/*
+ * WiMAX craziness.
+ */
+#define MAX_TLV_NEST (4)
+/*
+ * Bit packing:
+ * 8 bits of base VSA
+ * 8 bits for nested TLV 1
+ * 8 bits for nested TLV 2
+ * 5 bits for nested TLV 3
+ * 3 bits for nested TLV 4
+ */
+const int fr_wimax_max_tlv = MAX_TLV_NEST;
+const int fr_wimax_shift[MAX_TLV_NEST + 1] = {
+ 0, 8, 16, 24, 29
+};
+
+const int fr_wimax_mask[MAX_TLV_NEST + 1] = {
+ 0, 0xff, 0xff, 0x1f, 0x07
+};
+
+
+/*
* Create the hash of the name.
*
* We copy the hash function here because it's substantially faster.
const DICT_VALUE *dval = data;
hash = dict_hashname(dval->name);
+ hash = fr_hash_update(&dval->vendor, sizeof(dval->vendor), hash);
return fr_hash_update(&dval->attr, sizeof(dval->attr), hash);
}
rcode = a->attr - b->attr;
if (rcode != 0) return rcode;
+ rcode = a->vendor - b->vendor;
+ if (rcode != 0) return rcode;
+
return strcasecmp(a->name, b->name);
}
const DICT_VALUE *dval = data;
hash = fr_hash(&dval->attr, sizeof(dval->attr));
+ hash = fr_hash_update(&dval->vendor, sizeof(dval->vendor), hash);
return fr_hash_update(&dval->value, sizeof(dval->value), hash);
}
const DICT_VALUE *a = one;
const DICT_VALUE *b = two;
+ if (a->vendor < b->vendor) return -1;
+ if (a->vendor > b->vendor) return +1;
+
rcode = a->attr - b->attr;
if (rcode != 0) return rcode;
size_t length;
DICT_VENDOR *dv;
- if (value > 65535) {
- fr_strerror_printf("dict_addvendor: Cannot handle vendor ID larger than 65535");
+ if (value > FR_MAX_VENDOR) {
+ fr_strerror_printf("dict_addvendor: Cannot handle vendor ID larger than 2^24");
return -1;
}
}
}
- if (attr < 0) {
- fr_strerror_printf("dict_addattr: ATTRIBUTE has invalid number (less than zero)");
- return -1;
+ /*
+ * Additional checks for extended attributes.
+ */
+ if (flags.extended || flags.extended_flags) {
+ if (vendor != 0) {
+ fr_strerror_printf("dict_addattr: VSAs cannot use the \"extended\" attribute format.");
+ return -1;
+ }
+ vendor = VENDORPEC_EXTENDED;
+
+ if ((attr < 256) && (type != PW_TYPE_OCTETS)) {
+ fr_strerror_printf("dict_addattr: The base \"extended\" attribute definition MUST be of type \"octets\".");
+ return -1;
+ }
+
+ if (flags.has_tag || flags.array || (flags.encrypt != FLAG_ENCRYPT_NONE)) {
+ fr_strerror_printf("dict_addattr: The \"extended\" attributes MUST NOT have any flags set.");
+ return -1;
+ }
}
- if (attr >= 65536) {
- fr_strerror_printf("dict_addattr: ATTRIBUTE has invalid number (larger than 65535).");
+ if (attr < 0) {
+ fr_strerror_printf("dict_addattr: ATTRIBUTE has invalid number (less than zero)");
return -1;
}
- if (vendor) {
+ if (vendor && (vendor != VENDORPEC_EXTENDED)) {
DICT_VENDOR *dv;
static DICT_VENDOR *last_vendor = NULL;
- if (flags.is_tlv && (flags.encrypt != FLAG_ENCRYPT_NONE)) {
- fr_strerror_printf("Sub-TLV's cannot be encrypted");
- return -1;
- }
-
if (flags.has_tlv && (flags.encrypt != FLAG_ENCRYPT_NONE)) {
fr_strerror_printf("TLV's cannot be encrypted");
return -1;
* If the vendor isn't defined, die.
*/
if (!dv) {
- fr_strerror_printf("dict_addattr: Unknown vendor");
+ fr_strerror_printf("dict_addattr: Unknown vendor %d",
+ vendor);
return -1;
}
da->vendor = vendor;
da->type = type;
da->flags = flags;
- da->vendor = vendor;
/*
* Insert the attribute, only if it's not a duplicate.
}
dval->attr = dattr->attr;
+ dval->vendor = dattr->vendor;
/*
* Enforce valid values
{
int rcode = 0;
int base = 10;
- const char *tab = "0123456789";
+ static const char *tab = "0123456789";
if ((str[0] == '0') &&
((str[1] == 'x') || (str[1] == 'X'))) {
*/
static int process_attribute(const char* fn, const int line,
const int block_vendor, DICT_ATTR *block_tlv,
- char **argv, int argc)
+ int tlv_depth, char **argv, int argc)
{
int vendor = 0;
int value;
int type;
+ int length = 0;
ATTR_FLAGS flags;
+ char *p;
if ((argc < 3) || (argc > 4)) {
fr_strerror_printf("dict_init: %s[%d]: invalid ATTRIBUTE line",
return -1;
}
+ memset(&flags, 0, sizeof(flags));
+
+ /*
+ * Look for extended attributes before doing anything else.
+ */
+ p = strchr(argv[1], '.');
+ if (p) *p = '\0';
+
/*
* Validate all entries
*/
}
/*
- * find the type of the attribute.
+ * Parse extended attributes.
*/
- type = fr_str2int(type_table, argv[2], -1);
- if (type < 0) {
- fr_strerror_printf("dict_init: %s[%d]: invalid type \"%s\"",
- fn, line, argv[2]);
- return -1;
+ if (p) {
+ int sub;
+ char *q;
+ DICT_ATTR *da;
+
+ *p = '.'; /* reset forlater printing */
+
+ /*
+ * Does the parent attribute exist?
+ */
+ da = dict_attrbyvalue(value, VENDORPEC_EXTENDED);
+ if (!da) {
+ fr_strerror_printf("dict_init: %s[%d]: Entry refers to unknown attribute %d", fn, line, value);
+ return -1;
+ }
+
+ /*
+ * 241.1 means 241 is of type "extended".
+ * Otherwise, die.
+ */
+ if (!da->flags.extended && !da->flags.extended_flags) {
+ fr_strerror_printf("dict_init: %s[%d]: Entry refers to a non-extended attribute %d", fn, line, value);
+ return -1;
+ }
+
+ /*
+ * Look for sub-TLVs
+ */
+ q = strchr(p + 1, '.');
+ if (q) *q = '\0';
+
+ /*
+ * Parse error.
+ */
+ if (!sscanf_i(p + 1, &sub)) {
+ fr_strerror_printf("dict_init: %s[%d]: Parse error in value \"%s\"", fn, line, argv[1]);
+ return -1;
+ }
+
+ /*
+ * Value is out of bounds.
+ */
+ if ((sub == 0) || (sub > 255)) {
+ fr_strerror_printf("dict_init: %s[%d]: Entry has value out of range 0..255: %d", fn, line, sub);
+ return -1;
+ }
+
+ value |= (sub << fr_wimax_shift[1]);
+
+ /*
+ * If this is defining the contents of a TLV,
+ * look for the parent, and check it.
+ */
+ if (q) {
+ DICT_ATTR *tlv;
+
+ tlv = dict_attrbyvalue(value, VENDORPEC_EXTENDED);
+ if (!tlv || !tlv->flags.has_tlv ||
+ (!tlv->flags.extended && !tlv->flags.extended_flags)) {
+ fr_strerror_printf("dict_init: %s[%d]: Entry refers to Attribute \"%s\", which is not an extended attribute TLV", fn, line, argv[1]);
+ return -1;
+
+ }
+
+ flags.is_tlv = 1;
+
+ /*
+ * Parse error.
+ */
+ if (!sscanf_i(q + 1, &sub)) {
+ fr_strerror_printf("dict_init: %s[%d]: Parse error in value \"%s\"", fn, line, argv[1]);
+ return -1;
+ }
+
+ /*
+ * Value is out of bounds.
+ */
+ if ((sub == 0) || (sub > 255)) {
+ fr_strerror_printf("dict_init: %s[%d]: Entry has value out of range 0..255: %d", fn, line, sub);
+ return -1;
+ }
+
+ value |= (sub << fr_wimax_shift[2]);
+ }
+
+ /*
+ * Set which type of attribute this is.
+ */
+ flags.extended = da->flags.extended;
+ flags.extended_flags = da->flags.extended_flags;
+ }
+
+ if (strncmp(argv[2], "octets[", 7) != 0) {
+ /*
+ * find the type of the attribute.
+ */
+ type = fr_str2int(type_table, argv[2], -1);
+ if (type < 0) {
+ fr_strerror_printf("dict_init: %s[%d]: invalid type \"%s\"",
+ fn, line, argv[2]);
+ return -1;
+ }
+ } else {
+ type = PW_TYPE_OCTETS;
+
+ p = strchr(argv[2] + 7, ']');
+ if (!p) {
+ fr_strerror_printf("dict_init: %s[%d]: Invalid format for octets", fn, line);
+ return -1;
+ }
+
+ *p = 0;
+
+ if (!sscanf_i(argv[1], &length)) {
+ fr_strerror_printf("dict_init: %s[%d]: invalid length", fn, line);
+ return -1;
+ }
+
+ if ((length == 0) || (length > 253)) {
+ fr_strerror_printf("dict_init: %s[%d]: invalid length", fn, line);
+ return -1;
+ }
}
/*
* Only look up the vendor if the string
* is non-empty.
*/
- memset(&flags, 0, sizeof(flags));
- if (argc == 4) {
+ if (argc < 4) {
+ /*
+ * Force "length" for data types of fixed length;
+ */
+ switch (type) {
+ case PW_TYPE_BYTE:
+ length = 1;
+ break;
+
+ case PW_TYPE_SHORT:
+ length = 2;
+ break;
+
+ case PW_TYPE_DATE:
+ case PW_TYPE_IPADDR:
+ case PW_TYPE_INTEGER:
+ case PW_TYPE_SIGNED:
+ length = 4;
+ break;
+
+ case PW_TYPE_ETHERNET:
+ length = 6;
+ break;
+
+ case PW_TYPE_IFID:
+ length = 8;
+ break;
+
+ case PW_TYPE_IPV6ADDR:
+ length = 16;
+ break;
+
+ default:
+ break;
+ }
+
+ flags.length = length;
+
+ } else { /* argc == 4: we have options */
char *key, *next, *last;
+ if (length != 0) {
+ fr_strerror_printf("dict_init: %s[%d]: length cannot be used with options", fn, line);
+ return -1;
+ }
+
key = argv[3];
do {
next = strchr(key, ',');
return -1;
}
- } else if (strncmp(key, "array", 8) == 0) {
+ } else if (strncmp(key, "array", 6) == 0) {
flags.array = 1;
switch (type) {
((vendor = dict_vendorbyname(key)) !=0)) {
break;
+ } else if (strncmp(key, "extended-flags", 15) == 0) {
+ if (flags.extended) {
+ fr_strerror_printf( "dict_init: %s[%d] You cannot set two \"extended\" flags.",
+ fn, line);
+ return -1;
+ }
+
+ flags.extended_flags = 1;
+
+ } else if (strncmp(key, "extended", 9) == 0) {
+ if (flags.extended_flags) {
+ fr_strerror_printf( "dict_init: %s[%d] You cannot set two \"extended\" flags.",
+ fn, line);
+ return -1;
+ }
+ flags.extended = 1;
+
} else {
fr_strerror_printf( "dict_init: %s[%d]: unknown option \"%s\"",
fn, line, key);
fn, line,
fr_int2str(type_table, type, "?Unknown?"));
return -1;
-
}
}
/*
* TLV's can be only one octet.
*/
- if ((value <= 0) || (value > 255)) {
- fr_strerror_printf( "dict_init: %s[%d]: sub-tlv's cannot have value > 255",
- fn, line);
- return -1;
- }
-
- if (flags.encrypt != FLAG_ENCRYPT_NONE) {
- fr_strerror_printf( "dict_init: %s[%d]: sub-tlv's cannot be encrypted",
+ if ((value <= 0) || ((value & ~fr_wimax_mask[tlv_depth]) != 0)) {
+ fr_strerror_printf( "dict_init: %s[%d]: sub-tlv has invalid attribute number",
fn, line);
return -1;
}
/*
*
*/
- value <<= 8;
- value |= (block_tlv->attr & 0xffff);
+ value <<= fr_wimax_shift[tlv_depth];
+ value |= block_tlv->attr;
flags.is_tlv = 1;
}
dval->name[0] = '\0'; /* empty name */
dval->attr = my_da->attr;
+ dval->vendor = my_da->vendor;
dval->value = da->attr;
if (!fr_hash_table_insert(values_byname, dval)) {
return -1;
}
continuation = 1;
+
+ if ((value != VENDORPEC_WIMAX) ||
+ (type != 1) || (length != 1)) {
+ fr_strerror_printf("dict_init: %s[%d]: Only WiMAX VSAs can have continuations",
+ fn, line);
+ return -1;
+ }
}
dv = dict_vendorbyvalue(value);
int argc = 0;
while (*str) {
- if (argc >= max_argc) return argc;
+ if (argc >= max_argc) break;
/*
* Chop out comments early.
(*str == '\r') ||
(*str == '\n')) *(str++) = '\0';
- if (!*str) return argc;
+ if (!*str) break;
argv[argc] = str;
argc++;
struct stat statbuf;
char *argv[MAX_ARGV];
int argc;
- DICT_ATTR *da, *block_tlv = NULL;
+ DICT_ATTR *da, *block_tlv[MAX_TLV_NEST + 1];
+ int which_block_tlv = 0;
+
+ block_tlv[0] = NULL;
+ block_tlv[1] = NULL;
+ block_tlv[2] = NULL;
if (strlen(fn) >= sizeof(dirtmp) / 2 ||
strlen(dir) >= sizeof(dirtmp) / 2) {
*/
if (strcasecmp(argv[0], "ATTRIBUTE") == 0) {
if (process_attribute(fn, line, block_vendor,
- block_tlv,
+ block_tlv[which_block_tlv],
+ which_block_tlv,
argv + 1, argc - 1) == -1) {
fclose(fp);
return -1;
return -1;
}
- block_tlv = da;
+ if (which_block_tlv >= MAX_TLV_NEST) {
+ fr_strerror_printf(
+ "dict_init: %s[%d]: TLVs are nested too deep",
+ fn, line);
+ fclose(fp);
+ return -1;
+ }
+
+
+ block_tlv[++which_block_tlv] = da;
continue;
} /* BEGIN-TLV */
return -1;
}
- if (da != block_tlv) {
+ if (da != block_tlv[which_block_tlv]) {
fr_strerror_printf(
"dict_init: %s[%d]: END-TLV %s does not match any previous BEGIN-TLV",
fn, line, argv[1]);
fclose(fp);
return -1;
}
- block_tlv = NULL;
+ block_tlv[which_block_tlv--] = NULL;
continue;
} /* END-VENDOR */
projects / freeradius.git / blobdiff