Add fr_value_box_list_aprint_secure()

For printing lists of boxes in debug output when hiding secret values

diff --git a/src/lib/util/value.c b/src/lib/util/value.c
index b64afa1bdf5190e0c6d580140bad0f145091e2d2..77b43b44484460d4d0066164e9ab4b1b8922b686 100644 (file)
--- a/src/lib/util/value.c
+++ b/src/lib/util/value.c
@@ -5753,6 +5753,64 @@ char *fr_value_box_list_aprint(TALLOC_CTX *ctx, fr_value_box_list_t const *list,
        return aggr;
 }
 
+/** Concatenate the string representations of a list of value boxes together hiding "secret" values
+ *
+ * @param[in] ctx      to allocate the buffer in.
+ * @param[in] list     of value boxes.
+ * @param[in] delim    to insert between value box values.
+ * @param[in] e_rules  to control escaping of the concatenated elements.
+ * @return
+ *     - NULL on error.
+ *     - The concatenation of the string values of the value box list on success.
+ */
+char *fr_value_box_list_aprint_secure(TALLOC_CTX *ctx, fr_value_box_list_t const *list, char const *delim,
+                                     fr_sbuff_escape_rules_t const *e_rules)
+{
+       fr_value_box_t const    *vb = fr_value_box_list_head(list);
+       char                    *aggr, *td = NULL;
+       TALLOC_CTX              *pool = NULL;
+
+       if (!vb) return NULL;
+
+       if (unlikely (vb->secret)) {
+               aggr = talloc_typed_strdup(ctx, "<<< secret >>>");
+       } else {
+               fr_value_box_aprint(ctx, &aggr, vb, e_rules);
+       }
+       if (!aggr) return NULL;
+       if (!fr_value_box_list_next(list, vb)) return aggr;
+
+       /*
+        *      If we're aggregating more values,
+        *      allocate a temporary pool.
+        */
+       pool = talloc_pool(NULL, 255);
+       if (delim) td = talloc_typed_strdup(pool, delim);
+
+       while ((vb = fr_value_box_list_next(list, vb))) {
+               char *str, *new_aggr;
+
+               if (unlikely (vb->secret)) {
+                       str = talloc_typed_strdup(pool, "<<< secret >>>");
+               } else {
+                       fr_value_box_aprint(pool, &str, vb, e_rules);
+               }
+               if (!str) continue;
+
+               new_aggr = talloc_buffer_append_variadic_buffer(ctx, aggr, 2, td, str);
+               if (unlikely(!new_aggr)) {
+                       talloc_free(aggr);
+                       talloc_free(pool);
+                       return NULL;
+               }
+               aggr = new_aggr;
+               talloc_free(str);
+       }
+       talloc_free(pool);
+
+       return aggr;
+}
+
 /** Hash the contents of a value box
  *
  */

diff --git a/src/lib/util/value.h b/src/lib/util/value.h
index add91c5115924cb36c5c64b4e5935f1c9d91a461..930830db2277c6394145869e2060572efa0b1b26 100644 (file)
--- a/src/lib/util/value.h
+++ b/src/lib/util/value.h
@@ -1103,6 +1103,10 @@ char             *fr_value_box_list_aprint(TALLOC_CTX *ctx, fr_value_box_list_t const *list
                                          fr_sbuff_escape_rules_t const *e_rules)
                CC_HINT(nonnull(2));
 
+char           *fr_value_box_list_aprint_secure(TALLOC_CTX *ctx, fr_value_box_list_t const *list, char const *delim,
+                                                fr_sbuff_escape_rules_t const *e_rules)
+               CC_HINT(nonnull(2));
+
 int            fr_value_box_list_acopy(TALLOC_CTX *ctx, fr_value_box_list_t *out, fr_value_box_list_t const *in)
                CC_HINT(nonnull(2,3));