via scripts, with some manual fixes to the unit tests. Changing the length of an xlat
function changes the offset in a string where an error occurs.
perl -p -i -e 's/%concat\(/%str.concat\(/g' $(git grep -l 'concat' doc/antora raddb src/tests)
perl -p -i -e 's/%explode\(/%str.split\(/g' $(git grep -l 'explode' doc/antora raddb src/tests)
perl -p -i -e 's/%hmacmd5\(/%hmac.md5\(/g' $(git grep -l 'hmacmd5' doc/antora raddb src/tests)
perl -p -i -e 's/%hmacmd4\(/%hmac.md4\(/g' $(git grep -l 'hmacmd4' doc/antora raddb src/tests)
perl -p -i -e 's/%hmacsha1\(/%hmac.sha1\(/g' $(git grep -l 'hmacsha1' doc/antora raddb src/tests)
perl -p -i -e 's/%lpad\(/%str.lpad\(/g' $(git grep -l 'lpad' doc/antora raddb src/tests)
perl -p -i -e 's/%rpad\(/%str.rpad\(/g' $(git grep -l 'rpad' doc/antora raddb src/tests)
perl -p -i -e 's/%substr\(/%str.substr\(/g' $(git grep -l 'substr' doc/antora raddb src/tests)
perl -p -i -e 's/%randstr\(/%str.rand\(/g' $(git grep -l 'randstr' doc/antora raddb src/tests)
perl -p -i -e 's/%md4\(/%hash.md4\(/g' $(git grep -l 'md4' doc/antora raddb src/tests)
perl -p -i -e 's/%md5\(/%hash.md5\(/g' $(git grep -l 'md5' doc/antora raddb src/tests)
perl -p -i -e 's/%sha2_224\(/%hash.sha2_224\(/g' $(git grep -l 'sha2_224' doc/antora raddb src/tests)
perl -p -i -e 's/%sha2_256\(/%hash.sha2_256\(/g' $(git grep -l 'sha2_256' doc/antora raddb src/tests)
perl -p -i -e 's/%sha2_384\(/%hash.sha2_384\(/g' $(git grep -l 'sha2_384' doc/antora raddb src/tests)
perl -p -i -e 's/%sha2_512\(/%hash.sha2_512\(/g' $(git grep -l 'sha2_512' doc/antora raddb src/tests)
perl -p -i -e 's/%blake2s_256\(/%hash.blake2s_256\(/g' $(git grep -l 'blake2s_256' doc/antora raddb src/tests)
perl -p -i -e 's/%blake2b_512\(/%hash.blake2b_512\(/g' $(git grep -l 'blake2b_512' doc/antora raddb src/tests)
perl -p -i -e 's/%sha3_224\(/%hash.sha3_224\(/g' $(git grep -l 'sha3_224' doc/antora raddb src/tests)
perl -p -i -e 's/%sha3_256\(/%hash.sha3_256\(/g' $(git grep -l 'sha3_256' doc/antora raddb src/tests)
perl -p -i -e 's/%sha3_384\(/%hash.sha3_384\(/g' $(git grep -l 'sha3_384' doc/antora raddb src/tests)
perl -p -i -e 's/%sha3_512\(/%hash.sha3_512\(/g' $(git grep -l 'sha3_512' doc/antora raddb src/tests)
perl -p -i -e 's/%tolower\(/%str.lower\(/g' $(git grep -l 'tolower' doc/antora raddb src/tests)
perl -p -i -e 's/%toupper\(/%str.upper\(/g' $(git grep -l 'toupper' doc/antora raddb src/tests)
perl -p -i -e 's/%urlquote\(/%url.quote\(/g' $(git grep -l 'urlquote' doc/antora raddb src/tests)
perl -p -i -e 's/%urlunquote\(/%url.unquote\(/g' $(git grep -l 'urlunquote' doc/antora raddb src/tests)
** The server still doesn't always require (or print) the `::` prefix. That will change.
** By implementing `::` for enums, the requirement to use `&` as a prefix for attribute names is not needed.
** This change may require an update to all of the configuration. We will try to allow `&`, but that may not be possible.
-* Dynamic expansions have changed from `%{md5:foo}` to a more standard syntax of `%md5(foo)`.
+* Dynamic expansions have changed from `%{md5:foo}` to a more standard syntax of `%hash.md5(foo)`.
** The new syntax supports multiple comma-separated arguments such as `%function(a, b, c)`.
** Expansions such as `%{User-Name}` work in addition to expressions like `%{1+2}` too.
** Alternation `%{foo || bar}` supersedes `%{%{foo}:-%{bar}}` now.
== Xlat expansions
-xref:reference:xlat/index.adoc[xlat] expansions have been changed from syntax like `%{md5:...}` to `%md5(...)`.
+xref:reference:xlat/index.adoc[xlat] expansions have been changed from syntax like `%{md5:...}` to `%hash.md5(...)`.
=== Removed expansions
update {
reply.Reply-Message := reply.Reply-Message
reply.Reply-Message += "Cache last updated at %t"
- reply.Class := "%randstr(ssssssssssssssssssssssssssssssss)"
+ reply.Class := "%str.rand(ssssssssssssssssssssssssssssssss)"
}
}
```
may be specified with `body`. Will be expanded.
Values from expansion will not be escaped, this should be
done using the appropriate `xlat` method e.g.
- `%urlquote(<attr>)`
| `auth` | HTTP auth method to use, one of 'none', 'srp', 'basic', | yes
'digest', 'digest-ie', 'gss-negotiate', 'ntlm',
'ntlm-winbind', 'any', 'safe'. defaults to _'none'_.
Set the random number to save.
```
- session-state.challenge-string := "%randstr(n)"
+ session-state.challenge-string := "%str.rand(n)"
reply.Reply-Message := "Please enter %{session-state.challenge-string}: "
```
Split the string and split into pieces.
```
- if ("%explode(control.user-session, '|')") {
+ if ("%str.split(control.user-session, '|')") {
foreach control.user-session {
```
```
# if (!reply.State) {
-# reply.State := "0x%randstr(16h)"
+# reply.State := "0x%str.rand(16h)"
# }
```
- The encrypt expansions of the `rlm_cipher` module.
- The `%3gpp_temporary_id_encrypt()` expansion.
-- The `%randstr()` expansion.
+- The `%str.rand()` expansion.
NOTE: Add a `reply.Next-Pseudonym-Id` attribute in this section to
avoid having the permanent Id of the SIM exposed during subsequent
```
```
-# csn := %concat(%ldap("ldap:///%ldap.uri.safe(%{LDAP-Sync.Directory-Root-DN})?contextCSN?base"), ';')
+# csn := %str.concat(%ldap("ldap:///%ldap.uri.safe(%{LDAP-Sync.Directory-Root-DN})?contextCSN?base"), ';')
# reply.LDAP-Sync.Cookie := "rid=000,csn=%{csn}"
# }
}
.Example Creating multiple Attributes
----
-Tmp-Integer-0 := %explode("192.168.0.1", '.')
+Tmp-Integer-0 := %str.split("192.168.0.1", '.')
----
If you need to cast an entire list to a value, then the value being
cast should be surrounded by brackets.
-In the following example, the `%explode()` function will return a list
+In the following example, the `%str.split()` function will return a list
of four values: `{"192", "168", "0", "1"}`. Casting that to a string
causes the values to be merged together, The resulting string is
`"19216801"`.
If you need to add text in between each list entry, see the
-`%concat()` function in the xref:xlat/builtin.adoc[built-in
+`%str.concat()` function in the xref:xlat/builtin.adoc[built-in
expansions] list.
.Example Creating multiple Attributes
----
-reply.Reply-Message := (string) (%explode("192.168.0.1", '.'))
+reply.Reply-Message := (string) (%str.split("192.168.0.1", '.'))
----
=== Other Data Types
-= %concat(<ref:[idx]>, <delim>)
+= %str.concat(<ref:[idx]>, <delim>)
Used to join two or more attributes, separated by an optional delimiter.
.Return: _string_
-In most cases, `%concat(...)` is only useful inside of a dynamically
+In most cases, `%str.concat(...)` is only useful inside of a dynamically
expanded string. If you need to concatenate strings together in a policy, just use `+`.
.Example
}
reply += {
- Reply-Message = "%concat(%{control.Tmp-String-0[*]}, ', ')"
- Reply-Message = "%concat(%{control.Tmp-String-0[*]}, ',')"
+ Reply-Message = "%str.concat(%{control.Tmp-String-0[*]}, ', ')"
+ Reply-Message = "%str.concat(%{control.Tmp-String-0[*]}, ',')"
}
----
The value of 12345 in hex is 3132333435
```
-== %urlquote( ... )
+== %url.quote( ... )
Quote URL special characters.
----
control.Tmp-String-0 := "http://example.org/"
reply += {
- Reply-Message = "The urlquote of %{control.Tmp-String-0} is %urlquote(%{control.Tmp-String-0})"
+ Reply-Message = "The urlquote of %{control.Tmp-String-0} is %url.quote(%{control.Tmp-String-0})"
}
----
The urlquote of http://example.org/ is http%3A%2F%2Fexample.org%2F
```
-== %urlunquote( ... )
+== %url.unquote( ... )
Unquote URL special characters.
----
control.Tmp-String-0 := "http%%3A%%2F%%2Fexample.org%%2F" # Attention for the double %.
reply += {
- Reply-Message = "The urlunquote of %{control.Tmp-String-0} is %urlunquote(%{control.Tmp-String-0})"
+ Reply-Message = "The urlunquote of %{control.Tmp-String-0} is %url.unquote(%{control.Tmp-String-0})"
}
----
The functions are defined in the `dict` module. It must be listed in
the `mods-enabled/` directory in order for the expansions to work.
-== %concat(<ref:[idx]>, <delim>)
+== %str.concat(<ref:[idx]>, <delim>)
Used to join two or more attributes, separated by an optional delimiter.
.Return: _string_
-In most cases, `%concat(...)` is only useful inside of a dynamically
+In most cases, `%str.concat(...)` is only useful inside of a dynamically
expanded string. If you need to concatenate strings together in a policy, just use `+`.
.Example
}
reply += {
- Reply-Message = "%concat(%{control.Tmp-String-0[*]}, ', ')"
- Reply-Message = "%concat(%{control.Tmp-String-0[*]}, ',')"
+ Reply-Message = "%str.concat(%{control.Tmp-String-0[*]}, ', ')"
+ Reply-Message = "%str.concat(%{control.Tmp-String-0[*]}, ',')"
}
----
foo += control.Tmp-String-0[*]
----
-== %explode(<ref>, <delim>)
+== %str.split(<ref>, <delim>)
Split an string into multiple new strings based on a delimiter.
-This expansion is the opposite of `%concat( ... )`.
+This expansion is the opposite of `%str.concat( ... )`.
.Return: _the number exploded list of strings_.
----
control.Tmp-String-0 := "bob.toba@domain.com"
-control.Tmp-String-1 := "%explode(control.Tmp-String-0, '@')"
+control.Tmp-String-1 := "%str.split(control.Tmp-String-0, '@')"
reply.Reply-Message := "Welcome %{control.Tmp-String-1[0]}"
----
Welcome bob.toba
```
-== %lpad(<string>, <val>, <char>)
+== %str.lpad(<string>, <val>, <char>)
Left-pad a string.
----
control.Tmp-String-0 := "123"
-reply.Reply-Message := "Maximum should be %lpad(%{control.Tmp-String-0}, 11, '0')"
+reply.Reply-Message := "Maximum should be %str.lpad(%{control.Tmp-String-0}, 11, '0')"
----
.Output
Maximum should be 00000000123
```
-== %rpad(<string>, <val>, <char>)
+== %str.rpad(<string>, <val>, <char>)
Right-pad a string.
----
control.Tmp-String-0 := "123"
-reply.Reply-Message := "Maximum should be %rpad(%{control.Tmp-String-0}, 11, '0')"
+reply.Reply-Message := "Maximum should be %str.rpad(%{control.Tmp-String-0}, 11, '0')"
----
.Output
Serialize output: Tmp-String-0 = "\"This is a string\", Tmp-String-0 = \"This is another one\""
```
-== %randstr( ...)
+== %str.rand( ...)
Get random string built from character classes.
[source,unlang]
----
-reply.Reply-Message := "The random string output is %randstr(aaaaaaaa}"
+reply.Reply-Message := "The random string output is %str.rand(aaaaaaaa}"
----
.Output
The random string output is 4Uq0gPyG
```
-== %tolower( ... )
+== %str.lower( ... )
Dynamically expands the string and returns the lowercase version of
it. This definition is only available in version 2.1.10 and later.
[source,unlang]
----
control.Tmp-String-0 := "CAIPIRINHA"
-reply.Reply-Message := "tolower of %{control.Tmp-String-0} is %tolower(%{control.Tmp-String-0})"
+reply.Reply-Message := "tolower of %{control.Tmp-String-0} is %str.lower(%{control.Tmp-String-0})"
----
.Output
tolower of CAIPIRINHA is caipirinha
```
-== %toupper( ... )
+== %str.upper( ... )
Dynamically expands the string and returns the uppercase version of
it. This definition is only available in version 2.1.10 and later.
[source,unlang]
----
control.Tmp-String-0 := "caipirinha"
-reply.Reply-Message := "toupper of %{control.Tmp-String-0} is " + %toupper(%{control.Tmp-String-0})
+reply.Reply-Message := "toupper of %{control.Tmp-String-0} is " + %str.upper(%{control.Tmp-String-0})
----
.Output
-= %explode(<ref>, <delim>)
+= %str.split(<ref>, <delim>)
Split an string into multiple new strings based on a delimiter.
----
control.Tmp-String-0 := "bob.toba@domain.com"
-control.Tmp-String-1 := "%explode(control.Tmp-String-0, '@')"
+control.Tmp-String-1 := "%str.split(control.Tmp-String-0, '@')"
reply.Reply-Message := "Welcome %{control.Tmp-String-1[0]}"
----
.Example
[source,unlang]
----
-if (User-Name == %md5(NAS-Identifier)) {
+if (User-Name == %hash.md5(NAS-Identifier)) {
reject
}
----
SHA1. These functions are here for historical compatibility and
completeness.
-== %hmacmd5(<shared_key>, <string>)
+== %hmac.md5(<shared_key>, <string>)
Generate `HMAC-MD5` of string.
----
control.Tmp-String-0 := "mykey"
control.Tmp-String-1 := "Caipirinha"
-reply.control.Tmp-Octets-0 := "%hmacmd5(%{control.Tmp-String-0} %{control.Tmp-String-1})"
+reply.control.Tmp-Octets-0 := "%hmac.md5(%{control.Tmp-String-0} %{control.Tmp-String-1})"
reply += {
Reply-Message = "The HMAC-MD5 of %{control.Tmp-String-1} in octets is %{control.Tmp-Octets-0}"
The HMAC-MD5 of Caipirinha in hex is 636f6e74726f6c3a546d702d4f63746574732d30
```
-== %hmacsha1(<shared_key>, <string>)
+== %hmac.sha1(<shared_key>, <string>)
Generate `HMAC-SHA1` of string.
----
control.Tmp-String-0 := "mykey"
control.Tmp-String-1 := "Caipirinha"
-control.Tmp-Octets-0 := "%hmacsha1(%{control.Tmp-String-0}, %{control.Tmp-String-1})"
+control.Tmp-Octets-0 := "%hmac.sha1(%{control.Tmp-String-0}, %{control.Tmp-String-1})"
reply += {
Reply-Message = "The HMAC-SHA1 of %{control.Tmp-String-1} in octets is %{control.Tmp-Octets-0}"
The HMAC-SHA1 of Caipirinha in hex is 636f6e74726f6c3a546d702d4f63746574732d30
```
-== %md5( ... )
+== %hash.md5( ... )
Dynamically expands the string and performs an MD5 hash on it. The
result is binary data.
----
control.Tmp-String-0 := "Caipirinha"
reply += {
- Reply-Message = "md5 of %{control.Tmp-String-0} is octal=%md5(%{control.Tmp-String-0})"
- Reply-Message = "md5 of %{control.Tmp-String-0} is hex=%hex(%md5(%{control.Tmp-String-0}))"
+ Reply-Message = "md5 of %{control.Tmp-String-0} is octal=%hash.md5(%{control.Tmp-String-0})"
+ Reply-Message = "md5 of %{control.Tmp-String-0} is hex=%hex(%hash.md5(%{control.Tmp-String-0}))"
}
----
The following hashes are supported for all versions of OpenSSL.
* `%md2( ... }`
-* `%md4( ... }`
-* `%md5( ... }`
+* `%hash.md4( ... }`
+* `%hash.md5( ... }`
* `%sha1( ... }`
* `%sha224( ... }`
* `%sha256( ... }`
is installed. This version adds support for the `sha3` and `blake`
families of digest functions.
-* `%blake2s_256( ... )`
-* `%blake2b_512( ... )`
-* `%sha2_224( ... )`
-* `%sha2_256( ... )`
-* `%sha2_384( ... )`
-* `%sha2_512( ... )`
-* `%sha3_224( ... )`
-* `%sha3_256( ... )`
-* `%sha3_384( ... )`
-* `%sha3_512( ... )`
+* `%hash.blake2s_256( ... )`
+* `%hash.blake2b_512( ... )`
+* `%hash.sha2_224( ... )`
+* `%hash.sha2_256( ... )`
+* `%hash.sha2_384( ... )`
+* `%hash.sha2_512( ... )`
+* `%hash.sha3_224( ... )`
+* `%hash.sha3_256( ... )`
+* `%hash.sha3_384( ... )`
+* `%hash.sha3_512( ... )`
.Return: _octal_
----
control.Tmp-String-0 := "Caipirinha"
reply += {
- Reply-Message = "The md5 of %{control.Tmp-String-0} in octal is %md5(%{control.Tmp-String-0}}"
- Reply-Message = "The md5 of %{control.Tmp-String-0} in hex is %hex(%md5(%{control.Tmp-String-0}}}"
+ Reply-Message = "The md5 of %{control.Tmp-String-0} in octal is %hash.md5(%{control.Tmp-String-0}}"
+ Reply-Message = "The md5 of %{control.Tmp-String-0} in hex is %hex(%hash.md5(%{control.Tmp-String-0}}}"
}
----
-= %lpad(<string>, <val>, <char>)
+= %str.lpad(<string>, <val>, <char>)
Left-pad a string.
----
control.Tmp-String-0 := "123"
-reply.Reply-Message := "Maximum should be %lpad(%{control.Tmp-String-0}, 11, '0')"
+reply.Reply-Message := "Maximum should be %str.lpad(%{control.Tmp-String-0}, 11, '0')"
----
.Output
-= %randstr( <format> )
+= %str.rand( <format> )
Get random string built from input character classes.
[source,unlang]
----
-reply.Reply-Message := "The random string output is %randstr(8a)"
+reply.Reply-Message := "The random string output is %str.rand(8a)"
----
.Output
-= %rpad(<string>, <val>, <char>)
+= %str.rpad(<string>, <val>, <char>)
Right-pad a string.
----
control.Tmp-String-0 := "123"
-reply.Reply-Message := "Maximum should be %rpad(%{control.Tmp-String-0}, 11, '0')"
+reply.Reply-Message := "Maximum should be %str.rpad(%{control.Tmp-String-0}, 11, '0')"
----
.Output
-= %tolower( ... )
+= %str.lower( ... )
Dynamically expands the string and returns the lowercase version of
it.
[source,unlang]
----
control.Tmp-String-0 := "CAIPIRINHA"
-reply.Reply-Message := "tolower of %{control.Tmp-String-0} is %tolower(%{control.Tmp-String-0})"
+reply.Reply-Message := "tolower of %{control.Tmp-String-0} is %str.lower(%{control.Tmp-String-0})"
----
.Output
-= %toupper( ... )
+= %str.upper( ... )
Dynamically expands the string and returns the uppercase version of
it.
[source,unlang]
----
control.Tmp-String-0 := "caipirinha"
-reply.Reply-Message := "toupper of %{control.Tmp-String-0} is " + %toupper(%{control.Tmp-String-0})
+reply.Reply-Message := "toupper of %{control.Tmp-String-0} is " + %str.upper(%{control.Tmp-String-0})
----
.Output
reply.Reply-Message += "Cache last updated at %t"
# Add your own value for `Class`.
- reply.Class := "%randstr(ssssssssssssssssssssssssssssssss)"
+ reply.Class := "%str.rand(ssssssssssssssssssssssssssssssss)"
}
#
# may be specified with `body`. Will be expanded.
# Values from expansion will not be escaped, this should be
# done using the appropriate `xlat` method e.g.
- # `%urlquote(<attr>)`
# | `auth` | HTTP auth method to use, one of 'none', 'srp', 'basic', | yes
# 'digest', 'digest-ie', 'gss-negotiate', 'ntlm',
# 'ntlm-winbind', 'any', 'safe'. defaults to _'none'_.
# We fix this issue by converting the MD5 inputs into printable
# string form.
#
-# Similarly, the output of `%md5(..)` is binary safe, and is
+# Similarly, the output of `%hash.md5(..)` is binary safe, and is
# therefore a binary blob. We therefore convert the output
# of it to a printable string via `%hex(...)`
#
# wireless environment).
#
if (Class =~ /${policy.class_value_prefix}([0-9a-f]{32})/i) {
- request.Acct-Unique-Session-Id := %hex(%md5("%{1}%{Acct-Session-ID}"))
+ request.Acct-Unique-Session-Id := %hex(%hash.md5("%{1}%{Acct-Session-ID}"))
}
#
# is not included
#
else {
- request.Acct-Unique-Session-Id := %hex(%md5("%{User-Name},%{Acct-Multi-Session-ID},%{Acct-Session-ID},%{NAS-IPv6-Address || NAS-IP-Address},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}"))
+ request.Acct-Unique-Session-Id := %hex(%hash.md5("%{User-Name},%{Acct-Multi-Session-ID},%{Acct-Session-ID},%{NAS-IPv6-Address || NAS-IP-Address},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}"))
}
}
# Insert a (hopefully unique) value into class
#
insert_acct_class {
- reply.Class = '${policy.class_value_prefix}' + %hex(%md5("%t%I%{Net.Src.Port}%{Net.Src.IP}%{NAS-IP-Address}%{Calling-Station-ID}%{User-Name}"))
+ reply.Class = '${policy.class_value_prefix}' + %hex(%hash.md5("%t%I%{Net.Src.Port}%{Net.Src.IP}%{NAS-IP-Address}%{Calling-Station-ID}%{User-Name}"))
}
#
#
rewrite_called_station_id {
if (Called-Station-Id && (Called-Station-Id =~ /^${policy.mac-addr-regexp}([^0-9a-f](.+))?$/i)) {
- request.Called-Station-Id := %toupper("%{1}-%{2}-%{3}-%{4}-%{5}-%{6}")
+ request.Called-Station-Id := %str.upper("%{1}-%{2}-%{3}-%{4}-%{5}-%{6}")
# SSID component?
if (%{8}) {
#
rewrite_calling_station_id {
if (Calling-Station-Id && (Calling-Station-Id =~ /^${policy.mac-addr-regexp}$/i)) {
- request.Calling-Station-Id := %toupper("%{1}-%{2}-%{3}-%{4}-%{5}-%{6}")
+ request.Calling-Station-Id := %str.upper("%{1}-%{2}-%{3}-%{4}-%{5}-%{6}")
updated
}
cui.post-auth {
if (!control.Proxy-To-Realm && Chargeable-User-Identity && !reply.Chargeable-User-Identity &&
(Operator-Name || ('${policy.cui_require_operator_name}' != 'yes')) ) {
- reply.Chargeable-User-Identity = %sha1("${policy.cui_hash_key}%tolower(%{User-Name}%{Operator-Name || ''})")
+ reply.Chargeable-User-Identity = %sha1("${policy.cui_hash_key}%str.lower(%{User-Name}%{Operator-Name || ''})")
}
#
cui-inner.post-auth {
if (outer.request.Chargeable-User-Identity && \
(outer.request.Operator-Name || ('${policy.cui_require_operator_name}' != 'yes'))) {
- reply.Chargeable-User-Identity := %sha1("${policy.cui_hash_key}%tolower(%{User-Name}%{outer.request.Operator-Name || ''})")
+ reply.Chargeable-User-Identity := %sha1("${policy.cui_hash_key}%str.lower(%{User-Name}%{outer.request.Operator-Name || ''})")
}
}
#
# reject mixed case e.g. "UseRNaMe"
#
- #if (User-Name != %tolower(User-Name)) {
+ #if (User-Name != %str.lower(User-Name)) {
# reject
#}
# Because "\000" yields "zero length delimiter is not allowed"
#
delim = 0x00
- tmp.User-Password := %explode(%{User-Password}, "%{delim}")
+ tmp.User-Password := %str.split(%{User-Password}, "%{delim}")
User-Password := tmp.User-Password[0]
}
#
# Set the random number to save.
#
- session-state.challenge-string := "%randstr(n)"
+ session-state.challenge-string := "%str.rand(n)"
reply.Reply-Message := "Please enter %{session-state.challenge-string}: "
#
#
# Split the string and split into pieces.
#
- if ("%explode(control.user-session, '|')") {
+ if ("%str.split(control.user-session, '|')") {
foreach control.user-session {
#
# Service-Type = ::Authorize-Only.
#
# if (!reply.State) {
-# reply.State := "0x%randstr(16h)"
+# reply.State := "0x%str.rand(16h)"
# }
#
#
# - The encrypt expansions of the `rlm_cipher` module.
# - The `%3gpp_temporary_id_encrypt()` expansion.
- # - The `%randstr()` expansion.
+ # - The `%str.rand()` expansion.
#
# NOTE: Add a `reply.Next-Pseudonym-Id` attribute in this section to
# avoid having the permanent Id of the SIM exposed during subsequent
# if (!reply.LDAP-Sync.Cookie) {
# string csn
#
-# csn := %concat(%ldap("ldap:///%ldap.uri.safe(%{LDAP-Sync.Directory-Root-DN})?contextCSN?base"), ';')
+# csn := %str.concat(%ldap("ldap:///%ldap.uri.safe(%{LDAP-Sync.Directory-Root-DN})?contextCSN?base"), ';')
# reply.LDAP-Sync.Cookie := "rid=000,csn=%{csn}"
# }
}
# Test the acct_unique policy
#
#
-Acct-Unique-Session-Id := %hex(%md5("%{User-Name},%{Acct-Multi-Session-ID},%{Acct-Session-ID},%{NAS-IPv6-Address || NAS-IP-Address},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}"))
+Acct-Unique-Session-Id := %hex(%hash.md5("%{User-Name},%{Acct-Multi-Session-ID},%{Acct-Session-ID},%{NAS-IPv6-Address || NAS-IP-Address},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}"))
if Acct-Unique-Session-Id != "159dccf021583d7413b0114a090529ca" {
test_fail
-request.Acct-Unique-Session-Id := %hex(%md5("%{User-Name},%{Acct-Multi-Session-ID},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}")) # ERROR
+request.Acct-Unique-Session-Id := %hex(%hash.md5("%{User-Name},%{Acct-Multi-Session-ID},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}")) # ERROR
ok # separate updates
-result_string := %concat(%{control.[*]}, ', ')
+result_string := %str.concat(%{control.[*]}, ', ')
"%{result_string}"
if (!(result_string == "bob, hello, ab c, de fg, 123")) {
test_fail
}
-result_string := %concat(%{control.Calling-Station-Id[*]}, ', ')
+result_string := %str.concat(%{control.Calling-Station-Id[*]}, ', ')
if (!(result_string == "ab c, de fg")) {
test_fail
}
# Empty separator
-result_string := %concat(%{control.Calling-Station-Id[*]})
+result_string := %str.concat(%{control.Calling-Station-Id[*]})
if (!(result_string == "ab cde fg")) {
test_fail
}
# Single character separator
-result_string := %concat(%{control.Calling-Station-Id[*]}, ',')
+result_string := %str.concat(%{control.Calling-Station-Id[*]}, ',')
if (!(result_string == "ab c,de fg")) {
test_fail
}
# Multi character separator not delimited
-result_string := %concat(%{control.Calling-Station-Id[*]}, '|-')
+result_string := %str.concat(%{control.Calling-Station-Id[*]}, '|-')
if !(result_string == "ab c|-de fg") {
test_fail
#
# Append, don't create multiple versions
#
-bar += %explode(baz, ',')
+bar += %str.split(baz, ',')
if !(bar == "abcde") {
test_fail
# We cannot have multiple copies of local variables. There's no real
# reason why, but for now it's safer to be limited.
#
-foo := %explode(baz, ',')
+foo := %str.split(baz, ',')
if !(foo[#] == 1) {
test_fail
}
#
# We only care if this crashes or not.
#
-Filter-Id := "%{1 + 1} %tolower('1')"
+Filter-Id := "%{1 + 1} %str.lower('1')"
success
#
# This assignment grabs the first element of the list, and tosses the remaining ones.
#
-Reply-Message := %explode(Reply-Message, 0x00)
+Reply-Message := %str.split(Reply-Message, 0x00)
if Reply-Message != "bob" {
test_fail
-foreach thing ("%tolower('foo')") { # ERROR
+foreach thing ("%str.lower('foo')") { # ERROR
reply.Called-Station-Id += thing
}
input = "a b c d e f"
result = ""
-foreach string thing (%explode(input, ' ')) {
+foreach string thing (%str.split(input, ' ')) {
result += thing
result += ','
}
input = "a b c d e f"
result = ""
-foreach uint32 key,string thing (%explode(input, ' ')) {
+foreach uint32 key,string thing (%str.split(input, ' ')) {
result += thing
result += ':'
result += (string) key
#
# PRE: if
#
-if !(%md5('foo') == 0xacbd18db4cc2f85cedef654fccc4a4d8) {
+if !(%hash.md5('foo') == 0xacbd18db4cc2f85cedef654fccc4a4d8) {
test_fail
}
group {
octets hash
- hash = %md5('foo')
+ hash = %hash.md5('foo')
if !(hash == 0xacbd18db4cc2f85cedef654fccc4a4d8) {
test_fail
}
#
# @todo - fix this...
#
-result_string := %concat(%join(%{control.[*]}, request.Framed-IP-Address), '. ')
+result_string := %str.concat(%join(%{control.[*]}, request.Framed-IP-Address), '. ')
if (!(result_string == "bob. hello. ab c. de fg. 123. 192.168.1.254")) {
test_fail
}
-result_string := %concat(%join(control.Filter-Id[*], control.NAS-Port), ',')
+result_string := %str.concat(%join(control.Filter-Id[*], control.NAS-Port), ',')
if (!(result_string == "ab c,de fg,123")) {
test_fail
}
# value of the field, but does allow us to test that
# arg3 can be an xlat
#
-map csv "%tolower(%{User-Name})" {
+map csv "%str.lower(%{User-Name})" {
reply.Result-Status := 'field3'
}
# PRE: map
#
-map csv "%tolower(%{User-Name})" {
+map csv "%str.lower(%{User-Name})" {
reply.Result-Status := 'field3'
}
# Put "This is a string" into a file and call "md4sum" on it.
# You should get this string.
#
-result_octets := %md4("This is a string\n")
+result_octets := %hash.md4("This is a string\n")
if (!(result_octets == 0x1f60d5cd85e17bfbdda7c923822f060c)) {
test_fail
}
-result_octets := %md4("%{test_string}")
+result_octets := %hash.md4("%{test_string}")
if (!(result_octets == 0x1f60d5cd85e17bfbdda7c923822f060c)) {
test_fail
}
#
# MD4 should also be able to cope with references to octet attributes
#
-result_octets := %md4("%{test_octets}")
+result_octets := %hash.md4("%{test_octets}")
if (!(result_octets == 0xac3ed17b3cf19ec38352ec534a932fc6)) {
test_fail
}
#
# MD4 of null string is d41d8cd98f00b204e9800998ecf8427e
#
-result_octets := %md4("%{dummy_string}")
+result_octets := %hash.md4("%{dummy_string}")
if (!(result_octets == 0x31d6cfe0d16ae931b73c59d7e0c089c0)) {
test_fail
}
# Put "This is a string" into a file and call "md5sum" on it.
# You should get this string.
#
-result_octets := %md5("This is a string\n")
+result_octets := %hash.md5("This is a string\n")
if (!(result_octets == 0x9ac4dbbc3c0ad2429e61d0df5dc28add)) {
test_fail
}
-result_octets := %md5("%{test_string}")
+result_octets := %hash.md5("%{test_string}")
if (!(result_octets == 0x9ac4dbbc3c0ad2429e61d0df5dc28add)) {
test_fail
}
#
# MD5 should also be able to cope with references to octet attributes
#
-result_octets := %md5("%{test_octets}")
+result_octets := %hash.md5("%{test_octets}")
if (!(result_octets == 0xc1e7fa505b2fc1fd0da6cac3db6f6f44)) {
test_fail
}
#
# MD5 of null string is d41d8cd98f00b204e9800998ecf8427e
#
-result_octets := %md5("%{dummy_string}")
+result_octets := %hash.md5("%{dummy_string}")
if (!(result_octets == 0xd41d8cd98f00b204e9800998ecf8427e)) {
test_fail
}
#
# MD5 HMAC with attribute references
#
-result_octets := %hmacmd5("%{test_hmac_key}", "%{test_hmac_data}")
+result_octets := %hmac.md5("%{test_hmac_key}", "%{test_hmac_data}")
if (!(result_octets == 0x750c783e6ab0b503eaa86e310a5db738)) {
test_fail
}
# MD5 HMAC with empty key and data
#
dummy_string := ''
-result_octets := %hmacmd5("%{dummy_string}", "%{dummy_string}")
+result_octets := %hmac.md5("%{dummy_string}", "%{dummy_string}")
if (!(result_octets == 0x74e6f7298a9c2d168935f58c001bad88)) {
test_fail
}
#
# MD5 HMAC with missing key should fail
#
-result_octets := %hmacmd5(%{test_string}, ) # ERROR
+result_octets := %hmac.md5(%{test_string}, ) # ERROR
if result_octets {
test_fail
}
#
# rpad tests
#
-if (!(%rpad(%{test_string}, 7) == "test ")) {
+if (!(%str.rpad(%{test_string}, 7) == "test ")) {
test_fail
}
-if (!(%rpad(%{test_string}, 2) == "test")) {
+if (!(%str.rpad(%{test_string}, 2) == "test")) {
test_fail
}
-if (!(%rpad(%{test_string}, 7, 'x') == "testxxx")) {
+if (!(%str.rpad(%{test_string}, 7, 'x') == "testxxx")) {
test_fail
}
-if (!(%rpad(%{test_string}, 7, 'xy') == "testxyx")) {
+if (!(%str.rpad(%{test_string}, 7, 'xy') == "testxyx")) {
test_fail
}
#
# lpad tests
#
-if (!(%lpad(%{test_string}, 7) == " test")) {
+if (!(%str.lpad(%{test_string}, 7) == " test")) {
test_fail
}
-if (!(%lpad(%{test_string}, 2) == "test")) {
+if (!(%str.lpad(%{test_string}, 2) == "test")) {
test_fail
}
-if (!(%lpad(%{test_string}, 7, 'x') == "xxxtest")) {
+if (!(%str.lpad(%{test_string}, 7, 'x') == "xxxtest")) {
test_fail
}
-if (!(%lpad(%{test_string}, 7, 'xy') == "xyxtest")) {
+if (!(%str.lpad(%{test_string}, 7, 'xy') == "xyxtest")) {
test_fail
}
#
#pairs := %cast('string', %{Tmp-Group-0.[*]})
-result_string := "%concat(%pairs('Tmp-Group-0.[*]'), ', ')"
+result_string := "%str.concat(%pairs('Tmp-Group-0.[*]'), ', ')"
if !(result_string == 'Filter-Id = "This is a string", Filter-Id = "This is another one", Class = 0x000504030201, NAS-Port = 7331') {
test_fail
}
test_fail
}
-result_string := "%concat(%pairs('Tmp-Group-0.Filter-Id[*]'), ', ')"
+result_string := "%str.concat(%pairs('Tmp-Group-0.Filter-Id[*]'), ', ')"
if !(result_string == 'Filter-Id = "This is a string", Filter-Id = "This is another one"') {
test_fail
}
#
# Must be nested
#
-result_string := "%concat(%pairs('control.[*]'), ', ')"
+result_string := "%str.concat(%pairs('control.[*]'), ', ')"
if !(result_string == 'Password = { Cleartext = "hello" }') {
test_fail
}
# Hex encoded SSHA2-512 password
#
control += {
- Password.With-Header = "{ssha512}%hex(%sha2_512(%{User-Password}%{salt}))%hex(%{salt})"
+ Password.With-Header = "{ssha512}%hex(%hash.sha2_512(%{User-Password}%{salt}))%hex(%{salt})"
}
pap.authorize
#
# Base64 encoded SSHA2-512 password
#
-result_string := "%hex(%sha2_512(%{User-Password}%{salt}))%hex(%{salt})"
+result_string := "%hex(%hash.sha2_512(%{User-Password}%{salt}))%hex(%{salt})"
# To Binary
result_octets := "%bin(%{result_string})"
#
# Base64 of Base64 encoded SSHA2-512 password
#
-result_string := "%hex(%sha2_512(%{User-Password}%{salt}))%hex(%{salt})"
+result_string := "%hex(%hash.sha2_512(%{User-Password}%{salt}))%hex(%{salt})"
# To Binary
result_octets := "%bin(%{result_string})"
#
# Base64 of SHA2-384 password (in SHA2-Password)
#
-control.Password.SHA2 := %hex(%sha2_384(%{User-Password}))
+control.Password.SHA2 := %hex(%hash.sha2_384(%{User-Password}))
pap.authorize
pap.authenticate {
#
# Base64 of SHA2-256 password (in SHA2-256-Password)
#
-control.Password.SHA2-256 := "%hex(%sha2_256(%{User-Password}))"
+control.Password.SHA2-256 := "%hex(%hash.sha2_256(%{User-Password}))"
pap.authorize
pap.authenticate {
#
# Base64 of SHA2-224 password (in SHA2-224-Password - No hex armour)
#
-control.Password.SHA2-224 := "%sha2_224(%{User-Password})"
+control.Password.SHA2-224 := "%hash.sha2_224(%{User-Password})"
pap.authorize
pap.authenticate {
csv {
- key = "%tolower(%{User-Name})"
+ key = "%str.lower(%{User-Name})"
filename = ${keyword}/csv.conf
fields = "field1,,field3"
index_field = 'field1'
#
# Empty output on empty input
#
-result_string := "%randstr(result_string)"
+result_string := "%str.rand(result_string)"
if !(result_string == "") {
test_fail
}
#
# Check length of output
#
-result_string := "%randstr('nnn')"
+result_string := "%str.rand('nnn')"
if (!(%length(result_string) == 3)) {
test_fail
}
-result_string := %randstr('24a')
+result_string := %str.rand('24a')
if (!(%length(result_string) == 24)) {
test_fail
}
#
# Check maximum repetition
#
-result_string := %randstr('1030aa')
+result_string := %str.rand('1030aa')
if (!(%length(result_string) == 1025)) {
test_fail
}
#
# Check invalid character class
#
-result_string := %randstr('G')
+result_string := %str.rand('G')
if !(result_string == "") {
test_fail
#
# Check repetition of binary output
#
-result_string := %randstr('10b')
+result_string := %str.rand('10b')
if (!(%length(result_string) == 10)) {
test_fail
}
#
# SHA1 HMAC with attribute references
#
-result_octets := %hmacsha1("%{test_hmac_key}", "%{test_hmac_data}")
+result_octets := %hmac.sha1("%{test_hmac_key}", "%{test_hmac_data}")
if (!(result_octets == 0xeffcdf6ae5eb2fa2d27416d5f184df9c259a7c79)) {
test_fail
}
# SHA1 HMAC with empty key and data
#
dummy_string := ''
-result_octets := %hmacsha1("%{dummy_string}", "%{dummy_string}")
+result_octets := %hmac.sha1("%{dummy_string}", "%{dummy_string}")
if (!(result_octets == 0xfbdb1d1b18aa6c08324b7d64b71fb76370690e1d)) {
test_fail
}
#
# SHA1 HMAC with missing key should fail
#
-result_octets := %hmacsha1(%{test_string}, ) # ERROR
+result_octets := %hmac.sha1(%{test_string}, ) # ERROR
if result_octets {
test_fail
}
# Put "This is a string" into a file and call "sha2_256sum" on it.
# You should get this string.
#
-result_octets := %sha2_256("This is a string\n")
+result_octets := %hash.sha2_256("This is a string\n")
if (!(result_octets == 0xb3716a1ab53042bb392034f29071e13b0c38aa19b4edd75d9a76022f91189124)) {
test_fail
}
-result_octets := %sha2_256(%{test_string})
+result_octets := %hash.sha2_256(%{test_string})
if (!(result_octets == 0xb3716a1ab53042bb392034f29071e13b0c38aa19b4edd75d9a76022f91189124)) {
test_fail
}
#
# SHA256 should also be able to cope with references to octet attributes
#
-result_octets := %sha2_256(%{test_octets})
+result_octets := %hash.sha2_256(%{test_octets})
if (!(result_octets == 0xf307e202b881fded70e58017aa0c4d7b29c76ab25d02bf078301a5f6635187eb)) {
test_fail
}
#
# SHA256 of empty string
#
-result_octets := %sha2_256(%{dummy_octets})
+result_octets := %hash.sha2_256(%{dummy_octets})
if (!(result_octets == 0xe3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855)) {
test_fail
}
# SHA512 and SHA256 share common code paths, so the tests don't need to be
# as exhaustive.
#
-result_octets := %sha2_512("This is a string\n")
+result_octets := %hash.sha2_512("This is a string\n")
if (!(result_octets == 0x56b57df5cce42d4e35c644649798ea23ec16f4f4626e78faf4d2d8f430ea349bcc28cd5532457c82f0aa66bf68988346039fe75b900a92ff94fd53993d45990f)) {
test_fail
}
-result_octets := %sha2_512(%{test_string})
+result_octets := %hash.sha2_512(%{test_string})
if (!(result_octets == 0x56b57df5cce42d4e35c644649798ea23ec16f4f4626e78faf4d2d8f430ea349bcc28cd5532457c82f0aa66bf68988346039fe75b900a92ff94fd53993d45990f)) {
test_fail
}
-result_octets := %sha2_512(%{test_octets})
+result_octets := %hash.sha2_512(%{test_octets})
if (!(result_octets == 0xde80271eb5e03a1c24dd0cd823a22305a743ee3a54f1de5bf97adbf56984561154bfb6928b1da4ccc3f5dde9f4032ad461937b60b9ace4ad3898cf45c90596d7)) {
test_fail
}
test_octets = 0x01234567
test_int = 123456
-if !(%substr(%{test_string}, 1, 3) == 'ell') {
+if !(%str.substr(%{test_string}, 1, 3) == 'ell') {
test_fail
}
-if !(%substr(%{test_string}, 0, 3) == 'hel') {
+if !(%str.substr(%{test_string}, 0, 3) == 'hel') {
test_fail
}
-if !(%substr(%{test_string}, 5) == ' world') {
+if !(%str.substr(%{test_string}, 5) == ' world') {
test_fail
}
-if !(%substr(%{test_string}, -3) == 'rld') {
+if !(%str.substr(%{test_string}, -3) == 'rld') {
test_fail
}
-if !(%substr(%{test_string}, -20) == 'hello world') {
+if !(%str.substr(%{test_string}, -20) == 'hello world') {
test_fail
}
-if !(%substr(%{test_string}, -4, 2) == 'or') {
+if !(%str.substr(%{test_string}, -4, 2) == 'or') {
test_fail
}
-if !(%substr(%{test_string}, -10, -3) == 'ello wo') {
+if !(%str.substr(%{test_string}, -10, -3) == 'ello wo') {
test_fail
}
-if (%substr(%{test_string}, 20)) {
+if (%str.substr(%{test_string}, 20)) {
test_fail
}
-if (%substr(%{test_string}, 5, -7)) {
+if (%str.substr(%{test_string}, 5, -7)) {
test_fail
}
-if !(%substr(%{test_octets}, 1, 2) == 0x2345) {
+if !(%str.substr(%{test_octets}, 1, 2) == 0x2345) {
test_fail
}
-if !(%substr(%{test_int}, 1, 2) == '23') {
+if !(%str.substr(%{test_int}, 1, 2) == '23') {
test_fail
}
string test_string
test_string := 'foo'
-switch "%tolower(%{test_string})" {
+switch "%str.lower(%{test_string})" {
case 'foo' {
success
}
string dummy_string
test_string := "AbCdE"
-test_string := %tolower(test_string)
+test_string := %str.lower(test_string)
if !(test_string == "abcde") {
test_fail
}
-test_string := %tolower('AAbbCCdd')
+test_string := %str.lower('AAbbCCdd')
if !(test_string == "aabbccdd") {
test_fail
}
#
# Doesn't exist
#
-test_string := "%tolower(dummy_string)"
+test_string := "%str.lower(dummy_string)"
if !(test_string == "") {
test_fail
}
string dummy_string
test_string := "AbCdE"
-test_string := %toupper(test_string)
+test_string := %str.upper(test_string)
if (!(test_string == "ABCDE")) {
test_fail
}
-test_string := %toupper('AAbbCCdd')
+test_string := %str.upper('AAbbCCdd')
if (!(test_string == "AABBCCDD")) {
test_fail
}
-test_string := "%toupper(dummy_string)"
+test_string := "%str.upper(dummy_string)"
if !(test_string == "") {
test_fail
}
encoded_string2 := '%C2%B1%C2%A7%21%40%23%24%25%5E%26%2A%28%29%2B%3D%7B%5B%7D%5D%3A%3B%22%27%7C%5C%3C%2C%3E%3F%2F%60'
encoded_string3 := '%E2%84%A2%C5%93%C2%A5%C2%A4'
-result_string = "%urlquote(%{test_string1})"
+result_string = "%url.quote(%{test_string1})"
if (!(result_string == test_string1)) {
test_fail
}
-result_string := "%urlunquote(%{test_string1})"
+result_string := "%url.unquote(%{test_string1})"
if (!(result_string == test_string1)) {
test_fail
}
-result_string := "%urlquote(%{test_string2})"
+result_string := "%url.quote(%{test_string2})"
if (!(result_string == encoded_string2)) {
test_fail
}
-result_string := "%urlquote(%{test_string3})"
+result_string := "%url.quote(%{test_string3})"
if (!(result_string == encoded_string3)) {
test_fail
}
-result_string := "%urlunquote(%{encoded_string2})"
+result_string := "%url.unquote(%{encoded_string2})"
if (!(result_string == test_string2)) {
test_fail
}
-result_string := "%urlunquote(%{encoded_string3})"
+result_string := "%url.unquote(%{encoded_string3})"
if (!(result_string == test_string3)) {
test_fail
}
-result_string := "%urlunquote('%%E, 123')"
+result_string := "%url.unquote('%%E, 123')"
# Test decoding invalid encoded string
if !(result_string == "") {
request += {
NAS-IP-Address = Framed-IP-Address[1]
NAS-IP-Address = Framed-IP-Address[0]
- Filter-Id = "%concat(%{Framed-IP-Address[*]}, ',')"
+ Filter-Id = "%str.concat(%{Framed-IP-Address[*]}, ',')"
NAS-Port = %{Framed-IP-Address[#]}
}
test_fail
}
-if !(%tolower("\%{FOO}") == '%{foo}') {
+if !(%str.lower("\%{FOO}") == '%{foo}') {
test_fail
}
Filter-Id = 'here. are . some. words. '
}
-result_string := "%concat(%explode(Class, '|'), ',')"
+result_string := "%str.concat(%str.split(Class, '|'), ',')"
if (!(result_string == "1=1,my_attr=2,my_attr=hello")) {
test_fail
}
-result_string := "%concat(%explode(Calling-Station-ID, '|'), ',')"
+result_string := "%str.concat(%str.split(Calling-Station-ID, '|'), ',')"
if (!(result_string == "")) {
test_fail
}
-result_string := "%concat(%explode(control.User-Name[*], '|'), ',')"
+result_string := "%str.concat(%str.split(control.User-Name[*], '|'), ',')"
if (!(result_string == "hello,goodbye,morning,night,1")) {
test_fail
}
-result_string := "%concat(%explode(control.Reply-Message, '|'), ',')"
+result_string := "%str.concat(%str.split(control.Reply-Message, '|'), ',')"
if !(result_string == 'Can\'t touch this') {
test_fail
}
-result_string := "%concat(%explode(control.Filter-Id, '. '), ',')"
+result_string := "%str.concat(%str.split(control.Filter-Id, '. '), ',')"
if !(result_string == 'here, are ,some, words') {
test_fail
}
request += {
NAS-IP-Address = %{control.[1]}
NAS-IP-Address = %{control.[0]}
- Filter-Id = %concat(%{control.[*]}, ',')
+ Filter-Id = %str.concat(%{control.[*]}, ',')
NAS-Port = %{control.[#]}
}
#
# PRE: if
#
-if (%concat(%test1.passthrough('foo', 'bar'),'|') != "foo|bar") {
+if (%str.concat(%test1.passthrough('foo', 'bar'),'|') != "foo|bar") {
test_fail
}
-if (%concat(%test2.passthrough('foo', 'bar'), '|') != "foo|bar") {
+if (%str.concat(%test2.passthrough('foo', 'bar'), '|') != "foo|bar") {
test_fail
}
#
# The config has a "redundant" block for test1 and test2.
#
-if (%concat(%redundant_test.passthrough('foo', 'bar'), '|') != "foo|bar") {
+if (%str.concat(%redundant_test.passthrough('foo', 'bar'), '|') != "foo|bar") {
test_fail
}
load Cookie {
string csn
- csn := %concat(%ldap("ldap:///%ldap.uri.safe(%{LDAP-Sync.Directory-Root-DN})?contextCSN?base"), ';')
+ csn := %str.concat(%ldap("ldap:///%ldap.uri.safe(%{LDAP-Sync.Directory-Root-DN})?contextCSN?base"), ';')
reply.LDAP-Sync.Cookie := "rid=000,csn=%{csn}"
}
wait = yes
output_pairs = control
timeout = 10
- program = "/bin/sh $ENV{MODULE_TEST_DIR}/attrs.sh %toupper(%{User-Name})"
+ program = "/bin/sh $ENV{MODULE_TEST_DIR}/attrs.sh %str.upper(%{User-Name})"
}
# otherwise it's a compile-time error.
#
undo
- Framed-IP-Address := "hello %md5('foo')"
+ Framed-IP-Address := "hello %hash.md5('foo')"
#
# Test where additional checks uses the [*] filter
update {
description := "User %{User-Name} authenticated"
userPKCS12 := Class
- carLicense += "%randstr('CCnnCCC')"
+ carLicense += "%str.rand('CCnnCCC')"
}
}
}
if (User-Name == 'test') {
- User-Password := "%randstr('bbbbbbbbbbbbbbbb')"
+ User-Password := "%str.rand('bbbbbbbbbbbbbbbb')"
control.Password.Cleartext := "%{User-Password}"
pap.authorize
# - 127.0.0.1:30005 - slave
# - 127.0.0.1:30003 - master [10923-16383]
# - 127.0.0.1:30006 - slave
-testdata1 := "1-%randstr('aaaaaaaa')"
-testdata2 := "2-%randstr('aaaaaaaa')"
-testdata3 := "3-%randstr('aaaaaaaa')"
+testdata1 := "1-%str.rand('aaaaaaaa')"
+testdata2 := "2-%str.rand('aaaaaaaa')"
+testdata3 := "3-%str.rand('aaaaaaaa')"
# Hashes to Redis cluster node master 1 (1)
if (%redis('SET', 'b', %{testdata1}) == 'OK') {
string data3
string cmdresult
-data1 := "1-%randstr('aaaaaaaa')"
-data2 := "2-%randstr('aaaaaaaa')"
-data3 := "3-%randstr('aaaaaaaa')"
+data1 := "1-%str.rand('aaaaaaaa')"
+data2 := "2-%str.rand('aaaaaaaa')"
+data3 := "3-%str.rand('aaaaaaaa')"
if ("$ENV{REDIS_CLUSTER_CONTROL}" == '') {
clusterctrl := 'scripts/ci/redis-setup.sh'
condition (ipaddr)127.0.0.1 == "127.0.0.1"
match true
-condition (ipaddr)127.0.0.1 == "%md4(' 127.0.0.1')"
-match (127.0.0.1 == "%md4(0x203132372e302e302e31)")
+condition (ipaddr)127.0.0.1 == "%hash.md4(' 127.0.0.1')"
+match (127.0.0.1 == "%hash.md4(0x203132372e302e302e31)")
#
# Bare %{...} is allowed.
#
-condition (ipaddr)127.0.0.1 == %md4('127.0.0.1')
-match (127.0.0.1 == %md4(0x3132372e302e302e31))
+condition (ipaddr)127.0.0.1 == %hash.md4('127.0.0.1')
+match (127.0.0.1 == %hash.md4(0x3132372e302e302e31))
-condition (ipaddr)127.0.0.1 == %md4("SELECT user FROM table WHERE user='%{User-Name}'")
-match (127.0.0.1 == %md4("SELECT user FROM table WHERE user='%{User-Name}'"))
+condition (ipaddr)127.0.0.1 == %hash.md4("SELECT user FROM table WHERE user='%{User-Name}'")
+match (127.0.0.1 == %hash.md4("SELECT user FROM table WHERE user='%{User-Name}'"))
condition (ether) 00:11:22:33:44:55 == "00:11:22:33:44:55"
match true
-condition (ether) 00:11:22:33:44:55 == "%md4('00:11:22:33:44:55')"
-match (00:11:22:33:44:55 == "%md4(0x30303a31313a32323a33333a34343a3535)")
+condition (ether) 00:11:22:33:44:55 == "%hash.md4('00:11:22:33:44:55')"
+match (00:11:22:33:44:55 == "%hash.md4(0x30303a31313a32323a33333a34343a3535)")
condition (ether) 00:XX:22:33:44:55 == 00:11:22:33:44:55
match ERROR offset 10: Unexpected text after attribute reference
condition ('foo' == 'foo')
match true
-condition ("foo" == "%md4(' foo')")
-match ("foo" == "%md4(0x20666f6f)")
+condition ("foo" == "%hash.md4(' foo')")
+match ("foo" == "%hash.md4(0x20666f6f)")
-condition ("foo bar" == "%md4(' foo')")
-match ("foo bar" == "%md4(0x20666f6f)")
+condition ("foo bar" == "%hash.md4(' foo')")
+match ("foo bar" == "%hash.md4(0x20666f6f)")
condition ("foo" == "bar")
match false
condition (User-Name == "bob")
match (User-Name == "bob")
-condition (User-Name == "%md4(' blah')")
-match (User-Name == "%md4(0x20626c6168)")
+condition (User-Name == "%hash.md4(' blah')")
+match (User-Name == "%hash.md4(0x20626c6168)")
condition (ipaddr)127.0.0.1 == 2130706433
match true
# We should really add a "cast print" function which prints
# out the casts in the same format in which they are parsed.
#
-condition (integer)"%md4(' 1 + 1')" < NAS-Port
-match (%cast(uint32, "%md4(0x2031202b2031)") < NAS-Port)
+condition (integer)"%hash.md4(' 1 + 1')" < NAS-Port
+match (%cast(uint32, "%hash.md4(0x2031202b2031)") < NAS-Port)
condition Filter-Id == Framed-IP-Address
match (Filter-Id == Framed-IP-Address)
condition User-Name == /foo/
match ERROR offset 13: Unexpected regular expression
-condition %md5("foo") =~ /foo/
-match ((string)%md5(0x666f6f) =~ /foo/)
+condition %hash.md5("foo") =~ /foo/
+match ((string)%hash.md5(0x666f6f) =~ /foo/)
count
match 50
#
# This is correct.
#
-xlat %rpad(User-Name, 5, 'x')
-match %rpad(User-Name, 5, 'x')
+xlat %str.rpad(User-Name, 5, 'x')
+match %str.rpad(User-Name, 5, 'x')
#
# The second argument should be an integer.
# @todo - parsing - we don't currently track string offsets for intermediate nodes,
# so the "offset" is wrong. It also doesn't say *which* string is wrong. We'll fix that later.
#
-xlat %rpad(User-Name, 'foo', 'x')
-match ERROR offset 17: Invalid argument 2 - Failed parsing string as type 'uint64'
+xlat %str.rpad(User-Name, 'foo', 'x')
+match ERROR offset 21: Invalid argument 2 - Failed parsing string as type 'uint64'
#
# Argument quoting
#
-xlat %md5('"arg"')
-match %md5(0x2261726722)
+xlat %hash.md5('"arg"')
+match %hash.md5(0x2261726722)
#
# Arguably this should be a parse error. There's trailing text "}
# escape_rules_double, but does NOT look for leading or trailing ". AND it
# doesn't pass in a terminal which says to stop at ".
#
-xlat %md5('"arg')"}
-match %md5(0x22617267)\"}
+xlat %hash.md5('"arg')"}
+match %hash.md5(0x22617267)\"}
-xlat %md5('"arg')
-match %md5(0x22617267)
+xlat %hash.md5('"arg')
+match %hash.md5(0x22617267)
-xlat %md5('"arg\""')
-match %md5(0x226172675c2222)
+xlat %hash.md5('"arg\""')
+match %hash.md5(0x226172675c2222)
-xlat %md5('arg')
-match %md5(0x617267)
+xlat %hash.md5('arg')
+match %hash.md5(0x617267)
-xlat %md5('arg"')
-match %md5(0x61726722)
+xlat %hash.md5('arg"')
+match %hash.md5(0x61726722)
count
match 161
#
# The MD4 output isn't a valid IP address or prefix.
#
-xlat_purify (ipaddr)127.0.0.1 == "%md4(' 127.0.0.1')"
+xlat_purify (ipaddr)127.0.0.1 == "%hash.md4(' 127.0.0.1')"
match ERROR purifying node - Failed to parse IPv4 prefix string "/"
-xlat_purify (ipaddr)127.0.0.1 == %md4('127.0.0.1')
+xlat_purify (ipaddr)127.0.0.1 == %hash.md4('127.0.0.1')
match ERROR purifying node - Invalid cast from octets to ipaddr. Needed octet string of length 4, got 16
-xlat_purify (ipaddr)127.0.0.1 == %md4("SELECT user FROM table WHERE user='%{User-Name}'")
-match (127.0.0.1 == %md4("SELECT user FROM table WHERE user='%{User-Name}'"))
+xlat_purify (ipaddr)127.0.0.1 == %hash.md4("SELECT user FROM table WHERE user='%{User-Name}'")
+match (127.0.0.1 == %hash.md4("SELECT user FROM table WHERE user='%{User-Name}'"))
xlat_purify (ether) 00:11:22:33:44:55 == "00:11:22:33:44:55"
match true
-xlat_purify (ether)00:11:22:33:44:55 == "%md4('00:11:22:33:44:55')"
+xlat_purify (ether)00:11:22:33:44:55 == "%hash.md4('00:11:22:33:44:55')"
match ERROR purifying node - Missing separator, expected ':'
xlat_purify (ether) 00:XX:22:33:44:55 == 00:11:22:33:44:55
#
# MD4 hash is not equal to other things
#
-xlat_purify ("foo" == "%md4(' foo')")
+xlat_purify ("foo" == "%hash.md4(' foo')")
match false
-xlat_purify ("foo bar" == "%md4(' foo')")
+xlat_purify ("foo bar" == "%hash.md4(' foo')")
match false
xlat_purify ("foo" == "bar")
xlat_purify (User-Name == "bob")
match (User-Name == "bob")
-xlat_purify (User-Name == %md4(' blah'))
+xlat_purify (User-Name == %hash.md4(' blah'))
match (User-Name == 0x544924d05ec4481925ba3749a096a0a7)
# and without the double quotes.
-xlat_purify (User-Name == %md4(' blah'))
+xlat_purify (User-Name == %hash.md4(' blah'))
match (User-Name == 0x544924d05ec4481925ba3749a096a0a7)
xlat_purify (ipaddr)127.0.0.1 == 2130706433
#
# ERROR: Failed casting 0x002ade8665c69219ca16bd108d92c8d5 to data type uint32: Invalid cast from octets to uint32. Source length 16 is greater than destination type size 4
#
-xlat_purify (integer)"%md4(' 1 + 1')" < NAS-Port
+xlat_purify (integer)"%hash.md4(' 1 + 1')" < NAS-Port
match ERROR purifying node -
#
xlat_expr Filter-Id
match Filter-Id
-xlat_expr %md5('foo') + "foo"
-match (%md5(0x666f6f) + "foo")
+xlat_expr %hash.md5('foo') + "foo"
+match (%hash.md5(0x666f6f) + "foo")
# We can name the xlat's, tho we don't need to
xlat_expr %op_add(4, 3) + 6
xlat_expr 1 < 2 < 3
match ((1 < 2) < 3)
-xlat_expr (uint32) %concat(1, 2)
-match (uint32)%concat(1, 2)
+xlat_expr (uint32) %str.concat(1, 2)
+match (uint32)%str.concat(1, 2)
#
# Mashing multiple brackets together. The brackets are removed as
xlat %Y()
match %Y
-xlat %explode("a,b,c,d", ',')
-match %explode("a,b,c,d", ',')
+xlat %str.split("a,b,c,d", ',')
+match %str.split("a,b,c,d", ',')
-#xlat %md5(foo)
+#xlat %hash.md5(foo)
#match foo
count
xlat_purify Filter-Id
match Filter-Id
-xlat_purify %md5('foo') + "bar"
+xlat_purify %hash.md5('foo') + "bar"
match 0xacbd18db4cc2f85cedef654fccc4a4d8626172
# We can name the xlat's, tho we don't need to
#
migrate xlat_new_functions = yes
-xlat_purify %md5('foo')
+xlat_purify %hash.md5('foo')
match 0xacbd18db4cc2f85cedef654fccc4a4d8
-xlat_purify %explode("a,b,c,d", ',')
+xlat_purify %str.split("a,b,c,d", ',')
match "a""b""c""d"
-xlat_purify %md5('foo')
+xlat_purify %hash.md5('foo')
match 0xacbd18db4cc2f85cedef654fccc4a4d8
-xlat_purify %md5(%md5('foo'))
+xlat_purify %hash.md5(%hash.md5('foo'))
match 0x47847ae721df523d6388aebc9c94d656
-xlat_purify %md5('%md5(foo)')
-match 0x5e153571422b69cf5c5f7ce5f03985b5
+xlat_purify %hash.md5('%hash.md5(foo)')
+match 0xb98c435f641b131d05637746d30c62db
#
# Constant string
#
-xlat_purify %md5('%{User-Name}')
+xlat_purify %hash.md5('%{User-Name}')
match 0x892e91c7b175ab41826c9cb88eebf27a
#
# This is a reference to the contents of User-Name
#
-xlat_purify %md5(%{User-Name})
-match %md5(%{User-Name})
+xlat_purify %hash.md5(%{User-Name})
+match %hash.md5(%{User-Name})
-xlat_purify %md5('foo')
+xlat_purify %hash.md5('foo')
match 0xacbd18db4cc2f85cedef654fccc4a4d8
-xlat_purify %md5("foo")
+xlat_purify %hash.md5("foo")
match 0xacbd18db4cc2f85cedef654fccc4a4d8
count
#
# We're not hashing the string value of the attribute reference
#
-xlat_expr (octets) %md5('&User-Name')
+xlat_expr (octets) %hash.md5('&User-Name')
match 0x14d23a6ed8e7d19fcb3a38dc86c1fc0b
#
# We're hashing the string contained by the User-Name
#
-xlat_expr (octets) %md5('bob')
+xlat_expr (octets) %hash.md5('bob')
match 0x9f9d51bc70ef21ca5c14f307980a29d8
#
# And if we take it from the &User-Name ref, we get the same thing
# as hashing the bare string.
#
-xlat_expr (octets) %md5(%{User-Name})
+xlat_expr (octets) %hash.md5(%{User-Name})
match 0x9f9d51bc70ef21ca5c14f307980a29d8
xlat_expr &Service-Type
projects / thirdparty / freeradius-server.git / commitdiff
