From: Alan T. DeKok Date: Wed, 13 Aug 2025 16:10:22 +0000 (-0400) Subject: remove many uses of Tmp-* X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d63cbf8200b3f55f7fe571a496a54decbcadfea6;p=thirdparty%2Ffreeradius-server.git remove many uses of Tmp-* --- diff --git a/doc/antora/modules/reference/pages/type/cast.adoc b/doc/antora/modules/reference/pages/type/cast.adoc index aa4c867121b..02aead9d0ed 100644 --- a/doc/antora/modules/reference/pages/type/cast.adoc +++ b/doc/antora/modules/reference/pages/type/cast.adoc @@ -141,9 +141,9 @@ reply.Reply-Message := control.Reply-Message[*] ---- The following example will take an input string `"192.168.0.1"`, split -it on the `'.'` character, and then assign it to the `Tmp-Integer-0` -attribute. The result will be four copies of the `Tmp-Integer-0` -attribute, which each carry one octet of the IP address. +it on the `'.'` character, and then assign it to another attribute. +The result will be four copies of the `Tmp-Integer-0` attribute, which +each carry one octet of the IP address. .Example Creating multiple Attributes ---- diff --git a/doc/antora/modules/reference/pages/type/string/double.adoc b/doc/antora/modules/reference/pages/type/string/double.adoc index 6cb367b3df0..62b7e55c199 100644 --- a/doc/antora/modules/reference/pages/type/string/double.adoc +++ b/doc/antora/modules/reference/pages/type/string/double.adoc @@ -111,15 +111,15 @@ type to `string`. The value is left alone. .Example of casting to raw 'octets' [source,unlang] ---- -"User-Name is %{Tmp-Octets-0}" -"User-Name is %{(string) Tmp-Octets-0}" +"Value is %{Class}" +"Value is %{(string) Class}" ---- -if the `Tmp-Octets-0` attribute has value `0x666f6f` (`foo`) +if the `Class` attribute has value `0x666f6f` (`foo`) -In the first expansion, the resulting output is `User-Name is +In the first expansion, the resulting output is `Value is 0x666f6f`. In the second expansion, the resulting output is -`User-name is foo`. +`Value is foo`. Note that placing raw `octets` data into a string may allow for binary data to be inserted into what should be a printable string. Any uses diff --git a/doc/antora/modules/reference/pages/unlang/condition/regex.adoc b/doc/antora/modules/reference/pages/unlang/condition/regex.adoc index 93a5f28f4c7..bcc1c398a89 100644 --- a/doc/antora/modules/reference/pages/unlang/condition/regex.adoc +++ b/doc/antora/modules/reference/pages/unlang/condition/regex.adoc @@ -199,28 +199,26 @@ saved during evaluation. ==== [source,unlang] ---- -if (User-Name =~ /^@%{Tmp-String-0}$/) { +string regex + +regex = %sql("SELECT realm ....") + +if (User-Name =~ /^@%{regex}$/) { ... } ---- ==== +Note that the string will be deemed to be "unsafe", so characters +which are special for a regular expression will be escaped. If the +string is taken from a trusted source, it can be marked as safe via +the `%regex.safe()` function. + To ensure optimal performance you should limit the number of patterns containing xref:xlat/index.adoc[dynamic expansions], and if using PCRE, combine multiple expressions operating on the same subject into a single expression using the PCRE alternation '|' operator. -.Using multiple dynamic expansions and the PCRE alternation operator -==== -[source,unlang] ----- -if (User-Name =~ /^@(%{Tmp-String-0}|%{Tmp-String-1})$/) { - ... -} ----- -==== - - // Licenced under CC-by-NC 4.0. // Copyright (C) 2021 Network RADIUS SAS. // Copyright (C) 2019 Arran Cudbard-Bell diff --git a/doc/antora/modules/reference/pages/unlang/foreach.adoc b/doc/antora/modules/reference/pages/unlang/foreach.adoc index a5a4cb0cefe..fa3a73eecde 100644 --- a/doc/antora/modules/reference/pages/unlang/foreach.adoc +++ b/doc/antora/modules/reference/pages/unlang/foreach.adoc @@ -221,15 +221,19 @@ be examined, but cannot be changed. This is a limitation of the current interpreter, and may be changed in the future. .Example of Looping over children of a structural type. + +In this examply, we assume that an attribute `TLV-Thing` has a child +called `Foo`. + [source,unlang] ---- -foreach thing (Tmp-TLV-0[*]) { - out += thing.c +foreach thing (TLV-Thing[*]) { + out += thing.Foo out += " " } ---- -This example can read the child attribute `c`, but cannot modify it. +This example can read the child attribute `Foo`, but cannot modify it. // Copyright (C) 2024 Network RADIUS SAS. Licenced under CC-by-NC 4.0. diff --git a/doc/antora/modules/reference/pages/unlang/local.adoc b/doc/antora/modules/reference/pages/unlang/local.adoc index c568a77282b..a45acdf322f 100644 --- a/doc/antora/modules/reference/pages/unlang/local.adoc +++ b/doc/antora/modules/reference/pages/unlang/local.adoc @@ -61,7 +61,8 @@ if (User-Name == "bob") { ---- In v3 the default dictionaries included a series of `Tmp-*` -attributes. These are no longer necessary, and should not be used. +attributes. These attributes are no longer necessary, and should not +be used. Local variables should be used instead. .Local variables exist on only if they have been created [source,unlang] diff --git a/doc/antora/modules/reference/pages/xlat/conversion.adoc b/doc/antora/modules/reference/pages/xlat/conversion.adoc index 6233d237a3e..9c7e9e0c519 100644 --- a/doc/antora/modules/reference/pages/xlat/conversion.adoc +++ b/doc/antora/modules/reference/pages/xlat/conversion.adoc @@ -12,8 +12,10 @@ Encode a string using Base64. [source,unlang] ---- -control.Tmp-String-0 := "Caipirinha" -reply.Reply-Message := "The base64 of %{control.Tmp-String-0} is %base64.encode(%{control.Tmp-String-0})" +string test + +test := "Caipirinha" +reply.Reply-Message := "The base64 of %{test} is %base64.encode(test)" ---- .Output @@ -32,8 +34,10 @@ Decode a string previously encoded using Base64. [source,unlang] ---- -control.Tmp-String-0 := "Q2FpcGlyaW5oYQ==" -reply.Reply-Message := "The base64.decode of %{control.Tmp-String-0} is %base64.decode(%{control.Tmp-String-0})" +string test + +test := "Q2FpcGlyaW5oYQ==" +reply.Reply-Message := "The base64.decode of %{test} is %base64.decode(test)" ---- .Output @@ -52,8 +56,10 @@ Convert string to binary. [source,unlang] ---- -control.Tmp-String-0 := "10" -reply.Reply-Message := "The %{control.Tmp-String-0} in binary is %bin(%{control.Tmp-String-0})" +string test + +test := "10" +reply.Reply-Message := "The %{test} in binary is %bin(test)" ---- .Output @@ -72,8 +78,10 @@ Convert to hex. [source,unlang] ---- -control.Tmp-String-0 := "12345" -reply.Reply-Message := "The value of %{control.Tmp-String-0} in hex is %hex(%{control.Tmp-String-0})" +string test + +test := "12345" +reply.Reply-Message := "The value of %{test} in hex is %hex(test)" ---- .Output @@ -92,9 +100,11 @@ Quote URL special characters. [source,unlang] ---- -control.Tmp-String-0 := "http://example.org/" +string test + +test := "http://example.org/" reply += { - Reply-Message = "The urlquote of %{control.Tmp-String-0} is %url.quote(%{control.Tmp-String-0})" + Reply-Message = "The urlquote of %{test} is %url.quote(test)" } ---- @@ -114,9 +124,11 @@ Unquote URL special characters. [source,unlang] ---- -control.Tmp-String-0 := "http%%3A%%2F%%2Fexample.org%%2F" # Attention for the double %. +string test + +test := "http%%3A%%2F%%2Fexample.org%%2F" # Attention for the double %. reply += { - Reply-Message = "The urlunquote of %{control.Tmp-String-0} is %url.unquote(%{control.Tmp-String-0})" + Reply-Message = "The urlunquote of %{test} is %url.unquote(test)" } ---- diff --git a/doc/antora/modules/reference/pages/xlat/dict.adoc b/doc/antora/modules/reference/pages/xlat/dict.adoc index aff997351af..81d4df31b8b 100644 --- a/doc/antora/modules/reference/pages/xlat/dict.adoc +++ b/doc/antora/modules/reference/pages/xlat/dict.adoc @@ -1,161 +1,8 @@ = Dictionary Lookups -The following functions perform lookups based on dictionary names and numbers. - -The functions are defined in the xref:raddb/mods-available/dict.adoc[dict] module. It must be listed in -the `mods-enabled/` directory in order for the expansions to work. - -== %str.concat(, ) - -Used to join two or more attributes, separated by an optional delimiter. - -.Return: _string_ - -In most cases, `%str.concat(...)` is only useful inside of a dynamically -expanded string. If you need to concatenate strings together in a policy, just use `+`. - -.Example - -[source,unlang] ----- -control += { - Tmp-String-0 = "aaa" - Tmp-String-0 = "bb" - Tmp-String-0 = "c" -} - -reply += { - Reply-Message = "%str.concat(%{control.Tmp-String-0[*]}, ', ')" - Reply-Message = "%str.concat(%{control.Tmp-String-0[*]}, ',')" -} ----- - -.Output - -``` -aaa, bb, c -aaa,bb,c -``` - -.Using "+" -[source,unlang] ----- -string foo - -foo += { "a", "c", "c", "d" } # abcd - -foo += control.Tmp-String-0[*] ----- - -== %str.split(, ) - -Split an string into multiple new strings based on a delimiter. - -This expansion is the opposite of `%str.concat( ... )`. - -.Return: _the number exploded list of strings_. - -.Example - -[source,unlang] ----- -control.Tmp-String-0 := "bob.toba@domain.com" - -control.Tmp-String-1 := "%str.split(control.Tmp-String-0, '@')" - -reply.Reply-Message := "Welcome %{control.Tmp-String-1[0]}" ----- - -.Output - -``` -Welcome bob.toba -``` - -== %str.lpad(, , ) - -Left-pad a string. - -.Return: _string_ - -.Example - -[source,unlang] ----- -control.Tmp-String-0 := "123" - -reply.Reply-Message := "Maximum should be %str.lpad(%{control.Tmp-String-0}, 11, '0')" ----- - -.Output - -``` -Maximum should be 00000000123 -``` - -== %str.rpad(, , ) - -Right-pad a string. - -.Return: _string_ - -.Example - -[source,unlang] ----- -control.Tmp-String-0 := "123" - -reply.Reply-Message := "Maximum should be %str.rpad(%{control.Tmp-String-0}, 11, '0')" ----- - -.Output - -``` -Maximum should be 12300000000 -``` - -== %str.lower( ... ) - -Dynamically expands the string and returns the lowercase version of -it. This definition is only available in version 2.1.10 and later. - -.Return: _string_ - -.Example - -[source,unlang] ----- -control.Tmp-String-0 := "CAIPIRINHA" -reply.Reply-Message := "tolower of %{control.Tmp-String-0} is %str.lower(%{control.Tmp-String-0})" ----- - -.Output - -``` -tolower of CAIPIRINHA is caipirinha -``` - -== %str.upper( ... ) - -Dynamically expands the string and returns the uppercase version of -it. This definition is only available in version 2.1.10 and later. - -.Return: _string_ - -.Example - -[source,unlang] ----- -control.Tmp-String-0 := "caipirinha" -reply.Reply-Message := "toupper of %{control.Tmp-String-0} is " + %str.upper(%{control.Tmp-String-0}) ----- - -.Output - -``` -toupper of caipirinha is CAIPIRINHA -``` - +The dictionary functions are defined in the +xref:raddb/mods-available/dict.adoc[dict] module. It must be listed +in the `mods-enabled/` directory in order for the expansions to work. // Copyright (C) 2023 Network RADIUS SAS. Licenced under CC-by-NC 4.0. // This documentation was developed by Network RADIUS SAS. diff --git a/doc/antora/modules/reference/pages/xlat/hmac.adoc b/doc/antora/modules/reference/pages/xlat/hmac.adoc index 36bca26809e..5cd6090ed25 100644 --- a/doc/antora/modules/reference/pages/xlat/hmac.adoc +++ b/doc/antora/modules/reference/pages/xlat/hmac.adoc @@ -14,13 +14,17 @@ Generate `HMAC-MD5` of string. [source,unlang] ---- -control.Tmp-String-0 := "mykey" -control.Tmp-String-1 := "Caipirinha" -reply.control.Tmp-Octets-0 := %hmac.md5(control.Tmp-String-0, control.Tmp-String-1) +string test1 +string test2 +octets output + +test1 := "mykey" +test2 := "Caipirinha" +output := %hmac.md5(test1, test2) reply += { - Reply-Message = "The HMAC-MD5 of %{control.Tmp-String-1} in octets is %{control.Tmp-Octets-0}" - Reply-Message = "The HMAC-MD5 of %{control.Tmp-String-1} in hex is %hex(control.Tmp-Octets-0)" + Reply-Message = "The HMAC-MD5 of %{test1}%{test2} in octets is %{output}" + Reply-Message = "The HMAC-MD5 of %{test1}%{test2} in hex is %hex(output)" } ---- @@ -41,13 +45,17 @@ Generate `HMAC-SHA1` of string. [source,unlang] ---- -control.Tmp-String-0 := "mykey" -control.Tmp-String-1 := "Caipirinha" -control.Tmp-Octets-0 := %hmac.sha1(control.Tmp-String-0, control.Tmp-String-1) +string test1 +string test2 +octets output + +test1 := "mykey" +test2 := "Caipirinha" +output := %hmac.sha1(test1, test2) reply += { - Reply-Message = "The HMAC-SHA1 of %{control.Tmp-String-1} in octets is %{control.Tmp-Octets-0}" - Reply-Message = "The HMAC-SHA1 of %{control.Tmp-String-1} in hex is %hex(control.Tmp-Octets-0}" + Reply-Message = "The HMAC-SHA1 of %{test1}%{test2} in octets is %{output}" + Reply-Message = "The HMAC-SHA1 of %{test1}%{test2} in hex is %hex(output)" } ---- diff --git a/doc/antora/modules/reference/pages/xlat/misc/length.adoc b/doc/antora/modules/reference/pages/xlat/misc/length.adoc index 5a47435e758..2d6a07e8787 100644 --- a/doc/antora/modules/reference/pages/xlat/misc/length.adoc +++ b/doc/antora/modules/reference/pages/xlat/misc/length.adoc @@ -13,11 +13,11 @@ the attributes data as encoded "on the wire". ==== [source,unlang] ---- -Tmp-String-0 := "Caipirinha" +string test := "Caipirinha" Framed-IP-Address := 192.0.2.1 reply += { - Reply-Message = "The length of %{control.Tmp-String-0} is %length(control.Tmp-String-0)" + Reply-Message = "The length of %{test} is %length(test)" Reply-Message = "The length of %{control.Framed-IP-Address} is %length(control.Framed-IP-Address)" } ---- diff --git a/doc/antora/modules/reference/pages/xlat/pairs/print.adoc b/doc/antora/modules/reference/pages/xlat/pairs/print.adoc index 8339f2d85ed..93c21884308 100644 --- a/doc/antora/modules/reference/pages/xlat/pairs/print.adoc +++ b/doc/antora/modules/reference/pages/xlat/pairs/print.adoc @@ -14,6 +14,7 @@ given attribute. e.g. `reply += "User-Name := 'hello'"`. [source,unlang] ---- control.Tmp-String-0 := { "This is a string", "This is another one" } + reply.Reply-Message := "Serialize output: %pairs.print(control.[*])" ---- diff --git a/doc/antora/modules/reference/pages/xlat/str/concat.adoc b/doc/antora/modules/reference/pages/xlat/str/concat.adoc index 368c2c3e3ec..563201b5ec3 100644 --- a/doc/antora/modules/reference/pages/xlat/str/concat.adoc +++ b/doc/antora/modules/reference/pages/xlat/str/concat.adoc @@ -13,15 +13,11 @@ expanded string. If you need to concatenate strings together in a policy, just [source,unlang] ---- -control += { - Tmp-String-0 = "aaa" - Tmp-String-0 = "bb" - Tmp-String-0 = "c" -} +control.Tmp-String-0 := { "aaa", "bb", "c" } reply += { - Reply-Message = "%str.concat(%{control.Tmp-String-0[*]}, ', ')" - Reply-Message = "%str.concat(%{control.Tmp-String-0[*]}, ',')" + Reply-Message = %str.concat(%{control.Tmp-String-0[*]}, ', ') + Reply-Message = %str.concat(%{control.Tmp-String-0[*]}, ',') } ---- @@ -32,15 +28,5 @@ aaa, bb, c aaa,bb,c ``` -.Using "+" -[source,unlang] ----- -string foo - -foo += { "a", "c", "c", "d" } # abcd - -foo += control.Tmp-String-0[*] ----- - // Copyright (C) 2025 Network RADIUS SAS. Licenced under CC-by-NC 4.0. // This documentation was developed by Network RADIUS SAS. diff --git a/doc/antora/modules/reference/pages/xlat/str/lower.adoc b/doc/antora/modules/reference/pages/xlat/str/lower.adoc index 73dc0da02bc..bbb24841de8 100644 --- a/doc/antora/modules/reference/pages/xlat/str/lower.adoc +++ b/doc/antora/modules/reference/pages/xlat/str/lower.adoc @@ -10,14 +10,15 @@ The lowercase operation is done using the current locale. [source,unlang] ---- -control.Tmp-String-0 := "CAIPIRINHA" -reply.Reply-Message := "lowercase of %{control.Tmp-String-0} is %str.lower(control.Tmp-String-0)" +User-Name := "BOB" + +reply.Reply-Message := "lowercase of %{User-Name} is %str.lower(User-Name)" ---- .Output ``` -lowercase of CAIPIRINHA is caipirinha +lowercase of BOB is bob ``` // Copyright (C) 2025 Network RADIUS SAS. Licenced under CC-by-NC 4.0. diff --git a/doc/antora/modules/reference/pages/xlat/str/lpad.adoc b/doc/antora/modules/reference/pages/xlat/str/lpad.adoc index d3e40842d6d..953a06ac08f 100644 --- a/doc/antora/modules/reference/pages/xlat/str/lpad.adoc +++ b/doc/antora/modules/reference/pages/xlat/str/lpad.adoc @@ -8,9 +8,11 @@ Left-pad a string. [source,unlang] ---- -control.Tmp-String-0 := "123" +string test -reply.Reply-Message := "Maximum should be %str.lpad(%{control.Tmp-String-0}, 11, '0')" +test := "123" + +reply.Reply-Message := "Maximum should be %str.lpad(test, 11, '0')" ---- .Output diff --git a/doc/antora/modules/reference/pages/xlat/str/rpad.adoc b/doc/antora/modules/reference/pages/xlat/str/rpad.adoc index 1303e4a482c..3e0ab07d4b8 100644 --- a/doc/antora/modules/reference/pages/xlat/str/rpad.adoc +++ b/doc/antora/modules/reference/pages/xlat/str/rpad.adoc @@ -8,9 +8,11 @@ Right-pad a string. [source,unlang] ---- -control.Tmp-String-0 := "123" +string test -reply.Reply-Message := "Maximum should be %str.rpad(%{control.Tmp-String-0}, 11, '0')" +test := "123" + +reply.Reply-Message := "Maximum should be %str.rpad(test, 11, '0')" ---- .Output diff --git a/doc/antora/modules/reference/pages/xlat/str/split.adoc b/doc/antora/modules/reference/pages/xlat/str/split.adoc index 74ca351333c..fdb02f9f274 100644 --- a/doc/antora/modules/reference/pages/xlat/str/split.adoc +++ b/doc/antora/modules/reference/pages/xlat/str/split.adoc @@ -10,9 +10,9 @@ This expansion is the inverse of xref:xlat/str/concat.adoc[str.concat]. [source,unlang] ---- -control.Tmp-String-0 := "bob.toba@domain.com" +User-Name := "bob.toba@domain.com" -control.Tmp-String-1 := %str.split(control.Tmp-String-0, '@') +control.Tmp-String-1 := %str.split(User-Name, '@') reply.Reply-Message := "Welcome %{control.Tmp-String-1[0]}" ---- diff --git a/doc/antora/modules/reference/pages/xlat/str/upper.adoc b/doc/antora/modules/reference/pages/xlat/str/upper.adoc index 3dbb7e359be..0ab0f7e13ad 100644 --- a/doc/antora/modules/reference/pages/xlat/str/upper.adoc +++ b/doc/antora/modules/reference/pages/xlat/str/upper.adoc @@ -10,14 +10,14 @@ The uppercase operation is done using the current locale. [source,unlang] ---- -control.Tmp-String-0 := "caipirinha" -reply.Reply-Message := "uppercase of %{control.Tmp-String-0} is " + %str.upper(control.Tmp-String-0) +User-Name := "bob" +reply.Reply-Message := "uppercase of %{User-Name} is " + %str.upper(User-Name) ---- .Output ``` -uppercase of caipirinha is CAIPIRINHA +uppercase of bob is BOB ``` // Copyright (C) 2025 Network RADIUS SAS. Licenced under CC-by-NC 4.0.