From: Alan T. DeKok Date: Mon, 18 Dec 2023 00:38:18 +0000 (-0500) Subject: add expansion of RHS for reply items X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=abed8b0c1713c18c09f6480bc025eb2829db99f1;p=thirdparty%2Ffreeradius-server.git add expansion of RHS for reply items --- diff --git a/src/lib/server/pairmove.c b/src/lib/server/pairmove.c index 4163b1a454a..3f038bf32bb 100644 --- a/src/lib/server/pairmove.c +++ b/src/lib/server/pairmove.c @@ -318,6 +318,7 @@ int fr_pairmove_map(request_t *request, map_t const *map) fr_dict_attr_t const *da; fr_pair_list_t *list; TALLOC_CTX *ctx; + fr_value_box_t *to_free = NULL; fr_value_box_t const *box; /* @@ -341,6 +342,11 @@ int fr_pairmove_map(request_t *request, map_t const *map) box = &vp->data; + } else if (tmpl_is_xlat(map->rhs)) { + if (tmpl_aexpand(ctx, &to_free, request, map->rhs, NULL, NULL) < 0) return -1; + + box = to_free; + } else { fr_strerror_const("Unknown RHS"); return -1; @@ -353,7 +359,7 @@ int fr_pairmove_map(request_t *request, map_t const *map) case T_OP_EQ: /* set only if not already exist */ vp = fr_pair_find_by_da_nested(list, NULL, da); - if (vp) return 0; + if (vp) goto success; goto add; case T_OP_SET: /* delete all and set one */ @@ -363,10 +369,13 @@ int fr_pairmove_map(request_t *request, map_t const *map) case T_OP_ADD_EQ: /* append one */ add: vp = fr_pair_afrom_da_nested(ctx, list, da); - if (!vp) return -1; + if (!vp) goto fail; if (fr_value_box_copy(vp, &vp->data, box) < 0) { + fail_vp: talloc_free(vp); + fail: + TALLOC_FREE(to_free); return -1; } break; @@ -375,12 +384,9 @@ int fr_pairmove_map(request_t *request, map_t const *map) fr_assert(0); /* doesn't work with nested? */ vp = fr_pair_afrom_da(ctx, da); - if (!vp) return -1; + if (!vp) goto fail; - if (fr_value_box_copy(vp, &vp->data, box) < 0) { - talloc_free(vp); - return -1; - } + if (fr_value_box_copy(vp, &vp->data, box) < 0) goto fail_vp; fr_pair_prepend(list, vp); break; @@ -393,7 +399,7 @@ int fr_pairmove_map(request_t *request, map_t const *map) next = fr_pair_find_by_da(list, vp, da); rcode = fr_value_box_cmp_op(T_OP_CMP_EQ, &vp->data, box); - if (rcode < 0) return -1; + if (rcode < 0) goto fail; if (rcode == 1) { fr_pair_list_t *parent = fr_pair_parent_list(vp); @@ -413,12 +419,10 @@ int fr_pairmove_map(request_t *request, map_t const *map) redo_filter: rcode = fr_value_box_cmp_op(map->op, &vp->data, box); - if (rcode < 0) return -1; + if (rcode < 0) goto fail; if (rcode == 0) { - if (fr_value_box_copy(vp, &vp->data, box) < 0) { - return -1; - } + if (fr_value_box_copy(vp, &vp->data, box) < 0) goto fail; } vp = fr_pair_find_by_da_nested(list, vp, da); @@ -430,5 +434,7 @@ int fr_pairmove_map(request_t *request, map_t const *map) break; } +success: + TALLOC_FREE(to_free); return 0; } diff --git a/src/lib/server/users_file.c b/src/lib/server/users_file.c index e5081337341..d8bb9e25e69 100644 --- a/src/lib/server/users_file.c +++ b/src/lib/server/users_file.c @@ -526,7 +526,8 @@ setup_reply: comma = false; - rhs_rules.attr.list_presence = TMPL_ATTR_LIST_REQUIRE; + rhs_rules.attr.list_def = request_attr_request; + rhs_rules.attr.list_presence = TMPL_ATTR_LIST_ALLOW; reply_item: /* diff --git a/src/tests/modules/files/authorize b/src/tests/modules/files/authorize index b5b43ae3f82..0d46e72ffdc 100644 --- a/src/tests/modules/files/authorize +++ b/src/tests/modules/files/authorize @@ -124,6 +124,9 @@ attrref Password.Cleartext := "hopefully" Reply-Message := &request.Filter-Id, &control.Filter-Id := "foo" +xlat Password.Cleartext := "open" + Reply-Message := "Hello, %{User-Name}" + DEFAULT User-Name == "cmp_eq", Password.Cleartext := "hopping" Reply-Message := "success-cmp_eq" diff --git a/src/tests/modules/files/xlat.attrs b/src/tests/modules/files/xlat.attrs new file mode 100644 index 00000000000..74f72e8ae8c --- /dev/null +++ b/src/tests/modules/files/xlat.attrs @@ -0,0 +1,12 @@ +# +# Input packet +# +Packet-Type = Access-Request +User-Name = "xlat" +User-Password = "open" + +# +# Expected answer +# +Packet-Type == Access-Accept +Reply-Message == 'Hello, xlat' diff --git a/src/tests/modules/files/xlat.unlang b/src/tests/modules/files/xlat.unlang new file mode 100644 index 00000000000..027271b9b22 --- /dev/null +++ b/src/tests/modules/files/xlat.unlang @@ -0,0 +1 @@ +files