From: Alan T. DeKok Date: Sat, 24 Aug 2024 12:23:25 +0000 (-0400) Subject: narrow down the scope of bare words in the configuration files X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f7cb192afa8e29111c1c75e83b21f85d7822dd10;p=thirdparty%2Ffreeradius-server.git narrow down the scope of bare words in the configuration files only unlang (module references) and edit sections (lists of values) can have bare words. as a result, remove old configuration sections which haven't been used for a while. Outside of unlang (map, switch) name2 must be alphanumeric --- diff --git a/src/lib/server/cf_file.c b/src/lib/server/cf_file.c index 4febffaba93..2e89c443007 100644 --- a/src/lib/server/cf_file.c +++ b/src/lib/server/cf_file.c @@ -2165,7 +2165,7 @@ static int parse_input(cf_stack_t *stack) /* * See if this thing is a variable definition. */ - if (parent->allow_locals) { + if (parent->allow_locals && (name1_token == T_BARE_WORD)) { fr_type_t type; type = fr_table_value_by_str(fr_type_table, buff[1], FR_TYPE_NULL); @@ -2193,15 +2193,27 @@ static int parse_input(cf_stack_t *stack) } /* - * parent single word is done. Create a CONF_PAIR. + * We've parsed the LHS thing. The RHS might be empty, or an operator, or another word, or an + * open bracket. */ check_for_eol: if (!*ptr || (*ptr == '#') || (*ptr == ',') || (*ptr == ';') || (*ptr == '}')) { - parent->allow_locals = false; - value_token = T_INVALID; - op_token = T_OP_EQ; - value = NULL; - goto alloc_pair; + /* + * Only unlang sections can have module references. + * + * We also allow bare words in edit lists, where the RHS is a list of values. + */ + if( (parent->unlang == CF_UNLANG_ALLOW) || (parent->unlang == CF_UNLANG_EDIT)) { + parent->allow_locals = false; + value_token = T_INVALID; + op_token = T_OP_EQ; + value = NULL; + goto alloc_pair; + } + + ERROR("%s[%d]: Parse error: Unexpected bare word. There should be a '{' or operator after it", + frame->filename, frame->lineno); + return -1; } /* @@ -2231,6 +2243,15 @@ check_for_eol: if ((*ptr == '"') || (*ptr == '`') || (*ptr == '\'') || ((*ptr == '&') && (ptr[1] != '=')) || ((*((uint8_t const *) ptr) & 0x80) != 0) || isalpha((uint8_t) *ptr) || isdigit((uint8_t) *ptr)) { parse_name2: + /* + * Other than "unlang" sections, the second name MUST be alphanumeric + */ + if ((parent->unlang != CF_UNLANG_ALLOW) && !isalpha((uint8_t) *ptr) && !isdigit((uint8_t) *ptr)) { + ERROR("%s[%d]: Parse error: Unexpected text after section name", + frame->filename, frame->lineno); + return -1; + } + if (cf_get_token(parent, &ptr, &name2_token, buff[2], stack->bufsize, frame->filename, frame->lineno) < 0) { return -1; diff --git a/src/tests/keywords/dhcpv4.conf b/src/tests/keywords/dhcpv4.conf index a4b331782c6..6170bd8fb6c 100644 --- a/src/tests/keywords/dhcpv4.conf +++ b/src/tests/keywords/dhcpv4.conf @@ -22,16 +22,6 @@ policy { $INCLUDE policy.conf } -instantiate { - # - # Just check that this can be referred to as "virtual_instantiate.post-auth" - # - load-balance virtual_instantiate { - ok - updated - } -} - # # Virtual server for the DHCPv4 protocol. # diff --git a/src/tests/keywords/dhcpv6.conf b/src/tests/keywords/dhcpv6.conf index f5ca12be81a..1896beb315f 100644 --- a/src/tests/keywords/dhcpv6.conf +++ b/src/tests/keywords/dhcpv6.conf @@ -22,16 +22,6 @@ policy { $INCLUDE policy.conf } -instantiate { - # - # Just check that this can be referred to as "virtual_instantiate.post-auth" - # - load-balance virtual_instantiate { - ok - updated - } -} - # # Virtual server for the DHCPv6 protocol. #