make the files module work (mostly)

author Alan T. DeKok <aland@freeradius.org>

Mon, 28 Aug 2023 17:51:11 +0000 (13:51 -0400)

committer Alan T. DeKok <aland@freeradius.org>

Mon, 28 Aug 2023 17:51:11 +0000 (13:51 -0400)
author Alan T. DeKok <aland@freeradius.org>
Mon, 28 Aug 2023 17:51:11 +0000 (13:51 -0400)
committer Alan T. DeKok <aland@freeradius.org>
Mon, 28 Aug 2023 17:51:11 +0000 (13:51 -0400)
diff --git a/raddb/mods-available/files b/raddb/mods-available/files

index 5cd02c948965ca61c509ec0ce55503abd69c9838..6155f333de51d54b07f914b3c8ace56cd4329197 100644 (file)
--- a/raddb/mods-available/files
+++ b/raddb/mods-available/files
@@ -9,7 +9,14 @@
  #
  #  The `users` file as located in `raddb/mods-config/files/authorize`. (Livingston-style format).
  #
-#  See "man 1 users" for more information.
+#  See `man 1 users` for more information.
+#
+
+#
+#  NOTE: Temporarily (2023-08-27), the check items only support "real"
+#  attributes, and do not support regular expressions.  This
+#  limitation will be removed when the module is rewritten to support
+#  xlat expressions for conditions
  #
  
  #
diff --git a/src/modules/rlm_files/rlm_files.c b/src/modules/rlm_files/rlm_files.c

index 46f6768041f69443934f9a5d8dbd2694b54729d0..d6baea9d21dae8415fb4abefa9bb5382ce69597f 100644 (file)
--- a/src/modules/rlm_files/rlm_files.c
+++ b/src/modules/rlm_files/rlm_files.c
@@ -161,10 +161,27 @@ static int getusersfile(TALLOC_CTX *ctx, char const *filename, fr_htrie_t **ptre
                                 ERROR("%s[%d] Left side of check item %s is not an attribute",
                                       entry->filename, entry->lineno, map->lhs->name);
                                 return -1;
-
                         }
                         da = tmpl_attr_tail_da(map->lhs);
  
+                       /*
+                        *      Disallow regexes for now.
+                        */
+                       if ((map->op == T_OP_REG_EQ) || (map->op == T_OP_REG_NE)) {
+                               ERROR("%s[%d] Regular expression for check item %s is not supported",
+                                     entry->filename, entry->lineno, map->lhs->name);
+                               return -1;
+                       }
+
+                       /*
+                        *      Disallow inter-attribute comparisons.
+                        */
+                       if (!tmpl_is_data(map->rhs)) {
+                               ERROR("%s[%d] Right side of check item %s is not a leaf value",
+                                     entry->filename, entry->lineno, map->lhs->name);
+                               return -1;
+                       }
+
                         /*
                          *      Ignore attributes which are set
                          *      properly.
@@ -377,6 +394,20 @@ static int mod_instantiate(module_inst_ctx_t const *mctx)
         return 0;
  }
  
+static bool files_eval_map(request_t *request, map_t *map)
+{
+       fr_pair_t *vp;
+
+       fr_assert(tmpl_is_attr(map->lhs));
+       fr_assert(fr_comparison_op[map->op]);
+       fr_assert(tmpl_is_data(map->rhs));
+
+       if (tmpl_find_vp(&vp, request, map->lhs) < 0) return false;
+
+       return (fr_value_box_cmp_op(map->op, &vp->data, tmpl_value(map->rhs)) == 1);
+}
+
+
  /*
   *     Common code called by everything below.
   */
@@ -498,7 +529,7 @@ redo:
                                  *      Evaluate the map, including regexes.
                                  */
                         default:
-                               if (!fr_cond_eval_map(request, map)) {
+                               if (!files_eval_map(request, map)) {
                                         RDEBUG3("    failed match - %s", fr_strerror());
                                         match = false;
                                 }
diff --git a/src/tests/modules/files/authorize b/src/tests/modules/files/authorize

index 40bc94ba8ee0ff0bd60e350ac6c72343b64e3585..169724877d42d64e4da07bc3aac2393351cba775 100644 (file)
--- a/src/tests/modules/files/authorize
+++ b/src/tests/modules/files/authorize
@@ -114,8 +114,8 @@ addcontrol  Password.Cleartext := "testing123", Reply-Message := "success1"
  
  addcontrol  Reply-Message += "success2"
  
-regex  NAS-Identifier =~ /der/, Password.Cleartext := "testing123"
-       Reply-Message := "wonderful"
+#regex NAS-Identifier =~ /der/, Password.Cleartext := "testing123"
+#      Reply-Message := "wonderful"
  
  DEFAULT        User-Name == "cmp_eq",  Password.Cleartext := "hopping"
         Reply-Message := "success-cmp_eq"
diff --git a/src/tests/modules/files/regex.unlang b/src/tests/modules/files/regex.unlang.ignore

similarity index 100%

rename from src/tests/modules/files/regex.unlang

rename to src/tests/modules/files/regex.unlang.ignore
author	Alan T. DeKok <aland@freeradius.org>
	Mon, 28 Aug 2023 17:51:11 +0000 (13:51 -0400)
committer	Alan T. DeKok <aland@freeradius.org>
	Mon, 28 Aug 2023 17:51:11 +0000 (13:51 -0400)
raddb/mods-available/files		patch \| blob \| blame \| history
src/modules/rlm_files/rlm_files.c		patch \| blob \| blame \| history
src/tests/modules/files/authorize		patch \| blob \| blame \| history
src/tests/modules/files/regex.unlang.ignore	[moved from src/tests/modules/files/regex.unlang with 100% similarity]	patch \| blob \| blame \| history