/** Return a VP from the specified request.
*
* @param out where to write the pointer to the resolved VP.
* Will be NULL if the attribute couldn't be resolved.
* @param request current request.
* @param name attribute name including qualifiers.
* @return -4 if either the attribute or qualifier were invalid, and the same error codes as tmpl_find_vp for other
* error conditions.
*/
int radius_get_vp(VALUE_PAIR **out, REQUEST *request, char const *name)
{
value_pair_tmpl_t vpt;
*out = NULL;
if (tmpl_from_attr_str(&vpt, name, REQUEST_CURRENT, PAIR_LIST_REQUEST) < 0) {
return -4;
}
return tmpl_find_vp(out, request, &vpt);
}
/** Expand the RHS of a template
*
* @note Length of expanded string can be found with talloc_array_length(*out) - 1
*
* @param out where to write a pointer to the newly allocated buffer.
* @param request Current request.
* @param vpt to evaluate.
* @return -1 on error, else 0.
*/
int radius_expand_tmpl(char **out, REQUEST *request, value_pair_tmpl_t const *vpt)
{
VALUE_PAIR *vp;
*out = NULL;
rad_assert(vpt->type != TMPL_TYPE_LIST);
switch (vpt->type) {
case TMPL_TYPE_LITERAL:
EVAL_DEBUG("TMPL LITERAL");
*out = talloc_typed_strdup(request, vpt->name);
break;
case TMPL_TYPE_EXEC:
EVAL_DEBUG("TMPL EXEC");
*out = talloc_array(request, char, 1024);
if (radius_exec_program(request, vpt->name, true, false, *out, 1024, EXEC_TIMEOUT, NULL, NULL) != 0) {
TALLOC_FREE(*out);
return -1;
}
break;
case TMPL_TYPE_REGEX:
EVAL_DEBUG("TMPL REGEX");
/* Error in expansion, this is distinct from zero length expansion */
if (radius_axlat(out, request, vpt->name, NULL, NULL) < 0) {
rad_assert(!*out);
return -1;
}
break;
case TMPL_TYPE_XLAT:
EVAL_DEBUG("TMPL XLAT");
/* Error in expansion, this is distinct from zero length expansion */
if (radius_axlat(out, request, vpt->name, NULL, NULL) < 0) {
rad_assert(!*out);
return -1;
}
break;
case TMPL_TYPE_XLAT_STRUCT:
EVAL_DEBUG("TMPL XLAT_STRUCT");
/* Error in expansion, this is distinct from zero length expansion */
if (radius_axlat_struct(out, request, vpt->tmpl_xlat, NULL, NULL) < 0) {
rad_assert(!*out);
return -1;
}
RDEBUG2("EXPAND %s", vpt->name); /* xlat_struct doesn't do this */
RDEBUG2(" --> %s", *out);
break;
case TMPL_TYPE_ATTR:
{
int ret;
EVAL_DEBUG("TMPL ATTR");
ret = tmpl_find_vp(&vp, request, vpt);
if (ret < 0) return -2;
*out = vp_aprint_value(request, vp, false);
if (!*out) return -1;
}
break;
case TMPL_TYPE_DATA:
case TMPL_TYPE_REGEX_STRUCT:
rad_assert(0 == 1);
/* FALL-THROUGH */
default:
break;
}
EVAL_DEBUG("Expand tmpl --> %s", *out);
return 0;
}
/** Evaluate a map
*
* @param[in] request the REQUEST
* @param[in] modreturn the previous module return code
* @param[in] depth of the recursion (only used for debugging)
* @param[in] c the condition to evaluate
* @return -1 on error, 0 for "no match", 1 for "match".
*/
int radius_evaluate_map(REQUEST *request, UNUSED int modreturn, UNUSED int depth,
fr_cond_t const *c)
{
int rcode;
char *lhs, *rhs;
value_pair_map_t *map;
rad_assert(c->type == COND_TYPE_MAP);
map = c->data.map;
rad_assert(map->dst->type != TMPL_TYPE_UNKNOWN);
rad_assert(map->src->type != TMPL_TYPE_UNKNOWN);
rad_assert(map->dst->type != TMPL_TYPE_LIST);
rad_assert(map->src->type != TMPL_TYPE_LIST);
rad_assert(map->dst->type != TMPL_TYPE_REGEX);
rad_assert(map->dst->type != TMPL_TYPE_REGEX_STRUCT);
EVAL_DEBUG("MAP TYPES LHS: %s, RHS: %s",
fr_int2str(template_names, map->dst->type, "???"),
fr_int2str(template_names, map->src->type, "???"));
/*
* Verify regexes.
*/
if ((map->src->type == TMPL_TYPE_REGEX) ||
(map->src->type == TMPL_TYPE_REGEX_STRUCT)) {
rad_assert(map->op == T_OP_REG_EQ);
} else {
rad_assert(!((map->op == T_OP_REG_EQ) || (map->op == T_OP_REG_NE)));
}
/*
* They're both attributes. Do attribute-specific work.
*
* LHS is DST. RHS is SRC <sigh>
*/
if (!c->cast && (map->src->type == TMPL_TYPE_ATTR) && (map->dst->type == TMPL_TYPE_ATTR)) {
VALUE_PAIR *lhs_vp, *rhs_vp, *cast_vp;
EVAL_DEBUG("ATTR to ATTR");
if ((tmpl_find_vp(&lhs_vp, request, map->dst) < 0) ||
(tmpl_find_vp(&rhs_vp, request, map->src) < 0)) return -1;
if (map->dst->tmpl_da->type == map->src->tmpl_da->type) {
return paircmp_op(lhs_vp, map->op, rhs_vp);
}
/*
* Compare a large integer (lhs) to a small integer (rhs).
* We allow this without a cast.
*/
rad_assert((map->dst->tmpl_da->type == PW_TYPE_INTEGER64) ||
(map->dst->tmpl_da->type == PW_TYPE_INTEGER) ||
(map->dst->tmpl_da->type == PW_TYPE_SHORT));
rad_assert((map->src->tmpl_da->type == PW_TYPE_INTEGER) ||
(map->src->tmpl_da->type == PW_TYPE_SHORT) ||
(map->src->tmpl_da->type == PW_TYPE_BYTE));
cast_vp = pairalloc(request, lhs_vp->da);
if (!cast_vp) return false;
/*
* Copy the RHS to the casted type.
*/
if (do_cast_copy(cast_vp, rhs_vp) < 0) {
talloc_free(cast_vp);
return false;
}
rcode = paircmp_op(lhs_vp, map->op, cast_vp);
talloc_free(cast_vp);
return rcode;
}
/*
* LHS is a cast. Do type-specific comparisons, as if
* the LHS was a real attribute.
*/
if (c->cast) {
VALUE_PAIR *lhs_vp, *rhs_vp;
/*
* Try to copy data from the VP which is being
* casted, instead of printing it to a string and
* then re-parsing it.
*/
if (map->dst->type == TMPL_TYPE_ATTR) {
VALUE_PAIR *cast_vp;
if (tmpl_find_vp(&cast_vp, request, map->dst) < 0) return false;
lhs_vp = pairalloc(request, c->cast);
if (!lhs_vp) return -1;
/*
* In a separate function for clarity
*/
if (do_cast_copy(lhs_vp, cast_vp) < 0) {
talloc_free(lhs_vp);
return -1;
}
} else {
rcode = tmpl_cast_to_vp(&lhs_vp, request, map->dst, c->cast);
if (rcode < 0) {
return rcode;
}
}
rad_assert(lhs_vp);
/*
* Get either a real VP, or parse the RHS into a
* VP, and return that.
*/
if (map->src->type == TMPL_TYPE_ATTR) {
if (tmpl_find_vp(&rhs_vp, request, map->src) < 0) {
return -2;
}
} else {
rcode = tmpl_cast_to_vp(&rhs_vp, request, map->src, c->cast);
if (rcode < 0) {
return rcode;
}
rad_assert(rhs_vp);
}
if (!rhs_vp) return -2;
EVAL_DEBUG("CAST to %s",
fr_int2str(dict_attr_types,
c->cast->type, "?Unknown?"));
rcode = paircmp_op(lhs_vp, map->op, rhs_vp);
pairfree(&lhs_vp);
if (map->src->type != TMPL_TYPE_ATTR) {
pairfree(&rhs_vp);
}
return rcode;
}
/*
* Might be a virtual comparison
*/
if ((map->dst->type == TMPL_TYPE_ATTR) &&
(map->src->type != TMPL_TYPE_REGEX) &&
(map->src->type != TMPL_TYPE_REGEX_STRUCT) &&
(c->pass2_fixup == PASS2_PAIRCOMPARE)) {
int ret;
VALUE_PAIR *lhs_vp;
EVAL_DEBUG("virtual ATTR to DATA");
rcode = tmpl_cast_to_vp(&lhs_vp, request, map->src, map->dst->tmpl_da);
if (rcode < 0) return rcode;
rad_assert(lhs_vp);
/*
* paircompare requires the operator be set for the
* check attribute.
*/
lhs_vp->op = map->op;
ret = paircompare(request, request->packet->vps, lhs_vp, NULL);
talloc_free(lhs_vp);
if (ret == 0) {
return true;
}
return false;
}
rad_assert(c->pass2_fixup != PASS2_PAIRCOMPARE);
/*
* RHS has been pre-parsed into binary data. Go check
* that.
*/
if ((map->dst->type == TMPL_TYPE_ATTR) &&
(map->src->type == TMPL_TYPE_DATA)) {
VALUE_PAIR *lhs_vp, *rhs_vp;
EVAL_DEBUG("ATTR to DATA");
if (tmpl_find_vp(&lhs_vp, request, map->dst) < 0) return -2;
rcode = tmpl_cast_to_vp(&rhs_vp, request, map->src, map->dst->tmpl_da);
if (rcode < 0) return rcode;
rad_assert(rhs_vp);
#ifdef WITH_EVAL_DEBUG
debug_pair(lhs_vp);
debug_pair(rhs_vp);
#endif
rcode = paircmp_op(lhs_vp, map->op, rhs_vp);
pairfree(&rhs_vp);
return rcode;
}
rad_assert(map->src->type != TMPL_TYPE_DATA);
rad_assert(map->dst->type != TMPL_TYPE_DATA);
#ifdef HAVE_REGEX_H
/*
* Parse regular expressions.
*/
if ((map->src->type == TMPL_TYPE_REGEX) ||
(map->src->type == TMPL_TYPE_REGEX_STRUCT)) {
return do_regex(request, map);
}
#endif
/*
* The RHS now needs to be expanded into a string.
*/
rcode = radius_expand_tmpl(&rhs, request, map->src);
if (rcode < 0) {
EVAL_DEBUG("FAIL %d", __LINE__);
return rcode;
}
rad_assert(rhs != NULL);
/*
* User-Name == FOO
*
* Parse the RHS to be the same DA as the LHS. do
* comparisons. So long as it's not a regex, which does
* string comparisons.
*
* The LHS may be a virtual attribute, too.
*/
if (map->dst->type == TMPL_TYPE_ATTR) {
VALUE_PAIR *lhs_vp, *rhs_vp;
EVAL_DEBUG("ATTR to non-REGEX");
/*
* No LHS means no match
*/
if (tmpl_find_vp(&lhs_vp, request, map->dst) < 0) {
/*
* Not a real attr: might be a dynamic comparison.
*/
if ((map->dst->type == TMPL_TYPE_ATTR) &&
(map->dst->tmpl_da->vendor == 0) &&
radius_find_compare(map->dst->tmpl_da)) {
rhs_vp = pairalloc(request, map->dst->tmpl_da);
rad_assert(rhs_vp != NULL);
if (pairparsevalue(rhs_vp, rhs, 0) < 0) {
talloc_free(rhs);
EVAL_DEBUG("FAIL %d", __LINE__);
return -1;
}
talloc_free(rhs);
rcode = (radius_callback_compare(request, NULL, rhs_vp, NULL, NULL) == 0);
pairfree(&rhs_vp);
return rcode;
}
return -2;
}
/*
* Get VP for RHS
*/
rhs_vp = pairalloc(request, map->dst->tmpl_da);
rad_assert(rhs_vp != NULL);
if (pairparsevalue(rhs_vp, rhs, 0) < 0) {
talloc_free(rhs);
pairfree(&rhs_vp);
EVAL_DEBUG("FAIL %d", __LINE__);
return -1;
}
rcode = paircmp_op(lhs_vp, map->op, rhs_vp);
talloc_free(rhs);
pairfree(&rhs_vp);
return rcode;
}
/*
* The LHS is a string. Expand it.
*/
rcode = radius_expand_tmpl(&lhs, request, map->dst);
if (rcode < 0) {
EVAL_DEBUG("FAIL %d", __LINE__);
return rcode;
}
rad_assert(lhs != NULL);
EVAL_DEBUG("LHS is %s", lhs);
/*
* Loop over the string, doing comparisons
*/
if (all_digits(lhs) && all_digits(rhs)) {
int lint, rint;
lint = strtoul(lhs, NULL, 0);
rint = strtoul(rhs, NULL, 0);
talloc_free(lhs);
talloc_free(rhs);
switch (map->op) {
case T_OP_CMP_EQ:
return (lint == rint);
case T_OP_NE:
return (lint != rint);
case T_OP_LT:
return (lint < rint);
case T_OP_GT:
return (lint > rint);
case T_OP_LE:
return (lint <= rint);
case T_OP_GE:
return (lint >= rint);
default:
break;
}
} else {
rad_assert(lhs != NULL);
rad_assert(rhs != NULL);
rcode = strcmp(lhs, rhs);
talloc_free(lhs);
talloc_free(rhs);
switch (map->op) {
case T_OP_CMP_EQ:
return (rcode == 0);
case T_OP_NE:
return (rcode != 0);
case T_OP_LT:
return (rcode < 0);
case T_OP_GT:
return (rcode > 0);
case T_OP_LE:
return (rcode <= 0);
case T_OP_GE:
return (rcode >= 0);
default:
break;
}
}
EVAL_DEBUG("FAIL %d", __LINE__);
return -1;
}
/** Evaluate a template
*
* @param[in] request the REQUEST
* @param[in] modreturn the previous module return code
* @param[in] depth of the recursion (only used for debugging)
* @param[in] vpt the template to evaluate
* @return -1 on error, 0 for "no match", 1 for "match".
*/
int radius_evaluate_tmpl(REQUEST *request, int modreturn, UNUSED int depth,
value_pair_tmpl_t const *vpt)
{
int rcode;
int modcode;
char *buffer;
switch (vpt->type) {
case TMPL_TYPE_LITERAL:
modcode = fr_str2int(modreturn_table, vpt->name, RLM_MODULE_UNKNOWN);
if (modcode != RLM_MODULE_UNKNOWN) {
rcode = (modcode == modreturn);
break;
}
/*
* Else it's a literal string. Empty string is
* false, non-empty string is true.
*
* @todo: Maybe also check for digits?
*
* The VPT *doesn't* have a "bare word" type,
* which arguably it should.
*/
rcode = (vpt->name != '\0');
break;
case TMPL_TYPE_ATTR:
case TMPL_TYPE_LIST:
if (tmpl_find_vp(NULL, request, vpt) == 0) {
rcode = true;
} else {
rcode = false;
}
break;
case TMPL_TYPE_XLAT_STRUCT:
case TMPL_TYPE_XLAT:
case TMPL_TYPE_EXEC:
if (!*vpt->name) return false;
rcode = radius_expand_tmpl(&buffer, request, vpt);
if (rcode < 0) {
EVAL_DEBUG("FAIL %d", __LINE__);
return -1;
}
rcode = (buffer && (*buffer != '\0'));
talloc_free(buffer);
break;
/*
* Can't have a bare ... (/foo/) ...
*/
case TMPL_TYPE_REGEX:
case TMPL_TYPE_REGEX_STRUCT:
rad_assert(0 == 1);
/* FALL-THROUGH */
default:
EVAL_DEBUG("FAIL %d", __LINE__);
rcode = -1;
break;
}
return rcode;
}
/*
* A lie! It always returns!
*/
static rlm_rcode_t sometimes_return(void const *instance, REQUEST *request, RADIUS_PACKET *packet, RADIUS_PACKET *reply)
{
uint32_t hash;
uint32_t value;
rlm_sometimes_t const *inst = instance;
VALUE_PAIR *vp;
/*
* Set it to NOOP and the module will always do nothing
*/
if (inst->rcode == RLM_MODULE_NOOP) return inst->rcode;
/*
* Hash based on the given key. Usually User-Name.
*/
tmpl_find_vp(&vp, request, inst->key);
if (!vp) return RLM_MODULE_NOOP;
switch (vp->vp_type) {
case FR_TYPE_OCTETS:
case FR_TYPE_STRING:
hash = fr_hash(vp->data.datum.ptr, vp->vp_length);
break;
case FR_TYPE_ABINARY:
hash = fr_hash(vp->vp_filter, vp->vp_length);
break;
case FR_TYPE_STRUCTURAL:
return RLM_MODULE_FAIL;
default:
hash = fr_hash(&vp->data.datum, fr_value_box_field_sizes[vp->vp_type]);
break;
}
hash &= 0xff; /* ensure it's 0..255 */
value = hash;
/*
* Ranges are INCLUSIVE.
* [start,end] returns "rcode"
* Everything else returns "noop"
*/
if (value < inst->start) return RLM_MODULE_NOOP;
if (value > inst->end) return RLM_MODULE_NOOP;
/*
* If we're returning "handled", then set the packet
* code in the reply, so that the server responds.
*/
if ((inst->rcode == RLM_MODULE_HANDLED) && reply) {
switch (packet->code) {
case FR_CODE_ACCESS_REQUEST:
reply->code = FR_CODE_ACCESS_ACCEPT;
break;
case FR_CODE_ACCOUNTING_REQUEST:
reply->code = FR_CODE_ACCOUNTING_RESPONSE;
break;
case FR_CODE_COA_REQUEST:
reply->code = FR_CODE_COA_ACK;
break;
case FR_CODE_DISCONNECT_REQUEST:
reply->code = FR_CODE_DISCONNECT_ACK;
break;
default:
break;
}
}
return inst->rcode;
}
