/** Returns the SIM method EAP-SIM or EAP-AKA hinted at by the user identifier
*
@verbatim
-%(aka_sim_id_method:%{id_attr})
+%aka_sim_id_method(%{id_attr})
@endverbatim
*
* @ingroup xlat_functions
/** Returns the type of identity used
*
@verbatim
-%(aka_sim_id_type:%{id_attr})
+%aka_sim_id_type(%{id_attr})
@endverbatim
*
* @ingroup xlat_functions
/** Returns the key index from a 3gpp temporary id
*
@verbatim
-%(3gpp_temporary_id_key_index:%{id_attr})
+%3gpp_temporary_id_key_index(%{id_attr})
@endverbatim
*
* @ingroup xlat_functions
/** Decrypt a 3gpp temporary id
*
@verbatim
- %(3gpp_temporary_id_decrypt:<id> <key>)
+ %3gpp_temporary_id_decrypt(<id> <key>)
@endverbatim
*
* The pseudonym is in the format
/** Encrypts a 3gpp pseudonym
*
@verbatim
-%(3gpp_temporary_id_encrypt:<id> <key> <index> [(pseudonym|fastauth)])
+%3gpp_temporary_id_encrypt(<id>, <key>, <index>, [(pseudonym|fastauth)])
@endverbatim
*
* @ingroup xlat_functions
/** xlat to get config values
*
@verbatim
-%(config:section.subsection.attribute)
+%config(section.subsection.attribute)
@endverbatim
*
* @ingroup xlat_functions
if (!client_list_parse_section(cs, 0, false)) goto failure;
/*
- * Register the %(config:section.subsection) xlat function.
+ * Register the %config(section.subsection) xlat function.
*/
if (unlikely((xlat = xlat_func_register(NULL, "config", xlat_config, FR_TYPE_STRING)) == NULL)) goto failure;
xlat_func_args_set(xlat, xlat_config_args);
* @param[in] name the path relative to the global trigger section ending in the trigger name
* e.g. module.ldap.pool.start.
* @param[in] rate_limit whether to rate limit triggers.
- * @param[in] args to make available via the @verbatim %
(trigger:<arg>) @endverbatim xlat.
+ * @param[in] args to make available via the @verbatim %
trigger(<arg>) @endverbatim xlat.
* @return
* - 0 on success.
* - -1 on failure.
},
.dflt = "auto" },
{ FR_CONF_OFFSET("name", FR_TYPE_TMPL, fr_tls_cache_conf_t, id_name),
- .dflt = "%{EAP-Type}%(interpreter:server)", .quote = T_DOUBLE_QUOTED_STRING },
+ .dflt = "%{EAP-Type}%interpreter(server)", .quote = T_DOUBLE_QUOTED_STRING },
{ FR_CONF_OFFSET("lifetime", FR_TYPE_TIME_DELTA, fr_tls_cache_conf_t, lifetime), .dflt = "1d" },
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
* If we deleted the attribute when processing the LHS, then you couldn't reference an attribute
* in it's own assignment:
*
- * &foo := %(tolower:foo)
+ * &foo := %tolower(foo)
*
* so we have to delay the deletion until the RHS has been fully expanded. But we don't always
* delete everything. e.g. if the map is:
*
- * &foo[1] := %(tolower:foo[1])
+ * &foo[1] := %tolower(foo[1])
*
* The we just apply the assignment to the LHS, over-writing it's value.
*/
};
static xlat_arg_parser_t const xlat_func_file_name_count_args[] = {
- { .required = true, .type = FR_TYPE_STRING },
+ { .required = true, .type = FR_TYPE_STRING },
{ .required = false, .type = FR_TYPE_UINT32 },
XLAT_ARG_PARSER_TERMINATOR
};
/** Calculate number of seconds until the next n hour(s), day(s), week(s), year(s).
*
- * For example, if it were 16:18 %(nexttime:1h) would expand to 2520.
+ * For example, if it were 16:18 %nexttime(1h) would expand to 2520.
*
* The envisaged usage for this function is to limit sessions so that they don't
* cross billing periods. The output of the xlat should be combined with %{rand:} to create
#ifdef HAVE_REGEX_PCRE2
/** Perform regex substitution TODO CHECK
*
- * Called when %(subst:) pattern begins with "/"
+ * Called when %subst() pattern begins with "/"
*
@verbatim
%subst(<subject>, /<regex>/[flags], <replace>)
fr_value_box_list_foreach(in, box) {
if (fr_box_is_group(box)) {
if (!xlat_logical_or(rctx, &box->vb_group)) return false;
- continue;
+ continue;
}
/*
fr_value_box_list_foreach(in, box) {
if (fr_box_is_group(box)) {
if (!xlat_logical_or(rctx, &box->vb_group)) return false;
- continue;
+ continue;
}
/*
* xlat_tokenize() just makes all unknown arguments into XLAT_BOX, of data type FR_TYPE_STRING. Whereas
* xlat_tokenize_expr() calls tmpl_afrom_substr(), which tries hard to create a particular data type.
*
- * This function fixes up calls of the form %(op_add: 3 4), which normally passes 2 arguments of "3" and "4",
+ * This function fixes up calls of the form %op_add(3, 4), which normally passes 2 arguments of "3" and "4",
* so that the arguments are instead passed as integers 3 and 4.
*
* This fixup isn't *strictly* necessary, but it's good to have no surprises in the code, if the user creates
/** Parse an xlat function and its child argument
*
* Parses a function call string in the format
- * @verbatim %{<func>:<argument>} @endverbatim
+ * @verbatim %<func>(<argument>) @endverbatim
*
* @return
* - 0 if the string was parsed into a function.
* Anything else, it must be a full function name.
*/
fr_sbuff_set(in, &m_s);
- }
+ }
fr_sbuff_adv_past_allowed(in, SIZE_MAX, xlat_func_chars, NULL);
TALLOC_FREE(node); /* nope, couldn't use it */
if (xlat_tokenize_function_args(head, in, t_rules) < 0) goto error;
continue;
- }
+ }
/*
* More migration hacks: allow %foo(...)
*
* Example:
@verbatim
-"%(chap.password:<password>)" == 0x<id><md5_hash>
+%chap.password(<password>) == 0x<id><md5_hash>
@endverbatim
*
* @ingroup xlat_functions
* Arguments are @verbatim(<signature>, <plaintext>...)@endverbatim
*
@verbatim
-%
(<inst>.verify:<signature> <plaintext>...)
+%
<inst>.verify(<signature> <plaintext>...)
@endverbatim
*
* If multiple arguments are provided (after @verbatim<signature>@endverbatim)
*/
if (in_head->type != FR_TYPE_OCTETS) {
REDEBUG("Signature argument wrong type, expected %s, got %s. "
- "Use %%(base64.decode:<text>) or %%{hex_decode:<text>} if signature is armoured",
+ "Use %%base64.decode(<text>) or %%hex_decode(<text>) if signature is armoured",
fr_type_to_str(FR_TYPE_OCTETS),
fr_type_to_str(in_head->type));
return XLAT_ACTION_FAIL;
* Arguments are @verbatim(<digest>)@endverbatim
*
@verbatim
-%(<inst>.certificate:fingerprint <digest>)
+%<inst>.certificate(fingerprint, <digest>)
@endverbatim
*
* @ingroup xlat_functions
/** Return the serial of the public certificate
*
@verbatim
-%(<inst>.certificate:serial)
+%<inst>.certificate(serial)
@endverbatim
*
* @ingroup xlat_functions
*
* Example:
@verbatim
-%(client:foo [<ipaddr>])
+%client(foo, [<ipaddr>])
@endverbatim
*
* @ingroup xlat_functions
*
* When the request arrived:
@verbatim
-%(date:request)
+%date(request)
@endverbatim
*
* Now:
@verbatim
-%(date:now}
+%date(now)
@endverbatim
*
* Examples (Tmp-Integer-0 = 1506101100):
@verbatim
update request {
- &Tmp-String-0 := "%(date:%{Tmp-Integer-0})" ("Fri 22 Sep 18:25:00 BST 2017")
- &Tmp-Integer-1 := "%(date:%{Tmp-String-0})" (1506101100)
+ &Tmp-String-0 := %date(%{Tmp-Integer-0}) ("Fri 22 Sep 18:25:00 BST 2017")
+ &Tmp-Integer-1 := %date(%{Tmp-String-0}) (1506101100)
}
@endverbatim
*
*
* Example (delay 2 seconds):
@verbatim
-"%(delay:2)"
+%delay(2)
@endverbatim
*
* @ingroup xlat_functions
XLAT_ARG_PARSER_TERMINATOR
};
-/** Xlat for %(attr_by_num:\<number\>)
+/** Xlat for %attr_by_num(\<number\>)
*
* @ingroup xlat_functions
*/
XLAT_ARG_PARSER_TERMINATOR
};
-/** Xlat for %(attr_by_oid:\<oid\>)
+/** Xlat for %attr_by_oid(\<oid\>)
*
* @ingroup xlat_functions
*/
*
* Example:
@verbatim
-"%(exec:/bin/echo hello)" == "hello"
+%exec('/bin/echo', 'hello') == "hello"
@endverbatim
*
* Exactly one request is consumed during the process lifetime,
*
* Example (ping 192.0.2.1):
@verbatim
-"%(icmp:192.0.2.1)"
+%icmp(192.0.2.1)
@endverbatim
*
* @ingroup xlat_functions
* we're expecting to use the ntlm-change-password-1 protocol
* which needs the following on stdin:
*
- * username: %(mschap:User-Name)
- * nt-domain: %(mschap:NT-Domain)
+ * username: %mschap(User-Name)
+ * nt-domain: %mschap(NT-Domain)
* new-nt-password-blob: bin2hex(new_nt_password) - 1032 bytes encoded
* old-nt-hash-blob: bin2hex(old_nt_hash) - 32 bytes encoded
* new-lm-password-blob: 00000...0000 - 1032 bytes null
*
* this allows is to write e..g
*
- * %{sql:insert into ...}
+ * %sql(insert into ...)
*
* ...or...
*
- * %(exec:/path/to %(mschap:User-Name) %{MS-CHAP-New-Password})"
+ * %exec('/path/to', %mschap(User-Name), %{MS-CHAP-New-Password})"
*
*/
} else if (inst->local_cpw) {
RETURN_MODULE_INVALID;
}
- len = xlat_eval(charbuf, sizeof(charbuf), request, "%(mschap:LM-Hash %{User-Password})", NULL, NULL);
+ len = xlat_eval(charbuf, sizeof(charbuf), request, "%mschap(LM-Hash, %{User-Password})", NULL, NULL);
if (len < 0) RETURN_MODULE_FAIL;
if ((fr_base16_decode(NULL, &digest_dbuff, &FR_SBUFF_IN(charbuf, len), false) !=
/*
* This is a wraper for xlat_aeval
* Now users are able to get data that is accessible only via xlat
- * e.g. %(client:...)
+ * e.g. %client(...)
* Call syntax is radiusd::xlat(string), string will be handled the
* same way it is described in EXPANSIONS section of man unlang
*/
==== CHAP Access-Request - unlang
```
User-Name = "testuser"
-Chap-Password = %(chap.password:supersecret)
+Chap-Password = %chap.password(supersecret)
Service-Type = Framed-User
NAS-IP-Address = 127.0.0.1
Tunnel-Password = "supersecret"
/** Return the node that is currently servicing a particular key
*
@verbatim
-%(redis.node:<key> [<index>])
+%redis.node(<key>[, <index>])
@endverbatim
*
* @ingroup xlat_functions
/** Xlat to make calls to redis
*
@verbatim
-%(redis:<redis command>)
+%redis(<redis command>)
@endverbatim
*
* @ingroup xlat_functions
xlat_func_args_set(xlat, redis_args);
/*
- * %(redis.node:<key>[ idx])
+ * %redis.node(<key>[, idx])
*/
if (unlikely((xlat = xlat_func_register_module(inst, mctx, "node", redis_node_xlat, FR_TYPE_STRING)) == NULL)) return -1;
xlat_func_args_set(xlat, redis_node_xlat_args);
*
* Example:
@verbatim
-%(rest:http://example.com/)
+%rest(http://example.com/)
@endverbatim
*
* @ingroup xlat_functions
.PP
An instance named, for example, "dns" will provide the following xlat
functionalities:
-.IP %(dns:<owner> <record type> [<limit>])
+.IP %dns(<owner>, <record type>[, <limit>])
Perform the lookup of <record type> against <owner> returning up to
<limit> results. The returned data type is appropriate to the record
type being queried.
-.IP %(dns:<owner> A)
+.IP %dns(<owner>, A)
Performs an A lookup for the owner name, returning the results as IPv4
addresses.
-.IP %(dns:<owner> AAAA)
+.IP %dns(<owner>, AAAA)
Performs an AAAA lookup for the owner name, returning the results as IPv6
addresses.
-.IP %(dns:<owner> PTR)
+.IP %dns(<owner>, PTR)
Performs a PTR lookup for the owner.
-.IP %(dns:<owner> MX 1)
+.IP %dns(<owner>, MX, 1)
Performs an MX lookup for the owner, returning just the first result.
.PP
.SH CAVEATS
*
* Example:
@verbatim
-%(unpack:%{Class} 0 integer)
+%unpack(%{Class}, 0, integer)
@endverbatim
* Expands Class, treating octet at offset 0 (bytes 0-3) as an "integer".
*
projects / thirdparty / freeradius-server.git / commitdiff
