# Set status to "notfound". xlat should expand to previous status, "alive"
#
if ("%(db_status:notfound)" != "alive") {
- update reply {
- &Reply-Message += "failed"
+ &reply += {
+ &Reply-Message = "Failure in test at line %(interpreter:...line)"
}
}
-
#
# Verify that the status was changed
#
db_status
if (!notfound) {
- update reply {
- &Reply-Message += "failed"
+ &reply += {
+ &Reply-Message = "Failure in test at line %(interpreter:...line)"
}
}
# Fetch status using xlat without setting the status
#
if ("%(db_status:)" != "notfound") {
- update reply {
- &Reply-Message += "failed"
+ &reply += {
+ &Reply-Message = "Failure in test at line %(interpreter:...line)"
}
}
#
db_status
if (notfound) {
- update reply {
- &Reply-Message += "success"
+ &reply += {
+ &Reply-Message = "success"
}
}
-update control {
- &Password.Cleartext := "hello"
-}
+&control.Password.Cleartext := "hello"
}
if (fail) {
- update reply {
- &Reply-Message := "success"
- }
+ &reply.Reply-Message := "success"
}
-update control {
- &Password.Cleartext := "hello"
-}
+&control.Password.Cleartext := "hello"
fail = 1
}
if (!fail) {
- update reply {
- &Reply-Message += "failed"
+ &reply += {
+ &Reply-Message = "Failure in test at line %(interpreter:...line)"
}
}
%(db_status:alive)
db_status
if (ok) {
- update reply {
- &Reply-Message += "success"
+ &reply += {
+ &Reply-Message = "success"
}
}
-update control {
- &Password.Cleartext := "hello"
-}
+&control.Password.Cleartext := "hello"
attr_filter
-update control {
- &Password.Cleartext := "goodbye"
-}
+&control.Password.Cleartext := "goodbye"
-update reply {
- &Reply-Message := "success"
+&reply += {
+ &Reply-Message = "success"
}
test_fail
}
-update control {
- &Password.Cleartext := "goodbye"
-}
-
-update reply {
- &Reply-Message := &request.Reply-Message
-}
+&control.Password.Cleartext := "goodbye"
+&reply.Reply-Message := &Reply-Message
# Series of tests to check for binary safe operation of the cache module
# both keys and values should be binary safe.
#
-update {
- &Tmp-Octets-0 := 0xaa00bb00cc00dd00
- &Tmp-String-1 := "foo\000bar\000baz"
-}
+&Tmp-Octets-0 := 0xaa00bb00cc00dd00
+&Tmp-String-1 := "foo\000bar\000baz"
# 0. Sanity check
if (&Tmp-String-1 != "foo\000bar\000baz") {
}
# Now add a second entry, with the value diverging after the first null byte
-update {
- &Tmp-Octets-0 := 0xaa00bb00cc00ee00
- &Tmp-String-1 := "bar\000baz"
-}
+&Tmp-Octets-0 := 0xaa00bb00cc00ee00
+&Tmp-String-1 := "bar\000baz"
# 2. Should create a *new* entry and not update the existing one
cache_bin_key_octets.store
test_fail
}
-update {
- &Tmp-String-1 !* ANY
-}
+&request -= &Tmp-String-1[*]
# If the key is binary safe, we should now be able to retrieve the first entry
# if it's not, the above test will likely fail, or we'll get the second entry.
-update {
- &Tmp-Octets-0 := 0xaa00bb00cc00dd00
-}
+&Tmp-Octets-0 := 0xaa00bb00cc00dd00
cache_bin_key_octets
if (!updated) {
test_fail
}
-update {
- &Tmp-String-1 !* ANY
-}
+&request -= &Tmp-String-1[*]
# Now try and get the second entry
-update {
- &Tmp-Octets-0 := 0xaa00bb00cc00ee00
-}
+&Tmp-Octets-0 := 0xaa00bb00cc00ee00
cache_bin_key_octets
if (!updated) {
test_fail
}
-update {
- &Tmp-String-1 !* ANY
-}
-
+&request -= &Tmp-String-1[*]
#
# We should also be able to use any fixed length data type as a key
# though there are no guarantees this will be portable.
#
-update {
- &Tmp-IP-Address-0 := 192.168.0.1
- &Tmp-String-1 := "foo\000bar\000baz"
-}
+&Tmp-IP-Address-0 := 192.168.0.1
+&Tmp-String-1 := "foo\000bar\000baz"
cache_bin_key_ipaddr
if (!ok) {
test_fail
}
-
# Now add a second entry
-update {
- &Tmp-IP-Address-0:= 192.168.0.2
- &Tmp-String-1 := "bar\000baz"
-}
+&Tmp-IP-Address-0:= 192.168.0.2
+&Tmp-String-1 := "bar\000baz"
cache_bin_key_ipaddr
if (!ok) {
test_fail
}
-update {
- &Tmp-String-1 !* ANY
-}
+&request -= &Tmp-String-1[*]
# Now retrieve the first entry
-update {
- &Tmp-IP-Address-0 := 192.168.0.1
-}
+&Tmp-IP-Address-0 := 192.168.0.1
cache_bin_key_ipaddr
if (!updated) {
test_fail
}
-update {
- &Tmp-String-1 !* ANY
-}
+&request -= &Tmp-String-1[*]
# Now try and get the second entry
-update {
- &Tmp-IP-Address-0 := 192.168.0.2
-}
+&Tmp-IP-Address-0 := 192.168.0.2
cache_bin_key_ipaddr
if (!updated) {
test_fail
}
-update {
- &Tmp-String-1 !* ANY
-}
+&request -= &Tmp-String-1[*]
test_pass
#
# PRE:
#
-update {
- &request.Tmp-String-0 := 'testkey'
-}
-
+&Tmp-String-0 := 'testkey'
#
# 0. Basic store and retrieve
#
-update control {
- &control.Tmp-String-1 := 'cache me'
-}
+&control.Tmp-String-1 := 'cache me'
cache
if (!ok) {
}
# 1. Check the module didn't perform a merge
-if (&request.Tmp-String-1) {
+if (&Tmp-String-1) {
test_fail
}
# 2. Check status-only works correctly (should return ok and consume attribute)
-update control {
- &Cache-Status-Only := 'yes'
-}
+&control.Cache-Status-Only := 'yes'
+
cache
if (!ok) {
test_fail
}
# 5.
-if (&request.Tmp-String-1 != &control.Tmp-String-1) {
+if (&Tmp-String-1 != &control.Tmp-String-1) {
test_fail
}
# 6. Retrieving the entry should not expire it
-update request {
- &Tmp-String-1 !* ANY
-}
+&request -= &Tmp-String-1[*]
cache
if (!updated) {
}
# 7.
-if (&request.Tmp-String-1 != &control.Tmp-String-1) {
+if (&Tmp-String-1 != &control.Tmp-String-1) {
test_fail
}
else {
}
# 8. Force expiry of the entry
-update control {
- &Cache-Allow-Merge := no
- &Cache-Allow-Insert := no
- &Cache-TTL := 0
-}
+&control.Cache-Allow-Merge := no
+&control.Cache-Allow-Insert := no
+&control.Cache-TTL := 0
+
cache
if (!ok) {
test_fail
}
# 9. Check status-only works correctly (should return notfound and consume attribute)
-update control {
- &Cache-Status-Only := 'yes'
-}
+&control.Cache-Status-Only := 'yes'
+
cache
if (!notfound) {
test_fail
}
# 11. Check merge-only works correctly (should return notfound and consume attribute)
-update control {
- &Cache-Allow-Merge := 'yes'
- &Cache-Allow-Insert := 'no'
-}
+&control.Cache-Allow-Merge := 'yes'
+&control.Cache-Allow-Insert := 'no'
+
cache
if (!notfound) {
test_fail
}
# 13. ...and check the entry wasn't recreated
-update control {
- &Cache-Status-Only := 'yes'
-}
+&control.Cache-Status-Only := 'yes'
+
cache
if (!notfound) {
test_fail
}
# 14. This should still allow the creation of a new entry
-update control {
- &Cache-TTL := -1
-}
+&control.Cache-TTL := -1
+
cache
if (!ok) {
test_fail
}
# 16.
-if (&Cache-TTL) {
+if (&control.Cache-TTL) {
test_fail
}
# 17.
-if (&request.Tmp-String-1 != &control.Tmp-String-1) {
+if (&Tmp-String-1 != &control.Tmp-String-1) {
test_fail
}
-update control {
- &Tmp-String-1 := 'cache me2'
-}
+&control.Tmp-String-1 := 'cache me2'
# 18. Updating the Cache-TTL shouldn't make things go boom (we can't really check if it works)
-update control {
- &Cache-TTL := 30
-}
+&control.Cache-TTL := 30
+
cache
if (!updated) {
test_fail
}
# 19. Request Tmp-String-1 shouldn't have been updated yet
-if (&request.Tmp-String-1 == &control.Tmp-String-1) {
+if (&Tmp-String-1 == &control.Tmp-String-1) {
test_fail
}
# 20. Check that a new entry is created
-update control {
- &Cache-TTL := -1
-}
+&control.Cache-TTL := -1
+
cache
if (!updated) {
test_fail
}
# 21. Request Tmp-String-1 still shouldn't have been updated yet
-if (&request.Tmp-String-1 == &control.Tmp-String-1) {
+if (&Tmp-String-1 == &control.Tmp-String-1) {
test_fail
}
}
# 23. Request Tmp-String-1 should now have been updated
-if (&request.Tmp-String-1 != &control.Tmp-String-1) {
+if (&Tmp-String-1 != &control.Tmp-String-1) {
test_fail
}
# 24. Check Cache-Merge = yes works as expected (should update current request)
-update control {
- &Tmp-String-1 := 'cache me3'
- &Cache-TTL := -1
- &Cache-Merge-New := yes
-}
+&control.Tmp-String-1 := 'cache me3'
+&control.Cache-TTL := -1
+&control.Cache-Merge-New := yes
+
cache
if (!updated) {
test_fail
}
# 25. Request Tmp-String-1 should now have been updated
-if (&request.Tmp-String-1 != &control.Tmp-String-1) {
+if (&Tmp-String-1 != &control.Tmp-String-1) {
test_fail
}
# 26. Check Cache-Entry-Hits is updated as we expect
-if (&request.Cache-Entry-Hits != 0) {
+if (&Cache-Entry-Hits != 0) {
test_fail
}
cache
-if (&request.Cache-Entry-Hits != 1) {
+if (&Cache-Entry-Hits != 1) {
test_fail
}
# Series of tests to check for binary safe operation of the cache module
# both keys and values should be binary safe.
#
-update {
- &Tmp-Octets-0 := 0xaa00bb00cc00dd00
- &Tmp-String-1 := "foo\000bar\000baz"
-}
+&Tmp-Octets-0 := 0xaa00bb00cc00dd00
+&Tmp-String-1 := "foo\000bar\000baz"
# 0. Sanity check
if (&Tmp-String-1 != "foo\000bar\000baz") {
}
# Now add a second entry, with the value diverging after the first null byte
-update {
- &Tmp-Octets-0 := 0xaa00bb00cc00ee00
- &Tmp-String-1 := "bar\000baz"
-}
+&Tmp-Octets-0 := 0xaa00bb00cc00ee00
+&Tmp-String-1 := "bar\000baz"
# 2. Should create a *new* entry and not update the existing one
cache_bin_key_octets.store
test_fail
}
-update {
- &Tmp-String-1 !* ANY
-}
+&request -= &Tmp-String-1[*]
# If the key is binary safe, we should now be able to retrieve the first entry
# if it's not, the above test will likely fail, or we'll get the second entry.
-update {
- &Tmp-Octets-0 := 0xaa00bb00cc00dd00
-}
+&Tmp-Octets-0 := 0xaa00bb00cc00dd00
cache_bin_key_octets.load
if (!updated) {
test_fail
}
-update {
- &Tmp-String-1 !* ANY
-}
+&request -= &Tmp-String-1[*]
# Now try and get the second entry
-update {
- &Tmp-Octets-0 := 0xaa00bb00cc00ee00
-}
+&Tmp-Octets-0 := 0xaa00bb00cc00ee00
cache_bin_key_octets.load
if (!updated) {
test_fail
}
-update {
- &Tmp-String-1 !* ANY
-}
+&request -= &Tmp-String-1[*]
#
# We should also be able to use any fixed length data type as a key
# though there are no guarantees this will be portable.
#
-update {
- &Tmp-IP-Address-0 := 192.168.0.1
- &Tmp-String-1 := "foo\000bar\000baz"
-}
+&Tmp-IP-Address-0 := 192.168.0.1
+&Tmp-String-1 := "foo\000bar\000baz"
cache_bin_key_ipaddr.store
if (!updated) {
test_fail
}
-
# Now add a second entry
-update {
- &Tmp-IP-Address-0:= 192.168.0.2
- &Tmp-String-1 := "bar\000baz"
-}
+&Tmp-IP-Address-0:= 192.168.0.2
+&Tmp-String-1 := "bar\000baz"
cache_bin_key_ipaddr.store
if (!updated) {
test_fail
}
-update {
- &Tmp-String-1 !* ANY
-}
+&request -= &Tmp-String-1[*]
# Now retrieve the first entry
-update {
- &Tmp-IP-Address-0 := 192.168.0.1
-}
+&Tmp-IP-Address-0 := 192.168.0.1
cache_bin_key_ipaddr.load
if (!updated) {
test_fail
}
-update {
- &Tmp-String-1 !* ANY
-}
+&request -= &Tmp-String-1[*]
# Now try and get the second entry
-update {
- &Tmp-IP-Address-0 := 192.168.0.2
-}
+&Tmp-IP-Address-0 := 192.168.0.2
cache_bin_key_ipaddr.load
if (!updated) {
test_fail
}
-update {
- &Tmp-String-1 !* ANY
-}
+&request -= &Tmp-String-1[*]
test_pass
#
# PRE:
#
-update {
- &request.Tmp-String-0 := 'testkey'
-}
+&Tmp-String-0 := 'testkey'
#
# 0. Basic store and retrieve
#
-update control {
- &control.Tmp-String-1 := 'cache me'
-}
+&control.Tmp-String-1 := 'cache me'
cache.store
if (!updated) {
}
# 1. Check the module didn't perform a merge
-if (&request.Tmp-String-1) {
+if (&Tmp-String-1) {
test_fail
}
}
# 4.
-if (&request.Tmp-String-1 != &control.Tmp-String-1) {
+if (&Tmp-String-1 != &control.Tmp-String-1) {
test_fail
}
# 5. Retrieving the entry should not expire it
-update request {
- &Tmp-String-1 !* ANY
-}
+&request -= &Tmp-String-1[*]
cache.load
if (!updated) {
}
# 6.
-if (&request.Tmp-String-1 != &control.Tmp-String-1) {
+if (&Tmp-String-1 != &control.Tmp-String-1) {
test_fail
}
}
# 14. This should still allow the creation of a new entry
-update control {
- &Cache-TTL := -1
-}
+&control.Cache-TTL := -1
+
cache.store
if (!updated) {
test_fail
}
# 14.
-if (&request.Tmp-String-1 != &control.Tmp-String-1) {
+if (&Tmp-String-1 != &control.Tmp-String-1) {
test_fail
}
-update control {
- &Tmp-String-1 := 'cache me2'
-}
+&control.Tmp-String-1 := 'cache me2'
# 18. Updating the Cache-TTL shouldn't make things go boom (we can't really check if it works)
-update control {
- &Cache-TTL := 666
-}
+&control.Cache-TTL := 666
+
cache.ttl
if (!updated) {
test_fail
}
# 19. Request Tmp-String-1 shouldn't have been updated yet
-if (&request.Tmp-String-1 == &control.Tmp-String-1) {
+if (&Tmp-String-1 == &control.Tmp-String-1) {
test_fail
}
# 20. Check that a new entry is created
-update control {
- &Cache-TTL := -1
-}
+&control.Cache-TTL := -1
+
cache.store
if (!updated) {
test_fail
}
# 21. Request Tmp-String-1 still shouldn't have been updated yet
-if (&request.Tmp-String-1 == &control.Tmp-String-1) {
+if (&Tmp-String-1 == &control.Tmp-String-1) {
test_fail
}
}
# 23. Request Tmp-String-1 should now have been updated
-if (&request.Tmp-String-1 != &control.Tmp-String-1) {
+if (&Tmp-String-1 != &control.Tmp-String-1) {
test_fail
}
# 24. Check Cache-Merge = yes works as expected (should update current request)
-update control {
- &Tmp-String-1 := 'cache me3'
- &Cache-TTL := -1
- &Cache-Merge-New := yes
-}
+&control.Tmp-String-1 := 'cache me3'
+&control.Cache-TTL := -1
+&control.Cache-Merge-New := yes
+
cache.store
if (!updated) {
test_fail
}
# 25. Request Tmp-String-1 should now have been updated
-if (&request.Tmp-String-1 != &control.Tmp-String-1) {
+if (&Tmp-String-1 != &control.Tmp-String-1) {
test_fail
}
# 26. Check Cache-Entry-Hits is updated as we expect
-if (&request.Cache-Entry-Hits != 0) {
+if (&Cache-Entry-Hits != 0) {
test_fail
}
cache.load
-if (&request.Cache-Entry-Hits != 1) {
+if (&Cache-Entry-Hits != 1) {
test_fail
}
#
# PRE: cache-logic
#
-update {
- &request.Tmp-String-0 := 'testkey'
+&Tmp-String-0 := 'testkey'
- # Reply attributes
- &reply.Reply-Message := 'hello'
- &reply.Reply-Message += 'goodbye'
+# Reply attributes
+&reply.Reply-Message := 'hello'
+&reply += {
+ &Reply-Message = 'goodbye'
+}
- # Request attributes
- &Tmp-Integer-0 += 10
- &Tmp-Integer-0 += 20
- &Tmp-Integer-0 += 30
+# Request attributes
+&request += {
+ &Tmp-Integer-0 = 10
+ &Tmp-Integer-0 = 20
+ &Tmp-Integer-0 = 30
}
#
# Basic store and retrieve
#
-update control {
- &control.Tmp-String-1 := 'cache me'
-}
+&control.Tmp-String-1 := 'cache me'
cache_update.store
if (!updated) {
}
# Clear out the reply list
-update {
- &reply !* ANY
-}
+&reply := {}
test_pass
#
# PRE: cache-logic
#
-update {
- &request.Tmp-String-0 := 'testkey'
+&Tmp-String-0 := 'testkey'
- # Reply attributes
- &reply.Reply-Message := 'hello'
- &reply.Reply-Message += 'goodbye'
+# Reply attributes
+&reply.Reply-Message := 'hello'
+&reply += {
+ &Reply-Message = 'goodbye'
+}
- # Request attributes
- &Tmp-Integer-0 += 10
- &Tmp-Integer-0 += 20
- &Tmp-Integer-0 += 30
+# Request attributes
+&request += {
+ &Tmp-Integer-0 = 10
+ &Tmp-Integer-0 = 20
+ &Tmp-Integer-0 = 30
}
#
# Basic store and retrieve
#
-update control {
- &control.Tmp-String-1 := 'cache me'
-}
+&control.Tmp-String-1 := 'cache me'
cache_update
if (!ok) {
}
# Clear out the reply list
-update {
- &reply !* ANY
-}
+&reply := {}
test_pass
ttl = 2
update {
- &request.Tmp-String-1 := &control.Tmp-String-1[0]
- &request.Tmp-Integer-0 := &control.Tmp-Integer-0[0]
+ &Tmp-String-1 := &control.Tmp-String-1[0]
+ &Tmp-Integer-0 := &control.Tmp-Integer-0[0]
&control += &reply
}
ttl = 2
update {
- &request.Tmp-String-1 := &control.Tmp-String-1[0]
- &request.Tmp-Integer-0 := &control.Tmp-Integer-0[0]
+ &Tmp-String-1 := &control.Tmp-String-1[0]
+ &Tmp-Integer-0 := &control.Tmp-Integer-0[0]
&control += &reply
}
-update request {
- &CHAP-Challenge := 0x0102030405060708090a0b0c0d0e0f10
- &control.Password.Cleartext := "supersecret"
-}
-update request {
- &CHAP-Password := "%(chap_password:%{control.Password.Cleartext})"
-}
+&CHAP-Challenge := 0x0102030405060708090a0b0c0d0e0f10
+&control.Password.Cleartext := "supersecret"
+
+&CHAP-Password := "%(chap_password:%{control.Password.Cleartext})"
chap.authenticate
if (ok) {
- update control {
- &Auth-Type := Accept
- }
+ &control.Auth-Type := Accept
}
# We can't really check the values here as the certs change periodically
# but we can test the digest length, and for smoke...
#
-update request {
- &Tmp-Octets-0 := "%(cipher_rsa_certificate:fingerprint sha1)"
-}
+&Tmp-Octets-0 := "%(cipher_rsa_certificate:fingerprint sha1)"
if ("%(length:%{Tmp-Octets-0})" != 20) {
test_fail
test_pass
}
-update request {
- &Tmp-Octets-0 := "%(cipher_rsa_certificate:fingerprint sha256)"
-}
+&Tmp-Octets-0 := "%(cipher_rsa_certificate:fingerprint sha256)"
if ("%(length:%{Tmp-Octets-0})" != 32) {
test_fail
-update request {
- &Tmp-String-0 := "Hello world!"
-}
-
-update request {
- &Tmp-Octets-0 := "%{cipher_rsa_encrypt:%{Tmp-String-0}}"
-}
+&Tmp-String-0 := "Hello world!"
+&Tmp-Octets-0 := "%{cipher_rsa_encrypt:%{Tmp-String-0}}"
if (!&Tmp-Octets-0) {
test_fail
test_pass
}
-update request {
- &Tmp-String-1 := "%{cipher_rsa_decrypt:%{Tmp-Octets-0}}"
-}
+&Tmp-String-1 := "%{cipher_rsa_decrypt:%{Tmp-Octets-0}}"
if (&Tmp-String-0 != &Tmp-String-1) {
test_fail
#
# Padding scheme should ensure ciphertext is not consistent
#
-update request {
- &Tmp-Octets-1 := "%{cipher_rsa_encrypt:%{Tmp-String-0}}"
-}
+&Tmp-Octets-1 := "%{cipher_rsa_encrypt:%{Tmp-String-0}}"
if (&Tmp-Octets-0 == &Tmp-Octets-1) {
test_fail
#
# Repeat tests to ensure there are no issues with EVP_PKEY_CTX reuse
#
-update request {
- &Tmp-String-0 := "Goodbye world!"
-}
-
-update request {
- &Tmp-Octets-0 := "%{cipher_rsa_encrypt:%{Tmp-String-0}}"
-}
+&Tmp-String-0 := "Goodbye world!"
+&Tmp-Octets-0 := "%{cipher_rsa_encrypt:%{Tmp-String-0}}"
if (!&Tmp-Octets-0) {
test_fail
test_pass
}
-update request {
- &Tmp-String-1 := "%{cipher_rsa_decrypt:%{Tmp-Octets-0}}"
-}
+&Tmp-String-1 := "%{cipher_rsa_decrypt:%{Tmp-Octets-0}}"
if (&Tmp-String-0 != &Tmp-String-1) {
test_fail
-update request {
- &Tmp-String-0 := "Hello world!"
-}
-
-update request {
- &Tmp-Octets-0 := "%{cipher_rsa_sign:%{Tmp-String-0}}"
-}
+&Tmp-String-0 := "Hello world!"
+&Tmp-Octets-0 := "%{cipher_rsa_sign:%{Tmp-String-0}}"
if (!&Tmp-Octets-0) {
test_fail
#
# Pass the signature and the original message to the verification function
#
-update request {
- &Tmp-String-0 := "%(cipher_rsa_verify:%{Tmp-Octets-0} %{Tmp-String-0})"
-}
+&Tmp-String-0 := "%(cipher_rsa_verify:%{Tmp-Octets-0} %{Tmp-String-0})"
if (&Tmp-String-0 != 'yes') {
test_fail
#
# Verification should now fail
#
-update request {
- &Tmp-String-0 := "Goodbye world!"
-}
-update request {
- &Tmp-String-0 := "%(cipher_rsa_verify:%{Tmp-Octets-0} %{Tmp-String-0})"
-}
+&Tmp-String-0 := "Goodbye world!"
+&Tmp-String-0 := "%(cipher_rsa_verify:%{Tmp-Octets-0} %{Tmp-String-0})"
if (&Tmp-String-0 != 'no') {
test_fail
#
# Repeat tests to ensure there are no issues with EVP_PKEY_CTX reuse
#
-update request {
- &Tmp-String-0 := "Hello nurse!"
-}
-
-update request {
- &Tmp-Octets-0 := "%{cipher_rsa_sign:%{Tmp-String-0}}"
-}
+&Tmp-String-0 := "Hello nurse!"
+&Tmp-Octets-0 := "%{cipher_rsa_sign:%{Tmp-String-0}}"
if (!&Tmp-Octets-0) {
test_fail
#
# Pass the signature and the original message to the verification function
#
-update request {
- &Tmp-String-0 := "%(cipher_rsa_verify:%{Tmp-Octets-0} %{Tmp-String-0})"
-}
+&Tmp-String-0 := "%(cipher_rsa_verify:%{Tmp-Octets-0} %{Tmp-String-0})"
if (&Tmp-String-0 != 'yes') {
test_fail
#
# Verification should now fail
#
-update request {
- &Tmp-String-0 := "Goodbye nurse!"
-}
-update request {
- &Tmp-String-0 := "%(cipher_rsa_verify:%{Tmp-Octets-0} %{Tmp-String-0})"
-}
+&Tmp-String-0 := "Goodbye nurse!"
+&Tmp-String-0 := "%(cipher_rsa_verify:%{Tmp-Octets-0} %{Tmp-String-0})"
if (&Tmp-String-0 != 'no') {
test_fail
-update request {
- &Tmp-Octets-0 := "%(cipher_rsa_certificate:serial)"
-}
+&Tmp-Octets-0 := "%(cipher_rsa_certificate:serial)"
if ("%(length:%{Tmp-Octets-0})" != 1) {
test_fail
-update request {
- &Tmp-Date-0 := "%(cipher_rsa_certificate:notBefore)"
- &Tmp-Date-1 := "%(cipher_rsa_certificate:notAfter)"
-}
+&Tmp-Date-0 := "%(cipher_rsa_certificate:notBefore)"
+&Tmp-Date-1 := "%(cipher_rsa_certificate:notAfter)"
# Check the cert validity period is 30 days
if (<uint32>"%{expr:%(integer:%{Tmp-Date-1}) - %(integer:%{Tmp-Date-0})}" != <uint32>"%{expr:86400 * 60}") {
-update request {
- &Tmp-String-0 := "%(client:nas_type)"
-}
+&Tmp-String-0 := "%(client:nas_type)"
if (&Tmp-String-0 != 'a_type') {
test_fail
}
-update request {
- &Tmp-String-0 := "%(client:nas_type 127.0.0.1)"
-}
+&Tmp-String-0 := "%(client:nas_type 127.0.0.1)"
if (&Tmp-String-0 != 'a_type') {
test_fail
}
-update request {
- &Tmp-String-0 := "%(client:nas_type 127.0.0.2)"
-}
+&Tmp-String-0 := "%(client:nas_type 127.0.0.2)"
if (&Tmp-String-0 != 'b_type') {
test_fail
}
-update request {
- &Tmp-String-0 := "%(client:nas_type 127.0.0.5)"
-}
+&Tmp-String-0 := "%(client:nas_type 127.0.0.5)"
if (&Tmp-String-0 != 'b_type') {
test_fail
#
# Test non-existent client properties
#
-update request {
- &Tmp-String-3 := "%(client:non-existent-attr)"
- &Tmp-String-4 += "%(client:non-existing-attr2)"
-}
+&Tmp-String-3 := "%(client:non-existent-attr)"
+&Tmp-String-4 += "%(client:non-existing-attr2)"
-if (&Tmp-String-3 != "") {
+if (&Tmp-String-3) {
test_fail
}
-if (&Tmp-String-4 != "") {
+if (&Tmp-String-4) {
test_fail
}
update request {
&Vendor-Specific.FreeRADIUS.Proxied-To := 127.0.0.1
- &Reply-Message := 'foo'
}
+&Reply-Message := 'foo'
if ("%(attr_by_num:1)" != 'User-Name') {
test_fail
#
# Encrypt the permanent ID
#
-update control {
- &Tmp-String-0 := '1420032219455258'
-}
-update control {
- &User-Name := "%(3gpp_temporary_id_encrypt:%{User-Name} %{control.Tmp-String-0} 6)"
-}
+&control.Tmp-String-0 := '1420032219455258'
+&control.User-Name := "%(3gpp_temporary_id_encrypt:%{User-Name} %{control.Tmp-String-0} 6)"
#
# 0.2 - Can we get the EAP method from the encrypted blob correctly?
#
# 0.5 - Get the original IMSI back again
#
-update control {
- &Tmp-String-1 := "%(3gpp_temporary_id_decrypt:%{control.User-Name} %{control.Tmp-String-0})"
-}
+&control.Tmp-String-1 := "%(3gpp_temporary_id_decrypt:%{control.User-Name} %{control.Tmp-String-0})"
if (&control.Tmp-String-1 != &User-Name) {
test_fail
# 1.0 Now try with the hint coming from &request.EAP-Type
#
if (&User-Name =~ /^[0-9](.*)/) {
- update request {
- &User-Name[1] := "%{1}"
- }
- update request {
- &EAP-Type := AKA
+ &request += {
+ &User-Name = "%{1}"
+ &EAP-Type = AKA
}
}
#
# 1.1 - Encrypt the permanent ID
#
-update control {
- &Tmp-String-0 := '1420032219455259'
-}
-update control {
- &User-Name[1] := "%(3gpp_temporary_id_encrypt:%{User-Name[1]} %{control.Tmp-String-0} 6)"
+&control.Tmp-String-0 := '1420032219455259'
+&control += {
+ &User-Name = "%(3gpp_temporary_id_encrypt:%{User-Name[1]} %{control.Tmp-String-0} 6)"
}
#
#
# 1.4 - Get the original IMSI back again
#
-update control {
- &Tmp-String-1 := "%(3gpp_temporary_id_decrypt:%{control.User-Name[1]} %{control.Tmp-String-0})"
-}
+&control.Tmp-String-1 := "%(3gpp_temporary_id_decrypt:%{control.User-Name[1]} %{control.Tmp-String-0})"
if (&control.Tmp-String-1 != "0%{User-Name[1]}") {
test_fail
#
# 2.1 - Encrypt the permanent ID for fastauth
#
-update control {
- &Tmp-String-0 := '1420032219455259'
-}
-update control {
- &User-Name[1] := "%(3gpp_temporary_id_encrypt:%{User-Name[1]} %{control.Tmp-String-0} 6 fastauth)"
+&control.Tmp-String-0 := '1420032219455259'
+&control += {
+ &User-Name = "%(3gpp_temporary_id_encrypt:%{User-Name[1]} %{control.Tmp-String-0} 6 fastauth)"
}
#
# 2.2 - Can we identify the encrypted blob correctly?
#
-if ("%(aka_sim_id_type:%{control.User-Name[1]})" != 'fastauth') {
+if ("%(aka_sim_id_type:%{control.User-Name[2]})" != 'fastauth') {
test_fail
}
#
# 2.3 - We should refuse to re-encrypt an encrypted NAI
#
-if ("%(3gpp_temporary_id_encrypt:%{control.User-Name[1]} %{control.Tmp-String-0} 6 fastauth)" != '') {
+if ("%(3gpp_temporary_id_encrypt:%{control.User-Name[2]} %{control.Tmp-String-0} 6 fastauth)" != '') {
test_fail
}
#
# 2.4 - Get the original IMSI back again
#
-update control {
- &Tmp-String-1 := "%(3gpp_temporary_id_decrypt:%{control.User-Name[1]} %{control.Tmp-String-0})"
-}
+&control.Tmp-String-1 := "%(3gpp_temporary_id_decrypt:%{control.User-Name[2]} %{control.Tmp-String-0})"
if (&control.Tmp-String-1 != "0%{User-Name[1]}") {
test_fail
#
# 1.1 - Encrypt the permanent ID
#
-update control {
- &Tmp-String-0 := '1420032219455259'
-}
-update control {
- &User-Name := "%(3gpp_temporary_id_encrypt:%{User-Name} %{control.Tmp-String-0} 6)"
-}
+&control.Tmp-String-0 := '1420032219455259'
+&control.User-Name := "%(3gpp_temporary_id_encrypt:%{User-Name} %{control.Tmp-String-0} 6)"
#
# 1.2 - Get the original IMSI back again sans tag
#
-update control {
- &Tmp-String-1 := "%(3gpp_temporary_id_decrypt:%{control.User-Name} %{control.Tmp-String-0} false)"
-}
+&control.Tmp-String-1 := "%(3gpp_temporary_id_decrypt:%{control.User-Name} %{control.Tmp-String-0} false)"
if ("%{User-Name}" =~ /^0(.*)/) {
if (!&control.Tmp-String-1 || (&control.Tmp-String-1 == '') || (%{control.Tmp-String-1} != "%{1}")) {
#
# No domain separator
#
-update request {
- &User-Name := '14200322194552581'
-}
+&User-Name := '14200322194552581'
if ("%(aka_sim_id_method:%{User-Name})" != '') {
test_fail
#
# Zero length ID
#
-update request {
- &User-Name := ''
-}
+&User-Name := ''
if ("%(aka_sim_id_method:%{User-Name})" != '') {
test_fail
#
# Encrypt the permanent ID
#
-update control {
- &Tmp-String-0 := '1234567812345678'
-}
-update control {
- &User-Name := "%(3gpp_temporary_id_encrypt:%{User-Name} %{control.Tmp-String-0} 6)"
-}
+&control.Tmp-String-0 := '1234567812345678'
+&control.User-Name := "%(3gpp_temporary_id_encrypt:%{User-Name} %{control.Tmp-String-0} 6)"
#
# Can we get the EAP method from the encrypted blob correctly?
# Async calls should always return a zero length string
# because we don't wait for the response.
#
-update request {
- &Tmp-String-0 := "%(exec_async:/bin/sh -c 'echo -n hello')"
-}
-if (&Tmp-String-0 != '') {
+&Tmp-String-0 := "%(exec_async:/bin/sh -c 'echo -n hello')"
+if (&Tmp-String-0) {
test_fail
}
# Smoke test - Setup an async process that'll keep running after
# after the test exits.
#
-update request {
- &Tmp-String-0 := "%(exec_async:/bin/sh -c 'sleep 1')"
-}
-if (&Tmp-String-0 != '') {
+&Tmp-String-0 := "%(exec_async:/bin/sh -c 'sleep 1')"
+if (&Tmp-String-0) {
test_fail
}
# Sync calls should always return a zero length string
# because we don't wait for the response.
#
-update request {
- &Tmp-String-0 := `/bin/sh -c 'echo hello'`
-}
+&Tmp-String-0 := `/bin/sh -c 'echo hello'`
if (&Tmp-String-0 != 'hello') {
test_fail
} else {
#
# Sync calls return the response
#
-update request {
- &Tmp-String-0 := "%(exec_sync:/bin/sh -c 'echo hello')"
-}
+&Tmp-String-0 := "%(exec_sync:/bin/sh -c 'echo hello')"
if (&Tmp-String-0 != 'hello') {
test_fail
}
#
# Call something which will take longer than the timeout
#
-update request {
- &Tmp-String-0 := "%(exec_sync:/bin/sleep 10)"
-}
+&request -= &Tmp-String-0
+&Tmp-String-0 := "%(exec_sync:/bin/sleep 10)"
if (&Module-Failure-Message[*] != "Timeout running program - killing it and failing the request") {
test_fail
}
-if (&Tmp-String-0 != "") {
+if (&Tmp-String-0) {
test_fail
}
-update request {
- &Tmp-String-0 := "%(exec_sync:/bin/sh $ENV{MODULE_TEST_DIR}/fail.sh)"
-}
+&request -= &Tmp-String-0
+&Tmp-String-0 := "%(exec_sync:/bin/sh $ENV{MODULE_TEST_DIR}/fail.sh)"
-if (&Tmp-String-0 != "") {
+if (&Tmp-String-0) {
test_fail
}
-if (&request.Module-Failure-Message != "Execution of external program returned 7") {
+if (&Module-Failure-Message != "Execution of external program returned 7") {
test_fail
}
# Note: Filtering "!*" does not apply to control items as this would overload
# the operator syntax since "!*" checks that no such attribute in the
# request.
+#
addcontrol Password.Cleartext := "testing123", Reply-Message := "success1"
Fall-Through = yes
-update request {
- &FreeRADIUS-Client-IP-Prefix := 10.1.2.3/32
-}
+&FreeRADIUS-Client-IP-Prefix := 10.1.2.3/32
subnet
}
-update request {
- &FreeRADIUS-Client-IP-Prefix := 10.2.3.4/32
-}
+&FreeRADIUS-Client-IP-Prefix := 10.2.3.4/32
-update reply {
- &Reply-Message !* ALL
-}
+&reply -= &Reply-Message[*]
subnet
test_pass
}
-update request {
- &FreeRADIUS-Client-IP-Prefix := 10.1.2.3/32
- &Password.Cleartext := "hello"
-}
+&FreeRADIUS-Client-IP-Prefix := 10.1.2.3/32
+&Password.Cleartext := "hello"
-update reply {
- &Reply-Message !* ALL
-}
+&reply -= &Reply-Message[*]
subnet
-update request {
- &FreeRADIUS-Client-IP-Prefix := 192.168.1.1/32
-}
+&FreeRADIUS-Client-IP-Prefix := 192.168.1.1/32
-update reply {
- &Reply-Message !* ALL
-}
+&reply -= &Reply-Message[*]
subnet
-update request {
- &FreeRADIUS-Client-IP-Prefix := 10.1.2.3/32
-}
+&FreeRADIUS-Client-IP-Prefix := 10.1.2.3/32
subnet2
}
# Delete previous reply messages
-update reply {
- &Reply-Message !* ANY
-}
+&reply -= &Reply-Message[*]
-update request {
- &FreeRADIUS-Client-IP-Prefix := 10.2.2.3/15
-}
+&FreeRADIUS-Client-IP-Prefix := 10.2.2.3/15
subnet2
-update control {
- &Tmp-String-0 := "%(ping:127.0.0.1)"
-}
+&control.Tmp-String-0 := "%(ping:127.0.0.1)"
#
# @todo - conditions do not yet support YIELD
#
if (&control.Tmp-String-0 == "yes") {
- update {
- &control.Password.Cleartext := "hello"
- &reply.Reply-Message += "success"
+ &control.Password.Cleartext := "hello"
+
+ &reply += {
+ &Reply-Message = "success"
}
}
else {
- update reply {
- &Reply-Message += "failed"
+ &reply += {
+ &Reply-Message = "failed"
}
}
# PRE: update if
#
-update request {
- &Tmp-String-0 := "%{idn:example.com}"
- &Tmp-String-1 := "%{idn:èxâmpłé.com}"
- &Tmp-String-2 := "%{idn:пример.com}"
- &Tmp-String-3 := "%{idn:παράδειγμα.com}"
- &Tmp-String-4 := "%{idn:ตัวอย่าง.com}"
-}
-
+&Tmp-String-0 := "%{idn:example.com}"
+&Tmp-String-1 := "%{idn:èxâmpłé.com}"
+&Tmp-String-2 := "%{idn:пример.com}"
+&Tmp-String-3 := "%{idn:παράδειγμα.com}"
+&Tmp-String-4 := "%{idn:ตัวอย่าง.com}"
if (&Tmp-String-0 != "example.com") {
test_fail
test_fail
}
-update request {
- &Tmp-String-0 := "%{idn:invalid_example.com}"
-}
+&Tmp-String-0 := "%{idn:invalid_example.com}"
-if (&Tmp-String-0 != "") {
+if (&Module-Failure-Message != "Non-digit/letter/hyphen in input") {
test_fail
}
test_fail
}
-update request {
- &Module-Failure-Message !* ANY
-}
-
-update request {
- &Tmp-String-0 := "%{idn:a.véry.löng.ņàme.whîch.when.expânded.exceedş.ţhe.dns.stanđard.fór.string.łength.of.twø.hündred.ând.fifty.threé.charáctèrs.and.therefore.is.invalid.for.idn.conversion}"
-}
+&request -= &Module-Failure-Message[*]
-if (&Tmp-String-0 != "") {
- test_fail
-}
+&Tmp-String-0 := "%{idn:a.véry.löng.ņàme.whîch.when.expânded.exceedş.ţhe.dns.stanđard.fór.string.łength.of.twø.hündred.ând.fifty.threé.charáctèrs.and.therefore.is.invalid.for.idn.conversion}"
if (&Module-Failure-Message != "Conversion was truncated") {
test_fail
imap.authenticate
if (reject) {
- update control {
- &Auth-Type := Accept
- }
+ &control.Auth-Type := Accept
}
else {
reject
imap.authenticate
if (reject) {
- update control {
- &Auth-Type := Accept
- }
+ &control.Auth-Type := Accept
}
else {
reject
imap.authenticate
if (ok) {
- update control {
- &Auth-Type := Accept
- }
+ &control.Auth-Type := Accept
}
else {
reject
imap_bad_tls.authenticate
if (ok) {
- update control {
- &Auth-Type := Accept
- }
+ &control.Auth-Type := Accept
}
else {
reject
imap_try_tls.authenticate
-# if (&request.cert-attrs.Issuer) {
+# if (&cert-attrs.Issuer) {
# test_fail
#}
# else {
if (ok) {
- update control {
- &Auth-Type := Accept
- }
+ &control.Auth-Type := Accept
}
else {
reject
}
-if (&request.TLS-Certificate.Issuer =~ /@example\.org/) {
+if (&TLS-Certificate.Issuer =~ /@example\.org/) {
test_pass
} else {
test_fail
imap_tls.authenticate
if (ok) {
- update control {
- &Auth-Type := Accept
- }
+ &control.Auth-Type := Accept
}
else {
reject
}
-if (&request.TLS-Certificate.Issuer =~ /@example\.org/) {
- test_pass
+if (&TLS-Certificate.Issuer =~ /@example\.org/) {
+ test_pass
} else {
- test_fail
+ test_fail
}
#
# json_encode tests
#
-update {
- &request.Packet-Type !* ANY
-}
+&request -= &Packet-Type[*]
# 0. Check basic xlat parsing
-
-update request {
- &Tmp-String-1 := "%{json_encode:&request[*]}"
- &Tmp-String-2 := "%{json_encode:&request[*] }"
- &Tmp-String-3 := "%{json_encode: &request[*]}"
- &Tmp-String-4 := "%{json_encode: &request[*] }"
- &Tmp-String-5 := "%{json_encode: &request[*] !&Filter-Id }"
- &Tmp-String-6 := "%{json_encode:&request[*] ! }"
+&control.Tmp-String-1 := "%{json_encode:&request[*]}"
+&control.Tmp-String-2 := "%{json_encode:&request[*] }"
+&control.Tmp-String-3 := "%{json_encode: &request[*]}"
+&control.Tmp-String-4 := "%{json_encode: &request[*] }"
+&control.Tmp-String-5 := "%{json_encode: &request[*] !&Filter-Id }"
+&control.Tmp-String-6 := "%{json_encode:&request[*] ! }"
# Check defaults are the same as output_mode "object":
- &Tmp-String-7 := "%{json_object_encode:&request[*]}"
- &Tmp-String-8 := "%{json_object_no_encode:&request[*]}"
-}
+&control.Tmp-String-7 := "%{json_object_encode:&request[*]}"
+&control.Tmp-String-8 := "%{json_object_no_encode:&request[*]}"
-
-if (&Tmp-String-1 != '{"User-Name":{"type":"string","value":"john"},"Filter-Id":{"type":"string","value":["f1","f2"]},"NAS-Port":{"type":"uint32","value":999},"Service-Type":{"type":"uint32","value":"Login-User"}}') {
+if (&control.Tmp-String-1 != '{"User-Name":{"type":"string","value":"john"},"Filter-Id":{"type":"string","value":["f1","f2"]},"NAS-Port":{"type":"uint32","value":999},"Service-Type":{"type":"uint32","value":"Login-User"}}') {
test_fail
}
# Check xlat input formats
-if (&Tmp-String-1 != &Tmp-String-2 ||
- &Tmp-String-1 != &Tmp-String-3 ||
- &Tmp-String-1 != &Tmp-String-4) {
+if (&control.Tmp-String-1 != &control.Tmp-String-2 ||
+ &control.Tmp-String-1 != &control.Tmp-String-3 ||
+ &control.Tmp-String-1 != &control.Tmp-String-4) {
test_fail
}
# Check defaults
-if (&Tmp-String-1 != &Tmp-String-7 ||
- &Tmp-String-1 != &Tmp-String-8) {
+if (&control.Tmp-String-1 != &control.Tmp-String-7 ||
+ &control.Tmp-String-1 != &control.Tmp-String-8) {
test_fail
}
-if (&Tmp-String-5 != '{"User-Name":{"type":"string","value":"john"},"NAS-Port":{"type":"uint32","value":999},"Service-Type":{"type":"uint32","value":"Login-User"}}') {
+if (&control.Tmp-String-5 != '{"User-Name":{"type":"string","value":"john"},"NAS-Port":{"type":"uint32","value":999},"Service-Type":{"type":"uint32","value":"Login-User"}}') {
test_fail
}
-if (&Tmp-String-6 != '') {
+if (&control.Tmp-String-6) {
test_fail
}
-update request {
- &Tmp-String-1 !* ANY
- &Tmp-String-2 !* ANY
- &Tmp-String-3 !* ANY
- &Tmp-String-4 !* ANY
- &Tmp-String-5 !* ANY
- &Tmp-String-6 !* ANY
- &Tmp-String-7 !* ANY
- &Tmp-String-8 !* ANY
-}
-
-
# 1a. Output mode "object" tests
# These are unsorted dictionaries. Hopefully json-c doesn't suddenly
# decide that it's going to use a different ordering of the keys...
+&control.Tmp-String-1 := "%{json_object_encode:&request[*]}"
+&control.Tmp-String-2 := "%{json_object_ex_encode:&request[*]}"
-update request {
- &Tmp-String-1 := "%{json_object_encode:&request[*]}"
- &Tmp-String-2 := "%{json_object_ex_encode:&request[*]}"
-}
-
-if (&Tmp-String-1 != '{"User-Name":{"type":"string","value":"john"},"Filter-Id":{"type":"string","value":["f1","f2"]},"NAS-Port":{"type":"uint32","value":999},"Service-Type":{"type":"uint32","value":"Login-User"}}') {
+if (&control.Tmp-String-1 != '{"User-Name":{"type":"string","value":"john"},"Filter-Id":{"type":"string","value":["f1","f2"]},"NAS-Port":{"type":"uint32","value":999},"Service-Type":{"type":"uint32","value":"Login-User"}}') {
test_fail
}
-if (&Tmp-String-2 != '{"pf:User-Name":{"type":"string","value":["john"]},"pf:Filter-Id":{"type":"string","value":["f1","f2"]},"pf:NAS-Port":{"type":"uint32","value":["999"]},"pf:Service-Type":{"type":"uint32","value":["1"]}}') {
+"%{control.Tmp-String-2}"
+if (&control.Tmp-String-2 != '{"pf:User-Name":{"type":"string","value":["john"]},"pf:Filter-Id":{"type":"string","value":["f1","f2"]},"pf:NAS-Port":{"type":"uint32","value":["999"]},"pf:Service-Type":{"type":"uint32","value":["1"]}}') {
test_fail
}
# 1b. "object" empty inputs
+&control.Tmp-String-1 := "%{json_object_encode:!&request[*]}"
-update request {
- &Tmp-String-1 := "%{json_object_encode:!&request[*]}"
-}
-
-if (&Tmp-String-1 != '{}') {
+if (&control.Tmp-String-1 != '{}') {
test_fail
}
-update request {
- &Tmp-String-1 !* ANY
- &Tmp-String-2 !* ANY
- &Module-Failure-Message !* ANY
-}
-
-
# 2a. Output mode "object_simple" tests
+&control.Tmp-String-1 := "%{json_object_simple_encode:&request[*]}"
+&control.Tmp-String-2 := "%{json_object_simple_ex_encode:&request[*]}"
-update request {
- &Tmp-String-1 := "%{json_object_simple_encode:&request[*]}"
- &Tmp-String-2 := "%{json_object_simple_ex_encode:&request[*]}"
-}
-
-if (&Tmp-String-1 != '{"User-Name":"john","Filter-Id":["f1","f2"],"NAS-Port":999,"Service-Type":"Login-User"}') {
+if (&control.Tmp-String-1 != '{"User-Name":"john","Filter-Id":["f1","f2"],"NAS-Port":999,"Service-Type":"Login-User"}') {
test_fail
}
-if (&Tmp-String-2 != '{"pf:User-Name":["john"],"pf:Filter-Id":["f1","f2"],"pf:NAS-Port":["999"],"pf:Service-Type":["1"]}') {
+if (&control.Tmp-String-2 != '{"pf:User-Name":["john"],"pf:Filter-Id":["f1","f2"],"pf:NAS-Port":["999"],"pf:Service-Type":["1"]}') {
test_fail
}
# 2b. "object_simple" empty inputs
+&control.Tmp-String-1 := "%{json_object_simple_encode:!&request[*]}"
-update request {
- &Tmp-String-1 := "%{json_object_simple_encode:!&request[*]}"
-}
-
-if (&Tmp-String-1 != '{}') {
+if (&control.Tmp-String-1 != '{}') {
test_fail
}
-update request {
- &Tmp-String-1 !* ANY
- &Tmp-String-2 !* ANY
- &Module-Failure-Message !* ANY
-}
-
-
# 3a. Output mode "array" tests
+&control.Tmp-String-1 := "%{json_array_encode:&request[*]}"
+&control.Tmp-String-2 := "%{json_array_ex_encode:&request[*]}"
-update request {
- &Tmp-String-1 := "%{json_array_encode:&request[*]}"
- &Tmp-String-2 := "%{json_array_ex_encode:&request[*]}"
-}
-
-if (&Tmp-String-1 != '[{"name":"User-Name","type":"string","value":"john"},{"name":"Filter-Id","type":"string","value":"f1"},{"name":"Filter-Id","type":"string","value":"f2"},{"name":"NAS-Port","type":"uint32","value":999},{"name":"Service-Type","type":"uint32","value":"Login-User"}]') {
+if (&control.Tmp-String-1 != '[{"name":"User-Name","type":"string","value":"john"},{"name":"Filter-Id","type":"string","value":"f1"},{"name":"Filter-Id","type":"string","value":"f2"},{"name":"NAS-Port","type":"uint32","value":999},{"name":"Service-Type","type":"uint32","value":"Login-User"}]') {
test_fail
}
-if (&Tmp-String-2 != '[{"name":"pf:User-Name","type":"string","value":["john"]},{"name":"pf:Filter-Id","type":"string","value":["f1","f2"]},{"name":"pf:NAS-Port","type":"uint32","value":["999"]},{"name":"pf:Service-Type","type":"uint32","value":["1"]}]') {
+if (&control.Tmp-String-2 != '[{"name":"pf:User-Name","type":"string","value":["john"]},{"name":"pf:Filter-Id","type":"string","value":["f1","f2"]},{"name":"pf:NAS-Port","type":"uint32","value":["999"]},{"name":"pf:Service-Type","type":"uint32","value":["1"]}]') {
test_fail
}
# 3b. "array" empty inputs
+&control.Tmp-String-1 := "%{json_array_encode:!&request[*]}"
-update request {
- &Tmp-String-1 := "%{json_array_encode:!&request[*]}"
-}
-
-if (&Tmp-String-1 != '[]') {
+if (&control.Tmp-String-1 != '[]') {
test_fail
}
-update request {
- &Tmp-String-1 !* ANY
- &Tmp-String-2 !* ANY
- &Module-Failure-Message !* ANY
-}
-
-
# 4a. Output mode "array_of_names" tests
+&control.Tmp-String-1 := "%{json_array_names_encode:&request[*]}"
+&control.Tmp-String-2 := "%{json_array_names_ex_encode:&request[*]}"
-update request {
- &Tmp-String-1 := "%{json_array_names_encode:&request[*]}"
- &Tmp-String-2 := "%{json_array_names_ex_encode:&request[*]}"
-}
-
-if (&Tmp-String-1 != '["User-Name","Filter-Id","Filter-Id","NAS-Port","Service-Type"]') {
+if (&control.Tmp-String-1 != '["User-Name","Filter-Id","Filter-Id","NAS-Port","Service-Type"]') {
test_fail
}
-if (&Tmp-String-2 != '["pf:User-Name","pf:Filter-Id","pf:Filter-Id","pf:NAS-Port","pf:Service-Type"]') {
+if (&control.Tmp-String-2 != '["pf:User-Name","pf:Filter-Id","pf:Filter-Id","pf:NAS-Port","pf:Service-Type"]') {
test_fail
}
# 4b. "array_of_names" empty inputs
+&control.Tmp-String-1 := "%{json_array_names_encode:!&request[*]}"
-update request {
- &Tmp-String-1 := "%{json_array_names_encode:!&request[*]}"
-}
-
-if (&Tmp-String-1 != '[]') {
+if (&control.Tmp-String-1 != '[]') {
test_fail
}
-update request {
- &Tmp-String-1 !* ANY
- &Tmp-String-2 !* ANY
- &Module-Failure-Message !* ANY
-}
-
-
# 5a. Output mode "array_of_values" tests
+&control.Tmp-String-1 := "%{json_array_values_encode:&request[*]}"
+&control.Tmp-String-2 := "%{json_array_values_ex_encode:&request[*]}"
-update request {
- &Tmp-String-1 := "%{json_array_values_encode:&request[*]}"
- &Tmp-String-2 := "%{json_array_values_ex_encode:&request[*]}"
-}
-
-if (&Tmp-String-1 != '["john","f1","f2",999,"Login-User"]') {
+if (&control.Tmp-String-1 != '["john","f1","f2",999,"Login-User"]') {
test_fail
}
-if (&Tmp-String-2 != '["john","f1","f2","999","1"]') {
+if (&control.Tmp-String-2 != '["john","f1","f2","999","1"]') {
test_fail
}
# 5b. "array_of_values" empty inputs
+&control.Tmp-String-1 := "%{json_array_values_encode:!&request[*]}"
-update request {
- &Tmp-String-1 := "%{json_array_values_encode:!&request[*]}"
-}
-
-if (&Tmp-String-1 != '[]') {
+if (&control.Tmp-String-1 != '[]') {
test_fail
}
-update request {
- &Tmp-String-1 !* ANY
- &Tmp-String-2 !* ANY
- &Module-Failure-Message !* ANY
-}
-
-
# Convert `make json.test` unlang update output to tests, for when
# things need updating.
#
# json xlat input parsing test - error with no input
#
-update request {
- &Tmp-String-1 := "%{json_object_ex_encode:}" # ERROR
-}
+&Tmp-String-1 := "%{json_object_ex_encode:}" # ERROR
# Evaluation tests
#
-update request {
- &Tmp-String-0 := "{\"foo\":\"bar\"}"
-}
+&Tmp-String-0 := "{\"foo\":\"bar\"}"
# 0. Simple field access
map json &Tmp-String-0 {
test_fail
}
-update request {
- &Tmp-String-0 := "\
- {\
- \"my_array\": [0, 1, 2, 3, 4, 5], \
- \"my_object\": { \
- \"foo\": \"bar\", \
- \"num\" : 42 \
- }, \
- \"num\": 99, \
- \"double\": 5.9, \
- \"null\": null, \
- \"bool_true\": true, \
- \"bool_false\": false \
- }"
-}
+&Tmp-String-0 := "\
+{\
+ \"my_array\": [0, 1, 2, 3, 4, 5], \
+ \"my_object\": { \
+ \"foo\": \"bar\", \
+ \"num\" : 42 \
+ }, \
+ \"num\": 99, \
+ \"double\": 5.9, \
+ \"null\": null, \
+ \"bool_true\": true, \
+ \"bool_false\": false \
+}"
-update request {
- &Tmp-String-1 !* ANY
-}
+&request -= &Tmp-String-1[*]
# Check conversion of all JSON types to strings
map json &Tmp-String-0 {
test_fail
}
-update request {
- &Tmp-String-1 !* ANY
-}
+&request -= &Tmp-String-1[*]
#
# Now check array slicing operates correctly
if (&Tmp-String-1 != '[ 0, 1, 2, 3, 4, 5 ]') {
test_fail
}
-update request {
- &Tmp-String-1 !* ANY
-}
+
+&request -= &Tmp-String-1[*]
# 9. Simple index
map json &Tmp-String-0 {
if (&Tmp-Integer-0 != 0) {
test_fail
}
-update request {
- &Tmp-Integer-0 !* ANY
-}
+
+&request -= &Tmp-Integer-0[*]
# 9a. All of the array
map json &Tmp-String-0 {
test_fail
}
-update request {
- &Tmp-Integer-0 := 9
-}
+&Tmp-Integer-0 := 9
+
# 9b. All of the array using prepend, places the array before the existing value
map json &Tmp-String-0 {
&Tmp-Integer-0 ^= '$.my_array.*'
if ((&Tmp-Integer-0[0] != 0) || (&Tmp-Integer-0[1] != 1) || (&Tmp-Integer-0[2] != 2) || (&Tmp-Integer-0[3] != 3) || (&Tmp-Integer-0[4] != 4) || (&Tmp-Integer-0[5] != 5) || (&Tmp-Integer-0[6] != 9)) {
test_fail
}
-update request {
- &Tmp-Integer-0 !* ANY
-}
+
+&request -= &Tmp-Integer-0[*]
# 10. End of the array
map json &Tmp-String-0 {
if (&Tmp-Integer-0 != 5) {
test_fail
}
-update request {
- &Tmp-Integer-0 !* ANY
-}
+
+&request -= &Tmp-Integer-0[*]
# 11. Past end of the array
map json &Tmp-String-0 {
if (&Tmp-Integer-0) {
test_fail
}
-update request {
- &Tmp-Integer-0 !* ANY
-}
+
+&request -= &Tmp-Integer-0[*]
# 12. Simple slice
map json &Tmp-String-0 {
if ((&Tmp-Integer-0[0] != 0) || (&Tmp-Integer-0[1] != 1)) {
test_fail
}
-update request {
- &Tmp-Integer-0 !* ANY
-}
+
+&request -= &Tmp-Integer-0[*]
# 13. Slice with negative start
map json &Tmp-String-0 {
if (&Tmp-Integer-0 != 5) {
test_fail
}
-update request {
- &Tmp-Integer-0 !* ANY
-}
+
+&request -= &Tmp-Integer-0[*]
# 14. Slice with negative start and negative end
map json &Tmp-String-0 {
if ((&Tmp-Integer-0[0] != 1) && (&Tmp-Integer-0[1] != 2)) {
test_fail
}
-update request {
- &Tmp-Integer-0 !* ANY
-}
+
+&request -= &Tmp-Integer-0[*]
# 16. Slice with start, end and negative step
map json &Tmp-String-0 {
if ((&Tmp-Integer-0[0] != 4) || (&Tmp-Integer-0[1] != 3)) {
test_fail
}
-update request {
- &Tmp-Integer-0 !* ANY
-}
+
+&request -= &Tmp-Integer-0[*]
# 17. Slice with start, end (inverted) and negative step
map json &Tmp-String-0 {
if (&Tmp-Integer-0) {
test_fail
}
-update request {
- &Tmp-Integer-0 !* ANY
-}
+
+&request -= &Tmp-Integer-0[*]
# 18. Slice with start, end and positive step
map json &Tmp-String-0 {
if ((&Tmp-Integer-0[0] != 2) || (&Tmp-Integer-0[1] != 3)) {
test_fail
}
-update request {
- &Tmp-Integer-0 !* ANY
-}
+
+&request -= &Tmp-Integer-0[*]
# 19. Slice with start, end and positive step > 1
map json &Tmp-String-0 {
if ((&Tmp-Integer-0[0] != 1) && (&Tmp-Integer-0[1] != 3)) {
test_fail
}
-update request {
- &Tmp-Integer-0 !* ANY
-}
+
+&request -= &Tmp-Integer-0[*]
# 20. Slice with start, end and positive step > end of array
map json &Tmp-String-0 {
if ((&Tmp-Integer-0[0] != 1) || &Tmp-Integer-0[1]) {
test_fail
}
-update request {
- &Tmp-Integer-0 !* ANY
-}
+
+&request -= &Tmp-Integer-0[*]
# 21. Slice with start, end and positive step > end of array
map json &Tmp-String-0 {
if ((&Tmp-Integer-0[0] != 5) || &Tmp-Integer-0[1]) {
test_fail
}
-update request {
- &Tmp-Integer-0 !* ANY
-}
+
+&request -= &Tmp-Integer-0[*]
# 22. No start/end 3 step
map json &Tmp-String-0 {
if ((&Tmp-Integer-0[0] != 0) || (&Tmp-Integer-0[1] != 3) || &Tmp-Integer-0[2]) {
test_fail
}
-update request {
- &Tmp-Integer-0 !* ANY
-}
+
+&request -= &Tmp-Integer-0[*]
# 23. No start/end 3 step
map json &Tmp-String-0 {
if ((&Tmp-Integer-0[0] != 5) || (&Tmp-Integer-0[1] != 2) || &Tmp-Integer-0[2]) {
test_fail
}
-update request {
- &Tmp-Integer-0 !* ANY
-}
+
+&request -= &Tmp-Integer-0[*]
# 24. No end 3 step
map json &Tmp-String-0 {
if ((&Tmp-Integer-0[0] != 3) || (&Tmp-Integer-0[1] != 0) || &Tmp-Integer-0[2]) {
test_fail
}
-update request {
- &Tmp-Integer-0 !* ANY
-}
+
+&request -= &Tmp-Integer-0[*]
# 25. End 0, 3 step
map json &Tmp-String-0 {
if ((&Tmp-Integer-0[0] != 3) || &Tmp-Integer-0[1]) {
test_fail
}
-update request {
- &Tmp-Integer-0 !* ANY
-}
+
+&request -= &Tmp-Integer-0[*]
# 26. End 0, 3 step
map json &Tmp-String-0 {
if ((&Tmp-Integer-0[0] != 0) || &Tmp-Integer-0[1]) {
test_fail
}
-update request {
- &Tmp-Integer-0 !* ANY
-}
+
+&request -= &Tmp-Integer-0[*]
# 27. Everything two levels deep
map json &Tmp-String-0 {
test_fail
}
-update request {
- &Tmp-String-1 !* ANY
-}
+&request -= &Tmp-String-1[*]
# 28. Everything three levels deep (nothing)
map json &Tmp-String-0 {
}
# Some big numbers in nested arrays
-update request {
- &Tmp-String-0 := "\
- [\
- 9223372036854775807, \
- -9223372036854775807, \
- 18446744073709551615, \
- [ \
- 2147483647, \
- -2147483647, \
- 4294967295, \
- ] \
- ]"
-}
+&Tmp-String-0 := "\
+[\
+ 9223372036854775807, \
+ -9223372036854775807, \
+ 18446744073709551615, \
+ [ \
+ 2147483647, \
+ -2147483647, \
+ 4294967295, \
+ ] \
+]"
# 31. Unsigned 32bit integers (are supported)
# Will get smushed to INT32_MAX with json-c <= 0.10, or might wrap, it's
if (&Tmp-Integer-0 != 2147483647) {
test_fail
}
-update request {
- &Tmp-Integer-0 !* ANY
-}
+
+&request -= &Tmp-Integer-0[*]
# 33. Signed 64bit integers
map json &Tmp-String-0 {
if (&Tmp-int64-0 != 9223372036854775807) {
test_fail
}
-update request {
- &Tmp-int64-0 !* ANY
-}
+
+&request -= &Tmp-int64-0[*]
# 34. Signed 64bit integers
map json &Tmp-String-0 {
if (&Tmp-int64-0 != -9223372036854775807) {
test_fail
}
-update request {
- &Tmp-int64-0 !* ANY
-}
+
+&request -= &Tmp-int64-0[*]
# 35. Unsigned 64bit integers (not allowed by json so gets truncated)
map json &Tmp-String-0 {
if (&Tmp-uint64-0 != 9223372036854775807) {
test_fail
}
-update request {
- &Tmp-uint64-0 !* ANY
-}
+
+&request -= &Tmp-uint64-0[*]
# 36. Multiple array indicies
map json &Tmp-String-0 {
if ((&Tmp-Signed-0[0] != 2147483647) || (&Tmp-signed-0[1] != -2147483647)) {
test_fail
}
-update request {
- &Tmp-Signed-0 !* ANY
-}
+
+&request -= &Tmp-Signed-0[*]
# 37. Path containing dynamic expansion
-update request {
- &Tmp-Integer-2 := 0
-}
+&Tmp-Integer-2 := 0
+
map json &Tmp-String-0 {
&Tmp-Integer-0 += "$[3][%{Tmp-Integer-2}]"
}
if (&Tmp-Integer-0 != 2147483647) {
test_fail
}
-update request {
- &Tmp-Integer-0 !* ANY
-}
+&request -= &Tmp-Integer-0[*]
# 38. An expanded field name with bad chars
-update request {
- &Tmp-String-0 := "\
- {\
- \"foo.bar\": \"baz\" \
- }"
- &Tmp-String-2 := %{taint:foo.bar}
-}
+&Tmp-String-0 := "\
+{\
+ \"foo.bar\": \"baz\" \
+}"
+&Tmp-String-2 := "%{taint:foo.bar}"
+
map json &Tmp-String-0 {
&Tmp-String-1 := "$.%{Tmp-String-2}"
}
if (&Tmp-String-1 != 'baz') {
test_fail
}
-update request {
- &Tmp-String-1 !* ANY
-}
-
-update request {
- &Tmp-String-0 := "\
- {\
- \"my_array\": [0, 1, 2, 3, 4, 5], \
- \"my_object\": { \
- \"foo\": \"bar\", \
- \"num\" : 42, \
- \"my_deep_object\": { \
- \"foo\": \"baz\", \
- \"num\": 99, \
- \"bool\": true\
- }, \
- \"my_cats\": [\
- \"fluffy\", \
- \"scratchy\", \
- \"flat\" \
- ], \
+
+&request -= &Tmp-String-1[*]
+
+&Tmp-String-0 := "\
+{\
+ \"my_array\": [0, 1, 2, 3, 4, 5], \
+ \"my_object\": { \
+ \"foo\": \"bar\", \
+ \"num\" : 42, \
+ \"my_deep_object\": { \
+ \"foo\": \"baz\", \
+ \"num\": 99, \
+ \"bool\": true\
}, \
\"my_cats\": [\
- \"spikey\", \
- \"clawy\", \
- \"woofy\" \
+ \"fluffy\", \
+ \"scratchy\", \
+ \"flat\" \
], \
- }"
-}
+ }, \
+ \"my_cats\": [\
+ \"spikey\", \
+ \"clawy\", \
+ \"woofy\" \
+ ], \
+}"
# 39. Recursive descent with field match
map json &Tmp-String-0 {
&Tmp-String-1 += '$..bool'
}
+
if (("%{Tmp-String-1[#]}" != 1) || (&Tmp-String-1 != 'yes')) {
test_fail
}
-update request {
- &Tmp-String-1 !* ANY
-}
+
+&request -= &Tmp-String-1[*]
# 40. Recursive descent with element match (2nd element in each array)
map json &Tmp-String-0 {
if (("%{Tmp-String-1[#]}" != 3) || (&Tmp-String-1[0] != '1') || (&Tmp-String-1[1] != 'scratchy') || (&Tmp-String-1[2] != 'clawy')) {
test_fail
}
-update request {
- &Tmp-String-1 !* ANY
-}
+&request -= &Tmp-String-1[*]
# 41. Recursive descent with field then element match
map json &Tmp-String-0 {
if (("%{Tmp-String-1[#]}" != 2) || (&Tmp-String-1[0] != 'flat') || (&Tmp-String-1[1] != 'woofy')) {
test_fail
}
-update request {
- &Tmp-String-1 !* ANY
-}
+
+&request -= &Tmp-String-1[*]
test_pass
#
# JSON quoting
#
-
-update request {
- &Tmp-String-0 := 'foo/bar'
- &Tmp-String-1 := 'foo"bar'
-}
-update request {
- &Tmp-String-2 := "%{jsonquote:%{Tmp-String-0}}"
- &Tmp-String-3 := "%{jsonquote:%{Tmp-String-1}}"
-}
+&Tmp-String-0 := 'foo/bar'
+&Tmp-String-1 := 'foo"bar'
+&Tmp-String-2 := "%{jsonquote:%{Tmp-String-0}}"
+&Tmp-String-3 := "%{jsonquote:%{Tmp-String-1}}"
# Check for correct escapes
if (&Tmp-String-2 != 'foo\/bar') {
test_fail
}
-
# Check for correct handling of null input
+&Tmp-String-4 := "%{jsonquote:}"
-update request {
- &Tmp-String-4 := "%{jsonquote:}"
-}
-
-if (&Tmp-String-4 != '') {
+if (&Tmp-String-4) {
test_fail
}
test_fail
}
-update {
- &Tmp-String-0 := "%{ldap:ldap://$ENV{TEST_SERVER}/uid=john,ou=people,dc=example,dc=com?description}"
-}
+&Tmp-String-0 := "%{ldap:ldap://$ENV{TEST_SERVER}/uid=john,ou=people,dc=example,dc=com?description}"
if (&Tmp-String-0 != "User john is online") {
test_fail
ldap.post-auth
-update {
- &Tmp-String-0 := "%{ldap:ldap://$ENV{TEST_SERVER}/uid=john,ou=people,dc=example,dc=com?description}"
-}
+&Tmp-String-0 := "%{ldap:ldap://$ENV{TEST_SERVER}/uid=john,ou=people,dc=example,dc=com?description}"
if (&Tmp-String-0 != "User %{User-Name} authenticated") {
test_fail
ldapssl.post-auth
-update {
- &Tmp-String-0 := "%{ldapssl:ldaps:///uid=fred,ou=people,dc=subdept,dc=example,dc=com?description}"
-}
+&Tmp-String-0 := "%{ldapssl:ldaps:///uid=fred,ou=people,dc=subdept,dc=example,dc=com?description}"
if (&Tmp-String-0 != "User %{User-Name} authenticated") {
test_fail
ldaptls.post-auth
-update {
- &Tmp-String-0 := "%{ldaptls:ldap:///uid=fred,ou=people,dc=subdept,dc=example,dc=com?description}"
-}
+&Tmp-String-0 := "%{ldaptls:ldap:///uid=fred,ou=people,dc=subdept,dc=example,dc=com?description}"
if (&Tmp-String-0 != "User %{User-Name} authenticated") {
test_fail
test_fail
}
-if (&request.Tmp-String-0 != '255.255.255.0') {
+if (&Tmp-String-0 != '255.255.255.0') {
test_fail
}
-if (&request.Tmp-String-1[*] != 'cn=radprofile,ou=profiles,dc=example,dc=com') {
+if (&Tmp-String-1[*] != 'cn=radprofile,ou=profiles,dc=example,dc=com') {
test_fail
}
-if (&request.Tmp-String-1[*] != 'cn=profile1,ou=profiles,dc=example,dc=com') {
+if (&Tmp-String-1[*] != 'cn=profile1,ou=profiles,dc=example,dc=com') {
test_fail
}
# Test the "ldap" module xlat escape functions
#
-update request {
- &Tmp-String-0 := "safe string"
- &Tmp-String-1 := 'non safe,+"\<>;*=() string'
- &Tmp-String-2 := ',+"\<>;*=()'
-}
+&Tmp-String-0 := "safe string"
+&Tmp-String-1 := 'non safe,+"\<>;*=() string'
+&Tmp-String-2 := ',+"\<>;*=()'
# String with no escaping
-update control {
- &Tmp-String-0 := "%{ldap_escape:%{Tmp-String-0}}"
-}
+&control.Tmp-String-0 := "%{ldap_escape:%{Tmp-String-0}}"
if (&control.Tmp-String-0 != "safe string") {
test_fail
}
# String with some characters to escape
-update control {
- &Tmp-String-1 := "%{ldap_escape:%{Tmp-String-1}}"
-}
+&control.Tmp-String-1 := "%{ldap_escape:%{Tmp-String-1}}"
if (&control.Tmp-String-1 != 'non safe\2c\2b\22\5c\3c\3e\3b\2a\3d\28\29 string') {
test_fail
}
# String where all characters require escaping
-update control {
- &Tmp-String-2 := "%{ldap_escape:%{Tmp-String-2}}"
-}
+&control.Tmp-String-2 := "%{ldap_escape:%{Tmp-String-2}}"
if (&control.Tmp-String-2 != '\2c\2b\22\5c\3c\3e\3b\2a\3d\28\29') {
test_fail
}
-update request {
- &Tmp-String-3 := "%{ldap_unescape:%{control.Tmp-String-0}}"
-}
+&Tmp-String-3 := "%{ldap_unescape:%{control.Tmp-String-0}}"
if (&Tmp-String-3 != 'safe string') {
test_fail
}
-update request {
- &Tmp-String-4 := "%{ldap_unescape:%{control.Tmp-String-1}}"
-}
+&Tmp-String-4 := "%{ldap_unescape:%{control.Tmp-String-1}}"
if (&Tmp-String-4 != 'non safe,+"\<>;*=() string') {
test_fail
}
-update request {
- &Tmp-String-5 := "%{ldap_unescape:%{control.Tmp-String-2}}"
-}
+&Tmp-String-5 := "%{ldap_unescape:%{control.Tmp-String-2}}"
if (&Tmp-String-5 != ',+"\<>;*=()') {
test_fail
}
-update request {
- &Tmp-String-6 := "%{ldap:ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=people,dc=example,dc=com?displayName?sub?(uid=john)}"
-}
+&Tmp-String-6 := "%{ldap:ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=people,dc=example,dc=com?displayName?sub?(uid=john)}"
if (&Tmp-String-6 != "John Doe") {
test_fail
}
# Return multiple values - could be in any sequence
-update request {
- &Tmp-String-7 := "%{ldap:ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=clients,dc=example,dc=com?radiusClientIdentifier?sub?(objectClass=radiusClient)}"
-}
+&Tmp-String-7 := "%{ldap:ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=clients,dc=example,dc=com?radiusClientIdentifier?sub?(objectClass=radiusClient)}"
if ((&Tmp-String-7 != "1.1.1.12.2.2.2") && (&Tmp-String-7 != "2.2.2.21.1.1.1")) {
test_fail
}
# Use tainted string in filter - with special characters
-update request {
- &Tmp-String-8 := "%{ldap:ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=people,dc=example,dc=com?cn?sub?(displayName=*%{Tmp-String-9}*)}"
-}
+&Tmp-String-8 := "%{ldap:ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=people,dc=example,dc=com?cn?sub?(displayName=*%{Tmp-String-9}*)}"
if (&Tmp-String-8 != "Bob Smith") {
test_fail
}
# A query which should return no results
-update request {
- &Tmp-String-0 := "%{ldap:ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=people,dc=example,dc=com?displayName?sub?(uid=notknown)}"
-}
+&Tmp-String-0 := "%{ldap:ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=people,dc=example,dc=com?displayName?sub?(uid=notknown)}"
if (&Tmp-String-0 != "") {
test_fail
}
# Request an invalid DN
-update request {
- &Tmp-String-0 := "%{ldap:ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=notthere?displayName?sub?(uid=john)}"
-}
+&Tmp-String-0 := "%{ldap:ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=notthere?displayName?sub?(uid=john)}"
if (&Tmp-String-0 != "") {
test_fail
}
# Query within a dn which will prompt a referral
-update request {
- &Tmp-String-0 := "%{ldap:ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/dc=subdept,dc=example,dc=com?displayName?sub?(uid=fred)}"
-}
+&Tmp-String-0 := "%{ldap:ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/dc=subdept,dc=example,dc=com?displayName?sub?(uid=fred)}"
if (&Tmp-String-0 != "Fred Jones") {
test_fail
}
# Reference an alternative LDAP server in the xlat
-update request {
- &Tmp-String-1 := "%{ldap:ldap://$ENV{LDAP_TEST_SERVER}:%{expr:$ENV{LDAP_TEST_SERVER_PORT} + 1}/dc=subdept,dc=example,dc=com?displayName?sub?(uid=fred)}"
-}
+&Tmp-String-1 := "%{ldap:ldap://$ENV{LDAP_TEST_SERVER}:%{expr:$ENV{LDAP_TEST_SERVER_PORT} + 1}/dc=subdept,dc=example,dc=com?displayName?sub?(uid=fred)}"
if (&Tmp-String-1 != "Fred Jones") {
test_fail
}
# This query will follow 2 referrals, the second will present an alternate search base
-update request {
- &Tmp-String-2 := "%{ldap:ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=offsite,dc=subdept,dc=example,dc=com?displayName?sub?(uid=john)}"
-}
+&Tmp-String-2 := "%{ldap:ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=offsite,dc=subdept,dc=example,dc=com?displayName?sub?(uid=john)}"
if (&Tmp-String-2 != "John Doe") {
test_fail
}
# This query will follow 3 referrals - more than our max referral depth
-update request {
- &Tmp-String-3 := "%{ldap:ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=bounce1,dc=subdept,dc=example,dc=com?displayName?sub?(uid=fred)}"
-}
+&Tmp-String-3 := "%{ldap:ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=bounce1,dc=subdept,dc=example,dc=com?displayName?sub?(uid=fred)}"
if (&Tmp-String-3 != "") {
test_fail
-update control {
- &Exec-Export := 'PATH="$ENV{PATH}:/bin:/usr/bin:/opt/bin:/usr/local/bin"'
-}
+&control.Exec-Export := 'PATH="$ENV{PATH}:/bin:/usr/bin:/opt/bin:/usr/local/bin"'
#
# Remove old log files
#
group {
- update request {
- &Tmp-String-0 := `/bin/sh -c "rm $ENV{MODULE_TEST_DIR}/test_delim.log"`
- }
+ &Tmp-String-0 := `/bin/sh -c "rm $ENV{MODULE_TEST_DIR}/test_delim.log"`
#
# We can only over-ride actions in an "actions" subsection,
}
linelog_fmt_delim
-update request {
- &Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_delim.log"`
-}
+&Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_delim.log"`
if (&Tmp-String-0 == 'bob, ') {
test_pass
# Check strings are appended
linelog_fmt_delim
-update request {
- &Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_delim.log"`
-}
+&Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_delim.log"`
if (&Tmp-String-0 == 'bob, bob, ') {
test_pass
}
# Remove the file
-update request {
- &Tmp-String-0 := `/bin/sh -c "rm $ENV{MODULE_TEST_DIR}/test_delim.log"`
-}
+&Tmp-String-0 := `/bin/sh -c "rm $ENV{MODULE_TEST_DIR}/test_delim.log"`
-
-update control {
- &Exec-Export := 'PATH="$ENV{PATH}:/bin:/usr/bin:/opt/bin:/usr/local/bin"'
-}
+&control.Exec-Export := 'PATH="$ENV{PATH}:/bin:/usr/bin:/opt/bin:/usr/local/bin"'
#
# Remove old log files
#
group {
- update request {
- &Tmp-String-0 := `/bin/sh -c "rm $ENV{MODULE_TEST_DIR}/test_escapes.log"`
- }
+ &Tmp-String-0 := `/bin/sh -c "rm $ENV{MODULE_TEST_DIR}/test_escapes.log"`
actions {
fail = 1
# Raw attribute value should be written out without further molestation.
# Because the value is wrapped in '' the \n is left as \n.
-update control {
- &Tmp-String-0 := 'test_attr'
- &Tmp-String-1 := 'foo\nbar'
-}
+&control.Tmp-String-0 := 'test_attr'
+&control.Tmp-String-1 := 'foo\nbar'
linelog_escapes
-update request {
- &Tmp-String-0 := `/bin/sh -c "tail -n2 $ENV{MODULE_TEST_DIR}/test_escapes.log"`
-}
-update request {
- &Tmp-String-1 := "%{hex:%{Tmp-String-0}}"
-}
+&Tmp-String-0 := `/bin/sh -c "tail -n2 $ENV{MODULE_TEST_DIR}/test_escapes.log"`
+&Tmp-String-1 := "%{hex:%{Tmp-String-0}}"
#
# Note that there's a '5f6e' here, which is "\n"
test_fail
}
-update request {
- &Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_escapes.log"`
-}
+&Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_escapes.log"`
#
# This is left alone, and not "\n" --> 0x0a, too.
# Raw attribute value should be written out without further molestation.
# Because the value is wrapped in "" the \n is converted to 0x0a (binary).
-update control {
- &Tmp-String-0 := 'test_attr'
- &Tmp-String-1 := "foo\nbar"
-}
+&control.Tmp-String-0 := 'test_attr'
+&control.Tmp-String-1 := "foo\nbar"
linelog_escapes
-update request {
- &Tmp-String-0 := `/bin/sh -c "tail -n2 $ENV{MODULE_TEST_DIR}/test_escapes.log"`
-}
-update request {
- &Tmp-String-1 := "%{hex:%{Tmp-String-0}}"
-}
+&Tmp-String-0 := `/bin/sh -c "tail -n2 $ENV{MODULE_TEST_DIR}/test_escapes.log"`
+&Tmp-String-1 := "%{hex:%{Tmp-String-0}}"
+
if (&Tmp-String-1 == '666f6f0a626172') {
test_pass
}
test_fail
}
-update request {
- &Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_escapes.log"`
-}
+&Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_escapes.log"`
+
if (&Tmp-String-0 == "bar") {
test_pass
}
# Fixme... needs completing. Too many broken escaping things.
# Remove the file
-update request {
- &Tmp-String-0 := `/bin/sh -c "rm $ENV{MODULE_TEST_DIR}/test_escapes.log"`
-}
+&Tmp-String-0 := `/bin/sh -c "rm $ENV{MODULE_TEST_DIR}/test_escapes.log"`
-update control {
- &Exec-Export := 'PATH="$ENV{PATH}:/bin:/usr/bin:/opt/bin:/usr/local/bin"'
-}
+&control.Exec-Export := 'PATH="$ENV{PATH}:/bin:/usr/bin:/opt/bin:/usr/local/bin"'
#
# Remove old log files
#
group {
- update request {
- &Tmp-String-0 := `/bin/sh -c "rm $ENV{MODULE_TEST_DIR}/test_multi.log"`
- }
+ &Tmp-String-0 := `/bin/sh -c "rm $ENV{MODULE_TEST_DIR}/test_multi.log"`
actions {
fail = 1
}
# Check multiple string type attributes are logged correctly
-update control {
- &Tmp-String-0 := 'test_multi_str'
-}
+&control.Tmp-String-0 := 'test_multi_str'
-update control {
- &Reply-Message := '0'
- &Reply-Message += '1'
- &Reply-Message += '2'
- &Reply-Message += '3'
- &Reply-Message += '4'
- &Reply-Message += '5'
- &Reply-Message += '6'
- &Reply-Message += '7'
- &Reply-Message += '8'
- &Reply-Message += '9'
- &Reply-Message += '10'
+&control += {
+ &Reply-Message = '0'
+ &Reply-Message = '1'
+ &Reply-Message = '2'
+ &Reply-Message = '3'
+ &Reply-Message = '4'
+ &Reply-Message = '5'
+ &Reply-Message = '6'
+ &Reply-Message = '7'
+ &Reply-Message = '8'
+ &Reply-Message = '9'
+ &Reply-Message = '10'
}
linelog_ref_multi
-update request {
- &Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_multi.log"`
-}
+&Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_multi.log"`
if (&Tmp-String-0 == '0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, ') {
test_pass
}
# Check octet type attributes are logged in raw form
-update control {
- &Tmp-Octets-0 := 0x686970706f # Hippo
- &Tmp-Octets-0 += 0x0a # new line
- &Tmp-Octets-0 += 0x626c6970706f # Blippo
+&control += {
+ &Tmp-Octets-0 = 0x686970706f # Hippo
+ &Tmp-Octets-0 = 0x0a # new line
+ &Tmp-Octets-0 = 0x626c6970706f # Blippo
}
-update control {
- &Tmp-String-0 := 'test_multi_octets'
-}
+&control.Tmp-String-0 := 'test_multi_octets'
+
linelog_ref_multi
-update request {
- &Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_multi.log"`
-}
+
+&Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_multi.log"`
if (&Tmp-String-0 == ', blippo, ') {
test_pass
}
# When no attributes that match are available, linelog should return noop
-update control {
- &Tmp-String-0 := 'test_empty'
-}
+&control.Tmp-String-0 := 'test_empty'
+
linelog_ref_multi
if (noop) {
test_pass
}
# Remove the file
-update request {
- &Tmp-String-0 := `/bin/sh -c "rm $ENV{MODULE_TEST_DIR}/test_multi.log"`
-}
+&Tmp-String-0 := `/bin/sh -c "rm $ENV{MODULE_TEST_DIR}/test_multi.log"`
-update control {
- &Exec-Export := 'PATH="$ENV{PATH}:/bin:/usr/bin:/opt/bin:/usr/local/bin"'
-}
+&control.Exec-Export := 'PATH="$ENV{PATH}:/bin:/usr/bin:/opt/bin:/usr/local/bin"'
#
# Remove old log files
#
group {
- update request {
- &Tmp-String-0 := `/bin/sh -c "rm $ENV{MODULE_TEST_DIR}/test_a.log"`
- }
+ &Tmp-String-0 := `/bin/sh -c "rm $ENV{MODULE_TEST_DIR}/test_a.log"`
actions {
fail = 1
}
# Check linelog fails over to the default message (an xlat expansion)
-update control {
- &Tmp-String-0 := 'test_default'
-}
+&control.Tmp-String-0 := 'test_default'
+
linelog_fmt_and_ref
-update request {
- &Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_a.log"`
-}
+&Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_a.log"`
if (&Tmp-String-0 == 'bob default') {
test_pass
}
# Check linelog adds a newline at the end of each message (also tests if execs pointed to by refs work)
-update control {
- &Tmp-String-0 := 'test_exec'
-}
+&control.Tmp-String-0 := 'test_exec'
+
linelog_fmt_and_ref
-update request {
- &Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_a.log"`
-}
+&Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_a.log"`
if (&Tmp-String-0 == 'bob exec') {
test_pass
}
# Check it's not overwriting the same line repeatedly
-update request {
- &Tmp-String-0 := `/bin/sh -c "head -n1 $ENV{MODULE_TEST_DIR}/test_a.log"`
-}
+&Tmp-String-0 := `/bin/sh -c "head -n1 $ENV{MODULE_TEST_DIR}/test_a.log"`
if (&Tmp-String-0 == 'bob default') {
test_pass
}
# Check linelog can use attrs pointed to by refs
-update control {
- &Tmp-String-0 := 'test_attr'
-}
+&control.Tmp-String-0 := 'test_attr'
+
linelog_fmt_and_ref
-update request {
- &Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_a.log"`
-}
+&Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_a.log"`
if (&Tmp-String-0 == 'bob') {
test_pass
}
# Check linelog can use xlats pointed to by refs
-update control {
- &Tmp-String-0 := 'test_xlat'
-}
+&control.Tmp-String-0 := 'test_xlat'
+
linelog_fmt_and_ref
-update request {
- &Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_a.log"`
-}
+&Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_a.log"`
if (&Tmp-String-0 == 'bob xlat') {
test_pass
}
# Check linelog can use literals pointed to by refs
-update control {
- &Tmp-String-0 := 'test_literal'
-}
+&control.Tmp-String-0 := 'test_literal'
+
linelog_fmt_and_ref
-update request {
- &Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_a.log"`
-}
+&Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_a.log"`
if (&Tmp-String-0 == '%{User-Name} literal') {
test_pass
}
# Check linelog can use empty conf pairs
-update control {
- &Tmp-String-0 := 'test_empty'
-}
+&control.Tmp-String-0 := 'test_empty'
+
linelog_fmt_and_ref
-update request {
- &Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_a.log"`
-}
+&Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_a.log"`
if (&Tmp-String-0 == '') {
test_pass
}
# Remove the file
-update request {
- &Tmp-String-0 := `/bin/sh -c "rm $ENV{MODULE_TEST_DIR}/test_a.log"`
-}
+&Tmp-String-0 := `/bin/sh -c "rm $ENV{MODULE_TEST_DIR}/test_a.log"`
# Remove old log files
group {
- update request {
- &Tmp-String-0 := `/bin/sh -c "rm $ENV{MODULE_TEST_DIR}/test_b.log"`
- }
+ &Tmp-String-0 := `/bin/sh -c "rm $ENV{MODULE_TEST_DIR}/test_b.log"`
actions {
fail = 1
}
# Check behaviour when we don't have a default configured (should not create new file)
-update control {
- &Tmp-String-0 := 'test_default'
-}
+&control.Tmp-String-0 := 'test_default'
+
linelog_ref
if (noop) {
test_pass
}
group {
- update request {
- &Tmp-String-0 := `/bin/sh -c "test ! -e $ENV{MODULE_TEST_DIR}/test_b.log"`
- }
+ &Tmp-String-0 := `/bin/sh -c "test ! -e $ENV{MODULE_TEST_DIR}/test_b.log"`
actions {
fail = 1
}
# Check ref still works (with an exec)
-update control {
- &Tmp-String-0 := 'test_exec'
-}
+&control.Tmp-String-0 := 'test_exec'
+
linelog_ref
-update request {
- &Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_b.log"`
-}
+&Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_b.log"`
if (&Tmp-String-0 == 'bob exec') {
test_pass
}
# Remove the file
-update request {
- &Tmp-String-0 := `/bin/sh -c "rm $ENV{MODULE_TEST_DIR}/test_b.log"`
-}
+&Tmp-String-0 := `/bin/sh -c "rm $ENV{MODULE_TEST_DIR}/test_b.log"`
# Remove old log files
group {
- update request {
- &Tmp-String-0 := `/bin/sh -c "rm $ENV{MODULE_TEST_DIR}/test_c.log"`
- }
+ &Tmp-String-0 := `/bin/sh -c "rm $ENV{MODULE_TEST_DIR}/test_c.log"`
actions {
fail = 1
}
# Check behaviour using an attribute ref as a path
-update control {
- &Tmp-String-0 := '.messages.test_xlat'
-}
+&control.Tmp-String-0 := '.messages.test_xlat'
linelog_fmt_and_ref_attr
-update request {
- &Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_c.log"`
-}
+&Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_c.log"`
if (&Tmp-String-0 == 'bob xlat') {
test_pass
}
# Check behaviour using an attribute ref (non existent path, with default also an attribute ref)
-update control {
- &Tmp-String-0 := 'test_xlat'
-}
+&control.Tmp-String-0 := 'test_xlat'
linelog_fmt_and_ref_attr
-update request {
- &Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_c.log"`
-}
+&Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_c.log"`
if (&Tmp-String-0 == 'bob') {
test_pass
}
# Check '.' is always prefixed to the path
-update control {
- &Tmp-String-0 := 'messages.test_xlat'
-}
+&control.Tmp-String-0 := 'messages.test_xlat'
linelog_fmt_and_ref_attr
-update request {
- &Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_c.log"`
-}
+&Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_c.log"`
if (&Tmp-String-0 == 'bob xlat') {
test_pass
}
# Check '..' results in a 'fail' (can't go up one level)
-update control {
- &Tmp-String-0 := '..messages.test_attr'
-}
+&control.Tmp-String-0 := '..messages.test_attr'
linelog_fmt_and_ref_attr {
fail = 1
test_fail
}
-update request {
- &Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_c.log"`
-}
+&Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_c.log"`
if (&Tmp-String-0 == 'bob xlat') {
test_pass
}
# Check '.messages' results in a 'fail' (messages is a section)
-update control {
- &Tmp-String-0 := '.messages'
-}
+&control.Tmp-String-0 := '.messages'
linelog_fmt_and_ref_attr {
fail = 1
}
# Remove the file
-update request {
- &Tmp-String-0 := `/bin/sh -c "rm $ENV{MODULE_TEST_DIR}/test_c.log"`
-}
+&Tmp-String-0 := `/bin/sh -c "rm $ENV{MODULE_TEST_DIR}/test_c.log"`
# Remove old log files
group {
- update request {
- &Tmp-String-0 := `/bin/sh -c "rm $ENV{MODULE_TEST_DIR}/test_d.log"`
- }
+ &Tmp-String-0 := `/bin/sh -c "rm $ENV{MODULE_TEST_DIR}/test_d.log"`
actions {
fail = 1
}
linelog_fmt
-update request {
- &Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_d.log"`
-}
+&Tmp-String-0 := `/bin/sh -c "tail -n1 $ENV{MODULE_TEST_DIR}/test_d.log"`
+
if (&Tmp-String-0 == 'bob') {
test_pass
}
}
# Remove the file
-update request {
- &Tmp-String-0 := `/bin/sh -c "rm $ENV{MODULE_TEST_DIR}/test_d.log"`
-}
+&Tmp-String-0 := `/bin/sh -c "rm $ENV{MODULE_TEST_DIR}/test_d.log"`
end
if not type(fr.request) == "table" then
- print("error: The 'fr.request.{}' should be table")
+ print("error: The 'fr.{}' should be table")
return fr.rcode.fail
end
function authorize()
- for k, v in fr.request.pairs() do
+ for k, v in fr.pairs() do
if k == "Framed-IPv6-Prefix" and v == "11:22:33:44:55:66:77:88/128" then
return fr.rcode.ok
end
function authorize()
- for k, v in fr.request.pairs() do
+ for k, v in fr.pairs() do
if k == "User-Name" and v == "caipirinha" then
return fr.rcode.ok
end
fr.log.debug("Powered by Luajit+FFI & fr_log()")
-- fr.request {}
- print("# fr.request.{}")
+ print("# fr.{}")
print("type(fr.request) = " .. type(fr.request))
- print("for k,v in fr.request.pairs()")
- for k,v in fr.request.pairs() do print("\t"..k, v) end
+ print("for k,v in fr.pairs()")
+ for k,v in fr.pairs() do print("\t"..k, v) end
print()
print("#mod8.lua: returning fr.rcode.noop")
if (&User-Name == 'test') {
- update request {
- &User-Password := "%{randstr:bbbbbbbbbbbbbbbb}"
- }
- update control {
- &Password.Cleartext := "%{User-Password}"
- }
+ &User-Password := "%{randstr:bbbbbbbbbbbbbbbb}"
+ &control.Password.Cleartext := "%{User-Password}"
+
pap.authorize
pap.authenticate
if (!ok) {
}
if (&User-Name == 'pbkdf2_dig_big') {
- update control {
- &Password.PBKDF2 := 'HMACSHA2+256:AAAAAQ:E+VXOSsE8RwyYGdygQoW9Q==:UivlvrwHML4VtZHMJLiT/xlH7oyoyvbXQceivptq9TI='
- }
+ &control.Password.PBKDF2 := 'HMACSHA2+256:AAAAAQ:E+VXOSsE8RwyYGdygQoW9Q==:UivlvrwHML4VtZHMJLiT/xlH7oyoyvbXQceivptq9TI='
+
pap.authorize
pap.authenticate
if (!ok) {
}
if (&User-Name == 'pbkdf2_dig_small') {
- update control {
- &Password.PBKDF2 := 'HMACSHA2+256:AAAAAQ:E+VXOSsE8RwyYGdygQoW9Q==:UivlvrwHML4VtZHMJLiT/xlH7oyoyvbXQceivptq9TI'
- }
+ &control.Password.PBKDF2 := 'HMACSHA2+256:AAAAAQ:E+VXOSsE8RwyYGdygQoW9Q==:UivlvrwHML4VtZHMJLiT/xlH7oyoyvbXQceivptq9TI'
+
pap.authorize
pap.authenticate
if (!ok) {
}
if (&User-Name == 'pbkdf2_iter0') {
- update control {
- &Password.PBKDF2 := 'HMACSHA2+256:AAAAAP:CuNDJ9NimZoP5ljnPNCBUA==:f09zV7dReGg5SIv/EXY9tCL4XQRr5guhL0Q6UXSKI3c='
- }
+ &control.Password.PBKDF2 := 'HMACSHA2+256:AAAAAP:CuNDJ9NimZoP5ljnPNCBUA==:f09zV7dReGg5SIv/EXY9tCL4XQRr5guhL0Q6UXSKI3c='
+
pap.authorize
pap.authenticate
if (!ok) {
}
if (&User-Name == 'pbkdf2_iter1') {
- update control {
- &Password.PBKDF2 := 'HMACSHA2+256:AAAAAQ:OErtptMl2hOxhQqvNw7sNw==:4KkrgL+3Q9j8KlHPivtApBKRZAjyWjtDWmZEz2UjNko='
- }
+ &control.Password.PBKDF2 := 'HMACSHA2+256:AAAAAQ:OErtptMl2hOxhQqvNw7sNw==:4KkrgL+3Q9j8KlHPivtApBKRZAjyWjtDWmZEz2UjNko='
+
pap.authorize
pap.authenticate
if (!ok) {
}
if (&User-Name == 'pbkdf2_iter1000') {
- update control {
- &Password.PBKDF2 := 'HMACSHA2+256:AAAD6A:yhmqoKrtPLY2KYK6cNjnfw==:Y6gkSZEo4TRtlsryHqnGYZhoe2qn5tJ4IUyyVHb/3WU='
- }
+ &control.Password.PBKDF2 := 'HMACSHA2+256:AAAD6A:yhmqoKrtPLY2KYK6cNjnfw==:Y6gkSZEo4TRtlsryHqnGYZhoe2qn5tJ4IUyyVHb/3WU='
+
pap.authorize
pap.authenticate
if (!ok) {
}
if (&User-Name == 'pbkdf2_iter100000') {
- update control {
- &Password.PBKDF2 := 'HMACSHA2+256:AA9CQA:fCfnJGMVC1QLtTOPiaSICA==:KCmjMpQ+lokMvyFTl4f4pPJNc0xJq4iHZPdtHa0OEXM='
- }
+ &control.Password.PBKDF2 := 'HMACSHA2+256:AA9CQA:fCfnJGMVC1QLtTOPiaSICA==:KCmjMpQ+lokMvyFTl4f4pPJNc0xJq4iHZPdtHa0OEXM='
+
pap.authorize
pap.authenticate
if (!ok) {
}
if (&User-Name == 'pbkdf2_iter_big') {
- update control {
- &Password.PBKDF2 := 'HMACSHA2+256:AAAAAQ==:E+VXOSsE8RwyYGdygQoW9Q==:UivlvrwHML4VtZHMJLiT/xlH7oyoyvbXQceivptq9TI='
- }
+ &control.Password.PBKDF2 := 'HMACSHA2+256:AAAAAQ==:E+VXOSsE8RwyYGdygQoW9Q==:UivlvrwHML4VtZHMJLiT/xlH7oyoyvbXQceivptq9TI='
+
pap.authorize
pap.authenticate
if (!ok) {
}
if (&User-Name == 'pbkdf2_iter_miss') {
- update control {
- &Password.PBKDF2 := 'HMACSHA2+256::E+VXOSsE8RwyYGdygQoW9Q==:UivlvrwHML4VtZHMJLiT/xlH7oyoyvbXQceivptq9TI='
- }
+ &control.Password.PBKDF2 := 'HMACSHA2+256::E+VXOSsE8RwyYGdygQoW9Q==:UivlvrwHML4VtZHMJLiT/xlH7oyoyvbXQceivptq9TI='
+
pap.authorize
pap.authenticate {
invalid = 1
}
if (&User-Name == 'pbkdf2_iter_small') {
- update control {
- &Password.PBKDF2 := 'HMACSHA2+256:AAAAA:E+VXOSsE8RwyYGdygQoW9Q==:UivlvrwHML4VtZHMJLiT/xlH7oyoyvbXQceivptq9TI='
- }
+ &control.Password.PBKDF2 := 'HMACSHA2+256:AAAAA:E+VXOSsE8RwyYGdygQoW9Q==:UivlvrwHML4VtZHMJLiT/xlH7oyoyvbXQceivptq9TI='
+
pap.authorize
pap.authenticate {
invalid = 1
#}
#if (&User-Name == 'pbkdf2_passlib') {
-# update control {
-# &Password.PBKDF2 := '$pbkdf2-sha256$29000$9t7be09prfXee2/NOUeotQ$Y.RDnnq8vsezSZSKy1QNy6xhKPdoBIwc.0XDdRm9sJ8'
-# }
+# &control.Password.PBKDF2 := '$pbkdf2-sha256$29000$9t7be09prfXee2/NOUeotQ$Y.RDnnq8vsezSZSKy1QNy6xhKPdoBIwc.0XDdRm9sJ8'
# pap.authorize
# pap.authenticate
# if (!ok) {
}
if (&User-Name == 'pbkdf2_salt0') {
- update control {
- &Password.PBKDF2 := 'HMACSHA2+256:AAAnEA::4RJEKVFQ5nE8126aURI0cJO9tqy/DIAhq64piBEwshA='
- }
+ &control.Password.PBKDF2 := 'HMACSHA2+256:AAAnEA::4RJEKVFQ5nE8126aURI0cJO9tqy/DIAhq64piBEwshA='
+
pap.authorize
pap.authenticate {
invalid = 1
}
if (&User-Name == 'pbkdf2_salt1') {
- update control {
- &Password.PBKDF2 := 'HMACSHA2+256:AAAnEA:qg==:KQzCdedgOZYFwx+mQp1TKA8VM4fwf02pqSdJEh2ekwM='
- }
+ &control.Password.PBKDF2 := 'HMACSHA2+256:AAAnEA:qg==:KQzCdedgOZYFwx+mQp1TKA8VM4fwf02pqSdJEh2ekwM='
+
pap.authorize
pap.authenticate
if (!ok) {
}
if (&User-Name == 'pbkdf2_salt1024') {
- update control {
- &Password.PBKDF2 := 'HMACSHA2+256:AAAnEA:/IUrkJKe+1kzJNBw7aAMbnQuSFZpjbCqPeKso3cbuSUzWinxngxjK8yyZLiWwF+WE/0Gplfx25zZEQNTdRTvjZZNefoxQBR8Hht0FpdU9YiEBaeErwVo63EDEu83+ycvB18uH0IXpJKGSSkIPRfGpHT3BkwJDGo5SqjRJadDsyQzkc/WJCMrrfJ0igaWMxb5eR5J8qfXIjBFepRrOOU6acZGtANW8qvDYLJwN+TMd9Jb1wDDY14eoAlKglTF21S3kewNMkDDyeP+oDYv29t1S/soFUnnB+Pb5IdR6pDy2VDGx4jFZMQGshSHWTYQFqgulavS/tGEF8TvzcorrJZKuksAjKdTSmfZ6j4aBY3U+oMSQ+2lO131pkNfNQuMsDfr72r9wUA2xRgUiL/J7CgKn7mamL2OCaksl0Rw2PGqqIaHvAYS6Q1EoIzsmLNrWBYYqTRLyCGZw6+hUOahYRon2lglGmnuWHPfowU+LgcaR5gF1QjvTXhXQ8I39mB3ePgdi+7TUn644Z1FB+JTqGJbue92x4V40Zyyy+Qdt52QsR49iYokbKAwQRiqfVJ7J8NzCY/kIQnqT9RE0NCxZoMBRzboZxVPchxdpmWGQ9dXP06PqIuDCFFiJlVQUfyPMgOAxIlVJ/9NAmj5MWFdWMrmlBNDx9ihEV1FdTv23iFZH5Ejg+x4D3qN5oOyCDL2i9lobzFXh5z4EDpbbogQaFkUzqKEaxRGPBrfYVOi6XXYujVUnxHJaRxbs2UqjpJNsXMg8f7P78aRvOKCIbW70CHWlt7nF0pA5+kFUQRLXKuq7bW+ivoXKeDW5o4FVP3+Pcr67+DOsUXuehALLj9Mu2ICWlMIV/AWcM2szaqk1bwSo7bAeG4RtDKmNjGA7gpnT+w2x+/qS1eWbc832Sumqc1IA8aY6HNVDPsJZf99To4BR+N0rCoQQ/KIZybI31mQagR3+FR9yNzqWzKIl+qf69RTc1CbUCkKVF8pxWZ0ocP+CAdoKadgpdF8evQIiGcUD73HiJ0RsDWo21y0tN0P5jfzWo3WMhCk9e2wl6o1JAfKw54uHzWJnNlGLBK1LXF+R2m+WvNGBgvUhh4PtYV9gPSudumFdk614oak/Aqcn6xi+YZqOMPkW4WYaiczhHyS7qAyefqKaQkRVYS0Af+79CSjlxZJq57HrD7/1E+d/i0gKmSAbPe80uGHs2a13V3VxztFMBi4xD7zj9Mq7+0goVPD4MNXcR651MZ7vxDRGbvPPmclddZe/nkTEn1YB/909b9mC5P/XzximZYW8gEhBReZouukADRTAjuH8zgSIv6/uyTURnmSVoOumVLBpL7veJIzDm4dZ38BWiasiBnzgMuG9A==:RUoCF5O11OgwLFMTqnKY/yRJy6DYh+yNq4xHZC7COGM='
- }
+ &control.Password.PBKDF2 := 'HMACSHA2+256:AAAnEA:/IUrkJKe+1kzJNBw7aAMbnQuSFZpjbCqPeKso3cbuSUzWinxngxjK8yyZLiWwF+WE/0Gplfx25zZEQNTdRTvjZZNefoxQBR8Hht0FpdU9YiEBaeErwVo63EDEu83+ycvB18uH0IXpJKGSSkIPRfGpHT3BkwJDGo5SqjRJadDsyQzkc/WJCMrrfJ0igaWMxb5eR5J8qfXIjBFepRrOOU6acZGtANW8qvDYLJwN+TMd9Jb1wDDY14eoAlKglTF21S3kewNMkDDyeP+oDYv29t1S/soFUnnB+Pb5IdR6pDy2VDGx4jFZMQGshSHWTYQFqgulavS/tGEF8TvzcorrJZKuksAjKdTSmfZ6j4aBY3U+oMSQ+2lO131pkNfNQuMsDfr72r9wUA2xRgUiL/J7CgKn7mamL2OCaksl0Rw2PGqqIaHvAYS6Q1EoIzsmLNrWBYYqTRLyCGZw6+hUOahYRon2lglGmnuWHPfowU+LgcaR5gF1QjvTXhXQ8I39mB3ePgdi+7TUn644Z1FB+JTqGJbue92x4V40Zyyy+Qdt52QsR49iYokbKAwQRiqfVJ7J8NzCY/kIQnqT9RE0NCxZoMBRzboZxVPchxdpmWGQ9dXP06PqIuDCFFiJlVQUfyPMgOAxIlVJ/9NAmj5MWFdWMrmlBNDx9ihEV1FdTv23iFZH5Ejg+x4D3qN5oOyCDL2i9lobzFXh5z4EDpbbogQaFkUzqKEaxRGPBrfYVOi6XXYujVUnxHJaRxbs2UqjpJNsXMg8f7P78aRvOKCIbW70CHWlt7nF0pA5+kFUQRLXKuq7bW+ivoXKeDW5o4FVP3+Pcr67+DOsUXuehALLj9Mu2ICWlMIV/AWcM2szaqk1bwSo7bAeG4RtDKmNjGA7gpnT+w2x+/qS1eWbc832Sumqc1IA8aY6HNVDPsJZf99To4BR+N0rCoQQ/KIZybI31mQagR3+FR9yNzqWzKIl+qf69RTc1CbUCkKVF8pxWZ0ocP+CAdoKadgpdF8evQIiGcUD73HiJ0RsDWo21y0tN0P5jfzWo3WMhCk9e2wl6o1JAfKw54uHzWJnNlGLBK1LXF+R2m+WvNGBgvUhh4PtYV9gPSudumFdk614oak/Aqcn6xi+YZqOMPkW4WYaiczhHyS7qAyefqKaQkRVYS0Af+79CSjlxZJq57HrD7/1E+d/i0gKmSAbPe80uGHs2a13V3VxztFMBi4xD7zj9Mq7+0goVPD4MNXcR651MZ7vxDRGbvPPmclddZe/nkTEn1YB/909b9mC5P/XzximZYW8gEhBReZouukADRTAjuH8zgSIv6/uyTURnmSVoOumVLBpL7veJIzDm4dZ38BWiasiBnzgMuG9A==:RUoCF5O11OgwLFMTqnKY/yRJy6DYh+yNq4xHZC7COGM='
+
pap.authorize
pap.authenticate
if (!ok) {
}
if (&User-Name == 'pbkdf2_salt64') {
- update control {
- &Password.PBKDF2 := 'HMACSHA2+256:AAAnEA:msGxE1XuC+wlgRr+H4+ioyxZuiN3KYLUSky2FINDTq7KJylKt4XnqloV+FuHGXUbOu1EWcsFp51u2z8wdXVnQQ==:rAV9BeEJH5kt9uZ6pJt0o5pYpN5LQRe4MAYyk2jvjpU='
- }
+ &control.Password.PBKDF2 := 'HMACSHA2+256:AAAnEA:msGxE1XuC+wlgRr+H4+ioyxZuiN3KYLUSky2FINDTq7KJylKt4XnqloV+FuHGXUbOu1EWcsFp51u2z8wdXVnQQ==:rAV9BeEJH5kt9uZ6pJt0o5pYpN5LQRe4MAYyk2jvjpU='
+
pap.authorize
pap.authenticate
if (!ok) {
}
if (&User-Name == 'pbkdf2_salt_big') {
- update control {
- &Password.PBKDF2 := 'HMACSHA2+256:AAAAAQ:E+VXOSsE8RwyYGdygQoW9QA==:pF23EcxNBhJLQ+9JRtd9wQ1Gz+k4i6YjeNZq+7DRBX8='
- }
+ &control.Password.PBKDF2 := 'HMACSHA2+256:AAAAAQ:E+VXOSsE8RwyYGdygQoW9QA==:pF23EcxNBhJLQ+9JRtd9wQ1Gz+k4i6YjeNZq+7DRBX8='
pap.authorize
pap.authenticate
if (!ok) {
}
if (&User-Name == 'pbkdf2_salt_small') {
- update control {
- &Password.PBKDF2 := 'HMACSHA2+256:AAAAAQ:E+VXOSsE8RwyYGdygQoW9Q=:UivlvrwHML4VtZHMJLiT/xlH7oyoyvbXQceivptq9TI='
- }
+ &control.Password.PBKDF2 := 'HMACSHA2+256:AAAAAQ:E+VXOSsE8RwyYGdygQoW9Q=:UivlvrwHML4VtZHMJLiT/xlH7oyoyvbXQceivptq9TI='
+
pap.authorize
pap.authenticate
if (!ok) {
}
if (&User-Name == 'pbkdf2_sha1') {
- update control {
- &Password.PBKDF2 := 'HMACSHA1:AAAD6A:Xw1P133xrwk=:dtQBXQRiR/No5A8Ip3JFGF/qUC0='
- }
+ &control.Password.PBKDF2 := 'HMACSHA1:AAAD6A:Xw1P133xrwk=:dtQBXQRiR/No5A8Ip3JFGF/qUC0='
+
pap.authorize
pap.authenticate
if (!ok) {
}
if (&User-Name == 'pbkdf2_sha2_224') {
- update control {
- &Password.PBKDF2 := 'HMACSHA2+224:AAAnEA:UHScBrg/ZWOyBKqQdAh7bw==:tcFp6CDrkIYdhwa60g24U4ko+mBxzAiFxlpPnA=='
- }
+ &control.Password.PBKDF2 := 'HMACSHA2+224:AAAnEA:UHScBrg/ZWOyBKqQdAh7bw==:tcFp6CDrkIYdhwa60g24U4ko+mBxzAiFxlpPnA=='
+
pap.authorize
pap.authenticate
if (!ok) {
}
if (&User-Name == 'pbkdf2_sha2_256') {
- update control {
- &Password.PBKDF2 := 'HMACSHA2+256:AAAnEA:a/8HbYW2HWsMthN27JI+Ew==:3nPlXYOlOuDCFOfethUomHxTXkG9JCivOdvh6FDNdGw='
- }
+ &control.Password.PBKDF2 := 'HMACSHA2+256:AAAnEA:a/8HbYW2HWsMthN27JI+Ew==:3nPlXYOlOuDCFOfethUomHxTXkG9JCivOdvh6FDNdGw='
+
pap.authorize
pap.authenticate
if (!ok) {
}
if (&User-Name == 'pbkdf2_sha2_384') {
- update control {
- &Password.PBKDF2 := 'HMACSHA2+384:AAAnEA:pyHRsYLfNZdjszRcu6eHrA==:ktGfNmZ6PyD8FNEgPzFK1fypKERZ13pgvFl+PQdyKouaMXsXIiWPuTMXHqDUCWsx'
- }
+ &control.Password.PBKDF2 := 'HMACSHA2+384:AAAnEA:pyHRsYLfNZdjszRcu6eHrA==:ktGfNmZ6PyD8FNEgPzFK1fypKERZ13pgvFl+PQdyKouaMXsXIiWPuTMXHqDUCWsx'
+
pap.authorize
pap.authenticate
if (!ok) {
}
if (&User-Name == 'pbkdf2_sha2_512') {
- update control {
- &Password.PBKDF2 := 'HMACSHA2+512:AAAnEA:TG8Mb94NEmfPLaePwi5CFA==:SYSFeRf9jr4Uo5DB4NvNUEuc1gmEiLjTac5J4WgyKa7mO58KHKWop9xWmcFeuLtUN/iexLTNSgcubOugAyZcog=='
- }
+ &control.Password.PBKDF2 := 'HMACSHA2+512:AAAnEA:TG8Mb94NEmfPLaePwi5CFA==:SYSFeRf9jr4Uo5DB4NvNUEuc1gmEiLjTac5J4WgyKa7mO58KHKWop9xWmcFeuLtUN/iexLTNSgcubOugAyZcog=='
+
pap.authorize
pap.authenticate
if (!ok) {
if (&User-Name == 'plaintext_with_dollar_0') {
- update control {
- &Password.Cleartext := 'password$'
- }
+ &control.Password.Cleartext := 'password$'
pap.authorize
pap.authenticate
if (!ok) {
if (&User-Name == 'plaintext_with_dollar_1') {
- update control {
- &Password.Cleartext := '$password'
- }
+ &control.Password.Cleartext := '$password'
+
pap.authorize
pap.authenticate
if (!ok) {
if (&User-Name == 'plaintext_with_dollar_2') {
- update control {
- &Password.Cleartext := 'pass$word'
- }
+ &control.Password.Cleartext := 'pass$word'
+
pap.authorize
pap.authenticate
if (!ok) {
if (&User-Name == 'plaintext_with_dollar_3') {
- update control {
- &Password.Cleartext := '$pass$word'
- }
+ &control.Password.Cleartext := '$pass$word'
+
pap.authorize
pap.authenticate
if (!ok) {
test_fail
}
-update reply {
- &Reply-Message !* ANY
-}
+&reply -= &Reply-Message[*]
# User will not be rejected - an xlat will be called setting a reply attribute
-update request {
- &User-Name := 'bob'
-}
+&User-Name := 'bob'
perl.authenticate
# once multiple retuned boxes are handled to produce multiple attributes the tests
# will need amending.
-update request {
- &Tmp-String-0 := "hello,goodbye,welcome,farewell"
- &Tmp-String-1 := "foo,bar"
-}
-update request{
- &Tmp-String-2 := "%(perl_xlat:xlat %{Tmp-String-0})"
-}
+&Tmp-String-0 := "hello,goodbye,welcome,farewell"
+&Tmp-String-1 := "foo,bar"
+&Tmp-String-2 := "%(perl_xlat:xlat %{Tmp-String-0})"
if (&Tmp-String-2 != "hello|goodbye|welcome|farewell") {
test_fail
}
# Check for multiple arguments to perl function
-update request {
- &Tmp-String-3 := "%(perl_xlat:xlat %{Tmp-String-0} %{Tmp-String-1})"
-}
+&Tmp-String-3 := "%(perl_xlat:xlat %{Tmp-String-0} %{Tmp-String-1})"
if (&Tmp-String-3 != "hello|goodbye|welcome|farewell#foo|bar") {
test_fail
}
-update request {
- &Tmp-Integer-0 := "%(perl_xlat:add 1 2 3)"
-}
+&Tmp-Integer-0 := "%(perl_xlat:add 1 2 3)"
if (&Tmp-Integer-0 != 6) {
test_fail
}
-
-update request {
- &Tmp-String-0 := "hello"
- &Tmp-String-0 += "goodbye"
- &Tmp-String-0 += "welcome"
+&Tmp-String-0 := "hello"
+&request += {
+ &Tmp-String-0 = "goodbye"
+ &Tmp-String-0 = "welcome"
}
# Pass a list as an array
-update request {
- &Tmp-String-2 := "%(perl_xlat:xlatarray %{Tmp-String-0[*]})"
-}
+&Tmp-String-2 := "%(perl_xlat:xlatarray %{Tmp-String-0[*]})"
if (&Tmp-String-2 != "hello|goodbye|welcome") {
test_fail
}
-update request {
- &Tmp-String-0 := "aa bb cc dd ee"
-}
+&Tmp-String-0 := "aa bb cc dd ee"
# Expect an array of returned values
-update request {
- &Tmp-String-2 := "%(perl_xlat:xlatscalar2array %{Tmp-String-0})"
-}
+&Tmp-String-2 := "%(perl_xlat:xlatscalar2array %{Tmp-String-0})"
if (&Tmp-String-2 != "aabbccddee") {
test_fail
}
-update request {
- &Tmp-String-1 := "ff gg hh ii"
-}
+&Tmp-String-1 := "ff gg hh ii"
# Expect an array of array ref returned values
-update request {
- &Tmp-String-2 := "%(perl_xlat:xlatscalar2arrayref %{Tmp-String-0} %{Tmp-String-1})"
-}
+&Tmp-String-2 := "%(perl_xlat:xlatscalar2arrayref %{Tmp-String-0} %{Tmp-String-1})"
if (&Tmp-String-2 != "aabbccddeeffgghhii") {
test_fail
}
-update request {
- &Tmp-String-0 := "a"
- &Tmp-String-0 += "b"
- &Tmp-String-0 += "c"
+&Tmp-String-0 := "a"
+&request += {
+ &Tmp-String-0 = "b"
+ &Tmp-String-0 = "c"
}
# Returns a hash with each element in the provided array converted to Vn->value
-update request {
- &Tmp-String-2 := "%(perl_xlat:xlatarray2hash %{Tmp-String-0[*]})"
-}
+&Tmp-String-2 := "%(perl_xlat:xlatarray2hash %{Tmp-String-0[*]})"
# Note: hashes don't have a defined sequence so these are all the possible return values
if (&Tmp-String-2 != "V1aV2bV3c") && (&Tmp-String-2 != "V1aV3cV2b") && (&Tmp-String-2 != "V2bV1aV3c") && (&Tmp-String-2 != "V2bV3cV1a") && (&Tmp-String-2 != "V3cV1aV2b") && (&Tmp-String-2 != "V3cV2bV1a") {
# - 127.0.0.1:30005 - slave
# - 127.0.0.1:30003 - master [10923-16383]
# - 127.0.0.1:30006 - slave
-update control {
- &Tmp-String-0 := "1-%{randstr:aaaaaaaa}"
- &Tmp-String-1 := "2-%{randstr:aaaaaaaa}"
- &Tmp-String-2 := "3-%{randstr:aaaaaaaa}"
-}
+&control.Tmp-String-0 := "1-%{randstr:aaaaaaaa}"
+&control.Tmp-String-1 := "2-%{randstr:aaaaaaaa}"
+&control.Tmp-String-2 := "3-%{randstr:aaaaaaaa}"
# Hashes to Redis cluster node master 1 (1)
if ("%(redis:SET b "%{control.Tmp-String-0}")" == 'OK') {
}
# Leave some time (100ms) for the synchronisation
-update request {
- &Tmp-String-0 := `/bin/sleep 0.1`
-}
+&Tmp-String-0 := `/bin/sleep 0.1`
# Cause one of the redis cluster nodes to SEGV
if ("%(redis:@%(redis_node:b 0) DEBUG SEGFAULT)" != '') {
#
# Some values we need for startup
-update control {
- &Tmp-Integer-0 := 0
- &Tmp-Integer-0 += 1
- &Tmp-Integer-0 += 2
- &Tmp-Integer-0 += 3
- &Tmp-Integer-0 += 4
- &Tmp-Integer-0 += 5
- &Tmp-Integer-0 += 6
- &Tmp-Integer-0 += 7
- &Tmp-Integer-0 += 8
- &Tmp-Integer-0 += 9
- &Tmp-Integer-0 += 10
- &Tmp-String-0 := "1-%{randstr:aaaaaaaa}"
- &Tmp-String-1 := "2-%{randstr:aaaaaaaa}"
- &Tmp-String-2 := "3-%{randstr:aaaaaaaa}"
+&control += {
+ &Tmp-Integer-0 = 0
+ &Tmp-Integer-0 = 1
+ &Tmp-Integer-0 = 2
+ &Tmp-Integer-0 = 3
+ &Tmp-Integer-0 = 4
+ &Tmp-Integer-0 = 5
+ &Tmp-Integer-0 = 6
+ &Tmp-Integer-0 = 7
+ &Tmp-Integer-0 = 8
+ &Tmp-Integer-0 = 9
+ &Tmp-Integer-0 = 10
}
+&control.Tmp-String-0 := "1-%{randstr:aaaaaaaa}"
+&control.Tmp-String-1 := "2-%{randstr:aaaaaaaa}"
+&control.Tmp-String-2 := "3-%{randstr:aaaaaaaa}"
+
if ("$ENV{REDIS_CLUSTER_CONTROL}" == '') {
- update control {
- &Tmp-String-8 := 'scripts/ci/redis-setup.sh'
- }
+ &control.Tmp-String-8 := 'scripts/ci/redis-setup.sh'
} else {
- update control {
- &Tmp-String-8 := "$ENV{REDIS_CLUSTER_CONTROL}"
- }
+ &control.Tmp-String-8 := "$ENV{REDIS_CLUSTER_CONTROL}"
}
#
# Reset the cluster
#
-update control {
- &Tmp-String-0 = `%{control.Tmp-String-8} stop`
- &Tmp-String-0 = `%{control.Tmp-String-8} clean`
- &Tmp-String-0 = `%{control.Tmp-String-8} start`
- &Tmp-String-0 = `%{control.Tmp-String-8} create`
-}
+&control.Tmp-String-0 := `%{control.Tmp-String-8} stop`
+&control.Tmp-String-0 := `%{control.Tmp-String-8} clean`
+&control.Tmp-String-0 := `%{control.Tmp-String-8} start`
+&control.Tmp-String-0 := `%{control.Tmp-String-8} create`
#
# Determine when initial synchronisation has been completed
#
-update request {
- &Tmp-String-0 := $ENV{REDIS_TEST_SERVER}
-}
+&Tmp-String-0 := $ENV{REDIS_TEST_SERVER}
+
if (!&Tmp-String-0 || (&Tmp-String-0 == '')) {
- update request {
- &Tmp-String-0 := "$ENV{REDIS_IPPOOL_TEST_SERVER}"
- }
+ &Tmp-String-0 := "$ENV{REDIS_IPPOOL_TEST_SERVER}"
}
# Test nodes should be running on
}
}
- update request {
- &Module-Failure-Message !* ANY
- }
+ &request -= &Module-Failure-Message[*]
# Perform checks every 0.5 seconds
- update {
- &Tmp-Integer-0 := `/bin/sleep 0.5`
- }
+ &Tmp-Integer-0 := `/bin/sleep 0.5`
if ("%{Foreach-Variable-0}" == 10) {
test_fail
#
$INCLUDE cluster_reset.inc
-update control {
- &IP-Pool.Name := 'test_alloc'
-}
+&control.IP-Pool.Name := 'test_alloc'
#
# Add IP addresses
#
-update request {
- &Tmp-String-0 := `./build/bin/local/rlm_redis_ippool_tool -a 192.168.0.1/32 $ENV{REDIS_IPPOOL_TEST_SERVER}:30001 %{control.IP-Pool.Name} 192.168.0.0`
-}
+&Tmp-String-0 := `./build/bin/local/rlm_redis_ippool_tool -a 192.168.0.1/32 $ENV{REDIS_IPPOOL_TEST_SERVER}:30001 %{control.IP-Pool.Name} 192.168.0.0`
#
# Check allocation
#
# Check ZSCORE
#
-update request {
- &Tmp-Date-0 := "%l"
-}
+&Tmp-Date-0 := "%l"
if ("%{expr:%(redis:ZSCORE "{%{control.IP-Pool.Name}}:pool" %{reply.Framed-IP-Address}) - %(integer:%{Tmp-Date-0})}" > 20) {
test_pass
test_fail
}
-update {
- &request.IP-Pool.Range := &reply.IP-Pool.Range
- &request.Framed-IP-Address := &reply.Framed-IP-Address
- &request.Session-Timeout := &reply.Session-Timeout # We should get the same lease time
- &reply !* ANY
-}
+&IP-Pool.Range := &reply.IP-Pool.Range
+&Framed-IP-Address := &reply.Framed-IP-Address
+&Session-Timeout := &reply.Session-Timeout # We should get the same lease time
+&reply := {}
#
# Add IP addresses
#
-update request {
- &Tmp-String-0 := `./build/bin/local/rlm_redis_ippool_tool -a 192.168.1.1/32 $ENV{REDIS_IPPOOL_TEST_SERVER}:30001 %{control.IP-Pool.Name} 192.168.1.0`
-}
+&Tmp-String-0 := `./build/bin/local/rlm_redis_ippool_tool -a 192.168.1.1/32 $ENV{REDIS_IPPOOL_TEST_SERVER}:30001 %{control.IP-Pool.Name} 192.168.1.0`
#
# Check we get the same lease, with the same lease time
#
# Check the ranges are the same
#
-if (&request.IP-Pool.Range == &reply.IP-Pool.Range) {
+if (&IP-Pool.Range == &reply.IP-Pool.Range) {
test_pass
} else {
test_fail
#
# Check the IP addresses are the same
#
-if (&request.Framed-IP-Address == &reply.Framed-IP-Address) {
+if (&Framed-IP-Address == &reply.Framed-IP-Address) {
test_pass
} else {
test_fail
# The fudge factor is to allow for delays running ippool tool and script interpretation
# as we should be allocating the same lesase as before, but its TTL could be slightly lower.
#
-if ("%{expr:&request.Session-Timeout - &reply.Session-Timeout}" < 5) {
+if ("%{expr:&Session-Timeout - &reply.Session-Timeout}" < 5) {
test_pass
} else {
test_fail
}
-update {
- &reply !* ANY
-}
+&reply := {}
#
# Now change the Calling-Station-ID and check we get a different lease
#
-update request {
- &Calling-Station-ID := 'another_mac'
-}
+&Calling-Station-ID := 'another_mac'
redis_ippool
if (updated) {
test_fail
}
-update {
- &reply !* ANY
-}
+&reply := {}
#
$INCLUDE cluster_reset.inc
-update control {
- &IP-Pool.Name := 'test_delete'
-}
+&control.IP-Pool.Name := 'test_delete'
#
# Add IP addresses
#
-update request {
- &Tmp-String-0 := `./build/bin/local/rlm_redis_ippool_tool -a 192.168.0.1/32 $ENV{REDIS_IPPOOL_TEST_SERVER}:30001 %{control.IP-Pool.Name} 192.168.0.0`
-}
+&Tmp-String-0 := `./build/bin/local/rlm_redis_ippool_tool -a 192.168.0.1/32 $ENV{REDIS_IPPOOL_TEST_SERVER}:30001 %{control.IP-Pool.Name} 192.168.0.0`
#
# Check allocation
#
# Delete the IP address
#
-update request {
- &Tmp-String-0 := `./build/bin/local/rlm_redis_ippool_tool -d 192.168.0.1/32 $ENV{REDIS_IPPOOL_TEST_SERVER}:30001 %{control.IP-Pool.Name} 192.168.0.0`
-}
+&Tmp-String-0 := `./build/bin/local/rlm_redis_ippool_tool -d 192.168.0.1/32 $ENV{REDIS_IPPOOL_TEST_SERVER}:30001 %{control.IP-Pool.Name} 192.168.0.0`
#
# Verify the association with the device has been removed
test_fail
}
-update {
- &reply !* ANY
-}
+&reply := {}
#
$INCLUDE cluster_reset.inc
-update control {
- &IP-Pool.Name := 'test_update'
-}
+&control.IP-Pool.Name := 'test_update'
#
# Add IP addresses
#
-update request {
- &Tmp-String-0 := `./build/bin/local/rlm_redis_ippool_tool -a 192.168.0.1/32 $ENV{REDIS_IPPOOL_TEST_SERVER}:30001 %{control.IP-Pool.Name} 192.168.0.0`
-}
+&Tmp-String-0 := `./build/bin/local/rlm_redis_ippool_tool -a 192.168.0.1/32 $ENV{REDIS_IPPOOL_TEST_SERVER}:30001 %{control.IP-Pool.Name} 192.168.0.0`
#
# Verify the range was set OK
#
# Modify the range
#
-update request {
- &Tmp-String-0 := `./build/bin/local/rlm_redis_ippool_tool -m 192.168.0.1/32 $ENV{REDIS_IPPOOL_TEST_SERVER}:30001 %{control.IP-Pool.Name} 10.0.0.0`
-}
+&Tmp-String-0 := `./build/bin/local/rlm_redis_ippool_tool -m 192.168.0.1/32 $ENV{REDIS_IPPOOL_TEST_SERVER}:30001 %{control.IP-Pool.Name} 10.0.0.0`
#
# Check it was updated
#
$INCLUDE cluster_reset.inc
-update control {
- &IP-Pool.Name := 'test_update'
-}
+&control.IP-Pool.Name := 'test_update'
#
# Add IP addresses
#
-update request {
- &Tmp-String-0 := `./build/bin/local/rlm_redis_ippool_tool -a 192.168.0.1/32 $ENV{REDIS_IPPOOL_TEST_SERVER}:30001 %{control.IP-Pool.Name} 192.168.0.0`
-}
+&Tmp-String-0 := `./build/bin/local/rlm_redis_ippool_tool -a 192.168.0.1/32 $ENV{REDIS_IPPOOL_TEST_SERVER}:30001 %{control.IP-Pool.Name} 192.168.0.0`
#
# Check allocation
#
# Release the IP address
#
-update request {
- &Tmp-String-0 := `./build/bin/local/rlm_redis_ippool_tool -r 192.168.0.1/32 $ENV{REDIS_IPPOOL_TEST_SERVER}:30001 %{control.IP-Pool.Name} 192.168.0.0`
-}
+&Tmp-String-0 := `./build/bin/local/rlm_redis_ippool_tool -r 192.168.0.1/32 $ENV{REDIS_IPPOOL_TEST_SERVER}:30001 %{control.IP-Pool.Name} 192.168.0.0`
#
# Verify the association with the device has been removed
test_fail
}
-update {
- &reply !* ANY
-}
+&reply := {}
#
$INCLUDE cluster_reset.inc
-update control {
- &IP-Pool.Name := 'test_update'
-}
+&control.IP-Pool.Name := 'test_update'
#
# Add IP addresses
#
-update request {
- &Tmp-String-0 := `./build/bin/local/rlm_redis_ippool_tool -a 192.168.0.1/32 $ENV{REDIS_IPPOOL_TEST_SERVER}:30001 %{control.IP-Pool.Name} 192.168.0.0`
-}
+&Tmp-String-0 := `./build/bin/local/rlm_redis_ippool_tool -a 192.168.0.1/32 $ENV{REDIS_IPPOOL_TEST_SERVER}:30001 %{control.IP-Pool.Name} 192.168.0.0`
#
# Check allocation
#
# Release the IP address
#
-update {
- &request.Framed-IP-Address := &reply.Framed-IP-Address
- &control.IP-Pool.Action := Release
-}
+&Framed-IP-Address := &reply.Framed-IP-Address
+&control.IP-Pool.Action := Release
+
redis_ippool {
invalid = 1
}
}
# Check the ZSCORE
-update request {
- &Tmp-Date-0 := "%l"
-}
+&Tmp-Date-0 := "%l"
if ("%{expr:%(redis:ZSCORE {%{control.IP-Pool.Name}}:pool %{reply.Framed-IP-Address}) - %(integer:%{Tmp-Date-0})}" > 0) {
test_pass
#
# Release the IP address again (should still be fine)
#
-update {
- &request.Framed-IP-Address := &reply.Framed-IP-Address
- &control.IP-Pool.Action := Release
-}
+&Framed-IP-Address := &reply.Framed-IP-Address
+&control.IP-Pool.Action := Release
+
redis_ippool {
invalid = 1
}
test_fail
}
-update reply {
- &reply !* ANY
-}
+&reply := {}
#
$INCLUDE cluster_reset.inc
-update control {
- &IP-Pool.Name := 'test_update'
-}
+&control.IP-Pool.Name := 'test_update'
#
# Add IP addresses
#
-update request {
- &Tmp-String-0 := `./build/bin/local/rlm_redis_ippool_tool -a 192.168.0.1/32 $ENV{REDIS_IPPOOL_TEST_SERVER}:30001 %{control.IP-Pool.Name} 192.168.0.0`
-}
+&Tmp-String-0 := `./build/bin/local/rlm_redis_ippool_tool -a 192.168.0.1/32 $ENV{REDIS_IPPOOL_TEST_SERVER}:30001 %{control.IP-Pool.Name} 192.168.0.0`
# 1. Check allocation
redis_ippool
}
# 5. Add another IP addresses
-update request {
- &Tmp-String-0 := `./build/bin/local/rlm_redis_ippool_tool -a 192.168.1.1/32 $ENV{REDIS_IPPOOL_TEST_SERVER}:30001 %{control.IP-Pool.Name} 192.168.1.0`
-}
+&Tmp-String-0 := `./build/bin/local/rlm_redis_ippool_tool -a 192.168.1.1/32 $ENV{REDIS_IPPOOL_TEST_SERVER}:30001 %{control.IP-Pool.Name} 192.168.1.0`
# 6. Verify that the lease time is extended
-update {
- &request.Framed-IP-Address := &reply.Framed-IP-Address
- &request.NAS-IP-Address := 127.0.0.2
- &control.IP-Pool.Action := Renew
-}
+&Framed-IP-Address := &reply.Framed-IP-Address
+&NAS-IP-Address := 127.0.0.2
+&control.IP-Pool.Action := Renew
+
redis_ippool
if (updated) {
test_pass
}
# 8. Check ZSCORE reflects that
-update request {
- &Tmp-Date-0 := "%l"
-}
+&Tmp-Date-0 := "%l"
if ("%{expr:%(redis:ZSCORE {%{control.IP-Pool.Name}}:pool %{reply.Framed-IP-Address}) - %(integer:%{Tmp-Date-0})}" > 50) {
test_pass
}
# 12. Verify the gateway was updated
-if ("%(redis:HGET {%{control.IP-Pool.Name}}:ip:%{request.Framed-IP-Address} gateway)" == '127.0.0.2') {
+if ("%(redis:HGET {%{control.IP-Pool.Name}}:ip:%{Framed-IP-Address} gateway)" == '127.0.0.2') {
test_pass
} else {
test_fail
}
# Change the ip address to one that doesn't exist in the pool and check we *can't* update it
-update request {
- &request.Framed-IP-Address := 192.168.3.1
-}
+&Framed-IP-Address := 192.168.3.1
+
redis_ippool {
invalid = 1
}
} else {
test_fail
}
-update request {
- &request.Framed-IP-Address := 192.168.0.1
-}
+&Framed-IP-Address := 192.168.0.1
# 15. Now change the calling station ID and check that we *can't* update the lease
-update request {
- &Calling-Station-ID := 'naughty'
-}
+&Calling-Station-ID := 'naughty'
+
redis_ippool {
invalid = 1
}
test_fail
}
-update {
- &reply !* ANY
-}
+&reply := {}
#
$INCLUDE cluster_reset.inc
-update control {
- &IP-Pool.Name := 'test_update'
-}
+&control.IP-Pool.Name := 'test_update'
#
# Add IP addresses
#
-update request {
- &Tmp-String-0 := `./build/bin/local/rlm_redis_ippool_tool -a 192.168.0.1/32 $ENV{REDIS_IPPOOL_TEST_SERVER}:30001 %{control.IP-Pool.Name} 192.168.0.0`
-}
+&Tmp-String-0 := `./build/bin/local/rlm_redis_ippool_tool -a 192.168.0.1/32 $ENV{REDIS_IPPOOL_TEST_SERVER}:30001 %{control.IP-Pool.Name} 192.168.0.0`
# 1. Check allocation
redis_ippool
#
# Attempt to reserve an IP address by performing a renew
#
-update {
- &request.Framed-IP-Address := 192.168.0.1
- &request.NAS-IP-Address := 127.0.0.1
- &control.IP-Pool.Action := Renew
-}
+&Framed-IP-Address := 192.168.0.1
+&NAS-IP-Address := 127.0.0.1
+&control.IP-Pool.Action := Renew
+
redis_ippool
# 3. Check the expiry attribute is present and correct
test_fail
}
-update {
- &reply !* ANY
-}
+&reply := {}
# Pre-set Tmp-String-2 to check correct operator behaviour
-update control {
- &Tmp-String-2 := "foo"
-}
+&control.Tmp-String-2 := "foo"
# Test "authorize" rest call. Uses http to a GET end point
rest
}
# Reset control attributes
-update control {
- &Tmp-String-0 !* ANY
- &Tmp-String-1 !* ANY
- &User-Name !* ANY
-}
+&control -= &Tmp-String-0[*]
+&control -= &Tmp-String-1[*]
+&control -= &User-Name[*]
# Pre-fill NAS-IP-Address to check operator behaviour
-update control {
- &NAS-IP-Address := "10.0.0.10"
-}
+&control.NAS-IP-Address := "10.0.0.10"
# Test "accounting" rest call. Uses https to a POST end point
rest.accounting
# PRE rest_module eval
#
-update request {
- &Tmp-String-0 := "$ENV{REST_TEST_SERVER}"
- &Tmp-Integer-0 := "$ENV{REST_TEST_SERVER_PORT}"
- &Tmp-Integer-1 := "$ENV{REST_TEST_SERVER_SSL_PORT}"
- &Tmp-String-1 := "notfound"
-}
+&Tmp-String-0 := "$ENV{REST_TEST_SERVER}"
+&Tmp-Integer-0 := "$ENV{REST_TEST_SERVER_PORT}"
+&Tmp-Integer-1 := "$ENV{REST_TEST_SERVER_SSL_PORT}"
+&Tmp-String-1 := "notfound"
# Retrieve a plain text file
-update control {
- &Tmp-String-1 := "%(rest:GET http://%{Tmp-String-0}:%{Tmp-Integer-0}/test.txt)"
-}
+&control.Tmp-String-1 := "%(rest:GET http://%{Tmp-String-0}:%{Tmp-Integer-0}/test.txt)"
if (&REST-HTTP-Status-Code != 200) {
test_fail
}
# Take host from incomming packet
-update control {
- &Tmp-String-1 := "%(rest:http://%{Login-IP-Host}:%{Tmp-Integer-0}/test.txt)"
-}
+&control.Tmp-String-1 := "%(rest:http://%{Login-IP-Host}:%{Tmp-Integer-0}/test.txt)"
if ((&REST-HTTP-Status-Code != 200) || (&control.Tmp-String-1 != "Sample text response\n")) {
test_fail
}
# Port is not allowed from incomming packet
-update control {
- &Tmp-String-1 := "%(rest:http://%{Tmp-String-0}:%{NAS-Port}/test.txt)"
-}
+&control.Tmp-String-1 := "%(rest:http://%{Tmp-String-0}:%{NAS-Port}/test.txt)"
if ((&Module-Failure-Message != "Failed escaping URI: Tainted value not allowed for port") || (&control.Tmp-String-1 != "")) {
test_fail
}
# Check a "not found" gives a 404 status code
-update control {
- &Tmp-String-1 := "%(rest:GET http://%{Tmp-String-0}:%{Tmp-Integer-0}/%{Tmp-String-1})"
-}
+&control.Tmp-String-1 := "%(rest:GET http://%{Tmp-String-0}:%{Tmp-Integer-0}/%{Tmp-String-1})"
if (&REST-HTTP-Status-Code != 404) {
test_fail
}
# GET with URL parameters
-update request {
- &Tmp-String-2 := "%(rest:GET http://%{Tmp-String-0}:%{Tmp-Integer-0}/user/%{User-Name}/mac/%{Called-Station-Id})"
-}
+&Tmp-String-2 := "%(rest:GET http://%{Tmp-String-0}:%{Tmp-Integer-0}/user/%{User-Name}/mac/%{Called-Station-Id})"
if (&REST-HTTP-Status-Code != 200) {
test_fail
test_fail
}
-update control {
- &Tmp-String-3 := 'dummy'
-}
+&control.Tmp-String-3 := 'dummy'
# Directly use json map and prepend the returned value
map json "%(rest:GET http://%{Tmp-String-0}:%{Tmp-Integer-0}/user/%{User-Name}/mac/%{Called-Station-Id})" {
test_fail
}
-update control {
- &Tmp-String-2 = "%{json_encode:&request.NAS-IP-Address}"
-}
+&control.Tmp-String-2 = "%{json_encode:&NAS-IP-Address}"
# POST to https with JSON body data
-update request {
- &Tmp-String-2 := "%(rest:POST https://%{Tmp-String-0}:%{Tmp-Integer-1}/user/%{User-Name}/mac/%{Called-Station-Id}?section=accounting %{control.Tmp-String-2})"
-}
+&Tmp-String-2 := "%(rest:POST https://%{Tmp-String-0}:%{Tmp-Integer-1}/user/%{User-Name}/mac/%{Called-Station-Id}?section=accounting %{control.Tmp-String-2})"
if (&REST-HTTP-Status-Code != 200) {
test_fail
test_fail
}
-update control {
- &Tmp-String-2 := "NAS=%{NAS-IP-Address}&user=%{User-Name}"
-}
+&control.Tmp-String-2 := "NAS=%{NAS-IP-Address}&user=%{User-Name}"
# POST to https with POST body data
-update request {
- &Tmp-String-2 := "%(rest:POST https://%{Tmp-String-0}:%{Tmp-Integer-1}/post/test?section=dummy %{control.Tmp-String-2})"
-}
+&Tmp-String-2 := "%(rest:POST https://%{Tmp-String-0}:%{Tmp-Integer-1}/post/test?section=dummy %{control.Tmp-String-2})"
if (&REST-HTTP-Status-Code != 200) {
test_fail
# URI with tainted values in the arguments - input argument includes URI argument
# separator - make sure this doesn't end up generating extra arguments, but gets escaped.
-update request {
- &Tmp-String-2 := "%(rest:GET http://%{Tmp-String-0}:%{Tmp-Integer-0}/user/%{User-Name}/reflect/?station=%{Calling-Station-Id})"
-}
+&Tmp-String-2 := "%(rest:GET http://%{Tmp-String-0}:%{Tmp-Integer-0}/user/%{User-Name}/reflect/?station=%{Calling-Station-Id})"
if (&Tmp-String-2 != "{\"station\":\"dummy&unsafe=escaped\"}\n" ) {
test_fail
}
# Zero length untainted value - check parsing doesn't break on zero length string
-update request {
- &Tmp-String-8 := ""
-}
-
-update request {
- &Tmp-String-2 := "%(rest:http://%{Tmp-String-0}:%{Tmp-Integer-0}/user/%{User-Name}/reflect/%{Tmp-String-8}?station=%{User-Name})"
-}
+&Tmp-String-8 := ""
+&Tmp-String-2 := "%(rest:http://%{Tmp-String-0}:%{Tmp-Integer-0}/user/%{User-Name}/reflect/%{Tmp-String-8}?station=%{User-Name})"
if (&Tmp-String-2 != "{\"station\":\"Bob\"}\n" ) {
test_fail
}
# Zero length tainted value - check escaping doesn't break on zero length string
-update request {
- &Tmp-String-2 := "%(rest:http://%{Tmp-String-0}:%{Tmp-Integer-0}/user/%{User-Name}/reflect/%{Tmp-String-9}?station=%{Called-Station-Id})"
-}
+&Tmp-String-2 := "%(rest:http://%{Tmp-String-0}:%{Tmp-Integer-0}/user/%{User-Name}/reflect/%{Tmp-String-9}?station=%{Called-Station-Id})"
if (&Tmp-String-2 != "{\"station\":\"aa:bb:cc:dd:ee:ff\"}\n" ) {
test_fail
+&request += {
+ &SMTP-Mail-Header = "x-test-Subject: smtp test"
+ &SMTP-Mail-Body = "sent from the smtp test module\r\n"
+ &SMTP-Recipients = "smtp_attachment_receiver@localhost"
-update request {
- &SMTP-Mail-Header += "x-test-Subject: smtp test"
- &SMTP-Mail-Body += "sent from the smtp test module\r\n"
+ &SMTP-TO = "smtp_to_1@localhost"
+ &SMTP-TO = "smtp_to_2@localhost"
- &SMTP-Recipients += "smtp_attachment_receiver@localhost"
+ &SMTP-CC = "smtp_cc_1@localhost"
+ &SMTP-CC = "smtp_cc_2@localhost"
- &SMTP-TO += "smtp_to_1@localhost"
- &SMTP-TO += "smtp_to_2@localhost"
-
- &SMTP-CC += "smtp_cc_1@localhost"
- &SMTP-CC += "smtp_cc_2@localhost"
-
- &SMTP-Attachments += "testfile"
+ &SMTP-Attachments = "testfile"
}
smtp.authorize
if (`/bin/sh -c "cat build/ci/exim4/mail/smtp_attachment_receiver | \
grep -E '^[A-Za-z0-9+/]{4}*([A-Za-z0-9+/]{4}|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)$' | base64 -d | tr -d '\r\n' | \
grep -f build/ci/exim4/testfile"`){
- update control {
- &Auth-Type := Accept
- }
+ &control.Auth-Type := Accept
}
else {
reject
-update request {
- &SMTP-Mail-Header += "Subject: smtp test"
- &SMTP-Mail-Header += "FROM: smtp_sender@gmail.com"
- &SMTP-Mail-Header += "TO: smtp_receiver@localhost"
- &SMTP-Mail-Body += "sent from the smtp test module\r\n"
- &SMTP-Sender-Address += "smtp_sender@localhost"
- &SMTP-Recipients += "smtp_receiver@localhost"
- &SMTP-Attachments += "testfile"
+&request += {
+ &SMTP-Mail-Header = "Subject: smtp test"
+ &SMTP-Mail-Header = "FROM: smtp_sender@gmail.com"
+ &SMTP-Mail-Header = "TO: smtp_receiver@localhost"
+ &SMTP-Mail-Body = "sent from the smtp test module\r\n"
+ &SMTP-Sender-Address = "smtp_sender@localhost"
+ &SMTP-Recipients = "smtp_receiver@localhost"
+ &SMTP-Attachments = "testfile"
}
smtp.authenticate
if(ok) {
- update control {
- &Auth-Type := Accept
- }
+ &control.Auth-Type := Accept
}
else {
reject
}
-if (&request.TLS-Certificate.Issuer =~ /@example\.org/) {
+if (&TLS-Certificate.Issuer =~ /@example\.org/) {
test_pass
} else {
test_fail
-update request {
- &SMTP-Mail-Body += "sent from the smtp test module\r\n"
- &SMTP-Mail-Body += "\r\n"
- &SMTP-Mail-Body += "Some Body\r\n"
- &SMTP-Mail-Body += ".\r\n"
- &SMTP-Mail-Body += "More Body\r\n"
- &SMTP-Mail-Body += "."
- &SMTP-Mail-Body += "Most Body\r\n"
+&request += {
+ &SMTP-Mail-Body = "sent from the smtp test module\r\n"
+ &SMTP-Mail-Body = "\r\n"
+ &SMTP-Mail-Body = "Some Body\r\n"
+ &SMTP-Mail-Body = ".\r\n"
+ &SMTP-Mail-Body = "More Body\r\n"
+ &SMTP-Mail-Body = "."
+ &SMTP-Mail-Body = "Most Body\r\n"
- &SMTP-Recipients += "crln_test_receiver@localhost"
- &SMTP-Sender-Address += "smtp_sender@localhost"
+ &SMTP-Recipients = "crln_test_receiver@localhost"
+ &SMTP-Sender-Address = "smtp_sender@localhost"
}
smtp.authorize
if (`/bin/sh -c "cat build/ci/exim4/mail/crln_test_receiver | \
grep -E 'Most Body'"`) {
- update control {
- &Auth-Type := Accept
- }
+ &control.Auth-Type := Accept
}
else {
reject
}
-if (&request.TLS-Certificate.Issuer =~ /@example\.org/) {
+if (&TLS-Certificate.Issuer =~ /@example\.org/) {
test_pass
} else {
test_fail
-update request {
- &SMTP-Mail-Body += "sent from the smtp test module\r\n"
-
- &SMTP-Recipients += "stringparse_test_receiver@localhost"
-
- &SMTP-Sender-Address += "smtp_sender@localhost"
- &SMTP-Sender-Address += "smtp_sender_2@localhost"
- &SMTP-Sender-Address += "smtp_sender_3@localhost"
+&request += {
+ &SMTP-Mail-Body = "sent from the smtp test module\r\n"
+ &SMTP-Recipients = "stringparse_test_receiver@localhost"
+ &SMTP-Sender-Address = "smtp_sender@localhost"
+ &SMTP-Sender-Address = "smtp_sender_2@localhost"
+ &SMTP-Sender-Address = "smtp_sender_3@localhost"
}
smtp.authorize
if (`/bin/sh -c "cat build/ci/exim4/mail/stringparse_test_receiver | \
grep -E 'Subject: for Bob'"`) {
- update control {
- &Auth-Type := Accept
- }
+ &control.Auth-Type := Accept
}
else {
reject
}
-if (&request.TLS-Certificate.Issuer =~ /@example\.org/) {
+if (&TLS-Certificate.Issuer =~ /@example\.org/) {
test_pass
} else {
test_fail
-update request {
- &SMTP-Mail-Header += "x-test-Subject: smtp test"
- &SMTP-Mail-Body += "sent from the smtp test module\r\n"
+&request += {
+ &SMTP-Mail-Header = "x-test-Subject: smtp test"
+ &SMTP-Mail-Body = "sent from the smtp test module\r\n"
- &SMTP-Recipients += "smtp_delivery_receiver@localhost"
- &SMTP-Recipients += "smtp_recipient_request@localhost"
+ &SMTP-Recipients = "smtp_delivery_receiver@localhost"
+ &SMTP-Recipients = "smtp_recipient_request@localhost"
- &SMTP-TO += "smtp_to_request_1@localhost"
- &SMTP-TO += "smtp_to_request_2@localhost"
+ &SMTP-TO = "smtp_to_request_1@localhost"
+ &SMTP-TO = "smtp_to_request_2@localhost"
- &SMTP-CC += "smtp_cc_request_1@localhost"
- &SMTP-CC += "smtp_cc_request_2@localhost"
+ &SMTP-CC = "smtp_cc_request_1@localhost"
+ &SMTP-CC = "smtp_cc_request_2@localhost"
- &SMTP-Attachments += "testfile"
+ &SMTP-Attachments = "testfile"
}
smtp.authorize
if (`/bin/sh -c "cat build/ci/exim4/mail/smtp_delivery_receiver | \
grep -E '^[A-Za-z0-9+/]{4}*([A-Za-z0-9+/]{4}|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)$' | base64 -d | tr -d '\r\n' | \
grep -f build/ci/exim4/testfile"`){
- update control {
- &Auth-Type := Accept
- }
+ &control.Auth-Type := Accept
}
else {
reject
#
# Change acctsessiontime and verify it's updated
#
-update request {
- &Connect-Info = 'updated'
-}
+&Connect-Info = 'updated'
+
sql.accounting
if (ok) {
test_pass
#
# Test paircmp group comparisons with dynamic expansions
#
-update request {
- &Tmp-String-0 := 'groups_group_b'
-}
+&Tmp-String-0 := 'groups_group_b'
if (&SQL-Group == "%{Tmp-String-0}") {
test_pass
}
# Clear the control list
-update {
- &control.Tmp-String-0 !* ANY
- &control.Tmp-String-1 !* ANY
- &control.Tmp-Integer-0 !* ANY
-}
+&control -= &Tmp-String-0[*]
+&control -= &Tmp-String-1[*]
+&control -= &Tmp-Integer-0[*]
# Insert our second test row
"%{sql:INSERT INTO radusergroup (username, groupname, priority) VALUES ('oof', 'rab', 0)}"
}
# Clear the control list
-update {
- &control.Tmp-String-0 !* ANY
- &control.Tmp-String-1 !* ANY
- &control.Tmp-Integer-0 !* ANY
-}
+&control -= &Tmp-String-0[*]
+&control -= &Tmp-String-1[*]
+&control -= &Tmp-Integer-0[*]
# Retrieve our test row(s) - With = we should get the values from the first row
map sql 'SELECT * FROM radusergroup WHERE priority = 0' {
}
# Clear the control list
-update {
- &control.Tmp-String-0 !* ANY
- &control.Tmp-String-1 !* ANY
- &control.Tmp-Integer-0 !* ANY
-}
+&control -= &Tmp-String-0[*]
+&control -= &Tmp-String-1[*]
+&control -= &Tmp-Integer-0[*]
# Retrieve our test row(s) - With ^= we should get the values from the second row then the first
map sql 'SELECT * FROM radusergroup WHERE priority = 0' {
}
# Clear the control list
-update {
- &control.Tmp-String-0 !* ANY
- &control.Tmp-String-1 !* ANY
- &control.Tmp-Integer-0 !* ANY
-}
+&control -= &Tmp-String-0[*]
+&control -= &Tmp-String-1[*]
+&control -= &Tmp-Integer-0[*]
# Retrieve our test row(s) - With += we should get the values from both rows
map sql 'SELECT * FROM radusergroup WHERE priority = 0' {
}
# Clear the control list
-update {
- &control.Tmp-String-0 !* ANY
- &control.Tmp-String-1 !* ANY
- &control.Tmp-Integer-0 !* ANY
-}
+&control -= &Tmp-String-0[*]
+&control -= &Tmp-String-1[*]
+&control -= &Tmp-Integer-0[*]
# Retrieve the username column only (should result in noop because not in map)
map sql 'SELECT username FROM radusergroup WHERE priority = 0' {
test_fail
}
-update request {
- &Tmp-String-0 := "SELECT * FROM radusergroup WHERE priority = 0 AND username = '%{User-Name}'"
-}
+&Tmp-String-0 := "SELECT * FROM radusergroup WHERE priority = 0 AND username = '%{User-Name}'"
# Clear the control list
-update {
- &control.Tmp-String-0 !* ANY
- &control.Tmp-String-1 !* ANY
- &control.Tmp-Integer-0 !* ANY
-}
+&control -= &Tmp-String-0[*]
+&control -= &Tmp-String-1[*]
+&control -= &Tmp-Integer-0[*]
# Retrieve test row with specific username (using ref'd query)
map sql &Tmp-String-0 {
}
# Clear the control list
-update {
- &control.Tmp-String-0 !* ANY
- &control.Tmp-String-1 !* ANY
- &control.Tmp-Integer-0 !* ANY
-}
+&control -= &Tmp-String-0[*]
+&control -= &Tmp-String-1[*]
+&control -= &Tmp-Integer-0[*]
-update request {
- &Tmp-String-0 := 'username'
- &Tmp-String-1 := 'name'
-}
+&Tmp-String-0 := 'username'
+&Tmp-String-1 := 'name'
# Retrieve our test row(s) - Using different RHS types
map sql 'SELECT * FROM radusergroup WHERE priority = 0' {
-update {
- &Fall-Through := yes
-}
+&Fall-Through := yes
+
# Should be compiled out
if ('${a_term}' != '${a_term}') {
test_fail
}
dollar_expansions {
- update {
- &Fall-Through := yes
- }
+ &Fall-Through := yes
+
# Should be compiled out
if ('${a_term}' != '${a_term}') {
test_fail
# Use builtin "local" zone
-update request {
- &Tmp-IP-Address-0 := "%(dns:localhost A)"
-}
+&Tmp-IP-Address-0 := "%(dns:localhost A)"
if (&Tmp-IP-Address-0 != 127.0.0.1) {
test_fail
}
-update request {
- &Tmp-String-0 := "%(dns:localhost AAAA)"
-}
+&Tmp-String-0 := "%(dns:localhost AAAA)"
if (&Tmp-String-0 != "::1") {
test_fail
}
-update request {
- &Tmp-String-1 := "%(dns:1.0.0.127.in-addr.arpa PTR)"
-}
+&Tmp-String-1 := "%(dns:1.0.0.127.in-addr.arpa PTR)"
if (&Tmp-String-1 != "localhost") {
test_fail
}
# Use local data in module config to allow for dotted names
-update request {
- &Tmp-IP-Address-0 := "%(dns:www.example.com A)"
-}
+&Tmp-IP-Address-0 := "%(dns:www.example.com A)"
if (&Tmp-IP-Address-0 != 192.168.1.1) {
test_fail
}
-update request {
- &Tmp-String-0 := "%(dns:1.1.168.192.in-addr.arpa PTR)"
-}
+&Tmp-String-0 := "%(dns:1.1.168.192.in-addr.arpa PTR)"
if (&Tmp-String-0 != "www.example.com") {
test_fail
#}
# Invalid query
-update request {
- &Tmp-String-0 := "%(dns:www.example.com ABC)"
-}
-
-if (&Tmp-String-0 != "") {
- test_fail
-}
+&Tmp-String-0 := "%(dns:www.example.com ABC)"
if (&Module-Failure-Message != "Invalid / unsupported DNS query type") {
test_fail
}
-update request {
- &Tmp-String-0 := ""
-}
-
-update request {
- &Tmp-String-1 := "%(dns:%{Tmp-String-0} A)"
-}
-
-if (&Tmp-String-1 != "") {
- test_fail
-}
+&Tmp-String-0 := ""
+&Tmp-String-1 := "%(dns:%{Tmp-String-0} A)"
if (&Module-Failure-Message != "Can't resolve zero length host") {
test_fail
}
-update request {
- &Tmp-String-1 := "%(dns:example.com MX)"
-}
+&Tmp-String-1 := "%(dns:example.com MX)"
# Until we can handle multiple boxes in xlat expansion, the results
# are concatenated into a single string
# Just return a single record
# As results are not in a specified order, it could be either.
-update request {
- &Tmp-String-1 := "%(dns:example.com MX 1)"
-}
+&Tmp-String-1 := "%(dns:example.com MX 1)"
if ((&Tmp-String-1 != '10mail.example.com') && (&Tmp-String-1 != '20mail2.example.com')) {
test_fail
}
-update request {
- &Tmp-String-1 := "%(dns:n0nex1stent.d0ma1n A)"
-}
-
-if (&Tmp-String-1 != "") {
- test_fail
-}
+&Tmp-String-1 := "%(dns:n0nex1stent.d0ma1n A)"
# Running this on macOS produces a timeout due to the nonexistent TLD
if ((&Module-Failure-Message != "dns - Nonexistent domain name") && (&Module-Failure-Message != "Timeout waiting for DNS resolution")) {
policy {
test_pass {
- update control {
- &Auth-Type := Accept
- }
+ &control.Auth-Type := Accept
}
test_fail {
- update reply {
- &Reply-Message += "Failure in test at line %(interpreter:...line)"
+ &reply += {
+ &Reply-Message = "Failure in test at line %(interpreter:...line)"
}
reject
}
-
-update request {
- &Tmp-String-0 := "vvrbuctetdhc"
-}
-
-update request {
- &Tmp-String-1 := "%{modhextohex:%{Tmp-String-0}}"
-}
+&Tmp-String-0 := "vvrbuctetdhc"
+&Tmp-String-1 := "%{modhextohex:%{Tmp-String-0}}"
if (&Tmp-String-1 != "ffc1e0d3d260") {
test_fail
}
# Invalid modhex string - not even length
-update request {
- &Tmp-String-0 := "vvrbuctetdh"
-}
+&Tmp-String-0 := "vvrbuctetdh"
update request {
&Tmp-String-1 := "%{modhextohex:%{Tmp-String-0}}"
projects / thirdparty / freeradius-server.git / commitdiff
