*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
*
* Copyright 2004 Alan DeKok <aland@ox.org>
+ * Copyright 2006 The FreeRADIUS server project
*/
-#include "rlm_policy.h"
+#include <freeradius-devel/ident.h>
+RCSID("$Id$")
-#include "modules.h"
+#include "rlm_policy.h"
#ifdef HAVE_REGEX_H
#include <regex.h>
static void policy_print(const policy_item_t *item, int indent)
{
if (!item) {
- if (indent) printf("%*s", indent, " ");
- printf("[NULL]\n");
+ if (indent) fprintf(fr_log_fp, "%*s", indent, " ");
+ fprintf(fr_log_fp, "[NULL]\n");
return;
}
-
+
while (item) {
switch (item->type) {
case POLICY_TYPE_BAD:
- if (indent) printf("%*s", indent, " ");
- printf("[BAD STATEMENT]");
+ if (indent) fprintf(fr_log_fp, "%*s", indent, " ");
+ fprintf(fr_log_fp, "[BAD STATEMENT]");
break;
-
+
case POLICY_TYPE_PRINT:
- if (indent) printf("%*s", indent, " ");
+ if (indent) fprintf(fr_log_fp, "%*s", indent, " ");
{
const policy_print_t *this;
this = (const policy_print_t *) item;
-
+
if (this->rhs_type == POLICY_LEX_BARE_WORD) {
- printf("print %s\n", this->rhs);
+ fprintf(fr_log_fp, "print %s\n", this->rhs);
} else {
- printf("print \"%s\"\n", this->rhs);
+ fprintf(fr_log_fp, "print \"%s\"\n", this->rhs);
}
}
break;
-
+
case POLICY_TYPE_ASSIGNMENT:
{
const policy_assignment_t *assign;
-
+
assign = (const policy_assignment_t *) item;
- if (indent) printf("%*s", indent, " ");
+ if (indent) fprintf(fr_log_fp, "%*s", indent, " ");
- printf("\t%s %s ", assign->lhs,
- lrad_int2str(rlm_policy_tokens,
+ fprintf(fr_log_fp, "\t%s %s ", assign->lhs,
+ fr_int2str(rlm_policy_tokens,
assign->assign, "?"));
if (assign->rhs_type == POLICY_LEX_BARE_WORD) {
- printf("%s\n", assign->rhs);
+ fprintf(fr_log_fp, "%s\n", assign->rhs);
} else {
/*
* FIXME: escape "
*/
- printf("\"%s\"\n", assign->rhs);
+ fprintf(fr_log_fp, "\"%s\"\n", assign->rhs);
}
}
break;
condition = (const policy_condition_t *) item;
- printf("(");
+ fprintf(fr_log_fp, "(");
+
+ if (condition->sense) {
+ fprintf(fr_log_fp, "!");
+ }
/*
* Nested conditions.
*/
if (condition->compare == POLICY_LEX_L_BRACKET) {
policy_print(condition->child, indent);
- printf(")");
+ fprintf(fr_log_fp, ")");
break;
}
if (condition->compare == POLICY_LEX_L_NOT) {
- printf("!");
+ fprintf(fr_log_fp, "!");
policy_print(condition->child, indent);
- printf(")");
+ fprintf(fr_log_fp, ")");
break;
}
if (condition->compare == POLICY_LEX_CMP_TRUE) {
- printf("%s)", condition->lhs);
+ fprintf(fr_log_fp, "%s)", condition->lhs);
break;
}
- if (condition->lhs_type == POLICY_LEX_BARE_WORD) {
- printf("%s", condition->lhs);
+ if (condition->lhs_type == POLICY_LEX_FUNCTION) {
+ fprintf(fr_log_fp, "%s()", condition->lhs);
} else {
/*
* FIXME: escape ",
* and move all of this logic
* to a function.
*/
- printf("\"%s\"", condition->lhs);
+ fprintf(fr_log_fp, "\"%s\"", condition->lhs);
}
/*
* We always print this condition.
*/
- printf(" %s ", lrad_int2str(rlm_policy_tokens,
+ fprintf(fr_log_fp, " %s ", fr_int2str(rlm_policy_tokens,
condition->compare,
"?"));
if (condition->rhs_type == POLICY_LEX_BARE_WORD) {
- printf("%s", condition->rhs);
+ fprintf(fr_log_fp, "%s", condition->rhs);
} else {
/*
* FIXME: escape ",
* and move all of this logic
* to a function.
*/
- printf("\"%s\"", condition->rhs);
+ fprintf(fr_log_fp, "\"%s\"", condition->rhs);
}
- printf(")");
-
- if (condition->child_condition != POLICY_LEX_BAD) {
- printf(" %s ", lrad_int2str(rlm_policy_tokens, condition->child_condition, "?"));
+ fprintf(fr_log_fp, ")");
+
+ if ((condition->child_condition != POLICY_LEX_BAD) &&
+ (condition->child_condition != POLICY_LEX_BARE_WORD)) {
+ fprintf(fr_log_fp, " %s ", fr_int2str(rlm_policy_tokens, condition->child_condition, "?"));
policy_print(condition->child, indent);
}
}
statement = (const policy_if_t *) item;
- if (indent) printf("%*s", indent, " ");
- printf("if ");
+ if (indent) fprintf(fr_log_fp, "%*s", indent, " ");
+ fprintf(fr_log_fp, "if ");
policy_print(statement->condition, indent);
- printf(" {\n");
+ fprintf(fr_log_fp, " {\n");
policy_print(statement->if_true, indent + 1);
- if (indent) printf("%*s", indent, " ");
+ if (indent) fprintf(fr_log_fp, "%*s", indent, " ");
if (statement->if_false) {
- printf("} else ");
+ fprintf(fr_log_fp, "} else ");
if (statement->if_false->type == POLICY_TYPE_ASSIGNMENT) {
- printf(" { ");
+ fprintf(fr_log_fp, " { ");
policy_print(statement->if_false, indent + 1);
- if (indent) printf("%*s", indent, " ");
- printf(" }");
+ if (indent) fprintf(fr_log_fp, "%*s", indent, " ");
+ fprintf(fr_log_fp, " }");
} else {
policy_print(statement->if_false, indent + 1);
}
} else {
- printf("}\n");
+ fprintf(fr_log_fp, "}\n");
}
}
break;
this = (const policy_attributes_t *) item;
- if (indent) printf("%*s", indent, " ");
- printf("%s %s {\n",
- lrad_int2str(policy_reserved_words,
+ if (indent) fprintf(fr_log_fp, "%*s", indent, " ");
+ fprintf(fr_log_fp, "%s %s {\n",
+ fr_int2str(policy_reserved_words,
this->where, "?"),
- lrad_int2str(rlm_policy_tokens,
+ fr_int2str(rlm_policy_tokens,
this->how, "?"));
policy_print(this->attributes, indent + 1);
- if (indent) printf("%*s", indent, " ");
- printf("}\n");
+ if (indent) fprintf(fr_log_fp, "%*s", indent, " ");
+ fprintf(fr_log_fp, "}\n");
}
break;
const policy_named_t *this;
this = (const policy_named_t *) item;
- if (indent) printf("%*s", indent, " ");
- printf("policy %s {\n", this->name);
+ if (indent) fprintf(fr_log_fp, "%*s", indent, " ");
+ fprintf(fr_log_fp, "policy %s {\n", this->name);
policy_print(this->policy, indent + 1);
- if (indent) printf("%*s", indent, " ");
- printf("}\n");
+ if (indent) fprintf(fr_log_fp, "%*s", indent, " ");
+ fprintf(fr_log_fp, "}\n");
}
break;
const policy_call_t *this;
this = (const policy_call_t *) item;
- if (indent) printf("%*s", indent, " ");
- printf("call %s\n", this->name);
+ if (indent) fprintf(fr_log_fp, "%*s", indent, " ");
+ fprintf(fr_log_fp, "call %s\n", this->name);
+ }
+ break;
+
+ case POLICY_TYPE_RETURN:
+ {
+ const policy_return_t *this;
+
+ this = (const policy_return_t *) item;
+ if (indent) fprintf(fr_log_fp, "%*s", indent, " ");
+ fprintf(fr_log_fp, "return %s\n",
+ fr_int2str(policy_return_codes,
+ this->rcode, "???"));
+ }
+ break;
+
+ case POLICY_TYPE_MODULE:
+ {
+ const policy_module_t *this;
+
+ this = (const policy_module_t *) item;
+ if (indent) fprintf(fr_log_fp, "%*s", indent, " ");
+ fprintf(fr_log_fp, "module %s <stuff>\n",
+ fr_int2str(policy_component_names,
+ this->component, "???"));
}
break;
default:
- if (indent) printf("%*s", indent, " ");
- printf("[HUH?]\n");
+ if (indent) fprintf(fr_log_fp, "%*s", indent, " ");
+ fprintf(fr_log_fp, "[HUH?]\n");
break;
-
+
}
item = item->next;
void rlm_policy_print(const policy_item_t *item)
{
- printf("----------------------------------------------------------\n");
+ if (!fr_log_fp) return;
+
+ fprintf(fr_log_fp, "# rlm_policy \n");
policy_print(item, 0);
- printf("----------------------------------------------------------\n");
}
/*
- * Internal stack of things to do.
- *
- * When a function is about to be pushed onto the stack, we walk
- * backwards through the stack, and ensure that the function is
- * not already there. This prevents infinite recursion.
+ * Internal stack of things to do. This lets us have function
+ * calls...
*
- * This means that we NEVER pop functions. Rather, we push the
- * function, and then immediately push it's first element.
- *
- * When we've finished popping all of the elements, we pop the
- * function, realize it's a function, ignore it, and pop one more
- * entry.
+ * Yes, we should learn lex, yacc, etc.
*/
#define POLICY_MAX_STACK 16
typedef struct policy_state_t {
rlm_policy_t *inst;
- int depth;
REQUEST *request; /* so it's not passed on the C stack */
+ int rcode; /* for functions, etc. */
+ int component; /* for calling other modules */
+ int depth;
const policy_item_t *stack[POLICY_MAX_STACK];
} policy_state_t;
+static int policy_evaluate_name(policy_state_t *state, const char *name);
+
/*
* Push an item onto the state.
*/
rad_assert(pitem != NULL);
rad_assert(state->depth >= 0);
+ redo:
if (state->depth == 0) {
*pitem = NULL;
return 0;
*pitem = state->stack[state->depth - 1];
/*
+ * Named policies are on the stack for catching recursion.
+ */
+ if ((*pitem)->type == POLICY_TYPE_NAMED_POLICY) {
+ state->depth--;
+ goto redo;
+ }
+
+ /*
* Process the whole item list.
*/
if ((*pitem)->next) {
{
const policy_print_t *this;
+ if (!fr_log_fp) return 1;
+
this = (const policy_print_t *) item;
if (this->rhs_type == POLICY_LEX_BARE_WORD) {
- printf("%s\n", this->rhs);
+ fprintf(fr_log_fp, "%s\n", this->rhs);
} else {
char buffer[1024];
radius_xlat(buffer, sizeof(buffer), this->rhs,
state->request, NULL);
- printf("%s", buffer);
+ fprintf(fr_log_fp, "%s", buffer);
+ if (!strchr(buffer, '\n')) fprintf(fr_log_fp, "\n");
}
+ /*
+ * Doesn't change state->rcode
+ */
+
return 1;
}
} else if (strncasecmp(name, "reply:", 6) == 0) {
p += 6;
vps = request->reply->vps;
+#ifdef WITH_PROXY
} else if (strncasecmp(name, "proxy-request:", 14) == 0) {
p += 14;
if (request->proxy) {
if (request->proxy_reply) {
vps = request->proxy_reply->vps;
}
+#endif
} else if (strncasecmp(name, "control:", 8) == 0) {
p += 8;
vps = request->config_items;
return NULL; /* no such attribute */
}
- return pairfind(vps, dattr->attr);
+ return pairfind(vps, dattr->attr, dattr->vendor);
}
/*
* Evaluate an assignment
+ *
+ * Not really used much...
*/
-static int evaluate_assignment(policy_state_t *state, const policy_item_t *item)
+static int evaluate_assignment(UNUSED policy_state_t *state, const policy_item_t *item)
{
const policy_assignment_t *this;
+#if 0
const DICT_ATTR *dattr;
+#endif
this = (const policy_assignment_t *) item;
{
int rcode;
const policy_condition_t *this;
- VALUE_PAIR *vp;
- char *data = NULL;
+ VALUE_PAIR *vp = NULL;
+ const char *data = NULL;
int compare;
#ifdef HAVE_REGEX_H
regex_t reg;
/*
* FIXME: Don't always do this...
*/
- if ((this->compare != POLICY_LEX_L_BRACKET) &&
- (this->lhs_type == POLICY_LEX_DOUBLE_QUOTED_STRING)) {
- if (radius_xlat(lhs_buffer, sizeof(lhs_buffer), this->lhs,
- state->request, NULL) > 0) {
- data = lhs_buffer;
+ if (this->compare != POLICY_LEX_L_BRACKET) {
+ if (this->lhs_type == POLICY_LEX_FUNCTION) {
+ /*
+ * We can't call evaluate_call here,
+ * because that just pushes stuff onto
+ * the stack, and we want to actually
+ * evaluate all of it...
+ */
+ rcode = policy_evaluate_name(state, this->lhs);
+ data = fr_int2str(policy_return_codes, rcode, "???");
+ strlcpy(lhs_buffer, data, sizeof(lhs_buffer)); /* FIXME: yuck */
+ } else if (this->lhs_type == POLICY_LEX_DOUBLE_QUOTED_STRING) {
+ if (radius_xlat(lhs_buffer, sizeof(lhs_buffer), this->lhs,
+ state->request, NULL) > 0) {
+ data = lhs_buffer;
+ }
}
}
-
+
switch (this->compare) {
case POLICY_LEX_L_BRACKET: /* nested brackets are a special case */
rcode = evaluate_condition(state, this->child);
rcode = (rcode == FALSE); /* reverse sense of test */
break;
+ case POLICY_LEX_CMP_FALSE: /* non-existence */
+ if (this->lhs_type == POLICY_LEX_BARE_WORD) {
+ vp = find_vp(state->request, this->lhs);
+ rcode = (vp == NULL);
+ } else {
+ rcode = (data == NULL);
+ }
+ break;
+
case POLICY_LEX_CMP_TRUE: /* existence */
if (this->lhs_type == POLICY_LEX_BARE_WORD) {
vp = find_vp(state->request, this->lhs);
if (this->lhs_type == POLICY_LEX_BARE_WORD) {
VALUE_PAIR *myvp;
-
vp = find_vp(state->request, this->lhs);
+
+ /*
+ * A op B is FALSE if A doesn't
+ * exist.
+ */
+ if (!vp) {
+ rcode = FALSE;
+ break;
+ }
+
/*
* FIXME: Move sanity checks to
* post-parse code, so we don't do
* it on every packet.
*/
- if (vp) {
- vp_prints_value(buffer, sizeof(buffer), vp, 0);
- myvp = pairmake(vp->name, this->rhs, T_OP_EQ);
- } else {
- buffer[0] = '\0';
- myvp = pairmake(this->lhs, this->rhs, T_OP_EQ);
- }
+ vp_prints_value(buffer, sizeof(buffer), vp, 0);
+ myvp = pairmake(vp->name, this->rhs, T_OP_EQ);
+ if (!myvp) return FALSE; /* memory failure */
data = buffer;
- if (!myvp) {
- return FALSE;
- }
/*
* FIXME: What to do about comparisons
* error codes than "comparison is less
* than, equal to, or greater than zero".
*/
- compare = simplepaircmp(state->request,
- vp, myvp);
+ compare = radius_callback_compare(state->request,
+ vp, myvp, NULL, NULL);
pairfree(&myvp);
-
+
} else {
/*
* FIXME: Do something for RHS type?
*/
- printf("CMP %s %s\n", lhs_buffer, this->rhs);
+ fr_printf_log("CMP %s %s\n", lhs_buffer, this->rhs);
compare = strcmp(lhs_buffer, this->rhs);
}
debug_evaluate("CONDITION COMPARE %d\n", compare);
-
+
switch (this->compare) {
case POLICY_LEX_CMP_EQUALS:
rcode = (compare == 0);
break;
-
+
case POLICY_LEX_CMP_NOT_EQUALS:
rcode = (compare != 0);
break;
-
+
case POLICY_LEX_LT:
rcode = (compare < 0);
break;
-
+
case POLICY_LEX_GT:
rcode = (compare > 0);
break;
-
+
case POLICY_LEX_LE:
rcode =(compare <= 0);
break;
-
+
case POLICY_LEX_GE:
rcode = (compare >= 0);
break;
-
+
#ifdef HAVE_REGEX_H
case POLICY_LEX_RX_EQUALS:
{ /* FIXME: copied from src/main/valuepair.c */
int i;
regmatch_t rxmatch[REQUEST_MAX_REGEX + 1];
-
+
/*
* Include substring matches.
*/
if (regcomp(®, this->rhs,
REG_EXTENDED) != 0) {
+ /* FIXME: print error */
return FALSE;
}
rad_assert(data != NULL);
rxmatch, 0);
rcode = (rcode == 0);
regfree(®);
-
+
/*
* Add %{0}, %{1}, etc.
*/
for (i = 0; i <= REQUEST_MAX_REGEX; i++) {
char *p;
char rxbuffer[256];
-
+
/*
* Didn't match: delete old
* match, if it existed.
free(p);
continue;
}
-
+
/*
* No previous match
* to delete, stop.
*/
break;
}
-
+
/*
* Copy substring into buffer.
*/
data + rxmatch[i].rm_so,
rxmatch[i].rm_eo - rxmatch[i].rm_so);
rxbuffer[rxmatch[i].rm_eo - rxmatch[i].rm_so] = '\0';
-
+
/*
* Copy substring, and add it to
* the request.
REQUEST_DATA_REGEX | i,
p, free);
}
-
+
}
break;
-
+
case POLICY_LEX_RX_NOT_EQUALS:
regcomp(®, this->rhs, REG_EXTENDED|REG_NOSUB);
rad_assert(data != NULL);
break; /* default from first switch over compare */
}
+ if (this->sense) rcode = (rcode == FALSE); /* reverse sense of test */
+
/*
* No trailing &&, ||
*/
const policy_assignment_t *assign)
{
VALUE_PAIR *vp;
- LRAD_TOKEN operator = T_OP_EQ;
+ FR_TOKEN operator = T_OP_EQ;
const char *value = assign->rhs;
char buffer[2048];
case POLICY_LEX_SET_EQUALS:
operator = T_OP_SET;
break;
-
+
case POLICY_LEX_PLUS_EQUALS:
operator = T_OP_ADD;
break;
-
+
default:
fprintf(stderr, "Expected '=' for operator, not '%s' at line %d\n",
- lrad_int2str(rlm_policy_tokens,
+ fr_int2str(rlm_policy_tokens,
assign->assign, "?"),
assign->item.lineno);
return NULL;
}
-
+
vp = pairmake(assign->lhs, value, operator);
if (!vp) {
- fprintf(stderr, "SHIT: %s %s\n", value, librad_errstr);
+ fprintf(stderr, "Failed creating pair: %s %s\n", value, fr_strerror());
}
return vp;
VALUE_PAIR **vps = NULL;
VALUE_PAIR *vp, *head, **tail;
const policy_item_t *attr;
+ policy_lex_t this_how;
this = (const policy_attributes_t *) item;
vps = &(state->request->reply->vps);
break;
+#ifdef WITH_PROXY
case POLICY_RESERVED_PROXY_REQUEST:
if (!state->request->proxy) return 0; /* FIXME: print error */
vps = &(state->request->proxy->vps);
if (!state->request->proxy_reply) return 0; /* FIXME: print error */
vps = &(state->request->proxy_reply->vps);
break;
+#endif
default:
return 0;
tail = &(vp->next);
}
- switch (this->how) {
+ this_how = this->how;
+ retry_how:
+ switch (this_how) {
case POLICY_LEX_SET_EQUALS: /* dangerous: removes all previous things! */
pairfree(vps);
*vps = head;
break;
+ case POLICY_LEX_AFTER_TAIL_ASSIGN:
+ pairmove(vps, &head);
+ pairfree(&head);
+ break;
+
case POLICY_LEX_ASSIGN: /* 'union' */
pairmove(vps, &head);
pairfree(&head);
break;
+ case POLICY_LEX_BEFORE_HEAD_ASSIGN:
+ pairmove(&head, vps);
+ pairfree(vps);
+ *vps = head;
+ break;
+
+ case POLICY_LEX_AFTER_TAIL_EQUALS:
case POLICY_LEX_CONCAT_EQUALS:
pairadd(vps, head);
break;
+ case POLICY_LEX_BEFORE_HEAD_EQUALS:
+ pairadd(&head, *vps);
+ *vps = head;
+ break;
+
+ case POLICY_LEX_BEFORE_WHERE_EQUALS:
+ case POLICY_LEX_AFTER_WHERE_EQUALS:
+ case POLICY_LEX_BEFORE_WHERE_ASSIGN:
+ case POLICY_LEX_AFTER_WHERE_ASSIGN:
+ /* find location*/
+ {
+ VALUE_PAIR *vpprev = NULL, *vpnext = NULL, *lvp;
+
+ for(lvp = *vps; lvp; vpprev = lvp, lvp = lvp->next) {
+ vpnext = lvp->next;
+ lvp->next = NULL;
+ if (evaluate_condition(state, this->where_loc))
+ break;
+ lvp->next = vpnext;
+ }
+
+ if (lvp) {
+ switch(this_how) {
+ case POLICY_LEX_BEFORE_WHERE_EQUALS:
+ case POLICY_LEX_BEFORE_WHERE_ASSIGN:
+ if (vpprev) {
+ lvp->next = vpnext;
+ vpnext = lvp;
+ vpprev->next = NULL;
+ lvp = vpprev;
+ }
+ default: /* always reached */
+ break;
+ }
+
+ switch(this_how) {
+ case POLICY_LEX_BEFORE_WHERE_EQUALS:
+ if (vpprev)
+ pairadd(&lvp, head);
+ else
+ *vps = lvp = head;
+ break;
+ case POLICY_LEX_AFTER_WHERE_EQUALS:
+ pairadd(&lvp, head);
+ break;
+ case POLICY_LEX_BEFORE_WHERE_ASSIGN:
+ if (vpprev) {
+ pairmove(&lvp, &head);
+ pairfree(&head);
+ }
+ else
+ *vps = lvp = head;
+ break;
+ case POLICY_LEX_AFTER_WHERE_ASSIGN:
+ pairmove(&lvp, &head);
+ pairfree(&head);
+ break;
+ default:/*never reached*/
+ break;
+ }
+ for( ; lvp && lvp->next; lvp = lvp->next);
+ if (lvp)
+ lvp->next = vpnext;
+ break;
+ }
+
+ switch(this_how) {
+ case POLICY_LEX_BEFORE_WHERE_EQUALS:
+ this_how = POLICY_LEX_BEFORE_HEAD_EQUALS;
+ break;
+ case POLICY_LEX_AFTER_WHERE_EQUALS:
+ this_how = POLICY_LEX_AFTER_TAIL_EQUALS;
+ break;
+ case POLICY_LEX_BEFORE_WHERE_ASSIGN:
+ this_how = POLICY_LEX_BEFORE_HEAD_ASSIGN;
+ break;
+ case POLICY_LEX_AFTER_WHERE_ASSIGN:
+ this_how = POLICY_LEX_AFTER_TAIL_ASSIGN;
+ break;
+ default: /*never reached*/
+ break;
+ }
+ goto retry_how;
+ }
+ /* FALL-THROUGH */
+
default:
fprintf(stderr, "HUH?\n");
pairfree(&head);
return 0;
}
+ state->rcode = RLM_MODULE_UPDATED; /* we did stuff */
+
return 1;
}
/*
- * Evaluate an 'call foo' statement
+ * Evaluate a reference call to a module.
*/
static int evaluate_call(policy_state_t *state, const policy_item_t *item)
{
policy = rlm_policy_find(state->inst->policies, this->name);
if (!policy) return 0; /* not found... */
-
+
DEBUG2("rlm_policy: Evaluating policy %s", this->name);
-
+
rad_assert(policy->policy->type != POLICY_TYPE_BAD);
rad_assert(policy->policy->type < POLICY_TYPE_NUM_TYPES);
/*
+ * Push the name of the function onto the stack,
+ * so that we can catch recursive calls.
+ *
+ * The "pop" function will skip over it when it sees it.
+ */
+ rcode = policy_stack_push(state, (const policy_item_t *) policy);
+ if (!rcode) {
+ return rcode;
+ }
+
+ /*
* Push it onto the stack. Other code will take care of
* calling it.
*/
return rcode;
}
+ return 1;
+}
+
+
+/*
+ * Evaluate a return statement
+ */
+static int evaluate_return(policy_state_t *state, const policy_item_t *item)
+{
+ const policy_return_t *this;
+
+ this = (const policy_return_t *) item;
+ state->rcode = this->rcode;
+
+ return 1; /* we succeeded */
+}
+
+
+/*
+ * Evaluate a module statement
+ */
+static int evaluate_module(policy_state_t *state, const policy_item_t *item)
+{
+ const policy_module_t *this;
+
+ this = (const policy_module_t *) item;
+
/*
- * Function calls always succeed?
- *
- * FIXME: Push the function name, etc. onto the stack,
- * so we can check for infinite recursion above, and
- * so we can also check for return codes from functions
- * we call...
+ * Just to be paranoid. Maybe we want to loosen this
+ * restriction in the future?
*/
- return 1;
+ if (this->component != state->component) {
+ DEBUG2("rlm_policy: Cannot mix & match components");
+ return 0;
+ }
+
+ DEBUG2("rlm_policy: begin nested call");
+ state->rcode = modcall(this->component, this->mc, state->request);
+ DEBUG2("rlm_policy: end nested call");
+
+ return 1; /* we succeeded */
}
evaluate_attr_list,
evaluate_print,
NULL, /* define a named policy.. */
- evaluate_call
+ evaluate_call,
+ evaluate_return,
+ evaluate_module
};
int rcode;
const policy_item_t *this;
policy_named_t mypolicy, *policy;
-
+
mypolicy.name = name;
policy = rbtree_finddata(state->inst->policies, &mypolicy);
if (!policy) return RLM_MODULE_FAIL;
-
+
DEBUG2("rlm_policy: Evaluating policy %s", name);
-
+
rad_assert(policy->item.type != POLICY_TYPE_BAD);
rad_assert(policy->item.type < POLICY_TYPE_NUM_TYPES);
-
+
rcode = policy_stack_push(state, policy->policy);
if (!rcode) {
return RLM_MODULE_FAIL;
rad_assert(this != NULL);
rad_assert(this->type != POLICY_TYPE_BAD);
rad_assert(this->type < POLICY_TYPE_NUM_TYPES);
-
+
debug_evaluate("Evaluating at line %d\n",
this->lineno);
rcode = (*evaluate_functions[this->type])(state,
}
} /* loop until the stack is empty */
- return RLM_MODULE_OK;
+ return state->rcode;
}
memset(state, 0, sizeof(*state));
state->request = request;
state->inst = inst;
+ state->rcode = RLM_MODULE_OK;
+ state->component = fr_str2int(policy_component_names, name,
+ RLM_COMPONENT_COUNT);
rcode = policy_evaluate_name(state, name);
projects / freeradius.git / blobdiff