|===
NOTE: `<ciphertext>` and `<signature>` are ingested and excreted to in their raw form.
-You should use armouring expansions i.e. `%{base64_encode:}`, `%{base64_decode:}` if the values
+You should use armouring expansions i.e. `%(base64.encode:)`, `%(base64.decode:)` if the values
are to be passed outside of FreeRADIUS.
e.g:
- %{base64_encode:%{cipher_encrypt:<plaintext>}}
- %{cipher_decrypt:%{base64_decode:<ciphertext>}}
+ %(base64.encode:%(cipher_encrypt:<plaintext>))
+ %{cipher_decrypt:%(base64.decode:<ciphertext>)}
NOTE: The supported versions are determined _entirely_ by the version of OpenSSL used, we
pass the name of the digest off to OpenSSL and it tells _us_ whether it's valid/supported
== String Conversion
-=== %{base64: ... }
+=== %(base64.encode: ... )
Encode a string using Base64.
&Tmp-String-0 := "Caipirinha"
}
update reply {
- &Reply-Message := "The base64 of %{control.Tmp-String-0} is %{base64:%{control.Tmp-String-0}}"
+ &Reply-Message := "The base64 of %{control.Tmp-String-0} is %(base64.encode:%{control.Tmp-String-0})"
}
----
The base64 of foo is Q2FpcGlyaW5oYQ==
```
-=== %{base64decode: ... }
+=== %(base64.decode: ... )
Decode a string previously encoded using Base64.
&Tmp-String-0 := "Q2FpcGlyaW5oYQ=="
}
update reply {
- &Reply-Message := "The base64decode of %{control.Tmp-String-0} is %{base64decode:%{control.Tmp-String-0}}"
+ &Reply-Message := "The base64.decode of %{control.Tmp-String-0} is %(base64.decode:%{control.Tmp-String-0})"
}
----
.Output
```
-The base64decode of Q2FpcGlyaW5oYQ== is Caipirinha
+The base64.decode of Q2FpcGlyaW5oYQ== is Caipirinha
```
=== %{bin: ... }
e.g. "%(concat:%(pairs:request.[*]) ', ')" == "User-Name = 'foo', User-Password = 'bar', ..."
-.IP %{base64:<string>}
+.IP %(base64.encoded:<string>)
Encode string as base64.
-e.g. "%{base64:foo}" == "Zm9v"
+e.g. "%(base64.encode:foo)" == "Zm9v"
.IP %(explode:&<value_ref>\ <delim>)
Split an attribute into multiple new attributes based on a delimiter
# |===
#
# NOTE: `<ciphertext>` and `<signature>` are ingested and excreted to in their raw form.
-# You should use armouring expansions i.e. `%{base64_encode:}`, `%{base64_decode:}` if the values
+# You should use armouring expansions i.e. `%(base64.encode:)`, `%(base64.decode:)` if the values
# are to be passed outside of FreeRADIUS.
#
# e.g:
#
-# %{base64_encode:%{cipher_encrypt:<plaintext>}}
-# %{cipher_decrypt:%{base64_decode:<ciphertext>}}
+# %(base64.encode:%{cipher_encrypt:<plaintext>})
+# %{cipher_decrypt:%(base64.decode:<ciphertext>})
#
# NOTE: The supported versions are determined _entirely_ by the version of OpenSSL used, we
# pass the name of the digest off to OpenSSL and it tells _us_ whether it's valid/supported
*
* Example:
@verbatim
-"%{base64:foo}" == "Zm9v"
+"%(base64.encode:foo)" == "Zm9v"
@endverbatim
*
* @ingroup xlat_functions
*
* Example:
@verbatim
-"%{base64decode:Zm9v}" == "foo"
+"%(base64.decode:Zm9v)" == "foo"
@endverbatim
*
* @ingroup xlat_functions
XLAT_REGISTER_ARGS("subst", xlat_func_subst, FR_TYPE_STRING, xlat_func_subst_args);
XLAT_REGISTER_ARGS("time", xlat_func_time, FR_TYPE_VOID, xlat_func_time_args);
XLAT_REGISTER_ARGS("trigger", trigger_xlat, FR_TYPE_STRING, trigger_xlat_args);
+ XLAT_REGISTER_ARGS("base64.encode", xlat_func_base64_encode, FR_TYPE_STRING, xlat_func_base64_encode_arg);
+ XLAT_REGISTER_ARGS("base64.decode", xlat_func_base64_decode, FR_TYPE_OCTETS, xlat_func_base64_decode_arg);
if (unlikely((xlat = xlat_func_register(ctx, "untaint", xlat_func_untaint, FR_TYPE_VOID)) == NULL)) return -1;
xlat_func_flags_set(xlat, XLAT_FUNC_FLAG_INTERNAL);
xlat_func_flags_set(xlat, XLAT_FUNC_FLAG_PURE | XLAT_FUNC_FLAG_INTERNAL); \
} while (0)
- XLAT_REGISTER_MONO("base64", xlat_func_base64_encode, FR_TYPE_STRING, xlat_func_base64_encode_arg);
- XLAT_REGISTER_MONO("base64decode", xlat_func_base64_decode, FR_TYPE_OCTETS, xlat_func_base64_decode_arg);
+
XLAT_REGISTER_MONO("bin", xlat_func_bin, FR_TYPE_OCTETS, xlat_func_bin_arg);
XLAT_REGISTER_MONO("hex", xlat_func_hex, FR_TYPE_STRING, xlat_func_hex_arg);
XLAT_REGISTER_MONO("map", xlat_func_map, FR_TYPE_INT8, xlat_func_map_arg);
{ "base32_hex_encode", test_base32_hex_encode },
{ "base32_hex_decode", test_base32_hex_decode },
- { "base64_encode", test_base64_encode },
- { "base64_decode", test_base64_decode },
+ { "base64.encode", test_base64_encode },
+ { "base64.decode", test_base64_decode },
{ NULL }
};
*/
if (in_head->type != FR_TYPE_OCTETS) {
REDEBUG("Signature argument wrong type, expected %s, got %s. "
- "Use %%{base64_decode:<text>} or %%{hex_decode:<text>} if signature is armoured",
+ "Use %%(base64.decode:<text>) or %%{hex_decode:<text>} if signature is armoured",
fr_type_to_str(FR_TYPE_OCTETS),
fr_type_to_str(in_head->type));
return XLAT_ACTION_FAIL;
ok
&request <= {
- &Tmp-String-0 = "%{base64:%{Tmp-String-0}}"
- &Tmp-String-1 = "%{base64:%{Tmp-Octets-0}}"
- &Tmp-String-2 = "%{base64:%{Tmp-IP-Address-0}}"
- &Tmp-String-4 = "%{base64:%{Tmp-Integer-0}}"
- &Tmp-String-6 = "%{base64:%{Tmp-Cast-Ifid}}"
- &Tmp-String-7 = "%{base64:%{Tmp-Cast-IPv6Addr}}"
- &Tmp-String-8 = "%{base64:%{Tmp-Cast-IPv6Prefix}}"
- &Tmp-String-9 = "%{base64:%{Tmp-Cast-Byte}}"
+ &Tmp-String-0 = "%(base64.encode:%{Tmp-String-0})"
+ &Tmp-String-1 = "%(base64.encode:%{Tmp-Octets-0})"
+ &Tmp-String-2 = "%(base64.encode:%{Tmp-IP-Address-0})"
+ &Tmp-String-4 = "%(base64.encode:%{Tmp-Integer-0})"
+ &Tmp-String-6 = "%(base64.encode:%{Tmp-Cast-Ifid})"
+ &Tmp-String-7 = "%(base64.encode:%{Tmp-Cast-IPv6Addr})"
+ &Tmp-String-8 = "%(base64.encode:%{Tmp-Cast-IPv6Prefix})"
+ &Tmp-String-9 = "%(base64.encode:%{Tmp-Cast-Byte})"
}
# String - bin 0x39383730
}
&request <= {
- &Tmp-String-0 = "%{base64:%{Tmp-Cast-Short}}"
- &Tmp-String-1 = "%{base64:%{Tmp-Cast-Ether}}"
- &Tmp-String-2 = "%{base64:%{Tmp-Cast-Integer64}}"
- &Tmp-String-3 = "%{base64:%{Tmp-Cast-IPv4Prefix}}"
+ &Tmp-String-0 = "%(base64.encode:%{Tmp-Cast-Short})"
+ &Tmp-String-1 = "%(base64.encode:%{Tmp-Cast-Ether})"
+ &Tmp-String-2 = "%(base64.encode:%{Tmp-Cast-Integer64})"
+ &Tmp-String-3 = "%(base64.encode:%{Tmp-Cast-IPv4Prefix})"
}
# short - bin 0x373b
}
&request <= {
- &Tmp-Octets-0 = "%{base64decode:Zm9v}"
- &Tmp-Octets-1 = "%{base64decode:AIAAAAAAAAAAAAAAAAA5ODc5}"
+ &Tmp-Octets-0 = "%(base64.decode:Zm9v)"
+ &Tmp-Octets-1 = "%(base64.decode:AIAAAAAAAAAAAAAAAAA5ODc5)"
}
if (!(&Tmp-Octets-0 == "foo")) {
# Regression tests
&request -= &Tmp-Octets-0[*]
-&Tmp-Octets-0 := %{base64decode:5RNqNl8iYLbkCc7JhR8as4TtDDCX6otuuWtcja8rITUyx9zrnHSe9tTHGmKK}
+&Tmp-Octets-0 := %(base64.decode:5RNqNl8iYLbkCc7JhR8as4TtDDCX6otuuWtcja8rITUyx9zrnHSe9tTHGmKK)
if (!(&Tmp-Octets-0 == 0xe5136a365f2260b6e409cec9851f1ab384ed0c3097ea8b6eb96b5c8daf2b213532c7dceb9c749ef6d4c71a628a)) {
test_fail
}
&request -= &Tmp-Octets-0[*]
-&Tmp-Octets-0 = "%{base64decode:eHfXPKZ+2iv9cnMV1MOmE/moYYA1Uk5xTmw4aVlMYmtDYzdKaFI4YXM0VHRERENYNm90dXVXdGNqYThySVRVeXg5enJuSFNlOXRUSEdtS0s=}"
+&Tmp-Octets-0 = "%(base64.decode:eHfXPKZ+2iv9cnMV1MOmE/moYYA1Uk5xTmw4aVlMYmtDYzdKaFI4YXM0VHRERENYNm90dXVXdGNqYThySVRVeXg5enJuSFNlOXRUSEdtS0s=)"
if (!(&Tmp-Octets-0 == 0x7877d73ca67eda2bfd727315d4c3a613f9a8618035524e714e6c3869594c626b4363374a685238617334547444444358366f7475755774636a6138724954557978397a726e48536539745448476d4b4b)) {
test_fail
#
&Tmp-String-1 := "{clear}%{User-Password}"
&control := {
- &Password.With-Header = "%{base64:%{Tmp-String-1}}"
+ &Password.With-Header = "%(base64.encode:%{Tmp-String-1})"
}
pap.authorize
&control.Tmp-Octets-0 := "%{bin:%{control.Tmp-String-1}}"
# To Base64
-&control.Tmp-String-1 := "%{base64:%{control.Tmp-Octets-0}}"
+&control.Tmp-String-1 := "%(base64.encode:%{control.Tmp-Octets-0})"
&control.Password.With-Header := "{ssha}%{control.Tmp-String-1}"
pap.authorize
&control.Tmp-Octets-0 := "%{bin:%{control.Tmp-String-1}}"
# To Base64
-&control.Tmp-String-1 := "{ssha}%{base64:%{control.Tmp-Octets-0}}"
-&control.Password.With-Header := "%{base64:%{control.Tmp-String-1}}"
+&control.Tmp-String-1 := "{ssha}%(base64.encode:%{control.Tmp-Octets-0})"
+&control.Password.With-Header := "%(base64.encode:%{control.Tmp-String-1})"
pap.authorize
pap.authenticate {
&control.Tmp-Octets-0 := "%{bin:%{control.Tmp-String-1}}"
# To Base64
-&control.Tmp-String-1 := "%{base64:%{control.Tmp-Octets-0}}"
+&control.Tmp-String-1 := "%(base64.encode:%{control.Tmp-Octets-0})"
&control += {
&Password.With-Header = "{ssha512}%{control.Tmp-String-1}"
&control.Tmp-Octets-0 := "%{bin:%{control.Tmp-String-1}}"
# To Base64
-&control.Tmp-String-1 := "{ssha512}%{base64:%{control.Tmp-Octets-0}}"
+&control.Tmp-String-1 := "{ssha512}%(base64.encode:%{control.Tmp-Octets-0})"
&control += {
- &Password.With-Header = "%{base64:%{control.Tmp-String-1}}"
+ &Password.With-Header = "%(base64.encode:%{control.Tmp-String-1})"
}
pap.authorize
test_fail
}
-if (!%(ldap.profile:cn=suspended,ou=profiles,dc=example,dc=com)) {
+if (!%(ldap.profile:%{taint:cn=suspended,ou=profiles,dc=example,dc=com})) {
test_fail
}
-
-test_pass
projects / thirdparty / freeradius-server.git / commitdiff
