From: Alan T. DeKok Date: Sat, 22 Feb 2025 15:04:45 +0000 (-0500) Subject: sequence and set can never be structs X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2316755948e87f01a6d4ec23560d4d5937da1cbf;p=thirdparty%2Ffreeradius-server.git sequence and set can never be structs the FreeRADIUS type 'struct' is reserved for bit-packed fields. --- diff --git a/src/protocols/der/base.c b/src/protocols/der/base.c index f0d77771a33..035f9563836 100644 --- a/src/protocols/der/base.c +++ b/src/protocols/der/base.c @@ -616,7 +616,8 @@ static bool attr_valid(fr_dict_attr_t *da) if (flags->is_extensions) { if (da->type != FR_TYPE_GROUP) { - fr_strerror_printf("Extensions must be type 'group'"); + fr_strerror_printf("Extensions must be type 'group', and not '%s'", + fr_type_to_str(da->type)); return false; } @@ -626,6 +627,15 @@ static bool attr_valid(fr_dict_attr_t *da) if (!flags->max) flags->max = UINT64_MAX; } + /* + * Packed structures can only be bit strings, they can't be sequences or sets. + */ + if ((da->type == FR_TYPE_STRUCT) && (flags->der_type != FR_DER_TAG_BITSTRING)) { + fr_strerror_printf("A 'struct' must be encoded as 'bitstring', and not as '%s'", + fr_der_tag_to_str(flags->der_type)); + return false; + } + return true; } diff --git a/src/protocols/der/encode.c b/src/protocols/der/encode.c index 5733a34aee1..794a74913b1 100644 --- a/src/protocols/der/encode.c +++ b/src/protocols/der/encode.c @@ -584,7 +584,7 @@ static ssize_t fr_der_encode_sequence(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, f vp = fr_dcursor_current(cursor); PAIR_VERIFY(vp); - fr_assert(fr_type_is_group(vp->vp_type) || fr_type_is_struct(vp->vp_type) || fr_type_is_tlv(vp->vp_type)); + fr_assert(fr_type_is_group(vp->vp_type) || fr_type_is_tlv(vp->vp_type)); /* * ISO/IEC 8825-1:2021 @@ -602,21 +602,6 @@ static ssize_t fr_der_encode_sequence(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, f * The encoding of a set value or sequence value shall not include an encoding for any component * value which is equal to its default value. */ - - if (fr_type_is_struct(vp->vp_type)) { - fr_proto_da_stack_build(&da_stack, vp->da); - - FR_PROTO_STACK_PRINT(&da_stack, depth); - - slen = fr_struct_to_network(&our_dbuff, &da_stack, depth, cursor, encode_ctx, encode_value, encode_pair); - if (slen < 0) { - fr_strerror_printf("Failed to encode struct: %s", fr_strerror()); - return -1; - } - - return fr_dbuff_set(dbuff, &our_dbuff); - } - if (fr_type_is_group(vp->vp_type)) { /* * Groups could be also be a pair, so we need to check for that. @@ -692,7 +677,7 @@ static ssize_t fr_der_encode_set(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, fr_der vp = fr_dcursor_current(cursor); PAIR_VERIFY(vp); - fr_assert(fr_type_is_group(vp->vp_type) || fr_type_is_struct(vp->vp_type) || fr_type_is_tlv(vp->vp_type)); + fr_assert(fr_type_is_group(vp->vp_type) || fr_type_is_tlv(vp->vp_type)); /* * ISO/IEC 8825-1:2021 @@ -722,25 +707,6 @@ static ssize_t fr_der_encode_set(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, fr_der * encodings. */ - if (fr_type_is_struct(vp->vp_type)) { - /* - * Note: Structures should be in the correct order in the dictionary. - * if they are not, the dictionary loader should complain. - */ - - fr_proto_da_stack_build(&da_stack, vp->da); - - FR_PROTO_STACK_PRINT(&da_stack, depth); - - slen = fr_struct_to_network(&our_dbuff, &da_stack, depth, cursor, encode_ctx, encode_value, encode_pair); - if (slen < 0) { - fr_strerror_printf("Failed to encode struct: %s", fr_strerror()); - return -1; - } - - return fr_dbuff_set(dbuff, &our_dbuff); - } - if (fr_type_is_group(vp->vp_type)) { /* * Groups could be also be a pair, so we need to check for that. diff --git a/src/tests/unit/protocols/der/dictionary.test b/src/tests/unit/protocols/der/dictionary.test index 07bae1c6cc3..70d902ecd68 100644 --- a/src/tests/unit/protocols/der/dictionary.test +++ b/src/tests/unit/protocols/der/dictionary.test @@ -36,28 +36,28 @@ DEFINE Test-Boolean bool DEFINE Test-Integer integer -DEFINE Foo struct der_type=sequence +DEFINE Foo sequence BEGIN Foo -MEMBER Test-Integer integer +DEFINE Test-Integer integer END Foo -DEFINE Bar struct +DEFINE Bar sequence BEGIN Bar -MEMBER Test-Boolean bool +DEFINE Test-Boolean bool END Bar -DEFINE Foo-Bar struct der_type=sequence +DEFINE Foo-Bar sequence BEGIN Foo-Bar -MEMBER Test-Integer integer has_default +DEFINE Test-Integer integer has_default VALUE Test-Integer DEFAULT 1 -MEMBER Test-Boolean bool +DEFINE Test-Boolean bool END Foo-Bar -DEFINE Test-Bitstring octets der_type=bitstring +DEFINE Test-Bitstring bitstring -DEFINE Seq-Bitstring-Octets struct +DEFINE Seq-Bitstring-Octets sequence BEGIN Seq-Bitstring-Octets -MEMBER Test-Bitstring octets +DEFINE Test-Bitstring bitstring END Seq-Bitstring-Octets DEFINE Bitstring-Struct struct der_type=bitstring @@ -74,31 +74,31 @@ MEMBER bar bit[1] MEMBER foo-bar bit[4] END Bitstring-Struct-7 -DEFINE Octetstring octets +DEFINE Octetstring octetstring -DEFINE Seq-Octetstring struct +DEFINE Seq-Octetstring sequence BEGIN Seq-Octetstring -MEMBER Octetstring octets +DEFINE Octetstring octetstring END Seq-Octetstring DEFINE Test-NULL null -DEFINE Seq-Null struct +DEFINE Seq-Null sequence BEGIN Seq-Null -MEMBER Test-Null null +DEFINE Test-Null null END Seq-Null -DEFINE Seq-Integer-Null struct +DEFINE Seq-Integer-Null sequence BEGIN Seq-Integer-Null -MEMBER Test-Integer integer -MEMBER Test-Null null +DEFINE Test-Integer integer +DEFINE Test-Null null END Seq-Integer-Null DEFINE Test-Oid oid -DEFINE Seq-Oid struct der_type=sequence +DEFINE Seq-Oid sequence BEGIN Seq-Oid -MEMBER Test-Oid oid +DEFINE Test-Oid oid END Seq-Oid DEFINE Test-Enumerated enumerated @@ -123,9 +123,9 @@ DEFINE Test-String-General generalstring DEFINE Test-String-Universal universalstring -DEFINE Seq-String struct +DEFINE Seq-String sequence BEGIN Seq-String -MEMBER Test-String string +DEFINE Test-String string END Seq-String DEFINE Test-Date date @@ -134,15 +134,15 @@ DEFINE Test-UTC utctime DEFINE Test-Generalized-Time generalizedtime -DEFINE Seq-Date struct +DEFINE Seq-Date sequence BEGIN Seq-Date -MEMBER Test-Date date +DEFINE Test-Date date END Seq-Date -DEFINE Set-Bool-Integer struct +DEFINE Set-Bool-Integer set BEGIN Set-Bool-Integer -MEMBER Test-Bool bool -MEMBER Test-Integer integer +DEFINE Test-Bool bool +DEFINE Test-Integer integer END Set-Bool-Integer DEFINE Test-Context-Specific bool option=0 @@ -161,16 +161,16 @@ END Test-TLV DEFINE Test-Sequence-GROUP group der_type=sequence,ref=Test-TLV -DEFINE Test-Set-Struct struct der_type=set +DEFINE Test-Set-Struct set BEGIN Test-Set-Struct -MEMBER Test-Boolean bool -MEMBER Test-Integer integer +DEFINE Test-Boolean bool +DEFINE Test-Integer integer END Test-Set-Struct -DEFINE Test-Set-Bad-Struct struct der_type=set +DEFINE Test-Set-Bad-Struct set BEGIN Test-Set-Bad-Struct -MEMBER Test-Integer integer -MEMBER Test-Boolean bool +DEFINE Test-Integer integer +DEFINE Test-Boolean bool END Test-Set-Bad-Struct DEFINE Test-Set-TLV set