From: Nick Porter <nick@portercomputing.co.uk>
Date: Mon, 24 Jul 2023 14:26:06 +0000 (+0100)
Subject: Add fr_value_box_list_aprint_secure()
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a60f06f564d751af52612f5839c4c13f342a75bd;p=thirdparty%2Ffreeradius-server.git

Add fr_value_box_list_aprint_secure()

For printing lists of boxes in debug output when hiding secret values
---

diff --git a/src/lib/util/value.c b/src/lib/util/value.c
index b64afa1bdf5..77b43b44484 100644
--- a/src/lib/util/value.c
+++ b/src/lib/util/value.c
@@ -5753,6 +5753,64 @@ char *fr_value_box_list_aprint(TALLOC_CTX *ctx, fr_value_box_list_t const *list,
 	return aggr;
 }
 
+/** Concatenate the string representations of a list of value boxes together hiding "secret" values
+ *
+ * @param[in] ctx	to allocate the buffer in.
+ * @param[in] list	of value boxes.
+ * @param[in] delim	to insert between value box values.
+ * @param[in] e_rules	to control escaping of the concatenated elements.
+ * @return
+ *	- NULL on error.
+ *	- The concatenation of the string values of the value box list on success.
+ */
+char *fr_value_box_list_aprint_secure(TALLOC_CTX *ctx, fr_value_box_list_t const *list, char const *delim,
+				      fr_sbuff_escape_rules_t const *e_rules)
+{
+	fr_value_box_t const	*vb = fr_value_box_list_head(list);
+	char			*aggr, *td = NULL;
+	TALLOC_CTX		*pool = NULL;
+
+	if (!vb) return NULL;
+
+	if (unlikely (vb->secret)) {
+		aggr = talloc_typed_strdup(ctx, "<<< secret >>>");
+	} else {
+		fr_value_box_aprint(ctx, &aggr, vb, e_rules);
+	}
+	if (!aggr) return NULL;
+	if (!fr_value_box_list_next(list, vb)) return aggr;
+
+	/*
+	 *	If we're aggregating more values,
+	 *	allocate a temporary pool.
+	 */
+	pool = talloc_pool(NULL, 255);
+	if (delim) td = talloc_typed_strdup(pool, delim);
+
+	while ((vb = fr_value_box_list_next(list, vb))) {
+		char *str, *new_aggr;
+
+		if (unlikely (vb->secret)) {
+			str = talloc_typed_strdup(pool, "<<< secret >>>");
+		} else {
+			fr_value_box_aprint(pool, &str, vb, e_rules);
+		}
+		if (!str) continue;
+
+		new_aggr = talloc_buffer_append_variadic_buffer(ctx, aggr, 2, td, str);
+		if (unlikely(!new_aggr)) {
+			talloc_free(aggr);
+			talloc_free(pool);
+			return NULL;
+		}
+		aggr = new_aggr;
+		talloc_free(str);
+	}
+	talloc_free(pool);
+
+	return aggr;
+}
+
 /** Hash the contents of a value box
  *
  */
diff --git a/src/lib/util/value.h b/src/lib/util/value.h
index add91c51159..930830db227 100644
--- a/src/lib/util/value.h
+++ b/src/lib/util/value.h
@@ -1103,6 +1103,10 @@ char		*fr_value_box_list_aprint(TALLOC_CTX *ctx, fr_value_box_list_t const *list
 					  fr_sbuff_escape_rules_t const *e_rules)
 		CC_HINT(nonnull(2));
 
+char		*fr_value_box_list_aprint_secure(TALLOC_CTX *ctx, fr_value_box_list_t const *list, char const *delim,
+						 fr_sbuff_escape_rules_t const *e_rules)
+		CC_HINT(nonnull(2));
+
 int		fr_value_box_list_acopy(TALLOC_CTX *ctx, fr_value_box_list_t *out, fr_value_box_list_t const *in)
 		CC_HINT(nonnull(2,3));