From: Phil Mayers Date: Fri, 5 Oct 2012 11:52:12 +0000 (+0100) Subject: remove escape function from xlat handlers; perform escaping *once* in decode_attribute X-Git-Tag: release_3_0_0_beta1~1662^2~1^2~9 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ff6fedad6e110c1ee3f8e52eafb778e0f2c10b9f;p=thirdparty%2Ffreeradius-server.git remove escape function from xlat handlers; perform escaping *once* in decode_attribute --- diff --git a/src/include/radiusd.h b/src/include/radiusd.h index f6e256b1124..feeff487130 100644 --- a/src/include/radiusd.h +++ b/src/include/radiusd.h @@ -716,7 +716,7 @@ typedef size_t (*RADIUS_ESCAPE_STRING)(char *out, size_t outlen, const char *in) int radius_xlat(char * out, int outlen, const char *fmt, REQUEST * request, RADIUS_ESCAPE_STRING func, void *funcarg); -typedef size_t (*RAD_XLAT_FUNC)(void *instance, REQUEST *, const char *, char *, size_t, RADIUS_ESCAPE_STRING func); +typedef size_t (*RAD_XLAT_FUNC)(void *instance, REQUEST *, const char *, char *, size_t); int xlat_register(const char *module, RAD_XLAT_FUNC func, void *instance); void xlat_unregister(const char *module, RAD_XLAT_FUNC func, diff --git a/src/main/listen.c b/src/main/listen.c index 11bca647396..2624f424636 100644 --- a/src/main/listen.c +++ b/src/main/listen.c @@ -94,8 +94,7 @@ static int command_write_magic(int newfd, listen_socket_t *sock); */ static size_t xlat_listen(UNUSED void *instance, REQUEST *request, const char *fmt, char *out, - size_t outlen, - UNUSED RADIUS_ESCAPE_STRING func) + size_t outlen) { const char *value = NULL; CONF_PAIR *cp; diff --git a/src/main/mainconfig.c b/src/main/mainconfig.c index 50c1898207d..5e51e3656a0 100644 --- a/src/main/mainconfig.c +++ b/src/main/mainconfig.c @@ -353,8 +353,7 @@ static size_t config_escape_func(char *out, size_t outlen, const char *in) */ static size_t xlat_config(void *instance, REQUEST *request, const char *fmt, char *out, - size_t outlen, - RADIUS_ESCAPE_STRING func) + size_t outlen) { const char *value; CONF_PAIR *cp; @@ -392,7 +391,9 @@ static size_t xlat_config(void *instance, REQUEST *request, } } - return func(out, outlen, value); + strlcpy(out, value, outlen); + + return strlen(out); } @@ -401,8 +402,7 @@ static size_t xlat_config(void *instance, REQUEST *request, */ static size_t xlat_client(UNUSED void *instance, REQUEST *request, const char *fmt, char *out, - size_t outlen, - UNUSED RADIUS_ESCAPE_STRING func) + size_t outlen) { const char *value = NULL; CONF_PAIR *cp; diff --git a/src/main/realms.c b/src/main/realms.c index c2a1af6e652..ff74aa6d133 100644 --- a/src/main/realms.c +++ b/src/main/realms.c @@ -230,8 +230,7 @@ static size_t xlat_cs(CONF_SECTION *cs, const char *fmt, char *out, size_t outle * Xlat for %{home_server:foo} */ static size_t xlat_home_server(UNUSED void *instance, REQUEST *request, - const char *fmt, char *out, size_t outlen, - UNUSED RADIUS_ESCAPE_STRING func) + const char *fmt, char *out, size_t outlen) { if (!fmt || !out || (outlen < 1)) return 0; @@ -248,8 +247,7 @@ static size_t xlat_home_server(UNUSED void *instance, REQUEST *request, * Xlat for %{home_server_pool:foo} */ static size_t xlat_server_pool(UNUSED void *instance, REQUEST *request, - const char *fmt, char *out, size_t outlen, - UNUSED RADIUS_ESCAPE_STRING func) + const char *fmt, char *out, size_t outlen) { if (!fmt || !out || (outlen < 1)) return 0; diff --git a/src/main/xlat.c b/src/main/xlat.c index 24328d2095c..4d8974deb7e 100644 --- a/src/main/xlat.c +++ b/src/main/xlat.c @@ -74,14 +74,11 @@ static int xlat_inst[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8 }; /* up to 8 for regex */ /** * @brief Convert the value on a VALUE_PAIR to string */ -static int valuepair2str(char * out,int outlen,VALUE_PAIR * pair, - int type, RADIUS_ESCAPE_STRING func) +static int valuepair2str(char * out,int outlen,VALUE_PAIR * pair, int type) { - char buffer[MAX_STRING_LEN * 4]; - if (pair != NULL) { - vp_prints_value(buffer, sizeof(buffer), pair, -1); - return func(out, outlen, buffer); + vp_prints_value(out, outlen, pair, -1); + return strlen(out); } switch (type) { @@ -130,8 +127,7 @@ redo: * Dynamically translate for check:, request:, reply:, etc. */ static size_t xlat_packet(void *instance, REQUEST *request, - const char *fmt, char *out, size_t outlen, - RADIUS_ESCAPE_STRING func) + const char *fmt, char *out, size_t outlen) { DICT_ATTR *da; VALUE_PAIR *vp; @@ -297,7 +293,7 @@ static size_t xlat_packet(void *instance, REQUEST *request, for (vp = pairfind_tag(vps, da, tag); vp != NULL; vp = pairfind_tag(vp->next, da, tag)) { - count = valuepair2str(out, outlen - 1, vp, da->type, func); + count = valuepair2str(out, outlen - 1, vp, da->type); rad_assert(count <= outlen); total += count + 1; outlen -= (count + 1); @@ -345,7 +341,7 @@ static size_t xlat_packet(void *instance, REQUEST *request, return snprintf(out, outlen, "%u", vp->vp_integer); } - return valuepair2str(out, outlen, vp, da->type, func); + return valuepair2str(out, outlen, vp, da->type); } vp = pairfind(vps, da->attr, da->vendor); @@ -472,8 +468,7 @@ static size_t xlat_packet(void *instance, REQUEST *request, } localvp.type = da->type; - return valuepair2str(out, outlen, &localvp, - da->type, func); + return valuepair2str(out, outlen, &localvp, da->type); } /* @@ -487,15 +482,14 @@ static size_t xlat_packet(void *instance, REQUEST *request, /* * Convert the VP to a string, and return it. */ - return valuepair2str(out, outlen, vp, da->type, func); + return valuepair2str(out, outlen, vp, da->type); } /** * @brief Print data as integer, not as VALUE. */ static size_t xlat_integer(UNUSED void *instance, REQUEST *request, - const char *fmt, char *out, size_t outlen, - UNUSED RADIUS_ESCAPE_STRING func) + const char *fmt, char *out, size_t outlen) { VALUE_PAIR *vp; @@ -527,8 +521,7 @@ static size_t xlat_integer(UNUSED void *instance, REQUEST *request, * @brief Print data as hex, not as VALUE. */ static size_t xlat_hex(UNUSED void *instance, REQUEST *request, - const char *fmt, char *out, size_t outlen, - UNUSED RADIUS_ESCAPE_STRING func) + const char *fmt, char *out, size_t outlen) { size_t i; uint8_t *p; @@ -562,8 +555,7 @@ static size_t xlat_hex(UNUSED void *instance, REQUEST *request, * @brief Prints the current module processing the request */ static size_t xlat_module(UNUSED void *instance, REQUEST *request, - UNUSED const char *fmt, char *out, size_t outlen, - UNUSED RADIUS_ESCAPE_STRING func) + UNUSED const char *fmt, char *out, size_t outlen) { strlcpy(out, request->module, outlen); @@ -577,8 +569,7 @@ static size_t xlat_module(UNUSED void *instance, REQUEST *request, * @see modcall() */ static size_t xlat_foreach(void *instance, REQUEST *request, - UNUSED const char *fmt, char *out, size_t outlen, - RADIUS_ESCAPE_STRING func) + UNUSED const char *fmt, char *out, size_t outlen) { VALUE_PAIR **pvp; @@ -592,7 +583,7 @@ static size_t xlat_foreach(void *instance, REQUEST *request, return 0; } - return valuepair2str(out, outlen, (*pvp), (*pvp)->type, func); + return valuepair2str(out, outlen, (*pvp), (*pvp)->type); } #endif @@ -604,8 +595,7 @@ static size_t xlat_foreach(void *instance, REQUEST *request, * expand to "\n\n\n" */ static size_t xlat_string(UNUSED void *instance, REQUEST *request, - const char *fmt, char *out, size_t outlen, - UNUSED RADIUS_ESCAPE_STRING func) + const char *fmt, char *out, size_t outlen) { int len; VALUE_PAIR *vp; @@ -635,8 +625,7 @@ static size_t xlat_string(UNUSED void *instance, REQUEST *request, * @brief Expand regexp matches %{0} to %{8} */ static size_t xlat_regex(void *instance, REQUEST *request, - const char *fmt, char *out, size_t outlen, - RADIUS_ESCAPE_STRING func) + const char *fmt, char *out, size_t outlen) { char *regex; @@ -645,7 +634,6 @@ static size_t xlat_regex(void *instance, REQUEST *request, * are already in the "instance". */ fmt = fmt; /* -Wunused */ - func = func; /* -Wunused FIXME: do escaping? */ regex = request_data_reference(request, request, REQUEST_DATA_REGEX | *(int *)instance); @@ -666,8 +654,7 @@ static size_t xlat_regex(void *instance, REQUEST *request, * Example %{debug:3} */ static size_t xlat_debug(UNUSED void *instance, REQUEST *request, - const char *fmt, char *out, size_t outlen, - UNUSED RADIUS_ESCAPE_STRING func) + const char *fmt, char *out, size_t outlen) { int level = 0; @@ -1119,8 +1106,21 @@ do_xlat: if (!c->internal) RDEBUG3("radius_xlat: Running registered xlat function of module %s for string \'%s\'", c->module, xlat_str); - retlen = c->do_xlat(c->instance, request, xlat_str, - q, freespace, func); + if (func) { + /* xlat to a temporary buffer, then escape */ + char tmpbuf[8192]; + retlen = c->do_xlat(c->instance, request, xlat_str, tmpbuf, sizeof(tmpbuf)); + if (retlen > 0) { + retlen = func(q, freespace, tmpbuf); + if (retlen > 0) { + RDEBUG2("string escaped from \'%s\' to \'%s\'", tmpbuf, q); + } else if (retlen < 0) { + RDEBUG2("string escape failed"); + } + } + } else { + retlen = c->do_xlat(c->instance, request, xlat_str, q, freespace); + } if (retlen > 0) { if (do_length) { snprintf(q, freespace, "%d", retlen); diff --git a/src/modules/rlm_cache/rlm_cache.c b/src/modules/rlm_cache/rlm_cache.c index 014550c53db..1499cae93ed 100644 --- a/src/modules/rlm_cache/rlm_cache.c +++ b/src/modules/rlm_cache/rlm_cache.c @@ -362,8 +362,7 @@ static int cache_verify(rlm_cache_t *inst) * Allow single attribute values to be retrieved from the cache. */ static size_t cache_xlat(void *instance, REQUEST *request, - const char *fmt, char *out, size_t freespace, - UNUSED RADIUS_ESCAPE_STRING func) + const char *fmt, char *out, size_t freespace) { rlm_cache_entry_t *c; rlm_cache_t *inst = instance; diff --git a/src/modules/rlm_exec/rlm_exec.c b/src/modules/rlm_exec/rlm_exec.c index 5f163196dcf..adf8dbcf245 100644 --- a/src/modules/rlm_exec/rlm_exec.c +++ b/src/modules/rlm_exec/rlm_exec.c @@ -118,8 +118,7 @@ static VALUE_PAIR **decode_string(REQUEST *request, const char *string) * Do xlat of strings. */ static size_t exec_xlat(void *instance, REQUEST *request, - const char *fmt, char *out, size_t outlen, - UNUSED RADIUS_ESCAPE_STRING func) + const char *fmt, char *out, size_t outlen) { int result; rlm_exec_t *inst = instance; diff --git a/src/modules/rlm_expr/rlm_expr.c b/src/modules/rlm_expr/rlm_expr.c index b1097fbcdd2..401084b47a0 100644 --- a/src/modules/rlm_expr/rlm_expr.c +++ b/src/modules/rlm_expr/rlm_expr.c @@ -235,7 +235,7 @@ static int get_number(REQUEST *request, const char **string, int64_t *answer) * Do xlat of strings! */ static size_t expr_xlat(void *instance, REQUEST *request, const char *fmt, - char *out, size_t outlen, RADIUS_ESCAPE_STRING func) + char *out, size_t outlen) { int rcode; int64_t result; @@ -248,7 +248,7 @@ static size_t expr_xlat(void *instance, REQUEST *request, const char *fmt, /* * Do an xlat on the provided string (nice recursive operation). */ - if (!radius_xlat(buffer, sizeof(buffer), fmt, request, func, NULL)) { + if (!radius_xlat(buffer, sizeof(buffer), fmt, request, NULL, NULL)) { radlog(L_ERR, "rlm_expr: xlat failed."); *out = '\0'; return 0; @@ -277,8 +277,7 @@ static size_t expr_xlat(void *instance, REQUEST *request, const char *fmt, * */ static size_t rand_xlat(UNUSED void *instance, REQUEST *request, const char *fmt, - char *out, size_t outlen, - RADIUS_ESCAPE_STRING func) + char *out, size_t outlen) { int64_t result; char buffer[256]; @@ -286,7 +285,7 @@ static size_t rand_xlat(UNUSED void *instance, REQUEST *request, const char *fmt /* * Do an xlat on the provided string (nice recursive operation). */ - if (!radius_xlat(buffer, sizeof(buffer), fmt, request, func, NULL)) { + if (!radius_xlat(buffer, sizeof(buffer), fmt, request, NULL, NULL)) { radlog(L_ERR, "rlm_expr: xlat failed."); *out = '\0'; return 0; @@ -314,8 +313,7 @@ static size_t rand_xlat(UNUSED void *instance, REQUEST *request, const char *fmt * Format identical to String::Random. */ static size_t randstr_xlat(UNUSED void *instance, REQUEST *request, - const char *fmt, char *out, size_t outlen, - RADIUS_ESCAPE_STRING func) + const char *fmt, char *out, size_t outlen) { char *p; char buffer[1024]; @@ -328,7 +326,7 @@ static size_t randstr_xlat(UNUSED void *instance, REQUEST *request, /* * Do an xlat on the provided string (nice recursive operation). */ - len = radius_xlat(buffer, sizeof(buffer), fmt, request, func, NULL); + len = radius_xlat(buffer, sizeof(buffer), fmt, request, NULL, NULL); if (!len) { radlog(L_ERR, "rlm_expr: xlat failed."); *out = '\0'; @@ -426,8 +424,7 @@ static size_t randstr_xlat(UNUSED void *instance, REQUEST *request, * Example: "%{urlquote:http://example.org/}" == "http%3A%47%47example.org%47" */ static size_t urlquote_xlat(UNUSED void *instance, REQUEST *request, - const char *fmt, char *out, size_t outlen, - UNUSED RADIUS_ESCAPE_STRING func) + const char *fmt, char *out, size_t outlen) { char *p; char buffer[1024]; @@ -436,7 +433,7 @@ static size_t urlquote_xlat(UNUSED void *instance, REQUEST *request, if (outlen <= 1) return 0; - len = radius_xlat(buffer, sizeof(buffer), fmt, request, func, NULL); + len = radius_xlat(buffer, sizeof(buffer), fmt, request, NULL, NULL); if (!len) { radlog(L_ERR, "rlm_expr: xlat failed."); *out = '\0'; @@ -480,8 +477,7 @@ static size_t urlquote_xlat(UNUSED void *instance, REQUEST *request, * Example: "%{escape:foo.jpg}" == "=60img=62foo.jpg=60=/img=62" */ static size_t escape_xlat(UNUSED void *instance, REQUEST *request, - const char *fmt, char *out, size_t outlen, - UNUSED RADIUS_ESCAPE_STRING func) + const char *fmt, char *out, size_t outlen) { rlm_expr_t *inst = instance; char *p; @@ -491,7 +487,7 @@ static size_t escape_xlat(UNUSED void *instance, REQUEST *request, if (outlen <= 1) return 0; - len = radius_xlat(buffer, sizeof(buffer), fmt, request, func, NULL); + len = radius_xlat(buffer, sizeof(buffer), fmt, request, NULL, NULL); if (!len) { radlog(L_ERR, "rlm_expr: xlat failed."); *out = '\0'; @@ -532,15 +528,14 @@ static size_t escape_xlat(UNUSED void *instance, REQUEST *request, * Probably only works for ASCII */ static size_t lc_xlat(UNUSED void *instance, REQUEST *request, - const char *fmt, char *out, size_t outlen, - UNUSED RADIUS_ESCAPE_STRING func) + const char *fmt, char *out, size_t outlen) { char *p, *q; char buffer[1024]; if (outlen <= 1) return 0; - if (!radius_xlat(buffer, sizeof(buffer), fmt, request, func, NULL)) { + if (!radius_xlat(buffer, sizeof(buffer), fmt, request, NULL, NULL)) { *out = '\0'; return 0; } @@ -564,15 +559,14 @@ static size_t lc_xlat(UNUSED void *instance, REQUEST *request, * Probably only works for ASCII */ static size_t uc_xlat(UNUSED void *instance, REQUEST *request, - const char *fmt, char *out, size_t outlen, - UNUSED RADIUS_ESCAPE_STRING func) + const char *fmt, char *out, size_t outlen) { char *p, *q; char buffer[1024]; if (outlen <= 1) return 0; - if (!radius_xlat(buffer, sizeof(buffer), fmt, request, func, NULL)) { + if (!radius_xlat(buffer, sizeof(buffer), fmt, request, NULL, NULL)) { *out = '\0'; return 0; } @@ -594,15 +588,14 @@ static size_t uc_xlat(UNUSED void *instance, REQUEST *request, * Example: "%{md5:foo}" == "acbd18db4cc2f85cedef654fccc4a4d8" */ static size_t md5_xlat(UNUSED void *instance, REQUEST *request, - const char *fmt, char *out, size_t outlen, - UNUSED RADIUS_ESCAPE_STRING func) + const char *fmt, char *out, size_t outlen) { char buffer[1024]; uint8_t digest[16]; int i; FR_MD5_CTX ctx; - if (!radius_xlat(buffer, sizeof(buffer), fmt, request, func, NULL)) { + if (!radius_xlat(buffer, sizeof(buffer), fmt, request, NULL, NULL)) { *out = '\0'; return 0; } diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c index f4a5bb5ab30..be9517253ff 100644 --- a/src/modules/rlm_ldap/rlm_ldap.c +++ b/src/modules/rlm_ldap/rlm_ldap.c @@ -362,7 +362,7 @@ static void fieldcpy(char *, char **); #endif static VALUE_PAIR *ldap_pairget(LDAP *, LDAPMessage *, TLDAP_RADIUS *,VALUE_PAIR **,int, ldap_instance *); static int ldap_groupcmp(void *, REQUEST *, VALUE_PAIR *, VALUE_PAIR *, VALUE_PAIR *, VALUE_PAIR **); -static size_t ldap_xlat(void *, REQUEST *, const char *, char *, size_t, RADIUS_ESCAPE_STRING); +static size_t ldap_xlat(void *, REQUEST *, const char *, char *, size_t); static LDAP *ldap_connect(void *instance, const char *, const char *, int, int *, char **); static int read_mappings(ldap_instance* inst); @@ -1214,8 +1214,7 @@ static int ldap_groupcmp(void *instance, REQUEST *req, * Do an xlat on an LDAP URL */ static size_t ldap_xlat(void *instance, REQUEST *request, const char *fmt, - char *out, size_t freespace, - UNUSED RADIUS_ESCAPE_STRING func) + char *out, size_t freespace) { char url[MAX_FILTER_STR_LEN]; int res; diff --git a/src/modules/rlm_mschap/rlm_mschap.c b/src/modules/rlm_mschap/rlm_mschap.c index a1bb55f5dff..0a315f15cc3 100644 --- a/src/modules/rlm_mschap/rlm_mschap.c +++ b/src/modules/rlm_mschap/rlm_mschap.c @@ -165,8 +165,7 @@ typedef struct rlm_mschap_t { * attributes. */ static size_t mschap_xlat(void *instance, REQUEST *request, - const char *fmt, char *out, size_t outlen, - RADIUS_ESCAPE_STRING func) + const char *fmt, char *out, size_t outlen) { size_t i, data_len; uint8_t *data = NULL; @@ -177,8 +176,6 @@ static size_t mschap_xlat(void *instance, REQUEST *request, response = NULL; - func = func; /* -Wunused */ - /* * Challenge means MS-CHAPv1 challenge, or * hash of MS-CHAPv2 challenge, and peer challenge. diff --git a/src/modules/rlm_perl/rlm_perl.c b/src/modules/rlm_perl/rlm_perl.c index f489e12302d..6de22053b96 100644 --- a/src/modules/rlm_perl/rlm_perl.c +++ b/src/modules/rlm_perl/rlm_perl.c @@ -321,7 +321,7 @@ static XS(XS_radiusd_radlog) * The xlat function */ static size_t perl_xlat(void *instance, REQUEST *request, char *fmt, char *out, - size_t freespace, RADIUS_ESCAPE_STRING func) + size_t freespace) { PERL_INST *inst= (PERL_INST *) instance; @@ -334,7 +334,7 @@ static size_t perl_xlat(void *instance, REQUEST *request, char *fmt, char *out, /* * Do an xlat on the provided string (nice recursive operation). */ - if (!radius_xlat(params, sizeof(params), fmt, request, func, NULL)) { + if (!radius_xlat(params, sizeof(params), fmt, request, NULL, NULL)) { radlog(L_ERR, "rlm_perl: xlat failed."); return 0; } diff --git a/src/modules/rlm_redis/rlm_redis.c b/src/modules/rlm_redis/rlm_redis.c index c80dbc8c872..5eebae88689 100644 --- a/src/modules/rlm_redis/rlm_redis.c +++ b/src/modules/rlm_redis/rlm_redis.c @@ -185,8 +185,7 @@ static size_t redis_escape_func(char *out, size_t outlen, const char *in) } static size_t redis_xlat(void *instance, REQUEST *request, - const char *fmt, char *out, size_t freespace, - UNUSED RADIUS_ESCAPE_STRING func) + const char *fmt, char *out, size_t freespace) { REDIS_INST *inst = instance; REDISSOCK *dissocket; diff --git a/src/modules/rlm_soh/rlm_soh.c b/src/modules/rlm_soh/rlm_soh.c index 2edaffb41e5..69e683597d8 100644 --- a/src/modules/rlm_soh/rlm_soh.c +++ b/src/modules/rlm_soh/rlm_soh.c @@ -38,7 +38,7 @@ typedef struct rlm_soh_t { /* * Not sure how to make this useful yet... */ -static size_t soh_xlat(UNUSED void *instance, REQUEST *request, const char *fmt, char *out, size_t outlen, UNUSED RADIUS_ESCAPE_STRING func) { +static size_t soh_xlat(UNUSED void *instance, REQUEST *request, const char *fmt, char *out, size_t outlen) { VALUE_PAIR* vp[6]; const char *osname; diff --git a/src/modules/rlm_sql/rlm_sql.c b/src/modules/rlm_sql/rlm_sql.c index aec8365fbbc..ef877c659cf 100644 --- a/src/modules/rlm_sql/rlm_sql.c +++ b/src/modules/rlm_sql/rlm_sql.c @@ -135,8 +135,7 @@ static size_t sql_escape_func(char *out, size_t outlen, const char *in); * returned instead. */ static size_t sql_xlat(void *instance, REQUEST *request, - const char *fmt, char *out, size_t freespace, - UNUSED RADIUS_ESCAPE_STRING func) + const char *fmt, char *out, size_t freespace) { SQLSOCK *sqlsocket; SQL_ROW row;