From: Alan T. DeKok Date: Wed, 26 Feb 2025 15:23:49 +0000 (-0500) Subject: FreeRADIUS type 'struct' is always a bit string X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a2d6c5cd62612d06f44edb44f39acb0de00994a7;p=thirdparty%2Ffreeradius-server.git FreeRADIUS type 'struct' is always a bit string Because (for now) all of the dictionary entries are packed bits A struct CANNOT be a sequence or a set, as our structs are always packed fields, without any headers. Perhaps in the future a struct could be an octetstring, which would then be an opaque data type which is carried within DER. --- diff --git a/share/dictionary/der/dictionary.crl b/share/dictionary/der/dictionary.crl index 98c1c7597ec..d401562fa1e 100644 --- a/share/dictionary/der/dictionary.crl +++ b/share/dictionary/der/dictionary.crl @@ -14,7 +14,7 @@ DEFINE RelativeDistinguishedName set clone=@.RelativeDistinguishedName END nameRelativeToCRLIssuer END distributionPointName -ATTRIBUTE reasons 1 struct der_type=bitstring,option,optional +ATTRIBUTE reasons 1 struct option,optional BEGIN reasons MEMBER unused bit[1] MEMBER keyCompromise bit[1] diff --git a/share/dictionary/der/dictionary.extensions b/share/dictionary/der/dictionary.extensions index bbde61842a2..6ba21b1a094 100644 --- a/share/dictionary/der/dictionary.extensions +++ b/share/dictionary/der/dictionary.extensions @@ -24,7 +24,7 @@ END 1.3.6.1.5.5.7.1.11 ATTRIBUTE subjectKeyIdentifier 2.5.29.14 octetstring is_oid_leaf -ATTRIBUTE keyUsage 2.5.29.15 struct der_type=bitstring,is_oid_leaf +ATTRIBUTE keyUsage 2.5.29.15 struct is_oid_leaf BEGIN 2.5.29.15 MEMBER digitalSignature bit[1] MEMBER nonRepudation bit[1] diff --git a/src/protocols/der/base.c b/src/protocols/der/base.c index dc27383329f..85e7d86fcf7 100644 --- a/src/protocols/der/base.c +++ b/src/protocols/der/base.c @@ -153,8 +153,6 @@ static const bool *fr_type_to_der_tags[FR_DER_TAG_MAX] = { }, [FR_TYPE_STRUCT] = (bool [FR_DER_TAG_MAX]) { [FR_DER_TAG_BITSTRING] = true, - [FR_DER_TAG_SEQUENCE] = true, - [FR_DER_TAG_SET] = true, }, [FR_TYPE_GROUP] = (bool [FR_DER_TAG_MAX]) { [FR_DER_TAG_SEQUENCE] = true, @@ -709,7 +707,7 @@ static const fr_der_tag_t fr_type_to_der_tag_defaults[FR_TYPE_MAX + 1] = { [FR_TYPE_INT64] = FR_DER_TAG_INTEGER, [FR_TYPE_DATE] = FR_DER_TAG_GENERALIZED_TIME, [FR_TYPE_TLV] = FR_DER_TAG_SEQUENCE, - [FR_TYPE_STRUCT] = FR_DER_TAG_SEQUENCE, + [FR_TYPE_STRUCT] = FR_DER_TAG_BITSTRING, [FR_TYPE_GROUP] = FR_DER_TAG_SEQUENCE, }; @@ -825,15 +823,6 @@ static bool attr_valid(fr_dict_attr_t *da) } } - /* - * Packed structures can only be bit strings, they can't be sequences or sets. - */ - if ((da->type == FR_TYPE_STRUCT) && (flags->der_type != FR_DER_TAG_BITSTRING)) { - fr_strerror_printf("A 'struct' must be encoded as 'bitstring', and not as '%s'", - fr_der_tag_to_str(flags->der_type)); - return false; - } - return true; }