and mandate tmpl_require_enum=yes for them.
@echo "MODULE-TEST $(TEST)"
${Q}mkdir -p $(dir $@)
${Q}cp $(if $(wildcard $(basename $<).attrs),$(basename $<).attrs,src/tests/modules/default-input.attrs) $@.attrs
- ${Q}if ! MODULE_TEST_DIR=$(dir $<) MODULE_TEST_UNLANG=$< TEST="$(TEST)" $(TEST_BIN)/unit_test_module -D share/dictionary -d src/tests/modules/ -i "$@.attrs" -f "$@.attrs" -r "$@" -xxx > "$@.log" 2>&1 || ! test -f "$@"; then \
+ ${Q}if ! MODULE_TEST_DIR=$(dir $<) MODULE_TEST_UNLANG=$< TEST="$(TEST)" $(TEST_BIN)/unit_test_module -D share/dictionary -d src/tests/modules/ -i "$@.attrs" -f "$@.attrs" -r "$@" -xxx -S require_enum_prefix=yes > "$@.log" 2>&1 || ! test -f "$@"; then \
if ! grep ERROR $< 2>&1 > /dev/null; then \
if grep 'LeakSanitizer has encountered a fatal error' $@.log 2>&1 > /dev/null; then \
echo "MODULE-TEST $(TEST) - ignoring LeakSanitizer fatal error."; \
fi; \
cat "$@.log"; \
echo "# $@.log"; \
- echo "MODULE_TEST_DIR=$(dir $<) MODULE_TEST_UNLANG=$< $(TEST_BIN)/unit_test_module -D share/dictionary -d src/tests/modules/ -i \"$@.attrs\" -f \"$@.attrs\" -r \"$@\" -xx"; \
+ echo "MODULE_TEST_DIR=$(dir $<) MODULE_TEST_UNLANG=$< $(TEST_BIN)/unit_test_module -D share/dictionary -d src/tests/modules/ -i \"$@.attrs\" -f \"$@.attrs\" -r \"$@\" -S require_enum_prefix=yes -xx"; \
exit 1; \
fi; \
FOUND=$$(grep -E 'Error : $<' $@.log | head -1 | sed 's/.*\[//;s/\].*//'); \
# Set status to "notfound". xlat should expand to previous status, "alive"
#
if (%db_status('notfound') != "alive") {
- &reply += {
- &Reply-Message = "Failure in test at line %interpreter(...line)"
+ reply += {
+ Reply-Message = "Failure in test at line %interpreter(...line)"
}
}
#
db_status
if (!notfound) {
- &reply += {
- &Reply-Message = "Failure in test at line %interpreter(...line)"
+ reply += {
+ Reply-Message = "Failure in test at line %interpreter(...line)"
}
}
# Fetch status using xlat without setting the status
#
if (%db_status() != "notfound") {
- &reply += {
- &Reply-Message = "Failure in test at line %interpreter(...line)"
+ reply += {
+ Reply-Message = "Failure in test at line %interpreter(...line)"
}
}
#
db_status
if (notfound) {
- &reply += {
- &Reply-Message = "success"
+ reply += {
+ Reply-Message = "success"
}
}
}
if (fail) {
- &reply.Reply-Message := "success"
+ reply.Reply-Message := "success"
}
&control.Password.Cleartext := "hello"
fail = 1
}
if (!fail) {
- &reply += {
- &Reply-Message = "Failure in test at line %interpreter(...line)"
+ reply += {
+ Reply-Message = "Failure in test at line %interpreter(...line)"
}
}
%db_status('alive')
db_status
if (ok) {
- &reply += {
- &Reply-Message = "success"
+ reply += {
+ Reply-Message = "success"
}
}
&control.Password.Cleartext := "goodbye"
&reply += {
- &Reply-Message = "success"
+ Reply-Message = "success"
}
# Copy request to reply for later
-&reply := &request
+&reply := request
attr_filter
-if ((!&NAS-Port) || (&NAS-Port != 10)) {
+if ((!NAS-Port) || (NAS-Port != 10)) {
test_fail
}
-if (&Idle-Timeout) {
+if (Idle-Timeout) {
test_fail
}
-if ((&Called-Station-Id != "bar") || (&Called-Station-Id[1])) {
+if ((Called-Station-Id != "bar") || (Called-Station-Id[1])) {
test_fail
}
-if ((&Service-Type != 5) || (&Service-Type[1])) {
+if ((Service-Type != 5) || (Service-Type[1])) {
test_fail
}
-if ((&Framed-IP-Address != 192.168.10.20) || (&Framed-IP-Address[1])) {
+if ((Framed-IP-Address != 192.168.10.20) || (Framed-IP-Address[1])) {
test_fail
}
-if ((&Calling-Station-Id != "bob") || (&Calling-Station-Id[1] != "jim") || (&Calling-Station-Id[2])) {
+if ((Calling-Station-Id != "bob") || (Calling-Station-Id[1] != "jim") || (Calling-Station-Id[2])) {
test_fail
}
-if (!&reply.Idle-Timeout) {
+if (!reply.Idle-Timeout) {
test_fail
}
#
attr_filter.reply
-if (!&NAS-Port || &NAS-Port != 10) {
+if (!NAS-Port || NAS-Port != 10) {
test_fail
}
-if (&reply.Idle-Timeout) {
+if (reply.Idle-Timeout) {
test_fail
}
&reply := {}
&control.Password.Cleartext := "goodbye"
-&reply.Reply-Message := &Reply-Message
+&reply.Reply-Message := Reply-Message
string compressed
string decompressed
- &uncompressed := "cn=subscriber12345,ou=subscribers,dc=example,dc=com"
- &compressed := %brotli.compress(%{uncompressed})
+ uncompressed := "cn=subscriber12345,ou=subscribers,dc=example,dc=com"
+ compressed := %brotli.compress(%{uncompressed})
if (%length(%{compressed}) == 0) {
test_fail
test_fail
}
- &decompressed := %brotli.decompress(%{compressed})
- if (&decompressed != &uncompressed) {
+ decompressed := %brotli.decompress(%{compressed})
+ if (decompressed != uncompressed) {
test_fail
}
}
string compressed
string decompressed
- &uncompressed := ""
- &compressed := %brotli.compress(%{uncompressed})
+ uncompressed := ""
+ compressed := %brotli.compress(%{uncompressed})
# Should have a brotli header
if (%length(%{compressed}) != 1) {
test_fail
}
- &decompressed := %brotli.decompress(%{compressed})
- if (&decompressed != &uncompressed) {
+ decompressed := %brotli.decompress(%{compressed})
+ if (decompressed != uncompressed) {
test_fail
}
ttl = 5
update {
- &Callback-Id := &control.Callback-Id[0]
- &NAS-Port := &control.NAS-Port[0]
- &control += &reply
+ Callback-Id := control.Callback-Id[0]
+ NAS-Port := control.NAS-Port[0]
+ control += reply
}
add_stats = yes
#
update {
# Copy reply to session-state
- &session-state += &reply
+ session-state += reply
# Implicit cast between types (and multivalue copy)
- &Filter-Id += &NAS-Port[*]
+ Filter-Id += NAS-Port[*]
# Cache the result of an exec
- &Callback-Id := `/bin/echo 'echo test'`
+ Callback-Id := `/bin/echo 'echo test'`
# Create three string values and overwrite the middle one
- &Login-LAT-Service += 'foo'
- &Login-LAT-Service += 'bar'
- &Login-LAT-Service += 'baz'
+ Login-LAT-Service += 'foo'
+ Login-LAT-Service += 'bar'
+ Login-LAT-Service += 'baz'
- &Login-LAT-Service[1] := 'rab'
+ Login-LAT-Service[1] := 'rab'
# Create three string values, then remove one
- &Login-LAT-Node += 'foo'
- &Login-LAT-Node += 'bar'
- &Login-LAT-Node += 'baz'
+ Login-LAT-Node += 'foo'
+ Login-LAT-Node += 'bar'
+ Login-LAT-Node += 'baz'
- &Login-LAT-Node -= 'bar'
+ Login-LAT-Node -= 'bar'
}
}
# options = "--SERVER=$ENV{CACHE_MEMCACHED_TEST_SERVER}"
# }
-# key = &Class
+# key = Class
# ttl = 5
# update {
-# &Callback-Id := &Callback-Id[0]
+# Callback-Id := Callback-Id[0]
# }
#}
# options = "--SERVER=$ENV{CACHE_MEMCACHED_TEST_SERVER}"
# }
-# key = &Framed-IP-Address
+# key = Framed-IP-Address
# ttl = 5
# update {
-# &Callback-Id := &Callback-Id[0]
+# Callback-Id := Callback-Id[0]
# }
#}
ttl = 5
update {
- &Callback-Id := &Callback-Id[0]
+ Callback-Id := Callback-Id[0]
}
}
&Callback-Id := "foo\000bar\000baz"
# 0. Sanity check
-if (&Callback-Id != "foo\000bar\000baz") {
+if (Callback-Id != "foo\000bar\000baz") {
test_fail
}
test_fail
}
-&request -= &Callback-Id[*]
+&request -= Callback-Id[*]
# If the key is binary safe, we should now be able to retrieve the first entry
# if it's not, the above test will likely fail, or we'll get the second entry.
test_fail
}
-if (&Callback-Id != "foo\000bar\000baz") {
+if (Callback-Id != "foo\000bar\000baz") {
test_fail
}
-&request -= &Callback-Id[*]
+&request -= Callback-Id[*]
# Now try and get the second entry
&Class := 0xaa00bb00cc00ee00
test_fail
}
-if (&Callback-Id != "bar\000baz") {
+if (Callback-Id != "bar\000baz") {
test_fail
}
-&request -= &Callback-Id[*]
+&request -= Callback-Id[*]
#
# We should also be able to use any fixed length data type as a key
test_fail
}
-&request -= &Callback-Id[*]
+&request -= Callback-Id[*]
# Now retrieve the first entry
&Framed-IP-Address := 192.168.0.1
test_fail
}
-if (&Callback-Id != "foo\000bar\000baz") {
+if (Callback-Id != "foo\000bar\000baz") {
test_fail
}
-&request -= &Callback-Id[*]
+&request -= Callback-Id[*]
# Now try and get the second entry
&Framed-IP-Address := 192.168.0.2
test_fail
}
-if (&Callback-Id != "bar\000baz") {
+if (Callback-Id != "bar\000baz") {
test_fail
}
-&request -= &Callback-Id[*]
+&request -= Callback-Id[*]
test_pass
}
# 1. Check the module didn't perform a merge
-if (&Callback-Id) {
+if (Callback-Id) {
test_fail
}
}
# 3.
-if (&control.Cache-Status-Only) {
+if (control.Cache-Status-Only) {
test_fail
}
}
# 5.
-if (&Callback-Id != &control.Callback-Id) {
+if (Callback-Id != control.Callback-Id) {
test_fail
}
# 6. Retrieving the entry should not expire it
-&request -= &Callback-Id[*]
+&request -= Callback-Id[*]
cache
if (!updated) {
}
# 7.
-if (&Callback-Id != &control.Callback-Id) {
+if (Callback-Id != control.Callback-Id) {
test_fail
}
else {
}
# 10.
-if (&control.Cache-Status-Only) {
+if (control.Cache-Status-Only) {
test_fail
}
}
# 12.
-if (&control.Cache-Allow-Merge) {
+if (control.Cache-Allow-Merge) {
test_fail
}
}
# 16.
-if (&control.Cache-TTL) {
+if (control.Cache-TTL) {
test_fail
}
# 17.
-if (&Callback-Id != &control.Callback-Id) {
+if (Callback-Id != control.Callback-Id) {
test_fail
}
}
# 19. Request Callback-Id shouldn't have been updated yet
-if (&Callback-Id == &control.Callback-Id) {
+if (Callback-Id == control.Callback-Id) {
test_fail
}
}
# 21. Request Callback-Id still shouldn't have been updated yet
-if (&Callback-Id == &control.Callback-Id) {
+if (Callback-Id == control.Callback-Id) {
test_fail
}
}
# 23. Request Callback-Id should now have been updated
-if (&Callback-Id != &control.Callback-Id) {
+if (Callback-Id != control.Callback-Id) {
test_fail
}
}
# 25. Request Callback-Id should now have been updated
-if (&Callback-Id != &control.Callback-Id) {
+if (Callback-Id != control.Callback-Id) {
test_fail
}
# 26. Check Cache-Entry-Hits is updated as we expect
-if (&Cache-Entry-Hits != 0) {
+if (Cache-Entry-Hits != 0) {
test_fail
}
cache
-if (&Cache-Entry-Hits != 1) {
+if (Cache-Entry-Hits != 1) {
test_fail
}
&Callback-Id := "foo\000bar\000baz"
# 0. Sanity check
-if (&Callback-Id != "foo\000bar\000baz") {
+if (Callback-Id != "foo\000bar\000baz") {
test_fail
}
test_fail
}
-&request -= &Callback-Id[*]
+&request -= Callback-Id[*]
# If the key is binary safe, we should now be able to retrieve the first entry
# if it's not, the above test will likely fail, or we'll get the second entry.
test_fail
}
-if (&Callback-Id != "foo\000bar\000baz") {
+if (Callback-Id != "foo\000bar\000baz") {
test_fail
}
-&request -= &Callback-Id[*]
+&request -= Callback-Id[*]
# Now try and get the second entry
&Class := 0xaa11bb00cc00ee00
test_fail
}
-if (&Callback-Id != "bar\000baz") {
+if (Callback-Id != "bar\000baz") {
test_fail
}
-&request -= &Callback-Id[*]
+&request -= Callback-Id[*]
#
# We should also be able to use any fixed length data type as a key
test_fail
}
-&request -= &Callback-Id[*]
+&request -= Callback-Id[*]
# Now retrieve the first entry
&Framed-IP-Address := 192.168.1.1
test_fail
}
-if (&Callback-Id != "foo\000bar\000baz") {
+if (Callback-Id != "foo\000bar\000baz") {
test_fail
}
-&request -= &Callback-Id[*]
+&request -= Callback-Id[*]
# Now try and get the second entry
&Framed-IP-Address := 192.168.1.2
test_fail
}
-if (&Callback-Id != "bar\000baz") {
+if (Callback-Id != "bar\000baz") {
test_fail
}
-&request -= &Callback-Id[*]
+&request -= Callback-Id[*]
test_pass
}
# 1. Check the module didn't perform a merge
-if (&Callback-Id) {
+if (Callback-Id) {
test_fail
}
}
# 4.
-if (&Callback-Id != &control.Callback-Id) {
+if (Callback-Id != control.Callback-Id) {
test_fail
}
# 5. Retrieving the entry should not expire it
-&request -= &Callback-Id[*]
+&request -= Callback-Id[*]
cache.load
if (!updated) {
}
# 6.
-if (&Callback-Id != &control.Callback-Id) {
+if (Callback-Id != control.Callback-Id) {
test_fail
}
}
# 13.
-if (&Cache-TTL) {
+if (Cache-TTL) {
test_fail
}
# 14.
-if (&Callback-Id != &control.Callback-Id) {
+if (Callback-Id != control.Callback-Id) {
test_fail
}
}
# 19. Request Callback-Id shouldn't have been updated yet
-if (&Callback-Id == &control.Callback-Id) {
+if (Callback-Id == control.Callback-Id) {
test_fail
}
}
# 21. Request Callback-Id still shouldn't have been updated yet
-if (&Callback-Id == &control.Callback-Id) {
+if (Callback-Id == control.Callback-Id) {
test_fail
}
}
# 23. Request Callback-Id should now have been updated
-if (&Callback-Id != &control.Callback-Id) {
+if (Callback-Id != control.Callback-Id) {
test_fail
}
}
# 25. Request Callback-Id should now have been updated
-if (&Callback-Id != &control.Callback-Id) {
+if (Callback-Id != control.Callback-Id) {
test_fail
}
# 26. Check Cache-Entry-Hits is updated as we expect
-if (&Cache-Entry-Hits != 0) {
+if (Cache-Entry-Hits != 0) {
test_fail
}
cache.load
-if (&Cache-Entry-Hits != 1) {
+if (Cache-Entry-Hits != 1) {
test_fail
}
# Reply attributes
&reply.Reply-Message := 'hello'
&reply += {
- &Reply-Message = 'goodbye'
+ Reply-Message = 'goodbye'
}
# Request attributes
&request += {
- &NAS-Port = 10
- &NAS-Port = 20
- &NAS-Port = 30
+ NAS-Port = 10
+ NAS-Port = 20
+ NAS-Port = 30
}
#
test_fail
}
-if (&session-state.Reply-Message[0] != 'hello') {
+if (session-state.Reply-Message[0] != 'hello') {
test_fail
}
-if (&session-state.Reply-Message[1] != 'goodbye') {
+if (session-state.Reply-Message[1] != 'goodbye') {
test_fail
}
# Callback-Id should hold the result of the exec
-if (&Callback-Id != 'echo test') {
+if (Callback-Id != 'echo test') {
test_pass
}
test_fail
}
-if (&Login-LAT-Service[0] != 'foo') {
+if (Login-LAT-Service[0] != 'foo') {
test_fail
}
debug_request
-if (&Login-LAT-Service[1] != 'rab') {
+if (Login-LAT-Service[1] != 'rab') {
test_fail
}
-if (&Login-LAT-Service[2] != 'baz') {
+if (Login-LAT-Service[2] != 'baz') {
test_fail
}
subrequest @dhcpv4::Discover {
subrequest @radius::Access-Request {
caller dhcpv4 {
- &parent.Gateway-IP-Address = 127.0.0.1
- &parent.control.Your-IP-Address = 127.0.0.2
- &outer.control.Framed-IP-Address = 127.0.0.3
+ parent.Gateway-IP-Address = 127.0.0.1
+ parent.control.Your-IP-Address = 127.0.0.2
+ outer.control.Framed-IP-Address = 127.0.0.3
cache_not_radius
if (!ok) {
reject
}
- if (!&parent.Your-IP-Address) {
+ if (!parent.Your-IP-Address) {
reject
}
- if (!&outer.Framed-IP-Address) {
+ if (!outer.Framed-IP-Address) {
reject
}
}
}
if (updated) {
- &control.Auth-Type := ::Accept
+ control.Auth-Type := ::Accept
}
# Reply attributes
&reply.Reply-Message := 'hello'
&reply += {
- &Reply-Message = 'goodbye'
+ Reply-Message = 'goodbye'
}
# Request attributes
&request += {
- &NAS-Port = 10
- &NAS-Port = 20
- &NAS-Port = 30
+ NAS-Port = 10
+ NAS-Port = 20
+ NAS-Port = 30
}
#
test_fail
}
-if (&session-state.Reply-Message[0] != 'hello') {
+if (session-state.Reply-Message[0] != 'hello') {
test_fail
}
-if (&session-state.Reply-Message[1] != 'goodbye') {
+if (session-state.Reply-Message[1] != 'goodbye') {
test_fail
}
# Callback-Id should hold the result of the exec
-if (&Callback-Id != 'echo test') {
+if (Callback-Id != 'echo test') {
test_fail
}
test_fail
}
-if (&Login-LAT-Service[0] != 'foo') {
+if (Login-LAT-Service[0] != 'foo') {
test_fail
}
debug_request
-if (&Login-LAT-Service[1] != 'rab') {
+if (Login-LAT-Service[1] != 'rab') {
test_fail
}
-if (&Login-LAT-Service[2] != 'baz') {
+if (Login-LAT-Service[2] != 'baz') {
test_fail
}
&request.Login-LAT-Service := %cache('request.Callback-Id')
-if (&Login-LAT-Service != &control.Callback-Id) {
+if (Login-LAT-Service != control.Callback-Id) {
test_fail
}
&Login-LAT-Node := %cache(request.Login-LAT-Port)
-if (&Login-LAT-Node) {
+if (Login-LAT-Node) {
test_fail
}
ttl = 5
update {
- &Callback-Id := &control.Callback-Id[0]
- &NAS-Port := &control.NAS-Port[0]
- &control += &reply
+ Callback-Id := control.Callback-Id[0]
+ NAS-Port := control.NAS-Port[0]
+ control += reply
}
add_stats = yes
#
update {
# Copy reply to session-state
- &session-state += &reply
+ session-state += reply
# Implicit cast between types (and multivalue copy)
- &Filter-Id += &NAS-Port[*]
+ Filter-Id += NAS-Port[*]
# Cache the result of an exec
- &Callback-Id := `/bin/echo 'echo test'`
+ Callback-Id := `/bin/echo 'echo test'`
# Create three string values and overwrite the middle one
- &Login-LAT-Service += 'foo'
- &Login-LAT-Service += 'bar'
- &Login-LAT-Service += 'baz'
+ Login-LAT-Service += 'foo'
+ Login-LAT-Service += 'bar'
+ Login-LAT-Service += 'baz'
- &Login-LAT-Service[1] := 'rab'
+ Login-LAT-Service[1] := 'rab'
# Create three string values, then remove one
- &Login-LAT-Node += 'foo'
- &Login-LAT-Node += 'bar'
- &Login-LAT-Node += 'baz'
+ Login-LAT-Node += 'foo'
+ Login-LAT-Node += 'bar'
+ Login-LAT-Node += 'baz'
- &Login-LAT-Node -= 'bar'
+ Login-LAT-Node -= 'bar'
}
}
cache cache_bin_key_octets {
driver = "rbtree"
- key = &Class
+ key = Class
ttl = 5
update {
- &Callback-Id := &Callback-Id[0]
+ Callback-Id := Callback-Id[0]
}
}
cache cache_bin_key_ipaddr {
driver = "rbtree"
- key = &Framed-IP-Address
+ key = Framed-IP-Address
ttl = 5
update {
- &Callback-Id := &Callback-Id[0]
+ Callback-Id := Callback-Id[0]
}
}
cache cache_not_radius {
driver = "rbtree"
- key = &parent.Gateway-IP-Address
+ key = parent.Gateway-IP-Address
update {
- &parent.Your-IP-Address := &parent.control.Your-IP-Address
- &outer.Framed-IP-Address := &outer.control.Framed-IP-Address
+ parent.Your-IP-Address := parent.control.Your-IP-Address
+ outer.Framed-IP-Address := outer.control.Framed-IP-Address
}
}
ttl = 5
update {
- &Callback-Id := &Callback-Id[0]
+ Callback-Id := Callback-Id[0]
}
}
ttl = 5
update {
- &Callback-Id := &control.Callback-Id[0]
- &NAS-Port := &control.NAS-Port[0]
- &control += &reply
+ Callback-Id := control.Callback-Id[0]
+ NAS-Port := control.NAS-Port[0]
+ control += reply
}
add_stats = yes
#
update {
# Copy reply to session-state
- &session-state += &reply
+ session-state += reply
# Implicit cast between types (and multivalue copy)
- &Filter-Id += &NAS-Port[*]
+ Filter-Id += NAS-Port[*]
# Cache the result of an exec
- &Callback-Id := `/bin/echo 'echo test'`
+ Callback-Id := `/bin/echo 'echo test'`
# Create three string values and overwrite the middle one
- &Login-LAT-Service += 'foo'
- &Login-LAT-Service += 'bar'
- &Login-LAT-Service += 'baz'
+ Login-LAT-Service += 'foo'
+ Login-LAT-Service += 'bar'
+ Login-LAT-Service += 'baz'
- &Login-LAT-Service[1] := 'rab'
+ Login-LAT-Service[1] := 'rab'
# Create three string values, then remove one
- &Login-LAT-Node += 'foo'
- &Login-LAT-Node += 'bar'
- &Login-LAT-Node += 'baz'
+ Login-LAT-Node += 'foo'
+ Login-LAT-Node += 'bar'
+ Login-LAT-Node += 'baz'
- &Login-LAT-Node -= 'bar'
+ Login-LAT-Node -= 'bar'
}
}
server = $ENV{CACHE_REDIS_TEST_SERVER}:30006
}
- key = &Class
+ key = Class
ttl = 5
update {
- &Callback-Id := &Callback-Id[0]
+ Callback-Id := Callback-Id[0]
}
}
server = $ENV{CACHE_REDIS_TEST_SERVER}:30006
}
- key = &Framed-IP-Address
+ key = Framed-IP-Address
ttl = 5
update {
- &Callback-Id := &Callback-Id[0]
+ Callback-Id := Callback-Id[0]
}
}
ttl = 5
update {
- &Callback-Id := &Callback-Id[0]
+ Callback-Id := Callback-Id[0]
}
}
chap.authenticate
if (ok) {
- &control.Auth-Type := ::Accept
+ control.Auth-Type := ::Accept
}
&test_string1 := "Hello world!"
&test_octets1 := %cipher_rsa.encrypt(%{test_string1})
-if (!&test_octets1) {
+if (!test_octets1) {
test_fail
}
-if ((octets)&test_string1 == &test_octets1) {
+if ((octets)test_string1 == test_octets1) {
test_fail
}
&test_string2 := %cipher_rsa.decrypt(%{test_octets1})
-if (&test_string1 != &test_string2) {
+if (test_string1 != test_string2) {
test_fail
}
#
&test_octets2 := %cipher_rsa.encrypt(%{test_string1})
-if (&test_octets1 == &test_octets2) {
+if (test_octets1 == test_octets2) {
test_fail
}
&test_string1 := "Goodbye world!"
&test_octets1 := %cipher_rsa.encrypt(%{test_string1})
-if (!&test_octets1) {
+if (!test_octets1) {
test_fail
}
-if ((octets)&test_string1 == &test_octets1) {
+if ((octets)test_string1 == test_octets1) {
test_fail
}
&test_string2 := %cipher_rsa.decrypt(%{test_octets1})
-if (&test_string1 != &test_string2) {
+if (test_string1 != test_string2) {
test_fail
}
else {
&test_string := "Hello world!"
&test_octets := %cipher_rsa.sign(%{test_string})
-if (!&test_octets) {
+if (!test_octets) {
test_fail
}
-if ((octets)&test_string[0] == &test_octets[0]) {
+if ((octets)test_string[0] == test_octets[0]) {
test_fail
}
#
&test_string := %cipher_rsa.verify(%{test_octets}, %{test_string})
-if (&test_string != 'yes') {
+if (test_string != 'yes') {
test_fail
}
&test_string := "Goodbye world!"
&test_string := %cipher_rsa.verify(%{test_octets}, %{test_string})
-if (&test_string != 'no') {
+if (test_string != 'no') {
test_fail
}
&test_string := "Hello nurse!"
&test_octets := %cipher_rsa.sign(%{test_string})
-if (!&test_octets) {
+if (!test_octets) {
test_fail
}
-if ((octets)&test_string[0] == &test_octets[0]) {
+if ((octets)test_string[0] == test_octets[0]) {
test_fail
}
#
&test_string := %cipher_rsa.verify(%{test_octets}, %{test_string})
-if (&test_string != 'yes') {
+if (test_string != 'yes') {
test_fail
}
&test_string := "Goodbye nurse!"
&test_string := %cipher_rsa.verify(%{test_octets}, %{test_string})
-if (&test_string != 'no') {
+if (test_string != 'no') {
test_fail
}
&test_date2 := "%cipher_rsa.certificate(notAfter)"
# Check the cert validity period is 30 days
-if !((&test_date2 - &test_date1) == ((time_delta) (86400 * 60))) {
+if !((test_date2 - test_date1) == ((time_delta) (86400 * 60))) {
test_fail
} else {
test_pass
map client {
- &Filter-Id := 'nas_type'
+ Filter-Id := 'nas_type'
}
-if (&Filter-Id != 'a_type') {
+if (Filter-Id != 'a_type') {
test_fail
}
map client 127.0.0.1 {
- &Filter-Id := 'nas_type'
+ Filter-Id := 'nas_type'
}
-if (&Filter-Id != 'a_type') {
+if (Filter-Id != 'a_type') {
test_fail
}
map client 127.0.0.2 {
- &Filter-Id := 'nas_type'
+ Filter-Id := 'nas_type'
}
-if (&Filter-Id != 'b_type') {
+if (Filter-Id != 'b_type') {
test_fail
}
map client 127.0.0.5 {
- &Filter-Id := 'nas_type'
+ Filter-Id := 'nas_type'
}
-if (&Filter-Id != 'b_type') {
+if (Filter-Id != 'b_type') {
test_fail
}
# Test multi-valued maps
#
map client {
- &Callback-Id += 'group'
+ Callback-Id += 'group'
}
-if (&Callback-Id[0] != 'a') {
+if (Callback-Id[0] != 'a') {
test_fail
}
-if (&Callback-Id[1] != 'b') {
+if (Callback-Id[1] != 'b') {
test_fail
}
-if (&Callback-Id[2] != 'c') {
+if (Callback-Id[2] != 'c') {
test_fail
}
-&request -= &Filter-Id[*]
+&request -= Filter-Id[*]
map client 127.0.0.2 {
- &Filter-Id += 'group'
+ Filter-Id += 'group'
}
-if (&Filter-Id[0] != 'd') {
+if (Filter-Id[0] != 'd') {
test_fail
}
-if (&Filter-Id[1] != 'e') {
+if (Filter-Id[1] != 'e') {
test_fail
}
-if (&Filter-Id[2] != 'f') {
+if (Filter-Id[2] != 'f') {
test_fail
}
-&request -= &Filter-Id[*]
-&request -= &Callback-Id[*]
+&request -= Filter-Id[*]
+&request -= Callback-Id[*]
#
# Test non-existent client properties
#
map client {
- &Filter-Id := 'non-existent-attr'
- &Callback-Id += 'non-existing-attr2'
+ Filter-Id := 'non-existent-attr'
+ Callback-Id += 'non-existing-attr2'
}
-if (&Filter-Id) {
+if (Filter-Id) {
test_fail
}
-if (&Callback-Id) {
+if (Callback-Id) {
test_fail
}
&test_string := "%client('nas_type')"
-if (&test_string != 'a_type') {
+if (test_string != 'a_type') {
test_fail
}
&test_string := "%client('nas_type',127.0.0.1)"
-if (&test_string != 'a_type') {
+if (test_string != 'a_type') {
test_fail
}
&test_string := "%client('nas_type',127.0.0.2)"
-if (&test_string != 'b_type') {
+if (test_string != 'b_type') {
test_fail
}
&test_string := "%client('nas_type',127.0.0.5)"
-if (&test_string != 'b_type') {
+if (test_string != 'b_type') {
test_fail
}
# Test non-existent client properties
#
&test_string := "%client('non-existent-attr')"
-if !(&test_string == "") {
+if !(test_string == "") {
test_fail
}
&test_string := "%client('non-existing-attr2')"
-if !(&test_string == "") {
+if !(test_string == "") {
test_fail
}
%file.rm("$ENV{MODULE_TEST_DIR}/127-2e0-2e0-2e1-with--n-c3-b6n--ascii-21")
-&request -= &Module-Failure-Message[*]
+&request -= Module-Failure-Message[*]
detail_escape
%file.rm("$ENV{MODULE_TEST_DIR}/127.0.0.1-detail")
-&request -= &Module-Failure-Message[*]
+&request -= Module-Failure-Message[*]
detail
%file.rm("$ENV{MODULE_TEST_DIR}/127.0.0.1-suppress")
-&request -= &Module-Failure-Message[*]
+&request -= Module-Failure-Message[*]
detail_suppress
#
&result_string := %3gpp_temporary_id_decrypt(%{control.User-Name},%{test_string})
-if (&result_string != &User-Name) {
+if (result_string != User-Name) {
test_fail
}
#
-# 1.0 Now try with the hint coming from &request.EAP-Type
+# 1.0 Now try with the hint coming from request.EAP-Type
#
-if (&User-Name =~ /^[0-9](.*)/) {
- &request += {
- &User-Name = "%{1}"
- &EAP-Type = ::AKA
+if (User-Name =~ /^[0-9](.*)/) {
+ request += {
+ User-Name = "%{1}"
+ EAP-Type = ::AKA
}
}
#
&test_string := '1420032219455259'
&control += {
- &User-Name = %3gpp_temporary_id_encrypt(%{User-Name[1]},%{test_string},6)
+ User-Name = %3gpp_temporary_id_encrypt(%{User-Name[1]},%{test_string},6)
}
#
#
&result_string := %3gpp_temporary_id_decrypt(%{control.User-Name[1]},%{test_string})
-if (&result_string != "0%{User-Name[1]}") {
+if (result_string != "0%{User-Name[1]}") {
test_fail
}
#
&test_string := '1420032219455259'
&control += {
- &User-Name = %3gpp_temporary_id_encrypt(%{User-Name[1]},%{test_string},6,fastauth)
+ User-Name = %3gpp_temporary_id_encrypt(%{User-Name[1]},%{test_string},6,fastauth)
}
#
#
&result_string := %3gpp_temporary_id_decrypt(%{control.User-Name[2]},%{test_string})
-if (&result_string != "0%{User-Name[1]}") {
+if (result_string != "0%{User-Name[1]}") {
test_fail
}
&result_string := %3gpp_temporary_id_decrypt(%{control.User-Name}, %{test_string}, 'false')
if ("%{User-Name}" =~ /^0(.*)/) {
- if (!&result_string || (&result_string == '') || (%{result_string} != "%{1}")) {
+ if (!result_string || (result_string == '') || (%{result_string} != "%{1}")) {
test_fail
}
}
# because we don't wait for the response.
#
&test_string := %exec_async('/bin/sh','-c',"'echo -n hello'")
-if &test_string {
+if test_string {
test_fail
}
# Async calls should not have their output added to the request
#
-if (&reply.Reply-Message == 'hello') {
+if (reply.Reply-Message == 'hello') {
test_fail
}
# after the test exits.
#
&test_string := %exec_async('/bin/sh','-c',"'sleep 1'")
-if &test_string {
+if test_string {
test_fail
}
#!/bin/sh
-echo Filter-Id := $1
-echo Callback-Id := \"${CALLED_STATION_ID}\"
-echo reply.Filter-Id := $1
+echo "Filter-Id := '$1'"
+echo "Callback-Id := '${CALLED_STATION_ID}'"
+echo "reply.Filter-Id := '$1'"
exit 0;
# because we don't wait for the response.
#
&test_string := %exec('/bin/sh', '-c', 'echo hello')
-if (&test_string != 'hello') {
+if (test_string != 'hello') {
test_fail
}
#
&control += %exec('/bin/sh', '-c', "echo Reply-Message := \'hello\'")
-if (&control.Reply-Message != 'hello') {
+if (control.Reply-Message != 'hello') {
test_fail
} else {
test_pass
#!/bin/sh
-echo NAS-Identifier := Failure
+echo "NAS-Identifier := 'Failure'"
# exit status 7 maps to module exit code "notfound"
exit 7
exec {
wait = yes
- input_pairs = &request
+ input_pairs = request
shell_escape = yes
timeout = 10
}
exec exec_async {
wait = no
- input_pairs = &request
+ input_pairs = request
shell_escape = yes
timeout = 10
}
exec exec_async_mod {
wait = no
- input_pairs = &request
+ input_pairs = request
shell_escape = yes
timeout = 10
program = '''/bin/sh -c "echo \"Called-Station-Id = 'welcome'\" " '''
exec exec_sync {
wait = yes
- input_pairs = &control
+ input_pairs = control
shell_escape = yes
timeout = 1
}
exec exec_sync_mod {
wait = yes
- input_pairs = &control
- output_pairs = &control
+ input_pairs = control
+ output_pairs = control
shell_escape = yes
timeout = 10
program = '''/bin/sh -c "echo \"Called-Station-Id = 'welcome'\" " '''
exec exec_sync_attrs {
wait = yes
- input_pairs = &request
- output_pairs = &control
+ input_pairs = request
+ output_pairs = control
shell_escape = yes
timeout = 10
program = "/bin/sh $ENV{MODULE_TEST_DIR}/attrs.sh %{User-Name}"
exec exec_sync_fail {
wait = yes
- output_pairs = &control
+ output_pairs = control
timeout = 10
program = "/bin/sh $ENV{MODULE_TEST_DIR}/fail.sh"
}
exec exec_sync_xlat_args {
wait = yes
- output_pairs = &control
+ output_pairs = control
timeout = 10
program = "/bin/sh $ENV{MODULE_TEST_DIR}/attrs.sh %toupper(%{User-Name})"
}
# Sync calls return the response
#
&test_string := %exec_sync('/bin/sh', '-c', "echo 'hello'")
-if (&test_string != 'hello') {
+if (test_string != 'hello') {
test_fail
}
#
# Call something which will take longer than the timeout
#
-&request -= &Module-Failure-Message
+&request -= Module-Failure-Message
&test_string := %exec_sync('/bin/sleep', '10')
-if (&Module-Failure-Message != "Execution of external program failed: Timeout running program") {
+if (Module-Failure-Message != "Execution of external program failed: Timeout running program") {
test_fail
}
-if &test_string {
+if test_string {
test_fail
}
-&request -= &Module-Failure-Message
+&request -= Module-Failure-Message
&test_string := %exec_sync('/bin/sh', "$ENV{MODULE_TEST_DIR}/fail.sh")
-if &test_string {
+if test_string {
test_fail
}
-if (&Module-Failure-Message != "Execution of external program returned 7") {
+if (Module-Failure-Message != "Execution of external program returned 7") {
test_fail
}
#
exec_sync_mod
-if ((!&control.Called-Station-Id) || (&control.Called-Station-Id != 'welcome')) {
+if ((!control.Called-Station-Id) || (control.Called-Station-Id != 'welcome')) {
test_fail
}
#
exec_sync_attrs
-if ((!&control.Filter-Id) || (&control.Filter-Id != 'tony')) {
+if ((!control.Filter-Id) || (control.Filter-Id != 'tony')) {
test_fail
}
-if ((!&control.Callback-Id) || (&control.Callback-Id != 'aabbccddeeff')) {
+if ((!control.Callback-Id) || (control.Callback-Id != 'aabbccddeeff')) {
test_fail
}
-if ((!&reply.Filter-Id) || (&reply.Filter-Id != 'tony')) {
+if ((!reply.Filter-Id) || (reply.Filter-Id != 'tony')) {
test_fail
}
test_fail
}
-if (&control.NAS-Identifier == "Failure") {
+if (control.NAS-Identifier == "Failure") {
test_fail
}
-&control -= &Filter-Id[*]
+&control -= Filter-Id[*]
#
# Call a module which uses an xlat function in its arguments
#
exec_sync_xlat_args
-if !(&control.Filter-Id == 'TONY') {
+if !(control.Filter-Id == 'TONY') {
test_fail
}
-&reply -= &Filter-Id[*]
+&reply -= Filter-Id[*]
test_pass
# Add multiple instances of Realm to the control list
# The data should match on the second.
&control += {
- &Realm = 'one'
- &Realm = 'two'
- &Realm = 'three'
+ Realm = 'one'
+ Realm = 'two'
+ Realm = 'three'
}
files
#
# The "reply" items can now update any list.
#
-if (&control.Filter-Id != "foo") {
+if (control.Filter-Id != "foo") {
test_fail
}
# Compare attribute references
#
attrref Password.Cleartext := "hopefully"
- Reply-Message := &request.Filter-Id,
- &control.Filter-Id := "foo"
+ Reply-Message := request.Filter-Id,
+ control.Filter-Id := "foo"
xlat Password.Cleartext := "open"
Reply-Message := "Hello, %{User-Name}"
#
# Inter-attribute comparisons and xlats for comparisons
#
-attrref_check Filter-Id == &NAS-Identifier, NAS-IP-Address == "%{Calling-Station-Id}", Password.Cleartext := "whoops"
+attrref_check Filter-Id == NAS-Identifier, NAS-IP-Address == "%{Calling-Station-Id}", Password.Cleartext := "whoops"
Reply-Message := "success"
digest Password.Cleartext := "woo"
test_fail
}
debug_all
-if (!(&control.Realm == 'matched')) {
+if (!(control.Realm == 'matched')) {
test_fail
}
-# Adapted test file from https://github.com/FreeRADIUS/freeradius-server/issues/5462
+# Adapted test file from https://github.com'/FreeRADIUS/freeradius-server/issues/5462
# Configuration for 10.8.0.0
00:11:22:33:00:01
Framed-IP-Address := 10.8.0.0,
- Reply-Message := host1.example.com
+ Reply-Message := 'host1.example.com'
# Configuration for 10.8.0.1
00:11:22:33:00:02
Framed-IP-Address := 10.8.0.1,
- Reply-Message := host2.example.com
+ Reply-Message := 'host2.example.com'
# Configuration for 10.8.0.2
00:11:22:33:00:03
Framed-IP-Address := 10.8.0.2,
- Reply-Message := host3.example.com
+ Reply-Message := 'host3.example.com'
# Configuration for 10.8.0.3
00:11:22:33:00:04
Framed-IP-Address := 10.8.0.3,
- Reply-Message := host4.example.com
+ Reply-Message := 'host4.example.com'
# Configuration for 10.8.0.4
00:11:22:33:00:05
Framed-IP-Address := 10.8.0.4,
- Reply-Message := host5.example.com
+ Reply-Message := 'host5.example.com'
# Configuration for 10.8.0.5
00:11:22:33:00:06
Framed-IP-Address := 10.8.0.5,
- Reply-Message := host6.example.com
+ Reply-Message := 'host6.example.com'
# Configuration for 10.8.0.6
00:11:22:33:00:07
Framed-IP-Address := 10.8.0.6,
- Reply-Message := host7.example.com
+ Reply-Message := 'host7.example.com'
# Configuration for 10.8.0.7
00:11:22:33:00:08
Framed-IP-Address := 10.8.0.7,
- Reply-Message := host8.example.com
+ Reply-Message := 'host8.example.com'
# Configuration for 10.8.0.8
00:11:22:33:00:09
Framed-IP-Address := 10.8.0.8,
- Reply-Message := host9.example.com
+ Reply-Message := 'host9.example.com'
# Configuration for 10.8.0.9
00:11:22:33:00:0A
Framed-IP-Address := 10.8.0.9,
- Reply-Message := host10.example.com
+ Reply-Message := 'host10.example.com'
# Configuration for 10.8.0.10
00:11:22:33:00:0B
Framed-IP-Address := 10.8.0.10,
- Reply-Message := host11.example.com
+ Reply-Message := 'host11.example.com'
# Configuration for 10.8.0.11
00:11:22:33:00:0C
Framed-IP-Address := 10.8.0.11,
- Reply-Message := host12.example.com
+ Reply-Message := 'host12.example.com'
# Configuration for 10.8.0.12
00:11:22:33:00:0D
Framed-IP-Address := 10.8.0.12,
- Reply-Message := host13.example.com
+ Reply-Message := 'host13.example.com'
# Configuration for 10.8.0.13
00:11:22:33:00:0E
Framed-IP-Address := 10.8.0.13,
- Reply-Message := host14.example.com
+ Reply-Message := 'host14.example.com'
# Configuration for 10.8.0.14
00:11:22:33:00:0F
Framed-IP-Address := 10.8.0.14,
- Reply-Message := host15.example.com
+ Reply-Message := 'host15.example.com'
# Configuration for 10.8.0.15
00:11:22:33:00:10
Framed-IP-Address := 10.8.0.15,
- Reply-Message := host16.example.com
+ Reply-Message := 'host16.example.com'
# Configuration for 10.8.0.16
00:11:22:33:00:11
Framed-IP-Address := 10.8.0.16,
- Reply-Message := host17.example.com
+ Reply-Message := 'host17.example.com'
# Configuration for 10.8.0.17
00:11:22:33:00:12
Framed-IP-Address := 10.8.0.17,
- Reply-Message := host18.example.com
+ Reply-Message := 'host18.example.com'
# Configuration for 10.8.0.18
00:11:22:33:00:13
Framed-IP-Address := 10.8.0.18,
- Reply-Message := host19.example.com
+ Reply-Message := 'host19.example.com'
# Configuration for 10.8.0.19
00:11:22:33:00:14
Framed-IP-Address := 10.8.0.19,
- Reply-Message := host20.example.com
+ Reply-Message := 'host20.example.com'
# Configuration for 10.8.0.20
00:11:22:33:00:15
Framed-IP-Address := 10.8.0.20,
- Reply-Message := host21.example.com
+ Reply-Message := 'host21.example.com'
# Configuration for 10.8.0.21
00:11:22:33:00:16
Framed-IP-Address := 10.8.0.21,
- Reply-Message := host22.example.com
+ Reply-Message := 'host22.example.com'
# Configuration for 10.8.0.22
00:11:22:33:00:17
Framed-IP-Address := 10.8.0.22,
- Reply-Message := host23.example.com
+ Reply-Message := 'host23.example.com'
# Configuration for 10.8.0.23
00:11:22:33:00:18
Framed-IP-Address := 10.8.0.23,
- Reply-Message := host24.example.com
+ Reply-Message := 'host24.example.com'
# Configuration for 10.8.0.24
00:11:22:33:00:19
Framed-IP-Address := 10.8.0.24,
- Reply-Message := host25.example.com
+ Reply-Message := 'host25.example.com'
# Configuration for 10.8.0.25
00:11:22:33:00:1A
Framed-IP-Address := 10.8.0.25,
- Reply-Message := host26.example.com
+ Reply-Message := 'host26.example.com'
# Configuration for 10.8.0.26
00:11:22:33:00:1B
Framed-IP-Address := 10.8.0.26,
- Reply-Message := host27.example.com
+ Reply-Message := 'host27.example.com'
# Configuration for 10.8.0.27
00:11:22:33:00:1C
Framed-IP-Address := 10.8.0.27,
- Reply-Message := host28.example.com
+ Reply-Message := 'host28.example.com'
# Configuration for 10.8.0.28
00:11:22:33:00:1D
Framed-IP-Address := 10.8.0.28,
- Reply-Message := host29.example.com
+ Reply-Message := 'host29.example.com'
# Configuration for 10.8.0.29
00:11:22:33:00:1E
Framed-IP-Address := 10.8.0.29,
- Reply-Message := host30.example.com
+ Reply-Message := 'host30.example.com'
# Configuration for 10.8.0.30
00:11:22:33:00:1F
Framed-IP-Address := 10.8.0.30,
- Reply-Message := host31.example.com
+ Reply-Message := 'host31.example.com'
# Configuration for 10.8.0.31
00:11:22:33:00:20
Framed-IP-Address := 10.8.0.31,
- Reply-Message := host32.example.com
+ Reply-Message := 'host32.example.com'
# Configuration for 10.8.0.32
00:11:22:33:00:21
Framed-IP-Address := 10.8.0.32,
- Reply-Message := host33.example.com
+ Reply-Message := 'host33.example.com'
# Configuration for 10.8.0.33
00:11:22:33:00:22
Framed-IP-Address := 10.8.0.33,
- Reply-Message := host34.example.com
+ Reply-Message := 'host34.example.com'
# Configuration for 10.8.0.34
00:11:22:33:00:23
Framed-IP-Address := 10.8.0.34,
- Reply-Message := host35.example.com
+ Reply-Message := 'host35.example.com'
# Configuration for 10.8.0.35
00:11:22:33:00:24
Framed-IP-Address := 10.8.0.35,
- Reply-Message := host36.example.com
+ Reply-Message := 'host36.example.com'
# Configuration for 10.8.0.36
00:11:22:33:00:25
Framed-IP-Address := 10.8.0.36,
- Reply-Message := host37.example.com
+ Reply-Message := 'host37.example.com'
# Configuration for 10.8.0.37
00:11:22:33:00:26
Framed-IP-Address := 10.8.0.37,
- Reply-Message := host38.example.com
+ Reply-Message := 'host38.example.com'
# Configuration for 10.8.0.38
00:11:22:33:00:27
Framed-IP-Address := 10.8.0.38,
- Reply-Message := host39.example.com
+ Reply-Message := 'host39.example.com'
# Configuration for 10.8.0.39
00:11:22:33:00:28
Framed-IP-Address := 10.8.0.39,
- Reply-Message := host40.example.com
+ Reply-Message := 'host40.example.com'
# Configuration for 10.8.0.40
00:11:22:33:00:29
Framed-IP-Address := 10.8.0.40,
- Reply-Message := host41.example.com
+ Reply-Message := 'host41.example.com'
# Configuration for 10.8.0.41
00:11:22:33:00:2A
Framed-IP-Address := 10.8.0.41,
- Reply-Message := host42.example.com
+ Reply-Message := 'host42.example.com'
# Configuration for 10.8.0.42
00:11:22:33:00:2B
Framed-IP-Address := 10.8.0.42,
- Reply-Message := host43.example.com
+ Reply-Message := 'host43.example.com'
# Configuration for 10.8.0.43
00:11:22:33:00:2C
Framed-IP-Address := 10.8.0.43,
- Reply-Message := host44.example.com
+ Reply-Message := 'host44.example.com'
# Configuration for 10.8.0.44
00:11:22:33:00:2D
Framed-IP-Address := 10.8.0.44,
- Reply-Message := host45.example.com
+ Reply-Message := 'host45.example.com'
# Configuration for 10.8.0.45
00:11:22:33:00:2E
Framed-IP-Address := 10.8.0.45,
- Reply-Message := host46.example.com
+ Reply-Message := 'host46.example.com'
# Configuration for 10.8.0.46
00:11:22:33:00:2F
Framed-IP-Address := 10.8.0.46,
- Reply-Message := host47.example.com
+ Reply-Message := 'host47.example.com'
# Configuration for 10.8.0.47
00:11:22:33:00:30
Framed-IP-Address := 10.8.0.47,
- Reply-Message := host48.example.com
+ Reply-Message := 'host48.example.com'
# Configuration for 10.8.0.48
00:11:22:33:00:31
Framed-IP-Address := 10.8.0.48,
- Reply-Message := host49.example.com
+ Reply-Message := 'host49.example.com'
# Configuration for 10.8.0.49
00:11:22:33:00:32
Framed-IP-Address := 10.8.0.49,
- Reply-Message := host50.example.com
+ Reply-Message := 'host50.example.com'
# Configuration for 10.8.0.50
00:11:22:33:00:33
Framed-IP-Address := 10.8.0.50,
- Reply-Message := host51.example.com
+ Reply-Message := 'host51.example.com'
# Configuration for 10.8.0.51
00:11:22:33:00:34
Framed-IP-Address := 10.8.0.51,
- Reply-Message := host52.example.com
+ Reply-Message := 'host52.example.com'
# Configuration for 10.8.0.52
00:11:22:33:00:35
Framed-IP-Address := 10.8.0.52,
- Reply-Message := host53.example.com
+ Reply-Message := 'host53.example.com'
# Configuration for 10.8.0.53
00:11:22:33:00:36
Framed-IP-Address := 10.8.0.53,
- Reply-Message := host54.example.com
+ Reply-Message := 'host54.example.com'
# Configuration for 10.8.0.54
00:11:22:33:00:37
Framed-IP-Address := 10.8.0.54,
- Reply-Message := host55.example.com
+ Reply-Message := 'host55.example.com'
# Configuration for 10.8.0.55
00:11:22:33:00:38
Framed-IP-Address := 10.8.0.55,
- Reply-Message := host56.example.com
+ Reply-Message := 'host56.example.com'
# Configuration for 10.8.0.56
00:11:22:33:00:39
Framed-IP-Address := 10.8.0.56,
- Reply-Message := host57.example.com
+ Reply-Message := 'host57.example.com'
# Configuration for 10.8.0.57
00:11:22:33:00:3A
Framed-IP-Address := 10.8.0.57,
- Reply-Message := host58.example.com
+ Reply-Message := 'host58.example.com'
# Configuration for 10.8.0.58
00:11:22:33:00:3B
Framed-IP-Address := 10.8.0.58,
- Reply-Message := host59.example.com
+ Reply-Message := 'host59.example.com'
# Configuration for 10.8.0.59
00:11:22:33:00:3C
Framed-IP-Address := 10.8.0.59,
- Reply-Message := host60.example.com
+ Reply-Message := 'host60.example.com'
# Configuration for 10.8.0.60
00:11:22:33:00:3D
Framed-IP-Address := 10.8.0.60,
- Reply-Message := host61.example.com
+ Reply-Message := 'host61.example.com'
# Configuration for 10.8.0.61
00:11:22:33:00:3E
Framed-IP-Address := 10.8.0.61,
- Reply-Message := host62.example.com
+ Reply-Message := 'host62.example.com'
# Configuration for 10.8.0.62
00:11:22:33:00:3F
Framed-IP-Address := 10.8.0.62,
- Reply-Message := host63.example.com
+ Reply-Message := 'host63.example.com'
# Configuration for 10.8.0.63
00:11:22:33:00:40
Framed-IP-Address := 10.8.0.63,
- Reply-Message := host64.example.com
+ Reply-Message := 'host64.example.com'
# Configuration for 10.8.0.64
00:11:22:33:00:41
Framed-IP-Address := 10.8.0.64,
- Reply-Message := host65.example.com
+ Reply-Message := 'host65.example.com'
# Configuration for 10.8.0.65
00:11:22:33:00:42
Framed-IP-Address := 10.8.0.65,
- Reply-Message := host66.example.com
+ Reply-Message := 'host66.example.com'
# Configuration for 10.8.0.66
00:11:22:33:00:43
Framed-IP-Address := 10.8.0.66,
- Reply-Message := host67.example.com
+ Reply-Message := 'host67.example.com'
# Configuration for 10.8.0.67
00:11:22:33:00:44
Framed-IP-Address := 10.8.0.67,
- Reply-Message := host68.example.com
+ Reply-Message := 'host68.example.com'
# Configuration for 10.8.0.68
00:11:22:33:00:45
Framed-IP-Address := 10.8.0.68,
- Reply-Message := host69.example.com
+ Reply-Message := 'host69.example.com'
# Configuration for 10.8.0.69
00:11:22:33:00:46
Framed-IP-Address := 10.8.0.69,
- Reply-Message := host70.example.com
+ Reply-Message := 'host70.example.com'
# Configuration for 10.8.0.70
00:11:22:33:00:47
Framed-IP-Address := 10.8.0.70,
- Reply-Message := host71.example.com
+ Reply-Message := 'host71.example.com'
# Configuration for 10.8.0.71
00:11:22:33:00:48
Framed-IP-Address := 10.8.0.71,
- Reply-Message := host72.example.com
+ Reply-Message := 'host72.example.com'
# Configura
00:11:22:33:00:49
Framed-IP-Address := 10.8.0.72,
- Reply-Message := host73.example.com
+ Reply-Message := 'host73.example.com'
# Configuration for 10.8.0.73
00:11:22:33:00:4A
Framed-IP-Address := 10.8.0.73,
- Reply-Message := host74.example.com
+ Reply-Message := 'host74.example.com'
# Configuration for 10.8.0.74
00:11:22:33:00:4B
Framed-IP-Address := 10.8.0.74,
- Reply-Message := host75.example.com
+ Reply-Message := 'host75.example.com'
# Configuration for 10.8.0.75
00:11:22:33:00:4C
Framed-IP-Address := 10.8.0.75,
- Reply-Message := host76.example.com
+ Reply-Message := 'host76.example.com'
# Configuration for 10.8.0.76
00:11:22:33:00:4D
Framed-IP-Address := 10.8.0.76,
- Reply-Message := host77.example.com
+ Reply-Message := 'host77.example.com'
# Configuration for 10.8.0.77
00:11:22:33:00:4E
Framed-IP-Address := 10.8.0.77,
- Reply-Message := host78.example.com
+ Reply-Message := 'host78.example.com'
# Configuration for 10.8.0.78
00:11:22:33:00:4F
Framed-IP-Address := 10.8.0.78,
- Reply-Message := host79.example.com
+ Reply-Message := 'host79.example.com'
# Configuration for 10.8.0.79
00:11:22:33:00:50
Framed-IP-Address := 10.8.0.79,
- Reply-Message := host80.example.com
+ Reply-Message := 'host80.example.com'
# Configuration for 10.8.0.80
00:11:22:33:00:51
Framed-IP-Address := 10.8.0.80,
- Reply-Message := host81.example.com
+ Reply-Message := 'host81.example.com'
# Configuration for 10.8.0.81
00:11:22:33:00:52
Framed-IP-Address := 10.8.0.81,
- Reply-Message := host82.example.com
+ Reply-Message := 'host82.example.com'
# Configuration for 10.8.0.82
00:11:22:33:00:53
Framed-IP-Address := 10.8.0.82,
- Reply-Message := host83.example.com
+ Reply-Message := 'host83.example.com'
# Configuration for 10.8.0.83
00:11:22:33:00:54
Framed-IP-Address := 10.8.0.83,
- Reply-Message := host84.example.com
+ Reply-Message := 'host84.example.com'
# Configuration for 10.8.0.84
00:11:22:33:00:55
Framed-IP-Address := 10.8.0.84,
- Reply-Message := host85.example.com
+ Reply-Message := 'host85.example.com'
# Configuration for 10.8.0.85
00:11:22:33:00:56
Framed-IP-Address := 10.8.0.85,
- Reply-Message := host86.example.com
+ Reply-Message := 'host86.example.com'
# Configuration for 10.8.0.86
00:11:22:33:00:57
Framed-IP-Address := 10.8.0.86,
- Reply-Message := host87.example.com
+ Reply-Message := 'host87.example.com'
# Configuration for 10.8.0.87
00:11:22:33:00:58
Framed-IP-Address := 10.8.0.87,
- Reply-Message := host88.example.com
+ Reply-Message := 'host88.example.com'
# Configuration for 10.8.0.88
00:11:22:33:00:59
Framed-IP-Address := 10.8.0.88,
- Reply-Message := host89.example.com
+ Reply-Message := 'host89.example.com'
# Configuration for 10.8.0.89
00:11:22:33:00:5A
Framed-IP-Address := 10.8.0.89,
- Reply-Message := host90.example.com
+ Reply-Message := 'host90.example.com'
# Configuration for 10.8.0.90
00:11:22:33:00:5B
Framed-IP-Address := 10.8.0.90,
- Reply-Message := host91.example.com
+ Reply-Message := 'host91.example.com'
# Configuration for 10.8.0.91
00:11:22:33:00:5C
Framed-IP-Address := 10.8.0.91,
- Reply-Message := host92.example.com
+ Reply-Message := 'host92.example.com'
# Configuration for 10.8.0.92
00:11:22:33:00:5D
Framed-IP-Address := 10.8.0.92,
- Reply-Message := host93.example.com
+ Reply-Message := 'host93.example.com'
# Configuration for 10.8.0.93
00:11:22:33:00:5E
Framed-IP-Address := 10.8.0.93,
- Reply-Message := host94.example.com
+ Reply-Message := 'host94.example.com'
# Configuration for 10.8.0.94
00:11:22:33:00:5F
Framed-IP-Address := 10.8.0.94,
- Reply-Message := host95.example.com
+ Reply-Message := 'host95.example.com'
# Configuration for 10.8.0.95
00:11:22:33:00:60
Framed-IP-Address := 10.8.0.95,
- Reply-Message := host96.example.com
+ Reply-Message := 'host96.example.com'
# Configuration for 10.8.0.96
00:11:22:33:00:61
Framed-IP-Address := 10.8.0.96,
- Reply-Message := host97.example.com
+ Reply-Message := 'host97.example.com'
# Configuration for 10.8.0.97
00:11:22:33:00:62
Framed-IP-Address := 10.8.0.97,
- Reply-Message := host98.example.com
+ Reply-Message := 'host98.example.com'
# Configuration for 10.8.0.98
00:11:22:33:00:63
Framed-IP-Address := 10.8.0.98,
- Reply-Message := host99.example.com
+ Reply-Message := 'host99.example.com'
# Configuration for 10.8.0.99
00:11:22:33:00:64
Framed-IP-Address := 10.8.0.99,
- Reply-Message := host100.example.com
+ Reply-Message := 'host100.example.com'
# Configuration for 10.8.0.100
00:11:22:33:00:65
Framed-IP-Address := 10.8.0.100,
- Reply-Message := host101.example.com
+ Reply-Message := 'host101.example.com'
# Configuration for 10.8.0.101
00:11:22:33:00:66
Framed-IP-Address := 10.8.0.101,
- Reply-Message := host102.example.com
+ Reply-Message := 'host102.example.com'
# Configuration for 10.8.0.102
00:11:22:33:00:67
Framed-IP-Address := 10.8.0.102,
- Reply-Message := host103.example.com
+ Reply-Message := 'host103.example.com'
# Configuration for 10.8.0.103
00:11:22:33:00:68
Framed-IP-Address := 10.8.0.103,
- Reply-Message := host104.example.com
+ Reply-Message := 'host104.example.com'
# Configuration for 10.8.0.104
00:11:22:33:00:69
Framed-IP-Address := 10.8.0.104,
- Reply-Message := host105.example.com
+ Reply-Message := 'host105.example.com'
# Configuration for 10.8.0.105
00:11:22:33:00:6A
Framed-IP-Address := 10.8.0.105,
- Reply-Message := host106.example.com
+ Reply-Message := 'host106.example.com'
# Configuration for 10.8.0.106
00:11:22:33:00:6B
Framed-IP-Address := 10.8.0.106,
- Reply-Message := host107.example.com
+ Reply-Message := 'host107.example.com'
# Configuration for 10.8.0.107
00:11:22:33:00:6C
Framed-IP-Address := 10.8.0.107,
- Reply-Message := host108.example.com
+ Reply-Message := 'host108.example.com'
# Configuration for 10.8.0.108
00:11:22:33:00:6D
Framed-IP-Address := 10.8.0.108,
- Reply-Message := host109.example.com
+ Reply-Message := 'host109.example.com'
# Configuration for 10.8.0.109
00:11:22:33:00:6E
Framed-IP-Address := 10.8.0.109,
- Reply-Message := host110.example.com
+ Reply-Message := 'host110.example.com'
# Configuration for 10.8.0.110
00:11:22:33:00:6F
Framed-IP-Address := 10.8.0.110,
- Reply-Message := host111.example.com
+ Reply-Message := 'host111.example.com'
# Configuration for 10.8.0.111
00:11:22:33:00:70
Framed-IP-Address := 10.8.0.111,
- Reply-Message := host112.example.com
+ Reply-Message := 'host112.example.com'
# Configuration for 10.8.0.112
00:11:22:33:00:71
Framed-IP-Address := 10.8.0.112,
- Reply-Message := host113.example.com
+ Reply-Message := 'host113.example.com'
# Configuration for 10.8.0.113
00:11:22:33:00:72
Framed-IP-Address := 10.8.0.113,
- Reply-Message := host114.example.com
+ Reply-Message := 'host114.example.com'
# Configuration for 10.8.0.114
00:11:22:33:00:73
Framed-IP-Address := 10.8.0.114,
- Reply-Message := host115.example.com
+ Reply-Message := 'host115.example.com'
# Configuration for 10.8.0.115
00:11:22:33:00:74
Framed-IP-Address := 10.8.0.115,
- Reply-Message := host116.example.com
+ Reply-Message := 'host116.example.com'
# Configuration for 10.8.0.116
00:11:22:33:00:75
Framed-IP-Address := 10.8.0.116,
- Reply-Message := host117.example.com
+ Reply-Message := 'host117.example.com'
# Configuration for 10.8.0.117
00:11:22:33:00:76
Framed-IP-Address := 10.8.0.117,
- Reply-Message := host118.example.com
+ Reply-Message := 'host118.example.com'
# Configuration for 10.8.0.118
00:11:22:33:00:77
Framed-IP-Address := 10.8.0.118,
- Reply-Message := host119.example.com
+ Reply-Message := 'host119.example.com'
# Configuration for 10.8.0.119
00:11:22:33:00:78
Framed-IP-Address := 10.8.0.119,
- Reply-Message := host120.example.com
+ Reply-Message := 'host120.example.com'
# Configuration for 10.8.0.120
00:11:22:33:00:79
Framed-IP-Address := 10.8.0.120,
- Reply-Message := host121.example.com
+ Reply-Message := 'host121.example.com'
# Configuration for 10.8.0.121
00:11:22:33:00:7A
Framed-IP-Address := 10.8.0.121,
- Reply-Message := host122.example.com
+ Reply-Message := 'host122.example.com'
# Configuration for 10.8.0.122
00:11:22:33:00:7B
Framed-IP-Address := 10.8.0.122,
- Reply-Message := host123.example.com
+ Reply-Message := 'host123.example.com'
# Configuration for 10.8.0.123
00:11:22:33:00:7C
Framed-IP-Address := 10.8.0.123,
- Reply-Message := host124.example.com
+ Reply-Message := 'host124.example.com'
# Configuration for 10.8.0.124
00:11:22:33:00:7D
Framed-IP-Address := 10.8.0.124,
- Reply-Message := host125.example.com
+ Reply-Message := 'host125.example.com'
# Configuration for 10.8.0.125
00:11:22:33:00:7E
Framed-IP-Address := 10.8.0.125,
- Reply-Message := host126.example.com
+ Reply-Message := 'host126.example.com'
# Configuration for 10.8.0.126
00:11:22:33:00:7F
Framed-IP-Address := 10.8.0.126,
- Reply-Message := host127.example.com
+ Reply-Message := 'host127.example.com'
# Configuration for 10.8.0.127
00:11:22:33:00:80
Framed-IP-Address := 10.8.0.127,
- Reply-Message := host128.example.com
+ Reply-Message := 'host128.example.com'
# Configuration for 10.8.0.128
00:11:22:33:00:81
Framed-IP-Address := 10.8.0.128,
- Reply-Message := host129.example.com
+ Reply-Message := 'host129.example.com'
# Configuration for 10.8.0.129
00:11:22:33:00:82
Framed-IP-Address := 10.8.0.129,
- Reply-Message := host130.example.com
+ Reply-Message := 'host130.example.com'
# Configuration for 10.8.0.130
00:11:22:33:00:83
Framed-IP-Address := 10.8.0.130,
- Reply-Message := host131.example.com
+ Reply-Message := 'host131.example.com'
# Configuration for 10.8.0.131
00:11:22:33:00:84
Framed-IP-Address := 10.8.0.131,
- Reply-Message := host132.example.com
+ Reply-Message := 'host132.example.com'
# Configuration for 10.8.0.132
00:11:22:33:00:85
Framed-IP-Address := 10.8.0.132,
- Reply-Message := host133.example.com
+ Reply-Message := 'host133.example.com'
# Configuration for 10.8.0.133
00:11:22:33:00:86
Framed-IP-Address := 10.8.0.133,
- Reply-Message := host134.example.com
+ Reply-Message := 'host134.example.com'
# Configuration for 10.8.0.134
00:11:22:33:00:87
Framed-IP-Address := 10.8.0.134,
- Reply-Message := host135.example.com
+ Reply-Message := 'host135.example.com'
# Configuration for 10.8.0.135
00:11:22:33:00:88
Framed-IP-Address := 10.8.0.135,
- Reply-Message := host136.example.com
+ Reply-Message := 'host136.example.com'
# Configuration for 10.8.0.136
00:11:22:33:00:89
Framed-IP-Address := 10.8.0.136,
- Reply-Message := host137.example.com
+ Reply-Message := 'host137.example.com'
# Configuration for 10.8.0.137
00:11:22:33:00:8A
Framed-IP-Address := 10.8.0.137,
- Reply-Message := host138.example.com
+ Reply-Message := 'host138.example.com'
# Configuration for 10.8.0.138
00:11:22:33:00:8B
Framed-IP-Address := 10.8.0.138,
- Reply-Message := host139.example.com
+ Reply-Message := 'host139.example.com'
# Configuration for 10.8.0.139
00:11:22:33:00:8C
Framed-IP-Address := 10.8.0.139,
- Reply-Message := host140.example.com
+ Reply-Message := 'host140.example.com'
# Configuration for 10.8.0.140
00:11:22:33:00:8D
Framed-IP-Address := 10.8.0.140,
- Reply-Message := host141.example.com
+ Reply-Message := 'host141.example.com'
# Configuration for 10.8.0.141
00:11:22:33:00:8E
Framed-IP-Address := 10.8.0.141,
- Reply-Message := host142.example.com
+ Reply-Message := 'host142.example.com'
# Configuration for 10.8.0.142
00:11:22:33:00:8F
Framed-IP-Address := 10.8.0.142,
- Reply-Message := host143.example.com
+ Reply-Message := 'host143.example.com'
# Configuration for 10.8.0.143
00:11:22:33:00:90
Framed-IP-Address := 10.8.0.143,
- Reply-Message := host144.example.com
+ Reply-Message := 'host144.example.com'
# Configuration for 10.8.0.144
00:11:22:33:00:91
Framed-IP-Address := 10.8.0.144,
- Reply-Message := host145.example.com
+ Reply-Message := 'host145.example.com'
# Configuration for 10.8.0.145
00:11:22:33:00:92
Framed-IP-Address := 10.8.0.145,
- Reply-Message := host146.example.com
+ Reply-Message := 'host146.example.com'
# Configuration for 10.8.0.146
00:11:22:33:00:93
Framed-IP-Address := 10.8.0.146,
- Reply-Message := host147.example.com
+ Reply-Message := 'host147.example.com'
# Configuration for 10.8.0.147
00:11:22:33:00:94
Framed-IP-Address := 10.8.0.147,
- Reply-Message := host148.example.com
+ Reply-Message := 'host148.example.com'
# Configuration for 10.8.0.148
00:11:22:33:00:95
Framed-IP-Address := 10.8.0.148,
- Reply-Message := host149.example.com
+ Reply-Message := 'host149.example.com'
# Configuration for 10.8.0.149
00:11:22:33:00:96
Framed-IP-Address := 10.8.0.149,
- Reply-Message := host150.example.com
+ Reply-Message := 'host150.example.com'
# Configuration for 10.8.0.150
00:11:22:33:00:97
Framed-IP-Address := 10.8.0.150,
- Reply-Message := host151.example.com
+ Reply-Message := 'host151.example.com'
# Configuration for 10.8.0.151
00:11:22:33:00:98
Framed-IP-Address := 10.8.0.151,
- Reply-Message := host152.example.com
+ Reply-Message := 'host152.example.com'
# Configuration for 10.8.0.152
00:11:22:33:00:99
Framed-IP-Address := 10.8.0.152,
- Reply-Message := host153.example.com
+ Reply-Message := 'host153.example.com'
# Configuration for 10.8.0.153
00:11:22:33:00:9A
Framed-IP-Address := 10.8.0.153,
- Reply-Message := host154.example.com
+ Reply-Message := 'host154.example.com'
# Configuration for 10.8.0.154
00:11:22:33:00:9B
Framed-IP-Address := 10.8.0.154,
- Reply-Message := host155.example.com
+ Reply-Message := 'host155.example.com'
# Configuration for 10.8.0.155
00:11:22:33:00:9C
Framed-IP-Address := 10.8.0.155,
- Reply-Message := host156.example.com
+ Reply-Message := 'host156.example.com'
# Configuration for 10.8.0.156
00:11:22:33:00:9D
Framed-IP-Address := 10.8.0.156,
- Reply-Message := host157.example.com
+ Reply-Message := 'host157.example.com'
# Configuration for 10.8.0.157
00:11:22:33:00:9E
Framed-IP-Address := 10.8.0.157,
- Reply-Message := host158.example.com
+ Reply-Message := 'host158.example.com'
# Configuration for 10.8.0.158
00:11:22:33:00:9F
Framed-IP-Address := 10.8.0.158,
- Reply-Message := host159.example.com
+ Reply-Message := 'host159.example.com'
# Configuration for 10.8.0.159
00:11:22:33:00:A0
Framed-IP-Address := 10.8.0.159,
- Reply-Message := host160.example.com
+ Reply-Message := 'host160.example.com'
# Configuration for 10.8.0.160
00:11:22:33:00:A1
Framed-IP-Address := 10.8.0.160,
- Reply-Message := host161.example.com
+ Reply-Message := 'host161.example.com'
# Configuration for 10.8.0.161
00:11:22:33:00:A2
Framed-IP-Address := 10.8.0.161,
- Reply-Message := host162.example.com
+ Reply-Message := 'host162.example.com'
# Configuration for 10.8.0.162
00:11:22:33:00:A3
Framed-IP-Address := 10.8.0.162,
- Reply-Message := host163.example.com
+ Reply-Message := 'host163.example.com'
# Configuration for 10.8.0.163
00:11:22:33:00:A4
Framed-IP-Address := 10.8.0.163,
- Reply-Message := host164.example.com
+ Reply-Message := 'host164.example.com'
# Configuration for 10.8.0.164
00:11:22:33:00:A5
Framed-IP-Address := 10.8.0.164,
- Reply-Message := host165.example.com
+ Reply-Message := 'host165.example.com'
# Configuration for 10.8.0.165
00:11:22:33:00:A6
Framed-IP-Address := 10.8.0.165,
- Reply-Message := host166.example.com
+ Reply-Message := 'host166.example.com'
# Configuration for 10.8.0.166
00:11:22:33:00:A7
Framed-IP-Address := 10.8.0.166,
- Reply-Message := host167.example.com
+ Reply-Message := 'host167.example.com'
# Configuration for 10.8.0.167
00:11:22:33:00:A8
Framed-IP-Address := 10.8.0.167,
- Reply-Message := host168.example.com
+ Reply-Message := 'host168.example.com'
# Configuration for 10.8.0.168
00:11:22:33:00:A9
Framed-IP-Address := 10.8.0.168,
- Reply-Message := host169.example.com
+ Reply-Message := 'host169.example.com'
# Configuration for 10.8.0.169
00:11:22:33:00:AA
Framed-IP-Address := 10.8.0.169,
- Reply-Message := host170.example.com
+ Reply-Message := 'host170.example.com'
# Configuration for 10.8.0.170
00:11:22:33:00:AB
Framed-IP-Address := 10.8.0.170,
- Reply-Message := host171.example.com
+ Reply-Message := 'host171.example.com'
# Configuration for 10.8.0.171
00:11:22:33:00:AC
Framed-IP-Address := 10.8.0.171,
- Reply-Message := host172.example.com
+ Reply-Message := 'host172.example.com'
# Configuration for 10.8.0.172
00:11:22:33:00:AD
Framed-IP-Address := 10.8.0.172,
- Reply-Message := host173.example.com
+ Reply-Message := 'host173.example.com'
# Configuration for 10.8.0.173
00:11:22:33:00:AE
Framed-IP-Address := 10.8.0.173,
- Reply-Message := host174.example.com
+ Reply-Message := 'host174.example.com'
# Configuration for 10.8.0.174
00:11:22:33:00:AF
Framed-IP-Address := 10.8.0.174,
- Reply-Message := host175.example.com
+ Reply-Message := 'host175.example.com'
# Configuration for 10.8.0.175
00:11:22:33:00:B0
Framed-IP-Address := 10.8.0.175,
- Reply-Message := host176.example.com
+ Reply-Message := 'host176.example.com'
# Configuration for 10.8.0.176
00:11:22:33:00:B1
Framed-IP-Address := 10.8.0.176,
- Reply-Message := host177.example.com
+ Reply-Message := 'host177.example.com'
# Configuration for 10.8.0.177
00:11:22:33:00:B2
Framed-IP-Address := 10.8.0.177,
- Reply-Message := host178.example.com
+ Reply-Message := 'host178.example.com'
# Configuration for 10.8.0.178
00:11:22:33:00:B3
Framed-IP-Address := 10.8.0.178,
- Reply-Message := host179.example.com
+ Reply-Message := 'host179.example.com'
# Configuration for 10.8.0.179
00:11:22:33:00:B4
Framed-IP-Address := 10.8.0.179,
- Reply-Message := host180.example.com
+ Reply-Message := 'host180.example.com'
# Configuration for 10.8.0.180
00:11:22:33:00:B5
Framed-IP-Address := 10.8.0.180,
- Reply-Message := host181.example.com
+ Reply-Message := 'host181.example.com'
# Configuration for 10.8.0.181
00:11:22:33:00:B6
Framed-IP-Address := 10.8.0.181,
- Reply-Message := host182.example.com
+ Reply-Message := 'host182.example.com'
# Configuration for 10.8.0.182
00:11:22:33:00:B7
Framed-IP-Address := 10.8.0.182,
- Reply-Message := host183.example.com
+ Reply-Message := 'host183.example.com'
# Configuration for 10.8.0.183
00:11:22:33:00:B8
Framed-IP-Address := 10.8.0.183,
- Reply-Message := host184.example.com
+ Reply-Message := 'host184.example.com'
# Configuration for 10.8.0.184
00:11:22:33:00:B9
Framed-IP-Address := 10.8.0.184,
- Reply-Message := host185.example.com
+ Reply-Message := 'host185.example.com'
# Configuration for 10.8.0.185
00:11:22:33:00:BA
Framed-IP-Address := 10.8.0.185,
- Reply-Message := host186.example.com
+ Reply-Message := 'host186.example.com'
# Configuration for 10.8.0.186
00:11:22:33:00:BB
Framed-IP-Address := 10.8.0.186,
- Reply-Message := host187.example.com
+ Reply-Message := 'host187.example.com'
# Configuration for 10.8.0.187
00:11:22:33:00:BC
Framed-IP-Address := 10.8.0.187,
- Reply-Message := host188.example.com
+ Reply-Message := 'host188.example.com'
# Configuration for 10.8.0.188
00:11:22:33:00:BD
Framed-IP-Address := 10.8.0.188,
- Reply-Message := host189.example.com
+ Reply-Message := 'host189.example.com'
# Configuration for 10.8.0.189
00:11:22:33:00:BE
Framed-IP-Address := 10.8.0.189,
- Reply-Message := host190.example.com
+ Reply-Message := 'host190.example.com'
# Configuration for 10.8.0.190
00:11:22:33:00:BF
Framed-IP-Address := 10.8.0.190,
- Reply-Message := host191.example.com
+ Reply-Message := 'host191.example.com'
# Configuration for 10.8.0.191
00:11:22:33:00:C0
Framed-IP-Address := 10.8.0.191,
- Reply-Message := host192.example.com
+ Reply-Message := 'host192.example.com'
# Configuration for 10.8.0.192
00:11:22:33:00:C1
Framed-IP-Address := 10.8.0.192,
- Reply-Message := host193.example.com
+ Reply-Message := 'host193.example.com'
# Configuration for 10.8.0.193
00:11:22:33:00:C2
Framed-IP-Address := 10.8.0.193,
- Reply-Message := host194.example.com
+ Reply-Message := 'host194.example.com'
# Configuration for 10.8.0.194
00:11:22:33:00:C3
Framed-IP-Address := 10.8.0.194,
- Reply-Message := host195.example.com
+ Reply-Message := 'host195.example.com'
# Configuration for 10.8.0.195
00:11:22:33:00:C4
Framed-IP-Address := 10.8.0.195,
- Reply-Message := host196.example.com
+ Reply-Message := 'host196.example.com'
# Configuration for 10.8.0.196
00:11:22:33:00:C5
Framed-IP-Address := 10.8.0.196,
- Reply-Message := host197.example.com
+ Reply-Message := 'host197.example.com'
# Configuration for 10.8.0.197
00:11:22:33:00:C6
Framed-IP-Address := 10.8.0.197,
- Reply-Message := host198.example.com
+ Reply-Message := 'host198.example.com'
# Configuration for 10.8.0.198
00:11:22:33:00:C7
Framed-IP-Address := 10.8.0.198,
- Reply-Message := host199.example.com
+ Reply-Message := 'host199.example.com'
# Configuration for 10.8.0.199
00:11:22:33:00:C8
Framed-IP-Address := 10.8.0.199,
- Reply-Message := host200.example.com
+ Reply-Message := 'host200.example.com'
# Configuration for 10.8.0.200
00:11:22:33:00:C9
Framed-IP-Address := 10.8.0.200,
- Reply-Message := host201.example.com
+ Reply-Message := 'host201.example.com'
# Configuration for 10.8.0.201
00:11:22:33:00:CA
Framed-IP-Address := 10.8.0.201,
- Reply-Message := host202.example.com
+ Reply-Message := 'host202.example.com'
# Configuration for 10.8.0.202
00:11:22:33:00:CB
Framed-IP-Address := 10.8.0.202,
- Reply-Message := host203.example.com
+ Reply-Message := 'host203.example.com'
# Configuration for 10.8.0.203
00:11:22:33:00:CC
Framed-IP-Address := 10.8.0.203,
- Reply-Message := host204.example.com
+ Reply-Message := 'host204.example.com'
# Configuration for 10.8.0.204
00:11:22:33:00:CD
Framed-IP-Address := 10.8.0.204,
- Reply-Message := host205.example.com
+ Reply-Message := 'host205.example.com'
# Configuration for 10.8.0.205
00:11:22:33:00:CE
Framed-IP-Address := 10.8.0.205,
- Reply-Message := host206.example.com
+ Reply-Message := 'host206.example.com'
# Configuration for 10.8.0.206
00:11:22:33:00:CF
Framed-IP-Address := 10.8.0.206,
- Reply-Message := host207.example.com
+ Reply-Message := 'host207.example.com'
# Configuration for 10.8.0.207
00:11:22:33:00:D0
Framed-IP-Address := 10.8.0.207,
- Reply-Message := host208.example.com
+ Reply-Message := 'host208.example.com'
# Configuration for 10.8.0.208
00:11:22:33:00:D1
Framed-IP-Address := 10.8.0.208,
- Reply-Message := host209.example.com
+ Reply-Message := 'host209.example.com'
# Configuration for 10.8.0.209
00:11:22:33:00:D2
Framed-IP-Address := 10.8.0.209,
- Reply-Message := host210.example.com
+ Reply-Message := 'host210.example.com'
# Configuration for 10.8.0.210
00:11:22:33:00:D3
Framed-IP-Address := 10.8.0.210,
- Reply-Message := host211.example.com
+ Reply-Message := 'host211.example.com'
# Configuration for 10.8.0.211
00:11:22:33:00:D4
Framed-IP-Address := 10.8.0.211,
- Reply-Message := host212.example.com
+ Reply-Message := 'host212.example.com'
# Configuration for 10.8.0.212
00:11:22:33:00:D5
Framed-IP-Address := 10.8.0.212,
- Reply-Message := host213.example.com
+ Reply-Message := 'host213.example.com'
# Configuration for 10.8.0.213
00:11:22:33:00:D6
Framed-IP-Address := 10.8.0.213,
- Reply-Message := host214.example.com
+ Reply-Message := 'host214.example.com'
# Configuration for 10.8.0.214
00:11:22:33:00:D7
Framed-IP-Address := 10.8.0.214,
- Reply-Message := host215.example.com
+ Reply-Message := 'host215.example.com'
# Configuration for 10.8.0.215
00:11:22:33:00:D8
Framed-IP-Address := 10.8.0.215,
- Reply-Message := host216.example.com
+ Reply-Message := 'host216.example.com'
# Configuration for 10.8.0.216
00:11:22:33:00:D9
Framed-IP-Address := 10.8.0.216,
- Reply-Message := host217.example.com
+ Reply-Message := 'host217.example.com'
# Configuration for 10.8.0.217
00:11:22:33:00:DA
Framed-IP-Address := 10.8.0.217,
- Reply-Message := host218.example.com
+ Reply-Message := 'host218.example.com'
# Configuration for 10.8.0.218
00:11:22:33:00:DB
Framed-IP-Address := 10.8.0.218,
- Reply-Message := host219.example.com
+ Reply-Message := 'host219.example.com'
# Configuration for 10.8.0.219
00:11:22:33:00:DC
Framed-IP-Address := 10.8.0.219,
- Reply-Message := host220.example.com
+ Reply-Message := 'host220.example.com'
# Configuration for 10.8.0.220
00:11:22:33:00:DD
Framed-IP-Address := 10.8.0.220,
- Reply-Message := host221.example.com
+ Reply-Message := 'host221.example.com'
# Configuration for 10.8.0.221
00:11:22:33:00:DE
Framed-IP-Address := 10.8.0.221,
- Reply-Message := host222.example.com
+ Reply-Message := 'host222.example.com'
# Configuration for 10.8.0.222
00:11:22:33:00:DF
Framed-IP-Address := 10.8.0.222,
- Reply-Message := host223.example.com
+ Reply-Message := 'host223.example.com'
# Configuration for 10.8.0.223
00:11:22:33:00:E0
Framed-IP-Address := 10.8.0.223,
- Reply-Message := host224.example.com
+ Reply-Message := 'host224.example.com'
# Configuration for 10.8.0.224
00:11:22:33:00:E1
Framed-IP-Address := 10.8.0.224,
- Reply-Message := host225.example.com
+ Reply-Message := 'host225.example.com'
# Configuration for 10.8.0.225
00:11:22:33:00:E2
Framed-IP-Address := 10.8.0.225,
- Reply-Message := host226.example.com
+ Reply-Message := 'host226.example.com'
# Configuration for 10.8.0.226
00:11:22:33:00:E3
Framed-IP-Address := 10.8.0.226,
- Reply-Message := host227.example.com
+ Reply-Message := 'host227.example.com'
# Configuration for 10.8.0.227
00:11:22:33:00:E4
Framed-IP-Address := 10.8.0.227,
- Reply-Message := host228.example.com
+ Reply-Message := 'host228.example.com'
# Configuration for 10.8.0.228
00:11:22:33:00:E5
Framed-IP-Address := 10.8.0.228,
- Reply-Message := host229.example.com
+ Reply-Message := 'host229.example.com'
# Configuration for 10.8.0.229
00:11:22:33:00:E6
Framed-IP-Address := 10.8.0.229,
- Reply-Message := host230.example.com
+ Reply-Message := 'host230.example.com'
# Configuration for 10.8.0.230
00:11:22:33:00:E7
Framed-IP-Address := 10.8.0.230,
- Reply-Message := host231.example.com
+ Reply-Message := 'host231.example.com'
# Configuration for 10.8.0.231
00:11:22:33:00:E8
Framed-IP-Address := 10.8.0.231,
- Reply-Message := host232.example.com
+ Reply-Message := 'host232.example.com'
# Configuration for 10.8.0.232
00:11:22:33:00:E9
Framed-IP-Address := 10.8.0.232,
- Reply-Message := host233.example.com
+ Reply-Message := 'host233.example.com'
# Configuration for 10.8.0.233
00:11:22:33:00:EA
Framed-IP-Address := 10.8.0.233,
- Reply-Message := host234.example.com
+ Reply-Message := 'host234.example.com'
# Configuration for 10.8.0.234
00:11:22:33:00:EB
Framed-IP-Address := 10.8.0.234,
- Reply-Message := host235.example.com
+ Reply-Message := 'host235.example.com'
# Configuration for 10.8.0.235
00:11:22:33:00:EC
Framed-IP-Address := 10.8.0.235,
- Reply-Message := host236.example.com
+ Reply-Message := 'host236.example.com'
# Configuration for 10.8.0.236
00:11:22:33:00:ED
Framed-IP-Address := 10.8.0.236,
- Reply-Message := host237.example.com
+ Reply-Message := 'host237.example.com'
# Configuration for 10.8.0.237
00:11:22:33:00:EE
Framed-IP-Address := 10.8.0.237,
- Reply-Message := host238.example.com
+ Reply-Message := 'host238.example.com'
# Configuration for 10.8.0.238
00:11:22:33:00:EF
Framed-IP-Address := 10.8.0.238,
- Reply-Message := host239.example.com
+ Reply-Message := 'host239.example.com'
# Configuration for 10.8.0.239
00:11:22:33:00:F0
Framed-IP-Address := 10.8.0.239,
- Reply-Message := host240.example.com
+ Reply-Message := 'host240.example.com'
# Configuration for 10.8.0.240
00:11:22:33:00:F1
Framed-IP-Address := 10.8.0.240,
- Reply-Message := host241.example.com
+ Reply-Message := 'host241.example.com'
# Configuration for 10.8.0.241
00:11:22:33:00:F2
Framed-IP-Address := 10.8.0.241,
- Reply-Message := host242.example.com
+ Reply-Message := 'host242.example.com'
# Configuration for 10.8.0.242
00:11:22:33:00:F3
Framed-IP-Address := 10.8.0.242,
- Reply-Message := host243.example.com
+ Reply-Message := 'host243.example.com'
# Configuration for 10.8.0.243
00:11:22:33:00:F4
Framed-IP-Address := 10.8.0.243,
- Reply-Message := host244.example.com
+ Reply-Message := 'host244.example.com'
# Configuration for 10.8.0.244
00:11:22:33:00:F5
Framed-IP-Address := 10.8.0.244,
- Reply-Message := host245.example.com
+ Reply-Message := 'host245.example.com'
# Configuration for 10.8.0.245
00:11:22:33:00:F6
Framed-IP-Address := 10.8.0.245,
- Reply-Message := host246.example.com
+ Reply-Message := 'host246.example.com'
# Configuration for 10.8.0.246
00:11:22:33:00:F7
Framed-IP-Address := 10.8.0.246,
- Reply-Message := host247.example.com
+ Reply-Message := 'host247.example.com'
# Configuration for 10.8.0.247
00:11:22:33:00:F8
Framed-IP-Address := 10.8.0.247,
- Reply-Message := host248.example.com
+ Reply-Message := 'host248.example.com'
# Configuration for 10.8.0.248
00:11:22:33:00:F9
Framed-IP-Address := 10.8.0.248,
- Reply-Message := host249.example.com
+ Reply-Message := 'host249.example.com'
# Configuration for 10.8.0.249
00:11:22:33:00:FA
Framed-IP-Address := 10.8.0.249,
- Reply-Message := host250.example.com
+ Reply-Message := 'host250.example.com'
# Configuration for 10.8.0.250
00:11:22:33:00:FB
Framed-IP-Address := 10.8.0.250,
- Reply-Message := host251.example.com
+ Reply-Message := 'host251.example.com'
# Configuration for 10.8.0.251
00:11:22:33:00:FC
Framed-IP-Address := 10.8.0.251,
- Reply-Message := host252.example.com
+ Reply-Message := 'host252.example.com'
# Configuration for 10.8.0.252
00:11:22:33:00:FD
Framed-IP-Address := 10.8.0.252,
- Reply-Message := host253.example.com
+ Reply-Message := 'host253.example.com'
# Configuration for 10.8.0.253
00:11:22:33:00:FE
Framed-IP-Address := 10.8.0.253,
- Reply-Message := host254.example.com
+ Reply-Message := 'host254.example.com'
# Configuration for 10.8.0.254
00:11:22:33:00:FF
Framed-IP-Address := 10.8.0.254,
- Reply-Message := host255.example.com
+ Reply-Message := 'host255.example.com'
# Configuration for 10.8.0.255
00:11:22:33:01:00
Framed-IP-Address := 10.8.0.255,
- Reply-Message := host256.example.com
+ Reply-Message := 'host256.example.com'
# The default key attribute to use for matches. The content
# of this attribute is used to match the "name" of the
# entry.
- #key = "%{&Stripped-User-Name || &User-Name}"
+ #key = "%{Stripped-User-Name || User-Name}"
# The old "users" style file is now located here.
filename = $ENV{MODULE_TEST_DIR}/authorize
}
files subnet {
- key = &FreeRADIUS-Client-IP-Prefix
+ key = FreeRADIUS-Client-IP-Prefix
filename = $ENV{MODULE_TEST_DIR}/prefix
- match_attr = &control.FreeRADIUS-Client-IP-Prefix
+ match_attr = control.FreeRADIUS-Client-IP-Prefix
}
files subnet2 {
- key = &FreeRADIUS-Client-IP-Prefix
+ key = FreeRADIUS-Client-IP-Prefix
filename = $ENV{MODULE_TEST_DIR}/subnet2
- match_attr = &control.FreeRADIUS-Client-IP-Prefix
+ match_attr = control.FreeRADIUS-Client-IP-Prefix
}
files compound_key {
}
files enum_key {
- key = &NAS-Port-Type
+ key = NAS-Port-Type
filename = $ENV{MODULE_TEST_DIR}/enum_key
}
subnet
-if (&reply.Reply-Message[0] != '10.1/16 subnet') {
+if (reply.Reply-Message[0] != '10.1/16 subnet') {
test_fail
}
-if (&reply.Reply-Message[1] != "2nd 10.1/16 subnet") {
+if (reply.Reply-Message[1] != "2nd 10.1/16 subnet") {
test_fail
}
-if (&control.FreeRADIUS-Client-IP-Prefix != 10.1.0.0/16) {
+if (control.FreeRADIUS-Client-IP-Prefix != 10.1.0.0/16) {
test_fail
}
&FreeRADIUS-Client-IP-Prefix := 10.2.3.4/32
-&reply -= &Reply-Message[*]
+&reply -= Reply-Message[*]
subnet
-if (&reply.Reply-Message != "10/8 subnet") {
+if (reply.Reply-Message != "10/8 subnet") {
test_fail
}
-if (&control.FreeRADIUS-Client-IP-Prefix != 10.0.0.0/8) {
+if (control.FreeRADIUS-Client-IP-Prefix != 10.0.0.0/8) {
test_fail
}
&FreeRADIUS-Client-IP-Prefix := 10.1.2.3/32
&Password.Cleartext := "hello"
-&reply -= &Reply-Message[*]
+&reply -= Reply-Message[*]
subnet
&FreeRADIUS-Client-IP-Prefix := 192.168.1.1/32
-&reply -= &Reply-Message[*]
+&reply -= Reply-Message[*]
subnet
subnet2
-if (&reply.Reply-Message[0] != '10.1/16 subnet') {
+if (reply.Reply-Message[0] != '10.1/16 subnet') {
test_fail
}
-if (&reply.Reply-Message[1] != "2nd 10.1/16 subnet") {
+if (reply.Reply-Message[1] != "2nd 10.1/16 subnet") {
test_fail
}
-if (&reply.Reply-Message[2] != "10/8 subnet") {
+if (reply.Reply-Message[2] != "10/8 subnet") {
test_fail
}
-if !(&control.FreeRADIUS-Client-IP-Prefix == 10.0.0.0/8) {
+if !(control.FreeRADIUS-Client-IP-Prefix == 10.0.0.0/8) {
test_fail
}
# Delete previous reply messages
-&reply -= &Reply-Message[*]
+&reply -= Reply-Message[*]
&FreeRADIUS-Client-IP-Prefix := 10.2.2.3/15
subnet2
-if (&reply.Reply-Message[0] != '10/8 subnet') {
+if (reply.Reply-Message[0] != '10/8 subnet') {
test_fail
}
# Make it accept, but the accept should be empty!
# see undo.attrs
#
- &control.Password.Cleartext := "hello"
+ control.Password.Cleartext := "hello"
ok
}
#
# @todo - conditions do not yet support YIELD
#
-if (&test_string == "yes") {
- &control.Password.Cleartext := "hello"
+if (test_string == "yes") {
+ control.Password.Cleartext := "hello"
- &reply += {
- &Reply-Message = "success"
+ reply += {
+ Reply-Message = "success"
}
}
else {
- &reply += {
- &Reply-Message = "failed"
+ reply += {
+ Reply-Message = "failed"
}
}
#
&test_string := "%idn('example.com')"
-if (&test_string != "example.com") {
+if (test_string != "example.com") {
test_fail
}
&test_string := "%idn('èxâmpłé.com')"
-if (&test_string != "xn--xmp-ila2ak63d.com") {
+if (test_string != "xn--xmp-ila2ak63d.com") {
test_fail
}
&test_string := "%idn('пример.com')"
-if (&test_string != "xn--e1afmkfd.com") {
+if (test_string != "xn--e1afmkfd.com") {
test_fail
}
&test_string := "%idn('παράδειγμα.com')"
-if (&test_string != "xn--hxajbheg2az3al.com") {
+if (test_string != "xn--hxajbheg2az3al.com") {
test_fail
}
&test_string := "%idn('ตัวอย่าง.com')"
-if (&test_string != "xn--72c1a1bt4awk9o.com") {
+if (test_string != "xn--72c1a1bt4awk9o.com") {
test_fail
}
&test_string := "%idn('invalid_example.com')"
-if (&Module-Failure-Message != "Non-digit/letter/hyphen in input") {
+if (Module-Failure-Message != "Non-digit/letter/hyphen in input") {
test_fail
}
-if (&Module-Failure-Message == "") {
+if (Module-Failure-Message == "") {
test_fail
}
-&request -= &Module-Failure-Message[*]
+&request -= Module-Failure-Message[*]
&test_string := "%idn('a.véry.löng.ņàme.whîch.when.expânded.exceedş.ţhe.dns.stanđard.fór.string.łength.of.twø.hündred.ând.fifty.threé.charáctèrs.and.therefore.is.invalid.for.idn.conversion')"
-if (&Module-Failure-Message != "Conversion was truncated") {
+if (Module-Failure-Message != "Conversion was truncated") {
test_fail
}
# Avoid false negatives by aborting test
#
if !(ok) {
- if (&Module-Failure-Message[*] == "imap: curl request failed: Timeout was reached (28)") {
+ if (Module-Failure-Message[*] == "imap: curl request failed: Timeout was reached (28)") {
test_pass
handled
}
#
# Check for module failing with missing attributes
#
-&request -= &User-Password[*]
+&request -= User-Password[*]
imap.authenticate {
fail = 1
}
&User-Password := 'test2'
-&request -= &User-Name[*]
+&request -= User-Name[*]
imap.authenticate {
fail = 1
}
if !(ok) {
- if (&Module-Failure-Message[*] == "imap: curl request failed: Timeout was reached (28)") {
+ if (Module-Failure-Message[*] == "imap: curl request failed: Timeout was reached (28)") {
test_pass
handled
}
}
if !(ok) {
- if (&Module-Failure-Message[*] == "imap: curl request failed: Timeout was reached (28)") {
+ if (Module-Failure-Message[*] == "imap: curl request failed: Timeout was reached (28)") {
test_pass
handled
}
}
if !(ok) {
- if (&Module-Failure-Message[*] == "imap: curl request failed: Timeout was reached (28)") {
+ if (Module-Failure-Message[*] == "imap: curl request failed: Timeout was reached (28)") {
test_pass
handled
}
}
if !(ok) {
- if (&Module-Failure-Message[*] == "imap: curl request failed: Timeout was reached (28)") {
+ if (Module-Failure-Message[*] == "imap: curl request failed: Timeout was reached (28)") {
test_pass
handled
}
}
if !(ok) {
- if (&Module-Failure-Message[*] == "imap: curl request failed: Timeout was reached (28)") {
+ if (Module-Failure-Message[*] == "imap: curl request failed: Timeout was reached (28)") {
test_pass
handled
}
}
if (ok) {
- &control.Auth-Type := ::Accept
+ control.Auth-Type := ::Accept
}
else {
reject
test_fail
}
-if !(&TLS-Certificate.Issuer =~ /@example\.org/) {
+if !(TLS-Certificate.Issuer =~ /@example\.org/) {
test_fail
}
# Avoid false negatives by aborting test
#
if !(ok) {
- if (&Module-Failure-Message[*] == "imap: curl request failed: Timeout was reached (28)") {
+ if (Module-Failure-Message[*] == "imap: curl request failed: Timeout was reached (28)") {
test_pass
handled
}
test_fail
}
-if !(&TLS-Certificate.Issuer =~ /@example\.org/) {
+if !(TLS-Certificate.Issuer =~ /@example\.org/) {
test_fail
}
#
# json.encode tests
#
-&request -= &Packet-Type[*]
+&request -= Packet-Type[*]
#
# HACK: the edit code does not currently support deleted by parent
-# when doing &request -= &Net[*]
-# or even &request -= &Net.[*]
+# when doing request -= Net[*]
+# or even request -= Net.[*]
# which returns an error?
#
-&request -= &Net.Src.IP
-&request -= &Net.Src.Port
-&request -= &Net.Dst.IP
-&request -= &Net.Dst.Port
-&request -= &Net.Timestamp
-&request -= &Net[*]
+&request -= Net.Src.IP
+&request -= Net.Src.Port
+&request -= Net.Dst.IP
+&request -= Net.Dst.Port
+&request -= Net.Timestamp
+&request -= Net[*]
# 0. Check basic xlat parsing
-&test_string1 := %json.encode("&request.[*]")
-&test_string2 := %json.encode("&request.[*] ")
-&test_string3 := %json.encode(" &request.[*]")
-&test_string4 := %json.encode(" &request.[*] ")
+&test_string1 := %json.encode("request.[*]")
+&test_string2 := %json.encode("request.[*] ")
+&test_string3 := %json.encode(" request.[*]")
+&test_string4 := %json.encode(" request.[*] ")
-if (!(&test_string1 == '{"User-Name":{"type":"string","value":"john"},"Filter-Id":{"type":"string","value":["f1","f2"]},"NAS-Port":{"type":"uint32","value":999},"Service-Type":{"type":"uint32","value":"Login-User"}}')) {
+if (!(test_string1 == '{"User-Name":{"type":"string","value":"john"},"Filter-Id":{"type":"string","value":["f1","f2"]},"NAS-Port":{"type":"uint32","value":999},"Service-Type":{"type":"uint32","value":"Login-User"}}')) {
test_fail
}
# Check xlat input formats
-if (!(&test_string1 == &test_string2) ||
- !(&test_string1 == &test_string3) ||
- !(&test_string1 == &test_string4)) {
+if (!(test_string1 == test_string2) ||
+ !(test_string1 == test_string3) ||
+ !(test_string1 == test_string4)) {
test_fail
}
# Check defaults are the same as output_mode "object":
-&test_string2 := %json_object.encode("&request.[*]")
-&test_string3 := %json_object_no.encode("&request.[*]")
-if (!(&test_string1 == &test_string2) ||
- !(&test_string1 == &test_string3)) {
+&test_string2 := %json_object.encode("request.[*]")
+&test_string3 := %json_object_no.encode("request.[*]")
+if (!(test_string1 == test_string2) ||
+ !(test_string1 == test_string3)) {
test_fail
}
-&test_string1 := %json.encode(" &request.[*] !&Filter-Id ")
-if !(&test_string1 == '{"User-Name":{"type":"string","value":"john"},"NAS-Port":{"type":"uint32","value":999},"Service-Type":{"type":"uint32","value":"Login-User"}}') {
+&test_string1 := %json.encode(" request.[*] !Filter-Id ")
+if !(test_string1 == '{"User-Name":{"type":"string","value":"john"},"NAS-Port":{"type":"uint32","value":999},"Service-Type":{"type":"uint32","value":"Login-User"}}') {
test_fail
}
-&test_string1 := %json.encode("&request.[*] ! ")
-if &test_string1 {
+&test_string1 := %json.encode("request.[*] ! ")
+if test_string1 {
test_fail
}
# These are unsorted dictionaries. Hopefully json-c doesn't suddenly
# decide that it's going to use a different ordering of the keys...
-&test_string1 := %json_object.encode("&request.[*]")
-&test_string2 := %json_object_ex.encode("&request.[*]")
+&test_string1 := %json_object.encode("request.[*]")
+&test_string2 := %json_object_ex.encode("request.[*]")
-if !(&test_string1 == '{"User-Name":{"type":"string","value":"john"},"Filter-Id":{"type":"string","value":["f1","f2"]},"NAS-Port":{"type":"uint32","value":999},"Service-Type":{"type":"uint32","value":"Login-User"}}') {
+if !(test_string1 == '{"User-Name":{"type":"string","value":"john"},"Filter-Id":{"type":"string","value":["f1","f2"]},"NAS-Port":{"type":"uint32","value":999},"Service-Type":{"type":"uint32","value":"Login-User"}}') {
test_fail
}
"%{test_string2}"
-if !(&test_string2 == '{"pf:User-Name":{"type":"string","value":["john"]},"pf:Filter-Id":{"type":"string","value":["f1","f2"]},"pf:NAS-Port":{"type":"uint32","value":["999"]},"pf:Service-Type":{"type":"uint32","value":["1"]}}') {
+if !(test_string2 == '{"pf:User-Name":{"type":"string","value":["john"]},"pf:Filter-Id":{"type":"string","value":["f1","f2"]},"pf:NAS-Port":{"type":"uint32","value":["999"]},"pf:Service-Type":{"type":"uint32","value":["1"]}}') {
test_fail
}
# 1b. "object" empty inputs
-&test_string1 := %json_object.encode("!&request.[*]")
+&test_string1 := %json_object.encode("!request.[*]")
-if !(&test_string1 == '{}') {
+if !(test_string1 == '{}') {
test_fail
}
# 2a. Output mode "object_simple" tests
-&test_string1 := %json_object_simple.encode("&request.[*]")
-&test_string2 := %json_object_simple_ex.encode("&request.[*]")
+&test_string1 := %json_object_simple.encode("request.[*]")
+&test_string2 := %json_object_simple_ex.encode("request.[*]")
-if !(&test_string1 == '{"User-Name":"john","Filter-Id":["f1","f2"],"NAS-Port":999,"Service-Type":"Login-User"}') {
+if !(test_string1 == '{"User-Name":"john","Filter-Id":["f1","f2"],"NAS-Port":999,"Service-Type":"Login-User"}') {
test_fail
}
-if !(&test_string2 == '{"pf:User-Name":["john"],"pf:Filter-Id":["f1","f2"],"pf:NAS-Port":["999"],"pf:Service-Type":["1"]}') {
+if !(test_string2 == '{"pf:User-Name":["john"],"pf:Filter-Id":["f1","f2"],"pf:NAS-Port":["999"],"pf:Service-Type":["1"]}') {
test_fail
}
# 2b. "object_simple" empty inputs
-&test_string1 := %json_object_simple.encode("!&request.[*]")
+&test_string1 := %json_object_simple.encode("!request.[*]")
-if !(&test_string1 == '{}') {
+if !(test_string1 == '{}') {
test_fail
}
# 3a. Output mode "array" tests
-&test_string1 := %json_array.encode("&request.[*]")
-&test_string2 := %json_array_ex.encode("&request.[*]")
+&test_string1 := %json_array.encode("request.[*]")
+&test_string2 := %json_array_ex.encode("request.[*]")
-if !(&test_string1 == '[{"name":"User-Name","type":"string","value":"john"},{"name":"Filter-Id","type":"string","value":"f1"},{"name":"Filter-Id","type":"string","value":"f2"},{"name":"NAS-Port","type":"uint32","value":999},{"name":"Service-Type","type":"uint32","value":"Login-User"}]') {
+if !(test_string1 == '[{"name":"User-Name","type":"string","value":"john"},{"name":"Filter-Id","type":"string","value":"f1"},{"name":"Filter-Id","type":"string","value":"f2"},{"name":"NAS-Port","type":"uint32","value":999},{"name":"Service-Type","type":"uint32","value":"Login-User"}]') {
test_fail
}
-if !(&test_string2 == '[{"name":"pf:User-Name","type":"string","value":["john"]},{"name":"pf:Filter-Id","type":"string","value":["f1","f2"]},{"name":"pf:NAS-Port","type":"uint32","value":["999"]},{"name":"pf:Service-Type","type":"uint32","value":["1"]}]') {
+if !(test_string2 == '[{"name":"pf:User-Name","type":"string","value":["john"]},{"name":"pf:Filter-Id","type":"string","value":["f1","f2"]},{"name":"pf:NAS-Port","type":"uint32","value":["999"]},{"name":"pf:Service-Type","type":"uint32","value":["1"]}]') {
test_fail
}
# 3b. "array" empty inputs
-&test_string1 := %json_array.encode("!&request.[*]")
+&test_string1 := %json_array.encode("!request.[*]")
-if !(&test_string1 == '[]') {
+if !(test_string1 == '[]') {
test_fail
}
# 4a. Output mode "array_of_names" tests
-&test_string1 := %json_array_names.encode("&request.[*]")
-&test_string2 := %json_array_names_ex.encode("&request.[*]")
+&test_string1 := %json_array_names.encode("request.[*]")
+&test_string2 := %json_array_names_ex.encode("request.[*]")
-if !(&test_string1 == '["User-Name","Filter-Id","Filter-Id","NAS-Port","Service-Type"]') {
+if !(test_string1 == '["User-Name","Filter-Id","Filter-Id","NAS-Port","Service-Type"]') {
test_fail
}
-if !(&test_string2 == '["pf:User-Name","pf:Filter-Id","pf:Filter-Id","pf:NAS-Port","pf:Service-Type"]') {
+if !(test_string2 == '["pf:User-Name","pf:Filter-Id","pf:Filter-Id","pf:NAS-Port","pf:Service-Type"]') {
test_fail
}
# 4b. "array_of_names" empty inputs
-&test_string1 := %json_array_names.encode("!&request.[*]")
+&test_string1 := %json_array_names.encode("!request.[*]")
-if !(&test_string1 == '[]') {
+if !(test_string1 == '[]') {
test_fail
}
# 5a. Output mode "array_of_values" tests
-&test_string1 := %json_array_values.encode("&request.[*]")
-&test_string2 := %json_array_values_ex.encode("&request.[*]")
+&test_string1 := %json_array_values.encode("request.[*]")
+&test_string2 := %json_array_values_ex.encode("request.[*]")
-if !(&test_string1 == '["john","f1","f2",999,"Login-User"]') {
+if !(test_string1 == '["john","f1","f2",999,"Login-User"]') {
test_fail
}
-if !(&test_string2 == '["john","f1","f2","999","1"]') {
+if !(test_string2 == '["john","f1","f2","999","1"]') {
test_fail
}
# 5b. "array_of_values" empty inputs
-&test_string1 := %json_array_values.encode("!&request.[*]")
+&test_string1 := %json_array_values.encode("!request.[*]")
-if !(&test_string1 == '[]') {
+if !(test_string1 == '[]') {
test_fail
}
#
&test_string := %json_object_ex_encode() # ERROR
-if (&test_string) {
+if (test_string) {
test_fail
}
&Filter-Id := "{\"foo\":\"bar\"}"
# 0. Simple field access
-map json &Filter-Id {
- &Callback-Id := '$.foo'
+map json Filter-Id {
+ Callback-Id := '$.foo'
}
-if !(&Callback-Id == 'bar') {
+if !(Callback-Id == 'bar') {
test_fail
}
\"bool_false\": false \
}"
-&request -= &Callback-Id[*]
+&request -= Callback-Id[*]
# Check conversion of all JSON types to strings
-map json &Filter-Id {
- &Callback-Id += '$.*'
+map json Filter-Id {
+ Callback-Id += '$.*'
}
# 1. Array type
-if !(&Callback-Id[0] == '[ 0, 1, 2, 3, 4, 5 ]') {
+if !(Callback-Id[0] == '[ 0, 1, 2, 3, 4, 5 ]') {
test_fail
}
# 2. Object type
-if !(&Callback-Id[1] == '{ "foo": "bar", "num": 42 }') {
+if !(Callback-Id[1] == '{ "foo": "bar", "num": 42 }') {
test_fail
}
# 3. Integer type
-if !(&Callback-Id[2] == '99') {
+if !(Callback-Id[2] == '99') {
test_fail
}
# 4. Double type
-if !(&Callback-Id[3] == '5.9') {
+if !(Callback-Id[3] == '5.9') {
test_fail
}
# 5. null type
-if !(&Callback-Id[4] == 'null') {
+if !(Callback-Id[4] == 'null') {
test_fail
}
# 6. Boolean true
-if !(&Callback-Id[5] == 'yes') {
+if !(Callback-Id[5] == 'yes') {
test_fail
}
# 7. Boolean false
-if (&Callback-Id[6] != 'no') {
+if (Callback-Id[6] != 'no') {
test_fail
}
-&request -= &Callback-Id[*]
+&request -= Callback-Id[*]
#
# Now check array slicing operates correctly
#
# 8. String form
-map json &Filter-Id {
- &Callback-Id := '$.my_array'
+map json Filter-Id {
+ Callback-Id := '$.my_array'
}
-if !(&Callback-Id == '[ 0, 1, 2, 3, 4, 5 ]') {
+if !(Callback-Id == '[ 0, 1, 2, 3, 4, 5 ]') {
test_fail
}
-&request -= &Callback-Id[*]
+&request -= Callback-Id[*]
# 9. Simple index
-map json &Filter-Id {
- &NAS-Port := '$.my_array[0]'
+map json Filter-Id {
+ NAS-Port := '$.my_array[0]'
}
-if !(&NAS-Port == 0) {
+if !(NAS-Port == 0) {
test_fail
}
-&request -= &NAS-Port[*]
+&request -= NAS-Port[*]
# 9a. All of the array
-map json &Filter-Id {
- &NAS-Port += '$.my_array.*'
+map json Filter-Id {
+ NAS-Port += '$.my_array.*'
}
-if (!(&NAS-Port[0] == 0) || !(&NAS-Port[1] == 1) || !(&NAS-Port[2] == 2) || !(&NAS-Port[3] == 3) || !(&NAS-Port[4] == 4) || !(&NAS-Port[5] == 5)) {
+if (!(NAS-Port[0] == 0) || !(NAS-Port[1] == 1) || !(NAS-Port[2] == 2) || !(NAS-Port[3] == 3) || !(NAS-Port[4] == 4) || !(NAS-Port[5] == 5)) {
test_fail
}
&NAS-Port := 9
# 9b. All of the array using prepend, places the array before the existing value
-map json &Filter-Id {
- &NAS-Port ^= '$.my_array.*'
+map json Filter-Id {
+ NAS-Port ^= '$.my_array.*'
}
-if (!(&NAS-Port[0] == 0) || !(&NAS-Port[1] == 1) || !(&NAS-Port[2] == 2) || !(&NAS-Port[3] == 3) || !(&NAS-Port[4] == 4) || !(&NAS-Port[5] == 5) || !(&NAS-Port[6] == 9)) {
+if (!(NAS-Port[0] == 0) || !(NAS-Port[1] == 1) || !(NAS-Port[2] == 2) || !(NAS-Port[3] == 3) || !(NAS-Port[4] == 4) || !(NAS-Port[5] == 5) || !(NAS-Port[6] == 9)) {
test_fail
}
-&request -= &NAS-Port[*]
+&request -= NAS-Port[*]
# 10. End of the array
-map json &Filter-Id {
- &NAS-Port := '$.my_array[5]' # Past the end of the array (should be skipped)
+map json Filter-Id {
+ NAS-Port := '$.my_array[5]' # Past the end of the array (should be skipped)
}
-if !(&NAS-Port == 5) {
+if !(NAS-Port == 5) {
test_fail
}
-&request -= &NAS-Port[*]
+&request -= NAS-Port[*]
# 11. Past end of the array
-map json &Filter-Id {
- &NAS-Port := '$.my_array[6]' # Past the end of the array (should be skipped)
+map json Filter-Id {
+ NAS-Port := '$.my_array[6]' # Past the end of the array (should be skipped)
}
-if (&NAS-Port) {
+if (NAS-Port) {
test_fail
}
-&request -= &NAS-Port[*]
+&request -= NAS-Port[*]
# 12. Simple slice
-map json &Filter-Id {
- &NAS-Port += '$.my_array[0:2]' # A single value
+map json Filter-Id {
+ NAS-Port += '$.my_array[0:2]' # A single value
}
-if (!(&NAS-Port[0] == 0) || !(&NAS-Port[1] == 1)) {
+if (!(NAS-Port[0] == 0) || !(NAS-Port[1] == 1)) {
test_fail
}
-&request -= &NAS-Port[*]
+&request -= NAS-Port[*]
# 13. Slice with negative start
-map json &Filter-Id {
- &NAS-Port += '$.my_array[-1:6]' # A single value (last eelement of the array)
+map json Filter-Id {
+ NAS-Port += '$.my_array[-1:6]' # A single value (last eelement of the array)
}
-if !(&NAS-Port == 5) {
+if !(NAS-Port == 5) {
test_fail
}
-&request -= &NAS-Port[*]
+&request -= NAS-Port[*]
# 14. Slice with negative start and negative end
-map json &Filter-Id {
- &NAS-Port += '$.my_array[-1:-3]' # Start after end (should be skipped)
+map json Filter-Id {
+ NAS-Port += '$.my_array[-1:-3]' # Start after end (should be skipped)
}
-if (&NAS-Port) {
+if (NAS-Port) {
test_fail
}
# 15. Slice with start and negative end
-map json &Filter-Id {
- &NAS-Port += '$.my_array[1:-3]'
+map json Filter-Id {
+ NAS-Port += '$.my_array[1:-3]'
}
-if (!(&NAS-Port[0] == 1) && !(&NAS-Port[1] == 2)) {
+if (!(NAS-Port[0] == 1) && !(NAS-Port[1] == 2)) {
test_fail
}
-&request -= &NAS-Port[*]
+&request -= NAS-Port[*]
# 16. Slice with start, end and negative step
-map json &Filter-Id {
- &NAS-Port += '$.my_array[4:2:-1]'
+map json Filter-Id {
+ NAS-Port += '$.my_array[4:2:-1]'
}
-if (!(&NAS-Port[0] == 4) || !(&NAS-Port[1] == 3)) {
+if (!(NAS-Port[0] == 4) || !(NAS-Port[1] == 3)) {
test_fail
}
-&request -= &NAS-Port[*]
+&request -= NAS-Port[*]
# 17. Slice with start, end (inverted) and negative step
-map json &Filter-Id {
- &NAS-Port += '$.my_array[2:4:-1]'
+map json Filter-Id {
+ NAS-Port += '$.my_array[2:4:-1]'
}
-if (&NAS-Port) {
+if (NAS-Port) {
test_fail
}
-&request -= &NAS-Port[*]
+&request -= NAS-Port[*]
# 18. Slice with start, end and positive step
-map json &Filter-Id {
- &NAS-Port += '$.my_array[2:4:1]'
+map json Filter-Id {
+ NAS-Port += '$.my_array[2:4:1]'
}
-if (!(&NAS-Port[0] == 2) || !(&NAS-Port[1] == 3)) {
+if (!(NAS-Port[0] == 2) || !(NAS-Port[1] == 3)) {
test_fail
}
-&request -= &NAS-Port[*]
+&request -= NAS-Port[*]
# 19. Slice with start, end and positive step > 1
-map json &Filter-Id {
- &NAS-Port += '$.my_array[1:5:2]'
+map json Filter-Id {
+ NAS-Port += '$.my_array[1:5:2]'
}
-if (!(&NAS-Port[0] == 1) && !(&NAS-Port[1] == 3)) {
+if (!(NAS-Port[0] == 1) && !(NAS-Port[1] == 3)) {
test_fail
}
-&request -= &NAS-Port[*]
+&request -= NAS-Port[*]
# 20. Slice with start, end and positive step > end of array
-map json &Filter-Id {
- &NAS-Port += '$.my_array[1:5:4]'
+map json Filter-Id {
+ NAS-Port += '$.my_array[1:5:4]'
}
-if (!(&NAS-Port[0] == 1) || &NAS-Port[1]) {
+if (!(NAS-Port[0] == 1) || NAS-Port[1]) {
test_fail
}
-&request -= &NAS-Port[*]
+&request -= NAS-Port[*]
# 21. Slice with start, end and positive step > end of array
-map json &Filter-Id {
- &NAS-Port += '$.my_array[5:1:-4]'
+map json Filter-Id {
+ NAS-Port += '$.my_array[5:1:-4]'
}
-if (!(&NAS-Port[0] == 5) || &NAS-Port[1]) {
+if (!(NAS-Port[0] == 5) || NAS-Port[1]) {
test_fail
}
-&request -= &NAS-Port[*]
+&request -= NAS-Port[*]
# 22. No start/end 3 step
-map json &Filter-Id {
- &NAS-Port += '$.my_array[::3]'
+map json Filter-Id {
+ NAS-Port += '$.my_array[::3]'
}
-if (!(&NAS-Port[0] == 0) || !(&NAS-Port[1] == 3) || &NAS-Port[2]) {
+if (!(NAS-Port[0] == 0) || !(NAS-Port[1] == 3) || NAS-Port[2]) {
test_fail
}
-&request -= &NAS-Port[*]
+&request -= NAS-Port[*]
# 23. No start/end 3 step
-map json &Filter-Id {
- &NAS-Port += '$.my_array[::-3]'
+map json Filter-Id {
+ NAS-Port += '$.my_array[::-3]'
}
-if (!(&NAS-Port[0] == 5) || !(&NAS-Port[1] == 2) || &NAS-Port[2]) {
+if (!(NAS-Port[0] == 5) || !(NAS-Port[1] == 2) || NAS-Port[2]) {
test_fail
}
-&request -= &NAS-Port[*]
+&request -= NAS-Port[*]
# 24. No end 3 step
-map json &Filter-Id {
- &NAS-Port += '$.my_array[3::-3]'
+map json Filter-Id {
+ NAS-Port += '$.my_array[3::-3]'
}
-if (!(&NAS-Port[0] == 3) || !(&NAS-Port[1] == 0) || &NAS-Port[2]) {
+if (!(NAS-Port[0] == 3) || !(NAS-Port[1] == 0) || NAS-Port[2]) {
test_fail
}
-&request -= &NAS-Port[*]
+&request -= NAS-Port[*]
# 25. End 0, 3 step
-map json &Filter-Id {
- &NAS-Port += '$.my_array[3:0:-3]'
+map json Filter-Id {
+ NAS-Port += '$.my_array[3:0:-3]'
}
-if (!(&NAS-Port[0] == 3) || &NAS-Port[1]) {
+if (!(NAS-Port[0] == 3) || NAS-Port[1]) {
test_fail
}
-&request -= &NAS-Port[*]
+&request -= NAS-Port[*]
# 26. End 0, 3 step
-map json &Filter-Id {
- &NAS-Port += '$.my_array[0::-3]'
+map json Filter-Id {
+ NAS-Port += '$.my_array[0::-3]'
}
-if (!(&NAS-Port[0] == 0) || &NAS-Port[1]) {
+if (!(NAS-Port[0] == 0) || NAS-Port[1]) {
test_fail
}
-&request -= &NAS-Port[*]
+&request -= NAS-Port[*]
# 27. Everything two levels deep
-map json &Filter-Id {
- &Callback-Id += '$.*.*'
+map json Filter-Id {
+ Callback-Id += '$.*.*'
}
-if (!(&Callback-Id[0] == '0') || \
- !(&Callback-Id[1] == '1') || \
- !(&Callback-Id[2] == '2') || \
- !(&Callback-Id[3] == '3') || \
- !(&Callback-Id[4] == '4') || \
- !(&Callback-Id[5] == '5') || \
- !(&Callback-Id[6] == 'bar') || \
- !(&Callback-Id[7] == '42')) {
+if (!(Callback-Id[0] == '0') || \
+ !(Callback-Id[1] == '1') || \
+ !(Callback-Id[2] == '2') || \
+ !(Callback-Id[3] == '3') || \
+ !(Callback-Id[4] == '4') || \
+ !(Callback-Id[5] == '5') || \
+ !(Callback-Id[6] == 'bar') || \
+ !(Callback-Id[7] == '42')) {
test_fail
}
-&request -= &Callback-Id[*]
+&request -= Callback-Id[*]
# 28. Everything three levels deep (nothing)
-map json &Filter-Id {
- &Callback-Id += '$.*.*.*'
+map json Filter-Id {
+ Callback-Id += '$.*.*.*'
}
-if (&Callback-Id) {
+if (Callback-Id) {
test_fail
}
# 29. Array access on a field (nothing)
-map json &Filter-Id {
- &Callback-Id += '$.my_object[0]'
+map json Filter-Id {
+ Callback-Id += '$.my_object[0]'
}
-if (&Callback-Id) {
+if (Callback-Id) {
test_fail
}
# 30. Non-existent field
-map json &Filter-Id {
- &Callback-Id += '$.my_object.my_other_object'
+map json Filter-Id {
+ Callback-Id += '$.my_object.my_other_object'
}
-if (&Callback-Id) {
+if (Callback-Id) {
test_fail
}
# version/system dependent *sigh*.
redundant {
group {
- map json &Filter-Id {
- &NAS-Port := '$[3][2]'
+ map json Filter-Id {
+ NAS-Port := '$[3][2]'
}
}
noop
}
-if (!noop && (!(&NAS-Port == 4294967295) && !(&NAS-Port == 2147483647))) {
+if (!noop && (!(NAS-Port == 4294967295) && !(NAS-Port == 2147483647))) {
test_fail
}
# 32. Unsigned 32bit integers (are supported)
-map json &Filter-Id {
- &NAS-Port := '$[3][0]'
+map json Filter-Id {
+ NAS-Port := '$[3][0]'
}
-if !(&NAS-Port == 2147483647) {
+if !(NAS-Port == 2147483647) {
test_fail
}
-&request -= &NAS-Port[*]
+&request -= NAS-Port[*]
# 33. Signed 64bit integers
if (0) {
-map json &Filter-Id {
- &test_int64 := '$[0]'
+map json Filter-Id {
+ test_int64 := '$[0]'
}
-if !(&test_int64 == (int64)9223372036854775807) {
+if !(test_int64 == (int64)9223372036854775807) {
test_fail
}
# 34. Signed 64bit integers
-map json &Filter-Id {
- &test_int64 := '$[1]'
+map json Filter-Id {
+ test_int64 := '$[1]'
}
-if !(&test_int64 == -9223372036854775807) {
+if !(test_int64 == -9223372036854775807) {
test_fail
}
-&request -= &test_int64[*]
+&request -= test_int64[*]
# 35. Unsigned 64bit integers (not allowed by json so gets truncated)
-map json &Filter-Id {
- &Acct-Input-Octets64 := '$[2]'
+map json Filter-Id {
+ Acct-Input-Octets64 := '$[2]'
}
-if !(&Acct-Input-Octets64 == 9223372036854775807) {
+if !(Acct-Input-Octets64 == 9223372036854775807) {
test_fail
}
}
-&request -= &Acct-Input-Octets64[*]
+&request -= Acct-Input-Octets64[*]
# 36. Multiple array indices
-map json &Filter-Id {
- &Cache-TTL += '$[3][0,1]'
+map json Filter-Id {
+ Cache-TTL += '$[3][0,1]'
}
-if (!(&Cache-TTL[0] == 2147483647) || !(&Cache-TTL[1] == -2147483647)) {
+if (!(Cache-TTL[0] == 2147483647) || !(Cache-TTL[1] == -2147483647)) {
test_fail
}
-&request -= &Cache-TTL[*]
+&request -= Cache-TTL[*]
# 37. Path containing dynamic expansion
&test_integer := 0
-map json &Filter-Id {
- &NAS-Port += "$[3][%{test_integer}]"
+map json Filter-Id {
+ NAS-Port += "$[3][%{test_integer}]"
}
-if !(&NAS-Port == 2147483647) {
+if !(NAS-Port == 2147483647) {
test_fail
}
-&request -= &NAS-Port[*]
+&request -= NAS-Port[*]
# 38. An expanded field name with bad chars
&Filter-Id := "\
}"
&test_string := "%taint('foo.bar')"
-map json &Filter-Id {
- &Callback-Id := "$.%{test_string}"
+map json Filter-Id {
+ Callback-Id := "$.%{test_string}"
}
-if !(&Callback-Id == 'baz') {
+if !(Callback-Id == 'baz') {
test_fail
}
-&request -= &Callback-Id[*]
+&request -= Callback-Id[*]
&Filter-Id := "\
{\
}"
# 39. Recursive descent with field match
-map json &Filter-Id {
- &Callback-Id += '$..bool'
+map json Filter-Id {
+ Callback-Id += '$..bool'
}
-if (!("%{Callback-Id[#]}" == 1) || !(&Callback-Id == 'yes')) {
+if (!("%{Callback-Id[#]}" == 1) || !(Callback-Id == 'yes')) {
test_fail
}
-&request -= &Callback-Id[*]
+&request -= Callback-Id[*]
# 40. Recursive descent with element match (2nd element in each array)
-map json &Filter-Id {
- &Callback-Id += '$..[1]'
+map json Filter-Id {
+ Callback-Id += '$..[1]'
}
-if (!("%{Callback-Id[#]}" == 3) || !(&Callback-Id[0] == '1') || !(&Callback-Id[1] == 'scratchy') || !(&Callback-Id[2] == 'clawy')) {
+if (!("%{Callback-Id[#]}" == 3) || !(Callback-Id[0] == '1') || !(Callback-Id[1] == 'scratchy') || !(Callback-Id[2] == 'clawy')) {
test_fail
}
-&request -= &Callback-Id[*]
+&request -= Callback-Id[*]
# 41. Recursive descent with field then element match
-map json &Filter-Id {
- &Callback-Id += '$..my_cats[2]'
+map json Filter-Id {
+ Callback-Id += '$..my_cats[2]'
}
-if (!("%{Callback-Id[#]}" == 2) || !(&Callback-Id[0] == 'flat') || !(&Callback-Id[1] == 'woofy')) {
+if (!("%{Callback-Id[#]}" == 2) || !(Callback-Id[0] == 'flat') || !(Callback-Id[1] == 'woofy')) {
test_fail
}
-&request -= &Callback-Id[*]
+&request -= Callback-Id[*]
test_pass
&Tag-1 := {
- &Vendor-Specific = {
- &Unisphere = {
- &Service-Activate = "PPPOE_SERVICE(3072000,2048000)"
+ Vendor-Specific = {
+ Unisphere = {
+ Service-Activate = "PPPOE_SERVICE(3072000,2048000)"
}
}
}
-if (!(%json.encode('&request.Tag-1') == "{\"Tag-1\":{\"type\":\"group\",\"value\":{\"Vendor-Specific\":{\"type\":\"vsa\",\"value\":{\"Unisphere\":{\"type\":\"vendor\",\"value\":{\"Service-Activate\":{\"type\":\"string\",\"value\":\"PPPOE_SERVICE(3072000,2048000)\"}}}}}}}}")) {
+if (!(%json.encode('request.Tag-1') == "{\"Tag-1\":{\"type\":\"group\",\"value\":{\"Vendor-Specific\":{\"type\":\"vsa\",\"value\":{\"Unisphere\":{\"type\":\"vendor\",\"value\":{\"Service-Activate\":{\"type\":\"string\",\"value\":\"PPPOE_SERVICE(3072000,2048000)\"}}}}}}}}")) {
test_fail
}
-if (!(%json_object_simple.encode('&request.Tag-1') == "{\"Tag-1\":{\"Vendor-Specific\":{\"Unisphere\":{\"Service-Activate\":\"PPPOE_SERVICE(3072000,2048000)\"}}}}")) {
+if (!(%json_object_simple.encode('request.Tag-1') == "{\"Tag-1\":{\"Vendor-Specific\":{\"Unisphere\":{\"Service-Activate\":\"PPPOE_SERVICE(3072000,2048000)\"}}}}")) {
test_fail
}
-if (!(%json_array.encode('&request.Tag-1') == "[{\"name\":\"Tag-1\",\"type\":\"group\",\"value\":[{\"name\":\"Vendor-Specific\",\"type\":\"vsa\",\"value\":[{\"name\":\"Unisphere\",\"type\":\"vendor\",\"value\":[{\"name\":\"Service-Activate\",\"type\":\"string\",\"value\":\"PPPOE_SERVICE(3072000,2048000)\"}]}]}]}]")) {
+if (!(%json_array.encode('request.Tag-1') == "[{\"name\":\"Tag-1\",\"type\":\"group\",\"value\":[{\"name\":\"Vendor-Specific\",\"type\":\"vsa\",\"value\":[{\"name\":\"Unisphere\",\"type\":\"vendor\",\"value\":[{\"name\":\"Service-Activate\",\"type\":\"string\",\"value\":\"PPPOE_SERVICE(3072000,2048000)\"}]}]}]}]")) {
test_fail
}
-if (!(%json_array_names.encode('&request.Tag-1') == "[\"Tag-1\",[\"Vendor-Specific\",[\"Unisphere\",[\"Service-Activate\"]]]]")) {
+if (!(%json_array_names.encode('request.Tag-1') == "[\"Tag-1\",[\"Vendor-Specific\",[\"Unisphere\",[\"Service-Activate\"]]]]")) {
test_fail
}
# In the original failure parsing the mac-address results in a "trailing garbage" error
map json '{"externalId":"10000000001","osFamily":"IOS","macAddress":"6C:4D:73:8B:51:00","guid":"Enrollment-000000000-0000-0000-0000-000000000000","isRevoked":false,"configurationType":"HS2R1","certificateSerialNumber":"0000c92c8d4896458ecfb70323d5cf81ddc0000","isExpired":false}' {
- &Filter-Id := '$.externalId'
- &Vendor-Specific.Fortinet.WirelessController-Device-MAC := '$.macAddress'
+ Filter-Id := '$.externalId'
+ Vendor-Specific.Fortinet.WirelessController-Device-MAC := '$.macAddress'
}
-if !(&Filter-Id == "10000000001") {
+if !(Filter-Id == "10000000001") {
test_fail
}
-if (&Vendor-Specific.Fortinet.WirelessController-Device-MAC != 6C:4D:73:8B:51:00) {
+if (Vendor-Specific.Fortinet.WirelessController-Device-MAC != 6C:4D:73:8B:51:00) {
test_fail
}
# An error string from Azure AD, try and access all the bits
&test_string := "{\"error\":\"invalid_grant\",\"error_description\":\"AADSTS50126: Error validating credentials due to invalid username or password.\\r\\nTrace ID: 20bb60a5-5504-4a6b-ab40-a353a95c2500\\r\\nCorrelation ID: e58bb567-ad15-4a46-8341-cc6e800dd817\\r\\nTimestamp: 2023-02-11 02:32:40Z\",\"error_codes\":[50126],\"timestamp\":\"2023-02-11 02:32:40Z\",\"trace_id\":\"20bb60a5-5504-4a6b-ab40-a353a95c2500\",\"correlation_id\":\"e58bb567-ad15-4a46-8341-cc6e800dd817\",\"error_uri\":\"https://login.microsoftonline.com/error?code=50126\"}"
-map json &test_string {
- &Filter-Id := '$.error'
- &Callback-Id := '$.error_description'
- &Called-Station-Id := '$.error_uri'
- &NAS-Port := '$.error_codes[0]'
+map json test_string {
+ Filter-Id := '$.error'
+ Callback-Id := '$.error_description'
+ Called-Station-Id := '$.error_uri'
+ NAS-Port := '$.error_codes[0]'
}
-if (&Filter-Id != 'invalid_grant') {
+if (Filter-Id != 'invalid_grant') {
test_fail
}
-if (&Callback-Id != "AADSTS50126: Error validating credentials due to invalid username or password.\r\nTrace ID: 20bb60a5-5504-4a6b-ab40-a353a95c2500\r\nCorrelation ID: e58bb567-ad15-4a46-8341-cc6e800dd817\r\nTimestamp: 2023-02-11 02:32:40Z") {
+if (Callback-Id != "AADSTS50126: Error validating credentials due to invalid username or password.\r\nTrace ID: 20bb60a5-5504-4a6b-ab40-a353a95c2500\r\nCorrelation ID: e58bb567-ad15-4a46-8341-cc6e800dd817\r\nTimestamp: 2023-02-11 02:32:40Z") {
test_fail
}
-if (&Called-Station-Id != 'https://login.microsoftonline.com/error?code=50126') {
+if (Called-Station-Id != 'https://login.microsoftonline.com/error?code=50126') {
test_fail
}
# This was being parsed as a negative integer
-if (&NAS-Port != 50126) {
+if (NAS-Port != 50126) {
test_fail
}
# Verify parsing works correctly with an unquoted xlat
map json %test.passthrough("{ \"foo\":\"bar\" }",{}) {
- &Filter-Id := '$.foo'
+ Filter-Id := '$.foo'
}
-if (!(&Filter-Id == 'bar')) {
+if (!(Filter-Id == 'bar')) {
test_fail
}
test_pass
test_fail
}
-if (&reply.Reply-Message != 'User-Suspended') {
+if (reply.Reply-Message != 'User-Suspended') {
test_fail
}
&test_string := %ldap("ldap://$ENV{TEST_SERVER}/uid=bob,ou=people,dc=example,dc=com?description")
-if (&test_string != "User bob is online") {
+if (test_string != "User bob is online") {
test_fail
}
#
ldap
-if (!(&control.NAS-IP-Address == 1.2.3.4)) {
+if (!(control.NAS-IP-Address == 1.2.3.4)) {
test_fail
}
-if (!(&control.Reply-Message == "Hello world")) {
+if (!(control.Reply-Message == "Hello world")) {
test_fail
}
# Cmp operator means Framed-IP-Address is ignored
-if (&control.Framed-IP-Address) {
+if (control.Framed-IP-Address) {
test_fail
}
# IP netmask defined in profile1 should overwrite radprofile value.
-if (!(&reply.Framed-IP-Netmask == 255.255.0.0)) {
+if (!(reply.Framed-IP-Netmask == 255.255.0.0)) {
test_fail
}
-if (!(&reply.Acct-Interim-Interval == 1800)) {
+if (!(reply.Acct-Interim-Interval == 1800)) {
test_fail
}
-if (!(&reply.Idle-Timeout == 3600)) {
+if (!(reply.Idle-Timeout == 3600)) {
test_fail
}
-if (!(&reply.Session-Timeout == 7200)) {
+if (!(reply.Session-Timeout == 7200)) {
test_fail
}
# Set from radiusAttribute
-if !(&control.Vendor-Specific.Cisco.AVPair[*] == 'foo') {
+if !(control.Vendor-Specific.Cisco.AVPair[*] == 'foo') {
test_fail
}
# Set from radiusControlAttribute
-if !(&control.Vendor-Specific.Cisco.AVPair[*] == 'bar') {
+if !(control.Vendor-Specific.Cisco.AVPair[*] == 'bar') {
test_fail
}
&test_string := %ldap("ldap://$ENV{TEST_SERVER}/uid=john,ou=people,dc=example,dc=com?description")
-if (!(&test_string == "User %{User-Name} authenticated")) {
+if (!(test_string == "User %{User-Name} authenticated")) {
test_fail
}
# userPKCS12 is set to be updated from Class - which doesn't exist - check nothing was added
&test_octets := %ldap("ldap://$ENV{TEST_SERVER}/uid=john,ou=people,dc=example,dc=com?userPKCS12")
-if (&test_octets) {
+if (test_octets) {
test_fail
}
&test_octets := %ldap("ldap://$ENV{TEST_SERVER}/uid=john,ou=people,dc=example,dc=com?userPKCS12")
-if (&test_octets != 0x01020304) {
+if (test_octets != 0x01020304) {
test_fail
}
# Remove the RADIUS attribute and check that the update doesn't clear the LDAP attribute
-&request -= &Class[*]
+&request -= Class[*]
ldap.send.access-accept
&test_octets := %ldap("ldap://$ENV{TEST_SERVER}/uid=john,ou=people,dc=example,dc=com?userPKCS12")
-if (&test_octets != 0x01020304) {
+if (test_octets != 0x01020304) {
test_fail
}
# carLicense is being populated with += - so there should be 3 instances now
&control.Filter-Id := %ldap("ldap://$ENV{TEST_SERVER}/uid=john,ou=people,dc=example,dc=com?carLicense")
-if (&control.Filter-Id[#] != 3) {
+if (control.Filter-Id[#] != 3) {
test_fail
}
#
ldapldapi
-if (!(&control.LDAP-UserDN == "uid=john,ou=people,dc=example,dc=com")) {
+if (!(control.LDAP-UserDN == "uid=john,ou=people,dc=example,dc=com")) {
test_fail
}
ldap
#IP address is defined in cn=profile2
-if !(&control.Framed-IP-Address == 1.2.3.6) {
+if !(control.Framed-IP-Address == 1.2.3.6) {
test_fail
}
# IP netmask defined in cn=reply,cn=profile2
-if (!(&reply.Framed-IP-Netmask == 255.255.192.0)) {
+if (!(reply.Framed-IP-Netmask == 255.255.192.0)) {
test_fail
}
-if (!(&reply.Acct-Interim-Interval == 7200)) {
+if (!(reply.Acct-Interim-Interval == 7200)) {
test_fail
}
&test_string := %ldap("ldap://$ENV{TEST_SERVER}/uid=peter,ou=people,dc=example,dc=com?description")
-if (!(&test_string == "User %{User-Name} authenticated")) {
+if (!(test_string == "User %{User-Name} authenticated")) {
test_fail
}
#
ldapsasl
-if (!(&control.LDAP-UserDN == "uid=john,ou=people,dc=example,dc=com")) {
+if (!(control.LDAP-UserDN == "uid=john,ou=people,dc=example,dc=com")) {
test_fail
}
#
ldapsaslproxy
-if (!(&control.LDAP-UserDN == "uid=john,ou=people,dc=example,dc=com")) {
+if (!(control.LDAP-UserDN == "uid=john,ou=people,dc=example,dc=com")) {
test_fail
}
# The admin bind was as a "normal" user, then proxied to the admin
# Check that the password was retrieved
-if (!(&control.Password.With-Header)) {
+if (!(control.Password.With-Header)) {
test_fail
}
#
ldapssl
-if (!(&control.NAS-IP-Address == 1.2.3.4)) {
+if (!(control.NAS-IP-Address == 1.2.3.4)) {
test_fail
}
# Cmp operator means Framed-IP-Address is ignored
-if (&control.Framed-IP-Address) {
+if (control.Framed-IP-Address) {
test_fail
}
-if (!(&reply.Idle-Timeout == 3600)) {
+if (!(reply.Idle-Timeout == 3600)) {
test_fail
}
-if (!(&reply.Session-Timeout == 7200)) {
+if (!(reply.Session-Timeout == 7200)) {
test_fail
}
&test_string := %ldapssl("ldaps:///uid=fred,ou=people,dc=subdept,dc=example,dc=com?description")
-if (!(&test_string == "User %{User-Name} authenticated")) {
+if (!(test_string == "User %{User-Name} authenticated")) {
test_fail
}
ldaptls
-if (!(&control.NAS-IP-Address == 1.2.3.4)) {
+if (!(control.NAS-IP-Address == 1.2.3.4)) {
test_fail
}
# Cmp operator means Framed-IP-Address is ignored
-if (&control.Framed-IP-Address) {
+if (control.Framed-IP-Address) {
test_fail
}
-if (!(&reply.Idle-Timeout == 3600)) {
+if (!(reply.Idle-Timeout == 3600)) {
test_fail
}
-if (!(&reply.Session-Timeout == 7200)) {
+if (!(reply.Session-Timeout == 7200)) {
test_fail
}
&test_string := %ldaptls("ldap:///uid=joe,ou=people,dc=subdept,dc=example,dc=com?description")
-if (!(&test_string == "User %{User-Name} authenticated")) {
+if (!(test_string == "User %{User-Name} authenticated")) {
test_fail
}
#
# Check no cached membership has been added
#
-if (&control.LDAP-Cached-Membership) {
+if (control.LDAP-Cached-Membership) {
test_fail
}
#
# Check we have these values cached
#
-if (!(&control.LDAP-Cached-Membership[*] == 'foo')) {
+if (!(control.LDAP-Cached-Membership[*] == 'foo')) {
test_fail
}
-if (!(&control.LDAP-Cached-Membership[*] == 'cn=foo,ou=groups,dc=example,dc=com')) {
+if (!(control.LDAP-Cached-Membership[*] == 'cn=foo,ou=groups,dc=example,dc=com')) {
test_fail
}
map ldap "ldap:///ou=profiles,dc=example,dc=com??sub?(objectClass=radiusprofile)" {
- &Framed-IP-Netmask := 'radiusFramedIPNetmask'
- &Filter-Id += 'entryDN'
+ Framed-IP-Netmask := 'radiusFramedIPNetmask'
+ Filter-Id += 'entryDN'
}
if (!updated) {
test_fail
}
-if (!(&Framed-IP-Netmask == '255.255.255.0')) {
+if (!(Framed-IP-Netmask == '255.255.255.0')) {
test_fail
}
-if (!(&Filter-Id[*] == 'cn=radprofile,ou=profiles,dc=example,dc=com')) {
+if (!(Filter-Id[*] == 'cn=radprofile,ou=profiles,dc=example,dc=com')) {
test_fail
}
-if (!(&Filter-Id[*] == 'cn=profile1,ou=profiles,dc=example,dc=com')) {
+if (!(Filter-Id[*] == 'cn=profile1,ou=profiles,dc=example,dc=com')) {
test_fail
}
map ldap "ldap:///ou=profiles,dc=example,dc=com??sub?(objectClass=notARealObject)" {
- &Framed-IP-Netmask := 'radiusFramedIPNetmask'
- &Filter-Id += 'entryDN'
+ Framed-IP-Netmask := 'radiusFramedIPNetmask'
+ Filter-Id += 'entryDN'
}
if (!notfound) {
}
map ldapldapi "ldapi://%%2Ftmp%%2Fldap%%2Fsocket/ou=people,dc=example,dc=com??sub?(uid=%{User-Name})" {
- &Filter-Id := 'displayName'
+ Filter-Id := 'displayName'
}
if (!updated) {
test_fail
}
-if !(&Filter-Id == 'John Doe') {
+if !(Filter-Id == 'John Doe') {
test_fail
}
# Use an attribute in the incoming requests with non "ldap safe" characters which should be escaped
#
map ldapldapi "ldapi://%%2Ftmp%%2Fldap%%2Fsocket/ou=people,dc=example,dc=com??sub?(uid=%{NAS-Identifier})" {
- &Filter-Id := 'displayName'
+ Filter-Id := 'displayName'
}
if (!notfound) {
map ldap "ldapi:///ou=clients,dc=example,dc=com??sub?(&(objectClass=radiusClient)(objectClass=freeradiusClient)(freeradiusClientIdentifier=%{net.src.ip}))" {
# secret
- &control.FreeRADIUS-Client-Secret := 'radiusClientSecret'
+ control.FreeRADIUS-Client-Secret := 'radiusClientSecret'
# shortname
- &control.FreeRADIUS-Client-Shortname := 'freeradiusClientShortname'
+ control.FreeRADIUS-Client-Shortname := 'freeradiusClientShortname'
# nas_type
- &control.FreeRADIUS-Client-NAS-Type := 'freeradiusClientType'
+ control.FreeRADIUS-Client-NAS-Type := 'freeradiusClientType'
}
-if (!(&control.FreeRADIUS-Client-Shortname == 'client1')) {
+if (!(control.FreeRADIUS-Client-Shortname == 'client1')) {
test_fail
}
# the name value to be derived from an xlat expansion, or an
# attribute ref.
update {
- &control.Password.With-Header += 'userPassword'
- &reply.Idle-Timeout := 'radiusIdleTimeout'
- &reply.Framed-IP-Netmask := 'radiusFramedIPNetmask'
-# &control.Password.NT := 'ntPassword'
-# &reply.Reply-Message := 'radiusReplyMessage'
-# &reply.Tunnel-Type := 'radiusTunnelType'
-# &reply.Tunnel-Medium-Type := 'radiusTunnelMediumType'
-# &reply.Tunnel-Private-Group-ID := 'radiusTunnelPrivategroupId'
+ control.Password.With-Header += 'userPassword'
+ reply.Idle-Timeout := 'radiusIdleTimeout'
+ reply.Framed-IP-Netmask := 'radiusFramedIPNetmask'
+# control.Password.NT := 'ntPassword'
+# reply.Reply-Message := 'radiusReplyMessage'
+# reply.Tunnel-Type := 'radiusTunnelType'
+# reply.Tunnel-Medium-Type := 'radiusTunnelMediumType'
+# reply.Tunnel-Private-Group-ID := 'radiusTunnelPrivategroupId'
# Where only a list is specified as the RADIUS attribute,
# the value of the LDAP attribute is parsed as a valuepair
# in the same format as the 'valuepair_attribute' (above).
- &control += 'radiusControlAttribute'
- &request += 'radiusRequestAttribute'
- &reply += 'radiusReplyAttribute'
+ control += 'radiusControlAttribute'
+ request += 'radiusRequestAttribute'
+ reply += 'radiusReplyAttribute'
}
# Set to yes if you have eDirectory and want to use the universal
# mech = 'PLAIN'
# SASL authorisation identity to proxy.
-# proxy = &User-Name
+# proxy = User-Name
# SASL realm. Used for kerberos.
# realm = 'example.org'
access-accept {
update {
description := "User %{User-Name} authenticated"
- userPKCS12 := &Class
+ userPKCS12 := Class
carLicense += "%randstr(CCnnCCC)"
}
}
valuepair_attribute = 'radiusAttribute'
update {
- &control.Password.With-Header += 'userPassword'
- &reply.Idle-Timeout := 'radiusIdleTimeout'
- &reply.Framed-IP-Netmask := 'radiusFramedIPNetmask'
+ control.Password.With-Header += 'userPassword'
+ reply.Idle-Timeout := 'radiusIdleTimeout'
+ reply.Framed-IP-Netmask := 'radiusFramedIPNetmask'
- &control += 'radiusControlAttribute'
- &request += 'radiusRequestAttribute'
- &reply += 'radiusReplyAttribute'
+ control += 'radiusControlAttribute'
+ request += 'radiusRequestAttribute'
+ reply += 'radiusReplyAttribute'
}
user {
valuepair_attribute = 'radiusAttribute'
update {
- &control.Password.With-Header += 'userPassword'
- &reply.Idle-Timeout := 'radiusIdleTimeout'
- &reply.Framed-IP-Netmask := 'radiusFramedIPNetmask'
+ control.Password.With-Header += 'userPassword'
+ reply.Idle-Timeout := 'radiusIdleTimeout'
+ reply.Framed-IP-Netmask := 'radiusFramedIPNetmask'
- &control += 'radiusControlAttribute'
- &request += 'radiusRequestAttribute'
- &reply += 'radiusReplyAttribute'
+ control += 'radiusControlAttribute'
+ request += 'radiusRequestAttribute'
+ reply += 'radiusReplyAttribute'
}
user {
filter = "(uid=%{%{Stripped-User-Name} || %{User-Name}})"
sasl {
mech = 'SCRAM-SHA-512'
- authname = &User-Name
+ authname = User-Name
}
}
filter = "(uid=%{%{Stripped-User-Name} || %{User-Name}})"
sasl {
mech = 'SCRAM-SHA-512'
- authname = &User-Name
+ authname = User-Name
}
}
}
update {
- &control.Password.With-Header += 'userPassword'
+ control.Password.With-Header += 'userPassword'
}
user {
# String with no escaping
&result_string := %ldap.uri.escape(%{test_string})
-if (!(&result_string == "safe string")) {
+if (!(result_string == "safe string")) {
test_fail
}
&result_string := %ldap.uri.unescape(%{result_string})
-if (!(&result_string == 'safe string')) {
+if (!(result_string == 'safe string')) {
test_fail
}
&test_string := 'non safe,+"\<>;*=() string'
&result_string := %ldap.uri.escape(%{test_string})
-if (!(&result_string == 'non safe\2c\2b\22\5c\3c\3e\3b\2a\3d\28\29 string')) {
+if (!(result_string == 'non safe\2c\2b\22\5c\3c\3e\3b\2a\3d\28\29 string')) {
test_fail
}
&result_string := %ldap.uri.unescape(%{result_string})
-if (!(&result_string == 'non safe,+"\<>;*=() string')) {
+if (!(result_string == 'non safe,+"\<>;*=() string')) {
test_fail
}
&test_string := ',+"\<>;*=()'
&result_string := %ldap.uri.escape(%{test_string})
-if (!(&result_string == '\2c\2b\22\5c\3c\3e\3b\2a\3d\28\29')) {
+if (!(result_string == '\2c\2b\22\5c\3c\3e\3b\2a\3d\28\29')) {
test_fail
}
&result_string := %ldap.uri.unescape(%{result_string})
-if (!(&result_string == ',+"\<>;*=()')) {
+if (!(result_string == ',+"\<>;*=()')) {
test_fail
}
&result_string := %ldap("ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=people,dc=example,dc=com?displayName?sub?(uid=john)")
-if (!(&result_string == "John Doe")) {
+if (!(result_string == "John Doe")) {
test_fail
}
# Return multiple values - could be in any sequence
&Framed-IP-Address := %ldap("ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=clients,dc=example,dc=com?freeradiusClientIdentifier?sub?(objectClass=freeradiusClient)")
-if !((&Framed-IP-Address[0] == "1.1.1.1") && (&Framed-IP-Address[1] == "2.2.2.2")) {
+if !((Framed-IP-Address[0] == "1.1.1.1") && (Framed-IP-Address[1] == "2.2.2.2")) {
test_fail
}
# Use tainted string in filter - with special characters
&result_string := %ldap("ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=people,dc=example,dc=com?cn?sub?(displayName=*%{Filter-Id}*)")
-if (!(&result_string == "Bob Smith")) {
+if (!(result_string == "Bob Smith")) {
test_fail
}
# A query which should return no results
&result_string := %ldap("ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=people,dc=example,dc=com?displayName?sub?(uid=notknown)")
-if (&result_string) {
+if (result_string) {
test_fail
}
# Request an invalid DN
&result_string := %ldap("ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=notthere?displayName?sub?(uid=john)")
-if (&result_string) {
+if (result_string) {
test_fail
}
# Query within a dn which will prompt a referral
&result_string := %ldap("ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/dc=subdept,dc=example,dc=com?displayName?sub?(uid=fred)")
-if (!(&result_string == "Fred Jones")) {
+if (!(result_string == "Fred Jones")) {
test_fail
}
# Reference an alternative LDAP server in the xlat
&result_string := %ldap("ldap://$ENV{LDAP_TEST_SERVER}:%ldap.uri.escape(%{$ENV{LDAP_TEST_SERVER_PORT} + 1})/dc=subdept,dc=example,dc=com?displayName?sub?(uid=fred)")
-if (!(&result_string == "Fred Jones")) {
+if (!(result_string == "Fred Jones")) {
test_fail
}
# This query will follow 2 referrals, the second will present an alternate search base
&result_string := %ldap("ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=offsite,dc=subdept,dc=example,dc=com?displayName?sub?(uid=john)")
-if (!(&result_string == "John Doe")) {
+if (!(result_string == "John Doe")) {
test_fail
}
# This query will follow 3 referrals - more than our max referral depth
&result_string := %ldap("ldap://$ENV{LDAP_TEST_SERVER}:$ENV{LDAP_TEST_SERVER_PORT}/ou=bounce1,dc=subdept,dc=example,dc=com?displayName?sub?(uid=fred)")
-if (&result_string) {
+if (result_string) {
test_fail
}
-if (!(&Module-Failure-Message == "Maximum LDAP referral depth (2) exceeded")) {
+if (!(Module-Failure-Message == "Maximum LDAP referral depth (2) exceeded")) {
test_fail
}
# Use an ldapi:// connection
&result_string := %ldapldapi("ldapi:///ou=people,dc=example,dc=com?displayName?sub?(uid=john)")
-if !(&result_string == 'John Doe') {
+if !(result_string == 'John Doe') {
test_fail
}
test_fail
}
-if (!((&reply.Framed-IP-Netmask == 255.255.128.0) && \
- (&reply.Acct-Interim-Interval == 3600) && \
- (&request.Service-Type == ::Framed-User) && \
- (&control.Framed-IP-Address == 1.2.3.5) && \
- (&control.Reply-Message == 'Bonjour'))) {
+if (!((reply.Framed-IP-Netmask == 255.255.128.0) && \
+ (reply.Acct-Interim-Interval == 3600) && \
+ (request.Service-Type == ::Framed-User) && \
+ (control.Framed-IP-Address == 1.2.3.5) && \
+ (control.Reply-Message == 'Bonjour'))) {
test_fail
}
group {
string user
- &user := 'suspended'
+ user := 'suspended'
if (!%ldap.profile("ldap:///cn=%{user},ou=profiles,dc=example,dc=com")) {
test_fail
}
- if (&reply.Reply-Message != 'User-Suspended') {
+ if (reply.Reply-Message != 'User-Suspended') {
test_fail
}
- &control := {}
- &reply := {}
+ control := {}
+ reply := {}
if (!%ldap.profile("cn=%{user},ou=profiles,dc=example,dc=com")) {
test_fail
}
- if (&reply.Reply-Message != 'User-Suspended') {
+ if (reply.Reply-Message != 'User-Suspended') {
test_fail
}
- &control := {}
- &reply := {}
+ control := {}
+ reply := {}
}
if (!%ldap.profile('cn=profile3,ou=profiles,dc=example,dc=com')) {
test_fail
}
-if (!((&reply.Framed-IP-Netmask == 255.255.192.0) && \
- (&reply.Acct-Interim-Interval == 7200) && \
- (&request.Service-Type == ::Framed-User) && \
- (&control.Framed-IP-Address == 1.2.3.6) && \
- (&control.Reply-Message == 'Salut'))) {
+if (!((reply.Framed-IP-Netmask == 255.255.192.0) && \
+ (reply.Acct-Interim-Interval == 7200) && \
+ (request.Service-Type == ::Framed-User) && \
+ (control.Framed-IP-Address == 1.2.3.6) && \
+ (control.Reply-Message == 'Salut'))) {
test_fail
}
string test_string
-&control.Exec-Export := 'PATH="$ENV{PATH}:/bin:/usr/bin:/opt/bin:/usr/local/bin"'
+control.Exec-Export := 'PATH="$ENV{PATH}:/bin:/usr/bin:/opt/bin:/usr/local/bin"'
#
# Remove old log files
%file.rm("$ENV{MODULE_TEST_DIR}/test_delim.log")
linelog_fmt_delim
-&test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_delim.log")
+test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_delim.log")
-if (&test_string == 'bob, ') {
+if (test_string == 'bob, ') {
test_pass
}
else {
# Check strings are appended
linelog_fmt_delim
-&test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_delim.log")
+test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_delim.log")
-if (&test_string == 'bob, bob, ') {
+if (test_string == 'bob, bob, ') {
test_pass
}
else {
if (!fail) {
test_fail
}
-if !(&Module-Failure-Message == 'linelog_missingref: Invalid path "..messages.valid"') {
+if !(Module-Failure-Message == 'linelog_missingref: Invalid path "..messages.valid"') {
test_fail
}
fail = 1
}
-if !(&Module-Failure-Message == 'linelog_missingref: Path ".messages" resolves to a section (should be a pair)') {
+if !(Module-Failure-Message == 'linelog_missingref: Path ".messages" resolves to a section (should be a pair)') {
test_fail
}
# Note that there's a '5f6e' here, which is "\n"
# And we don't have a '0a', which is the unescaped "\n"
#
-if (&test_string2 == '666f6f5c6e626172') {
+if (test_string2 == '666f6f5c6e626172') {
test_pass
}
else {
#
# This is left alone, and not "\n" --> 0x0a, too.
#
-if (&test_string1 == 'foo\nbar') {
+if (test_string1 == 'foo\nbar') {
test_pass
}
else {
&test_string1 := %file.tail("$ENV{MODULE_TEST_DIR}/test_escapes.log", 2)
&test_string2 := "%hex(%{test_string1})"
-if (&test_string2 == '666f6f0a626172') {
+if (test_string2 == '666f6f0a626172') {
test_pass
}
else {
&test_string1 := %file.tail("$ENV{MODULE_TEST_DIR}/test_escapes.log")
-if (&test_string1 == "bar") {
+if (test_string1 == "bar") {
test_pass
}
else {
&control.Filter-Id := 'test_multi_str'
&control += {
- &Reply-Message = '0'
- &Reply-Message = '1'
- &Reply-Message = '2'
- &Reply-Message = '3'
- &Reply-Message = '4'
- &Reply-Message = '5'
- &Reply-Message = '6'
- &Reply-Message = '7'
- &Reply-Message = '8'
- &Reply-Message = '9'
- &Reply-Message = '10'
+ Reply-Message = '0'
+ Reply-Message = '1'
+ Reply-Message = '2'
+ Reply-Message = '3'
+ Reply-Message = '4'
+ Reply-Message = '5'
+ Reply-Message = '6'
+ Reply-Message = '7'
+ Reply-Message = '8'
+ Reply-Message = '9'
+ Reply-Message = '10'
}
linelog_ref_multi
&test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_multi.log")
-if !(&test_string == '0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, ') {
+if !(test_string == '0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, ') {
test_fail
}
# Check octet type attributes are logged in raw form
&control += {
- &Class = 0x686970706f # Hippo
- &Class = 0x0a # new line
- &Class = 0x626c6970706f # Blippo
+ Class = 0x686970706f # Hippo
+ Class = 0x0a # new line
+ Class = 0x626c6970706f # Blippo
}
&control.Filter-Id := 'test_multi_octets'
&test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_multi.log")
-if !(&test_string == ', blippo, ') {
+if !(test_string == ', blippo, ') {
test_fail
}
string test_string
uint32 test_integer
-&control.Exec-Export := 'PATH="$ENV{PATH}:/bin:/usr/bin:/opt/bin:/usr/local/bin"'
+control.Exec-Export := 'PATH="$ENV{PATH}:/bin:/usr/bin:/opt/bin:/usr/local/bin"'
#
# Remove old log files
&control.Filter-Id := 'test_default'
linelog_fmt_and_ref
-&test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_a.log")
+test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_a.log")
-if !(&test_string == 'bob default') {
+if !(test_string == 'bob default') {
test_fail
}
# Check linelog adds a newline at the end of each message (also tests if execs pointed to by refs work)
-&control.Filter-Id := 'test_exec'
+control.Filter-Id := 'test_exec'
linelog_fmt_and_ref
-&test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_a.log")
+test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_a.log")
-if !(&test_string == 'bob exec') {
+if !(test_string == 'bob exec') {
test_fail
}
# Check it's not overwriting the same line repeatedly
-&test_string := %file.head("$ENV{MODULE_TEST_DIR}/test_a.log");
+test_string := %file.head("$ENV{MODULE_TEST_DIR}/test_a.log");
-if !(&test_string == 'bob default') {
+if !(test_string == 'bob default') {
test_fail
}
# Check linelog can use attrs pointed to by refs
-&control.Filter-Id := 'test_attr'
+control.Filter-Id := 'test_attr'
linelog_fmt_and_ref
-&test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_a.log")
+test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_a.log")
-if !(&test_string == 'bob') {
+if !(test_string == 'bob') {
test_fail
}
# Check linelog can use xlats pointed to by refs
-&control.Filter-Id := 'test_xlat'
+control.Filter-Id := 'test_xlat'
linelog_fmt_and_ref
-&test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_a.log")
+test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_a.log")
-if !(&test_string == 'bob xlat') {
+if !(test_string == 'bob xlat') {
test_fail
}
# Check linelog can use literals pointed to by refs
-&control.Filter-Id := 'test_literal'
+control.Filter-Id := 'test_literal'
linelog_fmt_and_ref
-&test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_a.log")
+test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_a.log")
-if !(&test_string == '%{User-Name} literal') {
+if !(test_string == '%{User-Name} literal') {
test_fail
}
# Check linelog can use empty conf pairs
-&control.Filter-Id := 'test_empty'
+control.Filter-Id := 'test_empty'
linelog_fmt_and_ref
-&test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_a.log")
+test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_a.log")
-if !(&test_string == '') {
+if !(test_string == '') {
test_fail
}
%file.rm("$ENV{MODULE_TEST_DIR}/test_b.log")
# Check behaviour when we don't have a default configured (should not create new file)
-&control.Filter-Id := 'test_default'
+control.Filter-Id := 'test_default'
linelog_ref
if !(noop) {
}
ok
-&control.Filter-Id := 'test_exec'
+control.Filter-Id := 'test_exec'
linelog_ref
-&test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_b.log")
+test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_b.log")
-if !(&test_string == 'bob exec') {
+if !(test_string == 'bob exec') {
test_fail
}
%file.rm("$ENV{MODULE_TEST_DIR}/test_c.log")
# Check behaviour using an attribute ref as a path
-&control.Filter-Id := '.messages.test_xlat'
+control.Filter-Id := '.messages.test_xlat'
linelog_fmt_and_ref_attr
-&test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_c.log")
+test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_c.log")
-if !(&test_string == 'bob xlat') {
+if !(test_string == 'bob xlat') {
test_fail
}
# Check behaviour using an attribute ref (non existent path, with default also an attribute ref)
-&control.Filter-Id := 'test_xlat'
+control.Filter-Id := 'test_xlat'
linelog_fmt_and_ref_attr
-&test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_c.log")
+test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_c.log")
-if !(&test_string == 'bob') {
+if !(test_string == 'bob') {
test_fail
}
# Check '.' is always prefixed to the path
-&control.Filter-Id := 'messages.test_xlat'
+control.Filter-Id := 'messages.test_xlat'
linelog_fmt_and_ref_attr
-&test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_c.log")
+test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_c.log")
-if !(&test_string == 'bob xlat') {
+if !(test_string == 'bob xlat') {
test_fail
}
# Check '..' results in a 'fail' (can't go up one level)
-&control.Filter-Id := '..messages.test_attr'
+control.Filter-Id := '..messages.test_attr'
linelog_fmt_and_ref_attr {
fail = 1
test_fail
}
-&test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_c.log")
+test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_c.log")
-if !(&test_string == 'bob xlat') {
+if !(test_string == 'bob xlat') {
test_fail
}
# Check '.messages' results in a 'fail' (messages is a section)
-&control.Filter-Id := '.messages'
+control.Filter-Id := '.messages'
linelog_fmt_and_ref_attr {
fail = 1
linelog_fmt
-&test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_d.log")
+test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_d.log")
-if !(&test_string == 'bob') {
+if !(test_string == 'bob') {
test_fail
}
%file.rm("$ENV{MODULE_TEST_DIR}/test_e.log")
# Set attribute used in header line
-&control.Callback-Id := "%t"
+control.Callback-Id := "%t"
linelog_header
-&test_string := %file.head("$ENV{MODULE_TEST_DIR}/test_e.log")
+test_string := %file.head("$ENV{MODULE_TEST_DIR}/test_e.log")
-if !(&test_string == "Log started %{control.Callback-Id}") {
+if !(test_string == "Log started %{control.Callback-Id}") {
test_fail
}
-&test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_e.log")
+test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_e.log")
-if !(&test_string == 'bob,olobobob') {
+if !(test_string == 'bob,olobobob') {
test_fail
}
linelog_header
-&test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_e.log")
+test_string := %file.tail("$ENV{MODULE_TEST_DIR}/test_e.log")
-if !(&test_string == 'bob,olobobob') {
+if !(test_string == 'bob,olobobob') {
test_fail
}
-&test_integer := %exec('/bin/sh', '-c', "wc -l < $ENV{MODULE_TEST_DIR}/test_e.log")
+test_integer := %exec('/bin/sh', '-c', "wc -l < $ENV{MODULE_TEST_DIR}/test_e.log")
-if !(&test_integer == 3) {
+if !(test_integer == 3) {
test_fail
}
}
&test_string1 := %file.tail("$ENV{MODULE_TEST_DIR}/test_xlat.log")
-if (&test_string1 == 'bob, ') {
+if (test_string1 == 'bob, ') {
test_pass
}
else {
test_fail
}
&test_string1 := %file.tail("$ENV{MODULE_TEST_DIR}/test_xlat.log")
-if (&test_string1 == 'bob, morebob, ') {
+if (test_string1 == 'bob, morebob, ') {
test_pass
}
else {
&test_string1 := %file.tail("$ENV{MODULE_TEST_DIR}/test_xlat.log")
-if (&test_string1 == '{ "foo" : "bar", "baz" : "boink" }, ') {
+if (test_string1 == '{ "foo" : "bar", "baz" : "boink" }, ') {
test_pass
}
else {
messages {
test_exec = %exec('/bin/echo',"%{User-Name} exec")
- test_attr = &User-Name
+ test_attr = User-Name
test_xlat = "%{User-Name} xlat"
test_literal = '%{User-Name} literal'
test_empty = ''
messages {
test_exec = %exec('/bin/echo', "%{User-Name} exec")
- test_attr = &User-Name
+ test_attr = User-Name
test_xlat = "%{User-Name} xlat"
test_literal = '%{User-Name} literal'
}
filename = $ENV{MODULE_TEST_DIR}/test_c.log
}
- format = &User-Name
+ format = User-Name
- reference = &control.Filter-Id
+ reference = control.Filter-Id
messages {
test_exec = %exec('/bin/echo', "%{User-Name} exec")
- test_attr = &User-Name
+ test_attr = User-Name
test_xlat = "%{User-Name} xlat"
test_literal = '%{User-Name} literal'
}
filename = $ENV{MODULE_TEST_DIR}/test_d.log
}
- format = &User-Name
+ format = User-Name
}
# Used by linelog
reference = ".messages.%{control.Filter-Id}"
messages {
- test_attr = &control.Callback-Id
+ test_attr = control.Callback-Id
test_xlat = "%{User-Name}\n\tbar"
test_literal = 'foo\nbar'
}
delimiter = ", "
- format = &User-Name
+ format = User-Name
}
linelog linelog_fmt_delim_xlat {
delimiter = ", "
- format = &User-Name
+ format = User-Name
}
# Used by linelog-multi
reference = ".messages.%{control.Filter-Id}"
messages {
- test_multi_str = &control.Reply-Message[*]
- test_multi_octets = &control.Class[*]
- test_empty = &control.User-Name[*]
+ test_multi_str = control.Reply-Message[*]
+ test_multi_octets = control.Class[*]
+ test_empty = control.User-Name[*]
}
}
filename = $ENV{MODULE_TEST_DIR}/test_missing.log
}
- reference = &control.Filter-Id
+ reference = control.Filter-Id
messages {
- valid = &control.User-Name
+ valid = control.User-Name
}
}
exec {
wait = yes
- input_pairs = &request
+ input_pairs = request
shell_escape = yes
timeout = 10
}
mschap
-if !(&control.Auth-Type == ::mschap) {
+if !(control.Auth-Type == ::mschap) {
test_fail
}
mschap.authenticate
-if !(&reply.Vendor-Specific.Microsoft.CHAP-MPPE-Keys) {
+if !(reply.Vendor-Specific.Microsoft.CHAP-MPPE-Keys) {
test_fail
}
-&reply -= &Vendor-Specific.Microsoft.CHAP-MPPE-Keys
+&reply -= Vendor-Specific.Microsoft.CHAP-MPPE-Keys
test_pass
mschap
-if !(&control.Auth-Type == ::mschap) {
+if !(control.Auth-Type == ::mschap) {
test_fail
}
mschap.authenticate
-if !(&reply.Vendor-Specific.Microsoft.MPPE-Send-Key) {
+if !(reply.Vendor-Specific.Microsoft.MPPE-Send-Key) {
test_fail
}
-if !(&reply.Vendor-Specific.Microsoft.MPPE-Recv-Key) {
+if !(reply.Vendor-Specific.Microsoft.MPPE-Recv-Key) {
test_fail
}
-&reply -= &Vendor-Specific.Microsoft.MPPE-Send-Key
-&reply -= &Vendor-Specific.Microsoft.MPPE-Recv-Key
+&reply -= Vendor-Specific.Microsoft.MPPE-Send-Key
+&reply -= Vendor-Specific.Microsoft.MPPE-Recv-Key
test_pass
mschap_winbind
-if !(&control.Auth-Type == ::mschap_winbind) {
+if !(control.Auth-Type == ::mschap_winbind) {
test_fail
}
# Depending on host permissions, we may not be able to talk to winbind
# Handle false failures
#
-if (&Module-Failure-Message[*] == 'mschap_winbind: Unable to contact winbind!') {
- &reply := {}
+if (Module-Failure-Message[*] == 'mschap_winbind: Unable to contact winbind!') {
+ reply := {}
test_pass
return
}
-if !(&reply.Vendor-Specific.Microsoft.CHAP-MPPE-Keys) {
+if !(reply.Vendor-Specific.Microsoft.CHAP-MPPE-Keys) {
test_fail
}
mschap {
attributes {
- username = &User-Name
- chap_challenge = &Vendor-Specific.Microsoft.CHAP-Challenge
- chap_response = &Vendor-Specific.Microsoft.CHAP-Response
- chap2_response = &Vendor-Specific.Microsoft.CHAP2-Response
- chap2_success = &Vendor-Specific.Microsoft.CHAP2-Success
- chap_error = &Vendor-Specific.Microsoft.CHAP-Error
- chap_mppe_keys = &Vendor-Specific.Microsoft.CHAP-MPPE-Keys
- mppe_recv_key = &Vendor-Specific.Microsoft.MPPE-Recv-Key
- mppe_send_key = &Vendor-Specific.Microsoft.MPPE-Send-Key
- mppe_encryption_policy = &Vendor-Specific.Microsoft.MPPE-Encryption-Policy
- mppe_encryption_types = &Vendor-Specific.Microsoft.MPPE-Encryption-Types
- chap2_cpw = &Vendor-Specific.Microsoft.CHAP2-CPW
- chap_nt_enc_pw = &Vendor-Specific.Microsoft.CHAP-NT-Enc-PW
+ username = User-Name
+ chap_challenge = Vendor-Specific.Microsoft.CHAP-Challenge
+ chap_response = Vendor-Specific.Microsoft.CHAP-Response
+ chap2_response = Vendor-Specific.Microsoft.CHAP2-Response
+ chap2_success = Vendor-Specific.Microsoft.CHAP2-Success
+ chap_error = Vendor-Specific.Microsoft.CHAP-Error
+ chap_mppe_keys = Vendor-Specific.Microsoft.CHAP-MPPE-Keys
+ mppe_recv_key = Vendor-Specific.Microsoft.MPPE-Recv-Key
+ mppe_send_key = Vendor-Specific.Microsoft.MPPE-Send-Key
+ mppe_encryption_policy = Vendor-Specific.Microsoft.MPPE-Encryption-Policy
+ mppe_encryption_types = Vendor-Specific.Microsoft.MPPE-Encryption-Types
+ chap2_cpw = Vendor-Specific.Microsoft.CHAP2-CPW
+ chap_nt_enc_pw = Vendor-Specific.Microsoft.CHAP-NT-Enc-PW
}
passchange {
domain = %mschap(Domain-Name)
}
attributes {
- username = &User-Name
- chap_challenge = &Vendor-Specific.Microsoft.CHAP-Challenge
- chap_response = &Vendor-Specific.Microsoft.CHAP-Response
- chap2_response = &Vendor-Specific.Microsoft.CHAP2-Response
- chap2_success = &Vendor-Specific.Microsoft.CHAP2-Success
- chap_error = &Vendor-Specific.Microsoft.CHAP-Error
- chap_mppe_keys = &Vendor-Specific.Microsoft.CHAP-MPPE-Keys
- mppe_recv_key = &Vendor-Specific.Microsoft.MPPE-Recv-Key
- mppe_send_key = &Vendor-Specific.Microsoft.MPPE-Send-Key
- mppe_encryption_policy = &Vendor-Specific.Microsoft.MPPE-Encryption-Policy
- mppe_encryption_types = &Vendor-Specific.Microsoft.MPPE-Encryption-Types
- chap2_cpw = &Vendor-Specific.Microsoft.CHAP2-CPW
- chap_nt_enc_pw = &Vendor-Specific.Microsoft.CHAP-NT-Enc-PW
+ username = User-Name
+ chap_challenge = Vendor-Specific.Microsoft.CHAP-Challenge
+ chap_response = Vendor-Specific.Microsoft.CHAP-Response
+ chap2_response = Vendor-Specific.Microsoft.CHAP2-Response
+ chap2_success = Vendor-Specific.Microsoft.CHAP2-Success
+ chap_error = Vendor-Specific.Microsoft.CHAP-Error
+ chap_mppe_keys = Vendor-Specific.Microsoft.CHAP-MPPE-Keys
+ mppe_recv_key = Vendor-Specific.Microsoft.MPPE-Recv-Key
+ mppe_send_key = Vendor-Specific.Microsoft.MPPE-Send-Key
+ mppe_encryption_policy = Vendor-Specific.Microsoft.MPPE-Encryption-Policy
+ mppe_encryption_types = Vendor-Specific.Microsoft.MPPE-Encryption-Types
+ chap2_cpw = Vendor-Specific.Microsoft.CHAP2-CPW
+ chap_nt_enc_pw = Vendor-Specific.Microsoft.CHAP-NT-Enc-PW
}
}
#
mschap mschap_ntlm {
- ntlm_auth = "$ENV{MODULE_TEST_DIR}/dummy_ntlm_auth.sh --request-nt-key --allow-mschapv2 --username=%{&Stripped-User-Name || &User-Name || 'None'} --challenge=%mschap(Challenge) --nt-response=%mschap(NT-Response)"
+ ntlm_auth = "$ENV{MODULE_TEST_DIR}/dummy_ntlm_auth.sh --request-nt-key --allow-mschapv2 --username=%{Stripped-User-Name || User-Name || 'None'} --challenge=%mschap(Challenge) --nt-response=%mschap(NT-Response)"
passchange {
ntlm_auth = "$ENV{MODULE_TEST_DIR}/dummy_ntlm_auth_cpw.sh"
}
attributes {
- username = &User-Name
- chap_challenge = &Vendor-Specific.Microsoft.CHAP-Challenge
- chap_response = &Vendor-Specific.Microsoft.CHAP-Response
- chap2_response = &Vendor-Specific.Microsoft.CHAP2-Response
- chap2_success = &Vendor-Specific.Microsoft.CHAP2-Success
- chap_error = &Vendor-Specific.Microsoft.CHAP-Error
- chap_mppe_keys = &Vendor-Specific.Microsoft.CHAP-MPPE-Keys
- mppe_recv_key = &Vendor-Specific.Microsoft.MPPE-Recv-Key
- mppe_send_key = &Vendor-Specific.Microsoft.MPPE-Send-Key
- mppe_encryption_policy = &Vendor-Specific.Microsoft.MPPE-Encryption-Policy
- mppe_encryption_types = &Vendor-Specific.Microsoft.MPPE-Encryption-Types
- chap2_cpw = &Vendor-Specific.Microsoft.CHAP2-CPW
- chap_nt_enc_pw = &Vendor-Specific.Microsoft.CHAP-NT-Enc-PW
+ username = User-Name
+ chap_challenge = Vendor-Specific.Microsoft.CHAP-Challenge
+ chap_response = Vendor-Specific.Microsoft.CHAP-Response
+ chap2_response = Vendor-Specific.Microsoft.CHAP2-Response
+ chap2_success = Vendor-Specific.Microsoft.CHAP2-Success
+ chap_error = Vendor-Specific.Microsoft.CHAP-Error
+ chap_mppe_keys = Vendor-Specific.Microsoft.CHAP-MPPE-Keys
+ mppe_recv_key = Vendor-Specific.Microsoft.MPPE-Recv-Key
+ mppe_send_key = Vendor-Specific.Microsoft.MPPE-Send-Key
+ mppe_encryption_policy = Vendor-Specific.Microsoft.MPPE-Encryption-Policy
+ mppe_encryption_types = Vendor-Specific.Microsoft.MPPE-Encryption-Types
+ chap2_cpw = Vendor-Specific.Microsoft.CHAP2-CPW
+ chap_nt_enc_pw = Vendor-Specific.Microsoft.CHAP-NT-Enc-PW
}
}
mschap
-if !(&control.Auth-Type == ::mschap) {
+if !(control.Auth-Type == ::mschap) {
test_fail
}
# Builds without OpenSSL return invalid - it is required for password change
# - so we fake the reply in that case.
if (invalid) {
- &reply.Vendor-Specific.Microsoft := {
- &CHAP2-Success = 0x00533d36413239424144423639423545374341443046353938394539343742443444323830323645363343
- &MPPE-Encryption-Policy = ::Encryption-Allowed
- &MPPE-Encryption-Types = ::RC4-40or128-bit-Allowed
+ reply.Vendor-Specific.Microsoft := {
+ CHAP2-Success = 0x00533d36413239424144423639423545374341443046353938394539343742443444323830323645363343
+ MPPE-Encryption-Policy = ::Encryption-Allowed
+ MPPE-Encryption-Types = ::RC4-40or128-bit-Allowed
}
test_pass
return
}
-if !(&MS-CHAP-New-Cleartext-Password == 'SuperSecret') {
+if !(MS-CHAP-New-Cleartext-Password == 'SuperSecret') {
test_fail
}
-if !(&reply.Vendor-Specific.Microsoft.MPPE-Send-Key) {
+if !(reply.Vendor-Specific.Microsoft.MPPE-Send-Key) {
test_fail
}
-if !(&reply.Vendor-Specific.Microsoft.MPPE-Recv-Key) {
+if !(reply.Vendor-Specific.Microsoft.MPPE-Recv-Key) {
test_fail
}
-&reply -= &Vendor-Specific.Microsoft.MPPE-Send-Key
-&reply -= &Vendor-Specific.Microsoft.MPPE-Recv-Key
+&reply -= Vendor-Specific.Microsoft.MPPE-Send-Key
+&reply -= Vendor-Specific.Microsoft.MPPE-Recv-Key
test_pass
mschap_ntlm
-if !(&control.Auth-Type == ::mschap_ntlm) {
+if !(control.Auth-Type == ::mschap_ntlm) {
test_fail
}
mschap_ntlm.authenticate
-if !(&reply.Vendor-Specific.Microsoft.MPPE-Send-Key) {
+if !(reply.Vendor-Specific.Microsoft.MPPE-Send-Key) {
test_fail
}
-if !(&reply.Vendor-Specific.Microsoft.MPPE-Recv-Key) {
+if !(reply.Vendor-Specific.Microsoft.MPPE-Recv-Key) {
test_fail
}
-&reply -= &Vendor-Specific.Microsoft.MPPE-Send-Key
-&reply -= &Vendor-Specific.Microsoft.MPPE-Recv-Key
+&reply -= Vendor-Specific.Microsoft.MPPE-Send-Key
+&reply -= Vendor-Specific.Microsoft.MPPE-Recv-Key
test_pass
-if (&User-Name == 'test') {
- &User-Password := "%randstr('bbbbbbbbbbbbbbbb')"
- &control.Password.Cleartext := "%{User-Password}"
+if (User-Name == 'test') {
+ User-Password := "%randstr('bbbbbbbbbbbbbbbb')"
+ control.Password.Cleartext := "%{User-Password}"
pap.authorize
pap.authenticate
return
}
-if (&User-Name == 'pbkdf2_dig_big') {
- &control.Password.PBKDF2 := 'HMACSHA2+256:AAAAAQ:E+VXOSsE8RwyYGdygQoW9Q==:UivlvrwHML4VtZHMJLiT/xlH7oyoyvbXQceivptq9TI='
+if (User-Name == 'pbkdf2_dig_big') {
+ control.Password.PBKDF2 := 'HMACSHA2+256:AAAAAQ:E+VXOSsE8RwyYGdygQoW9Q==:UivlvrwHML4VtZHMJLiT/xlH7oyoyvbXQceivptq9TI='
pap.authorize
pap.authenticate
return
}
-if (&User-Name == 'pbkdf2_dig_small') {
- &control.Password.PBKDF2 := 'HMACSHA2+256:AAAAAQ:E+VXOSsE8RwyYGdygQoW9Q==:UivlvrwHML4VtZHMJLiT/xlH7oyoyvbXQceivptq9TI'
+if (User-Name == 'pbkdf2_dig_small') {
+ control.Password.PBKDF2 := 'HMACSHA2+256:AAAAAQ:E+VXOSsE8RwyYGdygQoW9Q==:UivlvrwHML4VtZHMJLiT/xlH7oyoyvbXQceivptq9TI'
pap.authorize
pap.authenticate
return
}
-if (&User-Name == 'pbkdf2_iter0') {
- &control.Password.PBKDF2 := 'HMACSHA2+256:AAAAAP:CuNDJ9NimZoP5ljnPNCBUA==:f09zV7dReGg5SIv/EXY9tCL4XQRr5guhL0Q6UXSKI3c='
+if (User-Name == 'pbkdf2_iter0') {
+ control.Password.PBKDF2 := 'HMACSHA2+256:AAAAAP:CuNDJ9NimZoP5ljnPNCBUA==:f09zV7dReGg5SIv/EXY9tCL4XQRr5guhL0Q6UXSKI3c='
pap.authorize
pap.authenticate
return
}
-if (&User-Name == 'pbkdf2_iter1') {
- &control.Password.PBKDF2 := 'HMACSHA2+256:AAAAAQ:OErtptMl2hOxhQqvNw7sNw==:4KkrgL+3Q9j8KlHPivtApBKRZAjyWjtDWmZEz2UjNko='
+if (User-Name == 'pbkdf2_iter1') {
+ control.Password.PBKDF2 := 'HMACSHA2+256:AAAAAQ:OErtptMl2hOxhQqvNw7sNw==:4KkrgL+3Q9j8KlHPivtApBKRZAjyWjtDWmZEz2UjNko='
pap.authorize
pap.authenticate
return
}
-if (&User-Name == 'pbkdf2_iter1000') {
- &control.Password.PBKDF2 := 'HMACSHA2+256:AAAD6A:yhmqoKrtPLY2KYK6cNjnfw==:Y6gkSZEo4TRtlsryHqnGYZhoe2qn5tJ4IUyyVHb/3WU='
+if (User-Name == 'pbkdf2_iter1000') {
+ control.Password.PBKDF2 := 'HMACSHA2+256:AAAD6A:yhmqoKrtPLY2KYK6cNjnfw==:Y6gkSZEo4TRtlsryHqnGYZhoe2qn5tJ4IUyyVHb/3WU='
pap.authorize
pap.authenticate
return
}
-if (&User-Name == 'pbkdf2_iter_big') {
- &control.Password.PBKDF2 := 'HMACSHA2+256:AAAAAQ==:E+VXOSsE8RwyYGdygQoW9Q==:UivlvrwHML4VtZHMJLiT/xlH7oyoyvbXQceivptq9TI='
+if (User-Name == 'pbkdf2_iter_big') {
+ control.Password.PBKDF2 := 'HMACSHA2+256:AAAAAQ==:E+VXOSsE8RwyYGdygQoW9Q==:UivlvrwHML4VtZHMJLiT/xlH7oyoyvbXQceivptq9TI='
pap.authorize
pap.authenticate
return
}
-if (&User-Name == 'pbkdf2_iter_miss') {
- &control.Password.PBKDF2 := 'HMACSHA2+256::E+VXOSsE8RwyYGdygQoW9Q==:UivlvrwHML4VtZHMJLiT/xlH7oyoyvbXQceivptq9TI='
+if (User-Name == 'pbkdf2_iter_miss') {
+ control.Password.PBKDF2 := 'HMACSHA2+256::E+VXOSsE8RwyYGdygQoW9Q==:UivlvrwHML4VtZHMJLiT/xlH7oyoyvbXQceivptq9TI='
pap.authorize
pap.authenticate {
return
}
-if (&User-Name == 'pbkdf2_iter_small') {
- &control.Password.PBKDF2 := 'HMACSHA2+256:AAAAA:E+VXOSsE8RwyYGdygQoW9Q==:UivlvrwHML4VtZHMJLiT/xlH7oyoyvbXQceivptq9TI='
+if (User-Name == 'pbkdf2_iter_small') {
+ control.Password.PBKDF2 := 'HMACSHA2+256:AAAAA:E+VXOSsE8RwyYGdygQoW9Q==:UivlvrwHML4VtZHMJLiT/xlH7oyoyvbXQceivptq9TI='
pap.authorize
pap.authenticate {
# return
#}
-#if (&User-Name == 'pbkdf2_passlib') {
-# &control.Password.PBKDF2 := '$pbkdf2-sha256$29000$9t7be09prfXee2/NOUeotQ$Y.RDnnq8vsezSZSKy1QNy6xhKPdoBIwc.0XDdRm9sJ8'
+#if (User-Name == 'pbkdf2_passlib') {
+# control.Password.PBKDF2 := '$pbkdf2-sha256$29000$9t7be09prfXee2/NOUeotQ$Y.RDnnq8vsezSZSKy1QNy6xhKPdoBIwc.0XDdRm9sJ8'
# pap.authorize
# pap.authenticate
# if (!ok) {
return
}
-if (&User-Name == 'pbkdf2_salt0') {
- &control.Password.PBKDF2 := 'HMACSHA2+256:AAAnEA::4RJEKVFQ5nE8126aURI0cJO9tqy/DIAhq64piBEwshA='
+if (User-Name == 'pbkdf2_salt0') {
+ control.Password.PBKDF2 := 'HMACSHA2+256:AAAnEA::4RJEKVFQ5nE8126aURI0cJO9tqy/DIAhq64piBEwshA='
pap.authorize
pap.authenticate {
return
}
-if (&User-Name == 'pbkdf2_salt1') {
- &control.Password.PBKDF2 := 'HMACSHA2+256:AAAnEA:qg==:KQzCdedgOZYFwx+mQp1TKA8VM4fwf02pqSdJEh2ekwM='
+if (User-Name == 'pbkdf2_salt1') {
+ control.Password.PBKDF2 := 'HMACSHA2+256:AAAnEA:qg==:KQzCdedgOZYFwx+mQp1TKA8VM4fwf02pqSdJEh2ekwM='
pap.authorize
pap.authenticate
return
}
-if (&User-Name == 'pbkdf2_salt1024') {
- &control.Password.PBKDF2 := 'HMACSHA2+256:AAAnEA:/IUrkJKe+1kzJNBw7aAMbnQuSFZpjbCqPeKso3cbuSUzWinxngxjK8yyZLiWwF+WE/0Gplfx25zZEQNTdRTvjZZNefoxQBR8Hht0FpdU9YiEBaeErwVo63EDEu83+ycvB18uH0IXpJKGSSkIPRfGpHT3BkwJDGo5SqjRJadDsyQzkc/WJCMrrfJ0igaWMxb5eR5J8qfXIjBFepRrOOU6acZGtANW8qvDYLJwN+TMd9Jb1wDDY14eoAlKglTF21S3kewNMkDDyeP+oDYv29t1S/soFUnnB+Pb5IdR6pDy2VDGx4jFZMQGshSHWTYQFqgulavS/tGEF8TvzcorrJZKuksAjKdTSmfZ6j4aBY3U+oMSQ+2lO131pkNfNQuMsDfr72r9wUA2xRgUiL/J7CgKn7mamL2OCaksl0Rw2PGqqIaHvAYS6Q1EoIzsmLNrWBYYqTRLyCGZw6+hUOahYRon2lglGmnuWHPfowU+LgcaR5gF1QjvTXhXQ8I39mB3ePgdi+7TUn644Z1FB+JTqGJbue92x4V40Zyyy+Qdt52QsR49iYokbKAwQRiqfVJ7J8NzCY/kIQnqT9RE0NCxZoMBRzboZxVPchxdpmWGQ9dXP06PqIuDCFFiJlVQUfyPMgOAxIlVJ/9NAmj5MWFdWMrmlBNDx9ihEV1FdTv23iFZH5Ejg+x4D3qN5oOyCDL2i9lobzFXh5z4EDpbbogQaFkUzqKEaxRGPBrfYVOi6XXYujVUnxHJaRxbs2UqjpJNsXMg8f7P78aRvOKCIbW70CHWlt7nF0pA5+kFUQRLXKuq7bW+ivoXKeDW5o4FVP3+Pcr67+DOsUXuehALLj9Mu2ICWlMIV/AWcM2szaqk1bwSo7bAeG4RtDKmNjGA7gpnT+w2x+/qS1eWbc832Sumqc1IA8aY6HNVDPsJZf99To4BR+N0rCoQQ/KIZybI31mQagR3+FR9yNzqWzKIl+qf69RTc1CbUCkKVF8pxWZ0ocP+CAdoKadgpdF8evQIiGcUD73HiJ0RsDWo21y0tN0P5jfzWo3WMhCk9e2wl6o1JAfKw54uHzWJnNlGLBK1LXF+R2m+WvNGBgvUhh4PtYV9gPSudumFdk614oak/Aqcn6xi+YZqOMPkW4WYaiczhHyS7qAyefqKaQkRVYS0Af+79CSjlxZJq57HrD7/1E+d/i0gKmSAbPe80uGHs2a13V3VxztFMBi4xD7zj9Mq7+0goVPD4MNXcR651MZ7vxDRGbvPPmclddZe/nkTEn1YB/909b9mC5P/XzximZYW8gEhBReZouukADRTAjuH8zgSIv6/uyTURnmSVoOumVLBpL7veJIzDm4dZ38BWiasiBnzgMuG9A==:RUoCF5O11OgwLFMTqnKY/yRJy6DYh+yNq4xHZC7COGM='
+if (User-Name == 'pbkdf2_salt1024') {
+ control.Password.PBKDF2 := 'HMACSHA2+256:AAAnEA:/IUrkJKe+1kzJNBw7aAMbnQuSFZpjbCqPeKso3cbuSUzWinxngxjK8yyZLiWwF+WE/0Gplfx25zZEQNTdRTvjZZNefoxQBR8Hht0FpdU9YiEBaeErwVo63EDEu83+ycvB18uH0IXpJKGSSkIPRfGpHT3BkwJDGo5SqjRJadDsyQzkc/WJCMrrfJ0igaWMxb5eR5J8qfXIjBFepRrOOU6acZGtANW8qvDYLJwN+TMd9Jb1wDDY14eoAlKglTF21S3kewNMkDDyeP+oDYv29t1S/soFUnnB+Pb5IdR6pDy2VDGx4jFZMQGshSHWTYQFqgulavS/tGEF8TvzcorrJZKuksAjKdTSmfZ6j4aBY3U+oMSQ+2lO131pkNfNQuMsDfr72r9wUA2xRgUiL/J7CgKn7mamL2OCaksl0Rw2PGqqIaHvAYS6Q1EoIzsmLNrWBYYqTRLyCGZw6+hUOahYRon2lglGmnuWHPfowU+LgcaR5gF1QjvTXhXQ8I39mB3ePgdi+7TUn644Z1FB+JTqGJbue92x4V40Zyyy+Qdt52QsR49iYokbKAwQRiqfVJ7J8NzCY/kIQnqT9RE0NCxZoMBRzboZxVPchxdpmWGQ9dXP06PqIuDCFFiJlVQUfyPMgOAxIlVJ/9NAmj5MWFdWMrmlBNDx9ihEV1FdTv23iFZH5Ejg+x4D3qN5oOyCDL2i9lobzFXh5z4EDpbbogQaFkUzqKEaxRGPBrfYVOi6XXYujVUnxHJaRxbs2UqjpJNsXMg8f7P78aRvOKCIbW70CHWlt7nF0pA5+kFUQRLXKuq7bW+ivoXKeDW5o4FVP3+Pcr67+DOsUXuehALLj9Mu2ICWlMIV/AWcM2szaqk1bwSo7bAeG4RtDKmNjGA7gpnT+w2x+/qS1eWbc832Sumqc1IA8aY6HNVDPsJZf99To4BR+N0rCoQQ/KIZybI31mQagR3+FR9yNzqWzKIl+qf69RTc1CbUCkKVF8pxWZ0ocP+CAdoKadgpdF8evQIiGcUD73HiJ0RsDWo21y0tN0P5jfzWo3WMhCk9e2wl6o1JAfKw54uHzWJnNlGLBK1LXF+R2m+WvNGBgvUhh4PtYV9gPSudumFdk614oak/Aqcn6xi+YZqOMPkW4WYaiczhHyS7qAyefqKaQkRVYS0Af+79CSjlxZJq57HrD7/1E+d/i0gKmSAbPe80uGHs2a13V3VxztFMBi4xD7zj9Mq7+0goVPD4MNXcR651MZ7vxDRGbvPPmclddZe/nkTEn1YB/909b9mC5P/XzximZYW8gEhBReZouukADRTAjuH8zgSIv6/uyTURnmSVoOumVLBpL7veJIzDm4dZ38BWiasiBnzgMuG9A==:RUoCF5O11OgwLFMTqnKY/yRJy6DYh+yNq4xHZC7COGM='
pap.authorize
pap.authenticate
return
}
-if (&User-Name == 'pbkdf2_salt64') {
- &control.Password.PBKDF2 := 'HMACSHA2+256:AAAnEA:msGxE1XuC+wlgRr+H4+ioyxZuiN3KYLUSky2FINDTq7KJylKt4XnqloV+FuHGXUbOu1EWcsFp51u2z8wdXVnQQ==:rAV9BeEJH5kt9uZ6pJt0o5pYpN5LQRe4MAYyk2jvjpU='
+if (User-Name == 'pbkdf2_salt64') {
+ control.Password.PBKDF2 := 'HMACSHA2+256:AAAnEA:msGxE1XuC+wlgRr+H4+ioyxZuiN3KYLUSky2FINDTq7KJylKt4XnqloV+FuHGXUbOu1EWcsFp51u2z8wdXVnQQ==:rAV9BeEJH5kt9uZ6pJt0o5pYpN5LQRe4MAYyk2jvjpU='
pap.authorize
pap.authenticate
return
}
-if (&User-Name == 'pbkdf2_salt_big') {
- &control.Password.PBKDF2 := 'HMACSHA2+256:AAAAAQ:E+VXOSsE8RwyYGdygQoW9QA==:pF23EcxNBhJLQ+9JRtd9wQ1Gz+k4i6YjeNZq+7DRBX8='
+if (User-Name == 'pbkdf2_salt_big') {
+ control.Password.PBKDF2 := 'HMACSHA2+256:AAAAAQ:E+VXOSsE8RwyYGdygQoW9QA==:pF23EcxNBhJLQ+9JRtd9wQ1Gz+k4i6YjeNZq+7DRBX8='
pap.authorize
pap.authenticate
if (!ok) {
return
}
-if (&User-Name == 'pbkdf2_salt_small') {
- &control.Password.PBKDF2 := 'HMACSHA2+256:AAAAAQ:E+VXOSsE8RwyYGdygQoW9Q=:UivlvrwHML4VtZHMJLiT/xlH7oyoyvbXQceivptq9TI='
+if (User-Name == 'pbkdf2_salt_small') {
+ control.Password.PBKDF2 := 'HMACSHA2+256:AAAAAQ:E+VXOSsE8RwyYGdygQoW9Q=:UivlvrwHML4VtZHMJLiT/xlH7oyoyvbXQceivptq9TI='
pap.authorize
pap.authenticate
return
}
-if (&User-Name == 'pbkdf2_sha1') {
- &control.Password.PBKDF2 := 'HMACSHA1:AAAD6A:Xw1P133xrwk=:dtQBXQRiR/No5A8Ip3JFGF/qUC0='
+if (User-Name == 'pbkdf2_sha1') {
+ control.Password.PBKDF2 := 'HMACSHA1:AAAD6A:Xw1P133xrwk=:dtQBXQRiR/No5A8Ip3JFGF/qUC0='
pap.authorize
pap.authenticate
return
}
-if (&User-Name == 'pbkdf2_sha2_224') {
- &control.Password.PBKDF2 := 'HMACSHA2+224:AAAnEA:UHScBrg/ZWOyBKqQdAh7bw==:tcFp6CDrkIYdhwa60g24U4ko+mBxzAiFxlpPnA=='
+if (User-Name == 'pbkdf2_sha2_224') {
+ control.Password.PBKDF2 := 'HMACSHA2+224:AAAnEA:UHScBrg/ZWOyBKqQdAh7bw==:tcFp6CDrkIYdhwa60g24U4ko+mBxzAiFxlpPnA=='
pap.authorize
pap.authenticate
return
}
-if (&User-Name == 'pbkdf2_sha2_256') {
- &control.Password.PBKDF2 := 'HMACSHA2+256:AAAnEA:a/8HbYW2HWsMthN27JI+Ew==:3nPlXYOlOuDCFOfethUomHxTXkG9JCivOdvh6FDNdGw='
+if (User-Name == 'pbkdf2_sha2_256') {
+ control.Password.PBKDF2 := 'HMACSHA2+256:AAAnEA:a/8HbYW2HWsMthN27JI+Ew==:3nPlXYOlOuDCFOfethUomHxTXkG9JCivOdvh6FDNdGw='
pap.authorize
pap.authenticate
return
}
-if (&User-Name == 'pbkdf2_sha2_384') {
- &control.Password.PBKDF2 := 'HMACSHA2+384:AAAnEA:pyHRsYLfNZdjszRcu6eHrA==:ktGfNmZ6PyD8FNEgPzFK1fypKERZ13pgvFl+PQdyKouaMXsXIiWPuTMXHqDUCWsx'
+if (User-Name == 'pbkdf2_sha2_384') {
+ control.Password.PBKDF2 := 'HMACSHA2+384:AAAnEA:pyHRsYLfNZdjszRcu6eHrA==:ktGfNmZ6PyD8FNEgPzFK1fypKERZ13pgvFl+PQdyKouaMXsXIiWPuTMXHqDUCWsx'
pap.authorize
pap.authenticate
return
}
-if (&User-Name == 'pbkdf2_sha2_512') {
- &control.Password.PBKDF2 := 'HMACSHA2+512:AAAnEA:TG8Mb94NEmfPLaePwi5CFA==:SYSFeRf9jr4Uo5DB4NvNUEuc1gmEiLjTac5J4WgyKa7mO58KHKWop9xWmcFeuLtUN/iexLTNSgcubOugAyZcog=='
+if (User-Name == 'pbkdf2_sha2_512') {
+ control.Password.PBKDF2 := 'HMACSHA2+512:AAAnEA:TG8Mb94NEmfPLaePwi5CFA==:SYSFeRf9jr4Uo5DB4NvNUEuc1gmEiLjTac5J4WgyKa7mO58KHKWop9xWmcFeuLtUN/iexLTNSgcubOugAyZcog=='
pap.authorize
pap.authenticate
-if (&User-Name == 'plaintext_with_dollar_0') {
- &control.Password.Cleartext := 'password$'
+if (User-Name == 'plaintext_with_dollar_0') {
+ control.Password.Cleartext := 'password$'
pap.authorize
pap.authenticate
if (!ok) {
-if (&User-Name == 'plaintext_with_dollar_1') {
- &control.Password.Cleartext := '$password'
+if (User-Name == 'plaintext_with_dollar_1') {
+ control.Password.Cleartext := '$password'
pap.authorize
pap.authenticate
-if (&User-Name == 'plaintext_with_dollar_2') {
- &control.Password.Cleartext := 'pass$word'
+if (User-Name == 'plaintext_with_dollar_2') {
+ control.Password.Cleartext := 'pass$word'
pap.authorize
pap.authenticate
-if (&User-Name == 'plaintext_with_dollar_3') {
- &control.Password.Cleartext := '$pass$word'
+if (User-Name == 'plaintext_with_dollar_3') {
+ control.Password.Cleartext := '$pass$word'
pap.authorize
pap.authenticate
test_fail
}
-if !(&reply.Reply-Message == "Denied access by rlm_perl function") {
+if !(reply.Reply-Message == "Denied access by rlm_perl function") {
test_fail
}
-&reply -= &Reply-Message[*]
+&reply -= Reply-Message[*]
# User will not be rejected - an xlat will be called setting a reply attribute
&User-Name := 'bob'
# Add two instances of a TLV - will result in an array of hashes in Perl
-&Vendor-Specific.3GPP2.Remote-IP = { &Address = 192.168.1.1, &Mask = 24 }
-&request.Vendor-Specific.3GPP2 += { &Remote-IP = { &Address = 172.16.1.1, &Mask = 16 } }
+&Vendor-Specific.3GPP2.Remote-IP = { Address = 192.168.1.1, Mask = 24 }
+&request.Vendor-Specific.3GPP2 += { Remote-IP = { Address = 172.16.1.1, Mask = 16 } }
perl.authenticate
test_fail
}
-if (&reply.Vendor-Specific.Cisco.h323-credit-amount != 100) {
+if (reply.Vendor-Specific.Cisco.h323-credit-amount != 100) {
test_fail
}
-if (&reply.Filter-Id != 'Hello 127.0.0.1 172.16.1.1') {
+if (reply.Filter-Id != 'Hello 127.0.0.1 172.16.1.1') {
test_fail
}
# Verify that the change to the request and control lists are
# not copied back.
-if (&User-Name != 'bob') {
+if (User-Name != 'bob') {
test_fail
}
-if (&control.NAS-Identifier) {
+if (control.NAS-Identifier) {
test_fail
}
-&reply -= &Vendor-Specific[*]
-&reply -= &Filter-Id[*]
+&reply -= Vendor-Specific[*]
+&reply -= Filter-Id[*]
test_pass
&test_string := 'foo,bar'
&Callback-Id := %perl_xlat('xlat', %{Filter-Id})
-if (&Callback-Id != 'hello|goodbye|welcome|farewell') {
+if (Callback-Id != 'hello|goodbye|welcome|farewell') {
test_fail
}
# Check for multiple arguments to perl function
&result_string := %perl_xlat('xlat', %{Filter-Id}, %{test_string})
-if (&result_string != 'hello|goodbye|welcome|farewell#foo|bar') {
+if (result_string != 'hello|goodbye|welcome|farewell#foo|bar') {
test_fail
}
&result_integer := %perl_xlat('add', 1, 2, 3)
-if (&result_integer != 6) {
+if (result_integer != 6) {
test_fail
}
&Filter-Id := 'hello'
&request += {
- &Filter-Id = 'goodbye'
- &Filter-Id = 'welcome'
+ Filter-Id = 'goodbye'
+ Filter-Id = 'welcome'
}
# Pass a list as an array
&Callback-Id := %perl_xlat('xlatarray', %{Filter-Id[*]})
-if (&Callback-Id != 'hello|goodbye|welcome') {
+if (Callback-Id != 'hello|goodbye|welcome') {
test_fail
}
# Expect an array of returned values
&Callback-Id := %perl_xlat('xlatscalar2array', %{Filter-Id})
-if (&Callback-Id[#] != 5) {
+if (Callback-Id[#] != 5) {
test_fail
}
-if !((&Callback-Id[0] == 'aa') && (&Callback-Id[1] == 'bb') && (&Callback-Id[2] == 'cc') && (&Callback-Id[3] == 'dd') && (&Callback-Id[4] == 'ee')) {
+if !((Callback-Id[0] == 'aa') && (Callback-Id[1] == 'bb') && (Callback-Id[2] == 'cc') && (Callback-Id[3] == 'dd') && (Callback-Id[4] == 'ee')) {
test_fail
}
# Expect an array of array ref returned values
&Callback-Id := %perl_xlat('xlatscalar2arrayref', %{Filter-Id}, %{test_string})
-if (&Callback-Id[#] != 9) {
+if (Callback-Id[#] != 9) {
test_fail
}
-if !((&Callback-Id[0] == 'aa') && (&Callback-Id[1] == 'bb') && (&Callback-Id[2] == 'cc') && (&Callback-Id[3] == 'dd') && (&Callback-Id[4] == 'ee') && (&Callback-Id[5] == 'ff') && (&Callback-Id[6] == 'gg') && (&Callback-Id[7] == 'hh') && (&Callback-Id[8] == 'ii')) {
+if !((Callback-Id[0] == 'aa') && (Callback-Id[1] == 'bb') && (Callback-Id[2] == 'cc') && (Callback-Id[3] == 'dd') && (Callback-Id[4] == 'ee') && (Callback-Id[5] == 'ff') && (Callback-Id[6] == 'gg') && (Callback-Id[7] == 'hh') && (Callback-Id[8] == 'ii')) {
test_fail
}
&Filter-Id := 'a'
&request += {
- &Filter-Id = 'b'
- &Filter-Id = 'c'
+ Filter-Id = 'b'
+ Filter-Id = 'c'
}
# Returns a hash with each element in the provided array converted to Vn->value
&Callback-Id := %perl_xlat('xlatarray2hash', %{Filter-Id[*]})
-if (&Callback-Id[#] != 6) {
+if (Callback-Id[#] != 6) {
test_fail
}
# Note: hashes don't have a defined sequence so these are all the possible return values - mashed to single strings for simplicity's sake
&result_string := "%{Callback-Id[*]}"
-if (&result_string != "V1aV2bV3c") && (&result_string != "V1aV3cV2b") && (&result_string != "V2bV1aV3c") && (&result_string != "V2bV3cV1a") && (&result_string != "V3cV1aV2b") && (&result_string != "V3cV2bV1a") {
+if (result_string != "V1aV2bV3c") && (result_string != "V1aV3cV2b") && (result_string != "V2bV1aV3c") && (result_string != "V2bV3cV1a") && (result_string != "V3cV1aV2b") && (result_string != "V3cV2bV1a") {
test_fail
}
wait = yes
shell_escape = yes
timeout = 1
- output_pairs = &control
+ output_pairs = control
program = "./build/bin/local/radwho -D share/dictionary -F $ENV{MODULE_TEST_DIR}/radutmp -u %{User-Name} -c -R"
}
#
# Input packet
#
-Packet-Type = Access-Request
+Packet-Type = ::Access-Request
User-Name = 'user0@example.org'
NAS-Port = 17826193
NAS-IP-Address = 192.0.2.10
Calling-Station-Id = 00-11-22-33-44-55
Framed-IP-Address = 198.51.100.59
-Acct-Status-Type = Start
+Acct-Status-Type = ::Start
Acct-Delay-Time = 1
Acct-Input-Octets = 0
Acct-Output-Octets = 0
Acct-Input-Gigawords = 0
Acct-Output-Gigawords = 0
Event-Timestamp = 'Feb 1 2024 08:28:58 GMT'
-NAS-Port-Type = Ethernet
+NAS-Port-Type = ::Ethernet
NAS-Port-Id = 'port 001'
Service-Type = ::Framed-User
-Framed-Protocol = PPP
+Framed-Protocol = ::PPP
Idle-Timeout = 0
Session-Timeout = 604800
#
# There's not an Accounting-Failed packet type in RADIUS...
#
-Packet-Type == Access-Accept
+Packet-Type == ::Access-Accept
}
#
-# Runs radwho to read back stored data as pairs into &control
+# Runs radwho to read back stored data as pairs into control
#
exec
-if !(&NAS-Port == &control.NAS-Port) {
+if !(NAS-Port == control.NAS-Port) {
test_fail
}
#
# Use an Interim-Update and different Framed-IP-Address to check record update
#
-&Framed-IP-Address := 10.0.10.100
-&Acct-Status-Type := ::Interim-Update
+Framed-IP-Address := 10.0.10.100
+Acct-Status-Type := ::Interim-Update
radutmp.accounting
test_fail
}
-&control := {}
+control := {}
exec
-if !(&Framed-IP-Address == &control.Framed-IP-Address) {
+if !(Framed-IP-Address == control.Framed-IP-Address) {
test_fail
}
#
# Now use a Stop to clear the user's session
#
-&Acct-Status-Type := ::Stop
+Acct-Status-Type := ::Stop
radutmp.accounting
test_fail
}
-&control := {}
+control := {}
exec
-if (&control.NAS-Port) {
+if (control.NAS-Port) {
test_fail
}
# which sometimes happens when running tests with sanitizers, due to
# slowness introduced by the sanitizers.
try {
- &takeoverresult = %redis(@%{redisreplica}, CLUSTER, FAILOVER, TAKEOVER)
+ takeoverresult = %redis(@%{redisreplica}, CLUSTER, FAILOVER, TAKEOVER)
}
catch fail {
- &takeoverresult = 'OK'
+ takeoverresult = 'OK'
}
-if (&takeoverresult != 'OK') {
+if (takeoverresult != 'OK') {
test_fail
}
# Allow time for the takeover to propagate to other nodes
-foreach &control.Filter-Id {
+foreach control.Filter-Id {
# Keep remapping the cluster
%redis.remap(%{redisreplica})
- if (%redis.node(b, 0) == &redisreplica) {
+ if (%redis.node(b, 0) == redisreplica) {
break
}
%delay(0.5)
&data3 := "3-%randstr('aaaaaaaa')"
if ("$ENV{REDIS_CLUSTER_CONTROL}" == '') {
- &clusterctrl := 'scripts/ci/redis-setup.sh'
+ clusterctrl := 'scripts/ci/redis-setup.sh'
} else {
- &clusterctrl := $ENV{REDIS_CLUSTER_CONTROL}
+ clusterctrl := $ENV{REDIS_CLUSTER_CONTROL}
}
#
# Sometimes redis just fails to start - without it we can't run
# the tests - so just exit early.
&cmdresult = %exec(%{clusterctrl}, create)
-if (&cmdresult == '') {
+if (cmdresult == '') {
test_pass
handled
}
#
&redisserver := $ENV{REDIS_TEST_SERVER}
-if (!&redisserver || (&redisserver == '')) {
- &redisserver := "$ENV{REDIS_IPPOOL_TEST_SERVER}"
+if (!redisserver || (redisserver == '')) {
+ redisserver := "$ENV{REDIS_IPPOOL_TEST_SERVER}"
}
# Test nodes should be running on
# - 127.0.0.1:30005 - slave
# - 127.0.0.1:30003 - master [10923-16383]
# - 127.0.0.1:30006 - slave
-foreach &control.Filter-Id {
+foreach control.Filter-Id {
#
# Force a remap as the slaves don't show up in the cluster immediately
#
}
}
- &request -= &Module-Failure-Message[*]
+ request -= Module-Failure-Message[*]
# Perform checks every half second for 10 seconds.
#
test_fail
}
-if !(&reply.Framed-IP-Address == 192.168.0.1) {
+if !(reply.Framed-IP-Address == 192.168.0.1) {
test_fail
}
test_fail
}
-if !(&reply.IP-Pool.Range == '192.168.0.0') {
+if !(reply.IP-Pool.Range == '192.168.0.0') {
test_fail
}
#
# Verify the lease has been associated with the device
#
-if !(&reply.Framed-IP-Address == %redis('GET', "{%{control.IP-Pool.Name}}:device:%{Calling-Station-ID}")) {
+if !(reply.Framed-IP-Address == %redis('GET', "{%{control.IP-Pool.Name}}:device:%{Calling-Station-ID}")) {
test_fail
}
#
# Check we got the correct lease time back
#
-if !(&reply.Session-Timeout == 30) {
+if !(reply.Session-Timeout == 30) {
test_fail
}
-&IP-Pool.Range := &reply.IP-Pool.Range
-&Framed-IP-Address := &reply.Framed-IP-Address
-&Session-Timeout := &reply.Session-Timeout # We should get the same lease time
+&IP-Pool.Range := reply.IP-Pool.Range
+&Framed-IP-Address := reply.Framed-IP-Address
+&Session-Timeout := reply.Session-Timeout # We should get the same lease time
&reply := {}
#
#
# Check the ranges are the same
#
-if !(&IP-Pool.Range == &reply.IP-Pool.Range) {
+if !(IP-Pool.Range == reply.IP-Pool.Range) {
test_fail
}
#
# Check the IP addresses are the same
#
-if !(&Framed-IP-Address == &reply.Framed-IP-Address) {
+if !(Framed-IP-Address == reply.Framed-IP-Address) {
test_fail
}
# The fudge factor is to allow for delays running ippool tool and script interpretation
# as we should be allocating the same lesase as before, but its TTL could be slightly lower.
#
-if ((&Session-Timeout - &reply.Session-Timeout) > 5) {
+if ((Session-Timeout - reply.Session-Timeout) > 5) {
test_fail
}
#
# Check we got the right lease
#
-if !(&reply.Framed-IP-Address == 192.168.1.1) {
+if !(reply.Framed-IP-Address == 192.168.1.1) {
test_fail
}
# expansion.
#
redis_ippool {
- owner = &Calling-Station-ID
- gateway = &NAS-IP-Address
- pool_name = &control.IP-Pool.Name
+ owner = Calling-Station-ID
+ gateway = NAS-IP-Address
+ pool_name = control.IP-Pool.Name
offer_time = 30
lease_time = 60
- requested_address = &Framed-IP-Address
- allocated_address_attr = &reply.Framed-IP-address
- range_attr = &reply.IP-Pool.Range
- expiry_attr = &reply.Session-Timeout
+ requested_address = Framed-IP-Address
+ allocated_address_attr = reply.Framed-IP-address
+ range_attr = reply.IP-Pool.Range
+ expiry_attr = reply.Session-Timeout
copy_on_update = yes
test_fail
}
-if !(&reply.Framed-IP-Address == 192.168.0.1) {
+if !(reply.Framed-IP-Address == 192.168.0.1) {
test_fail
}
test_fail
}
-if !(&reply.Framed-IP-Address == 192.168.0.1) {
+if !(reply.Framed-IP-Address == 192.168.0.1) {
test_fail
}
test_fail
}
-if !(&reply.Framed-IP-Address == 192.168.0.10) {
+if !(reply.Framed-IP-Address == 192.168.0.10) {
test_fail
}
#
# Change device to grab the dynamic address
&Calling-Station-ID := '11:22:33:44:55:66'
-&reply -= &Framed-IP-Address[*]
+&reply -= Framed-IP-Address[*]
redis_ippool {
invalid = 1
test_fail
}
-if !(&reply.Framed-IP-Address == 192.168.0.1) {
+if !(reply.Framed-IP-Address == 192.168.0.1) {
test_fail
}
}
&zscore := %redis(ZSCORE, {%{control.IP-Pool.Name}}:pool, 192.168.0.1)
-if !(&zscore < (uint64)0x10000000000000) {
+if !(zscore < (uint64)0x10000000000000) {
test_fail
}
#
# Check that the ZSCORE is maintained, simply with the static bit set
#
-if !(%redis(ZSCORE, {%{control.IP-Pool.Name}}:pool, 192.168.0.1) == (&zscore + (uint64) 0x10000000000000)) {
+if !(%redis(ZSCORE, {%{control.IP-Pool.Name}}:pool, 192.168.0.1) == (zscore + (uint64) 0x10000000000000)) {
test_fail
}
test_fail
}
-if (!(&reply.Framed-IP-Address == 192.168.0.1)) {
+if (!(reply.Framed-IP-Address == 192.168.0.1)) {
test_fail
}
#
# Release the IP address
#
-&Framed-IP-Address := &reply.Framed-IP-Address
+&Framed-IP-Address := reply.Framed-IP-Address
redis_ippool.release {
invalid = 1
#
# Release the IP address again (should still be fine)
#
-&Framed-IP-Address := &reply.Framed-IP-Address
+&Framed-IP-Address := reply.Framed-IP-Address
redis_ippool.release {
invalid = 1
test_fail
}
-if (!(&reply.Framed-IP-Address == 192.168.0.10)) {
+if (!(reply.Framed-IP-Address == 192.168.0.10)) {
test_fail
}
# Check the expiry attribute is present and correct - although the allocation is static
# we report the expiry as if it were dynamic e.g. to drive DHCP renewals
#
-if (!(&reply.Session-Timeout == 30)) {
+if (!(reply.Session-Timeout == 30)) {
test_fail
}
#
# Check that renewal does not mess with static IP
#
-&Framed-IP-Address := &reply.Framed-IP-Address
+&Framed-IP-Address := reply.Framed-IP-Address
redis_ippool.renew {
invalid = 1
#
# And that the expected expiry is now set
#
-if (!(&reply.Session-Timeout == 60)) {
+if (!(reply.Session-Timeout == 60)) {
test_fail
}
test_fail
}
-if (!(&reply.Framed-IP-Address == 192.168.0.1)) {
+if (!(reply.Framed-IP-Address == 192.168.0.1)) {
test_fail
}
test_fail
}
-if (!(&reply.Framed-IP-Address == 192.168.0.10)) {
+if (!(reply.Framed-IP-Address == 192.168.0.10)) {
test_fail
}
# Check the expiry attribute is present and correct - although the allocation is static
# we report the expiry as if it were dynamic e.g. to drive DHCP renewals
#
-if (!(&reply.Session-Timeout == 30)) {
+if (!(reply.Session-Timeout == 30)) {
test_fail
}
#
# Check that renewal still works as we are within the exipiry time
#
-&Framed-IP-Address := &reply.Framed-IP-Address
+&Framed-IP-Address := reply.Framed-IP-Address
redis_ippool.renew {
invalid = 1
# Perform IP allocation for alternative device
# Should be allocated the previously static address as that is the only one in the pool
#
-&reply -= &Framed-IP-Address[*]
-&request -= &Framed-IP-Address[*]
+&reply -= Framed-IP-Address[*]
+&request -= Framed-IP-Address[*]
&Calling-Station-Id := '00:11:22:33:44:55'
redis_ippool.allocate {
test_fail
}
-if !(&reply.Framed-IP-Address == '192.168.0.10') {
+if !(reply.Framed-IP-Address == '192.168.0.10') {
test_fail
}
}
# 2.
-if !(&reply.Framed-IP-Address == 192.168.0.1) {
+if !(reply.Framed-IP-Address == 192.168.0.1) {
test_fail
}
# 3. Check the expiry attribute is present and correct
-if !(&reply.Session-Timeout == 30) {
+if !(reply.Session-Timeout == 30) {
test_fail
}
%exec(./build/bin/local/rlm_redis_ippool_tool, -a, 192.168.1.1/32, $ENV{REDIS_IPPOOL_TEST_SERVER}:30001, %{control.IP-Pool.Name}, 192.168.1.0)
# 6. Verify that the lease time is extended
-&Framed-IP-Address := &reply.Framed-IP-Address
+&Framed-IP-Address := reply.Framed-IP-Address
&NAS-IP-Address := 127.0.0.2
redis_ippool.renew
}
# 7. Lease time should now be 60 seconds
-if !(&reply.Session-Timeout == 60) {
+if !(reply.Session-Timeout == 60) {
test_fail
}
}
# 10. Verify the lease is still associated with the device
-if !(&reply.Framed-IP-Address == %redis(GET, {%{control.IP-Pool.Name}}:device:%{Calling-Station-ID})) {
+if !(reply.Framed-IP-Address == %redis(GET, {%{control.IP-Pool.Name}}:device:%{Calling-Station-ID})) {
test_fail
}
}
# 13. and that the range attribute was set
-if !(&reply.IP-Pool.Range && (&reply.IP-Pool.Range == '192.168.0.0')) {
+if !(reply.IP-Pool.Range && (reply.IP-Pool.Range == '192.168.0.0')) {
test_fail
}
}
# 16. Verify the lease is still associated with the previous device
-if !(&reply.Framed-IP-Address == %redis(GET, {%{control.IP-Pool.Name}}:device:00:11:22:33:44:55)) {
+if !(reply.Framed-IP-Address == %redis(GET, {%{control.IP-Pool.Name}}:device:00:11:22:33:44:55)) {
test_fail
}
redis_ippool.renew
# 3. Check the expiry attribute is present and correct
-if !(&reply.Session-Timeout == 60) {
+if !(reply.Session-Timeout == 60) {
test_fail
}
}
# 5. Verify we got an IP
-if !(&reply.Framed-IP-Address == 192.168.0.1) {
+if !(reply.Framed-IP-Address == 192.168.0.1) {
test_fail
}
accounting {
request {
- uri = "https://$ENV{REST_TEST_SERVER}:$ENV{REST_TEST_SERVER_SSL_PORT}/user/%{User-Name}/mac/%{Called-Station-ID}?action=post-auth§ion=accounting"
+ uri = "https://$ENV{REST_TEST_SERVER}:$ENV{REST_TEST_SERVER_SSL_PORT}/user/%{User-Name}/mac/%{Called-Station-ID}?action=post-authsection=accounting"
method = 'POST'
body = 'json'
data = "{\"NAS\": \"%{NAS-IP-Address}\", \"Password\": \"%{User-Password}\", \"Verify\": true}"
# Test "authenticate" rest call. Uses http basic authentication
rest.authenticate
-if (!(&REST-HTTP-Status-Code == 200)) {
+if (!(REST-HTTP-Status-Code == 200)) {
test_fail
}
-if (!(&REST-HTTP-Body == "Section: authenticate, User: Bob, Authenticated: true\n")) {
+if (!(REST-HTTP-Body == "Section: authenticate, User: Bob, Authenticated: true\n")) {
test_fail
}
debug_control
-if (!(&REST-HTTP-Status-Code == 200)) {
+if (!(REST-HTTP-Status-Code == 200)) {
test_fail
}
-if (!(&control.Filter-Id == "authorize")) {
+if (!(control.Filter-Id == "authorize")) {
test_fail
}
-if (!(&control.Callback-Id == "GET")) {
+if (!(control.Callback-Id == "GET")) {
test_fail
}
-if (!(&control.Callback-Id[*] == "/user/<username>/mac/<client>")) {
+if (!(control.Callback-Id[*] == "/user/<username>/mac/<client>")) {
test_fail
}
-if (!(&control.User-Name == "Bob")) {
+if (!(control.User-Name == "Bob")) {
test_fail
}
# The "op" for setting Login-LAT-Node is ^=
-if (!(&control.Login-LAT-Node[0] == "Bob") || !(&control.Login-LAT-Node[1] == "foo")) {
+if (!(control.Login-LAT-Node[0] == "Bob") || !(control.Login-LAT-Node[1] == "foo")) {
test_fail
}
# Reset control attributes
-&control -= &Filter-Id[*]
-&control -= &Callback-Id[*]
-&control -= &User-Name[*]
+&control -= Filter-Id[*]
+&control -= Callback-Id[*]
+&control -= User-Name[*]
# Pre-fill NAS-IP-Address to check operator behaviour
&control.NAS-IP-Address := "10.0.0.10"
# Test "accounting" rest call. Uses https to a POST end point
rest.accounting
-if (!(&REST-HTTP-Status-Code == 200)) {
+if (!(REST-HTTP-Status-Code == 200)) {
test_fail
}
-if (!(&control.Filter-Id == "accounting")) {
+if (!(control.Filter-Id == "accounting")) {
test_fail
}
-if (!(&control.Callback-Id == "POST")) {
+if (!(control.Callback-Id == "POST")) {
test_fail
}
-if (!(&control.Callback-Id[*] == "/user/<username>/mac/<client>")) {
+if (!(control.Callback-Id[*] == "/user/<username>/mac/<client>")) {
test_fail
}
-if (!(&control.User-Name == "Bob")) {
+if (!(control.User-Name == "Bob")) {
test_fail
}
-if (!(&control.Login-LAT-Node[0] == "Bob") || !(&control.Login-LAT-Node[1] == "Bob") || !(&control.Login-LAT-Node[2] == "foo")) {
+if (!(control.Login-LAT-Node[0] == "Bob") || !(control.Login-LAT-Node[1] == "Bob") || !(control.Login-LAT-Node[2] == "foo")) {
test_fail
}
# NAS IP Address is passed in body data
-if (!(&control.NAS-IP-Address[0] == "10.0.0.10") || !(&control.NAS-IP-Address[1] == "192.168.1.1")) {
+if (!(control.NAS-IP-Address[0] == "10.0.0.10") || !(control.NAS-IP-Address[1] == "192.168.1.1")) {
test_fail
}
ok
}
-if (&REST-HTTP-Status-Code) {
+if (REST-HTTP-Status-Code) {
test_fail
}
# Retrieve a plain text file
&result_string := %rest('GET', "http://%{server_host}:%uri.safe(%{server_port})/test.txt")
-if (!(&REST-HTTP-Status-Code == 200)) {
+if (!(REST-HTTP-Status-Code == 200)) {
test_fail
}
-if (!(&result_string == "Sample text response\n")) {
+if (!(result_string == "Sample text response\n")) {
test_fail
}
# Take host from incoming packet
&result_string := %rest('GET', "http://%{Login-IP-Host}:%uri.safe(%{server_port})/test.txt")
-if (!(&REST-HTTP-Status-Code == 200) || !(&result_string == "Sample text response\n")) {
+if (!(REST-HTTP-Status-Code == 200) || !(result_string == "Sample text response\n")) {
test_fail
}
# Port is not allowed from incoming packets
&result_string := %rest('GET', "http://%{server_host}:%{NAS-Port}/test.txt")
-if (!(&Module-Failure-Message == "Failed escaping URI: Unsafe input \"8080\" not allowed in URI part port") || &result_string) {
+if (!(Module-Failure-Message == "Failed escaping URI: Unsafe input \"8080\" not allowed in URI part port") || result_string) {
test_fail
}
# Check a "not found" gives a 404 status code
&result_string := %rest('GET', "http://%{server_host}:%uri.safe(%{server_port})/%{test_string}")
-if (!(&REST-HTTP-Status-Code == 404)) {
+if (!(REST-HTTP-Status-Code == 404)) {
test_fail
}
# GET with URL parameters
&test_string := %rest('GET', "http://%{server_host}:%uri.safe(%{server_port})/user/%{User-Name}/mac/%{Called-Station-Id}")
-if (!(&REST-HTTP-Status-Code == 200)) {
+if (!(REST-HTTP-Status-Code == 200)) {
test_fail
}
-map json &test_string {
- &control.Callback-Id := '$.control\.Callback-Id'
- &control.User-Name := '$.control\.User-Name.value'
+map json test_string {
+ control.Callback-Id := '$.control\.Callback-Id'
+ control.User-Name := '$.control\.User-Name.value'
}
-if !(&control.Callback-Id == '[ "GET", "\/user\\/<username>\/mac\/<client>" ]') {
+if !(control.Callback-Id == '[ "GET", "\/user\\/<username>\/mac\/<client>" ]') {
test_fail
}
-if (!(&control.User-Name == "Bob")) {
+if (!(control.User-Name == "Bob")) {
test_fail
}
# Directly use json map and prepend the returned value
map json %rest('GET', "http://%{server_host}:%uri.safe(%{server_port})/user/%{User-Name}/mac/%{Called-Station-Id}") {
- &control.User-Name ^= '$.control\.User-Name.value'
+ control.User-Name ^= '$.control\.User-Name.value'
}
-if (!(&control.User-Name[0] == 'Bob') || !(&control.User-Name[1] == 'dummy')) {
+if (!(control.User-Name[0] == 'Bob') || !(control.User-Name[1] == 'dummy')) {
test_fail
}
-&test_string := %json.encode('&request.NAS-IP-Address')
+&test_string := %json.encode('request.NAS-IP-Address')
# POST to https with JSON body data
&result_string := %rest('POST', "https://%{server_host}:%uri.safe(%{server_ssl_port})/user/%{User-Name}/mac/%{Called-Station-Id}?section=accounting", %{test_string})
-if (!(&REST-HTTP-Status-Code == 200)) {
+if (!(REST-HTTP-Status-Code == 200)) {
test_fail
}
-map json &result_string {
- &control.Callback-Id := '$.control\.Callback-Id'
- &control.User-Name := '$.control\.User-Name.value'
- &control.NAS-IP-Address := '$.control\.NAS-IP-Address.value'
+map json result_string {
+ control.Callback-Id := '$.control\.Callback-Id'
+ control.User-Name := '$.control\.User-Name.value'
+ control.NAS-IP-Address := '$.control\.NAS-IP-Address.value'
}
-if (!(&control.Callback-Id == '[ "POST", "\/user\/<username>\/mac\/<client>" ]')) {
+if (!(control.Callback-Id == '[ "POST", "\/user\/<username>\/mac\/<client>" ]')) {
test_fail
}
-if (!(&control.User-Name == "Bob")) {
+if (!(control.User-Name == "Bob")) {
test_fail
}
-if (!(&control.NAS-IP-Address == "192.168.1.1")) {
+if (!(control.NAS-IP-Address == "192.168.1.1")) {
test_fail
}
-&result_string := "NAS=%{NAS-IP-Address}&user=%{User-Name}"
+&result_string := "NAS=%{NAS-IP-Address}user=%{User-Name}"
# POST to https with POST body data
&result_string := %rest('POST', "https://%{server_host}:%uri.safe(%{server_ssl_port})/post/test?section=dummy", %{result_string})
-if (!(&REST-HTTP-Status-Code == 200)) {
+if (!(REST-HTTP-Status-Code == 200)) {
test_fail
}
-if (!(&result_string == "Section: dummy, User: Bob\n")) {
+if (!(result_string == "Section: dummy, User: Bob\n")) {
test_fail
}
string body
map json %rest('POST', "http://%{server_host}:%uri.safe(%{server_port})/user/%{User-Name}/reflect/?station=%{Calling-Station-Id}", "{\"test\":\"foo\"}") {
- &headers := '$.reply\.Reply-Message.value[0]'
- &arguments := '$.reply\.Reply-Message.value[1]'
- &body := '$.reply\.Reply-Message.value[2]'
+ headers := '$.reply\.Reply-Message.value[0]'
+ arguments := '$.reply\.Reply-Message.value[1]'
+ body := '$.reply\.Reply-Message.value[2]'
}
- &headers := (string)%base64.decode(%{headers})
- &arguments := (string)%base64.decode(%{arguments})
- &body := (string)%base64.decode(%{body})
+ headers := (string)%base64.decode(%{headers})
+ arguments := (string)%base64.decode(%{arguments})
+ body := (string)%base64.decode(%{body})
- if (!(&arguments == "{\"station\":\"dummy&unsafe=escaped\"}" )) {
+ if (!(arguments == "{\"station\":\"dummyunsafe=escaped\"}" )) {
test_fail
}
- if (!(&headers =~ /"user-agent":"FreeRADIUS.*"/)) {
+ if (!(headers =~ /"user-agent":"FreeRADIUS.*"/)) {
test_fail
}
- if (!(&headers =~ /"x-freeradius-server":"default"/)) {
+ if (!(headers =~ /"x-freeradius-server":"default"/)) {
test_fail
}
- if (!(&headers =~ /"x-custom-header":\["test","Bob"\]/)) {
+ if (!(headers =~ /"x-custom-header":\["test","Bob"\]/)) {
test_fail
}
- if (!(&body == "{\"test\":\"foo\"}")) {
+ if (!(body == "{\"test\":\"foo\"}")) {
test_fail
}
}
string headers
string arguments
- &test_string := ""
+ test_string := ""
map json %rest('GET', "http://%{server_host}:%uri.safe(%{server_port})/user/%{User-Name}/reflect/%{test_string}?station=%{User-Name}") {
- &headers := '$.reply\.Reply-Message.value[0]'
- &arguments := '$.reply\.Reply-Message.value[1]'
+ headers := '$.reply\.Reply-Message.value[0]'
+ arguments := '$.reply\.Reply-Message.value[1]'
}
- &headers := (string)%base64.decode(%{headers})
- &arguments := (string)%base64.decode(%{arguments})
+ headers := (string)%base64.decode(%{headers})
+ arguments := (string)%base64.decode(%{arguments})
- if (!(&arguments == "{\"station\":\"Bob\"}" )) {
+ if (!(arguments == "{\"station\":\"Bob\"}" )) {
test_fail
}
- if (!(&headers =~ /"user-agent":"FreeRADIUS.*"/)) {
+ if (!(headers =~ /"user-agent":"FreeRADIUS.*"/)) {
test_fail
}
- if (!(&headers =~ /"x-freeradius-server":"default"/)) {
+ if (!(headers =~ /"x-freeradius-server":"default"/)) {
test_fail
}
# Some weird escaping issue prevents matching application/json
- if (!(&headers =~ /"content-type":"application.+json"/)) {
+ if (!(headers =~ /"content-type":"application.+json"/)) {
test_fail
}
}
string arguments
map json %rest('GET', "http://%{server_host}:%uri.safe(%{server_port})/user/%{User-Name}/reflect/%{NAS-Identifier}?station=%{Called-Station-Id}") {
- &arguments := '$.reply\.Reply-Message.value[1]'
+ arguments := '$.reply\.Reply-Message.value[1]'
}
- &arguments := (string)%base64.decode(%{arguments})
+ arguments := (string)%base64.decode(%{arguments})
- if (!(&arguments == "{\"station\":\"aa:bb:cc:dd:ee:ff\"}" )) {
+ if (!(arguments == "{\"station\":\"aa:bb:cc:dd:ee:ff\"}" )) {
test_fail
}
}
# Test against endpoint which will time out
&result_string := %restshorttimeout('GET', "http://%{server_host}:%uri.safe(%{server_port})/delay")
-if (&REST-HTTP-Status-Code) {
+if (REST-HTTP-Status-Code) {
test_fail
}
-if (!(&Module-Failure-Message == "curl request failed: Timeout was reached (28)")) {
+if (!(Module-Failure-Message == "curl request failed: Timeout was reached (28)")) {
test_fail
}
template_directory = "$ENV{top_srcdir}build/ci/exim4"
envelope_address = "postmaster@localhost"
- attachments = &SMTP-Attachments[*]
+ attachments = SMTP-Attachments[*]
recipients = "conf_recipient_1@localhost"
recipients = "conf_recipient_2@localhost"
- recipients = &SMTP-Recipients[*]
- recipients = &SMTP-TO[*]
- recipients = &SMTP-CC[*]
+ recipients = SMTP-Recipients[*]
+ recipients = SMTP-TO[*]
+ recipients = SMTP-CC[*]
TO = "conf_to@localhost"
- TO = &SMTP-TO[*]
+ TO = SMTP-TO[*]
- CC = &SMTP-CC[*]
+ CC = SMTP-CC[*]
set_date = no
}
recipients = "conf_recipient_1@localhost"
recipients = "conf_recipient_2@localhost"
- recipients = &SMTP-Recipients[*]
+ recipients = SMTP-Recipients[*]
TO = "conf_to@localhost"
- TO = &SMTP-TO[*]
+ TO = SMTP-TO[*]
- CC = &SMTP-CC[*]
+ CC = SMTP-CC[*]
set_date = no
}
&request += {
- &SMTP-Mail-Header = "x-test-Subject: smtp test"
- &SMTP-Mail-Body = "sent from the smtp test module\r\n"
+ SMTP-Mail-Header = "x-test-Subject: smtp test"
+ SMTP-Mail-Body = "sent from the smtp test module\r\n"
- &SMTP-Recipients = "smtp_attachment_receiver@localhost"
+ SMTP-Recipients = "smtp_attachment_receiver@localhost"
- &SMTP-TO = "smtp_to_1@localhost"
- &SMTP-TO = "smtp_to_2@localhost"
+ SMTP-TO = "smtp_to_1@localhost"
+ SMTP-TO = "smtp_to_2@localhost"
- &SMTP-CC = "smtp_cc_1@localhost"
- &SMTP-CC = "smtp_cc_2@localhost"
+ SMTP-CC = "smtp_cc_1@localhost"
+ SMTP-CC = "smtp_cc_2@localhost"
- &SMTP-Attachments = "testfile"
+ SMTP-Attachments = "testfile"
}
smtp.mail {
fail = 1
# Module failure is likely a timeout
# Avoid false negatives by aborting test
#
-if (fail && (&Module-Failure-Message[*] == 'smtp: curl request failed: Timeout was reached (28)')) {
+if (fail && (Module-Failure-Message[*] == 'smtp: curl request failed: Timeout was reached (28)')) {
test_pass
handled
}
&request += {
- &SMTP-Mail-Header = "Subject: smtp test"
- &SMTP-Mail-Header = "FROM: smtp_sender@gmail.com"
- &SMTP-Mail-Header = "TO: smtp_receiver@localhost"
- &SMTP-Mail-Body = "sent from the smtp test module\r\n"
- &SMTP-Sender-Address = "smtp_sender@localhost"
- &SMTP-Recipients = "smtp_receiver@localhost"
- &SMTP-Attachments = "testfile"
+ SMTP-Mail-Header = "Subject: smtp test"
+ SMTP-Mail-Header = "FROM: smtp_sender@gmail.com"
+ SMTP-Mail-Header = "TO: smtp_receiver@localhost"
+ SMTP-Mail-Body = "sent from the smtp test module\r\n"
+ SMTP-Sender-Address = "smtp_sender@localhost"
+ SMTP-Recipients = "smtp_receiver@localhost"
+ SMTP-Attachments = "testfile"
}
smtp.authenticate {
fail = 1
}
-if (fail && (&Module-Failure-Message[*] == 'smtp: curl request failed: Timeout was reached (28)')) {
+if (fail && (Module-Failure-Message[*] == 'smtp: curl request failed: Timeout was reached (28)')) {
test_pass
handled
}
-if !(&TLS-Certificate.Issuer =~ /@example\.org/) {
+if !(TLS-Certificate.Issuer =~ /@example\.org/) {
test_fail
}
}
if !(reject) {
- if (&Module-Failure-Message[*] == "smtp: curl request failed: Timeout was reached (28)") {
+ if (Module-Failure-Message[*] == "smtp: curl request failed: Timeout was reached (28)") {
test_pass
handled
}
}
if !(reject) {
- if (&Module-Failure-Message[*] == "smtp: curl request failed: Timeout was reached (28)") {
+ if (Module-Failure-Message[*] == "smtp: curl request failed: Timeout was reached (28)") {
test_pass
handled
}
test_fail
}
-&request -= &User-Password[*]
+&request -= User-Password[*]
#
# Check that missing password is an invalid request
}
&User-Password := 'Saget'
-&request -= &User-Name[*]
+&request -= User-Name[*]
#
# Check that missing user name is an invalid request
sender_address = "sender_email2@localhost"
envelope_address = "postmaster@localhost"
recipients = "crln_test_receiver@localhost"
- recipients = &SMTP-Recipients[*]
+ recipients = SMTP-Recipients[*]
set_date = no
}
&request += {
- &SMTP-Mail-Body = "sent from the smtp test module\r\n"
- &SMTP-Mail-Body = "\r\n"
- &SMTP-Mail-Body = "Some Body\r\n"
- &SMTP-Mail-Body = ".\r\n"
- &SMTP-Mail-Body = "More Body\r\n"
- &SMTP-Mail-Body = "."
- &SMTP-Mail-Body = "Most Body\r\n"
+ SMTP-Mail-Body = "sent from the smtp test module\r\n"
+ SMTP-Mail-Body = "\r\n"
+ SMTP-Mail-Body = "Some Body\r\n"
+ SMTP-Mail-Body = ".\r\n"
+ SMTP-Mail-Body = "More Body\r\n"
+ SMTP-Mail-Body = "."
+ SMTP-Mail-Body = "Most Body\r\n"
- &SMTP-Recipients = "crln_test_receiver@localhost"
- &SMTP-Sender-Address = "smtp_sender@localhost"
+ SMTP-Recipients = "crln_test_receiver@localhost"
+ SMTP-Sender-Address = "smtp_sender@localhost"
}
smtp.mail {
fail = 1
# Module failure is likely a timeout
# Avoid false negatives by aborting test
#
-if (fail && (&Module-Failure-Message[*] == 'smtp: curl request failed: Timeout was reached (28)')) {
+if (fail && (Module-Failure-Message[*] == 'smtp: curl request failed: Timeout was reached (28)')) {
test_pass
handled
}
test_fail
}
-if !(&TLS-Certificate.Issuer =~ /@example\.org/) {
+if !(TLS-Certificate.Issuer =~ /@example\.org/) {
test_fail
}
message_id = "123456789@example.com"
}
- username = &User-Name
- password = &User-Password
+ username = User-Name
+ password = User-Password
uri = "$ENV{SMTP_TEST_SERVER}:$ENV{SMTP_TEST_SERVER_PORT}"
timeout = 5s
template_directory = "$ENV{top_srcdir}build/ci/exim4"
- sender_address = &SMTP-Sender-Address[*]
+ sender_address = SMTP-Sender-Address[*]
envelope_address = "postmaster@localhost"
recipients = "conf-stringparse-recipient@localhost"
- recipients = &SMTP-Recipients[*]
+ recipients = SMTP-Recipients[*]
set_date = no
}
&request += {
- &SMTP-Mail-Body = "sent from the smtp test module\r\n"
- &SMTP-Recipients = "stringparse_test_receiver@localhost"
- &SMTP-Sender-Address = "smtp_sender@localhost"
- &SMTP-Sender-Address = "smtp_sender_2@localhost"
- &SMTP-Sender-Address = "smtp_sender_3@localhost"
+ SMTP-Mail-Body = "sent from the smtp test module\r\n"
+ SMTP-Recipients = "stringparse_test_receiver@localhost"
+ SMTP-Sender-Address = "smtp_sender@localhost"
+ SMTP-Sender-Address = "smtp_sender_2@localhost"
+ SMTP-Sender-Address = "smtp_sender_3@localhost"
}
smtp.mail {
fail = 1
# Module failure is likely a timeout
# Avoid false negatives by aborting test
#
-if (fail && (&Module-Failure-Message[*] == 'smtp: curl request failed: Timeout was reached (28)')) {
+if (fail && (Module-Failure-Message[*] == 'smtp: curl request failed: Timeout was reached (28)')) {
test_pass
handled
}
test_fail
}
-if !(&TLS-Certificate.Issuer =~ /@example\.org/) {
+if !(TLS-Certificate.Issuer =~ /@example\.org/) {
test_fail
}
&request += {
- &SMTP-Mail-Header = "x-test-Subject: smtp test"
- &SMTP-Mail-Body = "sent from the smtp test module\r\n"
+ SMTP-Mail-Header = "x-test-Subject: smtp test"
+ SMTP-Mail-Body = "sent from the smtp test module\r\n"
- &SMTP-Recipients = "smtp_delivery_receiver@localhost"
- &SMTP-Recipients = "smtp_recipient_request@localhost"
+ SMTP-Recipients = "smtp_delivery_receiver@localhost"
+ SMTP-Recipients = "smtp_recipient_request@localhost"
- &SMTP-TO = "smtp_to_request_1@localhost"
- &SMTP-TO = "smtp_to_request_2@localhost"
+ SMTP-TO = "smtp_to_request_1@localhost"
+ SMTP-TO = "smtp_to_request_2@localhost"
- &SMTP-CC = "smtp_cc_request_1@localhost"
- &SMTP-CC = "smtp_cc_request_2@localhost"
+ SMTP-CC = "smtp_cc_request_1@localhost"
+ SMTP-CC = "smtp_cc_request_2@localhost"
- &SMTP-Attachments = "testfile"
+ SMTP-Attachments = "testfile"
}
smtp.mail {
fail = 1
# Module failure is likely a timeout
# Avoid false negatives by aborting test
#
-if (fail && (&Module-Failure-Message[*] == 'smtp: curl request failed: Timeout was reached (28)')) {
+if (fail && (Module-Failure-Message[*] == 'smtp: curl request failed: Timeout was reached (28)')) {
test_pass
handled
}
}
&request := {
- &SMTP-Mail-Header = "x-test-Subject: 2nd smtp test"
- &SMTP-Mail-Body = "sent from the smtp test module\r\n"
+ SMTP-Mail-Header = "x-test-Subject: 2nd smtp test"
+ SMTP-Mail-Body = "sent from the smtp test module\r\n"
- &SMTP-TO = "smtp_to_request_3@localhost"
+ SMTP-TO = "smtp_to_request_3@localhost"
}
smtp.mail {
# Module failure is likely a timeout
# Avoid false negatives by aborting test
#
-if (fail && (&Module-Failure-Message[*] == 'smtp: curl request failed: Timeout was reached (28)')) {
+if (fail && (Module-Failure-Message[*] == 'smtp: curl request failed: Timeout was reached (28)')) {
test_pass
handled
}
%sql("${delete_from_radcheck} 'attrref'")
%sql("${delete_from_radreply} 'attrref'")
-if (%sql("${insert_into_radcheck} ('attrref', 'NAS-IP-Address', '==', '&Framed-IP-Address')") != "1") {
+if (%sql("${insert_into_radcheck} ('attrref', 'NAS-IP-Address', '==', 'Framed-IP-Address')") != "1") {
test_fail
}
test_fail
}
-if !(&control.Password.Cleartext == &User-Password) {
+if !(control.Password.Cleartext == User-Password) {
test_fail
}
-if !(&reply.Reply-Message == "Hello User B") {
+if !(reply.Reply-Message == "Hello User B") {
test_fail
}
-if (&control.SQL-Group[*] == 'groups_group_a') {
+if (control.SQL-Group[*] == 'groups_group_a') {
test_fail
}
-if !(&control.SQL-Group[*] == 'groups_group_b') {
+if !(control.SQL-Group[*] == 'groups_group_b') {
test_fail
}
# Although the user is in this group, the lack of Fall-Through in radgroupreply
# means this will never be processed when calling the sql module in authorize context.
#
-if (&control.SQL-Group[*] == 'groups_group_c') {
+if (control.SQL-Group[*] == 'groups_group_c') {
test_fail
}
test_fail
}
-if !(&control.Password.Cleartext == &User-Password) {
+if !(control.Password.Cleartext == User-Password) {
test_fail
}
-if !(&reply.Reply-Message == "Hello Fallthrough User") {
+if !(reply.Reply-Message == "Hello Fallthrough User") {
test_fail
}
-if !(&control.SQL-Group[*] == 'fallthrough_group_a') {
+if !(control.SQL-Group[*] == 'fallthrough_group_a') {
test_fail
}
-if !(&control.SQL-Group[*] == 'fallthrough_group_b') {
+if !(control.SQL-Group[*] == 'fallthrough_group_b') {
test_fail
}
-if (&control.SQL-Group[*] == 'fallthrough_group_c') {
+if (control.SQL-Group[*] == 'fallthrough_group_c') {
test_fail
}
test_fail
}
-if !(&control.Password.Cleartext == &User-Password) {
+if !(control.Password.Cleartext == User-Password) {
test_fail
}
-if !(&reply.Reply-Message == "Hello No-Fallthrough User") {
+if !(reply.Reply-Message == "Hello No-Fallthrough User") {
test_fail
}
test_fail
}
-if !(&control.Password.Cleartext == &User-Password) {
+if !(control.Password.Cleartext == User-Password) {
test_fail
}
-if !(&reply.Reply-Message == "Hello Groups User") {
+if !(reply.Reply-Message == "Hello Groups User") {
test_fail
}
test_fail
}
-if !(&control.Password.Cleartext == &User-Password) {
+if !(control.Password.Cleartext == User-Password) {
test_fail
}
-if !(&reply.Reply-Message == "Hello User") {
+if !(reply.Reply-Message == "Hello User") {
test_fail
}
# Module should return NOOP if there's no result set to work with
map sql 'SELECT * FROM radusergroup WHERE priority <= 1' {
- &control.User-Name := 'username'
- &control.Filter-Id := 'groupname'
- &control.NAS-Port := 'priority'
+ control.User-Name := 'username'
+ control.Filter-Id := 'groupname'
+ control.NAS-Port := 'priority'
}
if (!notfound) {
test_fail
}
-if (&control.User-Name) {
+if (control.User-Name) {
test_fail
}
-if (&control.Filter-Id) {
+if (control.Filter-Id) {
test_fail
}
-if (&control.NAS-Port) {
+if (control.NAS-Port) {
test_fail
}
# Retrieve our test row
map sql 'SELECT * FROM radusergroup WHERE priority = 0' {
- &control.User-Name := 'username'
- &control.Filter-Id := 'groupname'
- &control.NAS-Port := 'priority'
+ control.User-Name := 'username'
+ control.Filter-Id := 'groupname'
+ control.NAS-Port := 'priority'
}
if (!updated) {
test_fail
}
-if !(&control.User-Name == 'bob') {
+if !(control.User-Name == 'bob') {
test_fail
}
-if !(&control.Filter-Id == 'bar') {
+if !(control.Filter-Id == 'bar') {
test_fail
}
-if !(&control.NAS-Port == 0) {
+if !(control.NAS-Port == 0) {
test_fail
}
# Clear the control list
-&control -= &User-Name[*]
-&control -= &Filter-Id[*]
-&control -= &NAS-Port[*]
+&control -= User-Name[*]
+&control -= Filter-Id[*]
+&control -= NAS-Port[*]
# Insert our second test row
%sql("INSERT INTO radusergroup (username, groupname, priority) VALUES ('oof', 'rab', 1)")
# Retrieve our test row(s) - With := we should get the values from the second row
map sql 'SELECT * FROM radusergroup WHERE priority <= 1 ORDER BY priority' {
- &control.User-Name := 'username'
- &control.Filter-Id := 'groupname'
- &control.NAS-Port := 'priority'
+ control.User-Name := 'username'
+ control.Filter-Id := 'groupname'
+ control.NAS-Port := 'priority'
}
if (!updated) {
test_fail
}
-if !(&control.User-Name == 'oof') {
+if !(control.User-Name == 'oof') {
test_fail
}
-if !(&control.Filter-Id == 'rab') {
+if !(control.Filter-Id == 'rab') {
test_fail
}
-if !(&control.NAS-Port == 1) {
+if !(control.NAS-Port == 1) {
test_fail
}
# Clear the control list
-&control -= &User-Name[*]
-&control -= &Filter-Id[*]
-&control -= &NAS-Port[*]
+&control -= User-Name[*]
+&control -= Filter-Id[*]
+&control -= NAS-Port[*]
# Retrieve our test row(s) - With = we should get the values from the first row
map sql 'SELECT * FROM radusergroup WHERE priority <= 1 ORDER BY priority' {
- &control.User-Name = 'username'
- &control.Filter-Id = 'groupname'
- &control.NAS-Port = 'priority'
+ control.User-Name = 'username'
+ control.Filter-Id = 'groupname'
+ control.NAS-Port = 'priority'
}
if (!updated) {
test_fail
}
-if !(&control.User-Name == 'bob') {
+if !(control.User-Name == 'bob') {
test_fail
}
-if !(&control.Filter-Id == 'bar') {
+if !(control.Filter-Id == 'bar') {
test_fail
}
-if !(&control.NAS-Port == 0) {
+if !(control.NAS-Port == 0) {
test_fail
}
# Clear the control list
-&control -= &User-Name[*]
-&control -= &Filter-Id[*]
-&control -= &NAS-Port[*]
+&control -= User-Name[*]
+&control -= Filter-Id[*]
+&control -= NAS-Port[*]
# Retrieve our test row(s) - With ^= we should get the values from the second row then the first
map sql 'SELECT * FROM radusergroup WHERE priority <= 1 ORDER BY priority' {
- &control.User-Name ^= 'username'
- &control.Filter-Id ^= 'groupname'
- &control.NAS-Port ^= 'priority'
+ control.User-Name ^= 'username'
+ control.Filter-Id ^= 'groupname'
+ control.NAS-Port ^= 'priority'
}
if (!updated) {
debug_control
-if ((&control.User-Name[0] != 'oof') || (&control.User-Name[1] != 'bob')) {
+if ((control.User-Name[0] != 'oof') || (control.User-Name[1] != 'bob')) {
test_fail
}
-if ((&control.Filter-Id[0] != 'rab') || (&control.Filter-Id[1] != 'bar')) {
+if ((control.Filter-Id[0] != 'rab') || (control.Filter-Id[1] != 'bar')) {
test_fail
}
-if ((&control.NAS-Port[0] != 1) || (&control.NAS-Port[1] != 0)) {
+if ((control.NAS-Port[0] != 1) || (control.NAS-Port[1] != 0)) {
test_fail
}
# Clear the control list
-&control -= &User-Name[*]
-&control -= &Filter-Id[*]
-&control -= &NAS-Port[*]
+&control -= User-Name[*]
+&control -= Filter-Id[*]
+&control -= NAS-Port[*]
# Retrieve our test row(s) - With += we should get the values from both rows
map sql 'SELECT * FROM radusergroup WHERE priority <= 1 ORDER BY priority' {
- &control.User-Name += 'username'
- &control.Filter-Id += 'groupname'
- &control.NAS-Port += 'priority'
+ control.User-Name += 'username'
+ control.Filter-Id += 'groupname'
+ control.NAS-Port += 'priority'
}
if !("%{control.User-Name[#]}" == 2) {
test_fail
}
-if ((&control.User-Name[0] == 'bob') && (&control.User-Name[1] == 'oof')) {
+if ((control.User-Name[0] == 'bob') && (control.User-Name[1] == 'oof')) {
test_pass
}
else {
test_fail
}
-if ((&control.Filter-Id[0] == 'bar') && (&control.Filter-Id[1] == 'rab')) {
+if ((control.Filter-Id[0] == 'bar') && (control.Filter-Id[1] == 'rab')) {
test_pass
}
else {
test_fail
}
-if ((&control.NAS-Port[0] == 0) && (&control.NAS-Port[1] == 1)) {
+if ((control.NAS-Port[0] == 0) && (control.NAS-Port[1] == 1)) {
test_pass
}
else {
}
# Clear the control list
-&control -= &User-Name[*]
-&control -= &Filter-Id[*]
-&control -= &NAS-Port[*]
+&control -= User-Name[*]
+&control -= Filter-Id[*]
+&control -= NAS-Port[*]
# Retrieve the username column only (should result in noop because not in map)
map sql 'SELECT username FROM radusergroup WHERE priority = 0' {
- &control.Filter-Id += 'groupname'
- &control.NAS-Port += 'priority'
+ control.Filter-Id += 'groupname'
+ control.NAS-Port += 'priority'
}
if (!noop) {
# Retrieve test row with specific username (using xlat'd query)
map sql "SELECT * FROM radusergroup WHERE priority <= 1 AND username = '%{User-Name}'" {
- &control.User-Name = 'username'
- &control.Filter-Id = 'groupname'
- &control.NAS-Port = 'priority'
+ control.User-Name = 'username'
+ control.Filter-Id = 'groupname'
+ control.NAS-Port = 'priority'
}
if (!updated) {
test_fail
}
-if !(&control.User-Name == 'bob') {
+if !(control.User-Name == 'bob') {
test_fail
}
-if !(&control.Filter-Id == 'bar') {
+if !(control.Filter-Id == 'bar') {
test_fail
}
-if !(&control.NAS-Port == 0) {
+if !(control.NAS-Port == 0) {
test_fail
}
&sqlcmd := %sql.safe("SELECT * FROM radusergroup WHERE priority <= 1 AND username = '%sql.escape(%{User-Name})'")
# Clear the control list
-&control -= &User-Name[*]
-&control -= &Filter-Id[*]
-&control -= &NAS-Port[*]
+&control -= User-Name[*]
+&control -= Filter-Id[*]
+&control -= NAS-Port[*]
# Retrieve test row with specific username (using ref'd query)
-map sql &sqlcmd {
- &control.User-Name = 'username'
- &control.Filter-Id = 'groupname'
- &control.NAS-Port = 'priority'
+map sql sqlcmd {
+ control.User-Name = 'username'
+ control.Filter-Id = 'groupname'
+ control.NAS-Port = 'priority'
}
if (!updated) {
test_fail
}
-if !(&control.User-Name == 'bob') {
+if !(control.User-Name == 'bob') {
test_fail
}
-if !(&control.Filter-Id == 'bar') {
+if !(control.Filter-Id == 'bar') {
test_fail
}
-if !(&control.NAS-Port == 0) {
+if !(control.NAS-Port == 0) {
test_fail
}
# Clear the control list
-&control -= &User-Name[*]
-&control -= &Filter-Id[*]
-&control -= &NAS-Port[*]
+&control -= User-Name[*]
+&control -= Filter-Id[*]
+&control -= NAS-Port[*]
&userfield := 'username'
&groupfield := 'name'
# Retrieve our test row(s) - Using different RHS types
map sql 'SELECT * FROM radusergroup WHERE priority = 0' {
- &control.User-Name = &userfield
- &control.Filter-Id = "group%{groupfield}"
- &control.NAS-Port = `/bin/echo priority`
+ control.User-Name = userfield
+ control.Filter-Id = "group%{groupfield}"
+ control.NAS-Port = `/bin/echo priority`
}
if (!updated) {
test_fail
}
-if !(&control.User-Name == 'bob') {
+if !(control.User-Name == 'bob') {
test_fail
}
-if !(&control.Filter-Id == 'bar') {
+if !(control.Filter-Id == 'bar') {
test_fail
}
-if !(&control.NAS-Port == 0) {
+if !(control.NAS-Port == 0) {
test_fail
}
# NAS-Identifier has un-safe SQL characters - check escaping works
map sql "SELECT attribute FROM radcheck WHERE username = '%{NAS-Identifier}'" {
- &control.Filter-Id = 'attribute'
+ control.Filter-Id = 'attribute'
}
if (!notfound) {
}
# Clear the control list
-&control -= &User-Name[*]
-&control -= &Filter-Id[*]
+&control -= User-Name[*]
+&control -= Filter-Id[*]
# Check behaviour of NULL vs empty string returns.
# radacct is used here as the default schema allows NULL in many columns
%sql("DELETE FROM radacct WHERE acctuniqueid = 'nullmap'")
%sql("INSERT INTO radacct (acctuniqueid, acctsessionid, nasipaddress, username) VALUES ('nullmap', 'nullmap', '10.11.12.13', '')")
map sql "SELECT username, connectinfo_start, nasipaddress FROM radacct WHERE acctuniqueid = 'nullmap'" {
- &control.User-Name := 'username'
- &control.Filter-Id := 'connectinfo_start'
- &control.NAS-IP-Address := 'nasipaddress'
+ control.User-Name := 'username'
+ control.Filter-Id := 'connectinfo_start'
+ control.NAS-IP-Address := 'nasipaddress'
}
-if !(&control.User-Name == '') {
+if !(control.User-Name == '') {
test_fail
}
-if (&control.Filter-Id) {
+if (control.Filter-Id) {
test_fail
}
-if !(&control.NAS-IP-Address == 10.11.12.13) {
+if !(control.NAS-IP-Address == 10.11.12.13) {
test_fail
}
test_fail
}
-if !(&control.Password.Cleartext == &User-Password) {
+if !(control.Password.Cleartext == User-Password) {
test_fail
}
-if !(&reply.Reply-Message == "Hello User") {
+if !(reply.Reply-Message == "Hello User") {
test_fail
}
sqlcounter dailycounter {
sql_module_instance = sql
dialect = ${modules.sql.dialect}
- counter_name = &control.Daily-Session-Time
- check_name = &control.Max-Daily-Session
- reply_name = &reply.Session-Timeout
- key = "%{&Stripped-User-Name || &User-Name}"
- reply_message_name = &Reply-Message
+ counter_name = control.Daily-Session-Time
+ check_name = control.Max-Daily-Session
+ reply_name = reply.Session-Timeout
+ key = "%{Stripped-User-Name || User-Name}"
+ reply_message_name = Reply-Message
reset = daily
utc = yes
sqlcounter dailycounter_extend {
sql_module_instance = sql
dialect = ${modules.sql.dialect}
- counter_name = &control.Daily-Session-Time
- check_name = &control.Max-Daily-Session
- reply_name = &reply.Session-Timeout
+ counter_name = control.Daily-Session-Time
+ check_name = control.Max-Daily-Session
+ reply_name = reply.Session-Timeout
auto_extend = yes
- key = "%{&Stripped-User-Name || &User-Name}"
- reply_message_name = &Reply-Message
+ key = "%{Stripped-User-Name || User-Name}"
+ reply_message_name = Reply-Message
reset = daily
utc = yes
#
# Check attributes have been set
#
-if !(&control.Daily-Session-Time == 0) {
+if !(control.Daily-Session-Time == 0) {
test_fail
}
-if !(&reply.Session-Timeout == 100) {
+if !(reply.Session-Timeout == 100) {
test_fail
}
#
&date_str = %date('now')
&now = %date(%{date_str})
-if (&date_str =~ /([0-9]{4}-[0-9]{2}-[0-9]{2}T)[0-9]{2}:[0-9]{2}:[0-9]{2}Z/) {
- &date_str := "%{1}" + '00:00:00Z'
+if (date_str =~ /([0-9]{4}-[0-9]{2}-[0-9]{2}T)[0-9]{2}:[0-9]{2}:[0-9]{2}Z/) {
+ date_str := "%{1}" + '00:00:00Z'
}
&start = %date(%{date_str})
-if !(&control.dailycounter-Reset-Start == &start) {
+if !(control.dailycounter-Reset-Start == start) {
test_fail
}
#
# Check the attributes have been updated
#
-if !(&control.Daily-Session-Time == 60) {
+if !(control.Daily-Session-Time == 60) {
test_fail
}
-if !(&reply.Session-Timeout == 40) {
+if !(reply.Session-Timeout == 40) {
test_fail
}
#
# Check the attributes have been updated correctly.
#
-if !(&control.Daily-Session-Time == 10) {
+if !(control.Daily-Session-Time == 10) {
test_fail
}
-if !(&reply.Session-Timeout == 40) {
+if !(reply.Session-Timeout == 40) {
test_fail
}
test_fail
}
-if !(&reply.Reply-Message == 'Your maximum daily usage has been reached') {
+if !(reply.Reply-Message == 'Your maximum daily usage has been reached') {
test_fail
}
-if !(&control.Daily-Session-Time == 109) {
+if !(control.Daily-Session-Time == 109) {
test_fail
}
# Find how much time is left before the next reset and set the limit
# so the user has enough remaining to get into the next period
#
-&remaining = &control.dailycounter-Reset-End - &now
-&control.Max-Daily-Session := &remaining + 110
+&remaining = control.dailycounter-Reset-End - now
+&control.Max-Daily-Session := remaining + 110
&reply := {}
dailycounter
-if !(&reply.Session-Timeout == (&control.Max-Daily-Session - 109)) {
+if !(reply.Session-Timeout == (control.Max-Daily-Session - 109)) {
test_fail
}
#
dailycounter_extend
-if !((&reply.Session-Timeout > (&remaining + &control.Max-Daily-Session - 2)) && (&reply.Session-Timeout <= (&remaining + &control.Max-Daily-Session))) {
+if !((reply.Session-Timeout > (remaining + control.Max-Daily-Session - 2)) && (reply.Session-Timeout <= (remaining + control.Max-Daily-Session))) {
test_fail
}
test_fail
}
-if !(&reply.Framed-IP-Address == 192.168.0.1) {
+if !(reply.Framed-IP-Address == 192.168.0.1) {
test_fail
}
# Check Expiry
#
&expiry := %sql("SELECT strftime('%%s', expiry_time) FROM fr_ippool WHERE pool_name = '%{control.IP-Pool.Name}' AND address = '%{reply.Framed-IP-Address}'")
-if ((&expiry - %l) < 20) {
+if ((expiry - %l) < 20) {
test_fail
}
# +2 - Some slop for macOS
-if ((&expiry - %l) > 42) {
+if ((expiry - %l) > 42) {
test_fail
}
test_fail
}
-&Framed-IP-Address := &reply.Framed-IP-Address
+&Framed-IP-Address := reply.Framed-IP-Address
&reply := {}
#
#
# Check the IP addresses are the same
#
-if !(&Framed-IP-Address == &reply.Framed-IP-Address) {
+if !(Framed-IP-Address == reply.Framed-IP-Address) {
test_fail
}
#
# Check we got the right lease
#
-if !(&reply.Framed-IP-Address == 192.168.1.1) {
+if !(reply.Framed-IP-Address == 192.168.1.1) {
test_fail
}
test_fail
}
-if (&reply.Framed-IP-Address) {
+if (reply.Framed-IP-Address) {
test_fail
}
test_fail
}
-if !(&reply.Framed-IP-Address == 192.168.0.1) {
+if !(reply.Framed-IP-Address == 192.168.0.1) {
test_fail
}
#
# Check we got no address
#
-if (&reply.Framed-IP-Address) {
+if (reply.Framed-IP-Address) {
test_fail
}
test_fail
}
-if !(&reply.Framed-IP-Address == 192.168.0.2) {
+if !(reply.Framed-IP-Address == 192.168.0.2) {
test_fail
}
# Check Expiry
#
&expiry := %sql("SELECT strftime('%%s', expiry_time) FROM fr_ippool WHERE pool_name = '%{control.IP-Pool.Name}' AND address = '%{reply.Framed-IP-Address}'")
-if ((&expiry - %l) < 20) {
+if ((expiry - %l) < 20) {
test_fail
}
# +2 - Some slop for macOS
-if ((&expiry - %l) > 42) {
+if ((expiry - %l) > 42) {
test_fail
}
}
&reply := {}
-&request -= &Framed-IP-Address
+&request -= Framed-IP-Address
#
# Now change the Calling-Station-ID and check we get a different lease
#
# Check we got the right lease - the oldest one by expiry_time
#
-if !(&reply.Framed-IP-Address == 192.168.0.3) {
+if !(reply.Framed-IP-Address == 192.168.0.3) {
test_fail
}
ippool_table = "fr_ippool"
lease_duration = 60
offer_duration = 30
- pool_name = &control.IP-Pool.Name
- allocated_address_attr = &reply.Framed-IP-Address
+ pool_name = control.IP-Pool.Name
+ allocated_address_attr = reply.Framed-IP-Address
owner = "%{Calling-Station-Id}"
requested_address = "%{Framed-IP-Address}"
gateway = "%{NAS-IP-Address}"
test_fail
}
-if !(&reply.Framed-IP-Address == 192.168.0.1) {
+if !(reply.Framed-IP-Address == 192.168.0.1) {
test_fail
}
#
# Release the IP address
#
-&Framed-IP-Address := &reply.Framed-IP-Address
+&Framed-IP-Address := reply.Framed-IP-Address
sqlippool.release
if !(updated) {
# Check the expiry - releasing an address sets the exipry to now
# Allow for some time passing between packet processing and "now"
&expiry := %sql("SELECT strftime('%%s', expiry_time) FROM fr_ippool WHERE pool_name = '%{control.IP-Pool.Name}' AND address = '%{reply.Framed-IP-Address}'")
-if (&expiry > (%l + 5)) {
+if (expiry > (%l + 5)) {
test_fail
}
-if ((%l - &expiry) > 5) {
+if ((%l - expiry) > 5) {
test_fail
}
# Release the IP address again
# Will return notfound as address is already released.
#
-&Framed-IP-Address := &reply.Framed-IP-Address
+&Framed-IP-Address := reply.Framed-IP-Address
sqlippool.release
test_fail
}
-if !(&reply.Framed-IP-Address == 192.168.0.10) {
+if !(reply.Framed-IP-Address == 192.168.0.10) {
test_fail
}
#
# Check that renewal does not mess with static IP
#
-&Framed-IP-Address := &reply.Framed-IP-Address
+&Framed-IP-Address := reply.Framed-IP-Address
sqlippool.renew
if !(updated) {
}
# 2.
-if !(&reply.Framed-IP-Address == 192.168.0.1) {
+if !(reply.Framed-IP-Address == 192.168.0.1) {
test_fail
}
# 3. Verify expiry time is based on offer duration
&expiry := %sql("SELECT strftime('%%s', expiry_time) FROM fr_ippool WHERE pool_name = '%{control.IP-Pool.Name}' AND address = '%{reply.Framed-IP-Address}'")
-if ((&expiry - %l) < 20) {
+if ((expiry - %l) < 20) {
test_fail
}
# 4.
-if ((&expiry - %l) > 40) {
+if ((expiry - %l) > 40) {
test_fail
}
%sql("INSERT INTO fr_ippool (pool_name, address, expiry_time) values ('%{control.IP-Pool.Name}', '192.168.1.1', datetime('now', '-00:10'))")
# 7. Verify that the lease time is extended
-&Framed-IP-Address := &reply.Framed-IP-Address
+&Framed-IP-Address := reply.Framed-IP-Address
&NAS-IP-Address := 127.0.0.2
sqlippool.renew
# 8. Check expiry reflects that
&expiry := %sql("SELECT strftime('%%s', expiry_time) FROM fr_ippool WHERE pool_name = '%{control.IP-Pool.Name}' AND address = '%{reply.Framed-IP-Address}'")
-if ((&expiry - %l) < 50) {
+if ((expiry - %l) < 50) {
test_fail
}
# 9.
-if ((&expiry - %l) > 70) {
+if ((expiry - %l) > 70) {
test_fail
}
}
# 14. Verify the lease is still associated with the previous device
-if !(&reply.Framed-IP-Address == %sql("SELECT address FROM fr_ippool WHERE pool_name = '%{control.IP-Pool.Name}' AND owner = '00:11:22:33:44:55'")) {
+if !(reply.Framed-IP-Address == %sql("SELECT address FROM fr_ippool WHERE pool_name = '%{control.IP-Pool.Name}' AND owner = '00:11:22:33:44:55'")) {
test_fail
}
}
# 4. Verify we got an IP
-if !(&reply.Framed-IP-Address == 192.168.0.1) {
+if !(reply.Framed-IP-Address == 192.168.0.1) {
test_fail
}
test_fail
}
-if (&Fall-Through != ${d_term}) {
+if (Fall-Through != ${d_term}) {
test_fail
}
}
# Check against dynamic attributes
-if ('${c_term}' != &User-Name) {
+if ('${c_term}' != User-Name) {
test_fail
}
}
dollar_expansions {
- &Fall-Through := yes
+ Fall-Through := yes
# Should be compiled out
if ('${a_term}' != '${a_term}') {
test_fail
}
- if (&Fall-Through != ${d_term}) {
+ if (Fall-Through != ${d_term}) {
test_fail
}
}
# Check against dynamic attributes
- if ('${c_term}' != &User-Name) {
+ if ('${c_term}' != User-Name) {
test_fail
}
}
# Use builtin "local" zone
&result_ipaddr := %dns('localhost', 'A')
-if (&result_ipaddr != 127.0.0.1) {
+if (result_ipaddr != 127.0.0.1) {
test_fail
}
&result_string := %dns('localhost', 'AAAA')
-if (&result_string != '::1') {
+if (result_string != '::1') {
test_fail
}
&result_string := %dns('1.0.0.127.in-addr.arpa', 'PTR')
-if (&result_string != 'localhost') {
+if (result_string != 'localhost') {
test_fail
}
# Use local data in module config to allow for dotted names
&result_ipaddr := %dns('www.example.com', 'A')
-if (&result_ipaddr != 192.168.1.1) {
+if (result_ipaddr != 192.168.1.1) {
test_fail
}
&result_string := %dns('1.1.168.192.in-addr.arpa', 'PTR')
-if (&result_string != 'www.example.com') {
+if (result_string != 'www.example.com') {
test_fail
}
# Try a real, known, network response
# Temporarily disabled while there is a bug in unbound
-#&result_string := %dns('8.8.8.8.in-addr.arpa', 'PTR')
+#result_string := %dns('8.8.8.8.in-addr.arpa', 'PTR')
-#if (&result_string != 'dns.google') {
+#if (result_string != 'dns.google') {
# test_fail
#}
# Invalid query
&result_string := %dns('www.example.com', 'ABC')
-if (&Module-Failure-Message != "Invalid / unsupported DNS query type") {
+if (Module-Failure-Message != "Invalid / unsupported DNS query type") {
test_fail
}
&result_string := ''
&result_string := %dns(%{result_string}, 'A')
-if (&Module-Failure-Message != "Can't resolve zero length host") {
+if (Module-Failure-Message != "Can't resolve zero length host") {
test_fail
}
# Each returned record is a pair of priority and host values.
&Filter-Id := %dns(example.com, 'MX')
-if !(((&Filter-Id[0] == '10') && (&Filter-Id[1] == 'mail.example.com') && (&Filter-Id[2] == '20') && (&Filter-Id[3] == 'mail2.example.com')) || ((&Filter-Id[2] == '10') && (&Filter-Id[3] == 'mail.example.com') && (&Filter-Id[0] == '20') && (&Filter-Id[1] == 'mail2.example.com'))) {
+if !(((Filter-Id[0] == '10') && (Filter-Id[1] == 'mail.example.com') && (Filter-Id[2] == '20') && (Filter-Id[3] == 'mail2.example.com')) || ((Filter-Id[2] == '10') && (Filter-Id[3] == 'mail.example.com') && (Filter-Id[0] == '20') && (Filter-Id[1] == 'mail2.example.com'))) {
test_fail
}
# As results are not in a specified order, it could be either.
&Filter-Id := %dns(example.com,MX,1)
-if !(((&Filter-Id[0] == '10') && (&Filter-Id[1] == 'mail.example.com')) || ((&Filter-Id[0] == '20') && (&Filter-Id[1] == 'mail2.example.com'))) {
+if !(((Filter-Id[0] == '10') && (Filter-Id[1] == 'mail.example.com')) || ((Filter-Id[0] == '20') && (Filter-Id[1] == 'mail2.example.com'))) {
test_fail
}
&result_string := %dns('n0nex1stent.d0ma1n', 'A')
# Running this on macOS produces a timeout due to the nonexistent TLD
-if ((&Module-Failure-Message != "dns - Nonexistent domain name") && (&Module-Failure-Message != "Timeout waiting for DNS resolution")) {
+if ((Module-Failure-Message != "dns - Nonexistent domain name") && (Module-Failure-Message != "Timeout waiting for DNS resolution")) {
test_fail
}
allow_vulnerable_openssl = yes
}
+#
+# Migration flags
+#
+migrate {
+ require_enum_prefix = yes
+}
+
delete_from_radacct = "DELETE FROM radacct WHERE AcctSessionId ="
delete_from_radcheck = "DELETE FROM radcheck WHERE username ="
delete_from_radreply = "DELETE FROM radreply WHERE username ="
policy {
test_pass {
- &control.Auth-Type := ::Accept
+ control.Auth-Type := ::Accept
}
test_fail {
- &reply += {
- &Reply-Message = "Failure in test at line %interpreter(...line)"
+ reply += {
+ Reply-Message = "Failure in test at line %interpreter(...line)"
}
reject
}
# Test "authenticate" winbind call.
winbind
-if !(&control.Auth-Type == ::winbind) {
+if !(control.Auth-Type == ::winbind) {
test_fail
}
#winbind unit test config
winbind {
- username = "%{&Stripped-User-Name || &User-Name}"
+ username = "%{Stripped-User-Name || User-Name}"
group {
- search_username = "%{&Stripped-User-Name || &User-Name}"
+ search_username = "%{Stripped-User-Name || User-Name}"
}
}
# Call yubikey module to split OTP from password
yubikey
-if !(&User-Password == 'hello') {
+if !(User-Password == 'hello') {
test_fail
}
-if !(&Vendor-Specific.Yubico.Yubikey-OTP) {
+if !(Vendor-Specific.Yubico.Yubikey-OTP) {
test_fail
}
-if !(&Vendor-Specific.Yubico.Yubikey-Public-Id == 'ddddgciilcjk') {
+if !(Vendor-Specific.Yubico.Yubikey-Public-Id == 'ddddgciilcjk') {
test_fail
}
yubikey.authenticate
# Check all the attributes have been created
-if !(&Vendor-Specific.Yubico.Yubikey-Private-Id == 0x1dfc67f97828) {
+if !(Vendor-Specific.Yubico.Yubikey-Private-Id == 0x1dfc67f97828) {
test_fail
}
-if !(&Vendor-Specific.Yubico.Yubikey-Timestamp) {
+if !(Vendor-Specific.Yubico.Yubikey-Timestamp) {
test_fail
}
-if !(&Vendor-Specific.Yubico.Yubikey-Counter == 258) {
+if !(Vendor-Specific.Yubico.Yubikey-Counter == 258) {
test_fail
}
-if !(&Vendor-Specific.Yubico.Yubikey-Random) {
+if !(Vendor-Specific.Yubico.Yubikey-Random) {
test_fail
}
# Increase the known "counter" value to detect a replay attack
-&control.Vendor-Specific.Yubico.Yubikey-Counter := &Vendor-Specific.Yubico.Yubikey-Counter
+&control.Vendor-Specific.Yubico.Yubikey-Counter := Vendor-Specific.Yubico.Yubikey-Counter
yubikey.authenticate {
reject = 1
test_fail
}
-if !(&Module-Failure-Message == 'yubikey: Replay attack detected! Counter value 258, is lt or eq to last known counter value 258') {
+if !(Module-Failure-Message == 'yubikey: Replay attack detected! Counter value 258, is lt or eq to last known counter value 258') {
test_fail
}
&test_string := 'vvrbuctetdhc'
&result_string := %modhextohex(%{test_string})
-if (&result_string != 'ffc1e0d3d260') {
+if (result_string != 'ffc1e0d3d260') {
test_fail
}
test_fail
}
-if (&result_string) {
+if (result_string) {
test_fail
}
-if (&Module-Failure-Message != "Modhex string invalid") {
+if (Module-Failure-Message != "Modhex string invalid") {
test_fail
}
test_fail
}
-if (&result_string) {
+if (result_string) {
test_fail
}
projects / thirdparty / freeradius-server.git / commitdiff
