From afa4d65ed2ef235abde2a3d68f099645cf3fdfd3 Mon Sep 17 00:00:00 2001
From: "Alan T. DeKok" <aland@freeradius.org>
Date: Tue, 29 Aug 2023 18:05:11 -0400
Subject: [PATCH] Remove old virtual attributes

Module-Return-Code
Virtual-Server
Request-Processing-Stage

update examples, document them, etc.
---
 .../modules/installation/pages/upgrade.adoc   |  9 +++--
 raddb/mods-available/eap                      |  2 +-
 .../freeradius/dictionary.freeradius.internal | 16 ++-------
 src/lib/server/tmpl_eval.c                    | 36 -------------------
 src/lib/unlang/interpret.c                    | 18 +++++-----
 src/lib/unlang/xlat_eval.c                    |  3 --
 src/lib/unlang/xlat_expr.c                    |  7 ++--
 src/tests/keywords/virtual                    |  6 ----
 src/tests/keywords/virtual-exists             |  6 ----
 src/tests/keywords/xlat-virtual-attr          | 22 ------------
 10 files changed, 25 insertions(+), 100 deletions(-)
 delete mode 100644 src/tests/keywords/virtual
 delete mode 100644 src/tests/keywords/virtual-exists

diff --git a/doc/antora/modules/installation/pages/upgrade.adoc b/doc/antora/modules/installation/pages/upgrade.adoc
index f7cbb5599ce..491d038fd7c 100644
--- a/doc/antora/modules/installation/pages/upgrade.adoc
+++ b/doc/antora/modules/installation/pages/upgrade.adoc
@@ -1031,5 +1031,10 @@ result in an error.
 
 == Deleted Functionality
 
-The `Response-Packet-Type` attribute has been removed.  Please replace
-it with `&reply.Packet-Type`.
+Many "virtual" or "fake" attributes have been removed or renamed.
+
+`&Module-Return-Code` should be replaced by `%{interpreter:rcode}`.
+
+`&Response-Packet-Type` should be replaced by `&reply.Packet-Type`.
+
+`&Virtual-Server` should be replaced by `%{interpreter:server}`.
diff --git a/raddb/mods-available/eap b/raddb/mods-available/eap
index 77b93fe5660..ce5814877fd 100644
--- a/raddb/mods-available/eap
+++ b/raddb/mods-available/eap
@@ -783,7 +783,7 @@ eap {
 			#  NOTE: OpenSSL only allows 32 bytes of session ctx, so
 			#  the value provided here is digested with SHA256.
 			#
-#			name = "%{EAP-Type}%{Virtual-Server}"
+#			name = "%{EAP-Type}%{interpreter:server}"
 
 			#
 			#  lifetime::
diff --git a/share/dictionary/freeradius/dictionary.freeradius.internal b/share/dictionary/freeradius/dictionary.freeradius.internal
index 36a7c5f3c38..f4746066504 100644
--- a/share/dictionary/freeradius/dictionary.freeradius.internal
+++ b/share/dictionary/freeradius/dictionary.freeradius.internal
@@ -65,18 +65,8 @@ ATTRIBUTE	Auth-Type				12	integer
 ATTRIBUTE	Load-Balance-Key			20	string
 ATTRIBUTE	Proxy-To-Realm				21	string
 # 22 - was Replicate-To-Realm
-ATTRIBUTE	Virtual-Server				23	string virtual
-ATTRIBUTE	Module-Return-Code			24	integer virtual
-
-VALUE	Module-Return-Code		reject			0
-VALUE	Module-Return-Code		fail			1
-VALUE	Module-Return-Code		ok			2
-VALUE	Module-Return-Code		handled			3
-VALUE	Module-Return-Code		invalid			4
-VALUE	Module-Return-Code		disallow		5
-VALUE	Module-Return-Code		notfound		6
-VALUE	Module-Return-Code		noop			7
-VALUE	Module-Return-Code		updated			8
+# 23 was Virtual-Server
+# 24 was Module-Return-Code
 
 #
 #	Cannonical definition of all available module methods
@@ -108,7 +98,7 @@ VALUE	Module-Method			store			22
 VALUE	Module-Method			clear			23
 VALUE	Module-Method			refresh			24
 
-ATTRIBUTE	Request-Processing-Stage		26	string virtual
+# 26 was Request-Processing-Stage
 
 #
 #	Range:	50 - 99
diff --git a/src/lib/server/tmpl_eval.c b/src/lib/server/tmpl_eval.c
index 8f7f0cdc7db..2ffcfd6b545 100644
--- a/src/lib/server/tmpl_eval.c
+++ b/src/lib/server/tmpl_eval.c
@@ -59,9 +59,6 @@ static fr_dict_attr_t const *attr_packet_src_ipv6_address;
 static fr_dict_attr_t const *attr_packet_src_port;
 static fr_dict_attr_t const *attr_packet_type;
 static fr_dict_attr_t const *attr_packet_authentication_vector;
-static fr_dict_attr_t const *attr_request_processing_stage;
-static fr_dict_attr_t const *attr_virtual_server;
-static fr_dict_attr_t const *attr_module_return_code;
 
 /** Placeholder attribute for uses of unspecified attribute references
  */
@@ -69,15 +66,12 @@ extern fr_dict_attr_t const *tmpl_attr_unspec;
 fr_dict_attr_t const *tmpl_attr_unspec;
 
 static fr_dict_attr_autoload_t tmpl_dict_attr[] = {
-	{ .out = &attr_module_return_code, .name = "Module-Return-Code", .type = FR_TYPE_UINT32, .dict = &dict_freeradius },
 	{ .out = &attr_packet_dst_ip_address, .name = "Packet-Dst-IP-Address", .type = FR_TYPE_IPV4_ADDR, .dict = &dict_freeradius },
 	{ .out = &attr_packet_dst_ipv6_address, .name = "Packet-Dst-IPV6-Address", .type = FR_TYPE_IPV6_ADDR, .dict = &dict_freeradius },
 	{ .out = &attr_packet_dst_port, .name = "Packet-Dst-Port", .type = FR_TYPE_UINT16, .dict = &dict_freeradius },
 	{ .out = &attr_packet_src_ip_address, .name = "Packet-Src-IP-Address", .type = FR_TYPE_IPV4_ADDR, .dict = &dict_freeradius },
 	{ .out = &attr_packet_src_ipv6_address, .name = "Packet-Src-IPv6-Address", .type = FR_TYPE_IPV6_ADDR, .dict = &dict_freeradius },
 	{ .out = &attr_packet_src_port, .name = "Packet-Src-Port", .type = FR_TYPE_UINT16, .dict = &dict_freeradius },
-	{ .out = &attr_request_processing_stage, .name = "Request-Processing-Stage", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
-	{ .out = &attr_virtual_server, .name = "Virtual-Server", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
 
 	{ .out = &attr_packet_authentication_vector, .name = "Packet-Authentication-Vector", .type = FR_TYPE_OCTETS, .dict = &dict_radius },
 	{ .out = &attr_packet_type, .name = "Packet-Type", .type = FR_TYPE_UINT32, .dict = &dict_radius },
@@ -1099,36 +1093,6 @@ static int tmpl_eval_pair_virtual(TALLOC_CTX *ctx, fr_value_box_list_t *out,
 		goto done;
 	}
 
-	/*
-	 *	Some non-packet expansions
-	 */
-	if (tmpl_attr_tail_da(vpt) == attr_request_processing_stage) {
-		if (!request->component) return 0;
-
-		MEM(value = fr_value_box_alloc_null(ctx));
-		if (fr_value_box_strdup(ctx, value, tmpl_attr_tail_da(vpt), request->component, false) < 0) {
-		error:
-			talloc_free(value);
-			return -1;
-		}
-		goto done;
-	}
-
-	if (tmpl_attr_tail_da(vpt) == attr_virtual_server) {
-		if (!unlang_call_current(request)) return 0;
-
-		MEM(value = fr_value_box_alloc_null(ctx));
-		if (fr_value_box_bstrdup_buffer(ctx, value, tmpl_attr_tail_da(vpt),
-					       cf_section_name2(unlang_call_current(request)), false) < 0) goto error;
-		goto done;
-	}
-
-	if (tmpl_attr_tail_da(vpt) == attr_module_return_code) {
-		MEM(value = fr_value_box_alloc(ctx, tmpl_attr_tail_da(vpt)->type, tmpl_attr_tail_da(vpt)));
-		value->datum.int32 = request->rcode;
-		goto done;
-	}
-
 	/*
 	 *	All of the attributes must now refer to a packet.
 	 *	If there's no packet, we can't print any attribute
diff --git a/src/lib/unlang/interpret.c b/src/lib/unlang/interpret.c
index d8b3805d434..d4534544c0d 100644
--- a/src/lib/unlang/interpret.c
+++ b/src/lib/unlang/interpret.c
@@ -1457,7 +1457,7 @@ static xlat_action_t unlang_interpret_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out,
 	 */
 	while (*fmt == '.') {
 		if (depth <= 1) {
-			if (fr_value_box_bstrndup(ctx, vb, NULL, "<underflow>", 11, false) < 0) {
+			if (fr_value_box_bstrndup(vb, vb, NULL, "<underflow>", 11, false) < 0) {
 			error:
 				talloc_free(vb);
 				return XLAT_ACTION_FAIL;
@@ -1495,7 +1495,7 @@ static xlat_action_t unlang_interpret_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out,
 	 *	The current module
 	 */
 	if (strcmp(fmt, "module") == 0) {
-		if (fr_value_box_strdup(ctx, vb, NULL, request->module, false) < 0) goto error;
+		if (fr_value_box_strdup(vb, vb, NULL, request->module, false) < 0) goto error;
 
 		goto finish;
 	}
@@ -1504,7 +1504,7 @@ static xlat_action_t unlang_interpret_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out,
 	 *	Name of the instruction.
 	 */
 	if (strcmp(fmt, "name") == 0) {
-		if (fr_value_box_bstrndup(ctx, vb, NULL, instruction->name,
+		if (fr_value_box_bstrndup(vb, vb, NULL, instruction->name,
 					  strlen(instruction->name), false) < 0) goto error;
 		goto finish;
 	}
@@ -1513,7 +1513,7 @@ static xlat_action_t unlang_interpret_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out,
 	 *	The request processing stage.
 	 */
 	if (strcmp(fmt, "processing_stage") == 0) {
-		if (fr_value_box_strdup(ctx, vb, NULL, request->component, false) < 0) goto error;
+		if (fr_value_box_strdup(vb, vb, NULL, request->component, false) < 0) goto error;
 
 		goto finish;
 	}
@@ -1522,7 +1522,7 @@ static xlat_action_t unlang_interpret_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out,
 	 *	The current return code.
 	 */
 	if (strcmp(fmt, "rcode") == 0) {
-		if (fr_value_box_strdup(ctx, vb, NULL, fr_table_str_by_value(rcode_table, request->rcode, "<INVALID>"), false) < 0) goto error;
+		if (fr_value_box_strdup(vb, vb, NULL, fr_table_str_by_value(rcode_table, request->rcode, "<INVALID>"), false) < 0) goto error;
 		
 		goto finish;
 	}
@@ -1533,7 +1533,7 @@ static xlat_action_t unlang_interpret_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out,
 	if (strcmp(fmt, "server") == 0) {
 		if (!unlang_call_current(request)) goto finish;
 
-		if (fr_value_box_strdup(ctx, vb, NULL, cf_section_name2(unlang_call_current(request)), false) < 0) goto error;
+		if (fr_value_box_strdup(vb, vb, NULL, cf_section_name2(unlang_call_current(request)), false) < 0) goto error;
 
 		goto finish;
 	}
@@ -1542,7 +1542,7 @@ static xlat_action_t unlang_interpret_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out,
 	 *	Unlang instruction type.
 	 */
 	if (strcmp(fmt, "type") == 0) {
-		if (fr_value_box_bstrndup(ctx, vb, NULL, unlang_ops[instruction->type].name,
+		if (fr_value_box_bstrndup(vb, vb, NULL, unlang_ops[instruction->type].name,
 					  strlen(unlang_ops[instruction->type].name), false) < 0) goto error;
 
 		goto finish;
@@ -1552,7 +1552,7 @@ static xlat_action_t unlang_interpret_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out,
 	 *	All of the remaining things need a CONF_ITEM.
 	 */
 	if (!instruction->ci) {
-		if (fr_value_box_bstrndup(ctx, vb, NULL, "<INVALID>", 3, false) < 0) goto error;
+		if (fr_value_box_bstrndup(vb, vb, NULL, "<INVALID>", 3, false) < 0) goto error;
 
 		goto finish;
 	}
@@ -1570,7 +1570,7 @@ static xlat_action_t unlang_interpret_xlat(TALLOC_CTX *ctx, fr_dcursor_t *out,
 	 *	Filename of the current section.
 	 */
 	if (strcmp(fmt, "filename") == 0) {
-		if (fr_value_box_strdup(ctx, vb, NULL, cf_filename(instruction->ci), false) < 0) goto error;
+		if (fr_value_box_strdup(vb, vb, NULL, cf_filename(instruction->ci), false) < 0) goto error;
 
 		goto finish;
 	}
diff --git a/src/lib/unlang/xlat_eval.c b/src/lib/unlang/xlat_eval.c
index 379f6fe8360..e9b0d9ddb95 100644
--- a/src/lib/unlang/xlat_eval.c
+++ b/src/lib/unlang/xlat_eval.c
@@ -49,12 +49,9 @@ static fr_dict_autoload_t xlat_eval_dict[] = {
 };
 
 fr_dict_attr_t const *attr_expr_bool_enum; /* xlat_expr.c */
-fr_dict_attr_t const *attr_module_return_code; /* xlat_expr.c */
 fr_dict_attr_t const *attr_cast_base; /* xlat_expr.c */
 
 static fr_dict_attr_autoload_t xlat_eval_dict_attr[] = {
-	{ .out = &attr_module_return_code, .name = "Module-Return-Code", .type = FR_TYPE_UINT32, .dict = &dict_freeradius },
-
 	{ .out = &attr_expr_bool_enum, .name = "Expr-Bool-Enum", .type = FR_TYPE_BOOL, .dict = &dict_freeradius },
 	{ .out = &attr_cast_base, .name = "Cast-Base", .type = FR_TYPE_UINT8, .dict = &dict_freeradius },
 	{ NULL }
diff --git a/src/lib/unlang/xlat_expr.c b/src/lib/unlang/xlat_expr.c
index 719bf77c466..329437cd29d 100644
--- a/src/lib/unlang/xlat_expr.c
+++ b/src/lib/unlang/xlat_expr.c
@@ -1394,8 +1394,11 @@ static xlat_action_t xlat_func_rcode(TALLOC_CTX *ctx, fr_dcursor_t *out,
 	 *	matches the current rcode.
 	 */
 	if (!src) {
-		MEM(vb = fr_value_box_alloc(ctx, FR_TYPE_UINT32, attr_module_return_code));
-		vb->datum.int32 = request->rcode;
+		MEM(vb = fr_value_box_alloc(ctx, FR_TYPE_STRING, NULL));
+		if (fr_value_box_strdup(vb, vb, NULL, fr_table_str_by_value(rcode_table, request->rcode, "<INVALID>"), false) < 0) {
+			talloc_free(vb);
+			return XLAT_ACTION_FAIL;
+		}
 	} else {
 		rlm_rcode_t rcode;
 
diff --git a/src/tests/keywords/virtual b/src/tests/keywords/virtual
deleted file mode 100644
index 9a48031e9f4..00000000000
--- a/src/tests/keywords/virtual
+++ /dev/null
@@ -1,6 +0,0 @@
-#
-#  PRE: if
-#
-if (&Packet-Type == Access-Request) {
-	success
-}
diff --git a/src/tests/keywords/virtual-exists b/src/tests/keywords/virtual-exists
deleted file mode 100644
index a86a6620340..00000000000
--- a/src/tests/keywords/virtual-exists
+++ /dev/null
@@ -1,6 +0,0 @@
-#
-#  PRE: if
-#
-if (&Virtual-Server) {
-	success
-}
diff --git a/src/tests/keywords/xlat-virtual-attr b/src/tests/keywords/xlat-virtual-attr
index 17d30330479..83fb6176ee5 100644
--- a/src/tests/keywords/xlat-virtual-attr
+++ b/src/tests/keywords/xlat-virtual-attr
@@ -2,15 +2,6 @@
 #  PRE: if
 #
 
-if (!("%{Virtual-Server}" == 'default')) {
-	test_fail
-}
-
-ok
-if (!("%{Module-Return-Code}" == 'ok')) {
-	test_fail
-}
-
 if (!("%{Packet-Type}" == 'Access-Request')) {
 	test_fail
 }
@@ -47,17 +38,4 @@ if (!("%{Packet-Dst-Port}" == '1812')) {
 	test_fail
 }
 
-# Operations on virtual attributes should be the same as on real ones
-if (!("%{Virtual-Server[0]}" == 'default')) {
-	test_fail
-}
-
-if (!("%{Virtual-Server[*]}" == 'default')) {
-	test_fail
-}
-
-if (!(%{Virtual-Server[#]} == 1)) {
-	test_fail
-}
-
 success
-- 
2.47.3