#
-# PRE: update update-remove-any if
+# PRE: edit-list-remove if
#
-update {
- &control !* ANY
- &request.Tmp-String-0 := "5RNqNl8iYLbkCc7JhR8as4TtDDCX6otuuWtcja8rITUyx9zrnHSe9tTHGmKK" # 60 byte salt
-}
+&control := {}
+&request.Tmp-String-0 := "5RNqNl8iYLbkCc7JhR8as4TtDDCX6otuuWtcja8rITUyx9zrnHSe9tTHGmKK" # 60 byte salt
#
# Unencoded Password.Cleartext in password with header
#
-update {
- &control.Password.With-Header := "%{User-Password}"
+&control := {
+ &Password.With-Header = "%{User-Password}"
}
+
pap.authorize
pap.authenticate {
reject = 1
test_fail
}
-update {
- &control !* ANY
-}
-
#
# Base64 encoded Password.Cleartext in password with header
#
-update {
- &Tmp-String-1 := "{clear}%{User-Password}"
-}
-update {
- &control.Password.With-Header := "%{base64:%{Tmp-String-1}}"
+&Tmp-String-1 := "{clear}%{User-Password}"
+&control := {
+ &Password.With-Header = "%{base64:%{Tmp-String-1}}"
}
+
pap.authorize
pap.authenticate {
reject = 1
test_fail
}
-update {
- &control !* ANY
-}
-
#
# Hex encoded SSHA password
#
-update {
- &control.Password.With-Header += "{ssha}%{hex:%{sha1:%{User-Password}%{Tmp-String-0}}}%{hex:%{Tmp-String-0}}"
+&control := {
+ &Password.With-Header = "{ssha}%{hex:%{sha1:%{User-Password}%{Tmp-String-0}}}%{hex:%{Tmp-String-0}}"
}
pap.authorize
test_fail
}
-update {
- &control !* ANY
-}
-
#
# Base64 encoded SSHA password
#
-update {
- &control.Tmp-String-1 := "%{hex:%{sha1:%{User-Password}%{Tmp-String-0}}}%{hex:%{Tmp-String-0}}"
+&control := {
+ &Tmp-String-1 = "%{hex:%{sha1:%{User-Password}%{Tmp-String-0}}}%{hex:%{Tmp-String-0}}"
}
# To Binary
-update {
- &control.Tmp-Octets-0 := "%{bin:%{control.Tmp-String-1}}"
-}
+&control.Tmp-Octets-0 := "%{bin:%{control.Tmp-String-1}}"
# To Base64
-update {
- &control.Tmp-String-1 := "%{base64:%{control.Tmp-Octets-0}}"
-}
-
-update {
- &control.Password.With-Header += "{ssha}%{control.Tmp-String-1}"
-}
+&control.Tmp-String-1 := "%{base64:%{control.Tmp-Octets-0}}"
+&control.Password.With-Header := "{ssha}%{control.Tmp-String-1}"
pap.authorize
pap.authenticate {
test_fail
}
-update {
- &control !* ANY
-}
-
#
# Base64 of Base64 encoded SSHA password
#
-update {
- &control.Tmp-String-1 := "%{hex:%{sha1:%{User-Password}%{Tmp-String-0}}}%{hex:%{Tmp-String-0}}"
+&control := {
+ &Tmp-String-1 = "%{hex:%{sha1:%{User-Password}%{Tmp-String-0}}}%{hex:%{Tmp-String-0}}"
}
# To Binary
-update {
- &control.Tmp-Octets-0 := "%{bin:%{control.Tmp-String-1}}"
-}
+&control.Tmp-Octets-0 := "%{bin:%{control.Tmp-String-1}}"
# To Base64
-update {
- &control.Tmp-String-1 := "{ssha}%{base64:%{control.Tmp-Octets-0}}"
-}
-
-update {
- &control.Password.With-Header += "%{base64:%{control.Tmp-String-1}}"
-}
+&control.Tmp-String-1 := "{ssha}%{base64:%{control.Tmp-Octets-0}}"
+&control.Password.With-Header := "%{base64:%{control.Tmp-String-1}}"
pap.authorize
pap.authenticate {
test_fail
}
-update {
- &control !* ANY
-}
-update control {
- &Auth-Type := Accept
+&control := {
+ &Auth-Type = Accept
}
success
#
-# PRE: update if pap
+# PRE: pap
#
#
# Skip if the server wasn't built with openssl
#
if ('${feature.tls}' != 'yes') {
- update reply {
- &Packet-Type := Access-Accept
- }
+ &reply.Packet-Type := Access-Accept
handled
}
-update {
- &control !* ANY
- &Tmp-String-0 := "5RNqNl8iYLbkCc7JhR8as4TtDDCX6otuuWtcja8rITUyx9zrnHSe9tTHGmKK" # 60 byte salt
-}
+&Tmp-String-0 := "5RNqNl8iYLbkCc7JhR8as4TtDDCX6otuuWtcja8rITUyx9zrnHSe9tTHGmKK" # 60 byte salt
#
# Hex encoded SSHA2-512 password
#
-update {
- &control.Password.With-Header += "{ssha512}%{hex:%{sha2_512:%{User-Password}%{Tmp-String-0}}}%{hex:%{Tmp-String-0}}"
+&control := {
+ &Password.With-Header = "{ssha512}%{hex:%{sha2_512:%{User-Password}%{Tmp-String-0}}}%{hex:%{Tmp-String-0}}"
}
pap.authorize
test_fail
}
-update {
- &control !* ANY
-}
-
#
# Base64 encoded SSHA2-512 password
#
-update {
- &control.Tmp-String-1 := "%{hex:%{sha2_512:%{User-Password}%{Tmp-String-0}}}%{hex:%{Tmp-String-0}}"
+&control := {
+ &Tmp-String-1 = "%{hex:%{sha2_512:%{User-Password}%{Tmp-String-0}}}%{hex:%{Tmp-String-0}}"
}
# To Binary
-update {
- &control.Tmp-Octets-0 := "%{bin:%{control.Tmp-String-1}}"
-}
+&control.Tmp-Octets-0 := "%{bin:%{control.Tmp-String-1}}"
# To Base64
-update {
- &control.Tmp-String-1 := "%{base64:%{control.Tmp-Octets-0}}"
-}
+&control.Tmp-String-1 := "%{base64:%{control.Tmp-Octets-0}}"
-update {
- &control.Password.With-Header += "{ssha512}%{control.Tmp-String-1}"
-}
+&control.Password.With-Header += "{ssha512}%{control.Tmp-String-1}"
pap.authorize
pap.authenticate {
test_fail
}
-update {
- &control !* ANY
-}
#
# Base64 of Base64 encoded SSHA2-512 password
#
-update {
- &control.Tmp-String-1 := "%{hex:%{sha2_512:%{User-Password}%{Tmp-String-0}}}%{hex:%{Tmp-String-0}}"
+&control := {
+ &Tmp-String-1 = "%{hex:%{sha2_512:%{User-Password}%{Tmp-String-0}}}%{hex:%{Tmp-String-0}}"
}
# To Binary
-update {
- &control.Tmp-Octets-0 := "%{bin:%{control.Tmp-String-1}}"
-}
+&control.Tmp-Octets-0 := "%{bin:%{control.Tmp-String-1}}"
# To Base64
-update {
- &control.Tmp-String-1 := "{ssha512}%{base64:%{control.Tmp-Octets-0}}"
-}
+&control.Tmp-String-1 := "{ssha512}%{base64:%{control.Tmp-Octets-0}}"
-update {
- &control.Password.With-Header += "%{base64:%{control.Tmp-String-1}}"
-}
+&control.Password.With-Header += "%{base64:%{control.Tmp-String-1}}"
pap.authorize
pap.authenticate {
test_fail
}
-update {
- &control !* ANY
-}
-
#
# Base64 of SHA2-384 password (in SHA2-Password)
#
-update control {
- &control.Password.SHA2 := "%{hex:%{sha2_384:%{User-Password}}}"
+&control := {
+ &Password.SHA2 = "%{hex:%{sha2_384:%{User-Password}}}"
}
pap.authorize
test_fail
}
-update {
- &control !* ANY
-}
-
-update control {
- &Auth-Type := Accept
-}
-
#
# Base64 of SHA2-256 password (in SHA2-256-Password)
#
-update control {
- &control.Password.SHA2-256 := "%{hex:%{sha2_256:%{User-Password}}}"
+&control := {
+ &Password.SHA2-256 = "%{hex:%{sha2_256:%{User-Password}}}"
}
pap.authorize
test_fail
}
-update {
- &control !* ANY
-}
-
#
# Base64 of SHA2-224 password (in SHA2-224-Password - No hex armour)
#
-update control {
- &control.Password.SHA2-224 := "%{sha2_224:%{User-Password}}"
+&control := {
+ &Password.SHA2-224 = "%{sha2_224:%{User-Password}}"
}
pap.authorize
test_fail
}
-update {
- &control !* ANY
-}
-
-
-update control {
- &Auth-Type := Accept
+&control := {
+ &Auth-Type = Accept
}
success
group {
parallel {
fail
- update request { # This should *NOT* be dispatched
+ group { # This should *NOT* be dispatched
&Tmp-String-0 := 'foo'
}
}
fail {
fail = 10 # Higher priority than ok and no longer action return
}
- update parent.request { # This should now be dispatched
- &Tmp-String-0 := 'foo'
+ group { # This should now be dispatched
+ &parent.request.Tmp-String-0 := 'foo'
}
}
actions {
# Ensure if one module yields, the rest execute
parallel {
reschedule
- update parent.request {
- &Tmp-String-0 := 'foo'
+ group {
+ &parent.request.Tmp-String-0 := 'foo'
}
}
-
-update request {
- &Tmp-String-0 := "%{rand:-1}"
-}
+&Tmp-String-0 := "%{rand:-1}"
#
-# Negative limit should have failed
+# Negative limit should have failed assignment
#
-if (&Tmp-String-0 != '') {
+if (&Tmp-String-0) {
test_fail
}
-update request {
- &Tmp-String-0 := "%{rand:hello world}"
-}
+&Tmp-String-0 := "%{rand:hello world}"
#
-# Invalid limit should have failed
+# Invalid limit should have failed assignment
#
-if (&Tmp-String-0 != '') {
+if (&Tmp-String-0) {
test_fail
}
-update request {
- &Tmp-Integer-0 := "%{rand:123}"
-}
+&Tmp-Integer-0 := "%{rand:123}"
#
-# Make sure random number is whithin limit
+# Make sure random number is within limit
#
if (&Tmp-Integer-0 < 0 || &Tmp-Integer-0 > 123) {
test_fail
-
-update request {
- &Tmp-String-0 := "%{randstr:%{Tmp-String-0}}"
- &Tmp-String-1 := "%{randstr:nnn}"
- &Tmp-String-2 := "%{randstr:24a}"
- &Tmp-String-3 := "%{randstr:1030aa}"
- &Tmp-String-4 := "%{randstr:G}"
- &Tmp-String-5 := "%{randstr:10b}"
+&request += {
+ &Tmp-String-1 = "%{randstr:nnn}"
+ &Tmp-String-2 = "%{randstr:24a}"
+ &Tmp-String-3 = "%{randstr:1030aa}"
+ &Tmp-String-5 = "%{randstr:10b}"
}
+#
+# These next two assignments fail, so they can't go
+# into the above list. If they were there, then the
+# entire list assignment would fail.
+#
+&Tmp-String-0 := "%{randstr:%{Tmp-String-0}}"
+&Tmp-String-4 := "%{randstr:G}"
+
#
# Empty output on empty input
#
#
# Check invalid character class
#
-if (&Tmp-String-4 != "") {
+if (&Tmp-String-4) {
test_fail
}
-# PRE: update if foreach
+# PRE: if foreach
#
# Redundant blocks.
#
# The first one fails, so the second one is used
#
-update request {
- &Tmp-Integer-0 := 0
- &Tmp-Integer-1 += 0
- &Tmp-Integer-1 += 1
- &Tmp-Integer-1 += 2
- &Tmp-Integer-1 += 3
- &Tmp-Integer-1 += 4
- &Tmp-Integer-1 += 5
- &Tmp-Integer-1 += 6
- &Tmp-Integer-1 += 7
- &Tmp-Integer-1 += 8
- &Tmp-Integer-1 += 9
+&request += {
+ &Tmp-Integer-0 = 0
+ &Tmp-Integer-1 = 0
+ &Tmp-Integer-1 = 1
+ &Tmp-Integer-1 = 2
+ &Tmp-Integer-1 = 3
+ &Tmp-Integer-1 = 4
+ &Tmp-Integer-1 = 5
+ &Tmp-Integer-1 = 6
+ &Tmp-Integer-1 = 7
+ &Tmp-Integer-1 = 8
+ &Tmp-Integer-1 = 9
}
redundant {
fail
}
else {
- update request {
- &Tmp-Integer-0 := "%{expr:%{Tmp-Integer-0} + 1}"
- &Filter-Id += "SUCCEED ODD %{Foreach-Variable-0} %{Tmp-Integer-0}"
+ &Tmp-Integer-0 += 1
+ &request += {
+ &Tmp-String-0 = "Succeed odd %{Foreach-Variable-0} %{Tmp-Integer-0}"
}
ok
}
fail
}
else {
- update request {
- &Tmp-Integer-0 := "%{expr:%{Tmp-Integer-0} + 1}"
- &Filter-Id += "SUCCEED EVEN %{Foreach-Variable-0} %{Tmp-Integer-0}"
+ &Tmp-Integer-0 += 1
+ &request += {
+ &Tmp-String-0 = "Succeed even %{Foreach-Variable-0} %{Tmp-Integer-0}"
}
ok
}
if (&Tmp-Integer-0 != "%{Tmp-Integer-1[#]}") {
test_fail
}
-else {
- success
-}
+
+success
-# PRE: update if foreach
+# PRE: if foreach
#
# Redundant blocks.
#
# The first one fails, so the second one is used
#
-update request {
- &Tmp-Integer-0 := 0
- &Tmp-Integer-1 += 0
- &Tmp-Integer-1 += 1
- &Tmp-Integer-1 += 2
- &Tmp-Integer-1 += 3
- &Tmp-Integer-1 += 4
- &Tmp-Integer-1 += 5
- &Tmp-Integer-1 += 6
- &Tmp-Integer-1 += 7
- &Tmp-Integer-1 += 8
- &Tmp-Integer-1 += 9
+&request += {
+ &Tmp-Integer-0 = 0
+ &Tmp-Integer-1 = 0
+ &Tmp-Integer-1 = 1
+ &Tmp-Integer-1 = 2
+ &Tmp-Integer-1 = 3
+ &Tmp-Integer-1 = 4
+ &Tmp-Integer-1 = 5
+ &Tmp-Integer-1 = 6
+ &Tmp-Integer-1 = 7
+ &Tmp-Integer-1 = 8
+ &Tmp-Integer-1 = 9
}
#
fail
}
else {
- update request {
- &Tmp-Integer-0 := "%{expr:%{Tmp-Integer-0} + 1}"
- &Filter-Id += "SUCCEED ODD %{Foreach-Variable-0} %{Tmp-Integer-0}"
+ &Tmp-Integer-0 += 1
+ &request += {
+ &Tmp-String-0 = "Succeed odd %{Foreach-Variable-0} %{Tmp-Integer-0}"
}
ok
}
fail
}
else {
- update request {
- &Tmp-Integer-0 := "%{expr:%{Tmp-Integer-0} + 1}"
- &Filter-Id += "SUCCEED EVEN %{Foreach-Variable-0} %{Tmp-Integer-0}"
+ &Tmp-Integer-0 += 1
+ &request += {
+ &Tmp-String-0 = "Succeed even %{Foreach-Variable-0} %{Tmp-Integer-0}"
}
ok
}
}
if (&Tmp-Integer-0 != "%{Tmp-Integer-1[#]}") {
- update reply {
- &Filter-Id := "shit %{Tmp-Integer-0}"
- }
test_fail
}
-else {
- success
-}
+
+success
-# PRE: update if foreach redundant redundant-load-balance
+# PRE: redundant redundant-load-balance
#
# Nested redundant blocks.
#
#
-update request {
- &Tmp-Integer-2 := 0
- &Tmp-Integer-3 := 0
- &Tmp-Integer-4 := 0
- &Tmp-Integer-5 := 0
+&request += {
+ &Tmp-Integer-2 = 0
+ &Tmp-Integer-3 = 0
+ &Tmp-Integer-4 = 0
+ &Tmp-Integer-5 = 0
}
redundant {
redundant-load-balance {
group {
- update request {
- &Tmp-Integer-2 := "%{expr:&Tmp-Integer-2 + 1}"
- }
+ &Tmp-Integer-2 += 1
fail
}
group {
- update request {
- &Tmp-Integer-3 := "%{expr:&Tmp-Integer-3 + 1}"
- }
+ &Tmp-Integer-3 += 1
fail
}
group {
- update request {
- &Tmp-Integer-4 := "%{expr:&Tmp-Integer-4 + 1}"
- }
+ &Tmp-Integer-4 += 1
fail
}
group {
- update request {
- &Tmp-Integer-5 := "%{expr:&Tmp-Integer-5 + 1}"
- }
+ &Tmp-Integer-5 += 1
fail
}
}
+
+ #
+ # All of the above fails, so we fail over to "ok".
+ #
ok
}
if (!ok) {
- update reply {
- &Filter-Id := "did not return OK"
- }
+ test_fail
return
}
if (&Tmp-Integer-2 != 1) {
test_fail
- return
}
if (&Tmp-Integer-3 != 1) {
#
-# PRE: update if
+# PRE: if
#
#
# Strings which are expanded in a regex have regex special
# characters escaped. Because the input strings are unsafe.
#
-update request {
- &Tmp-String-0 := "%{taint:example.com}"
- &Tmp-String-1 := "%{taint:exampleXcom}"
+&request += {
+ &Tmp-String-0 = "%{taint:example.com}"
+ &Tmp-String-1 = "%{taint:exampleXcom}"
}
if ("exampleXcom" =~ /%{Tmp-String-0}/) {
elsif (&Tmp-String-1 =~ /%{Tmp-String-0}/) {
test_fail
}
-else {
- success
-}
+
+success
#
-# PRE: update if regex-escape
+# PRE: if regex-escape
#
#
# Strings which are expanded in a regex have regex special
# characters escaped. Because the input strings are unsafe.
#
-update request {
- &Tmp-String-0 := "example.com"
- &Tmp-String-1 := "^foo$bar"
+&request += {
+ &Tmp-String-0 = "example.com"
+ &Tmp-String-1 = "^foo$bar"
}
if (&Tmp-String-0 !~ /example\.com$/) {
}
elsif (&Tmp-String-1 !~ /\^foo\$bar/) {
test_fail
-} else {
- success
}
+
+success
-# PRE: update if
+# PRE: if
-update request {
- &Tmp-Integer-0 := 0
-}
+&Tmp-Integer-0 := 0
group {
- update request {
- &Tmp-Integer-0 := "%{expr: &Tmp-Integer-0 + 1}"
- }
+ &Tmp-Integer-0 += 1
noop
actions {
#
-# PRE: update if
+# PRE: if
#
if (&User-Name == "bob") {
success
# will prevent the "pap" module from being run
# in the "authorize" section.
#
- update control {
- &Auth-Type := PAP
- }
+ &control.Auth-Type := PAP
#
# Stop processing "authorize", and go to the next section.
#
-# PRE: update if return foreach
+# PRE: if return foreach
#
-update control {
- &Tmp-Integer-0 += 0
- &Tmp-Integer-0 += 1
- &Tmp-Integer-0 += 2
- &Tmp-Integer-0 += 3
+&control += {
+ &Tmp-Integer-0 = 0
+ &Tmp-Integer-0 = 1
+ &Tmp-Integer-0 = 2
+ &Tmp-Integer-0 = 3
}
foreach &control.Tmp-Integer-0 {
break
}
- update control {
- &Tmp-Integer-0 -= "%{Foreach-Variable-0}"
+ &control -= {
+ &Tmp-Integer-0 == "%{Foreach-Variable-0}"
}
}
#
-# PRE: update if return
+# PRE: return
#
-update {
- &control.Auth-Type = 'Accept'
-}
+&control.Auth-Type := 'Accept'
group {
# Section should exit after this statement
}
# This entry should never be reached
- update {
- &reply.Reply-Message := 'fail'
- }
+ &reply.Reply-Message := 'fail'
}
# We should continue processing after the previous group.
-update {
- &reply.Reply-Message += 'pass'
-}
+&reply.Reply-Message := 'pass'
#
-# PRE: update if return
+# PRE: if return
#
if (&User-Name == "bob") {
ok
# will prevent the "pap" module from being run
# in the "authorize" section.
#
- update control {
- &Auth-Type := PAP
- }
+ &control.Auth-Type := PAP
#
# Stop processing "authorize", and go to the next section.
#
-# PRE: update if
+# PRE: if
#
if (&User-Name == 'bob') {
accept
#
-# PRE: update if return
+# PRE: if return
#
if ("no" == no) {
accept
#
-# PRE: update if return foreach
+# PRE: if return foreach
#
-update control {
- &Tmp-Integer-0 += 0
- &Tmp-Integer-0 += 1
- &Tmp-Integer-0 += 2
- &Tmp-Integer-0 += 3
+&control += {
+ &Tmp-Integer-0 = 0
+ &Tmp-Integer-0 = 1
+ &Tmp-Integer-0 = 2
+ &Tmp-Integer-0 = 3
}
group {
#
-# PRE: update if return
+# PRE: if return
#
# Defeats return check...
#
-# PRE: update if return
+# PRE: if return
#
group {
# Return must stop after the policy, otherwise we don't setup the test for success
projects / thirdparty / freeradius-server.git / commitdiff
