From f4aace9570d5e596dfa54c7f38bf9bb6f1ae3e4e Mon Sep 17 00:00:00 2001
From: Fabian Mauchle <fabian.mauchle@switch.ch>
Date: Wed, 24 Apr 2019 07:44:34 +0200
Subject: [PATCH] configure ModifyVendorAttribute update manpage update
 ChangeLog

---
 ChangeLog          |  1 +
 radsecproxy.c      |  5 +++--
 radsecproxy.conf.5 |  7 +++++++
 rewrite.c          | 35 ++++++++++++++++++++++++++++++++---
 rewrite.h          |  2 +-
 5 files changed, 44 insertions(+), 6 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index ce1ff48..71a1490 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,7 @@
 changes since 1.7.2
 	New features:
 	- Rewrite: supplement attribute (add attribute if not present) (#19)
+	- Rewrite: modify vendor attribute
 	- Rewrite whitelist mode
 
 	Misc:
diff --git a/radsecproxy.c b/radsecproxy.c
index 2ba5b0e..d3711f4 100644
--- a/radsecproxy.c
+++ b/radsecproxy.c
@@ -2629,7 +2629,7 @@ int confrewrite_cb(struct gconffile **cf, void *arg, char *block, char *opt, cha
     char **rmattrs = NULL, **rmvattrs = NULL;
     char **wlattrs = NULL, **wlvattrs = NULL;
     char **addattrs = NULL, **addvattrs = NULL;
-    char **modattrs = NULL;
+    char **modattrs = NULL, **modvattrs = NULL;
     char **supattrs = NULL, **supvattrs = NULL;
 
     debug(DBG_DBG, "confrewrite_cb called for %s", block);
@@ -2643,12 +2643,13 @@ int confrewrite_cb(struct gconffile **cf, void *arg, char *block, char *opt, cha
         "addAttribute", CONF_MSTR, &addattrs,
         "addVendorAttribute", CONF_MSTR, &addvattrs,
         "modifyAttribute", CONF_MSTR, &modattrs,
+        "modifyVendorAttribute", CONF_MSTR, &modvattrs,
         "supplementAttribute", CONF_MSTR, &supattrs,
         "supplementVendorAttriute", CONF_MSTR, &supvattrs,
         NULL))
         debugx(1, DBG_ERR, "configuration error");
     addrewrite(val, whitelist_mode, whitelist_mode? wlattrs : rmattrs, whitelist_mode? wlvattrs : rmvattrs,
-                addattrs, addvattrs, modattrs, supattrs, supvattrs);
+                addattrs, addvattrs, modattrs, modvattrs, supattrs, supvattrs);
 
     freegconfmstr(whitelist_mode? rmattrs : wlattrs);
     freegconfmstr(whitelist_mode? rmvattrs : wlvattrs);
diff --git a/radsecproxy.conf.5 b/radsecproxy.conf.5
index b45e5be..a8b785b 100644
--- a/radsecproxy.conf.5
+++ b/radsecproxy.conf.5
@@ -857,6 +857,13 @@ above, \fIattribute\fR must be specified by a numerical value. Example usage:
 modifyAttribute 1:/^(.*)@local$/\e1@example.com/
 .RE
 
+.BI "ModifyVendorAttribute " vendor \fR: subattribute \fR:/ regex \fR/ replace \fR/
+.RS
+Modify the given \fIsubattribute\fR of given \fIvendor\fR using the \fIregex\fR
+\fIreplace\fR pattern.  Other than the added vendor, the same syntax as for
+\fBModifyAttribute\fR applies.
+.RE
+
 .BI "RemoveAttribute " attribute
 .RS
 Remove all attributes with the given id.
diff --git a/rewrite.c b/rewrite.c
index 1afe26b..32a84ad 100644
--- a/rewrite.c
+++ b/rewrite.c
@@ -139,14 +139,29 @@ struct modattr *extractmodattr(char *nameval) {
     return m;
 }
 
+struct modattr *extractmodvattr(char *nameval) {
+    uint32_t vendor;
+    char *s;
+    struct modattr *modvattr;
+
+    s = strchr(nameval, ':');
+    vendor = atoi(nameval);
+    if (!s || !vendor || !strchr(s,':'))
+        return NULL;
+    modvattr = extractmodattr(s+1);
+    if (modvattr)
+        modvattr ->vendor = vendor;
+    return modvattr;
+}
+
 void addrewrite(char *value, uint8_t whitelist_mode, char **rmattrs, char **rmvattrs, char **addattrs,
-                char **addvattrs, char **modattrs, char **supattrs, char** supvattrs)
+                char **addvattrs, char **modattrs, char **modvattrs, char **supattrs, char** supvattrs)
 {
     struct rewrite *rewrite = NULL;
     int i, n;
     uint8_t *rma = NULL;
     uint32_t *p, *rmva = NULL;
-    struct list *adda = NULL, *moda = NULL, *supa = NULL;
+    struct list *adda = NULL, *moda = NULL, *modva = NULL, *supa = NULL;
     struct tlv *a;
     struct modattr *m;
 
@@ -219,6 +234,20 @@ void addrewrite(char *value, uint8_t whitelist_mode, char **rmattrs, char **rmva
         freegconfmstr(modattrs);
     }
 
+    if (modvattrs) {
+        modva = list_create();
+        if (!modva)
+            debugx(1, DBG_ERR, "malloc failed");
+        for (i = 0; modvattrs[i]; i++) {
+            m = extractmodvattr(modvattrs[i]);
+            if (!m)
+                debugx(1, DBG_ERR, "addrewrite: modifying invalid vendor attribute %s", modvattrs[i]);
+            if (!list_push(modva, m))
+                debugx(1, DBG_ERR, "malloc failed");
+        }
+        freegconfmstr(modvattrs);
+    }
+
     if (supattrs) {
         supa = list_create();
         if (!supa)
@@ -257,7 +286,7 @@ void addrewrite(char *value, uint8_t whitelist_mode, char **rmattrs, char **rmva
         rewrite->removevendorattrs = rmva;
         rewrite->addattrs = adda;
         rewrite->modattrs = moda;
-        rewrite->modvattrs = NULL;
+        rewrite->modvattrs = modva;
         rewrite->supattrs = supa;
     }
 
diff --git a/rewrite.h b/rewrite.h
index ae8e93f..3356a00 100644
--- a/rewrite.h
+++ b/rewrite.h
@@ -26,7 +26,7 @@ struct rewrite {
 };
 
 void addrewrite(char *value, uint8_t whitelist_mode, char **rmattrs, char **rmvattrs, char **addattrs,
-                char **addvattrs, char **modattrs, char **supattrs, char** supvattrs);
+                char **addvattrs, char **modattrs, char **modvattrs, char **supattrs, char** supvattrs);
 int dorewrite(struct radmsg *msg, struct rewrite *rewrite);
 struct modattr *extractmodattr(char *nameval);
 struct rewrite *getrewrite(char *alt1, char *alt2);