return snprintf(out, outlen, "%u", htonl((*(uint32_t *)(vp->vp_ipv4prefix + 2))));
case PW_TYPE_INTEGER:
- case PW_TYPE_DATE:
return snprintf(out, outlen, "%u", vp->vp_integer);
+
+ case PW_TYPE_DATE:
+ return snprintf(out, outlen, "%u", vp->vp_date);
+
case PW_TYPE_BYTE:
return snprintf(out, outlen, "%u", (unsigned int) vp->vp_byte);
+
case PW_TYPE_SHORT:
return snprintf(out, outlen, "%u", (unsigned int) vp->vp_short);
&vp->data, vp->vp_length);
if (ret < 0) goto next_type; /* We expect some to fail */
- value = vp_data_aprints_value(dst, type->number, NULL, dst, (size_t)ret, '\'');
+ value = value_data_aprints(dst, type->number, NULL, dst, (size_t)ret, '\'');
if (!value) goto next_type;
if ((pad = (11 - strlen(type->name))) < 0) {
return 0;
}
+/** Processes fmt as a map string and applies it to the current request
+ *
+ * e.g. "%{map:&User-Name := 'foo'}"
+ *
+ * Allows sets of modifications to be cached and then applied.
+ * Useful for processing generic attributes from LDAP.
+ */
+static ssize_t xlat_map(UNUSED void *instance, REQUEST *request,
+ char const *fmt, char *out, size_t outlen)
+{
+ vp_map_t *map = NULL;
+ int ret;
+
+ if (map_afrom_attr_str(request, &map, fmt,
+ REQUEST_CURRENT, PAIR_LIST_REQUEST,
+ REQUEST_CURRENT, PAIR_LIST_REQUEST) < 0) {
+ REDEBUG("Failed parsing \"%s\" as map: %s", fmt, fr_strerror());
+ return -1;
+ }
+
+ RINDENT();
+ ret = map_to_request(request, map, map_to_vp, NULL);
+ REXDENT();
+ talloc_free(map);
+ if (ret < 0) return strlcpy(out, "0", outlen);
+
+ return strlcpy(out, "1", outlen);
+}
+
/** Prints the current module processing the request
*
*/
len = fr_prints(out, outlen, (char const *) p, vp->vp_length, '"');
break;
+ /*
+ * Note that "%{string:...}" is NOT binary safe!
+ * It is explicitly used to get rid of embedded zeros.
+ */
case PW_TYPE_STRING:
len = strlcpy(out, vp->vp_strvalue, outlen);
break;
if ((radius_get_vp(&vp, request, fmt) < 0) || !vp) goto nothing;
+ if (vp->da->type != PW_TYPE_STRING) goto nothing;
+
return radius_xlat(out, outlen, request, vp->vp_strvalue, NULL, NULL);
}
XLAT_REGISTER(attr_num);
XLAT_REGISTER(string);
XLAT_REGISTER(xlat);
+ XLAT_REGISTER(map);
XLAT_REGISTER(module);
XLAT_REGISTER(debug_attr);
#if defined(HAVE_REGEX) && defined(HAVE_PCRE)
* Check for empty expressions %{}
*/
if ((*q == '}') && (q == p)) {
+ talloc_free(node);
*error = "Empty expression is invalid";
return -(p - fmt);
}
} else {
*error = fr_strerror();
}
+
+ talloc_free(node);
return slen - (p - fmt);
}
*/
if (node->attr.type == TMPL_TYPE_ATTR_UNDEFINED) {
node->xlat = xlat_find(node->attr.tmpl_unknown_name);
+ if (node->xlat && node->xlat->instance && !node->xlat->internal) {
+ talloc_free(node);
+ *error = "Missing content in expansion";
+ return -(p - fmt) - slen;
+ }
+
if (node->xlat) {
node->type = XLAT_VIRTUAL;
node->fmt = node->attr.tmpl_unknown_name;
*error = "No matching closing brace";
return -1; /* second character of format string */
}
- p++;
+ *p++ = '\0';
*head = node;
rad_assert(node->next == NULL);
*error = "Invalid escape at end of string";
return -(p - fmt);
}
+
p += 2;
+ node->len += 2;
continue;
}
ssize_t slen;
xlat_exp_t *next;
- if (!p[1] || !strchr("%dlmntDGHISTYv", p[1])) {
- talloc_free(node);
- *error = "Invalid variable expansion";
- p++;
- return - (p - fmt);
+ if (!p[1] || !strchr("%}dlmntDGHISTYv", p[1])) {
+ talloc_free(node);
+ *error = "Invalid variable expansion";
+ p++;
+ return - (p - fmt);
}
next = talloc_zero(node, xlat_exp_t);
next->len = 1;
- if (p[1] == '%') {
- next->fmt = talloc_typed_strdup(next, "%");
+ switch (p[1]) {
+ case '%':
+ case '}':
+ next->fmt = talloc_strndup(next, p + 1, 1);
- XLAT_DEBUG("LITERAL-PERCENT <-- %s", next->fmt);
+ XLAT_DEBUG("LITERAL-ESCAPED <-- %s", next->fmt);
next->type = XLAT_LITERAL;
+ break;
- } else {
+ default:
next->fmt = p + 1;
XLAT_DEBUG("PERCENT <-- %c", *next->fmt);
next->type = XLAT_PERCENT;
+ break;
}
node->next = next;
#endif
case XLAT_ALTERNATE:
- DEBUG("%.*sif {", lvl, xlat_tabs);
+ DEBUG("%.*sXLAT-IF {", lvl, xlat_tabs);
xlat_tokenize_debug(node->child, lvl + 1);
DEBUG("%.*s}", lvl, xlat_tabs);
- DEBUG("%.*selse {", lvl, xlat_tabs);
+ DEBUG("%.*sXLAT-ELSE {", lvl, xlat_tabs);
xlat_tokenize_debug(node->alternate, lvl + 1);
DEBUG("%.*s}", lvl, xlat_tabs);
break;
RADIUS_PACKET *packet = NULL;
DICT_VALUE *dv;
char *ret = NULL;
- int err;
+ vp_cursor_t cursor;
char quote = escape ? '"' : '\0';
- vp_cursor_t cursor;
+ rad_assert((vpt->type == TMPL_TYPE_ATTR) || (vpt->type == TMPL_TYPE_LIST));
+
+ /*
+ * We only support count and concatenate operations on lists.
+ */
+ if (vpt->type == TMPL_TYPE_LIST) {
+ vp = tmpl_cursor_init(NULL, &cursor, request, vpt);
+ goto do_print;
+ }
/*
* See if we're dealing with an attribute in the request
* This allows users to manipulate virtual attributes as if
* they were real ones.
*/
- vp = tmpl_cursor_init(&err, &cursor, request, vpt);
+ vp = tmpl_cursor_init(NULL, &cursor, request, vpt);
if (vp) goto do_print;
/*
* various VP functions.
*/
case PW_PACKET_AUTHENTICATION_VECTOR:
- virtual = pairalloc(ctx, vpt->tmpl_da);
- pairmemcpy(virtual, packet->vector, sizeof(packet->vector));
+ virtual = fr_pair_afrom_da(ctx, vpt->tmpl_da);
+ fr_pair_value_memcpy(virtual, packet->vector, sizeof(packet->vector));
vp = virtual;
break;
case PW_CLIENT_IP_ADDRESS:
case PW_PACKET_SRC_IP_ADDRESS:
if (packet->src_ipaddr.af == AF_INET) {
- virtual = pairalloc(ctx, vpt->tmpl_da);
+ virtual = fr_pair_afrom_da(ctx, vpt->tmpl_da);
virtual->vp_ipaddr = packet->src_ipaddr.ipaddr.ip4addr.s_addr;
vp = virtual;
}
case PW_PACKET_DST_IP_ADDRESS:
if (packet->dst_ipaddr.af == AF_INET) {
- virtual = pairalloc(ctx, vpt->tmpl_da);
+ virtual = fr_pair_afrom_da(ctx, vpt->tmpl_da);
virtual->vp_ipaddr = packet->dst_ipaddr.ipaddr.ip4addr.s_addr;
vp = virtual;
}
case PW_PACKET_SRC_IPV6_ADDRESS:
if (packet->src_ipaddr.af == AF_INET6) {
- virtual = pairalloc(ctx, vpt->tmpl_da);
+ virtual = fr_pair_afrom_da(ctx, vpt->tmpl_da);
memcpy(&virtual->vp_ipv6addr,
&packet->src_ipaddr.ipaddr.ip6addr,
sizeof(packet->src_ipaddr.ipaddr.ip6addr));
case PW_PACKET_DST_IPV6_ADDRESS:
if (packet->dst_ipaddr.af == AF_INET6) {
- virtual = pairalloc(ctx, vpt->tmpl_da);
+ virtual = fr_pair_afrom_da(ctx, vpt->tmpl_da);
memcpy(&virtual->vp_ipv6addr,
&packet->dst_ipaddr.ipaddr.ip6addr,
sizeof(packet->dst_ipaddr.ipaddr.ip6addr));
break;
case PW_PACKET_SRC_PORT:
- virtual = pairalloc(ctx, vpt->tmpl_da);
+ virtual = fr_pair_afrom_da(ctx, vpt->tmpl_da);
virtual->vp_integer = packet->src_port;
vp = virtual;
break;
case PW_PACKET_DST_PORT:
- virtual = pairalloc(ctx, vpt->tmpl_da);
+ virtual = fr_pair_afrom_da(ctx, vpt->tmpl_da);
virtual->vp_integer = packet->dst_port;
vp = virtual;
break;
{
int count = 0;
- fr_cursor_first(&cursor);
- while (fr_cursor_next_by_da(&cursor, vpt->tmpl_da, vpt->tmpl_tag)) count++;
+ for (vp = tmpl_cursor_init(NULL, &cursor, request, vpt);
+ vp;
+ vp = tmpl_cursor_next(&cursor, vpt)) count++;
return talloc_typed_asprintf(ctx, "%d", count);
}
* Don't escape this.
*/
case XLAT_LITERAL:
- XLAT_DEBUG("xlat_aprint LITERAL");
+ XLAT_DEBUG("%.*sxlat_aprint LITERAL", lvl, xlat_spaces);
return talloc_typed_strdup(ctx, node->fmt);
/*
size_t freespace = 256;
struct tm ts;
time_t when;
+ int usec;
- XLAT_DEBUG("xlat_aprint PERCENT");
+ XLAT_DEBUG("%.*sxlat_aprint PERCENT", lvl, xlat_spaces);
str = talloc_array(ctx, char, freespace); /* @todo do better allocation */
p = node->fmt;
when = request->timestamp;
+ usec = 0;
if (request->packet) {
when = request->packet->timestamp.tv_sec;
+ usec = request->packet->timestamp.tv_usec;
}
switch (*p) {
case 'S': /* request timestamp in SQL format*/
if (!localtime_r(&when, &ts)) goto error;
- strftime(str, freespace, "%Y-%m-%d %H:%M:%S", &ts);
+ nl = str + strftime(str, freespace, "%Y-%m-%d %H:%M:%S", &ts);
+ rad_assert(((str + freespace) - nl) >= 8);
+ snprintf(nl, (str + freespace) - nl, ".%06d", usec);
break;
case 'T': /* request timestamp */
if (!localtime_r(&when, &ts)) goto error;
- strftime(str, freespace, "%Y-%m-%d-%H.%M.%S.000000", &ts);
+ strftime(str, freespace, "%Y-%m-%d-%H.%M.%S", &ts);
+
break;
case 'Y': /* request year */
break;
case XLAT_ATTRIBUTE:
- XLAT_DEBUG("xlat_aprint ATTRIBUTE");
+ XLAT_DEBUG("%.*sxlat_aprint ATTRIBUTE", lvl, xlat_spaces);
/*
* Some attributes are virtual <sigh>
*/
str = xlat_getvp(ctx, request, &node->attr, escape ? false : true, true);
if (str) {
- XLAT_DEBUG("EXPAND attr %s", node->attr.tmpl_da->name);
- XLAT_DEBUG(" ---> %s", str);
+ XLAT_DEBUG("%.*sEXPAND attr %s", lvl, xlat_spaces, node->attr.tmpl_da->name);
+ XLAT_DEBUG("%.*s ---> %s", lvl ,xlat_spaces, str);
}
break;
/*
* Smash \n --> CR.
*
- * The OUTPUT of xlat is a printable string. The INPUT might not be...
+ * The OUTPUT of xlat is a "raw" string. The INPUT is a printable string.
*
* This is really the reverse of fr_prints().
*/
#ifdef HAVE_REGEX
case XLAT_REGEX:
- XLAT_DEBUG("xlat_aprint REGEX");
+ XLAT_DEBUG("%.*sxlat_aprint REGEX", lvl, xlat_spaces);
if (regex_request_to_sub(ctx, &str, request, node->attr.tmpl_num) < 0) return NULL;
break;
#endif
case XLAT_ALTERNATE:
- XLAT_DEBUG("xlat_aprint ALTERNATE");
+ XLAT_DEBUG("%.*sxlat_aprint ALTERNATE", lvl, xlat_spaces);
rad_assert(node->child != NULL);
rad_assert(node->alternate != NULL);
- str = xlat_aprint(ctx, request, node->child, escape, escape_ctx, lvl);
- if (str) {
- XLAT_DEBUG("ALTERNATE got string: %s", str);
- break;
- }
+ /*
+ * If there are no "next" nodes, call ourselves
+ * recursively, which is fast.
+ *
+ * If there are "next" nodes, call xlat_process()
+ * which does a ton more work.
+ */
+ if (!node->next) {
+ str = xlat_aprint(ctx, request, node->child, escape, escape_ctx, lvl);
+ if (str) {
+ XLAT_DEBUG("%.*sALTERNATE got first string: %s", lvl, xlat_spaces, str);
+ } else {
+ str = xlat_aprint(ctx, request, node->alternate, escape, escape_ctx, lvl);
+ XLAT_DEBUG("%.*sALTERNATE got alternate string %s", lvl, xlat_spaces, str);
+ }
+ } else {
- XLAT_DEBUG("ALTERNATE going to alternate");
- str = xlat_aprint(ctx, request, node->alternate, escape, escape_ctx, lvl);
+ if (xlat_process(&str, request, node->child, escape, escape_ctx) > 0) {
+ XLAT_DEBUG("%.*sALTERNATE got first string: %s", lvl, xlat_spaces, str);
+ } else {
+ (void) xlat_process(&str, request, node->alternate, escape, escape_ctx);
+ XLAT_DEBUG("%.*sALTERNATE got alternate string %s", lvl, xlat_spaces, str);
+ }
+ }
break;
-
}
/*
* Escape the non-literals we found above.
*/
if (str && escape) {
+ size_t len;
char *escaped;
- escaped = talloc_array(ctx, char, 2048); /* FIXME: do something intelligent */
- escape(request, escaped, 2038, str, escape_ctx);
+ len = talloc_array_length(str) * 3;
+
+ escaped = talloc_array(ctx, char, len);
+ escape(request, escaped, len, str, escape_ctx);
talloc_free(str);
str = escaped;
}
/** Replace %whatever in a string.
*
- * See 'doc/variables.txt' for more information.
+ * See 'doc/configuration/variables.rst' for more information.
*
* @param[out] out Where to write pointer to output buffer.
* @param[in] outlen Size of out.
}
len = strlen(buff);
+
/*
* If out doesn't point to an existing buffer
* copy the pointer to our buffer over.
/** Replace %whatever in a string.
*
- * See 'doc/variables.txt' for more information.
+ * See 'doc/configuration/variables.rst' for more information.
*
* @param[out] out Where to write pointer to output buffer.
* @param[in] outlen Size of out.
{
vp_tmpl_t *vpt;
- if (node->next || (node->type != XLAT_ATTRIBUTE)) return NULL;
+ if (node->next || (node->type != XLAT_ATTRIBUTE) || (node->attr.type != TMPL_TYPE_ATTR)) return NULL;
/*
* Concat means something completely different as an attribute reference
if (vpt->type != TMPL_TYPE_ATTR) return NULL;
node = talloc_zero(ctx, xlat_exp_t);
+ node->type = XLAT_ATTRIBUTE;
node->fmt = talloc_bstrndup(node, vpt->name, vpt->len);
tmpl_init(&node->attr, TMPL_TYPE_ATTR, node->fmt, talloc_array_length(node->fmt) - 1);
memcpy(&node->attr.data, &vpt->data, sizeof(vpt->data));
ssize_t radius_axlat(char **out, REQUEST *request, char const *fmt, xlat_escape_t escape, void *ctx)
{
+ *out = NULL;
return xlat_expand(out, 0, request, fmt, escape, ctx);
}
ssize_t radius_axlat_struct(char **out, REQUEST *request, xlat_exp_t const *xlat, xlat_escape_t escape, void *ctx)
{
+ *out = NULL;
return xlat_expand_struct(out, 0, request, xlat, escape, ctx);
}