From: Alan T. DeKok Date: Thu, 16 Nov 2023 12:49:23 +0000 (-0500) Subject: remove XLAT_ALTERNATE from the source X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0efa2674e1a5ce4394e1205fc58af54001280964;p=thirdparty%2Ffreeradius-server.git remove XLAT_ALTERNATE from the source --- diff --git a/doc/antora/modules/howto/pages/modules/ldap/authentication.adoc b/doc/antora/modules/howto/pages/modules/ldap/authentication.adoc index b05a4816596..1a8a3d3b59c 100644 --- a/doc/antora/modules/howto/pages/modules/ldap/authentication.adoc +++ b/doc/antora/modules/howto/pages/modules/ldap/authentication.adoc @@ -33,7 +33,7 @@ On the FreeRADIUS debug terminal side, you should see something like: ---- ... (0) ldap - Reserved connection (0) -(0) ldap - EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) +(0) ldap - EXPAND (uid=%{%{Stripped-User-Name} || %{User-Name}}) (0) ldap - --> (uid=john) (0) ldap - Performing search in "dc=example,dc=com" with filter "(uid=john)", scope "sub" (0) ldap - Waiting for search result... @@ -103,7 +103,7 @@ You should now look to the output of the debugging from the FreeRADIUS terminal [source,log] ---- (0) ldap - Reserved connection (0) -(0) ldap - EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) +(0) ldap - EXPAND (uid=%{%{Stripped-User-Name} || %{User-Name}}) (0) ldap - --> (uid=john) (0) ldap - Performing search in "dc=example,dc=com" with filter "(uid=john)", scope "sub" (0) ldap - Waiting for search result... @@ -159,7 +159,7 @@ If you use LDAP bind'ing to perform user authentication, then when `radclient` r [source,log] ---- (0) ldap - Reserved connection (0) -(0) ldap - EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) +(0) ldap - EXPAND (uid=%{%{Stripped-User-Name} || %{User-Name}}) (0) ldap - --> (uid=john) (0) ldap - Performing search in "dc=example,dc=com" with filter "(uid=john)", scope "sub" (0) ldap - Waiting for search result... diff --git a/src/lib/unlang/xlat.c b/src/lib/unlang/xlat.c index 9dad880ca82..f915e2151af 100644 --- a/src/lib/unlang/xlat.c +++ b/src/lib/unlang/xlat.c @@ -51,8 +51,6 @@ typedef struct { */ fr_value_box_list_t out; //!< Head of the result of a nested ///< expansion. - bool alternate; //!< record which alternate branch we - ///< previously took. xlat_func_t resume; //!< called on resume xlat_func_signal_t signal; //!< called on signal fr_signal_t sigmask; //!< Signals to block @@ -326,7 +324,7 @@ static unlang_action_t unlang_xlat_repeat(rlm_rcode_t *p_result, request_t *requ } xa = xlat_frame_eval_repeat(state->ctx, &state->values, &child, - &state->alternate, request, state->head, &state->exp, state->env_data, &state->out); + request, state->head, &state->exp, state->env_data, &state->out); switch (xa) { case XLAT_ACTION_PUSH_CHILD: fr_assert(child); diff --git a/src/lib/unlang/xlat_alloc.c b/src/lib/unlang/xlat_alloc.c index 86da776a9a3..d2c9ccc7454 100644 --- a/src/lib/unlang/xlat_alloc.c +++ b/src/lib/unlang/xlat_alloc.c @@ -66,11 +66,6 @@ void _xlat_exp_set_type(NDEBUG_LOCATION_ARGS xlat_exp_t *node, xlat_type_t type) * Free existing lists if present */ if (node->type != 0) switch (node->type) { - case XLAT_ALTERNATE: - TALLOC_FREE(node->alternate[0]); - TALLOC_FREE(node->alternate[1]); - break; - case XLAT_GROUP: TALLOC_FREE(node->group); break; @@ -90,11 +85,6 @@ void _xlat_exp_set_type(NDEBUG_LOCATION_ARGS xlat_exp_t *node, xlat_type_t type) * Alloc new lists to match the type */ switch (type) { - case XLAT_ALTERNATE: - node->alternate[0] = _xlat_exp_head_alloc(NDEBUG_LOCATION_VALS node); - node->alternate[1] = _xlat_exp_head_alloc(NDEBUG_LOCATION_VALS node); - break; - case XLAT_GROUP: node->group = _xlat_exp_head_alloc(NDEBUG_LOCATION_VALS node); break; @@ -156,11 +146,6 @@ xlat_exp_t *_xlat_exp_alloc(NDEBUG_LOCATION_ARGS TALLOC_CTX *ctx, xlat_type_t ty * need to allocate for this node type. */ switch (type) { - case XLAT_ALTERNATE: - extra_hdrs = 2; - extra = sizeof(xlat_exp_head_t) * 2; - break; - case XLAT_GROUP: extra_hdrs = 1; extra = sizeof(xlat_exp_head_t); @@ -258,14 +243,8 @@ static int CC_HINT(nonnull) _xlat_copy_internal(NDEBUG_LOCATION_ARGS TALLOC_CTX * Ensure the format string is valid... At this point * they should all be talloc'd strings. */ - if (p->type == XLAT_ALTERNATE) { - /* Alternates don't have format strings */ - MEM(node = xlat_exp_alloc_null(ctx)); - xlat_exp_set_type(node, XLAT_ALTERNATE); - } else { - MEM(node = xlat_exp_alloc(ctx, p->type, - talloc_get_type_abort_const(p->fmt, char), talloc_array_length(p->fmt) - 1)); - } + MEM(node = xlat_exp_alloc(ctx, p->type, + talloc_get_type_abort_const(p->fmt, char), talloc_array_length(p->fmt) - 1)); node->quote = p->quote; node->flags = p->flags; @@ -320,13 +299,6 @@ static int CC_HINT(nonnull) _xlat_copy_internal(NDEBUG_LOCATION_ARGS TALLOC_CTX break; #endif - case XLAT_ALTERNATE: - if (unlikely(_xlat_copy_internal(NDEBUG_LOCATION_VALS - node, node->alternate[0], p->alternate[0]) < 0)) goto error; - if (unlikely(_xlat_copy_internal(NDEBUG_LOCATION_VALS - node, node->alternate[1], p->alternate[1]) < 0)) goto error; - break; - case XLAT_GROUP: if (unlikely(_xlat_copy_internal(NDEBUG_LOCATION_VALS node, node->group, p->group) < 0)) goto error; @@ -358,12 +330,6 @@ void xlat_exp_verify(xlat_exp_t const *node) (void)talloc_get_type_abort_const(node, xlat_exp_t); switch (node->type) { - case XLAT_ALTERNATE: - xlat_exp_head_verify(node->alternate[0]); - xlat_exp_head_verify(node->alternate[1]); - fr_assert(!node->fmt); - return; - case XLAT_GROUP: xlat_exp_head_verify(node->group); (void)talloc_get_type_abort_const(node->fmt, char); diff --git a/src/lib/unlang/xlat_eval.c b/src/lib/unlang/xlat_eval.c index 453c6d970f3..65743700f59 100644 --- a/src/lib/unlang/xlat_eval.c +++ b/src/lib/unlang/xlat_eval.c @@ -133,30 +133,6 @@ static fr_slen_t xlat_fmt_print(fr_sbuff_t *out, xlat_exp_t const *node) return fr_sbuff_set(out, &our_out); } - case XLAT_ALTERNATE: - { - fr_sbuff_t our_out = FR_SBUFF(out); - fr_slen_t slen; - - FR_SBUFF_IN_STRCPY_LITERAL_RETURN(&our_out, "%{"); - - xlat_exp_foreach(node->alternate[0], child) { - slen = xlat_fmt_print(&our_out, child); - if (slen < 0) return slen - fr_sbuff_used(&our_out); - } - - FR_SBUFF_IN_STRCPY_LITERAL_RETURN(&our_out, ":-"); - - xlat_exp_foreach(node->alternate[1], child) { - slen = xlat_fmt_print(&our_out, child); - if (slen < 0) return slen - fr_sbuff_used(&our_out); - } - - FR_SBUFF_IN_STRCPY_LITERAL_RETURN(&our_out, "}"); - - return fr_sbuff_set(out, &our_out); - } - default: return 0; } @@ -880,8 +856,6 @@ xlat_action_t xlat_frame_eval_resume(TALLOC_CTX *ctx, fr_dcursor_t *out, * Once evaluation is complete, the caller * should call us with the same #xlat_exp_t and the * result of the nested evaluation in result. - * @param[in,out] alternate Whether we processed, or have previously processed - * the alternate. * @param[in] request the current request. * @param[in] head of the list to evaluate * @param[in,out] in xlat node to evaluate. Advanced as we process @@ -890,7 +864,7 @@ xlat_action_t xlat_frame_eval_resume(TALLOC_CTX *ctx, fr_dcursor_t *out, * @param[in] result of a previous nested evaluation. */ xlat_action_t xlat_frame_eval_repeat(TALLOC_CTX *ctx, fr_dcursor_t *out, - xlat_exp_head_t const **child, bool *alternate, + xlat_exp_head_t const **child, request_t *request, xlat_exp_head_t const *head, xlat_exp_t const **in, void *env_data, fr_value_box_list_t *result) { @@ -974,44 +948,6 @@ xlat_action_t xlat_frame_eval_repeat(TALLOC_CTX *ctx, fr_dcursor_t *out, } break; - case XLAT_ALTERNATE: - { - fr_assert(alternate); - - /* - * No result from the first child, try the alternate - */ - if (fr_value_box_list_empty(result)) { - /* - * Already tried the alternate - */ - if (*alternate) { - XLAT_DEBUG("** [%i] %s(alt-second) - string empty, null expansion, continuing...", - unlang_interpret_stack_depth(request), __FUNCTION__); - *alternate = false; /* Reset */ - - xlat_debug_log_expansion(request, *in, NULL, __LINE__); - xlat_debug_log_result(request, *in, NULL); /* Record the fact it's NULL */ - break; - } - - XLAT_DEBUG("** [%i] %s(alt-first) - string empty, evaluating alternate", - unlang_interpret_stack_depth(request), __FUNCTION__); - *child = (*in)->alternate[1]; - *alternate = true; - - return XLAT_ACTION_PUSH_CHILD; - } - - *alternate = false; /* Reset */ - - xlat_debug_log_expansion(request, *in, NULL, __LINE__); - xlat_debug_log_list_result(request, *in, result); - - fr_value_box_list_move((fr_value_box_list_t *)out->dlist, result); - } - break; - case XLAT_GROUP: { fr_value_box_t *arg; @@ -1253,7 +1189,7 @@ xlat_action_t xlat_frame_eval(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_exp_head_ * If there's no children we can just * call the function directly. */ - xa = xlat_frame_eval_repeat(ctx, out, child, NULL, request, head, in, NULL, &result); + xa = xlat_frame_eval_repeat(ctx, out, child, request, head, in, NULL, &result); if (xa != XLAT_ACTION_DONE || (!*in)) goto finish; continue; @@ -1279,15 +1215,6 @@ xlat_action_t xlat_frame_eval(TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_exp_head_ continue; #endif - case XLAT_ALTERNATE: - XLAT_DEBUG("** [%i] %s(alternate)", unlang_interpret_stack_depth(request), __FUNCTION__); - fr_assert(node->alternate[0] != NULL); - fr_assert(node->alternate[1] != NULL); - - *child = node->alternate[0]; - xa = XLAT_ACTION_PUSH_CHILD; - goto finish; - case XLAT_GROUP: XLAT_DEBUG("** [%i] %s(child) - %%{%s ...}", unlang_interpret_stack_depth(request), __FUNCTION__, node->fmt); @@ -1680,26 +1607,6 @@ int xlat_eval_walk(xlat_exp_head_t *head, xlat_walker_t walker, xlat_type_t type } break; - case XLAT_ALTERNATE: - if (!type || (type & XLAT_ALTERNATE)) { - ret = walker(node, uctx); - if (ret < 0) return ret; - if (ret > 0) continue; - } - - /* - * Evaluate the first child - */ - ret = xlat_eval_walk(node->alternate[0], walker, type, uctx); - if (ret < 0) return ret; - - /* - * Evaluate the alternate expansion path - */ - ret = xlat_eval_walk(node->alternate[1], walker, type, uctx); - if (ret < 0) return ret; - break; - case XLAT_GROUP: if (!type || (type & XLAT_GROUP)) { ret = walker(node, uctx); diff --git a/src/lib/unlang/xlat_priv.h b/src/lib/unlang/xlat_priv.h index 6dcfaa6d0a0..a75a844b463 100644 --- a/src/lib/unlang/xlat_priv.h +++ b/src/lib/unlang/xlat_priv.h @@ -109,7 +109,6 @@ typedef enum { #ifdef HAVE_REGEX XLAT_REGEX = 0x0080, //!< regex reference %{1}, etc. #endif - XLAT_ALTERNATE = 0x0100, //!< xlat conditional syntax :- XLAT_GROUP = 0x0200 //!< encapsulated string of xlats } xlat_type_t; @@ -159,8 +158,6 @@ struct xlat_exp_s { #endif union { - xlat_exp_head_t *alternate[2]; //!< alternate expansions - xlat_exp_head_t *group; //!< children of a group /** An tmpl_t reference @@ -306,7 +303,7 @@ xlat_action_t xlat_frame_eval_resume(TALLOC_CTX *ctx, fr_dcursor_t *out, fr_value_box_list_t *result, xlat_func_t resume, void *rctx); xlat_action_t xlat_frame_eval_repeat(TALLOC_CTX *ctx, fr_dcursor_t *out, - xlat_exp_head_t const **child, bool *alternate, + xlat_exp_head_t const **child, request_t *request, xlat_exp_head_t const *head, xlat_exp_t const **in, void *env_data, fr_value_box_list_t *result) CC_HINT(nonnull(1,2,3,5)); diff --git a/src/lib/unlang/xlat_purify.c b/src/lib/unlang/xlat_purify.c index 085e9c4422e..9b3bfeaa856 100644 --- a/src/lib/unlang/xlat_purify.c +++ b/src/lib/unlang/xlat_purify.c @@ -101,29 +101,6 @@ int xlat_purify_list(xlat_exp_head_t *head, request_t *request) node->flags = node->group->flags; break; - - case XLAT_ALTERNATE: - if (node->alternate[0]->flags.can_purify) { - rcode = xlat_purify_list(node->alternate[0], request); - if (rcode < 0) return rcode; - } - node->flags = node->alternate[0]->flags; - - /* - * @todo - If the RHS of the alternation - * is now pure, then we can statically - * evaluate it, and replace this node - * with the children. But only if the - * child list is not empty. - */ - - if (node->alternate[1]->flags.can_purify) { - rcode = xlat_purify_list(node->alternate[1], request); - if (rcode < 0) return rcode; - } - xlat_flags_merge(&node->flags, &node->alternate[1]->flags); - break; - case XLAT_FUNC: /* * If the node is not pure, then maybe there's a callback to purify it, OR maybe diff --git a/src/lib/unlang/xlat_tokenize.c b/src/lib/unlang/xlat_tokenize.c index 3b1fa9803bf..617b38cd53a 100644 --- a/src/lib/unlang/xlat_tokenize.c +++ b/src/lib/unlang/xlat_tokenize.c @@ -118,59 +118,6 @@ static fr_sbuff_parse_rules_t const xlat_new_arg_rules = { static int xlat_tokenize_input(xlat_exp_head_t *head, fr_sbuff_t *in, fr_sbuff_parse_rules_t const *p_rules, tmpl_rules_t const *t_rules); -static inline int xlat_tokenize_alternation(xlat_exp_head_t *head, fr_sbuff_t *in, - tmpl_rules_t const *t_rules, bool func_args) -{ - xlat_exp_t *node; - - XLAT_DEBUG("ALTERNATE <-- %pV", fr_box_strvalue_len(fr_sbuff_current(in), fr_sbuff_remaining(in))); - - node = xlat_exp_alloc(head, XLAT_ALTERNATE, NULL, 0); - if (func_args) { - if (xlat_tokenize_function_args(node->alternate[0], in, t_rules) < 0) { - error: - talloc_free(node); - return -1; - } - } else { - if (xlat_tokenize_expansion(node->alternate[0], in, t_rules) < 0) goto error; - } - - if (!fr_sbuff_adv_past_str_literal(in, ":-")) { - fr_strerror_const("Expected ':-' after first expansion"); - goto error; - } - node->flags = node->alternate[0]->flags; - - /* - * Allow the RHS to be empty as a special case. - */ - if (fr_sbuff_next_if_char(in, '}')) goto done; - - /* - * Parse the alternate expansion. - */ - if (xlat_tokenize_input(node->alternate[1], in, - &xlat_expansion_rules, t_rules) < 0) goto error; - - if (!fr_sbuff_next_if_char(in, '}')) { - fr_strerror_const("Missing closing brace"); - goto error; - } - - if (!xlat_exp_head(node->alternate[1])) { - fr_strerror_const("Empty expansion is invalid"); - goto error; - } - - xlat_flags_merge(&node->flags, &node->alternate[1]->flags); - -done: - xlat_exp_insert_tail(head, node); - - return 0; -} - #ifdef HAVE_REGEX /** Parse an xlat reference * @@ -913,28 +860,6 @@ int xlat_tokenize_expansion(xlat_exp_head_t *head, fr_sbuff_t *in, XLAT_DEBUG("EXPANSION <-- %.*s", (int) fr_sbuff_remaining(in), fr_sbuff_current(in)); - /* - * %{...}:-bar} - */ - if (fr_sbuff_adv_past_str_literal(in, "%{")) { - return xlat_tokenize_alternation(head, in, t_rules, false); - } - - /* - * %(...):-bar} - */ - if (fr_sbuff_adv_past_str_literal(in, "%(")) { - return xlat_tokenize_alternation(head, in, t_rules, true); - } - - /* - * :-bar} - */ - if (fr_sbuff_is_str_literal(in, ":-")) { - fr_strerror_const("First item in alternation cannot be empty"); - return -2; - } - #ifdef HAVE_REGEX fr_sbuff_marker(&s_m, in); len = fr_sbuff_adv_past_allowed(in, SIZE_MAX, sbuff_char_class_uint, NULL); @@ -1392,15 +1317,6 @@ static void _xlat_debug_node(xlat_exp_t const *node, int depth) break; #endif - case XLAT_ALTERNATE: - DEBUG("XLAT-IF {"); - _xlat_debug_head(node->alternate[0], depth); - DEBUG("}"); - DEBUG("XLAT-ELSE {"); - _xlat_debug_head(node->alternate[1], depth); - DEBUG("}"); - break; - case XLAT_INVALID: DEBUG("XLAT-INVALID"); break; @@ -1598,18 +1514,6 @@ ssize_t xlat_print_node(fr_sbuff_t *out, xlat_exp_head_t const *head, xlat_exp_t } break; - case XLAT_ALTERNATE: - slen = xlat_print(out, node->alternate[0], &xlat_escape); - if (slen < 0) return slen; - - FR_SBUFF_IN_STRCPY_LITERAL_RETURN(out, ":-"); - slen = xlat_print(out, node->alternate[1], &xlat_escape); - if (slen < 0) return slen; - break; - - fr_assert_fail(NULL); - break; - case XLAT_INVALID: case XLAT_BOX: case XLAT_ONE_LETTER: @@ -2037,19 +1941,6 @@ int xlat_resolve(xlat_exp_head_t *head, xlat_res_rules_t const *xr_rules) node->flags = node->group->flags; break; - /* - * Alternate expansion a || b - * - * Do resolution for a OR b - */ - case XLAT_ALTERNATE: - if ((xlat_resolve(node->alternate[0], xr_rules) < 0) || - (xlat_resolve(node->alternate[1], xr_rules) < 0)) return -1; - - node->flags = node->alternate[0]->flags; - xlat_flags_merge(&node->flags, &node->alternate[1]->flags); - break; - /* * An unresolved function. */ diff --git a/src/tests/keywords/xlat-alternation b/src/tests/keywords/xlat-alternation index d843c2ef1de..65dca9a515a 100644 --- a/src/tests/keywords/xlat-alternation +++ b/src/tests/keywords/xlat-alternation @@ -25,7 +25,7 @@ if (!(&Tmp-String-2 == 'bar')) { # # Multiple things in an alternation # -&Tmp-String-2 := "%{%{Tmp-String-0}:-%{Tmp-String-1} foo}" +&Tmp-String-2 := %{%{Tmp-String-0} || "%{Tmp-String-1} foo"} if (!(&Tmp-String-2 == 'bar foo')) { test_fail } diff --git a/src/tests/keywords/xlat-alternation-with-func b/src/tests/keywords/xlat-alternation-with-func index 4a5506cad7d..05f281e5852 100644 --- a/src/tests/keywords/xlat-alternation-with-func +++ b/src/tests/keywords/xlat-alternation-with-func @@ -5,27 +5,27 @@ &Tmp-String-0 := "foo" &Tmp-String-1 := "bar" -if (!(%{%(test.passthrough:%{Tmp-String-0}):-%{Tmp-String-1}} == 'foo')) { +if (!(%{%(test.passthrough:%{Tmp-String-0}) || %{Tmp-String-1}} == 'foo')) { test_fail } -if (!(%{%(test.passthrough:%{Tmp-String-2}):-%{Tmp-String-1}} == 'bar')) { +if (!(%{%(test.passthrough:%{Tmp-String-2}) || %{Tmp-String-1}} == 'bar')) { test_fail } -if (!(%{%{Tmp-String-0}:-%(test.passthrough:%{Tmp-String-1})} == 'foo')) { +if (!(%{%{Tmp-String-0} || %(test.passthrough:%{Tmp-String-1})} == 'foo')) { test_fail } -if (!(%{%{Tmp-String-2}:-%(test.passthrough:%{Tmp-String-1})} == 'bar')) { +if (!(%{%{Tmp-String-2} || %(test.passthrough:%{Tmp-String-1})} == 'bar')) { test_fail } -if (!(%{%(test.passthrough:%{Tmp-String-0}):-%(test.passthrough:%{Tmp-String-1})} == 'foo')) { +if (!(%{%(test.passthrough:%{Tmp-String-0}) || %(test.passthrough:%{Tmp-String-1})} == 'foo')) { test_fail } -if (!(%{%(test.passthrough:%{Tmp-String-2}):-%(test.passthrough:%{Tmp-String-1})} == 'bar')) { +if (!(%{%(test.passthrough:%{Tmp-String-2}) || %(test.passthrough:%{Tmp-String-1})} == 'bar')) { test_fail } diff --git a/src/tests/modules/ldap/module.conf b/src/tests/modules/ldap/module.conf index 9a3d167a6e1..cbb297b2681 100644 --- a/src/tests/modules/ldap/module.conf +++ b/src/tests/modules/ldap/module.conf @@ -146,7 +146,7 @@ ldap { # Filter for user objects, should be specific enough # to identify a single user object. - filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" + filter = "(uid=%{%{Stripped-User-Name} || %{User-Name}})" # SASL parameters to use for user binds # @@ -225,7 +225,7 @@ ldap { # Filter to find group objects a user is a member of. # That is, group objects with attributes that # identify members (the inverse of membership_attribute). - membership_filter = "(|(member=%{control.Ldap-UserDn})(memberUid=%{%{Stripped-User-Name}:-%{User-Name}}))" + membership_filter = "(|(member=%{control.Ldap-UserDn})(memberUid=%{%{Stripped-User-Name} || %{User-Name}}))" # The attribute in user objects which contain the names # or DNs of groups a user is a member of. @@ -510,7 +510,7 @@ ldap ldapssl { user { base_dn = "ou=people,${..base_dn}" - filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" + filter = "(uid=%{%{Stripped-User-Name} || %{User-Name}})" sasl { } @@ -521,7 +521,7 @@ ldap ldapssl { filter = '(objectClass=groupOfNames)' scope = 'sub' name_attribute = cn - membership_filter = "(|(member=%{control.Ldap-UserDn})(memberUid=%{%{Stripped-User-Name}:-%{User-Name}}))" + membership_filter = "(|(member=%{control.Ldap-UserDn})(memberUid=%{%{Stripped-User-Name} || %{User-Name}}))" membership_attribute = 'memberOf' cacheable_name = no cacheable_dn = no @@ -628,7 +628,7 @@ ldap ldaptls { user { base_dn = "ou=people,${..base_dn}" - filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" + filter = "(uid=%{%{Stripped-User-Name} || %{User-Name}})" sasl { } @@ -639,7 +639,7 @@ ldap ldaptls { filter = '(objectClass=groupOfNames)' scope = 'sub' name_attribute = cn - membership_filter = "(|(member=%{control.Ldap-UserDn})(memberUid=%{%{Stripped-User-Name}:-%{User-Name}}))" + membership_filter = "(|(member=%{control.Ldap-UserDn})(memberUid=%{%{Stripped-User-Name} || %{User-Name}}))" membership_attribute = 'memberOf' cacheable_name = no cacheable_dn = no @@ -733,7 +733,7 @@ ldap ldapsasl { user { base_dn = "ou=people,${..base_dn}" - filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" + filter = "(uid=%{%{Stripped-User-Name} || %{User-Name}})" sasl { mech = 'DIGEST-MD5' authname = &User-Name @@ -780,7 +780,7 @@ ldap ldapldapi { user { base_dn = "ou=people,${..base_dn}" - filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" + filter = "(uid=%{%{Stripped-User-Name} || %{User-Name}})" sasl { mech = 'DIGEST-MD5' authname = &User-Name @@ -837,7 +837,7 @@ ldap ldapsaslproxy { user { base_dn = "ou=people,${..base_dn}" - filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" + filter = "(uid=%{%{Stripped-User-Name} || %{User-Name}})" } options { diff --git a/src/tests/unit/xlat/alternation.txt.ignore b/src/tests/unit/xlat/alternation.txt.ignore new file mode 100644 index 00000000000..ab04ec5c1b7 --- /dev/null +++ b/src/tests/unit/xlat/alternation.txt.ignore @@ -0,0 +1,58 @@ +proto-dictionary radius + +# +# Tests which do %{ ... } +# +# but which print out as ( ... ) +# +xlat literal%{%{User-Password} || 'literal'} +match literal%{%{User-Password} || 'literal'} + +xlat %{%{User-Name} || "bar"} +match %{%{User-Name} || "bar"} + +xlat foo %{%{User-Name} || 'bar'} baz +match foo %{%{User-Name} || 'bar'} baz + +xlat %{%{test:bar} || %{User-Name}} +match %{%{test:bar} || %{User-Name}} + +xlat %{%{test:bar} || %{%{User-Name} || 'bar'}} +match %{%{test:bar} || %{%{User-Name} || 'bar'}} + +xlat %{%{User-Name} || } +match ERROR offset 19: No operand found. Expected &ref, literal, 'quoted literal', "%{expansion}", or enum value + +xlat %{%{Operator-Name} || } +match ERROR offset 23: No operand found. Expected &ref, literal, 'quoted literal', "%{expansion}", or enum value + +xlat %{%{%{User-Name} || 'foo'} || 'bar'} +match %{%{%{User-Name} || 'foo'} || 'bar'} + +xlat %{%{%{User-Name} || 'foo'} || %{%{test:bar} || %{User-Name}}} +match %{%{%{User-Name} || 'foo'} || %{%{test:bar} || %{User-Name}}} + +xlat %{ || } +match ERROR offset 4: No operand found. Expected &ref, literal, 'quoted literal', "%{expansion}", or enum value + +xlat %{ || %{User-Name}} +match ERROR offset 4: No operand found. Expected &ref, literal, 'quoted literal', "%{expansion}", or enum value + +xlat %{%{} || } +match ERROR offset 5: Empty expression is invalid + +xlat %{%{} || foo} +match ERROR offset 5: Empty expression is invalid + +xlat %{%{User-Name} || +match ERROR offset 19: No operand found. Expected &ref, literal, 'quoted literal', "%{expansion}", or enum value + +# Discuss - Not sure the offset/message is correct here, but not sure if we can determine the correct offset either +xlat %{%{User-Name} || 'foo' +match ERROR offset 24: Missing closing brace + +xlat %{%{User-Name}:} +match %{User-Name}: + +count +match foo diff --git a/src/tests/unit/xlat/base.txt b/src/tests/unit/xlat/base.txt index 4bbe2bc0d7b..54c9c1fa6a2 100644 --- a/src/tests/unit/xlat/base.txt +++ b/src/tests/unit/xlat/base.txt @@ -40,17 +40,6 @@ match {literal%{User-Password}literal} xlat \%{literal%{User-Password}literal} match \%{literal%{User-Password}literal} -xlat literal%{%{User-Password}:-literal} -match literal%{%{User-Password}:-literal} - -xlat literal%{%{User-Password}:-\%{lit}eral} -match literal%{%{User-Password}:-\%{lit}eral} - -xlat literal%{%{User-Password}:-%{User-Name}\%literal} -match literal%{%{User-Password}:-%{User-Name}\%literal} - -xlat literal%{%{User-Password}:-\%literal} -match literal%{%{User-Password}:-\%literal} # # Regex capture groups # @@ -147,70 +136,17 @@ match \"%t\tfoo\" xlat \"%t\t%{NAS-IP-Address}\" match \"%t\t%{NAS-IP-Address}\" -xlat \"foo %{test:foo}\" -match \"foo %{test:foo}\" +xlat \"foo %test('foo')\" +match \"foo %{test:'foo'}\" # # Alternations # -xlat %{%{foo}:-%{bar}} +xlat %{%{foo} || %{bar}} match ERROR offset 5: Unresolved attributes not allowed in expansions here -xlat %{%{User-Name}:-%{bar}} -match ERROR offset 19: Unresolved attributes not allowed in expansions here - -xlat %{%{User-Name}:-bar} -match %{%{User-Name}:-bar} - -xlat foo %{%{User-Name}:-bar} baz -match foo %{%{User-Name}:-bar} baz - -xlat %{%{test:bar}:-%{User-Name}} -match %{%{test:bar}:-%{User-Name}} - -xlat %{%{test:bar}:-%{%{User-Name}:-bar}} -match %{%{test:bar}:-%{%{User-Name}:-bar}} - -xlat %{%{User-Name}:-} -match %{%{User-Name}:-} - -xlat %{%{Operator-Name}:-} -match %{%{Operator-Name}:-} - -xlat %{%{%{User-Name}:-foo}:-bar} -match %{%{%{User-Name}:-foo}:-bar} - -xlat %{%{%{User-Name}:-foo}:-%{%{test:bar}:-%{User-Name}}} -match %{%{%{User-Name}:-foo}:-%{%{test:bar}:-%{User-Name}}} - -xlat %{:-} -match ERROR offset 3: First item in alternation cannot be empty - -xlat %{:-%{User-Name}} -match ERROR offset 3: First item in alternation cannot be empty - -xlat %{%{}:-} -match ERROR offset 5: Empty expression is invalid - -xlat %{%{}:-foo} -match ERROR offset 5: Empty expression is invalid - -xlat %{%{User-Name}:- -match ERROR offset 17: Missing closing brace - -# Discuss - Not sure the offset/message is correct here, but not sure if we can determine the correct offset either -xlat %{%{User-Name}:-foo -match ERROR offset 20: Missing closing brace - -xlat %{%{User-Name}:} -match ERROR offset 15: Expected ':-' after first expansion - -xlat %{%{User-Name}} -match ERROR offset 15: Expected ':-' after first expansion - -xlat %{%{User-Name}:-} -match %{%{User-Name}:-} - +xlat %{%{User-Name} || %{bar}} +match ERROR offset 21: Unresolved attributes not allowed in expansions here # # Empty and malformed expansions @@ -266,7 +202,7 @@ match ERROR offset 14: Missing closing brace # Issue seen in the wild that caused an SEGV during pass2 xlat %{%{control.IP-Pool.Name}:%{reply.IP-Pool.Range} -match ERROR offset 26: Expected ':-' after first expansion +match ERROR offset 49: Missing closing brace # # API to split xlat strings into argv-style arguments. @@ -348,4 +284,4 @@ xlat %{md5:'arg"'} match %{md5:'arg"'} count -match 199 +match 157