2 * conffile.c Read the radiusd.conf file.
4 * Yep I should learn to use lex & yacc, or at least
5 * write a decent parser. I know how to do that, really :)
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
24 * Copyright 2000,2006 The FreeRADIUS server project
25 * Copyright 2000 Miquel van Smoorenburg <miquels@cistron.nl>
26 * Copyright 2000 Alan DeKok <aland@ox.org>
31 #include <freeradius-devel/radiusd.h>
32 #include <freeradius-devel/parser.h>
33 #include <freeradius-devel/rad_assert.h>
39 #ifdef HAVE_SYS_STAT_H
45 typedef enum conf_property {
46 CONF_PROPERTY_INVALID = 0,
48 CONF_PROPERTY_INSTANCE,
51 static const FR_NAME_NUMBER conf_property_name[] = {
52 { "name", CONF_PROPERTY_NAME},
53 { "instance", CONF_PROPERTY_INSTANCE},
58 typedef enum conf_type {
59 CONF_ITEM_INVALID = 0,
66 struct conf_item *next; //!< Sibling.
67 struct conf_part *parent; //!< Parent.
68 int lineno; //!< The line number the config item began on.
69 char const *filename; //!< The file the config item was parsed from.
70 CONF_ITEM_TYPE type; //!< Whether the config item is a config_pair, conf_section or conf_data.
73 /** Configuration AVP similar to a VALUE_PAIR
78 char const *attr; //!< Attribute name
79 char const *value; //!< Attribute value
80 FR_TOKEN op; //!< Operator e.g. =, :=
81 FR_TOKEN value_type; //!< Quoting style T_(DOUBLE|SINGLE|BACK)_QUOTE_STRING or T_BARE_WORD.
84 /** Internal data that is associated with a configuration section
91 void *data; //!< User data
92 void (*free)(void *); //!< Free user data function
102 CONF_ITEM *tail; //!< For speed.
103 CONF_SECTION *template;
105 rbtree_t *pair_tree; //!< and a partridge..
106 rbtree_t *section_tree; //!< no jokes here.
107 rbtree_t *name2_tree; //!< for sections of the same name2
113 CONF_PARSER const *variables;
116 CONF_SECTION *root_config = NULL;
117 bool cf_new_escape = false;
120 static int cf_data_add_internal(CONF_SECTION *cs, char const *name, void *data,
121 void (*data_free)(void *), int flag);
123 static void *cf_data_find_internal(CONF_SECTION const *cs, char const *name, int flag);
125 static char const *cf_expand_variables(char const *cf, int *lineno,
126 CONF_SECTION *outercs,
127 char *output, size_t outsize,
131 * Isolate the scary casts in these tiny provably-safe functions
134 /** Cast a CONF_ITEM to a CONF_PAIR
137 CONF_PAIR *cf_item_to_pair(CONF_ITEM const *ci)
141 if (ci == NULL) return NULL;
143 rad_assert(ci->type == CONF_ITEM_PAIR);
145 memcpy(&out, &ci, sizeof(out));
149 /** Cast a CONF_ITEM to a CONF_SECTION
152 CONF_SECTION *cf_item_to_section(CONF_ITEM const *ci)
156 if (ci == NULL) return NULL;
158 rad_assert(ci->type == CONF_ITEM_SECTION);
160 memcpy(&out, &ci, sizeof(out));
164 /** Cast a CONF_PAIR to a CONF_ITEM
167 CONF_ITEM *cf_pair_to_item(CONF_PAIR const *cp)
171 if (cp == NULL) return NULL;
173 memcpy(&out, &cp, sizeof(out));
177 /** Cast a CONF_SECTION to a CONF_ITEM
180 CONF_ITEM *cf_section_to_item(CONF_SECTION const *cs)
184 if (cs == NULL) return NULL;
186 memcpy(&out, &cs, sizeof(out));
190 /** Cast CONF_DATA to a CONF_ITEM
193 static CONF_ITEM *cf_data_to_item(CONF_DATA const *cd)
201 memcpy(&out, &cd, sizeof(out));
205 static int _cf_data_free(CONF_DATA *cd)
207 if (cd->free) cd->free(cd->data);
213 * rbtree callback function
215 static int pair_cmp(void const *a, void const *b)
217 CONF_PAIR const *one = a;
218 CONF_PAIR const *two = b;
220 return strcmp(one->attr, two->attr);
225 * rbtree callback function
227 static int section_cmp(void const *a, void const *b)
229 CONF_SECTION const *one = a;
230 CONF_SECTION const *two = b;
232 return strcmp(one->name1, two->name1);
237 * rbtree callback function
239 static int name2_cmp(void const *a, void const *b)
241 CONF_SECTION const *one = a;
242 CONF_SECTION const *two = b;
244 rad_assert(strcmp(one->name1, two->name1) == 0);
246 if (!one->name2 && !two->name2) return 0;
247 if (one->name2 && !two->name2) return -1;
248 if (!one->name2 && two->name2) return +1;
250 return strcmp(one->name2, two->name2);
255 * rbtree callback function
257 static int data_cmp(void const *a, void const *b)
261 CONF_DATA const *one = a;
262 CONF_DATA const *two = b;
264 rcode = one->flag - two->flag;
265 if (rcode != 0) return rcode;
267 return strcmp(one->name, two->name);
270 static int _cf_section_free(CONF_SECTION *cs)
273 * Name1 and name2 are allocated contiguous with
277 rbtree_free(cs->pair_tree);
278 cs->pair_tree = NULL;
280 if (cs->section_tree) {
281 rbtree_free(cs->section_tree);
282 cs->section_tree = NULL;
284 if (cs->name2_tree) {
285 rbtree_free(cs->name2_tree);
286 cs->name2_tree = NULL;
289 rbtree_free(cs->data_tree);
290 cs->data_tree = NULL;
296 /** Allocate a CONF_PAIR
298 * @param parent CONF_SECTION to hang this CONF_PAIR off of.
300 * @param value of CONF_PAIR.
301 * @param op T_OP_EQ, T_OP_SET etc.
302 * @param value_type T_BARE_WORD, T_DOUBLE_QUOTED_STRING, T_BACK_QUOTED_STRING
303 * @return NULL on error, else a new CONF_SECTION parented by parent.
305 CONF_PAIR *cf_pair_alloc(CONF_SECTION *parent, char const *attr, char const *value,
306 FR_TOKEN op, FR_TOKEN value_type)
310 if (!attr) return NULL;
312 cp = talloc_zero(parent, CONF_PAIR);
313 if (!cp) return NULL;
315 cp->item.type = CONF_ITEM_PAIR;
316 cp->item.parent = parent;
317 cp->value_type = value_type;
320 cp->attr = talloc_typed_strdup(cp, attr);
328 cp->value = talloc_typed_strdup(cp, value);
329 if (!cp->value) goto error;
335 /** Duplicate a CONF_PAIR
337 * @param parent to allocate new pair in.
338 * @param cp to duplicate.
339 * @return NULL on error, else a duplicate of the input pair.
341 CONF_PAIR *cf_pair_dup(CONF_SECTION *parent, CONF_PAIR *cp)
348 new = cf_pair_alloc(parent, cf_pair_attr(cp), cf_pair_value(cp), cf_pair_operator(cp), cf_pair_value_type(cp));
350 new->item.lineno = cp->item.lineno;
351 new->item.filename = talloc_strdup(new, cp->item.filename);
357 /** Add a configuration pair to a section
359 * @param parent section to add pair to.
362 void cf_pair_add(CONF_SECTION *parent, CONF_PAIR *cp)
364 cf_item_add(parent, cf_pair_to_item(cp));
367 /** Allocate a CONF_SECTION
369 * @param parent CONF_SECTION to hang this CONF_SECTION off of.
370 * @param name1 Primary name.
371 * @param name2 Secondary name.
372 * @return NULL on error, else a new CONF_SECTION parented by parent.
374 CONF_SECTION *cf_section_alloc(CONF_SECTION *parent, char const *name1, char const *name2)
379 if (!name1) return NULL;
382 if (strchr(name2, '$')) {
383 name2 = cf_expand_variables(parent->item.filename,
384 &parent->item.lineno,
386 buffer, sizeof(buffer), name2);
388 ERROR("Failed expanding section name");
394 cs = talloc_zero(parent, CONF_SECTION);
395 if (!cs) return NULL;
397 cs->item.type = CONF_ITEM_SECTION;
398 cs->item.parent = parent;
400 cs->name1 = talloc_typed_strdup(cs, name1);
408 cs->name2 = talloc_typed_strdup(cs, name2);
409 if (!cs->name2) goto error;
412 cs->pair_tree = rbtree_create(cs, pair_cmp, NULL, 0);
413 if (!cs->pair_tree) goto error;
415 talloc_set_destructor(cs, _cf_section_free);
418 * Don't create a data tree, it may not be needed.
422 * Don't create the section tree here, it may not
426 if (parent) cs->depth = parent->depth + 1;
431 /** Duplicate a configuration section
433 * @note recursively duplicates any child sections.
434 * @note does not duplicate any data associated with a section, or its child sections.
436 * @param parent section.
437 * @param cs to duplicate.
438 * @param name1 of new section.
439 * @param name2 of new section.
440 * @param copy_meta Copy additional meta data for a section (like template, base, depth and variables).
441 * @return a duplicate of the existing section, or NULL on error.
443 CONF_SECTION *cf_section_dup(CONF_SECTION *parent, CONF_SECTION const *cs,
444 char const *name1, char const *name2, bool copy_meta)
446 CONF_SECTION *new, *subcs;
450 new = cf_section_alloc(parent, name1, name2);
453 new->template = cs->template;
454 new->base = cs->base;
455 new->depth = cs->depth;
456 new->variables = cs->variables;
459 new->item.lineno = cs->item.lineno;
460 new->item.filename = talloc_strdup(new, cs->item.filename);
462 for (ci = cs->children; ci; ci = ci->next) {
464 case CONF_ITEM_SECTION:
465 subcs = cf_item_to_section(ci);
466 subcs = cf_section_dup(new, subcs,
467 cf_section_name1(subcs), cf_section_name2(subcs),
473 cf_section_add(new, subcs);
477 cp = cf_pair_dup(new, cf_item_to_pair(ci));
482 cf_pair_add(new, cp);
485 case CONF_ITEM_DATA: /* Skip data */
488 case CONF_ITEM_INVALID:
496 void cf_section_add(CONF_SECTION *parent, CONF_SECTION *cs)
498 cf_item_add(parent, &(cs->item));
502 * Replace pair in a given section with a new pair,
503 * of the given value.
505 int cf_pair_replace(CONF_SECTION *cs, CONF_PAIR *cp, char const *value)
508 CONF_ITEM *ci, *cn, **last;
510 newp = cf_pair_alloc(cs, cp->attr, value, cp->op, cp->value_type);
511 if (!newp) return -1;
517 * Find the old one from the linked list, and replace it
520 for (last = &cs->children; (*last) != NULL; last = &(*last)->next) {
522 cn->next = (*last)->next;
529 rbtree_deletebydata(cs->pair_tree, ci);
531 rbtree_insert(cs->pair_tree, cn);
538 * Add an item to a configuration section.
540 void cf_item_add(CONF_SECTION *cs, CONF_ITEM *ci)
542 CONF_ITEM *first = ci;
544 rad_assert((void *)cs != (void *)ci);
546 if (!cs || !ci) return;
549 rad_assert(cs->tail == NULL);
552 rad_assert(cs->tail != NULL);
557 * Update the trees (and tail) for each item added.
559 for (/* nothing */; ci != NULL; ci = ci->next) {
560 rad_assert(ci->next != first); /* simple cycle detection */
565 * For fast lookups, pairs and sections get
570 if (!rbtree_insert(cs->pair_tree, ci)) {
571 CONF_PAIR *cp = cf_item_to_pair(ci);
573 if (strcmp(cp->attr, "confdir") == 0) break;
574 if (!cp->value) break; /* module name, "ok", etc. */
578 case CONF_ITEM_SECTION: {
579 CONF_SECTION *cs_new = cf_item_to_section(ci);
580 CONF_SECTION *name1_cs;
582 if (!cs->section_tree) {
583 cs->section_tree = rbtree_create(cs, section_cmp, NULL, 0);
584 if (!cs->section_tree) {
585 ERROR("Out of memory");
590 name1_cs = rbtree_finddata(cs->section_tree, cs_new);
592 if (!rbtree_insert(cs->section_tree, cs_new)) {
593 ERROR("Failed inserting section into tree");
600 * We already have a section of
601 * this "name1". Add a new
602 * sub-section based on name2.
604 if (!name1_cs->name2_tree) {
605 name1_cs->name2_tree = rbtree_create(name1_cs, name2_cmp, NULL, 0);
606 if (!name1_cs->name2_tree) {
607 ERROR("Out of memory");
613 * We don't care if this fails.
614 * If the user tries to create
615 * two sections of the same
616 * name1/name2, the duplicate
617 * section is just silently
620 rbtree_insert(name1_cs->name2_tree, cs_new);
622 } /* was a section */
625 if (!cs->data_tree) {
626 cs->data_tree = rbtree_create(cs, data_cmp, NULL, 0);
629 rbtree_insert(cs->data_tree, ci);
633 default: /* FIXME: assert & error! */
636 } /* switch over conf types */
641 CONF_ITEM *cf_reference_item(CONF_SECTION const *parentcs,
642 CONF_SECTION *outercs,
647 CONF_SECTION const *cs = outercs;
651 strlcpy(name, ptr, sizeof(name));
655 * ".foo" means "foo from the current section"
661 * Just '.' means the current section
664 return cf_section_to_item(cs);
668 * ..foo means "foo from the section
669 * enclosing this section" (etc.)
672 if (cs->item.parent) {
673 cs = cs->item.parent;
677 * .. means the section
678 * enclosing this section
681 return cf_section_to_item(cs);
686 * "foo.bar.baz" means "from the root"
688 } else if (strchr(p, '.') != NULL) {
689 if (!parentcs) goto no_such_item;
701 if (r && q > r) q = NULL;
702 if (q && q < r) r = NULL;
708 q = strchr(r + 1, ']');
709 if (!q) return NULL; /* parse error */
712 * Points to foo[bar]xx: parse error,
713 * it should be foo[bar] or foo[bar].baz
715 if (q[1] && q[1] != '.') goto no_such_item;
719 next = cf_section_sub_find_name2(cs, p, r + 1);
724 * Points to a named instance of a section.
727 if (!next) goto no_such_item;
728 return &(next->item);
731 q++; /* ensure we skip the ']' and '.' */
735 next = cf_section_sub_find(cs, p);
739 if (!next) break; /* it MAY be a pair in this section! */
745 if (!*p) goto no_such_item;
749 * Find it in the current referenced
752 cp = cf_pair_find(cs, p);
753 if (cp) return &(cp->item);
755 next = cf_section_sub_find(cs, p);
756 if (next) return &(next->item);
759 * "foo" is "in the current section, OR in main".
761 if ((p == name) && (parentcs != NULL) && (cs != parentcs)) {
767 WARN("No such configuration item %s", ptr);
772 CONF_SECTION *cf_top_section(CONF_SECTION *cs)
774 if (!cs) return NULL;
776 while (cs->item.parent != NULL) {
777 cs = cs->item.parent;
785 * Expand the variables in an input string.
787 static char const *cf_expand_variables(char const *cf, int *lineno,
788 CONF_SECTION *outercs,
789 char *output, size_t outsize,
793 char const *end, *ptr;
794 CONF_SECTION const *parentcs;
798 * Find the master parent conf section.
799 * We can't use main_config.config, because we're in the
800 * process of re-building it, and it isn't set up yet...
802 parentcs = cf_top_section(outercs);
808 * Ignore anything other than "${"
810 if ((*ptr == '$') && (ptr[1] == '{')) {
816 * FIXME: Add support for ${foo:-bar},
821 * Look for trailing '}', and log a
822 * warning for anything that doesn't match,
823 * and exit with a fatal error.
825 end = strchr(ptr, '}');
828 INFO("%s[%d]: Variable expansion missing }",
836 * Can't really happen because input lines are
837 * capped at 8k, which is sizeof(name)
839 if ((size_t) (end - ptr) >= sizeof(name)) {
840 ERROR("%s[%d]: Reference string is too large",
845 memcpy(name, ptr, end - ptr);
846 name[end - ptr] = '\0';
848 q = strchr(name, ':');
853 ci = cf_reference_item(parentcs, outercs, name);
855 ERROR("%s[%d]: Reference \"%s\" not found", cf, *lineno, input);
860 * The expansion doesn't refer to another item or section
861 * it's the property of a section.
864 CONF_SECTION *mycs = cf_item_to_section(ci);
866 if (ci->type != CONF_ITEM_SECTION) {
867 ERROR("%s[%d]: Can only reference properties of sections", cf, *lineno);
871 switch (fr_str2int(conf_property_name, q, CONF_PROPERTY_INVALID)) {
872 case CONF_PROPERTY_NAME:
873 strcpy(p, mycs->name1);
876 case CONF_PROPERTY_INSTANCE:
877 strcpy(p, mycs->name2 ? mycs->name2 : mycs->name1);
881 ERROR("%s[%d]: Invalid property '%s'", cf, *lineno, q);
887 } else if (ci->type == CONF_ITEM_PAIR) {
889 * Substitute the value of the variable.
891 cp = cf_item_to_pair(ci);
893 ERROR("%s[%d]: Reference \"%s\" has no value",
898 if (p + strlen(cp->value) >= output + outsize) {
899 ERROR("%s[%d]: Reference \"%s\" is too long",
904 strcpy(p, cp->value);
908 } else if (ci->type == CONF_ITEM_SECTION) {
912 * Adding an entry again to a
913 * section is wrong. We don't
914 * want an infinite loop.
916 if (ci->parent == outercs) {
917 ERROR("%s[%d]: Cannot reference different item in same section", cf, *lineno);
922 * Copy the section instead of
925 subcs = cf_item_to_section(ci);
926 subcs = cf_section_dup(outercs, subcs,
927 cf_section_name1(subcs), cf_section_name2(subcs),
930 ERROR("%s[%d]: Failed copying reference %s", cf, *lineno, name);
934 subcs->item.filename = ci->filename;
935 subcs->item.lineno = ci->lineno;
936 cf_item_add(outercs, &(subcs->item));
941 ERROR("%s[%d]: Reference \"%s\" type is invalid", cf, *lineno, input);
944 } else if (memcmp(ptr, "$ENV{", 5) == 0) {
950 * Look for trailing '}', and log a
951 * warning for anything that doesn't match,
952 * and exit with a fatal error.
954 end = strchr(ptr, '}');
957 INFO("%s[%d]: Environment variable expansion missing }",
963 * Can't really happen because input lines are
964 * capped at 8k, which is sizeof(name)
966 if ((size_t) (end - ptr) >= sizeof(name)) {
967 ERROR("%s[%d]: Environment variable name is too large",
972 memcpy(name, ptr, end - ptr);
973 name[end - ptr] = '\0';
976 * Get the environment variable.
977 * If none exists, then make it an empty string.
985 if (p + strlen(env) >= output + outsize) {
986 ERROR("%s[%d]: Reference \"%s\" is too long",
997 * Copy it over verbatim.
1003 if (p >= (output + outsize)) {
1004 ERROR("%s[%d]: Reference \"%s\" is too long",
1005 cf, *lineno, input);
1008 } /* loop over all of the input string. */
1015 static char const parse_spaces[] = " ";
1017 /** Validation function for ipaddr conffile types
1020 static inline int fr_item_validate_ipaddr(CONF_SECTION *cs, char const *name, PW_TYPE type, char const *value,
1021 fr_ipaddr_t *ipaddr)
1025 if (strcmp(value, "*") == 0) {
1026 cf_log_info(cs, "%.*s\t%s = *", cs->depth, parse_spaces, name);
1027 } else if (strspn(value, ".0123456789abdefABCDEF:%[]/") == strlen(value)) {
1028 cf_log_info(cs, "%.*s\t%s = %s", cs->depth, parse_spaces, name, value);
1030 cf_log_info(cs, "%.*s\t%s = %s IPv%s address [%s]", cs->depth, parse_spaces, name, value,
1031 (ipaddr->af == AF_INET ? "4" : " 6"), ip_ntoh(ipaddr, ipbuf, sizeof(ipbuf)));
1035 case PW_TYPE_IPV4_ADDR:
1036 case PW_TYPE_IPV6_ADDR:
1037 case PW_TYPE_COMBO_IP_ADDR:
1038 switch (ipaddr->af) {
1040 if (ipaddr->prefix != 32) {
1041 ERROR("Invalid IPv4 mask length \"/%i\". Only \"/32\" permitted for non-prefix types",
1049 if (ipaddr->prefix != 128) {
1050 ERROR("Invalid IPv6 mask length \"/%i\". Only \"/128\" permitted for non-prefix types",
1066 * Parses an item (not a CONF_ITEM) into the specified format,
1067 * with a default value.
1069 * Returns -1 on error, -2 if deprecated, 0 for correctly parsed,
1070 * and 1 if the default value was used. Note that the default
1071 * value will be used ONLY if the CONF_PAIR is NULL.
1073 int cf_item_parse(CONF_SECTION *cs, char const *name, int type, void *data, char const *dflt)
1076 bool deprecated, required, attribute, secret, input, cant_be_empty;
1079 CONF_PAIR const *cp = NULL;
1080 fr_ipaddr_t *ipaddr;
1085 deprecated = (type & PW_TYPE_DEPRECATED);
1086 required = (type & PW_TYPE_REQUIRED);
1087 attribute = (type & PW_TYPE_ATTRIBUTE);
1088 secret = (type & PW_TYPE_SECRET);
1089 input = (type == PW_TYPE_FILE_INPUT); /* check, not and */
1090 cant_be_empty = (type & PW_TYPE_NOT_EMPTY);
1092 if (attribute) required = true;
1093 if (required) cant_be_empty = true; /* May want to review this in the future... */
1095 type &= 0xff; /* normal types are small */
1098 cp = cf_pair_find(cs, name);
1110 cf_log_err(&(cs->item), "Configuration item '%s' must have a value", name);
1112 cf_log_err(&(cp->item), "Configuration item '%s' must have a value", name);
1119 if ((value[0] == '\0') && cant_be_empty) {
1122 cf_log_err(&(cs->item), "Configuration item '%s' must not be empty (zero length)", name);
1123 if (!required) cf_log_err(&(cs->item), "Comment item to silence this message");
1125 cf_log_err(&(cp->item), "Configuration item '%s' must not be empty (zero length)", name);
1126 if (!required) cf_log_err(&(cp->item), "Comment item to silence this message");
1132 cf_log_err(&(cs->item), "Configuration item \"%s\" is deprecated", name);
1138 case PW_TYPE_BOOLEAN:
1140 * Allow yes/no and on/off
1142 if ((strcasecmp(value, "yes") == 0) ||
1143 (strcasecmp(value, "on") == 0)) {
1144 *(bool *)data = true;
1145 } else if ((strcasecmp(value, "no") == 0) ||
1146 (strcasecmp(value, "off") == 0)) {
1147 *(bool *)data = false;
1149 *(bool *)data = false;
1150 cf_log_err(&(cs->item), "Invalid value \"%s\" for boolean "
1151 "variable %s", value, name);
1154 cf_log_info(cs, "%.*s\t%s = %s",
1155 cs->depth, parse_spaces, name, value);
1158 case PW_TYPE_INTEGER:
1160 unsigned long v = strtoul(value, 0, 0);
1163 * Restrict integer values to 0-INT32_MAX, this means
1164 * it will always be safe to cast them to a signed type
1165 * for comparisons, and imposes the same range limit as
1166 * before we switched to using an unsigned type to
1167 * represent config item integers.
1169 if (v > INT32_MAX) {
1170 cf_log_err(&(cs->item), "Invalid value \"%s\" for variable %s, must be between 0-%u", value,
1175 *(uint32_t *)data = v;
1176 cf_log_info(cs, "%.*s\t%s = %u", cs->depth, parse_spaces, name, *(uint32_t *)data);
1182 unsigned long v = strtoul(value, 0, 0);
1184 if (v > UINT16_MAX) {
1185 cf_log_err(&(cs->item), "Invalid value \"%s\" for variable %s, must be between 0-%u", value,
1189 *(uint16_t *)data = (uint16_t) v;
1190 cf_log_info(cs, "%.*s\t%s = %u", cs->depth, parse_spaces, name, *(uint16_t *)data);
1194 case PW_TYPE_INTEGER64:
1195 *(uint64_t *)data = strtoull(value, 0, 0);
1196 cf_log_info(cs, "%.*s\t%s = %" PRIu64, cs->depth, parse_spaces, name, *(uint64_t *)data);
1199 case PW_TYPE_SIGNED:
1200 *(int32_t *)data = strtol(value, 0, 0);
1201 cf_log_info(cs, "%.*s\t%s = %d", cs->depth, parse_spaces, name, *(int32_t *)data);
1204 case PW_TYPE_STRING:
1211 * Expand variables which haven't already been
1212 * expanded automagically when the configuration
1215 if (value == dflt) {
1218 lineno = cs->item.lineno;
1220 value = cf_expand_variables("<internal>",
1222 cs, buffer, sizeof(buffer),
1225 cf_log_err(&(cs->item),"Failed expanding variable %s", name);
1230 if (required && !value) goto is_required;
1231 if (cant_be_empty && (value[0] == '\0')) goto cant_be_empty;
1234 if (!dict_attrbyname(value)) {
1236 cf_log_err(&(cs->item), "No such attribute '%s' for configuration '%s'",
1239 cf_log_err(&(cp->item), "No such attribute '%s'", value);
1246 * Hide secrets when using "radiusd -X".
1248 if (secret && (debug_flag <= 2)) {
1249 cf_log_info(cs, "%.*s\t%s = <<< secret >>>",
1250 cs->depth, parse_spaces, name);
1252 cf_log_info(cs, "%.*s\t%s = \"%s\"",
1253 cs->depth, parse_spaces, name, value ? value : "(null)");
1255 *q = value ? talloc_typed_strdup(cs, value) : NULL;
1258 * If there's data AND it's an input file, check
1259 * that we can read it. This check allows errors
1260 * to be caught as early as possible, during
1266 if (stat(*q, &buf) < 0) {
1267 ERROR("Unable to open file \"%s\": %s",
1268 value, fr_syserror(errno));
1274 case PW_TYPE_IPV4_ADDR:
1275 case PW_TYPE_IPV4_PREFIX:
1278 if (fr_pton4(ipaddr, value, -1, true, false) < 0) {
1279 ERROR("%s", fr_strerror());
1282 if (fr_item_validate_ipaddr(cs, name, type, value, ipaddr) < 0) return -1;
1285 case PW_TYPE_IPV6_ADDR:
1286 case PW_TYPE_IPV6_PREFIX:
1289 if (fr_pton6(ipaddr, value, -1, true, false) < 0) {
1290 ERROR("%s", fr_strerror());
1293 if (fr_item_validate_ipaddr(cs, name, type, value, ipaddr) < 0) return -1;
1296 case PW_TYPE_COMBO_IP_ADDR:
1297 case PW_TYPE_COMBO_IP_PREFIX:
1300 if (fr_pton(ipaddr, value, -1, true) < 0) {
1301 ERROR("%s", fr_strerror());
1304 if (fr_item_validate_ipaddr(cs, name, type, value, ipaddr) < 0) return -1;
1307 case PW_TYPE_TIMEVAL: {
1312 sec = strtoul(value, &end, 10);
1316 sec = strlen(end + 1);
1319 ERROR("Too much precision for timeval");
1323 strcpy(buffer, "000000");
1324 memcpy(buffer, end + 1, sec);
1326 sec = strtoul(buffer, NULL, 10);
1329 cf_log_info(cs, "%.*s\t%s = %d.%06d",
1330 cs->depth, parse_spaces, name, (int) tv.tv_sec, (int) tv.tv_usec);
1331 memcpy(data, &tv, sizeof(tv));
1337 * If we get here, it's a sanity check error.
1338 * It's not an error parsing the configuration
1341 rad_assert(type > PW_TYPE_INVALID);
1342 rad_assert(type < PW_TYPE_MAX);
1344 ERROR("type '%s' is not supported in the configuration files",
1345 fr_int2str(dict_attr_types, type, "?Unknown?"));
1347 } /* switch over variable type */
1352 cpn = cf_pair_alloc(cs, name, value, T_OP_SET, T_BARE_WORD);
1353 if (!cpn) return -1;
1354 cpn->item.filename = "<internal>";
1355 cpn->item.lineno = 0;
1356 cf_item_add(cs, &(cpn->item));
1364 * A copy of cf_section_parse that initializes pointers before
1367 static void cf_section_parse_init(CONF_SECTION *cs, void *base,
1368 CONF_PARSER const *variables)
1373 for (i = 0; variables[i].name != NULL; i++) {
1374 if (variables[i].type == PW_TYPE_SUBSECTION) {
1375 CONF_SECTION *subcs;
1377 if (!variables[i].dflt) continue;
1379 subcs = cf_section_sub_find(cs, variables[i].name);
1382 * If there's no subsection in the
1383 * config, BUT the CONF_PARSER wants one,
1384 * then create an empty one. This is so
1385 * that we can track the strings,
1386 * etc. allocated in the subsection.
1389 subcs = cf_section_alloc(cs, variables[i].name,
1393 subcs->item.filename = cs->item.filename;
1394 subcs->item.lineno = cs->item.lineno;
1395 cf_item_add(cs, &(subcs->item));
1398 cf_section_parse_init(subcs, base,
1399 (CONF_PARSER const *) variables[i].dflt);
1403 if ((variables[i].type != PW_TYPE_STRING) &&
1404 (variables[i].type != PW_TYPE_FILE_INPUT) &&
1405 (variables[i].type != PW_TYPE_FILE_OUTPUT)) {
1409 if (variables[i].data) {
1410 data = variables[i].data; /* prefer this. */
1412 data = ((char *)base) + variables[i].offset;
1417 *(char **) data = NULL;
1418 } /* for all variables in the configuration section */
1423 * Parse a configuration section into user-supplied variables.
1425 int cf_section_parse(CONF_SECTION *cs, void *base,
1426 CONF_PARSER const *variables)
1432 cs->variables = variables; /* this doesn't hurt anything */
1435 cf_log_info(cs, "%.*s%s {", cs->depth, parse_spaces,
1438 cf_log_info(cs, "%.*s%s %s {", cs->depth, parse_spaces,
1439 cs->name1, cs->name2);
1442 cf_section_parse_init(cs, base, variables);
1445 * Handle the known configuration parameters.
1447 for (i = 0; variables[i].name != NULL; i++) {
1449 * Handle subsections specially
1451 if (variables[i].type == PW_TYPE_SUBSECTION) {
1452 CONF_SECTION *subcs;
1453 subcs = cf_section_sub_find(cs, variables[i].name);
1455 if (!variables[i].dflt || !subcs) {
1456 DEBUG2("Internal sanity check 1 failed in cf_section_parse %s",
1461 if (cf_section_parse(subcs, base,
1462 (CONF_PARSER const *) variables[i].dflt) < 0) {
1466 } /* else it's a CONF_PAIR */
1468 if (variables[i].data) {
1469 data = variables[i].data; /* prefer this. */
1471 data = ((char *)base) + variables[i].offset;
1473 DEBUG2("Internal sanity check 2 failed in cf_section_parse");
1478 * Parse the pair we found, or a default value.
1480 ret = cf_item_parse(cs, variables[i].name, variables[i].type, data, variables[i].dflt);
1483 * Be nice, and print the name of the new config item.
1485 if ((ret == -2) && (variables[i + 1].offset == variables[i].offset) &&
1486 (variables[i + 1].data == variables[i].data)) {
1487 cf_log_err(&(cs->item), "Replace \"%s\" with \"%s\"", variables[i].name,
1488 variables[i + 1].name);
1493 } /* for all variables in the configuration section */
1495 cf_log_info(cs, "%.*s}", cs->depth, parse_spaces);
1502 cf_log_info(cs, "%.*s}", cs->depth, parse_spaces);
1508 * Check XLAT things in pass 2. But don't cache the xlat stuff anywhere.
1510 int cf_section_parse_pass2(CONF_SECTION *cs, void *base, CONF_PARSER const *variables)
1519 * Handle the known configuration parameters.
1521 for (i = 0; variables[i].name != NULL; i++) {
1525 * Handle subsections specially
1527 if (variables[i].type == PW_TYPE_SUBSECTION) {
1528 CONF_SECTION *subcs;
1529 subcs = cf_section_sub_find(cs, variables[i].name);
1531 if (cf_section_parse_pass2(subcs, base,
1532 (CONF_PARSER const *) variables[i].dflt) < 0) {
1536 } /* else it's a CONF_PAIR */
1539 * Ignore everything but xlat expansions.
1541 if ((variables[i].type & PW_TYPE_XLAT) == 0) continue;
1543 cp = cf_pair_find(cs, variables[i].name);
1546 if (!cp || !cp->value) continue;
1548 if ((cp->value_type != T_DOUBLE_QUOTED_STRING) &&
1549 (cp->value_type != T_BARE_WORD)) continue;
1551 value = talloc_strdup(cs, cp->value); /* modified by xlat_tokenize */
1554 slen = xlat_tokenize(cs, value, &xlat, &error);
1556 char *spaces, *text;
1558 fr_canonicalize_error(cs, &spaces, &text, slen, cp->value);
1560 cf_log_err(&cp->item, "Failed parsing expanded string:");
1561 cf_log_err(&cp->item, "%s", text);
1562 cf_log_err(&cp->item, "%s^ %s", spaces, error);
1564 talloc_free(spaces);
1575 * If the "multi" flag is set, check all of them.
1577 if ((variables[i].type & PW_TYPE_MULTI) != 0) {
1578 cp = cf_pair_find_next(cs, cp, cp->attr);
1581 } /* for all variables in the configuration section */
1587 * Merge the template so everyting else "just works".
1589 static bool cf_template_merge(CONF_SECTION *cs, CONF_SECTION const *template)
1593 if (!cs || !template) return true;
1595 cs->template = NULL;
1598 * Walk over the template, adding its' entries to the
1599 * current section. But only if the entries don't
1600 * already exist in the current section.
1602 for (ci = template->children; ci; ci = ci->next) {
1603 if (ci->type == CONF_ITEM_PAIR) {
1604 CONF_PAIR *cp1, *cp2;
1607 * It exists, don't over-write it.
1609 cp1 = cf_item_to_pair(ci);
1610 if (cf_pair_find(cs, cp1->attr)) {
1615 * Create a new pair with all of the data
1618 cp2 = cf_pair_alloc(cs, cp1->attr, cp1->value, cp1->op, cp1->value_type);
1619 if (!cp2) return false;
1621 cp2->item.filename = cp1->item.filename;
1622 cp2->item.lineno = cp1->item.lineno;
1624 cf_item_add(cs, &(cp2->item));
1628 if (ci->type == CONF_ITEM_SECTION) {
1629 CONF_SECTION *subcs1, *subcs2;
1631 subcs1 = cf_item_to_section(ci);
1632 rad_assert(subcs1 != NULL);
1634 subcs2 = cf_section_sub_find_name2(cs, subcs1->name1, subcs1->name2);
1637 * sub-sections get merged.
1639 if (!cf_template_merge(subcs2, subcs1)) {
1646 * Our section doesn't have a matching
1647 * sub-section. Copy it verbatim from
1650 subcs2 = cf_section_dup(cs, subcs1,
1651 cf_section_name1(subcs1), cf_section_name2(subcs1),
1653 if (!subcs2) return false;
1655 subcs2->item.filename = subcs1->item.filename;
1656 subcs2->item.lineno = subcs1->item.lineno;
1658 cf_item_add(cs, &(subcs2->item));
1662 /* ignore everything else */
1668 static char const *cf_local_file(char const *base, char const *filename,
1669 char *buffer, size_t bufsize)
1674 strlcpy(buffer, base, bufsize);
1676 p = strrchr(buffer, FR_DIR_SEP);
1677 if (!p) return filename;
1678 if (p[1]) { /* ./foo */
1682 dirsize = (p - buffer) + 1;
1684 if ((dirsize + strlen(filename)) >= bufsize) {
1688 strlcpy(p + 1, filename, bufsize - dirsize);
1695 * Read a part of the config file.
1697 static int cf_section_read(char const *filename, int *lineno, FILE *fp,
1698 CONF_SECTION *current)
1701 CONF_SECTION *this, *css, *nextcs;
1710 FR_TOKEN t1, t2, t3;
1711 bool has_spaces = false;
1714 fr_cond_t *cond = NULL;
1716 this = current; /* add items here */
1719 * Read, checking for line continuations ('\\' at EOL)
1726 * Get data, and remember if we are at EOF.
1728 at_eof = (fgets(cbuf, sizeof(buf) - (cbuf - buf), fp) == NULL);
1732 * We read the entire 8k worth of data: complain.
1733 * Note that we don't care if the last character
1734 * is \n: it's still forbidden. This means that
1735 * the maximum allowed length of text is 8k-1, which
1739 if ((cbuf + len + 1) >= (buf + sizeof(buf))) {
1740 ERROR("%s[%d]: Line too long",
1747 while (isspace((int) *ptr)) ptr++;
1750 memmove(cbuf, ptr, len - (ptr - cbuf));
1751 len -= (ptr - cbuf);
1756 * Not doing continuations: check for edge
1763 while (*ptr && isspace((int) *ptr)) ptr++;
1765 if (!*ptr || (*ptr == '#')) continue;
1767 } else if (at_eof || (len == 0)) {
1768 ERROR("%s[%d]: Continuation at EOF is illegal",
1774 * See if there's a continuation.
1777 ((cbuf[len - 1] == '\n') || (cbuf[len - 1] == '\r'))) {
1782 if ((len > 0) && (cbuf[len - 1] == '\\')) {
1784 * Check for "suppress spaces" magic.
1786 if (!has_spaces && (len > 2) && (cbuf[len - 2] == '"')) {
1790 cbuf[len - 1] = '\0';
1800 * The parser is getting to be evil.
1802 while ((*ptr == ' ') || (*ptr == '\t')) ptr++;
1804 if (((ptr[0] == '%') && (ptr[1] == '{')) ||
1808 if (ptr[0] == '%') {
1809 hack = rad_copy_variable(buf1, ptr);
1811 hack = rad_copy_string(buf1, ptr);
1814 ERROR("%s[%d]: Invalid expansion: %s",
1815 filename, *lineno, ptr);
1821 t2 = gettoken(&ptr, buf2, sizeof(buf2), true);
1828 ERROR("%s[%d]: Invalid expansion: %s",
1829 filename, *lineno, ptr);
1833 t1 = gettoken(&ptr, buf1, sizeof(buf1), true);
1837 * The caller eats "name1 name2 {", and calls us
1838 * for the data inside of the section. So if we
1839 * receive a closing brace, then it must mean the
1840 * end of the section.
1842 if (t1 == T_RCBRACE) {
1843 if (this == current) {
1844 ERROR("%s[%d]: Too many closing braces",
1850 * Merge the template into the existing
1851 * section. This uses more memory, but
1852 * means that templates now work with
1853 * sub-sections, etc.
1855 if (!cf_template_merge(this, this->template)) {
1859 this = this->item.parent;
1860 goto check_for_more;
1864 * Allow for $INCLUDE files
1866 * This *SHOULD* work for any level include.
1867 * I really really really hate this file. -cparker
1869 if ((strcasecmp(buf1, "$INCLUDE") == 0) ||
1870 (strcasecmp(buf1, "$-INCLUDE") == 0)) {
1871 bool relative = true;
1873 t2 = getword(&ptr, buf2, sizeof(buf2), true);
1875 ERROR("%s[%d]: Unexpected text after $INCLUDE",
1880 if (buf2[0] == '$') relative = false;
1882 value = cf_expand_variables(filename, lineno, this, buf4, sizeof(buf4), buf2);
1883 if (!value) return -1;
1885 if (!FR_DIR_IS_RELATIVE(value)) relative = false;
1888 value = cf_local_file(filename, value, buf3,
1891 ERROR("%s[%d]: Directories too deep.",
1898 #ifdef HAVE_DIRENT_H
1902 * Include ALL non-"dot" files in the directory.
1905 if (value[strlen(value) - 1] == '/') {
1908 struct stat stat_buf;
1910 DEBUG2("including files in directory %s", value );
1915 if (stat(value, &stat_buf) < 0) {
1916 ERROR("%s[%d]: Failed reading directory %s: %s",
1918 value, fr_syserror(errno));
1922 if ((stat_buf.st_mode & S_IWOTH) != 0) {
1923 ERROR("%s[%d]: Directory %s is globally writable. Refusing to start due to "
1924 "insecure configuration", filename, *lineno, value);
1928 dir = opendir(value);
1930 ERROR("%s[%d]: Error reading directory %s: %s",
1931 filename, *lineno, value,
1932 fr_syserror(errno));
1937 * Read the directory, ignoring "." files.
1939 while ((dp = readdir(dir)) != NULL) {
1942 if (dp->d_name[0] == '.') continue;
1945 * Check for valid characters
1947 for (p = dp->d_name; *p != '\0'; p++) {
1948 if (isalpha((int)*p) ||
1952 (*p == '.')) continue;
1955 if (*p != '\0') continue;
1957 snprintf(buf2, sizeof(buf2), "%s%s",
1959 if ((stat(buf2, &stat_buf) != 0) ||
1960 S_ISDIR(stat_buf.st_mode)) continue;
1962 * Read the file into the current
1963 * configuration section.
1965 if (cf_file_include(this, buf2) < 0) {
1973 { /* it was a normal file */
1974 if (buf1[1] == '-') {
1975 struct stat statbuf;
1977 if (stat(value, &statbuf) < 0) {
1978 WARN("Not including file %s: %s", value, fr_syserror(errno));
1983 if (cf_file_include(this, value) < 0) {
1988 } /* we were in an include */
1990 if (strcasecmp(buf1, "$template") == 0) {
1992 CONF_SECTION *parentcs, *templatecs;
1993 t2 = getword(&ptr, buf2, sizeof(buf2), true);
1996 ERROR("%s[%d]: Unexpected text after $TEMPLATE", filename, *lineno);
2000 parentcs = cf_top_section(current);
2002 templatecs = cf_section_sub_find(parentcs, "templates");
2004 ERROR("%s[%d]: No \"templates\" section for reference \"%s\"", filename, *lineno, buf2);
2008 ci = cf_reference_item(parentcs, templatecs, buf2);
2009 if (!ci || (ci->type != CONF_ITEM_SECTION)) {
2010 ERROR("%s[%d]: Reference \"%s\" not found", filename, *lineno, buf2);
2015 ERROR("%s[%d]: Internal sanity check error in template reference", filename, *lineno);
2019 if (this->template) {
2020 ERROR("%s[%d]: Section already has a template", filename, *lineno);
2024 this->template = cf_item_to_section(ci);
2029 * Ensure that the user can't add CONF_PAIRs
2030 * with 'internal' names;
2032 if (buf1[0] == '_') {
2033 ERROR("%s[%d]: Illegal configuration pair name \"%s\"", filename, *lineno, buf1);
2038 * Handle if/elsif specially.
2040 if ((strcmp(buf1, "if") == 0) || (strcmp(buf1, "elsif") == 0)) {
2042 char const *error = NULL;
2044 CONF_SECTION *server;
2047 * if / elsif MUST be inside of a
2048 * processing section, which MUST in turn
2049 * be inside of a "server" directive.
2051 if (!this->item.parent) {
2053 ERROR("%s[%d]: Invalid location for '%s'",
2054 filename, *lineno, buf1);
2059 * Skip (...) to find the {
2061 slen = fr_condition_tokenize(nextcs, cf_section_to_item(nextcs), ptr, &cond,
2062 &error, FR_COND_TWO_PASS);
2063 memcpy(&p, &ptr, sizeof(p));
2066 if (p[-slen] != '{') goto cond_error;
2072 * This hack is so that the NEXT stage
2073 * doesn't go "too far" in expanding the
2074 * variable. We can parse the conditions
2075 * without expanding the ${...} stuff.
2076 * BUT we don't want to expand all of the
2077 * stuff AFTER the condition. So we do
2080 * The first pass is to discover the end
2081 * of the condition. We then expand THAT
2082 * string, and do a second pass parsing
2083 * the expanded condition.
2089 * If there's a ${...}. If so, expand it.
2091 if (strchr(ptr, '$') != NULL) {
2092 ptr = cf_expand_variables(filename, lineno,
2097 ERROR("%s[%d]: Parse error expanding ${...} in condition",
2101 } /* else leave it alone */
2103 server = this->item.parent;
2104 while ((strcmp(server->name1, "server") != 0) &&
2105 (strcmp(server->name1, "policy") != 0) &&
2106 (strcmp(server->name1, "instantiate") != 0)) {
2107 server = server->item.parent;
2108 if (!server) goto invalid_location;
2111 nextcs = cf_section_alloc(this, buf1, ptr);
2113 ERROR("%s[%d]: Failed allocating memory for section",
2117 nextcs->item.filename = talloc_strdup(nextcs, filename);
2118 nextcs->item.lineno = *lineno;
2120 slen = fr_condition_tokenize(nextcs, cf_section_to_item(nextcs), ptr, &cond,
2121 &error, FR_COND_TWO_PASS);
2122 *p = '{'; /* put it back */
2126 char *spaces, *text;
2128 fr_canonicalize_error(nextcs, &spaces, &text, slen, ptr);
2130 ERROR("%s[%d]: Parse error in condition",
2132 ERROR("%s[%d]: %s", filename, *lineno, text);
2133 ERROR("%s[%d]: %s^ %s", filename, *lineno, spaces, error);
2135 talloc_free(spaces);
2137 talloc_free(nextcs);
2141 if ((size_t) slen >= (sizeof(buf2) - 1)) {
2142 talloc_free(nextcs);
2143 ERROR("%s[%d]: Condition is too large after \"%s\"",
2144 filename, *lineno, buf1);
2149 * Copy the expanded and parsed condition
2150 * into buf2. Then, parse the text after
2151 * the condition, which now MUST be a '{.
2153 * If it wasn't '{' it would have been
2154 * caught in the first pass of
2155 * conditional parsing, above.
2157 memcpy(buf2, ptr, slen);
2162 if ((t3 = gettoken(&ptr, buf3, sizeof(buf3), true)) != T_LCBRACE) {
2163 talloc_free(nextcs);
2164 ERROR("%s[%d]: Expected '{' %d",
2165 filename, *lineno, t3);
2170 * Swap the condition with trailing stuff for
2171 * the final condition.
2173 memcpy(&p, &nextcs->name2, sizeof(nextcs->name2));
2175 nextcs->name2 = talloc_typed_strdup(nextcs, buf2);
2181 * Grab the next token.
2183 t2 = gettoken(&ptr, buf2, sizeof(buf2), !cf_new_escape);
2200 case T_OP_CMP_FALSE:
2201 if (!this || (strcmp(this->name1, "update") != 0)) {
2202 ERROR("%s[%d]: Invalid operator in assignment",
2210 while (isspace((int) *ptr)) ptr++;
2213 * New parser: non-quoted strings are
2214 * bare words, and we parse everything
2215 * until the next newline, or the next
2216 * comma. If they have { or } in a bare
2217 * word, well... too bad.
2219 if (cf_new_escape && (*ptr != '"') && (*ptr != '\'')
2220 && (*ptr != '`') && (*ptr != '/')) {
2221 const char *q = ptr;
2224 while (*q && (*q >= ' ') && (*q != ',') &&
2227 if ((size_t) (q - ptr) >= sizeof(buf3)) {
2228 ERROR("%s[%d]: Parse error: value too long",
2233 memcpy(buf3, ptr, (q - ptr));
2234 buf3[q - ptr] = '\0';
2238 t3 = getstring(&ptr, buf3, sizeof(buf3), !cf_new_escape);
2241 if (t3 == T_INVALID) {
2242 ERROR("%s[%d]: Parse error: %s",
2249 * These are not allowed. Print a
2250 * helpful error message.
2252 if ((t3 == T_BACK_QUOTED_STRING) &&
2253 (!this || (strcmp(this->name1, "update") != 0))) {
2254 ERROR("%s[%d]: Syntax error: Invalid string `...` in assignment",
2260 * Handle variable substitution via ${foo}
2264 case T_DOUBLE_QUOTED_STRING:
2265 case T_BACK_QUOTED_STRING:
2266 value = cf_expand_variables(filename, lineno, this, buf4, sizeof(buf4), buf3);
2267 if (!value) return -1;
2281 * Add this CONF_PAIR to our CONF_SECTION
2284 cpn = cf_pair_alloc(this, buf1, value, t2, t3);
2285 if (!cpn) return -1;
2286 cpn->item.filename = talloc_strdup(cpn, filename);
2287 cpn->item.lineno = *lineno;
2288 cf_item_add(this, &(cpn->item));
2291 * Hacks for escaping
2293 if (!cf_new_escape && !this->item.parent && value &&
2294 (strcmp(buf1, "correct_escapes") == 0) &&
2295 ((strcmp(value, "true") == 0) ||
2296 (strcmp(value, "yes") == 0) ||
2297 (strcmp(value, "1") == 0))) {
2298 cf_new_escape = true;
2302 * Require a comma, unless there's a comment.
2304 while (isspace(*ptr)) ptr++;
2313 * foo = bar # other stuff
2315 if ((t3 == T_HASH) || (t3 == T_COMMA) || (t3 == T_EOL) || (*ptr == '#')) continue;
2317 if (!*ptr || (*ptr == '}')) break;
2319 ERROR("%s[%d]: Syntax error: Expected comma after '%s': %s",
2320 filename, *lineno, value, ptr);
2324 * No '=', must be a section or sub-section.
2327 case T_DOUBLE_QUOTED_STRING:
2328 case T_SINGLE_QUOTED_STRING:
2329 t3 = gettoken(&ptr, buf3, sizeof(buf3), true);
2330 if (t3 != T_LCBRACE) {
2331 ERROR("%s[%d]: Expecting section start brace '{' after \"%s %s\"",
2332 filename, *lineno, buf1, buf2);
2340 css = cf_section_alloc(this, buf1,
2341 t2 == T_LCBRACE ? NULL : buf2);
2343 ERROR("%s[%d]: Failed allocating memory for section",
2348 css->item.filename = talloc_strdup(css, filename);
2349 css->item.lineno = *lineno;
2350 cf_item_add(this, &(css->item));
2356 cf_item_add(this, &(css->item));
2357 cf_data_add_internal(css, "if", cond, NULL, false);
2358 cond = NULL; /* eaten by the above line */
2362 * There may not be a name2
2364 css->name2_type = (t2 == T_LCBRACE) ? T_INVALID : t2;
2367 * The current section is now the child section.
2373 ERROR("%s[%d]: Syntax error in '%s': %s", filename, *lineno, ptr, fr_strerror());
2378 ERROR("%s[%d]: Parse error after \"%s\": unexpected token \"%s\"",
2379 filename, *lineno, buf1, fr_int2str(fr_tokens, t2, "<INVALID>"));
2386 * Done parsing one thing. Skip to EOL if possible.
2388 while (isspace(*ptr)) ptr++;
2390 if (*ptr == '#') continue;
2399 * See if EOF was unexpected ..
2401 if (feof(fp) && (this != current)) {
2402 ERROR("%s[%d]: EOF reached without closing brace for section %s starting at line %d",
2403 filename, *lineno, cf_section_name1(this), cf_section_lineno(this));
2411 * Include one config file in another.
2413 int cf_file_include(CONF_SECTION *cs, char const *filename)
2417 struct stat statbuf;
2421 DEBUG2("including configuration file %s", filename);
2423 fp = fopen(filename, "r");
2425 ERROR("Unable to open file \"%s\": %s",
2426 filename, fr_syserror(errno));
2430 if (stat(filename, &statbuf) == 0) {
2432 if ((statbuf.st_mode & S_IWOTH) != 0) {
2434 ERROR("Configuration file %s is globally writable. "
2435 "Refusing to start due to insecure configuration.", filename);
2440 #if 0 && defined(S_IROTH)
2441 if (statbuf.st_mode & S_IROTH) != 0) {
2443 ERROR("Configuration file %s is globally readable. "
2444 "Refusing to start due to insecure configuration", filename);
2450 if (cf_data_find_internal(cs, filename, PW_TYPE_FILE_INPUT)) {
2452 ERROR("Cannot include the same file twice: \"%s\"", filename);
2458 * Add the filename to the section
2460 mtime = talloc(cs, time_t);
2461 *mtime = statbuf.st_mtime;
2463 if (cf_data_add_internal(cs, filename, mtime, NULL, PW_TYPE_FILE_INPUT) < 0) {
2465 ERROR("Internal error opening file \"%s\"",
2470 cd = cf_data_find_internal(cs, filename, PW_TYPE_FILE_INPUT);
2473 ERROR("Internal error opening file \"%s\"",
2478 if (!cs->item.filename) cs->item.filename = talloc_strdup(cs, filename);
2481 * Read the section. It's OK to have EOF without a
2482 * matching close brace.
2484 if (cf_section_read(cd->name, &lineno, fp, cs) < 0) {
2494 * Bootstrap a config file.
2496 CONF_SECTION *cf_file_read(char const *filename)
2502 cs = cf_section_alloc(NULL, "main", NULL);
2503 if (!cs) return NULL;
2505 cp = cf_pair_alloc(cs, "confdir", filename, T_OP_SET, T_BARE_WORD);
2506 if (!cp) return NULL;
2508 p = strrchr(cp->value, FR_DIR_SEP);
2511 cp->item.filename = "internal";
2512 cp->item.lineno = -1;
2513 cf_item_add(cs, &(cp->item));
2515 if (cf_file_include(cs, filename) < 0) {
2524 void cf_file_free(CONF_SECTION *cs)
2531 * Return a CONF_PAIR within a CONF_SECTION.
2533 CONF_PAIR *cf_pair_find(CONF_SECTION const *cs, char const *name)
2535 CONF_PAIR *cp, mycp;
2537 if (!cs || !name) return NULL;
2540 cp = rbtree_finddata(cs->pair_tree, &mycp);
2543 if (!cs->template) return NULL;
2545 return rbtree_finddata(cs->template->pair_tree, &mycp);
2549 * Return the attr of a CONF_PAIR
2552 char const *cf_pair_attr(CONF_PAIR const *pair)
2554 return (pair ? pair->attr : NULL);
2558 * Return the value of a CONF_PAIR
2561 char const *cf_pair_value(CONF_PAIR const *pair)
2563 return (pair ? pair->value : NULL);
2566 FR_TOKEN cf_pair_operator(CONF_PAIR const *pair)
2568 return (pair ? pair->op : T_INVALID);
2572 * Return the value type, should be one of the following:
2573 * T_BARE_WORD, T_SINGLE_QUOTED_STRING, T_BACK_QUOTED_STRING
2574 * T_DOUBLE_QUOTED_STRING or T_INVALID if the pair is NULL.
2576 FR_TOKEN cf_pair_value_type(CONF_PAIR const *pair)
2578 return (pair ? pair->value_type : T_INVALID);
2582 * Turn a CONF_PAIR into a VALUE_PAIR
2583 * For now, ignore the "value_type" field...
2585 VALUE_PAIR *cf_pairtovp(CONF_PAIR *pair)
2588 fr_strerror_printf("Internal error");
2593 fr_strerror_printf("No value given for attribute %s", pair->attr);
2598 * false comparisons never match. BUT if it's a "string"
2599 * or `string`, then remember to expand it later.
2601 if ((pair->op != T_OP_CMP_FALSE) &&
2602 ((pair->value_type == T_DOUBLE_QUOTED_STRING) ||
2603 (pair->value_type == T_BACK_QUOTED_STRING))) {
2606 vp = pairmake(pair, NULL, pair->attr, NULL, pair->op);
2611 if (pairmark_xlat(vp, pair->value) < 0) {
2620 return pairmake(pair, NULL, pair->attr, pair->value, pair->op);
2624 * Return the first label of a CONF_SECTION
2627 char const *cf_section_name1(CONF_SECTION const *cs)
2629 return (cs ? cs->name1 : NULL);
2633 * Return the second label of a CONF_SECTION
2636 char const *cf_section_name2(CONF_SECTION const *cs)
2638 return (cs ? cs->name2 : NULL);
2641 /** Return name2 if set, else name1
2644 char const *cf_section_name(CONF_SECTION const *cs)
2648 name = cf_section_name2(cs);
2649 if (name) return name;
2651 return cf_section_name1(cs);
2655 * Find a value in a CONF_SECTION
2657 char const *cf_section_value_find(CONF_SECTION const *cs, char const *attr)
2661 cp = cf_pair_find(cs, attr);
2663 return (cp ? cp->value : NULL);
2667 CONF_SECTION *cf_section_find_name2(CONF_SECTION const *cs,
2668 char const *name1, char const *name2)
2671 CONF_ITEM const *ci;
2673 if (!cs || !name1) return NULL;
2675 for (ci = &(cs->item); ci; ci = ci->next) {
2676 if (ci->type != CONF_ITEM_SECTION)
2679 if (strcmp(cf_item_to_section(ci)->name1, name1) != 0) {
2683 their2 = cf_item_to_section(ci)->name2;
2685 if ((!name2 && !their2) ||
2686 (name2 && their2 && (strcmp(name2, their2) == 0))) {
2687 return cf_item_to_section(ci);
2694 /** Find a pair with a name matching attr, after specified pair.
2696 * @param cs to search in.
2697 * @param pair to search from (may be NULL).
2698 * @param attr to find (may be NULL in which case any attribute matches).
2699 * @return the next matching CONF_PAIR or NULL if none matched.
2701 CONF_PAIR *cf_pair_find_next(CONF_SECTION const *cs,
2702 CONF_PAIR const *pair, char const *attr)
2706 if (!cs) return NULL;
2709 * If pair is NULL and we're trying to find a specific
2710 * attribute this must be a first time run.
2712 * Find the pair with correct name.
2714 if (!pair && attr) return cf_pair_find(cs, attr);
2717 * Start searching from the next child, or from the head
2718 * of the list of children (if no pair was provided).
2720 for (ci = pair ? pair->item.next : cs->children;
2723 if (ci->type != CONF_ITEM_PAIR) continue;
2725 if (!attr || strcmp(cf_item_to_pair(ci)->attr, attr) == 0) break;
2728 return cf_item_to_pair(ci);
2732 * Find a CONF_SECTION, or return the root if name is NULL
2735 CONF_SECTION *cf_section_find(char const *name)
2738 return cf_section_sub_find(root_config, name);
2743 /** Find a sub-section in a section
2745 * This finds ANY section having the same first name.
2746 * The second name is ignored.
2748 CONF_SECTION *cf_section_sub_find(CONF_SECTION const *cs, char const *name)
2752 if (!cs || !name) return NULL; /* can't find an un-named section */
2755 * No sub-sections have been defined, so none exist.
2757 if (!cs->section_tree) return NULL;
2761 return rbtree_finddata(cs->section_tree, &mycs);
2765 /** Find a CONF_SECTION with both names.
2768 CONF_SECTION *cf_section_sub_find_name2(CONF_SECTION const *cs,
2769 char const *name1, char const *name2)
2773 if (!cs) cs = root_config;
2774 if (!cs) return NULL;
2777 CONF_SECTION mycs, *master_cs;
2779 if (!cs->section_tree) return NULL;
2784 master_cs = rbtree_finddata(cs->section_tree, &mycs);
2785 if (!master_cs) return NULL;
2788 * Look it up in the name2 tree. If it's there,
2791 if (master_cs->name2_tree) {
2792 CONF_SECTION *subcs;
2794 subcs = rbtree_finddata(master_cs->name2_tree, &mycs);
2795 if (subcs) return subcs;
2799 * We don't insert ourselves into the name2 tree.
2800 * So if there's nothing in the name2 tree, maybe
2801 * *we* are the answer.
2803 if (!master_cs->name2 && name2) return NULL;
2804 if (master_cs->name2 && !name2) return NULL;
2805 if (!master_cs->name2 && !name2) return master_cs;
2807 if (strcmp(master_cs->name2, name2) == 0) {
2815 * Else do it the old-fashioned way.
2817 for (ci = cs->children; ci; ci = ci->next) {
2818 CONF_SECTION *subcs;
2820 if (ci->type != CONF_ITEM_SECTION)
2823 subcs = cf_item_to_section(ci);
2824 if (!subcs->name2) {
2825 if (strcmp(subcs->name1, name2) == 0) break;
2827 if (strcmp(subcs->name2, name2) == 0) break;
2831 return cf_item_to_section(ci);
2835 * Return the next subsection after a CONF_SECTION
2836 * with a certain name1 (char *name1). If the requested
2837 * name1 is NULL, any name1 matches.
2840 CONF_SECTION *cf_subsection_find_next(CONF_SECTION const *section,
2841 CONF_SECTION const *subsection,
2846 if (!section) return NULL;
2849 * If subsection is NULL this must be a first time run
2850 * Find the subsection with correct name
2854 ci = section->children;
2856 ci = subsection->item.next;
2859 for (; ci; ci = ci->next) {
2860 if (ci->type != CONF_ITEM_SECTION)
2862 if ((name1 == NULL) ||
2863 (strcmp(cf_item_to_section(ci)->name1, name1) == 0))
2867 return cf_item_to_section(ci);
2872 * Return the next section after a CONF_SECTION
2873 * with a certain name1 (char *name1). If the requested
2874 * name1 is NULL, any name1 matches.
2877 CONF_SECTION *cf_section_find_next(CONF_SECTION const *section,
2878 CONF_SECTION const *subsection,
2881 if (!section) return NULL;
2883 if (!section->item.parent) return NULL;
2885 return cf_subsection_find_next(section->item.parent, subsection, name1);
2888 /** Return the next item after a CONF_ITEM.
2891 CONF_ITEM *cf_item_find_next(CONF_SECTION const *section, CONF_ITEM const *item)
2893 if (!section) return NULL;
2896 * If item is NULL this must be a first time run
2897 * Return the first item
2900 return section->children;
2906 static void _pair_count(int *count, CONF_SECTION const *cs)
2908 CONF_ITEM const *ci;
2910 for (ci = cf_item_find_next(cs, NULL);
2912 ci = cf_item_find_next(cs, ci)) {
2914 if (cf_item_is_section(ci)) {
2915 _pair_count(count, cf_item_to_section(ci));
2923 /** Count the number of conf pairs beneath a section
2925 * @param[in] cs to search for items in.
2926 * @return number of pairs nested within section.
2928 int cf_pair_count(CONF_SECTION const *cs)
2932 _pair_count(&count, cs);
2937 CONF_SECTION *cf_item_parent(CONF_ITEM const *ci)
2939 if (!ci) return NULL;
2944 int cf_section_lineno(CONF_SECTION const *section)
2946 return section->item.lineno;
2949 char const *cf_pair_filename(CONF_PAIR const *pair)
2951 return pair->item.filename;
2954 char const *cf_section_filename(CONF_SECTION const *section)
2956 return section->item.filename;
2959 int cf_pair_lineno(CONF_PAIR const *pair)
2961 return pair->item.lineno;
2964 bool cf_item_is_section(CONF_ITEM const *item)
2966 return item->type == CONF_ITEM_SECTION;
2969 bool cf_item_is_pair(CONF_ITEM const *item)
2971 return item->type == CONF_ITEM_PAIR;
2975 static CONF_DATA *cf_data_alloc(CONF_SECTION *parent, char const *name,
2976 void *data, void (*data_free)(void *))
2980 cd = talloc_zero(parent, CONF_DATA);
2981 if (!cd) return NULL;
2983 cd->item.type = CONF_ITEM_DATA;
2984 cd->item.parent = parent;
2985 cd->name = talloc_typed_strdup(cd, name);
2992 cd->free = data_free;
2995 talloc_set_destructor(cd, _cf_data_free);
3001 static void *cf_data_find_internal(CONF_SECTION const *cs, char const *name, int flag)
3003 if (!cs || !name) return NULL;
3006 * Find the name in the tree, for speed.
3008 if (cs->data_tree) {
3013 return rbtree_finddata(cs->data_tree, &mycd);
3020 * Find data from a particular section.
3022 void *cf_data_find(CONF_SECTION const *cs, char const *name)
3024 CONF_DATA *cd = cf_data_find_internal(cs, name, 0);
3026 if (cd) return cd->data;
3032 * Add named data to a configuration section.
3034 static int cf_data_add_internal(CONF_SECTION *cs, char const *name,
3035 void *data, void (*data_free)(void *),
3040 if (!cs || !name) return -1;
3043 * Already exists. Can't add it.
3045 if (cf_data_find_internal(cs, name, flag) != NULL) return -1;
3047 cd = cf_data_alloc(cs, name, data, data_free);
3051 cf_item_add(cs, cf_data_to_item(cd));
3057 * Add named data to a configuration section.
3059 int cf_data_add(CONF_SECTION *cs, char const *name,
3060 void *data, void (*data_free)(void *))
3062 return cf_data_add_internal(cs, name, data, data_free, 0);
3065 /** Remove named data from a configuration section
3068 void *cf_data_remove(CONF_SECTION *cs, char const *name)
3074 if (!cs || !name) return NULL;
3075 if (!cs->data_tree) return NULL;
3078 * Find the name in the tree, for speed.
3082 cd = rbtree_finddata(cs->data_tree, &mycd);
3083 if (!cd) return NULL;
3085 talloc_set_destructor(cd, NULL); /* Disarm the destructor */
3086 rbtree_deletebydata(cs->data_tree, &mycd);
3095 * This is here to make the rest of the code easier to read. It
3096 * ties conffile.c to log.c, but it means we don't have to
3097 * pollute every other function with the knowledge of the
3098 * configuration internals.
3100 void cf_log_err(CONF_ITEM const *ci, char const *fmt, ...)
3106 vsnprintf(buffer, sizeof(buffer), fmt, ap);
3111 ci->filename ? ci->filename : "unknown",
3112 ci->lineno ? ci->lineno : 0,
3115 ERROR("<unknown>[*]: %s", buffer);
3119 void cf_log_err_cs(CONF_SECTION const *cs, char const *fmt, ...)
3125 vsnprintf(buffer, sizeof(buffer), fmt, ap);
3128 rad_assert(cs != NULL);
3131 cs->item.filename ? cs->item.filename : "unknown",
3132 cs->item.lineno ? cs->item.lineno : 0,
3136 void cf_log_err_cp(CONF_PAIR const *cp, char const *fmt, ...)
3142 vsnprintf(buffer, sizeof(buffer), fmt, ap);
3145 rad_assert(cp != NULL);
3148 cp->item.filename ? cp->item.filename : "unknown",
3149 cp->item.lineno ? cp->item.lineno : 0,
3153 void cf_log_info(CONF_SECTION const *cs, char const *fmt, ...)
3158 if ((debug_flag > 1) && cs) vradlog(L_DBG, fmt, ap);
3163 * Wrapper to simplify the code.
3165 void cf_log_module(CONF_SECTION const *cs, char const *fmt, ...)
3171 if (debug_flag > 1 && cs) {
3172 vsnprintf(buffer, sizeof(buffer), fmt, ap);
3174 DEBUG("%.*s# %s", cs->depth, parse_spaces, buffer);
3179 const CONF_PARSER *cf_section_parse_table(CONF_SECTION *cs)
3181 if (!cs) return NULL;
3183 return cs->variables;
3187 * For "switch" and "case" statements.
3189 FR_TOKEN cf_section_name2_type(CONF_SECTION const *cs)
3191 if (!cs) return T_INVALID;
3193 return cs->name2_type;