afrom_cs, except that list assignments can have the RHS
* be a bare word.
*
* @param[in] cs the update section
* @param[out] out Where to store the head of the map.
* @param[in] dst_list_def The default destination list, usually dictated by
* the section the module is being called in.
* @param[in] src_list_def The default source list, usually dictated by the
* section the module is being called in.
* @param[in] max number of mappings to process.
* @return -1 on error, else 0.
*/
static int ldap_map_afrom_cs(value_pair_map_t **out, CONF_SECTION *cs, pair_lists_t dst_list_def, pair_lists_t src_list_def,
unsigned int max)
{
char const *cs_list, *p;
request_refs_t request_def = REQUEST_CURRENT;
CONF_ITEM *ci;
unsigned int total = 0;
value_pair_map_t **tail, *map;
TALLOC_CTX *ctx;
*out = NULL;
tail = out;
if (!cs) return 0;
/*
* The first map has cs as the parent.
* The rest have the previous map as the parent.
*/
ctx = cs;
ci = cf_sectiontoitem(cs);
cs_list = p = cf_section_name2(cs);
if (cs_list) {
request_def = radius_request_name(&p, REQUEST_CURRENT);
if (request_def == REQUEST_UNKNOWN) {
cf_log_err(ci, "Default request specified "
"in mapping section is invalid");
return -1;
}
dst_list_def = fr_str2int(pair_lists, p, PAIR_LIST_UNKNOWN);
if (dst_list_def == PAIR_LIST_UNKNOWN) {
cf_log_err(ci, "Default list \"%s\" specified "
"in mapping section is invalid", p);
return -1;
}
}
for (ci = cf_item_find_next(cs, NULL);
ci != NULL;
ci = cf_item_find_next(cs, ci)) {
char const *attr;
FR_TOKEN type;
CONF_PAIR *cp;
cp = cf_itemtopair(ci);
type = cf_pair_value_type(cp);
if (total++ == max) {
cf_log_err(ci, "Map size exceeded");
goto error;
}
if (!cf_item_is_pair(ci)) {
cf_log_err(ci, "Entry is not in \"attribute = value\" format");
goto error;
}
cp = cf_itemtopair(ci);
/*
* Look for "list: OP BARE_WORD". If it exists,
* we can make the RHS a bare word. Otherwise,
* just call map_afrom_cp()
*
* Otherwise, the map functions check the RHS of
* list assignments, and complain that the RHS
* isn't another list.
*/
attr = cf_pair_attr(cp);
p = strrchr(attr, ':');
if (!p || (p[1] != '\0') || (type == T_DOUBLE_QUOTED_STRING)) {
if (map_afrom_cp(ctx, &map, cp, request_def, dst_list_def, REQUEST_CURRENT, src_list_def) < 0) {
goto error;
}
} else {
ssize_t slen;
char const *value;
map = talloc_zero(ctx, value_pair_map_t);
map->op = cf_pair_operator(cp);
map->ci = cf_pairtoitem(cp);
slen = tmpl_afrom_attr_str(ctx, &map->lhs, attr, request_def, dst_list_def);
if (slen <= 0) {
char *spaces, *text;
fr_canonicalize_error(ctx, &spaces, &text, slen, attr);
cf_log_err(ci, "Failed parsing list reference");
cf_log_err(ci, "%s", text);
cf_log_err(ci, "%s^ %s", spaces, fr_strerror());
talloc_free(spaces);
talloc_free(text);
goto error;
}
if (map->lhs->type != TMPL_TYPE_LIST) {
cf_log_err(map->ci, "Invalid list name");
goto error;
}
if (map->op != T_OP_ADD) {
cf_log_err(map->ci, "Only '+=' operator is permitted for valuepair to list mapping");
goto error;
}
value = cf_pair_value(cp);
if (!value) {
cf_log_err(map->ci, "No value specified for list assignment");
goto error;
}
/*
* the RHS type is a bare word or single
* quoted string. We don't want it being
* interpreted as a list or attribute
* reference, so we force the RHS to be a
* literal.
*/
slen = tmpl_afrom_str(ctx, &map->rhs, value, T_SINGLE_QUOTED_STRING, request_def, dst_list_def);
if (slen <= 0) {
char *spaces, *text;
fr_canonicalize_error(ctx, &spaces, &text, slen, value);
cf_log_err(ci, "Failed parsing string");
cf_log_err(ci, "%s", text);
cf_log_err(ci, "%s^ %s", spaces, fr_strerror());
talloc_free(spaces);
talloc_free(text);
goto error;
}
/*
* And unlike map_afrom_cp(), we do NOT
* try to parse the RHS as a list
* reference. It's a literal, and we
* leave it as a literal.
*/
rad_assert(map->rhs->type == TMPL_TYPE_LITERAL);
}
ctx = *tail = map;
tail = &(map->next);
}
return 0;
error:
TALLOC_FREE(*out);
return -1;
}
