allow tacacs to encode nested attributes

diff --git a/src/protocols/tacacs/encode.c b/src/protocols/tacacs/encode.c
index 7db8b364f29985984591367098af4483b9dde3ed..82bec2b53454f24246d7963e649b8ea799258516 100644 (file)
--- a/src/protocols/tacacs/encode.c
+++ b/src/protocols/tacacs/encode.c
@@ -142,6 +142,8 @@ static uint8_t tacacs_encode_body_arg_cnt(fr_pair_list_t *vps, fr_dict_attr_t co
 
                if (vp->da->flags.internal) continue;
 
+               if (vp->da == attr_tacacs_packet) continue;
+
                /*
                 *      Argument-List = "foo=bar"
                 */
@@ -193,6 +195,8 @@ static ssize_t tacacs_encode_body_arg_n(fr_dbuff_t *dbuff, uint8_t arg_cnt, uint
 
                if (vp->da->flags.internal) continue;
 
+               if (vp->da == attr_tacacs_packet) continue;
+
                /*
                 *      Argument-List = "foo=bar"
                 */
@@ -995,7 +999,8 @@ ssize_t fr_tacacs_encode(fr_dbuff_t *dbuff, uint8_t const *original_packet, char
        }
 
 #ifndef NDEBUG
-       if (fr_debug_lvl >= L_DBG_LVL_4) {
+//     if (fr_debug_lvl >= L_DBG_LVL_4) {
+       if (1) {
                uint8_t flags = packet->hdr.flags;
 
                packet->hdr.flags |= FR_TAC_PLUS_UNENCRYPTED_FLAG;

diff --git a/src/tests/unit/protocols/tacacs/base.txt b/src/tests/unit/protocols/tacacs/base.txt
index c6316ce939580bd195257dd7ee6d0ff42268fcdc..445e3d7669779ab7bfe412d1bb196a4e81334cf5 100644 (file)
--- a/src/tests/unit/protocols/tacacs/base.txt
+++ b/src/tests/unit/protocols/tacacs/base.txt
@@ -6,8 +6,6 @@ proto tacacs
 proto-dictionary tacacs
 fuzzer-out tacacs
 
-migrate pair_legacy_nested = false
-
 # ./pam_tacplus/tacc -TRA -u bob -p hello -s 172.17.0.2 -r 1.1.1.1 -k testing123 -S ppp -P ip -L pap
 # N.B. decrypted and unencrypted flag has been set
 
@@ -33,6 +31,12 @@ match Packet.Version-Major = Plus, Packet.Version-Minor = 1, Packet.Packet-Type
 encode-proto -
 match c1 01 02 01 b7 0f c8 0e 00 00 00 06 01 00 00 00 00 00
 
+pair Packet.Version-Major = Plus, Packet.Version-Minor = 0, Packet.Packet-Type = Authorization, Packet.Sequence-Number = 1, Packet.Flags = None, Packet.Session-Id = 3781589222, Packet.Length = 53, Packet-Body-Type = Request, Authentication-Method = TACACSPLUS, Privilege-Level = Minimum, Authentication-Type = PAP, Authentication-Service = PPP, User-Name = "bob", Client-Port = "tapioca/0", Remote-Address = "localhost", service = "ppp", protocol = "ip"
+match Packet = { Version-Major = Plus, Version-Minor = 0, Packet-Type = Authorization, Sequence-Number = 1, Flags = None, Session-Id = 3781589222, Length = 53 }, Packet-Body-Type = Request, Authentication-Method = TACACSPLUS, Privilege-Level = Minimum, Authentication-Type = PAP, Authentication-Service = PPP, User-Name = "bob", Client-Port = "tapioca/0", Remote-Address = "localhost", service = "ppp", protocol = "ip"
+
+encode-proto -
+match c0 02 01 01 e1 66 78 e6 00 00 00 35 06 00 02 03 03 09 09 02 0b 0b 62 6f 62 74 61 70 69 6f 63 61 2f 30 6c 6f 63 61 6c 68 6f 73 74 73 65 72 76 69 63 65 3d 70 70 70 70 72 6f 74 6f 63 6f 6c 3d 69 70
+
 #
 #  Authorization - Request: (Client -> Server)
 #
@@ -72,4 +76,4 @@ decode-proto c002 20ff 2020 2020 0000 0043 2009 0000 0009 000a 2120 2020 2020 20
 match Argument 3 length 32 overflows packet
 
 count
-match 30
+match 33

diff --git a/src/tests/unit/protocols/tacacs/regression.txt b/src/tests/unit/protocols/tacacs/regression.txt
index ab2b706f16efcfce5d0bdccd607cde9837537b17..8d580288c82619c710866571a2fdcb1a73b7219b 100644 (file)
--- a/src/tests/unit/protocols/tacacs/regression.txt
+++ b/src/tests/unit/protocols/tacacs/regression.txt
@@ -6,8 +6,6 @@ proto tacacs
 proto-dictionary tacacs
 fuzzer-out tacacs
 
-migrate pair_legacy_nested = false
-
 #
 #  Authorization - Response: (Client <- Server)
 #
@@ -19,4 +17,4 @@ encode-proto Packet.Version-Major = Plus, Packet.Version-Minor = 0, Packet.Packe
 match c0 02 02 05 e1 66 78 e6 00 00 00 13 01 01 00 00 00 00 0c 61 64 64 72 3d 31 2e 32 2e 33 2e 34
 
 count
-match 6
+match 5