earlier commits didn't do that.
perl -p -i -e 's/^&//' $(git grep -l '^&' src/tests/modules)
}
}
-&control.Password.Cleartext := "hello"
+control.Password.Cleartext := "hello"
reply.Reply-Message := "success"
}
-&control.Password.Cleartext := "hello"
+control.Password.Cleartext := "hello"
}
}
-&control.Password.Cleartext := "hello"
+control.Password.Cleartext := "hello"
attr_filter
-&control.Password.Cleartext := "goodbye"
+control.Password.Cleartext := "goodbye"
-&reply += {
+reply += {
Reply-Message = "success"
}
# Copy request to reply for later
-&reply := request
+reply := request
attr_filter
test_fail
}
-&reply := {}
+reply := {}
-&control.Password.Cleartext := "goodbye"
-&reply.Reply-Message := Reply-Message
+control.Password.Cleartext := "goodbye"
+reply.Reply-Message := Reply-Message
# Series of tests to check for binary safe operation of the cache module
# both keys and values should be binary safe.
#
-&Class := 0xaa00bb00cc00dd00
-&Callback-Id := "foo\000bar\000baz"
+Class := 0xaa00bb00cc00dd00
+Callback-Id := "foo\000bar\000baz"
# 0. Sanity check
if (Callback-Id != "foo\000bar\000baz") {
}
# Now add a second entry, with the value diverging after the first null byte
-&Class := 0xaa00bb00cc00ee00
-&Callback-Id := "bar\000baz"
+Class := 0xaa00bb00cc00ee00
+Callback-Id := "bar\000baz"
# 2. Should create a *new* entry and not update the existing one
cache_bin_key_octets.store
test_fail
}
-&request -= Callback-Id[*]
+request -= Callback-Id[*]
# If the key is binary safe, we should now be able to retrieve the first entry
# if it's not, the above test will likely fail, or we'll get the second entry.
-&Class := 0xaa00bb00cc00dd00
+Class := 0xaa00bb00cc00dd00
cache_bin_key_octets
if (!updated) {
test_fail
}
-&request -= Callback-Id[*]
+request -= Callback-Id[*]
# Now try and get the second entry
-&Class := 0xaa00bb00cc00ee00
+Class := 0xaa00bb00cc00ee00
cache_bin_key_octets
if (!updated) {
test_fail
}
-&request -= Callback-Id[*]
+request -= Callback-Id[*]
#
# We should also be able to use any fixed length data type as a key
# though there are no guarantees this will be portable.
#
-&Framed-IP-Address := 192.168.0.1
-&Callback-Id := "foo\000bar\000baz"
+Framed-IP-Address := 192.168.0.1
+Callback-Id := "foo\000bar\000baz"
cache_bin_key_ipaddr
if (!ok) {
}
# Now add a second entry
-&Framed-IP-Address:= 192.168.0.2
-&Callback-Id := "bar\000baz"
+Framed-IP-Address:= 192.168.0.2
+Callback-Id := "bar\000baz"
cache_bin_key_ipaddr
if (!ok) {
test_fail
}
-&request -= Callback-Id[*]
+request -= Callback-Id[*]
# Now retrieve the first entry
-&Framed-IP-Address := 192.168.0.1
+Framed-IP-Address := 192.168.0.1
cache_bin_key_ipaddr
if (!updated) {
test_fail
}
-&request -= Callback-Id[*]
+request -= Callback-Id[*]
# Now try and get the second entry
-&Framed-IP-Address := 192.168.0.2
+Framed-IP-Address := 192.168.0.2
cache_bin_key_ipaddr
if (!updated) {
test_fail
}
-&request -= Callback-Id[*]
+request -= Callback-Id[*]
test_pass
#
# PRE:
#
-&Filter-Id := 'testkey'
+Filter-Id := 'testkey'
#
# 0. Basic store and retrieve
#
-&control.Callback-Id := 'cache me'
+control.Callback-Id := 'cache me'
cache
if (!ok) {
}
# 2. Check status-only works correctly (should return ok and consume attribute)
-&control.Cache-Status-Only := 'yes'
+control.Cache-Status-Only := 'yes'
cache
if (!ok) {
}
# 6. Retrieving the entry should not expire it
-&request -= Callback-Id[*]
+request -= Callback-Id[*]
cache
if (!updated) {
}
# 8. Force expiry of the entry
-&control.Cache-Allow-Merge := no
-&control.Cache-Allow-Insert := no
-&control.Cache-TTL := 0
+control.Cache-Allow-Merge := no
+control.Cache-Allow-Insert := no
+control.Cache-TTL := 0
cache
if (!ok) {
}
# 9. Check status-only works correctly (should return notfound and consume attribute)
-&control.Cache-Status-Only := 'yes'
+control.Cache-Status-Only := 'yes'
cache
if (!notfound) {
}
# 11. Check merge-only works correctly (should return notfound and consume attribute)
-&control.Cache-Allow-Merge := 'yes'
-&control.Cache-Allow-Insert := 'no'
+control.Cache-Allow-Merge := 'yes'
+control.Cache-Allow-Insert := 'no'
cache
if (!notfound) {
}
# 13. ...and check the entry wasn't recreated
-&control.Cache-Status-Only := 'yes'
+control.Cache-Status-Only := 'yes'
cache
if (!notfound) {
}
# 14. This should still allow the creation of a new entry
-&control.Cache-TTL := -2
+control.Cache-TTL := -2
cache
if (!ok) {
test_fail
}
-&control.Callback-Id := 'cache me2'
+control.Callback-Id := 'cache me2'
# 18. Updating the Cache-TTL shouldn't make things go boom (we can't really check if it works)
-&control.Cache-TTL := 30
+control.Cache-TTL := 30
cache
if (!updated) {
}
# 20. Check that a new entry is created
-&control.Cache-TTL := -2
+control.Cache-TTL := -2
cache
if (!updated) {
}
# 24. Check Cache-Merge = yes works as expected (should update current request)
-&control.Callback-Id := 'cache me3'
-&control.Cache-TTL := -2
-&control.Cache-Merge-New := yes
+control.Callback-Id := 'cache me3'
+control.Cache-TTL := -2
+control.Cache-Merge-New := yes
cache
if (!updated) {
# Series of tests to check for binary safe operation of the cache module
# both keys and values should be binary safe.
#
-&Class := 0xaa11bb00cc00dd00
-&Callback-Id := "foo\000bar\000baz"
+Class := 0xaa11bb00cc00dd00
+Callback-Id := "foo\000bar\000baz"
# 0. Sanity check
if (Callback-Id != "foo\000bar\000baz") {
}
# Now add a second entry, with the value diverging after the first null byte
-&Class := 0xaa11bb00cc00ee00
-&Callback-Id := "bar\000baz"
+Class := 0xaa11bb00cc00ee00
+Callback-Id := "bar\000baz"
# 2. Should create a *new* entry and not update the existing one
cache_bin_key_octets.store
test_fail
}
-&request -= Callback-Id[*]
+request -= Callback-Id[*]
# If the key is binary safe, we should now be able to retrieve the first entry
# if it's not, the above test will likely fail, or we'll get the second entry.
-&Class := 0xaa11bb00cc00dd00
+Class := 0xaa11bb00cc00dd00
cache_bin_key_octets.load
if (!updated) {
test_fail
}
-&request -= Callback-Id[*]
+request -= Callback-Id[*]
# Now try and get the second entry
-&Class := 0xaa11bb00cc00ee00
+Class := 0xaa11bb00cc00ee00
cache_bin_key_octets.load
if (!updated) {
test_fail
}
-&request -= Callback-Id[*]
+request -= Callback-Id[*]
#
# We should also be able to use any fixed length data type as a key
# though there are no guarantees this will be portable.
#
-&Framed-IP-Address := 192.168.1.1
-&Callback-Id := "foo\000bar\000baz"
+Framed-IP-Address := 192.168.1.1
+Callback-Id := "foo\000bar\000baz"
cache_bin_key_ipaddr.store
if (!updated) {
}
# Now add a second entry
-&Framed-IP-Address:= 192.168.1.2
-&Callback-Id := "bar\000baz"
+Framed-IP-Address:= 192.168.1.2
+Callback-Id := "bar\000baz"
cache_bin_key_ipaddr.store
if (!updated) {
test_fail
}
-&request -= Callback-Id[*]
+request -= Callback-Id[*]
# Now retrieve the first entry
-&Framed-IP-Address := 192.168.1.1
+Framed-IP-Address := 192.168.1.1
cache_bin_key_ipaddr.load
if (!updated) {
test_fail
}
-&request -= Callback-Id[*]
+request -= Callback-Id[*]
# Now try and get the second entry
-&Framed-IP-Address := 192.168.1.2
+Framed-IP-Address := 192.168.1.2
cache_bin_key_ipaddr.load
if (!updated) {
test_fail
}
-&request -= Callback-Id[*]
+request -= Callback-Id[*]
test_pass
#
# PRE:
#
-&Filter-Id := 'testkey1'
+Filter-Id := 'testkey1'
#
# 0. Basic update and retrieve
#
-&control.Callback-Id := 'cache me'
+control.Callback-Id := 'cache me'
cache.update
if (!updated) {
}
# 5. Retrieving the entry should not expire it
-&request -= Callback-Id[*]
+request -= Callback-Id[*]
cache.load
if (!updated) {
}
# 14. This should still allow the creation of a new entry
-&control.Cache-TTL := -2
+control.Cache-TTL := -2
cache.update
if (!updated) {
test_fail
}
-&control.Callback-Id := 'cache me2'
+control.Callback-Id := 'cache me2'
# 18. Updating the Cache-TTL shouldn't make things go boom (we can't really check if it works)
-&control.Cache-TTL := 666
+control.Cache-TTL := 666
cache.ttl
if (!updated) {
}
# 20. Check that a new entry is created
-&control.Cache-TTL := -2
+control.Cache-TTL := -2
cache.update
if (!updated) {
}
# 24. Check Cache-Merge = yes works as expected (should update current request)
-&control.Callback-Id := 'cache me3'
-&control.Cache-TTL := -2
-&control.Cache-Merge-New := yes
+control.Callback-Id := 'cache me3'
+control.Cache-TTL := -2
+control.Cache-Merge-New := yes
cache.update
if (!updated) {
#
# PRE: cache-logic
#
-&Filter-Id := 'testkey3'
+Filter-Id := 'testkey3'
# Reply attributes
-&reply.Reply-Message := 'hello'
-&reply += {
+reply.Reply-Message := 'hello'
+reply += {
Reply-Message = 'goodbye'
}
# Request attributes
-&request += {
+request += {
NAS-Port = 10
NAS-Port = 20
NAS-Port = 30
#
# Basic update and retrieve
#
-&control.Callback-Id := 'cache me'
+control.Callback-Id := 'cache me'
cache_update.update
if (!updated) {
}
# Clear out the reply list
-&reply := {}
+reply := {}
test_pass
#
# PRE: cache-logic
#
-&Filter-Id := 'testkey2'
+Filter-Id := 'testkey2'
# Reply attributes
-&reply.Reply-Message := 'hello'
-&reply += {
+reply.Reply-Message := 'hello'
+reply += {
Reply-Message = 'goodbye'
}
# Request attributes
-&request += {
+request += {
NAS-Port = 10
NAS-Port = 20
NAS-Port = 30
#
# Basic update and retrieve
#
-&control.Callback-Id := 'cache me'
+control.Callback-Id := 'cache me'
cache_update
if (!ok) {
}
# Clear out the reply list
-&reply := {}
+reply := {}
# Need to test if thie cache env parses correctly, we dont really care about testing the static key
static_key
#
# PRE: cache-logic
#
-&Filter-Id := 'testkey'
-&control.Callback-Id := 'cache me'
+Filter-Id := 'testkey'
+control.Callback-Id := 'cache me'
cache
if (!ok) {
test_fail
}
-&request.Login-LAT-Service := %cache('request.Callback-Id')
+request.Login-LAT-Service := %cache('request.Callback-Id')
if (Login-LAT-Service != control.Callback-Id) {
test_fail
}
-&Login-LAT-Node := %cache(request.Login-LAT-Port)
+Login-LAT-Node := %cache(request.Login-LAT-Port)
if (Login-LAT-Node) {
test_fail
}
# Regression test for deadlock on notfound
-&Filter-Id := 'testkey0'
+Filter-Id := 'testkey0'
-&Login-LAT-Node := %cache(request.Login-LAT-Port)
+Login-LAT-Node := %cache(request.Login-LAT-Port)
# Would previously deadlock
-&Login-LAT-Port := %cache(request.Login-LAT-Port)
+Login-LAT-Port := %cache(request.Login-LAT-Port)
test_pass
-&CHAP-Challenge := 0x0102030405060708090a0b0c0d0e0f10
-&control.Password.Cleartext := "supersecret"
+CHAP-Challenge := 0x0102030405060708090a0b0c0d0e0f10
+control.Password.Cleartext := "supersecret"
-&CHAP-Password := "%chap.password(%{control.Password.Cleartext})"
+CHAP-Password := "%chap.password(%{control.Password.Cleartext})"
chap.authenticate
if (ok) {
# but we can test the digest length, and for smoke...
#
octets test_octets
-&test_octets := %cipher_rsa.certificate('fingerprint','sha1')
+test_octets := %cipher_rsa.certificate('fingerprint','sha1')
if (%length(%{test_octets}) != 20) {
test_fail
}
-&test_octets := %cipher_rsa.certificate('fingerprint','sha256')
+test_octets := %cipher_rsa.certificate('fingerprint','sha256')
if (%length(%{test_octets}) != 32) {
test_fail
octets test_octets1
octets test_octets2
-&test_string1 := "Hello world!"
-&test_octets1 := %cipher_rsa.encrypt(%{test_string1})
+test_string1 := "Hello world!"
+test_octets1 := %cipher_rsa.encrypt(%{test_string1})
if (!test_octets1) {
test_fail
test_fail
}
-&test_string2 := %cipher_rsa.decrypt(%{test_octets1})
+test_string2 := %cipher_rsa.decrypt(%{test_octets1})
if (test_string1 != test_string2) {
test_fail
#
# Padding scheme should ensure ciphertext is not consistent
#
-&test_octets2 := %cipher_rsa.encrypt(%{test_string1})
+test_octets2 := %cipher_rsa.encrypt(%{test_string1})
if (test_octets1 == test_octets2) {
test_fail
#
# Repeat tests to ensure there are no issues with EVP_PKEY_CTX reuse
#
-&test_string1 := "Goodbye world!"
-&test_octets1 := %cipher_rsa.encrypt(%{test_string1})
+test_string1 := "Goodbye world!"
+test_octets1 := %cipher_rsa.encrypt(%{test_string1})
if (!test_octets1) {
test_fail
test_fail
}
-&test_string2 := %cipher_rsa.decrypt(%{test_octets1})
+test_string2 := %cipher_rsa.decrypt(%{test_octets1})
if (test_string1 != test_string2) {
test_fail
string test_string
octets test_octets
-&test_string := "Hello world!"
-&test_octets := %cipher_rsa.sign(%{test_string})
+test_string := "Hello world!"
+test_octets := %cipher_rsa.sign(%{test_string})
if (!test_octets) {
test_fail
#
# Pass the signature and the original message to the verification function
#
-&test_string := %cipher_rsa.verify(%{test_octets}, %{test_string})
+test_string := %cipher_rsa.verify(%{test_octets}, %{test_string})
if (test_string != 'yes') {
test_fail
#
# Verification should now fail
#
-&test_string := "Goodbye world!"
-&test_string := %cipher_rsa.verify(%{test_octets}, %{test_string})
+test_string := "Goodbye world!"
+test_string := %cipher_rsa.verify(%{test_octets}, %{test_string})
if (test_string != 'no') {
test_fail
#
# Repeat tests to ensure there are no issues with EVP_PKEY_CTX reuse
#
-&test_string := "Hello nurse!"
-&test_octets := %cipher_rsa.sign(%{test_string})
+test_string := "Hello nurse!"
+test_octets := %cipher_rsa.sign(%{test_string})
if (!test_octets) {
test_fail
#
# Pass the signature and the original message to the verification function
#
-&test_string := %cipher_rsa.verify(%{test_octets}, %{test_string})
+test_string := %cipher_rsa.verify(%{test_octets}, %{test_string})
if (test_string != 'yes') {
test_fail
#
# Verification should now fail
#
-&test_string := "Goodbye nurse!"
-&test_string := %cipher_rsa.verify(%{test_octets}, %{test_string})
+test_string := "Goodbye nurse!"
+test_string := %cipher_rsa.verify(%{test_octets}, %{test_string})
if (test_string != 'no') {
test_fail
octets test_octets
-&test_octets := %cipher_rsa.certificate('serial')
+test_octets := %cipher_rsa.certificate('serial')
if (%length(%{test_octets}) != 1) {
test_fail
date test_date1
date test_date2
-&test_date1 := "%cipher_rsa.certificate(notBefore)"
-&test_date2 := "%cipher_rsa.certificate(notAfter)"
+test_date1 := "%cipher_rsa.certificate(notBefore)"
+test_date2 := "%cipher_rsa.certificate(notAfter)"
# Check the cert validity period is 30 days
if !((test_date2 - test_date1) == ((time_delta) (86400 * 60))) {
test_fail
}
-&request -= Filter-Id[*]
+request -= Filter-Id[*]
map client 127.0.0.2 {
Filter-Id += 'group'
test_fail
}
-&request -= Filter-Id[*]
-&request -= Callback-Id[*]
+request -= Filter-Id[*]
+request -= Callback-Id[*]
#
# Test non-existent client properties
string test_string
-&test_string := "%client('nas_type')"
+test_string := "%client('nas_type')"
if (test_string != 'a_type') {
test_fail
}
-&test_string := "%client('nas_type',127.0.0.1)"
+test_string := "%client('nas_type',127.0.0.1)"
if (test_string != 'a_type') {
test_fail
}
-&test_string := "%client('nas_type',127.0.0.2)"
+test_string := "%client('nas_type',127.0.0.2)"
if (test_string != 'b_type') {
test_fail
}
-&test_string := "%client('nas_type',127.0.0.5)"
+test_string := "%client('nas_type',127.0.0.5)"
if (test_string != 'b_type') {
test_fail
#
# Test non-existent client properties
#
-&test_string := "%client('non-existent-attr')"
+test_string := "%client('non-existent-attr')"
if !(test_string == "") {
test_fail
}
-&test_string := "%client('non-existing-attr2')"
+test_string := "%client('non-existing-attr2')"
if !(test_string == "") {
test_fail
}
%file.rm("$ENV{MODULE_TEST_DIR}/127-2e0-2e0-2e1-with--n-c3-b6n--ascii-21")
-&request -= Module-Failure-Message[*]
+request -= Module-Failure-Message[*]
detail_escape
%file.rm("$ENV{MODULE_TEST_DIR}/127.0.0.1-detail")
-&request -= Module-Failure-Message[*]
+request -= Module-Failure-Message[*]
detail
%file.rm("$ENV{MODULE_TEST_DIR}/127.0.0.1-suppress")
-&request -= Module-Failure-Message[*]
+request -= Module-Failure-Message[*]
detail_suppress
-&Vendor-Specific.FreeRADIUS.Proxied-To := 127.0.0.1
+Vendor-Specific.FreeRADIUS.Proxied-To := 127.0.0.1
-&Reply-Message := 'foo'
+Reply-Message := 'foo'
if (%dict.attr.by_num(1) != 'User-Name') {
test_fail
#
# Encrypt the permanent ID
#
-&test_string := '1420032219455258'
-&control.User-Name := %3gpp_temporary_id_encrypt(%{User-Name},%{test_string},6)
+test_string := '1420032219455258'
+control.User-Name := %3gpp_temporary_id_encrypt(%{User-Name},%{test_string},6)
#
# 0.2 - Can we get the EAP method from the encrypted blob correctly?
#
# 0.5 - Get the original IMSI back again
#
-&result_string := %3gpp_temporary_id_decrypt(%{control.User-Name},%{test_string})
+result_string := %3gpp_temporary_id_decrypt(%{control.User-Name},%{test_string})
if (result_string != User-Name) {
test_fail
#
# 1.1 - Encrypt the permanent ID
#
-&test_string := '1420032219455259'
-&control += {
+test_string := '1420032219455259'
+control += {
User-Name = %3gpp_temporary_id_encrypt(%{User-Name[1]},%{test_string},6)
}
#
# 1.4 - Get the original IMSI back again
#
-&result_string := %3gpp_temporary_id_decrypt(%{control.User-Name[1]},%{test_string})
+result_string := %3gpp_temporary_id_decrypt(%{control.User-Name[1]},%{test_string})
if (result_string != "0%{User-Name[1]}") {
test_fail
#
# 2.1 - Encrypt the permanent ID for fastauth
#
-&test_string := '1420032219455259'
-&control += {
+test_string := '1420032219455259'
+control += {
User-Name = %3gpp_temporary_id_encrypt(%{User-Name[1]},%{test_string},6,fastauth)
}
#
# 2.4 - Get the original IMSI back again
#
-&result_string := %3gpp_temporary_id_decrypt(%{control.User-Name[2]},%{test_string})
+result_string := %3gpp_temporary_id_decrypt(%{control.User-Name[2]},%{test_string})
if (result_string != "0%{User-Name[1]}") {
test_fail
#
# 1.1 - Encrypt the permanent ID
#
-&test_string := '1420032219455259'
-&control.User-Name := %3gpp_temporary_id_encrypt(%{User-Name},%{test_string},6)
+test_string := '1420032219455259'
+control.User-Name := %3gpp_temporary_id_encrypt(%{User-Name},%{test_string},6)
#
# 1.2 - Get the original IMSI back again sans tag
#
-&result_string := %3gpp_temporary_id_decrypt(%{control.User-Name}, %{test_string}, 'false')
+result_string := %3gpp_temporary_id_decrypt(%{control.User-Name}, %{test_string}, 'false')
if ("%{User-Name}" =~ /^0(.*)/) {
if (!result_string || (result_string == '') || (%{result_string} != "%{1}")) {
#
# No domain separator
#
-&User-Name := '14200322194552581'
+User-Name := '14200322194552581'
if ("%aka_sim_id_method(%{User-Name})" != '') {
test_fail
#
# Zero length ID
#
-&User-Name := ''
+User-Name := ''
if ("%aka_sim_id_method(%{User-Name})" != '') {
test_fail
#
# Encrypt the permanent ID
#
-&test_string := '1234567812345678'
-&control.User-Name := %3gpp_temporary_id_encrypt(%{User-Name},%{test_string},6)
+test_string := '1234567812345678'
+control.User-Name := %3gpp_temporary_id_encrypt(%{User-Name},%{test_string},6)
#
# Can we get the EAP method from the encrypted blob correctly?
# Async calls should always return a zero length string
# because we don't wait for the response.
#
-&test_string := %exec_async('/bin/sh','-c',"'echo -n hello'")
+test_string := %exec_async('/bin/sh','-c',"'echo -n hello'")
if test_string {
test_fail
}
# Smoke test - Setup an async process that'll keep running after
# after the test exits.
#
-&test_string := %exec_async('/bin/sh','-c',"'sleep 1'")
+test_string := %exec_async('/bin/sh','-c',"'sleep 1'")
if test_string {
test_fail
}
# Sync calls should always return a zero length string
# because we don't wait for the response.
#
-&test_string := %exec('/bin/sh', '-c', 'echo hello')
+test_string := %exec('/bin/sh', '-c', 'echo hello')
if (test_string != 'hello') {
test_fail
}
#
# @todo - list over-rides are not allowed!
#
-&control += %exec('/bin/sh', '-c', "echo Reply-Message := \'hello\'")
+control += %exec('/bin/sh', '-c', "echo Reply-Message := \'hello\'")
if (control.Reply-Message != 'hello') {
test_fail
#
# Sync calls return the response
#
-&test_string := %exec_sync('/bin/sh', '-c', "echo 'hello'")
+test_string := %exec_sync('/bin/sh', '-c', "echo 'hello'")
if (test_string != 'hello') {
test_fail
}
#
# Call something which will take longer than the timeout
#
-&request -= Module-Failure-Message
+request -= Module-Failure-Message
-&test_string := %exec_sync('/bin/sleep', '10')
+test_string := %exec_sync('/bin/sleep', '10')
if (Module-Failure-Message != "Execution of external program failed: Timeout running program") {
test_fail
test_fail
}
-&request -= Module-Failure-Message
+request -= Module-Failure-Message
-&test_string := %exec_sync('/bin/sh', "$ENV{MODULE_TEST_DIR}/fail.sh")
+test_string := %exec_sync('/bin/sh', "$ENV{MODULE_TEST_DIR}/fail.sh")
if test_string {
test_fail
test_fail
}
-&control -= Filter-Id[*]
+control -= Filter-Id[*]
#
# Call a module which uses an xlat function in its arguments
#
test_fail
}
-&reply -= Filter-Id[*]
+reply -= Filter-Id[*]
test_pass
# Add multiple instances of Realm to the control list
# The data should match on the second.
-&control += {
+control += {
Realm = 'one'
Realm = 'two'
Realm = 'three'
-&Filter-Id := 'test0'
-&Callback-Id := 'test1'
+Filter-Id := 'test0'
+Callback-Id := 'test1'
compound_key
if (!ok) {
-&FreeRADIUS-Client-IP-Prefix := 10.1.2.3/32
+FreeRADIUS-Client-IP-Prefix := 10.1.2.3/32
subnet
test_fail
}
-&FreeRADIUS-Client-IP-Prefix := 10.2.3.4/32
+FreeRADIUS-Client-IP-Prefix := 10.2.3.4/32
-&reply -= Reply-Message[*]
+reply -= Reply-Message[*]
subnet
test_fail
}
-&FreeRADIUS-Client-IP-Prefix := 10.1.2.3/32
-&Password.Cleartext := "hello"
+FreeRADIUS-Client-IP-Prefix := 10.1.2.3/32
+Password.Cleartext := "hello"
-&reply -= Reply-Message[*]
+reply -= Reply-Message[*]
subnet
-&FreeRADIUS-Client-IP-Prefix := 192.168.1.1/32
+FreeRADIUS-Client-IP-Prefix := 192.168.1.1/32
-&reply -= Reply-Message[*]
+reply -= Reply-Message[*]
subnet
-&FreeRADIUS-Client-IP-Prefix := 10.1.2.3/32
+FreeRADIUS-Client-IP-Prefix := 10.1.2.3/32
subnet2
}
# Delete previous reply messages
-&reply -= Reply-Message[*]
+reply -= Reply-Message[*]
-&FreeRADIUS-Client-IP-Prefix := 10.2.2.3/15
+FreeRADIUS-Client-IP-Prefix := 10.2.2.3/15
subnet2
string test_string
-&test_string := %ping(127.0.0.1)
+test_string := %ping(127.0.0.1)
#
# @todo - conditions do not yet support YIELD
# PRE: update if
#
-&test_string := "%idn('example.com')"
+test_string := "%idn('example.com')"
if (test_string != "example.com") {
test_fail
}
-&test_string := "%idn('èxâmpłé.com')"
+test_string := "%idn('èxâmpłé.com')"
if (test_string != "xn--xmp-ila2ak63d.com") {
test_fail
}
-&test_string := "%idn('пример.com')"
+test_string := "%idn('пример.com')"
if (test_string != "xn--e1afmkfd.com") {
test_fail
}
-&test_string := "%idn('παράδειγμα.com')"
+test_string := "%idn('παράδειγμα.com')"
if (test_string != "xn--hxajbheg2az3al.com") {
test_fail
}
-&test_string := "%idn('ตัวอย่าง.com')"
+test_string := "%idn('ตัวอย่าง.com')"
if (test_string != "xn--72c1a1bt4awk9o.com") {
test_fail
}
-&test_string := "%idn('invalid_example.com')"
+test_string := "%idn('invalid_example.com')"
if (Module-Failure-Message != "Non-digit/letter/hyphen in input") {
test_fail
test_fail
}
-&request -= Module-Failure-Message[*]
+request -= Module-Failure-Message[*]
-&test_string := "%idn('a.véry.löng.ņàme.whîch.when.expânded.exceedş.ţhe.dns.stanđard.fór.string.łength.of.twø.hündred.ând.fifty.threé.charáctèrs.and.therefore.is.invalid.for.idn.conversion')"
+test_string := "%idn('a.véry.löng.ņàme.whîch.when.expânded.exceedş.ţhe.dns.stanđard.fór.string.łength.of.twø.hündred.ând.fifty.threé.charáctèrs.and.therefore.is.invalid.for.idn.conversion')"
if (Module-Failure-Message != "Conversion was truncated") {
test_fail
reject
}
-&reply.Packet-Type := "Access-Accept"
+reply.Packet-Type := "Access-Accept"
reject
}
-&reply.Packet-Type := "Access-Accept"
+reply.Packet-Type := "Access-Accept"
#
# Check for module failing with missing attributes
#
-&request -= User-Password[*]
+request -= User-Password[*]
imap.authenticate {
fail = 1
test_fail
}
-&User-Password := 'test2'
-&request -= User-Name[*]
+User-Password := 'test2'
+request -= User-Name[*]
imap.authenticate {
fail = 1
# Now do multiple authentications of different users
#
-&User-Name := 'user2'
+User-Name := 'user2'
imap.authenticate {
fail = 1
}
test_fail
}
-&User-Name := 'user3'
-&User-Password := 'test3'
+User-Name := 'user3'
+User-Password := 'test3'
imap.authenticate {
fail = 1
}
#
# And repeat all three
#
-&User-Name := 'user1'
-&User-Password := 'test1'
+User-Name := 'user1'
+User-Password := 'test1'
imap.authenticate {
fail = 1
}
test_fail
}
-&User-Name := 'user2'
-&User-Password := 'test2'
+User-Name := 'user2'
+User-Password := 'test2'
imap.authenticate {
fail = 1
}
test_fail
}
-&User-Name := 'user3'
-&User-Password := 'test3'
+User-Name := 'user3'
+User-Password := 'test3'
imap.authenticate {
fail = 1
}
#
# json.encode tests
#
-&request -= Packet-Type[*]
+request -= Packet-Type[*]
#
# HACK: the edit code does not currently support deleted by parent
# or even request -= Net.[*]
# which returns an error?
#
-&request -= Net.Src.IP
-&request -= Net.Src.Port
-&request -= Net.Dst.IP
-&request -= Net.Dst.Port
-&request -= Net.Timestamp
-&request -= Net[*]
+request -= Net.Src.IP
+request -= Net.Src.Port
+request -= Net.Dst.IP
+request -= Net.Dst.Port
+request -= Net.Timestamp
+request -= Net[*]
# 0. Check basic xlat parsing
-&test_string1 := %json.encode("request.[*]")
-&test_string2 := %json.encode("request.[*] ")
-&test_string3 := %json.encode(" request.[*]")
-&test_string4 := %json.encode(" request.[*] ")
+test_string1 := %json.encode("request.[*]")
+test_string2 := %json.encode("request.[*] ")
+test_string3 := %json.encode(" request.[*]")
+test_string4 := %json.encode(" request.[*] ")
if (!(test_string1 == '{"User-Name":{"type":"string","value":"john"},"Filter-Id":{"type":"string","value":["f1","f2"]},"NAS-Port":{"type":"uint32","value":999},"Service-Type":{"type":"uint32","value":"Login-User"}}')) {
test_fail
}
# Check defaults are the same as output_mode "object":
-&test_string2 := %json_object.encode("request.[*]")
-&test_string3 := %json_object_no.encode("request.[*]")
+test_string2 := %json_object.encode("request.[*]")
+test_string3 := %json_object_no.encode("request.[*]")
if (!(test_string1 == test_string2) ||
!(test_string1 == test_string3)) {
test_fail
}
-&test_string1 := %json.encode(" request.[*] !Filter-Id ")
+test_string1 := %json.encode(" request.[*] !Filter-Id ")
if !(test_string1 == '{"User-Name":{"type":"string","value":"john"},"NAS-Port":{"type":"uint32","value":999},"Service-Type":{"type":"uint32","value":"Login-User"}}') {
test_fail
}
-&test_string1 := %json.encode("request.[*] ! ")
+test_string1 := %json.encode("request.[*] ! ")
if test_string1 {
test_fail
}
# These are unsorted dictionaries. Hopefully json-c doesn't suddenly
# decide that it's going to use a different ordering of the keys...
-&test_string1 := %json_object.encode("request.[*]")
-&test_string2 := %json_object_ex.encode("request.[*]")
+test_string1 := %json_object.encode("request.[*]")
+test_string2 := %json_object_ex.encode("request.[*]")
if !(test_string1 == '{"User-Name":{"type":"string","value":"john"},"Filter-Id":{"type":"string","value":["f1","f2"]},"NAS-Port":{"type":"uint32","value":999},"Service-Type":{"type":"uint32","value":"Login-User"}}') {
test_fail
}
# 1b. "object" empty inputs
-&test_string1 := %json_object.encode("!request.[*]")
+test_string1 := %json_object.encode("!request.[*]")
if !(test_string1 == '{}') {
test_fail
}
# 2a. Output mode "object_simple" tests
-&test_string1 := %json_object_simple.encode("request.[*]")
-&test_string2 := %json_object_simple_ex.encode("request.[*]")
+test_string1 := %json_object_simple.encode("request.[*]")
+test_string2 := %json_object_simple_ex.encode("request.[*]")
if !(test_string1 == '{"User-Name":"john","Filter-Id":["f1","f2"],"NAS-Port":999,"Service-Type":"Login-User"}') {
test_fail
}
# 2b. "object_simple" empty inputs
-&test_string1 := %json_object_simple.encode("!request.[*]")
+test_string1 := %json_object_simple.encode("!request.[*]")
if !(test_string1 == '{}') {
test_fail
}
# 3a. Output mode "array" tests
-&test_string1 := %json_array.encode("request.[*]")
-&test_string2 := %json_array_ex.encode("request.[*]")
+test_string1 := %json_array.encode("request.[*]")
+test_string2 := %json_array_ex.encode("request.[*]")
if !(test_string1 == '[{"name":"User-Name","type":"string","value":"john"},{"name":"Filter-Id","type":"string","value":"f1"},{"name":"Filter-Id","type":"string","value":"f2"},{"name":"NAS-Port","type":"uint32","value":999},{"name":"Service-Type","type":"uint32","value":"Login-User"}]') {
test_fail
}
# 3b. "array" empty inputs
-&test_string1 := %json_array.encode("!request.[*]")
+test_string1 := %json_array.encode("!request.[*]")
if !(test_string1 == '[]') {
test_fail
}
# 4a. Output mode "array_of_names" tests
-&test_string1 := %json_array_names.encode("request.[*]")
-&test_string2 := %json_array_names_ex.encode("request.[*]")
+test_string1 := %json_array_names.encode("request.[*]")
+test_string2 := %json_array_names_ex.encode("request.[*]")
if !(test_string1 == '["User-Name","Filter-Id","Filter-Id","NAS-Port","Service-Type"]') {
test_fail
}
# 4b. "array_of_names" empty inputs
-&test_string1 := %json_array_names.encode("!request.[*]")
+test_string1 := %json_array_names.encode("!request.[*]")
if !(test_string1 == '[]') {
test_fail
}
# 5a. Output mode "array_of_values" tests
-&test_string1 := %json_array_values.encode("request.[*]")
-&test_string2 := %json_array_values_ex.encode("request.[*]")
+test_string1 := %json_array_values.encode("request.[*]")
+test_string2 := %json_array_values_ex.encode("request.[*]")
if !(test_string1 == '["john","f1","f2",999,"Login-User"]') {
test_fail
}
# 5b. "array_of_values" empty inputs
-&test_string1 := %json_array_values.encode("!request.[*]")
+test_string1 := %json_array_values.encode("!request.[*]")
if !(test_string1 == '[]') {
test_fail
# json xlat input parsing test - error with no input
#
-&test_string := %json_object_ex_encode() # ERROR
+test_string := %json_object_ex_encode() # ERROR
if (test_string) {
test_fail
}
int64 test_int64
string test_string
-&Filter-Id := "{\"foo\":\"bar\"}"
+Filter-Id := "{\"foo\":\"bar\"}"
# 0. Simple field access
map json Filter-Id {
test_fail
}
-&Filter-Id := "\
+Filter-Id := "\
{\
\"my_array\": [0, 1, 2, 3, 4, 5], \
\"my_object\": { \
\"bool_false\": false \
}"
-&request -= Callback-Id[*]
+request -= Callback-Id[*]
# Check conversion of all JSON types to strings
map json Filter-Id {
test_fail
}
-&request -= Callback-Id[*]
+request -= Callback-Id[*]
#
# Now check array slicing operates correctly
test_fail
}
-&request -= Callback-Id[*]
+request -= Callback-Id[*]
# 9. Simple index
map json Filter-Id {
test_fail
}
-&request -= NAS-Port[*]
+request -= NAS-Port[*]
# 9a. All of the array
map json Filter-Id {
test_fail
}
-&NAS-Port := 9
+NAS-Port := 9
# 9b. All of the array using prepend, places the array before the existing value
map json Filter-Id {
test_fail
}
-&request -= NAS-Port[*]
+request -= NAS-Port[*]
# 10. End of the array
map json Filter-Id {
test_fail
}
-&request -= NAS-Port[*]
+request -= NAS-Port[*]
# 11. Past end of the array
map json Filter-Id {
test_fail
}
-&request -= NAS-Port[*]
+request -= NAS-Port[*]
# 12. Simple slice
map json Filter-Id {
test_fail
}
-&request -= NAS-Port[*]
+request -= NAS-Port[*]
# 13. Slice with negative start
map json Filter-Id {
test_fail
}
-&request -= NAS-Port[*]
+request -= NAS-Port[*]
# 14. Slice with negative start and negative end
map json Filter-Id {
test_fail
}
-&request -= NAS-Port[*]
+request -= NAS-Port[*]
# 16. Slice with start, end and negative step
map json Filter-Id {
test_fail
}
-&request -= NAS-Port[*]
+request -= NAS-Port[*]
# 17. Slice with start, end (inverted) and negative step
map json Filter-Id {
test_fail
}
-&request -= NAS-Port[*]
+request -= NAS-Port[*]
# 18. Slice with start, end and positive step
map json Filter-Id {
test_fail
}
-&request -= NAS-Port[*]
+request -= NAS-Port[*]
# 19. Slice with start, end and positive step > 1
map json Filter-Id {
test_fail
}
-&request -= NAS-Port[*]
+request -= NAS-Port[*]
# 20. Slice with start, end and positive step > end of array
map json Filter-Id {
test_fail
}
-&request -= NAS-Port[*]
+request -= NAS-Port[*]
# 21. Slice with start, end and positive step > end of array
map json Filter-Id {
test_fail
}
-&request -= NAS-Port[*]
+request -= NAS-Port[*]
# 22. No start/end 3 step
map json Filter-Id {
test_fail
}
-&request -= NAS-Port[*]
+request -= NAS-Port[*]
# 23. No start/end 3 step
map json Filter-Id {
test_fail
}
-&request -= NAS-Port[*]
+request -= NAS-Port[*]
# 24. No end 3 step
map json Filter-Id {
test_fail
}
-&request -= NAS-Port[*]
+request -= NAS-Port[*]
# 25. End 0, 3 step
map json Filter-Id {
test_fail
}
-&request -= NAS-Port[*]
+request -= NAS-Port[*]
# 26. End 0, 3 step
map json Filter-Id {
test_fail
}
-&request -= NAS-Port[*]
+request -= NAS-Port[*]
# 27. Everything two levels deep
map json Filter-Id {
test_fail
}
-&request -= Callback-Id[*]
+request -= Callback-Id[*]
# 28. Everything three levels deep (nothing)
map json Filter-Id {
}
# Some big numbers in nested arrays
-&Filter-Id := "\
+Filter-Id := "\
[\
9223372036854775807, \
-9223372036854775807, \
test_fail
}
-&request -= NAS-Port[*]
+request -= NAS-Port[*]
# 33. Signed 64bit integers
if (0) {
test_fail
}
-&request -= test_int64[*]
+request -= test_int64[*]
# 35. Unsigned 64bit integers (not allowed by json so gets truncated)
map json Filter-Id {
}
}
-&request -= Acct-Input-Octets64[*]
+request -= Acct-Input-Octets64[*]
# 36. Multiple array indices
map json Filter-Id {
test_fail
}
-&request -= Cache-TTL[*]
+request -= Cache-TTL[*]
# 37. Path containing dynamic expansion
-&test_integer := 0
+test_integer := 0
map json Filter-Id {
NAS-Port += "$[3][%{test_integer}]"
if !(NAS-Port == 2147483647) {
test_fail
}
-&request -= NAS-Port[*]
+request -= NAS-Port[*]
# 38. An expanded field name with bad chars
-&Filter-Id := "\
+Filter-Id := "\
{\
\"foo.bar\": \"baz\" \
}"
-&test_string := "%taint('foo.bar')"
+test_string := "%taint('foo.bar')"
map json Filter-Id {
Callback-Id := "$.%{test_string}"
test_fail
}
-&request -= Callback-Id[*]
+request -= Callback-Id[*]
-&Filter-Id := "\
+Filter-Id := "\
{\
\"my_array\": [0, 1, 2, 3, 4, 5], \
\"my_object\": { \
test_fail
}
-&request -= Callback-Id[*]
+request -= Callback-Id[*]
# 40. Recursive descent with element match (2nd element in each array)
map json Filter-Id {
if (!("%{Callback-Id[#]}" == 3) || !(Callback-Id[0] == '1') || !(Callback-Id[1] == 'scratchy') || !(Callback-Id[2] == 'clawy')) {
test_fail
}
-&request -= Callback-Id[*]
+request -= Callback-Id[*]
# 41. Recursive descent with field then element match
map json Filter-Id {
test_fail
}
-&request -= Callback-Id[*]
+request -= Callback-Id[*]
test_pass
ipaddr test_ipaddr
string dummy_string
-&test_string := "Hello\n"
+test_string := "Hello\n"
if (!(%json.quote(%{test_string}) == "\"Hello\\n\"")) {
test_fail
}
-&test_string := "Hello\nbob"
+test_string := "Hello\nbob"
if (!(%json.quote(%{test_string}) == "\"Hello\\nbob\"")) {
test_fail
}
-&test_string := "\nHello\nbob"
+test_string := "\nHello\nbob"
if (!(%json.quote(%{test_string}) == "\"\\nHello\\nbob\"")) {
test_fail
}
-&test_string := "Hello!"
+test_string := "Hello!"
if (!(%json.quote(%{test_string}) == '"Hello!"')) {
test_fail
}
-&test_integer := 123456
+test_integer := 123456
if (!(%json.quote(%{test_integer}) == '123456')) {
test_fail
}
-&test_ipaddr := 127.0.0.1
+test_ipaddr := 127.0.0.1
if (!(%json.quote(%{test_ipaddr}) == '"127.0.0.1"')) {
test_fail
}
-&Tag-1 := {
+Tag-1 := {
Vendor-Specific = {
Unisphere = {
Service-Activate = "PPPOE_SERVICE(3072000,2048000)"
string test_string
# An error string from Azure AD, try and access all the bits
-&test_string := "{\"error\":\"invalid_grant\",\"error_description\":\"AADSTS50126: Error validating credentials due to invalid username or password.\\r\\nTrace ID: 20bb60a5-5504-4a6b-ab40-a353a95c2500\\r\\nCorrelation ID: e58bb567-ad15-4a46-8341-cc6e800dd817\\r\\nTimestamp: 2023-02-11 02:32:40Z\",\"error_codes\":[50126],\"timestamp\":\"2023-02-11 02:32:40Z\",\"trace_id\":\"20bb60a5-5504-4a6b-ab40-a353a95c2500\",\"correlation_id\":\"e58bb567-ad15-4a46-8341-cc6e800dd817\",\"error_uri\":\"https://login.microsoftonline.com/error?code=50126\"}"
+test_string := "{\"error\":\"invalid_grant\",\"error_description\":\"AADSTS50126: Error validating credentials due to invalid username or password.\\r\\nTrace ID: 20bb60a5-5504-4a6b-ab40-a353a95c2500\\r\\nCorrelation ID: e58bb567-ad15-4a46-8341-cc6e800dd817\\r\\nTimestamp: 2023-02-11 02:32:40Z\",\"error_codes\":[50126],\"timestamp\":\"2023-02-11 02:32:40Z\",\"trace_id\":\"20bb60a5-5504-4a6b-ab40-a353a95c2500\",\"correlation_id\":\"e58bb567-ad15-4a46-8341-cc6e800dd817\",\"error_uri\":\"https://login.microsoftonline.com/error?code=50126\"}"
map json test_string {
Filter-Id := '$.error'
# Bill should be disabled
-&Stripped-User-Name := 'bill'
+Stripped-User-Name := 'bill'
ldap {
disallow = 1
}
}
# Test suspended profile application
-&Stripped-User-Name := 'bobby'
+Stripped-User-Name := 'bobby'
ldap
if (!updated) {
test_fail
test_fail
}
-&reply := {}
+reply := {}
test_pass
test_fail
}
-&test_string := %ldap("ldap://$ENV{TEST_SERVER}/uid=bob,ou=people,dc=example,dc=com?description")
+test_string := %ldap("ldap://$ENV{TEST_SERVER}/uid=bob,ou=people,dc=example,dc=com?description")
if (test_string != "User bob is online") {
test_fail
ldap.send.access-accept
-&test_string := %ldap("ldap://$ENV{TEST_SERVER}/uid=john,ou=people,dc=example,dc=com?description")
+test_string := %ldap("ldap://$ENV{TEST_SERVER}/uid=john,ou=people,dc=example,dc=com?description")
if (!(test_string == "User %{User-Name} authenticated")) {
test_fail
}
# userPKCS12 is set to be updated from Class - which doesn't exist - check nothing was added
-&test_octets := %ldap("ldap://$ENV{TEST_SERVER}/uid=john,ou=people,dc=example,dc=com?userPKCS12")
+test_octets := %ldap("ldap://$ENV{TEST_SERVER}/uid=john,ou=people,dc=example,dc=com?userPKCS12")
if (test_octets) {
test_fail
}
# Add dummy octet data and re-run the LDAP update to check the data is added
-&Class := 0x01020304
+Class := 0x01020304
ldap.send.access-accept
-&test_octets := %ldap("ldap://$ENV{TEST_SERVER}/uid=john,ou=people,dc=example,dc=com?userPKCS12")
+test_octets := %ldap("ldap://$ENV{TEST_SERVER}/uid=john,ou=people,dc=example,dc=com?userPKCS12")
if (test_octets != 0x01020304) {
test_fail
}
# Remove the RADIUS attribute and check that the update doesn't clear the LDAP attribute
-&request -= Class[*]
+request -= Class[*]
ldap.send.access-accept
-&test_octets := %ldap("ldap://$ENV{TEST_SERVER}/uid=john,ou=people,dc=example,dc=com?userPKCS12")
+test_octets := %ldap("ldap://$ENV{TEST_SERVER}/uid=john,ou=people,dc=example,dc=com?userPKCS12")
if (test_octets != 0x01020304) {
test_fail
}
# carLicense is being populated with += - so there should be 3 instances now
-&control.Filter-Id := %ldap("ldap://$ENV{TEST_SERVER}/uid=john,ou=people,dc=example,dc=com?carLicense")
+control.Filter-Id := %ldap("ldap://$ENV{TEST_SERVER}/uid=john,ou=people,dc=example,dc=com?carLicense")
if (control.Filter-Id[#] != 3) {
test_fail
}
ldap.send.access-accept
-&test_string := %ldap("ldap://$ENV{TEST_SERVER}/uid=peter,ou=people,dc=example,dc=com?description")
+test_string := %ldap("ldap://$ENV{TEST_SERVER}/uid=peter,ou=people,dc=example,dc=com?description")
if (!(test_string == "User %{User-Name} authenticated")) {
test_fail
ldapssl.send.access-accept
-&test_string := %ldapssl("ldaps:///uid=fred,ou=people,dc=subdept,dc=example,dc=com?description")
+test_string := %ldapssl("ldaps:///uid=fred,ou=people,dc=subdept,dc=example,dc=com?description")
if (!(test_string == "User %{User-Name} authenticated")) {
test_fail
ldaptls.send.access-accept
-&test_string := %ldaptls("ldap:///uid=joe,ou=people,dc=subdept,dc=example,dc=com?description")
+test_string := %ldaptls("ldap:///uid=joe,ou=people,dc=subdept,dc=example,dc=com?description")
if (!(test_string == "User %{User-Name} authenticated")) {
test_fail
string base_dn
-&base_dn=%ldap.uri.safe('dc=example,dc=com')
+base_dn=%ldap.uri.safe('dc=example,dc=com')
ldap_dynamic_dn
if (!ok) {
test_fail
}
# Bad DN
-&base_dn := %ldap.uri.safe('dc=example,dc=foo,dc=com')
+base_dn := %ldap.uri.safe('dc=example,dc=foo,dc=com')
ldap_dynamic_dn
if (!notfound) {
test_fail
-&net.src.ip := 1.1.1.1
+net.src.ip := 1.1.1.1
map ldap "ldapi:///ou=clients,dc=example,dc=com??sub?(&(objectClass=radiusClient)(objectClass=freeradiusClient)(freeradiusClientIdentifier=%{net.src.ip}))" {
# secret
# Test the "ldap" module xlat escape functions
#
-&test_string := "safe string"
+test_string := "safe string"
# String with no escaping
-&result_string := %ldap.uri.escape(%{test_string})
+result_string := %ldap.uri.escape(%{test_string})
if (!(result_string == "safe string")) {
test_fail
}
-&result_string := %ldap.uri.unescape(%{result_string})
+result_string := %ldap.uri.unescape(%{result_string})
if (!(result_string == 'safe string')) {
test_fail
}
# String with some characters to escape
-&test_string := 'non safe,+"\<>;*=() string'
-&result_string := %ldap.uri.escape(%{test_string})
+test_string := 'non safe,+"\<>;*=() string'
+result_string := %ldap.uri.escape(%{test_string})
if (!(result_string == 'non safe\2c\2b\22\5c\3c\3e\3b\2a\3d\28\29 string')) {
test_fail
}
-&result_string := %ldap.uri.unescape(%{result_string})
+result_string := %ldap.uri.unescape(%{result_string})
if (!(result_string == 'non safe,+"\<>;*=() string')) {
test_fail
}
# String where all characters require escaping
-&test_string := ',+"\<>;*=()'
-&result_string := %ldap.uri.escape(%{test_string})
+test_string := ',+"\<>;*=()'
+result_string := %ldap.uri.escape(%{test_string})
if (!(result_string == '\2c\2b\22\5c\3c\3e\3b\2a\3d\28\29')) {
test_fail
}
-&result_string := %ldap.uri.unescape(%{result_string})
+result_string := %ldap.uri.unescape(%{result_string})
if (!(result_string == ',+"\<>;*=()')) {
test_fail
}
-&result_string := %ldap("ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=people,dc=example,dc=com?displayName?sub?(uid=john)")
+result_string := %ldap("ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=people,dc=example,dc=com?displayName?sub?(uid=john)")
if (!(result_string == "John Doe")) {
test_fail
}
# Return multiple values - could be in any sequence
-&Framed-IP-Address := %ldap("ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=clients,dc=example,dc=com?freeradiusClientIdentifier?sub?(objectClass=freeradiusClient)")
+Framed-IP-Address := %ldap("ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=clients,dc=example,dc=com?freeradiusClientIdentifier?sub?(objectClass=freeradiusClient)")
if !((Framed-IP-Address[0] == "1.1.1.1") && (Framed-IP-Address[1] == "2.2.2.2")) {
test_fail
}
# Use tainted string in filter - with special characters
-&result_string := %ldap("ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=people,dc=example,dc=com?cn?sub?(displayName=*%{Filter-Id}*)")
+result_string := %ldap("ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=people,dc=example,dc=com?cn?sub?(displayName=*%{Filter-Id}*)")
if (!(result_string == "Bob Smith")) {
test_fail
}
# A query which should return no results
-&result_string := %ldap("ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=people,dc=example,dc=com?displayName?sub?(uid=notknown)")
+result_string := %ldap("ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=people,dc=example,dc=com?displayName?sub?(uid=notknown)")
if (result_string) {
test_fail
}
# Request an invalid DN
-&result_string := %ldap("ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=notthere?displayName?sub?(uid=john)")
+result_string := %ldap("ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=notthere?displayName?sub?(uid=john)")
if (result_string) {
test_fail
}
# Query within a dn which will prompt a referral
-&result_string := %ldap("ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/dc=subdept,dc=example,dc=com?displayName?sub?(uid=fred)")
+result_string := %ldap("ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/dc=subdept,dc=example,dc=com?displayName?sub?(uid=fred)")
if (!(result_string == "Fred Jones")) {
test_fail
}
# Reference an alternative LDAP server in the xlat
-&result_string := %ldap("ldap://$ENV{LDAP_TEST_SERVER}:%ldap.uri.escape(%{$ENV{LDAP_TEST_SERVER_PORT} + 1})/dc=subdept,dc=example,dc=com?displayName?sub?(uid=fred)")
+result_string := %ldap("ldap://$ENV{LDAP_TEST_SERVER}:%ldap.uri.escape(%{$ENV{LDAP_TEST_SERVER_PORT} + 1})/dc=subdept,dc=example,dc=com?displayName?sub?(uid=fred)")
if (!(result_string == "Fred Jones")) {
test_fail
}
# This query will follow 2 referrals, the second will present an alternate search base
-&result_string := %ldap("ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=offsite,dc=subdept,dc=example,dc=com?displayName?sub?(uid=john)")
+result_string := %ldap("ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=offsite,dc=subdept,dc=example,dc=com?displayName?sub?(uid=john)")
if (!(result_string == "John Doe")) {
test_fail
}
# This query will follow 3 referrals - more than our max referral depth
-&result_string := %ldap("ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=bounce1,dc=subdept,dc=example,dc=com?displayName?sub?(uid=fred)")
+result_string := %ldap("ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=bounce1,dc=subdept,dc=example,dc=com?displayName?sub?(uid=fred)")
if (result_string) {
test_fail
}
# Use an ldapi:// connection
-&result_string := %ldapldapi("ldapi:///ou=people,dc=example,dc=com?displayName?sub?(uid=john)")
+result_string := %ldapldapi("ldapi:///ou=people,dc=example,dc=com?displayName?sub?(uid=john)")
if !(result_string == 'John Doe') {
test_fail
test_fail
}
-&control := {}
-&reply := {}
+control := {}
+reply := {}
test_pass
}
# References are not allowed to go to parent config sections
-&control.Filter-Id := '..messages.valid'
+control.Filter-Id := '..messages.valid'
linelog_missingref {
fail = 1
}
# Missing config items fall back to the default (which is not set)
-&control.Filter-Id := '.message.valid'
+control.Filter-Id := '.message.valid'
linelog_missingref
}
# Pointing at a config section is not valid
-&control.Filter-Id := '.messages'
+control.Filter-Id := '.messages'
linelog_missingref {
fail = 1
}
# Valid reference, but the message points to an attribute that doesn't exist - so no output
-&control.Filter-Id := 'messages.valid'
+control.Filter-Id := 'messages.valid'
linelog_missingref
string test_string1
string test_string2
-&control.Exec-Export := 'PATH="$ENV{PATH}:/bin:/usr/bin:/opt/bin:/usr/local/bin"'
+control.Exec-Export := 'PATH="$ENV{PATH}:/bin:/usr/bin:/opt/bin:/usr/local/bin"'
#
# Remove old log files
# Raw attribute value should be written out without further molestation.
# Because the value is wrapped in '' the \n is left as \n.
-&control.Filter-Id := 'test_attr'
-&control.Callback-Id := 'foo\nbar'
+control.Filter-Id := 'test_attr'
+control.Callback-Id := 'foo\nbar'
linelog_escapes
-&test_string1 := %file.tail("$ENV{MODULE_TEST_DIR}/test_escapes.log")
-&test_string2 := "%hex(%{test_string1})"
+test_string1 := %file.tail("$ENV{MODULE_TEST_DIR}/test_escapes.log")
+test_string2 := "%hex(%{test_string1})"
#
# Note that there's a '5f6e' here, which is "\n"
test_fail
}
-&test_string1 := %file.tail("$ENV{MODULE_TEST_DIR}/test_escapes.log")
+test_string1 := %file.tail("$ENV{MODULE_TEST_DIR}/test_escapes.log")
#
# This is left alone, and not "\n" --> 0x0a, too.
# Raw attribute value should be written out without further molestation.
# Because the value is wrapped in "" the \n is converted to 0x0a (binary).
-&control.Filter-Id := 'test_attr'
-&control.Callback-Id := "foo\nbar"
+control.Filter-Id := 'test_attr'
+control.Callback-Id := "foo\nbar"
linelog_escapes
-&test_string1 := %file.tail("$ENV{MODULE_TEST_DIR}/test_escapes.log", 2)
-&test_string2 := "%hex(%{test_string1})"
+test_string1 := %file.tail("$ENV{MODULE_TEST_DIR}/test_escapes.log", 2)
+test_string2 := "%hex(%{test_string1})"
if (test_string2 == '666f6f0a626172') {
test_pass
test_fail
}
-&test_string1 := %file.tail("$ENV{MODULE_TEST_DIR}/test_escapes.log")
+test_string1 := %file.tail("$ENV{MODULE_TEST_DIR}/test_escapes.log")
if (test_string1 == "bar") {
test_pass
string test_string
-&control.Exec-Export := 'PATH="$ENV{PATH}:/bin:/usr/bin:/opt/bin:/usr/local/bin"'
+control.Exec-Export := 'PATH="$ENV{PATH}:/bin:/usr/bin:/opt/bin:/usr/local/bin"'
#
# Remove old log files
%file.rm("$ENV{MODULE_TEST_DIR}/test_multi.log")
# Check multiple string type attributes are logged correctly
-&control.Filter-Id := 'test_multi_str'
+control.Filter-Id := 'test_multi_str'
-&control += {
+control += {
Reply-Message = '0'
Reply-Message = '1'
Reply-Message = '2'
}
linelog_ref_multi
-&test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_multi.log")
+test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_multi.log")
if !(test_string == '0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, ') {
test_fail
}
# Check octet type attributes are logged in raw form
-&control += {
+control += {
Class = 0x686970706f # Hippo
Class = 0x0a # new line
Class = 0x626c6970706f # Blippo
}
-&control.Filter-Id := 'test_multi_octets'
+control.Filter-Id := 'test_multi_octets'
linelog_ref_multi
-&test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_multi.log")
+test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_multi.log")
if !(test_string == ', blippo, ') {
test_fail
}
# When no attributes that match are available, linelog should return noop
-&control.Filter-Id := 'test_empty'
+control.Filter-Id := 'test_empty'
linelog_ref_multi
if !(noop) {
%file.rm("$ENV{MODULE_TEST_DIR}/test_a.log")
# Check linelog fails over to the default message (an xlat expansion)
-&control.Filter-Id := 'test_default'
+control.Filter-Id := 'test_default'
linelog_fmt_and_ref
test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_a.log")
string test_string2
string test_string3
-&control.Exec-Export := 'PATH="$ENV{PATH}:/bin:/usr/bin:/opt/bin:/usr/local/bin"'
+control.Exec-Export := 'PATH="$ENV{PATH}:/bin:/usr/bin:/opt/bin:/usr/local/bin"'
#
# Remove old log files
if (%linelog_fmt_delim_xlat('bob') != 5) {
test_fail
}
-&test_string1 := %file.tail("$ENV{MODULE_TEST_DIR}/test_xlat.log")
+test_string1 := %file.tail("$ENV{MODULE_TEST_DIR}/test_xlat.log")
if (test_string1 == 'bob, ') {
test_pass
test_fail
}
-&test_string2 := 'more'
-&test_string3 := 'bob'
+test_string2 := 'more'
+test_string3 := 'bob'
if (%linelog_fmt_delim_xlat("%{test_string2}%{test_string3}") != 9) {
test_fail
}
-&test_string1 := %file.tail("$ENV{MODULE_TEST_DIR}/test_xlat.log")
+test_string1 := %file.tail("$ENV{MODULE_TEST_DIR}/test_xlat.log")
if (test_string1 == 'bob, morebob, ') {
test_pass
}
test_fail
}
-&test_string1 := %file.tail("$ENV{MODULE_TEST_DIR}/test_xlat.log")
+test_string1 := %file.tail("$ENV{MODULE_TEST_DIR}/test_xlat.log")
if (test_string1 == '{ "foo" : "bar", "baz" : "boink" }, ') {
test_pass
-&control.Password.Cleartext := "supersecret"
+control.Password.Cleartext := "supersecret"
mschap
test_fail
}
-&reply -= Vendor-Specific.Microsoft.CHAP-MPPE-Keys
+reply -= Vendor-Specific.Microsoft.CHAP-MPPE-Keys
test_pass
-&control.Password.Cleartext := "secret"
+control.Password.Cleartext := "secret"
mschap
test_fail
}
-&reply -= Vendor-Specific.Microsoft.MPPE-Send-Key
-&reply -= Vendor-Specific.Microsoft.MPPE-Recv-Key
+reply -= Vendor-Specific.Microsoft.MPPE-Send-Key
+reply -= Vendor-Specific.Microsoft.MPPE-Recv-Key
test_pass
-&control.Password.Cleartext := 'secret_123'
+control.Password.Cleartext := 'secret_123'
mschap_winbind
test_fail
}
-&reply := {}
+reply := {}
test_pass
-&control.Password.Cleartext := "secret"
+control.Password.Cleartext := "secret"
mschap
test_fail
}
-&reply -= Vendor-Specific.Microsoft.MPPE-Send-Key
-&reply -= Vendor-Specific.Microsoft.MPPE-Recv-Key
+reply -= Vendor-Specific.Microsoft.MPPE-Send-Key
+reply -= Vendor-Specific.Microsoft.MPPE-Recv-Key
test_pass
-&control.Password.Cleartext := "SuperSecret"
+control.Password.Cleartext := "SuperSecret"
mschap_ntlm
test_fail
}
-&reply -= Vendor-Specific.Microsoft.MPPE-Send-Key
-&reply -= Vendor-Specific.Microsoft.MPPE-Recv-Key
+reply -= Vendor-Specific.Microsoft.MPPE-Send-Key
+reply -= Vendor-Specific.Microsoft.MPPE-Recv-Key
test_pass
test_fail
}
-&reply -= Reply-Message[*]
+reply -= Reply-Message[*]
# User will not be rejected - an xlat will be called setting a reply attribute
-&User-Name := 'bob'
+User-Name := 'bob'
# Add two instances of a TLV - will result in an array of hashes in Perl
-&Vendor-Specific.3GPP2.Remote-IP = { Address = 192.168.1.1, Mask = 24 }
-&request.Vendor-Specific.3GPP2 += { Remote-IP = { Address = 172.16.1.1, Mask = 16 } }
+Vendor-Specific.3GPP2.Remote-IP = { Address = 192.168.1.1, Mask = 24 }
+request.Vendor-Specific.3GPP2 += { Remote-IP = { Address = 172.16.1.1, Mask = 16 } }
perl.authenticate
test_fail
}
-&reply -= Vendor-Specific[*]
-&reply -= Filter-Id[*]
+reply -= Vendor-Specific[*]
+reply -= Filter-Id[*]
test_pass
# PRE: update
#
-&Filter-Id := 'hello,goodbye,welcome,farewell'
-&test_string := 'foo,bar'
-&Callback-Id := %perl_xlat('xlat', %{Filter-Id})
+Filter-Id := 'hello,goodbye,welcome,farewell'
+test_string := 'foo,bar'
+Callback-Id := %perl_xlat('xlat', %{Filter-Id})
if (Callback-Id != 'hello|goodbye|welcome|farewell') {
test_fail
}
# Check for multiple arguments to perl function
-&result_string := %perl_xlat('xlat', %{Filter-Id}, %{test_string})
+result_string := %perl_xlat('xlat', %{Filter-Id}, %{test_string})
if (result_string != 'hello|goodbye|welcome|farewell#foo|bar') {
test_fail
}
-&result_integer := %perl_xlat('add', 1, 2, 3)
+result_integer := %perl_xlat('add', 1, 2, 3)
if (result_integer != 6) {
test_fail
}
-&Filter-Id := 'hello'
-&request += {
+Filter-Id := 'hello'
+request += {
Filter-Id = 'goodbye'
Filter-Id = 'welcome'
}
# Pass a list as an array
-&Callback-Id := %perl_xlat('xlatarray', %{Filter-Id[*]})
+Callback-Id := %perl_xlat('xlatarray', %{Filter-Id[*]})
if (Callback-Id != 'hello|goodbye|welcome') {
test_fail
}
-&Filter-Id := 'aa bb cc dd ee'
+Filter-Id := 'aa bb cc dd ee'
# Expect an array of returned values
-&Callback-Id := %perl_xlat('xlatscalar2array', %{Filter-Id})
+Callback-Id := %perl_xlat('xlatscalar2array', %{Filter-Id})
if (Callback-Id[#] != 5) {
test_fail
test_fail
}
-&test_string := 'ff gg hh ii'
+test_string := 'ff gg hh ii'
# Expect an array of array ref returned values
-&Callback-Id := %perl_xlat('xlatscalar2arrayref', %{Filter-Id}, %{test_string})
+Callback-Id := %perl_xlat('xlatscalar2arrayref', %{Filter-Id}, %{test_string})
if (Callback-Id[#] != 9) {
test_fail
test_fail
}
-&Filter-Id := 'a'
-&request += {
+Filter-Id := 'a'
+request += {
Filter-Id = 'b'
Filter-Id = 'c'
}
# Returns a hash with each element in the provided array converted to Vn->value
-&Callback-Id := %perl_xlat('xlatarray2hash', %{Filter-Id[*]})
+Callback-Id := %perl_xlat('xlatarray2hash', %{Filter-Id[*]})
if (Callback-Id[#] != 6) {
test_fail
}
# Note: hashes don't have a defined sequence so these are all the possible return values - mashed to single strings for simplicity's sake
-&result_string := "%{Callback-Id[*]}"
+result_string := "%{Callback-Id[*]}"
if (result_string != "V1aV2bV3c") && (result_string != "V1aV3cV2b") && (result_string != "V2bV1aV3c") && (result_string != "V2bV3cV1a") && (result_string != "V3cV1aV2b") && (result_string != "V3cV2bV1a") {
test_fail
}
# - 127.0.0.1:30005 - slave
# - 127.0.0.1:30003 - master [10923-16383]
# - 127.0.0.1:30006 - slave
-&testdata1 := "1-%randstr('aaaaaaaa')"
-&testdata2 := "2-%randstr('aaaaaaaa')"
-&testdata3 := "3-%randstr('aaaaaaaa')"
+testdata1 := "1-%randstr('aaaaaaaa')"
+testdata2 := "2-%randstr('aaaaaaaa')"
+testdata3 := "3-%randstr('aaaaaaaa')"
# Hashes to Redis cluster node master 1 (1)
if (%redis(SET, b, %{testdata1}) == 'OK') {
%delay(0.5)
# Note the current master
-&redismaster := %redis.node(b, 0)
+redismaster := %redis.node(b, 0)
# Note the current replica
-&redisreplica := %redis.node(b, 1)
+redisreplica := %redis.node(b, 1)
# Cause one of the redis cluster nodes to SEGV
if (%redis(@%redis.node(b, 0), DEBUG, SEGFAULT)) {
string cmdresult
# Some values we need for startup
-&control.Filter-Id := { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21 }
+control.Filter-Id := { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21 }
-&data1 := "1-%randstr('aaaaaaaa')"
-&data2 := "2-%randstr('aaaaaaaa')"
-&data3 := "3-%randstr('aaaaaaaa')"
+data1 := "1-%randstr('aaaaaaaa')"
+data2 := "2-%randstr('aaaaaaaa')"
+data3 := "3-%randstr('aaaaaaaa')"
if ("$ENV{REDIS_CLUSTER_CONTROL}" == '') {
clusterctrl := 'scripts/ci/redis-setup.sh'
# Sometimes redis just fails to start - without it we can't run
# the tests - so just exit early.
-&cmdresult = %exec(%{clusterctrl}, create)
+cmdresult = %exec(%{clusterctrl}, create)
if (cmdresult == '') {
test_pass
handled
#
# Determine when initial synchronisation has been completed
#
-&redisserver := $ENV{REDIS_TEST_SERVER}
+redisserver := $ENV{REDIS_TEST_SERVER}
if (!redisserver || (redisserver == '')) {
redisserver := "$ENV{REDIS_IPPOOL_TEST_SERVER}"
#
$INCLUDE cluster_reset.inc
-&control.IP-Pool.Name := 'test_alloc'
+control.IP-Pool.Name := 'test_alloc'
#
# Add IP addresses
test_fail
}
-&IP-Pool.Range := reply.IP-Pool.Range
-&Framed-IP-Address := reply.Framed-IP-Address
-&Session-Timeout := reply.Session-Timeout # We should get the same lease time
-&reply := {}
+IP-Pool.Range := reply.IP-Pool.Range
+Framed-IP-Address := reply.Framed-IP-Address
+Session-Timeout := reply.Session-Timeout # We should get the same lease time
+reply := {}
#
# Add IP addresses
test_fail
}
-&reply := {}
+reply := {}
#
# Now change the Calling-Station-ID and check we get a different lease
#
-&Calling-Station-ID := 'another_mac'
+Calling-Station-ID := 'another_mac'
redis_ippool
if (!updated) {
test_fail
}
-&reply := {}
+reply := {}
test_pass
#
$INCLUDE cluster_reset.inc
-&control.IP-Pool.Name := 'test_delete'
+control.IP-Pool.Name := 'test_delete'
#
# Add IP addresses
test_fail
}
-&reply := {}
+reply := {}
test_pass
#
$INCLUDE cluster_reset.inc
-&control.IP-Pool.Name := 'test_tool_modify'
+control.IP-Pool.Name := 'test_tool_modify'
#
# Add IP addresses
#
$INCLUDE cluster_reset.inc
-&control.IP-Pool.Name := 'test_tool_release'
+control.IP-Pool.Name := 'test_tool_release'
#
# Add IP addresses
test_fail
}
-&reply := {}
+reply := {}
test_pass
uint64 zscore
$INCLUDE cluster_reset.inc
-&control.IP-Pool.Name := 'test_tool_static'
+control.IP-Pool.Name := 'test_tool_static'
#
# Add a dynamic IP addresses
#
# Fetch the ZSCORE now on the address
#
-&zscore := %redis(ZSCORE, {%{control.IP-Pool.Name}}:pool, %{reply.Framed-IP-Address})
+zscore := %redis(ZSCORE, {%{control.IP-Pool.Name}}:pool, %{reply.Framed-IP-Address})
#
# Attempt to re-assign static lease
#
# Change device to grab the dynamic address
-&Calling-Station-ID := '11:22:33:44:55:66'
-&reply -= Framed-IP-Address[*]
+Calling-Station-ID := '11:22:33:44:55:66'
+reply -= Framed-IP-Address[*]
redis_ippool {
invalid = 1
test_fail
}
-&zscore := %redis(ZSCORE, {%{control.IP-Pool.Name}}:pool, 192.168.0.1)
+zscore := %redis(ZSCORE, {%{control.IP-Pool.Name}}:pool, 192.168.0.1)
if !(zscore < (uint64)0x10000000000000) {
test_fail
}
test_fail
}
-&reply := {}
+reply := {}
test_pass
#
$INCLUDE cluster_reset.inc
-&control.IP-Pool.Name := 'test_release'
+control.IP-Pool.Name := 'test_release'
#
# Add IP addresses
#
# Release the IP address
#
-&Framed-IP-Address := reply.Framed-IP-Address
+Framed-IP-Address := reply.Framed-IP-Address
redis_ippool.release {
invalid = 1
#
# Release the IP address again (should still be fine)
#
-&Framed-IP-Address := reply.Framed-IP-Address
+Framed-IP-Address := reply.Framed-IP-Address
redis_ippool.release {
invalid = 1
test_fail
}
-&reply := {}
+reply := {}
#
$INCLUDE cluster_reset.inc
-&control.IP-Pool.Name := 'test_static'
+control.IP-Pool.Name := 'test_static'
#
# Add a dynamic IP addresses
#
# Check that renewal does not mess with static IP
#
-&Framed-IP-Address := reply.Framed-IP-Address
+Framed-IP-Address := reply.Framed-IP-Address
redis_ippool.renew {
invalid = 1
test_fail
}
-&reply := {}
+reply := {}
test_pass
#
$INCLUDE cluster_reset.inc
-&control.IP-Pool.Name := 'test_static_dynamic'
+control.IP-Pool.Name := 'test_static_dynamic'
#
# Add a static IP assigned to a calling station not in the request
test_fail
}
-&reply := {}
+reply := {}
test_pass
#
$INCLUDE cluster_reset.inc
-&control.IP-Pool.Name := 'test_static_unassign'
+control.IP-Pool.Name := 'test_static_unassign'
#
# Add a dynamic IP addresses
#
# Check that renewal still works as we are within the exipiry time
#
-&Framed-IP-Address := reply.Framed-IP-Address
+Framed-IP-Address := reply.Framed-IP-Address
redis_ippool.renew {
invalid = 1
# Perform IP allocation for alternative device
# Should be allocated the previously static address as that is the only one in the pool
#
-&reply -= Framed-IP-Address[*]
-&request -= Framed-IP-Address[*]
-&Calling-Station-Id := '00:11:22:33:44:55'
+reply -= Framed-IP-Address[*]
+request -= Framed-IP-Address[*]
+Calling-Station-Id := '00:11:22:33:44:55'
redis_ippool.allocate {
invalid = 1
test_fail
}
-&reply := {}
+reply := {}
test_pass
#
$INCLUDE cluster_reset.inc
-&control.IP-Pool.Name := 'test_update'
+control.IP-Pool.Name := 'test_update'
#
# Add IP addresses
%exec(./build/bin/local/rlm_redis_ippool_tool, -a, 192.168.1.1/32, $ENV{REDIS_IPPOOL_TEST_SERVER}:30001, %{control.IP-Pool.Name}, 192.168.1.0)
# 6. Verify that the lease time is extended
-&Framed-IP-Address := reply.Framed-IP-Address
-&NAS-IP-Address := 127.0.0.2
+Framed-IP-Address := reply.Framed-IP-Address
+NAS-IP-Address := 127.0.0.2
redis_ippool.renew
if (!updated) {
}
# Change the ip address to one that doesn't exist in the pool and check we *can't* update it
-&Framed-IP-Address := 192.168.3.1
+Framed-IP-Address := 192.168.3.1
redis_ippool.renew {
invalid = 1
if (!notfound) {
test_fail
}
-&Framed-IP-Address := 192.168.0.1
+Framed-IP-Address := 192.168.0.1
# 15. Now change the calling station ID and check that we *can't* update the lease
-&Calling-Station-ID := 'naughty'
+Calling-Station-ID := 'naughty'
redis_ippool.renew {
invalid = 1
test_fail
}
-&reply := {}
+reply := {}
test_pass
#
$INCLUDE cluster_reset.inc
-&control.IP-Pool.Name := 'test_update_alloc'
+control.IP-Pool.Name := 'test_update_alloc'
#
# Add IP addresses
#
# Attempt to reserve an IP address by performing a renew
#
-&Framed-IP-Address := 192.168.0.1
-&NAS-IP-Address := 127.0.0.1
+Framed-IP-Address := 192.168.0.1
+NAS-IP-Address := 127.0.0.1
redis_ippool.renew
test_fail
}
-&reply := {}
+reply := {}
test_pass
# Pre-set Login-LAT-Node to check correct operator behaviour
-&control.Login-LAT-Node := "foo"
+control.Login-LAT-Node := "foo"
# Test "authorize" rest call. Uses http to a GET end point
rest
}
# Reset control attributes
-&control -= Filter-Id[*]
-&control -= Callback-Id[*]
-&control -= User-Name[*]
+control -= Filter-Id[*]
+control -= Callback-Id[*]
+control -= User-Name[*]
# Pre-fill NAS-IP-Address to check operator behaviour
-&control.NAS-IP-Address := "10.0.0.10"
+control.NAS-IP-Address := "10.0.0.10"
test_pass
handled
# Test "accounting" rest call. Uses https to a POST end point
# Pre-set Login-LAT-Node to check correct operator behaviour
-&control.Login-LAT-Node := "foo"
+control.Login-LAT-Node := "foo"
# Test "authorize" rest call. Uses http to a GET end point
string test_string
string result_string
-&server_host := "$ENV{REST_TEST_SERVER}"
-&server_port := "$ENV{REST_TEST_SERVER_PORT}"
-&server_ssl_port := "$ENV{REST_TEST_SERVER_SSL_PORT}"
-&test_string := 'notfound'
+server_host := "$ENV{REST_TEST_SERVER}"
+server_port := "$ENV{REST_TEST_SERVER_PORT}"
+server_ssl_port := "$ENV{REST_TEST_SERVER_SSL_PORT}"
+test_string := 'notfound'
# Retrieve a plain text file
-&result_string := %rest('GET', "http://%{server_host}:%uri.safe(%{server_port})/test.txt")
+result_string := %rest('GET', "http://%{server_host}:%uri.safe(%{server_port})/test.txt")
if (!(REST-HTTP-Status-Code == 200)) {
test_fail
}
# Take host from incoming packet
-&result_string := %rest('GET', "http://%{Login-IP-Host}:%uri.safe(%{server_port})/test.txt")
+result_string := %rest('GET', "http://%{Login-IP-Host}:%uri.safe(%{server_port})/test.txt")
if (!(REST-HTTP-Status-Code == 200) || !(result_string == "Sample text response\n")) {
test_fail
}
# Port is not allowed from incoming packets
-&result_string := %rest('GET', "http://%{server_host}:%{NAS-Port}/test.txt")
+result_string := %rest('GET', "http://%{server_host}:%{NAS-Port}/test.txt")
if (!(Module-Failure-Message == "Failed escaping URI: Unsafe input \"8080\" not allowed in URI part port") || result_string) {
test_fail
}
# Check a "not found" gives a 404 status code
-&result_string := %rest('GET', "http://%{server_host}:%uri.safe(%{server_port})/%{test_string}")
+result_string := %rest('GET', "http://%{server_host}:%uri.safe(%{server_port})/%{test_string}")
if (!(REST-HTTP-Status-Code == 404)) {
test_fail
}
# GET with URL parameters
-&test_string := %rest('GET', "http://%{server_host}:%uri.safe(%{server_port})/user/%{User-Name}/mac/%{Called-Station-Id}")
+test_string := %rest('GET', "http://%{server_host}:%uri.safe(%{server_port})/user/%{User-Name}/mac/%{Called-Station-Id}")
if (!(REST-HTTP-Status-Code == 200)) {
test_fail
test_fail
}
-&control.User-Name := 'dummy'
+control.User-Name := 'dummy'
# Directly use json map and prepend the returned value
map json %rest('GET', "http://%{server_host}:%uri.safe(%{server_port})/user/%{User-Name}/mac/%{Called-Station-Id}") {
test_fail
}
-&test_string := %json.encode('request.NAS-IP-Address')
+test_string := %json.encode('request.NAS-IP-Address')
# POST to https with JSON body data
-&result_string := %rest('POST', "https://%{server_host}:%uri.safe(%{server_ssl_port})/user/%{User-Name}/mac/%{Called-Station-Id}?section=accounting", %{test_string})
+result_string := %rest('POST', "https://%{server_host}:%uri.safe(%{server_ssl_port})/user/%{User-Name}/mac/%{Called-Station-Id}?section=accounting", %{test_string})
if (!(REST-HTTP-Status-Code == 200)) {
test_fail
test_fail
}
-&result_string := "NAS=%{NAS-IP-Address}&user=%{User-Name}"
+result_string := "NAS=%{NAS-IP-Address}&user=%{User-Name}"
# POST to https with POST body data
-&result_string := %rest('POST', "https://%{server_host}:%uri.safe(%{server_ssl_port})/post/test?section=dummy", %{result_string})
+result_string := %rest('POST', "https://%{server_host}:%uri.safe(%{server_ssl_port})/post/test?section=dummy", %{result_string})
if (!(REST-HTTP-Status-Code == 200)) {
test_fail
}
# Test against endpoint which will time out
-&result_string := %restshorttimeout('GET', "http://%{server_host}:%uri.safe(%{server_port})/delay")
+result_string := %restshorttimeout('GET', "http://%{server_host}:%uri.safe(%{server_port})/delay")
if (REST-HTTP-Status-Code) {
test_fail
-&request += {
+request += {
SMTP-Mail-Header = "x-test-Subject: smtp test"
SMTP-Mail-Body = "sent from the smtp test module\r\n"
-&request += {
+request += {
SMTP-Mail-Header = "Subject: smtp test"
SMTP-Mail-Header = "FROM: smtp_sender@gmail.com"
SMTP-Mail-Header = "TO: smtp_receiver@localhost"
#
# Check the wrong password results in a reject
#
-&User-Password := 'Wrong'
+User-Password := 'Wrong'
smtp.authenticate {
reject = 1
#
# Check an invalid user results in a reject
#
-&User-Name := 'Invalid'
-&User-Password := 'Saget'
+User-Name := 'Invalid'
+User-Password := 'Saget'
smtp.authenticate {
reject = 1
test_fail
}
-&request -= User-Password[*]
+request -= User-Password[*]
#
# Check that missing password is an invalid request
test_fail
}
-&User-Password := 'Saget'
-&request -= User-Name[*]
+User-Password := 'Saget'
+request -= User-Name[*]
#
# Check that missing user name is an invalid request
-&request += {
+request += {
SMTP-Mail-Body = "sent from the smtp test module\r\n"
SMTP-Mail-Body = "\r\n"
SMTP-Mail-Body = "Some Body\r\n"
-&request += {
+request += {
SMTP-Mail-Body = "sent from the smtp test module\r\n"
SMTP-Recipients = "stringparse_test_receiver@localhost"
SMTP-Sender-Address = "smtp_sender@localhost"
-&request += {
+request += {
SMTP-Mail-Header = "x-test-Subject: smtp test"
SMTP-Mail-Body = "sent from the smtp test module\r\n"
#
if (!(`/bin/bash -c "for i in {0..50} ; \
do if [ -e build/ci/exim4/mail/smtp_cc_request_1 ] \
-&& [ -e build/ci/exim4/mail/smtp_cc_request_2 ] \
-&& [ -e build/ci/exim4/mail/smtp_to_request_1 ] \
-&& [ -e build/ci/exim4/mail/smtp_to_request_2 ] \
-&& [ -e build/ci/exim4/mail/smtp_recipient_request ] \
-&& [ -e build/ci/exim4/mail/conf_recipient_1 ] \
-&& [ -e build/ci/exim4/mail/conf_recipient_2 ] ;\
+& [ -e build/ci/exim4/mail/smtp_cc_request_2 ] \
+& [ -e build/ci/exim4/mail/smtp_to_request_1 ] \
+& [ -e build/ci/exim4/mail/smtp_to_request_2 ] \
+& [ -e build/ci/exim4/mail/smtp_recipient_request ] \
+& [ -e build/ci/exim4/mail/conf_recipient_1 ] \
+& [ -e build/ci/exim4/mail/conf_recipient_2 ] ;\
then \
echo 'found' ;\
break; \
test_fail
}
-&request := {
+request := {
SMTP-Mail-Header = "x-test-Subject: 2nd smtp test"
SMTP-Mail-Body = "sent from the smtp test module\r\n"
#
# Change acctsessiontime and verify it's updated
#
-&Connect-Info = 'updated'
+Connect-Info = 'updated'
sql.accounting.start
if !(ok) {
#
# Test paircmp group comparisons with dynamic expansions
#
-&groupname := 'groups_group_b'
+groupname := 'groups_group_b'
if !(%sql.group(%{groupname})) {
test_fail
}
# Clear the control list
-&control -= User-Name[*]
-&control -= Filter-Id[*]
-&control -= NAS-Port[*]
+control -= User-Name[*]
+control -= Filter-Id[*]
+control -= NAS-Port[*]
# Insert our second test row
%sql("INSERT INTO radusergroup (username, groupname, priority) VALUES ('oof', 'rab', 1)")
}
# Clear the control list
-&control -= User-Name[*]
-&control -= Filter-Id[*]
-&control -= NAS-Port[*]
+control -= User-Name[*]
+control -= Filter-Id[*]
+control -= NAS-Port[*]
# Retrieve our test row(s) - With = we should get the values from the first row
map sql 'SELECT * FROM radusergroup WHERE priority <= 1 ORDER BY priority' {
}
# Clear the control list
-&control -= User-Name[*]
-&control -= Filter-Id[*]
-&control -= NAS-Port[*]
+control -= User-Name[*]
+control -= Filter-Id[*]
+control -= NAS-Port[*]
# Retrieve our test row(s) - With ^= we should get the values from the second row then the first
map sql 'SELECT * FROM radusergroup WHERE priority <= 1 ORDER BY priority' {
}
# Clear the control list
-&control -= User-Name[*]
-&control -= Filter-Id[*]
-&control -= NAS-Port[*]
+control -= User-Name[*]
+control -= Filter-Id[*]
+control -= NAS-Port[*]
# Retrieve our test row(s) - With += we should get the values from both rows
map sql 'SELECT * FROM radusergroup WHERE priority <= 1 ORDER BY priority' {
}
# Clear the control list
-&control -= User-Name[*]
-&control -= Filter-Id[*]
-&control -= NAS-Port[*]
+control -= User-Name[*]
+control -= Filter-Id[*]
+control -= NAS-Port[*]
# Retrieve the username column only (should result in noop because not in map)
map sql 'SELECT username FROM radusergroup WHERE priority = 0' {
test_fail
}
-&sqlcmd := %sql.safe("SELECT * FROM radusergroup WHERE priority <= 1 AND username = '%sql.escape(%{User-Name})'")
+sqlcmd := %sql.safe("SELECT * FROM radusergroup WHERE priority <= 1 AND username = '%sql.escape(%{User-Name})'")
# Clear the control list
-&control -= User-Name[*]
-&control -= Filter-Id[*]
-&control -= NAS-Port[*]
+control -= User-Name[*]
+control -= Filter-Id[*]
+control -= NAS-Port[*]
# Retrieve test row with specific username (using ref'd query)
map sql sqlcmd {
}
# Clear the control list
-&control -= User-Name[*]
-&control -= Filter-Id[*]
-&control -= NAS-Port[*]
+control -= User-Name[*]
+control -= Filter-Id[*]
+control -= NAS-Port[*]
-&userfield := 'username'
-&groupfield := 'name'
+userfield := 'username'
+groupfield := 'name'
# Retrieve our test row(s) - Using different RHS types
map sql 'SELECT * FROM radusergroup WHERE priority = 0' {
}
# Clear the control list
-&control -= User-Name[*]
-&control -= Filter-Id[*]
+control -= User-Name[*]
+control -= Filter-Id[*]
# Check behaviour of NULL vs empty string returns.
# radacct is used here as the default schema allows NULL in many columns
#
# Now set a limit and re-call the module
#
-&control.Max-Daily-Session := 100
+control.Max-Daily-Session := 100
dailycounter
if (!updated) {
#
# Calculate the start date/time to compare with attribute set by the module
#
-&date_str = %date('now')
-&now = %date(%{date_str})
+date_str = %date('now')
+now = %date(%{date_str})
if (date_str =~ /([0-9]{4}-[0-9]{2}-[0-9]{2}T)[0-9]{2}:[0-9]{2}:[0-9]{2}Z/) {
date_str := "%{1}" + '00:00:00Z'
}
-&start = %date(%{date_str})
+start = %date(%{date_str})
if !(control.dailycounter-Reset-Start == start) {
test_fail
test_fail
}
-&reply := {}
+reply := {}
#
# Insert a second fake accounting record, which when summed with the existing will exceed the limit.
# Find how much time is left before the next reset and set the limit
# so the user has enough remaining to get into the next period
#
-&remaining = control.dailycounter-Reset-End - now
-&control.Max-Daily-Session := remaining + 110
+remaining = control.dailycounter-Reset-End - now
+control.Max-Daily-Session := remaining + 110
-&reply := {}
+reply := {}
dailycounter
test_fail
}
-&reply := {}
+reply := {}
#
# Now use module instance with auto_extend = yes
test_fail
}
-&reply := {}
+reply := {}
test_pass
# Allocate an address from an SQL IP Pool
#
uint32 expiry
-&control.IP-Pool.Name := 'test_alloc'
+control.IP-Pool.Name := 'test_alloc'
#
# Add IP addresses
#
# Check Expiry
#
-&expiry := %sql("SELECT strftime('%%s', expiry_time) FROM fr_ippool WHERE pool_name = '%{control.IP-Pool.Name}' AND address = '%{reply.Framed-IP-Address}'")
+expiry := %sql("SELECT strftime('%%s', expiry_time) FROM fr_ippool WHERE pool_name = '%{control.IP-Pool.Name}' AND address = '%{reply.Framed-IP-Address}'")
if ((expiry - %l) < 20) {
test_fail
}
test_fail
}
-&Framed-IP-Address := reply.Framed-IP-Address
-&reply := {}
+Framed-IP-Address := reply.Framed-IP-Address
+reply := {}
#
# Add IP addresses
test_fail
}
-&reply := {}
+reply := {}
#
# Now change the Calling-Station-ID and check we get a different lease
#
-&Calling-Station-ID := 'another_mac'
+Calling-Station-ID := 'another_mac'
sqlippool.allocate
if (!updated) {
test_fail
}
-&reply := {}
+reply := {}
test_pass
# Allocate an address from an SQL IP Pool
#
uint32 expiry
-&control.IP-Pool.Name := 'test_alloc_fail'
+control.IP-Pool.Name := 'test_alloc_fail'
#
# Ensure no matching records
test_fail
}
-&reply := {}
+reply := {}
#
# Now change the Calling-Station-ID and check we don't get an address (pool full)
#
-&Calling-Station-ID := 'another_mac'
+Calling-Station-ID := 'another_mac'
sqlippool.allocate
if (!notfound) {
# Allocate an address from an SQL IP Pool
#
uint32 expiry
-&control.IP-Pool.Name := 'test_alloc_requested'
+control.IP-Pool.Name := 'test_alloc_requested'
#
# Add IP addresses
#
# Check Expiry
#
-&expiry := %sql("SELECT strftime('%%s', expiry_time) FROM fr_ippool WHERE pool_name = '%{control.IP-Pool.Name}' AND address = '%{reply.Framed-IP-Address}'")
+expiry := %sql("SELECT strftime('%%s', expiry_time) FROM fr_ippool WHERE pool_name = '%{control.IP-Pool.Name}' AND address = '%{reply.Framed-IP-Address}'")
if ((expiry - %l) < 20) {
test_fail
}
test_fail
}
-&reply := {}
-&request -= Framed-IP-Address
+reply := {}
+request -= Framed-IP-Address
#
# Now change the Calling-Station-ID and check we get a different lease
#
-&Calling-Station-ID := 'another_mac'
+Calling-Station-ID := 'another_mac'
sqlippool.allocate
if (!updated) {
test_fail
}
-&reply := {}
+reply := {}
test_pass
# Test releasing IP addresses in the sqlippool module
#
uint32 expiry
-&control.IP-Pool.Name := 'test_release'
+control.IP-Pool.Name := 'test_release'
#
# Add IP addresses
#
# Release the IP address
#
-&Framed-IP-Address := reply.Framed-IP-Address
+Framed-IP-Address := reply.Framed-IP-Address
sqlippool.release
if !(updated) {
# Check the expiry - releasing an address sets the exipry to now
# Allow for some time passing between packet processing and "now"
-&expiry := %sql("SELECT strftime('%%s', expiry_time) FROM fr_ippool WHERE pool_name = '%{control.IP-Pool.Name}' AND address = '%{reply.Framed-IP-Address}'")
+expiry := %sql("SELECT strftime('%%s', expiry_time) FROM fr_ippool WHERE pool_name = '%{control.IP-Pool.Name}' AND address = '%{reply.Framed-IP-Address}'")
if (expiry > (%l + 5)) {
test_fail
}
# Release the IP address again
# Will return notfound as address is already released.
#
-&Framed-IP-Address := reply.Framed-IP-Address
+Framed-IP-Address := reply.Framed-IP-Address
sqlippool.release
test_fail
}
-&reply := {}
+reply := {}
test_pass
#
# Test static IP allocation using sqlippool
#
-&control.IP-Pool.Name := 'test_static'
+control.IP-Pool.Name := 'test_static'
#
# Add a dynamic IP addresses
#
# Check that renewal does not mess with static IP
#
-&Framed-IP-Address := reply.Framed-IP-Address
+Framed-IP-Address := reply.Framed-IP-Address
sqlippool.renew
if !(updated) {
test_fail
}
-&reply := {}
+reply := {}
test_pass
# Test updates on sqlippool allocated addresses.
#
uint32 expiry
-&control.IP-Pool.Name := 'test_update'
+control.IP-Pool.Name := 'test_update'
#
# Add IP addresses
}
# 3. Verify expiry time is based on offer duration
-&expiry := %sql("SELECT strftime('%%s', expiry_time) FROM fr_ippool WHERE pool_name = '%{control.IP-Pool.Name}' AND address = '%{reply.Framed-IP-Address}'")
+expiry := %sql("SELECT strftime('%%s', expiry_time) FROM fr_ippool WHERE pool_name = '%{control.IP-Pool.Name}' AND address = '%{reply.Framed-IP-Address}'")
if ((expiry - %l) < 20) {
test_fail
}
%sql("INSERT INTO fr_ippool (pool_name, address, expiry_time) values ('%{control.IP-Pool.Name}', '192.168.1.1', datetime('now', '-00:10'))")
# 7. Verify that the lease time is extended
-&Framed-IP-Address := reply.Framed-IP-Address
-&NAS-IP-Address := 127.0.0.2
+Framed-IP-Address := reply.Framed-IP-Address
+NAS-IP-Address := 127.0.0.2
sqlippool.renew
if (!updated) {
}
# 8. Check expiry reflects that
-&expiry := %sql("SELECT strftime('%%s', expiry_time) FROM fr_ippool WHERE pool_name = '%{control.IP-Pool.Name}' AND address = '%{reply.Framed-IP-Address}'")
+expiry := %sql("SELECT strftime('%%s', expiry_time) FROM fr_ippool WHERE pool_name = '%{control.IP-Pool.Name}' AND address = '%{reply.Framed-IP-Address}'")
if ((expiry - %l) < 50) {
test_fail
}
}
# Change the ip address to one that doesn't exist in the pool and check we *can't* update it
-&Framed-IP-Address := 192.168.3.1
+Framed-IP-Address := 192.168.3.1
sqlippool.renew
# 11.
}
# re-issue the original allocation
-&reply := {}
-&Framed-IP-Address := 192.168.0.1
+reply := {}
+Framed-IP-Address := 192.168.0.1
sqlippool.allocate
# 13. Now change the calling station ID and check that we *can't* update the lease
-&Calling-Station-ID := 'naughty'
+Calling-Station-ID := 'naughty'
sqlippool.renew
if (!notfound) {
test_fail
}
-&reply := {}
+reply := {}
test_pass
#
# Allocate an address from an SQL IP Pool and update
#
-&control.IP-Pool.Name := 'test_update_alloc'
+control.IP-Pool.Name := 'test_update_alloc'
#
# Add IP addresses
#
# Attempt to update an IP address by performing a renew
#
-&Framed-IP-Address := 192.168.0.1
-&NAS-IP-Address := 127.0.0.1
+Framed-IP-Address := 192.168.0.1
+NAS-IP-Address := 127.0.0.1
sqlippool.renew
test_fail
}
-&reply := {}
+reply := {}
test_pass
-&Fall-Through := yes
+Fall-Through := yes
# Should be compiled out
if ('${a_term}' != '${a_term}') {
string otp
-&control.TOTP.Secret := 'ONSWG4TFOQYTEMZUGU3DOOBZ'
+control.TOTP.Secret := 'ONSWG4TFOQYTEMZUGU3DOOBZ'
#
# With no OTP from the user, the module does nothing
#
# Use oathtool to calculate OTP
#
-&TOTP.From-User := %exec('/usr/bin/oathtool', '--base32', '--totp', 'ONSWG4TFOQYTEMZUGU3DOOBZ')
+TOTP.From-User := %exec('/usr/bin/oathtool', '--base32', '--totp', 'ONSWG4TFOQYTEMZUGU3DOOBZ')
totp.authenticate
#
# Now set an incorrect OTP and check for reject
#
-&TOTP.From-User := 'ABCDEF'
+TOTP.From-User := 'ABCDEF'
totp.authenticate {
reject = 1
#
# And an invalid length OTP
#
-&TOTP.From-User := '12345'
+TOTP.From-User := '12345'
totp.authenticate {
fail = 1
string result_string
# Use builtin "local" zone
-&result_ipaddr := %dns('localhost', 'A')
+result_ipaddr := %dns('localhost', 'A')
if (result_ipaddr != 127.0.0.1) {
test_fail
}
-&result_string := %dns('localhost', 'AAAA')
+result_string := %dns('localhost', 'AAAA')
if (result_string != '::1') {
test_fail
}
-&result_string := %dns('1.0.0.127.in-addr.arpa', 'PTR')
+result_string := %dns('1.0.0.127.in-addr.arpa', 'PTR')
if (result_string != 'localhost') {
test_fail
}
# Use local data in module config to allow for dotted names
-&result_ipaddr := %dns('www.example.com', 'A')
+result_ipaddr := %dns('www.example.com', 'A')
if (result_ipaddr != 192.168.1.1) {
test_fail
}
-&result_string := %dns('1.1.168.192.in-addr.arpa', 'PTR')
+result_string := %dns('1.1.168.192.in-addr.arpa', 'PTR')
if (result_string != 'www.example.com') {
test_fail
#}
# Invalid query
-&result_string := %dns('www.example.com', 'ABC')
+result_string := %dns('www.example.com', 'ABC')
if (Module-Failure-Message != "Invalid / unsupported DNS query type") {
test_fail
}
-&result_string := ''
-&result_string := %dns(%{result_string}, 'A')
+result_string := ''
+result_string := %dns(%{result_string}, 'A')
if (Module-Failure-Message != "Can't resolve zero length host") {
test_fail
# Will return multiple records, though not in a defined sequence.
# Each returned record is a pair of priority and host values.
-&Filter-Id := %dns(example.com, 'MX')
+Filter-Id := %dns(example.com, 'MX')
if !(((Filter-Id[0] == '10') && (Filter-Id[1] == 'mail.example.com') && (Filter-Id[2] == '20') && (Filter-Id[3] == 'mail2.example.com')) || ((Filter-Id[2] == '10') && (Filter-Id[3] == 'mail.example.com') && (Filter-Id[0] == '20') && (Filter-Id[1] == 'mail2.example.com'))) {
test_fail
# Just return a single record
# As results are not in a specified order, it could be either.
-&Filter-Id := %dns(example.com,MX,1)
+Filter-Id := %dns(example.com,MX,1)
if !(((Filter-Id[0] == '10') && (Filter-Id[1] == 'mail.example.com')) || ((Filter-Id[0] == '20') && (Filter-Id[1] == 'mail2.example.com'))) {
test_fail
}
-&result_string := %dns('n0nex1stent.d0ma1n', 'A')
+result_string := %dns('n0nex1stent.d0ma1n', 'A')
# Running this on macOS produces a timeout due to the nonexistent TLD
if ((Module-Failure-Message != "dns - Nonexistent domain name") && (Module-Failure-Message != "Timeout waiting for DNS resolution")) {
test_fail
}
-&control.Vendor-Specific.Yubico.Yubikey-Counter := 1
-&control.Vendor-Specific.Yubico.Yubikey-Key := 0xb8c56af07ff79b2230e04ab8891784ce
+control.Vendor-Specific.Yubico.Yubikey-Counter := 1
+control.Vendor-Specific.Yubico.Yubikey-Key := 0xb8c56af07ff79b2230e04ab8891784ce
# Call module in authenticate mode to decrypt OTP
yubikey.authenticate
# Increase the known "counter" value to detect a replay attack
-&control.Vendor-Specific.Yubico.Yubikey-Counter := Vendor-Specific.Yubico.Yubikey-Counter
+control.Vendor-Specific.Yubico.Yubikey-Counter := Vendor-Specific.Yubico.Yubikey-Counter
yubikey.authenticate {
reject = 1
string test_string
string result_string
-&test_string := 'vvrbuctetdhc'
-&result_string := %modhextohex(%{test_string})
+test_string := 'vvrbuctetdhc'
+result_string := %modhextohex(%{test_string})
if (result_string != 'ffc1e0d3d260') {
test_fail
}
# Invalid modhex string - not even length
-&test_string := 'vvrbuctetdh'
+test_string := 'vvrbuctetdh'
-&result_string := %modhextohex(%{test_string})
+result_string := %modhextohex(%{test_string})
if (ok) {
test_fail
}
# Invalid modhex string - invalid characters
-&test_string := 'vxrbmctetdhc'
+test_string := 'vxrbmctetdhc'
-&result_string := %modhextohex(%{test_string})
+result_string := %modhextohex(%{test_string})
if (ok) {
test_fail
projects / thirdparty / freeradius-server.git / commitdiff
