2 * conffile.c Read the radiusd.conf file.
4 * Yep I should learn to use lex & yacc, or at least
5 * write a decent parser. I know how to do that, really :)
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
24 * Copyright 2000,2006 The FreeRADIUS server project
25 * Copyright 2000 Miquel van Smoorenburg <miquels@cistron.nl>
26 * Copyright 2000 Alan DeKok <aland@ox.org>
31 #include <freeradius-devel/radiusd.h>
32 #include <freeradius-devel/parser.h>
33 #include <freeradius-devel/rad_assert.h>
39 #ifdef HAVE_SYS_STAT_H
45 typedef enum conf_property {
46 CONF_PROPERTY_INVALID = 0,
48 CONF_PROPERTY_INSTANCE,
51 const FR_NAME_NUMBER conf_property_name[] = {
52 { "name", CONF_PROPERTY_NAME},
53 { "instance", CONF_PROPERTY_INSTANCE},
58 typedef enum conf_type {
59 CONF_ITEM_INVALID = 0,
66 struct conf_item *next; //!< Sibling.
67 struct conf_part *parent; //!< Parent.
68 int lineno; //!< The line number the config item began on.
69 char const *filename; //!< The file the config item was parsed from.
70 CONF_ITEM_TYPE type; //!< Whether the config item is a config_pair, conf_section or conf_data.
73 /** Configuration AVP similar to a VALUE_PAIR
78 char const *attr; //!< Attribute name
79 char const *value; //!< Attribute value
80 FR_TOKEN op; //!< Operator e.g. =, :=
81 FR_TOKEN value_type; //!< Quoting style T_(DOUBLE|SINGLE|BACK)_QUOTE_STRING or T_BARE_WORD.
84 /** Internal data that is associated with a configuration section
91 void *data; //!< User data
92 void (*free)(void *); //!< Free user data function
102 CONF_ITEM *tail; //!< For speed.
103 CONF_SECTION *template;
105 rbtree_t *pair_tree; //!< and a partridge..
106 rbtree_t *section_tree; //!< no jokes here.
107 rbtree_t *name2_tree; //!< for sections of the same name2
113 CONF_PARSER const *variables;
116 CONF_SECTION *root_config = NULL;
117 bool cf_new_escape = false;
120 static int cf_data_add_internal(CONF_SECTION *cs, char const *name, void *data,
121 void (*data_free)(void *), int flag);
123 static void *cf_data_find_internal(CONF_SECTION const *cs, char const *name, int flag);
125 static char const *cf_expand_variables(char const *cf, int *lineno,
126 CONF_SECTION *outercs,
127 char *output, size_t outsize,
130 static CONF_SECTION *cf_template_copy(CONF_SECTION *parent, CONF_SECTION const *template);
133 * Isolate the scary casts in these tiny provably-safe functions
136 /** Cast a CONF_ITEM to a CONF_PAIR
139 CONF_PAIR *cf_itemtopair(CONF_ITEM const *ci)
143 if (ci == NULL) return NULL;
145 rad_assert(ci->type == CONF_ITEM_PAIR);
147 memcpy(&out, &ci, sizeof(out));
151 /** Cast a CONF_ITEM to a CONF_SECTION
154 CONF_SECTION *cf_itemtosection(CONF_ITEM const *ci)
158 if (ci == NULL) return NULL;
160 rad_assert(ci->type == CONF_ITEM_SECTION);
162 memcpy(&out, &ci, sizeof(out));
166 /** Cast a CONF_PAIR to a CONF_ITEM
169 CONF_ITEM *cf_pairtoitem(CONF_PAIR const *cp)
173 if (cp == NULL) return NULL;
175 memcpy(&out, &cp, sizeof(out));
179 /** Cast a CONF_SECTION to a CONF_ITEM
182 CONF_ITEM *cf_sectiontoitem(CONF_SECTION const *cs)
186 if (cs == NULL) return NULL;
188 memcpy(&out, &cs, sizeof(out));
192 /** Cast CONF_DATA to a CONF_ITEM
195 static CONF_ITEM *cf_datatoitem(CONF_DATA const *cd)
203 memcpy(&out, &cd, sizeof(out));
207 static int _cf_data_free(CONF_DATA *cd)
209 if (cd->free) cd->free(cd->data);
215 * rbtree callback function
217 static int pair_cmp(void const *a, void const *b)
219 CONF_PAIR const *one = a;
220 CONF_PAIR const *two = b;
222 return strcmp(one->attr, two->attr);
227 * rbtree callback function
229 static int section_cmp(void const *a, void const *b)
231 CONF_SECTION const *one = a;
232 CONF_SECTION const *two = b;
234 return strcmp(one->name1, two->name1);
239 * rbtree callback function
241 static int name2_cmp(void const *a, void const *b)
243 CONF_SECTION const *one = a;
244 CONF_SECTION const *two = b;
246 rad_assert(strcmp(one->name1, two->name1) == 0);
248 if (!one->name2 && !two->name2) return 0;
249 if (one->name2 && !two->name2) return -1;
250 if (!one->name2 && two->name2) return +1;
252 return strcmp(one->name2, two->name2);
257 * rbtree callback function
259 static int data_cmp(void const *a, void const *b)
263 CONF_DATA const *one = a;
264 CONF_DATA const *two = b;
266 rcode = one->flag - two->flag;
267 if (rcode != 0) return rcode;
269 return strcmp(one->name, two->name);
272 static int _cf_section_free(CONF_SECTION *cs)
275 * Name1 and name2 are allocated contiguous with
279 rbtree_free(cs->pair_tree);
280 cs->pair_tree = NULL;
282 if (cs->section_tree) {
283 rbtree_free(cs->section_tree);
284 cs->section_tree = NULL;
286 if (cs->name2_tree) {
287 rbtree_free(cs->name2_tree);
288 cs->name2_tree = NULL;
291 rbtree_free(cs->data_tree);
292 cs->data_tree = NULL;
299 * Create a new CONF_PAIR
301 CONF_PAIR *cf_pair_alloc(CONF_SECTION *parent, char const *attr, char const *value,
302 FR_TOKEN op, FR_TOKEN value_type)
306 if (!attr) return NULL;
308 cp = talloc_zero(parent, CONF_PAIR);
309 if (!cp) return NULL;
311 cp->item.type = CONF_ITEM_PAIR;
312 cp->item.parent = parent;
313 cp->value_type = value_type;
316 cp->attr = talloc_typed_strdup(cp, attr);
324 cp->value = talloc_typed_strdup(cp, value);
325 if (!cp->value) goto error;
332 * Allocate a CONF_SECTION
334 CONF_SECTION *cf_section_alloc(CONF_SECTION *parent, char const *name1,
340 if (!name1) return NULL;
343 if (strchr(name2, '$')) {
344 name2 = cf_expand_variables(parent->item.filename,
345 &parent->item.lineno,
347 buffer, sizeof(buffer), name2);
349 ERROR("Failed expanding section name");
355 cs = talloc_zero(parent, CONF_SECTION);
356 if (!cs) return NULL;
358 cs->item.type = CONF_ITEM_SECTION;
359 cs->item.parent = parent;
361 cs->name1 = talloc_typed_strdup(cs, name1);
369 cs->name2 = talloc_typed_strdup(cs, name2);
370 if (!cs->name2) goto error;
373 cs->pair_tree = rbtree_create(cs, pair_cmp, NULL, 0);
374 if (!cs->pair_tree) goto error;
376 talloc_set_destructor(cs, _cf_section_free);
379 * Don't create a data tree, it may not be needed.
383 * Don't create the section tree here, it may not
387 if (parent) cs->depth = parent->depth + 1;
392 void cf_section_add(CONF_SECTION *parent, CONF_SECTION *cs)
394 cf_item_add(parent, &(cs->item));
398 * Replace pair in a given section with a new pair,
399 * of the given value.
401 int cf_pair_replace(CONF_SECTION *cs, CONF_PAIR *cp, char const *value)
404 CONF_ITEM *ci, *cn, **last;
406 newp = cf_pair_alloc(cs, cp->attr, value, cp->op, cp->value_type);
407 if (!newp) return -1;
413 * Find the old one from the linked list, and replace it
416 for (last = &cs->children; (*last) != NULL; last = &(*last)->next) {
418 cn->next = (*last)->next;
425 rbtree_deletebydata(cs->pair_tree, ci);
427 rbtree_insert(cs->pair_tree, cn);
434 * Add an item to a configuration section.
436 void cf_item_add(CONF_SECTION *cs, CONF_ITEM *ci)
438 if (!cs || !ci) return;
441 rad_assert(cs->tail == NULL);
444 rad_assert(cs->tail != NULL);
449 * Update the trees (and tail) for each item added.
451 for (/* nothing */; ci != NULL; ci = ci->next) {
455 * For fast lookups, pairs and sections get
460 if (!rbtree_insert(cs->pair_tree, ci)) {
461 CONF_PAIR *cp = cf_itemtopair(ci);
463 if (strcmp(cp->attr, "confdir") == 0) break;
464 if (!cp->value) break; /* module name, "ok", etc. */
468 case CONF_ITEM_SECTION: {
469 CONF_SECTION *cs_new = cf_itemtosection(ci);
470 CONF_SECTION *name1_cs;
472 if (!cs->section_tree) {
473 cs->section_tree = rbtree_create(cs, section_cmp, NULL, 0);
474 if (!cs->section_tree) {
475 ERROR("Out of memory");
480 name1_cs = rbtree_finddata(cs->section_tree, cs_new);
482 if (!rbtree_insert(cs->section_tree, cs_new)) {
483 ERROR("Failed inserting section into tree");
491 * We'll ignore these checks for
492 * now. Various sections can be
493 * duplicated, such as "listen",
494 * "update", "if", "else", etc.
496 if (!name1_cs->name2 && !cs_new->name2) {
497 WARN("%s[%d] Duplicate configuration section \"%s { ...}\" %s %d",
498 ci->filename, ci->lineno, cs_new->name1,
499 name1_cs->item.filename, name1_cs->item.lineno);
503 if ((name1_cs->name2 && cs_new->name2) &&
504 (strcmp(name1_cs->name2, cs_new->name2) == 0)) {
505 WARN("%s[%d] Duplicate configuration section \"%s %s { ...}\"",
506 ci->filename, ci->lineno, cs_new->name1, cs_new->name2);
512 * We already have a section of
513 * this "name1". Add a new
514 * sub-section based on name2.
516 if (!name1_cs->name2_tree) {
517 name1_cs->name2_tree = rbtree_create(name1_cs, name2_cmp, NULL, 0);
518 if (!name1_cs->name2_tree) {
519 ERROR("Out of memory");
525 * We don't care if this fails.
526 * If the user tries to create
527 * two sections of the same
528 * name1/name2, the duplicate
529 * section is just silently
532 rbtree_insert(name1_cs->name2_tree, cs_new);
534 } /* was a section */
537 if (!cs->data_tree) {
538 cs->data_tree = rbtree_create(cs, data_cmp, NULL, 0);
541 rbtree_insert(cs->data_tree, ci);
545 default: /* FIXME: assert & error! */
548 } /* switch over conf types */
553 CONF_ITEM *cf_reference_item(CONF_SECTION const *parentcs,
554 CONF_SECTION *outercs,
559 CONF_SECTION const *cs = outercs;
563 strlcpy(name, ptr, sizeof(name));
567 * ".foo" means "foo from the current section"
573 * Just '.' means the current section
576 return cf_sectiontoitem(cs);
580 * ..foo means "foo from the section
581 * enclosing this section" (etc.)
584 if (cs->item.parent) {
585 cs = cs->item.parent;
589 * .. means the section
590 * enclosing this section
593 return cf_sectiontoitem(cs);
598 * "foo.bar.baz" means "from the root"
600 } else if (strchr(p, '.') != NULL) {
601 if (!parentcs) goto no_such_item;
613 if (r && q > r) q = NULL;
614 if (q && q < r) r = NULL;
620 q = strchr(r + 1, ']');
621 if (!q) return NULL; /* parse error */
624 * Points to foo[bar]xx: parse error,
625 * it should be foo[bar] or foo[bar].baz
627 if (q[1] && q[1] != '.') goto no_such_item;
631 next = cf_section_sub_find_name2(cs, p, r + 1);
636 * Points to a named instance of a section.
639 if (!next) goto no_such_item;
640 return &(next->item);
643 q++; /* ensure we skip the ']' and '.' */
647 next = cf_section_sub_find(cs, p);
651 if (!next) break; /* it MAY be a pair in this section! */
657 if (!*p) goto no_such_item;
661 * Find it in the current referenced
664 cp = cf_pair_find(cs, p);
665 if (cp) return &(cp->item);
667 next = cf_section_sub_find(cs, p);
668 if (next) return &(next->item);
671 * "foo" is "in the current section, OR in main".
673 if ((p == name) && (parentcs != NULL) && (cs != parentcs)) {
679 WARN("No such configuration item %s", ptr);
684 CONF_SECTION *cf_top_section(CONF_SECTION *cs)
686 if (!cs) return NULL;
688 while (cs->item.parent != NULL) {
689 cs = cs->item.parent;
697 * Expand the variables in an input string.
699 static char const *cf_expand_variables(char const *cf, int *lineno,
700 CONF_SECTION *outercs,
701 char *output, size_t outsize,
705 char const *end, *ptr;
706 CONF_SECTION const *parentcs;
710 * Find the master parent conf section.
711 * We can't use main_config.config, because we're in the
712 * process of re-building it, and it isn't set up yet...
714 parentcs = cf_top_section(outercs);
720 * Ignore anything other than "${"
722 if ((*ptr == '$') && (ptr[1] == '{')) {
728 * FIXME: Add support for ${foo:-bar},
733 * Look for trailing '}', and log a
734 * warning for anything that doesn't match,
735 * and exit with a fatal error.
737 end = strchr(ptr, '}');
740 INFO("%s[%d]: Variable expansion missing }",
748 * Can't really happen because input lines are
749 * capped at 8k, which is sizeof(name)
751 if ((size_t) (end - ptr) >= sizeof(name)) {
752 ERROR("%s[%d]: Reference string is too large",
757 memcpy(name, ptr, end - ptr);
758 name[end - ptr] = '\0';
760 q = strchr(name, ':');
765 ci = cf_reference_item(parentcs, outercs, name);
767 ERROR("%s[%d]: Reference \"%s\" not found", cf, *lineno, input);
772 * The expansion doesn't refer to another item or section
773 * it's the property of a section.
776 CONF_SECTION *mycs = cf_itemtosection(ci);
778 if (ci->type != CONF_ITEM_SECTION) {
779 ERROR("%s[%d]: Can only reference properties of sections", cf, *lineno);
783 switch (fr_str2int(conf_property_name, q, CONF_PROPERTY_INVALID)) {
784 case CONF_PROPERTY_NAME:
785 strcpy(p, mycs->name1);
788 case CONF_PROPERTY_INSTANCE:
789 strcpy(p, mycs->name2 ? mycs->name2 : mycs->name1);
793 ERROR("%s[%d]: Invalid property '%s'", cf, *lineno, q);
799 } else if (ci->type == CONF_ITEM_PAIR) {
801 * Substitute the value of the variable.
803 cp = cf_itemtopair(ci);
805 ERROR("%s[%d]: Reference \"%s\" has no value",
810 if (p + strlen(cp->value) >= output + outsize) {
811 ERROR("%s[%d]: Reference \"%s\" is too long",
816 strcpy(p, cp->value);
820 } else if (ci->type == CONF_ITEM_SECTION) {
824 * Adding an entry again to a
825 * section is wrong. We don't
826 * want an infinite loop.
828 if (ci->parent == outercs) {
829 ERROR("%s[%d]: Cannot reference different item in same section", cf, *lineno);
834 * Copy the section instead of
837 subcs = cf_template_copy(outercs, cf_itemtosection(ci));
839 ERROR("%s[%d]: Failed copying reference %s", cf, *lineno, name);
843 subcs->item.filename = ci->filename;
844 subcs->item.lineno = ci->lineno;
845 cf_item_add(outercs, &(subcs->item));
850 ERROR("%s[%d]: Reference \"%s\" type is invalid", cf, *lineno, input);
853 } else if (memcmp(ptr, "$ENV{", 5) == 0) {
859 * Look for trailing '}', and log a
860 * warning for anything that doesn't match,
861 * and exit with a fatal error.
863 end = strchr(ptr, '}');
866 INFO("%s[%d]: Environment variable expansion missing }",
872 * Can't really happen because input lines are
873 * capped at 8k, which is sizeof(name)
875 if ((size_t) (end - ptr) >= sizeof(name)) {
876 ERROR("%s[%d]: Environment variable name is too large",
881 memcpy(name, ptr, end - ptr);
882 name[end - ptr] = '\0';
885 * Get the environment variable.
886 * If none exists, then make it an empty string.
894 if (p + strlen(env) >= output + outsize) {
895 ERROR("%s[%d]: Reference \"%s\" is too long",
906 * Copy it over verbatim.
912 if (p >= (output + outsize)) {
913 ERROR("%s[%d]: Reference \"%s\" is too long",
917 } /* loop over all of the input string. */
924 static char const parse_spaces[] = " ";
926 /** Validation function for ipaddr conffile types
929 static inline int fr_item_validate_ipaddr(CONF_SECTION *cs, char const *name, PW_TYPE type, char const *value,
934 if (strcmp(value, "*") == 0) {
935 cf_log_info(cs, "%.*s\t%s = *", cs->depth, parse_spaces, name);
936 } else if (strspn(value, ".0123456789abdefABCDEF:%[]/") == strlen(value)) {
937 cf_log_info(cs, "%.*s\t%s = %s", cs->depth, parse_spaces, name, value);
939 cf_log_info(cs, "%.*s\t%s = %s IPv%s address [%s]", cs->depth, parse_spaces, name, value,
940 (ipaddr->af == AF_INET ? "4" : " 6"), ip_ntoh(ipaddr, ipbuf, sizeof(ipbuf)));
944 case PW_TYPE_IPV4_ADDR:
945 case PW_TYPE_IPV6_ADDR:
946 case PW_TYPE_COMBO_IP_ADDR:
947 switch (ipaddr->af) {
949 if (ipaddr->prefix != 32) {
950 ERROR("Invalid IPv4 mask length \"/%i\". Only \"/32\" permitted for non-prefix types",
958 if (ipaddr->prefix != 128) {
959 ERROR("Invalid IPv6 mask length \"/%i\". Only \"/128\" permitted for non-prefix types",
975 * Parses an item (not a CONF_ITEM) into the specified format,
976 * with a default value.
978 * Returns -1 on error, -2 if deprecated, 0 for correctly parsed,
979 * and 1 if the default value was used. Note that the default
980 * value will be used ONLY if the CONF_PAIR is NULL.
982 int cf_item_parse(CONF_SECTION *cs, char const *name, int type, void *data, char const *dflt)
985 bool deprecated, required, attribute, secret, input;
988 CONF_PAIR const *cp = NULL;
994 deprecated = (type & PW_TYPE_DEPRECATED);
995 required = (type & PW_TYPE_REQUIRED);
996 attribute = (type & PW_TYPE_ATTRIBUTE);
997 secret = (type & PW_TYPE_SECRET);
998 input = (type == PW_TYPE_FILE_INPUT); /* check, not and */
1000 type &= 0xff; /* normal types are small */
1007 cp = cf_pair_find(cs, name);
1017 cf_log_err(&(cs->item), "Configuration item '%s' must have a value", name);
1023 if (!*value && required) {
1026 cf_log_err(&(cs->item), "Configuration item '%s' must not be empty", name);
1028 cf_log_err(&(cp->item), "Configuration item '%s' must not be empty", name);
1034 cf_log_err(&(cs->item), "Configuration item \"%s\" is deprecated", name);
1040 case PW_TYPE_BOOLEAN:
1042 * Allow yes/no and on/off
1044 if ((strcasecmp(value, "yes") == 0) ||
1045 (strcasecmp(value, "on") == 0)) {
1046 *(bool *)data = true;
1047 } else if ((strcasecmp(value, "no") == 0) ||
1048 (strcasecmp(value, "off") == 0)) {
1049 *(bool *)data = false;
1051 *(bool *)data = false;
1052 cf_log_err(&(cs->item), "Invalid value \"%s\" for boolean "
1053 "variable %s", value, name);
1056 cf_log_info(cs, "%.*s\t%s = %s",
1057 cs->depth, parse_spaces, name, value);
1060 case PW_TYPE_INTEGER:
1062 unsigned long v = strtoul(value, 0, 0);
1065 * Restrict integer values to 0-INT32_MAX, this means
1066 * it will always be safe to cast them to a signed type
1067 * for comparisons, and imposes the same range limit as
1068 * before we switched to using an unsigned type to
1069 * represent config item integers.
1071 if (v > INT32_MAX) {
1072 cf_log_err(&(cs->item), "Invalid value \"%s\" for variable %s, must be between 0-%u", value,
1077 *(uint32_t *)data = v;
1078 cf_log_info(cs, "%.*s\t%s = %u", cs->depth, parse_spaces, name, *(uint32_t *)data);
1084 unsigned long v = strtoul(value, 0, 0);
1086 if (v > UINT16_MAX) {
1087 cf_log_err(&(cs->item), "Invalid value \"%s\" for variable %s, must be between 0-%u", value,
1091 *(uint16_t *)data = (uint16_t) v;
1092 cf_log_info(cs, "%.*s\t%s = %u", cs->depth, parse_spaces, name, *(uint16_t *)data);
1096 case PW_TYPE_INTEGER64:
1097 *(uint64_t *)data = strtoull(value, 0, 0);
1098 cf_log_info(cs, "%.*s\t%s = %" PRIu64, cs->depth, parse_spaces, name, *(uint64_t *)data);
1101 case PW_TYPE_SIGNED:
1102 *(int32_t *)data = strtol(value, 0, 0);
1103 cf_log_info(cs, "%.*s\t%s = %d", cs->depth, parse_spaces, name, *(int32_t *)data);
1106 case PW_TYPE_STRING:
1113 * Expand variables which haven't already been
1114 * expanded automagically when the configuration
1117 if (value == dflt) {
1120 lineno = cs->item.lineno;
1122 value = cf_expand_variables("<internal>",
1124 cs, buffer, sizeof(buffer),
1127 cf_log_err(&(cs->item),"Failed expanding variable %s", name);
1132 if (required && (!value || !*value)) goto is_required;
1135 if (!dict_attrbyname(value)) {
1137 cf_log_err(&(cs->item), "No such attribute '%s' for configuration '%s'",
1140 cf_log_err(&(cp->item), "No such attribute '%s'",
1148 * Hide secrets when using "radiusd -X".
1150 if (secret && (debug_flag <= 2)) {
1151 cf_log_info(cs, "%.*s\t%s = <<< secret >>>",
1152 cs->depth, parse_spaces, name);
1154 cf_log_info(cs, "%.*s\t%s = \"%s\"",
1155 cs->depth, parse_spaces, name, value ? value : "(null)");
1157 *q = value ? talloc_typed_strdup(cs, value) : NULL;
1160 * If there's data AND it's an input file, check
1161 * that we can read it. This check allows errors
1162 * to be caught as early as possible, during
1168 if (stat(*q, &buf) < 0) {
1169 ERROR("Unable to open file \"%s\": %s",
1170 value, fr_syserror(errno));
1176 case PW_TYPE_IPV4_ADDR:
1177 case PW_TYPE_IPV4_PREFIX:
1180 if (fr_pton4(ipaddr, value, -1, true, false) < 0) {
1181 ERROR("%s", fr_strerror());
1184 if (fr_item_validate_ipaddr(cs, name, type, value, ipaddr) < 0) return -1;
1187 case PW_TYPE_IPV6_ADDR:
1188 case PW_TYPE_IPV6_PREFIX:
1191 if (fr_pton6(ipaddr, value, -1, true, false) < 0) {
1192 ERROR("%s", fr_strerror());
1195 if (fr_item_validate_ipaddr(cs, name, type, value, ipaddr) < 0) return -1;
1198 case PW_TYPE_COMBO_IP_ADDR:
1199 case PW_TYPE_COMBO_IP_PREFIX:
1202 if (fr_pton(ipaddr, value, -1, true) < 0) {
1203 ERROR("%s", fr_strerror());
1206 if (fr_item_validate_ipaddr(cs, name, type, value, ipaddr) < 0) return -1;
1209 case PW_TYPE_TIMEVAL: {
1214 sec = strtoul(value, &end, 10);
1218 sec = strlen(end + 1);
1221 ERROR("Too much precision for timeval");
1225 strcpy(buffer, "000000");
1226 memcpy(buffer, end + 1, sec);
1228 sec = strtoul(buffer, NULL, 10);
1231 cf_log_info(cs, "%.*s\t%s = %d.%06d",
1232 cs->depth, parse_spaces, name, (int) tv.tv_sec, (int) tv.tv_usec);
1233 memcpy(data, &tv, sizeof(tv));
1239 * If we get here, it's a sanity check error.
1240 * It's not an error parsing the configuration
1243 rad_assert(type > PW_TYPE_INVALID);
1244 rad_assert(type < PW_TYPE_MAX);
1246 ERROR("type '%s' is not supported in the configuration files",
1247 fr_int2str(dict_attr_types, type, "?Unknown?"));
1249 } /* switch over variable type */
1254 cpn = cf_pair_alloc(cs, name, value, T_OP_SET, T_BARE_WORD);
1255 if (!cpn) return -1;
1256 cpn->item.filename = "<internal>";
1257 cpn->item.lineno = 0;
1258 cf_item_add(cs, &(cpn->item));
1266 * A copy of cf_section_parse that initializes pointers before
1269 static void cf_section_parse_init(CONF_SECTION *cs, void *base,
1270 CONF_PARSER const *variables)
1275 for (i = 0; variables[i].name != NULL; i++) {
1276 if (variables[i].type == PW_TYPE_SUBSECTION) {
1277 CONF_SECTION *subcs;
1279 if (!variables[i].dflt) continue;
1281 subcs = cf_section_sub_find(cs, variables[i].name);
1284 * If there's no subsection in the
1285 * config, BUT the CONF_PARSER wants one,
1286 * then create an empty one. This is so
1287 * that we can track the strings,
1288 * etc. allocated in the subsection.
1291 subcs = cf_section_alloc(cs, variables[i].name,
1295 subcs->item.filename = cs->item.filename;
1296 subcs->item.lineno = cs->item.lineno;
1297 cf_item_add(cs, &(subcs->item));
1300 cf_section_parse_init(subcs, base,
1301 (CONF_PARSER const *) variables[i].dflt);
1305 if ((variables[i].type != PW_TYPE_STRING) &&
1306 (variables[i].type != PW_TYPE_FILE_INPUT) &&
1307 (variables[i].type != PW_TYPE_FILE_OUTPUT)) {
1311 if (variables[i].data) {
1312 data = variables[i].data; /* prefer this. */
1314 data = ((char *)base) + variables[i].offset;
1319 *(char **) data = NULL;
1320 } /* for all variables in the configuration section */
1325 * Parse a configuration section into user-supplied variables.
1327 int cf_section_parse(CONF_SECTION *cs, void *base,
1328 CONF_PARSER const *variables)
1334 cs->variables = variables; /* this doesn't hurt anything */
1337 cf_log_info(cs, "%.*s%s {", cs->depth, parse_spaces,
1340 cf_log_info(cs, "%.*s%s %s {", cs->depth, parse_spaces,
1341 cs->name1, cs->name2);
1344 cf_section_parse_init(cs, base, variables);
1347 * Handle the known configuration parameters.
1349 for (i = 0; variables[i].name != NULL; i++) {
1351 * Handle subsections specially
1353 if (variables[i].type == PW_TYPE_SUBSECTION) {
1354 CONF_SECTION *subcs;
1355 subcs = cf_section_sub_find(cs, variables[i].name);
1357 if (!variables[i].dflt || !subcs) {
1358 DEBUG2("Internal sanity check 1 failed in cf_section_parse %s",
1363 if (cf_section_parse(subcs, base,
1364 (CONF_PARSER const *) variables[i].dflt) < 0) {
1368 } /* else it's a CONF_PAIR */
1370 if (variables[i].data) {
1371 data = variables[i].data; /* prefer this. */
1373 data = ((char *)base) + variables[i].offset;
1375 DEBUG2("Internal sanity check 2 failed in cf_section_parse");
1380 * Parse the pair we found, or a default value.
1382 ret = cf_item_parse(cs, variables[i].name, variables[i].type, data, variables[i].dflt);
1385 * Be nice, and print the name of the new config item.
1387 if ((ret == -2) && (variables[i + 1].offset == variables[i].offset) &&
1388 (variables[i + 1].data == variables[i].data)) {
1389 cf_log_err(&(cs->item), "Replace \"%s\" with \"%s\"", variables[i].name,
1390 variables[i + 1].name);
1395 } /* for all variables in the configuration section */
1397 cf_log_info(cs, "%.*s}", cs->depth, parse_spaces);
1404 cf_log_info(cs, "%.*s}", cs->depth, parse_spaces);
1410 * Check XLAT things in pass 2. But don't cache the xlat stuff anywhere.
1412 int cf_section_parse_pass2(CONF_SECTION *cs, UNUSED void *base,
1413 CONF_PARSER const *variables)
1422 * Handle the known configuration parameters.
1424 for (i = 0; variables[i].name != NULL; i++) {
1428 * Handle subsections specially
1430 if (variables[i].type == PW_TYPE_SUBSECTION) {
1431 CONF_SECTION *subcs;
1432 subcs = cf_section_sub_find(cs, variables[i].name);
1434 if (cf_section_parse_pass2(subcs, base,
1435 (CONF_PARSER const *) variables[i].dflt) < 0) {
1439 } /* else it's a CONF_PAIR */
1442 * Ignore everything but xlat expansions.
1444 if ((variables[i].type & PW_TYPE_XLAT) == 0) continue;
1446 cp = cf_pair_find(cs, variables[i].name);
1449 if (!cp || !cp->value) continue;
1451 if ((cp->value_type != T_DOUBLE_QUOTED_STRING) &&
1452 (cp->value_type != T_BARE_WORD)) continue;
1454 value = talloc_strdup(cs, cp->value); /* modified by xlat_tokenize */
1457 slen = xlat_tokenize(cs, value, &xlat, &error);
1459 char *spaces, *text;
1461 fr_canonicalize_error(cs, &spaces, &text, slen, cp->value);
1463 cf_log_err(&cp->item, "Failed parsing expanded string:");
1464 cf_log_err(&cp->item, "%s", text);
1465 cf_log_err(&cp->item, "%s^ %s", spaces, error);
1467 talloc_free(spaces);
1478 * If the "multi" flag is set, check all of them.
1480 if ((variables[i].type & PW_TYPE_MULTI) != 0) {
1481 cp = cf_pair_find_next(cs, cp, cp->attr);
1484 } /* for all variables in the configuration section */
1489 static CONF_SECTION *cf_template_copy(CONF_SECTION *parent, CONF_SECTION const *template)
1494 cs = cf_section_alloc(parent, template->name1, template->name2);
1495 if (!cs) return NULL;
1497 for (ci = template->children; ci; ci = ci->next) {
1498 if (ci->type == CONF_ITEM_PAIR) {
1499 CONF_PAIR *cp1, *cp2;
1501 cp1 = cf_itemtopair(ci);
1502 cp2 = cf_pair_alloc(cs, cp1->attr, cp1->value, cp1->op, cp1->value_type);
1503 if (!cp2) return false;
1505 cp2->item.filename = cp1->item.filename;
1506 cp2->item.lineno = cp1->item.lineno;
1508 cf_item_add(cs, &(cp2->item));
1512 if (ci->type == CONF_ITEM_SECTION) {
1513 CONF_SECTION *subcs1, *subcs2;
1515 subcs1 = cf_itemtosection(ci);
1516 subcs2 = cf_template_copy(cs, subcs1);
1518 subcs2->item.filename = subcs1->item.filename;
1519 subcs2->item.lineno = subcs1->item.lineno;
1521 cf_item_add(cs, &(subcs2->item));
1525 /* ignore everything else */
1533 * Merge the template so everyting else "just works".
1535 static bool cf_template_merge(CONF_SECTION *cs, CONF_SECTION const *template)
1539 if (!cs || !template) return true;
1541 cs->template = NULL;
1544 * Walk over the template, adding its' entries to the
1545 * current section. But only if the entries don't
1546 * already exist in the current section.
1548 for (ci = template->children; ci; ci = ci->next) {
1549 if (ci->type == CONF_ITEM_PAIR) {
1550 CONF_PAIR *cp1, *cp2;
1553 * It exists, don't over-write it.
1555 cp1 = cf_itemtopair(ci);
1556 if (cf_pair_find(cs, cp1->attr)) {
1561 * Create a new pair with all of the data
1564 cp2 = cf_pair_alloc(cs, cp1->attr, cp1->value, cp1->op, cp1->value_type);
1565 if (!cp2) return false;
1567 cp2->item.filename = cp1->item.filename;
1568 cp2->item.lineno = cp1->item.lineno;
1570 cf_item_add(cs, &(cp2->item));
1574 if (ci->type == CONF_ITEM_SECTION) {
1575 CONF_SECTION *subcs1, *subcs2;
1577 subcs1 = cf_itemtosection(ci);
1578 rad_assert(subcs1 != NULL);
1580 subcs2 = cf_section_sub_find_name2(cs, subcs1->name1, subcs1->name2);
1583 * sub-sections get merged.
1585 if (!cf_template_merge(subcs2, subcs1)) {
1592 * Our section doesn't have a matching
1593 * sub-section. Copy it verbatim from
1596 subcs2 = cf_template_copy(cs, subcs1);
1597 if (!subcs2) return false;
1599 subcs2->item.filename = subcs1->item.filename;
1600 subcs2->item.lineno = subcs1->item.lineno;
1602 cf_item_add(cs, &(subcs2->item));
1606 /* ignore everything else */
1612 static char const *cf_local_file(char const *base, char const *filename,
1613 char *buffer, size_t bufsize)
1618 strlcpy(buffer, base, bufsize);
1620 p = strrchr(buffer, FR_DIR_SEP);
1621 if (!p) return filename;
1622 if (p[1]) { /* ./foo */
1626 dirsize = (p - buffer) + 1;
1628 if ((dirsize + strlen(filename)) >= bufsize) {
1632 strlcpy(p + 1, filename, bufsize - dirsize);
1639 * Read a part of the config file.
1641 static int cf_section_read(char const *filename, int *lineno, FILE *fp,
1642 CONF_SECTION *current)
1645 CONF_SECTION *this, *css, *nextcs;
1654 FR_TOKEN t1, t2, t3;
1655 bool has_spaces = false;
1658 fr_cond_t *cond = NULL;
1660 this = current; /* add items here */
1663 * Read, checking for line continuations ('\\' at EOL)
1670 * Get data, and remember if we are at EOF.
1672 at_eof = (fgets(cbuf, sizeof(buf) - (cbuf - buf), fp) == NULL);
1676 * We read the entire 8k worth of data: complain.
1677 * Note that we don't care if the last character
1678 * is \n: it's still forbidden. This means that
1679 * the maximum allowed length of text is 8k-1, which
1683 if ((cbuf + len + 1) >= (buf + sizeof(buf))) {
1684 ERROR("%s[%d]: Line too long",
1691 while (isspace((int) *ptr)) ptr++;
1694 memmove(cbuf, ptr, len - (ptr - cbuf));
1695 len -= (ptr - cbuf);
1700 * Not doing continuations: check for edge
1707 while (*ptr && isspace((int) *ptr)) ptr++;
1709 if (!*ptr || (*ptr == '#')) continue;
1711 } else if (at_eof || (len == 0)) {
1712 ERROR("%s[%d]: Continuation at EOF is illegal",
1718 * See if there's a continuation.
1721 ((cbuf[len - 1] == '\n') || (cbuf[len - 1] == '\r'))) {
1726 if ((len > 0) && (cbuf[len - 1] == '\\')) {
1728 * Check for "suppress spaces" magic.
1730 if (!has_spaces && (len > 2) && (cbuf[len - 2] == '"')) {
1734 cbuf[len - 1] = '\0';
1744 * The parser is getting to be evil.
1746 while ((*ptr == ' ') || (*ptr == '\t')) ptr++;
1748 if (((ptr[0] == '%') && (ptr[1] == '{')) ||
1752 if (ptr[0] == '%') {
1753 hack = rad_copy_variable(buf1, ptr);
1755 hack = rad_copy_string(buf1, ptr);
1758 ERROR("%s[%d]: Invalid expansion: %s",
1759 filename, *lineno, ptr);
1765 t2 = gettoken(&ptr, buf2, sizeof(buf2), true);
1772 ERROR("%s[%d]: Invalid expansion: %s",
1773 filename, *lineno, ptr);
1777 t1 = gettoken(&ptr, buf1, sizeof(buf1), true);
1781 * The caller eats "name1 name2 {", and calls us
1782 * for the data inside of the section. So if we
1783 * receive a closing brace, then it must mean the
1784 * end of the section.
1786 if (t1 == T_RCBRACE) {
1787 if (this == current) {
1788 ERROR("%s[%d]: Too many closing braces",
1794 * Merge the template into the existing
1795 * section. This uses more memory, but
1796 * means that templates now work with
1797 * sub-sections, etc.
1799 if (!cf_template_merge(this, this->template)) {
1803 this = this->item.parent;
1804 goto check_for_more;
1808 * Allow for $INCLUDE files
1810 * This *SHOULD* work for any level include.
1811 * I really really really hate this file. -cparker
1813 if ((strcasecmp(buf1, "$INCLUDE") == 0) ||
1814 (strcasecmp(buf1, "$-INCLUDE") == 0)) {
1815 bool relative = true;
1817 t2 = getword(&ptr, buf2, sizeof(buf2), true);
1819 ERROR("%s[%d]: Unexpected text after $INCLUDE",
1824 if (buf2[0] == '$') relative = false;
1826 value = cf_expand_variables(filename, lineno, this, buf4, sizeof(buf4), buf2);
1827 if (!value) return -1;
1829 if (!FR_DIR_IS_RELATIVE(value)) relative = false;
1832 value = cf_local_file(filename, value, buf3,
1835 ERROR("%s[%d]: Directories too deep.",
1842 #ifdef HAVE_DIRENT_H
1846 * Include ALL non-"dot" files in the directory.
1849 if (value[strlen(value) - 1] == '/') {
1852 struct stat stat_buf;
1854 DEBUG2("including files in directory %s", value );
1859 if (stat(value, &stat_buf) < 0) {
1860 ERROR("%s[%d]: Failed reading directory %s: %s",
1862 value, fr_syserror(errno));
1866 if ((stat_buf.st_mode & S_IWOTH) != 0) {
1867 ERROR("%s[%d]: Directory %s is globally writable. Refusing to start due to "
1868 "insecure configuration", filename, *lineno, value);
1872 dir = opendir(value);
1874 ERROR("%s[%d]: Error reading directory %s: %s",
1875 filename, *lineno, value,
1876 fr_syserror(errno));
1881 * Read the directory, ignoring "." files.
1883 while ((dp = readdir(dir)) != NULL) {
1886 if (dp->d_name[0] == '.') continue;
1889 * Check for valid characters
1891 for (p = dp->d_name; *p != '\0'; p++) {
1892 if (isalpha((int)*p) ||
1896 (*p == '.')) continue;
1899 if (*p != '\0') continue;
1901 snprintf(buf2, sizeof(buf2), "%s%s",
1903 if ((stat(buf2, &stat_buf) != 0) ||
1904 S_ISDIR(stat_buf.st_mode)) continue;
1906 * Read the file into the current
1907 * configuration section.
1909 if (cf_file_include(this, buf2) < 0) {
1917 { /* it was a normal file */
1918 if (buf1[1] == '-') {
1919 struct stat statbuf;
1921 if (stat(value, &statbuf) < 0) {
1922 WARN("Not including file %s: %s", value, fr_syserror(errno));
1927 if (cf_file_include(this, value) < 0) {
1932 } /* we were in an include */
1934 if (strcasecmp(buf1, "$template") == 0) {
1936 CONF_SECTION *parentcs, *templatecs;
1937 t2 = getword(&ptr, buf2, sizeof(buf2), true);
1940 ERROR("%s[%d]: Unexpected text after $TEMPLATE", filename, *lineno);
1944 parentcs = cf_top_section(current);
1946 templatecs = cf_section_sub_find(parentcs, "templates");
1948 ERROR("%s[%d]: No \"templates\" section for reference \"%s\"", filename, *lineno, buf2);
1952 ci = cf_reference_item(parentcs, templatecs, buf2);
1953 if (!ci || (ci->type != CONF_ITEM_SECTION)) {
1954 ERROR("%s[%d]: Reference \"%s\" not found", filename, *lineno, buf2);
1959 ERROR("%s[%d]: Internal sanity check error in template reference", filename, *lineno);
1963 if (this->template) {
1964 ERROR("%s[%d]: Section already has a template", filename, *lineno);
1968 this->template = cf_itemtosection(ci);
1973 * Ensure that the user can't add CONF_PAIRs
1974 * with 'internal' names;
1976 if (buf1[0] == '_') {
1977 ERROR("%s[%d]: Illegal configuration pair name \"%s\"", filename, *lineno, buf1);
1982 * Handle if/elsif specially.
1984 if ((strcmp(buf1, "if") == 0) || (strcmp(buf1, "elsif") == 0)) {
1986 char const *error = NULL;
1988 CONF_SECTION *server;
1991 * if / elsif MUST be inside of a
1992 * processing section, which MUST in turn
1993 * be inside of a "server" directive.
1995 if (!this->item.parent) {
1997 ERROR("%s[%d]: Invalid location for '%s'",
1998 filename, *lineno, buf1);
2003 * Skip (...) to find the {
2005 slen = fr_condition_tokenize(nextcs, cf_sectiontoitem(nextcs), ptr, &cond,
2006 &error, FR_COND_TWO_PASS);
2007 memcpy(&p, &ptr, sizeof(p));
2010 if (p[-slen] != '{') goto cond_error;
2016 * This hack is so that the NEXT stage
2017 * doesn't go "too far" in expanding the
2018 * variable. We can parse the conditions
2019 * without expanding the ${...} stuff.
2020 * BUT we don't want to expand all of the
2021 * stuff AFTER the condition. So we do
2024 * The first pass is to discover the end
2025 * of the condition. We then expand THAT
2026 * string, and do a second pass parsing
2027 * the expanded condition.
2033 * If there's a ${...}. If so, expand it.
2035 if (strchr(ptr, '$') != NULL) {
2036 ptr = cf_expand_variables(filename, lineno,
2041 ERROR("%s[%d]: Parse error expanding ${...} in condition",
2045 } /* else leave it alone */
2047 server = this->item.parent;
2048 while ((strcmp(server->name1, "server") != 0) &&
2049 (strcmp(server->name1, "policy") != 0)) {
2050 server = server->item.parent;
2051 if (!server) goto invalid_location;
2054 nextcs = cf_section_alloc(this, buf1, ptr);
2056 ERROR("%s[%d]: Failed allocating memory for section",
2060 nextcs->item.filename = talloc_strdup(nextcs, filename);
2061 nextcs->item.lineno = *lineno;
2063 slen = fr_condition_tokenize(nextcs, cf_sectiontoitem(nextcs), ptr, &cond,
2064 &error, FR_COND_TWO_PASS);
2065 *p = '{'; /* put it back */
2069 char *spaces, *text;
2071 fr_canonicalize_error(nextcs, &spaces, &text, slen, ptr);
2073 ERROR("%s[%d]: Parse error in condition",
2075 ERROR("%s[%d]: %s", filename, *lineno, text);
2076 ERROR("%s[%d]: %s^ %s", filename, *lineno, spaces, error);
2078 talloc_free(spaces);
2080 talloc_free(nextcs);
2084 if ((size_t) slen >= (sizeof(buf2) - 1)) {
2085 talloc_free(nextcs);
2086 ERROR("%s[%d]: Condition is too large after \"%s\"",
2087 filename, *lineno, buf1);
2092 * Copy the expanded and parsed condition
2093 * into buf2. Then, parse the text after
2094 * the condition, which now MUST be a '{.
2096 * If it wasn't '{' it would have been
2097 * caught in the first pass of
2098 * conditional parsing, above.
2100 memcpy(buf2, ptr, slen);
2105 if ((t3 = gettoken(&ptr, buf3, sizeof(buf3), true)) != T_LCBRACE) {
2106 talloc_free(nextcs);
2107 ERROR("%s[%d]: Expected '{' %d",
2108 filename, *lineno, t3);
2113 * Swap the condition with trailing stuff for
2114 * the final condition.
2116 memcpy(&p, &nextcs->name2, sizeof(nextcs->name2));
2118 nextcs->name2 = talloc_typed_strdup(nextcs, buf2);
2124 * Grab the next token.
2126 t2 = gettoken(&ptr, buf2, sizeof(buf2), !cf_new_escape);
2143 case T_OP_CMP_FALSE:
2144 if (!this || (strcmp(this->name1, "update") != 0)) {
2145 ERROR("%s[%d]: Invalid operator in assignment",
2153 while (isspace((int) *ptr)) ptr++;
2156 * New parser: non-quoted strings are
2157 * bare words, and we parse everything
2158 * until the next newline, or the next
2159 * comma. If they have { or } in a bare
2160 * word, well... too bad.
2162 if (cf_new_escape && (*ptr != '"') && (*ptr != '\'')
2163 && (*ptr != '`') && (*ptr != '/')) {
2164 const char *q = ptr;
2167 while (*q && (*q >= ' ') && (*q != ',') &&
2170 if ((size_t) (q - ptr) >= sizeof(buf3)) {
2171 ERROR("%s[%d]: Parse error: value too long",
2176 memcpy(buf3, ptr, (q - ptr));
2177 buf3[q - ptr] = '\0';
2181 t3 = getstring(&ptr, buf3, sizeof(buf3), !cf_new_escape);
2184 if (t3 == T_INVALID) {
2185 ERROR("%s[%d]: Parse error: %s",
2192 * These are not allowed. Print a
2193 * helpful error message.
2195 if ((t3 == T_BACK_QUOTED_STRING) &&
2196 (!this || (strcmp(this->name1, "update") != 0))) {
2197 ERROR("%s[%d]: Syntax error: Invalid string `...` in assignment",
2203 * Handle variable substitution via ${foo}
2207 case T_DOUBLE_QUOTED_STRING:
2208 case T_BACK_QUOTED_STRING:
2209 value = cf_expand_variables(filename, lineno, this, buf4, sizeof(buf4), buf3);
2210 if (!value) return -1;
2224 * Add this CONF_PAIR to our CONF_SECTION
2227 cpn = cf_pair_alloc(this, buf1, value, t2, t3);
2228 if (!cpn) return -1;
2229 cpn->item.filename = talloc_strdup(cpn, filename);
2230 cpn->item.lineno = *lineno;
2231 cf_item_add(this, &(cpn->item));
2234 * Hacks for escaping
2236 if (!cf_new_escape && !this->item.parent && value &&
2237 (strcmp(buf1, "correct_escapes") == 0) &&
2238 (strcmp(value, "true") == 0)) {
2239 cf_new_escape = true;
2243 * Require a comma, unless there's a comment.
2245 while (isspace(*ptr)) ptr++;
2254 * foo = bar # other stuff
2256 if ((t3 == T_HASH) || (t3 == T_COMMA) || (t3 == T_EOL) || (*ptr == '#')) continue;
2258 if (!*ptr || (*ptr == '}')) break;
2260 ERROR("%s[%d]: Syntax error: Expected comma after '%s': %s",
2261 filename, *lineno, value, ptr);
2265 * No '=', must be a section or sub-section.
2268 case T_DOUBLE_QUOTED_STRING:
2269 case T_SINGLE_QUOTED_STRING:
2270 t3 = gettoken(&ptr, buf3, sizeof(buf3), true);
2271 if (t3 != T_LCBRACE) {
2272 ERROR("%s[%d]: Expecting section start brace '{' after \"%s %s\"",
2273 filename, *lineno, buf1, buf2);
2281 css = cf_section_alloc(this, buf1,
2282 t2 == T_LCBRACE ? NULL : buf2);
2284 ERROR("%s[%d]: Failed allocating memory for section",
2289 css->item.filename = talloc_strdup(css, filename);
2290 css->item.lineno = *lineno;
2291 cf_item_add(this, &(css->item));
2297 cf_item_add(this, &(css->item));
2298 cf_data_add_internal(css, "if", cond, NULL, false);
2299 cond = NULL; /* eaten by the above line */
2303 * There may not be a name2
2305 css->name2_type = (t2 == T_LCBRACE) ? T_INVALID : t2;
2308 * The current section is now the child section.
2314 ERROR("%s[%d]: Syntax error in '%s': %s", filename, *lineno, ptr, fr_strerror());
2319 ERROR("%s[%d]: Parse error after \"%s\": unexpected token \"%s\"",
2320 filename, *lineno, buf1, fr_int2str(fr_tokens, t2, "<INVALID>"));
2327 * Done parsing one thing. Skip to EOL if possible.
2329 while (isspace(*ptr)) ptr++;
2331 if (*ptr == '#') continue;
2340 * See if EOF was unexpected ..
2342 if (feof(fp) && (this != current)) {
2343 ERROR("%s[%d]: EOF reached without closing brace for section %s starting at line %d",
2344 filename, *lineno, cf_section_name1(this), cf_section_lineno(this));
2352 * Include one config file in another.
2354 int cf_file_include(CONF_SECTION *cs, char const *filename)
2358 struct stat statbuf;
2362 DEBUG2("including configuration file %s", filename);
2364 fp = fopen(filename, "r");
2366 ERROR("Unable to open file \"%s\": %s",
2367 filename, fr_syserror(errno));
2371 if (stat(filename, &statbuf) == 0) {
2373 if ((statbuf.st_mode & S_IWOTH) != 0) {
2375 ERROR("Configuration file %s is globally writable. "
2376 "Refusing to start due to insecure configuration.", filename);
2382 if (0 && (statbuf.st_mode & S_IROTH) != 0) {
2384 ERROR("Configuration file %s is globally readable. "
2385 "Refusing to start due to insecure configuration", filename);
2391 if (cf_data_find_internal(cs, filename, PW_TYPE_FILE_INPUT)) {
2393 ERROR("Cannot include the same file twice: \"%s\"", filename);
2399 * Add the filename to the section
2401 mtime = talloc(cs, time_t);
2402 *mtime = statbuf.st_mtime;
2404 if (cf_data_add_internal(cs, filename, mtime, NULL, PW_TYPE_FILE_INPUT) < 0) {
2406 ERROR("Internal error opening file \"%s\"",
2411 cd = cf_data_find_internal(cs, filename, PW_TYPE_FILE_INPUT);
2414 ERROR("Internal error opening file \"%s\"",
2419 if (!cs->item.filename) cs->item.filename = talloc_strdup(cs, filename);
2422 * Read the section. It's OK to have EOF without a
2423 * matching close brace.
2425 if (cf_section_read(cd->name, &lineno, fp, cs) < 0) {
2435 * Bootstrap a config file.
2437 CONF_SECTION *cf_file_read(char const *filename)
2443 cs = cf_section_alloc(NULL, "main", NULL);
2444 if (!cs) return NULL;
2446 cp = cf_pair_alloc(cs, "confdir", filename, T_OP_SET, T_BARE_WORD);
2447 if (!cp) return NULL;
2449 p = strrchr(cp->value, FR_DIR_SEP);
2452 cp->item.filename = "internal";
2453 cp->item.lineno = -1;
2454 cf_item_add(cs, &(cp->item));
2456 if (cf_file_include(cs, filename) < 0) {
2465 void cf_file_free(CONF_SECTION *cs)
2472 * Return a CONF_PAIR within a CONF_SECTION.
2474 CONF_PAIR *cf_pair_find(CONF_SECTION const *cs, char const *name)
2476 CONF_PAIR *cp, mycp;
2478 if (!cs || !name) return NULL;
2481 cp = rbtree_finddata(cs->pair_tree, &mycp);
2484 if (!cs->template) return NULL;
2486 return rbtree_finddata(cs->template->pair_tree, &mycp);
2490 * Return the attr of a CONF_PAIR
2493 char const *cf_pair_attr(CONF_PAIR const *pair)
2495 return (pair ? pair->attr : NULL);
2499 * Return the value of a CONF_PAIR
2502 char const *cf_pair_value(CONF_PAIR const *pair)
2504 return (pair ? pair->value : NULL);
2507 FR_TOKEN cf_pair_operator(CONF_PAIR const *pair)
2509 return (pair ? pair->op : T_INVALID);
2513 * Return the value type, should be one of the following:
2514 * T_BARE_WORD, T_SINGLE_QUOTED_STRING, T_BACK_QUOTED_STRING
2515 * T_DOUBLE_QUOTED_STRING or T_INVALID if the pair is NULL.
2517 FR_TOKEN cf_pair_value_type(CONF_PAIR const *pair)
2519 return (pair ? pair->value_type : T_INVALID);
2523 * Turn a CONF_PAIR into a VALUE_PAIR
2524 * For now, ignore the "value_type" field...
2526 VALUE_PAIR *cf_pairtovp(CONF_PAIR *pair)
2529 fr_strerror_printf("Internal error");
2534 fr_strerror_printf("No value given for attribute %s", pair->attr);
2539 * false comparisons never match. BUT if it's a "string"
2540 * or `string`, then remember to expand it later.
2542 if ((pair->op != T_OP_CMP_FALSE) &&
2543 ((pair->value_type == T_DOUBLE_QUOTED_STRING) ||
2544 (pair->value_type == T_BACK_QUOTED_STRING))) {
2547 vp = pairmake(pair, NULL, pair->attr, NULL, pair->op);
2552 if (pairmark_xlat(vp, pair->value) < 0) {
2561 return pairmake(pair, NULL, pair->attr, pair->value, pair->op);
2565 * Return the first label of a CONF_SECTION
2568 char const *cf_section_name1(CONF_SECTION const *cs)
2570 return (cs ? cs->name1 : NULL);
2574 * Return the second label of a CONF_SECTION
2577 char const *cf_section_name2(CONF_SECTION const *cs)
2579 return (cs ? cs->name2 : NULL);
2582 /** Return name2 if set, else name1
2585 char const *cf_section_name(CONF_SECTION const *cs)
2589 name = cf_section_name2(cs);
2590 if (name) return name;
2592 return cf_section_name1(cs);
2596 * Find a value in a CONF_SECTION
2598 char const *cf_section_value_find(CONF_SECTION const *cs, char const *attr)
2602 cp = cf_pair_find(cs, attr);
2604 return (cp ? cp->value : NULL);
2608 CONF_SECTION *cf_section_find_name2(CONF_SECTION const *cs,
2609 char const *name1, char const *name2)
2612 CONF_ITEM const *ci;
2614 if (!cs || !name1) return NULL;
2616 for (ci = &(cs->item); ci; ci = ci->next) {
2617 if (ci->type != CONF_ITEM_SECTION)
2620 if (strcmp(cf_itemtosection(ci)->name1, name1) != 0) {
2624 their2 = cf_itemtosection(ci)->name2;
2626 if ((!name2 && !their2) ||
2627 (name2 && their2 && (strcmp(name2, their2) == 0))) {
2628 return cf_itemtosection(ci);
2636 * Return the next pair after a CONF_PAIR
2637 * with a certain name (char *attr) If the requested
2638 * attr is NULL, any attr matches.
2641 CONF_PAIR *cf_pair_find_next(CONF_SECTION const *cs,
2642 CONF_PAIR const *pair, char const *attr)
2646 if (!cs) return NULL;
2649 * If pair is NULL this must be a first time run
2650 * Find the pair with correct name
2653 if (!pair) return cf_pair_find(cs, attr);
2655 for (ci = pair->item.next; ci; ci = ci->next) {
2656 if (ci->type != CONF_ITEM_PAIR)
2659 if (!attr || strcmp(cf_itemtopair(ci)->attr, attr) == 0)
2663 return cf_itemtopair(ci);
2667 * Find a CONF_SECTION, or return the root if name is NULL
2670 CONF_SECTION *cf_section_find(char const *name)
2673 return cf_section_sub_find(root_config, name);
2678 /** Find a sub-section in a section
2680 * This finds ANY section having the same first name.
2681 * The second name is ignored.
2683 CONF_SECTION *cf_section_sub_find(CONF_SECTION const *cs, char const *name)
2687 if (!cs || !name) return NULL; /* can't find an un-named section */
2690 * No sub-sections have been defined, so none exist.
2692 if (!cs->section_tree) return NULL;
2696 return rbtree_finddata(cs->section_tree, &mycs);
2700 /** Find a CONF_SECTION with both names.
2703 CONF_SECTION *cf_section_sub_find_name2(CONF_SECTION const *cs,
2704 char const *name1, char const *name2)
2708 if (!cs) cs = root_config;
2709 if (!cs) return NULL;
2712 CONF_SECTION mycs, *master_cs;
2714 if (!cs->section_tree) return NULL;
2719 master_cs = rbtree_finddata(cs->section_tree, &mycs);
2720 if (!master_cs) return NULL;
2723 * Look it up in the name2 tree. If it's there,
2726 if (master_cs->name2_tree) {
2727 CONF_SECTION *subcs;
2729 subcs = rbtree_finddata(master_cs->name2_tree, &mycs);
2730 if (subcs) return subcs;
2734 * We don't insert ourselves into the name2 tree.
2735 * So if there's nothing in the name2 tree, maybe
2736 * *we* are the answer.
2738 if (!master_cs->name2 && name2) return NULL;
2739 if (master_cs->name2 && !name2) return NULL;
2740 if (!master_cs->name2 && !name2) return master_cs;
2742 if (strcmp(master_cs->name2, name2) == 0) {
2750 * Else do it the old-fashioned way.
2752 for (ci = cs->children; ci; ci = ci->next) {
2753 CONF_SECTION *subcs;
2755 if (ci->type != CONF_ITEM_SECTION)
2758 subcs = cf_itemtosection(ci);
2759 if (!subcs->name2) {
2760 if (strcmp(subcs->name1, name2) == 0) break;
2762 if (strcmp(subcs->name2, name2) == 0) break;
2766 return cf_itemtosection(ci);
2770 * Return the next subsection after a CONF_SECTION
2771 * with a certain name1 (char *name1). If the requested
2772 * name1 is NULL, any name1 matches.
2775 CONF_SECTION *cf_subsection_find_next(CONF_SECTION const *section,
2776 CONF_SECTION const *subsection,
2781 if (!section) return NULL;
2784 * If subsection is NULL this must be a first time run
2785 * Find the subsection with correct name
2789 ci = section->children;
2791 ci = subsection->item.next;
2794 for (; ci; ci = ci->next) {
2795 if (ci->type != CONF_ITEM_SECTION)
2797 if ((name1 == NULL) ||
2798 (strcmp(cf_itemtosection(ci)->name1, name1) == 0))
2802 return cf_itemtosection(ci);
2807 * Return the next section after a CONF_SECTION
2808 * with a certain name1 (char *name1). If the requested
2809 * name1 is NULL, any name1 matches.
2812 CONF_SECTION *cf_section_find_next(CONF_SECTION const *section,
2813 CONF_SECTION const *subsection,
2816 if (!section) return NULL;
2818 if (!section->item.parent) return NULL;
2820 return cf_subsection_find_next(section->item.parent, subsection, name1);
2823 /** Return the next item after a CONF_ITEM.
2826 CONF_ITEM *cf_item_find_next(CONF_SECTION const *section, CONF_ITEM const *item)
2828 if (!section) return NULL;
2831 * If item is NULL this must be a first time run
2832 * Return the first item
2836 return section->children;
2842 static void _pair_count(int *count, CONF_SECTION const *cs)
2844 CONF_ITEM const *ci;
2846 for (ci = cf_item_find_next(cs, NULL);
2848 ci = cf_item_find_next(cs, ci)) {
2850 if (cf_item_is_section(ci)) {
2851 _pair_count(count, cf_itemtosection(ci));
2859 /** Count the number of conf pairs beneath a section
2861 * @param[in] cs to search for items in.
2862 * @return number of pairs nested within section.
2864 int cf_pair_count(CONF_SECTION const *cs)
2868 _pair_count(&count, cs);
2873 CONF_SECTION *cf_item_parent(CONF_ITEM const *ci)
2875 if (!ci) return NULL;
2880 int cf_section_lineno(CONF_SECTION const *section)
2882 return section->item.lineno;
2885 char const *cf_pair_filename(CONF_PAIR const *pair)
2887 return pair->item.filename;
2890 char const *cf_section_filename(CONF_SECTION const *section)
2892 return section->item.filename;
2895 int cf_pair_lineno(CONF_PAIR const *pair)
2897 return pair->item.lineno;
2900 bool cf_item_is_section(CONF_ITEM const *item)
2902 return item->type == CONF_ITEM_SECTION;
2905 bool cf_item_is_pair(CONF_ITEM const *item)
2907 return item->type == CONF_ITEM_PAIR;
2911 static CONF_DATA *cf_data_alloc(CONF_SECTION *parent, char const *name,
2912 void *data, void (*data_free)(void *))
2916 cd = talloc_zero(parent, CONF_DATA);
2917 if (!cd) return NULL;
2919 cd->item.type = CONF_ITEM_DATA;
2920 cd->item.parent = parent;
2921 cd->name = talloc_typed_strdup(cd, name);
2928 cd->free = data_free;
2931 talloc_set_destructor(cd, _cf_data_free);
2938 static void *cf_data_find_internal(CONF_SECTION const *cs, char const *name,
2941 if (!cs || !name) return NULL;
2944 * Find the name in the tree, for speed.
2946 if (cs->data_tree) {
2951 return rbtree_finddata(cs->data_tree, &mycd);
2958 * Find data from a particular section.
2960 void *cf_data_find(CONF_SECTION const *cs, char const *name)
2962 CONF_DATA *cd = cf_data_find_internal(cs, name, 0);
2964 if (cd) return cd->data;
2970 * Add named data to a configuration section.
2972 static int cf_data_add_internal(CONF_SECTION *cs, char const *name,
2973 void *data, void (*data_free)(void *),
2978 if (!cs || !name) return -1;
2981 * Already exists. Can't add it.
2983 if (cf_data_find_internal(cs, name, flag) != NULL) return -1;
2985 cd = cf_data_alloc(cs, name, data, data_free);
2989 cf_item_add(cs, cf_datatoitem(cd));
2995 * Add named data to a configuration section.
2997 int cf_data_add(CONF_SECTION *cs, char const *name,
2998 void *data, void (*data_free)(void *))
3000 return cf_data_add_internal(cs, name, data, data_free, 0);
3003 /** Remove named data from a configuration section
3006 void *cf_data_remove(CONF_SECTION *cs, char const *name)
3012 if (!cs || !name) return NULL;
3013 if (!cs->data_tree) return NULL;
3016 * Find the name in the tree, for speed.
3020 cd = rbtree_finddata(cs->data_tree, &mycd);
3021 if (!cd) return NULL;
3023 talloc_set_destructor(cd, NULL); /* Disarm the destructor */
3024 rbtree_deletebydata(cs->data_tree, &mycd);
3033 * This is here to make the rest of the code easier to read. It
3034 * ties conffile.c to log.c, but it means we don't have to
3035 * pollute every other function with the knowledge of the
3036 * configuration internals.
3038 void cf_log_err(CONF_ITEM const *ci, char const *fmt, ...)
3044 vsnprintf(buffer, sizeof(buffer), fmt, ap);
3049 ci->filename ? ci->filename : "unknown",
3050 ci->lineno ? ci->lineno : 0,
3053 ERROR("<unknown>[*]: %s", buffer);
3057 void cf_log_err_cs(CONF_SECTION const *cs, char const *fmt, ...)
3063 vsnprintf(buffer, sizeof(buffer), fmt, ap);
3066 rad_assert(cs != NULL);
3069 cs->item.filename ? cs->item.filename : "unknown",
3070 cs->item.lineno ? cs->item.lineno : 0,
3074 void cf_log_err_cp(CONF_PAIR const *cp, char const *fmt, ...)
3080 vsnprintf(buffer, sizeof(buffer), fmt, ap);
3083 rad_assert(cp != NULL);
3086 cp->item.filename ? cp->item.filename : "unknown",
3087 cp->item.lineno ? cp->item.lineno : 0,
3091 void cf_log_info(CONF_SECTION const *cs, char const *fmt, ...)
3096 if ((debug_flag > 1) && cs) vradlog(L_DBG, fmt, ap);
3101 * Wrapper to simplify the code.
3103 void cf_log_module(CONF_SECTION const *cs, char const *fmt, ...)
3109 if (debug_flag > 1 && cs) {
3110 vsnprintf(buffer, sizeof(buffer), fmt, ap);
3112 DEBUG("%.*s# %s", cs->depth, parse_spaces, buffer);
3117 const CONF_PARSER *cf_section_parse_table(CONF_SECTION *cs)
3119 if (!cs) return NULL;
3121 return cs->variables;
3125 * For "switch" and "case" statements.
3127 FR_TOKEN cf_section_name2_type(CONF_SECTION const *cs)
3129 if (!cs) return T_INVALID;
3131 return cs->name2_type;