Improve TACACS tests

Move authentication tests into `authenticate` sections and add test of
ASCII auth to excercise Authentication-Continue

diff --git a/src/tests/tacacs/authenticate_ascii.out b/src/tests/tacacs/authenticate_ascii.out
new file mode 100644 (file)
index 0000000..1d8f5f9
--- /dev/null
+++ b/src/tests/tacacs/authenticate_ascii.out
@@ -0,0 +1,3 @@
+status: PASS
+data: b'Authentication-Data'
+server_msg: b'ASCII authentication accepted'

diff --git a/src/tests/tacacs/authenticate_ascii.txt b/src/tests/tacacs/authenticate_ascii.txt
new file mode 100644 (file)
index 0000000..b705aa8
--- /dev/null
+++ b/src/tests/tacacs/authenticate_ascii.txt
@@ -0,0 +1,3 @@
+#
+#      ARGV: -t ascii -u tapioca authenticate -p queijo
+#

diff --git a/src/tests/tacacs/config/radiusd.conf b/src/tests/tacacs/config/radiusd.conf
index a9b04ade5d2f9dd0b391482cf53c4be3ddd7cd1f..b66b0ff3b62d343dc899b3483e84284c2f5dd2ec 100644 (file)
--- a/src/tests/tacacs/config/radiusd.conf
+++ b/src/tests/tacacs/config/radiusd.conf
@@ -112,15 +112,42 @@ server test {
        }
 
        recv Authentication-Start {
-               if (&User-Name == "tapioca") {
+               ok
+       }
+
+       authenticate PAP {
+               if (&User-Name == 'tapioca' && &User-Password == 'queijo') {
                        &reply.Server-Message := "Authentication-Start accepted"
+                       ok
+               } else {
+                       &reply.Server-Message := "Authentication-Start failed for %{User-Name}"
+                       reject
+               }
+       }
 
-                       &control.Auth-Type := Accept
+       authenticate ASCII {
+               #
+               #  If we don't have all the required data, request it.
+               #
+               if (!&User-Name) {
+                       &reply.Packet-Type := Authentication-GetUser
+                       handled
+               }
+               if (!&User-Password) {
+                       &reply.Packet-Type := Authentication-GetPass
+                       handled
+               }
 
-               } else {
-                       &reply.Server-Message := "Authentication-Start failed for %{User-Name}"
+               #
+               #  Now we have the data perform authentication
+               #
+               if (&User-Name == 'tapioca' && &User-Password == 'queijo') {
+                       &reply.Server-Message := "ASCII authentication accepted"
+                       ok
+               } else {
+                       &reply.Server-Message := "ASCII authentication failed for %{User-Name}"
                        reject
-               }
+               }
        }
 
        send Authentication-Pass {
@@ -132,15 +159,19 @@ server test {
        }
 
        recv Authentication-Continue {
-               if (&User-Name == "tapioca") {
-                       &reply.Server-Message := "Authentication-Cont accepted"
-
-                       &control.Auth-Type := Accept
+               &control.Auth-Type := ASCII
 
-               } else {
-                       &reply.Server-Message := "Authentication-Cont failed for %{User-Name}"
-                       reject
-               }
+               #
+               #  Fill the next missing attribute from User-Message
+               #
+               if (!&User-Name) {
+                       &User-Name := &User-Message
+                       handled
+               }
+               if (!&User-Password) {
+                       &User-Password := &User-Message
+                       handled
+               }
        }
 
        recv Authorization-Request {