From: Alan T. DeKok Date: Sun, 28 Aug 2022 21:35:18 +0000 (-0400) Subject: parital revert (again) because of ubsan issues X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3c6bca1312d75e57f4f79ee1d4f0e85b8db3aadb;p=thirdparty%2Ffreeradius-server.git parital revert (again) because of ubsan issues --- diff --git a/src/tests/keywords/pap-ssha2 b/src/tests/keywords/pap-ssha2 index af24ef9743e..ce3b4b938e4 100644 --- a/src/tests/keywords/pap-ssha2 +++ b/src/tests/keywords/pap-ssha2 @@ -2,21 +2,28 @@ # PRE: update if pap # +# +# @todo - When fully converted, this crashes on ubsan issues. +# + # # Skip if the server wasn't built with openssl # if ('${feature.tls}' != 'yes') { - &reply.Packet-Type := Access-Accept + update reply { + &Packet-Type := Access-Accept + } handled } +&control := {} &Tmp-String-0 := "5RNqNl8iYLbkCc7JhR8as4TtDDCX6otuuWtcja8rITUyx9zrnHSe9tTHGmKK" # 60 byte salt # # Hex encoded SSHA2-512 password # -&control := { - &Password.With-Header = "{ssha512}%{hex:%{sha2_512:%{User-Password}%{Tmp-String-0}}}%{hex:%{Tmp-String-0}}" +update { + &control.Password.With-Header += "{ssha512}%{hex:%{sha2_512:%{User-Password}%{Tmp-String-0}}}%{hex:%{Tmp-String-0}}" } pap.authorize @@ -27,19 +34,28 @@ if (reject) { test_fail } +&control := {} + # # Base64 encoded SSHA2-512 password # -&control := { - &Tmp-String-1 = "%{hex:%{sha2_512:%{User-Password}%{Tmp-String-0}}}%{hex:%{Tmp-String-0}}" +update { + &control.Tmp-String-1 := "%{hex:%{sha2_512:%{User-Password}%{Tmp-String-0}}}%{hex:%{Tmp-String-0}}" } # To Binary -&control.Tmp-Octets-0 := "%{bin:%{control.Tmp-String-1}}" +update { + &control.Tmp-Octets-0 := "%{bin:%{control.Tmp-String-1}}" +} # To Base64 -&control.Tmp-String-1 := "%{base64:%{control.Tmp-Octets-0}}" -&control.Password.With-Header += "{ssha512}%{control.Tmp-String-1}" +update { + &control.Tmp-String-1 := "%{base64:%{control.Tmp-Octets-0}}" +} + +update { + &control.Password.With-Header += "{ssha512}%{control.Tmp-String-1}" +} pap.authorize pap.authenticate { @@ -49,20 +65,28 @@ if (reject) { test_fail } +&control := {} + # # Base64 of Base64 encoded SSHA2-512 password # -&control := { - &Tmp-String-1 = "%{hex:%{sha2_512:%{User-Password}%{Tmp-String-0}}}%{hex:%{Tmp-String-0}}" +update { + &control.Tmp-String-1 := "%{hex:%{sha2_512:%{User-Password}%{Tmp-String-0}}}%{hex:%{Tmp-String-0}}" } # To Binary -&control.Tmp-Octets-0 := "%{bin:%{control.Tmp-String-1}}" +update { + &control.Tmp-Octets-0 := "%{bin:%{control.Tmp-String-1}}" +} # To Base64 -&control.Tmp-String-1 := "{ssha512}%{base64:%{control.Tmp-Octets-0}}" +update { + &control.Tmp-String-1 := "{ssha512}%{base64:%{control.Tmp-Octets-0}}" +} -&control.Password.With-Header += "%{base64:%{control.Tmp-String-1}}" +update { + &control.Password.With-Header += "%{base64:%{control.Tmp-String-1}}" +} pap.authorize pap.authenticate { @@ -72,11 +96,13 @@ if (reject) { test_fail } +&control := {} + # # Base64 of SHA2-384 password (in SHA2-Password) # -&control := { - &Password.SHA2 = "%{hex:%{sha2_384:%{User-Password}}}" +update control { + &control.Password.SHA2 := "%{hex:%{sha2_384:%{User-Password}}}" } pap.authorize @@ -94,7 +120,9 @@ if (reject) { # # Base64 of SHA2-256 password (in SHA2-256-Password) # -&control.Password.SHA2-256 := "%{hex:%{sha2_256:%{User-Password}}}" +update control { + &control.Password.SHA2-256 := "%{hex:%{sha2_256:%{User-Password}}}" +} pap.authorize pap.authenticate { @@ -104,11 +132,13 @@ if (reject) { test_fail } +&control := {} + # # Base64 of SHA2-224 password (in SHA2-224-Password - No hex armour) # -&control := { - &Password.SHA2-224 = "%{sha2_224:%{User-Password}}" +update control { + &control.Password.SHA2-224 := "%{sha2_224:%{User-Password}}" } pap.authorize