/*
+ * WiMAX craziness.
+ */
+#define MAX_TLV_NEST (4)
+/*
+ * Bit packing:
+ * 8 bits of base VSA
+ * 8 bits for nested TLV 1
+ * 8 bits for nested TLV 2
+ * 5 bits for nested TLV 3
+ * 3 bits for nested TLV 4
+ */
+const int fr_wimax_max_tlv = MAX_TLV_NEST;
+const int fr_wimax_shift[MAX_TLV_NEST + 1] = {
+ 0, 8, 16, 24, 29
+};
+
+const int fr_wimax_mask[MAX_TLV_NEST + 1] = {
+ 0, 0xff, 0xff, 0x1f, 0x07
+};
+
+
+/*
* Create the hash of the name.
*
* We copy the hash function here because it's substantially faster.
const DICT_VALUE *dval = data;
hash = dict_hashname(dval->name);
+ hash = fr_hash_update(&dval->vendor, sizeof(dval->vendor), hash);
return fr_hash_update(&dval->attr, sizeof(dval->attr), hash);
}
rcode = a->attr - b->attr;
if (rcode != 0) return rcode;
+ rcode = a->vendor - b->vendor;
+ if (rcode != 0) return rcode;
+
return strcasecmp(a->name, b->name);
}
const DICT_VALUE *dval = data;
hash = fr_hash(&dval->attr, sizeof(dval->attr));
+ hash = fr_hash_update(&dval->vendor, sizeof(dval->vendor), hash);
return fr_hash_update(&dval->value, sizeof(dval->value), hash);
}
const DICT_VALUE *a = one;
const DICT_VALUE *b = two;
+ if (a->vendor < b->vendor) return -1;
+ if (a->vendor > b->vendor) return +1;
+
rcode = a->attr - b->attr;
if (rcode != 0) return rcode;
size_t length;
DICT_VENDOR *dv;
- if (value > 65535) {
- fr_strerror_printf("dict_addvendor: Cannot handle vendor ID larger than 65535");
+ if (value > FR_MAX_VENDOR) {
+ fr_strerror_printf("dict_addvendor: Cannot handle vendor ID larger than 2^24");
return -1;
}
/*
* Add an attribute to the dictionary.
*/
-int dict_addattr(const char *name, int vendor, int type, int value,
+int dict_addattr(const char *name, int attr, int vendor, int type,
ATTR_FLAGS flags)
{
size_t namelen;
static int max_attr = 0;
- DICT_ATTR *attr;
+ DICT_ATTR *da;
namelen = strlen(name);
if (namelen >= DICT_ATTR_MAX_NAME_LEN) {
}
/*
- * If the value is '-1', that means use a pre-existing
+ * If the attr is '-1', that means use a pre-existing
* one (if it already exists). If one does NOT already exist,
* then create a new attribute, with a non-conflicting value,
* and use that.
*/
- if (value == -1) {
+ if (attr == -1) {
if (dict_attrbyname(name)) {
return 0; /* exists, don't add it again */
}
- value = ++max_attr;
+ attr = ++max_attr;
} else if (vendor == 0) {
/*
* Update 'max_attr'
*/
- if (value > max_attr) {
- max_attr = value;
+ if (attr > max_attr) {
+ max_attr = attr;
}
}
- if (value < 0) {
- fr_strerror_printf("dict_addattr: ATTRIBUTE has invalid number (less than zero)");
- return -1;
+ /*
+ * Additional checks for extended attributes.
+ */
+ if (flags.extended || flags.extended_flags) {
+ if (vendor != 0) {
+ fr_strerror_printf("dict_addattr: VSAs cannot use the \"extended\" attribute format.");
+ return -1;
+ }
+ vendor = VENDORPEC_EXTENDED;
+
+ if ((attr < 256) && (type != PW_TYPE_OCTETS)) {
+ fr_strerror_printf("dict_addattr: The base \"extended\" attribute definition MUST be of type \"octets\".");
+ return -1;
+ }
+
+ if (flags.has_tag || flags.array || (flags.encrypt != FLAG_ENCRYPT_NONE)) {
+ fr_strerror_printf("dict_addattr: The \"extended\" attributes MUST NOT have any flags set.");
+ return -1;
+ }
}
- if (value >= 65536) {
- fr_strerror_printf("dict_addattr: ATTRIBUTE has invalid number (larger than 65535).");
+ if (attr < 0) {
+ fr_strerror_printf("dict_addattr: ATTRIBUTE has invalid number (less than zero)");
return -1;
}
- if (vendor) {
+ if (vendor && (vendor != VENDORPEC_EXTENDED)) {
DICT_VENDOR *dv;
static DICT_VENDOR *last_vendor = NULL;
- if (flags.is_tlv && (flags.encrypt != FLAG_ENCRYPT_NONE)) {
- fr_strerror_printf("Sub-TLV's cannot be encrypted");
- return -1;
- }
-
if (flags.has_tlv && (flags.encrypt != FLAG_ENCRYPT_NONE)) {
fr_strerror_printf("TLV's cannot be encrypted");
return -1;
* If the vendor isn't defined, die.
*/
if (!dv) {
- fr_strerror_printf("dict_addattr: Unknown vendor");
+ fr_strerror_printf("dict_addattr: Unknown vendor %d",
+ vendor);
return -1;
}
* FIXME: Switch over dv->type, and limit things
* properly.
*/
- if ((dv->type == 1) && (value >= 256) && !flags.is_tlv) {
+ if ((dv->type == 1) && (attr >= 256) && !flags.is_tlv) {
fr_strerror_printf("dict_addattr: ATTRIBUTE has invalid number (larger than 255).");
return -1;
} /* else 256..65535 are allowed */
/*
* Create a new attribute for the list
*/
- if ((attr = fr_pool_alloc(sizeof(*attr) + namelen)) == NULL) {
+ if ((da = fr_pool_alloc(sizeof(*da) + namelen)) == NULL) {
fr_strerror_printf("dict_addattr: out of memory");
return -1;
}
- memcpy(attr->name, name, namelen);
- attr->name[namelen] = '\0';
- attr->attr = value;
- attr->attr |= (vendor << 16); /* FIXME: hack */
- attr->vendor = vendor;
- attr->type = type;
- attr->flags = flags;
- attr->vendor = vendor;
+ memcpy(da->name, name, namelen);
+ da->name[namelen] = '\0';
+ da->attr = attr;
+ da->vendor = vendor;
+ da->type = type;
+ da->flags = flags;
/*
* Insert the attribute, only if it's not a duplicate.
*/
- if (!fr_hash_table_insert(attributes_byname, attr)) {
+ if (!fr_hash_table_insert(attributes_byname, da)) {
DICT_ATTR *a;
/*
* If the attribute has identical number, then
* ignore the duplicate.
*/
- a = fr_hash_table_finddata(attributes_byname, attr);
- if (a && (strcasecmp(a->name, attr->name) == 0)) {
- if (a->attr != attr->attr) {
+ a = fr_hash_table_finddata(attributes_byname, da);
+ if (a && (strcasecmp(a->name, da->name) == 0)) {
+ if (a->attr != da->attr) {
fr_strerror_printf("dict_addattr: Duplicate attribute name %s", name);
- fr_pool_free(attr);
+ fr_pool_free(da);
return -1;
}
fr_hash_table_delete(attributes_byvalue, a);
- if (!fr_hash_table_replace(attributes_byname, attr)) {
+ if (!fr_hash_table_replace(attributes_byname, da)) {
fr_strerror_printf("dict_addattr: Internal error storing attribute %s", name);
- fr_pool_free(attr);
+ fr_pool_free(da);
return -1;
}
}
* files, but when we're printing them, (and looking up
* by value) we want to use the NEW name.
*/
- if (!fr_hash_table_replace(attributes_byvalue, attr)) {
+ if (!fr_hash_table_replace(attributes_byvalue, da)) {
fr_strerror_printf("dict_addattr: Failed inserting attribute name %s", name);
return -1;
}
- if (!vendor && (value > 0) && (value < 256)) {
- dict_base_attrs[value] = attr;
+ if (!vendor && (attr > 0) && (attr < 256)) {
+ dict_base_attrs[attr] = da;
}
return 0;
}
dval->attr = dattr->attr;
+ dval->vendor = dattr->vendor;
/*
* Enforce valid values
* name and value. There are lots in
* dictionary.ascend.
*/
- old = dict_valbyname(dattr->attr, namestr);
+ old = dict_valbyname(dattr->attr, dattr->vendor, namestr);
if (old && (old->value == dval->value)) {
fr_pool_free(dval);
return 0;
{
int rcode = 0;
int base = 10;
- const char *tab = "0123456789";
+ static const char *tab = "0123456789";
if ((str[0] == '0') &&
((str[1] == 'x') || (str[1] == 'X'))) {
*/
static int process_attribute(const char* fn, const int line,
const int block_vendor, DICT_ATTR *block_tlv,
- char **argv, int argc)
+ int tlv_depth, char **argv, int argc)
{
int vendor = 0;
int value;
int type;
+ int length = 0;
ATTR_FLAGS flags;
+ char *p;
if ((argc < 3) || (argc > 4)) {
fr_strerror_printf("dict_init: %s[%d]: invalid ATTRIBUTE line",
return -1;
}
+ memset(&flags, 0, sizeof(flags));
+
+ /*
+ * Look for extended attributes before doing anything else.
+ */
+ p = strchr(argv[1], '.');
+ if (p) *p = '\0';
+
/*
* Validate all entries
*/
}
/*
- * find the type of the attribute.
+ * Parse extended attributes.
*/
- type = fr_str2int(type_table, argv[2], -1);
- if (type < 0) {
- fr_strerror_printf("dict_init: %s[%d]: invalid type \"%s\"",
- fn, line, argv[2]);
- return -1;
+ if (p) {
+ int sub;
+ char *q;
+ DICT_ATTR *da;
+
+ *p = '.'; /* reset forlater printing */
+
+ /*
+ * Does the parent attribute exist?
+ */
+ da = dict_attrbyvalue(value, VENDORPEC_EXTENDED);
+ if (!da) {
+ fr_strerror_printf("dict_init: %s[%d]: Entry refers to unknown attribute %d", fn, line, value);
+ return -1;
+ }
+
+ /*
+ * 241.1 means 241 is of type "extended".
+ * Otherwise, die.
+ */
+ if (!da->flags.extended && !da->flags.extended_flags) {
+ fr_strerror_printf("dict_init: %s[%d]: Entry refers to a non-extended attribute %d", fn, line, value);
+ return -1;
+ }
+
+ /*
+ * Look for sub-TLVs
+ */
+ q = strchr(p + 1, '.');
+ if (q) *q = '\0';
+
+ /*
+ * Parse error.
+ */
+ if (!sscanf_i(p + 1, &sub)) {
+ fr_strerror_printf("dict_init: %s[%d]: Parse error in value \"%s\"", fn, line, argv[1]);
+ return -1;
+ }
+
+ /*
+ * Value is out of bounds.
+ */
+ if ((sub == 0) || (sub > 255)) {
+ fr_strerror_printf("dict_init: %s[%d]: Entry has value out of range 0..255: %d", fn, line, sub);
+ return -1;
+ }
+
+ value |= (sub << fr_wimax_shift[1]);
+
+ /*
+ * If this is defining the contents of a TLV,
+ * look for the parent, and check it.
+ */
+ if (q) {
+ DICT_ATTR *tlv;
+
+ tlv = dict_attrbyvalue(value, VENDORPEC_EXTENDED);
+ if (!tlv || !tlv->flags.has_tlv ||
+ (!tlv->flags.extended && !tlv->flags.extended_flags)) {
+ fr_strerror_printf("dict_init: %s[%d]: Entry refers to Attribute \"%s\", which is not an extended attribute TLV", fn, line, argv[1]);
+ return -1;
+
+ }
+
+ flags.is_tlv = 1;
+
+ /*
+ * Parse error.
+ */
+ if (!sscanf_i(q + 1, &sub)) {
+ fr_strerror_printf("dict_init: %s[%d]: Parse error in value \"%s\"", fn, line, argv[1]);
+ return -1;
+ }
+
+ /*
+ * Value is out of bounds.
+ */
+ if ((sub == 0) || (sub > 255)) {
+ fr_strerror_printf("dict_init: %s[%d]: Entry has value out of range 0..255: %d", fn, line, sub);
+ return -1;
+ }
+
+ value |= (sub << fr_wimax_shift[2]);
+ }
+
+ /*
+ * Set which type of attribute this is.
+ */
+ flags.extended = da->flags.extended;
+ flags.extended_flags = da->flags.extended_flags;
+ }
+
+ if (strncmp(argv[2], "octets[", 7) != 0) {
+ /*
+ * find the type of the attribute.
+ */
+ type = fr_str2int(type_table, argv[2], -1);
+ if (type < 0) {
+ fr_strerror_printf("dict_init: %s[%d]: invalid type \"%s\"",
+ fn, line, argv[2]);
+ return -1;
+ }
+ } else {
+ type = PW_TYPE_OCTETS;
+
+ p = strchr(argv[2] + 7, ']');
+ if (!p) {
+ fr_strerror_printf("dict_init: %s[%d]: Invalid format for octets", fn, line);
+ return -1;
+ }
+
+ *p = 0;
+
+ if (!sscanf_i(argv[1], &length)) {
+ fr_strerror_printf("dict_init: %s[%d]: invalid length", fn, line);
+ return -1;
+ }
+
+ if ((length == 0) || (length > 253)) {
+ fr_strerror_printf("dict_init: %s[%d]: invalid length", fn, line);
+ return -1;
+ }
}
/*
* Only look up the vendor if the string
* is non-empty.
*/
- memset(&flags, 0, sizeof(flags));
- if (argc == 4) {
+ if (argc < 4) {
+ /*
+ * Force "length" for data types of fixed length;
+ */
+ switch (type) {
+ case PW_TYPE_BYTE:
+ length = 1;
+ break;
+
+ case PW_TYPE_SHORT:
+ length = 2;
+ break;
+
+ case PW_TYPE_DATE:
+ case PW_TYPE_IPADDR:
+ case PW_TYPE_INTEGER:
+ case PW_TYPE_SIGNED:
+ length = 4;
+ break;
+
+ case PW_TYPE_ETHERNET:
+ length = 6;
+ break;
+
+ case PW_TYPE_IFID:
+ length = 8;
+ break;
+
+ case PW_TYPE_IPV6ADDR:
+ length = 16;
+ break;
+
+ default:
+ break;
+ }
+
+ flags.length = length;
+
+ } else { /* argc == 4: we have options */
char *key, *next, *last;
+ if (length != 0) {
+ fr_strerror_printf("dict_init: %s[%d]: length cannot be used with options", fn, line);
+ return -1;
+ }
+
key = argv[3];
do {
next = strchr(key, ',');
return -1;
}
- } else if (strncmp(key, "array", 8) == 0) {
+ } else if (strncmp(key, "array", 6) == 0) {
flags.array = 1;
switch (type) {
fn, line);
return -1;
}
-
+
+ /*
+ * The only thing is the vendor name,
+ * and it's a known name: allow it.
+ */
+ } else if ((key == argv[3]) && !next && !block_vendor &&
+ ((vendor = dict_vendorbyname(key)) !=0)) {
+ break;
+
+ } else if (strncmp(key, "extended-flags", 15) == 0) {
+ if (flags.extended) {
+ fr_strerror_printf( "dict_init: %s[%d] You cannot set two \"extended\" flags.",
+ fn, line);
+ return -1;
+ }
+
+ flags.extended_flags = 1;
+
+ } else if (strncmp(key, "extended", 9) == 0) {
+ if (flags.extended_flags) {
+ fr_strerror_printf( "dict_init: %s[%d] You cannot set two \"extended\" flags.",
+ fn, line);
+ return -1;
+ }
+ flags.extended = 1;
+
} else {
fr_strerror_printf( "dict_init: %s[%d]: unknown option \"%s\"",
fn, line, key);
fn, line,
fr_int2str(type_table, type, "?Unknown?"));
return -1;
-
}
}
/*
* TLV's can be only one octet.
*/
- if ((value <= 0) || (value > 255)) {
- fr_strerror_printf( "dict_init: %s[%d]: sub-tlv's cannot have value > 255",
- fn, line);
- return -1;
- }
-
- if (flags.encrypt != FLAG_ENCRYPT_NONE) {
- fr_strerror_printf( "dict_init: %s[%d]: sub-tlv's cannot be encrypted",
+ if ((value <= 0) || ((value & ~fr_wimax_mask[tlv_depth]) != 0)) {
+ fr_strerror_printf( "dict_init: %s[%d]: sub-tlv has invalid attribute number",
fn, line);
return -1;
}
/*
*
*/
- value <<= 8;
- value |= (block_tlv->attr & 0xffff);
+ value <<= fr_wimax_shift[tlv_depth];
+ value |= block_tlv->attr;
flags.is_tlv = 1;
}
/*
* Add it in.
*/
- if (dict_addattr(argv[0], vendor, type, value, flags) < 0) {
+ if (dict_addattr(argv[0], value, vendor, type, flags) < 0) {
+ char buffer[256];
+
+ strlcpy(buffer, fr_strerror(), sizeof(buffer));
+
fr_strerror_printf("dict_init: %s[%d]: %s",
- fn, line, fr_strerror());
+ fn, line, buffer);
return -1;
}
}
if (dict_addvalue(argv[1], argv[0], value) < 0) {
+ char buffer[256];
+
+ strlcpy(buffer, fr_strerror(), sizeof(buffer));
+
fr_strerror_printf("dict_init: %s[%d]: %s",
- fn, line, fr_strerror());
+ fn, line, buffer);
return -1;
}
dval->name[0] = '\0'; /* empty name */
dval->attr = my_da->attr;
+ dval->vendor = my_da->vendor;
dval->value = da->attr;
if (!fr_hash_table_insert(values_byname, dval)) {
/* Create a new VENDOR entry for the list */
if (dict_addvendor(argv[0], value) < 0) {
+ char buffer[256];
+
+ strlcpy(buffer, fr_strerror(), sizeof(buffer));
+
fr_strerror_printf("dict_init: %s[%d]: %s",
- fn, line, fr_strerror());
+ fn, line, buffer);
return -1;
}
return -1;
}
continuation = 1;
+
+ if ((value != VENDORPEC_WIMAX) ||
+ (type != 1) || (length != 1)) {
+ fr_strerror_printf("dict_init: %s[%d]: Only WiMAX VSAs can have continuations",
+ fn, line);
+ return -1;
+ }
}
dv = dict_vendorbyvalue(value);
int argc = 0;
while (*str) {
- if (argc >= max_argc) return argc;
+ if (argc >= max_argc) break;
/*
* Chop out comments early.
(*str == '\r') ||
(*str == '\n')) *(str++) = '\0';
- if (!*str) return argc;
+ if (!*str) break;
argv[argc] = str;
argc++;
struct stat statbuf;
char *argv[MAX_ARGV];
int argc;
- DICT_ATTR *da, *block_tlv = NULL;
+ DICT_ATTR *da, *block_tlv[MAX_TLV_NEST + 1];
+ int which_block_tlv = 0;
+
+ block_tlv[0] = NULL;
+ block_tlv[1] = NULL;
+ block_tlv[2] = NULL;
if (strlen(fn) >= sizeof(dirtmp) / 2 ||
strlen(dir) >= sizeof(dirtmp) / 2) {
*/
if (strcasecmp(argv[0], "ATTRIBUTE") == 0) {
if (process_attribute(fn, line, block_vendor,
- block_tlv,
+ block_tlv[which_block_tlv],
+ which_block_tlv,
argv + 1, argc - 1) == -1) {
fclose(fp);
return -1;
return -1;
}
- block_tlv = da;
+ if (which_block_tlv >= MAX_TLV_NEST) {
+ fr_strerror_printf(
+ "dict_init: %s[%d]: TLVs are nested too deep",
+ fn, line);
+ fclose(fp);
+ return -1;
+ }
+
+
+ block_tlv[++which_block_tlv] = da;
continue;
} /* BEGIN-TLV */
return -1;
}
- if (da != block_tlv) {
+ if (da != block_tlv[which_block_tlv]) {
fr_strerror_printf(
"dict_init: %s[%d]: END-TLV %s does not match any previous BEGIN-TLV",
fn, line, argv[1]);
fclose(fp);
return -1;
}
- block_tlv = NULL;
+ block_tlv[which_block_tlv--] = NULL;
continue;
} /* END-VENDOR */
/*
* Get an attribute by its numerical value.
*/
-DICT_ATTR *dict_attrbyvalue(unsigned int attr)
+DICT_ATTR *dict_attrbyvalue(unsigned int attr, unsigned int vendor)
{
DICT_ATTR dattr;
- if ((attr > 0) && (attr < 256)) return dict_base_attrs[attr];
+ if ((attr > 0) && (attr < 256) && !vendor) return dict_base_attrs[attr];
dattr.attr = attr;
- dattr.vendor = VENDOR(attr) & 0x7fff;
+ dattr.vendor = vendor;
return fr_hash_table_finddata(attributes_byvalue, &dattr);
}
/*
* Associate a value with an attribute and return it.
*/
-DICT_VALUE *dict_valbyattr(unsigned int attr, int value)
+DICT_VALUE *dict_valbyattr(unsigned int attr, unsigned int vendor, int value)
{
DICT_VALUE dval, *dv;
* First, look up aliases.
*/
dval.attr = attr;
+ dval.vendor = vendor;
dval.name[0] = '\0';
/*
/*
* Get a value by its name, keyed off of an attribute.
*/
-DICT_VALUE *dict_valbyname(unsigned int attr, const char *name)
+DICT_VALUE *dict_valbyname(unsigned int attr, unsigned int vendor, const char *name)
{
DICT_VALUE *my_dv, *dv;
uint32_t buffer[(sizeof(*my_dv) + DICT_VALUE_MAX_NAME_LEN + 3)/4];
my_dv = (DICT_VALUE *) buffer;
my_dv->attr = attr;
+ my_dv->vendor = vendor;
my_dv->name[0] = '\0';
/*
projects / freeradius.git / blobdiff