automatically add ref=@.OID-Tree to types with oid_and_value

so that we don't have to litter it all through the code

diff --git a/share/dictionary/der/dictionary.common b/share/dictionary/der/dictionary.common
index 088cd19a1075b8e0c28d16cfaebea9ae81b54b99..58f3915cff37ac8f7942d305c7a134cc8e16da0c 100644 (file)
--- a/share/dictionary/der/dictionary.common
+++ b/share/dictionary/der/dictionary.common
@@ -11,7 +11,7 @@
 #
 DEFINE RelativeDistinguishedName                       set set_of=sequence,size=1..
 BEGIN RelativeDistinguishedName
-DEFINE AttributeTypeAndValue                           sequence sequence_of=oid_and_value,ref=@.OID-Tree
+DEFINE AttributeTypeAndValue                           sequence sequence_of=oid_and_value
 END RelativeDistinguishedName
 
 DEFINE GeneralName                                     choice

diff --git a/share/dictionary/der/dictionary.extensions b/share/dictionary/der/dictionary.extensions
index 90b36fbedd00c11ff828f166b3886df7e5163444..bf4632221e512170b0ef5de3d49607ef810fe6af 100644 (file)
--- a/share/dictionary/der/dictionary.extensions
+++ b/share/dictionary/der/dictionary.extensions
@@ -2,7 +2,7 @@
 # Copyright (C) 2025 Network RADIUS SAS (legal@networkradius.com)
 # This work is licensed under CC-BY version 4.0 https://creativecommons.org/licenses/by/4.0
 # Version $Id$
-DEFINE Critical                                        sequence sequence_of=oid_and_value,ref=@.OID-Tree
+DEFINE Critical                                        sequence sequence_of=oid_and_value
 
 ATTRIBUTE      authorityInfoAccess                     1.3.6.1.5.5.7.1.1       sequence        sequence_of=sequence,leaf
 BEGIN 1.3.6.1.5.5.7.1.1
@@ -65,7 +65,7 @@ DEFINE        policyIdentifier                                oid
 
 DEFINE policyQualifiers                                sequence        sequence_of=sequence,size=1..,optional
 BEGIN policyQualifiers
-DEFINE policyQualifierInfo                             sequence        sequence_of=oid_and_value,ref=@.OID-Tree
+DEFINE policyQualifierInfo                             sequence        sequence_of=oid_and_value
 END policyQualifiers
 
 END policyInformation

diff --git a/share/dictionary/der/dictionary.rfc2986 b/share/dictionary/der/dictionary.rfc2986
index 5c8c08d3ae7d6a1e8f6b9b0bd776842020c5b5e4..8e38668862a4087080427f9ba9bea4dd24e1aba3 100644 (file)
--- a/share/dictionary/der/dictionary.rfc2986
+++ b/share/dictionary/der/dictionary.rfc2986
@@ -33,7 +33,7 @@ BEGIN Attributes
 DEFINE Attribute                                       sequence
 BEGIN Attribute
 DEFINE OID                                             oid
-DEFINE Extensions                                      set set_of=oid_and_value,ref=@.OID-Tree,is_extensions
+DEFINE Extensions                                      set set_of=oid_and_value,is_extensions
 END Attribute
 END Attributes
 

diff --git a/share/dictionary/der/dictionary.rfc5280 b/share/dictionary/der/dictionary.rfc5280
index 5477825480081dce91cff0d289bd0166f7a3f551..2848daf6b4c4cc9edecf1c43e60e2cd4d9a2605f 100644 (file)
--- a/share/dictionary/der/dictionary.rfc5280
+++ b/share/dictionary/der/dictionary.rfc5280
@@ -12,7 +12,7 @@ BEGIN version
 DEFINE number                                          integer
 END version
 DEFINE serialNumber                                    octets der_type=integer
-DEFINE signature                                       sequence sequence_of=oid_and_value,ref=@.OID-Tree
+DEFINE signature                                       sequence sequence_of=oid_and_value
 
 DEFINE issuer                                          sequence sequence_of=set
 BEGIN issuer
@@ -32,18 +32,18 @@ END subject
 
 DEFINE subjectPublicKeyInfo                            sequence
 BEGIN subjectPublicKeyInfo
-DEFINE algorithm                                       sequence sequence_of=oid_and_value,ref=@.OID-Tree
+DEFINE algorithm                                       sequence sequence_of=oid_and_value
 DEFINE subjectPublicKey                                bitstring
 END subjectPublicKeyInfo
 
 DEFINE issuerUniqueID                                  octetstring option=1,optional
 DEFINE subjectUniqueID                                 octetstring option=2,optional
 
-DEFINE extensions                                      x509_extensions ref=@.OID-Tree,size=1..,option=3,optional
+DEFINE extensions                                      x509_extensions size=1..,option=3,optional
 
 END tbsCertificate
 
-DEFINE signatureAlgorithm                              sequence sequence_of=oid_and_value,ref=@.OID-Tree
+DEFINE signatureAlgorithm                              sequence sequence_of=oid_and_value
 
 DEFINE signature                                       bitstring
 END Certificate

diff --git a/src/lib/util/dict.h b/src/lib/util/dict.h
index 349a25397430418af192a1670a6b2843c55bfa68..77d228d766df92acea9bb2f3ff45e5efcb65b816 100644 (file)
--- a/src/lib/util/dict.h
+++ b/src/lib/util/dict.h
@@ -566,7 +566,7 @@ int                 fr_dict_str_to_argv(char *str, char **argv, int max_argc);
 
 int                    fr_dict_attr_acopy_local(fr_dict_attr_t const *dst, fr_dict_attr_t const *src) CC_HINT(nonnull);
 
-int                    fr_dict_attr_set_group(fr_dict_attr_t **da_p) CC_HINT(nonnull);
+int                    fr_dict_attr_set_group(fr_dict_attr_t **da_p, fr_dict_attr_t const *ref) CC_HINT(nonnull);
 /** @} */
 
 /** @name Dict accessors

diff --git a/src/lib/util/dict_util.c b/src/lib/util/dict_util.c
index c2769cab414a9a749c099f491468e124cfc19fbf..9dd9014d421e48707b5fd31ec4e40e9daed2bc87 100644 (file)
--- a/src/lib/util/dict_util.c
+++ b/src/lib/util/dict_util.c
@@ -5316,7 +5316,7 @@ fr_dict_t const   *fr_dict_proto_dict(fr_dict_t const *dict)
        return dict;
 }
 
-int fr_dict_attr_set_group(fr_dict_attr_t **da_p)
+int fr_dict_attr_set_group(fr_dict_attr_t **da_p, fr_dict_attr_t const *ref)
 {
        if ((*da_p)->type == FR_TYPE_GROUP) {
                fr_assert(fr_dict_attr_ext(*da_p, FR_DICT_ATTR_EXT_REF) != NULL);
@@ -5327,9 +5327,5 @@ int fr_dict_attr_set_group(fr_dict_attr_t **da_p)
 
        fr_assert(fr_dict_attr_ext(*da_p, FR_DICT_ATTR_EXT_REF) == NULL);
 
-       if (!dict_attr_ext_alloc(da_p, FR_DICT_ATTR_EXT_REF)) {
-               return -1;
-       }
-
-       return 0;
+       return dict_attr_ref_aset(da_p, ref, FR_DICT_ATTR_REF_ALIAS);
 }

diff --git a/src/protocols/der/base.c b/src/protocols/der/base.c
index 6d24ba3ab00ebc8d2e27a89e0734e63307a046d8..4d341c28b04af722690267287fedf074ce6870b4 100644 (file)
--- a/src/protocols/der/base.c
+++ b/src/protocols/der/base.c
@@ -317,6 +317,27 @@ static int dict_flag_der_type(fr_dict_attr_t **da_p, char const *value, UNUSED f
        return 0;
 }
 
+static int dict_flag_set_oid_and_value(fr_dict_attr_t **da_p, fr_der_attr_flags_t *flags)
+{
+       flags->is_oid_and_value = true;
+       flags->is_sequence_of = true;
+       flags->sequence_of = FR_DER_TAG_SEQUENCE;
+
+       /*
+        *      The dict autoload things aren't set until after we load all of the dictionary entries.  So we
+        *      just manually set it here for laziness.
+        */
+       if (!attr_oid_tree) {
+               attr_oid_tree = fr_dict_attr_by_name(NULL, fr_dict_root((*da_p)->dict), "OID-Tree");
+               if (!attr_oid_tree) return -1;
+       }
+
+       if (fr_dict_attr_set_group(da_p, attr_oid_tree) < 0) return -1;
+
+       (*da_p)->flags.allow_flat = !flags->is_extensions;
+       return 0;
+}
+
 static int dict_flag_sequence_of(fr_dict_attr_t **da_p, char const *value, UNUSED fr_dict_flag_parser_rule_t const *rules)
 {
        fr_der_attr_flags_t *flags = fr_dict_attr_ext(*da_p, FR_DICT_ATTR_EXT_PROTOCOL_SPECIFIC);
@@ -333,13 +354,7 @@ static int dict_flag_sequence_of(fr_dict_attr_t **da_p, char const *value, UNUSE
        }
 
        if (strcmp(value, "oid_and_value") == 0) {
-               flags->is_oid_and_value = true;
-               flags->is_sequence_of = true;
-               flags->sequence_of = FR_DER_TAG_SEQUENCE;
-               if (fr_dict_attr_set_group(da_p) < 0) return -1;
-
-               (*da_p)->flags.allow_flat = 1;
-               return 0;
+               return dict_flag_set_oid_and_value(da_p, flags);
        }
 
        type = fr_table_value_by_str(tag_name_to_number, value, FR_DER_TAG_INVALID);
@@ -370,13 +385,7 @@ static int dict_flag_set_of(fr_dict_attr_t **da_p, char const *value, UNUSED fr_
        }
 
        if (strcmp(value, "oid_and_value") == 0) {
-               flags->is_oid_and_value = true;
-               flags->is_sequence_of = true;
-               flags->sequence_of = FR_DER_TAG_SEQUENCE;
-               if (fr_dict_attr_set_group(da_p) < 0) return -1;
-
-               (*da_p)->flags.allow_flat = 1;
-               return 0;
+               return dict_flag_set_oid_and_value(da_p, flags);
        }
 
        type = fr_table_value_by_str(tag_name_to_number, value, FR_DER_TAG_INVALID);
@@ -801,8 +810,7 @@ static bool type_parse(fr_type_t *type_p,fr_dict_attr_t **da_p, char const *name
                flags->option = 3;
                flags->is_option = true;
 
-               flags->is_sequence_of = true;
-               flags->sequence_of = FR_DER_TAG_SEQUENCE;
+               if (dict_flag_set_oid_and_value(da_p, flags) < 0) return false;
        }
 
        /*
@@ -859,26 +867,6 @@ static bool attr_valid(fr_dict_attr_t *da)
                da->flags.length = 0;
        }
 
-       /*
-        *      sequence_of=oid_and_value has to have a reference to the OID tree.
-        *
-        *      Group refs are added as unresolved refs, see dict_flag_ref(), and are resolved later
-        *      in dict_fixup_group_apply().
-        *
-        *      @todo - have a function called from dict_attr_finalize() ?
-        */
-#if 0
-       if (flags->is_oid_and_value) {
-               fr_dict_attr_t const *ref;
-
-               fr_assert(da->type == FR_TYPE_GROUP);
-
-               if (!fr_dict_attr_ref(da)) {
-                       (void) dict_attr_ref_set(da, attr_oid_tree, FR_DICT_ATTR_REF_ALIAS);
-               }
-       }
-#endif
-
        if (flags->is_choice && unlikely(!fr_type_is_tlv(da->type))) {
                fr_strerror_printf("Attribute %s of type %s is not allowed represent a collection of choices.",
                                   da->name, fr_type_to_str(da->type));

diff --git a/src/tests/unit/protocols/der/dictionary.test b/src/tests/unit/protocols/der/dictionary.test
index 88669c845ceb8a6ab123291275c0cdb7b28e3638..244b12d8f3164140dcbd8ec57e29eb16bb4dcfbf 100644 (file)
--- a/src/tests/unit/protocols/der/dictionary.test
+++ b/src/tests/unit/protocols/der/dictionary.test
@@ -2,7 +2,7 @@
 # Copyright (C) 2025 The FreeRADIUS Server project and contributors
 # This work is licensed under CC-BY version 4.0 https://creativecommons.org/licenses/by/4.0
 # Version $Id$
-DEFINE Certificate-Extensions                          x509_extensions ref=@.OID-Tree
+DEFINE Certificate-Extensions                          x509_extensions
 
 DEFINE Test-GeneralNames                               group sequence_of=choice,ref=@.GeneralName