* attr && value are allocated contiguous with cp.
*/
+ free((*cp)->item.filename);
#ifndef NDEBUG
- memset(*cp, 0, sizeof(*cp));
+ memset(*cp, 0, sizeof(cp));
#endif
free(*cp);
((*cd)->free)((*cd)->data);
}
#ifndef NDEBUG
- memset(*cd, 0, sizeof(*cd));
+ memset(*cd, 0, sizeof(cd));
#endif
free(*cd);
*cd = NULL;
rad_assert(strcmp(one->name1, two->name1) == 0);
if (!one->name2 && !two->name2) return 0;
- if (!one->name2) return -1;
- if (!two->name2) return +1;
+ if (one->name2 && !two->name2) return -1;
+ if (!one->name2 && two->name2) return +1;
return strcmp(one->name2, two->name2);
}
* Free up dynamically allocated string pointers.
*/
for (i = 0; variables[i].name != NULL; i++) {
+ int type;
char **p;
- if ((variables[i].type != PW_TYPE_STRING_PTR) &&
- (variables[i].type != PW_TYPE_FILENAME)) {
+ type = variables[i].type;
+
+ if (type == PW_TYPE_SUBSECTION) {
+ CONF_SECTION *subcs;
+ subcs = cf_section_sub_find(cs, variables[i].name);
+
+ if (!subcs) continue;
+
+ if (!variables[i].dflt) continue;
+
+ cf_section_parse_free(subcs, base);
+ continue;
+ }
+
+ if ((type != PW_TYPE_STRING_PTR) &&
+ (type != PW_TYPE_FILENAME)) {
continue;
}
free(*p);
*p = NULL;
}
+
+ cs->variables = NULL;
}
/*
* And free the section
*/
+ free((*cs)->item.filename);
#ifndef NDEBUG
- memset(*cs, 0, sizeof(*cs));
+ memset(*cs, 0, sizeof(cs));
#endif
free(*cs);
*/
static void cf_item_add(CONF_SECTION *cs, CONF_ITEM *ci)
{
+ if (!cs || !ci) return;
+
if (!cs->children) {
rad_assert(cs->tail == NULL);
cs->children = ci;
char name[8192];
char *p;
+ if (cs == NULL)
+ goto no_such_item;
+
strlcpy(name, ptr, sizeof(name));
p = name;
CONF_SECTION *cf_top_section(CONF_SECTION *cs)
{
+ if (!cs) return NULL;
+
while (cs->item.parent != NULL) {
cs = cs->item.parent;
}
cf, *lineno, input);
return NULL;
}
+
+ if (p + strlen(cp->value) >= output + outsize) {
+ radlog(L_ERR, "%s[%d]: Reference \"%s\" is too long",
+ cf, *lineno, input);
+ return NULL;
+ }
+
strcpy(p, cp->value);
p += strlen(p);
ptr = end + 1;
- } else if (memcmp(ptr, "$ENV{", 5) == 0) {
+ } else if (strncmp(ptr, "$ENV{", 5) == 0) {
char *env;
ptr += 5;
env = name;
}
+ if (p + strlen(env) >= output + outsize) {
+ radlog(L_ERR, "%s[%d]: Reference \"%s\" is too long",
+ cf, *lineno, input);
+ return NULL;
+ }
+
strcpy(p, env);
p += strlen(p);
ptr = end + 1;
*/
*(p++) = *(ptr++);
}
+
+ if (p >= (output + outsize)) {
+ radlog(L_ERR, "%s[%d]: Reference \"%s\" is too long",
+ cf, *lineno, input);
+ return NULL;
+ }
} /* loop over all of the input string. */
*p = '\0';
return output;
}
+static const char *parse_spaces = " ";
+
/*
* Parses an item (not a CONF_ITEM) into the specified format,
const char *value;
fr_ipaddr_t ipaddr;
const CONF_PAIR *cp = NULL;
+ int depth;
char ipbuf[128];
- if (cs) cp = cf_pair_find(cs, name);
+ if (cs) {
+ depth = cs->depth;
+ cp = cf_pair_find(cs, name);
+ } else {
+ depth = 0;
+ }
+
if (cp) {
value = cp->value;
radlog(L_ERR, "Bad value \"%s\" for boolean variable %s", value, name);
return -1;
}
- cf_log_info(cs, "\t%s = %s", name, value);
+ cf_log_info(cs, "%.*s\t%s = %s",
+ depth, parse_spaces, name, value);
break;
case PW_TYPE_INTEGER:
*(int *)data = strtol(value, 0, 0);
- cf_log_info(cs, "\t%s = %d", name, *(int *)data);
+ cf_log_info(cs, "%.*s\t%s = %d",
+ depth, parse_spaces, name, *(int *)data);
break;
case PW_TYPE_STRING_PTR:
}
}
- cf_log_info(cs, "\t%s = \"%s\"", name, value ? value : "(null)");
+ cf_log_info(cs, "%.*s\t%s = \"%s\"",
+ depth, parse_spaces, name, value ? value : "(null)");
*q = value ? strdup(value) : NULL;
break;
* expanded automagically when the configuration
* file was read.
*/
- if (value == dflt) {
+ if ((value == dflt) && cs) {
char buffer[8192];
int lineno = 0;
- if (cs) lineno = cs->item.lineno;
-
/*
* FIXME: sizeof(buffer)?
*/
if (!value) return -1;
}
- cf_log_info(cs, "\t%s = \"%s\"", name, value ? value : "(null)");
+ cf_log_info(cs, "%.*s\t%s = \"%s\"",
+ depth, parse_spaces, name, value ? value : "(null)");
*q = value ? strdup(value) : NULL;
/*
*/
if (strcmp(value, "*") == 0) {
*(uint32_t *) data = htonl(INADDR_ANY);
- cf_log_info(cs, "\t%s = *", name);
+ cf_log_info(cs, "%.*s\t%s = *",
+ depth, parse_spaces, name);
break;
}
if (ip_hton(value, AF_INET, &ipaddr) < 0) {
}
if (strspn(value, "0123456789.") == strlen(value)) {
- cf_log_info(cs, "\t%s = %s", name, value);
+ cf_log_info(cs, "%.*s\t%s = %s",
+ depth, parse_spaces, name, value);
} else {
- cf_log_info(cs, "\t%s = %s IP address [%s]", name, value,
+ cf_log_info(cs, "%.*s\t%s = %s IP address [%s]",
+ depth, parse_spaces, name, value,
ip_ntoh(&ipaddr, ipbuf, sizeof(ipbuf)));
}
*(uint32_t *) data = ipaddr.ipaddr.ip4addr.s_addr;
radlog(L_ERR, "Can't find IPv6 address for host %s", value);
return -1;
}
- cf_log_info(cs, "\t%s = %s IPv6 address [%s]", name, value,
- ip_ntoh(&ipaddr, ipbuf, sizeof(ipbuf)));
+ cf_log_info(cs, "%.*s\t%s = %s IPv6 address [%s]",
+ depth, parse_spaces, name, value,
+ ip_ntoh(&ipaddr, ipbuf, sizeof(ipbuf)));
memcpy(data, &ipaddr.ipaddr.ip6addr,
sizeof(ipaddr.ipaddr.ip6addr));
break;
CONF_PAIR *cpn;
cpn = cf_pair_alloc(name, value, T_OP_SET, T_BARE_WORD, cs);
- cpn->item.filename = "<internal>";
+ if (!cpn) return -1;
+ cpn->item.filename = strdup("<internal>");
cpn->item.lineno = 0;
cf_item_add(cs, cf_pairtoitem(cpn));
}
return rcode;
}
-static const char *parse_spaces = " ";
+
+/*
+ * A copy of cf_section_parse that initializes pointers before
+ * parsing them.
+ */
+static void cf_section_parse_init(CONF_SECTION *cs, void *base,
+ const CONF_PARSER *variables)
+{
+ int i;
+ void *data;
+
+ for (i = 0; variables[i].name != NULL; i++) {
+ if (variables[i].type == PW_TYPE_SUBSECTION) {
+ CONF_SECTION *subcs;
+ subcs = cf_section_sub_find(cs, variables[i].name);
+ if (!subcs) continue;
+
+ if (!variables[i].dflt) continue;
+
+ cf_section_parse_init(subcs, base,
+ (const CONF_PARSER *) variables[i].dflt);
+ continue;
+ }
+
+ if ((variables[i].type != PW_TYPE_STRING_PTR) &&
+ (variables[i].type != PW_TYPE_FILENAME)) {
+ continue;
+ }
+
+ if (variables[i].data) {
+ data = variables[i].data; /* prefer this. */
+ } else if (base) {
+ data = ((char *)base) + variables[i].offset;
+ } else {
+ continue;
+ }
+
+ *(char **) data = NULL;
+ } /* for all variables in the configuration section */
+}
/*
* Parse a configuration section into user-supplied variables.
cs->name1, cs->name2);
}
+ cf_section_parse_init(cs, base, variables);
+
/*
* Handle the known configuration parameters.
*/
return 0;
}
+int cf_exclude_file(const char *filename)
+{
+ int i;
+ size_t len;
+ const char *p = filename;
+
+ /*
+ * FIXME: Maybe later make this a globally set configuration
+ * variable. But that's low priority.
+ */
+ static const char *excluded[] = {
+ "rpmsave", "rpmnew", "dpkg-new", "dpkg-dist", "dpkg-old",
+ "bak", NULL
+ };
+
+ if (!p || !*p) return TRUE; /* coding error */
+
+ if (*p == '.') return TRUE; /* ".", "..", ".foo", ... */
+
+ if (*p == '#') return TRUE; /* #foo# */
+
+ len = strlen(p);
+ if (p[len - 1] == '~') return TRUE; /* foo~ */
+
+ p = strrchr(p, '.');
+ if (!p) return FALSE; /* just "foo", it's OK */
+
+ p++;
+ for (i = 0; excluded[i] != NULL; i++) {
+ if (strcmp(p, excluded[i]) == 0) return TRUE;
+ }
+
+ return FALSE;
+}
+
static const char *cf_local_file(CONF_SECTION *cs, const char *local,
char *buffer, size_t bufsize)
struct stat stat_buf;
DEBUG2("including files in directory %s", value );
+#ifdef S_IWOTH
+ /*
+ * Security checks.
+ */
+ if (stat(value, &stat_buf) < 0) {
+ radlog(L_ERR, "%s[%d]: Failed reading directory %s: %s",
+ filename, *lineno,
+ value, strerror(errno));
+ return -1;
+ }
+
+ if ((stat_buf.st_mode & S_IWOTH) != 0) {
+ radlog(L_ERR|L_CONS, "%s[%d]: Directory %s is globally writable. Refusing to start due to insecure configuration.",
+ filename, *lineno, value);
+ return -1;
+ }
+#endif
dir = opendir(value);
if (!dir) {
radlog(L_ERR, "%s[%d]: Error reading directory %s: %s",
}
/*
- * Read the directory, ignoring "." files.
+ * Read the directory, ignoring some files.
*/
while ((dp = readdir(dir)) != NULL) {
- const char *p;
-
- if (dp->d_name[0] == '.') continue;
-
- /*
- * Check for valid characters
- */
- for (p = dp->d_name; *p != '\0'; p++) {
- if (isalpha((int)*p) ||
- isdigit((int)*p) ||
- (*p == '-') ||
- (*p == '_') ||
- (*p == '.')) continue;
- break;
- }
- if (*p != '\0') continue;
+ if (cf_exclude_file(dp->d_name))
+ continue;
snprintf(buf2, sizeof(buf2), "%s%s",
value, dp->d_name);
*/
do_set:
cpn = cf_pair_alloc(buf1, value, t2, t3, this);
- cpn->item.filename = filename;
+ cpn->item.filename = strdup(filename);
cpn->item.lineno = *lineno;
cf_item_add(this, cf_pairtoitem(cpn));
continue;
return -1;
}
cf_item_add(this, cf_sectiontoitem(css));
- css->item.filename = filename;
+ css->item.filename = strdup(filename);
css->item.lineno = *lineno;
/*
DEBUG2( "including configuration file %s", filename);
+ fp = fopen(filename, "r");
+ if (!fp) {
+ radlog(L_ERR|L_CONS, "Unable to open file \"%s\": %s",
+ filename, strerror(errno));
+ return -1;
+ }
+
if (stat(filename, &statbuf) == 0) {
#ifdef S_IWOTH
if ((statbuf.st_mode & S_IWOTH) != 0) {
+ fclose(fp);
radlog(L_ERR|L_CONS, "Configuration file %s is globally writable. Refusing to start due to insecure configuration.",
filename);
return -1;
#ifdef S_IROTH
if (0 && (statbuf.st_mode & S_IROTH) != 0) {
+ fclose(fp);
radlog(L_ERR|L_CONS, "Configuration file %s is globally readable. Refusing to start due to insecure configuration.",
filename);
return -1;
#endif
}
- fp = fopen(filename, "r");
- if (!fp) {
- radlog(L_ERR|L_CONS, "Unable to open file \"%s\": %s",
- filename, strerror(errno));
- return -1;
- }
-
if (cf_data_find_internal(cs, filename, PW_TYPE_FILENAME)) {
fclose(fp);
radlog(L_ERR, "Cannot include the same file twice: \"%s\"",
return -1;
}
- if (!cs->item.filename) cs->item.filename = filename;
+ if (!cs->item.filename) cs->item.filename = strdup(filename);
/*
* Read the section. It's OK to have EOF without a
p = strrchr(cp->value, FR_DIR_SEP);
if (p) *p = '\0';
- cp->item.filename = "internal";
+ cp->item.filename = strdup("<internal>");
cp->item.lineno = 0;
cf_item_add(cs, cf_pairtoitem(cp));
return (pair ? pair->value : NULL);
}
+FR_TOKEN cf_pair_operator(CONF_PAIR *pair)
+{
+ return (pair ? pair->operator : T_OP_INVALID);
+}
+
/*
* Copied here for error reporting.
*/
CONF_ITEM *ci;
if (!cs) cs = mainconfig.config;
-
- if (name1 && (cs->section_tree)) {
+ if (!cs) return NULL;
+ if (name1) {
CONF_SECTION mycs, *master_cs;
+ if (!cs->section_tree) return NULL;
+
mycs.name1 = name1;
mycs.name2 = name2;
master_cs = rbtree_finddata(cs->section_tree, &mycs);
- if (master_cs) {
- return rbtree_finddata(master_cs->name2_tree, &mycs);
+ if (!master_cs) return NULL;
+
+ /*
+ * Look it up in the name2 tree. If it's there,
+ * return it.
+ */
+ if (master_cs->name2_tree) {
+ CONF_SECTION *subcs;
+
+ subcs = rbtree_finddata(master_cs->name2_tree, &mycs);
+ if (subcs) return subcs;
}
+
+ /*
+ * We don't insert ourselves into the name2 tree.
+ * So if there's nothing in the name2 tree, maybe
+ * *we* are the answer.
+ */
+ if (!master_cs->name2 && name2) return NULL;
+ if (master_cs->name2 && !name2) return NULL;
+ if (!master_cs->name2 && !name2) return master_cs;
+
+ if (strcmp(master_cs->name2, name2) == 0) {
+ return master_cs;
+ }
+
+ return NULL;
}
/*
continue; /* don't do the string comparisons below */
}
- if ((strcmp(subcs->name1, name1) == 0) &&
- (subcs->name2 != NULL) &&
- (strcmp(subcs->name2, name2) == 0))
- break;
+ if (strcmp(subcs->name1, name1) != 0) continue;
+ if (!subcs->name2 && name2) continue;
+ if (subcs->name2 && !name2) continue;
+
+ if (!subcs->name2 && !name2) break;
+
+ if (strcmp(subcs->name2, name2) == 0) break;
}
return cf_itemtosection(ci);