int operator);
/* xlat.c */
-typedef size_t (*RADIUS_ESCAPE_STRING)(char *out, size_t outlen, const char *in);
+typedef size_t (*RADIUS_ESCAPE_STRING)(REQUEST *, char *out, size_t outlen, const char *in, void *arg);
int radius_xlat(char * out, int outlen, const char *fmt,
- REQUEST * request, RADIUS_ESCAPE_STRING func);
-typedef size_t (*RAD_XLAT_FUNC)(void *instance, REQUEST *, const char *, char *, size_t, RADIUS_ESCAPE_STRING func);
+ REQUEST * request, RADIUS_ESCAPE_STRING func, void *funcarg);
+typedef size_t (*RAD_XLAT_FUNC)(void *instance, REQUEST *, const char *, char *, size_t);
int xlat_register(const char *module, RAD_XLAT_FUNC func,
void *instance);
void xlat_unregister(const char *module, RAD_XLAT_FUNC func,
if (extra_msg) {
extra[0] = ' ';
radius_xlat(extra + 1, sizeof(extra) - 1, extra_msg, request,
- NULL);
+ NULL, NULL);
} else {
*extra = '\0';
}
case T_DOUBLE_QUOTED_STRING:
if (!strchr(value, '%')) return value;
- radius_xlat(buffer, sizeof_buffer, value, request, NULL);
+ radius_xlat(buffer, sizeof_buffer, value, request, NULL, NULL);
return buffer;
}
if (!request) continue;
- sublen = radius_xlat(to, left - 1, argv[i], request, NULL);
+ sublen = radius_xlat(to, left - 1, argv[i], request, NULL, NULL);
if (sublen <= 0) {
/*
* Fail to be backwards compatible.
*/
static size_t xlat_listen(UNUSED void *instance, REQUEST *request,
const char *fmt, char *out,
- size_t outlen,
- UNUSED RADIUS_ESCAPE_STRING func)
+ size_t outlen)
{
const char *value = NULL;
CONF_PAIR *cp;
*/
radius_xlat(buffer, sizeof(buffer), filename,
- request, NULL); /* FIXME: escape chars! */
+ request, NULL, NULL); /* FIXME: escape chars! */
request->radlog = rl;
p = strrchr(buffer, FR_DIR_SEP);
#define MAX_ARGV (256)
-static size_t config_escape_func(char *out, size_t outlen, const char *in)
+static size_t config_escape_func(UNUSED REQUEST *request, char *out, size_t outlen, const char *in, UNUSED void *arg)
{
size_t len = 0;
static const char *disallowed = "%{}\\'\"`";
*/
static size_t xlat_config(void *instance, REQUEST *request,
const char *fmt, char *out,
- size_t outlen,
- RADIUS_ESCAPE_STRING func)
+ size_t outlen)
{
const char *value;
CONF_PAIR *cp;
/*
* Expand it safely.
*/
- if (!radius_xlat(buffer, sizeof(buffer), fmt, request, config_escape_func)) {
+ if (!radius_xlat(buffer, sizeof(buffer), fmt, request, config_escape_func, NULL)) {
return 0;
}
}
}
- return func(out, outlen, value);
+ strlcpy(out, value, outlen);
+
+ return strlen(out);
}
*/
static size_t xlat_client(UNUSED void *instance, REQUEST *request,
const char *fmt, char *out,
- size_t outlen,
- UNUSED RADIUS_ESCAPE_STRING func)
+ size_t outlen)
{
const char *value = NULL;
CONF_PAIR *cp;
if (!mx->exec) {
radius_xlat(buffer, sizeof(buffer),
- mx->xlat_name, request, NULL);
+ mx->xlat_name, request, NULL, NULL);
} else {
RDEBUG("`%s`", mx->xlat_name);
radius_exec_program(mx->xlat_name, request,
}
} else {
radius_xlat(buffer, sizeof(buffer),
- child->name, request, NULL);
+ child->name, request, NULL, NULL);
}
null_case = q = NULL;
for(p = g->children; p; p = p->next) {
char *request_log_file = NULL;
char *debug_log_file = NULL;
int radius_xlat(UNUSED char *out, UNUSED int outlen, UNUSED const char *fmt,
- UNUSED REQUEST *request, UNUSED RADIUS_ESCAPE_STRING func)
+ UNUSED REQUEST *request,
+ UNUSED RADIUS_ESCAPE_STRING func, UNUSED void *arg)
{
return -1;
}
char *request_log_file = NULL;
char *debug_log_file = NULL;
int radius_xlat(UNUSED char *out, UNUSED int outlen, UNUSED const char *fmt,
- UNUSED REQUEST *request, UNUSED RADIUS_ESCAPE_STRING func)
+ UNUSED REQUEST *request,
+ UNUSED RADIUS_ESCAPE_STRING func, UNUSED void *arg)
{
return -1;
}
char *request_log_file = NULL;
char *debug_log_file = NULL;
int radius_xlat(char *out, UNUSED int outlen, UNUSED const char *fmt,
- UNUSED REQUEST *request, UNUSED RADIUS_ESCAPE_STRING func)
+ UNUSED REQUEST *request,
+ UNUSED RADIUS_ESCAPE_STRING func, UNUSED void *arg)
{
*out = 0;
return 0;
* Xlat for %{home_server:foo}
*/
static size_t xlat_home_server(UNUSED void *instance, REQUEST *request,
- const char *fmt, char *out, size_t outlen,
- UNUSED RADIUS_ESCAPE_STRING func)
+ const char *fmt, char *out, size_t outlen)
{
if (!fmt || !out || (outlen < 1)) return 0;
* Xlat for %{home_server_pool:foo}
*/
static size_t xlat_server_pool(UNUSED void *instance, REQUEST *request,
- const char *fmt, char *out, size_t outlen,
- UNUSED RADIUS_ESCAPE_STRING func)
+ const char *fmt, char *out, size_t outlen)
{
if (!fmt || !out || (outlen < 1)) return 0;
* previous checks passed.
*/
if (my_ok && conf->check_cert_cn) {
- if (!radius_xlat(cn_str, sizeof(cn_str), conf->check_cert_cn, request, NULL)) {
+ if (!radius_xlat(cn_str, sizeof(cn_str), conf->check_cert_cn, request, NULL, NULL)) {
radlog(L_ERR, "rlm_eap_tls (%s): xlat failed.",
conf->check_cert_cn);
/* if this fails, fail the verification */
regmatch_t rxmatch[REQUEST_MAX_REGEX + 1];
snprintf(name, sizeof(name), "%%{%s}", check->name);
- radius_xlat(value, sizeof(value), name, request, NULL);
+ radius_xlat(value, sizeof(value), name, request, NULL, NULL);
/*
* Include substring matches.
regmatch_t rxmatch[REQUEST_MAX_REGEX + 1];
snprintf(name, sizeof(name), "%%{%s}", check->name);
- radius_xlat(value, sizeof(value), name, request, NULL);
+ radius_xlat(value, sizeof(value), name, request, NULL, NULL);
/*
* Include substring matches.
check_item->flags.do_xlat = 0;
rcode = radius_xlat(buffer, sizeof(buffer),
check_item->vp_strvalue,
- req, NULL);
+ req, NULL, NULL);
/*
* Parse the string into a new value.
i->flags.do_xlat = 0;
rcode = radius_xlat(buffer, sizeof(buffer),
i->vp_strvalue,
- req, NULL);
+ req, NULL, NULL);
/*
* Parse the string into a new value.
/**
* @brief Convert the value on a VALUE_PAIR to string
*/
-static int valuepair2str(char * out,int outlen,VALUE_PAIR * pair,
- int type, RADIUS_ESCAPE_STRING func)
+static int valuepair2str(char * out,int outlen,VALUE_PAIR * pair, int type)
{
- char buffer[MAX_STRING_LEN * 4];
-
if (pair != NULL) {
- vp_prints_value(buffer, sizeof(buffer), pair, -1);
- return func(out, outlen, buffer);
+ vp_prints_value(out, outlen, pair, -1);
+ return strlen(out);
}
switch (type) {
* Dynamically translate for check:, request:, reply:, etc.
*/
static size_t xlat_packet(void *instance, REQUEST *request,
- const char *fmt, char *out, size_t outlen,
- RADIUS_ESCAPE_STRING func)
+ const char *fmt, char *out, size_t outlen)
{
DICT_ATTR *da;
VALUE_PAIR *vp;
for (vp = pairfind_tag(vps, da, tag);
vp != NULL;
vp = pairfind_tag(vp->next, da, tag)) {
- count = valuepair2str(out, outlen - 1, vp, da->type, func);
+ count = valuepair2str(out, outlen - 1, vp, da->type);
rad_assert(count <= outlen);
total += count + 1;
outlen -= (count + 1);
return snprintf(out, outlen, "%u", vp->vp_integer);
}
- return valuepair2str(out, outlen, vp, da->type, func);
+ return valuepair2str(out, outlen, vp, da->type);
}
vp = pairfind(vps, da->attr, da->vendor);
}
localvp.type = da->type;
- return valuepair2str(out, outlen, &localvp,
- da->type, func);
+ return valuepair2str(out, outlen, &localvp, da->type);
}
/*
/*
* Convert the VP to a string, and return it.
*/
- return valuepair2str(out, outlen, vp, da->type, func);
+ return valuepair2str(out, outlen, vp, da->type);
}
/**
* @brief Print data as integer, not as VALUE.
*/
static size_t xlat_integer(UNUSED void *instance, REQUEST *request,
- const char *fmt, char *out, size_t outlen,
- UNUSED RADIUS_ESCAPE_STRING func)
+ const char *fmt, char *out, size_t outlen)
{
VALUE_PAIR *vp;
* @brief Print data as hex, not as VALUE.
*/
static size_t xlat_hex(UNUSED void *instance, REQUEST *request,
- const char *fmt, char *out, size_t outlen,
- UNUSED RADIUS_ESCAPE_STRING func)
+ const char *fmt, char *out, size_t outlen)
{
size_t i;
uint8_t *p;
* @brief Prints the current module processing the request
*/
static size_t xlat_module(UNUSED void *instance, REQUEST *request,
- UNUSED const char *fmt, char *out, size_t outlen,
- UNUSED RADIUS_ESCAPE_STRING func)
+ UNUSED const char *fmt, char *out, size_t outlen)
{
strlcpy(out, request->module, outlen);
* @see modcall()
*/
static size_t xlat_foreach(void *instance, REQUEST *request,
- UNUSED const char *fmt, char *out, size_t outlen,
- RADIUS_ESCAPE_STRING func)
+ UNUSED const char *fmt, char *out, size_t outlen)
{
VALUE_PAIR **pvp;
return 0;
}
- return valuepair2str(out, outlen, (*pvp), (*pvp)->type, func);
+ return valuepair2str(out, outlen, (*pvp), (*pvp)->type);
}
#endif
* expand to "\n\n\n"
*/
static size_t xlat_string(UNUSED void *instance, REQUEST *request,
- const char *fmt, char *out, size_t outlen,
- UNUSED RADIUS_ESCAPE_STRING func)
+ const char *fmt, char *out, size_t outlen)
{
int len;
VALUE_PAIR *vp;
* @brief Expand regexp matches %{0} to %{8}
*/
static size_t xlat_regex(void *instance, REQUEST *request,
- const char *fmt, char *out, size_t outlen,
- RADIUS_ESCAPE_STRING func)
+ const char *fmt, char *out, size_t outlen)
{
char *regex;
* are already in the "instance".
*/
fmt = fmt; /* -Wunused */
- func = func; /* -Wunused FIXME: do escaping? */
regex = request_data_reference(request, request,
REQUEST_DATA_REGEX | *(int *)instance);
* Example %{debug:3}
*/
static size_t xlat_debug(UNUSED void *instance, REQUEST *request,
- const char *fmt, char *out, size_t outlen,
- UNUSED RADIUS_ESCAPE_STRING func)
+ const char *fmt, char *out, size_t outlen)
{
int level = 0;
*/
static int decode_attribute(const char **from, char **to, int freespace,
REQUEST *request,
- RADIUS_ESCAPE_STRING func)
+ RADIUS_ESCAPE_STRING func, void *funcarg)
{
int do_length = 0;
const char *module_name, *xlat_str;
* Expand the first one. If we did, exit the
* conditional.
*/
- retlen = radius_xlat(q, freespace, buffer, request, func);
+ retlen = radius_xlat(q, freespace, buffer, request, func, funcarg);
if (retlen) {
q += retlen;
goto done;
*/
if (expand2) {
retlen = radius_xlat(q, freespace, l,
- request, func);
+ request, func, funcarg);
if (retlen) {
q += retlen;
}
if (!c->internal) RDEBUG3("radius_xlat: Running registered xlat function of module %s for string \'%s\'",
c->module, xlat_str);
- retlen = c->do_xlat(c->instance, request, xlat_str,
- q, freespace, func);
+ if (func) {
+ /* xlat to a temporary buffer, then escape */
+ char tmpbuf[8192];
+ retlen = c->do_xlat(c->instance, request, xlat_str, tmpbuf, sizeof(tmpbuf));
+ if (retlen > 0) {
+ retlen = func(request, q, freespace, tmpbuf, funcarg);
+ if (retlen > 0) {
+ RDEBUG2("string escaped from \'%s\' to \'%s\'", tmpbuf, q);
+ } else if (retlen < 0) {
+ RDEBUG2("string escape failed");
+ }
+ }
+ } else {
+ retlen = c->do_xlat(c->instance, request, xlat_str, q, freespace);
+ }
if (retlen > 0) {
if (do_length) {
snprintf(q, freespace, "%d", retlen);
* Expand the second bit.
*/
RDEBUG2("\t... expanding second conditional");
- retlen = radius_xlat(q, freespace, next, request, func);
+ retlen = radius_xlat(q, freespace, next, request, func, funcarg);
}
q += retlen;
return 0;
}
-/*
- * If the caller doesn't pass xlat an escape function, then
- * we use this one. It simplifies the coding, as the check for
- * func == NULL only happens once.
- */
-static size_t xlat_copy(char *out, size_t outlen, const char *in)
-{
- int freespace = outlen;
-
- if (outlen < 1) return 0;
-
- while ((*in) && (freespace > 1)) {
- /*
- * Copy data.
- *
- * FIXME: Do escaping of bad stuff!
- */
- *(out++) = *(in++);
-
- freespace--;
- }
- *out = '\0';
-
- return (outlen - freespace); /* count does not include NUL */
-}
-
/**
* @brief Replace %whatever in a string.
*
* @return length of string written @bug should really have -1 for failure
*/
int radius_xlat(char *out, int outlen, const char *fmt,
- REQUEST *request, RADIUS_ESCAPE_STRING func)
+ REQUEST *request,
+ RADIUS_ESCAPE_STRING func, void *funcarg)
{
int c, len, freespace;
const char *p;
VALUE_PAIR *tmp;
struct tm *TM, s_TM;
char tmpdt[40]; /* For temporary storing of dates */
- int openbraces=0;
/*
* Catch bad modules.
*/
if (!fmt || !out || !request) return 0;
- /*
- * Ensure that we always have an escaping function.
- */
- if (func == NULL) {
- func = xlat_copy;
- }
-
q = out;
p = fmt;
while (*p) {
* then we assume this brace is NOT literal, but is
* a closing brace and apply it
*/
- if ((c == '}') && openbraces) {
- openbraces--;
- p++; /* skip it */
- continue;
- }
*q++ = *p++;
continue;
}
} else if (c == '%') switch(*p) {
case '{':
p--;
- if (decode_attribute(&p, &q, freespace, request, func) < 0) return 0;
+ if (decode_attribute(&p, &q, freespace, request, func, funcarg) < 0) return 0;
break;
case '%':
if ((pair = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0)) != NULL) {
acctstatustype = pair->vp_integer;
} else {
- radius_xlat(logstr, sizeof(logstr), "packet has no accounting status type. [user '%{User-Name}', nas '%{NAS-IP-Address}']", request, NULL);
+ radius_xlat(logstr, sizeof(logstr), "packet has no accounting status type. [user '%{User-Name}', nas '%{NAS-IP-Address}']", request, NULL, NULL);
radlog(L_ERR, "rlm_acctlog (%s)", logstr);
return RLM_MODULE_INVALID;
}
switch (acctstatustype) {
case PW_STATUS_START:
- radius_xlat(logstr, sizeof(logstr), inst->acctstart, request, NULL);
+ radius_xlat(logstr, sizeof(logstr), inst->acctstart, request, NULL, NULL);
break;
case PW_STATUS_STOP:
- radius_xlat(logstr, sizeof(logstr), inst->acctstop, request, NULL);
+ radius_xlat(logstr, sizeof(logstr), inst->acctstop, request, NULL, NULL);
break;
case PW_STATUS_ALIVE:
- radius_xlat(logstr, sizeof(logstr), inst->acctupdate, request, NULL);
+ radius_xlat(logstr, sizeof(logstr), inst->acctupdate, request, NULL, NULL);
break;
case PW_STATUS_ACCOUNTING_ON:
- radius_xlat(logstr, sizeof(logstr), inst->accton, request, NULL);
+ radius_xlat(logstr, sizeof(logstr), inst->accton, request, NULL, NULL);
break;
case PW_STATUS_ACCOUNTING_OFF:
- radius_xlat(logstr, sizeof(logstr), inst->acctoff, request, NULL);
+ radius_xlat(logstr, sizeof(logstr), inst->acctoff, request, NULL, NULL);
break;
default:
int len;
len = radius_xlat(buffer, sizeof(buffer), inst->key,
- request, NULL);
+ request, NULL, NULL);
if (!len) {
return RLM_MODULE_NOOP;
}
if (data->new_attr){
/* new_attribute = yes */
- if (!radius_xlat(replace_STR, sizeof(replace_STR), data->replace, request, NULL)) {
+ if (!radius_xlat(replace_STR, sizeof(replace_STR), data->replace, request, NULL, NULL)) {
DEBUG2("%s: xlat on replace string failed.", data->name);
return ret;
}
if (data->nocase)
cflags |= REG_ICASE;
- if (!radius_xlat(search_STR, sizeof(search_STR), data->search, request, NULL) && data->search_len != 0) {
+ if (!radius_xlat(search_STR, sizeof(search_STR), data->search, request, NULL, NULL) && data->search_len != 0) {
DEBUG2("%s: xlat on search string failed.", data->name);
return ret;
}
if (!done_xlat){
if (data->replace_len != 0 &&
- radius_xlat(replace_STR, sizeof(replace_STR), data->replace, request, NULL) == 0) {
+ radius_xlat(replace_STR, sizeof(replace_STR), data->replace, request, NULL, NULL) == 0) {
DEBUG2("%s: xlat on replace string failed.", data->name);
return ret;
}
* I don't want to make that change for 2.0.
*/
radius_xlat(buffer, sizeof(buffer), cf_pair_value(cp),
- request, NULL);
+ request, NULL, NULL);
vp = pairmake(p, buffer, cf_pair_operator(cp));
pairadd(vps, vp);
/*
* Allow single attribute values to be retrieved from the cache.
*/
-static int cache_xlat(void *instance, REQUEST *request,
- char *fmt, char *out, size_t freespace,
- UNUSED RADIUS_ESCAPE_STRING func)
+static size_t cache_xlat(void *instance, REQUEST *request,
+ const char *fmt, char *out, size_t freespace)
{
rlm_cache_entry_t *c;
rlm_cache_t *inst = instance;
const char *p = fmt;
char buffer[1024];
- radius_xlat(buffer, sizeof(buffer), inst->key, request, NULL);
+ radius_xlat(buffer, sizeof(buffer), inst->key, request, NULL, NULL);
c = cache_find(inst, request, buffer);
* Register the cache xlat function
*/
inst->xlat_name = strdup(xlat_name);
- xlat_register(xlat_name, (RAD_XLAT_FUNC)cache_xlat, inst);
+ xlat_register(xlat_name, cache_xlat, inst);
if (!inst->key || !*inst->key) {
radlog(L_ERR, "rlm_cache: You must specify a key");
VALUE_PAIR *vp;
char buffer[1024];
- radius_xlat(buffer, sizeof(buffer), inst->key, request, NULL);
+ radius_xlat(buffer, sizeof(buffer), inst->key, request, NULL, NULL);
c = cache_find(inst, request, buffer);
* feed it through radius_xlat() to expand the
* variables.
*/
- if (radius_xlat(buffer, sizeof(buffer), inst->detailfile, request, NULL) == 0) {
+ if (radius_xlat(buffer, sizeof(buffer), inst->detailfile, request, NULL, NULL) == 0) {
radlog_request(L_ERR, 0, request, "rlm_detail: Failed to expand detail file %s",
inst->detailfile);
return RLM_MODULE_FAIL;
return RLM_MODULE_FAIL;
}
- if (radius_xlat(timestamp, sizeof(timestamp), inst->header, request, NULL) == 0) {
+ if (radius_xlat(timestamp, sizeof(timestamp), inst->header, request, NULL, NULL) == 0) {
radlog_request(L_ERR, 0, request, "rlm_detail: Unable to expand detail header format %s",
inst->header);
close(outfd);
EAP_DS *eap_ds = handler->eap_ds;
rlm_eap_gtc_t *inst = (rlm_eap_gtc_t *) type_data;
- if (!radius_xlat(challenge_str, sizeof(challenge_str), inst->challenge, handler->request, NULL)) {
+ if (!radius_xlat(challenge_str, sizeof(challenge_str), inst->challenge, handler->request, NULL, NULL)) {
radlog(L_ERR, "rlm_eap_gtc: xlat of \"%s\" failed", inst->challenge);
return 0;
}
* Do xlat of strings.
*/
static size_t exec_xlat(void *instance, REQUEST *request,
- const char *fmt, char *out, size_t outlen,
- UNUSED RADIUS_ESCAPE_STRING func)
+ const char *fmt, char *out, size_t outlen)
{
int result;
rlm_exec_t *inst = instance;
RDEBUG("Account has expired");
if (data->msg && data->msg[0]){
- if (!radius_xlat(msg, sizeof(msg), data->msg, request, NULL)) {
+ if (!radius_xlat(msg, sizeof(msg), data->msg, request, NULL, NULL)) {
radlog(L_ERR, "rlm_expiration: xlat failed.");
return RLM_MODULE_FAIL;
}
snprintf(name, sizeof(name), "%%{%s}", check->name);
- radius_xlat(value, sizeof(value), name, req, NULL);
+ radius_xlat(value, sizeof(value), name, req, NULL, NULL);
vp = pairmake(check->name, value, check->operator);
/*
* Do xlat of strings!
*/
static size_t expr_xlat(void *instance, REQUEST *request, const char *fmt,
- char *out, size_t outlen, RADIUS_ESCAPE_STRING func)
+ char *out, size_t outlen)
{
int rcode;
int64_t result;
/*
* Do an xlat on the provided string (nice recursive operation).
*/
- if (!radius_xlat(buffer, sizeof(buffer), fmt, request, func)) {
+ if (!radius_xlat(buffer, sizeof(buffer), fmt, request, NULL, NULL)) {
radlog(L_ERR, "rlm_expr: xlat failed.");
*out = '\0';
return 0;
*
*/
static size_t rand_xlat(UNUSED void *instance, REQUEST *request, const char *fmt,
- char *out, size_t outlen,
- RADIUS_ESCAPE_STRING func)
+ char *out, size_t outlen)
{
int64_t result;
char buffer[256];
/*
* Do an xlat on the provided string (nice recursive operation).
*/
- if (!radius_xlat(buffer, sizeof(buffer), fmt, request, func)) {
+ if (!radius_xlat(buffer, sizeof(buffer), fmt, request, NULL, NULL)) {
radlog(L_ERR, "rlm_expr: xlat failed.");
*out = '\0';
return 0;
* Format identical to String::Random.
*/
static size_t randstr_xlat(UNUSED void *instance, REQUEST *request,
- const char *fmt, char *out, size_t outlen,
- RADIUS_ESCAPE_STRING func)
+ const char *fmt, char *out, size_t outlen)
{
char *p;
char buffer[1024];
/*
* Do an xlat on the provided string (nice recursive operation).
*/
- len = radius_xlat(buffer, sizeof(buffer), fmt, request, func);
+ len = radius_xlat(buffer, sizeof(buffer), fmt, request, NULL, NULL);
if (!len) {
radlog(L_ERR, "rlm_expr: xlat failed.");
*out = '\0';
* Example: "%{urlquote:http://example.org/}" == "http%3A%47%47example.org%47"
*/
static size_t urlquote_xlat(UNUSED void *instance, REQUEST *request,
- const char *fmt, char *out, size_t outlen,
- UNUSED RADIUS_ESCAPE_STRING func)
+ const char *fmt, char *out, size_t outlen)
{
char *p;
char buffer[1024];
if (outlen <= 1) return 0;
- len = radius_xlat(buffer, sizeof(buffer), fmt, request, func);
+ len = radius_xlat(buffer, sizeof(buffer), fmt, request, NULL, NULL);
if (!len) {
radlog(L_ERR, "rlm_expr: xlat failed.");
*out = '\0';
* Example: "%{escape:<img>foo.jpg</img>}" == "=60img=62foo.jpg=60=/img=62"
*/
static size_t escape_xlat(UNUSED void *instance, REQUEST *request,
- const char *fmt, char *out, size_t outlen,
- UNUSED RADIUS_ESCAPE_STRING func)
+ const char *fmt, char *out, size_t outlen)
{
rlm_expr_t *inst = instance;
char *p;
if (outlen <= 1) return 0;
- len = radius_xlat(buffer, sizeof(buffer), fmt, request, func);
+ len = radius_xlat(buffer, sizeof(buffer), fmt, request, NULL, NULL);
if (!len) {
radlog(L_ERR, "rlm_expr: xlat failed.");
*out = '\0';
* Probably only works for ASCII
*/
static size_t lc_xlat(UNUSED void *instance, REQUEST *request,
- const char *fmt, char *out, size_t outlen,
- UNUSED RADIUS_ESCAPE_STRING func)
+ const char *fmt, char *out, size_t outlen)
{
char *p, *q;
char buffer[1024];
if (outlen <= 1) return 0;
- if (!radius_xlat(buffer, sizeof(buffer), fmt, request, func)) {
+ if (!radius_xlat(buffer, sizeof(buffer), fmt, request, NULL, NULL)) {
*out = '\0';
return 0;
}
* Probably only works for ASCII
*/
static size_t uc_xlat(UNUSED void *instance, REQUEST *request,
- const char *fmt, char *out, size_t outlen,
- UNUSED RADIUS_ESCAPE_STRING func)
+ const char *fmt, char *out, size_t outlen)
{
char *p, *q;
char buffer[1024];
if (outlen <= 1) return 0;
- if (!radius_xlat(buffer, sizeof(buffer), fmt, request, func)) {
+ if (!radius_xlat(buffer, sizeof(buffer), fmt, request, NULL, NULL)) {
*out = '\0';
return 0;
}
* Example: "%{md5:foo}" == "acbd18db4cc2f85cedef654fccc4a4d8"
*/
static size_t md5_xlat(UNUSED void *instance, REQUEST *request,
- const char *fmt, char *out, size_t outlen,
- UNUSED RADIUS_ESCAPE_STRING func)
+ const char *fmt, char *out, size_t outlen)
{
char buffer[1024];
uint8_t digest[16];
int i;
FR_MD5_CTX ctx;
- if (!radius_xlat(buffer, sizeof(buffer), fmt, request, func)) {
+ if (!radius_xlat(buffer, sizeof(buffer), fmt, request, NULL, NULL)) {
*out = '\0';
return 0;
}
int len;
len = radius_xlat(buffer, sizeof(buffer), inst->key,
- request, NULL);
+ request, NULL, NULL);
if (len) name = buffer;
else name = "NONE";
}
int len;
len = radius_xlat(buffer, sizeof(buffer), inst->key,
- request, NULL);
+ request, NULL, NULL);
if (len) name = buffer;
else name = "NONE";
}
int len;
len = radius_xlat(buffer, sizeof(buffer), inst->key,
- request, NULL);
+ request, NULL, NULL);
if (len) name = buffer;
else name = "NONE";
}
}
switch(acctstatustype){
case PW_STATUS_STOP:
- if (!radius_xlat(xlat_str,MAX_STRING_LEN,data->key, request, NULL)){
+ if (!radius_xlat(xlat_str,MAX_STRING_LEN,data->key, request, NULL, NULL)){
RDEBUG("xlat on the 'key' directive failed");
return RLM_MODULE_NOOP;
}
}
#endif
- if (!radius_xlat(xlat_str,MAX_STRING_LEN,data->key, request, NULL)){
+ if (!radius_xlat(xlat_str,MAX_STRING_LEN,data->key, request, NULL, NULL)){
RDEBUG("xlat on the 'key' directive failed");
return RLM_MODULE_NOOP;
}
#endif
static VALUE_PAIR *ldap_pairget(LDAP *, LDAPMessage *, TLDAP_RADIUS *,VALUE_PAIR **,int, ldap_instance *);
static int ldap_groupcmp(void *, REQUEST *, VALUE_PAIR *, VALUE_PAIR *, VALUE_PAIR *, VALUE_PAIR **);
-static size_t ldap_xlat(void *, REQUEST *, const char *, char *, size_t, RADIUS_ESCAPE_STRING);
+static size_t ldap_xlat(void *, REQUEST *, const char *, char *, size_t);
static LDAP *ldap_connect(void *instance, const char *, const char *, int, int *, char **);
static int read_mappings(ldap_instance* inst);
/*
* Translate the LDAP queries.
*/
-static size_t ldap_escape_func(char *out, size_t outlen, const char *in)
+static size_t ldap_escape_func(UNUSED REQUEST *request, char *out, size_t outlen, const char *in, void *arg)
{
+ ldap_instance *inst = arg;
size_t len = 0;
while (in[0]) {
return 1;
}
- if (!radius_xlat(basedn, sizeof(basedn), inst->basedn, req, ldap_escape_func)) {
+ if (!radius_xlat(basedn, sizeof(basedn), inst->basedn, req, ldap_escape_func, inst)) {
DEBUG("rlm_ldap::ldap_groupcmp: unable to create basedn.");
return 1;
}
char *user_dn = NULL;
if (!radius_xlat(filter, sizeof(filter), inst->filter,
- req, ldap_escape_func)){
+ req, ldap_escape_func, inst)){
DEBUG("rlm_ldap::ldap_groupcmp: unable to create filter");
return 1;
}
}
if(!radius_xlat(gr_filter, sizeof(gr_filter),
- inst->groupmemb_filt, req, ldap_escape_func)) {
+ inst->groupmemb_filt, req, ldap_escape_func, inst)) {
DEBUG("rlm_ldap::ldap_groupcmp: unable to create filter.");
return 1;
}
* Do an xlat on an LDAP URL
*/
static size_t ldap_xlat(void *instance, REQUEST *request, const char *fmt,
- char *out, size_t freespace,
- UNUSED RADIUS_ESCAPE_STRING func)
+ char *out, size_t freespace)
{
char url[MAX_FILTER_STR_LEN];
int res;
LDAP_CONN *conn;
DEBUG(" [%s] - ldap_xlat", inst->xlat_name);
- if (!radius_xlat(url, sizeof(url), fmt, request, ldap_escape_func)) {
+ if (!radius_xlat(url, sizeof(url), fmt, request, ldap_escape_func, inst)) {
radlog (L_ERR, " [%s] Unable to create LDAP URL.\n", inst->xlat_name);
return 0;
}
request->username->vp_strvalue);
if (!radius_xlat(filter, sizeof(filter), inst->filter,
- request, ldap_escape_func)) {
+ request, ldap_escape_func, inst)) {
radlog(L_ERR, " [%s] unable to create filter.\n", inst->xlat_name);
return RLM_MODULE_INVALID;
}
if (!radius_xlat(basedn, sizeof(basedn), inst->basedn,
- request, ldap_escape_func)) {
+ request, ldap_escape_func, inst)) {
radlog(L_ERR, " [%s] unable to create basedn.\n", inst->xlat_name);
return RLM_MODULE_INVALID;
}
while ((vp_user_dn = pairfind(request->config_items,
PW_LDAP_USERDN, 0)) == NULL) {
if (!radius_xlat(filter, sizeof(filter), inst->filter,
- request, ldap_escape_func)) {
+ request, ldap_escape_func, inst)) {
radlog(L_ERR, " [%s] unable to create filter.\n", inst->xlat_name);
return RLM_MODULE_INVALID;
}
if (!radius_xlat(basedn, sizeof(basedn), inst->basedn,
- request, ldap_escape_func)) {
+ request, ldap_escape_func, inst)) {
radlog(L_ERR, " [%s] unable to create basedn.\n", inst->xlat_name);
return RLM_MODULE_INVALID;
}
/*
* Escape unprintable characters.
*/
-static size_t linelog_escape_func(char *out, size_t outlen, const char *in)
+static size_t linelog_escape_func(UNUSED REQUEST *request,
+ char *out, size_t outlen, const char *in,
+ UNUSED void *arg)
{
int len = 0;
CONF_PAIR *cp;
radius_xlat(line + 1, sizeof(line) - 2, inst->reference,
- request, linelog_escape_func);
+ request, linelog_escape_func, NULL);
line[0] = '.'; /* force to be in current section */
/*
*/
if (strcmp(inst->filename, "syslog") != 0) {
radius_xlat(buffer, sizeof(buffer), inst->filename, request,
- NULL);
+ NULL, NULL);
/* check path and eventually create subdirs */
p = strrchr(buffer,'/');
* FIXME: Check length.
*/
radius_xlat(line, sizeof(line) - 1, value, request,
- linelog_escape_func);
+ linelog_escape_func, NULL);
if (fd >= 0) {
strcat(line, "\n");
char msg[MAX_STRING_LEN];
VALUE_PAIR *tmp;
- if (!radius_xlat(msg, sizeof(msg), data->msg, request, NULL)) {
+ if (!radius_xlat(msg, sizeof(msg), data->msg, request, NULL, NULL)) {
radlog(L_ERR, "rlm_logintime: xlat failed.");
return RLM_MODULE_FAIL;
}
* attributes.
*/
static size_t mschap_xlat(void *instance, REQUEST *request,
- const char *fmt, char *out, size_t outlen,
- RADIUS_ESCAPE_STRING func)
+ const char *fmt, char *out, size_t outlen)
{
size_t i, data_len;
uint8_t *data = NULL;
response = NULL;
- func = func; /* -Wunused */
-
/*
* Challenge means MS-CHAPv1 challenge, or
* hash of MS-CHAPv2 challenge, and peer challenge.
while (isspace(*p)) p++;
- if (!radius_xlat(buf2, sizeof(buf2),p,request,NULL)) {
+ if (!radius_xlat(buf2, sizeof(buf2),p,request,NULL,NULL)) {
RDEBUG("xlat failed");
*buffer = '\0';
return 0;
while (isspace(*p)) p++;
- if (!radius_xlat(buf2, sizeof(buf2),p,request,NULL)) {
+ if (!radius_xlat(buf2, sizeof(buf2),p,request,NULL,NULL)) {
RDEBUG("xlat failed");
*buffer = '\0';
return 0;
*/
if (inst->ntlm_cpw_username) {
- len = radius_xlat(buf, sizeof(buf) - 2, inst->ntlm_cpw_username, request, NULL);
+ len = radius_xlat(buf, sizeof(buf) - 2, inst->ntlm_cpw_username, request, NULL, NULL);
strcat(buf, "\n");
len++;
}
if (inst->ntlm_cpw_domain) {
- len = radius_xlat(buf, sizeof(buf) - 2, inst->ntlm_cpw_domain, request, NULL);
+ len = radius_xlat(buf, sizeof(buf) - 2, inst->ntlm_cpw_domain, request, NULL, NULL);
strcat(buf, "\n");
len++;
/*
* perform the xlat
*/
- result_len = radius_xlat(result, sizeof(result), inst->local_cpw, request, NULL);
+ result_len = radius_xlat(result, sizeof(result), inst->local_cpw, request, NULL, NULL);
if (!result_len) {
RDEBUG("Local MS-CHAPv2 password change - xlat didn't give any result, assuming failure");
return -1;
}
strlcpy(buff2, "%{mschap:NT-Hash %{User-Password}}", sizeof(buff2));
- if (!radius_xlat(charbuf, sizeof(charbuf),buff2,request,NULL)){
+ if (!radius_xlat(charbuf, sizeof(charbuf),buff2,request,NULL,NULL)){
RDEBUG("mschap xlat failed");
snprintf(fmsg, sizeof(char[MAX_STRING_LEN]),
"rlm_pap: mschap xlat failed");
}
strlcpy(buff2, "%{mschap:LM-Hash %{User-Password}}", sizeof(buff2));
- if (!radius_xlat(charbuf,sizeof(charbuf),buff2,request,NULL)){
+ if (!radius_xlat(charbuf,sizeof(charbuf),buff2,request,NULL,NULL)){
RDEBUG("mschap xlat failed");
snprintf(fmsg, sizeof(char[MAX_STRING_LEN]),
"rlm_pap: mschap xlat failed");
* The xlat function
*/
static size_t perl_xlat(void *instance, REQUEST *request, char *fmt, char *out,
- size_t freespace, RADIUS_ESCAPE_STRING func)
+ size_t freespace)
{
PERL_INST *inst= (PERL_INST *) instance;
/*
* Do an xlat on the provided string (nice recursive operation).
*/
- if (!radius_xlat(params, sizeof(params), fmt, request, func)) {
+ if (!radius_xlat(params, sizeof(params), fmt, request, NULL, NULL)) {
radlog(L_ERR, "rlm_perl: xlat failed.");
return 0;
}
char buffer[1024];
radius_xlat(buffer, sizeof(buffer), this->rhs,
- state->request, NULL);
+ state->request, NULL, NULL);
fprintf(fr_log_fp, "%s", buffer);
if (!strchr(buffer, '\n')) fprintf(fr_log_fp, "\n");
}
strlcpy(lhs_buffer, data, sizeof(lhs_buffer)); /* FIXME: yuck */
} else if (this->lhs_type == POLICY_LEX_DOUBLE_QUOTED_STRING) {
if (radius_xlat(lhs_buffer, sizeof(lhs_buffer), this->lhs,
- state->request, NULL) > 0) {
+ state->request, NULL, NULL) > 0) {
data = lhs_buffer;
}
}
if ((assign->rhs_type == POLICY_LEX_DOUBLE_QUOTED_STRING) &&
(strchr(assign->rhs, '%') != NULL)) {
radius_xlat(buffer, sizeof(buffer), assign->rhs,
- request, NULL);
+ request, NULL, NULL);
value = buffer;
}
/*
* Get the utmp filename, via xlat.
*/
- radius_xlat(filename, sizeof(filename), inst->filename, request, NULL);
+ radius_xlat(filename, sizeof(filename), inst->filename, request, NULL, NULL);
/*
* See if this was a reboot.
* they told us to use.
*/
*buffer = '\0';
- radius_xlat(buffer, sizeof(buffer), inst->username, request, NULL);
+ radius_xlat(buffer, sizeof(buffer), inst->username, request, NULL, NULL);
/*
* Copy the previous translated user name.
/*
* Get the filename, via xlat.
*/
- radius_xlat(filename, sizeof(filename), inst->filename, request, NULL);
+ radius_xlat(filename, sizeof(filename), inst->filename, request, NULL, NULL);
if ((fd = open(filename, O_RDWR)) < 0) {
/*
}
*login = '\0';
- radius_xlat(login, sizeof(login), inst->username, request, NULL);
+ radius_xlat(login, sizeof(login), inst->username, request, NULL, NULL);
if (!*login) {
close(fd);
return RLM_MODULE_NOOP;
return dissocket;
}
-static size_t redis_escape_func(char *out, size_t outlen, const char *in)
+static size_t redis_escape_func(UNUSED REQUEST *request,
+ char *out, size_t outlen, const char *in, UNUSED void *arg)
{
size_t len = 0;
}
-static int redis_xlat(void *instance, REQUEST *request,
- char *fmt, char *out, size_t freespace,
- UNUSED RADIUS_ESCAPE_STRING func)
+static size_t redis_xlat(void *instance, REQUEST *request,
+ const char *fmt, char *out, size_t freespace)
{
REDIS_INST *inst = instance;
REDISSOCK *dissocket;
char querystr[MAX_QUERY_LEN];
if (!radius_xlat(querystr, sizeof(querystr), fmt, request,
- redis_escape_func)) {
+ redis_escape_func, inst)) {
radlog(L_ERR, "rlm_redis (%s): xlat failed.",
inst->xlat_name);
fr_connection_pool_delete(inst->pool);
if (inst->xlat_name) {
- xlat_unregister(inst->xlat_name, (RAD_XLAT_FUNC)redis_xlat, instance);
+ xlat_unregister(inst->xlat_name, redis_xlat, instance);
free(inst->xlat_name);
}
free(inst->xlat_name);
xlat_name = cf_section_name1(conf);
inst->xlat_name = strdup(xlat_name);
- xlat_register(inst->xlat_name, (RAD_XLAT_FUNC)redis_xlat, inst);
+ xlat_register(inst->xlat_name, redis_xlat, inst);
inst->pool = fr_connection_pool_init(conf, inst,
redis_create_conn, NULL,
* Do an xlat on the provided string
*/
if (request) {
- if (!radius_xlat(query, sizeof (query), fmt, request, NULL)) {
+ if (!radius_xlat(query, sizeof (query), fmt, request, NULL, NULL)) {
radlog(L_ERR, "rediswho_command: xlat failed on: '%s'", query);
return 0;
}
if (section->username) {
radius_xlat(buffer, sizeof(buffer),
- section->username, request, NULL);
+ section->username, request, NULL, NULL);
ret = curl_easy_setopt(candle, CURLOPT_USERNAME,
buffer);
}
if (section->password) {
radius_xlat(buffer, sizeof(buffer),
- section->password, request, NULL);
+ section->password, request, NULL, NULL);
ret = curl_easy_setopt(candle, CURLOPT_PASSWORD,
buffer);
if (section->username) {
radius_xlat(buffer, sizeof(buffer),
- section->username, request, NULL);
+ section->username, request, NULL, NULL);
ret = curl_easy_setopt(candle,
CURLOPT_TLSAUTH_USERNAME,
}
if (section->password) {
radius_xlat(buffer, sizeof(buffer),
- section->password, request, NULL);
+ section->password, request, NULL, NULL);
ret = curl_easy_setopt(candle,
CURLOPT_TLSAUTH_PASSWORD,
path = (q + 1);
out = buffer;
- out += radius_xlat(out, bufsize, scheme, request, NULL);
+ out += radius_xlat(out, bufsize, scheme, request, NULL, NULL);
free(scheme);
out += radius_xlat(out, (bufsize - (buffer - out)), path, request,
- rest_uri_escape);
+ rest_uri_escape, NULL);
return (buffer - out);
}
typedef struct rlm_soh_t {
- const char *xlat_name;
+ char *xlat_name;
int dhcp;
} rlm_soh_t;
/*
* Not sure how to make this useful yet...
*/
-static size_t soh_xlat(UNUSED void *instance, REQUEST *request, char *fmt, char *out, size_t outlen, UNUSED RADIUS_ESCAPE_STRING func) {
+static size_t soh_xlat(UNUSED void *instance, REQUEST *request, const char *fmt, char *out, size_t outlen) {
VALUE_PAIR* vp[6];
const char *osname;
}
static int soh_instantiate(CONF_SECTION *conf, void **instance) {
+ const char *name;
rlm_soh_t *inst;
inst = *instance = rad_malloc(sizeof(*inst));
return -1;
}
- inst->xlat_name = cf_section_name2(conf);
- if (!inst->xlat_name) inst->xlat_name = cf_section_name1(conf);
- inst->xlat_name = strdup(inst->xlat_name);
+ name = cf_section_name2(conf);
+ if (!name) name = cf_section_name1(conf);
+ inst->xlat_name = strdup(name);
xlat_register(inst->xlat_name, soh_xlat, inst);
return 0;
#include "rlm_sql.h"
-static char *allowed_chars = NULL;
-
static const CONF_PARSER section_config[] = {
{ "reference", PW_TYPE_STRING_PTR,
offsetof(rlm_sql_config_section_t, reference), NULL, ".query"},
* Yucky prototype.
*/
static int generate_sql_clients(SQL_INST *inst);
-static size_t sql_escape_func(char *out, size_t outlen, const char *in);
+static size_t sql_escape_func(REQUEST *, char *out, size_t outlen, const char *in, void *arg);
/*
* SQL xlat function
* for inserts, updates and deletes the number of rows afftected will be
* returned instead.
*/
-static int sql_xlat(void *instance, REQUEST *request,
- char *fmt, char *out, size_t freespace,
- UNUSED RADIUS_ESCAPE_STRING func)
+static size_t sql_xlat(void *instance, REQUEST *request,
+ const char *fmt, char *out, size_t freespace)
{
SQLSOCK *sqlsocket;
SQL_ROW row;
/*
* Do an xlat on the provided string (nice recursive operation).
*/
- if (!radius_xlat(querystr, sizeof(querystr), fmt, request, sql_escape_func)) {
+ if (!radius_xlat(querystr, sizeof(querystr), fmt, request, sql_escape_func, inst)) {
radlog(L_ERR, "rlm_sql (%s): xlat failed.",
inst->config->xlat_name);
return 0;
/*
* Translate the SQL queries.
*/
-static size_t sql_escape_func(char *out, size_t outlen, const char *in)
+static size_t sql_escape_func(UNUSED REQUEST *request, char *out, size_t outlen, const char *in, void *arg)
{
+ SQL_INST *inst = arg;
size_t len = 0;
while (in[0]) {
* mime-encoded equivalents.
*/
if ((in[0] < 32) ||
- strchr(allowed_chars, *in) == NULL) {
+ strchr(inst->config->allowed_chars, *in) == NULL) {
/*
* Only 3 or less bytes available.
*/
if (username != NULL) {
strlcpy(tmpuser, username, sizeof(tmpuser));
} else if (strlen(inst->config->query_user)) {
- radius_xlat(tmpuser, sizeof(tmpuser), inst->config->query_user, request, NULL);
+ radius_xlat(tmpuser, sizeof(tmpuser), inst->config->query_user, request, NULL, NULL);
} else {
return 0;
}
(inst->config->groupmemb_query[0] == 0))
return 0;
- if (!radius_xlat(querystr, sizeof(querystr), inst->config->groupmemb_query, request, sql_escape_func)) {
+ if (!radius_xlat(querystr, sizeof(querystr), inst->config->groupmemb_query, request, sql_escape_func, inst)) {
radlog_request(L_ERR, 0, request, "xlat \"%s\" failed.",
inst->config->groupmemb_query);
return -1;
return -1;
}
pairadd(&request->packet->vps, sql_group);
- if (!radius_xlat(querystr, sizeof(querystr), inst->config->authorize_group_check_query, request, sql_escape_func)) {
+ if (!radius_xlat(querystr, sizeof(querystr), inst->config->authorize_group_check_query, request, sql_escape_func, inst)) {
radlog_request(L_ERR, 0, request,
"Error generating query; rejecting user");
/* Remove the grouup we added above */
/*
* Now get the reply pairs since the paircompare matched
*/
- if (!radius_xlat(querystr, sizeof(querystr), inst->config->authorize_group_reply_query, request, sql_escape_func)) {
+ if (!radius_xlat(querystr, sizeof(querystr), inst->config->authorize_group_reply_query, request, sql_escape_func, inst)) {
radlog_request(L_ERR, 0, request, "Error generating query; rejecting user");
/* Remove the grouup we added above */
pairdelete(&request->packet->vps, PW_SQL_GROUP, 0);
/*
* Now get the reply pairs since the paircompare matched
*/
- if (!radius_xlat(querystr, sizeof(querystr), inst->config->authorize_group_reply_query, request, sql_escape_func)) {
+ if (!radius_xlat(querystr, sizeof(querystr), inst->config->authorize_group_reply_query, request, sql_escape_func, inst)) {
radlog_request(L_ERR, 0, request, "Error generating query; rejecting user");
/* Remove the grouup we added above */
pairdelete(&request->packet->vps, PW_SQL_GROUP, 0);
if (inst->pool) sql_poolfree(inst);
if (inst->config->xlat_name) {
- xlat_unregister(inst->config->xlat_name,(RAD_XLAT_FUNC)sql_xlat, instance);
+ xlat_unregister(inst->config->xlat_name, sql_xlat, instance);
free(inst->config->xlat_name);
}
free(*p);
*p = NULL;
}
- /*
- * Catch multiple instances of the module.
- */
- if (allowed_chars == inst->config->allowed_chars) {
- allowed_chars = NULL;
- }
free(inst->config);
inst->config = NULL;
}
* Register the SQL xlat function
*/
inst->config->xlat_name = strdup(xlat_name);
- xlat_register(xlat_name, (RAD_XLAT_FUNC)sql_xlat, inst);
+ xlat_register(xlat_name, sql_xlat, inst);
/*
* Sanity check for crazy people.
goto error;
}
}
- allowed_chars = inst->config->allowed_chars;
*instance = inst;
/*
* Alright, start by getting the specific entry for the user
*/
- if (!radius_xlat(querystr, sizeof(querystr), inst->config->authorize_check_query, request, sql_escape_func)) {
+ if (!radius_xlat(querystr, sizeof(querystr), inst->config->authorize_check_query, request, sql_escape_func, inst)) {
radlog_request(L_ERR, 0, request, "Error generating query; rejecting user");
sql_release_socket(inst, sqlsocket);
/* Remove the username we (maybe) added above */
/*
* Now get the reply pairs since the paircompare matched
*/
- if (!radius_xlat(querystr, sizeof(querystr), inst->config->authorize_reply_query, request, sql_escape_func)) {
+ if (!radius_xlat(querystr, sizeof(querystr), inst->config->authorize_reply_query, request, sql_escape_func, inst)) {
radlog_request(L_ERR, 0, request, "Error generating query; rejecting user");
sql_release_socket(inst, sqlsocket);
/* Remove the username we (maybe) added above */
*p++ = '.';
if (radius_xlat(p, (sizeof(path) - (p - path)) - 1,
- section->reference, request, NULL) < 0)
+ section->reference, request, NULL, NULL) < 0)
return RLM_MODULE_FAIL;
item = cf_reference_item(NULL, section->cs, path);
goto null_query;
radius_xlat(querystr, sizeof(querystr), value, request,
- sql_escape_func);
+ sql_escape_func, inst);
if (!*querystr)
goto null_query;
if(sql_set_user(inst, request, sqlusername, NULL) < 0)
return RLM_MODULE_FAIL;
- radius_xlat(querystr, sizeof(querystr), inst->config->simul_count_query, request, sql_escape_func);
+ radius_xlat(querystr, sizeof(querystr), inst->config->simul_count_query, request, sql_escape_func, inst);
/* initialize the sql socket */
sqlsocket = sql_get_socket(inst);
return RLM_MODULE_OK;
}
- radius_xlat(querystr, sizeof(querystr), inst->config->simul_verify_query, request, sql_escape_func);
+ radius_xlat(querystr, sizeof(querystr), inst->config->simul_verify_query, request, sql_escape_func, inst);
if(rlm_sql_select_query(&sqlsocket, inst, querystr)) {
sql_release_socket(inst, sqlsocket);
return RLM_MODULE_FAIL;
int (*sql_set_user)(SQL_INST *inst, REQUEST *request, char *sqlusername, const char *username);
SQLSOCK *(*sql_get_socket)(SQL_INST * inst);
int (*sql_release_socket)(SQL_INST * inst, SQLSOCK * sqlsocket);
- size_t (*sql_escape_func)(char *out, size_t outlen, const char *in);
+ size_t (*sql_escape_func)(REQUEST *, char *out, size_t outlen, const char *in, void *arg);
int (*sql_query)(SQLSOCK **sqlsocket, SQL_INST *inst, char *query);
int (*sql_select_query)(SQLSOCK **sqlsocket, SQL_INST *inst, char *query);
int (*sql_fetch_row)(SQLSOCK **sqlsocket, SQL_INST *inst);
if (!filename) return;
- if (!radius_xlat(buffer, sizeof(buffer), filename, request, NULL)) {
+ if (!radius_xlat(buffer, sizeof(buffer), filename, request, NULL, NULL)) {
radlog(L_ERR, "rlm_sql (%s): xlat failed.",
inst->config->xlat_name);
return;
{ NULL, -1, 0, NULL, NULL } /* end the list */
};
-static char *allowed_chars = NULL;
/*
* Do any per-module initialization that is separate to each
}
inst->conf_section = conf;
- allowed_chars = inst->allowed_chars;
*instance = inst;
return 0;
}
free(*p);
*p = NULL;
}
- allowed_chars = NULL;
free(inst);
return 0;
}
/*
* Translate the SQL queries.
*/
-static size_t sql_escape_func(char *out, size_t outlen, const char *in)
+static size_t sql_escape_func(UNUSED REQUEST *request, char *out, size_t outlen, const char *in, void *arg)
{
+ rlm_sql_log_t *inst = (rlm_sql_log_t *)arg;
int len = 0;
while (in[0]) {
* mime-encoded equivalents.
*/
if ((in[0] < 32) ||
- strchr(allowed_chars, *in) == NULL) {
+ strchr(inst->allowed_chars, *in) == NULL) {
/*
* Only 3 or less bytes available.
*/
return len;
}
-static size_t sql_utf8_escape_func(char *out, size_t outlen, const char *in)
+static size_t sql_utf8_escape_func(UNUSED REQUEST *request, char *out, size_t outlen, const char *in, void *arg)
{
+ rlm_sql_log_t *inst = (rlm_sql_log_t *)arg;
size_t len = 0;
size_t utf8 = 0;
* mime-encoded equivalents.
*/
if ((in[0] < 32) ||
- strchr(allowed_chars, *in) == NULL) {
+ strchr(inst->allowed_chars, *in) == NULL) {
/*
* Only 3 or less bytes available.
*/
strlcpy(tmpuser, username, MAX_STRING_LEN);
} else if (inst->sql_user_name[0] != '\0') {
radius_xlat(tmpuser, sizeof(tmpuser), inst->sql_user_name,
- request, NULL);
+ request, NULL, NULL);
} else {
return 0;
}
/* Expand variables in the query */
xlat_query[0] = '\0';
radius_xlat(xlat_query, len, query, request,
- inst->utf8 ? sql_utf8_escape_func : sql_escape_func);
+ inst->utf8 ? sql_utf8_escape_func : sql_escape_func, inst);
if (xlat_query[0] == '\0') {
radlog_request(L_ERR, 0, request, "Couldn't xlat the query %s",
query);
char *p, path[1024];
path[0] = '\0';
- radius_xlat(path, sizeof(path), inst->path, request, NULL);
+ radius_xlat(path, sizeof(path), inst->path, request, NULL, NULL);
if (path[0] == '\0') {
return RLM_MODULE_FAIL;
}
char *sqlmod_inst; /* instance of SQL module to use, usually just 'sql' */
char *query; /* SQL query to retrieve current session time */
char *reset; /* daily, weekly, monthly, never or user defined */
- char *allowed_chars; /* safe characters list for SQL queries */
time_t reset_time;
time_t last_reset;
DICT_ATTR *key_attr; /* attribute number for key field */
{ "sqlmod-inst", PW_TYPE_STRING_PTR, offsetof(rlm_sqlcounter_t,sqlmod_inst), NULL, NULL },
{ "query", PW_TYPE_STRING_PTR, offsetof(rlm_sqlcounter_t,query), NULL, NULL },
{ "reset", PW_TYPE_STRING_PTR, offsetof(rlm_sqlcounter_t,reset), NULL, NULL },
- { "safe-characters", PW_TYPE_STRING_PTR, offsetof(rlm_sqlcounter_t,allowed_chars), NULL, "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"},
{ NULL, -1, 0, NULL, NULL }
};
-static char *allowed_chars = NULL;
-
-/*
- * Translate the SQL queries.
- */
-static size_t sql_escape_func(char *out, size_t outlen, const char *in)
-{
- int len = 0;
-
- while (in[0]) {
- /*
- * Non-printable characters get replaced with their
- * mime-encoded equivalents.
- */
- if ((in[0] < 32) ||
- strchr(allowed_chars, *in) == NULL) {
- /*
- * Only 3 or less bytes available.
- */
- if (outlen <= 3) {
- break;
- }
-
- snprintf(out, outlen, "=%02X", (unsigned char) in[0]);
- in++;
- out += 3;
- outlen -= 3;
- len += 3;
- continue;
- }
-
- /*
- * Only one byte left.
- */
- if (outlen <= 1) {
- break;
- }
-
- /*
- * Allowed character.
- */
- *out = *in;
- out++;
- in++;
- outlen--;
- len++;
- }
- *out = '\0';
- return len;
-}
-
static int find_next_reset(rlm_sqlcounter_t *data, time_t timeval)
{
int ret = 0;
strlcpy(q, data->key_name, freespace);
q += strlen(q);
break;
- case 'S': /* SQL module instance */
- DEBUG2("WARNING: Please replace '%%S' with '${sqlmod-inst}'");
- strlcpy(q, data->sqlmod_inst, freespace);
- q += strlen(q);
- break;
default:
*q++ = '%';
*q++ = *p;
rlm_sqlcounter_t *data = (rlm_sqlcounter_t *) instance;
int counter;
char querystr[MAX_QUERY_LEN];
- char responsestr[MAX_QUERY_LEN];
+ char sqlxlat[MAX_QUERY_LEN];
check_pairs = check_pairs; /* shut the compiler up */
reply_pairs = reply_pairs;
/* first, expand %k, %b and %e in query */
sqlcounter_expand(querystr, MAX_QUERY_LEN, data->query, instance);
- /* second, xlat any request attribs in query */
- radius_xlat(responsestr, MAX_QUERY_LEN, querystr, req, sql_escape_func);
-
/* third, wrap query with sql module call & expand */
- snprintf(querystr, sizeof(querystr), "%%{%%S:%s}", responsestr);
- sqlcounter_expand(responsestr, MAX_QUERY_LEN, querystr, instance);
+ snprintf(sqlxlat, sizeof(sqlxlat), "%%{%s:%s}", data->sqlmod_inst, querystr);
/* Finally, xlat resulting SQL query */
- radius_xlat(querystr, MAX_QUERY_LEN, responsestr, req, sql_escape_func);
+ radius_xlat(querystr, MAX_QUERY_LEN, sqlxlat, req, NULL, NULL);
counter = atoi(querystr);
DICT_ATTR *dattr;
ATTR_FLAGS flags;
time_t now;
- char buffer[MAX_STRING_LEN];
/*
* Set up a storage area for instance data
}
/*
- * Safe characters list for sql queries. Everything else is
- * replaced with their mime-encoded equivalents.
- */
- allowed_chars = data->allowed_chars;
-
- /*
* Discover the attribute number of the key.
*/
if (data->key_name == NULL) {
sqlcounter_detach(data);
return -1;
}
- sql_escape_func(buffer, sizeof(buffer), data->key_name);
- if (strcmp(buffer, data->key_name) != 0) {
- radlog(L_ERR, "rlm_sqlcounter: The value for option 'key' is too long or contains unsafe characters.");
- sqlcounter_detach(data);
- return -1;
- }
dattr = dict_attrbyname(data->key_name);
if (dattr == NULL) {
radlog(L_ERR, "rlm_sqlcounter: No such attribute %s",
sqlcounter_detach(data);
return -1;
}
- sql_escape_func(buffer, sizeof(buffer), data->sqlmod_inst);
- if (strcmp(buffer, data->sqlmod_inst) != 0) {
- radlog(L_ERR, "rlm_sqlcounter: The value for option 'sqlmod-inst' is too long or contains unsafe characters.");
- sqlcounter_detach(data);
- return -1;
- }
/*
* Create a new attribute for the counter.
VALUE_PAIR *reply_item;
char msg[128];
char querystr[MAX_QUERY_LEN];
- char responsestr[MAX_QUERY_LEN];
+ char sqlxlat[MAX_QUERY_LEN];
/* quiet the compiler */
instance = instance;
/* first, expand %k, %b and %e in query */
sqlcounter_expand(querystr, MAX_QUERY_LEN, data->query, instance);
- /* second, xlat any request attribs in query */
- radius_xlat(responsestr, MAX_QUERY_LEN, querystr, request, sql_escape_func);
-
- /* third, wrap query with sql module & expand */
- snprintf(querystr, sizeof(querystr), "%%{%%S:%s}", responsestr);
- sqlcounter_expand(responsestr, MAX_QUERY_LEN, querystr, instance);
+ /* next, wrap query with sql module & expand */
+ snprintf(sqlxlat, sizeof(sqlxlat), "%%{%s:%s}", data->sqlmod_inst, querystr);
/* Finally, xlat resulting SQL query */
- radius_xlat(querystr, MAX_QUERY_LEN, responsestr, request, sql_escape_func);
+ radius_xlat(querystr, MAX_QUERY_LEN, sqlxlat, request, NULL, NULL);
if (sscanf(querystr, "%u", &counter) != 1) {
DEBUG2("rlm_sqlcounter: No integer found in string \"%s\"",
char **p;
rlm_sqlcounter_t *inst = (rlm_sqlcounter_t *)instance;
- allowed_chars = NULL;
paircompare_unregister(inst->dict_attr->attr, sqlcounter_cmp);
/*
* Do an xlat on the provided string
*/
if (request) {
- if (!radius_xlat(query, sizeof(query), expansion, request, data->sql_inst->sql_escape_func)) {
+ if (!radius_xlat(query, sizeof(query), expansion, request, data->sql_inst->sql_escape_func, data->sql_inst)) {
radlog(L_ERR, "sqlippool_command: xlat failed on: '%s'", query);
return 0;
}
* Do an xlat on the provided string
*/
if (request) {
- if (!radius_xlat(query, sizeof(query), expansion, request, data->sql_inst->sql_escape_func)) {
+ if (!radius_xlat(query, sizeof(query), expansion, request, data->sql_inst->sql_escape_func, data->sql_inst)) {
radlog(L_ERR, "sqlippool_command: xlat failed.");
out[0] = '\0';
return 0;
if (pairfind(request->reply->vps, PW_FRAMED_IP_ADDRESS, 0) != NULL) {
/* We already have a Framed-IP-Address */
radius_xlat(logstr, sizeof(logstr), data->log_exists,
- request, NULL);
+ request, NULL, NULL);
RDEBUG("Framed-IP-Address already exists");
return do_logging(logstr, RLM_MODULE_NOOP);
if (pairfind(request->config_items, PW_POOL_NAME, 0) == NULL) {
RDEBUG("No Pool-Name defined.");
radius_xlat(logstr, sizeof(logstr), data->log_nopool,
- request, NULL);
+ request, NULL, NULL);
return do_logging(logstr, RLM_MODULE_NOOP);
}
* NOTFOUND
*/
RDEBUG("pool appears to be full");
- radius_xlat(logstr, sizeof(logstr), data->log_failed, request, NULL);
+ radius_xlat(logstr, sizeof(logstr), data->log_failed, request, NULL, NULL);
return do_logging(logstr, RLM_MODULE_NOTFOUND);
}
RDEBUG("IP address could not be allocated.");
radius_xlat(logstr, sizeof(logstr), data->log_failed,
- request, NULL);
+ request, NULL, NULL);
return do_logging(logstr, RLM_MODULE_NOOP);
}
RDEBUG("Invalid IP number [%s] returned from database query.", allocation);
data->sql_inst->sql_release_socket(data->sql_inst, sqlsocket);
radius_xlat(logstr, sizeof(logstr), data->log_failed,
- request, NULL);
+ request, NULL, NULL);
return do_logging(logstr, RLM_MODULE_NOOP);
}
(char *) NULL, 0);
data->sql_inst->sql_release_socket(data->sql_inst, sqlsocket);
- radius_xlat(logstr, sizeof(logstr), data->log_success, request, NULL);
+ radius_xlat(logstr, sizeof(logstr), data->log_success, request, NULL, NULL);
return do_logging(logstr, RLM_MODULE_OK);
}
sqlippool_command(data->stop_commit, sqlsocket, data, request,
(char *) NULL, 0);
- radius_xlat(logstr, sizeof(logstr), data->log_clear, request, NULL);
+ radius_xlat(logstr, sizeof(logstr), data->log_clear, request, NULL, NULL);
return do_logging(logstr, RLM_MODULE_OK);
}