From: Alan T. DeKok <aland@freeradius.org>
Date: Thu, 7 Sep 2023 19:04:33 +0000 (-0400)
Subject: it's smarter to have clear-text unit tests
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2bc832f0af06baf39a11cdd1de3681cef4b673ea;p=thirdparty%2Ffreeradius-server.git

it's smarter to have clear-text unit tests

instead of encrypted ones.  We should also add unit tests for
encrypted packets, too
---

diff --git a/src/protocols/tacacs/encode.c b/src/protocols/tacacs/encode.c
index 4acebcbaafa..7db8b364f29 100644
--- a/src/protocols/tacacs/encode.c
+++ b/src/protocols/tacacs/encode.c
@@ -418,6 +418,7 @@ ssize_t fr_tacacs_encode(fr_dbuff_t *dbuff, uint8_t const *original_packet, char
 	for (vp = fr_pair_dcursor_init(&cursor, vps);
 	     vp;
 	     vp = fr_dcursor_next(&cursor)) {
+		if (vp->da == attr_tacacs_packet) break;
 		if (vp->da->parent == attr_tacacs_packet) break;
 	}
 
@@ -445,6 +446,26 @@ ssize_t fr_tacacs_encode(fr_dbuff_t *dbuff, uint8_t const *original_packet, char
 		 */
 		FR_DBUFF_ADVANCE_RETURN(&work_dbuff, sizeof(fr_tacacs_packet_hdr_t));
 
+	} else if (vp->da == attr_tacacs_packet) {
+		fr_dcursor_t child_cursor;
+
+		fr_proto_da_stack_build(&da_stack, attr_tacacs_packet);
+		FR_PROTO_STACK_PRINT(&da_stack, 0);
+
+		fr_pair_dcursor_init(&child_cursor, &vp->vp_group);
+
+		/*
+		 *	Call the struct encoder to do the actual work,
+		 *	which fills the struct fields with zero if the member VP is not used.
+		 */
+		len = fr_struct_to_network(&work_dbuff, &da_stack, 0, &child_cursor, NULL, NULL, NULL);
+		if (len != sizeof(fr_tacacs_packet_hdr_t)) {
+			fr_strerror_printf("%s: Failed encoding %s using fr_struct_to_network()",
+					   __FUNCTION__, attr_tacacs_packet->name);
+			return -1;
+		}
+		fr_dcursor_next(&cursor);
+
 	} else {
 		fr_proto_da_stack_build(&da_stack, attr_tacacs_packet);
 		FR_PROTO_STACK_PRINT(&da_stack, 0);
@@ -1041,7 +1062,7 @@ static int encode_test_ctx(void **out, TALLOC_CTX *ctx)
 	test_ctx = talloc_zero(ctx, fr_tacacs_ctx_t);
 	if (!test_ctx) return -1;
 
-	test_ctx->secret = talloc_strdup(test_ctx, "testing123");
+//	test_ctx->secret = talloc_strdup(test_ctx, "testing123");
 	test_ctx->root = fr_dict_root(dict_tacacs);
 	talloc_set_destructor(test_ctx, _encode_test_ctx);
 
diff --git a/src/tests/unit/protocols/tacacs/base.txt b/src/tests/unit/protocols/tacacs/base.txt
index 5f2892254c2..c6316ce9395 100644
--- a/src/tests/unit/protocols/tacacs/base.txt
+++ b/src/tests/unit/protocols/tacacs/base.txt
@@ -22,7 +22,7 @@ decode-proto c1 01 01 00 b7 0f c8 0e 00 00 00 22 79 d2 9a 66 67 fe fe 87 04 af 6
 match Packet.Version-Major = Plus, Packet.Version-Minor = 1, Packet.Packet-Type = Authentication, Packet.Sequence-Number = 1, Packet.Flags = None, Packet.Session-Id = 3071264782, Packet.Length = 34, Packet-Body-Type = Start, Action = LOGIN, Privilege-Level = Minimum, Authentication-Type = PAP, Authentication-Service = PPP, User-Name = "bob", Client-Port = "tapioca/0", Remote-Address = "localhost", User-Password = "hello"
 
 encode-proto -
-match c1 01 01 00 b7 0f c8 0e 00 00 00 22 79 d2 9a 66 67 fe fe 87 04 af 61 7e cb 79 20 bb ca 61 cf 8b 25 ab 70 9e 68 af 9f d5 ae de c5 5d 5e 73
+match c1 01 01 01 b7 0f c8 0e 00 00 00 22 01 00 02 03 03 09 09 05 62 6f 62 74 61 70 69 6f 63 61 2f 30 6c 6f 63 61 6c 68 6f 73 74 68 65 6c 6c 6f
 
 #
 #	Authentication: Reply: (Client <- Server)
@@ -31,7 +31,7 @@ decode-proto c1 01 02 00 b7 0f c8 0e 00 00 00 06 39 51 39 56 ef f4
 match Packet.Version-Major = Plus, Packet.Version-Minor = 1, Packet.Packet-Type = Authentication, Packet.Sequence-Number = 2, Packet.Flags = None, Packet.Session-Id = 3071264782, Packet.Length = 6, Packet-Body-Type = Reply, Authentication-Status = Pass, Authentication-Flags = 0, Server-Message = "", Data = 0x
 
 encode-proto -
-match c1 01 02 00 b7 0f c8 0e 00 00 00 06 39 51 39 56 ef f4
+match c1 01 02 01 b7 0f c8 0e 00 00 00 06 01 00 00 00 00 00
 
 #
 #  Authorization - Request: (Client -> Server)
@@ -40,7 +40,7 @@ decode-proto c0 02 01 00 e1 66 78 e6 00 00 00 35 4b c5 ea 62 13 cc ca a6 6a 03 3
 match Packet.Version-Major = Plus, Packet.Version-Minor = 0, Packet.Packet-Type = Authorization, Packet.Sequence-Number = 1, Packet.Flags = None, Packet.Session-Id = 3781589222, Packet.Length = 53, Packet-Body-Type = Request, Authentication-Method = TACACSPLUS, Privilege-Level = Minimum, Authentication-Type = PAP, Authentication-Service = PPP, User-Name = "bob", Client-Port = "tapioca/0", Remote-Address = "localhost", service = "ppp", protocol = "ip"
 
 encode-proto -
-match c0 02 01 00 e1 66 78 e6 00 00 00 35 4b c5 ea 62 13 cc ca a6 6a 03 3c 8e 3f c0 5a aa 46 da 12 cd ee 48 62 69 67 9a b8 b4 db 70 98 30 b7 fc f6 93 09 d4 3f 2c a9 58 9e 3c 6a 0e d5 50 20 e6 a5 39 46
+match c0 02 01 01 e1 66 78 e6 00 00 00 35 06 00 02 03 03 09 09 02 0b 0b 62 6f 62 74 61 70 69 6f 63 61 2f 30 6c 6f 63 61 6c 68 6f 73 74 73 65 72 76 69 63 65 3d 70 70 70 70 72 6f 74 6f 63 6f 6c 3d 69 70
 
 #
 #  Authorization - Response: (Client <- Server)
@@ -49,7 +49,7 @@ decode-proto c0 02 02 00 e1 66 78 e6 00 00 00 13 02 59 f9 90 38 81 e1 bb 9d a6 1
 match Packet.Version-Major = Plus, Packet.Version-Minor = 0, Packet.Packet-Type = Authorization, Packet.Sequence-Number = 2, Packet.Flags = None, Packet.Session-Id = 3781589222, Packet.Length = 19, Packet-Body-Type = Response, Authorization-Status = Pass-Add, Server-Message = "", Data = 0x, addr = 1.2.3.4
 
 encode-proto -
-match c0 02 02 00 e1 66 78 e6 00 00 00 13 02 59 f9 90 38 81 e1 bb 9d a6 13 93 fc 86 7e 4a 14 1c 24
+match c0 02 02 01 e1 66 78 e6 00 00 00 13 01 01 00 00 00 00 0c 61 64 64 72 3d 31 2e 32 2e 33 2e 34
 
 #
 #  Accounting - Request: (Client -> Server)
@@ -58,7 +58,7 @@ decode-proto c0 03 01 00 07 9b 35 d9 00 00 00 5b 7c 8a 99 d6 88 f9 32 3c ec 34 6
 match Packet.Version-Major = Plus, Packet.Version-Minor = 0, Packet.Packet-Type = Accounting, Packet.Sequence-Number = 1, Packet.Flags = None, Packet.Session-Id = 127612377, Packet.Length = 91, Packet-Body-Type = Request, Accounting-Flags = Start, Authentication-Method = TACACSPLUS, Privilege-Level = Minimum, Authentication-Type = PAP, Authentication-Service = PPP, User-Name = "bob", Client-Port = "tapioca/0", Remote-Address = "localhost", start_time = "Aug  4 2020 18:27:24 UTC", task_id = "17558", service = "ppp", protocol = "ip"
 
 encode-proto -
-match c0 03 01 00 07 9b 35 d9 00 00 00 5a 7c 8a 99 d6 88 f9 32 3c ed 21 75 25 89 18 7f d0 9f 53 64 c6 9a 0c a7 d8 37 59 ff 5b 8a 0f 08 16 bf 67 9d 02 9e 62 6b 0c e1 9e b4 a3 77 0c 23 c4 d5 5b d0 19 f2 3d 07 57 98 e4 2d f1 4d ef 5e b2 2f 84 d4 9e 5d 8f 13 05 f0 09 6a 44 66 ad 3a fb 59 0c 1d 7a d0 d5 0a 4c 3e 11
+match c0 03 01 01 07 9b 35 d9 00 00 00 5a 02 06 00 02 03 03 09 09 04 15 0d 0b 0b 62 6f 62 74 61 70 69 6f 63 61 2f 30 6c 6f 63 61 6c 68 6f 73 74 73 74 61 72 74 5f 74 69 6d 65 3d 31 35 39 36 35 36 35 36 34 34 74 61 73 6b 5f 69 64 3d 31 37 35 35 38 73 65 72 76 69 63 65 3d 70 70 70 70 72 6f 74 6f 63 6f 6c 3d 69 70
 
 #
 #  Accounting - Response: (Client <- Server)
@@ -66,7 +66,7 @@ match c0 03 01 00 07 9b 35 d9 00 00 00 5a 7c 8a 99 d6 88 f9 32 3c ed 21 75 25 89
 decode-proto c0 03 02 00 07 9b 35 d9 00 00 00 05 49 d8 e5 4a 73
 match Packet.Version-Major = Plus, Packet.Version-Minor = 0, Packet.Packet-Type = Accounting, Packet.Sequence-Number = 2, Packet.Flags = None, Packet.Session-Id = 127612377, Packet.Length = 5, Packet-Body-Type = Reply, Server-Message = "", Data = 0x, Accounting-Status = Success
 encode-proto -
-match c0 03 02 00 07 9b 35 d9 00 00 00 05 49 d8 e5 4a 73
+match c0 03 02 01 07 9b 35 d9 00 00 00 05 00 00 00 00 01
 
 decode-proto c002 20ff 2020 2020 0000 0043 2009 0000 0009 000a 2120 2020 2020 2020 2020 20ff ff20 2020 2020 2020 ffff ffff 2020 4441 5461 2a30 7820 2020 2020 2020 2020 2020 2020 2020 20ff ffff 20ff ff20 2020 20
 match Argument 3 length 32 overflows packet
diff --git a/src/tests/unit/protocols/tacacs/regression.txt b/src/tests/unit/protocols/tacacs/regression.txt
index 336a62696c0..ab2b706f16e 100644
--- a/src/tests/unit/protocols/tacacs/regression.txt
+++ b/src/tests/unit/protocols/tacacs/regression.txt
@@ -16,7 +16,7 @@ migrate pair_legacy_nested = false
 #  Regression test - Flags VP not respected
 #
 encode-proto Packet.Version-Major = Plus, Packet.Version-Minor = 0, Packet.Packet-Type = Authorization, Packet.Sequence-Number = 2, Packet.Flags = Single-Connect, Packet.Session-Id = 3781589222, Packet.Length = 19, Packet-Body-Type = Response, Authorization-Status = Pass-Add, Server-Message = "", Data = 0x, Argument-List = "addr=1.2.3.4"
-match c0 02 02 04 e1 66 78 e6 00 00 00 13 02 59 f9 90 38 81 e1 bb 9d a6 13 93 fc 86 7e 4a 14 1c 24
+match c0 02 02 05 e1 66 78 e6 00 00 00 13 01 01 00 00 00 00 0c 61 64 64 72 3d 31 2e 32 2e 33 2e 34
 
 count
 match 6