From: Arran Cudbard-Bell Date: Thu, 2 Dec 2021 05:48:38 +0000 (-0600) Subject: Add taint and untaint xlats X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=97c7594453c494d420aa8a34095aeaf764553318;p=thirdparty%2Ffreeradius-server.git Add taint and untaint xlats --- diff --git a/src/lib/unlang/xlat_builtin.c b/src/lib/unlang/xlat_builtin.c index 3f147eaa588..cbbe740d245 100644 --- a/src/lib/unlang/xlat_builtin.c +++ b/src/lib/unlang/xlat_builtin.c @@ -1196,6 +1196,32 @@ static xlat_action_t xlat_func_debug_attr(UNUSED TALLOC_CTX *ctx, UNUSED fr_dcur return XLAT_ACTION_DONE; } +static xlat_action_t xlat_func_untaint(UNUSED TALLOC_CTX *ctx, fr_dcursor_t *out, + UNUSED xlat_ctx_t const *xctx, + UNUSED request_t *request, fr_value_box_list_t *in) +{ + fr_dcursor_t cursor_in; + + fr_dcursor_init(&cursor_in, in); + fr_value_box_list_untaint(in); + fr_dcursor_merge(out, &cursor_in); + + return XLAT_ACTION_DONE; +} + +static xlat_action_t xlat_func_taint(UNUSED TALLOC_CTX *ctx, fr_dcursor_t *out, + UNUSED xlat_ctx_t const *xctx, + UNUSED request_t *request, fr_value_box_list_t *in) +{ + fr_dcursor_t cursor_in; + + fr_dcursor_init(&cursor_in, in); + fr_value_box_list_taint(in); + fr_dcursor_merge(out, &cursor_in); + + return XLAT_ACTION_DONE; +} + static xlat_arg_parser_t const xlat_func_explode_args[] = { { .required = true, .type = FR_TYPE_STRING }, { .required = true, .concat = true, .type = FR_TYPE_STRING }, @@ -3662,6 +3688,9 @@ do { \ XLAT_REGISTER_ARGS("sub", xlat_func_sub, xlat_func_sub_args); XLAT_REGISTER_ARGS("trigger", trigger_xlat, trigger_xlat_args); + xlat_register(NULL, "untaint", xlat_func_untaint, NULL); + xlat_register(NULL, "taint", xlat_func_taint, NULL); + /* * All of these functions are pure. */ diff --git a/src/lib/util/value.c b/src/lib/util/value.c index 0a82e1aa0f8..6412297c298 100644 --- a/src/lib/util/value.c +++ b/src/lib/util/value.c @@ -5756,7 +5756,7 @@ int fr_value_box_list_acopy(TALLOC_CTX *ctx, fr_value_box_list_t *out, fr_value_ return 0; } -/** Check to see if any list members are tainted +/** Check to see if any list members (or their children) are tainted * * @param[in] head of list to check. * @return @@ -5767,15 +5767,42 @@ bool fr_value_box_list_tainted(fr_value_box_list_t const *head) { fr_value_box_t *vb = NULL; - if (fr_dlist_empty(head)) return false; - while ((vb = fr_dlist_next(head, vb))) { + if (fr_type_is_group(vb->type) && fr_value_box_list_tainted(&vb->vb_group)) return true; if (vb->tainted) return true; } return false; } +/** Taint every list member (and their children) + * + * @param[in] head of list. + */ +void fr_value_box_list_taint(fr_value_box_list_t *head) +{ + fr_value_box_t *vb = NULL; + + while ((vb = fr_dlist_next(head, vb))) { + if (fr_type_is_group(vb->type)) fr_value_box_list_taint(&vb->vb_group); + vb->tainted = true; + } +} + +/** Untaint every list member (and their children) + * + * @param[in] head of list. + */ +void fr_value_box_list_untaint(fr_value_box_list_t *head) +{ + fr_value_box_t *vb = NULL; + + while ((vb = fr_dlist_next(head, vb))) { + if (fr_type_is_group(vb->type)) fr_value_box_list_untaint(&vb->vb_group); + vb->tainted = false; + } +} + /** Validation function to check that a fr_value_box_t is correctly initialised * */ diff --git a/src/lib/util/value.h b/src/lib/util/value.h index 9d1569ef441..873f63dc85b 100644 --- a/src/lib/util/value.h +++ b/src/lib/util/value.h @@ -846,6 +846,10 @@ char *fr_value_box_list_aprint(TALLOC_CTX *ctx, fr_value_box_list_t const *list int fr_value_box_list_acopy(TALLOC_CTX *ctx, fr_value_box_list_t *out, fr_value_box_list_t const *in); bool fr_value_box_list_tainted(fr_value_box_list_t const *head); + +void fr_value_box_list_taint(fr_value_box_list_t *head); + +void fr_value_box_list_untaint(fr_value_box_list_t *head); /** @} */ /** @name Print the value of a value box as a string